underpost 2.8.67 → 2.8.71

package/README.md

@@ -68,7 +68,7 @@ Run dev client server
 npm run dev
 ```
 <!-- -->
-## underpost ci/cd cli v2.8.67
+## underpost ci/cd cli v2.8.71
 
 ### Usage: `underpost [options] [command]`
   ```

package/bin/deploy.js

@@ -1197,6 +1197,17 @@ EOF`);
       break;
     }
 
+    case 'pg-stop': {
+      shellExec(`sudo systemctl stop postgresql-14`);
+      shellExec(`sudo systemctl disable postgresql-14`);
+      break;
+    }
+    case 'pg-start': {
+      shellExec(`sudo systemctl enable postgresql-14`);
+      shellExec(`sudo systemctl restart postgresql-14`);
+      break;
+    }
+
     case 'pg-list-db': {
       shellExec(`sudo -i -u postgres psql -c "\\l"`);
       break;
@@ -1213,6 +1224,11 @@ EOF`);
       break;
     }
 
+    case 'maas-stop': {
+      shellExec(`sudo snap stop maas`);
+      break;
+    }
+
     case 'maas': {
       dotenv.config({ path: `${getUnderpostRootPath()}/.env`, override: true });
       const IP_ADDRESS = getLocalIPv4Address();
@@ -1415,6 +1431,8 @@ EOF`);
       // Check firewall-cmd
       // firewall-cmd --permanent --add-service=rpc-bind
       // firewall-cmd --reload
+      // systemctl disable firewalld
+      // sudo firewall-cmd --permanent --add-port=10259/tcp --zone=public
 
       // Image extension transform (.img.xz to .tar.gz):
       // tar -cvzf image-name.tar.gz image-name.img.xz
@@ -2122,8 +2140,160 @@ EOF`);
       break;
     }
 
-    default:
+    case 'fastapi-models': {
+      shellExec(`chmod +x ../full-stack-fastapi-template/backend/initial_data.sh`);
+      shellExec(`../full-stack-fastapi-template/backend/initial_data.sh`);
+      shellExec(`../full-stack-fastapi-template/backend/initial_data.sh`);
       break;
+    }
+
+    case 'fastapi': {
+      // node bin/deploy fastapi reset
+      // node bin/deploy fastapi reset build-back build-front secret run-back run-front
+      // https://github.com/NonsoEchendu/full-stack-fastapi-project
+      // https://github.com/fastapi/full-stack-fastapi-template
+      const path = `../full-stack-fastapi-template`;
+      const VITE_API_URL = `http://localhost:8000`;
+
+      if (process.argv.includes('reset')) shellExec(`sudo rm -rf ${path}`);
+
+      if (!fs.existsSync(path))
+        shellExec(`cd .. && git clone https://github.com/fastapi/full-stack-fastapi-template.git`);
+
+      shellExec(`cd ${path} && git checkout . && git clean -f -d`);
+      const password = fs.readFileSync(`/home/dd/engine/engine-private/postgresql-password`, 'utf8');
+
+      fs.writeFileSync(
+        `${path}/.env`,
+        fs
+          .readFileSync(`${path}/.env`, 'utf8')
+          .replace(`FIRST_SUPERUSER=admin@example.com`, `FIRST_SUPERUSER=development@underpost.net`)
+          .replace(`FIRST_SUPERUSER_PASSWORD=changethis`, `FIRST_SUPERUSER_PASSWORD=${password}`)
+          .replace(`SECRET_KEY=changethis`, `SECRET_KEY=${password}`)
+          .replace(`POSTGRES_DB=app`, `POSTGRES_DB=postgresdb`)
+          .replace(`POSTGRES_USER=postgres`, `POSTGRES_USER=admin`)
+          .replace(`POSTGRES_PASSWORD=changethis`, `POSTGRES_PASSWORD=${password}`),
+        'utf8',
+      );
+      fs.writeFileSync(
+        `${path}/backend/app/core/db.py`,
+        fs
+          .readFileSync(`${path}/backend/app/core/db.py`, 'utf8')
+          .replace(`    # from sqlmodel import SQLModel`, `    from sqlmodel import SQLModel`)
+          .replace(`   # SQLModel.metadata.create_all(engine)`, `   SQLModel.metadata.create_all(engine)`),
+
+        'utf8',
+      );
+
+      fs.copySync(`./manifests/deployment/fastapi/initial_data.sh`, `${path}/backend/initial_data.sh`);
+
+      fs.writeFileSync(
+        `${path}/frontend/Dockerfile`,
+        fs
+          .readFileSync(`${path}/frontend/Dockerfile`, 'utf8')
+          .replace('ARG VITE_API_URL=${VITE_API_URL}', `ARG VITE_API_URL='${VITE_API_URL}'`),
+        'utf8',
+      );
+
+      fs.writeFileSync(
+        `${path}/frontend/.env`,
+        fs
+          .readFileSync(`${path}/frontend/.env`, 'utf8')
+          .replace(`VITE_API_URL=http://localhost:8000`, `VITE_API_URL=${VITE_API_URL}`)
