raijin-server 0.2.41__py3-none-any.whl → 0.3.0__py3-none-any.whl

raijin_server/modules/prometheus.py

@@ -2,8 +2,12 @@
 
 from __future__ import annotations
 
+import json
 import socket
+import tempfile
+import textwrap
 import time
+from pathlib import Path
 
 import typer
 
@@ -16,6 +20,10 @@ from raijin_server.utils import (
 )
 
 DEFAULT_NAMESPACE = "observability"
+LOCAL_PATH_PROVISIONER_URL = (
+    "https://raw.githubusercontent.com/rancher/local-path-provisioner/"
+    "v0.0.30/deploy/local-path-storage.yaml"
+)
 
 
 def _detect_node_name(ctx: ExecutionContext) -> str:
@@ -31,6 +39,7 @@ def _detect_node_name(ctx: ExecutionContext) -> str:
 
 
 def _get_default_storage_class(ctx: ExecutionContext) -> str:
+    """Retorna o nome da StorageClass default do cluster, se existir."""
     if ctx.dry_run:
         return ""
     result = run_cmd(
@@ -39,12 +48,260 @@ def _get_default_storage_class(ctx: ExecutionContext) -> str:
             "get",
             "storageclass",
             "-o",
-            "jsonpath={.items[?(@.metadata.annotations['storageclass.kubernetes.io/is-default-class']=='true')].metadata.name}",
+            "jsonpath={.items[?(@.metadata.annotations.storageclass\\.kubernetes\\.io/is-default-class=='true')].metadata.name}",
         ],
         ctx,
         check=False,
     )
-    return (result.stdout or "").strip()
+    if result.returncode == 0 and (result.stdout or "").strip():
+        return (result.stdout or "").strip()
+    return ""
+
+
+def _list_storage_classes(ctx: ExecutionContext) -> list:
+    """Lista todas as StorageClasses disponiveis."""
+    result = run_cmd(
+        ["kubectl", "get", "storageclass", "-o", "jsonpath={.items[*].metadata.name}"],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0 and (result.stdout or "").strip():
+        return (result.stdout or "").strip().split()
+    return []
+
+
+def _apply_manifest(ctx: ExecutionContext, manifest: str, description: str) -> bool:
+    """Aplica manifest YAML temporario com kubectl."""
+    tmp_path = None
+    try:
+        with tempfile.NamedTemporaryFile("w", delete=False, suffix=".yaml") as tmp:
+            tmp.write(manifest)
+            tmp.flush()
+            tmp_path = Path(tmp.name)
+        result = run_cmd(
+            ["kubectl", "apply", "-f", str(tmp_path)],
+            ctx,
+            check=False,
+        )
+        if result.returncode != 0:
+            typer.secho(f"  Falha ao aplicar {description}.", fg=typer.colors.RED)
+            return False
+        typer.secho(f"  ✓ {description} aplicado.", fg=typer.colors.GREEN)
+        return True
+    finally:
+        if tmp_path and tmp_path.exists():
+            tmp_path.unlink(missing_ok=True)
+
+
+def _patch_local_path_provisioner_tolerations(ctx: ExecutionContext) -> None:
+    """Adiciona tolerations ao local-path-provisioner para rodar em control-plane."""
+    typer.echo("  Configurando tolerations no local-path-provisioner...")
+    
+    # Patch no deployment para tolerar control-plane
+    patch_deployment = textwrap.dedent(
+        """
+        spec:
+          template:
+            spec:
+              tolerations:
+              - key: node-role.kubernetes.io/control-plane
+                operator: Exists
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/master
+                operator: Exists
+                effect: NoSchedule
+        """
+    ).strip()
+    
+    result = run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "patch", "deployment",
+            "local-path-provisioner", "--patch", patch_deployment,
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        typer.secho("    ✓ Deployment patched com tolerations.", fg=typer.colors.GREEN)
+    
+    # Patch no ConfigMap para os helper pods (que criam os dirs no node)
+    # O local-path-provisioner usa um ConfigMap com helperPod template
+    helper_pod_config = {
+        "nodePathMap": [
+            {
+                "node": "DEFAULT_PATH_FOR_NON_LISTED_NODES",
+                "paths": ["/opt/local-path-provisioner"]
+            }
+        ],
+        "setupCommand": None,
+        "teardownCommand": None,
+        "helperPod": {
+            "apiVersion": "v1",
+            "kind": "Pod",
+            "metadata": {},
+            "spec": {
+                "tolerations": [
+                    {"key": "node-role.kubernetes.io/control-plane", "operator": "Exists", "effect": "NoSchedule"},
+                    {"key": "node-role.kubernetes.io/master", "operator": "Exists", "effect": "NoSchedule"}
+                ],
+                "containers": [
+                    {
+                        "name": "helper-pod",
+                        "image": "busybox:stable",
+                        "imagePullPolicy": "IfNotPresent"
+                    }
+                ]
+            }
+        }
+    }
+    
+    # Converte para JSON string para o patch
+    config_json_str = json.dumps(helper_pod_config)
