raijin-server 0.3.3__py3-none-any.whl → 0.3.6__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of raijin-server might be problematic. Click here for more details.

Files changed (18) hide show
  1. raijin_server/__init__.py +1 -1
  2. raijin_server/cli.py +4 -17
  3. raijin_server/modules/__init__.py +4 -5
  4. raijin_server/modules/full_install.py +11 -19
  5. raijin_server/modules/grafana.py +27 -8
  6. raijin_server/modules/harbor.py +685 -0
  7. raijin_server/modules/loki.py +28 -4
  8. raijin_server/modules/minio.py +48 -15
  9. raijin_server/modules/prometheus.py +47 -7
  10. raijin_server/modules/secrets.py +416 -95
  11. {raijin_server-0.3.3.dist-info → raijin_server-0.3.6.dist-info}/METADATA +1 -1
  12. {raijin_server-0.3.3.dist-info → raijin_server-0.3.6.dist-info}/RECORD +16 -17
  13. raijin_server/modules/observability_dashboards.py +0 -233
  14. raijin_server/modules/observability_ingress.py +0 -246
  15. {raijin_server-0.3.3.dist-info → raijin_server-0.3.6.dist-info}/WHEEL +0 -0
  16. {raijin_server-0.3.3.dist-info → raijin_server-0.3.6.dist-info}/entry_points.txt +0 -0
  17. {raijin_server-0.3.3.dist-info → raijin_server-0.3.6.dist-info}/licenses/LICENSE +0 -0
  18. {raijin_server-0.3.3.dist-info → raijin_server-0.3.6.dist-info}/top_level.txt +0 -0
raijin_server/__init__.py CHANGED
@@ -1,5 +1,5 @@
1
1
  """Pacote principal do CLI Raijin Server."""
2
2
 
3
- __version__ = "0.3.3"
3
+ __version__ = "0.3.6"
4
4
 
5
5
  __all__ = ["__version__"]
raijin_server/cli.py CHANGED
@@ -25,6 +25,7 @@ from raijin_server.modules import (
25
25
  firewall,
26
26
  full_install,
27
27
  grafana,
28
+ harbor,
28
29
  harness,
29
30
  hardening,
30
31
  internal_dns,
@@ -36,8 +37,6 @@ from raijin_server.modules import (
36
37
  metallb,
37
38
  minio,
38
39
  network,
39
- observability_dashboards,
40
- observability_ingress,
41
40
  prometheus,
42
41
  secrets,
43
42
  sanitize,
@@ -99,11 +98,10 @@ MODULES: Dict[str, Callable[[ExecutionContext], None]] = {
99
98
  "minio": minio.run,
100
99
  "prometheus": prometheus.run,
101
100
  "grafana": grafana.run,
102
- "observability_ingress": observability_ingress.run,
103
- "observability_dashboards": observability_dashboards.run,
104
101
  "apokolips_demo": apokolips_demo.run,
105
102
  "secrets": secrets.run,
106
103
  "loki": loki.run,
104
+ "harbor": harbor.run,
107
105
  "harness": harness.run,
108
106
  "velero": velero.run,
109
107
  "kafka": kafka.run,
@@ -136,11 +134,10 @@ MODULE_DESCRIPTIONS: Dict[str, str] = {
136
134
  "minio": "Objeto storage S3-compat via Helm",
137
135
  "prometheus": "Stack kube-prometheus",
138
136
  "grafana": "Dashboards e datasource Prometheus",
139
- "observability_ingress": "Ingress seguro com auth/TLS para Grafana/Prometheus/Alertmanager",
140
- "observability_dashboards": "Dashboards Grafana + alertas default Prometheus/Alertmanager",
141
137
  "apokolips_demo": "Landing page Apokolips para testar ingress externo",
142
- "secrets": "Instala sealed-secrets e external-secrets via Helm",
138
+ "secrets": "Secrets management (Vault + External Secrets Operator)",
143
139
  "loki": "Logs centralizados Loki",
140
+ "harbor": "Container registry privado com vulnerability scanning",
144
141
  "harness": "Delegate Harness via Helm",
145
142
  "velero": "Backup/restore de clusters",
146
143
  "kafka": "Cluster Kafka via OCI Helm",
@@ -560,16 +557,6 @@ def apokolips_demo_cmd(ctx: typer.Context) -> None:
560
557
  _run_module(ctx, "apokolips_demo")
561
558
 
