@rulebricks/cli 2.1.7 → 2.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +51 -16
- package/cluster-setup/aws/README.md +96 -47
- package/cluster-setup/aws/check-aws-access.sh +216 -52
- package/cluster-setup/aws/parameters.json +13 -0
- package/cluster-setup/aws/rulebricks-cluster.cfn.yaml +355 -0
- package/cluster-setup/azure/README.md +103 -55
- package/cluster-setup/azure/check-aks-prereqs.sh +236 -56
- package/cluster-setup/azure/parameters.json +30 -0
- package/cluster-setup/azure/rulebricks-cluster.bicep +546 -0
- package/cluster-setup/gcp/README.md +51 -34
- package/cluster-setup/gcp/check-gke-prereqs.sh +222 -60
- package/dist/commands/backup.d.ts +5 -0
- package/dist/commands/backup.js +104 -0
- package/dist/commands/deploy.d.ts +3 -1
- package/dist/commands/deploy.js +226 -326
- package/dist/commands/destroy.d.ts +1 -1
- package/dist/commands/destroy.js +73 -123
- package/dist/commands/init.d.ts +5 -1
- package/dist/commands/init.js +78 -54
- package/dist/commands/list.d.ts +1 -0
- package/dist/commands/list.js +74 -0
- package/dist/commands/open.d.ts +1 -1
- package/dist/commands/open.js +4 -12
- package/dist/commands/redeploy.d.ts +6 -0
- package/dist/commands/redeploy.js +310 -0
- package/dist/commands/restore.d.ts +5 -0
- package/dist/commands/restore.js +338 -0
- package/dist/commands/status.js +62 -49
- package/dist/commands/upgrade.js +74 -51
- package/dist/components/DNSWaitScreen.d.ts +5 -1
- package/dist/components/DNSWaitScreen.js +47 -41
- package/dist/components/Wizard/WizardContext.d.ts +157 -36
- package/dist/components/Wizard/WizardContext.js +872 -160
- package/dist/components/Wizard/steps/CloudProviderStep.js +192 -107
- package/dist/components/Wizard/steps/DomainStep.js +5 -24
- package/dist/components/Wizard/steps/ExternalServicesStep.d.ts +6 -0
- package/dist/components/Wizard/steps/ExternalServicesStep.js +645 -0
- package/dist/components/Wizard/steps/FeatureConfigStep.d.ts +2 -1
- package/dist/components/Wizard/steps/FeatureConfigStep.js +739 -425
- package/dist/components/Wizard/steps/FeaturesStep.js +31 -35
- package/dist/components/Wizard/steps/ObservabilityStep.d.ts +6 -0
- package/dist/components/Wizard/steps/ObservabilityStep.js +137 -0
- package/dist/components/Wizard/steps/ReviewStep.d.ts +2 -1
- package/dist/components/Wizard/steps/ReviewStep.js +56 -12
- package/dist/components/Wizard/steps/StorageStep.d.ts +9 -0
- package/dist/components/Wizard/steps/StorageStep.js +592 -0
- package/dist/components/Wizard/steps/SupabaseCredentialsStep.js +20 -21
- package/dist/components/Wizard/steps/VersionStep.js +45 -23
- package/dist/components/Wizard/steps/index.d.ts +3 -3
- package/dist/components/Wizard/steps/index.js +3 -3
- package/dist/components/common/CommandApproval.d.ts +12 -0
- package/dist/components/common/CommandApproval.js +91 -0
- package/dist/components/common/DeploymentPicker.d.ts +14 -0
- package/dist/components/common/DeploymentPicker.js +16 -0
- package/dist/components/common/index.d.ts +2 -0
- package/dist/components/common/index.js +2 -0
- package/dist/index.js +94 -62
- package/dist/lib/cloudCli.d.ts +134 -63
- package/dist/lib/cloudCli.js +512 -220
- package/dist/lib/clusterSetupDefaults.d.ts +30 -0
- package/dist/lib/clusterSetupDefaults.js +64 -0
- package/dist/lib/commandApproval.d.ts +26 -0
- package/dist/lib/commandApproval.js +114 -0
- package/dist/lib/config.d.ts +12 -10
- package/dist/lib/config.js +91 -33
- package/dist/lib/configFixtures.d.ts +5 -0
- package/dist/lib/configFixtures.js +513 -0
- package/dist/lib/deploymentHealth.d.ts +32 -0
