cyberia 2.89.2 → 2.89.45

package/scripts/ip-info.sh

@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+# ip-info.sh
+# Retrieve information about an IP address or hostname
+# Usage: ip-info.sh <IP-or-hostname>
+
+set -euo pipefail
+IFS=$'
+	'
+
+if [[ ${#} -lt 1 ]]; then
+  echo "Usage: $0 <IP-or-hostname>"
+  exit 1
+fi
+TARGET="$1"
+
+# Detect package manager
+PKG_MANAGER=""
+if command -v dnf >/dev/null 2>&1; then
+  PKG_MANAGER=dnf
+elif command -v yum >/dev/null 2>&1; then
+  PKG_MANAGER=yum
+fi
+
+# Commands we need (bind-utils provides dig)
+REQUIRED_CMDS=(curl jq whois dig traceroute)
+PKGS=(curl jq whois bind-utils traceroute)
+
+missing=()
+for i in "${!REQUIRED_CMDS[@]}"; do
+  cmd=${REQUIRED_CMDS[$i]}
+  if ! command -v "$cmd" >/dev/null 2>&1; then
+    missing+=("${PKGS[$i]}")
+  fi
+done
+
+if [[ ${#missing[@]} -gt 0 ]]; then
+  if [[ -z "$PKG_MANAGER" ]]; then
+    echo "Missing packages: ${missing[*]}
+No supported package manager found. Install: ${missing[*]} and re-run."
+    exit 1
+  fi
+  if [[ $EUID -ne 0 && -z "$(command -v sudo)" ]]; then
+    echo "Missing packages: ${missing[*]}
+Run as root or install sudo."
+    exit 1
+  fi
+  echo "Installing missing: ${missing[*]}"
+  sudo $PKG_MANAGER install -y ${missing[*]} >/dev/null
+fi
+
+# Resolve to IP(s)
+resolve_ips(){
+  if getent ahosts "$TARGET" >/dev/null 2>&1; then
+    getent ahosts "$TARGET" | awk '{print $1}' | sort -u
+  else
+    dig +short "$TARGET" | awk '/^[0-9]/ {print $1}' | sort -u
+  fi
+}
+
+mapfile -t IPS < <(resolve_ips)
+if [[ ${#IPS[@]} -eq 0 ]]; then
+  IPS=("$TARGET")
+fi
+
+format(){
+  if command -v jq >/dev/null 2>&1; then
+    jq '.' 2>/dev/null || cat
+  else
+    cat
+  fi
+}
+
+for IP in "${IPS[@]}"; do
+  printf "
+===== %s (resolved: %s) =====
+
+" "$TARGET" "$IP"
+
+  echo "-- REVERSE DNS --"
+  dig -x "$IP" +short || true
+
+  echo "
+-- WHOIS --"
+  whois "$IP" | sed -n '1,80p' || true
+
+  echo "
+-- IPINFO (ipinfo.io) --"
+  curl -sS "https://ipinfo.io/$IP/json" | format || true
+
+  echo "
+-- IP-API (ip-api.com) --"
+  curl -sS "http://ip-api.com/json/$IP?fields=status,message,country,regionName,city,zip,lat,lon,timezone,isp,org,as,query" | format || true
+
+  echo "
+-- IPWHOIS (ipwhois.app) --"
+  curl -sS "https://ipwhois.app/json/$IP" | format || true
+
+  echo "
+-- GEOPLUGIN --"
+  curl -sS "http://www.geoplugin.net/json.gp?ip=$IP" | format || true
+
+  echo "
+-- TRACEROUTE --"
+  traceroute -m 20 "$IP" || true
+
+  if [[ "$TARGET" =~ [A-Za-z] ]]; then
+    echo "
+-- DNS RECORDS for $TARGET --"
+    dig +short A "$TARGET" || true
+    dig +short AAAA "$TARGET" || true
+    dig +short MX "$TARGET" || true
+    dig +short TXT "$TARGET" || true
+  fi
+
+  echo "
+===== done: $IP =====
+"
+done

package/scripts/rpmfusion-ffmpeg-setup.sh

@@ -32,6 +32,7 @@ echo "6) Try to install audio helper packages that sometimes block ffmpeg (ladsp
 # These may be provided by CRB/EPEL or other compatible repos
 dnf -y install ladspa || echo "ladspa not available from enabled repos (will try later)"
 dnf -y install rubberband || echo "rubberband not available from enabled repos (will try later)"
+dnf -y install libwebp-tools || echo "libwebp-tools not available from enabled repos (will try later)"
 
