@rulebricks/cli 2.1.6 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (114) hide show
  1. package/README.md +75 -14
  2. package/cluster-setup/aws/README.md +123 -0
  3. package/cluster-setup/aws/check-aws-access.sh +242 -0
  4. package/cluster-setup/aws/parameters.json +13 -0
  5. package/cluster-setup/aws/rulebricks-cluster.cfn.yaml +355 -0
  6. package/cluster-setup/azure/README.md +141 -0
  7. package/cluster-setup/azure/check-aks-prereqs.sh +276 -0
  8. package/cluster-setup/azure/parameters.json +30 -0
  9. package/cluster-setup/azure/rulebricks-cluster.bicep +546 -0
  10. package/cluster-setup/gcp/README.md +189 -0
  11. package/cluster-setup/gcp/check-gke-prereqs.sh +260 -0
  12. package/dist/commands/backup.d.ts +5 -0
  13. package/dist/commands/backup.js +104 -0
  14. package/dist/commands/deploy.d.ts +3 -1
  15. package/dist/commands/deploy.js +226 -326
  16. package/dist/commands/destroy.d.ts +1 -1
  17. package/dist/commands/destroy.js +73 -123
  18. package/dist/commands/init.d.ts +5 -1
  19. package/dist/commands/init.js +78 -47
  20. package/dist/commands/list.d.ts +1 -0
  21. package/dist/commands/list.js +74 -0
  22. package/dist/commands/open.d.ts +1 -1
  23. package/dist/commands/open.js +4 -12
  24. package/dist/commands/redeploy.d.ts +6 -0
  25. package/dist/commands/redeploy.js +310 -0
  26. package/dist/commands/restore.d.ts +5 -0
  27. package/dist/commands/restore.js +338 -0
  28. package/dist/commands/status.js +62 -49
  29. package/dist/commands/upgrade.js +74 -51
  30. package/dist/components/DNSWaitScreen.d.ts +5 -1
  31. package/dist/components/DNSWaitScreen.js +47 -41
  32. package/dist/components/Wizard/WizardContext.d.ts +174 -29
  33. package/dist/components/Wizard/WizardContext.js +896 -91
  34. package/dist/components/Wizard/steps/CloudProviderStep.js +192 -102
  35. package/dist/components/Wizard/steps/DomainStep.js +5 -24
  36. package/dist/components/Wizard/steps/ExternalServicesStep.d.ts +6 -0
  37. package/dist/components/Wizard/steps/ExternalServicesStep.js +645 -0
  38. package/dist/components/Wizard/steps/FeatureConfigStep.d.ts +2 -1
  39. package/dist/components/Wizard/steps/FeatureConfigStep.js +959 -248
  40. package/dist/components/Wizard/steps/FeaturesStep.js +31 -35
  41. package/dist/components/Wizard/steps/ObservabilityStep.d.ts +6 -0
  42. package/dist/components/Wizard/steps/ObservabilityStep.js +137 -0
  43. package/dist/components/Wizard/steps/ReviewStep.d.ts +2 -1
  44. package/dist/components/Wizard/steps/ReviewStep.js +56 -7
  45. package/dist/components/Wizard/steps/StorageStep.d.ts +9 -0
  46. package/dist/components/Wizard/steps/StorageStep.js +592 -0
  47. package/dist/components/Wizard/steps/SupabaseCredentialsStep.js +20 -21
  48. package/dist/components/Wizard/steps/VersionStep.js +45 -23
  49. package/dist/components/Wizard/steps/index.d.ts +3 -3
  50. package/dist/components/Wizard/steps/index.js +3 -3
  51. package/dist/components/common/CommandApproval.d.ts +12 -0
  52. package/dist/components/common/CommandApproval.js +91 -0
  53. package/dist/components/common/DeploymentPicker.d.ts +14 -0
  54. package/dist/components/common/DeploymentPicker.js +16 -0
  55. package/dist/components/common/index.d.ts +2 -0
  56. package/dist/components/common/index.js +2 -0
  57. package/dist/index.js +94 -62
  58. package/dist/lib/cloudCli.d.ts +134 -63
  59. package/dist/lib/cloudCli.js +512 -220
  60. package/dist/lib/clusterSetupDefaults.d.ts +30 -0
  61. package/dist/lib/clusterSetupDefaults.js +64 -0
  62. package/dist/lib/commandApproval.d.ts +26 -0
  63. package/dist/lib/commandApproval.js +114 -0
