raijin-server 0.2.25__py3-none-any.whl → 0.2.27__py3-none-any.whl

raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.2.25"
+__version__ = "0.2.27"
 
 __all__ = ["__version__"]

raijin_server/cli.py

@@ -4,7 +4,7 @@ from __future__ import annotations
 
 import os
 from pathlib import Path
-from typing import Callable, Dict, Optional
+from typing import Callable, Dict, List, Optional
 
 import subprocess
 
@@ -49,6 +49,7 @@ from raijin_server.utils import ExecutionContext, logger, active_log_file, avail
 from raijin_server.validators import validate_system_requirements, check_module_dependencies, MODULE_DEPENDENCIES
 from raijin_server.healthchecks import run_health_check
 from raijin_server.config import ConfigManager
+from raijin_server import module_manager
 
 app = typer.Typer(add_completion=False, help="Automacao de setup e hardening para Ubuntu Server")
 console = Console()
@@ -838,6 +839,257 @@ def validate(skip_root: bool = typer.Option(False, "--skip-root", help="Pula val
         raise typer.Exit(code=1)
 
 
+# ============================================================================
+# Comandos Install / Uninstall / List
+# ============================================================================
+
+def _get_available_modules() -> List[str]:
+    """Retorna lista de modulos disponiveis (excluindo full_install)."""
+    return [m for m in MODULES.keys() if m != "full_install"]
+
+
+def _register_uninstall_handlers() -> None:
+    """Registra handlers de uninstall dos modulos que os possuem."""
+    # Mapeamento de modulos para suas funcoes de uninstall
+    handlers = {
+        "kong": kong._uninstall_kong,
+        "grafana": grafana._uninstall_grafana,
+        "velero": velero._uninstall_velero,
+        "metallb": metallb._uninstall_metallb,
+        "minio": minio._uninstall_minio,
+        "loki": loki._uninstall_loki,
+        "prometheus": lambda ctx: prometheus._uninstall_prometheus(ctx, "monitoring"),
+        "traefik": traefik._uninstall_traefik,
+        "istio": istio._uninstall_istio,
+        "kafka": kafka._uninstall_kafka,
+        "cert_manager": cert_manager._uninstall_cert_manager,
+        "calico": lambda ctx: _generic_uninstall(ctx, "calico", "calico-system", ["calico"]),
+        "secrets": lambda ctx: _uninstall_secrets(ctx),
+        "harness": lambda ctx: harness._uninstall_delegate(ctx, "harness", "harness-delegate"),
+    }
+    
+    module_manager.UNINSTALL_HANDLERS.update(handlers)
+
+
+def _uninstall_secrets(ctx: ExecutionContext) -> None:
+    """Handler de uninstall para secrets (sealed-secrets + external-secrets)."""
+    secrets._uninstall_sealed_secrets(ctx, "sealed-secrets")
+    secrets._uninstall_external_secrets(ctx, "external-secrets")
+
+
+def _generic_uninstall(ctx: ExecutionContext, module: str, namespace: str, releases: List[str]) -> None:
+    """Handler generico de uninstall para modulos Helm."""
+    for release in releases:
+        module_manager.generic_helm_uninstall(release, namespace, ctx)
+    module_manager.cleanup_namespace(namespace, ctx)
+
+
+@app.command()
+def install(
+    ctx: typer.Context,
+    module: str = typer.Argument(..., help="Nome do modulo a instalar"),
+    force: bool = typer.Option(False, "--force", "-f", help="Ignora dependencias faltantes"),
+) -> None:
+    """Instala um modulo especifico.
+    
+    Exemplo:
+        raijin-server install kong
+        raijin-server install prometheus --force
+    """
+    available = _get_available_modules()
+    
+    # Normaliza nome do modulo (aceita hifens)
+    module_normalized = module.replace("-", "_")
+    
+    if module_normalized not in available:
+        typer.secho(f"Modulo '{module}' nao encontrado.", fg=typer.colors.RED)
+        typer.echo(f"\nModulos disponiveis:")
+        for m in sorted(available):
+            typer.echo(f"  - {m}")
+        raise typer.Exit(code=1)
+    
+    exec_ctx = ctx.obj or ExecutionContext()
+    
+    # Verifica dependencias
+    if not force:
+        if not check_module_dependencies(module_normalized, exec_ctx):
+            typer.echo("\nUse --force para ignorar dependencias faltantes.")
+            raise typer.Exit(code=1)
+    
+    # Mostra dependencias
+    module_manager.show_dependency_tree(module_normalized)
+    
+    # Confirma instalacao
+    if not typer.confirm(f"\nInstalar modulo '{module_normalized}'?", default=True):
+        typer.secho("Instalacao cancelada.", fg=typer.colors.YELLOW)
+        raise typer.Exit(code=0)
+    
+    # Executa instalacao
+    _run_module(ctx, module_normalized)
+
+
+@app.command()
+def uninstall(
+    ctx: typer.Context,
+    module: str = typer.Argument(..., help="Nome do modulo a desinstalar"),
+    force: bool = typer.Option(False, "--force", "-f", help="Ignora avisos de seguranca"),
+    cascade: bool = typer.Option(False, "--cascade", help="Remove tambem modulos dependentes"),
+    yes: bool = typer.Option(False, "--yes", "-y", help="Confirma automaticamente"),
+) -> None:
+    """Desinstala um modulo e seus recursos.
+    
+    Analisa dependencias e mostra impacto antes de remover.
+    
+    Exemplo:
+        raijin-server uninstall kong
+        raijin-server uninstall kubernetes --cascade
+        raijin-server uninstall prometheus --force -y
+    """
