underpost 2.8.67 → 2.8.75

package/manifests/deployment/fastapi/initial_data.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# IMPORTANT: For non-interactive scripts, 'conda activate' can be problematic
+# because it relies on the shell's initialization.
+# A more robust and recommended way to run commands within a Conda environment
+# from a script is to use 'conda run'. This command directly executes a process
+# in the specified environment without needing to manually source 'conda.sh'.
+
+# Navigate to the application's root directory for module discovery.
+# This is crucial for Python to correctly find your 'app' module using 'python -m'.
+#
+# Let's assume a common project structure:
+# full-stack-fastapi-template/
+# ├── backend/
+# │   ├── app/
+# │   │   └── initial_data.py  (the Python script you want to run)
+# │   └── initial_data.sh      (this shell script)
+# └── ...
+#
+# If `initial_data.sh` is located in `full-stack-fastapi-template/backend/`,
+# and `app` is a subdirectory of `backend/`, then the Python command
+# `python -m app.initial_data` needs to be executed from the `backend/` directory.
+#
+# If you are running this shell script from a different directory (e.g., `engine/`),
+# Python's module import system won't automatically find 'app' unless the parent
+# directory of 'app' is in the `PYTHONPATH` or you change the current working directory.
+#
+# The safest way is to change the current working directory to the script's location.
+
+# Store the current directory to return to it later if needed (good practice for multi-step scripts).
+CURRENT_DIR=$(pwd)
+
+# Get the absolute path of the directory where this script is located.
+# This is a robust way to ensure we always navigate to the correct 'backend' directory.
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
+cd "$SCRIPT_DIR"
+
+# Execute your Python script within the specified Conda environment using 'conda run'.
+# -n fastapi_env specifies the Conda environment to use.
+# This completely avoids the 'source conda.sh' issue and is generally more reliable.
+conda run -n fastapi_env python -m app.initial_data
+
+# Important Note: The 'ModuleNotFoundError: No module named 'sqlmodel'' indicates that
+# the 'sqlmodel' package is not installed in your 'fastapi_env' Conda environment.
+# After running this script, if you still get the 'sqlmodel' error,
+# you will need to activate your environment manually and install it:
+#
+# conda activate fastapi_env
+# pip install sqlmodel
+# # or if it's a conda package:
+# # conda install sqlmodel
+#
+# Then try running this script again.
+
+# Optional Good Practice: Return to the original directory if the script is part of a larger workflow.
+cd "$CURRENT_DIR"

package/manifests/deployment/kafka/deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: kafka
+  namespace: kafka
+  labels:
+    app: kafka-app
+spec:
+  serviceName: kafka-svc
+  replicas: 3
+  selector:
+    matchLabels:
+      app: kafka-app
+  template:
+    metadata:
+      labels:
+        app: kafka-app
+    spec:
+      containers:
+        - name: kafka-container
+          image: doughgle/kafka-kraft
+          ports:
+            - containerPort: 9092
+            - containerPort: 9093
+          env:
+            - name: REPLICAS
+              value: '3'
+            - name: SERVICE
+              value: kafka-svc
+            - name: NAMESPACE
+              value: kafka
+            - name: SHARE_DIR
+              value: /mnt/kafka
+            - name: CLUSTER_ID
+              value: bXktY2x1c3Rlci0xMjM0NQ==
+            - name: DEFAULT_REPLICATION_FACTOR
+              value: '3'
+            - name: DEFAULT_MIN_INSYNC_REPLICAS
+              value: '2'
+          volumeMounts:
+            - name: data
+              mountPath: /mnt/kafka
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes:
+          - 'ReadWriteOnce'
+        resources:
+          requests:
+            storage: '1Gi'
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kafka-svc
+  namespace: kafka
+  labels:
+    app: kafka-app
+spec:
+  type: NodePort
+  ports:
+    - name: '9092'
+      port: 9092
+      protocol: TCP
+      targetPort: 9092
+      nodePort: 30092
+  selector:
+    app: kafka-app

package/manifests/deployment/spark/spark-pi-py.yaml

@@ -0,0 +1,21 @@
+apiVersion: sparkoperator.k8s.io/v1beta2
+kind: SparkApplication
+metadata:
+  name: spark-pi-python
+  namespace: default
+spec:
+  type: Python
+  pythonVersion: '3'
+  mode: cluster
+  image: spark:3.5.3
+  imagePullPolicy: IfNotPresent
+  mainApplicationFile: local:///opt/spark/examples/src/main/python/pi.py
+  sparkVersion: 3.5.3
+  driver:
+    cores: 1
+    memory: 512m
+    serviceAccount: spark-operator-spark
+  executor:
+    instances: 1
+    cores: 1
+    memory: 512m

package/manifests/kubeadm-calico-config.yaml

@@ -0,0 +1,119 @@
+# This consolidated YAML file contains configurations for:
+# 1. Calico Installation (Installation and APIServer resources)
+# 2. A permissive Egress NetworkPolicy for the 'default' namespace
+#
+# These are standard Kubernetes resources that can be applied directly using 'kubectl apply'.
+# The kubeadm-specific ClusterConfiguration and InitConfiguration have been removed
+# as they are only processed by the 'kubeadm init' command, not 'kubectl apply'.
+
+# --- Calico Installation: Base configuration for Calico ---
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  # Configures Calico networking.
+  calicoNetwork:
+    # Note: The ipPools section cannot be modified post-install.
+    ipPools:
+      - blockSize: 26
+        cidr: 192.168.0.0/16
+        encapsulation: VXLANCrossSubnet
+        natOutgoing: Enabled
+        nodeSelector: all()
+
+---
+# This section configures the Calico API server.
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
+apiVersion: operator.tigera.io/v1
+kind: APIServer
+metadata:
+  name: default
+spec: {}
+
+---
+# This consolidated NetworkPolicy file ensures that all pods in the specified namespaces
+# have unrestricted egress (outbound) access.
+# This is useful for troubleshooting or for environments where strict egress control
+# is not immediately required for these system/default namespaces.
+
+---
+# Policy for the 'default' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-default-namespace
+  namespace: default # This policy applies to the 'default' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-system' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-system-namespace
+  namespace: kube-system # This policy applies to the 'kube-system' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-node-lease' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-node-lease-namespace
+  namespace: kube-node-lease # This policy applies to the 'kube-node-lease' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-public' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-public-namespace
+  namespace: kube-public # This policy applies to the 'kube-public' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'tigera-operator' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-tigera-operator-namespace
+  namespace: tigera-operator # This policy applies to the 'tigera-operator' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address

package/manifests/kubelet-config.yaml

@@ -0,0 +1,65 @@
+apiVersion: v1
+data:
+  kubelet: |
+    apiVersion: kubelet.config.k8s.io/v1beta1
+    authentication:
+      anonymous:
+        enabled: false
+      webhook:
+        cacheTTL: 0s
+        enabled: true
+      x509:
+        clientCAFile: /etc/kubernetes/pki/ca.crt
+    authorization:
+      mode: Webhook
+      webhook:
+        cacheAuthorizedTTL: 0s
+        cacheUnauthorizedTTL: 0s
+    cgroupDriver: systemd
+    clusterDNS:
+    - 10.96.0.10
+    clusterDomain: cluster.local
+    containerRuntimeEndpoint: unix:///run/containerd/containerd.sock
+    cpuManagerReconcilePeriod: 0s
+    crashLoopBackOff: {}
+    evictionHard:
+      imagefs.available: "5%" # Adjusted for more tolerance
+      memory.available: "100Mi"
+      nodefs.available: "5%" # Adjusted for more tolerance
+      nodefs.inodesFree: "5%"
+    evictionPressureTransitionPeriod: 0s
+    fileCheckFrequency: 0s
+    healthzBindAddress: 127.0.0.1
+    healthzPort: 10248
+    httpCheckFrequency: 0s
+    imageMaximumGCAge: 0s
+    imageMinimumGCAge: 0s
+    kind: KubeletConfiguration
+    logging:
+      flushFrequency: 0
+      options:
+        json:
+          infoBufferSize: "0"
+        text:
+          infoBufferSize: "0"
+      verbosity: 0
+    memorySwap: {}
+    nodeStatusReportFrequency: 0s
+    nodeStatusUpdateFrequency: 0s
+    rotateCertificates: true
+    runtimeRequestTimeout: 0s
+    shutdownGracePeriod: 0s
+    shutdownGracePeriodCriticalPods: 0s
+    staticPodPath: /etc/kubernetes/manifests
+    streamingConnectionIdleTimeout: 0s
+    syncFrequency: 0s
+    volumeStatsAggPeriod: 0s
+kind: ConfigMap
+metadata:
+  annotations:
+    kubeadm.kubernetes.io/component-config.hash: sha256:26488e9fc7c5cb5fdda9996cda2e6651a9af5febce07ea02de11bd3ef3f49e9c
+  creationTimestamp: "2025-06-30T12:42:00Z"
+  name: kubelet-config
+  namespace: kube-system
+  resourceVersion: "204"
+  uid: a85321a8-f3e0-40fa-8e4e-9d33b8842e7a

