jesus/prvng_extensions
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore include .k files

Browse Source
This commit is contained in:
Jesús Pérez 2025-10-07 11:20:26 +01:00
parent d325dfad3a
commit 2b4c1fde11
Signed by: jesus
GPG Key ID: 9F243E355E0BC939
93 changed files with 3971 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -19,7 +19,6 @@ target/
# Encryption keys and related files (CRITICAL - NEVER COMMIT) # Encryption keys and related files (CRITICAL - NEVER COMMIT)
.k .k
.k.backup .k.backup
*.k
*.key.backup *.key.backup
config.*.toml config.*.toml

103
clusters/oci-reg/kcl/oci-reg.k Normal file
View File

@ -0,0 +1,103 @@
# Info: KCL OCIReg task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 11-01-2024
import regex
schema OCIRegStorageDriver:
name: str
rootdirectory: str
region: str
bucket: str
secure: bool = True
regionendpoint: str
accesskey: str
secretkey: str
skipverify: bool = False
schema OCIRegTLS:
cert: str = "/etc/zot/ssl/fullchain.pem"
key: str ="/etc/zot/ssl/privkey.pem"
schema OCIRegHtpasswd:
path: str = "/etc/zot/htpasswd"
schema OCIRegAuth:
htpasswd?: OCIRegHtpasswd
failDelay: int = 5
schema OCIRegHTTP:
address: str = "0.0.0.0"
port: int = 5000
realm: str = "zot"
tls?: OCIRegTLS
auth?: OCIRegAuth
check:
address == Undefined or regex.match(address,"^\$.*$") or regex.match(address,"^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'address = ${address}' check value definition (use $vaule or xx.xx.xx.xx)"
schema OCIRegLog:
level: str = "debug"
output: str = "/var/log/zot/zot.log"
audit: str = "/var/log/zot/zot-audit.log"
schema OCIRegRegistry:
urls: [str]
onDemand: bool = True
maxRetries?: int
retryDelay?: str # "5m"
pollInterval?: str # "6h"
schema OCIRegCVE:
updateInterval: str = "24h"
schema OCIRegExtUI:
enable: bool = True
schema OCIRegExtSearch:
enable: bool = True
cve: OCIRegCVE = { updateInterval = "24h"}
schema OCIRegExtSync:
enable: bool = True
registries?: [OCIRegRegistry]
schema OCIRegExtScrub:
enable: bool = True
interval: str = "24h"
schema OCIRegStorage:
rootDirectory: str
dedupe: bool = True
gc?: bool
gcDelay?: str # "1h"
gcInterval?: str # "6h"
remoteCache?: bool = False
storageDriver?: OCIRegStorageDriver
schema OCIRegExtensions:
ui?: OCIRegExtUI
search?: OCIRegExtSearch
sync?: OCIRegExtSync
scrub?: OCIRegExtScrub
schema OCIRegConfig:
distSpecVersion: str = "1.0.1"
storage: OCIRegStorage
http?: OCIRegHTTP
log?: OCIRegLog
extensions?: OCIRegExtensions
schema OCIReg:
name: str
oci_data: str = "/data/zot"
oci_etc: str = "/etc/zot"
oci_log: str = "/var/log/zot"
oci_user: str = "zot"
oci_user_group: str = "zot"
oci_cmds: str = "zot zli"
oci_memory_high: int = 30
oci_memory_max: int =32
oci_bin_path: str = "/usr/local/bin"
copy_paths: [str]
config: OCIRegConfig

5
clusters/web/kcl/web.k Normal file
View File

@ -0,0 +1,5 @@
schema Web:
name: str = "web"
check:
len(name) > 0, "Check name"