+          .replace(`MAILCATCHER_HOST=http://localhost:1080`, `MAILCATCHER_HOST=http://localhost:1081`),
+
+        'utf8',
+      );
+
+      if (process.argv.includes('models')) {
+        shellExec(`node bin/deploy fastapi-models`);
+        break;
+      }
+
+      if (process.argv.includes('build-back')) {
+        const imageName = `fastapi-backend:latest`;
+        shellExec(`sudo podman pull docker.io/library/python:3.10`);
+        shellExec(`sudo podman pull ghcr.io/astral-sh/uv:0.5.11`);
+        shellExec(`sudo rm -rf ${path}/${imageName.replace(':', '_')}.tar`);
+        const args = [
+          `node bin dockerfile-image-build --path ${path}/backend/`,
+          `--image-name=${imageName} --image-path=${path}`,
+          `--podman-save --kind-load --no-cache`,
+        ];
+        shellExec(args.join(' '));
+      }
+      if (process.argv.includes('build-front')) {
+        const imageName = `fastapi-frontend:latest`;
+        shellExec(`sudo podman pull docker.io/library/node:20`);
+        shellExec(`sudo podman pull docker.io/library/nginx:1`);
+        shellExec(`sudo rm -rf ${path}/${imageName.replace(':', '_')}.tar`);
+        const args = [
+          `node bin dockerfile-image-build --path ${path}/frontend/`,
+          `--image-name=${imageName} --image-path=${path}`,
+          `--podman-save --kind-load --no-cache`,
+        ];
+        shellExec(args.join(' '));
+      }
+      if (process.argv.includes('secret')) {
+        {
+          const secretSelector = `fastapi-postgres-credentials`;
+          shellExec(`sudo kubectl delete secret ${secretSelector}`);
+          shellExec(
+            `sudo kubectl create secret generic ${secretSelector}` +
+              ` --from-literal=POSTGRES_DB=postgresdb` +
+              ` --from-literal=POSTGRES_USER=admin` +
+              ` --from-file=POSTGRES_PASSWORD=/home/dd/engine/engine-private/postgresql-password`,
+          );
+        }
+        {
+          const secretSelector = `fastapi-backend-config-secret`;
+          shellExec(`sudo kubectl delete secret ${secretSelector}`);
+          shellExec(
+            `sudo kubectl create secret generic ${secretSelector}` +
+              ` --from-file=SECRET_KEY=/home/dd/engine/engine-private/postgresql-password` +
+              ` --from-literal=FIRST_SUPERUSER=development@underpost.net` +
+              ` --from-file=FIRST_SUPERUSER_PASSWORD=/home/dd/engine/engine-private/postgresql-password`,
+          );
+        }
+      }
+      if (process.argv.includes('run-back')) {
+        shellExec(`sudo kubectl apply -f ./manifests/deployment/fastapi/backend-deployment.yml`);
+        shellExec(`sudo kubectl apply -f ./manifests/deployment/fastapi/backend-service.yml`);
+      }
+      if (process.argv.includes('run-front')) {
+        shellExec(`sudo kubectl apply -f ./manifests/deployment/fastapi/frontend-deployment.yml`);
+        shellExec(`sudo kubectl apply -f ./manifests/deployment/fastapi/frontend-service.yml`);
+      }
+      break;
+    }
+
+    case 'conda': {
+      shellExec(
+        `export PATH="/root/miniconda3/bin:$PATH" && conda init && conda config --set auto_activate_base false`,
+      );
+      shellExec(`conda env list`);
+      break;
+    }
+
+    case 'kafka': {
+      // https://medium.com/@martin.hodges/deploying-kafka-on-a-kind-kubernetes-cluster-for-development-and-testing-purposes-ed7adefe03cb
+      const imageName = `doughgle/kafka-kraft`;
+      shellExec(`docker pull ${imageName}`);
+      shellExec(`kind load docker-image ${imageName}`);
+      shellExec(`kubectl create namespace kafka`);
+      shellExec(`kubectl apply -f ./manifests/deployment/kafka/deployment.yaml`);
+      // kubectl logs kafka-0 -n kafka | grep STARTED
+      // kubectl logs kafka-1 -n kafka | grep STARTED
+      // kubectl logs kafka-2 -n kafka | grep STARTED
+
+      // kafka-topics.sh --create --topic my-topic --bootstrap-server kafka-svc:9092
+      // kafka-topics.sh --list --topic my-topic --bootstrap-server kafka-svc:9092
+      // kafka-topics.sh --delete --topic my-topic --bootstrap-server kafka-svc:9092
+
+      // kafka-console-producer.sh --bootstrap-server kafka-svc:9092 --topic my-topic
