underpost 2.8.65 → 2.8.71

package/src/cli/cluster.js

@@ -14,6 +14,7 @@ class UnderpostCluster {
         mongodb: false,
         mongodb4: false,
         mariadb: false,
+        postgresql: false,
         valkey: false,
         full: false,
         info: false,
@@ -24,8 +25,16 @@ class UnderpostCluster {
         nsUse: '',
         infoCapacity: false,
         infoCapacityPod: false,
+        istio: false,
+        pullImage: false,
       },
     ) {
+      // sudo dnf update
+      // 1) Install kind, kubeadm, docker, podman
+      // 2) Check kubectl, kubelet, containerd.io
+      // 3) Install Nvidia drivers from Rocky Linux docs
+      // 4) Install LXD with MAAS from Rocky Linux docs
+      // 5) Install MAAS src from snap
       const npmRoot = getNpmRootPath();
       const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
       if (options.infoCapacityPod === true) return logger.info('', UnderpostDeploy.API.resourcesFactory());
@@ -66,26 +75,55 @@ class UnderpostCluster {
         shellExec(`kubectl get secrets --all-namespaces -o wide`);
         shellExec(`docker secret ls`);
         shellExec(`kubectl get crd --all-namespaces -o wide`);
+        shellExec(`sudo kubectl api-resources`);
         return;
       }
 
-      if (!UnderpostDeploy.API.get('kube-apiserver-kind-control-plane')[0]) {
+      if (
+        (!options.istio && !UnderpostDeploy.API.get('kube-apiserver-kind-control-plane')[0]) ||
+        (options.istio === true && !UnderpostDeploy.API.get('calico-kube-controllers')[0])
+      ) {
+        shellExec(`sudo setenforce 0`);
+        shellExec(`sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config`);
+        // sudo systemctl disable kubelet
+        // shellExec(`sudo systemctl enable --now kubelet`);
         shellExec(`containerd config default > /etc/containerd/config.toml`);
         shellExec(`sed -i -e "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml`);
         // shellExec(`cp /etc/kubernetes/admin.conf ~/.kube/config`);
-        shellExec(`sudo systemctl restart kubelet`);
+        // shellExec(`sudo systemctl restart kubelet`);
         shellExec(`sudo service docker restart`);
         shellExec(`sudo systemctl enable --now containerd.service`);
-        shellExec(`sudo systemctl restart containerd`);
-        shellExec(
-          `cd ${underpostRoot}/manifests && kind create cluster --config kind-config${
-            options?.dev === true ? '-dev' : ''
-          }.yaml`,
-        );
-        shellExec(`sudo chown $(id -u):$(id -g) $HOME/.kube/config**`);
+        shellExec(`sudo swapoff -a; sudo sed -i '/swap/d' /etc/fstab`);
+        if (options.istio === true) {
+          shellExec(`sysctl net.bridge.bridge-nf-call-iptables=1`);
+          shellExec(`sudo kubeadm init --pod-network-cidr=192.168.0.0/16`);
+          shellExec(`sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config`);
+          shellExec(`sudo chown $(id -u):$(id -g) $HOME/.kube/config**`);
+          // https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart
+          shellExec(
+            `sudo kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/tigera-operator.yaml`,
+          );
+          // shellExec(
+          //   `wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml`,
+          // );
+          shellExec(`sudo kubectl apply -f ./manifests/kubeadm-calico-config.yaml`);
+          shellExec(`sudo systemctl restart containerd`);
+        } else {
+          shellExec(`sudo systemctl restart containerd`);
+          shellExec(
+            `cd ${underpostRoot}/manifests && kind create cluster --config kind-config${
+              options?.dev === true ? '-dev' : ''
+            }.yaml`,
+          );
+          shellExec(`sudo chown $(id -u):$(id -g) $HOME/.kube/config**`);
+        }
       } else logger.warn('Cluster already initialized');
 
       if (options.full === true || options.valkey === true) {
+        if (options.pullImage === true) {
+          shellExec(`docker pull valkey/valkey`);
+          shellExec(`sudo kind load docker-image valkey/valkey:latest`);
+        }
         shellExec(`kubectl delete statefulset service-valkey`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/valkey`);
       }
@@ -99,7 +137,21 @@ class UnderpostCluster {
         shellExec(`kubectl delete statefulset mariadb-statefulset`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mariadb`);
       }
+      if (options.full === true || options.postgresql === true) {
+        if (options.pullImage === true) {
+          shellExec(`docker pull postgres:latest`);
+          shellExec(`sudo kind load docker-image postgres:latest`);
+        }
+        shellExec(
+          `sudo kubectl create secret generic postgres-secret --from-file=password=/home/dd/engine/engine-private/postgresql-password`,
+        );
+        shellExec(`kubectl apply -k ./manifests/postgresql`);
+      }
       if (options.mongodb4 === true) {
+        if (options.pullImage === true) {
+          shellExec(`docker pull mongo:4.4`);
+          shellExec(`sudo kind load docker-image mongo:4.4`);
+        }
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb-4.4`);
 