125
providers/aws/kcl/defaults_aws.k Normal file
View File

@ -0,0 +1,125 @@
# Info: KCL AWS provider defaults schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 15-12-2023
import regex
import provisioning
schema ReqPlan:
"""
RequiredPlan settings
"""
scale: bool = True
arch: "x86_64" | "arm64" = "x86_64"
cores: int = 1
memory: int
infaces: int = 2
ena: str = "supported,required"
# virtyp: hvm
gen?: str = "current"
check:
multiplyof(memory, 256), "Memory must be a multiplier of 256"
len(ena) > 0, "Check ena value"
schema Permission:
"""
Permisssion for Security Groups
"""
name: str
"protocol": "tcp" | "udp" = "tcp"
fromPort: int
toPort: int
ranges: str = "[{CidrIp=0.0.0.0/0},{CidrIp=10.0.0.0/24}]"
schema SecurityGroup:
"""
Security Groups
"""
id?: str
name: str
perms?: [Permission]
schema Storage_aws(provisioning.Storage):
"""
AWS Storage settings
"""
volname: str = ""
# The volume type. This parameter can be one of the following values:
# - General Purpose SSD: gp2 | gp3
# - Provisioned IOPS SSD: io1 | io2
# - Throughput Optimized HDD: st1
# - Cold HDD: sc1
# - Magnetic: standard
# - Warning: Throughput Optimized HDD (st1 ) and Cold HDD (sc1 ) volumes can't be used as boot volumes.
voltype: "standard" | "io1" | "io2" | "gp2" | "sc1" | "st1" | "gp3" = "gp2"
zone: str = ""
voldevice: str = "sdf"
labels: str = ""
deletetermination: bool = False
encrypted: bool = False
kms_id: str = ""
check:
len(voldevice) > 0, "Check volume device value /dev/sd[f-p]"
schema ServerDefaults_aws(provisioning.ServerDefaults):
"""
Server Defaults settings
"""
not_use: bool = False
provider: "aws" = "aws"
# AWS provision data settings
prov_settings: str = "defs/aws_data.k"
# AWS provision data settings clean
prov_settings_clean: bool = False
time_zone: str = "UTC"
# AWS region like: eu-west-1 # TODO check regex match
zone?: str
plan?: str
reqplan?: ReqPlan
# Specific AMIs can be used with their ID
# If 'storage_os: find' storage_os_find will be used to find one in zone (region)
# expected something like: "name=debian-12 | arch=x86_64" or "name: debian-12 | arch: x86_64" will be parsed to find latest available
storage_os_find: str = "name: debian-12 | arch: x86_64"
#storage_os: find
storage_os?: str
#storage_os: ami-0eb11ab33f229b26c
# If not Storage size, Plan Storage size will be used
#storage_size: int
storages?: [Storage_aws]
# Add one or more SSH keys to the admin account. Accepted values are SSH public keys or filenames from
# where to read the keys.
# ssh public key to be included in /root/.ssh/authorized_keys
ssh_key_path?: str
# Public certificate must be created or imported as a key_name
# use: providers/aws/bin/on-ssh.sh (add -h to get info)
ssh_key_name?: str
# AWS do not use utility network, if no value it will not be set and utility IP will not be set
# public network, if no value it will not be set and public IP will not be set
#network_utility_ipv4: bool = True
#network_utility_ipv6: bool = False
#network_public_ipv4: bool = True
#network_public_ipv6: bool = False
#TODO settings for Elastic IPs or instace without pubic IP
# To use private network a VPC + Subnet + NetworkInfterface has to be created, IPs will be set in servers items
# In AWS this is only a name
network_private_name?: str
#network_private_id?: str
liveness_ip?: str
liveness_port: int = 22
# Disable api_stop to keep PublicIpAddress
disable_stop: bool = True
# Labels to describe the server in `key: value` format, multiple can be declared.
# Usage: env: dev
labels: str = "{Key=cluster,Value=k8s}"
# Main user (default Debian user is admin)
user: str = "admin"
check:
len(user) > 0, "Check user value"
priv_cidr_block == Undefined or regex.match(priv_cidr_block, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'priv_cidr_block = ${priv_cidr_block}' check value definition"
liveness_ip == Undefined or regex.match(liveness_ip, "^\$.*$") or regex.match(liveness_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'liveness_ip = ${liveness_ip}' check value definition (use $vaule or xx.xx.xx.xx)"