+    available = _get_available_modules()
+    
+    # Normaliza nome do modulo
+    module_normalized = module.replace("-", "_")
+    
+    if module_normalized not in available:
+        typer.secho(f"Modulo '{module}' nao encontrado.", fg=typer.colors.RED)
+        raise typer.Exit(code=1)
+    
+    # Registra handlers de uninstall
+    _register_uninstall_handlers()
+    
+    exec_ctx = ctx.obj or ExecutionContext()
+    
+    # Verifica se esta instalado
+    if not module_manager.is_module_installed(module_normalized):
+        typer.secho(f"Modulo '{module_normalized}' nao esta instalado.", fg=typer.colors.YELLOW)
+        
+        # Mesmo assim, oferece limpar recursos
+        if typer.confirm("Deseja tentar limpar recursos orfaos mesmo assim?", default=False):
+            if module_normalized in module_manager.UNINSTALL_HANDLERS:
+                module_manager.UNINSTALL_HANDLERS[module_normalized](exec_ctx)
+                typer.secho("Limpeza concluida.", fg=typer.colors.GREEN)
+        raise typer.Exit(code=0)
+    
+    # Mostra arvore de dependencias
+    module_manager.show_dependency_tree(module_normalized)
+    
+    # Analisa impacto
+    is_safe, affected = module_manager.show_uninstall_impact(module_normalized)
+    
+    if not is_safe and not force:
+        typer.secho(
+            f"\n⚠️  ATENCAO: Remover '{module_normalized}' pode quebrar {len(affected)} modulo(s)!",
+            fg=typer.colors.YELLOW,
+            bold=True,
+        )
+        
+        if cascade:
+            typer.echo(f"\nModo --cascade: os seguintes modulos serao removidos primeiro:")
+            for dep in affected:
+                typer.echo(f"  - {dep}")
+    
+    # Confirmacao
+    if not yes:
+        if cascade and affected:
+            confirm_msg = f"Remover '{module_normalized}' e {len(affected)} dependente(s)?"
+        else:
+            confirm_msg = f"Remover '{module_normalized}'?"
+        
+        if not typer.confirm(f"\n{confirm_msg}", default=False):
+            typer.secho("Operacao cancelada.", fg=typer.colors.YELLOW)
+            raise typer.Exit(code=0)
+    
+    # Executa uninstall
+    success = module_manager.uninstall_module(
+        module_normalized,
+        exec_ctx,
+        force=force,
+        cascade=cascade,
+    )
+    
+    if success:
+        typer.secho(f"\n✓ Modulo '{module_normalized}' removido com sucesso!", fg=typer.colors.GREEN, bold=True)
+    else:
+        typer.secho(f"\n✗ Falha ao remover modulo '{module_normalized}'.", fg=typer.colors.RED)
+        raise typer.Exit(code=1)
+
+
+@app.command(name="list")
+def list_modules(
+    ctx: typer.Context,
+    installed_only: bool = typer.Option(False, "--installed", "-i", help="Mostra apenas modulos instalados"),
+    show_deps: bool = typer.Option(False, "--deps", "-d", help="Mostra dependencias detalhadas"),
+) -> None:
+    """Lista todos os modulos e seus status de instalacao.
+    
+    Exemplo:
+        raijin-server list
+        raijin-server list --installed
+        raijin-server list --deps
+    """
+    from rich.table import Table
+    
+    table = Table(title="Modulos Raijin Server")
+    table.add_column("Modulo", style="cyan")
+    table.add_column("Status", justify="center")
+    
+    if show_deps:
+        table.add_column("Dependencias", style="yellow")
+        table.add_column("Dependentes", style="magenta")
+    
+    table.add_column("Descricao", style="dim", max_width=40)
+    
+    status = module_manager.get_module_status()
+    
+    for module_name in sorted(status.keys()):
+        installed = status[module_name]
+        
+        if installed_only and not installed:
+            continue
+        
+        status_icon = "[green]✓ Instalado[/green]" if installed else "[dim]○ Pendente[/dim]"
+        desc = MODULE_DESCRIPTIONS.get(module_name, "")
+        
+        if show_deps:
+            deps = MODULE_DEPENDENCIES.get(module_name, [])
+            deps_str = ", ".join(deps) if deps else "-"
+            
+            from raijin_server.validators import get_reverse_dependencies
+            rev_deps = get_reverse_dependencies(module_name)
+            rev_deps_str = ", ".join(rev_deps) if rev_deps else "-"
+            
+            table.add_row(module_name, status_icon, deps_str, rev_deps_str, desc)
+        else:
+            table.add_row(module_name, status_icon, desc)
+    
+    console.print(table)
+    
+    # Resumo
+    total = len(status)
+    installed_count = sum(1 for v in status.values() if v)
+    console.print(f"\n[dim]Total: {total} modulos | Instalados: {installed_count} | Pendentes: {total - installed_count}[/dim]")
+
+
+@app.command()
+def deps(
+    module: str = typer.Argument(..., help="Nome do modulo"),
+) -> None:
+    """Mostra arvore de dependencias de um modulo.
+    
+    Exemplo:
+        raijin-server deps grafana
+        raijin-server deps kong
+    """
+    available = _get_available_modules()
+    module_normalized = module.replace("-", "_")
+    
+    if module_normalized not in available:
+        typer.secho(f"Modulo '{module}' nao encontrado.", fg=typer.colors.RED)
+        raise typer.Exit(code=1)
+    
+    module_manager.show_dependency_tree(module_normalized)
+
+
 def main_entrypoint() -> None:
     """Ponto de entrada para console_scripts."""
 