         const deploymentName = 'mongodb-deployment';
@@ -171,35 +223,128 @@ class UnderpostCluster {
         shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/${letsEncName}.yaml`);
       }
     },
+    // This function performs a comprehensive reset of Kubernetes and container environments
+    // on the host machine. Its primary goal is to clean up cluster components, temporary files,
+    // and container data, ensuring a clean state for re-initialization or fresh deployments,
+    // while also preventing the loss of the host machine's internet connectivity.
+
     reset() {
+      // Step 1: Delete all existing Kind (Kubernetes in Docker) clusters.
+      // 'kind get clusters' lists all Kind clusters.
+      // 'xargs -t -n1 kind delete cluster --name' then iterates through each cluster name
+      // and executes 'kind delete cluster --name <cluster_name>' to remove them.
       shellExec(`kind get clusters | xargs -t -n1 kind delete cluster --name`);
+
+      // Step 2: Reset the Kubernetes control-plane components installed by kubeadm.
+      // 'kubeadm reset -f' performs a forceful reset, removing installed Kubernetes components,
+      // configuration files, and associated network rules (like iptables entries created by kubeadm).
+      // The '-f' flag bypasses confirmation prompts.
       shellExec(`sudo kubeadm reset -f`);
+
+      // Step 3: Remove specific CNI (Container Network Interface) configuration files.
+      // This command targets and removes the configuration file for Flannel,
+      // a common CNI plugin, which might be left behind after a reset.
       shellExec('sudo rm -f /etc/cni/net.d/10-flannel.conflist');
-      shellExec('sudo iptables -F && sudo iptables -t nat -F && sudo iptables -t mangle -F && sudo iptables -X');
+
+      // Note: The aggressive 'sudo iptables -F ...' command was intentionally removed from previous versions.
+      // This command would flush all iptables rules, including those crucial for the host's general
+      // internet connectivity, leading to network loss. 'kubeadm reset' and container runtime pruning
+      // adequately handle Kubernetes and container-specific iptables rules without affecting the host's
+      // default network configuration.
+
+      // Step 4: Remove the kubectl configuration file from the current user's home directory.
+      // This ensures that after a reset, there's no lingering configuration pointing to the old cluster,
+      // providing a clean slate for connecting to a new or re-initialized cluster.
       shellExec('sudo rm -f $HOME/.kube/config');
+
+      // Step 5: Clear trash files from the root user's trash directory.
+      // This is a general cleanup step to remove temporary or deleted files.
       shellExec('sudo rm -rf /root/.local/share/Trash/files/*');
+
+      // Step 6: Prune all unused Docker data.
+      // 'docker system prune -a -f' removes:
+      // - All stopped containers
+      // - All unused networks
+      // - All dangling images
+      // - All build cache
+      // - All unused volumes
+      // This aggressively frees up disk space and removes temporary Docker artifacts.
       shellExec('sudo docker system prune -a -f');
+
+      // Step 7: Stop the Docker daemon service.
+      // This step is often necessary to ensure that Docker's files and directories
+      // can be safely manipulated or moved in subsequent steps without conflicts.
       shellExec('sudo service docker stop');
+
+      // Step 8: Aggressively remove container storage data for containerd and Docker.
+      // These commands target the default storage locations for containerd and Docker,
+      // as well as any custom paths that might have been used (`/home/containers/storage`, `/home/docker`).
+      // This ensures a complete wipe of all container images, layers, and volumes.
       shellExec(`sudo rm -rf /var/lib/containers/storage/*`);
       shellExec(`sudo rm -rf /var/lib/docker/volumes/*`);
-      shellExec(`sudo rm -rf /var/lib/docker~/*`);
-      shellExec(`sudo rm -rf /home/containers/storage/*`);
-      shellExec(`sudo rm -rf /home/docker/*`);
-      shellExec('sudo mv /var/lib/docker /var/lib/docker~');