108
providers/aws/kcl/dependencies.k Normal file
View File

@ -0,0 +1,108 @@
# Info: AWS provider dependencies for batch provisioning workflows (Provisioning)
# Author: Claude Code Agent 7
# Release: 2.0.0
# Date: 2025-09-25
import provisioning
schema NetworkDependencies:
"""VPC and networking dependencies"""
vpc_first: bool = True
subnets_require_vpc: bool = True
igw_for_public: bool = True
route_tables_auto: bool = True
nacls_after_subnets: bool = True
network_timeout: int = 10
schema SecurityDependencies:
"""Security Group dependencies"""
requires_vpc: bool = True
cross_references: bool = True
batch_size: int = 20
max_rules_per_group: int = 60
schema InstanceDependencies:
"""EC2 instance dependencies"""
requires: [str] = ["subnets", "security_groups", "key_pairs"]
launch_template_support: bool = True
batch_size: int = 10
max_concurrent_per_az: int = 20
launch_timeout: int = 10
placement_groups: bool = True
schema VolumeDependencies:
"""EBS volume dependencies"""
independent_creation: bool = True
attach_requires_running: bool = False
concurrent_snapshots: bool = True
batch_size: int = 15
single_az_restriction: bool = True
schema ApiLimits:
"""API rate limits and constraints"""
ec2_requests_per_second: int = 20
vpc_requests_per_second: int = 10
ebs_requests_per_second: int = 10
burst_multiplier: float = 2
throttle_backoff: int = 1000
max_retries: int = 5
regional_limits: bool = True
schema SharedResources:
"""Shared resources across accounts/regions"""
amis_shareable: bool = True
snapshots_shareable: bool = True
keypairs_regional: bool = True
vpcs_isolated: bool = True
sgs_vpc_scoped: bool = True
schema Lifecycle:
"""Resource lifecycle management"""
safe_delete: [str] = ["instances", "volumes", "snapshots"]
dependency_check: [str] = ["vpc", "subnets", "security_groups"]
cost_monitoring: [str] = ["instances", "volumes", "nat_gateways", "load_balancers"]
cleanup_order: [str] = ["load_balancers", "volumes", "instances", "key_pairs", "security_groups", "internet_gateways", "subnets", "vpc"]
schema CrossProvider:
"""Cross-provider compatibility"""
upcloud_compatible: bool = True
local_compatible: bool = True
hybrid_deployments: bool = True
naming_restrictions: [str] = ["aws-", "amazon-"]
mandatory_tags: [str] = ["Project", "Environment", "ManagedBy"]
schema AvailabilityZones:
"""Availability Zone considerations"""
multi_az_distribution: bool = True
min_az_count: int = 2
max_az_count: int = 3
affinity_groups: bool = True
schema Validation:
"""Validation and compliance"""
quota_validation: bool = True
permission_validation: bool = True
regional_limits: bool = True
compliance_checks: bool = True
cost_estimation: bool = True
schema AWSDependencies:
"""
AWS provider dependency management for batch workflows
"""
# Resource creation order and dependencies
resource_order: [str] = ["vpc", "subnets", "internet_gateways", "security_groups", "key_pairs", "instances", "volumes", "load_balancers"]
# Configuration sections
network_dependencies: NetworkDependencies = NetworkDependencies {}
security_dependencies: SecurityDependencies = SecurityDependencies {}
instance_dependencies: InstanceDependencies = InstanceDependencies {}
volume_dependencies: VolumeDependencies = VolumeDependencies {}
api_limits: ApiLimits = ApiLimits {}
shared_resources: SharedResources = SharedResources {}
lifecycle: Lifecycle = Lifecycle {}
cross_provider: CrossProvider = CrossProvider {}
availability_zones: AvailabilityZones = AvailabilityZones {}
validation: Validation = Validation {}
# Default dependency configuration for AWS provider
aws_dependencies: AWSDependencies = AWSDependencies {}

33
providers/aws/kcl/provision_aws.k Normal file
View File

@ -0,0 +1,33 @@
# Info: KCL AWS provider server schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 1-04-2024
import regex
import .defaults_aws as defaults
schema Provision_env_aws:
"""
AWS provision env data settings
"""
vpc: str
subnet: str
cidr_block: str
avail_zone: str
# aws security group
sg?: defaults.SecurityGroup
check:
len(vpc) > 0, "Check VPC value"
len(subnet) > 0, "Check Subnet value"
len(avail_zone) > 0, "Check availability Zone value"
len(cidr_block) == 0 or regex.match(cidr_block, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'cidr_block = ${cidr_block}' check value definition"
schema Provision_aws:
"""
AWS provision data settings
"""
# Main settings data
main: Provision_env_aws
# Privaten settings data
priv?: Provision_env_aws

30
providers/aws/kcl/server_aws.k Normal file
View File

@ -0,0 +1,30 @@
# Info: KCL AWS provider server schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 15-12-2023
import regex
import provisioning
schema Server_aws(ServerDefaults_aws):
"""
AWS server settings
"""
# Hostname as reference for resource if is changed later inside server, change will not be updated in resource inventory
hostname: str
title: str
# To use private network it a VPC + Subnet + NetworkInfterface has to be created
# It will be done based on aws_priv_cidr_block value (see top file)
# IP will be assign here
network_private_ip?: str
# extra hostnames for server local resolution
extra_hostnames?: [str]
taskservs?: [provisioning.TaskServDef]
clusters?: [provisioning.ClusterDef]
check:
len(hostname) > 0, "Check hostname value"
len(title) > 0, "Check titlevalue"
network_private_ip == Undefined or regex.match(network_private_ip, "^\$.*$") or regex.match(network_private_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'network_private_ip = ${network_private_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
storages != Undefined, "🛑 Storages is not defined"