+      // kafka-console-consumer.sh --bootstrap-server kafka-svc:9092 --topic my-topic
+      break;
+    }
   }
 } catch (error) {
   logger.error(error, error.stack);

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.8.67
+## underpost ci/cd cli v2.8.71
 
 ### Usage: `underpost [options] [command]`
   ```

package/docker-compose.yml

@@ -58,7 +58,7 @@ services:
           cpus: '0.25'
           memory: 20M
     labels: # labels in Compose file instead of Dockerfile
-      engine.version: '2.8.67'
+      engine.version: '2.8.71'
     networks:
       - load-balancer
 

package/manifests/deployment/fastapi/backend-deployment.yml

@@ -0,0 +1,120 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fastapi-backend
+  labels:
+    app: fastapi-backend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: fastapi-backend
+  template:
+    metadata:
+      labels:
+        app: fastapi-backend
+    spec:
+      containers:
+        - name: fastapi-backend-container
+          image: localhost/fastapi-backend:latest
+          imagePullPolicy: IfNotPresent
+
+          ports:
+            - containerPort: 8000
+              name: http-api
+
+          env:
+            - name: POSTGRES_SERVER
+              value: postgres-service
+            - name: POSTGRES_PORT
+              value: '5432'
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-postgres-credentials
+                  key: POSTGRES_DB
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-postgres-credentials
+                  key: POSTGRES_USER
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-postgres-credentials
+                  key: POSTGRES_PASSWORD
+
+            - name: PROJECT_NAME
+              value: 'Full Stack FastAPI Project'
+            - name: STACK_NAME
+              value: 'full-stack-fastapi-project'
+
+            - name: BACKEND_CORS_ORIGINS
+              value: 'http://localhost,http://localhost:5173,https://localhost,https://localhost:5173'
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-backend-config-secret
+                  key: SECRET_KEY
+            - name: FIRST_SUPERUSER
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-backend-config-secret
+                  key: FIRST_SUPERUSER
+            - name: FIRST_SUPERUSER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-backend-config-secret
+                  key: FIRST_SUPERUSER_PASSWORD
+            - name: USERS_OPEN_REGISTRATION
+              value: 'True'
+
+            # - name: SMTP_HOST
+            #   valueFrom:
+            #     secretKeyRef:
+            #       name: fastapi-backend-config-secret
+            #       key: SMTP_HOST
+            # - name: SMTP_USER
+            #   valueFrom:
+            #     secretKeyRef:
+            #       name: fastapi-backend-config-secret
+            #       key: SMTP_USER
+            # - name: SMTP_PASSWORD
+            #   valueFrom:
+            #     secretKeyRef:
+            #       name: fastapi-backend-config-secret
+            #       key: SMTP_PASSWORD
+            - name: EMAILS_FROM_EMAIL
+              value: 'info@example.com'
+            - name: SMTP_TLS
+              value: 'True'
+            - name: SMTP_SSL
+              value: 'False'
+            - name: SMTP_PORT
+              value: '587'
+
+          livenessProbe:
+            httpGet:
+              path: /docs
+              port: 8000
+            initialDelaySeconds: 30
+            periodSeconds: 20
+            timeoutSeconds: 10
+            failureThreshold: 3
+
+          readinessProbe:
+            httpGet:
+              path: /docs
+              port: 8000
+            initialDelaySeconds: 30
+            periodSeconds: 20
+            timeoutSeconds: 10
+            failureThreshold: 3
+
+          resources:
+            requests:
+              cpu: 200m
+              memory: 256Mi
+            limits:
+              cpu: 1000m
+              memory: 1Gi

package/manifests/deployment/fastapi/backend-service.yml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: fastapi-backend-service
+  labels:
+    app: fastapi-backend
+spec:
+  selector:
+    app: fastapi-backend
+  ports:
+    - name: 'tcp-8000'
+      protocol: TCP
+      port: 8000
+      targetPort: 8000
+    - name: 'udp-8000'
+      protocol: UDP
+      port: 8000
+      targetPort: 8000
+  type: ClusterIP

package/manifests/deployment/fastapi/frontend-deployment.yml

@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: react-frontend
+  labels:
+    app: react-frontend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: react-frontend
+  template:
+    metadata:
+      labels:
+        app: react-frontend
+    spec:
+      containers:
+        - name: react-frontend-container
+          image: localhost/fastapi-frontend:latest
+          imagePullPolicy: IfNotPresent
+
+          ports:
+            - containerPort: 80
+              name: http-web
+
+          env:
+            - name: VITE_FASTAPI_URL
+              value: '/api'
+
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 80
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 3
+            failureThreshold: 3
+
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 80
+            initialDelaySeconds: 3
+            periodSeconds: 5
+            timeoutSeconds: 3
+            failureThreshold: 3
+
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi

package/manifests/deployment/fastapi/frontend-service.yml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: react-frontend-service
+  labels:
+    app: react-frontend
+spec:
+  selector:
+    app: react-frontend
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+      name: http-web
+  type: ClusterIP

package/manifests/deployment/fastapi/initial_data.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# IMPORTANT: For non-interactive scripts, 'conda activate' can be problematic
+# because it relies on the shell's initialization.
+# A more robust and recommended way to run commands within a Conda environment
+# from a script is to use 'conda run'. This command directly executes a process
+# in the specified environment without needing to manually source 'conda.sh'.
+
+# Navigate to the application's root directory for module discovery.
+# This is crucial for Python to correctly find your 'app' module using 'python -m'.
+#
+# Let's assume a common project structure:
+# full-stack-fastapi-template/
+# ├── backend/
+# │   ├── app/
+# │   │   └── initial_data.py  (the Python script you want to run)
+# │   └── initial_data.sh      (this shell script)
+# └── ...
+#
+# If `initial_data.sh` is located in `full-stack-fastapi-template/backend/`,
+# and `app` is a subdirectory of `backend/`, then the Python command
+# `python -m app.initial_data` needs to be executed from the `backend/` directory.
+#
+# If you are running this shell script from a different directory (e.g., `engine/`),
+# Python's module import system won't automatically find 'app' unless the parent
+# directory of 'app' is in the `PYTHONPATH` or you change the current working directory.
+#
+# The safest way is to change the current working directory to the script's location.
+
+# Store the current directory to return to it later if needed (good practice for multi-step scripts).
+CURRENT_DIR=$(pwd)
+
+# Get the absolute path of the directory where this script is located.
+# This is a robust way to ensure we always navigate to the correct 'backend' directory.
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
+cd "$SCRIPT_DIR"
+
+# Execute your Python script within the specified Conda environment using 'conda run'.
+# -n fastapi_env specifies the Conda environment to use.
+# This completely avoids the 'source conda.sh' issue and is generally more reliable.
+conda run -n fastapi_env python -m app.initial_data
+
+# Important Note: The 'ModuleNotFoundError: No module named 'sqlmodel'' indicates that
+# the 'sqlmodel' package is not installed in your 'fastapi_env' Conda environment.
+# After running this script, if you still get the 'sqlmodel' error,
+# you will need to activate your environment manually and install it:
+#
+# conda activate fastapi_env
+# pip install sqlmodel
+# # or if it's a conda package:
+# # conda install sqlmodel
+#
+# Then try running this script again.