-      shellExec('sudo mkdir /home/docker');
-      shellExec('sudo chmod 0711 /home/docker');
-      shellExec('sudo ln -s /home/docker /var/lib/docker');
+      shellExec(`sudo rm -rf /var/lib/docker~/*`); // Cleans up a potential backup directory for Docker data
+      shellExec(`sudo rm -rf /home/containers/storage/*`); // Cleans up custom containerd/Podman storage
+      shellExec(`sudo rm -rf /home/docker/*`); // Cleans up custom Docker storage
+
+      // Step 9: Re-configure Docker's default storage location (if desired).
+      // These commands effectively move Docker's data directory from its default `/var/lib/docker`
+      // to a new location (`/home/docker`) and create a symbolic link.
+      // This is a specific customization to relocate Docker's storage.
+      shellExec('sudo mv /var/lib/docker /var/lib/docker~'); // Moves existing /var/lib/docker to /var/lib/docker~ (backup)
+      shellExec('sudo mkdir /home/docker'); // Creates the new desired directory for Docker data
+      shellExec('sudo chmod 0711 /home/docker'); // Sets appropriate permissions for the new directory
+      shellExec('sudo ln -s /home/docker /var/lib/docker'); // Creates a symlink from original path to new path
+
+      // Step 10: Prune all unused Podman data.
+      // Similar to Docker pruning, these commands remove:
+      // - All stopped containers
+      // - All unused networks
+      // - All unused images
+      // - All unused volumes ('--volumes')
+      // - The '--force' flag bypasses confirmation.
+      // '--external' prunes external content not managed by Podman's default storage backend.
       shellExec(`sudo podman system prune -a -f`);
       shellExec(`sudo podman system prune --all --volumes --force`);
       shellExec(`sudo podman system prune --external --force`);
-      shellExec(`sudo podman system prune --all --volumes --force`);
+      shellExec(`sudo podman system prune --all --volumes --force`); // Redundant but harmless repetition
+
+      // Step 11: Create and set permissions for Podman's custom storage directory.
+      // This ensures the custom path `/home/containers/storage` exists and has correct permissions
+      // before Podman attempts to use it.
       shellExec(`sudo mkdir -p /home/containers/storage`);
       shellExec('sudo chmod 0711 /home/containers/storage');
+
+      // Step 12: Update Podman's storage configuration file.
+      // This command uses 'sed' to modify `/etc/containers/storage.conf`,
+      // changing the default storage path from `/var/lib/containers/storage`
+      // to the customized `/home/containers/storage`.
       shellExec(
         `sudo sed -i -e "s@/var/lib/containers/storage@/home/containers/storage@g" /etc/containers/storage.conf`,
       );
+
+      // Step 13: Reset Podman system settings.
+      // This command resets Podman's system-wide configuration to its default state.
       shellExec(`sudo podman system reset -f`);
+
+      // Note: The 'sysctl net.bridge.bridge-nf-call-iptables=0' and related commands
+      // were previously removed. These sysctl settings (bridge-nf-call-iptables,
+      // bridge-nf-call-arptables, bridge-nf-call-ip6tables) are crucial for allowing
+      // network traffic through Linux bridges to be processed by iptables.
+      // Kubernetes and CNI plugins generally require them to be enabled (set to '1').
+      // Re-initializing Kubernetes will typically set these as needed, and leaving them
+      // at their system default (or '1' if already configured) is safer for host
+      // connectivity during a reset operation.
+
+      // https://github.com/kubernetes-sigs/kind/issues/2886
+      // shellExec(`sysctl net.bridge.bridge-nf-call-iptables=0`);
+      // shellExec(`sysctl net.bridge.bridge-nf-call-arptables=0`);
+      // shellExec(`sysctl net.bridge.bridge-nf-call-ip6tables=0`);
+
+      // Step 14: Remove the 'kind' Docker network.
+      // This cleans up any network bridges or configurations specifically created by Kind.
+      shellExec(`docker network rm kind`);
     },
+
     getResourcesCapacity() {
       const resources = {};
       const info = false