package/manifests/postgresql/statefulset.yaml

@@ -4,7 +4,7 @@ metadata:
   name: postgres
 spec:
   serviceName: postgres
-  replicas: 3
+  replicas: 1
   selector:
     matchLabels:
       app: postgres

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.67",
+    "version": "2.8.75",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/cli/cluster.js

@@ -3,6 +3,7 @@ import { loggerFactory } from '../server/logger.js';
 import { shellExec } from '../server/process.js';
 import UnderpostDeploy from './deploy.js';
 import UnderpostTest from './test.js';
+import os from 'os';
 
 const logger = loggerFactory(import.meta);
 
@@ -27,9 +28,12 @@ class UnderpostCluster {
         infoCapacityPod: false,
         istio: false,
         pullImage: false,
+        dedicatedGpu: false,
+        kubeadm: false,
       },
     ) {
-      // 1) Install kind, kubeadm, docker, podman
+      // sudo dnf update
+      // 1) Install kind, kubeadm, docker, podman, helm
       // 2) Check kubectl, kubelet, containerd.io
       // 3) Install Nvidia drivers from Rocky Linux docs
       // 4) Install LXD with MAAS from Rocky Linux docs
@@ -37,7 +41,8 @@ class UnderpostCluster {
       const npmRoot = getNpmRootPath();
       const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
       if (options.infoCapacityPod === true) return logger.info('', UnderpostDeploy.API.resourcesFactory());
-      if (options.infoCapacity === true) return logger.info('', UnderpostCluster.API.getResourcesCapacity());
+      if (options.infoCapacity === true)
+        return logger.info('', UnderpostCluster.API.getResourcesCapacity(options.kubeadm));
       if (options.reset === true) return await UnderpostCluster.API.reset();
       if (options.listPods === true) return console.table(UnderpostDeploy.API.get(podName ?? undefined));
 
@@ -65,6 +70,7 @@ class UnderpostCluster {
         shellExec(
           `kubectl get pods --all-namespaces -o=jsonpath='{range .items[*]}{"\\n"}{.metadata.name}{":\\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'`,
         );
+        shellExec(`sudo crictl images`);
         console.log();
         logger.info('contour -------------------------------------------------');
         for (const _k of ['Cluster', 'HTTPProxy', 'ClusterIssuer', 'Certificate']) {
@@ -105,30 +111,44 @@ class UnderpostCluster {
           // shellExec(
           //   `wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml`,
           // );
-          shellExec(`sudo kubectl apply -f ./manifests/calico-custom-resources.yaml`);
+          shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/kubeadm-calico-config.yaml`);
           shellExec(`sudo systemctl restart containerd`);
+          const nodeName = os.hostname();
+          shellExec(`kubectl taint nodes ${nodeName} node-role.kubernetes.io/control-plane:NoSchedule-`);
         } else {
           shellExec(`sudo systemctl restart containerd`);
-          shellExec(
-            `cd ${underpostRoot}/manifests && kind create cluster --config kind-config${
-              options?.dev === true ? '-dev' : ''
-            }.yaml`,
-          );
+          if (options.full === true || options.dedicatedGpu === true) {
+            // https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/
+            shellExec(`cd ${underpostRoot}/manifests && kind create cluster --config kind-config-cuda.yaml`);
+          } else {
+            shellExec(
+              `cd ${underpostRoot}/manifests && kind create cluster --config kind-config${
+                options?.dev === true ? '-dev' : ''
+              }.yaml`,
+            );
+          }
           shellExec(`sudo chown $(id -u):$(id -g) $HOME/.kube/config**`);
         }
       } else logger.warn('Cluster already initialized');
 
