raijin-server 0.2.11__py3-none-any.whl → 0.2.12__py3-none-any.whl

raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.2.11"
+__version__ = "0.2.12"
 
 __all__ = ["__version__"]

raijin_server/cli.py

@@ -32,6 +32,7 @@ from raijin_server.modules import (
     kong,
     kubernetes,
     loki,
+    metallb,
     minio,
     network,
     observability_dashboards,
@@ -85,6 +86,7 @@ MODULES: Dict[str, Callable[[ExecutionContext], None]] = {
     "vpn": vpn.run,
     "kubernetes": kubernetes.run,
     "calico": calico.run,
+    "metallb": metallb.run,
     "traefik": traefik.run,  # mover antes do cert_manager para refletir dependencia
     "cert_manager": cert_manager.run,
     "istio": istio.run,
@@ -119,6 +121,7 @@ MODULE_DESCRIPTIONS: Dict[str, str] = {
     "vpn": "Provisiona WireGuard com cliente inicial",
     "kubernetes": "Instala kubeadm/kubelet/kubectl e inicializa cluster",
     "calico": "CNI Calico e politica default deny",
+    "metallb": "LoadBalancer em bare metal (pool L2)",
     "cert_manager": "Instala cert-manager e ClusterIssuer ACME",
     "istio": "Service mesh Istio via Helm",
     "traefik": "Ingress controller Traefik com TLS",

raijin_server/modules/metallb.py

@@ -0,0 +1,85 @@
+"""Provisiona MetalLB (L2) com pool de IPs para LoadBalancer em ambientes bare metal."""
+
+import typer
+
+from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
+
+
+def run(ctx: ExecutionContext) -> None:
+    require_root(ctx)
+    typer.echo("Instalando MetalLB via Helm...")
+
+    pool = typer.prompt(
+        "Pool de IPs (range ou CIDR) para services LoadBalancer",
+        default="192.168.1.240-192.168.1.250",
+    )
+
+    # Instala control-plane + speaker
+    helm_upgrade_install(
+        release="metallb",
+        chart="metallb",
+        namespace="metallb-system",
+        repo="metallb",
+        repo_url="https://metallb.github.io/metallb",
+        ctx=ctx,
+        values=[],
+    )
+
+    # Espera recursos principais ficarem prontos
+    run_cmd(
+        [
+            "kubectl",
+            "-n",
+            "metallb-system",
+            "rollout",
+            "status",
+            "deployment/controller",
+            "--timeout",
+            "180s",
+        ],
+        ctx,
+        check=False,
+    )
+    run_cmd(
+        [
+            "kubectl",
+            "-n",
+            "metallb-system",
+            "rollout",
+            "status",
+            "daemonset/speaker",
+            "--timeout",
+            "180s",
+        ],
+        ctx,
+        check=False,
+    )
+
+    # Aplica IPAddressPool + L2Advertisement
+    manifest = f"""
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: raijin-pool
+  namespace: metallb-system
+spec:
+  addresses:
+    - {pool}
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: raijin-l2
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+    - raijin-pool
+"""
+
+    run_cmd(
+        f"echo '{manifest}' | kubectl apply -f -",
+        ctx,
+        use_shell=True,
+    )
+
+    typer.secho("\n✓ MetalLB aplicado. Services LoadBalancer usarao o pool informado.", fg=typer.colors.GREEN, bold=True)

raijin_server/modules/traefik.py

@@ -1,8 +1,34 @@
 """Configuracao do Traefik via Helm com TLS/ACME e ingressClass."""
 
