underpost 2.8.792 → 2.8.793

package/README.md

@@ -68,7 +68,7 @@ Run dev client server
 npm run dev
 ```
 <!-- -->
-## underpost ci/cd cli v2.8.792
+## underpost ci/cd cli v2.8.793
 
 ### Usage: `underpost [options] [command]`
   ```

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.8.792
+## underpost ci/cd cli v2.8.793
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -496,6 +496,8 @@ Options:
   --delete-expose <vm-name-ports>  Vm name and : separated with Comma separated
                                    vm port to remove expose e. g.
                                    k8s-control:80,443
+  --auto-expose-k8s-ports <vm-id>  Automatically expose common Kubernetes ports
+                                   for the VM.
   -h, --help                       display help for command
  
 ```

package/docker-compose.yml

@@ -58,7 +58,7 @@ services:
           cpus: '0.25'
           memory: 20M
     labels: # labels in Compose file instead of Dockerfile
-      engine.version: '2.8.792'
+      engine.version: '2.8.793'
     networks:
       - load-balancer
 

package/manifests/lxd/underpost-setup.sh

@@ -1,20 +1,25 @@
 #!/bin/bash
 
+# Exit immediately if a command exits with a non-zero status.
 set -e
 
-# Expand /dev/sda2 partition and resize filesystem automatically
+echo "Starting Underpost Kubernetes Node Setup for Production (Kubeadm Use Case)..."
+
+# --- Disk Partition Resizing (Keep as is, seems functional) ---
+echo "Expanding /dev/sda2 partition and resizing filesystem..."
 
 # Check if parted is installed
 if ! command -v parted &>/dev/null; then
     echo "parted not found, installing..."
-    dnf install -y parted
+    sudo dnf install -y parted
 fi
 
 # Get start sector of /dev/sda2
-START_SECTOR=$(parted /dev/sda -ms unit s print | awk -F: '/^2:/{print $2}' | sed 's/s//')
+START_SECTOR=$(sudo parted /dev/sda -ms unit s print | awk -F: '/^2:/{print $2}' | sed 's/s//')
 
 # Resize the partition
-parted /dev/sda ---pretend-input-tty <<EOF
+# Using 'sudo' for parted commands
+sudo parted /dev/sda ---pretend-input-tty <<EOF
 unit s
 resizepart 2 100%
 Yes
@@ -22,45 +27,89 @@ quit
 EOF
 
 # Resize the filesystem
-resize2fs /dev/sda2
+sudo resize2fs /dev/sda2
 
 echo "Disk and filesystem resized successfully."
-sudo dnf install -y tar
-sudo dnf install -y bzip2
-sudo dnf install -y git
+
+# --- Essential System Package Installation ---
+echo "Installing essential system packages..."
+sudo dnf install -y tar bzip2 git epel-release
+
+# Perform a system update to ensure all packages are up-to-date
 sudo dnf -y update
-sudo dnf -y install epel-release
-sudo dnf install -y ufw
-sudo systemctl enable --now ufw
+
+# --- NVM and Node.js Installation ---
+echo "Installing NVM and Node.js v23.8.0..."
 curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
-NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
+
+# Load nvm for the current session
+export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
 [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
+
 nvm install 23.8.0
 nvm use 23.8.0
+
 echo "
 ██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗
 ██║░░░██║████╗░██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝
 ██║░░░██║██╔██╗██║██║░░██║█████╗░░██████╔╝██████╔╝██║░░██║╚█████╗░░░░██║░░░
-██║░░░██║██║╚████║██║░░██║██╔══╝░░██╔══██╗██╔═══╝░██║░░██║░╚═══██╗░░░██║░░░
+██║░░░██║██║╚████║██║░░██║██╔══╝░░██╔══██╗██╔══╝░░██║░░██║░╚═══██╗░░░██║░░░
 ╚██████╔╝██║░╚███║██████╔╝███████╗██║░░██║██║░░░░░╚█████╔╝██████╔╝░░░██║░░░
 ░╚═════╝░╚═╝░░╚══╝╚═════╝░╚══════╝╚═╝░░╚═╝╚═╝░░░░░░╚════╝░╚═════╝░░░░╚═╝░░░
 
-Installing underpost k8s node ...
-
+Installing underpost k8s node...
 "
+
+# Install underpost globally
 npm install -g underpost
-chmod +x /root/.nvm/versions/node/v23.8.0/bin/underpost
+
+# Ensure underpost executable is in PATH and has execute permissions
+# Adjusting this for global npm install which usually handles permissions
+# If you still face issues, ensure /root/.nvm/versions/node/v23.8.0/bin is in your PATH
+# For global installs, it's usually handled automatically.
+# chmod +x /root/.nvm/versions/node/v23.8.0/bin/underpost # This might not be necessary for global npm installs
+
+# --- Kernel Module for Bridge Filtering ---
+# This is crucial for Kubernetes networking (CNI)
+echo "Loading br_netfilter kernel module..."
 sudo modprobe br_netfilter
-mkdir -p /home/dd
-cd $(underpost root)/underpost
+
+# --- Disable UFW (Crucial for Kubernetes) ---
+# UFW conflicts with Kubernetes' iptables management. Disable it completely.
+echo "Disabling UFW to prevent conflicts with Kubernetes..."
+if sudo systemctl is-active --quiet ufw; then
+    sudo systemctl stop ufw
+fi
+if sudo systemctl is-enabled --quiet ufw; then
+    sudo systemctl disable ufw
+fi
+# Attempt to remove ufw package. dnf will handle if it's not installed.
+echo "Attempting to remove ufw package..."
