underpost 2.8.78 → 2.8.82

package/conf.js

@@ -164,6 +164,10 @@ const DefaultConf = /**/ {
             auth: { user: 'noreply@default.net', pass: '' },
           },
         },
+        valkey: {
+          port: 6379,
+          host: '127.0.0.1',
+        },
       },
     },
     'www.default.net': {

package/docker-compose.yml

@@ -58,7 +58,7 @@ services:
           cpus: '0.25'
           memory: 20M
     labels: # labels in Compose file instead of Dockerfile
-      engine.version: '2.8.78'
+      engine.version: '2.8.82'
     networks:
       - load-balancer
 

package/manifests/deployment/dd-template-development/deployment.yaml

@@ -0,0 +1,167 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dd-template-development-blue
+  labels:
+    app: dd-template-development-blue
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dd-template-development-blue
+  template:
+    metadata:
+      labels:
+        app: dd-template-development-blue
+    spec:
+      containers:
+        - name: dd-template-development-blue
+          image: localhost/rockylinux9-underpost:v2.8.82
+          #          resources:
+          #            requests:
+          #              memory: "124Ki"
+          #              cpu: "100m"
+          #            limits:
+          #              memory: "1992Ki"
+          #              cpu: "1600m"
+          command:
+            - /bin/sh
+            - -c
+            - >
+              npm install -g npm@11.2.0 &&
+              npm install -g underpost &&
+              cd $(underpost root)/underpost &&
+              node bin/deploy update-default-conf template &&
+              mkdir -p /home/dd &&
+              cd /home/dd &&
+              underpost new engine
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dd-template-development-blue-service
+spec:
+  selector:
+    app: dd-template-development-blue
+  ports:
+    - name: 'tcp-4001'
+      protocol: TCP
+      port: 4001
+      targetPort: 4001
+    - name: 'udp-4001'
+      protocol: UDP
+      port: 4001
+      targetPort: 4001
+
+    - name: 'tcp-4002'
+      protocol: TCP
+      port: 4002
+      targetPort: 4002
+    - name: 'udp-4002'
+      protocol: UDP
+      port: 4002
+      targetPort: 4002
+
+    - name: 'tcp-4003'
+      protocol: TCP
+      port: 4003
+      targetPort: 4003
+    - name: 'udp-4003'
+      protocol: UDP
+      port: 4003
+      targetPort: 4003
+
+    - name: 'tcp-4004'
+      protocol: TCP
+      port: 4004
+      targetPort: 4004
+    - name: 'udp-4004'
+      protocol: UDP
+      port: 4004
+      targetPort: 4004
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dd-template-development-green
+  labels:
+    app: dd-template-development-green
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dd-template-development-green
+  template:
+    metadata:
+      labels:
+        app: dd-template-development-green
+    spec:
+      containers:
+        - name: dd-template-development-green
+          image: localhost/rockylinux9-underpost:v2.8.82
+          #          resources:
+          #            requests:
+          #              memory: "124Ki"
+          #              cpu: "100m"
+          #            limits:
+          #              memory: "1992Ki"
+          #              cpu: "1600m"
+          command:
+            - /bin/sh
+            - -c
+            - >
+              npm install -g npm@11.2.0 &&
+              npm install -g underpost &&
+              cd $(underpost root)/underpost &&
+              node bin/deploy update-default-conf template &&
+              mkdir -p /home/dd &&
+              cd /home/dd &&
+              underpost new engine
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dd-template-development-green-service
+spec:
+  selector:
+    app: dd-template-development-green
+  ports:
+    - name: 'tcp-4001'
+      protocol: TCP
+      port: 4001
+      targetPort: 4001
+    - name: 'udp-4001'
+      protocol: UDP
+      port: 4001
+      targetPort: 4001
+
+    - name: 'tcp-4002'
+      protocol: TCP
+      port: 4002
+      targetPort: 4002
+    - name: 'udp-4002'
+      protocol: UDP
+      port: 4002
+      targetPort: 4002
+
+    - name: 'tcp-4003'
+      protocol: TCP
+      port: 4003
+      targetPort: 4003
+    - name: 'udp-4003'
+      protocol: UDP
+      port: 4003
+      targetPort: 4003
+
+    - name: 'tcp-4004'
+      protocol: TCP
+      port: 4004
+      targetPort: 4004
+    - name: 'udp-4004'
+      protocol: UDP
+      port: 4004
+      targetPort: 4004
+  type: LoadBalancer

