raijin-server 0.2.23__py3-none-any.whl → 0.2.25__py3-none-any.whl

raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.2.23"
+__version__ = "0.2.25"
 
 __all__ = ["__version__"]

raijin_server/modules/istio.py

@@ -2,10 +2,11 @@
 
 import socket
 import time
+from pathlib import Path
 
 import typer
 
-from raijin_server.utils import ExecutionContext, ensure_tool, require_root, run_cmd
+from raijin_server.utils import ExecutionContext, ensure_tool, require_root, run_cmd, write_file
 
 
 ISTIO_PROFILES = ["default", "demo", "minimal", "ambient", "empty"]
@@ -23,6 +24,16 @@ def _detect_node_name(ctx: ExecutionContext) -> str:
     return socket.gethostname()
 
 
+def _check_metallb_installed(ctx: ExecutionContext) -> bool:
+    """Verifica se MetalLB está instalado no cluster."""
+    result = run_cmd(
+        ["kubectl", "get", "deployment", "metallb-controller", "-n", "metallb-system"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+
+
 def _check_existing_istio(ctx: ExecutionContext) -> bool:
     """Verifica se existe instalacao do Istio."""
     result = run_cmd(
@@ -112,34 +123,72 @@ def run(ctx: ExecutionContext) -> None:
         typer.secho(f"Perfil '{profile}' invalido. Usando 'default'.", fg=typer.colors.YELLOW)
         profile = "default"
 
+    # Detectar se MetalLB está instalado
+    has_metallb = _check_metallb_installed(ctx)
+    
+    # Se não tem MetalLB, avisar e usar NodePort
+    if not has_metallb:
+        typer.secho(
+            "\n⚠ MetalLB não detectado. O IngressGateway será configurado como NodePort.",
+            fg=typer.colors.YELLOW,
+        )
+        typer.echo("Para usar LoadBalancer, instale MetalLB primeiro: raijin-server install metallb")
+        service_type = "NodePort"
+    else:
+        typer.secho("\n✓ MetalLB detectado. IngressGateway usará LoadBalancer.", fg=typer.colors.GREEN)
+        service_type = "LoadBalancer"
+
     node_name = _detect_node_name(ctx)
     
-    # Instala com tolerations para control-plane
-    # IMPORTANTE: Ao fazer override em arrays do Istio, precisamos especificar o 'name'
-    # do componente para que o merge funcione corretamente
+    # Criar arquivo IstioOperator YAML (mais confiável que --set para configurações complexas)
+    istio_config = f"""apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+metadata:
+  namespace: istio-system
+spec:
+  profile: {profile}
+  components:
+    pilot:
+      enabled: true
+      k8s:
+        tolerations:
+          - key: node-role.kubernetes.io/control-plane
+            operator: Exists
+            effect: NoSchedule
+          - key: node-role.kubernetes.io/master
+            operator: Exists
+            effect: NoSchedule
+        nodeSelector:
+          kubernetes.io/hostname: {node_name}
+    ingressGateways:
+      - name: istio-ingressgateway
+        enabled: true
+        k8s:
+          tolerations:
+            - key: node-role.kubernetes.io/control-plane
+              operator: Exists
+              effect: NoSchedule
+            - key: node-role.kubernetes.io/master
+              operator: Exists
+              effect: NoSchedule
+          nodeSelector:
+            kubernetes.io/hostname: {node_name}
+          service:
+            type: {service_type}
+  values:
+    global:
+      proxy:
+        holdApplicationUntilProxyStarts: true
+"""
+
+    config_path = Path("/tmp/raijin-istio-config.yaml")
+    write_file(config_path, istio_config, ctx)
+    
+    # Instala usando o arquivo de configuração
+    # Nota: istioctl não tem --timeout, ele usa readiness probes internamente
     install_cmd = [
         "istioctl", "install",
-        "--set", f"profile={profile}",
-        # Tolerations para istiod (control plane)
-        "--set", "components.pilot.k8s.tolerations[0].key=node-role.kubernetes.io/control-plane",
-        "--set", "components.pilot.k8s.tolerations[0].operator=Exists",
-        "--set", "components.pilot.k8s.tolerations[0].effect=NoSchedule",
-        "--set", "components.pilot.k8s.tolerations[1].key=node-role.kubernetes.io/master",
-        "--set", "components.pilot.k8s.tolerations[1].operator=Exists",
-        "--set", "components.pilot.k8s.tolerations[1].effect=NoSchedule",
-        # NodeSelector para istiod
-        "--set", f"components.pilot.k8s.nodeSelector.kubernetes\\.io/hostname={node_name}",
-        # Tolerations para ingress gateway (DEVE incluir o name!)
-        "--set", "components.ingressGateways[0].name=istio-ingressgateway",
-        "--set", "components.ingressGateways[0].enabled=true",
-        "--set", "components.ingressGateways[0].k8s.tolerations[0].key=node-role.kubernetes.io/control-plane",
-        "--set", "components.ingressGateways[0].k8s.tolerations[0].operator=Exists",
-        "--set", "components.ingressGateways[0].k8s.tolerations[0].effect=NoSchedule",
-        "--set", "components.ingressGateways[0].k8s.tolerations[1].key=node-role.kubernetes.io/master",
-        "--set", "components.ingressGateways[0].k8s.tolerations[1].operator=Exists",
-        "--set", "components.ingressGateways[0].k8s.tolerations[1].effect=NoSchedule",
-        # NodeSelector para ingress gateway
-        "--set", f"components.ingressGateways[0].k8s.nodeSelector.kubernetes\\.io/hostname={node_name}",
+        "-f", str(config_path),
         "-y",
     ]
     
@@ -161,3 +210,13 @@ def run(ctx: ExecutionContext) -> None:
         )
     
     typer.secho("\n✓ Istio instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
+    
+    if service_type == "NodePort":
+        typer.echo("\n📌 Acesso ao Istio IngressGateway (NodePort):")
+        typer.echo("  kubectl get svc -n istio-system istio-ingressgateway")
+        typer.echo("\nPara expor via LoadBalancer, instale MetalLB:")
+        typer.echo("  raijin-server install metallb")
+    else:
+        typer.echo("\n📌 Acesso ao Istio IngressGateway (LoadBalancer):")
+        typer.echo("  kubectl get svc -n istio-system istio-ingressgateway")
+        typer.echo("  Aguarde o EXTERNAL-IP ser atribuido pelo MetalLB")

{raijin_server-0.2.23.dist-info → raijin_server-0.2.25.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.23
+Version: 0.2.25
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.2.23.dist-info → raijin_server-0.2.25.dist-info}/RECORD

@@ -1,4 +1,4 @@
-raijin_server/__init__.py,sha256=I_fkWDB-5TUP0NDV7veqIiKtCPCo88OjVOrc0McymDM,95
+raijin_server/__init__.py,sha256=Fb2dY-WZNdEoZ2C5SWUDZG_DzfMcBF1q-cf_ss9lo7s,95
 raijin_server/cli.py,sha256=71nn7QN0f3MJkXcHr0STXmxljr-CaPibzOoiItbOT88,28571
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
 raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
@@ -15,7 +15,7 @@ raijin_server/modules/full_install.py,sha256=xiKe2GLuZ97c4YdTmhP-kwDVuJJ9Xq3dlgc
 raijin_server/modules/grafana.py,sha256=DdDLxmTeFnDRvcRLkpg1RuR9o1ZAArk2W-DTLLyfWHg,6009
 raijin_server/modules/hardening.py,sha256=4hz3ifkMhPlXa2n7gPxN0gitQgzALZ-073vuU3LM4RI,1616
 raijin_server/modules/harness.py,sha256=uWTxTVJlY_VB6xi4ftMtTSaIb96HA8WJQS-RbyxU45M,5391
-raijin_server/modules/istio.py,sha256=YUC6-r9gY9Ay-NtbN23wn9eAGRAEgsIn8IuBJUDFM5w,6156
+raijin_server/modules/istio.py,sha256=LxH_3VKWMq_F8WFumkxgL0dhFmG309XB4TbSUggJEic,7301
 raijin_server/modules/kafka.py,sha256=n7ZpLPWv6sKBJhdBiPe7VgeDB24YiCIOWvOQkWwt03Y,5664
 raijin_server/modules/kong.py,sha256=cRDzAP9Ne3Qte6sqmxWUS-aJVgiaf4B0uqFvg02Nw5E,5076
 raijin_server/modules/kubernetes.py,sha256=waSf2cCVnLicN5o3M47MzMzmHHtvKeFXm1__8ynQzA0,11871
@@ -37,9 +37,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.2.23.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.2.23.dist-info/METADATA,sha256=4Acy_Ht1vivZ_M7NXcFWCNSgdtgBVKUq4_fOOxYtq4I,22476
-raijin_server-0.2.23.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.2.23.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.2.23.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.2.23.dist-info/RECORD,,
+raijin_server-0.2.25.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.2.25.dist-info/METADATA,sha256=IZM1t1KEU8iBnJ6bXc2FLoL7XIsJ_01Y5HhZ_Qirt0w,22476
+raijin_server-0.2.25.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.2.25.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.2.25.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.2.25.dist-info/RECORD,,