+
+# Optional Good Practice: Return to the original directory if the script is part of a larger workflow.
+cd "$CURRENT_DIR"

package/manifests/deployment/kafka/deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: kafka
+  namespace: kafka
+  labels:
+    app: kafka-app
+spec:
+  serviceName: kafka-svc
+  replicas: 3
+  selector:
+    matchLabels:
+      app: kafka-app
+  template:
+    metadata:
+      labels:
+        app: kafka-app
+    spec:
+      containers:
+        - name: kafka-container
+          image: doughgle/kafka-kraft
+          ports:
+            - containerPort: 9092
+            - containerPort: 9093
+          env:
+            - name: REPLICAS
+              value: '3'
+            - name: SERVICE
+              value: kafka-svc
+            - name: NAMESPACE
+              value: kafka
+            - name: SHARE_DIR
+              value: /mnt/kafka
+            - name: CLUSTER_ID
+              value: bXktY2x1c3Rlci0xMjM0NQ==
+            - name: DEFAULT_REPLICATION_FACTOR
+              value: '3'
+            - name: DEFAULT_MIN_INSYNC_REPLICAS
+              value: '2'
+          volumeMounts:
+            - name: data
+              mountPath: /mnt/kafka
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes:
+          - 'ReadWriteOnce'
+        resources:
+          requests:
+            storage: '1Gi'
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kafka-svc
+  namespace: kafka
+  labels:
+    app: kafka-app
+spec:
+  type: NodePort
+  ports:
+    - name: '9092'
+      port: 9092
+      protocol: TCP
+      targetPort: 9092
+      nodePort: 30092
+  selector:
+    app: kafka-app

package/manifests/kubeadm-calico-config.yaml

@@ -0,0 +1,119 @@
+# This consolidated YAML file contains configurations for:
+# 1. Calico Installation (Installation and APIServer resources)
+# 2. A permissive Egress NetworkPolicy for the 'default' namespace
+#
+# These are standard Kubernetes resources that can be applied directly using 'kubectl apply'.
+# The kubeadm-specific ClusterConfiguration and InitConfiguration have been removed
+# as they are only processed by the 'kubeadm init' command, not 'kubectl apply'.
+
+# --- Calico Installation: Base configuration for Calico ---
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  # Configures Calico networking.
+  calicoNetwork:
+    # Note: The ipPools section cannot be modified post-install.
+    ipPools:
+      - blockSize: 26
+        cidr: 192.168.0.0/16
+        encapsulation: VXLANCrossSubnet
+        natOutgoing: Enabled
+        nodeSelector: all()
+
+---
+# This section configures the Calico API server.
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
+apiVersion: operator.tigera.io/v1
+kind: APIServer
+metadata:
+  name: default
+spec: {}
+
+---
+# This consolidated NetworkPolicy file ensures that all pods in the specified namespaces
+# have unrestricted egress (outbound) access.
+# This is useful for troubleshooting or for environments where strict egress control
+# is not immediately required for these system/default namespaces.
