underpost 2.8.885 → 2.81.0

package/manifests/deployment/dd-test-development/proxy.yaml

@@ -13,7 +13,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-test-development-blue-service
-          port: 4021
+          port: 4041
           weight: 100
     
     - conditions:
@@ -21,7 +21,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-test-development-blue-service
-          port: 4022
+          port: 4042
           weight: 100
     
 ---
@@ -38,7 +38,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-test-development-blue-service
-          port: 4023
+          port: 4043
           weight: 100
     
     - conditions:
@@ -46,6 +46,6 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-test-development-blue-service
-          port: 4024
+          port: 4044
           weight: 100
     

package/manifests/lxd/underpost-setup.sh

@@ -39,15 +39,15 @@ sudo dnf install -y tar bzip2 git epel-release
 sudo dnf -y update
 
 # --- NVM and Node.js Installation ---
-echo "Installing NVM and Node.js v23.8.0..."
+echo "Installing NVM and Node.js v24.10.0..."
 curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
 
 # Load nvm for the current session
 export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
 [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
 
-nvm install 23.8.0
-nvm use 23.8.0
+nvm install 24.10.0
+nvm use 24.10.0
 
 echo "
 ██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗
@@ -65,9 +65,9 @@ npm install -g underpost
 
 # Ensure underpost executable is in PATH and has execute permissions
 # Adjusting this for global npm install which usually handles permissions
-# If you still face issues, ensure /root/.nvm/versions/node/v23.8.0/bin is in your PATH
+# If you still face issues, ensure /root/.nvm/versions/node/v24.10.0/bin is in your PATH
 # For global installs, it's usually handled automatically.
-# chmod +x /root/.nvm/versions/node/v23.8.0/bin/underpost # This might not be necessary for global npm installs
+# chmod +x /root/.nvm/versions/node/v24.10.0/bin/underpost # This might not be necessary for global npm installs
 
 # --- Kernel Module for Bridge Filtering ---
 # This is crucial for Kubernetes networking (CNI)

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.885",
+    "version": "2.81.0",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",
@@ -80,7 +80,7 @@
         "http-proxy-middleware": "^2.0.6",
         "ignore-walk": "^6.0.4",
         "iovalkey": "^0.2.1",
-        "jimp": "^0.22.12",
+        "jimp": "^1.6.0",
         "json-colorizer": "^2.2.2",
         "jsonwebtoken": "^9.0.2",
         "mariadb": "^3.2.2",
@@ -88,12 +88,11 @@
         "mocha": "^10.8.2",
         "mongoose": "^8.9.5",
         "morgan": "^1.10.0",
-        "nodemailer": "^6.9.9",
+        "nodemailer": "^7.0.9",
         "nodemon": "^3.0.1",
         "peer": "^1.0.2",
         "peerjs": "^1.5.2",
         "prom-client": "^15.1.2",
-        "public-ip": "^6.0.1",
         "read": "^2.1.0",
         "rrule": "^2.8.1",
         "sharp": "^0.32.5",

package/{manifests/maas → scripts}/ssh-cluster-info.sh

@@ -9,6 +9,6 @@ chmod 600 "$SSH_KEY"
 
 ssh -i "$SSH_KEY" -o BatchMode=yes "${REMOTE_USER}@${REMOTE_HOST}" sh <<EOF
 cd /home/dd/engine
-node bin deploy dd production --info-traffic
+node bin deploy dd production --status
 kubectl get pods -A
 EOF

