PyPI - raijin-server - Versions diffs - 0.3.6__py3-none-any.whl → 0.3.7__py3-none-any.whl - Mend

raijin-server 0.3.6py3-none-any.whl → 0.3.7py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of raijin-server might be problematic. Click here for more details.

Files changed (16) hide show

raijin_server/__init__.py +1 -1
raijin_server/cli.py +2 -8
raijin_server/healthchecks.py +1 -55
raijin_server/minio_utils.py +562 -0
raijin_server/modules/__init__.py +1 -2
raijin_server/modules/harbor.py +10 -26
raijin_server/modules/secrets.py +13 -38
raijin_server/modules/velero.py +49 -2
raijin_server/validators.py +1 -1
{raijin_server-0.3.6.dist-info → raijin_server-0.3.7.dist-info}/METADATA +1 -1
{raijin_server-0.3.6.dist-info → raijin_server-0.3.7.dist-info}/RECORD +15 -15
raijin_server/modules/apokolips_demo.py +0 -414
{raijin_server-0.3.6.dist-info → raijin_server-0.3.7.dist-info}/WHEEL +0 -0
{raijin_server-0.3.6.dist-info → raijin_server-0.3.7.dist-info}/entry_points.txt +0 -0
{raijin_server-0.3.6.dist-info → raijin_server-0.3.7.dist-info}/licenses/LICENSE +0 -0
{raijin_server-0.3.6.dist-info → raijin_server-0.3.7.dist-info}/top_level.txt +0 -0

raijin_server/modules/harbor.py CHANGED Viewed

@@ -25,6 +25,7 @@ from raijin_server.utils import (
     run_cmd,
     write_file,
 )
+from raijin_server.minio_utils import get_or_create_minio_user
 HARBOR_NAMESPACE = "harbor"
@@ -65,34 +66,17 @@ def _uninstall_harbor(ctx: ExecutionContext, namespace: str) -> None:
 def _get_minio_credentials(ctx: ExecutionContext) -> tuple[str, str]:
-    """Obtem credenciais do MinIO do Secret do K8s."""
-    typer.echo("Obtendo credenciais do MinIO...")
+    """Obtem ou cria credenciais específicas do MinIO para Harbor.
-    result = run_cmd(
-        ["kubectl", "-n", "minio", "get", "secret", "minio-credentials", "-o", "jsonpath={.data.accesskey}"],
-        ctx,
-        check=False,
+    Esta função cria um usuário MinIO dedicado para o Harbor com acesso
+    restrito apenas aos buckets: harbor-registry, harbor-chartmuseum, harbor-jobservice.
+    """
+    return get_or_create_minio_user(
+        ctx=ctx,
+        app_name="harbor",
+        buckets=["harbor-registry", "harbor-chartmuseum", "harbor-jobservice"],
+        namespace=HARBOR_NAMESPACE,
     )
-    if result.returncode == 0 and result.stdout:
-        access_key = base64.b64decode(result.stdout.strip()).decode("utf-8")
-        result = run_cmd(
-            ["kubectl", "-n", "minio", "get", "secret", "minio-credentials", "-o", "jsonpath={.data.secretkey}"],
-            ctx,
-            check=False,
-        )
-        if result.returncode == 0 and result.stdout:
-            secret_key = base64.b64decode(result.stdout.strip()).decode("utf-8")
-            return access_key, secret_key
-    # Fallback para prompt manual
-    typer.secho("Não foi possível obter credenciais automaticamente.", fg=typer.colors.YELLOW)
-    access_key = typer.prompt("MinIO Access Key", default="thor")
-    secret_key = typer.prompt("MinIO Secret Key", default="rebel1on", hide_input=True)
-    return access_key, secret_key
 def _wait_for_pods_ready(ctx: ExecutionContext, namespace: str, timeout: int = 300) -> bool:

raijin_server/modules/secrets.py CHANGED Viewed

@@ -24,6 +24,7 @@ from raijin_server.utils import (
     run_cmd,
     write_file,
 )
+from raijin_server.minio_utils import get_or_create_minio_user
 VAULT_NAMESPACE = "vault"
 ESO_NAMESPACE = "external-secrets"
@@ -124,35 +125,17 @@ def _wait_for_pods_ready(ctx: ExecutionContext, namespace: str, label: str, time
 def _get_minio_credentials(ctx: ExecutionContext) -> tuple[str, str]:
-    """Obtem credenciais do MinIO do Secret do K8s."""
-    typer.echo("Obtendo credenciais do MinIO...")
-    # Tenta obter do secret minio-credentials no namespace minio
-    result = run_cmd(
-        ["kubectl", "-n", "minio", "get", "secret", "minio-credentials", "-o", "jsonpath={.data.accesskey}"],
-        ctx,
-        check=False,
+    """Obtem ou cria credenciais específicas do MinIO para Vault.
+    Esta função cria um usuário MinIO dedicado para o Vault com acesso
+    restrito apenas ao bucket 'vault-storage'.
+    """
+    return get_or_create_minio_user(
+        ctx=ctx,
+        app_name="vault",
+        buckets=["vault-storage"],
+        namespace=VAULT_NAMESPACE,
     )
-    if result.returncode == 0 and result.stdout:
-        access_key = base64.b64decode(result.stdout.strip()).decode("utf-8")
-        result = run_cmd(
-            ["kubectl", "-n", "minio", "get", "secret", "minio-credentials", "-o", "jsonpath={.data.secretkey}"],
-            ctx,
-            check=False,
-        )
-        if result.returncode == 0 and result.stdout:
-            secret_key = base64.b64decode(result.stdout.strip()).decode("utf-8")
-            return access_key, secret_key
-    # Fallback para prompt manual
-    typer.secho("Não foi possível obter credenciais automaticamente.", fg=typer.colors.YELLOW)
-    access_key = typer.prompt("MinIO Access Key", default="thor")
-    secret_key = typer.prompt("MinIO Secret Key", default="rebel1on", hide_input=True)
-    return access_key, secret_key
 def _initialize_vault(ctx: ExecutionContext, vault_ns: str, node_ip: str) -> tuple[str, list[str]]:
@@ -410,16 +393,8 @@ def run(ctx: ExecutionContext) -> None:
         if cleanup:
             _uninstall_vault(ctx, vault_ns)
-    # Cria bucket no MinIO para Vault storage
-    typer.echo("\nCriando bucket 'vault-storage' no MinIO...")
-    run_cmd(
-        [
-            "mc", "mb", "--ignore-existing",
-            f"minio/vault-storage"
-        ],
-        ctx,
-        check=False,
-    )
+    # Credenciais são obtidas automaticamente via get_or_create_minio_user
+    # que já cria o bucket 'vault-storage' e o usuário 'vault-user'
     vault_values_yaml = f"""server:
   ha:

raijin_server/modules/velero.py CHANGED Viewed

@@ -1,10 +1,46 @@
 """Backup e restore com Velero (production-ready)."""
 import time
+from pathlib import Path
 import typer
 from raijin_server.utils import ExecutionContext, ensure_tool, require_root, run_cmd
+from raijin_server.minio_utils import get_or_create_minio_user
+def _create_velero_credentials_file(ctx: ExecutionContext) -> str:
+    """Cria arquivo de credenciais para Velero com usuário MinIO dedicado.
+    Returns:
+        Caminho para o arquivo de credenciais
+    """
+    typer.echo("\nConfigurando credenciais MinIO para Velero...")
+    # Cria usuário MinIO específico para Velero
+    access_key, secret_key = get_or_create_minio_user(
+        ctx=ctx,
+        app_name="velero",
+        buckets=["velero-backups"],
+        namespace="velero",
+    )
+    # Cria arquivo de credenciais no formato esperado pelo Velero
+    credentials_path = Path("/etc/velero/credentials")
+    credentials_path.parent.mkdir(parents=True, exist_ok=True)
+    credentials_content = f"""[default]
+aws_access_key_id = {access_key}
+aws_secret_access_key = {secret_key}
+"""
+    if not ctx.dry_run:
+        credentials_path.write_text(credentials_content)
+        # Protege o arquivo
+        credentials_path.chmod(0o600)
+        typer.secho(f"  ✓ Credenciais salvas em {credentials_path}", fg=typer.colors.GREEN)
+    return str(credentials_path)
 def _check_existing_velero(ctx: ExecutionContext) -> bool:
@@ -91,8 +127,19 @@ def run(ctx: ExecutionContext) -> None:
     provider = typer.prompt("Provider (aws, azure, gcp)", default="aws")
     bucket = typer.prompt("Bucket para backups", default="velero-backups")
     region = typer.prompt("Region", default="us-east-1")
-    s3_url = typer.prompt("S3 URL (para MinIO usar http://minio.minio.svc:9000)", default="https://s3.amazonaws.com")
-    secret_file = typer.prompt("Arquivo de credenciais (secret-file)", default="/etc/velero/credentials")
+    s3_url = typer.prompt("S3 URL (para MinIO usar http://minio.minio.svc:9000)", default="http://minio.minio.svc:9000")
+    # Cria credenciais automaticamente usando usuário MinIO dedicado
+    use_auto_credentials = typer.confirm(
+        "Criar credenciais MinIO automaticamente (usuário dedicado)?",
+        default=True,
+    )
+    if use_auto_credentials:
+        secret_file = _create_velero_credentials_file(ctx)
+    else:
+        secret_file = typer.prompt("Arquivo de credenciais (secret-file)", default="/etc/velero/credentials")
     use_restic = typer.confirm("Habilitar Restic/Kopia para backups de PV?", default=True)
     schedule = typer.prompt("Schedule cron para backups (ex: '0 2 * * *')", default="0 2 * * *")