- package/dist/lib/deploymentHealth.js +157 -0
- package/dist/lib/dns.d.ts +1 -1
- package/dist/lib/dns.js +19 -1
- package/dist/lib/dns.test.d.ts +1 -0
- package/dist/lib/dns.test.js +27 -0
- package/dist/lib/dockerHub.d.ts +12 -1
- package/dist/lib/dockerHub.js +18 -8
- package/dist/lib/helm.d.ts +4 -0
- package/dist/lib/helm.js +16 -0
- package/dist/lib/helmValues.d.ts +25 -0
- package/dist/lib/helmValues.js +1762 -289
- package/dist/lib/helmValues.test.d.ts +1 -0
- package/dist/lib/helmValues.test.js +966 -0
- package/dist/lib/htpasswd.d.ts +1 -0
- package/dist/lib/htpasswd.js +15 -0
- package/dist/lib/kubernetes.d.ts +124 -17
- package/dist/lib/kubernetes.js +576 -145
- package/dist/lib/secrets.d.ts +23 -0
- package/dist/lib/secrets.js +158 -0
- package/dist/lib/validateValues.d.ts +31 -0
- package/dist/lib/validateValues.js +253 -0
- package/dist/lib/versions.d.ts +82 -11
- package/dist/lib/versions.js +131 -31
- package/dist/lib/versions.test.d.ts +1 -0
- package/dist/lib/versions.test.js +81 -0
- package/dist/lib/wizardSteps.d.ts +14 -0
- package/dist/lib/wizardSteps.js +23 -0
- package/dist/lib/workloadIdentity.d.ts +26 -0
- package/dist/lib/workloadIdentity.js +323 -0
- package/dist/lib/workloadIdentity.test.d.ts +1 -0
- package/dist/lib/workloadIdentity.test.js +57 -0
- package/dist/types/index.d.ts +1860 -164
- package/dist/types/index.js +518 -295
- package/package.json +9 -4
- package/schema/values.schema.json +1934 -0
- package/cluster-setup/aws/cluster.yaml +0 -33
- package/cluster-setup/azure/main.bicep +0 -282
- package/cluster-setup/azure/main.parameters.json +0 -21
- package/dist/components/Wizard/steps/CredentialsStep.d.ts +0 -6
- package/dist/components/Wizard/steps/CredentialsStep.js +0 -22
- package/dist/components/Wizard/steps/DeploymentModeStep.d.ts +0 -5
- package/dist/components/Wizard/steps/DeploymentModeStep.js +0 -26
- package/dist/components/Wizard/steps/TierStep.d.ts +0 -6
- package/dist/components/Wizard/steps/TierStep.js +0 -29
- package/dist/lib/terraform.d.ts +0 -66
- package/dist/lib/terraform.js +0 -754
- package/terraform/aws/main.tf +0 -355
- package/terraform/azure/main.tf +0 -371
- package/terraform/gcp/main.tf +0 -407
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function generateHtpasswdLine(username: string, password: string): string;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import bcrypt from "bcryptjs";
|
|
2
|
+
const BCRYPT_COST = 10;
|
|
3
|
+
export function generateHtpasswdLine(username, password) {
|
|
4
|
+
const normalizedUsername = username.trim();
|
|
5
|
+
if (!normalizedUsername) {
|
|
6
|
+
throw new Error("Username is required");
|
|
7
|
+
}
|
|
8
|
+
if (normalizedUsername.includes(":")) {
|
|
9
|
+
throw new Error("Username cannot contain ':'");
|
|
10
|
+
}
|
|
11
|
+
if (!password) {
|
|
12
|
+
throw new Error("Password is required");
|
|
13
|
+
}
|
|
14
|
+
return `${normalizedUsername}:${bcrypt.hashSync(password, BCRYPT_COST)}`;
|
|
15
|
+
}
|
package/dist/lib/kubernetes.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { NodeArchitecture } from "../types/index.js";
|
|
2
2
|
/**
|
|
3
3
|
* Checks if kubectl is installed
|
|
4
4
|
*/
|
|
@@ -21,11 +21,36 @@ export declare function checkClusterAccessible(): Promise<string | null>;
|
|
|
21
21
|
*/
|
|
22
22
|
export declare function getCurrentContext(): Promise<string | null>;
|
|
23
23
|
/**
|
|
24
|
-
*
|
|
25
|
-
* This is used only for existing clusters, where the CLI is not responsible for
|
|
26
|
-
* provisioning node pools but still needs app/Kafka/worker Helm sizing values.