raijin_server/module_manager.py

@@ -0,0 +1,311 @@
+"""Gerenciador de instalacao e desinstalacao de modulos."""
+
+from __future__ import annotations
+
+import os
+from pathlib import Path
+from typing import Callable, Dict, List, Optional, Tuple
+
+import typer
+from rich.console import Console
+from rich.panel import Panel
+from rich.table import Table
+
+from raijin_server.utils import ExecutionContext, run_cmd, logger
+from raijin_server.validators import (
+    MODULE_DEPENDENCIES,
+    get_reverse_dependencies,
+    get_installed_dependents,
+    check_uninstall_safety,
+    check_module_dependencies,
+)
+
+console = Console()
+
+
+# Mapeamento de modulos para suas funcoes de uninstall
+# Sera populado dinamicamente pelo CLI
+UNINSTALL_HANDLERS: Dict[str, Callable[[ExecutionContext], None]] = {}
+
+
+def get_state_dir() -> Path:
+    """Retorna diretorio de estado."""
+    state_dir = Path(os.environ.get("RAIJIN_STATE_DIR", "/var/lib/raijin-server/state"))
+    if state_dir.exists():
+        return state_dir
+    alt_dir = Path.home() / ".local/share/raijin-server/state"
+    return alt_dir
+
+
+def is_module_installed(module: str) -> bool:
+    """Verifica se um modulo esta instalado (tem arquivo .done)."""
+    state_dir = get_state_dir()
+    state_file = state_dir / f"{module}.done"
+    return state_file.exists()
+
+
+def mark_module_uninstalled(module: str) -> None:
+    """Remove marcador de instalacao do modulo."""
+    state_dir = get_state_dir()
+    state_file = state_dir / f"{module}.done"
+    if state_file.exists():
+        state_file.unlink()
+        logger.info(f"Marcador de estado removido: {state_file}")
+
+
+def get_module_status() -> Dict[str, bool]:
+    """Retorna status de instalacao de todos os modulos."""
+    from raijin_server.cli import MODULES
+    
+    status = {}
+    for module in MODULES.keys():
+        if module == "full_install":
+            continue
+        status[module] = is_module_installed(module)
+    return status
+
+
+def show_dependency_tree(module: str) -> None:
+    """Exibe arvore de dependencias de um modulo."""
+    console.print(f"\n[bold cyan]Arvore de dependencias para '{module}':[/bold cyan]")
+    
+    # Dependencias (o que este modulo precisa)
+    deps = MODULE_DEPENDENCIES.get(module, [])
+    if deps:
+        console.print(f"\n[yellow]Requer (dependencias):[/yellow]")
+        for dep in deps:
+            installed = "✓" if is_module_installed(dep) else "✗"
+            color = "green" if is_module_installed(dep) else "red"
+            console.print(f"  [{color}]{installed}[/{color}] {dep}")
+    else:
+        console.print(f"\n[dim]Nenhuma dependencia[/dim]")
+    
+    # Dependentes (quem depende deste modulo)
+    dependents = get_reverse_dependencies(module)
+    if dependents:
+        console.print(f"\n[yellow]Dependentes (quem usa este modulo):[/yellow]")
+        for dep in dependents:
+            installed = "✓" if is_module_installed(dep) else "○"
+            color = "green" if is_module_installed(dep) else "dim"
+            console.print(f"  [{color}]{installed}[/{color}] {dep}")
+    else:
+        console.print(f"\n[dim]Nenhum modulo depende deste[/dim]")
+
+
+def show_uninstall_impact(module: str) -> Tuple[bool, List[str]]:
+    """Mostra impacto da remocao e retorna se e seguro."""
+    is_safe, affected, warning = check_uninstall_safety(module)
+    
+    if not is_safe:
+        console.print(Panel(
+            warning,
+            title="⚠️  AVISO DE IMPACTO",
+            border_style="yellow",
+        ))
+        
+        # Mostra arvore de impacto detalhada
+        table = Table(title="Modulos que serao afetados")
+        table.add_column("Modulo", style="red")
+        table.add_column("Status", style="yellow")
+        table.add_column("Depende de", style="cyan")
+        
+        for mod in affected:
+            deps = MODULE_DEPENDENCIES.get(mod, [])
+            relevant_deps = [d for d in deps if d == module or d in affected]
+            table.add_row(
+                mod,
+                "Instalado" if is_module_installed(mod) else "Nao instalado",
+                ", ".join(relevant_deps)
+            )
+        
+        console.print(table)
+        console.print()
+    
+    return is_safe, affected
+
+
+def uninstall_module(
+    module: str,
+    ctx: ExecutionContext,
+    force: bool = False,
+    cascade: bool = False,
+) -> bool:
+    """Desinstala um modulo com verificacao de seguranca.
+    
+    Args:
+        module: Nome do modulo a desinstalar
+        ctx: Contexto de execucao
+        force: Ignora avisos de seguranca
+        cascade: Remove tambem os modulos dependentes
+        
+    Returns:
+        True se desinstalou com sucesso
+    """
+    if not is_module_installed(module):
+        typer.secho(f"Modulo '{module}' nao esta instalado.", fg=typer.colors.YELLOW)
+        return False
+    
+    # Verifica seguranca
+    is_safe, affected = show_uninstall_impact(module)
+    
+    if not is_safe and not force:
+        if cascade:
+            # Desinstala dependentes primeiro (ordem reversa)
+            console.print(f"\n[yellow]Modo cascade: removendo dependentes primeiro...[/yellow]")
+            for dep in reversed(affected):
+                if is_module_installed(dep):