package/src/cli/deploy.js

@@ -22,11 +22,11 @@ class UnderpostDeploy {
   static NETWORK = {};
   static API = {
     sync(deployList, { versions, replicas }) {
-      const deployGroupId = 'dd.tmp';
+      const deployGroupId = 'dd.router';
       fs.writeFileSync(`./engine-private/deploy/${deployGroupId}`, deployList, 'utf8');
       const totalPods = deployList.split(',').length * versions.split(',').length * parseInt(replicas);
-      const limitFactor = 0.95;
-      const reserveFactor = 0.35;
+      const limitFactor = 0.8;
+      const reserveFactor = 0.05;
       const resources = UnderpostCluster.API.getResourcesCapacity();
       const memory = parseInt(resources.memory.value / totalPods);
       const cpu = parseInt(resources.cpu.value / totalPods);
@@ -220,6 +220,14 @@ spec:
         }
       }
     },
+    getCurrentTraffic(deployId) {
+      // kubectl get deploy,sts,svc,configmap,secret -n default -o yaml --export > default.yaml
+      const hostTest = Object.keys(
+        JSON.parse(fs.readFileSync(`./engine-private/conf/${deployId}/conf.server.json`, 'utf8')),
+      )[0];
+      const info = shellExec(`sudo kubectl get HTTPProxy/${hostTest} -o yaml`, { silent: true, stdout: true });
+      return info.match('blue') ? 'blue' : info.match('green') ? 'green' : null;
+    },
     async callback(
       deployList = 'default',
       env = 'development',
@@ -235,6 +243,9 @@ spec:
         traffic: '',
         dashboardUpdate: false,
         replicas: '',
+        disableUpdateDeployment: false,
+        infoTraffic: false,
+        rebuildClientsBundle: false,
       },
     ) {
       if (options.infoUtil === true)
@@ -242,11 +253,39 @@ spec:
 kubectl rollout restart deployment/deployment-name
 kubectl rollout undo deployment/deployment-name
 kubectl scale statefulsets <stateful-set-name> --replicas=<new-replicas>
-        `);
+kubectl get pods -w
+kubectl patch statefulset service-valkey --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value":"valkey/valkey:latest"}]'
+kubectl patch statefulset service-valkey -p '{"spec":{"template":{"spec":{"containers":[{"name":"service-valkey","imagePullPolicy":"Never"}]}}}}'
+kubectl logs -f <pod-name>
+kubectl describe pod <pod-name>
+kubectl exec -it <pod-name> -- bash
+kubectl exec -it <pod-name> -- sh
+docker exec -it kind-control-plane bash
+curl -4 -v google.com
+kubectl taint nodes <node-name> node-role.kubernetes.io/control-plane:NoSchedule-
+kubectl run test-pod --image=busybox:latest --restart=Never -- /bin/sh -c "while true; do sleep 30; done;"
+kubectl run test-pod --image=alpine/curl:latest --restart=Never -- sh -c "sleep infinity"
+kubectl get ippools -o yaml
+kubectl get node <node-name> -o jsonpath='{.spec.podCIDR}'
+kubectl patch ippool default-ipv4-ippool --type='json' -p='[{"op": "replace", "path": "/spec/cidr", "value": "10.244.0.0/16"}]'
+kubectl patch ippool default-ipv4-ippool --type='json' -p='[{"op": "replace", "path": "/spec/cidr", "value": "192.168.0.0/24"}]'
+`);
       if (deployList === 'dd' && fs.existsSync(`./engine-private/deploy/dd.router`))
         deployList = fs.readFileSync(`./engine-private/deploy/dd.router`, 'utf8');
+      if (options.infoTraffic === true) {
+        for (const _deployId of deployList.split(',')) {
+          const deployId = _deployId.trim();
+          logger.info('', {
+            deployId,
+            env,
+            traffic: UnderpostDeploy.API.getCurrentTraffic(deployId),
+          });
+        }
+        return;
+      }
+      if (options.rebuildClientsBundle === true) await UnderpostDeploy.API.rebuildClientsBundle(deployList);
       if (!(options.versions && typeof options.versions === 'string')) options.versions = 'blue,green';
-      if (!options.replicas) options.replicas = 2;
+      if (!options.replicas) options.replicas = 1;
       if (options.sync) UnderpostDeploy.API.sync(deployList, options);
       if (options.buildManifest === true) await UnderpostDeploy.API.buildManifest(deployList, env, options);
       if (options.infoRouter === true) logger.info('router', await UnderpostDeploy.API.routerFactory(deployList, env));
@@ -275,8 +314,12 @@ kubectl scale statefulsets <stateful-set-name> --replicas=<new-replicas>
           shellExec(`sudo kubectl port-forward -n default svc/${svc.NAME} ${port}:${port}`, { async: true });
           continue;
         }
-        shellExec(`sudo kubectl delete svc ${deployId}-${env}-service`);
-        shellExec(`sudo kubectl delete deployment ${deployId}-${env}`);
+
+        if (!options.disableUpdateDeployment)
+          for (const version of options.versions.split(',')) {
+            shellExec(`sudo kubectl delete svc ${deployId}-${env}-${version}-service`);
+            shellExec(`sudo kubectl delete deployment ${deployId}-${env}-${version}`);
+          }
 