|
|
24
|
+
* Inferred resource and scheduling capabilities for the current cluster.
|
|
27
25
|
*/
|
|
28
|
-
export
|
|
26
|
+
export interface ClusterStorageClass {
|
|
27
|
+
name: string;
|
|
28
|
+
provisioner: string;
|
|
29
|
+
isDefault: boolean;
|
|
30
|
+
volumeBindingMode?: string;
|
|
31
|
+
allowVolumeExpansion?: boolean;
|
|
32
|
+
}
|
|
33
|
+
export interface ClusterCapabilities {
|
|
34
|
+
nodeArchitecture: NodeArchitecture;
|
|
35
|
+
arm64TolerationRequired: boolean;
|
|
36
|
+
schedulableNodeCount: number;
|
|
37
|
+
totalCpuCores: number;
|
|
38
|
+
totalMemoryGi: number;
|
|
39
|
+
eligibleCpuCores: number;
|
|
40
|
+
eligibleMemoryGi: number;
|
|
41
|
+
totalPersistentStorageGi?: number;
|
|
42
|
+
storageClasses: ClusterStorageClass[];
|
|
43
|
+
defaultStorageClass?: ClusterStorageClass;
|
|
44
|
+
storageClass?: string;
|
|
45
|
+
storageProvisioner?: string;
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Inspects the current cluster's node architecture, schedulable capacity, and
|
|
49
|
+
* storage classes. The CLI uses this to keep Helm values compatible with the
|
|
50
|
+
* Kubernetes resources the user has already made available (storage class, ARM
|
|
51
|
+
* tolerations, etc.); workload sizing itself follows the chart defaults.
|
|
52
|
+
*/
|
|
53
|
+
export declare function inferClusterCapabilities(): Promise<ClusterCapabilities | null>;
|
|
29
54
|
/**
|
|
30
55
|
* Gets pod status for the Rulebricks namespace
|
|
31
56
|
*/
|
|
@@ -97,6 +122,32 @@ export declare function streamLogs(podName: string, namespace?: string, options?
|
|
|
97
122
|
tail?: number;
|
|
98
123
|
container?: string;
|
|
99
124
|
}): Promise<void>;
|
|
125
|
+
export declare function execInPod(namespace: string, podName: string, container: string | undefined, args: string[]): Promise<string>;
|
|
126
|
+
export interface EphemeralJobOptions {
|
|
127
|
+
name: string;
|
|
128
|
+
namespace: string;
|
|
129
|
+
serviceAccountName: string;
|
|
130
|
+
image: string;
|
|
131
|
+
command: string[];
|
|
132
|
+
env?: Array<Record<string, unknown>>;
|
|
133
|
+
volumeMounts?: Array<Record<string, unknown>>;
|
|
134
|
+
volumes?: Array<Record<string, unknown>>;
|
|
135
|
+
initContainers?: Array<Record<string, unknown>>;
|
|
136
|
+
labels?: Record<string, string>;
|
|
137
|
+
backoffLimit?: number;
|
|
138
|
+
timeoutSeconds?: number;
|
|
139
|
+
}
|
|
140
|
+
export interface EphemeralJobResult {
|
|
141
|
+
jobName: string;
|
|
142
|
+
logs: string;
|
|
143
|
+
}
|
|
144
|
+
export declare function runEphemeralJob(options: EphemeralJobOptions): Promise<EphemeralJobResult>;
|
|
145
|
+
export declare function createJobFromCronJob(namespace: string, cronJobName: string, jobName: string): Promise<void>;
|
|
146
|
+
export declare function waitForJobComplete(namespace: string, jobName: string, timeoutSeconds?: number): Promise<string>;
