Merge pull request #2682 from KBVE/beta

Preparing Release Branch

docs/data/scripts/brew/brew_install.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Function to install dependencies
+install_dependencies() {
+    echo "Installing required dependencies..."
+    sudo apt-get update
+    sudo apt-get install -y build-essential procps curl file git
+}
+
+# Function to install Homebrew
+install_brew() {
+    echo "Installing Homebrew..."
+    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+}
+
+# Function to configure Homebrew environment
+configure_brew() {
+    echo "Configuring Homebrew..."
+    echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc
+    source ~/.bashrc
+}
+
+# Function to verify installation
+verify_installation() {
+    echo "Verifying Homebrew installation..."
+    brew --version
+}
+
+# Main function to run all tasks
+main() {
+    install_dependencies
+    install_brew
+    configure_brew
+    verify_installation
+}
+
+# Execute main function
+main

docs/data/scripts/kube/helm/kilobase/full-example-demo.yaml

@@ -0,0 +1,116 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: supabase
+---
+apiVersion: v1
+data:
+  # password is `testtest` - SCRAM-SHA-256$4096:JD6Fgh1JxZ8zyEvAz9VQ7g==$tzVDFwPZxI3/nTNylq/tjBw8AS2Mwr6AJOYl3JyF5gY=:CoTKsSCXWRx4ddHHBChb0yns4HtBK+lJqjpEMcrW/m0=
+  password: U0NSQU0tU0hBLTI1NiQ0MDk2OkpENkZnaDFKeFo4enlFdkF6OVZRN2c9PSR0elZERndQWnhJMy9uVE55bHEvdGpCdzhBUzJNd3I2QUpPWWwzSnlGNWdZPTpDb1RLc1NDWFdSeDRkZEhIQkNoYjB5bnM0SHRCSytsSnFqcEVNY3JXL20wPQ==
+  username: YXBw
+kind: Secret
+metadata:
+  name: cluster-example-app-user
+  namespace: supabase
+type: kubernetes.io/basic-auth
+---
+apiVersion: v1
+data:
+  password: U0NSQU0tU0hBLTI1NiQ0MDk2OkpENkZnaDFKeFo4enlFdkF6OVZRN2c9PSR0elZERndQWnhJMy9uVE55bHEvdGpCdzhBUzJNd3I2QUpPWWwzSnlGNWdZPTpDb1RLc1NDWFdSeDRkZEhIQkNoYjB5bnM0SHRCSytsSnFqcEVNY3JXL20wPQ==
+  username: cG9zdGdyZXM=
+kind: Secret
+metadata:
+  name: cluster-example-superuser
+  namespace: supabase
+type: kubernetes.io/basic-auth
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: backup-creds
+  namespace: supabase
+data:
+  ACCESS_KEY_ID: a2V5X2lk
+  ACCESS_SECRET_KEY: c2VjcmV0X2tleQ==
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: cluster-example-full
+  namespace: supabase
+spec:
+  description: "Example of cluster"
+  imageName: ghcr.io/cloudnative-pg/postgresql:15.8-7-bookworm
+  instances: 3
+  startDelay: 300
+  stopDelay: 300
+  primaryUpdateStrategy: unsupervised
+
+  postgresql:
+    parameters:
+      shared_buffers: 256MB
+      pg_stat_statements.max: '10000'
+      pg_stat_statements.track: all
+      auto_explain.log_min_duration: '10s'
+      password_encryption: 'scram-sha-256'
+    pg_hba:
+      - host all all 0.0.0.0/0 scram-sha-256
+
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+      secret:
+        name: cluster-example-app-user
+
+  enableSuperuserAccess: true
+  superuserSecret:
+    name: cluster-example-superuser
+
+  storage:
+    storageClass: longhorn-postgres-replica-storage
+    size: 1Gi
+  walStorage:
+    storageClass: longhorn-postgres-replica-storage
+    size: 1Gi
+
+  # Prometheus
+  monitoring:
+    enablePodMonitor: true
+
+  # backup:
+  #   barmanObjectStore:
+  #     destinationPath: s3://cluster-example-full-backup/
+  #     endpointURL: http://custom-endpoint:1234
+  #     s3Credentials:
+  #       accessKeyId:
+  #         name: backup-creds
+  #         key: ACCESS_KEY_ID
+  #       secretAccessKey:
+  #         name: backup-creds
+  #         key: ACCESS_SECRET_KEY
+  #     wal:
+  #       compression: gzip
+  #       encryption: AES256
+  #     data:
+  #       compression: gzip
+  #       encryption: AES256
+  #       immediateCheckpoint: false
+  #       jobs: 2
+  #   retentionPolicy: "30d"
+
+  resources:
+    requests:
+      memory: "1Gi"
+      cpu: "1"
+    limits:
+      memory: "1Gi"
+      cpu: "2"
+
+  # affinity:
+  #   enablePodAntiAffinity: true
+  #   topologyKey: failure-domain.beta.kubernetes.io/zone
+
+  nodeMaintenanceWindow:
+    inProgress: false
+    reusePVC: false

