cyberia 3.1.3 → 3.2.9

package/manifests/deployment/dd-test-development/deployment.yaml

@@ -6,6 +6,7 @@ metadata:
   namespace: default
   labels:
     app: dd-test-development-blue
+    deploy-id: dd-test-development
 spec:
   replicas: 1
   selector:
@@ -15,28 +16,24 @@ spec:
     metadata:
       labels:
         app: dd-test-development-blue
+        deploy-id: dd-test-development
     spec:
       containers:
         - name: dd-test-development-blue
-          image: localhost/rockylinux9-underpost:v3.1.3
+          image: underpost/underpost-engine:v3.2.9
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - secretRef:
+                name: underpost-config
 
           command:
             - /bin/sh
             - -c
             - >
-              npm install -g npm@11.2.0 && npm install -g underpost && underpost secret underpost --create-from-file /etc/config/.env.development && underpost start --build --run dd-test development
-
-    
-          volumeMounts:
-            - name: config-volume-dd-test-development-blue
-              mountPath: /etc/config
-    
-      volumes:
-        - name: config-volume-dd-test-development-blue
-          configMap:
-            name: underpost-config
-    
-      
+              underpost secret underpost --create-from-env &&
+              underpost start --build --run dd-test development
+
+
 ---
 apiVersion: v1
 kind: Service
@@ -47,6 +44,51 @@ spec:
   selector:
     app: dd-test-development-blue
   ports:
+    - name: 'tcp-4033'
+      protocol: TCP
+      port: 4033
+      targetPort: 4033
+    - name: 'udp-4033'
+      protocol: UDP
+      port: 4033
+      targetPort: 4033
+
+    - name: 'tcp-4034'
+      protocol: TCP
+      port: 4034
+      targetPort: 4034
+    - name: 'udp-4034'
+      protocol: UDP
+      port: 4034
+      targetPort: 4034
+
+    - name: 'tcp-4035'
+      protocol: TCP
+      port: 4035
+      targetPort: 4035
+    - name: 'udp-4035'
+      protocol: UDP
+      port: 4035
+      targetPort: 4035
+
+    - name: 'tcp-4036'
+      protocol: TCP
+      port: 4036
+      targetPort: 4036
+    - name: 'udp-4036'
+      protocol: UDP
+      port: 4036
+      targetPort: 4036
+
+    - name: 'tcp-4037'
+      protocol: TCP
+      port: 4037
+      targetPort: 4037
+    - name: 'udp-4037'
+      protocol: UDP
+      port: 4037
+      targetPort: 4037
+
     - name: 'tcp-4038'
       protocol: TCP
       port: 4038
@@ -91,6 +133,7 @@ metadata:
   namespace: default
   labels:
     app: dd-test-development-green
+    deploy-id: dd-test-development
 spec:
   replicas: 1
   selector:
@@ -100,28 +143,24 @@ spec:
     metadata:
       labels:
         app: dd-test-development-green
+        deploy-id: dd-test-development
     spec:
       containers:
         - name: dd-test-development-green
-          image: localhost/rockylinux9-underpost:v3.1.3
+          image: underpost/underpost-engine:v3.2.9
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - secretRef:
+                name: underpost-config
 
           command:
             - /bin/sh
             - -c
             - >
-              npm install -g npm@11.2.0 && npm install -g underpost && underpost secret underpost --create-from-file /etc/config/.env.development && underpost start --build --run dd-test development
-
-    
-          volumeMounts:
-            - name: config-volume-dd-test-development-green
-              mountPath: /etc/config
-    
-      volumes:
-        - name: config-volume-dd-test-development-green
-          configMap:
-            name: underpost-config
-    
-      
+              underpost secret underpost --create-from-env &&
+              underpost start --build --run dd-test development
+
+
 ---
 apiVersion: v1
 kind: Service
@@ -132,6 +171,51 @@ spec:
   selector:
     app: dd-test-development-green
   ports:
+    - name: 'tcp-4033'
+      protocol: TCP
+      port: 4033
+      targetPort: 4033
+    - name: 'udp-4033'
+      protocol: UDP
+      port: 4033
+      targetPort: 4033
+
+    - name: 'tcp-4034'
+      protocol: TCP
+      port: 4034
+      targetPort: 4034
+    - name: 'udp-4034'
+      protocol: UDP
+      port: 4034
+      targetPort: 4034
+
+    - name: 'tcp-4035'
+      protocol: TCP
+      port: 4035
+      targetPort: 4035
+    - name: 'udp-4035'
+      protocol: UDP
+      port: 4035
+      targetPort: 4035
+
+    - name: 'tcp-4036'
+      protocol: TCP
+      port: 4036
+      targetPort: 4036
+    - name: 'udp-4036'
+      protocol: UDP
+      port: 4036
+      targetPort: 4036
+
+    - name: 'tcp-4037'
+      protocol: TCP
+      port: 4037
+      targetPort: 4037
+    - name: 'udp-4037'
+      protocol: UDP
+      port: 4037
+      targetPort: 4037
+
     - name: 'tcp-4038'
       protocol: TCP
       port: 4038