+    patch_data = json.dumps({"data": {"config.json": config_json_str}})
+    
+    # Aplica via patch no ConfigMap
+    result = run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "patch", "configmap",
+            "local-path-config", "--type=merge", "-p", patch_data,
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        typer.secho("    ✓ ConfigMap patched para helper pods.", fg=typer.colors.GREEN)
+    
+    # Reinicia o deployment para aplicar as mudanças
+    run_cmd(
+        ["kubectl", "-n", "local-path-storage", "rollout", "restart", "deployment/local-path-provisioner"],
+        ctx,
+        check=False,
+    )
+    
+    # Aguarda rollout
+    run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "rollout", "status",
+            "deployment/local-path-provisioner", "--timeout=60s",
+        ],
+        ctx,
+        check=False,
+    )
+
+
+def _install_local_path_provisioner(ctx: ExecutionContext) -> bool:
+    """Instala local-path-provisioner para usar storage local (NVMe/SSD)."""
+    typer.echo("Instalando local-path-provisioner para storage local...")
+    
+    result = run_cmd(
+        ["kubectl", "apply", "-f", LOCAL_PATH_PROVISIONER_URL],
+        ctx,
+        check=False,
+    )
+    if result.returncode != 0:
+        typer.secho("  Falha ao instalar local-path-provisioner.", fg=typer.colors.RED)
+        return False
+    
+    # Aguarda deployment ficar pronto inicialmente
+    typer.echo("  Aguardando local-path-provisioner ficar Ready...")
+    run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "rollout", "status",
+            "deployment/local-path-provisioner", "--timeout=60s",
+        ],
+        ctx,
+        check=False,
+    )
+    
+    # Aplica tolerations para control-plane (single-node clusters)
+    _patch_local_path_provisioner_tolerations(ctx)
+    
+    typer.secho("  ✓ local-path-provisioner instalado e configurado.", fg=typer.colors.GREEN)
+    return True
+
+
+def _set_default_storage_class(ctx: ExecutionContext, name: str) -> None:
+    """Define uma StorageClass como default."""
+    # Remove default de outras classes primeiro
+    existing = _list_storage_classes(ctx)
+    for sc in existing:
+        if sc != name:
+            run_cmd(
+                [
+                    "kubectl", "annotate", "storageclass", sc,
+                    "storageclass.kubernetes.io/is-default-class-",
+                    "--overwrite",
+                ],
+                ctx,
+                check=False,
+            )
+    
+    # Define a nova como default
+    run_cmd(
+        [
+            "kubectl", "annotate", "storageclass", name,
+            "storageclass.kubernetes.io/is-default-class=true",
+            "--overwrite",
+        ],
+        ctx,
+        check=True,
+    )
+    typer.secho(f"  ✓ StorageClass '{name}' definida como default.", fg=typer.colors.GREEN)
+
+
+def _ensure_storage_class(ctx: ExecutionContext) -> str:
+    """Garante que existe uma StorageClass disponivel, instalando local-path se necessario."""
+    if ctx.dry_run:
+        return "local-path"  # Retorna um valor dummy para dry-run
+    
+    default_sc = _get_default_storage_class(ctx)
+    available = _list_storage_classes(ctx)
+
+    # Se ja existir default (qualquer uma), usa ela
+    if default_sc:
+        typer.echo(f"StorageClass default detectada: {default_sc}")
+        # Se for local-path, garante que o provisioner tem tolerations
+        if default_sc == "local-path" or "local-path" in available:
+            _patch_local_path_provisioner_tolerations(ctx)
+        return default_sc
+
+    # Se local-path estiver disponivel mas nao for default, define como default
+    if "local-path" in available:
+        typer.echo("StorageClass 'local-path' detectada.")
+        _patch_local_path_provisioner_tolerations(ctx)
+        _set_default_storage_class(ctx, "local-path")
+        return "local-path"
+
+    # Se houver outras classes disponiveis, pergunta qual usar
+    if available:
+        typer.echo(f"StorageClasses disponiveis (sem default): {', '.join(available)}")
+        choice = typer.prompt(
+            f"Qual StorageClass usar? ({'/'.join(available)})",
+            default=available[0],
+        )
+        return choice
+
+    # Nenhuma StorageClass disponivel - instala local-path automaticamente
+    typer.secho(
+        "Nenhuma StorageClass encontrada no cluster.",
+        fg=typer.colors.YELLOW,
+    )
+    install = typer.confirm(
+        "Instalar local-path-provisioner para usar armazenamento local (NVMe/SSD)?",
+        default=True,
+    )
+    if not install:
+        typer.secho(
+            "Abortando: Prometheus com PVC requer uma StorageClass.",
+            fg=typer.colors.RED,
+        )
+        raise typer.Exit(1)
+
+    if not _install_local_path_provisioner(ctx):
+        raise typer.Exit(1)
+
+    _set_default_storage_class(ctx, "local-path")
+    return "local-path"
 
