PyPI - raijin-server - Versions diffs - 0.2.21__py3-none-any.whl → 0.2.23__py3-none-any.whl - Mend

raijin-server 0.2.21py3-none-any.whl → 0.2.23py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

raijin_server/__init__.py +1 -1
raijin_server/modules/cert_manager.py +83 -0
raijin_server/modules/grafana.py +138 -2
raijin_server/modules/harness.py +127 -12
raijin_server/modules/istio.py +155 -5
raijin_server/modules/kafka.py +166 -12
raijin_server/modules/kong.py +148 -4
raijin_server/modules/loki.py +155 -9
raijin_server/modules/minio.py +181 -4
raijin_server/modules/prometheus.py +160 -1
raijin_server/modules/secrets.py +189 -5
raijin_server/modules/velero.py +141 -22
{raijin_server-0.2.21.dist-info → raijin_server-0.2.23.dist-info}/METADATA +1 -1
{raijin_server-0.2.21.dist-info → raijin_server-0.2.23.dist-info}/RECORD +18 -18
{raijin_server-0.2.21.dist-info → raijin_server-0.2.23.dist-info}/WHEEL +0 -0
{raijin_server-0.2.21.dist-info → raijin_server-0.2.23.dist-info}/entry_points.txt +0 -0
{raijin_server-0.2.21.dist-info → raijin_server-0.2.23.dist-info}/licenses/LICENSE +0 -0
{raijin_server-0.2.21.dist-info → raijin_server-0.2.23.dist-info}/top_level.txt +0 -0

raijin_server/modules/minio.py CHANGED Viewed

@@ -1,13 +1,174 @@
-"""Deploy do MinIO via Helm."""
+"""Deploy do MinIO via Helm com configuracoes production-ready."""
+import secrets
+import socket
+import time
 import typer
-from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root
+from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
+def _detect_node_name(ctx: ExecutionContext) -> str:
+    """Detecta nome do node para nodeSelector."""
+    result = run_cmd(
+        ["kubectl", "get", "nodes", "-o", "jsonpath={.items[0].metadata.name}"],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0 and (result.stdout or "").strip():
+        return (result.stdout or "").strip()
+    return socket.gethostname()
+def _generate_secret(length: int = 32) -> str:
+    """Gera secret aleatório seguro."""
+    return secrets.token_urlsafe(length)[:length]
+def _check_existing_minio(ctx: ExecutionContext) -> bool:
+    """Verifica se existe instalacao do MinIO."""
+    result = run_cmd(
+        ["helm", "status", "minio", "-n", "minio"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+def _uninstall_minio(ctx: ExecutionContext) -> None:
+    """Remove instalacao anterior do MinIO."""
+    typer.echo("Removendo instalacao anterior do MinIO...")
+    run_cmd(
+        ["helm", "uninstall", "minio", "-n", "minio"],
+        ctx,
+        check=False,
+    )
+    # Pergunta se quer remover PVCs (dados)
+    remove_data = typer.confirm(
+        "Remover PVCs (dados persistentes)?",
+        default=False,
+    )
+    if remove_data:
+        run_cmd(
+            ["kubectl", "-n", "minio", "delete", "pvc", "--all"],
+            ctx,
+            check=False,
+        )
+    run_cmd(
+        ["kubectl", "delete", "namespace", "minio", "--ignore-not-found"],
+        ctx,
+        check=False,
+    )
+    time.sleep(5)
+def _wait_for_minio_ready(ctx: ExecutionContext, timeout: int = 180) -> bool:
+    """Aguarda pods do MinIO ficarem Ready."""
+    typer.echo("Aguardando pods do MinIO ficarem Ready...")