package/scripts/ssl.sh

@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+# RHEL / Rocky Linux — Generate local TLS cert + fullchain (cert + root CA) using mkcert
+# Usage:
+#   ./generate-local-ssl-fullchain.sh /path/to/target "localhost 127.0.0.1 ::1"
+
+set -euo pipefail
+IFS=$'\n\t'
+
+err() { echo "[ERROR] $*" >&2; }
+info() { echo "[INFO] $*"; }
+
+print_usage() {
+  cat <<'EOF'
+Usage: $0 TARGET_DIR "domain1 domain2 ..."
+Example: $0 /etc/ssl/local "localhost 127.0.0.1 ::1"
+
+Outputs created in TARGET_DIR:
+ - <name>.pem          : leaf/server certificate
+ - <name>-key.pem      : private key
+ - <name>-fullchain.pem: certificate followed by root CA (use for servers needing full chain)
+ - rootCA.pem          : local root CA (if OpenSSL fallback used or copied from mkcert CAROOT)
+EOF
+}
+
+if [[ ${1-} == "-h" || ${1-} == "--help" ]]; then
+  print_usage; exit 0; fi
+
+TARGET_DIR="${1-}"
+DOMAINS="${2-}"
+
+if [[ -z "$TARGET_DIR" ]]; then read -rp "Target directory to store certificates (absolute path): " TARGET_DIR; fi
+if [[ -z "$DOMAINS" ]]; then read -rp "Space-separated domains/IPs to include (e.g. 'localhost 127.0.0.1 api.myapp.test'): " DOMAINS; fi
+
+TARGET_DIR="$(realpath -m "$TARGET_DIR")"
+mkdir -p "$TARGET_DIR"
+IFS=' ' read -r -a DOMAIN_ARR <<< "$DOMAINS"
+if [[ ${#DOMAIN_ARR[@]} -eq 0 ]]; then err "No domains provided. Exiting."; exit 1; fi
+
+NAME_SAFE="${DOMAIN_ARR[0]//[^a-zA-Z0-9_.-]/_}"
+CERT_FILE="$TARGET_DIR/${NAME_SAFE}.pem"
+KEY_FILE="$TARGET_DIR/${NAME_SAFE}-key.pem"
+FULLCHAIN_FILE="$TARGET_DIR/${NAME_SAFE}-fullchain.pem"
+ROOT_PEM="$TARGET_DIR/rootCA.pem"
+
+info "Target dir: $TARGET_DIR"
+info "Domains: ${DOMAIN_ARR[*]}"
+info "Outputs: $CERT_FILE, $KEY_FILE, $FULLCHAIN_FILE, $ROOT_PEM"
+
+# Install prerequisites
+if ! command -v dnf >/dev/null 2>&1; then err "dnf not found. This script expects RHEL/Rocky with dnf."; exit 1; fi
+sudo dnf install -y curl nss-tools ca-certificates || true
+
+# Download and install mkcert binary (no 'go install')
+download_mkcert_binary() {
+  UNAME_M=$(uname -m)
+  case "$UNAME_M" in
+    x86_64|amd64) ARCH_STR='linux-amd64' ;;
+    aarch64|arm64) ARCH_STR='linux-arm64' ;;
+    *) ARCH_STR='linux-amd64' ;;
+  esac
+  info "Searching mkcert release for $ARCH_STR"
+  ASSET_URL=$(curl -sS "https://api.github.com/repos/FiloSottile/mkcert/releases/latest" | \
+    grep -E '"browser_download_url":' | grep -i "$ARCH_STR" | head -n1 | sed -E 's/.*"(https:[^"]+)".*/\1/' || true)
+  if [[ -z "$ASSET_URL" ]]; then
+    ASSET_URL=$(curl -sS "https://api.github.com/repos/FiloSottile/mkcert/releases/latest" | \
+      grep -E '"browser_download_url":' | grep -i 'linux' | grep -i 'amd64' | head -n1 | sed -E 's/.*"(https:[^"]+)".*/\1/' || true)
+  fi
+  if [[ -z "$ASSET_URL" ]]; then err "Could not find mkcert asset for your arch"; return 1; fi
+  TMP_BIN="$(mktemp -u /tmp/mkcert.XXXXXX)"
+  if curl -fSL -o "$TMP_BIN" "$ASSET_URL"; then
+    sudo mv "$TMP_BIN" /usr/local/bin/mkcert
+    sudo chmod +x /usr/local/bin/mkcert
+    info "mkcert installed to /usr/local/bin/mkcert"
+    return 0
+  fi
+  return 1
+}
+
+use_mkcert() {
+  if ! command -v mkcert >/dev/null 2>&1; then
+    info "mkcert not found — attempting to download/install binary"
+    download_mkcert_binary || return 1
+  fi
