raijin-server 0.3.4__py3-none-any.whl → 0.3.6__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of raijin-server might be problematic. Click here for more details.
- raijin_server/__init__.py +1 -1
- raijin_server/cli.py +4 -17
- raijin_server/modules/__init__.py +4 -5
- raijin_server/modules/full_install.py +11 -19
- raijin_server/modules/harbor.py +685 -0
- raijin_server/modules/secrets.py +416 -95
- {raijin_server-0.3.4.dist-info → raijin_server-0.3.6.dist-info}/METADATA +1 -1
- {raijin_server-0.3.4.dist-info → raijin_server-0.3.6.dist-info}/RECORD +12 -13
- raijin_server/modules/observability_dashboards.py +0 -233
- raijin_server/modules/observability_ingress.py +0 -246
- {raijin_server-0.3.4.dist-info → raijin_server-0.3.6.dist-info}/WHEEL +0 -0
- {raijin_server-0.3.4.dist-info → raijin_server-0.3.6.dist-info}/entry_points.txt +0 -0
- {raijin_server-0.3.4.dist-info → raijin_server-0.3.6.dist-info}/licenses/LICENSE +0 -0
- {raijin_server-0.3.4.dist-info → raijin_server-0.3.6.dist-info}/top_level.txt +0 -0
raijin_server/__init__.py
CHANGED
raijin_server/cli.py
CHANGED
|
@@ -25,6 +25,7 @@ from raijin_server.modules import (
|
|
|
25
25
|
firewall,
|
|
26
26
|
full_install,
|
|
27
27
|
grafana,
|
|
28
|
+
harbor,
|
|
28
29
|
harness,
|
|
29
30
|
hardening,
|
|
30
31
|
internal_dns,
|
|
@@ -36,8 +37,6 @@ from raijin_server.modules import (
|
|
|
36
37
|
metallb,
|
|
37
38
|
minio,
|
|
38
39
|
network,
|
|
39
|
-
observability_dashboards,
|
|
40
|
-
observability_ingress,
|
|
41
40
|
prometheus,
|
|
42
41
|
secrets,
|
|
43
42
|
sanitize,
|
|
@@ -99,11 +98,10 @@ MODULES: Dict[str, Callable[[ExecutionContext], None]] = {
|
|
|
99
98
|
"minio": minio.run,
|
|
100
99
|
"prometheus": prometheus.run,
|
|
101
100
|
"grafana": grafana.run,
|
|
102
|
-
"observability_ingress": observability_ingress.run,
|
|
103
|
-
"observability_dashboards": observability_dashboards.run,
|
|
104
101
|
"apokolips_demo": apokolips_demo.run,
|
|
105
102
|
"secrets": secrets.run,
|
|
106
103
|
"loki": loki.run,
|
|
104
|
+
"harbor": harbor.run,
|
|
107
105
|
"harness": harness.run,
|
|
108
106
|
"velero": velero.run,
|
|
109
107
|
"kafka": kafka.run,
|
|
@@ -136,11 +134,10 @@ MODULE_DESCRIPTIONS: Dict[str, str] = {
|
|
|
136
134
|
"minio": "Objeto storage S3-compat via Helm",
|
|
137
135
|
"prometheus": "Stack kube-prometheus",
|
|
138
136
|
"grafana": "Dashboards e datasource Prometheus",
|
|
139
|
-
"observability_ingress": "Ingress seguro com auth/TLS para Grafana/Prometheus/Alertmanager",
|
|
140
|
-
"observability_dashboards": "Dashboards Grafana + alertas default Prometheus/Alertmanager",
|
|
141
137
|
"apokolips_demo": "Landing page Apokolips para testar ingress externo",
|
|
142
|
-
"secrets": "
|
|
138
|
+
"secrets": "Secrets management (Vault + External Secrets Operator)",
|
|
143
139
|