+sudo dnf remove -y ufw
+
+# --- Kubernetes Required Ports (Informational - not for UFW) ---
+# These ports are opened by Kubernetes itself or are expected to be open
+# by external firewalls. UFW is no longer managing them.
+echo "Note: Kubernetes requires the following ports to be open (managed by K8s or external firewall):"
+echo "  - Control Plane: 6443/TCP (Kubernetes API), 2379-2380/TCP (etcd)"
+echo "  - Worker Nodes: 10250/TCP (Kubelet API), 30000-32767/TCP/UDP (NodePorts)"
+echo "  - CNI specific ports (e.g., Calico: 179/TCP, 4789/UDP; Flannel: 8472/UDP)"
+echo "  - SSH: 22/TCP"
+echo "  - HTTP/HTTPS: 80/TCP, 443/TCP (for Ingress/Load Balancers)"
+
+# --- Initial Host Setup for Kubernetes Prerequisites ---
+# This calls the initHost method in cluster.js to install Docker, Podman, Kind, Kubeadm, Helm.
+echo "Running initial host setup for Kubernetes prerequisites..."
+# Ensure the current directory is where 'underpost' expects its root, or use absolute paths.
+# Assuming 'underpost root' correctly points to the base directory of your project.
+cd "$(underpost root)/underpost"
 underpost cluster --init-host
 
-# Default flags
+# --- Argument Parsing for Kubeadm/Kind/Worker ---
 USE_KUBEADM=false
-USE_KIND=false
+USE_KIND=false # Not the primary focus for this request, but keeping the logic
 USE_WORKER=false
 
-# Loop through arguments
 for arg in "$@"; do
     case "$arg" in
     --kubeadm)
@@ -76,71 +125,45 @@ for arg in "$@"; do
 done
 
 echo "USE_KUBEADM = $USE_KUBEADM"
-echo "USE_KIND   = $USE_KIND"
-echo "USE_WORKER = $USE_WORKER"
-
-underpost cluster --kubeadm
-underpost cluster --reset
-
-PORTS=(
-    22    # SSH
-    80    # HTTP
-    443   # HTTPS
-    53    # DNS (TCP/UDP)
-    66    # TFTP
-    67    # DHCP
-    69    # TFTP
-    111   # rpcbind
-    179   # Calico BGP
-    2049  # NFS
-    20048 # NFS mountd
-    4011  # PXE boot
-    5240  # snapd API
-    5248  # Juju controller
-    6443  # Kubernetes API
-    9153  # CoreDNS metrics
-    10250 # Kubelet API
-    10251 # kube-scheduler
-    10252 # kube-controller-manager
-    10255 # Kubelet read-only (deprecated)
-    10257 # controller-manager (v1.23+)
-    10259 # scheduler (v1.23+)
-)
-
-PORT_RANGES=(
-    2379:2380 # etcd
-    # 30000:32767 # NodePort range
-    # 3000:3100 # App node ports
-    32765:32766 # Ephemeral ports
-    6783:6784   # Weave Net
-)
-
-# Open individual ports
-for PORT in "${PORTS[@]}"; do
-    ufw allow ${PORT}/tcp
-    ufw allow ${PORT}/udp
-done
+echo "USE_KIND     = $USE_KIND"
+echo "USE_WORKER   = $USE_WORKER"
 
-# Open port ranges
-for RANGE in "${PORT_RANGES[@]}"; do
-    ufw allow ${RANGE}/tcp
-    ufw allow ${RANGE}/udp
-done
+# --- Kubernetes Cluster Initialization Logic ---
 
-# Behavior based on flags
-if $USE_KUBEADM; then
-    echo "Running control node with kubeadm..."
-    underpost cluster --kubeadm
-    # kubectl get pods --all-namespaces -o wide -w
-fi
+# Call config first to apply SELinux, Docker, Containerd, and sysctl settings.
+# This config function in cluster.js will be modified to remove iptables flushing.
+echo "Applying Kubernetes host configuration (SELinux, Containerd, Sysctl)..."
+underpost cluster --config
 
-if $USE_KIND; then
+if $USE_KUBEADM; then
+    if $USE_WORKER; then
+        echo "Running worker node setup for kubeadm..."
+        # For worker nodes, the 'underpost cluster --worker' command will handle joining
+        # the cluster. The join command itself needs to be provided from the control plane.
+        # This script assumes the join command will be executed separately or passed in.
+        # For a full automated setup, you'd typically pass the join token/command here.
+        # Example: underpost cluster --worker --join-command "kubeadm join ..."
+        # For now, this just runs the worker-specific config.
+        underpost cluster --worker --config
+        echo "Worker node setup initiated. You will need to manually join this worker to your control plane."
+        echo "On your control plane, run 'kubeadm token create --print-join-command' and execute the output here."
+    else
+        echo "Running control plane setup with kubeadm..."
+        # This will initialize the kubeadm control plane and install Calico
+        underpost cluster --kubeadm
+        # Ensure kubectl config is set up for the current user
+        underpost cluster --chown
+        echo "Kubeadm control plane initialized. Check cluster status with 'kubectl get nodes'."
+    fi
+elif $USE_KIND; then
     echo "Running control node with kind..."
     underpost cluster
-    # kubectl get pods --all-namespaces -o wide -w
+    underpost cluster --chown
+    echo "Kind cluster initialized. Check cluster status with 'kubectl get nodes'."
+else
+    echo "No specific cluster role (--kubeadm, --kind, --worker) specified. Please provide one."
+    exit 1
 fi
 
-if $USE_WORKER; then
-    echo "Running worker..."
-    underpost cluster --worker --config
-fi
+echo "Underpost Kubernetes Node Setup completed."
+echo "Remember to verify cluster health with 'kubectl get nodes' and 'kubectl get pods --all-namespaces'."

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.792",
+    "version": "2.8.793",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/cli/cluster.js

@@ -37,39 +37,39 @@ class UnderpostCluster {
         chown: false,
       },
     ) {
-      // sudo dnf update
-      // 1) Install kind, kubeadm, docker, podman, helm
-      // 2) Check kubectl, kubelet, containerd.io
-      // 3) Install Nvidia drivers from Rocky Linux docs
-      // 4) Install LXD with MAAS from Rocky Linux docs
-      // 5) Install MAAS src from snap
+      // Handles initial host setup (installing docker, podman, kind, kubeadm, helm)
       if (options.initHost === true) return UnderpostCluster.API.initHost();
+
+      // Applies general host configuration (SELinux, containerd, sysctl)
       if (options.config === true) UnderpostCluster.API.config();
+
+      // Sets up kubectl configuration for the current user
       if (options.chown === true) UnderpostCluster.API.chown();
+
       const npmRoot = getNpmRootPath();
       const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
+
+      // Information gathering options
       if (options.infoCapacityPod === true) return logger.info('', UnderpostDeploy.API.resourcesFactory());
       if (options.infoCapacity === true)
         return logger.info('', UnderpostCluster.API.getResourcesCapacity(options.kubeadm));
-      if (options.reset === true) return await UnderpostCluster.API.reset();
       if (options.listPods === true) return console.table(UnderpostDeploy.API.get(podName ?? undefined));
-
       if (options.nsUse && typeof options.nsUse === 'string') {
         shellExec(`kubectl config set-context --current --namespace=${options.nsUse}`);
         return;
       }
       if (options.info === true) {
-        shellExec(`kubectl config get-contexts`); // config env persisente for manage multiple clusters
+        shellExec(`kubectl config get-contexts`);
         shellExec(`kubectl config get-clusters`);
-        shellExec(`kubectl get nodes -o wide`); // set of nodes of a cluster
+        shellExec(`kubectl get nodes -o wide`);
         shellExec(`kubectl config view | grep namespace`);
-        shellExec(`kubectl get ns -o wide`); // A namespace can have pods of different nodes
-        shellExec(`kubectl get pvc --all-namespaces -o wide`); // PersistentVolumeClaim -> request storage service
-        shellExec(`kubectl get pv --all-namespaces -o wide`); // PersistentVolume -> real storage
+        shellExec(`kubectl get ns -o wide`);
+        shellExec(`kubectl get pvc --all-namespaces -o wide`);
+        shellExec(`kubectl get pv --all-namespaces -o wide`);
         shellExec(`kubectl get cronjob --all-namespaces -o wide`);
-        shellExec(`kubectl get svc --all-namespaces -o wide`); // proxy dns gate way -> deployments, statefulsets, pods
-        shellExec(`kubectl get statefulsets --all-namespaces -o wide`); // set pods with data/volume persistence
-        shellExec(`kubectl get deployments --all-namespaces -o wide`); // set pods
+        shellExec(`kubectl get svc --all-namespaces -o wide`);
+        shellExec(`kubectl get statefulsets --all-namespaces -o wide`);
+        shellExec(`kubectl get deployments --all-namespaces -o wide`);
         shellExec(`kubectl get configmap --all-namespaces -o wide`);
         shellExec(`kubectl get pods --all-namespaces -o wide`);
         shellExec(
@@ -91,38 +91,46 @@ class UnderpostCluster {
         shellExec(`sudo kubectl api-resources`);
         return;
       }
-      const alrreadyCluster =
+
+      // Reset Kubernetes cluster components (Kind/Kubeadm) and container runtimes
+      if (options.reset === true) return await UnderpostCluster.API.reset();
+
+      // Check if a cluster (Kind or Kubeadm with Calico) is already initialized
+      const alreadyCluster =
         UnderpostDeploy.API.get('kube-apiserver-kind-control-plane')[0] ||
         UnderpostDeploy.API.get('calico-kube-controllers')[0];
 
-      if (
-        !options.worker &&
-        !alrreadyCluster &&
-        ((!options.kubeadm && !UnderpostDeploy.API.get('kube-apiserver-kind-control-plane')[0]) ||
-          (options.kubeadm === true && !UnderpostDeploy.API.get('calico-kube-controllers')[0]))
-      ) {
-        UnderpostCluster.API.config();
+      // --- Kubeadm/Kind Cluster Initialization ---
+      // This block handles the initial setup of the Kubernetes cluster (control plane or worker).
+      // It prevents re-initialization if a cluster is already detected.