  64. package/dist/lib/config.d.ts +12 -10
  65. package/dist/lib/config.js +91 -33
  66. package/dist/lib/configFixtures.d.ts +5 -0
  67. package/dist/lib/configFixtures.js +513 -0
  68. package/dist/lib/deploymentHealth.d.ts +32 -0
  69. package/dist/lib/deploymentHealth.js +157 -0
  70. package/dist/lib/dns.d.ts +1 -1
  71. package/dist/lib/dns.js +19 -1
  72. package/dist/lib/dns.test.d.ts +1 -0
  73. package/dist/lib/dns.test.js +27 -0
  74. package/dist/lib/dockerHub.d.ts +12 -1
  75. package/dist/lib/dockerHub.js +18 -8
  76. package/dist/lib/helm.d.ts +4 -0
  77. package/dist/lib/helm.js +16 -0
  78. package/dist/lib/helmValues.d.ts +25 -0
  79. package/dist/lib/helmValues.js +1937 -259
  80. package/dist/lib/helmValues.test.d.ts +1 -0
  81. package/dist/lib/helmValues.test.js +966 -0
  82. package/dist/lib/htpasswd.d.ts +1 -0
  83. package/dist/lib/htpasswd.js +15 -0
  84. package/dist/lib/kubernetes.d.ts +126 -13
  85. package/dist/lib/kubernetes.js +624 -134
  86. package/dist/lib/secrets.d.ts +23 -0
  87. package/dist/lib/secrets.js +158 -0
  88. package/dist/lib/validateValues.d.ts +31 -0
  89. package/dist/lib/validateValues.js +253 -0
  90. package/dist/lib/versions.d.ts +82 -11
  91. package/dist/lib/versions.js +131 -31
  92. package/dist/lib/versions.test.d.ts +1 -0
  93. package/dist/lib/versions.test.js +81 -0
  94. package/dist/lib/wizardSteps.d.ts +14 -0
  95. package/dist/lib/wizardSteps.js +23 -0
  96. package/dist/lib/workloadIdentity.d.ts +26 -0
  97. package/dist/lib/workloadIdentity.js +323 -0
  98. package/dist/lib/workloadIdentity.test.d.ts +1 -0
  99. package/dist/lib/workloadIdentity.test.js +57 -0
  100. package/dist/types/index.d.ts +2152 -95
  101. package/dist/types/index.js +554 -286
  102. package/package.json +10 -4
  103. package/schema/values.schema.json +1934 -0
  104. package/dist/components/Wizard/steps/CredentialsStep.d.ts +0 -6
  105. package/dist/components/Wizard/steps/CredentialsStep.js +0 -22
  106. package/dist/components/Wizard/steps/DeploymentModeStep.d.ts +0 -5
  107. package/dist/components/Wizard/steps/DeploymentModeStep.js +0 -26
  108. package/dist/components/Wizard/steps/TierStep.d.ts +0 -6
  109. package/dist/components/Wizard/steps/TierStep.js +0 -29
  110. package/dist/lib/terraform.d.ts +0 -66
  111. package/dist/lib/terraform.js +0 -754
  112. package/terraform/aws/main.tf +0 -355
  113. package/terraform/azure/main.tf +0 -371
  114. package/terraform/gcp/main.tf +0 -407
@@ -0,0 +1 @@
1
+ export declare function generateHtpasswdLine(username: string, password: string): string;
@@ -0,0 +1,15 @@
1
+ import bcrypt from "bcryptjs";
2
+ const BCRYPT_COST = 10;
3
+ export function generateHtpasswdLine(username, password) {
4
+ const normalizedUsername = username.trim();
5
+ if (!normalizedUsername) {
6
+ throw new Error("Username is required");
7
+ }
8
+ if (normalizedUsername.includes(":")) {
9
+ throw new Error("Username cannot contain ':'");
10
+ }
11
+ if (!password) {
12
+ throw new Error("Password is required");
13
+ }
14
+ return `${normalizedUsername}:${bcrypt.hashSync(password, BCRYPT_COST)}`;
15
+ }
@@ -1,4 +1,4 @@
1
- import { CloudProvider } from "../types/index.js";
1
+ import { NodeArchitecture } from "../types/index.js";
2
2
  /**
3
3
  * Checks if kubectl is installed
4
4
  */
@@ -20,6 +20,37 @@ export declare function checkClusterAccessible(): Promise<string | null>;
20
20
  * Gets the current kubectl context
21
21
  */
22
22
  export declare function getCurrentContext(): Promise<string | null>;
23
+ /**
24
+ * Inferred resource and scheduling capabilities for the current cluster.