 
 def _ensure_cluster_access(ctx: ExecutionContext) -> None:
@@ -165,11 +422,17 @@ def run(ctx: ExecutionContext) -> None:
 
     kubectl_create_ns(namespace, ctx)
 
+    # Verifica se existe StorageClass default para sugerir no prompt
     default_sc = _get_default_storage_class(ctx)
+    
     enable_persistence = typer.confirm(
         "Habilitar PVC para Prometheus e Alertmanager?", default=bool(default_sc)
     )
 
+    # Se habilitou PVC, garante que existe StorageClass disponivel
+    if enable_persistence:
+        default_sc = _ensure_storage_class(ctx)
+
     node_name = _detect_node_name(ctx)
 
     values = [
@@ -216,7 +479,7 @@ def run(ctx: ExecutionContext) -> None:
         f"prometheusOperator.nodeSelector.kubernetes\\.io/hostname={node_name}",
     ]
 
-    extra_args = ["--wait", "--timeout", "5m", "--atomic"]
+    extra_args = ["--wait", "--timeout", "10m", "--atomic"]
 
     chart_version = typer.prompt(
         "Versao do chart (vazio para latest)",

raijin_server/modules/traefik.py

@@ -75,7 +75,25 @@ def run(ctx: ExecutionContext) -> None:
             _uninstall_traefik(ctx)
 
     acme_email = typer.prompt("Email para ACME/Let's Encrypt", default="admin@example.com")
-    dashboard_host = typer.prompt("Host para dashboard (opcional)", default="traefik.local")
+    
+    # Dashboard do Traefik deve ser acessado via VPN, não publicamente
+    enable_dashboard = typer.confirm(
+        "Habilitar dashboard público? (NÃO recomendado - use VPN + port-forward)",
+        default=False
+    )
+    
+    dashboard_host = ""
+    if enable_dashboard:
+        typer.secho(
+            "\n⚠️  ATENÇÃO: Expor dashboard do Traefik publicamente é um risco de segurança!",
+            fg=typer.colors.YELLOW,
+            bold=True,
+        )
+        typer.secho(
+            "Recomendação: Acesse via VPN com port-forward.\n",
+            fg=typer.colors.YELLOW,
+        )
+        dashboard_host = typer.prompt("Host para dashboard", default="traefik.local")
 
     node_name = _detect_node_name(ctx)
 
@@ -112,3 +130,19 @@ def run(ctx: ExecutionContext) -> None:
         ctx=ctx,
         values=values,
     )
+
+    typer.secho("\n✓ Traefik instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
+    
+    if enable_dashboard and dashboard_host:
+        typer.echo(f"\nDashboard público: https://{dashboard_host}/dashboard/")
+    else:
+        typer.secho("\n🔒 Acesso Seguro ao Dashboard via VPN:", fg=typer.colors.CYAN, bold=True)
+        typer.echo("\n1. Configure VPN (se ainda não tiver):")
+        typer.echo("   sudo raijin vpn")
+        typer.echo("\n2. Conecte via WireGuard")
+        typer.echo("\n3. Acesse via NodePort ou port-forward:")
+        typer.echo("   kubectl -n traefik port-forward deployment/traefik 9000:9000")
+        typer.echo("\n4. Abra no navegador:")
+        typer.echo("   http://localhost:9000/dashboard/")
+        typer.echo("\nOu via service direto (se LoadBalancer/NodePort):")
+        typer.echo("   kubectl -n traefik get svc traefik")