raijin-server 0.2.25__py3-none-any.whl → 0.2.26__py3-none-any.whl

raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.2.25"
+__version__ = "0.2.26"
 
 __all__ = ["__version__"]

raijin_server/modules/istio.py

@@ -147,6 +147,9 @@ metadata:
   namespace: istio-system
 spec:
   profile: {profile}
+  meshConfig:
+    defaultConfig:
+      holdApplicationUntilProxyStarts: true
   components:
     pilot:
       enabled: true
@@ -175,10 +178,6 @@ spec:
             kubernetes.io/hostname: {node_name}
           service:
             type: {service_type}
-  values:
-    global:
-      proxy:
-        holdApplicationUntilProxyStarts: true
 """
 
     config_path = Path("/tmp/raijin-istio-config.yaml")

raijin_server/modules/kong.py

@@ -2,10 +2,11 @@
 
 import socket
 import time
+from pathlib import Path
 
 import typer
 
-from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
+from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd, write_file
 
 
 def _detect_node_name(ctx: ExecutionContext) -> str:
@@ -20,6 +21,26 @@ def _detect_node_name(ctx: ExecutionContext) -> str:
     return socket.gethostname()
 
 
+def _check_metallb_installed(ctx: ExecutionContext) -> bool:
+    """Verifica se MetalLB está instalado no cluster."""
+    result = run_cmd(
+        ["kubectl", "get", "deployment", "metallb-controller", "-n", "metallb-system"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+
+
+def _check_cert_manager_installed(ctx: ExecutionContext) -> bool:
+    """Verifica se cert-manager está instalado no cluster."""
+    result = run_cmd(
+        ["kubectl", "get", "deployment", "cert-manager", "-n", "cert-manager"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+
+
 def _check_existing_kong(ctx: ExecutionContext) -> bool:
     """Verifica se existe instalacao do Kong."""
     result = run_cmd(
@@ -30,6 +51,42 @@ def _check_existing_kong(ctx: ExecutionContext) -> bool:
     return result.returncode == 0
 
 
+def _check_orphan_crds(ctx: ExecutionContext) -> list[str]:
+    """Detecta CRDs orfaos do Kong (sem ownership do Helm)."""
+    result = run_cmd(
+        ["kubectl", "get", "crd", "-o", "name"],
+        ctx,
+        check=False,
+    )
+    
+    if result.returncode != 0:
+        return []
+    
+    kong_crds = []
+    for line in (result.stdout or "").strip().split("\n"):
+        if "konghq.com" in line:
+            # Extrai nome do CRD
+            crd_name = line.replace("customresourcedefinition.apiextensions.k8s.io/", "")
+            kong_crds.append(crd_name)
+    
+    return kong_crds
+
+
+def _cleanup_orphan_crds(ctx: ExecutionContext, crds: list[str]) -> None:
+    """Remove CRDs orfaos do Kong."""
+    typer.echo(f"Removendo {len(crds)} CRDs orfaos do Kong...")
+    
+    for crd in crds:
+        run_cmd(
+            ["kubectl", "delete", "crd", crd, "--ignore-not-found"],
+            ctx,
+            check=False,
+        )
+    
+    time.sleep(3)
+    typer.secho("  CRDs orfaos removidos.", fg=typer.colors.GREEN)
+
+
 def _uninstall_kong(ctx: ExecutionContext) -> None:
     """Remove instalacao anterior do Kong."""
     typer.echo("Removendo instalacao anterior do Kong...")
@@ -100,45 +157,121 @@ def run(ctx: ExecutionContext) -> None:
         )
         if cleanup:
             _uninstall_kong(ctx)
+    
+    # Verificar CRDs orfaos (sem ownership do Helm)
+    orphan_crds = _check_orphan_crds(ctx)
+    if orphan_crds:
+        typer.secho(
+            f"\n⚠️  Detectados {len(orphan_crds)} CRDs orfaos do Kong (sem ownership do Helm):",
+            fg=typer.colors.YELLOW,
+        )
+        for crd in orphan_crds[:5]:
+            typer.echo(f"    - {crd}")
+        if len(orphan_crds) > 5:
+            typer.echo(f"    ... e mais {len(orphan_crds) - 5}")
+        
+        cleanup_crds = typer.confirm(
+            "\nRemover CRDs orfaos para permitir instalacao limpa?",
+            default=True,
+        )
+        if cleanup_crds:
+            _cleanup_orphan_crds(ctx, orphan_crds)
+        else:
+            typer.secho(
+                "AVISO: A instalacao pode falhar devido aos CRDs orfaos.",
+                fg=typer.colors.YELLOW,
+            )
+
+    # Detectar dependencias
+    has_metallb = _check_metallb_installed(ctx)
+    has_cert_manager = _check_cert_manager_installed(ctx)
+
+    # Tipo de servico baseado na presenca do MetalLB
+    if has_metallb:
+        typer.secho("✓ MetalLB detectado. Kong usará LoadBalancer.", fg=typer.colors.GREEN)
+        service_type = "LoadBalancer"
+    else:
+        typer.secho("⚠ MetalLB não detectado. Kong usará NodePort.", fg=typer.colors.YELLOW)
+        service_type = "NodePort"
+
+    if has_cert_manager:
+        typer.secho("✓ cert-manager detectado. TLS automático disponível.", fg=typer.colors.GREEN)
+    else:
+        typer.secho("⚠ cert-manager não detectado. Configure TLS manualmente.", fg=typer.colors.YELLOW)
 