+  MKCERT_BIN="$(command -v mkcert || echo /usr/local/bin/mkcert)"
+  info "Running mkcert -install as sudo (if necessary)"
+  if ! sudo "$MKCERT_BIN" -install >/dev/null 2>&1; then
+    if ! "$MKCERT_BIN" -install >/dev/null 2>&1; then
+      err "mkcert -install failed"; return 1
+    fi
+  fi
+  MK_ARGS=()
+  for d in "${DOMAIN_ARR[@]}"; do MK_ARGS+=("$d"); done
+  info "Generating cert+key with mkcert"
+  if ! "$MKCERT_BIN" -cert-file "$CERT_FILE" -key-file "$KEY_FILE" "${MK_ARGS[@]}"; then err "mkcert failed to generate"; return 1; fi
+  # copy root CA from mkcert CAROOT into TARGET_DIR
+  if ROOT_FROM_MKCERT="$($MKCERT_BIN -CAROOT 2>/dev/null || true)"; then
+    if [[ -f "$ROOT_FROM_MKCERT/rootCA.pem" ]]; then
+      cp "$ROOT_FROM_MKCERT/rootCA.pem" "$ROOT_PEM"
+      info "Copied mkcert root CA to $ROOT_PEM"
+    fi
+  fi
+  # create fullchain (cert followed by root CA)
+  if [[ -f "$ROOT_PEM" ]]; then
+    cat "$CERT_FILE" "$ROOT_PEM" > "$FULLCHAIN_FILE"
+    info "Created fullchain: $FULLCHAIN_FILE"
+  else
+    cp "$CERT_FILE" "$FULLCHAIN_FILE"
+    info "No root CA found to append; fullchain contains only leaf cert: $FULLCHAIN_FILE"
+  fi
+  return 0
+}
+
+use_openssl() {
+  command -v openssl >/dev/null 2>&1 || { err "openssl required"; return 1; }
+  ROOT_KEY="$TARGET_DIR/rootCA.key"
+  if [[ ! -f "$ROOT_KEY" || ! -f "$ROOT_PEM" ]]; then
+    openssl genrsa -out "$ROOT_KEY" 4096
+    openssl req -x509 -new -nodes -key "$ROOT_KEY" -sha256 -days 3650 -out "$ROOT_PEM" -subj "/CN=Local Development Root CA"
+  fi
+  CSR_KEY="$TARGET_DIR/${NAME_SAFE}.key"
+  CSR_PEM="$TARGET_DIR/${NAME_SAFE}.csr"
+  openssl genrsa -out "$CSR_KEY" 2048
+  openssl req -new -key "$CSR_KEY" -out "$CSR_PEM" -subj "/CN=${DOMAIN_ARR[0]}"
+  V3EXT="$TARGET_DIR/v3.ext"
+  printf 'authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, keyEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]\n' > "$V3EXT"
+  DNS=1; IP=1
+  for d in "${DOMAIN_ARR[@]}"; do
+    if [[ "$d" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$d" == *":"* ]]; then
+      printf 'IP.%d = %s\n' "$IP" "$d" >> "$V3EXT"; IP=$((IP+1))
+    else
+      printf 'DNS.%d = %s\n' "$DNS" "$d" >> "$V3EXT"; DNS=$((DNS+1))
+    fi
+  done
+  if openssl x509 -req -in "$CSR_PEM" -CA "$ROOT_PEM" -CAkey "$ROOT_KEY" -CAcreateserial -out "$CERT_FILE" -days 825 -sha256 -extfile "$V3EXT"; then
+    mv -f "$CSR_KEY" "$KEY_FILE"
+    # create fullchain: leaf + root
+    cat "$CERT_FILE" "$ROOT_PEM" > "$FULLCHAIN_FILE"
+    sudo cp "$ROOT_PEM" /etc/pki/ca-trust/source/anchors/ || true
+    sudo update-ca-trust extract || true
+    if command -v certutil >/dev/null 2>&1; then
+      mkdir -p "$HOME/.pki/nssdb"
+      certutil -d sql:$HOME/.pki/nssdb -A -t "CT,C,C" -n "Local Dev Root CA" -i "$ROOT_PEM" || true
+    fi
+    info "OpenSSL created cert, key and fullchain"
+    return 0
+  fi
+  err "OpenSSL failed to create certificate"
+  return 1
+}
+
+# main
+if use_mkcert; then
+  info "Done: created cert, key, fullchain and root CA in $TARGET_DIR"
+  exit 0
+else
+  info "mkcert flow failed — trying OpenSSL fallback"
+  if use_openssl; then
+    info "Done: created cert, key, fullchain and root CA in $TARGET_DIR"
+    exit 0
+  fi
+fi
+
+err "Failed to create certificates with mkcert or OpenSSL"
+exit 2

