underpost 2.8.793 → 2.8.794

package/README.md

@@ -68,7 +68,7 @@ Run dev client server
 npm run dev
 ```
 <!-- -->
-## underpost ci/cd cli v2.8.793
+## underpost ci/cd cli v2.8.794
 
 ### Usage: `underpost [options] [command]`
   ```

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.8.793
+## underpost ci/cd cli v2.8.794
 
 ### Usage: `underpost [options] [command]`
   ```

package/docker-compose.yml

@@ -58,7 +58,7 @@ services:
           cpus: '0.25'
           memory: 20M
     labels: # labels in Compose file instead of Dockerfile
-      engine.version: '2.8.793'
+      engine.version: '2.8.794'
     networks:
       - load-balancer
 

package/manifests/lxd/underpost-setup.sh

@@ -53,7 +53,7 @@ echo "
 ██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗
 ██║░░░██║████╗░██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝
 ██║░░░██║██╔██╗██║██║░░██║█████╗░░██████╔╝██████╔╝██║░░██║╚█████╗░░░░██║░░░
-██║░░░██║██║╚████║██║░░██║██╔══╝░░██╔══██╗██╔══╝░░██║░░██║░╚═══██╗░░░██║░░░
+██║░░░██║██║╚████║██║░░██║██╔══╝░░██╔══██╗██╔═══╝░██║░░██║░╚═══██╗░░░██║░░░
 ╚██████╔╝██║░╚███║██████╔╝███████╗██║░░██║██║░░░░░╚█████╔╝██████╔╝░░░██║░░░
 ░╚═════╝░╚═╝░░╚══╝╚═════╝░╚══════╝╚═╝░░╚═╝╚═╝░░░░░░╚════╝░╚═════╝░░░░╚═╝░░░
 
@@ -74,29 +74,6 @@ npm install -g underpost
 echo "Loading br_netfilter kernel module..."
 sudo modprobe br_netfilter
 
-# --- Disable UFW (Crucial for Kubernetes) ---
-# UFW conflicts with Kubernetes' iptables management. Disable it completely.
-echo "Disabling UFW to prevent conflicts with Kubernetes..."
-if sudo systemctl is-active --quiet ufw; then
-    sudo systemctl stop ufw
-fi
-if sudo systemctl is-enabled --quiet ufw; then
-    sudo systemctl disable ufw
-fi
-# Attempt to remove ufw package. dnf will handle if it's not installed.
-echo "Attempting to remove ufw package..."
-sudo dnf remove -y ufw
-
-# --- Kubernetes Required Ports (Informational - not for UFW) ---
-# These ports are opened by Kubernetes itself or are expected to be open
-# by external firewalls. UFW is no longer managing them.
-echo "Note: Kubernetes requires the following ports to be open (managed by K8s or external firewall):"
-echo "  - Control Plane: 6443/TCP (Kubernetes API), 2379-2380/TCP (etcd)"
-echo "  - Worker Nodes: 10250/TCP (Kubelet API), 30000-32767/TCP/UDP (NodePorts)"
-echo "  - CNI specific ports (e.g., Calico: 179/TCP, 4789/UDP; Flannel: 8472/UDP)"
-echo "  - SSH: 22/TCP"
-echo "  - HTTP/HTTPS: 80/TCP, 443/TCP (for Ingress/Load Balancers)"
-
 # --- Initial Host Setup for Kubernetes Prerequisites ---
 # This calls the initHost method in cluster.js to install Docker, Podman, Kind, Kubeadm, Helm.
 echo "Running initial host setup for Kubernetes prerequisites..."
@@ -130,9 +107,8 @@ echo "USE_WORKER   = $USE_WORKER"
 
 # --- Kubernetes Cluster Initialization Logic ---
 
-# Call config first to apply SELinux, Docker, Containerd, and sysctl settings.
-# This config function in cluster.js will be modified to remove iptables flushing.
-echo "Applying Kubernetes host configuration (SELinux, Containerd, Sysctl)..."
