underpost 2.89.37 → 2.89.45

package/manifests/mongodb/statefulset.yaml

@@ -3,7 +3,7 @@ kind: StatefulSet
 metadata:
   name: mongodb # Specifies the name of the statefulset
 spec:
-  serviceName: "mongodb-service" # Specifies the service to use
+  serviceName: 'mongodb-service' # Specifies the service to use
   replicas: 2
   selector:
     matchLabels:
@@ -18,8 +18,8 @@ spec:
           image: docker.io/library/mongo:latest
           command:
             - mongod
-            - "--replSet"
-            - "rs0"
+            - '--replSet'
+            - 'rs0'
             # - '--config'
             # - '-f'
             # - '/etc/mongod.conf'
@@ -35,9 +35,9 @@ spec:
             # - '--setParameter'
             # - 'authenticationMechanisms=SCRAM-SHA-1'
             # - '--fork'
-            - "--logpath"
-            - "/var/log/mongodb/mongod.log"
-            - "--bind_ip_all"
+            - '--logpath'
+            - '/var/log/mongodb/mongod.log'
+            - '--bind_ip_all'
           # command: ['sh', '-c']
           # args:
           #   - |
@@ -99,11 +99,11 @@ spec:
                   key: password
           resources:
             requests:
-              cpu: "100m"
-              memory: "256Mi"
+              cpu: '100m'
+              memory: '256Mi'
             limits:
-              cpu: "500m"
-              memory: "512Mi"
+              cpu: '500m'
+              memory: '512Mi'
       volumes:
         - name: keyfile
           secret:
@@ -119,7 +119,7 @@ spec:
     - metadata:
         name: mongodb-storage
       spec:
-        accessModes: ["ReadWriteOnce"]
+        accessModes: ['ReadWriteOnce']
         storageClassName: mongodb-storage-class
         resources:
           requests:

package/manifests/mongodb-4.4/service-deployment.yaml

@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: mongodb-deployment
-  namespace: default
 spec:
   selector:
     matchLabels:
@@ -17,7 +16,7 @@ spec:
       containers:
         - name: mongodb
           image: mongo:4.4
-          command: ["mongod", "--replSet", "rs0", "--bind_ip_all"]
+          command: ['mongod', '--replSet', 'rs0', '--bind_ip_all']
           # -- bash
           # mongo
           # use admin
@@ -43,7 +42,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: mongodb-service
-  namespace: default
 spec:
   clusterIP: None
   selector:

package/manifests/mysql/pv-pvc.yaml

@@ -12,7 +12,7 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/mnt/data"
+    path: '/mnt/data'
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

package/manifests/mysql/statefulset.yaml

@@ -17,7 +17,7 @@ kind: StatefulSet
 metadata:
   name: mysql
 spec:
-  serviceName: "mysql"
+  serviceName: 'mysql'
   selector:
     matchLabels:
       app: mysql

package/manifests/valkey/service.yaml

@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: valkey-service
-  namespace: default
 spec:
   selector:
     app: valkey-service

package/manifests/valkey/statefulset.yaml

@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: valkey-service
-  namespace: default
 spec:
   serviceName: valkey-service
   replicas: 1
@@ -19,8 +18,8 @@ spec:
         - name: valkey-service
           image: docker.io/valkey/valkey:latest
           imagePullPolicy: IfNotPresent
-          command: ["valkey-server"]
-          args: ["--port", "6379"]
+          command: ['valkey-server']
+          args: ['--port', '6379']
           ports:
             - containerPort: 6379
           startupProbe:

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.89.37",
+    "version": "2.89.45",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/scripts/device-scan.sh