|
|
147
|
+
export declare function getJobLogs(jobName: string, namespace: string): Promise<string>;
|
|
148
|
+
export declare function scaleDeployment(namespace: string, name: string, replicas: number): Promise<void>;
|
|
149
|
+
export declare function waitForDeploymentReady(namespace: string, name: string, timeoutSeconds?: number): Promise<void>;
|
|
150
|
+
export declare function getDeploymentReplicas(namespace: string, name: string): Promise<number | null>;
|
|
100
151
|
/**
|
|
101
152
|
* Callback type for receiving log lines from multiple pods
|
|
102
153
|
*/
|
|
@@ -140,35 +191,91 @@ export declare function deletePVCs(namespace: string, options?: {
|
|
|
140
191
|
wait?: boolean;
|
|
141
192
|
}): Promise<void>;
|
|
142
193
|
/**
|
|
143
|
-
*
|
|
144
|
-
*
|
|
145
|
-
*
|
|
194
|
+
* Strips finalizers from the custom resources whose controllers are torn down
|
|
195
|
+
* with the release, so the namespace can finalize instead of hanging in
|
|
196
|
+
* Terminating (NamespaceFinalizersRemaining). Best-effort per type — a missing
|
|
197
|
+
* CRD (feature disabled) or already-gone object is fine.
|
|
146
198
|
*/
|
|
147
|
-
export declare function
|
|
199
|
+
export declare function removeBlockingFinalizers(namespace: string): Promise<void>;
|
|
200
|
+
/**
|
|
201
|
+
* Deletes aggregated APIServices (apiregistration.k8s.io) whose backing service
|
|
202
|
+
* lives in the given namespace.
|
|
203
|
+
*
|
|
204
|
+
* Why this matters for teardown: an aggregated API (e.g. KEDA's
|
|
205
|
+
* v1beta1.external.metrics.k8s.io, prometheus-adapter's custom.metrics.k8s.io,
|
|
206
|
+
* etc.) is served by an in-namespace Service. When the namespace is torn down
|
|
207
|
+
* that Service disappears and the (cluster-scoped) APIService goes Unavailable
|
|
208
|
+
* with ServiceNotFound. The namespace controller must enumerate every API group
|
|
209
|
+
* to delete a namespace's contents, so a single broken APIService makes its
|
|
210
|
+
* discovery step fail and wedges the namespace in Terminating forever
|
|
211
|
+
* (NamespaceDeletionDiscoveryFailure) - which then rejects any reinstall into
|
|
212
|
+
* that namespace ("being terminated").
|
|
213
|
+
*
|
|
214
|
+
* Deleting these APIServices up front (they are going away with the namespace
|
|
215
|
+
* anyway) keeps discovery healthy so the namespace can finalize. This is
|
|
216
|
+
* generalized to ALL APIServices backed by the target namespace, not just KEDA,
|
|
217
|
+
* and is safe: cluster APIs backed by other namespaces (e.g. metrics-server in
|
|
218
|
+
* kube-system) are never matched. Listing APIService objects is served directly
|
|
219
|
+
* by kube-apiserver, so this also works to rescue an already-stuck namespace.
|
|
220
|
+
*
|
|
221
|
+
* Returns the names of the APIServices that were deleted.
