underpost 2.8.77 → 2.8.79

package/README.md

@@ -68,7 +68,7 @@ Run dev client server
 npm run dev
 ```
 <!-- -->
-## underpost ci/cd cli v2.8.77
+## underpost ci/cd cli v2.8.79
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -87,10 +87,10 @@ Commands:
   config <operator> [key] [value]                            Manage configuration, operators
   root                                                       Get npm root path
   cluster [options] [pod-name]                               Manage cluster, for default initialization base kind cluster
-  deploy [options] <deploy-list> [env]                       Manage deployment, for default deploy development pods
+  deploy [options] [deploy-list] [env]                       Manage deployment, for default deploy development pods
   secret [options] <platform>                                Manage secrets
   dockerfile-image-build [options]                           Build image from Dockerfile
-  dockerfile-pull-base-images                                Pull underpost dockerfile images requirements
+  dockerfile-pull-base-images [options]                      Pull underpost dockerfile images requirements
   install                                                    Fast import underpost npm dependencies
   db [options] <deploy-list>                                 Manage databases
   script [options] <operator> <script-name> [script-value]   Supports a number of built-in underpost global scripts and their preset life cycle events as well as arbitrary scripts
@@ -98,6 +98,7 @@ Commands:
   fs [options] [path]                                        File storage management, for default upload file
   test [options] [deploy-list]                               Manage Test, for default run current underpost default test
   monitor [options] <deploy-id> [env]                        Monitor health server management
+  lxd [options]                                              Lxd management
   help [command]                                             display help for command
  
 ```

package/bin/deploy.js

@@ -822,6 +822,9 @@ try {
     }
 
     case 'version-deploy': {
+      shellExec(
+        `underpost secret underpost --create-from-file /home/dd/engine/engine-private/conf/dd-cron/.env.production`,
+      );
       shellExec(`node bin/build dd conf`);
       shellExec(`git add . && cd ./engine-private && git add .`);
       shellExec(`node bin cmt . ci package-pwa-microservices-template`);

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.8.77
+## underpost ci/cd cli v2.8.79
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -17,10 +17,10 @@ Commands:
   config <operator> [key] [value]                            Manage configuration, operators
   root                                                       Get npm root path
   cluster [options] [pod-name]                               Manage cluster, for default initialization base kind cluster
-  deploy [options] <deploy-list> [env]                       Manage deployment, for default deploy development pods
+  deploy [options] [deploy-list] [env]                       Manage deployment, for default deploy development pods
   secret [options] <platform>                                Manage secrets
   dockerfile-image-build [options]                           Build image from Dockerfile
-  dockerfile-pull-base-images                                Pull underpost dockerfile images requirements
+  dockerfile-pull-base-images [options]                      Pull underpost dockerfile images requirements
   install                                                    Fast import underpost npm dependencies
   db [options] <deploy-list>                                 Manage databases
   script [options] <operator> <script-name> [script-value]   Supports a number of built-in underpost global scripts and their preset life cycle events as well as arbitrary scripts
@@ -28,6 +28,7 @@ Commands:
   fs [options] [path]                                        File storage management, for default upload file
   test [options] [deploy-list]                               Manage Test, for default run current underpost default test
   monitor [options] <deploy-id> [env]                        Monitor health server management
+  lxd [options]                                              Lxd management
   help [command]                                             display help for command
  
 ```
@@ -199,10 +200,10 @@ Arguments:
 Options:
   --reset              Delete all clusters and prune all data and caches
   --mariadb            Init with mariadb statefulset
+  --mysql              Init with mysql statefulset
   --mongodb            Init with mongodb statefulset
   --postgresql         Init with postgresql statefulset
   --mongodb4           Init with mongodb 4.4 service
-  --istio              Init base istio cluster
   --valkey             Init with valkey service
   --contour            Init with project contour base HTTPProxy and envoy
   --cert-manager       Init with letsencrypt-prod ClusterIssuer
@@ -216,6 +217,11 @@ Options:
   --info-capacity      display current total machine capacity info
   --info-capacity-pod  display current machine capacity pod info
   --pull-image         Set optional pull associated image
+  --init-host          Install k8s node necessary cli env: kind, kubeadm,
+                       docker, podman, helm
+  --config             Set k8s base node config
+  --worker             Set worker node context
+  --chown              Set k8s kube chown
   -h, --help           display help for command
  
 ```
@@ -223,7 +229,7 @@ Options:
 
 ### `deploy` :
 ```
- Usage: underpost deploy [options] <deploy-list> [env]
+ Usage: underpost deploy [options] [deploy-list] [env]
 
 Manage deployment, for default deploy development pods
 
@@ -250,6 +256,7 @@ Options:
   --info-traffic                    get traffic conf form current resources
                                     deployments
   --kubeadm                         Enable kubeadm context
+  --restore-hosts                   Restore defautl etc hosts
   --rebuild-clients-bundle          Inside container, rebuild clients bundle,
                                     only static public or storage client files
   -h, --help                        display help for command
@@ -304,7 +311,11 @@ Options:
 Pull underpost dockerfile images requirements
 
 Options:
-  -h, --help  display help for command
+  --path [path]   Dockerfile path
+  --kind-load     Import tar image to Kind cluster
+  --kubeadm-load  Import tar image to Kubeadm cluster
+  --version       Set custom version
+  -h, --help      display help for command
  
 ```
   
@@ -455,4 +466,31 @@ Options:
   -h, --help                   display help for command
  
 ```
+  
+
+### `lxd` :
+```
+ Usage: underpost lxd [options]
+
+Lxd management
+
+Options:
+  --init                    Init lxd
+  --reset                   Reset lxd on current machine
+  --install                 Install lxd on current machine
+  --dev                     Set dev context env
+  --control                 set control node vm context
+  --worker                  set worker node context
+  --create-vm <vm-id>       Create default virtual machines
+  --init-vm <vm-id>         Get init vm underpost script
+  --info-vm <vm-id>         Get all info vm
+  --start-vm <vm-id>        Start vm with networkt config
+  --root-size <gb-size>     Set root size vm
+  --join-node <nodes>       Comma separated worker and control node e. g.
