PyPI - raijin-server - Versions diffs - 0.2.23__tar.gz → 0.2.24__tar.gz - Mend

raijin-server 0.2.23tar.gz → 0.2.24tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

{raijin_server-0.2.23/src/raijin_server.egg-info → raijin_server-0.2.24}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.23
+Version: 0.2.24
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.2.23 → raijin_server-0.2.24}/setup.cfg RENAMED Viewed

@@ -1,6 +1,6 @@
 [metadata]
 name = raijin-server
-version = 0.2.23
+version = 0.2.24
 description = CLI para automacao de setup e hardening de servidores Ubuntu Server.
 long_description = file: README.md
 long_description_content_type = text/markdown

raijin_server-0.2.24/src/raijin_server/__init__.py ADDED Viewed

@@ -0,0 +1,5 @@
+"""Pacote principal do CLI Raijin Server."""
+__version__ = "0.2.24"
+__all__ = ["__version__"]

{raijin_server-0.2.23 → raijin_server-0.2.24}/src/raijin_server/modules/istio.py RENAMED Viewed

@@ -2,10 +2,11 @@
 import socket
 import time
+from pathlib import Path
 import typer
-from raijin_server.utils import ExecutionContext, ensure_tool, require_root, run_cmd
+from raijin_server.utils import ExecutionContext, ensure_tool, require_root, run_cmd, write_file
 ISTIO_PROFILES = ["default", "demo", "minimal", "ambient", "empty"]
@@ -23,6 +24,16 @@ def _detect_node_name(ctx: ExecutionContext) -> str:
     return socket.gethostname()
+def _check_metallb_installed(ctx: ExecutionContext) -> bool:
+    """Verifica se MetalLB está instalado no cluster."""
+    result = run_cmd(
+        ["kubectl", "get", "deployment", "metallb-controller", "-n", "metallb-system"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
 def _check_existing_istio(ctx: ExecutionContext) -> bool:
     """Verifica se existe instalacao do Istio."""
     result = run_cmd(
@@ -112,34 +123,72 @@ def run(ctx: ExecutionContext) -> None:
         typer.secho(f"Perfil '{profile}' invalido. Usando 'default'.", fg=typer.colors.YELLOW)
         profile = "default"
+    # Detectar se MetalLB está instalado
+    has_metallb = _check_metallb_installed(ctx)
+    # Se não tem MetalLB, avisar e usar NodePort
+    if not has_metallb:
+        typer.secho(
+            "\n⚠ MetalLB não detectado. O IngressGateway será configurado como NodePort.",
+            fg=typer.colors.YELLOW,
+        )
+        typer.echo("Para usar LoadBalancer, instale MetalLB primeiro: raijin-server install metallb")
+        service_type = "NodePort"
+    else:
+        typer.secho("\n✓ MetalLB detectado. IngressGateway usará LoadBalancer.", fg=typer.colors.GREEN)
+        service_type = "LoadBalancer"
     node_name = _detect_node_name(ctx)
-    # Instala com tolerations para control-plane
-    # IMPORTANTE: Ao fazer override em arrays do Istio, precisamos especificar o 'name'
-    # do componente para que o merge funcione corretamente
+    # Criar arquivo IstioOperator YAML (mais confiável que --set para configurações complexas)
+    istio_config = f"""apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+metadata:
+  namespace: istio-system
+spec:
+  profile: {profile}
+  components:
+    pilot:
+      enabled: true
+      k8s:
+        tolerations:
+          - key: node-role.kubernetes.io/control-plane
+            operator: Exists
+            effect: NoSchedule
+          - key: node-role.kubernetes.io/master
+            operator: Exists
+            effect: NoSchedule
+        nodeSelector:
+          kubernetes.io/hostname: {node_name}
+    ingressGateways:
+      - name: istio-ingressgateway
+        enabled: true
+        k8s:
+          tolerations:
+            - key: node-role.kubernetes.io/control-plane
+              operator: Exists
+              effect: NoSchedule
+            - key: node-role.kubernetes.io/master
+              operator: Exists
+              effect: NoSchedule
+          nodeSelector:
+            kubernetes.io/hostname: {node_name}
+          service:
+            type: {service_type}
+  values:
+    global:
+      proxy:
+        holdApplicationUntilProxyStarts: true
+"""
+    config_path = Path("/tmp/raijin-istio-config.yaml")
+    write_file(config_path, istio_config, ctx)
+    # Instala usando o arquivo de configuração
     install_cmd = [
         "istioctl", "install",
-        "--set", f"profile={profile}",
-        # Tolerations para istiod (control plane)
-        "--set", "components.pilot.k8s.tolerations[0].key=node-role.kubernetes.io/control-plane",
-        "--set", "components.pilot.k8s.tolerations[0].operator=Exists",
-        "--set", "components.pilot.k8s.tolerations[0].effect=NoSchedule",
-        "--set", "components.pilot.k8s.tolerations[1].key=node-role.kubernetes.io/master",
-        "--set", "components.pilot.k8s.tolerations[1].operator=Exists",
-        "--set", "components.pilot.k8s.tolerations[1].effect=NoSchedule",
-        # NodeSelector para istiod
-        "--set", f"components.pilot.k8s.nodeSelector.kubernetes\\.io/hostname={node_name}",
-        # Tolerations para ingress gateway (DEVE incluir o name!)
-        "--set", "components.ingressGateways[0].name=istio-ingressgateway",
-        "--set", "components.ingressGateways[0].enabled=true",
-        "--set", "components.ingressGateways[0].k8s.tolerations[0].key=node-role.kubernetes.io/control-plane",
-        "--set", "components.ingressGateways[0].k8s.tolerations[0].operator=Exists",
-        "--set", "components.ingressGateways[0].k8s.tolerations[0].effect=NoSchedule",
-        "--set", "components.ingressGateways[0].k8s.tolerations[1].key=node-role.kubernetes.io/master",
-        "--set", "components.ingressGateways[0].k8s.tolerations[1].operator=Exists",
-        "--set", "components.ingressGateways[0].k8s.tolerations[1].effect=NoSchedule",
-        # NodeSelector para ingress gateway
-        "--set", f"components.ingressGateways[0].k8s.nodeSelector.kubernetes\\.io/hostname={node_name}",
+        "-f", str(config_path),
+        "--timeout", "10m",
         "-y",
     ]
@@ -161,3 +210,13 @@ def run(ctx: ExecutionContext) -> None:
         )
     typer.secho("\n✓ Istio instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
+    if service_type == "NodePort":
+        typer.echo("\n📌 Acesso ao Istio IngressGateway (NodePort):")
+        typer.echo("  kubectl get svc -n istio-system istio-ingressgateway")
+        typer.echo("\nPara expor via LoadBalancer, instale MetalLB:")
+        typer.echo("  raijin-server install metallb")
+    else:
+        typer.echo("\n📌 Acesso ao Istio IngressGateway (LoadBalancer):")
+        typer.echo("  kubectl get svc -n istio-system istio-ingressgateway")
+        typer.echo("  Aguarde o EXTERNAL-IP ser atribuido pelo MetalLB")

{raijin_server-0.2.23 → raijin_server-0.2.24/src/raijin_server.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.23
+Version: 0.2.24
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin