underpost 2.8.788 → 2.8.791

package/README.md

@@ -68,7 +68,7 @@ Run dev client server
 npm run dev
 ```
 <!-- -->
-## underpost ci/cd cli v2.8.788
+## underpost ci/cd cli v2.8.791
 
 ### Usage: `underpost [options] [command]`
   ```

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.8.788
+## underpost ci/cd cli v2.8.791
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -475,19 +475,26 @@ Options:
 Lxd management
 
 Options:
-  --init                    Init lxd
-  --reset                   Reset lxd on current machine
-  --install                 Install lxd on current machine
-  --dev                     Set dev context env
-  --create-virtual-network  Create lxd virtual network bridge
-  --create-admin-profile    Create admin profile for lxd management
-  --control                 set control node vm context
-  --worker                  set worker node context
-  --create-vm <vm-id>       Create default virtual machines
-  --init-vm <vm-id>         Get init vm underpost script
-  --info-vm <vm-id>         Get all info vm
-  --root-size <gb-size>     Set root size vm
-  -h, --help                display help for command
+  --init                           Init lxd
+  --reset                          Reset lxd on current machine
+  --install                        Install lxd on current machine
+  --dev                            Set dev context env
+  --create-virtual-network         Create lxd virtual network bridge
+  --create-admin-profile           Create admin profile for lxd management
+  --control                        set control node vm context
+  --worker                         set worker node context
+  --create-vm <vm-id>              Create default virtual machines
+  --init-vm <vm-id>                Get init vm underpost script
+  --info-vm <vm-id>                Get all info vm
+  --root-size <gb-size>            Set root size vm
+  --join-node <nodes>              Comma separated worker and control node e.
+                                   g. k8s-worker-1,k8s-control
+  --expose <vm-name-ports>         Vm name and : separated with Comma separated
+                                   vm port to expose e. g. k8s-control:80,443
+  --delete-expose <vm-name-ports>  Vm name and : separated with Comma separated
+                                   vm port to remove expose e. g.
+                                   k8s-control:80,443
+  -h, --help                       display help for command
  