docs/data/scripts/kube/helm/secrets/sealed_secrets_install.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+function checks_required_commands {
+    function check_command {
+        if ! command -v $1 &> /dev/null
+        then
+            echo "$1 is not installed. Please install it before running this script."
+            exit 1
+        fi
+    }
+
+    # Check if helm and kubectl are installed
+    check_command helm
+    check_command kubectl
+}
+
+function sealed_secrets_installer {
+    NAMESPACE=sealed-secrets
+    kubectl create namespace $NAMESPACE || echo "Namespace '$NAMESPACE' already exists"
+
+    helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
+    helm repo update
+    helm install sealed-secrets sealed-secrets/sealed-secrets --namespace $NAMESPACE
+
+    echo "Sealed Secrets installed successfully!"
+}
+
+
+function main {
+    checks_required_commands
+    sealed_secrets_installer
+}
+
+main

docs/data/scripts/kube/helm/secrets/sealed_secrets_install.tf

@@ -0,0 +1,33 @@
+provider "kubernetes" {
+    config_path = "~/.kube/config"
+}
+
+provider "helm" {
+    kubernetes {
+        config_path = "~/.kube/config"
+    }
+}
+
+resource "kubernetes_namespace" "sealed_secrets_namespace" {
+    metadata {
+        name = "sealed-secrets"
+    }
+}
+
+resource "helm_release" "sealed_secrets" {
+    name       = "sealed-secrets"
+    namespace  = kubernetes_namespace.sealed_secrets_namespace.metadata[0].name
+    chart      = "sealed-secrets"
+    repository = "https://bitnami-labs.github.io/sealed-secrets"
+    # version    = "2.6.0"  # Specify the version you want, or leave this field to install the latest version
+
+    set {
+        name  = "controller.create"
+        value = "true"
+    }
+
+    set {
+        name  = "controller.resources.limits.memory"
+        value = "256Mi"
+    }
+}

