@rulebricks/cli 2.1.7 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (117) hide show
  1. package/README.md +51 -16
  2. package/cluster-setup/aws/README.md +96 -47
  3. package/cluster-setup/aws/check-aws-access.sh +216 -52
  4. package/cluster-setup/aws/parameters.json +13 -0
  5. package/cluster-setup/aws/rulebricks-cluster.cfn.yaml +355 -0
  6. package/cluster-setup/azure/README.md +103 -55
  7. package/cluster-setup/azure/check-aks-prereqs.sh +236 -56
  8. package/cluster-setup/azure/parameters.json +30 -0
  9. package/cluster-setup/azure/rulebricks-cluster.bicep +546 -0
  10. package/cluster-setup/gcp/README.md +51 -34
  11. package/cluster-setup/gcp/check-gke-prereqs.sh +222 -60
  12. package/dist/commands/backup.d.ts +5 -0
  13. package/dist/commands/backup.js +104 -0
  14. package/dist/commands/deploy.d.ts +3 -1
  15. package/dist/commands/deploy.js +226 -326
  16. package/dist/commands/destroy.d.ts +1 -1
  17. package/dist/commands/destroy.js +73 -123
  18. package/dist/commands/init.d.ts +5 -1
  19. package/dist/commands/init.js +78 -54
  20. package/dist/commands/list.d.ts +1 -0
  21. package/dist/commands/list.js +74 -0
  22. package/dist/commands/open.d.ts +1 -1
  23. package/dist/commands/open.js +4 -12
  24. package/dist/commands/redeploy.d.ts +6 -0
  25. package/dist/commands/redeploy.js +310 -0
  26. package/dist/commands/restore.d.ts +5 -0
  27. package/dist/commands/restore.js +338 -0
  28. package/dist/commands/status.js +62 -49
  29. package/dist/commands/upgrade.js +74 -51
  30. package/dist/components/DNSWaitScreen.d.ts +5 -1
  31. package/dist/components/DNSWaitScreen.js +47 -41
  32. package/dist/components/Wizard/WizardContext.d.ts +157 -36
  33. package/dist/components/Wizard/WizardContext.js +872 -160
  34. package/dist/components/Wizard/steps/CloudProviderStep.js +192 -107
  35. package/dist/components/Wizard/steps/DomainStep.js +5 -24
  36. package/dist/components/Wizard/steps/ExternalServicesStep.d.ts +6 -0
  37. package/dist/components/Wizard/steps/ExternalServicesStep.js +645 -0
  38. package/dist/components/Wizard/steps/FeatureConfigStep.d.ts +2 -1
  39. package/dist/components/Wizard/steps/FeatureConfigStep.js +739 -425
  40. package/dist/components/Wizard/steps/FeaturesStep.js +31 -35
  41. package/dist/components/Wizard/steps/ObservabilityStep.d.ts +6 -0
  42. package/dist/components/Wizard/steps/ObservabilityStep.js +137 -0
  43. package/dist/components/Wizard/steps/ReviewStep.d.ts +2 -1
  44. package/dist/components/Wizard/steps/ReviewStep.js +56 -12
  45. package/dist/components/Wizard/steps/StorageStep.d.ts +9 -0
  46. package/dist/components/Wizard/steps/StorageStep.js +592 -0
  47. package/dist/components/Wizard/steps/SupabaseCredentialsStep.js +20 -21
  48. package/dist/components/Wizard/steps/VersionStep.js +45 -23
  49. package/dist/components/Wizard/steps/index.d.ts +3 -3
  50. package/dist/components/Wizard/steps/index.js +3 -3
  51. package/dist/components/common/CommandApproval.d.ts +12 -0
  52. package/dist/components/common/CommandApproval.js +91 -0
  53. package/dist/components/common/DeploymentPicker.d.ts +14 -0
  54. package/dist/components/common/DeploymentPicker.js +16 -0
  55. package/dist/components/common/index.d.ts +2 -0
  56. package/dist/components/common/index.js +2 -0
  57. package/dist/index.js +94 -62
  58. package/dist/lib/cloudCli.d.ts +134 -63
  59. package/dist/lib/cloudCli.js +512 -220
  60. package/dist/lib/clusterSetupDefaults.d.ts +30 -0
  61. package/dist/lib/clusterSetupDefaults.js +64 -0
  62. package/dist/lib/commandApproval.d.ts +26 -0
  63. package/dist/lib/commandApproval.js +114 -0
  64. package/dist/lib/config.d.ts +12 -10
  65. package/dist/lib/config.js +91 -33
  66. package/dist/lib/configFixtures.d.ts +5 -0
  67. package/dist/lib/configFixtures.js +513 -0