+                    console.print(f"\n[cyan]Removendo {dep}...[/cyan]")
+                    uninstall_module(dep, ctx, force=True, cascade=False)
+        else:
+            confirm = typer.confirm(
+                "\nDeseja continuar mesmo assim? (os modulos afetados podem parar de funcionar)",
+                default=False,
+            )
+            if not confirm:
+                typer.secho("Operacao cancelada.", fg=typer.colors.YELLOW)
+                return False
+    
+    # Executa uninstall especifico se disponivel
+    if module in UNINSTALL_HANDLERS:
+        typer.echo(f"\nExecutando uninstall de '{module}'...")
+        try:
+            UNINSTALL_HANDLERS[module](ctx)
+        except Exception as e:
+            typer.secho(f"Erro durante uninstall: {e}", fg=typer.colors.RED)
+            if not force:
+                return False
+    else:
+        # Uninstall generico - apenas remove marcador
+        typer.secho(
+            f"Modulo '{module}' nao tem handler de uninstall especifico.",
+            fg=typer.colors.YELLOW,
+        )
+        typer.echo("Apenas o marcador de estado sera removido.")
+        typer.echo("Recursos no cluster podem precisar de remocao manual.")
+    
+    # Remove marcador de estado
+    mark_module_uninstalled(module)
+    typer.secho(f"✓ Modulo '{module}' marcado como desinstalado.", fg=typer.colors.GREEN)
+    
+    return True
+
+
+def list_modules_status() -> None:
+    """Lista todos os modulos e seus status."""
+    from raijin_server.cli import MODULE_DESCRIPTIONS
+    
+    table = Table(title="Status dos Modulos Raijin")
+    table.add_column("Modulo", style="cyan")
+    table.add_column("Status", justify="center")
+    table.add_column("Dependencias")
+    table.add_column("Descricao", style="dim")
+    
+    status = get_module_status()
+    
+    for module, installed in sorted(status.items()):
+        status_icon = "[green]✓ Instalado[/green]" if installed else "[dim]○ Nao instalado[/dim]"
+        deps = MODULE_DEPENDENCIES.get(module, [])
+        deps_str = ", ".join(deps) if deps else "-"
+        desc = MODULE_DESCRIPTIONS.get(module, "")[:40]
+        if len(MODULE_DESCRIPTIONS.get(module, "")) > 40:
+            desc += "..."
+        
+        table.add_row(module, status_icon, deps_str, desc)
+    
+    console.print(table)
+
+
+def check_kubernetes_resource(resource_type: str, name: str, namespace: str = "") -> bool:
+    """Verifica se um recurso Kubernetes existe."""
+    cmd = ["kubectl", "get", resource_type, name]
+    if namespace:
+        cmd.extend(["-n", namespace])
+    
+    import subprocess
+    result = subprocess.run(cmd, capture_output=True, text=True)
+    return result.returncode == 0
+
+
+def generic_helm_uninstall(release_name: str, namespace: str, ctx: ExecutionContext) -> bool:
+    """Desinstala um release Helm de forma generica."""
+    typer.echo(f"Removendo release Helm '{release_name}' do namespace '{namespace}'...")
+    
+    # Verifica se existe
+    result = run_cmd(
+        ["helm", "status", release_name, "-n", namespace],
+        ctx,
+        check=False,
+    )
+    
+    if result.returncode != 0:
+        typer.echo(f"Release '{release_name}' nao encontrado.")
+        return False
+    
+    # Remove release
+    result = run_cmd(
+        ["helm", "uninstall", release_name, "-n", namespace],
+        ctx,
+        check=False,
+    )
+    
+    if result.returncode == 0:
+        typer.secho(f"✓ Release '{release_name}' removido.", fg=typer.colors.GREEN)
+        return True
+    else:
+        typer.secho(f"✗ Falha ao remover release '{release_name}'.", fg=typer.colors.RED)
+        return False
+
+
+def cleanup_namespace(namespace: str, ctx: ExecutionContext, wait: bool = True) -> bool:
+    """Remove um namespace do Kubernetes."""
+    typer.echo(f"Removendo namespace '{namespace}'...")
+    
+    result = run_cmd(
+        ["kubectl", "delete", "namespace", namespace, "--ignore-not-found"],
+        ctx,
+        check=False,
+    )
+    
+    if wait and result.returncode == 0:
+        import time
+        # Aguarda namespace ser removido
+        deadline = time.time() + 60
+        while time.time() < deadline:
+            check = run_cmd(
+                ["kubectl", "get", "namespace", namespace],
+                ctx,
+                check=False,
+            )
+            if check.returncode != 0:
+                break
+            time.sleep(5)
+    
+    return result.returncode == 0
+
+
+def cleanup_crds(pattern: str, ctx: ExecutionContext) -> int:
+    """Remove CRDs que correspondem ao padrao."""
+    import subprocess
+    
+    # Lista CRDs
+    result = subprocess.run(
+        ["kubectl", "get", "crd", "-o", "name"],
+        capture_output=True,
+        text=True,
+    )
+    
+    if result.returncode != 0:
+        return 0
+    
+    removed = 0
+    for line in result.stdout.strip().split("\n"):
+        if pattern in line:
+            crd_name = line.replace("customresourcedefinition.apiextensions.k8s.io/", "")
+            run_cmd(
+                ["kubectl", "delete", "crd", crd_name, "--ignore-not-found"],
+                ctx,
+                check=False,
+            )
+            removed += 1
+    
+    return removed