 echo "7) Try installing ffmpeg (several fallbacks tried)"
 if dnf -y install ffmpeg ffmpeg-devel --allowerasing; then

package/src/api/object-layer/object-layer.controller.js

@@ -34,6 +34,25 @@ const ObjectLayerController = {
       });
     }
   },
+  generateWebp: async (req, res, options) => {
+    try {
+      const result = await ObjectLayerService.generateWebp(req, res, options);
+      res.setHeader('Cross-Origin-Resource-Policy', 'cross-origin');
+      res.setHeader('Content-Type', 'image/webp');
+      res.setHeader(
+        'Content-Disposition',
+        `attachment; filename="${req.params.itemType}_${req.params.itemId}_${req.params.directionCode}.webp"`,
+      );
+      res.setHeader('Content-Length', result.length);
+      return res.status(200).end(result);
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
   put: async (req, res, options) => {
     try {
       const result = await ObjectLayerService.put(req, res, options);

package/src/api/object-layer/object-layer.router.js

@@ -16,6 +16,10 @@ const ObjectLayerRouter = (options) => {
 
   router.post(`/:id`, authMiddleware, async (req, res) => await ObjectLayerController.post(req, res, options));
   router.post(`/`, authMiddleware, async (req, res) => await ObjectLayerController.post(req, res, options));
+  router.get(
+    `/generate-webp/:itemType/:itemId/:directionCode`,
+    async (req, res) => await ObjectLayerController.generateWebp(req, res, options),
+  );
   router.get(`/render/:id`, authMiddleware, async (req, res) => await ObjectLayerController.get(req, res, options));
   router.get(`/metadata/:id`, authMiddleware, async (req, res) => await ObjectLayerController.get(req, res, options));
   router.get(

package/src/api/object-layer/object-layer.service.js

@@ -5,6 +5,7 @@ import fs from 'fs-extra';
 import crypto from 'crypto';
 import { ObjectLayerDto } from './object-layer.model.js';
 import { ObjectLayerEngine } from '../../server/object-layer.js';
+import { shellExec } from '../../server/process.js';
 const logger = loggerFactory(import.meta);
 