     # Configuracoes interativas
     enable_admin = typer.confirm("Habilitar Admin API (para gerenciamento)?", default=True)
+    enable_metrics = typer.confirm("Habilitar métricas Prometheus?", default=True)
     db_mode = typer.prompt(
         "Modo de banco de dados (dbless/postgres)",
         default="dbless",
     )
     
     node_name = _detect_node_name(ctx)
-    
-    values = [
-        # Modo de operacao
-        f"env.database={db_mode}",
-        # Ingress Controller
-        "ingressController.installCRDs=true",
-        "ingressController.enabled=true",
-        # Proxy service
-        "proxy.enabled=true",
-        "proxy.type=LoadBalancer",
-        # Tolerations para control-plane
-        "tolerations[0].key=node-role.kubernetes.io/control-plane",
-        "tolerations[0].operator=Exists",
-        "tolerations[0].effect=NoSchedule",
-        "tolerations[1].key=node-role.kubernetes.io/master",
-        "tolerations[1].operator=Exists",
-        "tolerations[1].effect=NoSchedule",
-        # NodeSelector
-        f"nodeSelector.kubernetes\\.io/hostname={node_name}",
-    ]
-    
-    # Admin API
-    if enable_admin:
-        values.extend([
-            "admin.enabled=true",
-            "admin.type=ClusterIP",
-            "admin.http.enabled=true",
-        ])
-    else:
-        values.append("admin.enabled=false")
+
+    # Usar arquivo YAML para configurações complexas (mais confiável que --set)
+    values_yaml = f"""env:
+  database: {db_mode}
+
+ingressController:
+  installCRDs: true
+  enabled: true
+
+proxy:
+  enabled: true
+  type: {service_type}
+  http:
+    enabled: true
+    containerPort: 8000
+    servicePort: 80
+  tls:
+    enabled: true
+    containerPort: 8443
+    servicePort: 443
+
+admin:
+  enabled: {str(enable_admin).lower()}
+  type: ClusterIP
+  http:
+    enabled: true
+
+tolerations:
+  - key: node-role.kubernetes.io/control-plane
+    operator: Exists
+    effect: NoSchedule
+  - key: node-role.kubernetes.io/master
+    operator: Exists
+    effect: NoSchedule
+
+nodeSelector:
+  kubernetes.io/hostname: {node_name}
+
+resources:
+  requests:
+    memory: 256Mi
+    cpu: 100m
+  limits:
+    memory: 1Gi
+"""
+
+    # Adicionar métricas se habilitado
+    if enable_metrics:
+        values_yaml += """
+serviceMonitor:
+  enabled: true
+  namespace: kong
+  labels:
+    release: kube-prometheus-stack
+
+podAnnotations:
+  prometheus.io/scrape: "true"
+  prometheus.io/port: "8100"
+"""
+
+    values_path = Path("/tmp/raijin-kong-values.yaml")
+    write_file(values_path, values_yaml, ctx)
+
+    run_cmd(["kubectl", "create", "namespace", "kong"], ctx, check=False)
     