  68. package/dist/lib/deploymentHealth.d.ts +32 -0
  69. package/dist/lib/deploymentHealth.js +157 -0
  70. package/dist/lib/dns.d.ts +1 -1
  71. package/dist/lib/dns.js +19 -1
  72. package/dist/lib/dns.test.d.ts +1 -0
  73. package/dist/lib/dns.test.js +27 -0
  74. package/dist/lib/dockerHub.d.ts +12 -1
  75. package/dist/lib/dockerHub.js +18 -8
  76. package/dist/lib/helm.d.ts +4 -0
  77. package/dist/lib/helm.js +16 -0
  78. package/dist/lib/helmValues.d.ts +25 -0
  79. package/dist/lib/helmValues.js +1762 -289
  80. package/dist/lib/helmValues.test.d.ts +1 -0
  81. package/dist/lib/helmValues.test.js +966 -0
  82. package/dist/lib/htpasswd.d.ts +1 -0
  83. package/dist/lib/htpasswd.js +15 -0
  84. package/dist/lib/kubernetes.d.ts +124 -17
  85. package/dist/lib/kubernetes.js +576 -145
  86. package/dist/lib/secrets.d.ts +23 -0
  87. package/dist/lib/secrets.js +158 -0
  88. package/dist/lib/validateValues.d.ts +31 -0
  89. package/dist/lib/validateValues.js +253 -0
  90. package/dist/lib/versions.d.ts +82 -11
  91. package/dist/lib/versions.js +131 -31
  92. package/dist/lib/versions.test.d.ts +1 -0
  93. package/dist/lib/versions.test.js +81 -0
  94. package/dist/lib/wizardSteps.d.ts +14 -0
  95. package/dist/lib/wizardSteps.js +23 -0
  96. package/dist/lib/workloadIdentity.d.ts +26 -0
  97. package/dist/lib/workloadIdentity.js +323 -0
  98. package/dist/lib/workloadIdentity.test.d.ts +1 -0
  99. package/dist/lib/workloadIdentity.test.js +57 -0
  100. package/dist/types/index.d.ts +1860 -164
  101. package/dist/types/index.js +518 -295
  102. package/package.json +9 -4
  103. package/schema/values.schema.json +1934 -0
  104. package/cluster-setup/aws/cluster.yaml +0 -33
  105. package/cluster-setup/azure/main.bicep +0 -282
  106. package/cluster-setup/azure/main.parameters.json +0 -21
  107. package/dist/components/Wizard/steps/CredentialsStep.d.ts +0 -6
  108. package/dist/components/Wizard/steps/CredentialsStep.js +0 -22
  109. package/dist/components/Wizard/steps/DeploymentModeStep.d.ts +0 -5
  110. package/dist/components/Wizard/steps/DeploymentModeStep.js +0 -26
  111. package/dist/components/Wizard/steps/TierStep.d.ts +0 -6
  112. package/dist/components/Wizard/steps/TierStep.js +0 -29
  113. package/dist/lib/terraform.d.ts +0 -66
  114. package/dist/lib/terraform.js +0 -754
  115. package/terraform/aws/main.tf +0 -355
  116. package/terraform/azure/main.tf +0 -371
  117. package/terraform/gcp/main.tf +0 -407
@@ -0,0 +1 @@
1
+ export declare function generateHtpasswdLine(username: string, password: string): string;
@@ -0,0 +1,15 @@
1
+ import bcrypt from "bcryptjs";
2
+ const BCRYPT_COST = 10;
3
+ export function generateHtpasswdLine(username, password) {
4
+ const normalizedUsername = username.trim();
5
+ if (!normalizedUsername) {
6
+ throw new Error("Username is required");
7
+ }
8
+ if (normalizedUsername.includes(":")) {
9
+ throw new Error("Username cannot contain ':'");
10
+ }
11
+ if (!password) {
12
+ throw new Error("Password is required");
13
+ }
14
+ return `${normalizedUsername}:${bcrypt.hashSync(password, BCRYPT_COST)}`;
15
+ }
@@ -1,4 +1,4 @@
1
- import { CloudProvider, PerformanceTier } from "../types/index.js";
1
+ import { NodeArchitecture } from "../types/index.js";
2
2
  /**
3
3
  * Checks if kubectl is installed
4
4
  */
@@ -21,11 +21,36 @@ export declare function checkClusterAccessible(): Promise<string | null>;
21
21
  */
22
22
  export declare function getCurrentContext(): Promise<string | null>;
23
23
  /**
24
- * Infers the closest internal Rulebricks sizing tier from the current cluster.
25
- * This is used only for existing clusters, where the CLI is not responsible for
26
- * provisioning node pools but still needs app/Kafka/worker Helm sizing values.
24
+ * Inferred resource and scheduling capabilities for the current cluster.