62
providers/local/kcl/defaults_local.k Normal file
View File

@ -0,0 +1,62 @@
# Info: KCL Local provider defaults schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 15-12-2023
import regex
import provisioning
schema Storage_local(provisioning.Storage):
"""
Local Storage settings
"""
volname: str = ""
labels: str = ""
encrypted: bool = False
check:
len(volname) > 0, "Check volume name"
schema ServerDefaults_local(provisioning.ServerDefaults):
"""
Local Server Defaults settings
"""
provider: "local" = "local"
# Local provision data settings
prov_settings: str = "defs/local_data.k"
# Local provision data settings clean
prov_settings_clean: bool = False
not_use: bool = False
time_zone: str = "UTC"
# Local Plan name
plan?: str
storage_os?: str
storages?: [Storage_local]
#storage_size: int
# Add one or more SSH keys to the admin account. Accepted values are SSH public keys or filenames from
# where to read the keys.
# ssh public key to be included in /root/.ssh/authorized_keys
ssh_key_path?: str
# Public certificate must be created or imported as a key_name
# use: providers/aws/bin/on-ssh.sh (add -h to get info)
ssh_key_name?: str
# To use private network, IPs will be set in servers items
priv_cidr_block?: str = "10.11.1.0/24"
# ssh_key_mode: rewrite
#network_utility_ipv4: bool = True
#network_utility_ipv6: bool = False
#network_public_ipv4?: bool = True
#network_public_ipv6?: bool = False
network_private_name?: str = "Private Network"
liveness_ip?: str = "$network_public_ip"
liveness_port: int = 22
# Labels to describe the server in `key: value` format, multiple can be declared.
# Usage: env: dev
labels: str = "{Key=cluster,Value=k8s}"
user: str = "root"
check:
len(user) > 0, "Check user value"
priv_cidr_block == Undefined or regex.match(priv_cidr_block, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'priv_cidr_block = ${priv_cidr_block}' check value definition"
liveness_ip == Undefined or regex.match(liveness_ip, "^\$.*$") or regex.match(liveness_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'liveness_ip = ${liveness_ip}' check value definition (use $vaule or xx.xx.xx.xx)"

117
providers/local/kcl/dependencies.k Normal file
View File

@ -0,0 +1,117 @@
# Info: Local provider dependencies for development and testing workflows (Provisioning)
# Author: Claude Code Agent 7
# Release: 2.0.0
# Date: 2025-09-25
import provisioning
schema FilesystemDependencies:
"""Directory and filesystem dependencies"""
base_directories_first: bool = True
required_paths: [str] = ["/tmp", "/var", "/opt"]
auto_create_dirs: bool = True
default_permissions: str = "755"
fs_timeout: int = 30
schema NetworkDependencies:
"""Local network dependencies"""
docker_networks: bool = True
host_network_limits: bool = True
port_conflict_check: bool = True
local_ranges: [str] = ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
network_timeout: int = 60
schema ContainerDependencies:
"""Container dependencies (if using containerization)"""
docker_required: bool = False
podman_support: bool = True
runtime_auto_detect: bool = True
base_images_first: bool = True
batch_size: int = 5
startup_timeout: int = 120
schema StorageDependencies:
"""Local storage dependencies"""
local_paths: bool = True
prefer_bind_mounts: bool = True
capacity_validation: bool = True
temp_cleanup: bool = True
batch_size: int = 10
schema ResourceLimits:
"""Resource limits (local development constraints)"""
max_processes: int = 50
max_memory_mb: int = 4096
max_disk_gb: int = 20
max_connections: int = 100
max_cpu_percent: int = 80
schema DevelopmentFeatures:
"""Development workflow support"""
hot_reload: bool = True
debug_mode: bool = True
service_discovery: bool = True
config_watching: bool = True
log_aggregation: bool = True
schema SharedResources:
"""Shared resources (local development)"""
config_files_shared: bool = True
cache_shared: bool = True
logs_shared: bool = True
database_shared: bool = False
ssh_keys_inherited: bool = True
schema Lifecycle:
"""Resource lifecycle management"""
cleanup_on_exit: bool = True
preserve_data: [str] = ["databases", "logs", "config"]
temporary: [str] = ["pid_files", "sockets", "temp_dirs"]
cleanup_order: [str] = ["services", "containers", "volumes", "networks", "temp_directories"]
schema CrossProvider:
"""Cross-provider compatibility"""
cloud_simulation: bool = True
cloud_config_compat: bool = True
cloud_migration: bool = True
service_mocking: bool = True
env_parity: bool = True
schema Validation:
"""Local testing and validation"""
health_checks: bool = True
port_checks: bool = True
dependency_checks: bool = True
resource_validation: bool = True
config_validation: bool = True
performance_testing: bool = True
schema Security:
"""Security considerations for local development"""
environment_isolation: bool = True
secure_local_comms: bool = False
access_control_sim: bool = True
credential_management: bool = True
security_scanning: bool = False
schema LocalDependencies:
"""
Local provider dependency management for development workflows
"""
# Resource creation order (simplified for local development)
resource_order: [str] = ["directories", "networks", "containers", "volumes", "services"]
# Configuration sections
filesystem_dependencies: FilesystemDependencies = FilesystemDependencies {}
network_dependencies: NetworkDependencies = NetworkDependencies {}
container_dependencies: ContainerDependencies = ContainerDependencies {}
storage_dependencies: StorageDependencies = StorageDependencies {}
resource_limits: ResourceLimits = ResourceLimits {}
development_features: DevelopmentFeatures = DevelopmentFeatures {}
shared_resources: SharedResources = SharedResources {}
lifecycle: Lifecycle = Lifecycle {}
cross_provider: CrossProvider = CrossProvider {}
validation: Validation = Validation {}
security: Security = Security {}
# Default dependency configuration for Local provider
local_dependencies: LocalDependencies = LocalDependencies {}

11
providers/local/kcl/provision_local.k Normal file
View File

@ -0,0 +1,11 @@
# Info: KCL AWS provider server schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 1-04-2024
schema Provision_local:
"""
AWS provision data settings
"""
# settings data
zone: str