+    deadline = time.time() + timeout
+    while time.time() < deadline:
+        result = run_cmd(
+            [
+                "kubectl", "-n", "minio", "get", "pods",
+                "-o", "jsonpath={range .items[*]}{.metadata.name}={.status.phase} {end}",
+            ],
+            ctx,
+            check=False,
+        )
+        if result.returncode == 0:
+            output = (result.stdout or "").strip()
+            if output:
+                pods = []
+                for item in output.split():
+                    if "=" in item:
+                        parts = item.rsplit("=", 1)
+                        if len(parts) == 2:
+                            pods.append((parts[0], parts[1]))
+                if pods and all(phase == "Running" for _, phase in pods):
+                    typer.secho(f"  Todos os {len(pods)} pods Running.", fg=typer.colors.GREEN)
+                    return True
+                pending = [name for name, phase in pods if phase != "Running"]
+                if pending:
+                    typer.echo(f"  Aguardando: {', '.join(pending[:3])}...")
+        time.sleep(10)
+    typer.secho("  Timeout aguardando pods do MinIO.", fg=typer.colors.YELLOW)
+    return False
 def run(ctx: ExecutionContext) -> None:
     require_root(ctx)
-    typer.echo("Instalando MinIO via Helm (modo standalone)...")
+    typer.echo("Instalando MinIO via Helm...")
+    # Prompt opcional de limpeza
+    if _check_existing_minio(ctx):
+        cleanup = typer.confirm(
+            "Instalacao anterior do MinIO detectada. Limpar antes de reinstalar?",
+            default=False,
+        )
+        if cleanup:
+            _uninstall_minio(ctx)
+    # Configuracoes interativas
+    mode = typer.prompt(
+        "Modo de operacao (standalone/distributed)",
+        default="standalone",
+    )
+    root_user = typer.prompt("Root user (admin)", default="minio-admin")
+    root_password = typer.prompt(
+        "Root password (deixe vazio para gerar)",
+        default="",
+        hide_input=True,
+    )
+    if not root_password:
+        root_password = _generate_secret(24)
+        typer.secho(f"  Password gerado: {root_password}", fg=typer.colors.CYAN)
+    persistence_size = typer.prompt("Tamanho do storage (ex: 10Gi, 50Gi)", default="10Gi")
+    enable_console = typer.confirm("Habilitar Console Web?", default=True)
+    node_name = _detect_node_name(ctx)
+    values = [
+        f"mode={mode}",
+        f"rootUser={root_user}",
+        f"rootPassword={root_password}",
+        # Persistence
+        "persistence.enabled=true",
+        f"persistence.size={persistence_size}",
+        # Resources (production defaults)
+        "resources.requests.memory=512Mi",
+        "resources.requests.cpu=250m",
+        "resources.limits.memory=1Gi",
+        # Tolerations para control-plane
+        "tolerations[0].key=node-role.kubernetes.io/control-plane",
+        "tolerations[0].operator=Exists",
+        "tolerations[0].effect=NoSchedule",
+        "tolerations[1].key=node-role.kubernetes.io/master",
+        "tolerations[1].operator=Exists",
+        "tolerations[1].effect=NoSchedule",
+        # NodeSelector
+        f"nodeSelector.kubernetes\\.io/hostname={node_name}",
+    ]
+    # Console
+    if enable_console:
+        values.extend([
+            "consoleService.type=ClusterIP",
+            "consoleIngress.enabled=false",
+        ])
     helm_upgrade_install(
         release="minio",
         chart="minio",
@@ -15,5 +176,21 @@ def run(ctx: ExecutionContext) -> None:
         repo="minio",
         repo_url="https://charts.min.io/",
         ctx=ctx,
-        values=["mode=standalone"],
+        values=values,
     )
+    # Aguarda pods ficarem prontos
+    if not ctx.dry_run:
+        _wait_for_minio_ready(ctx)
+    # Mostra informacoes uteis
+    typer.secho("\n✓ MinIO instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
+    typer.echo("\nCredenciais:")
+    typer.echo(f"  Root User: {root_user}")
+    typer.echo(f"  Root Password: {root_password}")
+    typer.echo("\nPara acessar a API (port-forward):")
+    typer.echo("  kubectl -n minio port-forward svc/minio 9000:9000")
+    if enable_console:
+        typer.echo("\nPara acessar o Console Web (port-forward):")
+        typer.echo("  kubectl -n minio port-forward svc/minio-console 9001:9001")
+        typer.echo("  Acesse: http://localhost:9001")

raijin_server/modules/prometheus.py CHANGED Viewed

@@ -2,6 +2,9 @@
 from __future__ import annotations
+import socket
+import time
 import typer
 from raijin_server.utils import (
@@ -15,6 +18,18 @@ from raijin_server.utils import (
 DEFAULT_NAMESPACE = "observability"
+def _detect_node_name(ctx: ExecutionContext) -> str:
+    """Detecta nome do node para nodeSelector."""