package/src/cli/baremetal.js

@@ -11,7 +11,7 @@ import dotenv from 'dotenv';
 import { loggerFactory } from '../server/logger.js';
 import { getLocalIPv4Address } from '../server/dns.js';
 import fs from 'fs-extra';
-import { Downloader } from '../server/downloader.js';
+import Downloader from '../server/downloader.js';
 import UnderpostCloudInit from './cloud-init.js';
 import { s4, timer } from '../client/components/core/CommonJs.js';
 
@@ -153,10 +153,10 @@ class UnderpostBaremetal {
       // Handle control server installation.
       if (options.controlServerInstall === true) {
         // Ensure scripts are executable and then run them.
-        shellExec(`chmod +x ${underpostRoot}/manifests/maas/maas-setup.sh`);
-        shellExec(`chmod +x ${underpostRoot}/manifests/maas/nat-iptables.sh`);
-        shellExec(`${underpostRoot}/manifests/maas/maas-setup.sh`);
-        shellExec(`${underpostRoot}/manifests/maas/nat-iptables.sh`);
+        shellExec(`chmod +x ${underpostRoot}/scripts/maas-setup.sh`);
+        shellExec(`chmod +x ${underpostRoot}/scripts/nat-iptables.sh`);
+        shellExec(`${underpostRoot}/scripts/maas-setup.sh`);
+        shellExec(`${underpostRoot}/scripts/nat-iptables.sh`);
         return;
       }
 
@@ -349,7 +349,7 @@ class UnderpostBaremetal {
             const name = url.split('/').pop().replace('.zip', '');
             const path = `../${name}`;
             if (!fs.existsSync(path)) {
-              await Downloader(url, `../${name}.zip`); // Download firmware if not exists.
+              await Downloader.downloadFile(url, `../${name}.zip`); // Download firmware if not exists.
               shellExec(`cd .. && mkdir ${name} && cd ${name} && unzip ../${name}.zip`); // Unzip firmware.
             }
             shellExec(`sudo cp -a ${path}/* ${tftpRootPath}`); // Copy firmware files to TFTP root.
@@ -530,7 +530,7 @@ menuentry '${menuentryStr}' {
         if (options.cloudInitUpdate === true) return;
 
         // Apply NAT iptables rules.
-        shellExec(`${underpostRoot}/manifests/maas/nat-iptables.sh`, { silent: true });
+        shellExec(`${underpostRoot}/scripts/nat-iptables.sh`, { silent: true });
 