27
providers/local/kcl/server_local.k Normal file
View File

@ -0,0 +1,27 @@
# Info: KCL Local provider server schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 15-12-2023
import regex
import provisioning
schema Server_local(ServerDefaults_local):
"""
Local server settings
"""
# Hostname as reference for resource if is changed later inside server, change will not be updated in resource inventory
hostname: str
title: str
# IP will be assign here
network_private_ip?: str
# extra hostnames for server local resolution
extra_hostnames?: [str]
taskservs?: [provisioning.TaskServDef]
clusters?: [provisioning.ClusterDef]
check:
len(hostname) > 0, "Check hostname value"
len(title) > 0, "Check titlevalue"
network_private_ip == Undefined or regex.match(network_private_ip, "^\$.*$") or regex.match(network_private_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'network_private_ip = ${network_private_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
storages != Undefined, "🛑 Storages is not defined"

105
providers/upcloud/kcl/defaults_upcloud.k Normal file
View File

@ -0,0 +1,105 @@
# Info: KCL Upcloud provider defaults schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 15-12-2023
import regex
import provisioning.lib as lib
import provisioning.defaults as defaults
schema Storage_backup_upcloud:
"""
Upcloud storage backup
"""
#The time when to create a backup in HH:MM. Empty value means no backups.
time: str
# The interval of the backup. Available: daily,mon,tue,wed,thu,fri,sat,sun Default: daily
interval: "daily" | "mon" | "tue" | "wed" | "thu" | "fri" | "sat" | "sun" = "daily"
# How long to store the backups in days. The accepted range is 1-1095 Default: 7
retention: int = 7
check:
(retention) > 0 and (retention) <= 1095, "Retention greater range 1-1095"
schema Storage_upcloud(lib.Storage):
"""
Upcloud storage settings
"""
volname: str = ""
# The volume type. This parameter can be one of the following values:
# - General Purpose SSD: gp2 | gp3
# - Provisioned IOPS SSD: io1 | io2
# - Throughput Optimized HDD: st1
# - Cold HDD: sc1
# - Magnetic: standard
# - Warning: Throughput Optimized HDD (st1 ) and Cold HDD (sc1 ) volumes can't be used as boot volumes.
voltype: "maxiops" | "hdd" | "custom" = "maxiops"
labels: str = ""
encrypt: bool = False
backup?: Storage_backup_upcloud
schema ServerDefaults_upcloud(defaults.ServerDefaults):
"""
Upcloud Server Defaults settings
"""
provider: "upcloud" = "upcloud"
# UpCloud provision data settings
prov_settings: str = "defs/upcloud_settings.k"
# UpCloud provision data settings clean
prov_settings_clean: bool = False
not_use: bool = False
time_zone: str = "UTC"
zone: "de-fra1" | "es-mad1" = "es-mad1"
# UpCloud Plan name, for plans list = "upctl server plans" or use 'custom --cores 2 --memory 4096
plan: "DEV-1xCPU-1GB-10GB" | "DEV-1xCPU-1GB" | "DEV-1xCPU-2GB" | "DEV-1xCPU-4GB" | "DEV-2xCPU-4GB" | "DEV-2xCPU-8GB" | "DEV-2xCPU-16GB" | "CLOUDNATIVE-1xCPU-4GB" | "CLOUDNATIVE-1xCPU-8GB" | "CLOUDNATIVE-2xCPU-4GB" | "CLOUDNATIVE-2xCPU-8GB" | "1xCPU-1GB" | "1xCPU-2GB" | "2xCPU-2GB" | "2xCPU-4GB" | "4xCPU-8GB" = "1xCPU-2GB"
# If 'storage_os: find' storage_os_find will be used to find one in zone (region)
# expected something like: "name=debian-12 | arch=x86_64" or "name: debian-12 | arch: x86_64" will be parsed to find latest available
storage_os_find: str = "name: debian-13 | arch: x86_64"
#storage_os: find
# Ubuntu Server 24.04 LTS (Noble Numbat) 01000000-0000-4000-8000-000030240200
# Debian GNU/Linux 13 (Trixie) 01000000-0000-4000-8000-000020080100
storage_os: "01000000-0000-4000-8000-000020070100" | "01000000-0000-4000-8000-000030240200" | "01000000-0000-4000-8000-000020080100" = "01000000-0000-4000-8000-000020080100"
#storage_os: ami-0eb11ab33f229b26c
# If not Storage size, Plan Storage size will be used
#storage_size: int
storages?: [Storage_upcloud]
#UUID of a server group for the server
group_id?: str
# Simple backup rule. Format (HHMM,{dailies,weeklies,monthlies}). Example: 2300,dailies
backup?: str
# Add one or more SSH keys to the admin account. Accepted values are SSH public keys or filenames from
# where to read the keys.
# ssh public key to be included in /root/.ssh/authorized_keys
ssh_key_path?: str
# Public certificate must be created or imported as a key_name
# use: providers/aws/bin/on-ssh.sh (add -h to get info)
ssh_key_name?: str
# To use private network, IPs will be set in servers items
priv_cidr_block?: str
# ssh_key_mode: rewrite
# AWS do not use utility network, if no value it will not be set and utility IP will not be set
# public network, if no value it will not be set and public IP will not be set
#network_utility_ipv4: bool = True
#network_utility_ipv6: bool = False
#network_public_ipv4?: bool = True
#network_public_ipv6?: bool = False
#TODO settings for Elastic IPs or instace without pubic IP
# To use private network a VPC + Subnet + NetworkInfterface has to be created, IPs will be set in servers items
# In AWS this is only a name
network_private_name?: str
liveness_ip?: str
liveness_port: int = 22
# Labels to describe the server in `key: value` format, multiple can be declared.
# Usage: env: dev
labels: str = "{Key=cluster,Value=k8s}"
user: str = "root"
check:
len(user) > 0, "Check user value"
priv_cidr_block == Undefined or regex.match(priv_cidr_block, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'priv_cidr_block = ${priv_cidr_block}' check value definition"
liveness_ip == Undefined or regex.match(liveness_ip, "^{{.*}}$") or regex.match(liveness_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'liveness_ip = ${liveness_ip}' check value definition (use {{variable}} or xx.xx.xx.xx)"

83
providers/upcloud/kcl/dependencies.k Normal file
View File

@ -0,0 +1,83 @@
# Info: UpCloud provider dependencies for batch provisioning workflows (Provisioning)
# Author: Claude Code Agent 7
# Release: 2.0.0
# Date: 2025-09-25
import provisioning
schema NetworkDependencies:
"""Network dependency configuration"""
private_networks_first: bool = True
public_networks_managed: bool = True
network_timeout: int = 300
network_wait: int = 5
schema ServerDependencies:
"""Server dependency configuration"""
requires: [str] = ["networks", "ssh_keys"]
batch_size: int = 5
batch_wait: int = 30
max_concurrent: int = 3
creation_timeout: int = 15
schema StorageDependencies:
"""Storage dependency configuration"""
flexible_timing: bool = True
attached_requires_server: bool = True
batch_size: int = 10
operation_timeout: int = 10
schema ApiLimits:
"""API rate limits and constraints"""
requests_per_minute: int = 300
burst_requests: int = 50
api_call_delay: int = 200
max_retries: int = 3
backoff_multiplier: float = 1.5
schema SharedResources:
"""Shared resources configuration"""
ssh_keys_shared: bool = True
networks_shared: bool = False
storage_shared: bool = False
firewall_shared: bool = True
schema Lifecycle:
"""Resource lifecycle management"""
safe_delete: [str] = ["servers", "storage", "networks"]
confirm_delete: [str] = ["ssh_keys", "shared_networks"]
protected: [str] = ["payment_methods", "account_settings"]
cleanup_order: [str] = ["loadbalancers", "storage", "servers", "ssh_keys", "security_groups", "networks"]
schema CrossProvider:
"""Cross-provider compatibility"""
aws_compatible: bool = True
local_compatible: bool = True
mixed_deployments: bool = True
naming_conflicts: [str] = ["default", "main", "primary"]
schema Validation:
"""Validation and health checks"""
network_connectivity: bool = True
ssh_key_validation: bool = True
zone_validation: bool = True
quota_validation: bool = True
schema UpCloudDependencies:
"""
UpCloud provider dependency management for batch workflows
"""
# Resource creation order and dependencies
resource_order: [str] = ["networks", "security_groups", "ssh_keys", "servers", "storage", "loadbalancers"]
# Configuration sections
network_dependencies: NetworkDependencies = NetworkDependencies {}
server_dependencies: ServerDependencies = ServerDependencies {}
storage_dependencies: StorageDependencies = StorageDependencies {}
api_limits: ApiLimits = ApiLimits {}
shared_resources: SharedResources = SharedResources {}
lifecycle: Lifecycle = Lifecycle {}
cross_provider: CrossProvider = CrossProvider {}
validation: Validation = Validation {}
# Default dependency configuration for UpCloud provider
upcloud_dependencies: UpCloudDependencies = UpCloudDependencies {}

11
providers/upcloud/kcl/main.k Normal file
View File

@ -0,0 +1,11 @@
# Main entry point for provisioning KCL module
# This file exports all the schemas and configurations needed for provisioning
# Author: JesusPerezLorenzo
# Release: 0.1.0
# Date: 29-09-2025
# Import core module schemas
import .defaults_upcloud
import .dependencies
import .provision_upcloud
import .server_upcloud

19
providers/upcloud/kcl/provision_upcloud.k Normal file
View File

@ -0,0 +1,19 @@
# Info: KCL UpCloud provider server schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 1-04-2024
schema Provision_env_upcloud:
"""
UpCloud provision env data settings
"""
zone?: str
schema Provision_upcloud:
"""
UpCloud provision data settings
"""
# Main settings data
main: Provision_env_upcloud
# Privaten settings data
priv?: Provision_env_upcloud