docs/data/scripts/kube/rancher/ubuntu_install_master.sh

@@ -0,0 +1,98 @@
+#!/bin/bash
+
+# Function to check if Ubuntu version is 20.04, 22.04, or 24.04
+check_ubuntu_version() {
+    VERSION=$(lsb_release -rs)
+    if [[ "$VERSION" =~ ^(20.04|22.04|24.04)$ ]]; then
+        echo "Ubuntu $VERSION detected."
+    else
+        echo "Error: This script supports only Ubuntu 20.04, 22.04, or 24.04 LTS."
+        exit 1
+    fi
+}
+
+# Function to prepare the server for RKE2 installation
+prepare_server() {
+    echo "Preparing the server for RKE2 installation..."
+
+    # Stop and disable UFW (software firewall)
+    if ! systemctl disable --now ufw; then
+        echo "Error: Failed to disable UFW."
+        exit 1
+    fi
+
+    # Update package lists, install NFS, and apply updates
+    if ! apt update || ! apt install nfs-common -y || ! apt upgrade -y; then
+        echo "Error: Failed to update packages or install NFS."
+        exit 1
+    fi
+
+    # Clean up unnecessary packages
+    if ! apt autoremove -y; then
+        echo "Error: Failed to clean up unused packages."
+        exit 1
+    fi
+
+    echo "Server preparation complete."
+}
+
+# Function to install RKE2
+install_rke2() {
+    echo "Installing RKE2 server..."
+
+    # Install RKE2
+    if ! curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE=server sh -; then
+        echo "Error: Failed to install RKE2 server."
+        exit 1
+    fi
+
+    # Create config directory and set token
+    mkdir -p /etc/rancher/rke2/
+    echo "token: bootstrapAllTheThings" > /etc/rancher/rke2/config.yaml
+
+    # Enable and start RKE2 service
+    if ! systemctl enable --now rke2-server.service; then
+        echo "Error: Failed to start and enable RKE2 server."
+        exit 1
+    fi
+
+    echo "RKE2 installation complete."
+}
+
+
+# Function to configure kubectl and check node status
+configure_kubectl() {
+    echo "Configuring kubectl..."
+
+    # Create symlink for kubectl
+    KUBECTL_PATH=$(find /var/lib/rancher/rke2/data/ -name kubectl)
+    if ! ln -s $KUBECTL_PATH /usr/local/bin/kubectl; then
+        echo "Error: Failed to symlink kubectl."
+        exit 1
+    fi
+
+    # Add kubectl configuration to .bashrc with persistence
+    if ! echo "export KUBECONFIG=/etc/rancher/rke2/rke2.yaml PATH=\$PATH:/usr/local/bin/:/var/lib/rancher/rke2/bin/" >> ~/.bashrc; then
+        echo "Error: Failed to update .bashrc with kubectl config."
+        exit 1
+    fi
+
+    # Source the updated .bashrc
+    source ~/.bashrc
+
+    # Check node status
+    kubectl get node
+    echo "kubectl configuration and node status check complete."
+}
+
+
+# Main script execution
+main() {
+    check_ubuntu_version
+    prepare_server
+    install_rke2
+    configure_kubectl
+}
+
+# Run the main function
+main

docs/data/scripts/kube/rancher/ubuntu_install_worker.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# Function to check if Ubuntu version is 20.04, 22.04, or 24.04
+check_ubuntu_version() {
+    VERSION=$(lsb_release -rs)
+    if [[ "$VERSION" =~ ^(20.04|22.04|24.04)$ ]]; then
+        echo "Ubuntu $VERSION detected."
+    else
+        echo "Error: This script supports only Ubuntu 20.04, 22.04, or 24.04 LTS."
+        exit 1
+    fi
+}
+
+# Function to prepare the worker for RKE2 installation
+prepare_worker() {
+    echo "Preparing the worker for RKE2 installation..."
+
+    # Stop and disable UFW (software firewall)
+    if ! systemctl disable --now ufw; then
+        echo "Error: Failed to disable UFW."
+        exit 1
+    fi
+
+    # Update package lists, install NFS, and apply updates
+    if ! apt update || ! apt install nfs-common -y || ! apt upgrade -y; then
+        echo "Error: Failed to update packages or install NFS."
+        exit 1
+    fi
+
+    # Clean up unnecessary packages
+    if ! apt autoremove -y; then
+        echo "Error: Failed to clean up unused packages."
+        exit 1
+    fi
+
+    echo "Worker preparation complete."
+}
+
+# Main script execution
+main() {
+    check_ubuntu_version
+    prepare_worker
+
+}
+
+# Run the main function
+main

docs/data/scripts/proxmox/micro-os-kvm/main.tf

@@ -0,0 +1,23 @@
+# Proxmox provider configuration
+provider "proxmox" {
+  pm_api_url      = var.proxmox_url
+  pm_user         = "root@pam"
+  pm_password     = var.proxmox_password
+  pm_tls_insecure = true
+}
+
+
+
+
+
+variable "proxmox_password" {
+    description = "The password to authenticate with the Proxmox API"
+}
+
+variable "private_key_path" {
+    description = "Path to the SSH private key for VM provisioning"
+}
+
+variable "proxmox_url" {
+    description = "URL for the Proxmox API"
+}

docs/data/scripts/ubuntu/ubuntu_harden.sh

@@ -0,0 +1 @@
+#!/bin/bash