         // Wait for MAC address assignment.
         logger.info('Waiting for MAC assignment...');
@@ -952,7 +952,7 @@ EOF`);
      */
     getHostArch() {
       // `uname -m` returns e.g. 'x86_64' or 'aarch64'
-      const machine = shellExec('uname -m', { stdout: true }).trim();
+      const machine = shellExec('uname -m', { stdout: true, silent: true }).trim();
       if (machine === 'x86_64') return { alias: 'amd64', name: 'x86_64' };
       if (machine === 'aarch64') return { alias: 'arm64', name: 'aarch64' };
       throw new Error(`Unsupported host architecture: ${machine}`);

package/src/cli/cloud-init.js

@@ -182,7 +182,7 @@ cut -d: -f1 /etc/passwd`,
 
           // Copy the device scan script from manifests.
           logger.info('Build', `${nfsHostToolsPath}/device_scan.sh`);
-          fs.copySync(`${underpostRoot}/manifests/maas/device-scan.sh`, `${nfsHostToolsPath}/device_scan.sh`);
+          fs.copySync(`${underpostRoot}/scripts/device-scan.sh`, `${nfsHostToolsPath}/device_scan.sh`);
 
           // Build and write the config path script.
           logger.info('Build', `${nfsHostToolsPath}/config-path.sh`);

package/src/cli/cluster.js

@@ -15,6 +15,13 @@ import fs from 'fs-extra';
 
 const logger = loggerFactory(import.meta);
 
+/**
+ * @class UnderpostCluster
+ * @description Manages Kubernetes cluster initialization, configuration, and component deployment.
+ * This class provides a set of static methods to handle cluster initialization, configuration,
+ * and optional component deployments.
+ * @memberof UnderpostCluster
+ */
 class UnderpostCluster {
   static API = {
     /**
@@ -520,7 +527,7 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
 
       // shellExec(`sudo sysctl --system`); // Apply sysctl changes immediately
       // Apply NAT iptables rules.
-      shellExec(`${underpostRoot}/manifests/maas/nat-iptables.sh`, { silent: true });
+      shellExec(`${underpostRoot}/scripts/nat-iptables.sh`, { silent: true });
 
       // Disable firewalld (common cause of network issues in Kubernetes)
       shellExec(`sudo systemctl stop firewalld || true`); // Stop if running
@@ -663,8 +670,8 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
         shellExec('sudo iptables -F || true');
         shellExec('sudo iptables -t nat -F || true');
         // Restore iptables rules
-        shellExec(`chmod +x ${options.underpostRoot}/manifests/maas/nat-iptables.sh`);
-        shellExec(`${options.underpostRoot}/manifests/maas/nat-iptables.sh`, { silent: true });
+        shellExec(`chmod +x ${options.underpostRoot}/scripts/nat-iptables.sh`);
+        shellExec(`${options.underpostRoot}/scripts/nat-iptables.sh`, { silent: true });
         shellExec('sudo ip link del cni0 || true');
         shellExec('sudo ip link del flannel.1 || true');
 
@@ -691,7 +698,11 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
      */
     getResourcesCapacity(node) {
       const resources = {};
-      const nodeName = node ?? os.hostname();
+      const nodeName = node
+        ? node
+        : UnderpostDeploy.API.get('kind-control-plane', 'node').length > 0
+          ? 'kind-control-plane'
+          : os.hostname();
       const info = shellExec(`kubectl describe node ${nodeName} | grep -E '(Allocatable:|Capacity:)' -A 6`, {
         stdout: true,
         silent: true,

package/src/cli/cron.js

@@ -17,7 +17,7 @@ const logger = loggerFactory(import.meta);
 
 /**
  * UnderpostCron main module methods
- * @class
+ * @class UnderpostCron
  * @memberof UnderpostCron
  */
 class UnderpostCron {

package/src/cli/db.js

@@ -271,10 +271,11 @@ class UnderpostDB {
           const deployId = _deployId.trim();
           if (!deployId) continue;
           const confServer = loadReplicas(
+            deployId,
             JSON.parse(fs.readFileSync(`./engine-private/conf/${deployId}/conf.server.json`, 'utf8')),
           );
           const router = await UnderpostDeploy.API.routerFactory(deployId, env);
-          const pathPortAssignmentData = pathPortAssignmentFactory(router, confServer);
+          const pathPortAssignmentData = await pathPortAssignmentFactory(deployId, router, confServer);
 
           for (const host of Object.keys(confServer)) {
             for (const { path, port } of pathPortAssignmentData[host]) {

package/src/cli/deploy.js

@@ -20,6 +20,10 @@ import fs from 'fs-extra';
 import dotenv from 'dotenv';
 import UnderpostRootEnv from './env.js';
 import UnderpostCluster from './cluster.js';
+import { timer } from '../client/components/core/CommonJs.js';
+import os from 'node:os';
+import Dns, { getLocalIPv4Address } from '../server/dns.js';
+import UnderpostBaremetal from './baremetal.js';
 
 const logger = loggerFactory(import.meta);
 