+      if (!options.worker && !alreadyCluster) {
+        // If it's a kubeadm setup and no Calico controller is found (indicating no kubeadm cluster)
         if (options.kubeadm === true) {
+          logger.info('Initializing Kubeadm control plane...');
+          // Initialize kubeadm control plane
           shellExec(
             `sudo kubeadm init --pod-network-cidr=192.168.0.0/16 --control-plane-endpoint="${os.hostname()}:6443"`,
           );
+          // Configure kubectl for the current user
           UnderpostCluster.API.chown();
-          // https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart
+          // Install Calico CNI
+          logger.info('Installing Calico CNI...');
           shellExec(
             `sudo kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/tigera-operator.yaml`,
           );
-          // shellExec(
-          //   `wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml`,
-          // );
           shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/kubeadm-calico-config.yaml`);
+          // Untaint control plane node to allow scheduling pods
           const nodeName = os.hostname();
           shellExec(`kubectl taint nodes ${nodeName} node-role.kubernetes.io/control-plane:NoSchedule-`);
+          // Install local-path-provisioner for dynamic PVCs (optional but recommended)
+          logger.info('Installing local-path-provisioner...');
           shellExec(
             `kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml`,
           );
         } else {
+          // Kind cluster initialization (if not using kubeadm)
+          logger.info('Initializing Kind cluster...');
           if (options.full === true || options.dedicatedGpu === true) {
-            // https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/
             shellExec(`cd ${underpostRoot}/manifests && kind create cluster --config kind-config-cuda.yaml`);
             UnderpostCluster.API.chown();
           } else {
@@ -133,9 +141,18 @@ class UnderpostCluster {
             );
           }
         }
-      } else logger.warn('Cluster already initialized');
+      } else if (options.worker === true) {
+        // Worker node specific configuration (kubeadm join command needs to be executed separately)
+        logger.info('Worker node configuration applied. Awaiting kubeadm join command...');
+        // No direct cluster initialization here for workers. The `kubeadm join` command
+        // needs to be run on the worker after the control plane is up and a token is created.
+        // This part of the script is for general worker setup, not the join itself.
+      } else {
+        logger.warn('Cluster already initialized or worker flag not set for worker node.');
+      }
 
-      // shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/kubelet-config.yaml`);
+      // --- Optional Component Deployments (Databases, Ingress, Cert-Manager) ---
+      // These deployments happen after the base cluster is up.
 
       if (options.full === true || options.dedicatedGpu === true) {
         shellExec(`node ${underpostRoot}/bin/deploy nvidia-gpu-operator`);
@@ -218,8 +235,6 @@ class UnderpostCluster {
         --eval 'rs.initiate(${JSON.stringify(mongoConfig)})'`,
           );
         }
-
-        // await UnderpostTest.API.statusMonitor('mongodb-1');
       } else if (options.full === true || options.mongodb === true) {
         if (options.pullImage === true) {
           shellExec(`docker pull mongo:latest`);
@@ -280,193 +295,144 @@ class UnderpostCluster {
       }
     },
 
+    /**
+     * @method config
+     * @description Configures host-level settings required for Kubernetes.
+     * IMPORTANT: This method has been updated to REMOVE all iptables flushing commands
+     * to prevent conflicts with Kubernetes' own network management.
+     */
     config() {
+      console.log('Applying host configuration: SELinux, Docker, Containerd, and Sysctl settings.');
+      // Disable SELinux (permissive mode)
       shellExec(`sudo setenforce 0`);
       shellExec(`sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config`);
+
+      // Enable and start Docker and Kubelet services
       shellExec(`sudo systemctl enable --now docker`);
       shellExec(`sudo systemctl enable --now kubelet`);
-      shellExec(`containerd config default > /etc/containerd/config.toml`);
-      shellExec(`sed -i -e "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml`);
-      shellExec(`sudo service docker restart`);
+
+      // Configure containerd for SystemdCgroup
+      // This is crucial for kubelet to interact correctly with containerd
+      shellExec(`containerd config default | sudo tee /etc/containerd/config.toml > /dev/null`);
+      shellExec(`sudo sed -i -e "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml`);
+      shellExec(`sudo service docker restart`); // Restart docker after containerd config changes
       shellExec(`sudo systemctl enable --now containerd.service`);
+      shellExec(`sudo systemctl restart containerd`); // Restart containerd to apply changes
+
+      // Disable swap (required by Kubernetes)
       shellExec(`sudo swapoff -a; sudo sed -i '/swap/d' /etc/fstab`);
+
+      // Reload systemd daemon to pick up new unit files/changes
       shellExec(`sudo systemctl daemon-reload`);
-      shellExec(`sudo systemctl restart containerd`);
-      shellExec(`sysctl net.bridge.bridge-nf-call-iptables=1`);
-      // Clean ip tables
-      shellExec(`sudo iptables -F`);
-      shellExec(`sudo iptables -X`);
-      shellExec(`sudo iptables -t nat -F`);
-      shellExec(`sudo iptables -t nat -X`);
-      shellExec(`sudo iptables -t raw -F`);
-      shellExec(`sudo iptables -t raw -X`);
-      shellExec(`sudo iptables -t mangle -F`);
-      shellExec(`sudo iptables -t mangle -X`);
-      shellExec(`sudo iptables -P INPUT ACCEPT`);
-      shellExec(`sudo iptables -P FORWARD ACCEPT`);
-      shellExec(`sudo iptables -P OUTPUT ACCEPT`);
+
+      // Enable bridge-nf-call-iptables for Kubernetes networking
+      // This ensures traffic through Linux bridges is processed by iptables (crucial for CNI)
+      shellExec(`sudo sysctl net.bridge.bridge-nf-call-iptables=1`);
+      // Also ensure these are set for persistence across reboots
+      shellExec(`echo "net.bridge.bridge-nf-call-iptables=1" | sudo tee /etc/sysctl.d/k8s.conf`);
+      shellExec(`echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.d/k8s.conf`); // Enable IP forwarding
+      shellExec(`sudo sysctl --system`); // Apply sysctl changes immediately
+
+      // Removed iptables flushing commands.
+      // Kubernetes (kube-proxy and CNI) manages its own iptables rules.
+      // Flushing them here would break cluster networking.
     },
+
+    /**
+     * @method chown
+     * @description Sets up kubectl configuration for the current user.
+     * This is typically run after kubeadm init on the control plane.