+    result = run_cmd(
+        ["kubectl", "get", "nodes", "-o", "jsonpath={.items[0].metadata.name}"],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0 and (result.stdout or "").strip():
+        return (result.stdout or "").strip()
+    return socket.gethostname()
 def _get_default_storage_class(ctx: ExecutionContext) -> str:
     if ctx.dry_run:
         return ""
@@ -41,6 +56,96 @@ def _ensure_cluster_access(ctx: ExecutionContext) -> None:
         raise typer.Exit(code=1)
+def _check_existing_prometheus(ctx: ExecutionContext, namespace: str) -> bool:
+    """Verifica se existe instalacao do Prometheus Stack."""
+    result = run_cmd(
+        ["helm", "status", "kube-prometheus-stack", "-n", namespace],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+def _uninstall_prometheus(ctx: ExecutionContext, namespace: str) -> None:
+    """Remove instalacao anterior do Prometheus Stack."""
+    typer.echo("Removendo instalacao anterior do kube-prometheus-stack...")
+    run_cmd(
+        ["helm", "uninstall", "kube-prometheus-stack", "-n", namespace],
+        ctx,
+        check=False,
+    )
+    # Remove CRDs if requested
+    remove_crds = typer.confirm("Remover CRDs do Prometheus (pode afetar outros operadores)?", default=False)
+    if remove_crds:
+        crds = [
+            "alertmanagerconfigs.monitoring.coreos.com",
+            "alertmanagers.monitoring.coreos.com",
+            "podmonitors.monitoring.coreos.com",
+            "probes.monitoring.coreos.com",
+            "prometheusagents.monitoring.coreos.com",
+            "prometheuses.monitoring.coreos.com",
+            "prometheusrules.monitoring.coreos.com",
+            "scrapeconfigs.monitoring.coreos.com",
+            "servicemonitors.monitoring.coreos.com",
+            "thanosrulers.monitoring.coreos.com",
+        ]
+        for crd in crds:
+            run_cmd(["kubectl", "delete", "crd", crd], ctx, check=False)
+    remove_data = typer.confirm("Remover PVCs (dados persistentes)?", default=False)
+    if remove_data:
+        run_cmd(
+            ["kubectl", "-n", namespace, "delete", "pvc", "-l", "app.kubernetes.io/name=prometheus"],
+            ctx,
+            check=False,
+        )
+        run_cmd(
+            ["kubectl", "-n", namespace, "delete", "pvc", "-l", "app.kubernetes.io/name=alertmanager"],
+            ctx,
+            check=False,
+        )
+    time.sleep(5)
+def _wait_for_prometheus_ready(ctx: ExecutionContext, namespace: str, timeout: int = 300) -> bool:
+    """Aguarda pods do Prometheus Stack ficarem Ready."""
+    typer.echo("Aguardando pods do Prometheus Stack ficarem Ready...")