31
providers/upcloud/kcl/server_upcloud.k Normal file
View File

@ -0,0 +1,31 @@
# Info: KCL Upcloud provider server schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 15-12-2023
import regex
import provisioning.lib as lib
import .defaults_upcloud as defaults
schema Server_upcloud(defaults.ServerDefaults_upcloud):
"""
Upcloud server settings
"""
# Hostname as reference for resource if is changed later inside server, change will not be updated in resource inventory
hostname: str
title: str
# To use private network it a VPC + Subnet + NetworkInfterface has to be created
# It will be done based on aws_priv_cidr_block value (see top file)
# IP will be assign here
network_private_ip?: str
# extra hostnames for server local resolution
extra_hostnames?: [str]
taskservs?: [lib.TaskServDef]
clusters?: [lib.ClusterDef]
check:
len(hostname) > 0, "Check hostname value"
len(title) > 0, "Check titlevalue"
len(network_private_ip) == 0 or regex.match(network_private_ip, "^\$.*$") or regex.match(network_private_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'network_private_ip = ${network_private_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
storages != Undefined, "🛑 Storages is not defined"

9
taskservs/container_runtime/containerd/kcl/containerd.k Normal file
View File

@ -0,0 +1,9 @@
# Info: Containerd schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.1
# Date: 30-06-2024
schema Containerd:
name: str = "containerd"
version: str
runtimes: str = "runc"

103
taskservs/container_runtime/containerd/kcl/dependencies.k Normal file
View File

@ -0,0 +1,103 @@
# KCL Dependency configuration for containerd taskserv
# Defines comprehensive dependency, resource, and health requirements
import provisioning.dependencies as schema
# Containerd taskserv dependency configuration
_dependencies = schema.TaskservDependencies {
name = "containerd"
# Critical dependencies - must be installed first
requires = ["runc", "os"]
# Optional enhancements - install if available
optional = ["youki", "crun"]
# Cannot coexist with other container runtimes
conflicts = ["docker", "podman", "crio"]
# Services provided by this taskserv
provides = ["container-runtime", "cri", "containerd-service"]
# Resource requirements for containerd installation
resources = schema.ResourceRequirement {
cpu = "200m" # 200m CPU for container runtime
memory = "256Mi" # 256MB RAM minimum
disk = "5Gi" # 5GB for images and container storage
network = True # Requires network for image pulls
privileged = True # Needs privileged access for container operations
}
# Health checks for containerd service
health_checks = [
schema.HealthCheck {
command = "systemctl is-active containerd"
interval = 30
timeout = 5
retries = 2
success_threshold = 1
failure_threshold = 3
},
schema.HealthCheck {
command = "ctr version"
interval = 60
timeout = 10
retries = 3
},
schema.HealthCheck {
command = "ctr images list | wc -l"
interval = 120
timeout = 15
retries = 2
}
]
# Readiness probe for installation completion
readiness_probe = schema.HealthCheck {
command = "ctr namespaces list | grep -q default"
interval = 15
timeout = 5
retries = 5
success_threshold = 2
}
# Installation phases for ordered deployment
phases = [
schema.InstallationPhase {
name = "pre-install"
order = 1
parallel = False
required = True
},
schema.InstallationPhase {
name = "install"
order = 2
parallel = False
required = True
},
schema.InstallationPhase {
name = "post-install"
order = 3
parallel = True
required = True
},
schema.InstallationPhase {
name = "validate"
order = 4
parallel = False
required = True
}
]
# Installation control
timeout = 300 # 5 minutes for containerd setup
retry_count = 3
# Platform compatibility
os_support = ["linux"]
arch_support = ["amd64", "arm64"]
k8s_versions = ["1.31.x", "1.30.x", "1.29.x", "1.28.x"]
}
# Output for dynamic dependency resolution
_dependencies

21
taskservs/container_runtime/containerd/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for containerd taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Containerd taskserv configuration
_version = schema.TaskservVersion {
name = "containerd"
version = schema.Version {
current = "1.7.24"
source = "https://github.com/containerd/containerd/releases"
tags = "https://github.com/containerd/containerd/tags"
site = "https://containerd.io"
# Pinned for production stability
check_latest = True
grace_period = 86400
}
dependencies = ["runc"]
}
# Output for dynamic cache system
_version

11
taskservs/container_runtime/crio/kcl/crio.k Normal file
View File

@ -0,0 +1,11 @@
# Info: KCL CRIO schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.1
# Date: 30-06-2024
schema Crio:
name: str = "crio"
version: str
runtime_default: "crun" | "runc" | "youki" = "crun"
runtimes: str = "crun,runc"