+                            k8s-worker-1,k8s-control
+  --expose <vm-name-ports>  Vm name and : separated with Comma separated vm
+                            port to expose e. g. k8s-control:80,443
+  -h, --help                display help for command
+ 
+```
   

package/docker-compose.yml

@@ -58,7 +58,7 @@ services:
           cpus: '0.25'
           memory: 20M
     labels: # labels in Compose file instead of Dockerfile
-      engine.version: '2.8.77'
+      engine.version: '2.8.79'
     networks:
       - load-balancer
 

package/manifests/envoy-service-nodeport.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: envoy
+  name: envoy
+  namespace: projectcontour
+spec:
+  externalTrafficPolicy: Cluster
+  ports:
+    - name: http
+      nodePort: 30080
+      port: 80
+      protocol: TCP
+      targetPort: 8080
+    - name: https
+      nodePort: 30443
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app: envoy
+  type: NodePort

package/manifests/lxd/lxd-admin-profile.yaml

@@ -0,0 +1,16 @@
+config:
+  limits.cpu: "2"
+  limits.memory: 4GB
+description: vm nat network
+devices:
+  eth0:
+    name: eth0
+    network: lxdbr0
+    type: nic
+  root:
+    path: /
+    pool: local # lxc storage list
+    size: 100GB
+    type: disk
+name: admin-profile
+used_by: []

package/manifests/lxd/lxd-preseed.yaml

@@ -0,0 +1,58 @@
+config:
+  core.https_address: 127.0.0.1:8443
+
+networks:
+  - name: lxdbr0
+    type: bridge
+    config:
+      ipv4.address: 10.250.250.1/24
+      ipv4.nat: "true"
+      ipv4.dhcp: "true"
+      ipv4.dhcp.ranges: 10.250.250.2-10.250.250.254
+      ipv4.firewall: "false"
+      ipv6.address: none
+
+storage_pools:
+  - name: local
+    driver: zfs
+    config:
+      size: 100GiB
+
+profiles:
+  - name: default
+    config: {}
+    description: "default profile"
+    devices:
+      root:
+        path: /
+        pool: local
+        type: disk
+
+  - name: admin-profile
+    description: "vm nat network admin profile"
+    config:
+      limits.cpu: "2"
+      limits.memory: 4GB
+    devices:
+      eth0:
+        name: eth0
+        network: lxdbr0
+        type: nic
+      root:
+        path: /
+        pool: local
+        size: 100GB
+        type: disk
+
+projects: []
+
+cluster:
+  server_name: lxd-node1
+  enabled: true
+  member_config: []
+  cluster_address: ""
+  cluster_certificate: ""
+  server_address: ""
+  cluster_password: ""
+  cluster_token: ""
+  cluster_certificate_path: ""

package/manifests/lxd/underpost-setup.sh

@@ -0,0 +1,146 @@
+#!/bin/bash
+
+set -e
+
+# Expand /dev/sda2 partition and resize filesystem automatically
+
+# Check if parted is installed
+if ! command -v parted &>/dev/null; then
+    echo "parted not found, installing..."
+    dnf install -y parted
+fi
+
+# Get start sector of /dev/sda2
+START_SECTOR=$(parted /dev/sda -ms unit s print | awk -F: '/^2:/{print $2}' | sed 's/s//')
+
+# Resize the partition
+parted /dev/sda ---pretend-input-tty <<EOF
+unit s
+resizepart 2 100%
+Yes
+quit
+EOF
+
+# Resize the filesystem
+resize2fs /dev/sda2
+
+echo "Disk and filesystem resized successfully."
+sudo dnf install -y tar
+sudo dnf install -y bzip2
+sudo dnf install -y git
+sudo dnf -y update
+sudo dnf -y install epel-release
+sudo dnf install -y ufw
+sudo systemctl enable --now ufw
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
+nvm install 23.8.0
+nvm use 23.8.0
+echo "
+██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗
+██║░░░██║████╗░██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝
+██║░░░██║██╔██╗██║██║░░██║█████╗░░██████╔╝██████╔╝██║░░██║╚█████╗░░░░██║░░░
+██║░░░██║██║╚████║██║░░██║██╔══╝░░██╔══██╗██╔═══╝░██║░░██║░╚═══██╗░░░██║░░░
+╚██████╔╝██║░╚███║██████╔╝███████╗██║░░██║██║░░░░░╚█████╔╝██████╔╝░░░██║░░░
+░╚═════╝░╚═╝░░╚══╝╚═════╝░╚══════╝╚═╝░░╚═╝╚═╝░░░░░░╚════╝░╚═════╝░░░░╚═╝░░░
+
+Installing underpost k8s node ...