package/manifests/deployment/dd-template-development/proxy.yaml

@@ -0,0 +1,46 @@
+# "http://default.net:4001/socket.io": "http://localhost:4001/socket.io",
+# "http://default.net:4002/peer": "http://localhost:4002/peer",
+# "http://default.net:4001/": "http://localhost:4001/",
+# "http://www.default.net:4003/": "http://localhost:4003/"
+
+---
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  name: default.net
+spec:
+  virtualhost:
+    fqdn: default.net
+  routes:
+    - conditions:
+        - prefix: /
+      enableWebsockets: true
+      services:
+        - name: dd-template-development-blue-service
+          port: 4001
+          weight: 100
+
+    - conditions:
+        - prefix: /peer
+      enableWebsockets: true
+      services:
+        - name: dd-template-development-blue-service
+          port: 4002
+          weight: 100
+
+---
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  name: www.default.net
+spec:
+  virtualhost:
+    fqdn: www.default.net
+  routes:
+    - conditions:
+        - prefix: /
+      enableWebsockets: true
+      services:
+        - name: dd-template-development-blue-service
+          port: 4003
+          weight: 100

package/manifests/lxd/lxd-admin-profile.yaml

@@ -0,0 +1,17 @@
+config:
+  limits.cpu: "2"
+  limits.memory: 4GB
+description: vm nat network
+devices:
+  eth0:
+    name: eth0
+    network: lxdbr0
+    type: nic
+    ipv4.address: 10.250.250.100
+  root:
+    path: /
+    pool: local # lxc storage list
+    size: 100GB
+    type: disk
+name: admin-profile
+used_by: []

package/manifests/lxd/lxd-preseed.yaml

@@ -0,0 +1,30 @@
+config:
+  core.https_address: 127.0.0.1:8443
+networks: []
+storage_pools:
+  - config:
+      size: 100GiB
+    description: ""
+    name: local
+    driver: zfs
+storage_volumes: []
+profiles:
+  - config: {}
+    description: ""
+    devices:
+      root:
+        path: /
+        pool: local
+        type: disk
+    name: default
+projects: []
+cluster:
+  server_name: lxd-node1
+  enabled: true
+  member_config: []
+  cluster_address: ""
+  cluster_certificate: ""
+  server_address: ""
+  cluster_password: ""
+  cluster_token: ""
+  cluster_certificate_path: ""

