@rulebricks/cli 2.1.6 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (114) hide show
  1. package/README.md +75 -14
  2. package/cluster-setup/aws/README.md +123 -0
  3. package/cluster-setup/aws/check-aws-access.sh +242 -0
  4. package/cluster-setup/aws/parameters.json +13 -0
  5. package/cluster-setup/aws/rulebricks-cluster.cfn.yaml +355 -0
  6. package/cluster-setup/azure/README.md +141 -0
  7. package/cluster-setup/azure/check-aks-prereqs.sh +276 -0
  8. package/cluster-setup/azure/parameters.json +30 -0
  9. package/cluster-setup/azure/rulebricks-cluster.bicep +546 -0
  10. package/cluster-setup/gcp/README.md +189 -0
  11. package/cluster-setup/gcp/check-gke-prereqs.sh +260 -0
  12. package/dist/commands/backup.d.ts +5 -0
  13. package/dist/commands/backup.js +104 -0
  14. package/dist/commands/deploy.d.ts +3 -1
  15. package/dist/commands/deploy.js +226 -326
  16. package/dist/commands/destroy.d.ts +1 -1
  17. package/dist/commands/destroy.js +73 -123
  18. package/dist/commands/init.d.ts +5 -1
  19. package/dist/commands/init.js +78 -47
  20. package/dist/commands/list.d.ts +1 -0
  21. package/dist/commands/list.js +74 -0
  22. package/dist/commands/open.d.ts +1 -1
  23. package/dist/commands/open.js +4 -12
  24. package/dist/commands/redeploy.d.ts +6 -0
  25. package/dist/commands/redeploy.js +310 -0
  26. package/dist/commands/restore.d.ts +5 -0
  27. package/dist/commands/restore.js +338 -0
  28. package/dist/commands/status.js +62 -49
  29. package/dist/commands/upgrade.js +74 -51
  30. package/dist/components/DNSWaitScreen.d.ts +5 -1
  31. package/dist/components/DNSWaitScreen.js +47 -41
  32. package/dist/components/Wizard/WizardContext.d.ts +174 -29
  33. package/dist/components/Wizard/WizardContext.js +896 -91
  34. package/dist/components/Wizard/steps/CloudProviderStep.js +192 -102
  35. package/dist/components/Wizard/steps/DomainStep.js +5 -24
  36. package/dist/components/Wizard/steps/ExternalServicesStep.d.ts +6 -0
  37. package/dist/components/Wizard/steps/ExternalServicesStep.js +645 -0
  38. package/dist/components/Wizard/steps/FeatureConfigStep.d.ts +2 -1
  39. package/dist/components/Wizard/steps/FeatureConfigStep.js +959 -248
  40. package/dist/components/Wizard/steps/FeaturesStep.js +31 -35
  41. package/dist/components/Wizard/steps/ObservabilityStep.d.ts +6 -0
  42. package/dist/components/Wizard/steps/ObservabilityStep.js +137 -0
  43. package/dist/components/Wizard/steps/ReviewStep.d.ts +2 -1
  44. package/dist/components/Wizard/steps/ReviewStep.js +56 -7
  45. package/dist/components/Wizard/steps/StorageStep.d.ts +9 -0
  46. package/dist/components/Wizard/steps/StorageStep.js +592 -0
  47. package/dist/components/Wizard/steps/SupabaseCredentialsStep.js +20 -21
  48. package/dist/components/Wizard/steps/VersionStep.js +45 -23
  49. package/dist/components/Wizard/steps/index.d.ts +3 -3
  50. package/dist/components/Wizard/steps/index.js +3 -3
  51. package/dist/components/common/CommandApproval.d.ts +12 -0
  52. package/dist/components/common/CommandApproval.js +91 -0
  53. package/dist/components/common/DeploymentPicker.d.ts +14 -0
  54. package/dist/components/common/DeploymentPicker.js +16 -0
  55. package/dist/components/common/index.d.ts +2 -0
  56. package/dist/components/common/index.js +2 -0
  57. package/dist/index.js +94 -62
  58. package/dist/lib/cloudCli.d.ts +134 -63
  59. package/dist/lib/cloudCli.js +512 -220
  60. package/dist/lib/clusterSetupDefaults.d.ts +30 -0
  61. package/dist/lib/clusterSetupDefaults.js +64 -0
  62. package/dist/lib/commandApproval.d.ts +26 -0