+
+"
+npm install -g underpost
+chmod +x /root/.nvm/versions/node/v23.8.0/bin/underpost
+sudo modprobe br_netfilter
+mkdir -p /home/dd
+cd $(underpost root)/underpost
+underpost cluster --init-host
+
+# Default flags
+USE_KUBEADM=false
+USE_KIND=false
+USE_WORKER=false
+
+# Loop through arguments
+for arg in "$@"; do
+    case "$arg" in
+    --kubeadm)
+        USE_KUBEADM=true
+        ;;
+    --kind)
+        USE_KIND=true
+        ;;
+    --worker)
+        USE_WORKER=true
+        ;;
+    esac
+done
+
+echo "USE_KUBEADM = $USE_KUBEADM"
+echo "USE_KIND   = $USE_KIND"
+echo "USE_WORKER = $USE_WORKER"
+
+underpost cluster --kubeadm
+underpost cluster --reset
+
+PORTS=(
+    22    # SSH
+    80    # HTTP
+    443   # HTTPS
+    53    # DNS (TCP/UDP)
+    66    # TFTP
+    67    # DHCP
+    69    # TFTP
+    111   # rpcbind
+    179   # Calico BGP
+    2049  # NFS
+    20048 # NFS mountd
+    4011  # PXE boot
+    5240  # snapd API
+    5248  # Juju controller
+    6443  # Kubernetes API
+    9153  # CoreDNS metrics
+    10250 # Kubelet API
+    10251 # kube-scheduler
+    10252 # kube-controller-manager
+    10255 # Kubelet read-only (deprecated)
+    10257 # controller-manager (v1.23+)
+    10259 # scheduler (v1.23+)
+)
+
+PORT_RANGES=(
+    2379:2380 # etcd
+    # 30000:32767 # NodePort range
+    # 3000:3100 # App node ports
+    32765:32766 # Ephemeral ports
+    6783:6784   # Weave Net
+)
+
+# Open individual ports
+for PORT in "${PORTS[@]}"; do
+    ufw allow ${PORT}/tcp
+    ufw allow ${PORT}/udp
+done
+
+# Open port ranges
+for RANGE in "${PORT_RANGES[@]}"; do
+    ufw allow ${RANGE}/tcp
+    ufw allow ${RANGE}/udp
+done
+
+# Behavior based on flags
+if $USE_KUBEADM; then
+    echo "Running control node with kubeadm..."
+    underpost cluster --kubeadm
+    # kubectl get pods --all-namespaces -o wide -w
+fi
+
+if $USE_KIND; then
+    echo "Running control node with kind..."
+    underpost cluster
+    # kubectl get pods --all-namespaces -o wide -w
+fi
+
+if $USE_WORKER; then
+    echo "Running worker..."
+    underpost cluster --worker --config
+fi

package/manifests/mongodb/kustomization.yaml

@@ -6,6 +6,6 @@ resources:
   - pv-pvc.yaml
   - headless-service.yaml
   - statefulset.yaml
-  - backup-pv-pvc.yaml
+  # - backup-pv-pvc.yaml
   # - backup-cronjob.yaml
   # - backup-access.yaml

package/manifests/mongodb/statefulset.yaml

@@ -3,7 +3,7 @@ kind: StatefulSet
 metadata:
   name: mongodb # Specifies the name of the statefulset
 spec:
-  serviceName: 'mongodb-service' # Specifies the service to use
+  serviceName: "mongodb-service" # Specifies the service to use
   replicas: 2
   selector:
     matchLabels:
@@ -18,8 +18,8 @@ spec:
           image: docker.io/library/mongo:latest
           command:
             - mongod
-            - '--replSet'
-            - 'rs0'
+            - "--replSet"
+            - "rs0"
             # - '--config'
             # - '-f'
             # - '/etc/mongod.conf'
@@ -35,9 +35,9 @@ spec:
             # - '--setParameter'
             # - 'authenticationMechanisms=SCRAM-SHA-1'
             # - '--fork'
-            - '--logpath'
-            - '/var/log/mongodb/mongod.log'
-            - '--bind_ip_all'
+            - "--logpath"
+            - "/var/log/mongodb/mongod.log"
+            - "--bind_ip_all"
           # command: ['sh', '-c']
           # args:
           #   - |
@@ -99,11 +99,11 @@ spec:
                   key: password
           resources:
             requests:
-              cpu: '100m'
-              memory: '256Mi'
+              cpu: "100m"
+              memory: "256Mi"
             limits:
-              cpu: '500m'
-              memory: '512Mi'
+              cpu: "500m"
+              memory: "512Mi"
       volumes:
         - name: keyfile
           secret:
@@ -119,7 +119,8 @@ spec:
     - metadata:
         name: mongodb-storage
       spec:
-        accessModes: ['ReadWriteOnce']
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: mongodb-storage-class
         resources:
           requests:
             storage: 5Gi

package/manifests/mongodb/storage-class.yaml

@@ -0,0 +1,9 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: mongodb-storage-class
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "false"
+provisioner: rancher.io/local-path
+reclaimPolicy: Retain
+volumeBindingMode: WaitForFirstConsumer

package/manifests/mysql/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# kubectl apply -k core/.