+      // shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/kubelet-config.yaml`);
+
+      if (options.full === true || options.dedicatedGpu === true) {
+        shellExec(`node ${underpostRoot}/bin/deploy nvidia-gpu-operator`);
+        shellExec(
+          `node ${underpostRoot}/bin/deploy kubeflow-spark-operator${options.kubeadm === true ? ' kubeadm' : ''}`,
+        );
+      }
+
       if (options.full === true || options.valkey === true) {
         if (options.pullImage === true) {
-          // kubectl patch statefulset service-valkey --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value":"valkey/valkey:latest"}]'
-          // kubectl patch statefulset service-valkey -p '{"spec":{"template":{"spec":{"containers":[{"name":"service-valkey","imagePullPolicy":"Never"}]}}}}'
           shellExec(`docker pull valkey/valkey`);
-          // shellExec(`sudo kind load docker-image valkey/valkey`);
-          // shellExec(`sudo podman pull docker.io/valkey/valkey:latest`);
-          // shellExec(`podman save -o valkey.tar valkey/valkey`);
-          // shellExec(`sudo kind load image-archive valkey.tar`);
-          // shellExec(`sudo rm -rf ./valkey.tar`);
-          shellExec(`sudo kind load docker-image valkey/valkey:latest`);
+          if (!options.kubeadm)
+            shellExec(
+              `sudo ${
+                options.kubeadm === true ? `ctr -n k8s.io images import` : `kind load docker-image`
+              } valkey/valkey:latest`,
+            );
         }
         shellExec(`kubectl delete statefulset service-valkey`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/valkey`);
@@ -144,15 +164,29 @@ class UnderpostCluster {
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mariadb`);
       }
       if (options.full === true || options.postgresql === true) {
+        if (options.pullImage === true) {
+          shellExec(`docker pull postgres:latest`);
+          if (!options.kubeadm)
+            shellExec(
+              `sudo ${
+                options.kubeadm === true ? `ctr -n k8s.io images import` : `kind load docker-image`
+              } docker-image postgres:latest`,
+            );
+        }
         shellExec(
           `sudo kubectl create secret generic postgres-secret --from-file=password=/home/dd/engine/engine-private/postgresql-password`,
         );
-        shellExec(`kubectl apply -k ./manifests/postgresql`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/postgresql`);
       }
       if (options.mongodb4 === true) {
         if (options.pullImage === true) {
           shellExec(`docker pull mongo:4.4`);
-          shellExec(`sudo kind load docker-image mongo:4.4`);
+          if (!options.kubeadm)
+            shellExec(
+              `sudo ${
+                options.kubeadm === true ? `ctr -n k8s.io images import` : `kind load docker-image`
+              } docker-image mongo:4.4`,
+            );
         }
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb-4.4`);
 
@@ -225,43 +259,131 @@ class UnderpostCluster {
         shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/${letsEncName}.yaml`);
       }
     },
+    // This function performs a comprehensive reset of Kubernetes and container environments
+    // on the host machine. Its primary goal is to clean up cluster components, temporary files,
+    // and container data, ensuring a clean state for re-initialization or fresh deployments,
+    // while also preventing the loss of the host machine's internet connectivity.
+
     reset() {
+      // Step 1: Delete all existing Kind (Kubernetes in Docker) clusters.
+      // 'kind get clusters' lists all Kind clusters.
+      // 'xargs -t -n1 kind delete cluster --name' then iterates through each cluster name
+      // and executes 'kind delete cluster --name <cluster_name>' to remove them.
       shellExec(`kind get clusters | xargs -t -n1 kind delete cluster --name`);
+
+      // Step 2: Reset the Kubernetes control-plane components installed by kubeadm.
+      // 'kubeadm reset -f' performs a forceful reset, removing installed Kubernetes components,
+      // configuration files, and associated network rules (like iptables entries created by kubeadm).
+      // The '-f' flag bypasses confirmation prompts.
       shellExec(`sudo kubeadm reset -f`);
+
+      // Step 3: Remove specific CNI (Container Network Interface) configuration files.
+      // This command targets and removes the configuration file for Flannel,
+      // a common CNI plugin, which might be left behind after a reset.
       shellExec('sudo rm -f /etc/cni/net.d/10-flannel.conflist');
-      shellExec('sudo iptables -F && sudo iptables -t nat -F && sudo iptables -t mangle -F && sudo iptables -X');
+
+      // Note: The aggressive 'sudo iptables -F ...' command was intentionally removed from previous versions.
+      // This command would flush all iptables rules, including those crucial for the host's general
+      // internet connectivity, leading to network loss. 'kubeadm reset' and container runtime pruning
+      // adequately handle Kubernetes and container-specific iptables rules without affecting the host's
+      // default network configuration.
+
+      // Step 4: Remove the kubectl configuration file from the current user's home directory.
+      // This ensures that after a reset, there's no lingering configuration pointing to the old cluster,
+      // providing a clean slate for connecting to a new or re-initialized cluster.
       shellExec('sudo rm -f $HOME/.kube/config');
+
+      // Step 5: Clear trash files from the root user's trash directory.
+      // This is a general cleanup step to remove temporary or deleted files.
       shellExec('sudo rm -rf /root/.local/share/Trash/files/*');
+
+      // Step 6: Prune all unused Docker data.
+      // 'docker system prune -a -f' removes:
+      // - All stopped containers
+      // - All unused networks
+      // - All dangling images
+      // - All build cache
+      // - All unused volumes
+      // This aggressively frees up disk space and removes temporary Docker artifacts.
       shellExec('sudo docker system prune -a -f');
+
+      // Step 7: Stop the Docker daemon service.
+      // This step is often necessary to ensure that Docker's files and directories
+      // can be safely manipulated or moved in subsequent steps without conflicts.
       shellExec('sudo service docker stop');
+
+      // Step 8: Aggressively remove container storage data for containerd and Docker.
+      // These commands target the default storage locations for containerd and Docker,
+      // as well as any custom paths that might have been used (`/home/containers/storage`, `/home/docker`).
+      // This ensures a complete wipe of all container images, layers, and volumes.
       shellExec(`sudo rm -rf /var/lib/containers/storage/*`);
       shellExec(`sudo rm -rf /var/lib/docker/volumes/*`);
-      shellExec(`sudo rm -rf /var/lib/docker~/*`);
-      shellExec(`sudo rm -rf /home/containers/storage/*`);
-      shellExec(`sudo rm -rf /home/docker/*`);
-      shellExec('sudo mv /var/lib/docker /var/lib/docker~');
-      shellExec('sudo mkdir /home/docker');
-      shellExec('sudo chmod 0711 /home/docker');
-      shellExec('sudo ln -s /home/docker /var/lib/docker');
+      shellExec(`sudo rm -rf /var/lib/docker~/*`); // Cleans up a potential backup directory for Docker data
+      shellExec(`sudo rm -rf /home/containers/storage/*`); // Cleans up custom containerd/Podman storage
+      shellExec(`sudo rm -rf /home/docker/*`); // Cleans up custom Docker storage
+
+      // Step 9: Re-configure Docker's default storage location (if desired).