+
+---
+# Policy for the 'default' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-default-namespace
+  namespace: default # This policy applies to the 'default' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-system' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-system-namespace
+  namespace: kube-system # This policy applies to the 'kube-system' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-node-lease' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-node-lease-namespace
+  namespace: kube-node-lease # This policy applies to the 'kube-node-lease' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-public' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-public-namespace
+  namespace: kube-public # This policy applies to the 'kube-public' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'tigera-operator' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-tigera-operator-namespace
+  namespace: tigera-operator # This policy applies to the 'tigera-operator' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address

package/manifests/postgresql/statefulset.yaml

@@ -4,7 +4,7 @@ metadata:
   name: postgres
 spec:
   serviceName: postgres
-  replicas: 3
+  replicas: 1
   selector:
     matchLabels:
       app: postgres

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.67",
+    "version": "2.8.71",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/cli/cluster.js

@@ -29,6 +29,7 @@ class UnderpostCluster {
         pullImage: false,
       },
     ) {
+      // sudo dnf update
       // 1) Install kind, kubeadm, docker, podman
       // 2) Check kubectl, kubelet, containerd.io
       // 3) Install Nvidia drivers from Rocky Linux docs
@@ -105,7 +106,7 @@ class UnderpostCluster {
           // shellExec(
           //   `wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml`,
           // );
-          shellExec(`sudo kubectl apply -f ./manifests/calico-custom-resources.yaml`);
+          shellExec(`sudo kubectl apply -f ./manifests/kubeadm-calico-config.yaml`);
           shellExec(`sudo systemctl restart containerd`);
         } else {
           shellExec(`sudo systemctl restart containerd`);
@@ -120,14 +121,7 @@ class UnderpostCluster {
 
       if (options.full === true || options.valkey === true) {
         if (options.pullImage === true) {
-          // kubectl patch statefulset service-valkey --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value":"valkey/valkey:latest"}]'
-          // kubectl patch statefulset service-valkey -p '{"spec":{"template":{"spec":{"containers":[{"name":"service-valkey","imagePullPolicy":"Never"}]}}}}'
           shellExec(`docker pull valkey/valkey`);
-          // shellExec(`sudo kind load docker-image valkey/valkey`);
-          // shellExec(`sudo podman pull docker.io/valkey/valkey:latest`);
-          // shellExec(`podman save -o valkey.tar valkey/valkey`);
-          // shellExec(`sudo kind load image-archive valkey.tar`);
-          // shellExec(`sudo rm -rf ./valkey.tar`);
           shellExec(`sudo kind load docker-image valkey/valkey:latest`);
         }
         shellExec(`kubectl delete statefulset service-valkey`);
@@ -144,6 +138,10 @@ class UnderpostCluster {
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mariadb`);
       }
       if (options.full === true || options.postgresql === true) {
+        if (options.pullImage === true) {
+          shellExec(`docker pull postgres:latest`);
+          shellExec(`sudo kind load docker-image postgres:latest`);
+        }
         shellExec(
           `sudo kubectl create secret generic postgres-secret --from-file=password=/home/dd/engine/engine-private/postgresql-password`,
         );
@@ -225,43 +223,131 @@ class UnderpostCluster {
         shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/${letsEncName}.yaml`);
       }
     },
+    // This function performs a comprehensive reset of Kubernetes and container environments
+    // on the host machine. Its primary goal is to clean up cluster components, temporary files,
+    // and container data, ensuring a clean state for re-initialization or fresh deployments,
+    // while also preventing the loss of the host machine's internet connectivity.
+
     reset() {
+      // Step 1: Delete all existing Kind (Kubernetes in Docker) clusters.
+      // 'kind get clusters' lists all Kind clusters.
+      // 'xargs -t -n1 kind delete cluster --name' then iterates through each cluster name
+      // and executes 'kind delete cluster --name <cluster_name>' to remove them.
       shellExec(`kind get clusters | xargs -t -n1 kind delete cluster --name`);
+
+      // Step 2: Reset the Kubernetes control-plane components installed by kubeadm.
+      // 'kubeadm reset -f' performs a forceful reset, removing installed Kubernetes components,
+      // configuration files, and associated network rules (like iptables entries created by kubeadm).
+      // The '-f' flag bypasses confirmation prompts.
       shellExec(`sudo kubeadm reset -f`);
+
+      // Step 3: Remove specific CNI (Container Network Interface) configuration files.
+      // This command targets and removes the configuration file for Flannel,
+      // a common CNI plugin, which might be left behind after a reset.
       shellExec('sudo rm -f /etc/cni/net.d/10-flannel.conflist');
-      shellExec('sudo iptables -F && sudo iptables -t nat -F && sudo iptables -t mangle -F && sudo iptables -X');
+
+      // Note: The aggressive 'sudo iptables -F ...' command was intentionally removed from previous versions.
+      // This command would flush all iptables rules, including those crucial for the host's general
+      // internet connectivity, leading to network loss. 'kubeadm reset' and container runtime pruning
+      // adequately handle Kubernetes and container-specific iptables rules without affecting the host's
+      // default network configuration.
+
+      // Step 4: Remove the kubectl configuration file from the current user's home directory.
+      // This ensures that after a reset, there's no lingering configuration pointing to the old cluster,
+      // providing a clean slate for connecting to a new or re-initialized cluster.
       shellExec('sudo rm -f $HOME/.kube/config');
+
+      // Step 5: Clear trash files from the root user's trash directory.