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pv-pvc.yaml
+  - statefulset.yaml

package/manifests/mysql/pv-pvc.yaml

@@ -0,0 +1,27 @@
+# pv-pvc.yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mysql-pv
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/data"
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pv-claim
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi

package/manifests/mysql/statefulset.yaml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+  labels:
+    app: mysql
+spec:
+  ports:
+    - port: 3306
+      name: mysql
+  selector:
+    app: mysql
+  clusterIP: None
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mysql
+spec:
+  serviceName: "mysql"
+  selector:
+    matchLabels:
+      app: mysql
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+        - image: mysql:9
+          name: mysql
+          env:
+            - name: MYSQL_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: password
+          ports:
+            - containerPort: 3306
+              name: mysql
+          volumeMounts:
+            - name: mysql-persistent-storage
+              mountPath: /var/lib/mysql
+              subPath: mysql
+  volumeClaimTemplates:
+    - metadata:
+        name: mysql-persistent-storage
+      spec:
+        storageClassName: manual
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 20Gi

package/manifests/valkey/statefulset.yaml

@@ -19,9 +19,8 @@ spec:
 
       containers:
         - name: service-valkey
-          image: valkey/valkey:latest
-          # Ensure you pull only if not present (Never will error if missing)
-          imagePullPolicy: Never
+          image: docker.io/valkey/valkey:latest
+          imagePullPolicy: IfNotPresent
           env:
             - name: TZ
               value: Europe/Zurich

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.77",
+    "version": "2.8.79",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/cli/cluster.js

@@ -15,6 +15,7 @@ class UnderpostCluster {
         mongodb: false,
         mongodb4: false,
         mariadb: false,
+        mysql: false,
         postgresql: false,
         valkey: false,
         full: false,
@@ -30,6 +31,10 @@ class UnderpostCluster {
         pullImage: false,
         dedicatedGpu: false,
         kubeadm: false,
+        initHost: false,
+        config: false,
+        worker: false,
+        chown: false,
       },
     ) {
       // sudo dnf update
@@ -38,6 +43,9 @@ class UnderpostCluster {
       // 3) Install Nvidia drivers from Rocky Linux docs
       // 4) Install LXD with MAAS from Rocky Linux docs
       // 5) Install MAAS src from snap
+      if (options.initHost === true) return UnderpostCluster.API.initHost();
+      if (options.config === true) UnderpostCluster.API.config();
+      if (options.chown === true) UnderpostCluster.API.chown();
       const npmRoot = getNpmRootPath();
       const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
       if (options.infoCapacityPod === true) return logger.info('', UnderpostDeploy.API.resourcesFactory());
@@ -83,27 +91,22 @@ class UnderpostCluster {
         shellExec(`sudo kubectl api-resources`);
         return;
       }
+      const alrreadyCluster =
+        UnderpostDeploy.API.get('kube-apiserver-kind-control-plane')[0] ||
+        UnderpostDeploy.API.get('calico-kube-controllers')[0];
 
       if (
-        (!options.istio && !UnderpostDeploy.API.get('kube-apiserver-kind-control-plane')[0]) ||
-        (options.istio === true && !UnderpostDeploy.API.get('calico-kube-controllers')[0])
+        !options.worker &&
+        !alrreadyCluster &&
+        ((!options.kubeadm && !UnderpostDeploy.API.get('kube-apiserver-kind-control-plane')[0]) ||
+          (options.kubeadm === true && !UnderpostDeploy.API.get('calico-kube-controllers')[0]))
       ) {
-        shellExec(`sudo setenforce 0`);
-        shellExec(`sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config`);
-        // sudo systemctl disable kubelet
-        // shellExec(`sudo systemctl enable --now kubelet`);
-        shellExec(`containerd config default > /etc/containerd/config.toml`);
-        shellExec(`sed -i -e "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml`);
-        // shellExec(`cp /etc/kubernetes/admin.conf ~/.kube/config`);
-        // shellExec(`sudo systemctl restart kubelet`);
-        shellExec(`sudo service docker restart`);
-        shellExec(`sudo systemctl enable --now containerd.service`);
-        shellExec(`sudo swapoff -a; sudo sed -i '/swap/d' /etc/fstab`);
-        if (options.istio === true) {
-          shellExec(`sysctl net.bridge.bridge-nf-call-iptables=1`);
-          shellExec(`sudo kubeadm init --pod-network-cidr=192.168.0.0/16`);
-          shellExec(`sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config`);
-          shellExec(`sudo chown $(id -u):$(id -g) $HOME/.kube/config**`);
+        UnderpostCluster.API.config();
+        if (options.kubeadm === true) {
+          shellExec(
+            `sudo kubeadm init --pod-network-cidr=192.168.0.0/16 --control-plane-endpoint="${os.hostname()}:6443"`,
+          );
+          UnderpostCluster.API.chown();
           // https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart
           shellExec(
             `sudo kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/tigera-operator.yaml`,
@@ -112,14 +115,16 @@ class UnderpostCluster {
           //   `wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml`,
           // );
           shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/kubeadm-calico-config.yaml`);
-          shellExec(`sudo systemctl restart containerd`);
           const nodeName = os.hostname();
           shellExec(`kubectl taint nodes ${nodeName} node-role.kubernetes.io/control-plane:NoSchedule-`);