|
|
222
|
+
*/
|
|
223
|
+
export declare function cleanupNamespaceAPIServices(namespace: string): Promise<string[]>;
|
|
148
224
|
/**
|
|
149
225
|
* Checks if a namespace exists
|
|
150
226
|
*/
|
|
151
227
|
export declare function namespaceExists(namespace: string): Promise<boolean>;
|
|
152
228
|
/**
|
|
153
|
-
*
|
|
154
|
-
*
|
|
229
|
+
* Removes this release's leftovers in the kube-system namespace. The
|
|
230
|
+
* kube-prometheus-stack prometheus-operator creates a "<release>-...-kubelet"
|
|
231
|
+
* Service there at runtime (via its --kubelet-service flag); it lives OUTSIDE the
|
|
232
|
+
* release namespace and is operator-created (not chart-templated), so
|
|
233
|
+
* `helm uninstall` never deletes it and one accumulates per deployment. Also
|
|
234
|
+
* sweeps any helm-labeled kube-system objects (exporter Services/Endpoints) a
|
|
235
|
+
* partial uninstall may have stranded. Scoped strictly to this release; matched
|
|
236
|
+
* by the release-name prefix so a coexisting deployment's kubelet Service is
|
|
237
|
+
* never touched. Best-effort — never blocks teardown.
|
|
155
238
|
*/
|
|
156
|
-
export declare function
|
|
239
|
+
export declare function cleanupKubeSystemLeftovers(releaseName: string): Promise<void>;
|
|
157
240
|
/**
|
|
158
|
-
*
|
|
159
|
-
*
|
|
241
|
+
* True only when no OTHER Rulebricks deployment remains on the cluster (besides
|
|
242
|
+
* `releaseName`). Gates deletion of cluster-SHARED resources (CRDs) so tearing
|
|
243
|
+
* down one deployment never cascade-deletes another deployment's custom
|
|
244
|
+
* resources. Deployments are named `rulebricks-<name>` for both the namespace and
|
|
245
|
+
* the helm release (see getNamespace/getReleaseName), so the "rulebricks-" prefix
|
|
246
|
+
* is a sound cluster-side signal. Fails CLOSED (returns false) if the cluster
|
|
247
|
+
* can't be enumerated — we never purge shared resources on uncertainty.
|
|
160
248
|
*/
|
|
161
|
-
export declare function
|
|
249
|
+
export declare function isLastRulebricksDeployment(releaseName: string): Promise<boolean>;
|
|
250
|
+
/**
|
|
251
|
+
* Deletes the cluster-scoped CRDs the chart installs from crds/ dirs (cert-
|
|
252
|
+
* manager, keda, strimzi, kube-prometheus-stack). CLUSTER-SHARED: deleting a CRD
|
|
253
|
+
* cascade-deletes every custom resource of that kind across ALL namespaces, so
|
|
254
|
+
* callers MUST gate this on isLastRulebricksDeployment() (or an explicit
|
|
255
|
+
* operator --purge) — never call it while another Rulebricks deployment exists.
|
|
256
|
+
* Best-effort, non-blocking; returns the CRD names removed.
|
|
257
|
+
*/
|
|
258
|
+
export declare function deleteRulebricksCRDs(): Promise<string[]>;
|
|
162
259
|
/**
|
|
163
260
|
* Deployed image versions from Kubernetes
|
|
164
261
|
*/
|
|
165
262
|
export interface DeployedVersions {
|
|
166
263
|
appVersion: string | null;
|
|
167
264
|
hpsVersion: string | null;
|
|
265
|
+
hpsWorkerVersion: string | null;
|
|
266
|
+
appDigest: string | null;
|
|
267
|
+
hpsDigests: string[];
|
|
268
|
+
hpsWorkerDigests: string[];
|
|
168
269
|
}
|
|
169
270
|
/**
|
|
170
|
-
*
|
|
171
|
-
*
|
|
271
|
+
* Extracts the version tag from a Docker image string.
|
|
272
|
+
* E.g., "rulebricks/rulebricks:v1.5.8" -> "v1.5.8"
|
|
273
|
+
*/
|
|
274
|
+
export declare function extractImageTag(image: string): string | null;
|
|
275
|
+
export declare function extractImageDigest(imageId: string): string | null;
|
|
276
|
+
/**
|
|
277
|
+
* Gets actual deployed image tags and running image digests from Kubernetes.
|
|
278
|
+
* HPS runs as StatefulSets, so digest checks inspect the pods behind those sets.
|
|
172
279
|
*
|
|
173
280
|
* @param releaseName - The Helm release name (e.g., "rulebricks")
|
|
174
281
|
* @param namespace - The Kubernetes namespace
|