@@ -1,26 +1,42 @@
 #!/usr/bin/env bash
+set -u -o pipefail
 
 for iface_path in /sys/class/net/*; do
+  [ -e "$iface_path" ] || continue
   name=$(basename "$iface_path")
-  mac=$(< "$iface_path/address")
-  ip=$(ip -4 addr show dev "$name" \
-       | grep -oP '(?<=inet\s)\d+(\.\d+){3}' || echo "—")
-  operstate=$(< "$iface_path/operstate")
-  mtu=$(< "$iface_path/mtu")
-
-  # Driver
-  if [ -L "$iface_path/device/driver" ]; then
+
+  # MAC address
+  if [ -r "$iface_path/address" ]; then
+    mac=$(< "$iface_path/address")
+  else
+    mac="—"
+  fi
+
+  # IPv4: collect all IPv4 CIDRs, strip masks, join with commas (or show —)
+  ip_info=$(ip -4 -o addr show dev "$name" 2>/dev/null | awk '{print $4}')
+  if [ -n "$ip_info" ]; then
+    # Use word-splitting intentionally to iterate lines from ip_info
+    ip=$(printf "%s\n" $ip_info | awk -F/ '{print $1}' | paste -sd, -)
+  else
+    ip="—"
+  fi
+
+  # operstate and mtu
+  operstate=$(< "$iface_path/operstate" 2>/dev/null || echo "—")
+  mtu=$(< "$iface_path/mtu" 2>/dev/null || echo "—")
+
+  # Driver (if available)
+  if [ -e "$iface_path/device/driver" ]; then
     driver=$(basename "$(readlink -f "$iface_path/device/driver")")
   else
     driver="—"
   fi
 
-  # Vendor device ID PCI
+  # PCI vendor:device (if available)
   pci_dev="$iface_path/device"
-  if [ -f "$pci_dev/vendor" ] && [ -f "$pci_dev/device" ]; then
+  if [ -r "$pci_dev/vendor" ] && [ -r "$pci_dev/device" ]; then
     vendor_id=$(< "$pci_dev/vendor")
     device_id=$(< "$pci_dev/device")
-    # parse 0x8086 to 8086, etc.
     vendor_id=${vendor_id#0x}
     device_id=${device_id#0x}
     pci="${vendor_id}:${device_id}"
@@ -28,16 +44,22 @@ for iface_path in /sys/class/net/*; do
     pci="—"
   fi
 
-  # Link Speed
+  # Link speed: only append unit if numeric
   speed=$(cat "$iface_path/speed" 2>/dev/null || echo "—")
+  if [[ "$speed" =~ ^[0-9]+$ ]]; then
+    speed_label="${speed} Mb/s"
+  else
+    speed_label="$speed"
+  fi
+
+  # Print formatted output
+  printf 'Interface: %s\n' "$name"
+  printf '  MAC:          %s\n' "$mac"
+  printf '  IPv4:         %s\n' "$ip"
+  printf '  State:        %s\n' "$operstate"
+  printf '  MTU:          %s\n' "$mtu"
+  printf '  Driver:       %s\n' "$driver"
+  printf '  PCI Vendor:Device: %s\n' "$pci"
+  printf '  Link Speed:   %s\n\n' "$speed_label"
 
-  echo "Interface: $name"
-  echo "  MAC:          $mac"
-  echo "  IPv4:         $ip"
-  echo "  State:       $operstate"
-  echo "  MTU:          $mtu"
-  echo "  Driver:       $driver"
-  echo "  PCI Vendor:Device ID: $pci"
-  echo "  Link Speed:   ${speed}Mb/s"
-  echo
 done

package/scripts/rpmfusion-ffmpeg-setup.sh

@@ -32,6 +32,7 @@ echo "6) Try to install audio helper packages that sometimes block ffmpeg (ladsp
 # These may be provided by CRB/EPEL or other compatible repos
 dnf -y install ladspa || echo "ladspa not available from enabled repos (will try later)"
 dnf -y install rubberband || echo "rubberband not available from enabled repos (will try later)"
+dnf -y install libwebp-tools || echo "libwebp-tools not available from enabled repos (will try later)"
 
 echo "7) Try installing ffmpeg (several fallbacks tried)"
 if dnf -y install ffmpeg ffmpeg-devel --allowerasing; then