raijin_server/validators.py CHANGED Viewed

@@ -34,7 +34,7 @@ MODULE_DEPENDENCIES = {
     "kafka": ["kubernetes"],
     "observability_ingress": ["traefik", "prometheus", "grafana"],
     "observability_dashboards": ["prometheus", "grafana"],
-    "apokolips_demo": ["kubernetes", "traefik"],
 }

{raijin_server-0.3.6.dist-info → raijin_server-0.3.7.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.3.6
+Version: 0.3.7
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.3.6.dist-info → raijin_server-0.3.7.dist-info}/RECORD RENAMED Viewed

@@ -1,12 +1,12 @@
-raijin_server/__init__.py,sha256=DizNqR7krrm4UEAK6a2xeOG3wuV7xlSekBC-mCSHadw,94
-raijin_server/cli.py,sha256=74ZqEPhg9R9jxNFZRV37CHrwm-dBKmYdT_MxdK4FKKA,37585
+raijin_server/__init__.py,sha256=kD4ksBx35-1QYm5EkRuSYWXJAwwJx_-sM9cp92bOhh4,94
+raijin_server/cli.py,sha256=WvZaPJ5AVjhzzs_jLLe2QGvVEH_VphRwnUkTMEgycbI,37320
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
-raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
+raijin_server/healthchecks.py,sha256=UHSRyeKTsCGeL_4dxDSGZ1t8164Q7wYTi1c3ZiU0cro,13536
+raijin_server/minio_utils.py,sha256=NQxIGoVf4-eM8rNwEHdd4QFnEIh2OxY3DyOiFkznsYs,18299
 raijin_server/module_manager.py,sha256=Wmhj603CN0XGUVr7_Fo8CHzKd9yIbS9x5BJLqDj78kw,10259
 raijin_server/utils.py,sha256=9RnGnPoUTYOpMVRLNa4P4lIQrJNQLkSkPUxycZRGv78,20827
-raijin_server/validators.py,sha256=EATYPy2pllAb6IX4gUZKnELvospWwyGV3DHrzxb_RMg,11761
-raijin_server/modules/__init__.py,sha256=BCTLuNtmvn8IWqGNQZQBRokqAv-KwUZP4_kyxkyHyN4,896
-raijin_server/modules/apokolips_demo.py,sha256=8ltsXRbVDwlDwLMIvh02NG-FeAfBWw_v6lh7IGOyNqs,13725
+raijin_server/validators.py,sha256=LvxAIq7F8CSIihdfCCDlDtVd6WPBBntiBHuD8fuM2kg,11713
+raijin_server/modules/__init__.py,sha256=UOv7c7UpxZq-JRZM0i55LGfI3LyucZhTL4lypeHs2Jw,858
 raijin_server/modules/bootstrap.py,sha256=oVIGNRW_JbgY8zXNHGAIP0vGbbHNHyQexthxo5zhbcw,9762
 raijin_server/modules/calico.py,sha256=TTPF1bLFdAKb3IVOqFqRxNblULkRmMMRylsIBp4w8I8,6700
 raijin_server/modules/cert_manager.py,sha256=XkFlXJjiP4_9It_PJaFcVYMS-QKTzzFAt839QQ9qNsg,50223
@@ -14,7 +14,7 @@ raijin_server/modules/essentials.py,sha256=2xUXCyCQtFGd2DnCKV81N1R6bEJqH8zaet8mL
 raijin_server/modules/firewall.py,sha256=h6AISqiZeTinVT7BjmQIS872qRAFZJLg7meqlth3cfw,757
 raijin_server/modules/full_install.py,sha256=M4SV4OA-r41xhpMmZQvUieRugiq0faLa4f0N499ksd4,15035
 raijin_server/modules/grafana.py,sha256=8YbKG-UL19lwTkH1-ZxpUetOZd-CLI4_kPsuZblNaWI,18080
