cyberia 2.99.8 → 3.0.2

package/src/api/user/user.router.js

@@ -99,22 +99,6 @@ const UserRouter = (options) => {
     #swagger.description = 'This endpoint get a JWT for authenticated user'
     #swagger.path = '/user/auth'
     #swagger.method = 'post'
-    #swagger.produces = ['application/json']
-    #swagger.consumes = ['application/json']
-
-    #swagger.requestBody = {
-      in: 'body',
-      description: 'User data',
-      required: true,
-      content: {
-          'application/json': {
-              schema: {
-                  $ref: '#/components/schemas/userLogInRequest'
-              }
-          }
-      }
-    }
-
     #swagger.responses[200] = {
       description: 'User created successfully',
       content: {
@@ -148,22 +132,6 @@ const UserRouter = (options) => {
       #swagger.description = 'This endpoint will create a new user account'
       #swagger.path = '/user'
       #swagger.method = 'post'
-      #swagger.produces = ['application/json']
-      #swagger.consumes = ['application/json']
-
-      #swagger.requestBody = {
-        in: 'body',
-        description: 'User data',
-        required: true,
-        content: {
-            'application/json': {
-                schema: {
-                    $ref: '#/components/schemas/userRequest'
-                }
-            }
-        }
-      }
-
       #swagger.responses[200] = {
         description: 'User created successfully',
         content: {
@@ -274,8 +242,6 @@ const UserRouter = (options) => {
       #swagger.description = 'This endpoint will update user data by ID'
       #swagger.path = '/user/{id}'
       #swagger.method = 'put'
-      #swagger.produces = ['application/json']
-      #swagger.consumes = ['application/json']
       #swagger.security = [{
         'bearerAuth': []
       }]
@@ -287,19 +253,6 @@ const UserRouter = (options) => {
           type: 'string'
       }
 
-      #swagger.requestBody = {
-        in: 'body',
-        description: 'User data',
-        required: true,
-        content: {
-            'application/json': {
-                schema: {
-                  $ref: '#/components/schemas/userRequest'
-                }
-            }
-        }
-      }
-
       #swagger.responses[200] = {
         description: 'User updated successfully',
         content: {

package/src/cli/baremetal.js

@@ -534,9 +534,6 @@ rm -rf ${artifacts.join(' ')}`);
       if (options.controlServerDbInstall === true) {
         // Deploy the database provider and manage MAAS database.
         shellExec(`node ${underpostRoot}/bin/deploy ${dbProviderId} install`);
-        shellExec(
-          `node ${underpostRoot}/bin/deploy pg-drop-db ${process.env.DB_PG_MAAS_NAME} ${process.env.DB_PG_MAAS_USER}`,
-        );
         shellExec(`node ${underpostRoot}/bin/deploy maas-db`);
         return;
       }
@@ -1150,8 +1147,9 @@ rm -rf ${artifacts.join(' ')}`);
           machine: machine ? machine.system_id : null,
         });
 
-        const { discovery, machine: discoveredMachine } =
-          await Underpost.baremetal.commissionMonitor(commissionMonitorPayload);
+        const { discovery, machine: discoveredMachine } = await Underpost.baremetal.commissionMonitor(
+          commissionMonitorPayload,
+        );
         if (discoveredMachine) machine = discoveredMachine;
       }
     },
@@ -2496,10 +2494,10 @@ fi
           const discoverHostname = discovery.hostname
             ? discovery.hostname
             : discovery.mac_organization
-              ? discovery.mac_organization
-              : discovery.domain
-                ? discovery.domain
-                : `generic-host-${s4()}${s4()}`;
+            ? discovery.mac_organization
+            : discovery.domain
+            ? discovery.domain
+            : `generic-host-${s4()}${s4()}`;
 
           console.log(discoverHostname.bgBlue.bold.white);
           console.log('ip target:'.green + ipAddress, 'ip discovered:'.green + discovery.ip);

package/src/cli/cluster.js

@@ -36,7 +36,7 @@ class UnderpostCluster {
      * @param {boolean} [options.mysql=false] - Deploy MySQL.
      * @param {boolean} [options.postgresql=false] - Deploy PostgreSQL.
      * @param {boolean} [options.valkey=false] - Deploy Valkey.
-     * @param {boolean} [options.full=false] - Deploy a full set of common components.
+     * @param {boolean} [options.ipfs=false] - Deploy ipfs-cluster statefulset.
      * @param {boolean} [options.info=false] - Display extensive Kubernetes cluster information.
      * @param {boolean} [options.certManager=false] - Deploy Cert-Manager for certificate management.
      * @param {boolean} [options.listPods=false] - List Kubernetes pods.
@@ -57,10 +57,10 @@ class UnderpostCluster {
      * @param {string} [options.prom=''] - Initialize the cluster with a Prometheus Operator deployment and monitor scrap for specified hosts.
      * @param {boolean} [options.uninstallHost=false] - Uninstall all host components.
      * @param {boolean} [options.config=false] - Apply general host configuration (SELinux, containerd, sysctl, firewalld).
-     * @param {boolean} [options.worker=false] - Configure as a worker node (for Kubeadm or K3s join).
      * @param {boolean} [options.chown=false] - Set up kubectl configuration for the current user.
      * @param {boolean} [options.removeVolumeHostPaths=false] - Remove data from host paths used by Persistent Volumes.
      * @param {string} [options.hosts] - Set custom hosts entries.
+     * @param {string} [options.replicas] - Set the number of replicas for certain deployments.
      * @memberof UnderpostCluster
      */
     async init(
@@ -73,7 +73,7 @@ class UnderpostCluster {
         mysql: false,
         postgresql: false,
         valkey: false,
-        full: false,
+        ipfs: false,
         info: false,
         certManager: false,
         listPods: false,
@@ -94,32 +94,28 @@ class UnderpostCluster {
         prom: '',
         uninstallHost: false,
         config: false,
-        worker: false,
         chown: false,
         removeVolumeHostPaths: false,
         hosts: '',
+        replicas: '',
       },
     ) {
-      // Handles initial host setup (installing docker, podman, kind, kubeadm, helm)
-      if (options.initHost === true) return Underpost.cluster.initHost();
+      if (options.initHost) return Underpost.cluster.initHost();
 
-      // Handles initial host setup (installing docker, podman, kind, kubeadm, helm)
-      if (options.uninstallHost === true) return Underpost.cluster.uninstallHost();
+      if (options.uninstallHost) return Underpost.cluster.uninstallHost();
 
-      // Applies general host configuration (SELinux, containerd, sysctl)
-      if (options.config === true) return Underpost.cluster.config();
+      if (options.config) return Underpost.cluster.config();
 
-      // Sets up kubectl configuration for the current user
-      if (options.chown === true) return Underpost.cluster.chown();
+      if (options.chown) return Underpost.cluster.chown();
 
       const npmRoot = getNpmRootPath();
-      const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
+      const underpostRoot = options.dev ? '.' : `${npmRoot}/underpost`;
 
-      if (options.listPods === true) return console.table(Underpost.deploy.get(podName ?? undefined));
+      if (options.listPods) return console.table(Underpost.deploy.get(podName ?? undefined));
       // Set default namespace if not specified
       if (!options.namespace) options.namespace = 'default';
 
-      if (options.nsUse && typeof options.nsUse === 'string') {
+      if (options.nsUse) {
         // Verify if namespace exists, create if not
         const namespaceExists = shellExec(`kubectl get namespace ${options.nsUse} --ignore-not-found -o name`, {
           stdout: true,
@@ -140,11 +136,14 @@ class UnderpostCluster {
       }
 
       // Reset Kubernetes cluster components (Kind/Kubeadm/K3s) and container runtimes
-      if (options.reset === true)
+      if (options.reset) {
+        const clusterType = options.k3s ? 'k3s' : options.kubeadm ? 'kubeadm' : 'kind';
         return await Underpost.cluster.safeReset({
           underpostRoot,
           removeVolumeHostPaths: options.removeVolumeHostPaths,
+          clusterType,
         });
+      }
 
       // Check if a cluster (Kind, Kubeadm, or K3s) is already initialized
       const alreadyKubeadmCluster = Underpost.deploy.get('calico-kube-controllers')[0];
@@ -153,67 +152,21 @@ class UnderpostCluster {
       const alreadyK3sCluster = Underpost.deploy.get('svclb-traefik')[0];
 
       // --- Kubeadm/Kind/K3s Cluster Initialization ---
-      // This block handles the initial setup of the Kubernetes cluster (control plane or worker).
-      // It prevents re-initialization if a cluster is already detected.
-      if (!options.worker && !alreadyKubeadmCluster && !alreadyKindCluster && !alreadyK3sCluster) {
+      if (!alreadyKubeadmCluster && !alreadyKindCluster && !alreadyK3sCluster) {
         Underpost.cluster.config();
-        if (options.k3s === true) {
+        if (options.k3s) {
           logger.info('Initializing K3s control plane...');
           // Install K3s
-          console.log('Installing K3s...');
+          logger.info('Installing K3s...');
           shellExec(`curl -sfL https://get.k3s.io | sh -`);
-          console.log('K3s installation completed.');
-
-          // Move k3s binary to /bin/k3s and make it executable
-          shellExec(`sudo mv /usr/local/bin/k3s /bin/k3s`);
-          shellExec(`sudo chmod +x /bin/k3s`);
-          console.log('K3s binary moved to /bin/k3s and made executable.');
+          logger.info('K3s installation completed.');
 
-          // Configure kubectl for the current user for K3s *before* checking readiness
-          // This ensures kubectl can find the K3s kubeconfig immediately after K3s installation.
           Underpost.cluster.chown('k3s');
 
-          // Wait for K3s to be ready
           logger.info('Waiting for K3s to be ready...');
-          let k3sReady = false;
-          let retries = 0;
-          const maxRetries = 20; // Increased retries for K3s startup
-          const delayMs = 5000; // 5 seconds
-
-          while (!k3sReady && retries < maxRetries) {
-            try {
-              // Explicitly use KUBECONFIG for kubectl commands to ensure it points to K3s config
-              const nodes = shellExec(`KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl get nodes -o json`, {
-                stdout: true,
-                silent: true,
-              });
-              const parsedNodes = JSON.parse(nodes);
-              if (
-                parsedNodes.items.some((node) =>
-                  node.status.conditions.some((cond) => cond.type === 'Ready' && cond.status === 'True'),
-                )
-              ) {
-                k3sReady = true;
-                logger.info('K3s cluster is ready.');
-              } else {
-                logger.info(`K3s not yet ready. Retrying in ${delayMs / 1000} seconds...`);
-                await new Promise((resolve) => setTimeout(resolve, delayMs));
-              }
-            } catch (error) {
-              logger.info(`Error checking K3s status: ${error.message}. Retrying in ${delayMs / 1000} seconds...`);
-              await new Promise((resolve) => setTimeout(resolve, delayMs));
-            }
-            retries++;
-          }
-
-          if (!k3sReady) {
-            logger.error('K3s cluster did not become ready in time. Please check the K3s logs.');
-            return;
-          }
-
-          // K3s includes local-path-provisioner by default, so no need to install explicitly.
-          logger.info('K3s comes with local-path-provisioner by default. Skipping explicit installation.');
-        } else if (options.kubeadm === true) {
+          shellExec(`sudo systemctl is-active --wait k3s || sudo systemctl wait --for=active k3s.service`);
+          logger.info('K3s service is active.');
+        } else if (options.kubeadm) {
           logger.info('Initializing Kubeadm control plane...');
           // Set default values if not provided
           const podNetworkCidr = options.podNetworkCidr || '192.168.0.0/16';
@@ -249,32 +202,22 @@ class UnderpostCluster {
           logger.info('Initializing Kind cluster...');
           shellExec(
             `cd ${underpostRoot}/manifests && kind create cluster --config kind-config${
-              options?.dev === true ? '-dev' : ''
+              options.dev ? '-dev' : ''
             }.yaml`,
           );
           Underpost.cluster.chown('kind'); // Pass 'kind' to chown
         }
-      } else if (options.worker === true) {
-        // Worker node specific configuration (kubeadm join command needs to be executed separately)
-        logger.info('Worker node configuration applied. Awaiting join command...');
-        // No direct cluster initialization here for workers. The `kubeadm join` or `k3s agent` command
-        // needs to be run on the worker after the control plane is up and a token is created.
-        // This part of the script is for general worker setup, not the join itself.
-      } else {
-        logger.warn('Cluster already initialized or worker flag not set for worker node.');
       }
 
       // --- Optional Component Deployments (Databases, Ingress, Cert-Manager) ---
       // These deployments happen after the base cluster is up.
 
-      if (options.full === true || options.dedicatedGpu === true) {
+      if (options.dedicatedGpu) {
         shellExec(`node ${underpostRoot}/bin/deploy nvidia-gpu-operator`);
-        shellExec(
-          `node ${underpostRoot}/bin/deploy kubeflow-spark-operator${options.kubeadm === true ? ' kubeadm' : ''}`,
-        );
+        shellExec(`node ${underpostRoot}/bin/deploy kubeflow-spark-operator${options.kubeadm ? ' kubeadm' : ''}`);
       }
 
-      if (options.grafana === true) {
+      if (options.grafana) {
         shellExec(`kubectl delete deployment grafana -n ${options.namespace} --ignore-not-found`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/grafana -n ${options.namespace}`);
         const yaml = `${fs
@@ -287,7 +230,7 @@ EOF
 `);
       }
 
-      if (options.prom && typeof options.prom === 'string') {
+      if (options.prom) {
         shellExec(`kubectl delete deployment prometheus --ignore-not-found`);
         shellExec(`kubectl delete configmap prometheus-config --ignore-not-found`);
         shellExec(`kubectl delete service prometheus --ignore-not-found`);
@@ -306,41 +249,26 @@ EOF
 `);
       }
 
-      if (options.full === true || options.valkey === true) {
-        if (options.pullImage === true) {
-          // shellExec(`sudo podman pull valkey/valkey:latest`);
-          if (!options.kubeadm && !options.k3s) {
-            // Only load if not kubeadm/k3s (Kind needs it)
-            shellExec(`docker pull valkey/valkey:latest`);
-            shellExec(`sudo kind load docker-image valkey/valkey:latest`);
-          } else if (options.kubeadm || options.k3s)
-            // For kubeadm/k3s, ensure it's available for containerd
-            shellExec(`sudo crictl pull valkey/valkey:latest`);
-        }
+      if (options.valkey) {
+        if (options.pullImage) Underpost.cluster.pullImage('valkey/valkey:latest', options);
         shellExec(`kubectl delete statefulset valkey-service -n ${options.namespace} --ignore-not-found`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/valkey -n ${options.namespace}`);
         await Underpost.test.statusMonitor('valkey-service', 'Running', 'pods', 1000, 60 * 10);
       }
-      if (options.full === true || options.mariadb === true) {
+      if (options.ipfs) {
+        await Underpost.ipfs.deploy(options, underpostRoot);
+      }
+      if (options.mariadb) {
         shellExec(
           `sudo kubectl create secret generic mariadb-secret --from-file=username=/home/dd/engine/engine-private/mariadb-username --from-file=password=/home/dd/engine/engine-private/mariadb-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
         shellExec(`kubectl delete statefulset mariadb-statefulset -n ${options.namespace} --ignore-not-found`);
 
-        if (options.pullImage === true) {
-          // shellExec(`sudo podman pull mariadb:latest`);
-          if (!options.kubeadm && !options.k3s) {
-            // Only load if not kubeadm/k3s (Kind needs it)
-            shellExec(`docker pull mariadb:latest`);
-            shellExec(`sudo kind load docker-image mariadb:latest`);
-          } else if (options.kubeadm || options.k3s)
-            // For kubeadm/k3s, ensure it's available for containerd
-            shellExec(`sudo crictl pull mariadb:latest`);
-        }
+        if (options.pullImage) Underpost.cluster.pullImage('mariadb:latest', options);
         shellExec(`kubectl apply -f ${underpostRoot}/manifests/mariadb/storage-class.yaml -n ${options.namespace}`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mariadb -n ${options.namespace}`);
       }
-      if (options.full === true || options.mysql === true) {
+      if (options.mysql) {
         shellExec(
           `sudo kubectl create secret generic mysql-secret --from-file=username=/home/dd/engine/engine-private/mysql-username --from-file=password=/home/dd/engine/engine-private/mysql-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
@@ -349,31 +277,15 @@ EOF
         shellExec(`sudo chown -R $(whoami):$(whoami) /mnt/data`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mysql -n ${options.namespace}`);
       }
-      if (options.full === true || options.postgresql === true) {
-        if (options.pullImage === true) {
-          if (!options.kubeadm && !options.k3s) {
-            // Only load if not kubeadm/k3s (Kind needs it)
-            shellExec(`docker pull postgres:latest`);
-            shellExec(`sudo kind load docker-image postgres:latest`);
-          } else if (options.kubeadm || options.k3s)
-            // For kubeadm/k3s, ensure it's available for containerd
-            shellExec(`sudo crictl pull postgres:latest`);
-        }
+      if (options.postgresql) {
+        if (options.pullImage) Underpost.cluster.pullImage('postgres:latest', options);
         shellExec(
           `sudo kubectl create secret generic postgres-secret --from-file=password=/home/dd/engine/engine-private/postgresql-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/postgresql -n ${options.namespace}`);
       }
-      if (options.mongodb4 === true) {
-        if (options.pullImage === true) {
-          if (!options.kubeadm && !options.k3s) {
-            // Only load if not kubeadm/k3s (Kind needs it)
-            shellExec(`docker pull mongo:4.4`);
-            shellExec(`sudo kind load docker-image mongo:4.4`);
-          } else if (options.kubeadm || options.k3s)
-            // For kubeadm/k3s, ensure it's available for containerd
-            shellExec(`sudo crictl pull mongo:4.4`);
-        }
+      if (options.mongodb4) {
+        if (options.pullImage) Underpost.cluster.pullImage('mongo:4.4', options);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb-4.4 -n ${options.namespace}`);
 
         const deploymentName = 'mongodb-deployment';
@@ -394,16 +306,8 @@ EOF
         --eval 'rs.initiate(${JSON.stringify(mongoConfig)})'`,
           );
         }
-      } else if (options.full === true || options.mongodb === true) {
-        if (options.pullImage === true) {
-          if (!options.kubeadm && !options.k3s) {
-            // Only load if not kubeadm/k3s (Kind needs it)
-            shellExec(`docker pull mongo:latest`);
-            shellExec(`sudo kind load docker-image mongo:latest`);
-          } else if (options.kubeadm || options.k3s)
-            // For kubeadm/k3s, ensure it's available for containerd
-            shellExec(`sudo crictl pull mongo:latest`);
-        }
+      } else if (options.mongodb) {
+        if (options.pullImage) Underpost.cluster.pullImage('mongo:latest', options);
         shellExec(
           `sudo kubectl create secret generic mongodb-keyfile --from-file=/home/dd/engine/engine-private/mongodb-keyfile --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
@@ -432,11 +336,11 @@ EOF
         }
       }
 
-      if (options.full === true || options.contour === true) {
+      if (options.contour) {
         shellExec(
           `kubectl apply -f https://cdn.jsdelivr.net/gh/projectcontour/contour@release-1.33/examples/render/contour.yaml`,
         );
-        if (options.kubeadm === true) {
+        if (options.kubeadm) {
           // Envoy service might need NodePort for kubeadm
           shellExec(
             `sudo kubectl apply -f ${underpostRoot}/manifests/envoy-service-nodeport.yaml -n ${options.namespace}`,
@@ -446,7 +350,7 @@ EOF
         // so a specific NodePort service might not be needed or can be configured differently.
       }
 
-      if (options.full === true || options.certManager === true) {
+      if (options.certManager) {
         if (!Underpost.deploy.get('cert-manager').find((p) => p.STATUS === 'Running')) {
           shellExec(`helm repo add jetstack https://charts.jetstack.io --force-update`);
           shellExec(
@@ -464,6 +368,32 @@ EOF
       }
     },
 
+    /**
+     * @method pullImage
+     * @description Pulls a container image using the appropriate runtime based on the cluster type.
+     * - For Kind clusters: pulls via Docker and loads the image into the Kind cluster.
+     * - For Kubeadm/K3s clusters: pulls via crictl (containerd).
+     * @param {string} image - The fully-qualified container image reference (e.g. 'mongo:latest').
+     * @param {object} options - The cluster options object from `init`.
+     * @param {boolean} [options.kubeadm=false] - Whether the cluster is Kubeadm-based.
+     * @param {boolean} [options.k3s=false] - Whether the cluster is K3s-based.
+     * @memberof UnderpostCluster
+     */
+    pullImage(image, options = { kubeadm: false, k3s: false }) {
+      if (!options.kubeadm && !options.k3s) {
+        const tarPath = `/tmp/kind-image-${image.replace(/[\/:]/g, '-')}.tar`;
+        shellExec(`docker pull ${image}`);
+        shellExec(`docker save ${image} -o ${tarPath}`);
+        shellExec(
+          `for node in $(kind get nodes); do cat ${tarPath} | docker exec -i $node ctr --namespace=k8s.io images import -; done`,
+        );
+        shellExec(`rm -f ${tarPath}`);
+      } else if (options.kubeadm || options.k3s) {
+        // Kubeadm / K3s: use crictl to pull directly into containerd
+        shellExec(`sudo crictl pull ${image}`);
+      }
+    },
+
     /**
      * @method config
      * @description Configures host-level settings required for Kubernetes.
@@ -570,12 +500,15 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
      * @description Performs a complete reset of the Kubernetes cluster and its container environments.
      * This version focuses on correcting persistent permission errors (such as 'permission denied'
      * in coredns) by restoring SELinux security contexts and safely cleaning up cluster artifacts.
+     * Only the uninstall/delete commands specific to the given clusterType are executed; all other
+     * cleanup steps (log truncation, filesystem, network) are always run as generic k8s resets.
      * @param {object} [options] - Configuration options for the reset.
      * @param {string} [options.underpostRoot] - The root path of the underpost project.
      * @param {boolean} [options.removeVolumeHostPaths=false] - Whether to remove data from host paths used by Persistent Volumes.
+     * @param {string} [options.clusterType='kind'] - The type of cluster to reset: 'kind', 'kubeadm', or 'k3s'.
      * @memberof UnderpostCluster
      */
-    async safeReset(options = { underpostRoot: '.', removeVolumeHostPaths: false }) {
+    async safeReset(options = { underpostRoot: '.', removeVolumeHostPaths: false, clusterType: 'kind' }) {
       logger.info('Starting a safe and comprehensive reset of Kubernetes and container environments...');
 
       try {
@@ -645,14 +578,22 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
         // Safely unmount pod filesystems to avoid errors.
         shellExec('sudo umount -f /var/lib/kubelet/pods/*/*');
 
-        // Phase 3: Execute official uninstallation commands
-        logger.info('Phase 3/7: Executing official reset and uninstallation commands...');
-        logger.info('  -> Executing kubeadm reset...');
-        shellExec('sudo kubeadm reset --force');
-        logger.info('  -> Executing K3s uninstallation script if it exists...');
-        shellExec('sudo /usr/local/bin/k3s-uninstall.sh');
-        logger.info('  -> Deleting Kind clusters...');
-        shellExec('kind get clusters | xargs -r -t -n1 kind delete cluster');
+        // Phase 3: Execute official uninstallation commands (type-specific)
+        const clusterType = options.clusterType || 'kind';
+        logger.info(
+          `Phase 3/7: Executing official reset/uninstallation commands for cluster type: '${clusterType}'...`,
+        );
+        if (clusterType === 'kubeadm') {
+          logger.info('  -> Executing kubeadm reset...');
+          shellExec('sudo kubeadm reset --force');
+        } else if (clusterType === 'k3s') {
+          logger.info('  -> Executing K3s uninstallation script if it exists...');
+          shellExec('sudo /usr/local/bin/k3s-uninstall.sh');
+        } else {
+          // Default: kind
+          logger.info('  -> Deleting Kind clusters...');
+          shellExec('kind get clusters | xargs -r -t -n1 kind delete cluster');
+        }
 
         // Phase 4: File system cleanup
         logger.info('Phase 4/7: Cleaning up remaining file system artifacts...');
@@ -672,9 +613,6 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
         // Remove iptables rules and CNI network interfaces.
         shellExec('sudo iptables -F');
         shellExec('sudo iptables -t nat -F');
-        // Restore iptables rules
-        shellExec(`chmod +x ${options.underpostRoot}/scripts/nat-iptables.sh`);
-        shellExec(`${options.underpostRoot}/scripts/nat-iptables.sh`, { silent: true });
         shellExec('sudo ip link del cni0');
         shellExec('sudo ip link del flannel.1');
 
@@ -772,6 +710,11 @@ EOF`);
       shellExec(`chmod +x /usr/local/bin/helm`);
       shellExec(`sudo mv /usr/local/bin/helm /bin/helm`);
       shellExec(`sudo rm -rf get_helm.sh`);
+
+      // Install snap
+      shellExec(`sudo yum install -y snapd`);
+      shellExec(`sudo systemctl enable --now snapd.socket`);
+
       console.log('Host prerequisites installed successfully.');
     },
 

package/src/cli/deploy.js

@@ -491,6 +491,7 @@ spec:
         retryPerTryTimeout: '',
         kindType: '',
         port: 0,
+        exposePort: 0,
         cmd: '',
       },
     ) {
@@ -573,11 +574,13 @@ EOF`);
         if (options.expose === true) {
           const kindType = options.kindType ? options.kindType : 'svc';
           const svc = Underpost.deploy.get(deployId, kindType)[0];
-          const port = options.port
-            ? options.port
-            : kindType !== 'svc'
-              ? 80
-              : parseInt(svc[`PORT(S)`].split('/TCP')[0]);
+          const port = options.exposePort
+            ? parseInt(options.exposePort)
+            : options.port
+              ? parseInt(options.port)
+              : kindType !== 'svc'
+                ? 80
+                : parseInt(svc[`PORT(S)`].split('/TCP')[0]);
           logger.info(deployId, {
             svc,
             port,