 const ObjectLayerService = {
@@ -250,6 +251,116 @@ const ObjectLayerService = {
     ]);
     return { data, total, page, totalPages: Math.ceil(total / limit) };
   },
+  generateWebp: async (req, res, options) => {
+    /** @type {import('./object-layer.model.js').ObjectLayerModel} */
+    const ObjectLayer = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.ObjectLayer;
+
+    // GET /generate-webp/:itemType/:itemId/:directionCode - Generate webp animation from PNG frames
+    const itemType = req.params.itemType;
+    const itemId = req.params.itemId;
+    const directionCode = req.params.directionCode;
+
+    if (!itemType || !itemId || !directionCode) {
+      throw new Error('Missing required parameters: itemType, itemId, directionCode');
+    }
+
+    // Path to the PNG frames directory
+    const framesFolder = `./src/client/public/cyberia/assets/${itemType}/${itemId}/${directionCode}`;
+
+    // Check if the folder exists
+    if (!fs.existsSync(framesFolder)) {
+      throw new Error(`Frames directory not found: ${framesFolder}`);
+    }
+
+    // Check if there are PNG files in the directory
+    const files = await fs.readdir(framesFolder);
+    const pngFiles = files.filter((file) => file.endsWith('.png')).sort();
+
+    if (pngFiles.length === 0) {
+      throw new Error(`No PNG frames found in directory: ${framesFolder}`);
+    }
+
+    logger.info(`Found ${pngFiles.length} PNG frames in ${framesFolder}`);
+
+    // Get frame duration from the object layer metadata
+    let frameDuration = 100; // Default to 100ms
+
+    try {
+      // Find object layer by itemType and itemId
+      const objectLayer = await ObjectLayer.findOne({
+        'data.item.type': itemType,
+        'data.item.id': itemId,
+      }).select(ObjectLayerDto.select.getMetadata());
+
+      if (objectLayer && objectLayer.data.render.frame_duration) {
+        frameDuration = objectLayer.data.render.frame_duration;
+        logger.info(`Using frame duration from object layer: ${frameDuration}ms`);
+      } else {
+        logger.warn(`Object layer not found or no frame_duration set, using default: ${frameDuration}ms`);
+      }
+    } catch (error) {
+      logger.warn(
+        `Error fetching object layer metadata: ${error.message}. Using default frame duration: ${frameDuration}ms`,
+      );
+    }
+
+    const tmpOutputFileName = `output_${Date.now()}_${Math.floor(Math.random() * 1000)}.webp`;
+
+    // Create temporary output file path
+    const tempOutputPath = `${framesFolder}/${tmpOutputFileName}`;
+
+    try {
+      // Change to the frames directory and execute img2webp command
+      const cmd = `cd "${framesFolder}" && img2webp -d ${frameDuration} -loop 0 *.png -o ${tmpOutputFileName}`;
+
+      logger.info(`Executing command: ${cmd}`);
+
+      const result = shellExec(cmd, { silent: false });
+
+      if (result.code !== 0) {
+        throw new Error(`img2webp command failed: ${result.stderr || result.stdout}`);
+      }
+
+      logger.info(`Successfully generated webp: ${tempOutputPath}`);
+
+      // Check if the output file was created
+      if (!fs.existsSync(tempOutputPath)) {
+        throw new Error(`Output file was not created: ${tempOutputPath}`);
+      }
+
+      // Read the webp file as a buffer
+      const webpBuffer = await fs.readFile(tempOutputPath);
+
+      logger.info(`WebP file size: ${webpBuffer.length} bytes`);
+
+      // Delete the temporary file after sending the response
+      // Use setImmediate to ensure the response is fully sent before cleanup
+      setImmediate(async () => {
+        try {
+          if (fs.existsSync(tempOutputPath)) {
+            await fs.remove(tempOutputPath);
+            logger.info(`Cleaned up temporary file: ${tempOutputPath}`);
+          }
+        } catch (cleanupError) {
+          logger.error(`Error cleaning up temporary file: ${cleanupError.message}`);
+        }
+      });
+
+      return webpBuffer;
+    } catch (error) {
+      // Clean up on error
+      try {
+        if (fs.existsSync(tempOutputPath)) {
+          await fs.remove(tempOutputPath);
+          logger.info(`Cleaned up temporary file after error: ${tempOutputPath}`);
+        }
+      } catch (cleanupError) {
+        logger.error(`Error cleaning up temporary file after error: ${cleanupError.message}`);
+      }
+
+      throw error;
+    }
+  },
   put: async (req, res, options) => {
     /** @type {import('./object-layer.model.js').ObjectLayerModel} */
     const ObjectLayer = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.ObjectLayer;

package/src/api/user/user.model.js

@@ -73,7 +73,16 @@ const ProviderSchema = UserSchema;
 const UserDto = {
   select: {
     get: () => {
-      return { _id: 1, username: 1, email: 1, role: 1, emailConfirmed: 1, profileImageId: 1 };
+      return {
+        _id: 1,
+        username: 1,
+        email: 1,
+        role: 1,
+        emailConfirmed: 1,
+        profileImageId: 1,
+        createdAt: 1,
+        updatedAt: 1,
+      };
     },
     getAll: () => {
       return { _id: 1 };

package/src/cli/cluster.js

@@ -44,12 +44,15 @@ class UnderpostCluster {
      * @param {boolean} [options.listPods=false] - List Kubernetes pods.
      * @param {boolean} [options.reset=false] - Perform a comprehensive reset of Kubernetes and container environments.
      * @param {boolean} [options.dev=false] - Run in development mode (adjusts paths).
-     * @param {string} [options.nsUse=''] - Set the current kubectl namespace.
+     * @param {string} [options.nsUse=''] - Set the current kubectl namespace (creates namespace if it doesn't exist).
+     * @param {string} [options.namespace='default'] - Kubernetes namespace for cluster operations.
      * @param {boolean} [options.infoCapacity=false] - Display resource capacity information for the cluster.
      * @param {boolean} [options.infoCapacityPod=false] - Display resource capacity information for pods.
      * @param {boolean} [options.pullImage=false] - Pull necessary Docker images before deployment.
      * @param {boolean} [options.dedicatedGpu=false] - Configure for dedicated GPU usage (e.g., NVIDIA GPU Operator).
      * @param {boolean} [options.kubeadm=false] - Initialize the cluster using Kubeadm.
+     * @param {string} [options.podNetworkCidr='192.168.0.0/16'] - Custom pod network CIDR for Kubeadm cluster initialization. Defaults to '192.168.0.0/16'.
+     * @param {string} [options.controlPlaneEndpoint=''] - Custom control plane endpoint for Kubeadm cluster initialization. Defaults to '${os.hostname()}:6443'.
      * @param {boolean} [options.k3s=false] - Initialize the cluster using K3s.
      * @param {boolean} [options.initHost=false] - Perform initial host setup (install Docker, Podman, Kind, Kubeadm, Helm).
      * @param {boolean} [options.grafana=false] - Initialize the cluster with a Grafana deployment.
@@ -58,6 +61,7 @@ class UnderpostCluster {
      * @param {boolean} [options.config=false] - Apply general host configuration (SELinux, containerd, sysctl, firewalld).
      * @param {boolean} [options.worker=false] - Configure as a worker node (for Kubeadm or K3s join).
      * @param {boolean} [options.chown=false] - Set up kubectl configuration for the current user.
+     * @param {boolean} [options.removeVolumeHostPaths=false] - Remove data from host paths used by Persistent Volumes.
      * @param {string} [options.hosts] - Set custom hosts entries.
      * @memberof UnderpostCluster
      */
@@ -78,11 +82,14 @@ class UnderpostCluster {
         reset: false,
         dev: false,
         nsUse: '',
+        namespace: 'default',
         infoCapacity: false,
         infoCapacityPod: false,
         pullImage: false,
         dedicatedGpu: false,
         kubeadm: false,
+        podNetworkCidr: '192.168.0.0/16',
+        controlPlaneEndpoint: '',
         k3s: false,
         initHost: false,
         grafana: false,
@@ -91,6 +98,7 @@ class UnderpostCluster {
         config: false,
         worker: false,
         chown: false,
+        removeVolumeHostPaths: false,
         hosts: '',
       },
     ) {
@@ -114,46 +122,35 @@ class UnderpostCluster {
       if (options.infoCapacity === true)
         return logger.info('', UnderpostCluster.API.getResourcesCapacity(options.kubeadm || options.k3s)); // Adjust for k3s
       if (options.listPods === true) return console.table(UnderpostDeploy.API.get(podName ?? undefined));
+      // Set default namespace if not specified
+      if (!options.namespace) options.namespace = 'default';
+
       if (options.nsUse && typeof options.nsUse === 'string') {
-        shellExec(`kubectl config set-context --current --namespace=${options.nsUse}`);
-        return;
-      }
-      if (options.info === true) {
-        shellExec(`kubectl config get-contexts`);
-        shellExec(`kubectl config get-clusters`);
-        shellExec(`kubectl get nodes -o wide`);
-        shellExec(`kubectl config view | grep namespace`);
-        shellExec(`kubectl get ns -o wide`);
-        shellExec(`kubectl get pvc --all-namespaces -o wide`);
-        shellExec(`kubectl get pv --all-namespaces -o wide`);
-        shellExec(`kubectl get cronjob --all-namespaces -o wide`);
-        shellExec(`kubectl get svc --all-namespaces -o wide`);
-        shellExec(`kubectl get statefulsets --all-namespaces -o wide`);
-        shellExec(`kubectl get deployments --all-namespaces -o wide`);
-        shellExec(`kubectl get configmap --all-namespaces -o wide`);
-        shellExec(`kubectl get pods --all-namespaces -o wide`);
-        shellExec(
-          `kubectl get pod --all-namespaces -o="custom-columns=NAME:.metadata.name,INIT-CONTAINERS:.spec.initContainers[*].name,CONTAINERS:.spec.containers[*].name"`,
-        );
-        shellExec(
-          `kubectl get pods --all-namespaces -o=jsonpath='{range .items[*]}{"\\n"}{.metadata.name}{":\\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'`,
-        );
-        shellExec(`sudo crictl images`);
-        console.log();
-        logger.info('contour -------------------------------------------------');
-        for (const _k of ['Cluster', 'HTTPProxy', 'ClusterIssuer', 'Certificate']) {
-          shellExec(`kubectl get ${_k} --all-namespaces -o wide`);
+        // Verify if namespace exists, create if not
+        const namespaceExists = shellExec(`kubectl get namespace ${options.nsUse} --ignore-not-found -o name`, {
+          stdout: true,
+          silent: true,
+        }).trim();
+
+        if (!namespaceExists) {
+          logger.info(`Namespace '${options.nsUse}' does not exist. Creating it...`);
+          shellExec(`kubectl create namespace ${options.nsUse}`);
+          logger.info(`Namespace '${options.nsUse}' created successfully.`);
+        } else {
+          logger.info(`Namespace '${options.nsUse}' already exists.`);
         }
-        logger.info('----------------------------------------------------------------');
-        shellExec(`kubectl get secrets --all-namespaces -o wide`);
-        shellExec(`docker secret ls`);
-        shellExec(`kubectl get crd --all-namespaces -o wide`);
-        shellExec(`sudo kubectl api-resources`);
+
+        shellExec(`kubectl config set-context --current --namespace=${options.nsUse}`);
+        logger.info(`Context switched to namespace: ${options.nsUse}`);
         return;
       }
 