+    deadline = time.time() + timeout
+    while time.time() < deadline:
+        result = run_cmd(
+            [
+                "kubectl", "-n", namespace, "get", "pods",
+                "-l", "app.kubernetes.io/instance=kube-prometheus-stack",
+                "-o", "jsonpath={range .items[*]}{.metadata.name}={.status.phase} {end}",
+            ],
+            ctx,
+            check=False,
+        )
+        if result.returncode == 0:
+            output = (result.stdout or "").strip()
+            if output:
+                pods = []
+                for item in output.split():
+                    if "=" in item:
+                        parts = item.rsplit("=", 1)
+                        if len(parts) == 2:
+                            pods.append((parts[0], parts[1]))
+                if pods and all(phase == "Running" for _, phase in pods):
+                    typer.secho("  Prometheus Stack Ready.", fg=typer.colors.GREEN)
+                    return True
+        time.sleep(10)
+    typer.secho("  Timeout aguardando Prometheus Stack.", fg=typer.colors.YELLOW)
+    return False
 def run(ctx: ExecutionContext) -> None:
     require_root(ctx)
     _ensure_cluster_access(ctx)
@@ -48,6 +153,16 @@ def run(ctx: ExecutionContext) -> None:
     typer.echo("Instalando kube-prometheus-stack via Helm...")
     namespace = typer.prompt("Namespace destino", default=DEFAULT_NAMESPACE)
+    # Prompt opcional de limpeza
+    if _check_existing_prometheus(ctx, namespace):
+        cleanup = typer.confirm(
+            "Instalacao anterior do Prometheus Stack detectada. Limpar antes de reinstalar?",
+            default=False,
+        )
+        if cleanup:
+            _uninstall_prometheus(ctx, namespace)
     kubectl_create_ns(namespace, ctx)
     default_sc = _get_default_storage_class(ctx)
@@ -55,6 +170,8 @@ def run(ctx: ExecutionContext) -> None:
         "Habilitar PVC para Prometheus e Alertmanager?", default=bool(default_sc)
     )
+    node_name = _detect_node_name(ctx)
     values = [
         "grafana.enabled=false",
         "prometheus.prometheusSpec.retention=15d",
@@ -62,6 +179,41 @@ def run(ctx: ExecutionContext) -> None:
         "prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false",
         "prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false",
         "defaultRules.create=true",
+        # Tolerations for control-plane nodes
+        "prometheus.prometheusSpec.tolerations[0].key=node-role.kubernetes.io/control-plane",
+        "prometheus.prometheusSpec.tolerations[0].operator=Exists",
+        "prometheus.prometheusSpec.tolerations[0].effect=NoSchedule",
+        "prometheus.prometheusSpec.tolerations[1].key=node-role.kubernetes.io/master",
+        "prometheus.prometheusSpec.tolerations[1].operator=Exists",
+        "prometheus.prometheusSpec.tolerations[1].effect=NoSchedule",
+        "alertmanager.alertmanagerSpec.tolerations[0].key=node-role.kubernetes.io/control-plane",
+        "alertmanager.alertmanagerSpec.tolerations[0].operator=Exists",
+        "alertmanager.alertmanagerSpec.tolerations[0].effect=NoSchedule",
+        "alertmanager.alertmanagerSpec.tolerations[1].key=node-role.kubernetes.io/master",
+        "alertmanager.alertmanagerSpec.tolerations[1].operator=Exists",
+        "alertmanager.alertmanagerSpec.tolerations[1].effect=NoSchedule",
+        "prometheusOperator.tolerations[0].key=node-role.kubernetes.io/control-plane",
+        "prometheusOperator.tolerations[0].operator=Exists",
+        "prometheusOperator.tolerations[0].effect=NoSchedule",
+        "prometheusOperator.tolerations[1].key=node-role.kubernetes.io/master",
+        "prometheusOperator.tolerations[1].operator=Exists",
+        "prometheusOperator.tolerations[1].effect=NoSchedule",
+        "kube-state-metrics.tolerations[0].key=node-role.kubernetes.io/control-plane",
+        "kube-state-metrics.tolerations[0].operator=Exists",
+        "kube-state-metrics.tolerations[0].effect=NoSchedule",
+        "kube-state-metrics.tolerations[1].key=node-role.kubernetes.io/master",
+        "kube-state-metrics.tolerations[1].operator=Exists",
+        "kube-state-metrics.tolerations[1].effect=NoSchedule",
+        "prometheus-node-exporter.tolerations[0].key=node-role.kubernetes.io/control-plane",
+        "prometheus-node-exporter.tolerations[0].operator=Exists",
+        "prometheus-node-exporter.tolerations[0].effect=NoSchedule",
+        "prometheus-node-exporter.tolerations[1].key=node-role.kubernetes.io/master",
+        "prometheus-node-exporter.tolerations[1].operator=Exists",
+        "prometheus-node-exporter.tolerations[1].effect=NoSchedule",
+        # NodeSelector
+        f"prometheus.prometheusSpec.nodeSelector.kubernetes\\.io/hostname={node_name}",
+        f"alertmanager.alertmanagerSpec.nodeSelector.kubernetes\\.io/hostname={node_name}",
+        f"prometheusOperator.nodeSelector.kubernetes\\.io/hostname={node_name}",
     ]
     extra_args = ["--wait", "--timeout", "5m", "--atomic"]
@@ -112,4 +264,11 @@ def run(ctx: ExecutionContext) -> None:
         extra_args=extra_args,
     )
-    typer.secho("kube-prometheus-stack instalado com sucesso.", fg=typer.colors.GREEN)
+    if not ctx.dry_run:
+        _wait_for_prometheus_ready(ctx, namespace)
+    typer.secho("\n✓ kube-prometheus-stack instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
+    typer.echo("\nPara acessar Prometheus via port-forward:")
+    typer.echo(f"  kubectl -n {namespace} port-forward svc/kube-prometheus-stack-prometheus 9090:9090")
+    typer.echo("\nPara acessar Alertmanager via port-forward:")
+    typer.echo(f"  kubectl -n {namespace} port-forward svc/kube-prometheus-stack-alertmanager 9093:9093")

raijin_server/modules/secrets.py CHANGED Viewed

@@ -1,10 +1,12 @@
-"""Automacao de sealed-secrets e external-secrets via Helm.
+"""Automacao de sealed-secrets e external-secrets via Helm (production-ready).
 Instala os controladores necessários para criptografar e consumir segredos
 em clusters Kubernetes. Inclui opcionalmente a exportacao do certificado
 publico do sealed-secrets para permitir geracao de manifests lacrados.
 """
+import socket
+import time
 from pathlib import Path
 import typer
@@ -15,12 +17,107 @@ from raijin_server.utils import (
     helm_upgrade_install,
     require_root,
     run_cmd,
+    write_file,
 )
 SEALED_NAMESPACE = "kube-system"
 ESO_NAMESPACE = "external-secrets"
+def _detect_node_name(ctx: ExecutionContext) -> str:
+    """Detecta nome do node para nodeSelector."""
+    result = run_cmd(
+        ["kubectl", "get", "nodes", "-o", "jsonpath={.items[0].metadata.name}"],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0 and (result.stdout or "").strip():
+        return (result.stdout or "").strip()
+    return socket.gethostname()
+def _check_existing_sealed_secrets(ctx: ExecutionContext, namespace: str) -> bool:
+    """Verifica se existe instalacao do Sealed Secrets."""
+    result = run_cmd(
+        ["helm", "status", "sealed-secrets", "-n", namespace],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+def _check_existing_external_secrets(ctx: ExecutionContext, namespace: str) -> bool:
+    """Verifica se existe instalacao do External Secrets."""
