raijin-server 0.3.3__tar.gz → 0.3.6__tar.gz

{raijin_server-0.3.3/src/raijin_server.egg-info → raijin_server-0.3.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.3.3
+Version: 0.3.6
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.3.3 → raijin_server-0.3.6}/setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = raijin-server
-version = 0.3.3
+version = 0.3.6
 description = CLI para automacao de setup e hardening de servidores Ubuntu Server.
 long_description = file: README.md
 long_description_content_type = text/markdown

{raijin_server-0.3.3 → raijin_server-0.3.6}/src/raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.3.3"
+__version__ = "0.3.6"
 
 __all__ = ["__version__"]

{raijin_server-0.3.3 → raijin_server-0.3.6}/src/raijin_server/cli.py

@@ -25,6 +25,7 @@ from raijin_server.modules import (
     firewall,
     full_install,
     grafana,
+    harbor,
     harness,
     hardening,
     internal_dns,
@@ -36,8 +37,6 @@ from raijin_server.modules import (
     metallb,
     minio,
     network,
-    observability_dashboards,
-    observability_ingress,
     prometheus,
     secrets,
     sanitize,
@@ -99,11 +98,10 @@ MODULES: Dict[str, Callable[[ExecutionContext], None]] = {
     "minio": minio.run,
     "prometheus": prometheus.run,
     "grafana": grafana.run,
-    "observability_ingress": observability_ingress.run,
-    "observability_dashboards": observability_dashboards.run,
     "apokolips_demo": apokolips_demo.run,
     "secrets": secrets.run,
     "loki": loki.run,
+    "harbor": harbor.run,
     "harness": harness.run,
     "velero": velero.run,
     "kafka": kafka.run,
@@ -136,11 +134,10 @@ MODULE_DESCRIPTIONS: Dict[str, str] = {
     "minio": "Objeto storage S3-compat via Helm",
     "prometheus": "Stack kube-prometheus",
     "grafana": "Dashboards e datasource Prometheus",
-    "observability_ingress": "Ingress seguro com auth/TLS para Grafana/Prometheus/Alertmanager",
-    "observability_dashboards": "Dashboards Grafana + alertas default Prometheus/Alertmanager",
     "apokolips_demo": "Landing page Apokolips para testar ingress externo",
-    "secrets": "Instala sealed-secrets e external-secrets via Helm",
+    "secrets": "Secrets management (Vault + External Secrets Operator)",
     "loki": "Logs centralizados Loki",
+    "harbor": "Container registry privado com vulnerability scanning",
     "harness": "Delegate Harness via Helm",
     "velero": "Backup/restore de clusters",
     "kafka": "Cluster Kafka via OCI Helm",
@@ -560,16 +557,6 @@ def apokolips_demo_cmd(ctx: typer.Context) -> None:
     _run_module(ctx, "apokolips_demo")
 
 
-@app.command(name="observability-ingress")
-def observability_ingress_cmd(ctx: typer.Context) -> None:
-    _run_module(ctx, "observability_ingress")
-
-
-@app.command(name="observability-dashboards")
-def observability_dashboards_cmd(ctx: typer.Context) -> None:
-    _run_module(ctx, "observability_dashboards")
-
-
 @app.command()
 def loki(ctx: typer.Context) -> None:
     _run_module(ctx, "loki")

{raijin_server-0.3.3 → raijin_server-0.3.6}/src/raijin_server/modules/__init__.py

@@ -15,6 +15,7 @@ __all__ = [
     "prometheus",
     "grafana",
     "loki",
+    "harbor",
     "harness",
     "velero",
     "kafka",
@@ -23,15 +24,13 @@ __all__ = [
     "vpn",
     "vpn_client",
     "internal_dns",
-    "observability_ingress",
-    "observability_dashboards",
     "apokolips_demo",
     "cert_manager",
     "secrets",
     "full_install",
 ]
 
-from raijin_server.modules import calico, essentials, firewall, grafana, harness, hardening, istio
-from raijin_server.modules import kafka, kong, kubernetes, loki, minio, network, observability_dashboards
-from raijin_server.modules import observability_ingress, prometheus, traefik, velero, apokolips_demo, secrets, cert_manager
+from raijin_server.modules import calico, essentials, firewall, grafana, harbor, harness, hardening, istio
+from raijin_server.modules import kafka, kong, kubernetes, loki, minio, network
+from raijin_server.modules import prometheus, traefik, velero, apokolips_demo, secrets, cert_manager
 from raijin_server.modules import bootstrap, full_install, sanitize, ssh_hardening, vpn, vpn_client, internal_dns

{raijin_server-0.3.3 → raijin_server-0.3.6}/src/raijin_server/modules/full_install.py

@@ -15,12 +15,11 @@ from raijin_server.modules import (
     essentials,
     firewall,
     grafana,
+    harbor,
     hardening,
     kubernetes,
     loki,
     network,
-    observability_dashboards,
-    observability_ingress,
     prometheus,
     secrets,
     sanitize,
@@ -171,6 +170,13 @@ def _diag_secrets(ctx: ExecutionContext) -> None:
     _diag_namespace("external-secrets", ctx)
 
 
+def _diag_harbor(ctx: ExecutionContext) -> None:
+    """Diagnostico do namespace harbor."""
+    ns = "harbor"
+    _run_cmd("Harbor pods", ["kubectl", "get", "pods", "-n", ns, "-o", "wide"], ctx)
+    _diag_namespace(ns, ctx)
+
+
 def _diag_prometheus(ctx: ExecutionContext) -> None:
     ns = "observability"
     _run_cmd("Prometheus pods", ["kubectl", "get", "pods", "-n", ns, "-l", "app.kubernetes.io/name=prometheus"], ctx)
@@ -195,18 +201,6 @@ def _diag_traefik(ctx: ExecutionContext) -> None:
     _diag_namespace(ns, ctx)
 