-raijin_server/modules/harbor.py,sha256=ix0qnu_FugzbFnnTRZ3Dyy6UmKdm3nD0ubZ4SZYHkWE,21940
+raijin_server/modules/harbor.py,sha256=hFD8x5K4m0unzVBiDOT_yBzDDfbuPW_2SNVrjSCXhGc,21324
 raijin_server/modules/hardening.py,sha256=4hz3ifkMhPlXa2n7gPxN0gitQgzALZ-073vuU3LM4RI,1616
 raijin_server/modules/harness.py,sha256=uWTxTVJlY_VB6xi4ftMtTSaIb96HA8WJQS-RbyxU45M,5391
 raijin_server/modules/internal_dns.py,sha256=Jynngq0TEEUo3jkAR4m8F1ihF10rkQuKHVP-gZYyDFY,15191
@@ -28,10 +28,10 @@ raijin_server/modules/minio.py,sha256=ZoxugJvvuGLzViDfEzrVCRZUevoiFwcEy0PNyn0My4
 raijin_server/modules/network.py,sha256=QRlYdcryCCPAWG3QQ_W7ld9gJgETI7H8gwntOU7UqFE,4818
 raijin_server/modules/prometheus.py,sha256=lyhaqLIfMl0GtQ2b2Hre7_A47HrHBB5gspmnWtwXZ4Y,21880
 raijin_server/modules/sanitize.py,sha256=_RnWn1DUuNrzx3NnKEbMvf5iicgjiN_ubwT59e0rYWY,6040
-raijin_server/modules/secrets.py,sha256=C5k10ODo6Ai_e6Ei-JiWTOa-cOh-5d2__PhTQA0UmjI,19452
+raijin_server/modules/secrets.py,sha256=HOFk57LFyzW4XJ3c8uEEPRd5Dj_OYDI1NBVLzJMp0vY,18562
 raijin_server/modules/ssh_hardening.py,sha256=Zd0dlylUBr01SkrI1CS05-0DB9xIto5rWH1bUVs80ow,5422
 raijin_server/modules/traefik.py,sha256=omziywss4o-8t64Kj-upLqbXdFYm2JwqOoOukDUmqxY,5008
-raijin_server/modules/velero.py,sha256=yDtqd6yUu0L5wzLCjYXqvvxB_RyaAoZtntb6HoHVAOo,5642
+raijin_server/modules/velero.py,sha256=nH7WI145OOK-DZo_ZjNegEnwkppi8h98DeQaB5A_kVg,7161
 raijin_server/modules/vpn.py,sha256=qWyROiHx2-FzMqhfpmzslrdfRBTewd53ylUq90wR7SQ,9149
 raijin_server/modules/vpn_client.py,sha256=SjWzSQKLSJCpjz7Y1i1dFaNfPOVIQXFwgD9uM3GYaIY,30035
 raijin_server/scripts/__init__.py,sha256=deduGfHf8BMVWred4ux5LfBDT2NJ5XYeJAt2sDEU4qs,53
@@ -39,9 +39,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.3.6.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.3.6.dist-info/METADATA,sha256=egpj4eEFQ3JJAA-bT3Iz5ebOc57e5JpyuQ2a8-ruAD4,8829
-raijin_server-0.3.6.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.3.6.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.3.6.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.3.6.dist-info/RECORD,,
+raijin_server-0.3.7.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.3.7.dist-info/METADATA,sha256=KGvWKBpPSa4-6oSXFHJ0rykLQ-_VFftLobt0mFm-Co0,8829
+raijin_server-0.3.7.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.3.7.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.3.7.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.3.7.dist-info/RECORD,,