"loki": "Logs centralizados Loki",
|
|
140
|
+
"harbor": "Container registry privado com vulnerability scanning",
|
|
144
141
|
"harness": "Delegate Harness via Helm",
|
|
145
142
|
"velero": "Backup/restore de clusters",
|
|
146
143
|
"kafka": "Cluster Kafka via OCI Helm",
|
|
@@ -560,16 +557,6 @@ def apokolips_demo_cmd(ctx: typer.Context) -> None:
|
|
|
560
557
|
_run_module(ctx, "apokolips_demo")
|
|
561
558
|
|
|
562
559
|
|
|
563
|
-
@app.command(name="observability-ingress")
|
|
564
|
-
def observability_ingress_cmd(ctx: typer.Context) -> None:
|
|
565
|
-
_run_module(ctx, "observability_ingress")
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
@app.command(name="observability-dashboards")
|
|
569
|
-
def observability_dashboards_cmd(ctx: typer.Context) -> None:
|
|
570
|
-
_run_module(ctx, "observability_dashboards")
|
|
571
|
-
|
|
572
|
-
|
|
573
560
|
@app.command()
|
|
574
561
|
def loki(ctx: typer.Context) -> None:
|
|
575
562
|
_run_module(ctx, "loki")
|
|
@@ -15,6 +15,7 @@ __all__ = [
|
|
|
15
15
|
"prometheus",
|
|
16
16
|
"grafana",
|
|
17
17
|
"loki",
|
|
18
|
+
"harbor",
|
|
18
19
|
"harness",
|
|
19
20
|
"velero",
|
|
20
21
|
"kafka",
|
|
@@ -23,15 +24,13 @@ __all__ = [
|
|
|
23
24
|
"vpn",
|
|
24
25
|
"vpn_client",
|
|
25
26
|
"internal_dns",
|
|
26
|
-
"observability_ingress",
|
|
27
|
-
"observability_dashboards",
|
|
28
27
|
"apokolips_demo",
|
|
29
28
|
"cert_manager",
|
|
30
29
|
"secrets",
|
|
31
30
|
"full_install",
|
|
32
31
|
]
|
|
33
32
|
|
|
34
|
-
from raijin_server.modules import calico, essentials, firewall, grafana, harness, hardening, istio
|
|
35
|
-
from raijin_server.modules import kafka, kong, kubernetes, loki, minio, network
|
|
36
|
-
from raijin_server.modules import
|
|
33
|
+
from raijin_server.modules import calico, essentials, firewall, grafana, harbor, harness, hardening, istio
|
|
34
|
+
from raijin_server.modules import kafka, kong, kubernetes, loki, minio, network
|
|
35
|
+
from raijin_server.modules import prometheus, traefik, velero, apokolips_demo, secrets, cert_manager
|
|
37
36
|
from raijin_server.modules import bootstrap, full_install, sanitize, ssh_hardening, vpn, vpn_client, internal_dns
|
|
@@ -15,12 +15,11 @@ from raijin_server.modules import (
|
|
|
15
15
|
essentials,
|
|
16
16
|
firewall,
|
|
17
17
|
grafana,
|
|
18
|
+
harbor,
|
|
18
19
|
hardening,
|
|
19
20
|
kubernetes,
|
|
20
21
|
loki,
|
|
21
22
|
network,
|
|
22
|
-
observability_dashboards,
|
|
23
|
-
observability_ingress,
|
|
24
23
|
prometheus,
|
|
25
24
|
secrets,
|
|
26
25
|
sanitize,
|
|
@@ -171,6 +170,13 @@ def _diag_secrets(ctx: ExecutionContext) -> None:
|
|
|
171
170
|
_diag_namespace("external-secrets", ctx)
|
|
172
171
|
|
|
173
172
|
|
|
173
|
+
def _diag_harbor(ctx: ExecutionContext) -> None:
|
|
174
|
+
"""Diagnostico do namespace harbor."""
|
|
175
|
+
ns = "harbor"
|
|
176
|
+
_run_cmd("Harbor pods", ["kubectl", "get", "pods", "-n", ns, "-o", "wide"], ctx)
|
|
177
|
+
_diag_namespace(ns, ctx)
|
|
178
|
+
|
|
179
|
+
|
|
174
180
|
def _diag_prometheus(ctx: ExecutionContext) -> None:
|
|
175
181
|
ns = "observability"
|
|
176
182
|
_run_cmd("Prometheus pods", ["kubectl", "get", "pods", "-n", ns, "-l", "app.kubernetes.io/name=prometheus"], ctx)
|
|
@@ -195,18 +201,6 @@ def _diag_traefik(ctx: ExecutionContext) -> None:
|
|
|
195
201
|
_diag_namespace(ns, ctx)
|
|
196
202
|
|
|
197
203
|
|
|
198
|
-
def _diag_observability_ingress(ctx: ExecutionContext) -> None:
|
|
199
|
-
ns = "observability"
|
|
200
|
-
_run_cmd("Ingress objects", ["kubectl", "get", "ingress", "-n", ns], ctx)
|
|
201
|
-
_diag_namespace(ns, ctx)
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
def _diag_observability_dashboards(ctx: ExecutionContext) -> None:
|
|
205
|
-
ns = "observability"
|
|
206
|
-
_run_cmd("ConfigMaps dashboards", ["kubectl", "get", "configmap", "-n", ns, "-l", "raijin/dashboards=true"], ctx)
|
|
207
|
-
_diag_namespace(ns, ctx)
|
|
208
|
-
|
|
209
|
-
|
|
210
204
|
def _diag_minio(ctx: ExecutionContext) -> None:
|
|
211
205
|
ns = "minio"
|
|
212
206
|
_diag_namespace(ns, ctx)
|
|
@@ -232,12 +226,11 @@ DIAG_HANDLERS = {
|
|
|
232
226
|
"cert_manager": cert_manager.diagnose,
|
|
233
227
|
"calico": _diag_calico,
|
|
234
228
|
"secrets": _diag_secrets,
|
|
229
|
+
"harbor": _diag_harbor,
|
|
235
230
|
"prometheus": _diag_prometheus,
|
|
236
231
|
"grafana": _diag_grafana,
|
|
237
232
|
"loki": _diag_loki,
|
|
238
233
|
"traefik": _diag_traefik,
|
|
239
|
-
"observability_ingress": _diag_observability_ingress,
|
|
240
|
-
"observability_dashboards": _diag_observability_dashboards,
|
|
241
234
|
"minio": _diag_minio,
|
|
242
235
|
"kafka": _diag_kafka,
|
|
243
236
|
"velero": _diag_velero,
|
|
@@ -273,13 +266,12 @@ INSTALL_SEQUENCE = [
|
|
|
273
266
|
("kubernetes", kubernetes.run, "Cluster Kubernetes (kubeadm)", None),
|
|
274
267
|
("calico", calico.run, "CNI Calico + NetworkPolicy", None),
|
|
275
268
|
("cert_manager", _cert_manager_install_only, "cert-manager (instalacao base)", None),
|
|
276
|
-
("secrets", secrets.run, "
|
|
269
|
+
("secrets", secrets.run, "HashiCorp Vault + External Secrets Operator", None),
|
|
270
|
+
("harbor", harbor.run, "Container Registry com Vulnerability Scanning", None),
|
|
277
271
|
("prometheus", prometheus.run, "Monitoramento Prometheus", None),
|
|
278
272
|
("grafana", grafana.run, "Dashboards Grafana", None),
|
|
279
273
|
("loki", loki.run, "Logs centralizados Loki", None),
|
|
280
274
|
("traefik", traefik.run, "Ingress Controller Traefik", None),
|
|
281
|
-
("observability_ingress", observability_ingress.run, "Ingress seguro para Grafana/Prometheus/Alertmanager", None),
|
|
282
|
-
("observability_dashboards", observability_dashboards.run, "Dashboards opinativos e alertas", None),
|
|
283
275
|
]
|
|
284
276
|
|
|
285
277
|
|