+          shellExec(
+            `kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml`,
+          );
         } else {
-          shellExec(`sudo systemctl restart containerd`);
           if (options.full === true || options.dedicatedGpu === true) {
             // https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/
             shellExec(`cd ${underpostRoot}/manifests && kind create cluster --config kind-config-cuda.yaml`);
+            UnderpostCluster.API.chown();
           } else {
             shellExec(
               `cd ${underpostRoot}/manifests && kind create cluster --config kind-config${
@@ -127,7 +132,6 @@ class UnderpostCluster {
               }.yaml`,
             );
           }
-          shellExec(`sudo chown $(id -u):$(id -g) $HOME/.kube/config**`);
         }
       } else logger.warn('Cluster already initialized');
 
@@ -142,7 +146,8 @@ class UnderpostCluster {
 
       if (options.full === true || options.valkey === true) {
         if (options.pullImage === true) {
-          shellExec(`docker pull valkey/valkey`);
+          shellExec(`docker pull valkey/valkey:latest`);
+          shellExec(`sudo podman pull valkey/valkey:latest`);
           if (!options.kubeadm)
             shellExec(
               `sudo ${
@@ -157,12 +162,18 @@ class UnderpostCluster {
         shellExec(
           `sudo kubectl create secret generic mariadb-secret --from-file=username=/home/dd/engine/engine-private/mariadb-username --from-file=password=/home/dd/engine/engine-private/mariadb-password`,
         );
-        shellExec(
-          `sudo kubectl create secret generic github-secret --from-literal=GITHUB_TOKEN=${process.env.GITHUB_TOKEN}`,
-        );
         shellExec(`kubectl delete statefulset mariadb-statefulset`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mariadb`);
       }
+      if (options.full === true || options.mysql === true) {
+        shellExec(
+          `sudo kubectl create secret generic mysql-secret --from-file=username=/home/dd/engine/engine-private/mysql-username --from-file=password=/home/dd/engine/engine-private/mysql-password`,
+        );
+        shellExec(`sudo mkdir -p /mnt/data`);
+        shellExec(`sudo chmod 777 /mnt/data`);
+        shellExec(`sudo chown -R root:root /mnt/data`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mysql`);
+      }
       if (options.full === true || options.postgresql === true) {
         if (options.pullImage === true) {
           shellExec(`docker pull postgres:latest`);
@@ -210,6 +221,9 @@ class UnderpostCluster {
 
         // await UnderpostTest.API.statusMonitor('mongodb-1');
       } else if (options.full === true || options.mongodb === true) {
+        if (options.pullImage === true) {
+          shellExec(`docker pull mongo:latest`);
+        }
         shellExec(
           `sudo kubectl create secret generic mongodb-keyfile --from-file=/home/dd/engine/engine-private/mongodb-keyfile`,
         );
@@ -217,6 +231,8 @@ class UnderpostCluster {
           `sudo kubectl create secret generic mongodb-secret --from-file=username=/home/dd/engine/engine-private/mongodb-username --from-file=password=/home/dd/engine/engine-private/mongodb-password`,
         );
         shellExec(`kubectl delete statefulset mongodb`);
+        if (options.kubeadm === true)
+          shellExec(`kubectl apply -f ${underpostRoot}/manifests/mongodb/storage-class.yaml`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb`);
 
         const successInstance = await UnderpostTest.API.statusMonitor('mongodb-1');
@@ -239,8 +255,12 @@ class UnderpostCluster {
         }
       }
 
-      if (options.full === true || options.contour === true)
+      if (options.full === true || options.contour === true) {
         shellExec(`kubectl apply -f https://projectcontour.io/quickstart/contour.yaml`);
+        if (options.kubeadm === true) {
+          shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/envoy-service-nodeport.yaml`);
+        }
+      }
 
       if (options.full === true || options.certManager === true) {
         if (!UnderpostDeploy.API.get('cert-manager').find((p) => p.STATUS === 'Running')) {
@@ -259,6 +279,26 @@ class UnderpostCluster {
         shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/${letsEncName}.yaml`);
       }
     },
+
+    config() {
+      shellExec(`sudo setenforce 0`);
+      shellExec(`sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config`);
+      shellExec(`sudo systemctl enable --now docker`);
+      shellExec(`sudo systemctl enable --now kubelet`);
+      shellExec(`containerd config default > /etc/containerd/config.toml`);
+      shellExec(`sed -i -e "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml`);
+      shellExec(`sudo service docker restart`);
+      shellExec(`sudo systemctl enable --now containerd.service`);
+      shellExec(`sudo swapoff -a; sudo sed -i '/swap/d' /etc/fstab`);
+      shellExec(`sudo systemctl daemon-reload`);
+      shellExec(`sudo systemctl restart containerd`);
+      shellExec(`sysctl net.bridge.bridge-nf-call-iptables=1`);
+    },
+    chown() {
+      shellExec(`mkdir -p ~/.kube`);
+      shellExec(`sudo -E cp -i /etc/kubernetes/admin.conf ~/.kube/config`);
+      shellExec(`sudo -E chown $(id -u):$(id -g) ~/.kube/config`);
+    },
     // This function performs a comprehensive reset of Kubernetes and container environments
     // on the host machine. Its primary goal is to clean up cluster components, temporary files,
     // and container data, ensuring a clean state for re-initialization or fresh deployments,
@@ -379,6 +419,14 @@ class UnderpostCluster {
       // Step 14: Remove the 'kind' Docker network.
       // This cleans up any network bridges or configurations specifically created by Kind.