@@ -183,10 +187,11 @@ spec:
         const deployId = _deployId.trim();
         if (!deployId) continue;
         const confServer = loadReplicas(
+          deployId,
           JSON.parse(fs.readFileSync(`./engine-private/conf/${deployId}/conf.server.json`, 'utf8')),
         );
         const router = await UnderpostDeploy.API.routerFactory(deployId, env);
-        const pathPortAssignmentData = pathPortAssignmentFactory(router, confServer);
+        const pathPortAssignmentData = await pathPortAssignmentFactory(deployId, router, confServer);
         const { fromPort, toPort } = deployRangePortFactory(router);
         const deploymentVersions = options.versions.split(',');
         fs.mkdirSync(`./engine-private/conf/${deployId}/build/${env}`, { recursive: true });
@@ -226,12 +231,12 @@ metadata:
 spec:
   virtualhost:
     fqdn: ${host}${
-            env === 'development'
-              ? ''
-              : `
+      env === 'development'
+        ? ''
+        : `
     tls:
       secretName: ${host}`
-          }
+    }
   routes:`;
           for (const conditionObj of pathPortAssignment) {
             const { path, port } = conditionObj;
@@ -324,7 +329,8 @@ spec:
      * @param {string} options.node - Node name for resource allocation.
      * @param {string} options.restoreHosts - Whether to restore hosts.
      * @param {string} options.disableUpdateDeployment - Whether to disable updating the deployment.
-     * @param {string} options.infoTraffic - Whether to display traffic information.
+     * @param {string} options.disableUpdateProxy - Whether to disable updating the proxy.
+     * @param {string} options.status - Whether to display status host machine server and traffic information.
      * @param {string} options.etcHosts - Whether to update /etc/hosts.
      * @returns {Promise<void>} - Promise that resolves when the callback is complete.
      * @memberof UnderpostDeploy
@@ -348,7 +354,8 @@ spec:
         node: '',
         restoreHosts: false,
         disableUpdateDeployment: false,
-        infoTraffic: false,
+        disableUpdateProxy: false,
+        status: false,
         etcHosts: false,
       },
     ) {
@@ -414,7 +421,7 @@ EOF`);
       } else if (!deployList) deployList = 'dd-default';
       if (deployList === 'dd' && fs.existsSync(`./engine-private/deploy/dd.router`))
         deployList = fs.readFileSync(`./engine-private/deploy/dd.router`, 'utf8');
-      if (options.infoTraffic === true) {
+      if (options.status === true) {
         for (const _deployId of deployList.split(',')) {
           const deployId = _deployId.trim();
           logger.info('', {
@@ -425,6 +432,16 @@ EOF`);
             pods: await UnderpostDeploy.API.get(deployId),
           });
         }
+        const interfaceName = Dns.getDefaultNetworkInterface();
+        logger.info('Machine', {
+          node: os.hostname(),
+          arch: UnderpostBaremetal.API.getHostArch(),
+          ipv4Public: await Dns.getPublicIp(),
+          ipv4Local: getLocalIPv4Address(),
+          resources: UnderpostCluster.API.getResourcesCapacity(),
+          defaultInterfaceName: interfaceName,
+          defaultInterfaceInfo: os.networkInterfaces()[interfaceName],
+        });
         return;
       }
       if (!(options.versions && typeof options.versions === 'string')) options.versions = 'blue,green';
@@ -466,11 +483,14 @@ EOF`);
           }
 