27
25
  */
28
- export declare function inferClusterTier(): Promise<PerformanceTier | null>;
26
+ export interface ClusterStorageClass {
27
+ name: string;
28
+ provisioner: string;
29
+ isDefault: boolean;
30
+ volumeBindingMode?: string;
31
+ allowVolumeExpansion?: boolean;
32
+ }
33
+ export interface ClusterCapabilities {
34
+ nodeArchitecture: NodeArchitecture;
35
+ arm64TolerationRequired: boolean;
36
+ schedulableNodeCount: number;
37
+ totalCpuCores: number;
38
+ totalMemoryGi: number;
39
+ eligibleCpuCores: number;
40
+ eligibleMemoryGi: number;
41
+ totalPersistentStorageGi?: number;
42
+ storageClasses: ClusterStorageClass[];
43
+ defaultStorageClass?: ClusterStorageClass;
44
+ storageClass?: string;
45
+ storageProvisioner?: string;
46
+ }
47
+ /**
48
+ * Inspects the current cluster's node architecture, schedulable capacity, and
49
+ * storage classes. The CLI uses this to keep Helm values compatible with the
50
+ * Kubernetes resources the user has already made available (storage class, ARM
51
+ * tolerations, etc.); workload sizing itself follows the chart defaults.
52
+ */
53
+ export declare function inferClusterCapabilities(): Promise<ClusterCapabilities | null>;
29
54
  /**
30
55
  * Gets pod status for the Rulebricks namespace
31
56
  */
@@ -97,6 +122,32 @@ export declare function streamLogs(podName: string, namespace?: string, options?
97
122
  tail?: number;
98
123
  container?: string;
99
124
  }): Promise<void>;
125
+ export declare function execInPod(namespace: string, podName: string, container: string | undefined, args: string[]): Promise<string>;
126
+ export interface EphemeralJobOptions {
127
+ name: string;
128
+ namespace: string;
129
+ serviceAccountName: string;
130
+ image: string;
131
+ command: string[];
132
+ env?: Array<Record<string, unknown>>;
133
+ volumeMounts?: Array<Record<string, unknown>>;
134
+ volumes?: Array<Record<string, unknown>>;
135
+ initContainers?: Array<Record<string, unknown>>;
136
+ labels?: Record<string, string>;
137
+ backoffLimit?: number;
138
+ timeoutSeconds?: number;
139
+ }
140
+ export interface EphemeralJobResult {
141
+ jobName: string;
142
+ logs: string;
143
+ }
144
+ export declare function runEphemeralJob(options: EphemeralJobOptions): Promise<EphemeralJobResult>;
145
+ export declare function createJobFromCronJob(namespace: string, cronJobName: string, jobName: string): Promise<void>;
146
+ export declare function waitForJobComplete(namespace: string, jobName: string, timeoutSeconds?: number): Promise<string>;
147
+ export declare function getJobLogs(jobName: string, namespace: string): Promise<string>;
148
+ export declare function scaleDeployment(namespace: string, name: string, replicas: number): Promise<void>;
149
+ export declare function waitForDeploymentReady(namespace: string, name: string, timeoutSeconds?: number): Promise<void>;
150
+ export declare function getDeploymentReplicas(namespace: string, name: string): Promise<number | null>;
100
151
  /**
101
152
  * Callback type for receiving log lines from multiple pods
102
153
  */
@@ -140,35 +191,91 @@ export declare function deletePVCs(namespace: string, options?: {
140
191
  wait?: boolean;
141
192
  }): Promise<void>;
142
193
  /**
143
- * Removes finalizers from KEDA ScaledObjects to prevent namespace deletion from hanging.
144
- * KEDA finalizers wait for the KEDA controller to clean up, but if KEDA is being deleted
145
- * with the namespace, this causes a deadlock.
194
+ * Strips finalizers from the custom resources whose controllers are torn down
195
+ * with the release, so the namespace can finalize instead of hanging in
196
+ * Terminating (NamespaceFinalizersRemaining). Best-effort per type a missing
197
+ * CRD (feature disabled) or already-gone object is fine.
146
198
  */
147
- export declare function removeKedaFinalizers(namespace: string): Promise<void>;
199
+ export declare function removeBlockingFinalizers(namespace: string): Promise<void>;
200
+ /**
201
+ * Deletes aggregated APIServices (apiregistration.k8s.io) whose backing service
202
+ * lives in the given namespace.
203
+ *
204
+ * Why this matters for teardown: an aggregated API (e.g. KEDA's
205
+ * v1beta1.external.metrics.k8s.io, prometheus-adapter's custom.metrics.k8s.io,
206
+ * etc.) is served by an in-namespace Service. When the namespace is torn down
207
+ * that Service disappears and the (cluster-scoped) APIService goes Unavailable
208
+ * with ServiceNotFound. The namespace controller must enumerate every API group
209
+ * to delete a namespace's contents, so a single broken APIService makes its
210
+ * discovery step fail and wedges the namespace in Terminating forever
211
+ * (NamespaceDeletionDiscoveryFailure) - which then rejects any reinstall into
212
+ * that namespace ("being terminated").