       // shellExec(`docker network rm kind`);
+
+      // Reset kubelet
+      shellExec(`sudo systemctl stop kubelet`);
+      shellExec(`sudo rm -rf /etc/kubernetes/*`);
+      shellExec(`sudo rm -rf /var/lib/kubelet/*`);
+      shellExec(`sudo rm -rf /etc/cni/net.d/*`);
+      shellExec(`sudo systemctl daemon-reload`);
+      shellExec(`sudo systemctl start kubelet`);
     },
 
     getResourcesCapacity(kubeadm = false) {
@@ -426,6 +474,35 @@ Allocatable:
 
       return resources;
     },
+    initHost() {
+      // Install docker
+      shellExec(`sudo dnf -y install dnf-plugins-core
+sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo`);
+      shellExec(`sudo dnf -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin`);
+      // Install podman
+      shellExec(`sudo dnf -y install podman`);
+      // Install kind
+      shellExec(`[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.29.0/kind-linux-arm64
+chmod +x ./kind
+sudo mv ./kind /bin/kind`);
+      // Install kubeadm
+      shellExec(`cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
+[kubernetes]
+name=Kubernetes
+baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
+enabled=1
+gpgcheck=1
+gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key
+exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
+EOF`);
+      shellExec(`sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes`);
+      // Install helm
+      shellExec(`curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+chmod 700 get_helm.sh
+./get_helm.sh
+chmod +x /usr/local/bin/helm
+sudo mv /usr/local/bin/helm /bin/helm`);
+    },
   };
 }
 export default UnderpostCluster;

package/src/cli/deploy.js

@@ -15,6 +15,7 @@ import dotenv from 'dotenv';
 import { DataBaseProvider } from '../db/DataBaseProvider.js';
 import UnderpostRootEnv from './env.js';
 import UnderpostCluster from './cluster.js';
+import Underpost from '../index.js';
 
 const logger = loggerFactory(import.meta);
 
@@ -80,14 +81,14 @@ spec:
     spec:
       containers:
         - name: ${deployId}-${env}-${suffix}
-          image: localhost/debian:underpost
-          resources:
-            requests:
-              memory: "${resources.requests.memory}"
-              cpu: "${resources.requests.cpu}"
-            limits:
-              memory: "${resources.limits.memory}"
-              cpu: "${resources.limits.cpu}"
+          image: localhost/debian-underpost:${Underpost.version}
+#          resources:
+#            requests:
+#              memory: "${resources.requests.memory}"
+#              cpu: "${resources.requests.cpu}"
+#            limits:
+#              memory: "${resources.limits.memory}"
+#              cpu: "${resources.limits.cpu}"
           command:
             - /bin/sh
             - -c
@@ -243,6 +244,7 @@ spec:
         traffic: '',
         dashboardUpdate: false,
         replicas: '',
+        restoreHosts: false,
         disableUpdateDeployment: false,
         infoTraffic: false,
         rebuildClientsBundle: false,
@@ -297,11 +299,17 @@ kubectl get configmap kubelet-config -n kube-system -o yaml > kubelet-config.yam
       shellExec(
         `kubectl create configmap underpost-config --from-file=/home/dd/engine/engine-private/conf/dd-cron/.env.${env}`,
       );
+      let renderHosts = '';
+      let concatHots = '';
       const etcHost = (
         concat,
       ) => `127.0.0.1  ${concat} localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6`;
-      let concatHots = '';
+      if (options.restoreHosts === true) {
+        renderHosts = etcHost(concatHots);
+        fs.writeFileSync(`/etc/hosts`, renderHosts, 'utf8');
+        return;
+      }
 
       for (const _deployId of deployList.split(',')) {
         const deployId = _deployId.trim();
@@ -342,7 +350,6 @@ kubectl get configmap kubelet-config -n kube-system -o yaml > kubelet-config.yam
             shellExec(`sudo kubectl apply -f ./${manifestsPath}/secret.yaml`);
         }
       }
-      let renderHosts;
       switch (process.platform) {
         case 'linux':
           {

package/src/cli/image.js

@@ -1,9 +1,9 @@
 import fs from 'fs-extra';
-import { shellCd, shellExec } from '../server/process.js';
 import dotenv from 'dotenv';
-import { awaitDeployMonitor, getNpmRootPath } from '../server/conf.js';
 import { loggerFactory } from '../server/logger.js';
-import UnderpostMonitor from './monitor.js';
+import Underpost from '../index.js';
+import { getUnderpostRootPath } from '../server/conf.js';
+import { shellExec } from '../server/process.js';
 
 dotenv.config();
 
@@ -12,8 +12,23 @@ const logger = loggerFactory(import.meta);
 class UnderpostImage {
   static API = {
     dockerfile: {
-      pullBaseImages() {
+      pullBaseImages(
+        options = {
+          kindLoad: false,
+          kubeadmLoad: false,
+          path: false,
+          version: '',
+        },
+      ) {
         shellExec(`sudo podman pull docker.io/library/debian:buster`);
+        const IMAGE_NAME = `debian-underpost`;
+        const IMAGE_NAME_FULL = `${IMAGE_NAME}:${options.version ?? Underpost.version}`;
+        const LOAD_TYPE = options.kindLoad === true ? `--kin-load` : `--kubeadm-load`;
+        shellExec(
+          `underpost dockerfile-image-build --podman-save --no-cache --image-path=. --path ${
+            options.path ?? getUnderpostRootPath()
+          } --image-name=${IMAGE_NAME_FULL} ${LOAD_TYPE}`,
+        );
       },
       build(
         options = {

package/src/cli/index.js

@@ -1,10 +1,11 @@
 import dotenv from 'dotenv';
 import { Command } from 'commander';
 import Underpost from '../index.js';
-import { getUnderpostRootPath, loadConf } from '../server/conf.js';
+import { getNpmRootPath, getUnderpostRootPath, loadConf } from '../server/conf.js';
 import fs from 'fs-extra';