raijin_server/modules/istio.py

@@ -147,6 +147,9 @@ metadata:
   namespace: istio-system
 spec:
   profile: {profile}
+  meshConfig:
+    defaultConfig:
+      holdApplicationUntilProxyStarts: true
   components:
     pilot:
       enabled: true
@@ -175,10 +178,6 @@ spec:
             kubernetes.io/hostname: {node_name}
           service:
             type: {service_type}
-  values:
-    global:
-      proxy:
-        holdApplicationUntilProxyStarts: true
 """
 
     config_path = Path("/tmp/raijin-istio-config.yaml")

raijin_server/modules/kong.py

@@ -2,10 +2,11 @@
 
 import socket
 import time
+from pathlib import Path
 
 import typer
 
-from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
+from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd, write_file
 
 
 def _detect_node_name(ctx: ExecutionContext) -> str:
@@ -20,6 +21,26 @@ def _detect_node_name(ctx: ExecutionContext) -> str:
     return socket.gethostname()
 
 
+def _check_metallb_installed(ctx: ExecutionContext) -> bool:
+    """Verifica se MetalLB está instalado no cluster."""
+    result = run_cmd(
+        ["kubectl", "get", "deployment", "metallb-controller", "-n", "metallb-system"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+
+
+def _check_cert_manager_installed(ctx: ExecutionContext) -> bool:
+    """Verifica se cert-manager está instalado no cluster."""
+    result = run_cmd(
+        ["kubectl", "get", "deployment", "cert-manager", "-n", "cert-manager"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+
+
 def _check_existing_kong(ctx: ExecutionContext) -> bool:
     """Verifica se existe instalacao do Kong."""
     result = run_cmd(
@@ -30,6 +51,42 @@ def _check_existing_kong(ctx: ExecutionContext) -> bool:
     return result.returncode == 0
 
 
+def _check_orphan_crds(ctx: ExecutionContext) -> list[str]:
+    """Detecta CRDs orfaos do Kong (sem ownership do Helm)."""
+    result = run_cmd(
+        ["kubectl", "get", "crd", "-o", "name"],
+        ctx,
+        check=False,
+    )
+    
+    if result.returncode != 0:
+        return []
+    
+    kong_crds = []
+    for line in (result.stdout or "").strip().split("\n"):
+        if "konghq.com" in line:
+            # Extrai nome do CRD
+            crd_name = line.replace("customresourcedefinition.apiextensions.k8s.io/", "")
+            kong_crds.append(crd_name)
+    
+    return kong_crds
+
+
+def _cleanup_orphan_crds(ctx: ExecutionContext, crds: list[str]) -> None:
+    """Remove CRDs orfaos do Kong."""
+    typer.echo(f"Removendo {len(crds)} CRDs orfaos do Kong...")
+    
+    for crd in crds:
+        run_cmd(
+            ["kubectl", "delete", "crd", crd, "--ignore-not-found"],
+            ctx,
+            check=False,
+        )
+    
+    time.sleep(3)
+    typer.secho("  CRDs orfaos removidos.", fg=typer.colors.GREEN)
+
+
 def _uninstall_kong(ctx: ExecutionContext) -> None:
     """Remove instalacao anterior do Kong."""
     typer.echo("Removendo instalacao anterior do Kong...")
@@ -100,45 +157,121 @@ def run(ctx: ExecutionContext) -> None:
         )
         if cleanup:
             _uninstall_kong(ctx)
+    
+    # Verificar CRDs orfaos (sem ownership do Helm)
+    orphan_crds = _check_orphan_crds(ctx)
+    if orphan_crds:
+        typer.secho(
+            f"\n⚠️  Detectados {len(orphan_crds)} CRDs orfaos do Kong (sem ownership do Helm):",
+            fg=typer.colors.YELLOW,
+        )
+        for crd in orphan_crds[:5]:
+            typer.echo(f"    - {crd}")
+        if len(orphan_crds) > 5:
+            typer.echo(f"    ... e mais {len(orphan_crds) - 5}")
+        
+        cleanup_crds = typer.confirm(
+            "\nRemover CRDs orfaos para permitir instalacao limpa?",
+            default=True,
+        )
+        if cleanup_crds:
+            _cleanup_orphan_crds(ctx, orphan_crds)
+        else:
+            typer.secho(
+                "AVISO: A instalacao pode falhar devido aos CRDs orfaos.",
+                fg=typer.colors.YELLOW,
+            )
+
+    # Detectar dependencias
+    has_metallb = _check_metallb_installed(ctx)
+    has_cert_manager = _check_cert_manager_installed(ctx)
+
+    # Tipo de servico baseado na presenca do MetalLB
+    if has_metallb:
+        typer.secho("✓ MetalLB detectado. Kong usará LoadBalancer.", fg=typer.colors.GREEN)
+        service_type = "LoadBalancer"
+    else:
+        typer.secho("⚠ MetalLB não detectado. Kong usará NodePort.", fg=typer.colors.YELLOW)
+        service_type = "NodePort"
+
+    if has_cert_manager:
+        typer.secho("✓ cert-manager detectado. TLS automático disponível.", fg=typer.colors.GREEN)
+    else:
+        typer.secho("⚠ cert-manager não detectado. Configure TLS manualmente.", fg=typer.colors.YELLOW)
 