package/src/cli/cluster.js

@@ -44,12 +44,15 @@ class UnderpostCluster {
      * @param {boolean} [options.listPods=false] - List Kubernetes pods.
      * @param {boolean} [options.reset=false] - Perform a comprehensive reset of Kubernetes and container environments.
      * @param {boolean} [options.dev=false] - Run in development mode (adjusts paths).
-     * @param {string} [options.nsUse=''] - Set the current kubectl namespace.
+     * @param {string} [options.nsUse=''] - Set the current kubectl namespace (creates namespace if it doesn't exist).
+     * @param {string} [options.namespace='default'] - Kubernetes namespace for cluster operations.
      * @param {boolean} [options.infoCapacity=false] - Display resource capacity information for the cluster.
      * @param {boolean} [options.infoCapacityPod=false] - Display resource capacity information for pods.
      * @param {boolean} [options.pullImage=false] - Pull necessary Docker images before deployment.
      * @param {boolean} [options.dedicatedGpu=false] - Configure for dedicated GPU usage (e.g., NVIDIA GPU Operator).
      * @param {boolean} [options.kubeadm=false] - Initialize the cluster using Kubeadm.
+     * @param {string} [options.podNetworkCidr='192.168.0.0/16'] - Custom pod network CIDR for Kubeadm cluster initialization. Defaults to '192.168.0.0/16'.
+     * @param {string} [options.controlPlaneEndpoint=''] - Custom control plane endpoint for Kubeadm cluster initialization. Defaults to '${os.hostname()}:6443'.
      * @param {boolean} [options.k3s=false] - Initialize the cluster using K3s.
      * @param {boolean} [options.initHost=false] - Perform initial host setup (install Docker, Podman, Kind, Kubeadm, Helm).
      * @param {boolean} [options.grafana=false] - Initialize the cluster with a Grafana deployment.
@@ -79,11 +82,14 @@ class UnderpostCluster {
         reset: false,
         dev: false,
         nsUse: '',
+        namespace: 'default',
         infoCapacity: false,
         infoCapacityPod: false,
         pullImage: false,
         dedicatedGpu: false,
         kubeadm: false,
+        podNetworkCidr: '192.168.0.0/16',
+        controlPlaneEndpoint: '',
         k3s: false,
         initHost: false,
         grafana: false,
@@ -116,41 +122,26 @@ class UnderpostCluster {
       if (options.infoCapacity === true)
         return logger.info('', UnderpostCluster.API.getResourcesCapacity(options.kubeadm || options.k3s)); // Adjust for k3s
       if (options.listPods === true) return console.table(UnderpostDeploy.API.get(podName ?? undefined));
+      // Set default namespace if not specified
+      if (!options.namespace) options.namespace = 'default';
+
       if (options.nsUse && typeof options.nsUse === 'string') {
-        shellExec(`kubectl config set-context --current --namespace=${options.nsUse}`);
-        return;
-      }
-      if (options.info === true) {
-        shellExec(`kubectl config get-contexts`);
-        shellExec(`kubectl config get-clusters`);
-        shellExec(`kubectl get nodes -o wide`);
-        shellExec(`kubectl config view | grep namespace`);
-        shellExec(`kubectl get ns -o wide`);
-        shellExec(`kubectl get pvc --all-namespaces -o wide`);
-        shellExec(`kubectl get pv --all-namespaces -o wide`);
-        shellExec(`kubectl get cronjob --all-namespaces -o wide`);
-        shellExec(`kubectl get svc --all-namespaces -o wide`);
-        shellExec(`kubectl get statefulsets --all-namespaces -o wide`);
-        shellExec(`kubectl get deployments --all-namespaces -o wide`);
-        shellExec(`kubectl get configmap --all-namespaces -o wide`);
-        shellExec(`kubectl get pods --all-namespaces -o wide`);
-        shellExec(
-          `kubectl get pod --all-namespaces -o="custom-columns=NAME:.metadata.name,INIT-CONTAINERS:.spec.initContainers[*].name,CONTAINERS:.spec.containers[*].name"`,
-        );
-        shellExec(
-          `kubectl get pods --all-namespaces -o=jsonpath='{range .items[*]}{"\\n"}{.metadata.name}{":\\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'`,
-        );
-        shellExec(`sudo crictl images`);
-        console.log();
-        logger.info('contour -------------------------------------------------');
-        for (const _k of ['Cluster', 'HTTPProxy', 'ClusterIssuer', 'Certificate']) {
-          shellExec(`kubectl get ${_k} --all-namespaces -o wide`);
+        // Verify if namespace exists, create if not
+        const namespaceExists = shellExec(`kubectl get namespace ${options.nsUse} --ignore-not-found -o name`, {
+          stdout: true,
+          silent: true,
+        }).trim();
+
+        if (!namespaceExists) {
+          logger.info(`Namespace '${options.nsUse}' does not exist. Creating it...`);
+          shellExec(`kubectl create namespace ${options.nsUse}`);
+          logger.info(`Namespace '${options.nsUse}' created successfully.`);
+        } else {
+          logger.info(`Namespace '${options.nsUse}' already exists.`);
         }
-        logger.info('----------------------------------------------------------------');
-        shellExec(`kubectl get secrets --all-namespaces -o wide`);
-        shellExec(`docker secret ls`);
-        shellExec(`kubectl get crd --all-namespaces -o wide`);
-        shellExec(`sudo kubectl api-resources`);
+
+        shellExec(`kubectl config set-context --current --namespace=${options.nsUse}`);
+        logger.info(`Context switched to namespace: ${options.nsUse}`);
         return;
       }
 