package/manifests/deployment/dd-test-development/proxy.yaml

@@ -9,18 +9,63 @@ spec:
   virtualhost:
     fqdn: test.nexodev.org
   routes:
+    - conditions:
+        - prefix: /wp
+      
+      enableWebsockets: true
+      services:
+        - name: dd-test-development-blue-service
+          port: 4033
+          weight: 100
+    
     - conditions:
         - prefix: /
       
       enableWebsockets: true
       services:
         - name: dd-test-development-blue-service
-          port: 4038
+          port: 4034
           weight: 100
     
     - conditions:
         - prefix: /peer
       
+      enableWebsockets: true
+      services:
+        - name: dd-test-development-blue-service
+          port: 4035
+          weight: 100
+    
+    - conditions:
+        - prefix: /r1
+      
+      enableWebsockets: true
+      services:
+        - name: dd-test-development-blue-service
+          port: 4036
+          weight: 100
+    
+    - conditions:
+        - prefix: /r1/peer
+      
+      enableWebsockets: true
+      services:
+        - name: dd-test-development-blue-service
+          port: 4037
+          weight: 100
+    
+    - conditions:
+        - prefix: /r2
+      
+      enableWebsockets: true
+      services:
+        - name: dd-test-development-blue-service
+          port: 4038
+          weight: 100
+    
+    - conditions:
+        - prefix: /r2/peer
+      
       enableWebsockets: true
       services:
         - name: dd-test-development-blue-service

package/manifests/deployment/playwright/deployment.yaml

@@ -14,7 +14,7 @@ spec:
     spec:
       containers:
         - name: playwright
-          image: mcr.microsoft.com/playwright:v1.58.1-jammy
+          image: mcr.microsoft.com/playwright:v1.59.0-jammy
           command:
             - /bin/bash
             - -c

package/nodemon.json

@@ -2,5 +2,5 @@
   "watch": ["./src"],
   "ext": "js",
   "delay": 0,
-  "ignore": []
+  "ignore": ["src/client/public"]
 }