+      // This is a general cleanup step to remove temporary or deleted files.
       shellExec('sudo rm -rf /root/.local/share/Trash/files/*');
+
+      // Step 6: Prune all unused Docker data.
+      // 'docker system prune -a -f' removes:
+      // - All stopped containers
+      // - All unused networks
+      // - All dangling images
+      // - All build cache
+      // - All unused volumes
+      // This aggressively frees up disk space and removes temporary Docker artifacts.
       shellExec('sudo docker system prune -a -f');
+
+      // Step 7: Stop the Docker daemon service.
+      // This step is often necessary to ensure that Docker's files and directories
+      // can be safely manipulated or moved in subsequent steps without conflicts.
       shellExec('sudo service docker stop');
+
+      // Step 8: Aggressively remove container storage data for containerd and Docker.
+      // These commands target the default storage locations for containerd and Docker,
+      // as well as any custom paths that might have been used (`/home/containers/storage`, `/home/docker`).
+      // This ensures a complete wipe of all container images, layers, and volumes.
       shellExec(`sudo rm -rf /var/lib/containers/storage/*`);
       shellExec(`sudo rm -rf /var/lib/docker/volumes/*`);
-      shellExec(`sudo rm -rf /var/lib/docker~/*`);
-      shellExec(`sudo rm -rf /home/containers/storage/*`);
-      shellExec(`sudo rm -rf /home/docker/*`);
-      shellExec('sudo mv /var/lib/docker /var/lib/docker~');
-      shellExec('sudo mkdir /home/docker');
-      shellExec('sudo chmod 0711 /home/docker');
-      shellExec('sudo ln -s /home/docker /var/lib/docker');
+      shellExec(`sudo rm -rf /var/lib/docker~/*`); // Cleans up a potential backup directory for Docker data
+      shellExec(`sudo rm -rf /home/containers/storage/*`); // Cleans up custom containerd/Podman storage
+      shellExec(`sudo rm -rf /home/docker/*`); // Cleans up custom Docker storage
+
+      // Step 9: Re-configure Docker's default storage location (if desired).
+      // These commands effectively move Docker's data directory from its default `/var/lib/docker`
+      // to a new location (`/home/docker`) and create a symbolic link.
+      // This is a specific customization to relocate Docker's storage.
+      shellExec('sudo mv /var/lib/docker /var/lib/docker~'); // Moves existing /var/lib/docker to /var/lib/docker~ (backup)
+      shellExec('sudo mkdir /home/docker'); // Creates the new desired directory for Docker data
+      shellExec('sudo chmod 0711 /home/docker'); // Sets appropriate permissions for the new directory
+      shellExec('sudo ln -s /home/docker /var/lib/docker'); // Creates a symlink from original path to new path
+
+      // Step 10: Prune all unused Podman data.
+      // Similar to Docker pruning, these commands remove:
+      // - All stopped containers
+      // - All unused networks
+      // - All unused images
+      // - All unused volumes ('--volumes')
+      // - The '--force' flag bypasses confirmation.
+      // '--external' prunes external content not managed by Podman's default storage backend.
       shellExec(`sudo podman system prune -a -f`);
       shellExec(`sudo podman system prune --all --volumes --force`);
       shellExec(`sudo podman system prune --external --force`);
-      shellExec(`sudo podman system prune --all --volumes --force`);
+      shellExec(`sudo podman system prune --all --volumes --force`); // Redundant but harmless repetition
+
+      // Step 11: Create and set permissions for Podman's custom storage directory.
+      // This ensures the custom path `/home/containers/storage` exists and has correct permissions
+      // before Podman attempts to use it.
       shellExec(`sudo mkdir -p /home/containers/storage`);
       shellExec('sudo chmod 0711 /home/containers/storage');
+
+      // Step 12: Update Podman's storage configuration file.
+      // This command uses 'sed' to modify `/etc/containers/storage.conf`,
+      // changing the default storage path from `/var/lib/containers/storage`
+      // to the customized `/home/containers/storage`.
       shellExec(
         `sudo sed -i -e "s@/var/lib/containers/storage@/home/containers/storage@g" /etc/containers/storage.conf`,
       );
+
+      // Step 13: Reset Podman system settings.
+      // This command resets Podman's system-wide configuration to its default state.
       shellExec(`sudo podman system reset -f`);
+
+      // Note: The 'sysctl net.bridge.bridge-nf-call-iptables=0' and related commands
+      // were previously removed. These sysctl settings (bridge-nf-call-iptables,
+      // bridge-nf-call-arptables, bridge-nf-call-ip6tables) are crucial for allowing
+      // network traffic through Linux bridges to be processed by iptables.
+      // Kubernetes and CNI plugins generally require them to be enabled (set to '1').
+      // Re-initializing Kubernetes will typically set these as needed, and leaving them
+      // at their system default (or '1' if already configured) is safer for host
+      // connectivity during a reset operation.
+
       // https://github.com/kubernetes-sigs/kind/issues/2886
-      shellExec(`sysctl net.bridge.bridge-nf-call-iptables=0`);
-      shellExec(`sysctl net.bridge.bridge-nf-call-arptables=0`);
-      shellExec(`sysctl net.bridge.bridge-nf-call-ip6tables=0`);
+      // shellExec(`sysctl net.bridge.bridge-nf-call-iptables=0`);
+      // shellExec(`sysctl net.bridge.bridge-nf-call-arptables=0`);
+      // shellExec(`sysctl net.bridge.bridge-nf-call-ip6tables=0`);
+
+      // Step 14: Remove the 'kind' Docker network.
+      // This cleans up any network bridges or configurations specifically created by Kind.
       shellExec(`docker network rm kind`);
     },
+
     getResourcesCapacity() {
       const resources = {};
-      const info = true
+      const info = false
         ? `Capacity:
   cpu:                8
   ephemeral-storage:  153131976Ki

package/src/cli/deploy.js

@@ -256,6 +256,19 @@ kubectl scale statefulsets <stateful-set-name> --replicas=<new-replicas>
 kubectl get pods -w
 kubectl patch statefulset service-valkey --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value":"valkey/valkey:latest"}]'
 kubectl patch statefulset service-valkey -p '{"spec":{"template":{"spec":{"containers":[{"name":"service-valkey","imagePullPolicy":"Never"}]}}}}'
+kubectl logs -f <pod-name>
+kubectl describe pod <pod-name>
+kubectl exec -it <pod-name> -- bash
+kubectl exec -it <pod-name> -- sh
+docker exec -it kind-control-plane bash
+curl -4 -v google.com
+kubectl taint nodes <node-name> node-role.kubernetes.io/control-plane:NoSchedule-
+kubectl run test-pod --image=busybox:latest --restart=Never -- /bin/sh -c "while true; do sleep 30; done;"
+kubectl run test-pod --image=alpine/curl:latest --restart=Never -- sh -c "sleep infinity"
+kubectl get ippools -o yaml
+kubectl get node <node-name> -o jsonpath='{.spec.podCIDR}'
+kubectl patch ippool default-ipv4-ippool --type='json' -p='[{"op": "replace", "path": "/spec/cidr", "value": "10.244.0.0/16"}]'
+kubectl patch ippool default-ipv4-ippool --type='json' -p='[{"op": "replace", "path": "/spec/cidr", "value": "192.168.0.0/24"}]'
 `);
       if (deployList === 'dd' && fs.existsSync(`./engine-private/deploy/dd.router`))
         deployList = fs.readFileSync(`./engine-private/deploy/dd.router`, 'utf8');

package/src/cli/image.js

@@ -54,7 +54,7 @@ class UnderpostImage {
           shellExec(
             `cd ${path}${secretsInput}&& sudo podman build -f ./${
               dockerfileName && typeof dockerfileName === 'string' ? dockerfileName : 'Dockerfile'
-            } -t ${imageName} --pull=never --cap-add=CAP_AUDIT_WRITE${cache}${secretDockerInput}`,
+            } -t ${imageName} --pull=never --cap-add=CAP_AUDIT_WRITE${cache}${secretDockerInput} --network host`,
           );
 
         if (podmanSave === true) shellExec(`podman save -o ${tarFile} ${podManImg}`);

package/src/index.js

@@ -30,7 +30,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.8.67';
+  static version = 'v2.8.71';
   /**
    * Repository cli API
    * @static