@@ -230,9 +221,13 @@ class UnderpostCluster {
           logger.info('K3s comes with local-path-provisioner by default. Skipping explicit installation.');
         } else if (options.kubeadm === true) {
           logger.info('Initializing Kubeadm control plane...');
+          // Set default values if not provided
+          const podNetworkCidr = options.podNetworkCidr || '192.168.0.0/16';
+          const controlPlaneEndpoint = options.controlPlaneEndpoint || `${os.hostname()}:6443`;
+
           // Initialize kubeadm control plane
           shellExec(
-            `sudo kubeadm init --pod-network-cidr=192.168.0.0/16 --control-plane-endpoint="${os.hostname()}:6443"`,
+            `sudo kubeadm init --pod-network-cidr=${podNetworkCidr} --control-plane-endpoint="${controlPlaneEndpoint}"`,
           );
           // Configure kubectl for the current user
           UnderpostCluster.API.chown('kubeadm'); // Pass 'kubeadm' to chown
@@ -242,7 +237,11 @@ class UnderpostCluster {
           shellExec(
             `sudo kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/tigera-operator.yaml`,
           );
+          shellExec(
+            `kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/custom-resources.yaml`,
+          );
           shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/kubeadm-calico-config.yaml`);
+
           // Untaint control plane node to allow scheduling pods
           const nodeName = os.hostname();
           shellExec(`kubectl taint nodes ${nodeName} node-role.kubernetes.io/control-plane:NoSchedule-`);
@@ -286,13 +285,13 @@ class UnderpostCluster {
       }
 
       if (options.grafana === true) {
-        shellExec(`kubectl delete deployment grafana --ignore-not-found`);
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/grafana`);
+        shellExec(`kubectl delete deployment grafana -n ${options.namespace} --ignore-not-found`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/grafana -n ${options.namespace}`);
         const yaml = `${fs
           .readFileSync(`${underpostRoot}/manifests/grafana/deployment.yaml`, 'utf8')
           .replace('{{GF_SERVER_ROOT_URL}}', options.hosts.split(',')[0])}`;
         console.log(yaml);
-        shellExec(`kubectl apply -f - <<EOF
+        shellExec(`kubectl apply -f - -n ${options.namespace} <<EOF
 ${yaml}
 EOF
 `);
@@ -311,7 +310,7 @@ EOF
             .join(',')}]`,
         )}`;
         console.log(yaml);
-        shellExec(`kubectl apply -f - <<EOF
+        shellExec(`kubectl apply -f - -n ${options.namespace} <<EOF
 ${yaml}
 EOF
 `);
@@ -340,15 +339,15 @@ EOF
             // For kubeadm/k3s, ensure it's available for containerd
             shellExec(`sudo crictl pull valkey/valkey:latest`);
         }
-        shellExec(`kubectl delete statefulset valkey-service --ignore-not-found`);
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/valkey`);
+        shellExec(`kubectl delete statefulset valkey-service -n ${options.namespace} --ignore-not-found`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/valkey -n ${options.namespace}`);
         await UnderpostTest.API.statusMonitor('valkey-service', 'Running', 'pods', 1000, 60);
       }
       if (options.full === true || options.mariadb === true) {
         shellExec(
-          `sudo kubectl create secret generic mariadb-secret --from-file=username=/home/dd/engine/engine-private/mariadb-username --from-file=password=/home/dd/engine/engine-private/mariadb-password --dry-run=client -o yaml | kubectl apply -f -`,
+          `sudo kubectl create secret generic mariadb-secret --from-file=username=/home/dd/engine/engine-private/mariadb-username --from-file=password=/home/dd/engine/engine-private/mariadb-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
-        shellExec(`kubectl delete statefulset mariadb-statefulset --ignore-not-found`);
+        shellExec(`kubectl delete statefulset mariadb-statefulset -n ${options.namespace} --ignore-not-found`);
 