     helm_upgrade_install(
         release="kong",
@@ -147,7 +280,8 @@ def run(ctx: ExecutionContext) -> None:
         repo="kong",
         repo_url="https://charts.konghq.com",
         ctx=ctx,
-        values=values,
+        values=[],
+        extra_args=["-f", str(values_path)],
     )
     
     # Aguarda pods ficarem prontos
@@ -155,9 +289,46 @@ def run(ctx: ExecutionContext) -> None:
         _wait_for_kong_ready(ctx)
     
     # Mostra informacoes uteis
-    typer.secho("\n✓ Kong instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
-    typer.echo("\nPara verificar o servico:")
-    typer.echo("  kubectl -n kong get svc kong-kong-proxy")
+    typer.secho("\n✓ Kong Gateway instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
+    
+    typer.echo("\n📌 Acesso ao Kong Proxy:")
+    if service_type == "LoadBalancer":
+        typer.echo("  kubectl -n kong get svc kong-kong-proxy  # Aguarde EXTERNAL-IP")
+    else:
+        typer.echo("  kubectl -n kong get svc kong-kong-proxy  # Use NodePort")
+    
     if enable_admin:
-        typer.echo("\nPara acessar Admin API (port-forward):")
+        typer.echo("\n📌 Admin API (port-forward):")
         typer.echo("  kubectl -n kong port-forward svc/kong-kong-admin 8001:8001")
+        typer.echo("  curl http://localhost:8001/status")
+    
+    if enable_metrics:
+        typer.echo("\n📌 Métricas Prometheus:")
+        typer.echo("  ServiceMonitor criado - métricas serão coletadas automaticamente")
+    
+    if has_cert_manager:
+        typer.echo("\n📌 TLS com cert-manager (exemplo de Ingress):")
+        typer.echo("""  ---
+  apiVersion: networking.k8s.io/v1
+  kind: Ingress
+  metadata:
+    name: my-api
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      konghq.com/strip-path: "true"
+  spec:
+    ingressClassName: kong
+    tls:
+      - hosts: [api.example.com]
+        secretName: api-tls
+    rules:
+      - host: api.example.com
+        http:
+          paths:
+            - path: /
+              pathType: Prefix
+              backend:
+                service:
+                  name: my-service
+                  port:
+                    number: 80""")

raijin_server/modules/kubernetes.py

@@ -269,7 +269,7 @@ scheduler: {{}}
 ---
 apiVersion: kubeproxy.config.k8s.io/v1alpha1
 kind: KubeProxyConfiguration
-mode: ipvs
+mode: iptables
 ---
 apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
@@ -331,3 +331,34 @@ cgroupDriver: systemd
         "--all",
         "--timeout=180s",
     ], ctx, check=False)
+
+    # Em clusters single-node, perguntar se deve remover taint do control-plane
+    # para permitir que workloads rodem no mesmo node
+    typer.secho("\n📌 Configuração de Single-Node Cluster", fg=typer.colors.CYAN, bold=True)
+    typer.echo("Se este for um cluster single-node (apenas este servidor),")
+    typer.echo("é necessário remover o taint do control-plane para permitir workloads.")
+    
+    remove_taint = typer.confirm(
+        "Remover taint do control-plane (necessário para single-node)?",
+        default=True,
+    )
+    
+    if remove_taint:
+        typer.echo("Removendo taint node-role.kubernetes.io/control-plane...")
+        run_cmd(
+            ["kubectl", "taint", "nodes", "--all", "node-role.kubernetes.io/control-plane-", "--overwrite"],
+            ctx,
+            check=False,
+        )
+        typer.secho("✓ Taint removido. Workloads podem rodar neste node.", fg=typer.colors.GREEN)
+    else:
+        typer.secho(
+            "⚠ Taint mantido. Workloads precisarão de tolerations ou worker nodes.",
+            fg=typer.colors.YELLOW,
+        )
+
+    typer.secho("\n✓ Kubernetes instalado com sucesso!", fg=typer.colors.GREEN, bold=True)
+    typer.echo("\nPróximos passos:")
+    typer.echo("  raijin-server install metallb     # LoadBalancer para bare-metal")
+    typer.echo("  raijin-server install traefik     # Ingress Controller")
+    typer.echo("  raijin-server install cert-manager # Certificados TLS automáticos")