+      // These commands effectively move Docker's data directory from its default `/var/lib/docker`
+      // to a new location (`/home/docker`) and create a symbolic link.
+      // This is a specific customization to relocate Docker's storage.
+      shellExec('sudo mv /var/lib/docker /var/lib/docker~'); // Moves existing /var/lib/docker to /var/lib/docker~ (backup)
+      shellExec('sudo mkdir /home/docker'); // Creates the new desired directory for Docker data
+      shellExec('sudo chmod 0711 /home/docker'); // Sets appropriate permissions for the new directory
+      shellExec('sudo ln -s /home/docker /var/lib/docker'); // Creates a symlink from original path to new path
+
+      // Step 10: Prune all unused Podman data.
+      // Similar to Docker pruning, these commands remove:
+      // - All stopped containers
+      // - All unused networks
+      // - All unused images
+      // - All unused volumes ('--volumes')
+      // - The '--force' flag bypasses confirmation.
+      // '--external' prunes external content not managed by Podman's default storage backend.
       shellExec(`sudo podman system prune -a -f`);
       shellExec(`sudo podman system prune --all --volumes --force`);
       shellExec(`sudo podman system prune --external --force`);
-      shellExec(`sudo podman system prune --all --volumes --force`);
+      shellExec(`sudo podman system prune --all --volumes --force`); // Redundant but harmless repetition
+
+      // Step 11: Create and set permissions for Podman's custom storage directory.
+      // This ensures the custom path `/home/containers/storage` exists and has correct permissions
+      // before Podman attempts to use it.
       shellExec(`sudo mkdir -p /home/containers/storage`);
       shellExec('sudo chmod 0711 /home/containers/storage');
+
+      // Step 12: Update Podman's storage configuration file.
+      // This command uses 'sed' to modify `/etc/containers/storage.conf`,
+      // changing the default storage path from `/var/lib/containers/storage`
+      // to the customized `/home/containers/storage`.
       shellExec(
         `sudo sed -i -e "s@/var/lib/containers/storage@/home/containers/storage@g" /etc/containers/storage.conf`,
       );
+
+      // Step 13: Reset Podman system settings.
+      // This command resets Podman's system-wide configuration to its default state.
       shellExec(`sudo podman system reset -f`);
+
+      // Note: The 'sysctl net.bridge.bridge-nf-call-iptables=0' and related commands
+      // were previously removed. These sysctl settings (bridge-nf-call-iptables,
+      // bridge-nf-call-arptables, bridge-nf-call-ip6tables) are crucial for allowing
+      // network traffic through Linux bridges to be processed by iptables.
+      // Kubernetes and CNI plugins generally require them to be enabled (set to '1').
+      // Re-initializing Kubernetes will typically set these as needed, and leaving them
+      // at their system default (or '1' if already configured) is safer for host
+      // connectivity during a reset operation.
+
       // https://github.com/kubernetes-sigs/kind/issues/2886
-      shellExec(`sysctl net.bridge.bridge-nf-call-iptables=0`);
-      shellExec(`sysctl net.bridge.bridge-nf-call-arptables=0`);
-      shellExec(`sysctl net.bridge.bridge-nf-call-ip6tables=0`);
-      shellExec(`docker network rm kind`);
+      // shellExec(`sysctl net.bridge.bridge-nf-call-iptables=0`);
+      // shellExec(`sysctl net.bridge.bridge-nf-call-arptables=0`);
+      // shellExec(`sysctl net.bridge.bridge-nf-call-ip6tables=0`);
+
+      // Step 14: Remove the 'kind' Docker network.
+      // This cleans up any network bridges or configurations specifically created by Kind.
+      // shellExec(`docker network rm kind`);
     },
-    getResourcesCapacity() {
+
+    getResourcesCapacity(kubeadm = false) {
       const resources = {};
-      const info = true
+      const info = false
         ? `Capacity:
   cpu:                8
   ephemeral-storage:  153131976Ki
@@ -276,10 +398,15 @@ Allocatable:
   hugepages-2Mi:      0
   memory:             11914720Ki
   pods: `
-        : shellExec(`kubectl describe node kind-worker | grep -E '(Allocatable:|Capacity:)' -A 6`, {
-            stdout: true,
-            silent: true,
-          });
+        : shellExec(
+            `kubectl describe node ${
+              kubeadm === true ? os.hostname() : 'kind-worker'
+            } | grep -E '(Allocatable:|Capacity:)' -A 6`,
+            {
+              stdout: true,
+              silent: true,
+            },
+          );
       info
         .split('Allocatable:')[1]
         .split('\n')