+import socket
+
 import typer
 
-from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root
+from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
+
+
+def _detect_node_name(ctx: ExecutionContext) -> str:
+    """Tenta obter o nome do node via kubectl; fallback para hostname local.
+
+    Em execucao no control-plane, o nome do node retornado pelo kubeadm init e o desejado
+    para o nodeSelector (kubernetes.io/hostname)."""
+
+    result = run_cmd(
+        [
+            "kubectl",
+            "get",
+            "nodes",
+            "-o",
+            "jsonpath={.items[0].metadata.name}",
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        node_name = (result.stdout or "").strip()
+        if node_name:
+            return node_name
+    return socket.gethostname()
 
 
 def run(ctx: ExecutionContext) -> None:
@@ -12,6 +38,8 @@ def run(ctx: ExecutionContext) -> None:
     acme_email = typer.prompt("Email para ACME/Let's Encrypt", default="admin@example.com")
     dashboard_host = typer.prompt("Host para dashboard (opcional)", default="traefik.local")
 
+    node_name = _detect_node_name(ctx)
+
     values = [
         "ingressClass.enabled=true",
         "ingressClass.isDefaultClass=true",
@@ -21,6 +49,14 @@ def run(ctx: ExecutionContext) -> None:
         "certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web",
         "logs.general.level=INFO",
         "providers.kubernetesIngress.ingressClass=traefik",
+        # Permite agendar em control-plane de cluster single-node
+        "tolerations[0].key=node-role.kubernetes.io/control-plane",
+        "tolerations[0].operator=Exists",
+        "tolerations[0].effect=NoSchedule",
+        "tolerations[1].key=node-role.kubernetes.io/master",
+        "tolerations[1].operator=Exists",
+        "tolerations[1].effect=NoSchedule",
+        f"nodeSelector.kubernetes.io/hostname={node_name}",
     ]
 
     if dashboard_host:

raijin_server/validators.py

@@ -19,6 +19,7 @@ from raijin_server.utils import ExecutionContext, logger
 MODULE_DEPENDENCIES = {
     "kubernetes": ["essentials", "network", "firewall"],
     "calico": ["kubernetes"],
+    "metallb": ["kubernetes"],
     "cert_manager": ["kubernetes", "traefik"],
     "istio": ["kubernetes", "calico"],
     "traefik": ["kubernetes"],

{raijin_server-0.2.11.dist-info → raijin_server-0.2.12.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.11
+Version: 0.2.12
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin
@@ -188,6 +188,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server debug journal --service containerd --
 - **Publicação PyPI**: ver seção "Publicar no PyPI" abaixo
 - **CNI automático**: Calico aplicado automaticamente no passo Kubernetes (override com `RAIJIN_CNI=none`)
 	- Para reaplicar CNI (forçar mesmo se já houver): `RAIJIN_FORCE_CNI=1`
+- **LoadBalancer bare metal**: módulo `metallb` aplica pool L2 para Services `LoadBalancer`
 
 ## Fluxo de Execução Recomendado
 
@@ -204,6 +205,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server firewall
 # 3. Kubernetes
 sudo -E ~/.venvs/midgard/bin/raijin-server kubernetes
 sudo -E ~/.venvs/midgard/bin/raijin-server calico
+sudo -E ~/.venvs/midgard/bin/raijin-server metallb  # se ambiente bare metal e quiser Service LoadBalancer
 sudo -E ~/.venvs/midgard/bin/raijin-server secrets
 sudo -E ~/.venvs/midgard/bin/raijin-server cert-manager
 