         const confServer = JSON.parse(fs.readFileSync(`./engine-private/conf/${deployId}/conf.server.json`, 'utf8'));
         for (const host of Object.keys(confServer)) {
@@ -291,7 +334,7 @@ kubectl scale statefulsets <stateful-set-name> --replicas=<new-replicas>
             : `manifests/deployment/${deployId}-${env}`;
 
         if (!options.remove === true) {
-          shellExec(`sudo kubectl apply -f ./${manifestsPath}/deployment.yaml`);
+          if (!options.disableUpdateDeployment) shellExec(`sudo kubectl apply -f ./${manifestsPath}/deployment.yaml`);
           shellExec(`sudo kubectl apply -f ./${manifestsPath}/proxy.yaml`);
           if (env === 'production' && options.cert === true)
             shellExec(`sudo kubectl apply -f ./${manifestsPath}/secret.yaml`);
@@ -354,6 +397,23 @@ kubectl scale statefulsets <stateful-set-name> --replicas=<new-replicas>
 
       return result;
     },
+    rebuildClientsBundle(deployList) {
+      for (const _deployId of deployList.split(',')) {
+        const deployId = _deployId.trim();
+        const repoName = `engine-${deployId.split('-')[1]}`;
+
+        shellExec(`underpost script set ${deployId}-client-build '
+cd /home/dd/engine &&
+git checkout . &&
+underpost pull . underpostnet/${repoName} &&
+underpost pull ./engine-private underpostnet/${repoName}-private &&
+underpost env ${deployId} production &&
+node bin/deploy build-full-client ${deployId}
+'`);
+
+        shellExec(`node bin script run ${deployId}-client-build --itc --pod-name ${deployId}`);
+      }
+    },
     resourcesFactory() {
       return {
         requests: {

package/src/cli/fs.js

@@ -24,7 +24,7 @@ class UnderpostFileStorage {
     getStorageConf(options) {
       let storage, storageConf;
       if (options.deployId && typeof options.deployId === 'string') {
-        storageConf = `./engine-private/conf/${options.deployId}/storage.json`;
+        storageConf = options.storageFilePath ?? `./engine-private/conf/${options.deployId}/storage.json`;
         if (!fs.existsSync(storageConf)) fs.writeFileSync(storageConf, JSON.stringify({}), 'utf8');
         storage = JSON.parse(fs.readFileSync(storageConf, 'utf8'));
       }
@@ -35,7 +35,15 @@ class UnderpostFileStorage {
     },
     async recursiveCallback(
       path,
-      options = { rm: false, recursive: false, deployId: '', force: false, pull: false, git: false },
+      options = {
+        rm: false,
+        recursive: false,
+        deployId: '',
+        force: false,
+        pull: false,
+        git: false,
+        storageFilePath: '',
+      },
     ) {
       const { storage, storageConf } = UnderpostFileStorage.API.getStorageConf(options);
       const deleteFiles = options.pull === true ? [] : UnderpostRepository.API.getDeleteFiles(path);
@@ -85,7 +93,10 @@ class UnderpostFileStorage {
       if (options.rm === true) return await UnderpostFileStorage.API.delete(path, options);
       return await UnderpostFileStorage.API.upload(path, options);
     },
-    async upload(path, options = { rm: false, recursive: false, deployId: '', force: false, pull: false }) {
+    async upload(
+      path,
+      options = { rm: false, recursive: false, deployId: '', force: false, pull: false, storageFilePath: '' },
+    ) {
       UnderpostFileStorage.API.cloudinaryConfig();
       const { storage, storageConf } = UnderpostFileStorage.API.getStorageConf(options);
       // path = UnderpostFileStorage.API.file2Zip(path);

package/src/cli/image.js

@@ -54,7 +54,7 @@ class UnderpostImage {
           shellExec(
             `cd ${path}${secretsInput}&& sudo podman build -f ./${
               dockerfileName && typeof dockerfileName === 'string' ? dockerfileName : 'Dockerfile'
-            } -t ${imageName} --pull=never --cap-add=CAP_AUDIT_WRITE${cache}${secretDockerInput}`,
+            } -t ${imageName} --pull=never --cap-add=CAP_AUDIT_WRITE${cache}${secretDockerInput} --network host`,
           );
 
         if (podmanSave === true) shellExec(`podman save -o ${tarFile} ${podManImg}`);