         if (options.pullImage === true) {
           // shellExec(`sudo podman pull mariadb:latest`);
@@ -360,17 +359,17 @@ EOF
             // For kubeadm/k3s, ensure it's available for containerd
             shellExec(`sudo crictl pull mariadb:latest`);
         }
-        shellExec(`kubectl apply -f ${underpostRoot}/manifests/mariadb/storage-class.yaml`);
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mariadb`);
+        shellExec(`kubectl apply -f ${underpostRoot}/manifests/mariadb/storage-class.yaml -n ${options.namespace}`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mariadb -n ${options.namespace}`);
       }
       if (options.full === true || options.mysql === true) {
         shellExec(
-          `sudo kubectl create secret generic mysql-secret --from-file=username=/home/dd/engine/engine-private/mysql-username --from-file=password=/home/dd/engine/engine-private/mysql-password --dry-run=client -o yaml | kubectl apply -f -`,
+          `sudo kubectl create secret generic mysql-secret --from-file=username=/home/dd/engine/engine-private/mysql-username --from-file=password=/home/dd/engine/engine-private/mysql-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
         shellExec(`sudo mkdir -p /mnt/data`);
         shellExec(`sudo chmod 777 /mnt/data`);
         shellExec(`sudo chown -R root:root /mnt/data`);
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mysql`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mysql -n ${options.namespace}`);
       }
       if (options.full === true || options.postgresql === true) {
         if (options.pullImage === true) {
@@ -383,9 +382,9 @@ EOF
             shellExec(`sudo crictl pull postgres:latest`);
         }
         shellExec(
-          `sudo kubectl create secret generic postgres-secret --from-file=password=/home/dd/engine/engine-private/postgresql-password --dry-run=client -o yaml | kubectl apply -f -`,
+          `sudo kubectl create secret generic postgres-secret --from-file=password=/home/dd/engine/engine-private/postgresql-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/postgresql`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/postgresql -n ${options.namespace}`);
       }
       if (options.mongodb4 === true) {
         if (options.pullImage === true) {
@@ -397,7 +396,7 @@ EOF
             // For kubeadm/k3s, ensure it's available for containerd
             shellExec(`sudo crictl pull mongo:4.4`);
         }
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb-4.4`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb-4.4 -n ${options.namespace}`);
 
         const deploymentName = 'mongodb-deployment';
 
@@ -428,14 +427,14 @@ EOF
             shellExec(`sudo crictl pull mongo:latest`);
         }
         shellExec(
-          `sudo kubectl create secret generic mongodb-keyfile --from-file=/home/dd/engine/engine-private/mongodb-keyfile --dry-run=client -o yaml | kubectl apply -f -`,
+          `sudo kubectl create secret generic mongodb-keyfile --from-file=/home/dd/engine/engine-private/mongodb-keyfile --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
         shellExec(
-          `sudo kubectl create secret generic mongodb-secret --from-file=username=/home/dd/engine/engine-private/mongodb-username --from-file=password=/home/dd/engine/engine-private/mongodb-password --dry-run=client -o yaml | kubectl apply -f -`,
+          `sudo kubectl create secret generic mongodb-secret --from-file=username=/home/dd/engine/engine-private/mongodb-username --from-file=password=/home/dd/engine/engine-private/mongodb-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
-        shellExec(`kubectl delete statefulset mongodb --ignore-not-found`);
-        shellExec(`kubectl apply -f ${underpostRoot}/manifests/mongodb/storage-class.yaml`);
-        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb`);
+        shellExec(`kubectl delete statefulset mongodb -n ${options.namespace} --ignore-not-found`);
+        shellExec(`kubectl apply -f ${underpostRoot}/manifests/mongodb/storage-class.yaml -n ${options.namespace}`);
+        shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb -n ${options.namespace}`);
 
         const successInstance = await UnderpostTest.API.statusMonitor('mongodb-0', 'Running', 'pods', 1000, 60 * 10);
 
@@ -459,7 +458,9 @@ EOF
         shellExec(`kubectl apply -f https://projectcontour.io/quickstart/contour.yaml`);
         if (options.kubeadm === true) {
           // Envoy service might need NodePort for kubeadm
-          shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/envoy-service-nodeport.yaml`);
+          shellExec(
+            `sudo kubectl apply -f ${underpostRoot}/manifests/envoy-service-nodeport.yaml -n ${options.namespace}`,
+          );
         }
         // K3s has a built-in LoadBalancer (Klipper-lb) that can expose services,
         // so a specific NodePort service might not be needed or can be configured differently.
@@ -479,7 +480,7 @@ EOF
 
         const letsEncName = 'letsencrypt-prod';
         shellExec(`sudo kubectl delete ClusterIssuer ${letsEncName} --ignore-not-found`);
-        shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/${letsEncName}.yaml`);
+        shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/${letsEncName}.yaml -n ${options.namespace}`);
       }
     },