     # Configuracoes interativas
     enable_admin = typer.confirm("Habilitar Admin API (para gerenciamento)?", default=True)
+    enable_metrics = typer.confirm("Habilitar métricas Prometheus?", default=True)
     db_mode = typer.prompt(
         "Modo de banco de dados (dbless/postgres)",
-        default="dbless",
+        default="postgres",
     )
     
     node_name = _detect_node_name(ctx)
-    
-    values = [
-        # Modo de operacao
-        f"env.database={db_mode}",
-        # Ingress Controller
-        "ingressController.installCRDs=true",
-        "ingressController.enabled=true",
-        # Proxy service
-        "proxy.enabled=true",
-        "proxy.type=LoadBalancer",
-        # Tolerations para control-plane
-        "tolerations[0].key=node-role.kubernetes.io/control-plane",
-        "tolerations[0].operator=Exists",
-        "tolerations[0].effect=NoSchedule",
-        "tolerations[1].key=node-role.kubernetes.io/master",
-        "tolerations[1].operator=Exists",
-        "tolerations[1].effect=NoSchedule",
-        # NodeSelector
-        f"nodeSelector.kubernetes\\.io/hostname={node_name}",
-    ]
-    
-    # Admin API
-    if enable_admin:
-        values.extend([
-            "admin.enabled=true",
-            "admin.type=ClusterIP",
-            "admin.http.enabled=true",
-        ])
-    else:
-        values.append("admin.enabled=false")
+
+    # Usar arquivo YAML para configurações complexas (mais confiável que --set)
+    values_yaml = f"""env:
+  database: {db_mode}
+
+ingressController:
+  installCRDs: true
+  enabled: true
+
+proxy:
+  enabled: true
+  type: {service_type}
+  http:
+    enabled: true
+    containerPort: 8000
+    servicePort: 80
+  tls:
+    enabled: true
+    containerPort: 8443
+    servicePort: 443
+
+admin:
+  enabled: {str(enable_admin).lower()}
+  type: ClusterIP
+  http:
+    enabled: true
+
+tolerations:
+  - key: node-role.kubernetes.io/control-plane
+    operator: Exists
+    effect: NoSchedule
+  - key: node-role.kubernetes.io/master
+    operator: Exists
+    effect: NoSchedule
+
+nodeSelector:
+  kubernetes.io/hostname: {node_name}
+
+resources:
+  requests:
+    memory: 256Mi
+    cpu: 100m
+  limits:
+    memory: 1Gi
+"""
+
+    # Adicionar métricas se habilitado
+    if enable_metrics:
+        values_yaml += """
+serviceMonitor:
+  enabled: true
+  namespace: kong
+  labels:
+    release: kube-prometheus-stack
+
+podAnnotations:
+  prometheus.io/scrape: "true"
+  prometheus.io/port: "8100"
+"""
+
+    values_path = Path("/tmp/raijin-kong-values.yaml")
+    write_file(values_path, values_yaml, ctx)
+
+    run_cmd(["kubectl", "create", "namespace", "kong"], ctx, check=False)
     
     helm_upgrade_install(
         release="kong",
@@ -147,7 +280,8 @@ def run(ctx: ExecutionContext) -> None:
         repo="kong",
         repo_url="https://charts.konghq.com",
         ctx=ctx,
-        values=values,
+        values=[],
+        extra_args=["-f", str(values_path)],
     )
     
     # Aguarda pods ficarem prontos
@@ -155,9 +289,46 @@ def run(ctx: ExecutionContext) -> None:
         _wait_for_kong_ready(ctx)
     