package/manifests/lxd/underpost-setup.sh

@@ -0,0 +1,163 @@
+#!/bin/bash
+
+# Exit immediately if a command exits with a non-zero status.
+set -e
+
+echo "Starting Underpost Kubernetes Node Setup for Production (Kubeadm/K3s Use Case)..."
+
+# --- Disk Partition Resizing (Keep as is, seems functional) ---
+echo "Expanding /dev/sda2 partition and resizing filesystem..."
+
+# Check if parted is installed
+if ! command -v parted &>/dev/null; then
+    echo "parted not found, installing..."
+    sudo dnf install -y parted
+fi
+
+# Get start sector of /dev/sda2
+START_SECTOR=$(sudo parted /dev/sda -ms unit s print | awk -F: '/^2:/{print $2}' | sed 's/s//')
+
+# Resize the partition
+# Using 'sudo' for parted commands
+sudo parted /dev/sda ---pretend-input-tty <<EOF
+unit s
+resizepart 2 100%
+Yes
+quit
+EOF
+
+# Resize the filesystem
+sudo resize2fs /dev/sda2
+
+echo "Disk and filesystem resized successfully."
+
+# --- Essential System Package Installation ---
+echo "Installing essential system packages..."
+sudo dnf install -y tar bzip2 git epel-release
+
+# Perform a system update to ensure all packages are up-to-date
+sudo dnf -y update
+
+# --- NVM and Node.js Installation ---
+echo "Installing NVM and Node.js v23.8.0..."
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+
+# Load nvm for the current session
+export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
+
+nvm install 23.8.0
+nvm use 23.8.0
+
+echo "
+██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗
+██║░░░██║████╗░██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝
+██║░░░██║██╔██╗██║██║░░██║█████╗░░██████╔╝██████╔╝██║░░██║╚█████╗░░░░██║░░░
+██║░░░██║██║╚████║██║░░██║██╔══╝░░██╔══██╗██╔═══╝░██║░░██║░╚═══██╗░░░██║░░░
+╚██████╔╝██║░╚███║██████╔╝███████╗██║░░██║██║░░░░░╚█████╔╝██████╔╝░░░██║░░░
+░╚═════╝░╚═╝░░╚══╝╚═════╝░╚══════╝╚═╝░░╚═╝╚═╝░░░░░░╚════╝░╚═════╝░░░░╚═╝░░░
+
+Installing underpost k8s node...
+"
+
+# Install underpost globally
+npm install -g underpost
+
+# Ensure underpost executable is in PATH and has execute permissions
+# Adjusting this for global npm install which usually handles permissions
+# If you still face issues, ensure /root/.nvm/versions/node/v23.8.0/bin is in your PATH
+# For global installs, it's usually handled automatically.
+# chmod +x /root/.nvm/versions/node/v23.8.0/bin/underpost # This might not be necessary for global npm installs
+
+# --- Kernel Module for Bridge Filtering ---
+# This is crucial for Kubernetes networking (CNI)
+echo "Loading br_netfilter kernel module..."
+sudo modprobe br_netfilter
+
+# --- Initial Host Setup for Kubernetes Prerequisites ---
+# This calls the initHost method in cluster.js to install Docker, Podman, Kind, Kubeadm, Helm.
+echo "Running initial host setup for Kubernetes prerequisites..."
+# Ensure the current directory is where 'underpost' expects its root, or use absolute paths.
+# Assuming 'underpost root' correctly points to the base directory of your project.
+cd "$(underpost root)/underpost"
+underpost cluster --init-host
+
+# --- Argument Parsing for Kubeadm/Kind/K3s/Worker ---
+USE_KUBEADM=false
+USE_KIND=false # Not the primary focus for this request, but keeping the logic
+USE_K3S=false  # New K3s option
+USE_WORKER=false
+
+for arg in "$@"; do
+    case "$arg" in
+    --kubeadm)
+        USE_KUBEADM=true
+        ;;
+    --kind)
+        USE_KIND=true
+        ;;
+    --k3s) # New K3s argument
+        USE_K3S=true
+        ;;
+    --worker)
+        USE_WORKER=true
+        ;;
+    esac
+done
+
+echo "USE_KUBEADM = $USE_KUBEADM"
+echo "USE_KIND      = $USE_KIND"
+echo "USE_K3S      = $USE_K3S" # Display K3s flag status
+echo "USE_WORKER   = $USE_WORKER"
+
+# --- Kubernetes Cluster Initialization Logic ---
+
+# Apply host configuration (SELinux, Containerd, Sysctl, and now firewalld disabling)
+echo "Applying Kubernetes host configuration (SELinux, Containerd, Sysctl, Firewalld)..."
+underpost cluster --config
+
+if $USE_KUBEADM; then
+    if $USE_WORKER; then
+        echo "Running worker node setup for kubeadm..."
+        # For worker nodes, the 'underpost cluster --worker' command will handle joining
+        # the cluster. The join command itself needs to be provided from the control plane.
+        # This script assumes the join command will be executed separately or passed in.
+        # Example: underpost cluster --worker --join-command "kubeadm join ..."
+        # For now, this just runs the worker-specific config.
+        underpost cluster --worker
+        underpost cluster --chown
+        echo "Worker node setup initiated. You will need to manually join this worker to your control plane."
+        echo "On your control plane, run 'kubeadm token create --print-join-command' and execute the output here."
+    else
+        echo "Running control plane setup with kubeadm..."
+        # This will initialize the kubeadm control plane and install Calico
+        underpost cluster --kubeadm
+        echo "Kubeadm control plane initialized. Check cluster status with 'kubectl get nodes'."
+    fi
+elif $USE_K3S; then # New K3s initialization block
+    if $USE_WORKER; then
+        echo "Running worker node setup for K3s..."
+        # For K3s worker nodes, the 'underpost cluster --worker' command will handle joining
+        # the cluster. The K3s join command (k3s agent --server ...) needs to be provided.
+        underpost cluster --worker --k3s
+        underpost cluster --chown
+        echo "K3s Worker node setup initiated. You will need to manually join this worker to your control plane."
+        echo "On your K3s control plane, get the K3S_TOKEN from /var/lib/rancher/k3s/server/node-token"
+        echo "and the K3S_URL (e.g., https://<control-plane-ip>:6443)."
+        echo "Then execute: K3S_URL=${K3S_URL} K3S_TOKEN=${K3S_TOKEN} curl -sfL https://get.k3s.io | sh -"
+    else
+        echo "Running control plane setup with K3s..."
+        underpost cluster --k3s
+        echo "K3s control plane initialized. Check cluster status with 'kubectl get nodes'."
+    fi
+elif $USE_KIND; then
+    echo "Running control node with kind..."
+    underpost cluster
+    echo "Kind cluster initialized. Check cluster status with 'kubectl get nodes'."
+else
+    echo "No specific cluster role (--kubeadm, --kind, --k3s, --worker) specified. Please provide one."
+    exit 1
+fi
+
+echo "Underpost Kubernetes Node Setup completed."
+echo "Remember to verify cluster health with 'kubectl get nodes' and 'kubectl get pods --all-namespaces'."