+    result = run_cmd(
+        ["helm", "status", "external-secrets", "-n", namespace],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+def _uninstall_sealed_secrets(ctx: ExecutionContext, namespace: str) -> None:
+    """Remove instalacao anterior do Sealed Secrets."""
+    typer.echo("Removendo instalacao anterior do Sealed Secrets...")
+    run_cmd(
+        ["helm", "uninstall", "sealed-secrets", "-n", namespace],
+        ctx,
+        check=False,
+    )
+    time.sleep(5)
+def _uninstall_external_secrets(ctx: ExecutionContext, namespace: str) -> None:
+    """Remove instalacao anterior do External Secrets."""
+    typer.echo("Removendo instalacao anterior do External Secrets...")
+    run_cmd(
+        ["helm", "uninstall", "external-secrets", "-n", namespace],
+        ctx,
+        check=False,
+    )
+    time.sleep(5)
+def _wait_for_sealed_secrets_ready(ctx: ExecutionContext, namespace: str, timeout: int = 120) -> bool:
+    """Aguarda pods do Sealed Secrets ficarem Ready."""
+    typer.echo("Aguardando pods do Sealed Secrets ficarem Ready...")
+    deadline = time.time() + timeout
+    while time.time() < deadline:
+        result = run_cmd(
+            [
+                "kubectl", "-n", namespace, "get", "pods",
+                "-l", "app.kubernetes.io/name=sealed-secrets",
+                "-o", "jsonpath={range .items[*]}{.metadata.name}={.status.phase} {end}",
+            ],
+            ctx,
+            check=False,
+        )
+        if result.returncode == 0:
+            output = (result.stdout or "").strip()
+            if output:
+                pods = []
+                for item in output.split():
+                    if "=" in item:
+                        parts = item.rsplit("=", 1)
+                        if len(parts) == 2:
+                            pods.append((parts[0], parts[1]))
+                if pods and all(phase == "Running" for _, phase in pods):
+                    typer.secho("  Sealed Secrets Ready.", fg=typer.colors.GREEN)
+                    return True
+        time.sleep(5)
+    typer.secho("  Timeout aguardando Sealed Secrets.", fg=typer.colors.YELLOW)
+    return False
 def _export_sealed_cert(namespace: str, ctx: ExecutionContext) -> None:
     """Exporta o certificado publico do sealed-secrets para um caminho local."""
@@ -67,8 +164,40 @@ def run(ctx: ExecutionContext) -> None:
     sealed_ns = typer.prompt("Namespace para sealed-secrets", default=SEALED_NAMESPACE)
     eso_ns = typer.prompt("Namespace para external-secrets", default=ESO_NAMESPACE)
+    node_name = _detect_node_name(ctx)
     # sealed-secrets
     typer.secho("\n== Sealed Secrets ==", fg=typer.colors.CYAN, bold=True)
+    # Prompt opcional de limpeza
+    if _check_existing_sealed_secrets(ctx, sealed_ns):
+        cleanup = typer.confirm(
+            "Instalacao anterior do Sealed Secrets detectada. Limpar antes de reinstalar?",
+            default=False,
+        )
+        if cleanup:
+            _uninstall_sealed_secrets(ctx, sealed_ns)
+    sealed_values_yaml = f"""tolerations:
+  - key: node-role.kubernetes.io/control-plane
+    operator: Exists
+    effect: NoSchedule
+  - key: node-role.kubernetes.io/master
+    operator: Exists
+    effect: NoSchedule
+nodeSelector:
+  kubernetes.io/hostname: {node_name}
+resources:
+  requests:
+    memory: 64Mi
+    cpu: 50m
+  limits:
+    memory: 128Mi
+"""
+    sealed_values_path = Path("/tmp/raijin-sealed-secrets-values.yaml")
+    write_file(sealed_values_path, sealed_values_yaml, ctx)
     helm_upgrade_install(
         "sealed-secrets",
         "sealed-secrets",
@@ -77,8 +206,12 @@ def run(ctx: ExecutionContext) -> None:
         repo="bitnami-labs",
         repo_url="https://bitnami-labs.github.io/sealed-secrets",
         create_namespace=True,
+        extra_args=["-f", str(sealed_values_path)],
     )
+    if not ctx.dry_run:
+        _wait_for_sealed_secrets_ready(ctx, sealed_ns)
     typer.echo(
         "Para criar sealed-secrets a partir do seu desktop, exporte o certificado publico e use kubeseal."