package/package.json

@@ -2,10 +2,10 @@
     "type": "module",
     "main": "src/index.js",
     "name": "cyberia",
-    "version": "3.1.3",
+    "version": "3.2.9",
     "description": "Cyberia Engine - Object Layer and Assets Management Microservice",
     "scripts": {
-        "start": "node --max-old-space-size=8192 src/server dd-core",
+        "start": "node --max-old-space-size=8192 src/server",
         "build": "node bin client",
         "test": "NODE_ENV=test c8 mocha",
         "dev": "NODE_ENV=development nodemon src/server",
@@ -14,9 +14,9 @@
         "dev:api": "NODE_ENV=development nodemon --watch src --ignore src/client src/api",
         "dev:client": "NODE_ENV=development node src/client.dev",
         "dev:proxy": "NODE_ENV=development node src/proxy proxy",
-        "docs": "jsdoc -c jsdoc.json",
-        "install:global": "npm install -g jsdoc && npm install -g prettier",
-        "install:test": "npm install -g mocha && npm install -g c8 && npm install -g coveralls",
+        "docs": "typedoc --options typedoc.json",
+        "install:global": "npm install -g prettier",
+        "install:test": "npm install -g mocha && npm install -g c8 && npm install -g coveralls-next",
         "install": "npm run install:global && npm run install:test",
         "prettier": "prettier --write .",
         "fix": "npm audit fix --force && npm audit",
@@ -51,44 +51,47 @@
     "dependencies": {
         "@fortawesome/fontawesome-free": "^7.2.0",
         "@fullcalendar/rrule": "^6.1.20",
+        "@grpc/grpc-js": "^1.12.5",
+        "@grpc/proto-loader": "^0.8.0",
         "@neodrag/vanilla": "^2.3.1",
-        "adm-zip": "^0.5.10",
-        "ag-grid-community": "^35.1.0",
-        "axios": "^1.13.6",
+        "adm-zip": "^0.5.17",
+        "ag-grid-community": "^35.2.1",
+        "axios": "^1.16.0",
         "chai": "^6.2.2",
-        "clean-jsdoc-theme": "^4.3.0",
         "clipboardy": "^5.3.1",
-        "cloudinary": "^2.5.1",
+        "cloudinary": "^2.10.0",
         "colors": "^1.4.0",
         "commander": "^14.0.3",
         "compression": "^1.7.4",
         "cookie-parser": "^1.4.7",
         "cors": "^2.8.6",
         "d3": "^7.9.0",
-        "dotenv": "^17.3.1",
-        "easymde": "^2.18.0",
+        "dexie": "^4.2.1",
+        "dotenv": "^17.4.2",
+        "easymde": "^2.21.0",
+        "esbuild": "^0.28.0",
         "escape-string-regexp": "^5.0.0",
         "express": "^5.2.1",
         "express-fileupload": "^1.4.3",
-        "express-rate-limit": "^8.3.1",
+        "express-rate-limit": "^8.4.1",
         "express-slow-down": "^3.1.0",
         "fast-json-stable-stringify": "^2.1.0",
         "favicons": "^7.2.0",
-        "fs-extra": "^11.3.4",
+        "fs-extra": "^11.3.5",
         "fullcalendar": "^6.1.15",
         "helmet": "^8.1.0",
         "html-minifier-terser": "^7.2.0",
-        "http-proxy-middleware": "^3.0.5",
-        "ignore-walk": "^8.0.0",
+        "http-proxy-middleware": "^4.0.0",
+        "ignore-walk": "^9.0.0",
         "iovalkey": "^0.3.3",
         "json-colorizer": "^3.0.1",
         "jsonwebtoken": "^9.0.3",
         "mariadb": "^3.2.2",
-        "marked": "^17.0.4",
+        "marked": "^18.0.3",
         "mocha": "^11.3.0",
-        "mongoose": "^9.3.0",
+        "mongoose": "^9.6.2",
         "morgan": "^1.10.0",
-        "nodemailer": "^8.0.2",
+        "nodemailer": "^8.0.7",
         "nodemon": "^3.0.1",
         "peer": "^1.0.2",
         "peerjs": "^1.5.5",
@@ -102,14 +105,22 @@
         "split-file": "^2.3.0",
         "swagger-autogen": "^2.23.7",
         "swagger-ui-express": "^5.0.0",
-        "uglify-js": "^3.17.4",
-        "validator": "^13.11.0",
-        "vanilla-jsoneditor": "^3.11.0",
+        "typedoc": "^0.28.19",
+        "typescript": "^6.0.3",
+        "validator": "^13.15.35",
+        "vanilla-jsoneditor": "^3.12.0",
         "winston": "^3.19.0",
+        "workbox-background-sync": "^7.4.1",
+        "workbox-cacheable-response": "^7.4.1",
+        "workbox-core": "^7.4.1",
+        "workbox-expiration": "^7.4.1",
+        "workbox-precaching": "^7.4.1",
+        "workbox-routing": "^7.4.1",
+        "workbox-strategies": "^7.4.1",
         "maxrects-packer": "^2.7.3",
         "pngjs": "^7.0.0",
         "jimp": "^1.6.0",
-        "sharp": "^0.32.5",
+        "sharp": "^0.34.5",
         "ethers": "~6.16.0"
     },
     "publishConfig": {
@@ -118,11 +129,15 @@
         "registry": "https://registry.npmjs.org/"
     },
     "overrides": {
+        "simple-xml-to-json": "1.2.4",
         "minimatch": "^10.2.2",
         "glob": "^11.0.0",
         "diff": ">=8.0.3",
         "js-yaml": ">=3.14.2",
         "debug": ">=4.3.6",
-        "serialize-javascript": ">=7.0.3"
+        "serialize-javascript": ">=7.0.5",
+        "router": {
+            "path-to-regexp": ">=8.4.0"
+        }
     }
 }