+     */
     chown() {
+      console.log('Setting up kubectl configuration...');
       shellExec(`mkdir -p ~/.kube`);
       shellExec(`sudo -E cp -i /etc/kubernetes/admin.conf ~/.kube/config`);
       shellExec(`sudo -E chown $(id -u):$(id -g) ~/.kube/config`);
+      console.log('kubectl config set up successfully.');
     },
-    // This function performs a comprehensive reset of Kubernetes and container environments
-    // on the host machine. Its primary goal is to clean up cluster components, temporary files,
-    // and container data, ensuring a clean state for re-initialization or fresh deployments,
-    // while also preventing the loss of the host machine's internet connectivity.
 
+    /**
+     * @method reset
+     * @description Performs a comprehensive reset of Kubernetes and container environments.
+     * This function is for cleaning up a node, not for initial setup.
+     * It avoids aggressive iptables flushing that would break host connectivity.
+     */
     reset() {
-      // Step 1: Delete all existing Kind (Kubernetes in Docker) clusters.
-      // 'kind get clusters' lists all Kind clusters.
-      // 'xargs -t -n1 kind delete cluster --name' then iterates through each cluster name
-      // and executes 'kind delete cluster --name <cluster_name>' to remove them.
-      shellExec(`kind get clusters | xargs -t -n1 kind delete cluster --name`);
-
-      // Step 2: Reset the Kubernetes control-plane components installed by kubeadm.
-      // 'kubeadm reset -f' performs a forceful reset, removing installed Kubernetes components,
-      // configuration files, and associated network rules (like iptables entries created by kubeadm).
-      // The '-f' flag bypasses confirmation prompts.
+      console.log('Starting comprehensive reset of Kubernetes and container environments...');
+
+      // Delete all existing Kind (Kubernetes in Docker) clusters.
+      shellExec(`kind get clusters | xargs -r -t -n1 kind delete cluster --name`); // -r for no-op if no clusters
+
+      // Reset the Kubernetes control-plane components installed by kubeadm.
       shellExec(`sudo kubeadm reset -f`);
 
-      // Step 3: Remove specific CNI (Container Network Interface) configuration files.
-      // This command targets and removes the configuration file for Flannel,
-      // a common CNI plugin, which might be left behind after a reset.
+      // Remove specific CNI configuration files (e.g., Flannel)
       shellExec('sudo rm -f /etc/cni/net.d/10-flannel.conflist');
 
-      // Note: The aggressive 'sudo iptables -F ...' command was intentionally removed from previous versions.
-      // This command would flush all iptables rules, including those crucial for the host's general
-      // internet connectivity, leading to network loss. 'kubeadm reset' and container runtime pruning
-      // adequately handle Kubernetes and container-specific iptables rules without affecting the host's
-      // default network configuration.
-
-      // Step 4: Remove the kubectl configuration file from the current user's home directory.
-      // This ensures that after a reset, there's no lingering configuration pointing to the old cluster,
-      // providing a clean slate for connecting to a new or re-initialized cluster.
+      // Remove the kubectl configuration file
       shellExec('sudo rm -f $HOME/.kube/config');
 
-      // Step 5: Clear trash files from the root user's trash directory.
-      // This is a general cleanup step to remove temporary or deleted files.
+      // Clear trash files from the root user's trash directory.
       shellExec('sudo rm -rf /root/.local/share/Trash/files/*');
 
-      // Step 6: Prune all unused Docker data.
-      // 'docker system prune -a -f' removes:
-      // - All stopped containers
-      // - All unused networks
-      // - All dangling images
-      // - All build cache
-      // - All unused volumes
-      // This aggressively frees up disk space and removes temporary Docker artifacts.
+      // Prune all unused Docker data.
       shellExec('sudo docker system prune -a -f');
 
-      // Step 7: Stop the Docker daemon service.
-      // This step is often necessary to ensure that Docker's files and directories
-      // can be safely manipulated or moved in subsequent steps without conflicts.
+      // Stop the Docker daemon service.
       shellExec('sudo service docker stop');
 
-      // Step 8: Aggressively remove container storage data for containerd and Docker.
-      // These commands target the default storage locations for containerd and Docker,
-      // as well as any custom paths that might have been used (`/home/containers/storage`, `/home/docker`).
-      // This ensures a complete wipe of all container images, layers, and volumes.
+      // Aggressively remove container storage data for containerd and Docker.
       shellExec(`sudo rm -rf /var/lib/containers/storage/*`);
       shellExec(`sudo rm -rf /var/lib/docker/volumes/*`);
-      shellExec(`sudo rm -rf /var/lib/docker~/*`); // Cleans up a potential backup directory for Docker data
-      shellExec(`sudo rm -rf /home/containers/storage/*`); // Cleans up custom containerd/Podman storage
-      shellExec(`sudo rm -rf /home/docker/*`); // Cleans up custom Docker storage
-
-      // Step 9: Re-configure Docker's default storage location (if desired).
-      // These commands effectively move Docker's data directory from its default `/var/lib/docker`
-      // to a new location (`/home/docker`) and create a symbolic link.
-      // This is a specific customization to relocate Docker's storage.
-      shellExec('sudo mv /var/lib/docker /var/lib/docker~'); // Moves existing /var/lib/docker to /var/lib/docker~ (backup)
-      shellExec('sudo mkdir /home/docker'); // Creates the new desired directory for Docker data
-      shellExec('sudo chmod 0711 /home/docker'); // Sets appropriate permissions for the new directory
-      shellExec('sudo ln -s /home/docker /var/lib/docker'); // Creates a symlink from original path to new path
-
-      // Step 10: Prune all unused Podman data.
-      // Similar to Docker pruning, these commands remove:
-      // - All stopped containers
-      // - All unused networks
-      // - All unused images
-      // - All unused volumes ('--volumes')
-      // - The '--force' flag bypasses confirmation.