 import { commitData } from '../client/components/core/CommonJs.js';
 import { shellExec } from '../server/process.js';
+import UnderpostLxd from './lxd.js';
 
 const underpostRootPath = getUnderpostRootPath();
 fs.existsSync(`${underpostRootPath}/.env`)
@@ -92,10 +93,11 @@ program
   .argument('[pod-name]', 'Optional pod name filter')
   .option('--reset', `Delete all clusters and prune all data and caches`)
   .option('--mariadb', 'Init with mariadb statefulset')
+  .option('--mysql', 'Init with mysql statefulset')
   .option('--mongodb', 'Init with mongodb statefulset')
   .option('--postgresql', 'Init with postgresql statefulset')
   .option('--mongodb4', 'Init with mongodb 4.4 service')
-  .option('--istio', 'Init base istio cluster')
+  //  .option('--istio', 'Init base istio service mesh')
   .option('--valkey', 'Init with valkey service')
   .option('--contour', 'Init with project contour base HTTPProxy and envoy')
   .option('--cert-manager', 'Init with letsencrypt-prod ClusterIssuer')
@@ -109,12 +111,16 @@ program
   .option('--info-capacity', 'display current total machine capacity info')
   .option('--info-capacity-pod', 'display current machine capacity pod info')
   .option('--pull-image', 'Set optional pull associated image')
+  .option('--init-host', 'Install k8s node necessary cli env: kind, kubeadm, docker, podman, helm')
+  .option('--config', 'Set k8s base node config')
+  .option('--worker', 'Set worker node context')
+  .option('--chown', 'Set k8s kube chown')
   .action(Underpost.cluster.init)
   .description('Manage cluster, for default initialization base kind cluster');
 
 program
   .command('deploy')
-  .argument('<deploy-list>', 'Deploy id list, e.g. default-a,default-b')
+  .argument('[deploy-list]', 'Deploy id list, e.g. default-a,default-b')
   .argument('[env]', 'Optional environment, for default is development')
   .option('--remove', 'Delete deployments and services')
   .option('--sync', 'Sync deployments env, ports, and replicas')
@@ -130,6 +136,7 @@ program
   .option('--disable-update-deployment', 'Disable update deployments')
   .option('--info-traffic', 'get traffic conf form current resources deployments')
   .option('--kubeadm', 'Enable kubeadm context')
+  .option('--restore-hosts', 'Restore defautl etc hosts')
   .option(
     '--rebuild-clients-bundle',
     'Inside container, rebuild clients bundle, only static public or storage client files',
@@ -169,6 +176,10 @@ program
 
 program
   .command('dockerfile-pull-base-images')
+  .option('--path [path]', 'Dockerfile path')
+  .option('--kind-load', 'Import tar image to Kind cluster')
+  .option('--kubeadm-load', 'Import tar image to Kubeadm cluster')
+  .option('--version', 'Set custom version')
   .description('Pull underpost dockerfile images requirements')
   .action(Underpost.image.dockerfile.pullBaseImages);
 
@@ -259,6 +270,27 @@ program
   .description('Monitor health server management')
   .action(Underpost.monitor.callback);
 
+program
+  .command('lxd')
+  .option('--init', 'Init lxd')
+  .option('--reset', 'Reset lxd on current machine')
+  .option('--install', 'Install lxd on current machine')
+  .option('--dev', 'Set dev context env')
+  .option('--control', 'set control node vm context')
+  .option('--worker', 'set worker node context')
+  .option('--create-vm <vm-id>', 'Create default virtual machines')
+  .option('--init-vm <vm-id>', 'Get init vm underpost script')
+  .option('--info-vm <vm-id>', 'Get all info vm')
+  .option('--start-vm <vm-id>', 'Start vm with networkt config')
+  .option('--root-size <gb-size>', 'Set root size vm')
+  .option('--join-node <nodes>', 'Comma separated worker and control node e. g. k8s-worker-1,k8s-control')
+  .option(
+    '--expose <vm-name-ports>',
+    'Vm name and : separated with Comma separated vm port to expose e. g. k8s-control:80,443',
+  )
+  .description('Lxd management')
+  .action(UnderpostLxd.API.callback);
+
 const buildCliDoc = () => {
   let md = shellExec(`node bin help`, { silent: true, stdout: true }).split('Options:');
   const baseOptions =

package/src/cli/lxd.js

@@ -0,0 +1,162 @@
+import { getNpmRootPath } from '../server/conf.js';
+import { getLocalIPv4Address } from '../server/dns.js';
+import { pbcopy, shellExec } from '../server/process.js';
+import fs from 'fs-extra';
+
+class UnderpostLxd {
+  static API = {
+    async callback(
+      options = {
+        init: false,
+        reset: false,
+        dev: false,
+        install: false,
+        createVirtualNetwork: false,
+        control: false,
+        worker: false,
+        startVm: '',
+        initVm: '',
+        createVm: '',
+        infoVm: '',
+        rootSize: '',
+        joinNode: '',
+        expose: '',
+      },
+    ) {
+      const npmRoot = getNpmRootPath();
+      const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
+      if (options.reset === true) {
+        shellExec(`sudo systemctl stop snap.lxd.daemon`);
+        shellExec(`sudo snap remove lxd --purge`);
+      }
+      if (options.install === true) shellExec(`sudo snap install lxd`);
+      if (options.init === true) {
+        shellExec(`sudo systemctl start snap.lxd.daemon`);
+        shellExec(`sudo systemctl status snap.lxd.daemon`);
+        const lxdPressedContent = fs
+          .readFileSync(`${underpostRoot}/manifests/lxd/lxd-preseed.yaml`, 'utf8')
+          .replaceAll(`127.0.0.1`, getLocalIPv4Address());
+        // shellExec(`lxc profile show admin-profile`);
+        // shellExec(`lxc network show lxdbr0`);
+        // shellExec(`lxd init --preseed < ${underpostRoot}/manifests/lxd/lxd-preseed.yaml`);
+        shellExec(`echo "${lxdPressedContent}" | lxd init --preseed`);
+        shellExec(`lxc cluster list`);
+      }
+      if (options.createVm && typeof options.createVm === 'string') {