  63. package/dist/lib/commandApproval.js +114 -0
  64. package/dist/lib/config.d.ts +12 -10
  65. package/dist/lib/config.js +91 -33
  66. package/dist/lib/configFixtures.d.ts +5 -0
  67. package/dist/lib/configFixtures.js +513 -0
  68. package/dist/lib/deploymentHealth.d.ts +32 -0
  69. package/dist/lib/deploymentHealth.js +157 -0
  70. package/dist/lib/dns.d.ts +1 -1
  71. package/dist/lib/dns.js +19 -1
  72. package/dist/lib/dns.test.d.ts +1 -0
  73. package/dist/lib/dns.test.js +27 -0
  74. package/dist/lib/dockerHub.d.ts +12 -1
  75. package/dist/lib/dockerHub.js +18 -8
  76. package/dist/lib/helm.d.ts +4 -0
  77. package/dist/lib/helm.js +16 -0
  78. package/dist/lib/helmValues.d.ts +25 -0
  79. package/dist/lib/helmValues.js +1937 -259
  80. package/dist/lib/helmValues.test.d.ts +1 -0
  81. package/dist/lib/helmValues.test.js +966 -0
  82. package/dist/lib/htpasswd.d.ts +1 -0
  83. package/dist/lib/htpasswd.js +15 -0
  84. package/dist/lib/kubernetes.d.ts +126 -13
  85. package/dist/lib/kubernetes.js +624 -134
  86. package/dist/lib/secrets.d.ts +23 -0
  87. package/dist/lib/secrets.js +158 -0
  88. package/dist/lib/validateValues.d.ts +31 -0
  89. package/dist/lib/validateValues.js +253 -0
  90. package/dist/lib/versions.d.ts +82 -11
  91. package/dist/lib/versions.js +131 -31
  92. package/dist/lib/versions.test.d.ts +1 -0
  93. package/dist/lib/versions.test.js +81 -0
  94. package/dist/lib/wizardSteps.d.ts +14 -0
  95. package/dist/lib/wizardSteps.js +23 -0
  96. package/dist/lib/workloadIdentity.d.ts +26 -0
  97. package/dist/lib/workloadIdentity.js +323 -0
  98. package/dist/lib/workloadIdentity.test.d.ts +1 -0
  99. package/dist/lib/workloadIdentity.test.js +57 -0
  100. package/dist/types/index.d.ts +2152 -95
  101. package/dist/types/index.js +554 -286
  102. package/package.json +10 -4
  103. package/schema/values.schema.json +1934 -0
  104. package/dist/components/Wizard/steps/CredentialsStep.d.ts +0 -6
  105. package/dist/components/Wizard/steps/CredentialsStep.js +0 -22
  106. package/dist/components/Wizard/steps/DeploymentModeStep.d.ts +0 -5
  107. package/dist/components/Wizard/steps/DeploymentModeStep.js +0 -26
  108. package/dist/components/Wizard/steps/TierStep.d.ts +0 -6
  109. package/dist/components/Wizard/steps/TierStep.js +0 -29
  110. package/dist/lib/terraform.d.ts +0 -66
  111. package/dist/lib/terraform.js +0 -754
  112. package/terraform/aws/main.tf +0 -355
  113. package/terraform/azure/main.tf +0 -371
  114. package/terraform/gcp/main.tf +0 -407
@@ -0,0 +1,276 @@
1
+ #!/usr/bin/env bash
2
+ # Rulebricks AKS prerequisite check.
3
+ #
4
+ # Prints a short pass/fail report and a final READY / NOT READY verdict
5
+ # with the exact actions you need to take before running the Bicep deploy.
6
+ #
7
+ # Env vars:
8
+ # AZURE_LOCATION Region to check (default: eastus)
9
+ # AZURE_RESOURCE_GROUP Optional existing RG to verify access on
10
+ # VERBOSE=1 Print raw Azure error messages inline
11
+
12
+ set -euo pipefail
13
+
14
+ if [[ -z "${BASH_VERSION:-}" ]]; then
15
+ exec bash "$0" "$@"
16
+ fi
17
+
18
+ export AZURE_CORE_SURVEY_MESSAGE=no
19
+ export AZURE_CORE_COLLECT_TELEMETRY=no
20
+
21
+ LOCATION="${AZURE_LOCATION:-eastus}"
22
+ RESOURCE_GROUP="${AZURE_RESOURCE_GROUP:-}"
23
+ REQUIRED_VCPU=8
24
+ VERBOSE="${VERBOSE:-0}"
25
+
26
+ # Providers needed by the turnkey template. Storage covers decision-log/backup
27
+ # blob; Monitor/Insights/AlertsManagement cover the managed-Prometheus path
28
+ # (Azure Monitor workspace + data collection endpoint/rule).