     # Mostra informacoes uteis
-    typer.secho("\n✓ Kong instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
-    typer.echo("\nPara verificar o servico:")
-    typer.echo("  kubectl -n kong get svc kong-kong-proxy")
+    typer.secho("\n✓ Kong Gateway instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
+    
+    typer.echo("\n📌 Acesso ao Kong Proxy:")
+    if service_type == "LoadBalancer":
+        typer.echo("  kubectl -n kong get svc kong-kong-proxy  # Aguarde EXTERNAL-IP")
+    else:
+        typer.echo("  kubectl -n kong get svc kong-kong-proxy  # Use NodePort")
+    
     if enable_admin:
-        typer.echo("\nPara acessar Admin API (port-forward):")
+        typer.echo("\n📌 Admin API (port-forward):")
         typer.echo("  kubectl -n kong port-forward svc/kong-kong-admin 8001:8001")
+        typer.echo("  curl http://localhost:8001/status")
+    
+    if enable_metrics:
+        typer.echo("\n📌 Métricas Prometheus:")
+        typer.echo("  ServiceMonitor criado - métricas serão coletadas automaticamente")
+    
+    if has_cert_manager:
+        typer.echo("\n📌 TLS com cert-manager (exemplo de Ingress):")
+        typer.echo("""  ---
+  apiVersion: networking.k8s.io/v1
+  kind: Ingress
+  metadata:
+    name: my-api
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      konghq.com/strip-path: "true"
+  spec:
+    ingressClassName: kong
+    tls:
+      - hosts: [api.example.com]
+        secretName: api-tls
+    rules:
+      - host: api.example.com
+        http:
+          paths:
+            - path: /
+              pathType: Prefix
+              backend:
+                service:
+                  name: my-service
+                  port:
+                    number: 80""")

raijin_server/modules/kubernetes.py

@@ -269,7 +269,7 @@ scheduler: {{}}
 ---
 apiVersion: kubeproxy.config.k8s.io/v1alpha1
 kind: KubeProxyConfiguration
-mode: ipvs
+mode: iptables
 ---
 apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
@@ -331,3 +331,34 @@ cgroupDriver: systemd
         "--all",
         "--timeout=180s",
     ], ctx, check=False)
+
+    # Em clusters single-node, perguntar se deve remover taint do control-plane
+    # para permitir que workloads rodem no mesmo node
+    typer.secho("\n📌 Configuração de Single-Node Cluster", fg=typer.colors.CYAN, bold=True)
+    typer.echo("Se este for um cluster single-node (apenas este servidor),")
+    typer.echo("é necessário remover o taint do control-plane para permitir workloads.")
+    
+    remove_taint = typer.confirm(
+        "Remover taint do control-plane (necessário para single-node)?",
+        default=True,
+    )
+    
+    if remove_taint:
+        typer.echo("Removendo taint node-role.kubernetes.io/control-plane...")
+        run_cmd(
+            ["kubectl", "taint", "nodes", "--all", "node-role.kubernetes.io/control-plane-", "--overwrite"],
+            ctx,
+            check=False,
+        )
+        typer.secho("✓ Taint removido. Workloads podem rodar neste node.", fg=typer.colors.GREEN)
+    else:
+        typer.secho(
+            "⚠ Taint mantido. Workloads precisarão de tolerations ou worker nodes.",
+            fg=typer.colors.YELLOW,
+        )
+
+    typer.secho("\n✓ Kubernetes instalado com sucesso!", fg=typer.colors.GREEN, bold=True)
+    typer.echo("\nPróximos passos:")
+    typer.echo("  raijin-server install metallb     # LoadBalancer para bare-metal")
+    typer.echo("  raijin-server install traefik     # Ingress Controller")
+    typer.echo("  raijin-server install cert-manager # Certificados TLS automáticos")

raijin_server/validators.py

@@ -269,3 +269,80 @@ def check_module_dependencies(module: str, ctx: ExecutionContext) -> bool:
             return False
 
     return True
+
+
+def get_reverse_dependencies(module: str) -> List[str]:
+    """Retorna lista de modulos que dependem do modulo especificado.
+    
+    Args:
+        module: Nome do modulo para verificar dependencias reversas
+        
+    Returns:
+        Lista de modulos que dependem deste modulo
+    """
+    dependents = []
+    for mod, deps in MODULE_DEPENDENCIES.items():
+        if module in deps:
+            dependents.append(mod)
+    return dependents
+
+
+def get_installed_dependents(module: str) -> List[str]:
+    """Retorna lista de modulos instalados que dependem do modulo especificado.
+    
+    Args:
+        module: Nome do modulo para verificar
+        
+    Returns:
+        Lista de modulos instalados que dependem deste modulo
+    """
+    state_dir = Path(os.environ.get("RAIJIN_STATE_DIR", "/var/lib/raijin-server/state"))
+    if not state_dir.exists():
+        state_dir = Path.home() / ".local/share/raijin-server/state"
+    
+    dependents = get_reverse_dependencies(module)
+    installed = []
+    
+    for dep in dependents:
+        state_file = state_dir / f"{dep}.done"
+        if state_file.exists():
+            installed.append(dep)
+    
+    return installed
+
+
+def check_uninstall_safety(module: str) -> Tuple[bool, List[str], str]:
+    """Verifica se e seguro remover um modulo.
+    
+    Args:
+        module: Nome do modulo a ser removido
+        
+    Returns:
+        Tupla (is_safe, affected_modules, warning_message)
+    """
+    installed_dependents = get_installed_dependents(module)
+    
+    if not installed_dependents:
+        return True, [], ""
+    
+    # Constroi arvore de impacto (recursivo)
+    all_affected = set(installed_dependents)
+    to_check = list(installed_dependents)
+    
+    while to_check:
+        current = to_check.pop(0)
+        sub_dependents = get_installed_dependents(current)
+        for sub in sub_dependents:
+            if sub not in all_affected:
+                all_affected.add(sub)
+                to_check.append(sub)
+    
+    affected_list = sorted(list(all_affected))
+    
+    warning = f"AVISO: Remover '{module}' afetara os seguintes modulos instalados:\n"
+    for dep in affected_list:
+        warning += f"  - {dep}\n"
+    warning += "\nEstes modulos podem parar de funcionar corretamente!"
+    
+    return False, affected_list, warning
+