 ```
   

package/docker-compose.yml

@@ -58,7 +58,7 @@ services:
           cpus: '0.25'
           memory: 20M
     labels: # labels in Compose file instead of Dockerfile
-      engine.version: '2.8.788'
+      engine.version: '2.8.791'
     networks:
       - load-balancer
 

package/manifests/lxd/lxd-admin-profile.yaml

@@ -7,6 +7,7 @@ devices:
     name: eth0
     network: lxdbr0
     type: nic
+    ipv4.address: 10.250.250.100
   root:
     path: /
     pool: local # lxc storage list

package/manifests/lxd/underpost-setup.sh

@@ -27,6 +27,11 @@ resize2fs /dev/sda2
 echo "Disk and filesystem resized successfully."
 sudo dnf install -y tar
 sudo dnf install -y bzip2
+sudo dnf install -y git
+sudo dnf -y update
+sudo dnf -y install epel-release
+sudo dnf install -y ufw
+sudo systemctl enable --now ufw
 curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
 NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
 [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
@@ -77,17 +82,62 @@ echo "USE_WORKER = $USE_WORKER"
 underpost cluster --kubeadm
 underpost cluster --reset
 
+PORTS=(
+    22    # SSH
+    80    # HTTP
+    443   # HTTPS
+    53    # DNS (TCP/UDP)
+    66    # TFTP
+    67    # DHCP
+    69    # TFTP
+    111   # rpcbind
+    179   # Calico BGP
+    2049  # NFS
+    20048 # NFS mountd
+    4011  # PXE boot
+    5240  # snapd API
+    5248  # Juju controller
+    6443  # Kubernetes API
+    9153  # CoreDNS metrics
+    10250 # Kubelet API
+    10251 # kube-scheduler
+    10252 # kube-controller-manager
+    10255 # Kubelet read-only (deprecated)
+    10257 # controller-manager (v1.23+)
+    10259 # scheduler (v1.23+)
+)
+
+PORT_RANGES=(
+    2379:2380 # etcd
+    # 30000:32767 # NodePort range
+    # 3000:3100 # App node ports
+    32765:32766 # Ephemeral ports
+    6783:6784   # Weave Net
+)
+
+# Open individual ports
+for PORT in "${PORTS[@]}"; do
+    ufw allow ${PORT}/tcp
+    ufw allow ${PORT}/udp
+done
+
+# Open port ranges
+for RANGE in "${PORT_RANGES[@]}"; do
+    ufw allow ${RANGE}/tcp
+    ufw allow ${RANGE}/udp
+done
+
 # Behavior based on flags
 if $USE_KUBEADM; then
     echo "Running control node with kubeadm..."
     underpost cluster --kubeadm
-    kubectl get pods --all-namespaces -o wide -w
+    # kubectl get pods --all-namespaces -o wide -w
 fi
 
 if $USE_KIND; then
     echo "Running control node with kind..."
     underpost cluster
-    kubectl get pods --all-namespaces -o wide -w
+    # kubectl get pods --all-namespaces -o wide -w
 fi
 
 if $USE_WORKER; then

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.788",
+    "version": "2.8.791",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/cli/cluster.js

@@ -475,9 +475,6 @@ Allocatable:
       return resources;
     },
     initHost() {
-      // Base
-      shellExec(`sudo dnf -y update`);
-      shellExec(`sudo dnf -y install epel-release`);
       // Install docker
       shellExec(`sudo dnf -y install dnf-plugins-core
 sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo`);

package/src/cli/index.js

@@ -284,6 +284,15 @@ program
   .option('--init-vm <vm-id>', 'Get init vm underpost script')
   .option('--info-vm <vm-id>', 'Get all info vm')
   .option('--root-size <gb-size>', 'Set root size vm')
+  .option('--join-node <nodes>', 'Comma separated worker and control node e. g. k8s-worker-1,k8s-control')
+  .option(
+    '--expose <vm-name-ports>',
+    'Vm name and : separated with Comma separated vm port to expose e. g. k8s-control:80,443',
+  )
+  .option(
+    '--delete-expose <vm-name-ports>',
+    'Vm name and : separated with Comma separated vm port to remove expose e. g. k8s-control:80,443',
+  )
   .description('Lxd management')
   .action(UnderpostLxd.API.callback);
 

package/src/cli/lxd.js

@@ -18,6 +18,9 @@ class UnderpostLxd {
         createVm: '',
         infoVm: '',
         rootSize: '',
+        joinNode: '',
+        expose: '',
+        deleteExpose: '',
       },
     ) {
       const npmRoot = getNpmRootPath();
@@ -62,17 +65,57 @@ ipv6.address=none`);
         let flag = '';
         if (options.control === true) {
           flag = ' -s -- --kubeadm';
+          shellExec(`lxc exec ${options.initVm} -- bash -c 'mkdir -p /home/dd/engine'`);
+          shellExec(`lxc file push /home/dd/engine/engine-private ${options.initVm}/home/dd/engine --recursive`);
         } else if (options.worker == true) {
           flag = ' -s -- --worker';
         }
         pbcopy(`cat ${underpostRoot}/manifests/lxd/underpost-setup.sh | lxc exec ${options.initVm} -- bash${flag}`);
       }
+      if (options.joinNode && typeof options.joinNode === 'string') {
+        const [workerNode, controlNode] = options.joinNode.split(',');
+        const token = shellExec(
+          `echo "$(lxc exec ${controlNode} -- bash -c 'sudo kubeadm token create --print-join-command')"`,
+          { stdout: true },
+        );
+        shellExec(`lxc exec ${workerNode} -- bash -c '${token}'`);
+      }
       if (options.infoVm && typeof options.infoVm === 'string') {
         shellExec(`lxc config show ${options.infoVm}`);
         shellExec(`lxc info --show-log ${options.infoVm}`);
         shellExec(`lxc info ${options.infoVm}`);
         shellExec(`lxc list ${options.infoVm}`);
       }
+      if (options.expose && typeof options.expose === 'string') {
+        const [controlNode, ports] = options.expose.split(':');
+        console.log({ controlNode, ports });
+        const protocols = ['tcp']; // udp
+        const hostIp = getLocalIPv4Address();
+        // The vmIp will now be the static IP assigned in the admin-profile
+        const vmIp = shellExec(
+          `lxc list ${controlNode} --format json | jq -r '.[0].state.network.enp5s0.addresses[] | select(.family=="inet") | .address'`,
+          { stdout: true },
+        ).trim();
+        for (const port of ports.split(',')) {
+          for (const protocol of protocols) {
+            shellExec(`lxc config device remove ${controlNode} ${controlNode}-${protocol}-port-${port}`);
+            shellExec(
+              `lxc config device add ${controlNode} ${controlNode}-${protocol}-port-${port} proxy listen=${protocol}:${hostIp}:${port} connect=${protocol}:${vmIp}:${port} nat=true`,
+            );
+          }
+        }
+      }
+      if (options.deleteExpose && typeof options.deleteExpose === 'string') {
+        const [controlNode, ports] = options.deleteExpose.split(':');
+        console.log({ controlNode, ports });
+        const protocols = ['tcp']; // udp
+        for (const port of ports.split(',')) {
+          for (const protocol of protocols) {
+            // The device name is consistent: {controlNode}-port-{port}
+            shellExec(`lxc config device remove ${controlNode} ${controlNode}-${protocol}-port-${port}`);
+          }
+        }
+      }
     },
   };
 }

package/src/index.js

@@ -31,7 +31,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.8.788';
+  static version = 'v2.8.791';
   /**
    * Repository cli API
    * @static