29
+ REQUIRED_PROVIDERS=(
30
+ Microsoft.ContainerService
31
+ Microsoft.Network
32
+ Microsoft.ManagedIdentity
33
+ Microsoft.Compute
34
+ Microsoft.Authorization
35
+ Microsoft.Storage
36
+ Microsoft.Monitor
37
+ Microsoft.Insights
38
+ Microsoft.AlertsManagement
39
+ )
40
+
41
+ ACTIONS=()
42
+ BLOCKERS=0
43
+
44
+ # ---------- helpers ----------
45
+
46
+ require_cmd() {
47
+ command -v "$1" >/dev/null 2>&1 || {
48
+ printf "ERROR: required command not found: %s\n" "$1" >&2
49
+ exit 1
50
+ }
51
+ }
52
+
53
+ # Run an az command. Sets AZ_STDOUT / AZ_STDERR / AZ_RC. Never aborts the script.
54
+ az_run() {
55
+ AZ_STDOUT=""; AZ_STDERR=""; AZ_RC=0
56
+ local _err
57
+ _err="$(mktemp)"
58
+ AZ_STDOUT="$(az "$@" 2>"$_err")" || AZ_RC=$?
59
+ AZ_STDERR="$(cat "$_err")"
60
+ rm -f "$_err"
61
+ if [[ "$VERBOSE" == "1" && -n "$AZ_STDERR" ]]; then
62
+ printf " debug: %s\n" "${AZ_STDERR%%$'\n'*}" >&2
63
+ fi
64
+ return "$AZ_RC"
65
+ }
66
+
67
+ is_auth_error() {
68
+ [[ "$AZ_STDERR" == *AADSTS* ]] && return 0
69
+ [[ "$AZ_STDERR" == *"refresh token"* ]] && return 0
70
+ [[ "$AZ_STDERR" == *"az login"* ]] && return 0
71
+ [[ "$AZ_STDERR" == *"interactive authentication"* ]] && return 0
72
+ return 1
73
+ }
74
+
75
+ # pad label to 50 chars
76
+ row() {
77
+ printf " %-50s %s\n" "$1" "$2"
78
+ }
79
+
80
+ mark_blocker() { BLOCKERS=$((BLOCKERS + 1)); }
81
+ add_action() { ACTIONS+=("$1"); }
82
+
83
+ # ---------- pre-flight ----------
84
+
85
+ require_cmd az
86
+ require_cmd kubectl
87
+ require_cmd helm
88
+
89
+ printf "Rulebricks AKS prerequisite check\n"
90
+ printf " Location: %s\n" "$LOCATION"
91
+ [[ -n "$RESOURCE_GROUP" ]] && printf " Resource group: %s\n" "$RESOURCE_GROUP"
92
+ printf "\n"
93
+
94
+ # ---------- 1. Authentication ----------
95
+ # Two-step: az account show reads local cache (cheap), then we hit ARM with
96
+ # get-access-token to detect expired refresh tokens before doing anything else.
97
+
98
+ AUTH_OK=0
99
+ SUB_NAME=""
100
+ SUB_ID=""
101
+
102
+ if ! az_run account show --query "{n:name,i:id}" -o tsv; then
103
+ row "Azure CLI signed in" "FAIL - not signed in"
104
+ add_action "Run: az login"
105
+ mark_blocker
106
+ else
107
+ SUB_NAME="$(printf '%s' "$AZ_STDOUT" | awk '{print $1}')"
108
+ SUB_ID="$(printf '%s' "$AZ_STDOUT" | awk '{print $2}')"
109
+ row "Azure CLI signed in" "OK ($SUB_NAME)"
110
+
111
+ if ! az_run account get-access-token --query expiresOn -o tsv; then
112
+ if is_auth_error; then
113
+ row "Azure session valid" "FAIL - session expired"
114
+ add_action "Run: az login # your refresh token has expired"
115
+ else
116
+ row "Azure session valid" "FAIL - ${AZ_STDERR%%$'\n'*}"
117
+ add_action "Run: az login # could not obtain an ARM access token"
118
+ fi
119
+ mark_blocker
120
+ else
121
+ row "Azure session valid" "OK"
122
+ AUTH_OK=1
123
+ fi
124
+ fi
125
+
126
+ # Without a valid session, every other check is guaranteed to fail with the
127
+ # same auth error. Skip to the summary so the output stays useful.
128
+ if [[ $AUTH_OK -eq 0 ]]; then
129
+ printf "\nRemaining checks skipped - fix authentication first.\n"
130
+ printf "\n========================================\n"
131
+ printf "RESULT: NOT READY\n"
132
+ printf "========================================\n"
133
+ printf "Required actions:\n"
134
+ i=1
135
+ for a in "${ACTIONS[@]}"; do
136
+ printf " %d. %s\n" "$i" "$a"
137
+ i=$((i + 1))
138
+ done
139
+ exit 1
140
+ fi
141
+
142
+ # ---------- 2. Resource provider registrations ----------
143
+ missing_providers=()
144
+ unknown_providers=()
145
+ for p in "${REQUIRED_PROVIDERS[@]}"; do
146
+ if az_run provider show --namespace "$p" --query registrationState -o tsv; then
147
+ if [[ "$AZ_STDOUT" != "Registered" ]]; then
148
+ missing_providers+=("$p")
149
+ fi
150
+ else
151
+ unknown_providers+=("$p")
152
+ fi
153
+ done
154
+
155
+ total=${#REQUIRED_PROVIDERS[@]}
156
+ registered=$((total - ${#missing_providers[@]} - ${#unknown_providers[@]}))
157
+
158
+ if [[ ${#missing_providers[@]} -eq 0 && ${#unknown_providers[@]} -eq 0 ]]; then
159
+ row "Resource providers registered" "OK ($registered/$total)"
160
+ elif [[ ${#unknown_providers[@]} -gt 0 ]]; then
161
+ row "Resource providers registered" "WARN - could not read ${#unknown_providers[@]} provider(s)"
162
+ add_action "Ask your Azure admin to grant you Reader on the subscription, then re-run."
163
+ else
164
+ row "Resource providers registered" "WARN ($registered/$total registered)"
165
+ reg_cmd="for ns in ${missing_providers[*]}; do az provider register --namespace \$ns; done"
166
+ add_action "Register missing providers (takes 1-5 min):"
167
+ add_action " $reg_cmd"
168
+ fi
169
+
170
+ # ---------- 3. Subscription-level access ----------
171
+ ACCESS_OK=1
172
+ if ! az_run aks list --output none; then
173
+ ACCESS_OK=0
174
+ fi
175
+ if ! az_run deployment sub list --query "[0].name" --output tsv; then
176
+ ACCESS_OK=0
177
+ fi
178
+
179
+ if [[ $ACCESS_OK -eq 1 ]]; then
180
+ row "Subscription access (AKS + deployments)" "OK"
181
+ else
182
+ row "Subscription access (AKS + deployments)" "WARN - read access missing"
183
+ add_action "Ask the subscription owner to grant you 'Contributor' on subscription $SUB_NAME."
184
+ fi
185
+
186
+ # ---------- 4. Role-assignment rights ----------
187
+ # The template creates role assignments (Storage Blob Data Contributor on the
188
+ # storage account, Monitoring Metrics Publisher on the DCR, Network Contributor
189
+ # on the VNet). Writing role assignments requires Owner or User Access
190
+ # Administrator, NOT just Contributor. This is the single most common reason a
191
+ # turnkey deploy gets partway and then fails on the role-assignment resources.
192
+ if az_run role assignment list --assignee "$SUB_ID" --scope "/subscriptions/$SUB_ID" --query "[0].id" -o tsv; then
193
+ # We can at least read assignments. Probe for write capability via whoami roles.
194
+ if az_run role assignment list --assignee "$(az account show --query user.name -o tsv 2>/dev/null)" \
195
+ --query "[?roleDefinitionName=='Owner' || roleDefinitionName=='User Access Administrator'] | [0].roleDefinitionName" -o tsv \
196
+ && [[ -n "$AZ_STDOUT" ]]; then
197
+ row "Role-assignment rights (Owner / UAA)" "OK ($AZ_STDOUT)"
198
+ else
199
+ row "Role-assignment rights (Owner / UAA)" "WARN - not detected"
200
+ add_action "The deploy creates role assignments, which needs 'Owner' or 'User Access Administrator' (Contributor alone is NOT enough). Ask an admin to grant one of these on the target resource group, or to run the deploy."
201
+ fi
202
+ else
203
+ row "Role-assignment rights (Owner / UAA)" "WARN - could not read role assignments"
204
+ add_action "Could not verify role-assignment rights. The deploy creates role assignments and needs 'Owner' or 'User Access Administrator' on the target scope."
205
+ fi
206
+
207
+ # ---------- 5. Optional: existing resource group ----------
208
+ if [[ -n "$RESOURCE_GROUP" ]]; then
209
+ if az_run group show --name "$RESOURCE_GROUP" --output none; then
210
+ row "Resource group '$RESOURCE_GROUP'" "OK"
211
+ else
212
+ row "Resource group '$RESOURCE_GROUP'" "WARN - not found or no access"
213
+ add_action "Create or get access to resource group '$RESOURCE_GROUP'."