{raijin_server-0.2.25.dist-info → raijin_server-0.2.27.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.25
+Version: 0.2.27
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.2.25.dist-info → raijin_server-0.2.27.dist-info}/RECORD

@@ -1,9 +1,10 @@
-raijin_server/__init__.py,sha256=Fb2dY-WZNdEoZ2C5SWUDZG_DzfMcBF1q-cf_ss9lo7s,95
-raijin_server/cli.py,sha256=71nn7QN0f3MJkXcHr0STXmxljr-CaPibzOoiItbOT88,28571
+raijin_server/__init__.py,sha256=ZjIsech_uw8wSidEG2vZITmdC6GCiNK6nsXDMvlyVog,95
+raijin_server/cli.py,sha256=2m7q1znMLbBdnUwN6oOUrCZXEqC2e7SfbjYkymbP4lQ,37884
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
 raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
+raijin_server/module_manager.py,sha256=Wmhj603CN0XGUVr7_Fo8CHzKd9yIbS9x5BJLqDj78kw,10259
 raijin_server/utils.py,sha256=9RnGnPoUTYOpMVRLNa4P4lIQrJNQLkSkPUxycZRGv78,20827
-raijin_server/validators.py,sha256=5SpGz0aDmt60v19KJQSU-VpQOVc3WyNJQn45acUhq0Q,9463
+raijin_server/validators.py,sha256=EATYPy2pllAb6IX4gUZKnELvospWwyGV3DHrzxb_RMg,11761
 raijin_server/modules/__init__.py,sha256=e_IbkhLGPcF8to9QUmIESP6fpcTOYcIhaXLKIvqRJMY,920
 raijin_server/modules/apokolips_demo.py,sha256=8ltsXRbVDwlDwLMIvh02NG-FeAfBWw_v6lh7IGOyNqs,13725
 raijin_server/modules/bootstrap.py,sha256=oVIGNRW_JbgY8zXNHGAIP0vGbbHNHyQexthxo5zhbcw,9762
@@ -15,10 +16,10 @@ raijin_server/modules/full_install.py,sha256=xiKe2GLuZ97c4YdTmhP-kwDVuJJ9Xq3dlgc
 raijin_server/modules/grafana.py,sha256=DdDLxmTeFnDRvcRLkpg1RuR9o1ZAArk2W-DTLLyfWHg,6009
 raijin_server/modules/hardening.py,sha256=4hz3ifkMhPlXa2n7gPxN0gitQgzALZ-073vuU3LM4RI,1616
 raijin_server/modules/harness.py,sha256=uWTxTVJlY_VB6xi4ftMtTSaIb96HA8WJQS-RbyxU45M,5391
-raijin_server/modules/istio.py,sha256=LxH_3VKWMq_F8WFumkxgL0dhFmG309XB4TbSUggJEic,7301
+raijin_server/modules/istio.py,sha256=o0K5-Fw4LRs-kbAVgwzYxHzEt_aPFJG8suqOqvg2748,7297
 raijin_server/modules/kafka.py,sha256=n7ZpLPWv6sKBJhdBiPe7VgeDB24YiCIOWvOQkWwt03Y,5664
-raijin_server/modules/kong.py,sha256=cRDzAP9Ne3Qte6sqmxWUS-aJVgiaf4B0uqFvg02Nw5E,5076
-raijin_server/modules/kubernetes.py,sha256=waSf2cCVnLicN5o3M47MzMzmHHtvKeFXm1__8ynQzA0,11871
+raijin_server/modules/kong.py,sha256=s6g8Qq_SyUBy_AIXXSTAb9XyqaQrK3eDOU_xS5merRw,9825
+raijin_server/modules/kubernetes.py,sha256=9E6zV0zGQWZW92NVpxwYctpi-4JDmi6YzF3tKRI4HlU,13343
 raijin_server/modules/loki.py,sha256=aNiUpnOFppZMXoQwYhn7IoPMzwUz4aHi6pbiqj1PRjc,5022
 raijin_server/modules/metallb.py,sha256=uUuklc_RsQ-W2qDVRMQAxQm9HKGEqso444b1IwBpM6w,8554
 raijin_server/modules/minio.py,sha256=wxL8U1Zl3XtI-wymIeZonmi561v1zf-bY4TTVPKisLA,6221
@@ -37,9 +38,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.2.25.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.2.25.dist-info/METADATA,sha256=IZM1t1KEU8iBnJ6bXc2FLoL7XIsJ_01Y5HhZ_Qirt0w,22476
-raijin_server-0.2.25.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.2.25.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.2.25.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.2.25.dist-info/RECORD,,
+raijin_server-0.2.27.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.2.27.dist-info/METADATA,sha256=zvRHWIQU7Lere-1GwtkxnNNtcReyE5BFUqpMyKPEgk8,22476
+raijin_server-0.2.27.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.2.27.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.2.27.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.2.27.dist-info/RECORD,,