package/proxy.yaml

@@ -74,78 +74,6 @@ spec:
           port: 4009
           weight: 100
     
-    - conditions:
-        - prefix: /r1
-      
-      enableWebsockets: true
-      services:
-        - name: dd-cyberia-development-blue-service
-          port: 4010
-          weight: 100
-    
-    - conditions:
-        - prefix: /r1/peer
-      
-      enableWebsockets: true
-      services:
-        - name: dd-cyberia-development-blue-service
-          port: 4011
-          weight: 100
-    
-    - conditions:
-        - prefix: /r2
-      
-      enableWebsockets: true
-      services:
-        - name: dd-cyberia-development-blue-service
-          port: 4012
-          weight: 100
-    
-    - conditions:
-        - prefix: /r2/peer
-      
-      enableWebsockets: true
-      services:
-        - name: dd-cyberia-development-blue-service
-          port: 4013
-          weight: 100
-    
-    - conditions:
-        - prefix: /r3
-      
-      enableWebsockets: true
-      services:
-        - name: dd-cyberia-development-blue-service
-          port: 4014
-          weight: 100
-    
-    - conditions:
-        - prefix: /r3/peer
-      
-      enableWebsockets: true
-      services:
-        - name: dd-cyberia-development-blue-service
-          port: 4015
-          weight: 100
-    
-    - conditions:
-        - prefix: /r4
-      
-      enableWebsockets: true
-      services:
-        - name: dd-cyberia-development-blue-service
-          port: 4016
-          weight: 100
-    
-    - conditions:
-        - prefix: /r4/peer
-      
-      enableWebsockets: true
-      services:
-        - name: dd-cyberia-development-blue-service
-          port: 4017
-          weight: 100
-    
 ---
 apiVersion: projectcontour.io/v1
 kind: HTTPProxy
@@ -162,7 +90,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-cyberia-development-blue-service
-          port: 4018
+          port: 4010
           weight: 100
     
 ---
@@ -181,7 +109,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-cyberia-development-blue-service
-          port: 4019
+          port: 4011
           weight: 100
     
     - conditions:
@@ -190,7 +118,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-cyberia-development-blue-service
-          port: 4020
+          port: 4012
           weight: 100
     
 ---
@@ -209,7 +137,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-cyberia-development-blue-service
-          port: 4021
+          port: 4013
           weight: 100
     
 ---
@@ -228,7 +156,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-cyberia-development-blue-service
-          port: 4022
+          port: 4014
           weight: 100
     
     - conditions:
@@ -237,7 +165,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-cyberia-development-blue-service
-          port: 4023
+          port: 4015
           weight: 100
     
 ---
@@ -256,6 +184,6 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-cyberia-development-blue-service
-          port: 4024
+          port: 4016
           weight: 100
     

package/scripts/k3s-node-setup.sh

@@ -32,8 +32,8 @@ curl -o- https://cdn.jsdelivr.net/gh/nvm-sh/nvm@v0.40.1/install.sh | bash
 export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
 [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
 
-nvm install 24.10.0
-nvm use 24.10.0
+nvm install 24.15.0
+nvm use 24.15.0
 
 echo "
 ██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗

package/scripts/nat-iptables.sh

@@ -1,26 +1,111 @@
 #!/bin/bash
 set -euo pipefail
 
-# Disable firewalld
-sudo systemctl disable --now iptables
-sudo systemctl disable --now ufw
-sudo systemctl disable --now firewalld
+echo "[INFO] Enabling firewalld..."
+sudo systemctl enable --now firewalld
 
+echo "[INFO] Configuring kernel networking..."
 