+        // lxc launch
+        const createVmCommand = `lxc init images:rockylinux/9/cloud ${
+          options.createVm
+        } --vm --target lxd-node1 -c limits.cpu=2 -c limits.memory=4GB --profile admin-profile -d root,size=${
+          options.rootSize && typeof options.rootSize === 'string' ? options.rootSize + 'GiB' : '32GiB'
+        }`;
+        pbcopy(createVmCommand); // Copy the command to clipboard for user
+      }
+      if (options.startVm && typeof options.startVm === 'string') {
+        const vmIp = UnderpostLxd.API.getNextAvailableIp();
+        shellExec(`lxc stop ${options.startVm}`);
+        shellExec(
+          `lxc config set ${options.startVm} user.network-config="${UnderpostLxd.API.generateCloudInitNetworkConfig(
+            vmIp,
+          )}"`,
+        );
+        shellExec(`lxc config device override ${options.startVm} eth0`);
+        shellExec(`lxc config device set ${options.startVm} eth0 ipv4.address ${vmIp}`);
+        shellExec(
+          `lxc config set ${options.startVm} user.user-data="#cloud-config
+runcmd:
+  - [touch, /var/log/userdata-ok]"`,
+        );
+        shellExec(`lxc start ${options.startVm}`);
+      }
+      if (options.initVm && typeof options.initVm === 'string') {
+        let flag = '';
+        if (options.control === true) {
+          flag = ' -s -- --kubeadm';
+          shellExec(`lxc exec ${options.initVm} -- bash -c 'mkdir -p /home/dd/engine'`);
+          shellExec(`lxc file push /home/dd/engine/engine-private ${options.initVm}/home/dd/engine --recursive`);
+        } else if (options.worker == true) {
+          flag = ' -s -- --worker';
+        }
+        pbcopy(`cat ${underpostRoot}/manifests/lxd/underpost-setup.sh | lxc exec ${options.initVm} -- bash${flag}`);
+      }
+      if (options.joinNode && typeof options.joinNode === 'string') {
+        const [workerNode, controlNode] = options.joinNode.split(',');
+        const token = shellExec(
+          `echo "$(lxc exec ${controlNode} -- bash -c 'sudo kubeadm token create --print-join-command')"`,
+          { stdout: true },
+        );
+        shellExec(`lxc exec ${workerNode} -- bash -c '${token}'`);
+      }
+      if (options.infoVm && typeof options.infoVm === 'string') {
+        shellExec(`lxc config show ${options.infoVm}`);
+        shellExec(`lxc info --show-log ${options.infoVm}`);
+        shellExec(`lxc info ${options.infoVm}`);
+        shellExec(`lxc list ${options.infoVm}`);
+      }
+      if (options.expose && typeof options.expose === 'string') {
+        const [controlNode, ports] = options.expose.split(':');
+        console.log({ controlNode, ports });
+        const protocols = ['tcp', 'udp'];
+        const hostIp = getLocalIPv4Address();
+        const vmIp = shellExec(
+          `lxc list ${controlNode} --format json | jq -r '.[0].state.network.enp5s0.addresses[] | select(.family=="inet") | .address'`,
+          { stdout: true },
+        ).trim();
+        for (const port of ports.split(',')) {
+          for (const protocol of protocols) {
+            shellExec(`lxc config device remove ${controlNode} ${controlNode}-port-${port}`);
+            shellExec(
+              `lxc config device add ${controlNode} ${controlNode}-port-${port} proxy listen=${protocol}:${hostIp}:${port} connect=${protocol}:${vmIp}:${port} nat=true`,
+            );
+            shellExec(`lxc config show ${controlNode} --expanded | grep proxy`);
+          }
+        }
+      }
+    },
+    generateCloudInitNetworkConfig(ip) {
+      return `version: 2
+ethernets:
+  enp5s0:
+    dhcp4: false
+    addresses:
+      - ${ip}/24
+    gateway4: 10.250.250.1
+    nameservers:
+      addresses: [1.1.1.1, 8.8.8.8]`;
+    },
+    getUsedIpsFromLxd() {
+      const json = shellExec('lxc list --format json', { stdout: true, silent: true });
+      const vms = JSON.parse(json);
+
+      const usedIps = [];
+
+      for (const vm of vms) {
+        if (vm.state && vm.state.network) {
+          for (const iface of Object.values(vm.state.network)) {
+            if (iface.addresses) {
+              for (const addr of iface.addresses) {
+                if (addr.family === 'inet' && addr.address.startsWith('10.250.250.')) {
+                  usedIps.push(addr.address);
+                }
+              }
+            }
+          }
+        }
+      }
+
+      return usedIps;
+    },
+    getNextAvailableIp(base = '10.250.250.', start = 100, end = 254) {
+      const usedIps = UnderpostLxd.API.getUsedIpsFromLxd();
+      for (let i = start; i <= end; i++) {
+        const candidate = `${base}${i}`;
+        if (!usedIps.includes(candidate)) {
+          return candidate;
+        }
+      }
+      throw new Error('No IPs available in the static range');
+    },
+  };
+}
+
+export default UnderpostLxd;

package/src/index.js

@@ -11,6 +11,7 @@ import UnderpostDeploy from './cli/deploy.js';
 import UnderpostRootEnv from './cli/env.js';
 import UnderpostFileStorage from './cli/fs.js';
 import UnderpostImage from './cli/image.js';
+import UnderpostLxd from './cli/lxd.js';
 import UnderpostMonitor from './cli/monitor.js';
 import UnderpostRepository from './cli/repository.js';
 import UnderpostScript from './cli/script.js';
@@ -30,7 +31,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.8.77';
+  static version = 'v2.8.79';
   /**
    * Repository cli API
    * @static
@@ -122,6 +123,13 @@ class Underpost {
    * @memberof Underpost
    */
   static monitor = UnderpostMonitor.API;
+  /**
+   * LXD cli API
+   * @static
+   * @type {UnderpostLxd.API}
+   * @memberof Underpost
+   */
+  static lxd = UnderpostLxd.API;
 }
 
 const up = Underpost;

package/src/runtime/lampp/Dockerfile

@@ -1,6 +1,6 @@
 ARG BASE_DEBIAN=buster
 
-USER root
+# USER root
 
 FROM debian:${BASE_DEBIAN}