25
+ */
26
+ export interface ClusterStorageClass {
27
+ name: string;
28
+ provisioner: string;
29
+ isDefault: boolean;
30
+ volumeBindingMode?: string;
31
+ allowVolumeExpansion?: boolean;
32
+ }
33
+ export interface ClusterCapabilities {
34
+ nodeArchitecture: NodeArchitecture;
35
+ arm64TolerationRequired: boolean;
36
+ schedulableNodeCount: number;
37
+ totalCpuCores: number;
38
+ totalMemoryGi: number;
39
+ eligibleCpuCores: number;
40
+ eligibleMemoryGi: number;
41
+ totalPersistentStorageGi?: number;
42
+ storageClasses: ClusterStorageClass[];
43
+ defaultStorageClass?: ClusterStorageClass;
44
+ storageClass?: string;
45
+ storageProvisioner?: string;
46
+ }
47
+ /**
48
+ * Inspects the current cluster's node architecture, schedulable capacity, and
49
+ * storage classes. The CLI uses this to keep Helm values compatible with the
50
+ * Kubernetes resources the user has already made available (storage class, ARM
51
+ * tolerations, etc.); workload sizing itself follows the chart defaults.
52
+ */
53
+ export declare function inferClusterCapabilities(): Promise<ClusterCapabilities | null>;
23
54
  /**
24
55
  * Gets pod status for the Rulebricks namespace
25
56
  */
@@ -91,6 +122,32 @@ export declare function streamLogs(podName: string, namespace?: string, options?
91
122
  tail?: number;
92
123
  container?: string;
93
124
  }): Promise<void>;
125
+ export declare function execInPod(namespace: string, podName: string, container: string | undefined, args: string[]): Promise<string>;
126
+ export interface EphemeralJobOptions {
127
+ name: string;
128
+ namespace: string;
129
+ serviceAccountName: string;
130
+ image: string;
131
+ command: string[];
132
+ env?: Array<Record<string, unknown>>;
133
+ volumeMounts?: Array<Record<string, unknown>>;
134
+ volumes?: Array<Record<string, unknown>>;
135
+ initContainers?: Array<Record<string, unknown>>;
136
+ labels?: Record<string, string>;
137
+ backoffLimit?: number;
138
+ timeoutSeconds?: number;
139
+ }
140
+ export interface EphemeralJobResult {
141
+ jobName: string;
142
+ logs: string;
143
+ }
144
+ export declare function runEphemeralJob(options: EphemeralJobOptions): Promise<EphemeralJobResult>;
145
+ export declare function createJobFromCronJob(namespace: string, cronJobName: string, jobName: string): Promise<void>;
146
+ export declare function waitForJobComplete(namespace: string, jobName: string, timeoutSeconds?: number): Promise<string>;
147
+ export declare function getJobLogs(jobName: string, namespace: string): Promise<string>;
148
+ export declare function scaleDeployment(namespace: string, name: string, replicas: number): Promise<void>;
149
+ export declare function waitForDeploymentReady(namespace: string, name: string, timeoutSeconds?: number): Promise<void>;
150
+ export declare function getDeploymentReplicas(namespace: string, name: string): Promise<number | null>;
94
151
  /**
95
152
  * Callback type for receiving log lines from multiple pods
96
153
  */
@@ -134,35 +191,91 @@ export declare function deletePVCs(namespace: string, options?: {
134
191
  wait?: boolean;
135
192
  }): Promise<void>;
136
193
  /**
137
- * Removes finalizers from KEDA ScaledObjects to prevent namespace deletion from hanging.
138
- * KEDA finalizers wait for the KEDA controller to clean up, but if KEDA is being deleted
139
- * with the namespace, this causes a deadlock.
194
+ * Strips finalizers from the custom resources whose controllers are torn down
195
+ * with the release, so the namespace can finalize instead of hanging in
196
+ * Terminating (NamespaceFinalizersRemaining). Best-effort per type a missing
197
+ * CRD (feature disabled) or already-gone object is fine.
140
198
  */
141
- export declare function removeKedaFinalizers(namespace: string): Promise<void>;
199
+ export declare function removeBlockingFinalizers(namespace: string): Promise<void>;
200
+ /**
201
+ * Deletes aggregated APIServices (apiregistration.k8s.io) whose backing service
202
+ * lives in the given namespace.
203
+ *
204
+ * Why this matters for teardown: an aggregated API (e.g. KEDA's
205
+ * v1beta1.external.metrics.k8s.io, prometheus-adapter's custom.metrics.k8s.io,
206
+ * etc.) is served by an in-namespace Service. When the namespace is torn down
207
+ * that Service disappears and the (cluster-scoped) APIService goes Unavailable
208
+ * with ServiceNotFound. The namespace controller must enumerate every API group
209
+ * to delete a namespace's contents, so a single broken APIService makes its
210
+ * discovery step fail and wedges the namespace in Terminating forever
211
+ * (NamespaceDeletionDiscoveryFailure) - which then rejects any reinstall into
212
+ * that namespace ("being terminated").