-      // '--external' prunes external content not managed by Podman's default storage backend.
+      shellExec(`sudo rm -rf /var/lib/docker~/*`);
+      shellExec(`sudo rm -rf /home/containers/storage/*`);
+      shellExec(`sudo rm -rf /home/docker/*`);
+
+      // Re-configure Docker's default storage location (if desired).
+      shellExec('sudo mv /var/lib/docker /var/lib/docker~ || true'); // Use || true to prevent error if dir doesn't exist
+      shellExec('sudo mkdir -p /home/docker');
+      shellExec('sudo chmod 0711 /home/docker');
+      shellExec('sudo ln -s /home/docker /var/lib/docker');
+
+      // Prune all unused Podman data.
       shellExec(`sudo podman system prune -a -f`);
       shellExec(`sudo podman system prune --all --volumes --force`);
       shellExec(`sudo podman system prune --external --force`);
-      shellExec(`sudo podman system prune --all --volumes --force`); // Redundant but harmless repetition
 
-      // Step 11: Create and set permissions for Podman's custom storage directory.
-      // This ensures the custom path `/home/containers/storage` exists and has correct permissions
-      // before Podman attempts to use it.
+      // Create and set permissions for Podman's custom storage directory.
       shellExec(`sudo mkdir -p /home/containers/storage`);
       shellExec('sudo chmod 0711 /home/containers/storage');
 
-      // Step 12: Update Podman's storage configuration file.
-      // This command uses 'sed' to modify `/etc/containers/storage.conf`,
-      // changing the default storage path from `/var/lib/containers/storage`
-      // to the customized `/home/containers/storage`.
+      // Update Podman's storage configuration file.
       shellExec(
         `sudo sed -i -e "s@/var/lib/containers/storage@/home/containers/storage@g" /etc/containers/storage.conf`,
       );
 
-      // Step 13: Reset Podman system settings.
-      // This command resets Podman's system-wide configuration to its default state.
+      // Reset Podman system settings.
       shellExec(`sudo podman system reset -f`);
 
-      // Note: The 'sysctl net.bridge.bridge-nf-call-iptables=0' and related commands
-      // were previously removed. These sysctl settings (bridge-nf-call-iptables,
-      // bridge-nf-call-arptables, bridge-nf-call-ip6tables) are crucial for allowing
-      // network traffic through Linux bridges to be processed by iptables.
-      // Kubernetes and CNI plugins generally require them to be enabled (set to '1').
-      // Re-initializing Kubernetes will typically set these as needed, and leaving them
-      // at their system default (or '1' if already configured) is safer for host
-      // connectivity during a reset operation.
-
-      // https://github.com/kubernetes-sigs/kind/issues/2886
-      // shellExec(`sysctl net.bridge.bridge-nf-call-iptables=0`);
-      // shellExec(`sysctl net.bridge.bridge-nf-call-arptables=0`);
-      // shellExec(`sysctl net.bridge.bridge-nf-call-ip6tables=0`);
-
-      // Step 14: Remove the 'kind' Docker network.
-      // This cleans up any network bridges or configurations specifically created by Kind.
-      // shellExec(`docker network rm kind`);
-
-      // Reset kubelet
+      // Reset kubelet components
       shellExec(`sudo systemctl stop kubelet`);
       shellExec(`sudo rm -rf /etc/kubernetes/*`);
       shellExec(`sudo rm -rf /var/lib/kubelet/*`);
       shellExec(`sudo rm -rf /etc/cni/net.d/*`);
       shellExec(`sudo systemctl daemon-reload`);
       shellExec(`sudo systemctl start kubelet`);
+
+      console.log('Comprehensive reset completed.');
     },
 
     getResourcesCapacity(kubeadm = false) {
       const resources = {};
-      const info = false
-        ? `Capacity:
-  cpu:                8
-  ephemeral-storage:  153131976Ki
-  hugepages-1Gi:      0
-  hugepages-2Mi:      0
-  memory:             11914720Ki
-  pods:               110
-Allocatable:
-  cpu:                8
-  ephemeral-storage:  153131976Ki
-  hugepages-1Gi:      0
-  hugepages-2Mi:      0
-  memory:             11914720Ki
-  pods: `
-        : shellExec(
-            `kubectl describe node ${
-              kubeadm === true ? os.hostname() : 'kind-worker'
-            } | grep -E '(Allocatable:|Capacity:)' -A 6`,
-            {
-              stdout: true,
-              silent: true,
-            },
-          );
+      const info = shellExec(
+        `kubectl describe node ${
+          kubeadm === true ? os.hostname() : 'kind-worker'
+        } | grep -E '(Allocatable:|Capacity:)' -A 6`,
+        {
+          stdout: true,
+          silent: true,
+        },
+      );
       info
         .split('Allocatable:')[1]
         .split('\n')
@@ -487,17 +453,20 @@ Allocatable:
       return resources;
     },
     initHost() {
+      console.log('Installing Docker, Podman, Kind, Kubeadm, and Helm...');
       // Install docker
-      shellExec(`sudo dnf -y install dnf-plugins-core
-sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo`);
+      shellExec(`sudo dnf -y install dnf-plugins-core`);
+      shellExec(`sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo`);
       shellExec(`sudo dnf -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin`);
+
       // Install podman
       shellExec(`sudo dnf -y install podman`);
+
       // Install kind
       shellExec(`[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.29.0/kind-linux-arm64
 chmod +x ./kind
 sudo mv ./kind /bin/kind`);
-      // Install kubeadm
+      // Install kubeadm, kubelet, kubectl
       shellExec(`cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
 [kubernetes]
 name=Kubernetes
@@ -508,12 +477,14 @@ gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key
 exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
 EOF`);
       shellExec(`sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes`);
+
       // Install helm
-      shellExec(`curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
-chmod 700 get_helm.sh
-./get_helm.sh
-chmod +x /usr/local/bin/helm
-sudo mv /usr/local/bin/helm /bin/helm`);
+      shellExec(`curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3`);
+      shellExec(`chmod 700 get_helm.sh`);
+      shellExec(`./get_helm.sh`);
+      shellExec(`chmod +x /usr/local/bin/helm`);
+      shellExec(`sudo mv /usr/local/bin/helm /bin/helm`);
+      console.log('Host prerequisites installed successfully.');
     },
   };
 }

package/src/cli/index.js

@@ -294,6 +294,7 @@ program
     '--delete-expose <vm-name-ports>',
     'Vm name and : separated with Comma separated vm port to remove expose e. g. k8s-control:80,443',
   )
+  .option('--auto-expose-k8s-ports <vm-id>', 'Automatically expose common Kubernetes ports for the VM.')