         const confServer = JSON.parse(fs.readFileSync(`./engine-private/conf/${deployId}/conf.server.json`, 'utf8'));
+
         for (const host of Object.keys(confServer)) {
-          shellExec(`sudo kubectl delete HTTPProxy ${host}`);
-          if (UnderpostDeploy.API.isValidTLSContext({ host, env, options }))
-            shellExec(`sudo kubectl delete Certificate ${host}`);
-          if (!options.remove === true && env === 'development') etcHosts.push(host);
+          if (!options.disableUpdateProxy) {
+            shellExec(`sudo kubectl delete HTTPProxy ${host}`);
+            if (UnderpostDeploy.API.isValidTLSContext({ host, env, options }))
+              shellExec(`sudo kubectl delete Certificate ${host}`);
+          }
+          if (!options.remove) etcHosts.push(host);
         }
 
         const manifestsPath =
@@ -478,9 +498,9 @@ EOF`);
             ? `engine-private/conf/${deployId}/build/production`
             : `manifests/deployment/${deployId}-${env}`;
 
-        if (!options.remove === true) {
+        if (!options.remove) {
           if (!options.disableUpdateDeployment) shellExec(`sudo kubectl apply -f ./${manifestsPath}/deployment.yaml`);
-          shellExec(`sudo kubectl apply -f ./${manifestsPath}/proxy.yaml`);
+          if (!options.disableUpdateProxy) shellExec(`sudo kubectl apply -f ./${manifestsPath}/proxy.yaml`);
 
           if (UnderpostDeploy.API.isValidTLSContext({ host: Object.keys(confServer)[0], env, options }))
             shellExec(`sudo kubectl apply -f ./${manifestsPath}/secret.yaml`);
@@ -655,6 +675,37 @@ EOF`);
       env === 'production' &&
       options.cert === true &&
       (!options.certHosts || options.certHosts.split(',').includes(host)),
+
+    /**
+     * Monitors the ready status of a deployment.
+     * @param {string} deployId - Deployment ID for which the ready status is being monitored.
+     * @param {string} env - Environment for which the ready status is being monitored.
+     * @param {string} targetTraffic - Target traffic status for the deployment.
+     * @param {Array<string>} ignorePods - List of pod names to ignore.
+     * @memberof UnderpostDeploy
+     */
+    async monitorReadyRunner(deployId, env, targetTraffic, ignorePods = []) {
+      let checkStatusIteration = 0;
+      const checkStatusIterationMsDelay = 1000;
+      const iteratorTag = `[${deployId}-${env}-${targetTraffic}]`;
+      logger.info('Deployment init', { deployId, env, targetTraffic, checkStatusIterationMsDelay });
+      const minReadyOk = 3;
+      let readyOk = 0;
+
+      while (readyOk < minReadyOk) {
+        const ready = UnderpostDeploy.API.checkDeploymentReadyStatus(deployId, env, targetTraffic, ignorePods).ready;
+        if (ready === true) {
+          readyOk++;
+          logger.info(`${iteratorTag} | Deployment ready. Verification number: ${readyOk}`);
+        }
+        await timer(checkStatusIterationMsDelay);
+        checkStatusIteration++;
+        logger.info(
+          `${iteratorTag} | Deployment in progress... | Delay number check iterations: ${checkStatusIteration}`,
+        );
+      }
+      logger.info(`${iteratorTag} | Deployment ready. | Total delay number check iterations: ${checkStatusIteration}`);
+    },
   };
 }
 

package/src/cli/fs.js

@@ -10,7 +10,7 @@ import dotenv from 'dotenv';
 import AdmZip from 'adm-zip';
 import * as dir from 'path';
 import fs from 'fs-extra';
-import { Downloader } from '../server/downloader.js';
+import Downloader from '../server/downloader.js';
 import UnderpostRepository from './repository.js';
 import { shellExec } from '../server/process.js';
 dotenv.config();
@@ -204,7 +204,7 @@ class UnderpostFileStorage {
         resource_type: 'raw',
       });
       logger.info('download result', downloadResult);
-      await Downloader(downloadResult, path + '.zip');
+      await Downloader.downloadFile(downloadResult, path + '.zip');
       path = UnderpostFileStorage.API.zip2File(path + '.zip');
       fs.removeSync(path + '.zip');
     },

package/src/cli/image.js

@@ -15,6 +15,13 @@ dotenv.config();
 
 const logger = loggerFactory(import.meta);
 