213
+ *
214
+ * Deleting these APIServices up front (they are going away with the namespace
215
+ * anyway) keeps discovery healthy so the namespace can finalize. This is
216
+ * generalized to ALL APIServices backed by the target namespace, not just KEDA,
217
+ * and is safe: cluster APIs backed by other namespaces (e.g. metrics-server in
218
+ * kube-system) are never matched. Listing APIService objects is served directly
219
+ * by kube-apiserver, so this also works to rescue an already-stuck namespace.
220
+ *
221
+ * Returns the names of the APIServices that were deleted.
222
+ */
223
+ export declare function cleanupNamespaceAPIServices(namespace: string): Promise<string[]>;
148
224
  /**
149
225
  * Checks if a namespace exists
150
226
  */
151
227
  export declare function namespaceExists(namespace: string): Promise<boolean>;
152
228
  /**
153
- * Waits for cluster to be accessible with retries.
154
- * EKS IAM authentication can take time to propagate after cluster creation.
229
+ * Removes this release's leftovers in the kube-system namespace. The
230
+ * kube-prometheus-stack prometheus-operator creates a "<release>-...-kubelet"
231
+ * Service there at runtime (via its --kubelet-service flag); it lives OUTSIDE the
232
+ * release namespace and is operator-created (not chart-templated), so
233
+ * `helm uninstall` never deletes it and one accumulates per deployment. Also
234
+ * sweeps any helm-labeled kube-system objects (exporter Services/Endpoints) a
235
+ * partial uninstall may have stranded. Scoped strictly to this release; matched
236
+ * by the release-name prefix so a coexisting deployment's kubelet Service is
237
+ * never touched. Best-effort — never blocks teardown.
155
238
  */
156
- export declare function waitForClusterAccess(maxRetries?: number, delayMs?: number): Promise<void>;
239
+ export declare function cleanupKubeSystemLeftovers(releaseName: string): Promise<void>;
157
240
  /**
158
- * Creates default StorageClass for the cloud provider.
159
- * Should be called after kubeconfig is configured and cluster is accessible.
241
+ * True only when no OTHER Rulebricks deployment remains on the cluster (besides
242
+ * `releaseName`). Gates deletion of cluster-SHARED resources (CRDs) so tearing
243
+ * down one deployment never cascade-deletes another deployment's custom
244
+ * resources. Deployments are named `rulebricks-<name>` for both the namespace and
245
+ * the helm release (see getNamespace/getReleaseName), so the "rulebricks-" prefix
246
+ * is a sound cluster-side signal. Fails CLOSED (returns false) if the cluster
247
+ * can't be enumerated — we never purge shared resources on uncertainty.
160
248
  */
161
- export declare function createDefaultStorageClass(provider: CloudProvider): Promise<void>;
249
+ export declare function isLastRulebricksDeployment(releaseName: string): Promise<boolean>;
250
+ /**
251
+ * Deletes the cluster-scoped CRDs the chart installs from crds/ dirs (cert-
252
+ * manager, keda, strimzi, kube-prometheus-stack). CLUSTER-SHARED: deleting a CRD
253
+ * cascade-deletes every custom resource of that kind across ALL namespaces, so
254
+ * callers MUST gate this on isLastRulebricksDeployment() (or an explicit
255
+ * operator --purge) — never call it while another Rulebricks deployment exists.
256
+ * Best-effort, non-blocking; returns the CRD names removed.
257
+ */
258
+ export declare function deleteRulebricksCRDs(): Promise<string[]>;
162
259
  /**
163
260
  * Deployed image versions from Kubernetes
164
261
  */
165
262
  export interface DeployedVersions {
166
263
  appVersion: string | null;
167
264
  hpsVersion: string | null;
265
+ hpsWorkerVersion: string | null;
266
+ appDigest: string | null;
267
+ hpsDigests: string[];
268
+ hpsWorkerDigests: string[];
168
269
  }
169
270
  /**
170
- * Gets the actual deployed image versions from Kubernetes deployments.
171
- * Queries the app and HPS deployments to get their current image tags.
271
+ * Extracts the version tag from a Docker image string.
272
+ * E.g., "rulebricks/rulebricks:v1.5.8" -> "v1.5.8"
273
+ */
274
+ export declare function extractImageTag(image: string): string | null;
275
+ export declare function extractImageDigest(imageId: string): string | null;
276
+ /**
277
+ * Gets actual deployed image tags and running image digests from Kubernetes.
278
+ * HPS runs as StatefulSets, so digest checks inspect the pods behind those sets.
172
279
  *
173
280
  * @param releaseName - The Helm release name (e.g., "rulebricks")
174
281
  * @param namespace - The Kubernetes namespace