{raijin_server-0.2.11.dist-info → raijin_server-0.2.12.dist-info}/RECORD

@@ -1,9 +1,9 @@
-raijin_server/__init__.py,sha256=X-WgXauA_EB6WFZnnOWQLbz2ucFYbMATjTaZtzqA67A,95
-raijin_server/cli.py,sha256=DwzUP5Ps-vgiOwXRjACukgHWFo-7FAnDrILbgWhs2ys,28475
+raijin_server/__init__.py,sha256=8EQqPmA-imVG2M15r3TTUVfAWVTZtkqrtafb-1P_NAE,95
+raijin_server/cli.py,sha256=71nn7QN0f3MJkXcHr0STXmxljr-CaPibzOoiItbOT88,28571
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
 raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
 raijin_server/utils.py,sha256=9RnGnPoUTYOpMVRLNa4P4lIQrJNQLkSkPUxycZRGv78,20827
-raijin_server/validators.py,sha256=-V3BX1hF_i2on7v-7Gu6u4ilhQaVJX4jTnwqvR3uEng,9432
+raijin_server/validators.py,sha256=5SpGz0aDmt60v19KJQSU-VpQOVc3WyNJQn45acUhq0Q,9463
 raijin_server/modules/__init__.py,sha256=e_IbkhLGPcF8to9QUmIESP6fpcTOYcIhaXLKIvqRJMY,920
 raijin_server/modules/apokolips_demo.py,sha256=8ltsXRbVDwlDwLMIvh02NG-FeAfBWw_v6lh7IGOyNqs,13725
 raijin_server/modules/bootstrap.py,sha256=oVIGNRW_JbgY8zXNHGAIP0vGbbHNHyQexthxo5zhbcw,9762
@@ -20,6 +20,7 @@ raijin_server/modules/kafka.py,sha256=bp8k_IhuAIO6dL0IpK1UxxLZoGih6nJp0ZnzwmiZEj
 raijin_server/modules/kong.py,sha256=2EZKYBmBhm_7Nduw9PWrvrekp0VCxQbc2gElpAJqKfg,491
 raijin_server/modules/kubernetes.py,sha256=waSf2cCVnLicN5o3M47MzMzmHHtvKeFXm1__8ynQzA0,11871
 raijin_server/modules/loki.py,sha256=erwFfSiSFOv-Ul3nFdrI2RElPYuqqBPBBa_MJAwyLys,676
+raijin_server/modules/metallb.py,sha256=Lu25tU1O00ObqNeIGrpMJhSxPOEeCN4tI9z18Xqqtpk,1918
 raijin_server/modules/minio.py,sha256=BVvsEaJlJUV92_ep7pKsBhSYPjWZrDOB3J6XAWYAHYg,486
 raijin_server/modules/network.py,sha256=QRlYdcryCCPAWG3QQ_W7ld9gJgETI7H8gwntOU7UqFE,4818
 raijin_server/modules/observability_dashboards.py,sha256=fVz0WEOQrUTF5rJ__Nu_onyBuwL_exFmysWMmg8AE9w,7319
@@ -28,7 +29,7 @@ raijin_server/modules/prometheus.py,sha256=Rs9BREmaoKlyteNdAQZnSIeJfsRO0RQKyyL2g
 raijin_server/modules/sanitize.py,sha256=_RnWn1DUuNrzx3NnKEbMvf5iicgjiN_ubwT59e0rYWY,6040
 raijin_server/modules/secrets.py,sha256=xpV3gIMnwQdAI2j69Ck5daIK4wlYJA_1rkWTtSfVNk0,3715
 raijin_server/modules/ssh_hardening.py,sha256=oQdk-EVnEHNMKIWvoFuZzI4jK0nNO8IAY4hkB4pj8zw,4025
-raijin_server/modules/traefik.py,sha256=Uj7RljGl6goVrpiTqHe0MYdFmIYaFrTk1OJcIVvXiwg,1321
+raijin_server/modules/traefik.py,sha256=hHjWl8UQodm_wwVOp0TzeYCVf3SpHt_tbgQtvkJi8FY,2467
 raijin_server/modules/velero.py,sha256=_CV0QQnWr5L-CWXDOiD9Ef4J7GaQT-s9yNBwqp_FLOY,1395
 raijin_server/modules/vpn.py,sha256=hF-0vA17VKTxhQLDBSEeqI5aPQpiaaj4IpUf9l6lr64,8297
 raijin_server/scripts/__init__.py,sha256=deduGfHf8BMVWred4ux5LfBDT2NJ5XYeJAt2sDEU4qs,53
@@ -36,9 +37,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.2.11.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.2.11.dist-info/METADATA,sha256=Hhlmq5QeE3oviScZiun7MNj28psTCSQ44EPIAmCpREk,22276
-raijin_server-0.2.11.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.2.11.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.2.11.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.2.11.dist-info/RECORD,,
+raijin_server-0.2.12.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.2.12.dist-info/METADATA,sha256=CcMKtrz7OPs4ThoJ7d-ivF4RYeZ_bekHlwi8XrzOnDw,22476
+raijin_server-0.2.12.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.2.12.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.2.12.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.2.12.dist-info/RECORD,,