       // Reset Kubernetes cluster components (Kind/Kubeadm/K3s) and container runtimes
-      if (options.reset === true) return await UnderpostCluster.API.safeReset({ underpostRoot });
+      if (options.reset === true)
+        return await UnderpostCluster.API.safeReset({
+          underpostRoot,
+          removeVolumeHostPaths: options.removeVolumeHostPaths,
+        });
 
       // Check if a cluster (Kind, Kubeadm, or K3s) is already initialized
       const alreadyKubeadmCluster = UnderpostDeploy.API.get('calico-kube-controllers')[0];
@@ -224,9 +221,13 @@ class UnderpostCluster {
           logger.info('K3s comes with local-path-provisioner by default. Skipping explicit installation.');
         } else if (options.kubeadm === true) {
           logger.info('Initializing Kubeadm control plane...');
+          // Set default values if not provided
+          const podNetworkCidr = options.podNetworkCidr || '192.168.0.0/16';
+          const controlPlaneEndpoint = options.controlPlaneEndpoint || `${os.hostname()}:6443`;
+
           // Initialize kubeadm control plane
           shellExec(
-            `sudo kubeadm init --pod-network-cidr=192.168.0.0/16 --control-plane-endpoint="${os.hostname()}:6443"`,
+            `sudo kubeadm init --pod-network-cidr=${podNetworkCidr} --control-plane-endpoint="${controlPlaneEndpoint}"`,
           );
           // Configure kubectl for the current user
           UnderpostCluster.API.chown('kubeadm'); // Pass 'kubeadm' to chown
@@ -236,7 +237,11 @@ class UnderpostCluster {
           shellExec(
             `sudo kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/tigera-operator.yaml`,
           );
+          shellExec(
+            `kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/custom-resources.yaml`,
+          );
           shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/kubeadm-calico-config.yaml`);
+
           // Untaint control plane node to allow scheduling pods
           const nodeName = os.hostname();
           shellExec(`kubectl taint nodes ${nodeName} node-role.kubernetes.io/control-plane:NoSchedule-`);
@@ -280,13 +285,13 @@ class UnderpostCluster {
       }
 
       if (options.grafana === true) {
-        shellExec(`kubectl delete deployment grafana --ignore-not-found`);
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/grafana`);
+        shellExec(`kubectl delete deployment grafana -n ${options.namespace} --ignore-not-found`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/grafana -n ${options.namespace}`);
         const yaml = `${fs
           .readFileSync(`${underpostRoot}/manifests/grafana/deployment.yaml`, 'utf8')
           .replace('{{GF_SERVER_ROOT_URL}}', options.hosts.split(',')[0])}`;
         console.log(yaml);
-        shellExec(`kubectl apply -f - <<EOF
+        shellExec(`kubectl apply -f - -n ${options.namespace} <<EOF
 ${yaml}
 EOF
 `);
@@ -305,7 +310,7 @@ EOF
             .join(',')}]`,
         )}`;
         console.log(yaml);
-        shellExec(`kubectl apply -f - <<EOF
+        shellExec(`kubectl apply -f - -n ${options.namespace} <<EOF
 ${yaml}
 EOF
 `);
@@ -334,15 +339,15 @@ EOF
             // For kubeadm/k3s, ensure it's available for containerd
             shellExec(`sudo crictl pull valkey/valkey:latest`);
         }
-        shellExec(`kubectl delete statefulset valkey-service --ignore-not-found`);
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/valkey`);
+        shellExec(`kubectl delete statefulset valkey-service -n ${options.namespace} --ignore-not-found`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/valkey -n ${options.namespace}`);
         await UnderpostTest.API.statusMonitor('valkey-service', 'Running', 'pods', 1000, 60);
       }
       if (options.full === true || options.mariadb === true) {
         shellExec(
-          `sudo kubectl create secret generic mariadb-secret --from-file=username=/home/dd/engine/engine-private/mariadb-username --from-file=password=/home/dd/engine/engine-private/mariadb-password --dry-run=client -o yaml | kubectl apply -f -`,
+          `sudo kubectl create secret generic mariadb-secret --from-file=username=/home/dd/engine/engine-private/mariadb-username --from-file=password=/home/dd/engine/engine-private/mariadb-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
-        shellExec(`kubectl delete statefulset mariadb-statefulset --ignore-not-found`);
+        shellExec(`kubectl delete statefulset mariadb-statefulset -n ${options.namespace} --ignore-not-found`);
 