 
-def _diag_observability_ingress(ctx: ExecutionContext) -> None:
-    ns = "observability"
-    _run_cmd("Ingress objects", ["kubectl", "get", "ingress", "-n", ns], ctx)
-    _diag_namespace(ns, ctx)
-
-
-def _diag_observability_dashboards(ctx: ExecutionContext) -> None:
-    ns = "observability"
-    _run_cmd("ConfigMaps dashboards", ["kubectl", "get", "configmap", "-n", ns, "-l", "raijin/dashboards=true"], ctx)
-    _diag_namespace(ns, ctx)
-
-
 def _diag_minio(ctx: ExecutionContext) -> None:
     ns = "minio"
     _diag_namespace(ns, ctx)
@@ -232,12 +226,11 @@ DIAG_HANDLERS = {
     "cert_manager": cert_manager.diagnose,
     "calico": _diag_calico,
     "secrets": _diag_secrets,
+    "harbor": _diag_harbor,
     "prometheus": _diag_prometheus,
     "grafana": _diag_grafana,
     "loki": _diag_loki,
     "traefik": _diag_traefik,
-    "observability_ingress": _diag_observability_ingress,
-    "observability_dashboards": _diag_observability_dashboards,
     "minio": _diag_minio,
     "kafka": _diag_kafka,
     "velero": _diag_velero,
@@ -273,13 +266,12 @@ INSTALL_SEQUENCE = [
     ("kubernetes", kubernetes.run, "Cluster Kubernetes (kubeadm)", None),
     ("calico", calico.run, "CNI Calico + NetworkPolicy", None),
     ("cert_manager", _cert_manager_install_only, "cert-manager (instalacao base)", None),
-    ("secrets", secrets.run, "Sealed-Secrets + External-Secrets", None),
+    ("secrets", secrets.run, "HashiCorp Vault + External Secrets Operator", None),
+    ("harbor", harbor.run, "Container Registry com Vulnerability Scanning", None),
     ("prometheus", prometheus.run, "Monitoramento Prometheus", None),
     ("grafana", grafana.run, "Dashboards Grafana", None),
     ("loki", loki.run, "Logs centralizados Loki", None),
     ("traefik", traefik.run, "Ingress Controller Traefik", None),
-    ("observability_ingress", observability_ingress.run, "Ingress seguro para Grafana/Prometheus/Alertmanager", None),
-    ("observability_dashboards", observability_dashboards.run, "Dashboards opinativos e alertas", None),
 ]
 
 

{raijin_server-0.3.3 → raijin_server-0.3.6}/src/raijin_server/modules/grafana.py

@@ -393,9 +393,18 @@ def run(ctx: ExecutionContext) -> None:
 
     admin_password = typer.prompt("Senha admin do Grafana", default="admin")
     
+    # NodePort para acesso via VPN (recomendado)
+    enable_nodeport = typer.confirm(
+        "Habilitar NodePort para acesso via VPN?",
+        default=True
+    )
+    nodeport_port = 30030
+    if enable_nodeport:
+        nodeport_port = int(typer.prompt("Porta NodePort", default="30030"))
+    
     # Ingress público não é recomendado para ferramentas de observabilidade
     enable_ingress = typer.confirm(
-        "Habilitar ingress público? (NÃO recomendado - use VPN + port-forward)",
+        "Habilitar ingress público? (NÃO recomendado - use VPN + NodePort)",
         default=False
     )
     
@@ -439,9 +448,16 @@ def run(ctx: ExecutionContext) -> None:
             persistence_yaml += f"""
   storageClassName: {storage_class}"""
     
+    service_type = "NodePort" if enable_nodeport else "ClusterIP"
     values_yaml = f"""adminPassword: {admin_password}
 service:
-  type: ClusterIP
+  type: {service_type}"""
+    
+    if enable_nodeport:
+        values_yaml += f"""
+  nodePort: {nodeport_port}"""
+    
+    values_yaml += f"""
 ingress:
   enabled: {str(enable_ingress).lower()}"""
     
@@ -540,15 +556,18 @@ dashboards:
     
     if enable_ingress:
         typer.echo(f"\nAcesse: https://{ingress_host}")
-    else:
-        typer.secho("\n🔒 Acesso Seguro via VPN + Port-Forward:", fg=typer.colors.CYAN, bold=True)
+    elif enable_nodeport:
+        typer.secho("\n🔒 Acesso via VPN + NodePort:", fg=typer.colors.CYAN, bold=True)
         typer.echo("\n1. Configure VPN (se ainda não tiver):")
         typer.echo("   sudo raijin vpn")
         typer.echo("\n2. Conecte via WireGuard no seu Windows/Mac")
-        typer.echo("\n3. Faça port-forward local:")
-        typer.echo("   kubectl -n observability port-forward svc/grafana 3000:80")
-        typer.echo("\n4. Acesse no navegador:")
-        typer.echo("   http://localhost:3000")
+        typer.echo("\n3. Acesse no navegador (IP da VPN):")
+        typer.echo(f"   http://<VPN_SERVER_IP>:{nodeport_port}")
+        typer.echo("\n   Exemplo: http://10.8.0.1:{}".format(nodeport_port))
+    else:
+        typer.secho("\n🔒 Acesso via Port-Forward:", fg=typer.colors.CYAN, bold=True)
+        typer.echo("\n  kubectl -n observability port-forward svc/grafana 3000:80")
+        typer.echo("\n  Acesse: http://localhost:3000")
     
     typer.echo("\nUsuario: admin")
     typer.echo(f"Senha: {admin_password}")