214
+ fi
215
+ fi
216
+
217
+ # ---------- 6. Regional vCPU quota ----------
218
+ quota_label="vCPU quota in $LOCATION (need ${REQUIRED_VCPU}+)"
219
+ usage=""; limit=""
220
+ if az_run vm list-usage --location "$LOCATION" \
221
+ --query "[?name.value=='cores'].currentValue | [0]" -o tsv; then
222
+ usage="$AZ_STDOUT"
223
+ fi
224
+ if az_run vm list-usage --location "$LOCATION" \
225
+ --query "[?name.value=='cores'].limit | [0]" -o tsv; then
226
+ limit="$AZ_STDOUT"
227
+ fi
228
+
229
+ if [[ -z "$usage" || -z "$limit" ]]; then
230
+ row "$quota_label" "WARN - could not read quota"
231
+ add_action "Manually check vCPU quota in the Azure Portal: Subscriptions → $SUB_NAME → Usage + quotas."
232
+ else
233
+ available=$((limit - usage))
234
+ if (( available < REQUIRED_VCPU )); then
235
+ row "$quota_label" "WARN ($available/$limit free)"
236
+ add_action "Request a vCPU quota increase in $LOCATION (Portal: Subscription → Usage + quotas → Request increase)."
237
+ else
238
+ row "$quota_label" "OK ($available/$limit free)"
239
+ fi
240
+ fi
241
+
242
+ # ---------- 7. Local tools ----------
243
+ if kubectl version --client=true >/dev/null 2>&1 && helm version >/dev/null 2>&1; then
244
+ row "Local tools (kubectl, helm)" "OK"
245
+ else
246
+ row "Local tools (kubectl, helm)" "FAIL"
247
+ add_action "Install kubectl and helm locally."
248
+ mark_blocker
249
+ fi
250
+
251
+ # ---------- summary ----------
252
+ printf "\n========================================\n"
253
+ if [[ $BLOCKERS -eq 0 && ${#ACTIONS[@]} -eq 0 ]]; then
254
+ printf "RESULT: READY - you can run the Bicep deploy.\n"
255
+ printf "========================================\n"
256
+ exit 0
257
+ elif [[ $BLOCKERS -eq 0 ]]; then
258
+ printf "RESULT: READY WITH WARNINGS\n"
259
+ printf "========================================\n"
260
+ printf "The deploy should work, but address these first if possible:\n"
261
+ else
262
+ printf "RESULT: NOT READY\n"
263
+ printf "========================================\n"
264
+ printf "Required actions:\n"
265
+ fi
266
+
267
+ i=1
268
+ for a in "${ACTIONS[@]}"; do
269
+ printf " %d. %s\n" "$i" "$a"
270
+ i=$((i + 1))
271
+ done
272
+
273
+ printf "\nRe-run this script after completing the actions above.\n"
274
+ printf "(Set VERBOSE=1 to see raw Azure error messages.)\n"
275
+
276
+ [[ $BLOCKERS -gt 0 ]] && exit 1 || exit 0
@@ -0,0 +1,30 @@
1
+ {
2
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
3
+ "contentVersion": "1.0.0.0",
4
+ "parameters": {
5
+ "clusterName": { "value": "rulebricks-cluster" },
6
+ "location": { "value": "eastus" },
7
+ "kubernetesVersion": { "value": "1.34" },
8
+ "nodeCount": { "value": 2 },
9
+ "maxNodeCount": { "value": 4 },
10
+ "nodeVmSize": { "value": "Standard_F4as_v6" },
11
+ "enableBurstPool": { "value": true },
12
+ "burstVmSize": { "value": "Standard_F16as_v6" },
13
+ "burstMaxCount": { "value": 1 },
14
+ "maxPods": { "value": 110 },
15
+ "osDiskSizeGB": { "value": 64 },
16
+ "osDiskType": { "value": "Managed" },
17
+
18
+ "enableExternalDns": { "value": false },
19
+ "dnsZoneResourceGroup": { "value": "" },
20
+
21
+ "createStorage": { "value": true },
22
+ "existingStorageAccountName": { "value": "" },
23
+ "enableDecisionLogExport": { "value": true },
24
+ "enableBackupExport": { "value": true },
25
+
26
+ "createMonitorWorkspace": { "value": true },
27
+ "existingDataCollectionRuleId": { "value": "" },
28
+ "enableMetricsRemoteWrite": { "value": true }
29
+ }
30
+ }