raijin_server/modules/apokolips_demo.py DELETED Viewed

@@ -1,414 +0,0 @@
-"""Provisiona uma landing page tema Apokolips para validar ingress."""
-from __future__ import annotations
-import os
-from pathlib import Path
-from textwrap import dedent, indent
-import typer
-from raijin_server.utils import ExecutionContext, ensure_tool, run_cmd, write_file
-NAMESPACE = "apokolips-demo"
-TMP_MANIFEST = Path("/tmp/raijin-apokolips.yaml")
-DEFAULT_HOST = "apokolips.raijin.local"
-HTML_TEMPLATE = dedent(
-    """
-    <!DOCTYPE html>
-    <html lang="pt-BR">
-    <head>
-        <meta charset="UTF-8" />
-        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-        <title>Apokolips Signal Check</title>
-        <link rel="preconnect" href="https://fonts.googleapis.com">
-        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-        <link href="https://fonts.googleapis.com/css2?family=Space+Grotesk:wght@400;600&family=Unica+One&display=swap" rel="stylesheet">
-        <style>
-            :root {
-                --lava: #ff4d00;
-                --ember: #ff9500;
-                --ash: #2c2c34;
-                --void: #050007;
-                --smoke: #a0a3b1;
-            }
-            * {
-                box-sizing: border-box;
-            }
-            body {
-                margin: 0;
-                padding: 0;
-                min-height: 100vh;
-                font-family: 'Space Grotesk', sans-serif;
-                color: #f7f7ff;
-                background: radial-gradient(circle at top, rgba(255,77,0,0.45), rgba(5,0,7,0.9)), #050007;
-                display: flex;
-                align-items: center;
-                justify-content: center;
-                overflow: hidden;
-            }
-            .atmosphere {
-                position: absolute;
-                inset: 0;
-                background: url('https://www.transparenttextures.com/patterns/asfalt-dark.png');
-                opacity: 0.35;
-                mix-blend-mode: screen;
-                pointer-events: none;
-            }
-            .container {
-                width: min(960px, 90vw);
-                background: linear-gradient(135deg, rgba(20,22,35,0.9), rgba(10,12,22,0.95));
-                border: 1px solid rgba(255,255,255,0.08);
-                border-radius: 28px;
-                padding: 48px;
-                position: relative;
-                overflow: hidden;
-                box-shadow: 0 40px 120px rgba(0,0,0,0.55);
-                animation: rise 1.2s ease forwards;
-            }
-            .container::before, .container::after {
-                content: '';
-                position: absolute;
-                width: 320px;
-                height: 320px;
-                border-radius: 50%;
-                background: radial-gradient(circle, rgba(255,77,0,0.45), transparent 60%);
-                filter: blur(20px);
-                z-index: 0;
-            }
-            .container::before {
-                top: -120px;
-                right: -60px;
-            }
-            .container::after {
-                bottom: -140px;
-                left: -80px;
-                background: radial-gradient(circle, rgba(255,149,0,0.4), transparent 60%);
-            }
-            @keyframes rise {
-                from { transform: translateY(40px); opacity: 0; }
-                to { transform: translateY(0); opacity: 1; }
-            }
-            h1 {
-                font-family: 'Unica One', sans-serif;
-                font-size: clamp(3rem, 5vw, 4.5rem);
-                letter-spacing: 0.08em;
-                text-transform: uppercase;
-                color: var(--lava);
-                margin: 0 0 12px;
-                z-index: 1;
-            }
-            .subhead {
-                font-size: 1.15rem;
-                color: var(--smoke);
-                letter-spacing: 0.05em;
-                margin-bottom: 32px;
-                text-transform: uppercase;
-            }
-            .panels {
-                display: grid;
-                grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
-                gap: 24px;
-                z-index: 1;
-            }
-            .panel {
-                background: rgba(12,14,24,0.85);
-                border-radius: 18px;
-                padding: 20px;
-                border: 1px solid rgba(255,255,255,0.05);
-            }
-            .panel h2 {
-                font-size: 0.95rem;
-                text-transform: uppercase;
-                letter-spacing: 0.08em;
-                color: var(--ember);
-                margin: 0 0 12px;
-            }
-            .status {
-                display: flex;
-                flex-direction: column;
