raijin-server 0.2.11__tar.gz → 0.2.13__tar.gz

{raijin_server-0.2.11/src/raijin_server.egg-info → raijin_server-0.2.13}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.11
+Version: 0.2.13
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin
@@ -188,6 +188,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server debug journal --service containerd --
 - **Publicação PyPI**: ver seção "Publicar no PyPI" abaixo
 - **CNI automático**: Calico aplicado automaticamente no passo Kubernetes (override com `RAIJIN_CNI=none`)
 	- Para reaplicar CNI (forçar mesmo se já houver): `RAIJIN_FORCE_CNI=1`
+- **LoadBalancer bare metal**: módulo `metallb` aplica pool L2 para Services `LoadBalancer`
 
 ## Fluxo de Execução Recomendado
 
@@ -204,6 +205,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server firewall
 # 3. Kubernetes
 sudo -E ~/.venvs/midgard/bin/raijin-server kubernetes
 sudo -E ~/.venvs/midgard/bin/raijin-server calico
+sudo -E ~/.venvs/midgard/bin/raijin-server metallb  # se ambiente bare metal e quiser Service LoadBalancer
 sudo -E ~/.venvs/midgard/bin/raijin-server secrets
 sudo -E ~/.venvs/midgard/bin/raijin-server cert-manager
 

{raijin_server-0.2.11 → raijin_server-0.2.13}/README.md

@@ -155,6 +155,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server debug journal --service containerd --
 - **Publicação PyPI**: ver seção "Publicar no PyPI" abaixo
 - **CNI automático**: Calico aplicado automaticamente no passo Kubernetes (override com `RAIJIN_CNI=none`)
 	- Para reaplicar CNI (forçar mesmo se já houver): `RAIJIN_FORCE_CNI=1`
+- **LoadBalancer bare metal**: módulo `metallb` aplica pool L2 para Services `LoadBalancer`
 
 ## Fluxo de Execução Recomendado
 
@@ -171,6 +172,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server firewall
 # 3. Kubernetes
 sudo -E ~/.venvs/midgard/bin/raijin-server kubernetes
 sudo -E ~/.venvs/midgard/bin/raijin-server calico
+sudo -E ~/.venvs/midgard/bin/raijin-server metallb  # se ambiente bare metal e quiser Service LoadBalancer
 sudo -E ~/.venvs/midgard/bin/raijin-server secrets
 sudo -E ~/.venvs/midgard/bin/raijin-server cert-manager
 

{raijin_server-0.2.11 → raijin_server-0.2.13}/setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = raijin-server
-version = 0.2.11
+version = 0.2.13
 description = CLI para automacao de setup e hardening de servidores Ubuntu Server.
 long_description = file: README.md
 long_description_content_type = text/markdown

raijin_server-0.2.13/src/raijin_server/__init__.py

@@ -0,0 +1,5 @@
+"""Pacote principal do CLI Raijin Server."""
+
+__version__ = "0.2.13"
+
+__all__ = ["__version__"]

{raijin_server-0.2.11 → raijin_server-0.2.13}/src/raijin_server/cli.py

@@ -32,6 +32,7 @@ from raijin_server.modules import (
     kong,
     kubernetes,
     loki,
+    metallb,
     minio,
     network,
     observability_dashboards,
@@ -85,6 +86,7 @@ MODULES: Dict[str, Callable[[ExecutionContext], None]] = {
     "vpn": vpn.run,
     "kubernetes": kubernetes.run,
     "calico": calico.run,
+    "metallb": metallb.run,
     "traefik": traefik.run,  # mover antes do cert_manager para refletir dependencia
     "cert_manager": cert_manager.run,
     "istio": istio.run,
@@ -119,6 +121,7 @@ MODULE_DESCRIPTIONS: Dict[str, str] = {
     "vpn": "Provisiona WireGuard com cliente inicial",
     "kubernetes": "Instala kubeadm/kubelet/kubectl e inicializa cluster",
     "calico": "CNI Calico e politica default deny",
+    "metallb": "LoadBalancer em bare metal (pool L2)",
     "cert_manager": "Instala cert-manager e ClusterIssuer ACME",
     "istio": "Service mesh Istio via Helm",
     "traefik": "Ingress controller Traefik com TLS",

raijin_server-0.2.13/src/raijin_server/modules/metallb.py

@@ -0,0 +1,97 @@
+"""Provisiona MetalLB (L2) com pool de IPs para LoadBalancer em ambientes bare metal."""
+
+import typer
+
+from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
+
+
+def _rollout_wait(kind: str, name: str, ctx: ExecutionContext) -> None:
+    run_cmd([
+        "kubectl",
+        "-n",
+        "metallb-system",
+        "rollout",
+        "status",
+        f"{kind}/{name}",
+        "--timeout",
+        "180s",
+    ], ctx, check=False)
+
+
+def _wait_webhook(ctx: ExecutionContext) -> None:
+    # Descobre o nome do deployment do webhook (varia conforme chart), entao aguarda disponibilidade
+    result = run_cmd(
+        [
+            "kubectl",
+            "-n",
+            "metallb-system",
+            "get",
+            "deploy",
+            "-l",
+            "app.kubernetes.io/component=webhook",
+            "-o",
+            "jsonpath={.items[0].metadata.name}",
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        name = (result.stdout or "").strip()
+        if name:
+            _rollout_wait("deployment", name, ctx)
+
+
+def run(ctx: ExecutionContext) -> None:
+    require_root(ctx)
+    typer.echo("Instalando MetalLB via Helm...")
+
+    pool = typer.prompt(
+        "Pool de IPs (range ou CIDR) para services LoadBalancer",
+        default="192.168.1.240-192.168.1.250",
+    )
+
+    # Instala control-plane + speaker
+    helm_upgrade_install(
+        release="metallb",
+        chart="metallb",
+        namespace="metallb-system",
+        repo="metallb",
+        repo_url="https://metallb.github.io/metallb",
+        ctx=ctx,
+        values=[],
+    )
+
+    # Espera recursos principais ficarem prontos
+    _rollout_wait("deployment", "controller", ctx)
+    _rollout_wait("daemonset", "speaker", ctx)
+    _wait_webhook(ctx)
+    run_cmd(["sleep", "5"], ctx, check=False)  # pequeno buffer para webhook responder
+
+    # Aplica IPAddressPool + L2Advertisement
+    manifest = f"""
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: raijin-pool
+  namespace: metallb-system
+spec:
+  addresses:
+    - {pool}
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: raijin-l2
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+    - raijin-pool
+"""
+
+    run_cmd(
+        f"echo '{manifest}' | kubectl apply -f -",
+        ctx,
+        use_shell=True,
+    )
+
+    typer.secho("\n✓ MetalLB aplicado. Services LoadBalancer usarao o pool informado.", fg=typer.colors.GREEN, bold=True)