213
+ *
214
+ * Deleting these APIServices up front (they are going away with the namespace
215
+ * anyway) keeps discovery healthy so the namespace can finalize. This is
216
+ * generalized to ALL APIServices backed by the target namespace, not just KEDA,
217
+ * and is safe: cluster APIs backed by other namespaces (e.g. metrics-server in
218
+ * kube-system) are never matched. Listing APIService objects is served directly
219
+ * by kube-apiserver, so this also works to rescue an already-stuck namespace.
220
+ *
221
+ * Returns the names of the APIServices that were deleted.
222
+ */
223
+ export declare function cleanupNamespaceAPIServices(namespace: string): Promise<string[]>;
142
224
  /**
143
225
  * Checks if a namespace exists
144
226
  */
145
227
  export declare function namespaceExists(namespace: string): Promise<boolean>;
146
228
  /**
147
- * Waits for cluster to be accessible with retries.
148
- * EKS IAM authentication can take time to propagate after cluster creation.
229
+ * Removes this release's leftovers in the kube-system namespace. The
230
+ * kube-prometheus-stack prometheus-operator creates a "<release>-...-kubelet"
231
+ * Service there at runtime (via its --kubelet-service flag); it lives OUTSIDE the
232
+ * release namespace and is operator-created (not chart-templated), so
233
+ * `helm uninstall` never deletes it and one accumulates per deployment. Also
234
+ * sweeps any helm-labeled kube-system objects (exporter Services/Endpoints) a
235
+ * partial uninstall may have stranded. Scoped strictly to this release; matched
236
+ * by the release-name prefix so a coexisting deployment's kubelet Service is
237
+ * never touched. Best-effort — never blocks teardown.
149
238
  */
150
- export declare function waitForClusterAccess(maxRetries?: number, delayMs?: number): Promise<void>;
239
+ export declare function cleanupKubeSystemLeftovers(releaseName: string): Promise<void>;
151
240
  /**
152
- * Creates default StorageClass for the cloud provider.
153
- * Should be called after kubeconfig is configured and cluster is accessible.
241
+ * True only when no OTHER Rulebricks deployment remains on the cluster (besides
242
+ * `releaseName`). Gates deletion of cluster-SHARED resources (CRDs) so tearing
243
+ * down one deployment never cascade-deletes another deployment's custom
244
+ * resources. Deployments are named `rulebricks-<name>` for both the namespace and
245
+ * the helm release (see getNamespace/getReleaseName), so the "rulebricks-" prefix
246
+ * is a sound cluster-side signal. Fails CLOSED (returns false) if the cluster
247
+ * can't be enumerated — we never purge shared resources on uncertainty.
154
248
  */
155
- export declare function createDefaultStorageClass(provider: CloudProvider): Promise<void>;
249
+ export declare function isLastRulebricksDeployment(releaseName: string): Promise<boolean>;
250
+ /**
251
+ * Deletes the cluster-scoped CRDs the chart installs from crds/ dirs (cert-
252
+ * manager, keda, strimzi, kube-prometheus-stack). CLUSTER-SHARED: deleting a CRD
253
+ * cascade-deletes every custom resource of that kind across ALL namespaces, so
254
+ * callers MUST gate this on isLastRulebricksDeployment() (or an explicit
255
+ * operator --purge) — never call it while another Rulebricks deployment exists.
256
+ * Best-effort, non-blocking; returns the CRD names removed.
257
+ */
258
+ export declare function deleteRulebricksCRDs(): Promise<string[]>;
156
259
  /**
157
260
  * Deployed image versions from Kubernetes
158
261
  */
159
262
  export interface DeployedVersions {
160
263
  appVersion: string | null;
161
264
  hpsVersion: string | null;
265
+ hpsWorkerVersion: string | null;
266
+ appDigest: string | null;
267
+ hpsDigests: string[];
268
+ hpsWorkerDigests: string[];
162
269
  }
163
270
  /**
164
- * Gets the actual deployed image versions from Kubernetes deployments.
165
- * Queries the app and HPS deployments to get their current image tags.
271
+ * Extracts the version tag from a Docker image string.
272
+ * E.g., "rulebricks/rulebricks:v1.5.8" -> "v1.5.8"
273
+ */
274
+ export declare function extractImageTag(image: string): string | null;
275
+ export declare function extractImageDigest(imageId: string): string | null;
276
+ /**
277
+ * Gets actual deployed image tags and running image digests from Kubernetes.
278
+ * HPS runs as StatefulSets, so digest checks inspect the pods behind those sets.
166
279
  *
167
280
  * @param releaseName - The Helm release name (e.g., "rulebricks")
168
281
  * @param namespace - The Kubernetes namespace