package/manifests/maas/device-scan.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+for iface_path in /sys/class/net/*; do
+  name=$(basename "$iface_path")
+  mac=$(< "$iface_path/address")
+  ip=$(ip -4 addr show dev "$name" \
+       | grep -oP '(?<=inet\s)\d+(\.\d+){3}' || echo "—")
+  operstate=$(< "$iface_path/operstate")
+  mtu=$(< "$iface_path/mtu")
+
+  # Driver: módulo kernel que maneja esta interfaz
+  if [ -L "$iface_path/device/driver" ]; then
+    driver=$(basename "$(readlink -f "$iface_path/device/driver")")
+  else
+    driver="—"
+  fi
+
+  # Vendor:Device ID PCI
+  pci_dev="$iface_path/device"
+  if [ -f "$pci_dev/vendor" ] && [ -f "$pci_dev/device" ]; then
+    vendor_id=$(< "$pci_dev/vendor")
+    device_id=$(< "$pci_dev/device")
+    # pasamos de 0x8086 a 8086, etc.
+    vendor_id=${vendor_id#0x}
+    device_id=${device_id#0x}
+    pci="${vendor_id}:${device_id}"
+  else
+    pci="—"
+  fi
+
+  # Link Speed: lectura directa de /sys/class/net/<iface>/speed
+  speed=$(cat "$iface_path/speed" 2>/dev/null || echo "—")
+
+  echo "Interface: $name"
+  echo "  MAC:          $mac"
+  echo "  IPv4:         $ip"
+  echo "  State:       $operstate"
+  echo "  MTU:          $mtu"
+  echo "  Driver:       $driver"
+  echo "  PCI Vendor:Device ID: $pci"
+  echo "  Link Speed:   ${speed}Mb/s"
+  echo
+done

package/manifests/maas/lxd-preseed.yaml

@@ -0,0 +1,32 @@
+config:
+  core.https_address: "[::]:8443"
+  # core.trust_password: password
+networks:
+  - config:
+      ipv4.address: 10.10.10.1/24
+      ipv6.address: none
+    description: ""
+    name: lxdbr0
+    type: ""
+    project: default
+storage_pools:
+  - config:
+      size: 500GB
+    description: ""
+    name: default
+    driver: zfs
+profiles:
+  - config: {}
+    description: ""
+    devices:
+      eth0:
+        name: eth0
+        network: lxdbr0
+        type: nic
+      root:
+        path: /
+        pool: default
+        type: disk
+    name: default
+projects: []
+cluster: null