-# Remove any existing entries, then append exactly one
-sudo sed -i '/^net.ipv4.ip_forward/d' /etc/sysctl.conf
-sudo sed -i '/^net.ipv6.conf.all.forwarding/d' /etc/sysctl.conf
-echo "net.ipv4.ip_forward = 1"               | sudo tee -a /etc/sysctl.conf
-echo "net.ipv6.conf.all.forwarding = 1"       | sudo tee -a /etc/sysctl.conf
-# ---
+sudo tee /etc/sysctl.d/99-kubernetes.conf >/dev/null <<'EOF'
+# Kubernetes networking
+net.ipv4.ip_forward = 1
+net.ipv6.conf.all.forwarding = 1
 
-sudo sysctl -p
+# Required for Kubernetes iptables
+net.bridge.bridge-nf-call-iptables = 1
+net.bridge.bridge-nf-call-ip6tables = 1
 
-# Accept all traffic
-sudo iptables -P INPUT ACCEPT
-sudo iptables -P FORWARD ACCEPT
-sudo iptables -P OUTPUT ACCEPT
+# Better conntrack handling
+net.netfilter.nf_conntrack_max = 131072
+EOF
 
-# List iptables rules and forwarding flag
-sudo iptables -L -n
-sysctl net.ipv4.ip_forward net.ipv6.conf.all.forwarding
+# Load br_netfilter immediately
+sudo modprobe br_netfilter
+
+# Apply sysctl
+sudo sysctl --system
+
+echo "[INFO] Opening common WAN/public services..."
+
+# Public services
+sudo firewall-cmd --permanent --zone=public --add-service=ssh
+sudo firewall-cmd --permanent --zone=public --add-service=http
+sudo firewall-cmd --permanent --zone=public --add-service=https
+
+echo "[INFO] Opening Kubernetes control plane ports..."
+
+# Kubernetes API Server
+sudo firewall-cmd --permanent --zone=public --add-port=6443/tcp
+
+# etcd
+sudo firewall-cmd --permanent --zone=public --add-port=2379-2380/tcp
+
+# kubelet API
+sudo firewall-cmd --permanent --zone=public --add-port=10250/tcp
+
+# kube-scheduler
+sudo firewall-cmd --permanent --zone=public --add-port=10259/tcp
+
+# kube-controller-manager
+sudo firewall-cmd --permanent --zone=public --add-port=10257/tcp
+
+echo "[INFO] Opening Kubernetes networking ports..."
+
+# CoreDNS
+sudo firewall-cmd --permanent --zone=public --add-port=53/tcp
+sudo firewall-cmd --permanent --zone=public --add-port=53/udp
+
+# NodePort Services
+sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/tcp
+sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/udp
+
+# Calico VXLAN
+sudo firewall-cmd --permanent --zone=public --add-port=4789/udp
+
+# Calico BGP
+sudo firewall-cmd --permanent --zone=public --add-port=179/tcp
+
+# Calico Typha (required for multi-node Calico deployments)
+sudo firewall-cmd --permanent --zone=public --add-port=5473/tcp
+
+# Calico WireGuard (optional encrypted overlay)
+sudo firewall-cmd --permanent --zone=public --add-port=51820/udp
+sudo firewall-cmd --permanent --zone=public --add-port=51821/udp
+
+# Flannel VXLAN (UDP, required if using Flannel CNI)
+sudo firewall-cmd --permanent --zone=public --add-port=8472/udp
+
+# kube-proxy healthz
+sudo firewall-cmd --permanent --zone=public --add-port=10256/tcp
+
+# metrics-server
+sudo firewall-cmd --permanent --zone=public --add-port=4443/tcp
+
+echo "[INFO] Configuring trusted zone for inter-node pod/service CIDRs..."
+# Allow all traffic from the default pod CIDR and service CIDR so that
+# cross-node pod-to-pod and service routing works without explicit per-port rules.
+sudo firewall-cmd --permanent --zone=trusted --add-source=192.168.0.0/16
+sudo firewall-cmd --permanent --zone=trusted --add-source=10.96.0.0/12
+
+echo "[INFO] Enabling masquerade and forwarding..."
+
+sudo firewall-cmd --permanent --zone=public --add-masquerade
+
+echo "[INFO] Reloading firewall..."
+
+sudo firewall-cmd --reload
+
+echo
+echo "[INFO] Sysctl status:"
+sudo sysctl \
+  net.ipv4.ip_forward \
+  net.ipv6.conf.all.forwarding \
+  net.bridge.bridge-nf-call-iptables \
+  net.bridge.bridge-nf-call-ip6tables
+
+echo
+echo "[INFO] Firewall status:"
+sudo firewall-cmd --zone=public --list-all
+
+echo
+echo "[INFO] Kubernetes firewall configuration completed."