         if (options.pullImage === true) {
           // shellExec(`sudo podman pull mariadb:latest`);
@@ -354,17 +359,17 @@ EOF
             // For kubeadm/k3s, ensure it's available for containerd
             shellExec(`sudo crictl pull mariadb:latest`);
         }
-        shellExec(`kubectl apply -f ${underpostRoot}/manifests/mariadb/storage-class.yaml`);
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mariadb`);
+        shellExec(`kubectl apply -f ${underpostRoot}/manifests/mariadb/storage-class.yaml -n ${options.namespace}`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mariadb -n ${options.namespace}`);
       }
       if (options.full === true || options.mysql === true) {
         shellExec(
-          `sudo kubectl create secret generic mysql-secret --from-file=username=/home/dd/engine/engine-private/mysql-username --from-file=password=/home/dd/engine/engine-private/mysql-password --dry-run=client -o yaml | kubectl apply -f -`,
+          `sudo kubectl create secret generic mysql-secret --from-file=username=/home/dd/engine/engine-private/mysql-username --from-file=password=/home/dd/engine/engine-private/mysql-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
         shellExec(`sudo mkdir -p /mnt/data`);
         shellExec(`sudo chmod 777 /mnt/data`);
         shellExec(`sudo chown -R root:root /mnt/data`);
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mysql`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mysql -n ${options.namespace}`);
       }
       if (options.full === true || options.postgresql === true) {
         if (options.pullImage === true) {
@@ -377,9 +382,9 @@ EOF
             shellExec(`sudo crictl pull postgres:latest`);
         }
         shellExec(
-          `sudo kubectl create secret generic postgres-secret --from-file=password=/home/dd/engine/engine-private/postgresql-password --dry-run=client -o yaml | kubectl apply -f -`,
+          `sudo kubectl create secret generic postgres-secret --from-file=password=/home/dd/engine/engine-private/postgresql-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/postgresql`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/postgresql -n ${options.namespace}`);
       }
       if (options.mongodb4 === true) {
         if (options.pullImage === true) {
@@ -391,7 +396,7 @@ EOF
             // For kubeadm/k3s, ensure it's available for containerd
             shellExec(`sudo crictl pull mongo:4.4`);
         }
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb-4.4`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb-4.4 -n ${options.namespace}`);
 
         const deploymentName = 'mongodb-deployment';
 
@@ -422,14 +427,14 @@ EOF
             shellExec(`sudo crictl pull mongo:latest`);
         }
         shellExec(
-          `sudo kubectl create secret generic mongodb-keyfile --from-file=/home/dd/engine/engine-private/mongodb-keyfile --dry-run=client -o yaml | kubectl apply -f -`,
+          `sudo kubectl create secret generic mongodb-keyfile --from-file=/home/dd/engine/engine-private/mongodb-keyfile --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
         shellExec(
-          `sudo kubectl create secret generic mongodb-secret --from-file=username=/home/dd/engine/engine-private/mongodb-username --from-file=password=/home/dd/engine/engine-private/mongodb-password --dry-run=client -o yaml | kubectl apply -f -`,
+          `sudo kubectl create secret generic mongodb-secret --from-file=username=/home/dd/engine/engine-private/mongodb-username --from-file=password=/home/dd/engine/engine-private/mongodb-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
-        shellExec(`kubectl delete statefulset mongodb --ignore-not-found`);
-        shellExec(`kubectl apply -f ${underpostRoot}/manifests/mongodb/storage-class.yaml`);
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb`);
+        shellExec(`kubectl delete statefulset mongodb -n ${options.namespace} --ignore-not-found`);
+        shellExec(`kubectl apply -f ${underpostRoot}/manifests/mongodb/storage-class.yaml -n ${options.namespace}`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb -n ${options.namespace}`);
 
         const successInstance = await UnderpostTest.API.statusMonitor('mongodb-0', 'Running', 'pods', 1000, 60 * 10);
 