package/manifests/maas/maas-setup.sh

@@ -0,0 +1,120 @@
+#!/bin/bash
+set -euo pipefail
+
+# Install jq for JSON parsing
+sudo snap install jq
+
+# Install MAAS
+sudo snap install maas
+
+# Get default interface and IP address
+INTERFACE=$(ip route | grep default | awk '{print $5}')
+IP_ADDRESS=$(ip -4 addr show dev "$INTERFACE" | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
+
+# Change to the engine directory (assuming this is where your MAAS related configs are)
+cd /home/dd/engine
+
+# Load secrets for MAAS database and admin credentials
+underpost secret underpost --create-from-file /home/dd/engine/engine-private/conf/dd-cron/.env.production
+
+# Extract configuration values from secrets
+DB_PG_MAAS_USER=$(node bin config get --plain DB_PG_MAAS_USER)
+DB_PG_MAAS_PASS=$(node bin config get --plain DB_PG_MAAS_PASS)
+DB_PG_MAAS_HOST=$(node bin config get --plain DB_PG_MAAS_HOST)
+DB_PG_MAAS_NAME=$(node bin config get --plain DB_PG_MAAS_NAME)
+
+MAAS_ADMIN_USERNAME=$(node bin config get --plain MAAS_ADMIN_USERNAME)
+MAAS_ADMIN_EMAIL=$(node bin config get --plain MAAS_ADMIN_EMAIL)
+MAAS_ADMIN_PASS=$(node bin config get --plain MAAS_ADMIN_PASS)
+
+# Initialize MAAS region+rack controller
+maas init region+rack \
+    --database-uri "postgres://${DB_PG_MAAS_USER}:${DB_PG_MAAS_PASS}@${DB_PG_MAAS_HOST}/${DB_PG_MAAS_NAME}" \
+    --maas-url http://${IP_ADDRESS}:5240/MAAS
+
+# Allow MAAS to initialize (wait for services to come up)
+echo "Waiting for MAAS to initialize..."
+sleep 30
+
+# Create MAAS administrator account
+maas createadmin \
+    --username "$MAAS_ADMIN_USERNAME" \
+    --password "$MAAS_ADMIN_PASS" \
+    --email "$MAAS_ADMIN_EMAIL"
+
+# Get the API key for the admin user
+APIKEY=$(maas apikey --username "$MAAS_ADMIN_USERNAME")
+
+# Login to MAAS using the admin profile
+echo "Logging into MAAS..."
+maas login "$MAAS_ADMIN_USERNAME" "http://localhost:5240/MAAS/" "$APIKEY"
+
+# Set upstream DNS for MAAS
+echo "Setting upstream DNS to 8.8.8.8..."
+maas "$MAAS_ADMIN_USERNAME" maas set-config name=upstream_dns value=8.8.8.8
+
+# echo "Downloading Ubuntu Noble amd64/ga-24.04 image..."
+# maas $MAAS_ADMIN_USERNAME boot-source-selections create 1 \
+#     os="ubuntu" release="noble" arches="amd64" \
+#     subarches="ga-24.04" labels="*"
+
+echo "Downloading Ubuntu Noble arm64/ga-24.04 image..."
+maas $MAAS_ADMIN_USERNAME boot-source-selections create 1 \
+    os="ubuntu" release="noble" arches="arm64" \
+    subarches="ga-24.04" labels="*"
+
+# Import the newly selected boot images
+echo "Importing boot images (this may take some time)..."
+maas "$MAAS_ADMIN_USERNAME" boot-resources import
+
+# Disable the MAAS HTTP proxy
+echo "Disabling MAAS HTTP proxy..."
+maas "$MAAS_ADMIN_USERNAME" maas set-config name=enable_http_proxy value=false
+
+# Disable DNSSEC validation
+echo "Disabling DNSSEC validation..."
+maas "$MAAS_ADMIN_USERNAME" maas set-config name=dnssec_validation value=no
+
+# Set network discovery interval to 10 minutes (600 seconds)
+echo "Setting network discovery interval to 10 minutes..."
+maas "$MAAS_ADMIN_USERNAME" maas set-config name=active_discovery_interval value=600
+
+SSH_KEY=$(cat ~/.ssh/id_rsa.pub)
+maas $MAAS_ADMIN_USERNAME sshkeys create "key=$SSH_KEY"
+
+echo "MAAS setup script completed with new configurations."
+
+
+# maas $MAAS_ADMIN_USERNAME maas set-config name=default_storage_layout value=lvm
+# maas $MAAS_ADMIN_USERNAME maas set-config name=network_discovery value=disabled
+# maas $MAAS_ADMIN_USERNAME maas set-config name=enable_analytics value=false
+# maas $MAAS_ADMIN_USERNAME maas set-config name=enable_third_party_drivers value=false
+# maas $MAAS_ADMIN_USERNAME maas set-config name=curtin_verbose value=true
+
+
+
+echo "Configuring DHCP for fabric-1 (untagged VLAN)..."
+
+# Get the FABRIC_ID for "fabric-1"
+SUBNET_CIDR="192.168.1.0/24"
+SUBNET_ID=$(maas "$MAAS_ADMIN_USERNAME" subnets read | jq -r '.[] | select(.cidr == "'"$SUBNET_CIDR"'") | .id')
+FABRIC_ID=$(maas "$MAAS_ADMIN_USERNAME" fabrics read | jq -r '.[] | select(.name == "fabric-1") | .id')
+RACK_CONTROLLER_ID=$(maas "$MAAS_ADMIN_USERNAME" rack-controllers read | jq -r '.[] | select(.ip_addresses[] == "'"$IP_ADDRESS"'") | .system_id')
+START_IP="192.168.1.191"
+END_IP="192.168.1.254"
+
+if [ -z "$FABRIC_ID" ]; then
+    echo "Error: Could not find FABRIC_ID for 'fabric-1'. Please ensure 'fabric-1' exists in MAAS."
+    exit 1
+fi
+
+# Enable DHCP on the untagged VLAN (VLAN tag 0)
+echo "Enabling DHCP on VLAN 0 for fabric-1 (ID: $FABRIC_ID)..."
+maas "$MAAS_ADMIN_USERNAME" vlan update "$FABRIC_ID" 0 dhcp_on=true primary_rack="$RACK_CONTROLLER_ID"
+
+# Create a Dynamic IP Range for enlistment, commissioning, and deployment
+echo "Creating dynamic IP range from $START_IP to $END_IP..."
+maas "$MAAS_ADMIN_USERNAME" ipranges create type=dynamic start_ip="$START_IP" end_ip="$END_IP"
+
+echo "Setting gateway IP for subnet $SUBNET_CIDR (ID: $SUBNET_ID) to $IP_ADDRESS..."
+maas "$MAAS_ADMIN_USERNAME" subnet update $SUBNET_ID gateway_ip=$IP_ADDRESS