562
559
 
563
- @app.command(name="observability-ingress")
564
- def observability_ingress_cmd(ctx: typer.Context) -> None:
565
- _run_module(ctx, "observability_ingress")
566
-
567
-
568
- @app.command(name="observability-dashboards")
569
- def observability_dashboards_cmd(ctx: typer.Context) -> None:
570
- _run_module(ctx, "observability_dashboards")
571
-
572
-
573
560
  @app.command()
574
561
  def loki(ctx: typer.Context) -> None:
575
562
  _run_module(ctx, "loki")
raijin_server/modules/__init__.py CHANGED
@@ -15,6 +15,7 @@ __all__ = [
15
15
  "prometheus",
16
16
  "grafana",
17
17
  "loki",
18
+ "harbor",
18
19
  "harness",
19
20
  "velero",
20
21
  "kafka",
@@ -23,15 +24,13 @@ __all__ = [
23
24
  "vpn",
24
25
  "vpn_client",
25
26
  "internal_dns",
26
- "observability_ingress",
27
- "observability_dashboards",
28
27
  "apokolips_demo",
29
28
  "cert_manager",
30
29
  "secrets",
31
30
  "full_install",
32
31
  ]
33
32
 
34
- from raijin_server.modules import calico, essentials, firewall, grafana, harness, hardening, istio
35
- from raijin_server.modules import kafka, kong, kubernetes, loki, minio, network, observability_dashboards
36
- from raijin_server.modules import observability_ingress, prometheus, traefik, velero, apokolips_demo, secrets, cert_manager
33
+ from raijin_server.modules import calico, essentials, firewall, grafana, harbor, harness, hardening, istio
34
+ from raijin_server.modules import kafka, kong, kubernetes, loki, minio, network
35
+ from raijin_server.modules import prometheus, traefik, velero, apokolips_demo, secrets, cert_manager
37
36
  from raijin_server.modules import bootstrap, full_install, sanitize, ssh_hardening, vpn, vpn_client, internal_dns
raijin_server/modules/full_install.py CHANGED
@@ -15,12 +15,11 @@ from raijin_server.modules import (
15
15
  essentials,
16
16
  firewall,
17
17
  grafana,
18
+ harbor,
18
19
  hardening,
19
20
  kubernetes,
20
21
  loki,
21
22
  network,
22
- observability_dashboards,
23
- observability_ingress,
24
23
  prometheus,
25
24
  secrets,
26
25
  sanitize,
@@ -171,6 +170,13 @@ def _diag_secrets(ctx: ExecutionContext) -> None:
171
170
  _diag_namespace("external-secrets", ctx)
172
171
 
173
172
 
173
+ def _diag_harbor(ctx: ExecutionContext) -> None:
174
+ """Diagnostico do namespace harbor."""
175
+ ns = "harbor"
176
+ _run_cmd("Harbor pods", ["kubectl", "get", "pods", "-n", ns, "-o", "wide"], ctx)
177
+ _diag_namespace(ns, ctx)
178
+
179
+
174
180
  def _diag_prometheus(ctx: ExecutionContext) -> None:
175
181
  ns = "observability"
176
182
  _run_cmd("Prometheus pods", ["kubectl", "get", "pods", "-n", ns, "-l", "app.kubernetes.io/name=prometheus"], ctx)
@@ -195,18 +201,6 @@ def _diag_traefik(ctx: ExecutionContext) -> None:
195
201
  _diag_namespace(ns, ctx)
196
202
 
197
203
 
198
- def _diag_observability_ingress(ctx: ExecutionContext) -> None:
199
- ns = "observability"
200
- _run_cmd("Ingress objects", ["kubectl", "get", "ingress", "-n", ns], ctx)
201
- _diag_namespace(ns, ctx)
202
-
203
-
204
- def _diag_observability_dashboards(ctx: ExecutionContext) -> None:
205
- ns = "observability"
206
- _run_cmd("ConfigMaps dashboards", ["kubectl", "get", "configmap", "-n", ns, "-l", "raijin/dashboards=true"], ctx)
207
- _diag_namespace(ns, ctx)
208
-
209
-
210
204
  def _diag_minio(ctx: ExecutionContext) -> None:
211
205
  ns = "minio"
212
206
  _diag_namespace(ns, ctx)
@@ -232,12 +226,11 @@ DIAG_HANDLERS = {
232
226
  "cert_manager": cert_manager.diagnose,
233
227
  "calico": _diag_calico,
234
228
  "secrets": _diag_secrets,
229
+ "harbor": _diag_harbor,
235
230
  "prometheus": _diag_prometheus,
236
231
  "grafana": _diag_grafana,
237
232
  "loki": _diag_loki,
238
233
  "traefik": _diag_traefik,
239
- "observability_ingress": _diag_observability_ingress,
240
- "observability_dashboards": _diag_observability_dashboards,
241
234
  "minio": _diag_minio,
242
235
  "kafka": _diag_kafka,
243
236
  "velero": _diag_velero,
@@ -273,13 +266,12 @@ INSTALL_SEQUENCE = [
273
266
  ("kubernetes", kubernetes.run, "Cluster Kubernetes (kubeadm)", None),
274
267
  ("calico", calico.run, "CNI Calico + NetworkPolicy", None),
275
268
  ("cert_manager", _cert_manager_install_only, "cert-manager (instalacao base)", None),
276
- ("secrets", secrets.run, "Sealed-Secrets + External-Secrets", None),
269
+ ("secrets", secrets.run, "HashiCorp Vault + External Secrets Operator", None),
270
+ ("harbor", harbor.run, "Container Registry com Vulnerability Scanning", None),
277
271
  ("prometheus", prometheus.run, "Monitoramento Prometheus", None),
278
272
  ("grafana", grafana.run, "Dashboards Grafana", None),
279
273
  ("loki", loki.run, "Logs centralizados Loki", None),
280
274
  ("traefik", traefik.run, "Ingress Controller Traefik", None),
281
- ("observability_ingress", observability_ingress.run, "Ingress seguro para Grafana/Prometheus/Alertmanager", None),
282
- ("observability_dashboards", observability_dashboards.run, "Dashboards opinativos e alertas", None),
283
275
  ]
284
276
 