@@ -453,7 +458,9 @@ EOF
         shellExec(`kubectl apply -f https://projectcontour.io/quickstart/contour.yaml`);
         if (options.kubeadm === true) {
           // Envoy service might need NodePort for kubeadm
-          shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/envoy-service-nodeport.yaml`);
+          shellExec(
+            `sudo kubectl apply -f ${underpostRoot}/manifests/envoy-service-nodeport.yaml -n ${options.namespace}`,
+          );
         }
         // K3s has a built-in LoadBalancer (Klipper-lb) that can expose services,
         // so a specific NodePort service might not be needed or can be configured differently.
@@ -473,7 +480,7 @@ EOF
 
         const letsEncName = 'letsencrypt-prod';
         shellExec(`sudo kubectl delete ClusterIssuer ${letsEncName} --ignore-not-found`);
-        shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/${letsEncName}.yaml`);
+        shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/${letsEncName}.yaml -n ${options.namespace}`);
       }
     },
 
@@ -585,9 +592,10 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
      * in coredns) by restoring SELinux security contexts and safely cleaning up cluster artifacts.
      * @param {object} [options] - Configuration options for the reset.
      * @param {string} [options.underpostRoot] - The root path of the underpost project.
+     * @param {boolean} [options.removeVolumeHostPaths=false] - Whether to remove data from host paths used by Persistent Volumes.
      * @memberof UnderpostCluster
      */
-    async safeReset(options = { underpostRoot: '.' }) {
+    async safeReset(options = { underpostRoot: '.', removeVolumeHostPaths: false }) {
       logger.info('Starting a safe and comprehensive reset of Kubernetes and container environments...');
 
       try {
@@ -614,25 +622,30 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
         // Phase 1: Clean up Persistent Volumes with hostPath
         // This targets data created by Kubernetes Persistent Volumes that use hostPath.
         logger.info('Phase 1/7: Cleaning Kubernetes hostPath volumes...');
-        try {
-          const pvListJson = shellExec(`kubectl get pv -o json || echo '{"items":[]}'`, { stdout: true, silent: true });
-          const pvList = JSON.parse(pvListJson);
-
-          if (pvList.items && pvList.items.length > 0) {
-            for (const pv of pvList.items) {
-              // Check if the PV uses hostPath and delete its contents
-              if (pv.spec.hostPath && pv.spec.hostPath.path) {
-                const hostPath = pv.spec.hostPath.path;
-                logger.info(`Removing data from host path for PV '${pv.metadata.name}': ${hostPath}`);
-                shellExec(`sudo rm -rf ${hostPath}/* || true`);
+        if (options.removeVolumeHostPaths)
+          try {
+            const pvListJson = shellExec(`kubectl get pv -o json || echo '{"items":[]}'`, {
+              stdout: true,
+              silent: true,
+            });
+            const pvList = JSON.parse(pvListJson);
+
+            if (pvList.items && pvList.items.length > 0) {
+              for (const pv of pvList.items) {
+                // Check if the PV uses hostPath and delete its contents
+                if (pv.spec.hostPath && pv.spec.hostPath.path) {
+                  const hostPath = pv.spec.hostPath.path;
+                  logger.info(`Removing data from host path for PV '${pv.metadata.name}': ${hostPath}`);
+                  shellExec(`sudo rm -rf ${hostPath}/* || true`);
+                }
               }
+            } else {
+              logger.info('No Persistent Volumes found with hostPath to clean up.');
             }
-          } else {
-            logger.info('No Persistent Volumes found with hostPath to clean up.');
+          } catch (error) {
+            logger.error('Failed to clean up Persistent Volumes:', error);
           }
-        } catch (error) {
-          logger.error('Failed to clean up Persistent Volumes:', error);
-        }
+        else logger.info('  -> Skipping hostPath volume cleanup as per configuration.');
         // Phase 2: Restore SELinux and stop services
         // This is critical for fixing the 'permission denied' error you experienced.
         // Enable SELinux permissive mode and restore file contexts.