-                gap: 6px;
-                font-size: 1rem;
-                color: var(--smoke);
-            }
-            .status span::before {
-                content: '●';
-                margin-right: 8px;
-                color: var(--lava);
-            }
-            .cta {
-                margin-top: 36px;
-                display: flex;
-                flex-wrap: wrap;
-                gap: 18px;
-                z-index: 1;
-            }
-            a.button {
-                background: linear-gradient(135deg, var(--lava), var(--ember));
-                color: #050007;
-                text-decoration: none;
-                padding: 14px 26px;
-                border-radius: 999px;
-                font-weight: 600;
-                letter-spacing: 0.08em;
-                text-transform: uppercase;
-                transition: transform 0.2s ease, box-shadow 0.2s ease;
-            }
-            a.button:hover {
-                transform: translateY(-2px);
-                box-shadow: 0 20px 35px rgba(255,77,0,0.25);
-            }
-            pre {
-                background: rgba(5,0,7,0.75);
-                border-radius: 16px;
-                padding: 16px;
-                color: var(--smoke);
-                font-size: 0.95rem;
-                line-height: 1.5;
-                overflow-x: auto;
-            }
-            footer {
-                margin-top: 28px;
-                font-size: 0.85rem;
-                letter-spacing: 0.04em;
-                color: rgba(247,247,255,0.7);
-            }
-            @media (max-width: 640px) {
-                .container {
-                    padding: 32px 24px;
-                }
-                .cta {
-                    flex-direction: column;
-                }
-            }
-        </style>
-    </head>
-    <body>
-        <div class="atmosphere"></div>
-        <main class="container">
-            <h1>Apokolips Online</h1>
-            <p class="subhead">Canal de prova para ingress / load balancer</p>
-            <section class="panels">
-                <article class="panel">
-                    <h2>Estado</h2>
-                    <div class="status">
-                        <span>Pods sincronizados</span>
-                        <span>ConfigMap montado</span>
-                        <span>Ingress publicado</span>
-                    </div>
-                </article>
-                <article class="panel">
-                    <h2>Checklist</h2>
-                    <div class="status">
-                        <span>DNS aponta para balanceador</span>
-                        <span>TLS (opcional) emitido</span>
-                        <span>Firewall libera HTTP/S</span>
-                    </div>
-                </article>
-                <article class="panel">
-                    <h2>Debug Rápido</h2>
-                    <pre>kubectl -n apokolips-demo get all
-kubectl -n apokolips-demo describe ingress apokolips-demo
-curl -H "Host: SEU_HOST" https://LB_IP/</pre>
-                </article>
-            </section>
-            <div class="cta">
-                <a class="button" href="https://github.com/darkseid/raijin-server" target="_blank" rel="noreferrer noopener">Docs Raijin</a>
-                <a class="button" href="https://status.cloudflare.com/" target="_blank" rel="noreferrer noopener">Status Externo</a>
-            </div>
-            <footer>
-                Se esta página carregou via ingress, seu cluster respondeu à chamada de Apokolips.
-            </footer>
-        </main>
-    </body>
-    </html>
-    """
-)
-def _resolve_host() -> str:
-    env_host = os.environ.get("APOKOLIPS_HOST")
-    if env_host:
-        return env_host.strip()
-    return typer.prompt("Host (FQDN) para o ingress", default=DEFAULT_HOST).strip()
-def _resolve_tls_secret() -> str | None:
-    env_secret = os.environ.get("APOKOLIPS_TLS_SECRET")
-    if env_secret:
-        return env_secret.strip()
-    use_tls = typer.confirm("Deseja referenciar um Secret TLS existente?", default=False)
-    if not use_tls:
-        return None
-    secret = typer.prompt("Nome do Secret TLS", default="apokolips-demo-tls")
-    return secret.strip() or None
-def _resolve_ip_access() -> bool:
-    """Pergunta se deseja acesso via IP direto (para testes)."""
-    env_ip = os.environ.get("APOKOLIPS_IP_ACCESS")
-    if env_ip:
-        return env_ip.strip().lower() in ("1", "true", "yes")
-    return typer.confirm("Habilitar acesso via IP direto? (apenas para testes)", default=True)
-def _build_manifest(host: str, tls_secret: str | None, ip_access: bool = False) -> str:
-        html_block = indent(HTML_TEMPLATE.strip("\n"), " " * 4)
-        tls_block = ""