+# Apply host configuration (SELinux, Containerd, Sysctl, and now firewalld disabling)
+echo "Applying Kubernetes host configuration (SELinux, Containerd, Sysctl, Firewalld)..."
 underpost cluster --config
 
 if $USE_KUBEADM; then
@@ -144,21 +120,19 @@ if $USE_KUBEADM; then
         # For a full automated setup, you'd typically pass the join token/command here.
         # Example: underpost cluster --worker --join-command "kubeadm join ..."
         # For now, this just runs the worker-specific config.
-        underpost cluster --worker --config
+        underpost cluster --worker
+        underpost cluster --chown
         echo "Worker node setup initiated. You will need to manually join this worker to your control plane."
         echo "On your control plane, run 'kubeadm token create --print-join-command' and execute the output here."
     else
         echo "Running control plane setup with kubeadm..."
         # This will initialize the kubeadm control plane and install Calico
         underpost cluster --kubeadm
-        # Ensure kubectl config is set up for the current user
-        underpost cluster --chown
         echo "Kubeadm control plane initialized. Check cluster status with 'kubectl get nodes'."
     fi
 elif $USE_KIND; then
     echo "Running control node with kind..."
     underpost cluster
-    underpost cluster --chown
     echo "Kind cluster initialized. Check cluster status with 'kubectl get nodes'."
 else
     echo "No specific cluster role (--kubeadm, --kind, --worker) specified. Please provide one."

package/manifests/valkey/service.yaml

@@ -1,17 +1,11 @@
----
 apiVersion: v1
 kind: Service
 metadata:
   name: service-valkey
   namespace: default
 spec:
+  selector:
+    app: service-valkey
   ports:
     - port: 6379
       targetPort: 6379
-  selector:
-    app: service-valkey
-  ipFamilyPolicy: PreferDualStack
-  ipFamilies:
-    - IPv4
-    # - IPv6
-  type: ClusterIP

package/manifests/valkey/statefulset.yaml

@@ -14,27 +14,25 @@ spec:
       labels:
         app: service-valkey
     spec:
-      # Prevent automatic token mounting if you're not using the default ServiceAccount
       automountServiceAccountToken: false
-
       containers:
         - name: service-valkey
           image: docker.io/valkey/valkey:latest
           imagePullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: Europe/Zurich
+          command: ["valkey-server"]
+          args: ["--port", "6379"]
           ports:
             - containerPort: 6379
           startupProbe:
             tcpSocket:
               port: 6379
-            failureThreshold: 30
             periodSeconds: 5
             timeoutSeconds: 5
+            failureThreshold: 30
           livenessProbe:
             tcpSocket:
               port: 6379
-            failureThreshold: 2
+            initialDelaySeconds: 10
             periodSeconds: 30
             timeoutSeconds: 5
+            failureThreshold: 2

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.793",
+    "version": "2.8.794",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/cli/cluster.js

@@ -41,10 +41,10 @@ class UnderpostCluster {
       if (options.initHost === true) return UnderpostCluster.API.initHost();
 
       // Applies general host configuration (SELinux, containerd, sysctl)
-      if (options.config === true) UnderpostCluster.API.config();
+      if (options.config === true) return UnderpostCluster.API.config();
 
       // Sets up kubectl configuration for the current user
-      if (options.chown === true) UnderpostCluster.API.chown();
+      if (options.chown === true) return UnderpostCluster.API.chown();
 
       const npmRoot = getNpmRootPath();
       const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
@@ -132,7 +132,6 @@ class UnderpostCluster {
           logger.info('Initializing Kind cluster...');
           if (options.full === true || options.dedicatedGpu === true) {
             shellExec(`cd ${underpostRoot}/manifests && kind create cluster --config kind-config-cuda.yaml`);
-            UnderpostCluster.API.chown();
           } else {
             shellExec(
               `cd ${underpostRoot}/manifests && kind create cluster --config kind-config${
@@ -140,6 +139,7 @@ class UnderpostCluster {
               }.yaml`,
             );
           }
+          UnderpostCluster.API.chown();
         }
       } else if (options.worker === true) {
         // Worker node specific configuration (kubeadm join command needs to be executed separately)
@@ -327,15 +327,20 @@ class UnderpostCluster {
 
       // Enable bridge-nf-call-iptables for Kubernetes networking
       // This ensures traffic through Linux bridges is processed by iptables (crucial for CNI)
-      shellExec(`sudo sysctl net.bridge.bridge-nf-call-iptables=1`);
-      // Also ensure these are set for persistence across reboots
-      shellExec(`echo "net.bridge.bridge-nf-call-iptables=1" | sudo tee /etc/sysctl.d/k8s.conf`);
-      shellExec(`echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.d/k8s.conf`); // Enable IP forwarding
+      for (const iptableConfPath of [
+        `/etc/sysctl.d/k8s.conf`,
+        `/etc/sysctl.d/99-k8s-ipforward.conf`,
+        `/etc/sysctl.d/99-k8s.conf`,
+      ])
+        shellExec(`echo 'net.bridge.bridge-nf-call-iptables = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-arptables = 1
+net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`);
       shellExec(`sudo sysctl --system`); // Apply sysctl changes immediately
 
-      // Removed iptables flushing commands.