package/manifests/maas/nat-iptables.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+set -euo pipefail
+
+# Disable firewalld
+sudo systemctl disable --now iptables
+sudo systemctl disable --now ufw
+sudo systemctl disable --now firewalld
+
+
+# Remove any existing entries, then append exactly one
+sudo sed -i '/^net.ipv4.ip_forward/d' /etc/sysctl.conf
+sudo sed -i '/^net.ipv6.conf.all.forwarding/d' /etc/sysctl.conf
+echo "net.ipv4.ip_forward = 1"               | sudo tee -a /etc/sysctl.conf
+echo "net.ipv6.conf.all.forwarding = 1"       | sudo tee -a /etc/sysctl.conf
+# ---
+
+sudo sysctl -p
+
+# Accept all traffic
+sudo iptables -P INPUT ACCEPT
+sudo iptables -P FORWARD ACCEPT
+sudo iptables -P OUTPUT ACCEPT
+
+# List iptables rules and forwarding flag
+sudo iptables -L -n
+sysctl net.ipv4.ip_forward net.ipv6.conf.all.forwarding

package/manifests/mariadb/statefulset.yaml

@@ -49,7 +49,8 @@ spec:
     - metadata:
         name: mariadb-storage
       spec:
-        accessModes: ['ReadWriteOnce']
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: mariadb-storage-class
         resources:
           requests:
             storage: 1Gi