-        if tls_secret:
-                tls_block = (
-                        "  tls:\n"
-                        "  - hosts:\n"
-                        f"    - {host}\n"
-                        f"    secretName: {tls_secret}\n"
-                )
-        # Regra adicional para acesso via IP (sem host)
-        ip_rule = ""
-        if ip_access:
-                ip_rule = """
-    - http:
-        paths:
-        - path: /
-          pathType: Prefix
-          backend:
-            service:
-              name: apokolips-demo
-              port:
-                number: 80"""
-        template = """\
-apiVersion: v1
-kind: Namespace
-metadata:
-    name: {namespace}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-    name: apokolips-html
-    namespace: {namespace}
-data:
-    index.html: |
-__HTML__
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-    name: apokolips-demo
-    namespace: {namespace}
-    labels:
-        app: apokolips-demo
-spec:
-    replicas: 1
-    selector:
-        matchLabels:
-            app: apokolips-demo
-    template:
-        metadata:
-            labels:
-                app: apokolips-demo
-        spec:
-            containers:
-            - name: apokolips-web
-                image: nginx:1.25
-                ports:
-                - containerPort: 80
-                resources:
-                    limits:
-                        cpu: 100m
-                        memory: 128Mi
-                    requests:
-                        cpu: 50m
-                        memory: 64Mi
-                volumeMounts:
-                - name: site
-                    mountPath: /usr/share/nginx/html
-                    readOnly: true
-            volumes:
-            - name: site
-                configMap:
-                    name: apokolips-html
----
-apiVersion: v1
-kind: Service
-metadata:
-    name: apokolips-demo
-    namespace: {namespace}
-spec:
-    type: ClusterIP
-    selector:
-        app: apokolips-demo
-    ports:
-    - port: 80
-        targetPort: 80
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-    name: apokolips-demo
-    namespace: {namespace}
-    annotations:
-        traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
-spec:
-    ingressClassName: traefik
-    rules:
-    - host: {host}
-        http:
-            paths:
-            - path: /
-                pathType: Prefix
-                backend:
-                    service:
-                        name: apokolips-demo
-                        port:
-                            number: 80__IP_RULE__
-__TLS__
-"""
-        manifest = template.format(namespace=NAMESPACE, host=host)
-        manifest = manifest.replace("__HTML__", html_block)
-        manifest = manifest.replace("__IP_RULE__", ip_rule)
-        manifest = manifest.replace("__TLS__", tls_block.rstrip())
-        return f"{manifest.strip()}\n"
-def run(ctx: ExecutionContext) -> None:
-    ensure_tool("kubectl", ctx, install_hint="Instale kubectl para aplicar o manifesto do site.")
-    host = _resolve_host()
-    tls_secret = _resolve_tls_secret()
-    ip_access = _resolve_ip_access()
-    manifest = _build_manifest(host, tls_secret, ip_access)
-    typer.echo("Gerando manifesto Apokolips...")
-    write_file(TMP_MANIFEST, manifest, ctx)
-    try:
-        run_cmd(["kubectl", "apply", "-f", str(TMP_MANIFEST)], ctx)
-    finally:
-        TMP_MANIFEST.unlink(missing_ok=True)
-    typer.secho("\nLanding page implantada!", fg=typer.colors.GREEN, bold=True)
-    typer.echo(f"  • Namespace: {NAMESPACE}")
-    typer.echo(f"  • Host: {host}")
-    if tls_secret:
-        typer.echo(f"  • Secret TLS: {tls_secret}")
-    if ip_access:
-        typer.secho("  • Acesso via IP: HABILITADO (apenas para testes)", fg=typer.colors.YELLOW)
-    typer.echo("\nTestes sugeridos:")
-    if ip_access:
-        typer.echo("  # Acesso direto via IP (teste):")
-        typer.echo("  curl http://<IP_DO_SERVIDOR>/")
-        typer.echo("")
-    typer.echo(f"  # Acesso via DNS (produção):")
-    typer.echo(f"  curl -H 'Host: {host}' http://<IP_DO_LOAD_BALANCER>/")
-    typer.echo(f"  kubectl -n {NAMESPACE} get ingress {NAMESPACE}")
-    typer.echo(f"  kubectl -n {NAMESPACE} get pods")
-    if ip_access:
-        typer.secho("\n⚠️  Lembre-se de desabilitar o acesso via IP após configurar o DNS!", fg=typer.colors.YELLOW)
-        typer.echo("   Rode novamente com APOKOLIPS_IP_ACCESS=false ou responda 'não' na pergunta.")
-    typer.echo("\nPara remover:")
-    typer.echo(f"  kubectl delete namespace {NAMESPACE}")

raijin-server 0.3.6__py3-none-any.whl → 0.3.7__py3-none-any.whl

Potentially problematic release.

raijin-server 0.3.6py3-none-any.whl → 0.3.7py3-none-any.whl