{raijin_server-0.2.11 → raijin_server-0.2.13}/src/raijin_server/modules/traefik.py

@@ -1,8 +1,34 @@
 """Configuracao do Traefik via Helm com TLS/ACME e ingressClass."""
 
+import socket
+
 import typer
 
-from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root
+from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
+
+
+def _detect_node_name(ctx: ExecutionContext) -> str:
+    """Tenta obter o nome do node via kubectl; fallback para hostname local.
+
+    Em execucao no control-plane, o nome do node retornado pelo kubeadm init e o desejado
+    para o nodeSelector (kubernetes.io/hostname)."""
+
+    result = run_cmd(
+        [
+            "kubectl",
+            "get",
+            "nodes",
+            "-o",
+            "jsonpath={.items[0].metadata.name}",
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        node_name = (result.stdout or "").strip()
+        if node_name:
+            return node_name
+    return socket.gethostname()
 
 
 def run(ctx: ExecutionContext) -> None:
@@ -12,6 +38,8 @@ def run(ctx: ExecutionContext) -> None:
     acme_email = typer.prompt("Email para ACME/Let's Encrypt", default="admin@example.com")
     dashboard_host = typer.prompt("Host para dashboard (opcional)", default="traefik.local")
 
+    node_name = _detect_node_name(ctx)
+
     values = [
         "ingressClass.enabled=true",
         "ingressClass.isDefaultClass=true",
@@ -21,6 +49,14 @@ def run(ctx: ExecutionContext) -> None:
         "certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web",
         "logs.general.level=INFO",
         "providers.kubernetesIngress.ingressClass=traefik",
+        # Permite agendar em control-plane de cluster single-node
+        "tolerations[0].key=node-role.kubernetes.io/control-plane",
+        "tolerations[0].operator=Exists",
+        "tolerations[0].effect=NoSchedule",
+        "tolerations[1].key=node-role.kubernetes.io/master",
+        "tolerations[1].operator=Exists",
+        "tolerations[1].effect=NoSchedule",
+        f"nodeSelector.kubernetes.io/hostname={node_name}",
     ]
 
     if dashboard_host:

{raijin_server-0.2.11 → raijin_server-0.2.13}/src/raijin_server/validators.py

@@ -19,6 +19,7 @@ from raijin_server.utils import ExecutionContext, logger
 MODULE_DEPENDENCIES = {
     "kubernetes": ["essentials", "network", "firewall"],
     "calico": ["kubernetes"],
+    "metallb": ["kubernetes"],
     "cert_manager": ["kubernetes", "traefik"],
     "istio": ["kubernetes", "calico"],
     "traefik": ["kubernetes"],

{raijin_server-0.2.11 → raijin_server-0.2.13/src/raijin_server.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.11
+Version: 0.2.13
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin
@@ -188,6 +188,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server debug journal --service containerd --
 - **Publicação PyPI**: ver seção "Publicar no PyPI" abaixo
 - **CNI automático**: Calico aplicado automaticamente no passo Kubernetes (override com `RAIJIN_CNI=none`)
 	- Para reaplicar CNI (forçar mesmo se já houver): `RAIJIN_FORCE_CNI=1`
+- **LoadBalancer bare metal**: módulo `metallb` aplica pool L2 para Services `LoadBalancer`
 
 ## Fluxo de Execução Recomendado
 
@@ -204,6 +205,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server firewall
 # 3. Kubernetes
 sudo -E ~/.venvs/midgard/bin/raijin-server kubernetes
 sudo -E ~/.venvs/midgard/bin/raijin-server calico
+sudo -E ~/.venvs/midgard/bin/raijin-server metallb  # se ambiente bare metal e quiser Service LoadBalancer
 sudo -E ~/.venvs/midgard/bin/raijin-server secrets
 sudo -E ~/.venvs/midgard/bin/raijin-server cert-manager
 

{raijin_server-0.2.11 → raijin_server-0.2.13}/src/raijin_server.egg-info/SOURCES.txt

@@ -30,6 +30,7 @@ src/raijin_server/modules/kafka.py
 src/raijin_server/modules/kong.py
 src/raijin_server/modules/kubernetes.py
 src/raijin_server/modules/loki.py
+src/raijin_server/modules/metallb.py
 src/raijin_server/modules/minio.py
 src/raijin_server/modules/network.py
 src/raijin_server/modules/observability_dashboards.py

raijin_server-0.2.11/src/raijin_server/__init__.py

@@ -1,5 +0,0 @@
-"""Pacote principal do CLI Raijin Server."""
-
-__version__ = "0.2.11"
-
-__all__ = ["__version__"]