-      // Kubernetes (kube-proxy and CNI) manages its own iptables rules.
-      // Flushing them here would break cluster networking.
+      // Disable firewalld (common cause of network issues in Kubernetes)
+      shellExec(`sudo systemctl stop firewalld || true`); // Stop if running
+      shellExec(`sudo systemctl disable firewalld || true`); // Disable from starting on boot
     },
 
     /**
@@ -391,7 +396,7 @@ class UnderpostCluster {
       // Re-configure Docker's default storage location (if desired).
       shellExec('sudo mv /var/lib/docker /var/lib/docker~ || true'); // Use || true to prevent error if dir doesn't exist
       shellExec('sudo mkdir -p /home/docker');
-      shellExec('sudo chmod 0711 /home/docker');
+      shellExec('sudo chmod 777 /home/docker');
       shellExec('sudo ln -s /home/docker /var/lib/docker');
 
       // Prune all unused Podman data.

package/src/cli/deploy.js

@@ -273,6 +273,25 @@ kubectl patch ippool default-ipv4-ippool --type='json' -p='[{"op": "replace", "p
 kubectl patch ippool default-ipv4-ippool --type='json' -p='[{"op": "replace", "path": "/spec/cidr", "value": "192.168.0.0/24"}]'
 sudo podman run --rm localhost/<image-name>:<image-version> <command>
 kubectl get configmap kubelet-config -n kube-system -o yaml > kubelet-config.yaml
+kubectl -n kube-system rollout restart daemonset kube-proxy
+
+kubectl get EndpointSlice -o wide --all-namespaces -w
+
+kubectl run --rm -it test-dns --image=busybox:latest --restart=Never -- /bin/sh -c "
+  nslookup kubernetes.default.svc.cluster.local;
+  nslookup mongodb-service.default.svc.cluster.local;
+  nslookup service-valkey.default.svc.cluster.local;
+  nc -vz mongodb-service 27017;
+  nc -vz service-valkey 6379;
+  echo exit code: \\\$?
+"
+
+kubectl apply -f - <<EOF
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: ...
+EOF
 `);
       if (deployList === 'dd' && fs.existsSync(`./engine-private/deploy/dd.router`))
         deployList = fs.readFileSync(`./engine-private/deploy/dd.router`, 'utf8');

package/src/index.js

@@ -31,7 +31,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.8.793';
+  static version = 'v2.8.794';
   /**
    * Repository cli API
    * @static

package/src/server/logger.js

@@ -176,7 +176,7 @@ const loggerMiddleware = (meta = { url: '' }) => {
   );
 };
 
-const underpostASCI = () => `
+const underpostASCII = () => `
 
 ██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗
 ██║░░░██║████╗░██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝
@@ -188,10 +188,10 @@ const underpostASCI = () => `
 
 const actionInitLog = () =>
   console.log(
-    underpostASCI() +
+    underpostASCII() +
       `
     https://www.nexodev.org/docs
 `,
   );
 
-export { loggerFactory, loggerMiddleware, setUpInfo, underpostASCI, actionInitLog };
+export { loggerFactory, loggerMiddleware, setUpInfo, underpostASCII, actionInitLog };