     )
@@ -87,7 +220,57 @@ def run(ctx: ExecutionContext) -> None:
     # external-secrets
     typer.secho("\n== External Secrets Operator ==", fg=typer.colors.CYAN, bold=True)
-    extra_args = ["--set", "installCRDs=true"]
+    # Prompt opcional de limpeza
+    if _check_existing_external_secrets(ctx, eso_ns):
+        cleanup = typer.confirm(
+            "Instalacao anterior do External Secrets detectada. Limpar antes de reinstalar?",
+            default=False,
+        )
+        if cleanup:
+            _uninstall_external_secrets(ctx, eso_ns)
+    eso_values_yaml = f"""installCRDs: true
+tolerations:
+  - key: node-role.kubernetes.io/control-plane
+    operator: Exists
+    effect: NoSchedule
+  - key: node-role.kubernetes.io/master
+    operator: Exists
+    effect: NoSchedule
+nodeSelector:
+  kubernetes.io/hostname: {node_name}
+webhook:
+  tolerations:
+    - key: node-role.kubernetes.io/control-plane
+      operator: Exists
+      effect: NoSchedule
+    - key: node-role.kubernetes.io/master
+      operator: Exists
+      effect: NoSchedule
+  nodeSelector:
+    kubernetes.io/hostname: {node_name}
+certController:
+  tolerations:
+    - key: node-role.kubernetes.io/control-plane
+      operator: Exists
+      effect: NoSchedule
+    - key: node-role.kubernetes.io/master
+      operator: Exists
+      effect: NoSchedule
+  nodeSelector:
+    kubernetes.io/hostname: {node_name}
+resources:
+  requests:
+    memory: 64Mi
+    cpu: 50m
+  limits:
+    memory: 128Mi
+"""
+    eso_values_path = Path("/tmp/raijin-external-secrets-values.yaml")
+    write_file(eso_values_path, eso_values_yaml, ctx)
     helm_upgrade_install(
         "external-secrets",
         "external-secrets",
@@ -96,14 +279,15 @@ def run(ctx: ExecutionContext) -> None:
         repo="external-secrets",
         repo_url="https://charts.external-secrets.io",
         create_namespace=True,
-        extra_args=extra_args,
+        extra_args=["-f", str(eso_values_path)],
     )
+    typer.secho("\n✓ Secrets management instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
     typer.echo(
-        "External Secrets Operator instalado. Configure um SecretStore/ClusterSecretStore conforme seu provedor (AWS/GCP/Vault)."
+        "\nExternal Secrets Operator instalado. Configure um SecretStore/ClusterSecretStore conforme seu provedor (AWS/GCP/Vault)."
     )
     typer.secho("\nDicas rapidas:", fg=typer.colors.GREEN)
-    typer.echo("- Gere sealed-secrets localmente: kubeseal --controller-namespace <ns> --controller-name sealed-secrets < secret.yaml > sealed.yaml")
+    typer.echo(f"- Gere sealed-secrets localmente: kubeseal --controller-namespace {sealed_ns} --controller-name sealed-secrets < secret.yaml > sealed.yaml")
     typer.echo("- Para ESO: crie um SecretStore apontando para seu backend e um ExternalSecret referenciando os keys.")

raijin-server 0.2.21__py3-none-any.whl → 0.2.23__py3-none-any.whl

raijin-server 0.2.21py3-none-any.whl → 0.2.23py3-none-any.whl