{raijin_server-0.2.25.dist-info → raijin_server-0.2.26.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.25
+Version: 0.2.26
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.2.25.dist-info → raijin_server-0.2.26.dist-info}/RECORD

@@ -1,4 +1,4 @@
-raijin_server/__init__.py,sha256=Fb2dY-WZNdEoZ2C5SWUDZG_DzfMcBF1q-cf_ss9lo7s,95
+raijin_server/__init__.py,sha256=eyoihT94C2L9-FRAopoagny015Laj3hhZ94X-WZ_hvg,95
 raijin_server/cli.py,sha256=71nn7QN0f3MJkXcHr0STXmxljr-CaPibzOoiItbOT88,28571
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
 raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
@@ -15,10 +15,10 @@ raijin_server/modules/full_install.py,sha256=xiKe2GLuZ97c4YdTmhP-kwDVuJJ9Xq3dlgc
 raijin_server/modules/grafana.py,sha256=DdDLxmTeFnDRvcRLkpg1RuR9o1ZAArk2W-DTLLyfWHg,6009
 raijin_server/modules/hardening.py,sha256=4hz3ifkMhPlXa2n7gPxN0gitQgzALZ-073vuU3LM4RI,1616
 raijin_server/modules/harness.py,sha256=uWTxTVJlY_VB6xi4ftMtTSaIb96HA8WJQS-RbyxU45M,5391
-raijin_server/modules/istio.py,sha256=LxH_3VKWMq_F8WFumkxgL0dhFmG309XB4TbSUggJEic,7301
+raijin_server/modules/istio.py,sha256=o0K5-Fw4LRs-kbAVgwzYxHzEt_aPFJG8suqOqvg2748,7297
 raijin_server/modules/kafka.py,sha256=n7ZpLPWv6sKBJhdBiPe7VgeDB24YiCIOWvOQkWwt03Y,5664
-raijin_server/modules/kong.py,sha256=cRDzAP9Ne3Qte6sqmxWUS-aJVgiaf4B0uqFvg02Nw5E,5076
-raijin_server/modules/kubernetes.py,sha256=waSf2cCVnLicN5o3M47MzMzmHHtvKeFXm1__8ynQzA0,11871
+raijin_server/modules/kong.py,sha256=ehr-Bj_zfvFrYV14YhvKpb-k8KFli6sbaKn6WSIaSvA,9823
+raijin_server/modules/kubernetes.py,sha256=9E6zV0zGQWZW92NVpxwYctpi-4JDmi6YzF3tKRI4HlU,13343
 raijin_server/modules/loki.py,sha256=aNiUpnOFppZMXoQwYhn7IoPMzwUz4aHi6pbiqj1PRjc,5022
 raijin_server/modules/metallb.py,sha256=uUuklc_RsQ-W2qDVRMQAxQm9HKGEqso444b1IwBpM6w,8554
 raijin_server/modules/minio.py,sha256=wxL8U1Zl3XtI-wymIeZonmi561v1zf-bY4TTVPKisLA,6221
@@ -37,9 +37,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.2.25.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.2.25.dist-info/METADATA,sha256=IZM1t1KEU8iBnJ6bXc2FLoL7XIsJ_01Y5HhZ_Qirt0w,22476
-raijin_server-0.2.25.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.2.25.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.2.25.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.2.25.dist-info/RECORD,,
+raijin_server-0.2.26.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.2.26.dist-info/METADATA,sha256=viulP29E95tjwFrGpTBDrk3kQw3MrtFBB5plAWcL1Xc,22476
+raijin_server-0.2.26.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.2.26.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.2.26.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.2.26.dist-info/RECORD,,