   .description('Lxd management')
   .action(UnderpostLxd.API.callback);
 

package/src/cli/lxd.js

@@ -30,6 +30,7 @@ class UnderpostLxd {
      * @param {string} [options.expose=''] - Expose ports from a VM to the host (format: 'vmName:port1,port2').
      * @param {string} [options.deleteExpose=''] - Delete exposed ports from a VM (format: 'vmName:port1,port2').
      * @param {string} [options.test=''] - Test health, status and network connectivity for a VM.
+     * @param {string} [options.autoExposeK8sPorts=''] - Automatically expose common Kubernetes ports for the VM.
      */
     async callback(
       options = {
@@ -49,6 +50,7 @@ class UnderpostLxd {
         expose: '',
         deleteExpose: '',
         test: '',
+        autoExposeK8sPorts: '',
       },
     ) {
       const npmRoot = getNpmRootPath();
@@ -64,7 +66,6 @@ class UnderpostLxd {
         const lxdPressedContent = fs
           .readFileSync(`${underpostRoot}/manifests/lxd/lxd-preseed.yaml`, 'utf8')
           .replaceAll(`127.0.0.1`, getLocalIPv4Address());
-        // shellExec(`lxd init --preseed < ${underpostRoot}/manifests/lxd/lxd-preseed.yaml`);
         shellExec(`echo "${lxdPressedContent}" | lxd init --preseed`);
         shellExec(`lxc cluster list`);
       }
@@ -99,7 +100,86 @@ ipv6.address=none`);
         } else if (options.worker == true) {
           flag = ' -s -- --worker';
         }
-        pbcopy(`cat ${underpostRoot}/manifests/lxd/underpost-setup.sh | lxc exec ${options.initVm} -- bash${flag}`);
+        console.log(`Executing underpost-setup.sh on VM: ${options.initVm}`);
+        shellExec(`cat ${underpostRoot}/manifests/lxd/underpost-setup.sh | lxc exec ${options.initVm} -- bash${flag}`);
+        console.log(`underpost-setup.sh execution completed on VM: ${options.initVm}`);
+      }
+      // --- Automatic Kubernetes Port Exposure ---
+      if (options.autoExposeK8sPorts && typeof options.autoExposeK8sPorts === 'string') {
+        console.log(`Automatically exposing Kubernetes ports for VM: ${options.autoExposeK8sPorts}`);
+        const vmName = options.autoExposeK8sPorts;
+        const hostIp = getLocalIPv4Address();
+        let vmIp = '';
+        let retries = 0;
+        const maxRetries = 10;
+        const delayMs = 5000; // 5 seconds
+
+        // Wait for VM to get an IP address
+        while (!vmIp && retries < maxRetries) {
+          try {
+            console.log(`Attempting to get IPv4 address for ${vmName} (Attempt ${retries + 1}/${maxRetries})...`);
+            vmIp = shellExec(
+              `lxc list ${vmName} --format json | jq -r '.[0].state.network.enp5s0.addresses[] | select(.family=="inet") | .address'`,
+              { stdout: true },
+            ).trim();
+            if (vmIp) {
+              console.log(`IPv4 address found for ${vmName}: ${vmIp}`);
+            } else {
+              console.log(`IPv4 address not yet available for ${vmName}. Retrying in ${delayMs / 1000} seconds...`);
+              await new Promise((resolve) => setTimeout(resolve, delayMs));
+            }
+          } catch (error) {
+            console.error(`Error getting IPv4 address for exposure: ${error.message}`);
+            console.log(`Retrying in ${delayMs / 1000} seconds...`);
+            await new Promise((resolve) => setTimeout(resolve, delayMs));
+          }
+          retries++;
+        }
+
+        if (!vmIp) {
+          console.error(`Failed to get VM IP for ${vmName} after ${maxRetries} attempts. Cannot expose ports.`);
+          return;
+        }
+
+        let portsToExpose = [];
+        if (options.control === true) {
+          // Kubernetes API Server
+          portsToExpose.push('6443');
+          // Standard HTTP/HTTPS for Ingress if deployed
+          portsToExpose.push('80');
+          portsToExpose.push('443');
+        }
+        // NodePort range for all nodes (control plane can also run pods with NodePorts)
+        // It's safer to expose the entire range for flexibility, or specific NodePorts if known.
+        // For production, you might only expose specific NodePorts or use a LoadBalancer.
+        // For a general setup, exposing the range is common.
+        // Note: LXD proxy device can only expose individual ports, not ranges directly.
+        // We will expose a few common ones, or rely on specific 'expose' calls for others.
+        // Let's add some common NodePorts that might be used by applications.
+        // The full range 30000-32767 would require individual proxy rules for each port.
+        // For this automatic setup, we'll focus on critical K8s ports and common app ports.
+        // If a user needs the full NodePort range, they should use the `expose` option explicitly.
+        portsToExpose.push('30000'); // Example NodePort
+        portsToExpose.push('30001'); // Example NodePort
+        portsToExpose.push('30002'); // Example NodePort
+
+        const protocols = ['tcp']; // Most K8s services are TCP, UDP for some like DNS
+
+        for (const port of portsToExpose) {
+          for (const protocol of protocols) {
+            const deviceName = `${vmName}-${protocol}-port-${port}`;
+            try {
+              // Remove existing device first to avoid conflicts if re-running
+              shellExec(`lxc config device remove ${vmName} ${deviceName} || true`);
+              shellExec(
+                `lxc config device add ${vmName} ${deviceName} proxy listen=${protocol}:${hostIp}:${port} connect=${protocol}:${vmIp}:${port} nat=true`,
+              );
+              console.log(`Exposed ${protocol}:${hostIp}:${port} -> ${vmIp}:${port} for ${vmName}`);
+            } catch (error) {
+              console.error(`Failed to expose port ${port} for ${vmName}: ${error.message}`);
+            }
+          }
+        }
       }
       if (options.joinNode && typeof options.joinNode === 'string') {
         const [workerNode, controlNode] = options.joinNode.split(',');
@@ -116,20 +196,26 @@ ipv6.address=none`);
         shellExec(`lxc list ${options.infoVm}`);
       }
       if (options.expose && typeof options.expose === 'string') {
-        const [controlNode, ports] = options.expose.split(':');
-        console.log({ controlNode, ports });
+        const [vmName, ports] = options.expose.split(':');
+        console.log({ vmName, ports });
         const protocols = ['tcp']; // udp
         const hostIp = getLocalIPv4Address();
         const vmIp = shellExec(
-          `lxc list ${controlNode} --format json | jq -r '.[0].state.network.enp5s0.addresses[] | select(.family=="inet") | .address'`,
+          `lxc list ${vmName} --format json | jq -r '.[0].state.network.enp5s0.addresses[] | select(.family=="inet") | .address'`,
           { stdout: true },
         ).trim();
+        if (!vmIp) {
+          console.error(`Could not get VM IP for ${vmName}. Cannot expose ports.`);
+          return;
+        }
         for (const port of ports.split(',')) {
           for (const protocol of protocols) {
-            shellExec(`lxc config device remove ${controlNode} ${controlNode}-${protocol}-port-${port}`);
+            const deviceName = `${vmName}-${protocol}-port-${port}`;
+            shellExec(`lxc config device remove ${vmName} ${deviceName} || true`); // Use || true to prevent error if device doesn't exist
             shellExec(
-              `lxc config device add ${controlNode} ${controlNode}-${protocol}-port-${port} proxy listen=${protocol}:${hostIp}:${port} connect=${protocol}:${vmIp}:${port} nat=true`,
+              `lxc config device add ${vmName} ${deviceName} proxy listen=${protocol}:${hostIp}:${port} connect=${protocol}:${vmIp}:${port} nat=true`,
             );
+            console.log(`Manually exposed ${protocol}:${hostIp}:${port} -> ${vmIp}:${port} for ${vmName}`);
           }
         }
       }
@@ -181,25 +267,25 @@ ipv6.address=none`);
           return;
         }
 
-        // 2. Iteratively check connection to google.cl
+        // 2. Iteratively check connection to google.com
         let connectedToGoogle = false;
         retries = 0;
         while (!connectedToGoogle && retries < maxRetries) {
           try {
-            console.log(`Checking connectivity to google.cl from ${vmName} (Attempt ${retries + 1}/${maxRetries})...`);
+            console.log(`Checking connectivity to google.com from ${vmName} (Attempt ${retries + 1}/${maxRetries})...`);
             const curlOutput = shellExec(
-              `lxc exec ${vmName} -- curl -s -o /dev/null -w "%{http_code}" http://google.cl`,
+              `lxc exec ${vmName} -- bash -c 'curl -s -o /dev/null -w "%{http_code}" http://google.com'`,
               { stdout: true },
             );
             if (curlOutput.startsWith('2') || curlOutput.startsWith('3')) {
-              console.log(`Successfully connected to google.cl from ${vmName}.`);
+              console.log(`Successfully connected to google.com from ${vmName}.`);
               connectedToGoogle = true;
             } else {
-              console.log(`Connectivity to google.cl not yet verified. Retrying in ${delayMs / 1000} seconds...`);
+              console.log(`Connectivity to google.com not yet verified. Retrying in ${delayMs / 1000} seconds...`);
               await new Promise((resolve) => setTimeout(resolve, delayMs));
             }
           } catch (error) {
-            console.error(`Error checking connectivity to google.cl: ${error.message}`);
+            console.error(`Error checking connectivity to google.com: ${error.message}`);
             console.log(`Retrying in ${delayMs / 1000} seconds...`);
             await new Promise((resolve) => setTimeout(resolve, delayMs));
           }
@@ -208,7 +294,7 @@ ipv6.address=none`);
 
         if (!connectedToGoogle) {
           console.error(
-            `Failed to connect to google.cl from ${vmName} after ${maxRetries} attempts. Aborting further tests.`,
+            `Failed to connect to google.com from ${vmName} after ${maxRetries} attempts. Aborting further tests.`,
           );
           return;
         }

package/src/index.js

@@ -31,7 +31,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.8.792';
+  static version = 'v2.8.793';
   /**
    * Repository cli API
    * @static