285
277
 
raijin_server/modules/grafana.py CHANGED
@@ -393,9 +393,18 @@ def run(ctx: ExecutionContext) -> None:
393
393
 
394
394
  admin_password = typer.prompt("Senha admin do Grafana", default="admin")
395
395
 
396
+ # NodePort para acesso via VPN (recomendado)
397
+ enable_nodeport = typer.confirm(
398
+ "Habilitar NodePort para acesso via VPN?",
399
+ default=True
400
+ )
401
+ nodeport_port = 30030
402
+ if enable_nodeport:
403
+ nodeport_port = int(typer.prompt("Porta NodePort", default="30030"))
404
+
396
405
  # Ingress público não é recomendado para ferramentas de observabilidade
397
406
  enable_ingress = typer.confirm(
398
- "Habilitar ingress público? (NÃO recomendado - use VPN + port-forward)",
407
+ "Habilitar ingress público? (NÃO recomendado - use VPN + NodePort)",
399
408
  default=False
400
409
  )
401
410
 
@@ -439,9 +448,16 @@ def run(ctx: ExecutionContext) -> None:
439
448
  persistence_yaml += f"""
440
449
  storageClassName: {storage_class}"""
441
450
 
451
+ service_type = "NodePort" if enable_nodeport else "ClusterIP"
442
452
  values_yaml = f"""adminPassword: {admin_password}
443
453
  service:
444
- type: ClusterIP
454
+ type: {service_type}"""
455
+
456
+ if enable_nodeport:
457
+ values_yaml += f"""
458
+ nodePort: {nodeport_port}"""
459
+
460
+ values_yaml += f"""
445
461
  ingress:
446
462
  enabled: {str(enable_ingress).lower()}"""
447
463
 
@@ -540,15 +556,18 @@ dashboards:
540
556
 
541
557
  if enable_ingress:
542
558
  typer.echo(f"\nAcesse: https://{ingress_host}")
543
- else:
544
- typer.secho("\n🔒 Acesso Seguro via VPN + Port-Forward:", fg=typer.colors.CYAN, bold=True)
559
+ elif enable_nodeport:
560
+ typer.secho("\n🔒 Acesso via VPN + NodePort:", fg=typer.colors.CYAN, bold=True)
545
561
  typer.echo("\n1. Configure VPN (se ainda não tiver):")
546
562
  typer.echo(" sudo raijin vpn")
547
563
  typer.echo("\n2. Conecte via WireGuard no seu Windows/Mac")
548
- typer.echo("\n3. Faça port-forward local:")
549
- typer.echo(" kubectl -n observability port-forward svc/grafana 3000:80")
550
- typer.echo("\n4. Acesse no navegador:")
551
- typer.echo(" http://localhost:3000")
564
+ typer.echo("\n3. Acesse no navegador (IP da VPN):")
565
+ typer.echo(f" http://<VPN_SERVER_IP>:{nodeport_port}")
566
+ typer.echo("\n Exemplo: http://10.8.0.1:{}".format(nodeport_port))
567
+ else:
568
+ typer.secho("\n🔒 Acesso via Port-Forward:", fg=typer.colors.CYAN, bold=True)
569
+ typer.echo("\n kubectl -n observability port-forward svc/grafana 3000:80")
570
+ typer.echo("\n Acesse: http://localhost:3000")
552
571
 
553
572
  typer.echo("\nUsuario: admin")
554
573
  typer.echo(f"Senha: {admin_password}")