+/**
+ * @class UnderpostImage
+ * @description Manages Docker image operations, including pulling, building, and loading images into Kubernetes clusters.
+ * This class provides a set of static methods to handle image operations, including pulling base images,
+ * building custom images, and loading them into specified Kubernetes clusters (Kind, Kubeadm, or K3s).
+ * @memberof UnderpostImage
+ */
 class UnderpostImage {
   static API = {
     dockerfile: {
@@ -27,6 +34,7 @@ class UnderpostImage {
        * @param {boolean} [options.kubeadmLoad=false] - If true, load image into Kubeadm cluster.
        * @param {boolean} [options.k3sLoad=false] - If true, load image into K3s cluster.
        * @param {string} [options.path=false] - Path to the Dockerfile context.
+       * @param {boolean} [options.dev=false] - If true, use development mode.
        * @param {string} [options.version=''] - Version tag for the image.
        * @memberof UnderpostImage
        */
@@ -36,11 +44,14 @@ class UnderpostImage {
           kubeadmLoad: false,
           k3sLoad: false,
           path: false,
+          dev: false,
           version: '',
         },
       ) {
         // shellExec(`sudo podman pull docker.io/library/debian:buster`);
         shellExec(`sudo podman pull docker.io/library/rockylinux:9`);
+        const baseCommand = options.dev ? 'node bin' : 'underpost';
+        const baseCommandOption = options.dev ? ' --dev' : '';
         const IMAGE_NAME = `rockylinux9-underpost`;
         const IMAGE_NAME_FULL = `${IMAGE_NAME}:${options.version ?? Underpost.version}`;
         let LOAD_TYPE = '';
@@ -54,7 +65,7 @@ class UnderpostImage {
         }
 
         shellExec(
-          `underpost dockerfile-image-build --podman-save --reset --image-path=. --path ${
+          `${baseCommand} dockerfile-image-build${baseCommandOption} --podman-save --reset --image-path=. --path ${
             options.path ?? getUnderpostRootPath()
           } --image-name=${IMAGE_NAME_FULL} ${LOAD_TYPE}`,
         );
@@ -75,6 +86,7 @@ class UnderpostImage {
        * @param {boolean} [options.secrets=false] - If true, load secrets from the .env file for the build.
        * @param {string} [options.secretsPath=''] - Custom path to the .env file for secrets.
        * @param {boolean} [options.reset=false] - If true, perform a no-cache build.
+       * @param {boolean} [options.dev=false] - If true, use development mode.
        * @memberof UnderpostImage
        */
       build(
@@ -90,6 +102,7 @@ class UnderpostImage {
           secrets: false,
           secretsPath: '',
           reset: false,
+          dev: false,
         },
       ) {
         const {
@@ -104,6 +117,7 @@ class UnderpostImage {
           kubeadmLoad,
           k3sLoad,
           reset,
+          dev,
         } = options;
         const podManImg = `localhost/${imageName}`;
         if (imagePath && typeof imagePath === 'string' && !fs.existsSync(imagePath))
@@ -132,7 +146,10 @@ class UnderpostImage {
             } -t ${imageName} --pull=never --cap-add=CAP_AUDIT_WRITE${cache}${secretDockerInput} --network host`,
           );
 
-        if (podmanSave === true) shellExec(`podman save -o ${tarFile} ${podManImg}`);
+        if (podmanSave === true) {
+          if (fs.existsSync(tarFile)) fs.removeSync(tarFile);
+          shellExec(`podman save -o ${tarFile} ${podManImg}`);
+        }
         if (kindLoad === true) shellExec(`sudo kind load image-archive ${tarFile}`);
         if (kubeadmLoad === true) {
           // Use 'ctr' for Kubeadm