16
taskservs/container_runtime/crio/kcl/version.k Normal file
View File

@ -0,0 +1,16 @@
import taskservs.version as schema
# Containerd taskserv configuration
_version = schema.TaskservVersion {
name = "containerd"
version = schema.Version {
current = "latest"
source = "https://github.com/cri-o/cri-o/releases"
tags = "https://github.com/cri-o/cri-o/tags"
site = "https://cri-o.io"
# Auto-update for container runtime
check_latest = True
grace_period = 86400
}
}
_version

9
taskservs/container_runtime/crun/kcl/crun.k Normal file
View File

@ -0,0 +1,9 @@
# Info: KCL Crun schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.1
# Date: 30-06-2024
schema Crun:
name: str = "crun"
version: str

21
taskservs/container_runtime/crun/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for crun taskserv
# Uses proper TaskservVersion schema for type safety
import taskservs.version as schema
# Crun taskserv configuration
_version = schema.TaskservVersion {
name = "crun"
version = schema.Version {
current = "latest"
source = "https://github.com/containers/crun/releases"
tags = "https://github.com/containers/crun/tags"
site = "https://github.com/containers/crun"
# Auto-update for container runtime
check_latest = True
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

11
taskservs/container_runtime/podman/kcl/podman.k Normal file
View File

@ -0,0 +1,11 @@
# Info: KCL Podman schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.1
# Date: 30-06-2024
schema Podman:
name: str = "podman"
version: str
runtime_default: "crun" | "runc" | "youki" = "crun"
runtimes: str = "crun,runc"

21
taskservs/container_runtime/podman/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for podman taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Podman taskserv configuration
_version = schema.TaskservVersion {
name = "podman"
version = schema.Version {
current = "5.3.1"
source = "https://github.com/containers/podman/releases"
tags = "https://github.com/containers/podman/tags"
site = "https://podman.io"
# Pinned for stability
check_latest = True
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

19
taskservs/container_runtime/runc/kcl/version.k Normal file
View File

@ -0,0 +1,19 @@
# KCL Version configuration for runc taskserv
# Uses proper TaskservVersion schema for type safety
import taskservs.version as schema
# Runc taskserv configuration
_version = schema.TaskservVersion {
name = "runc"
version = schema.Version {
current = "1.1.14"
source = "https://github.com/opencontainers/runc/releases"
tags = "https://github.com/opencontainers/runc/tags"
site = "https://github.com/opencontainers/runc"
# Auto-update for container runtime
check_latest = True
grace_period = 86400
}
dependencies = []
}
_version

16
taskservs/container_runtime/youki/kcl/version.k Normal file
View File

@ -0,0 +1,16 @@
import taskservs.version as schema
# Containerd taskserv configuration
_version = schema.TaskservVersion {
name = "youki"
version = schema.Version {
current = "latest"
source = "https://github.com/containers/youki/releases"
tags = "https://github.com/containers/youki/tags"
site = "https://github.com/containers/youki"
# Auto-update for container runtime
check_latest = True
grace_period = 86400
}
}
_version

9
taskservs/container_runtime/youki/kcl/youki.k Normal file
View File

@ -0,0 +1,9 @@
# Info: KCL Youki schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.1
# Date: 30-06-2024
schema Youki:
name: str = "youki"
version: str

18
taskservs/databases/postgres/kcl/postgres.k Normal file
View File

@ -0,0 +1,18 @@
# Info: KCL Postgres task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 10-12-2023
schema Postgres:
name: str = "postgres"
postgres_version: str
vers_num:int
run_path: str = "/usr/bin/psql"
lib_path: str = "/var/lib/postgresql"
data_path: str = "/var/lib/postgresql/${vers_num}/main"
etc_path: str = "/etc/postgresql"
config_file: str = "postgresql.conf"
run_user: str = "postgres"
run_group: str = "${run_user}"
run_user_home: str = "/var/lib/postgresql"

14
taskservs/databases/postgres/kcl/version.k Normal file
View File

@ -0,0 +1,14 @@
import taskservs.version as schema
# Containerd taskserv configuration
_version = schema.TaskservVersion {
name = "postgres"
version = schema.Version {
current = "16"
source = "https://hub.docker.com/_/postgres"
site = "https://www.postgresql.org"
# Pinned major version for stability
check_latest = True
grace_period = 86400
}
}

48
taskservs/databases/redis/kcl/redis.k Normal file
View File

@ -0,0 +1,48 @@
# Info: Redis KCL schemas for provisioning (Provisioning)
# Author: Example Template
# Release: 0.0.1
# Date: $(date +%Y-%m-%d)
schema Redis:
"""
Redis configuration schema for infrastructure provisioning
"""
name: str = "redis"
version: str
# Network configuration
port: int = 6379
bind_address: str = "127.0.0.1"
# Memory configuration
maxmemory: str = "256mb"
maxmemory_policy: "noeviction" | "allkeys-lru" | "volatile-lru" | "allkeys-random" | "volatile-random" | "volatile-ttl" = "allkeys-lru"
# Persistence configuration
persistence: bool = True
save_interval: str = "900 1 300 10 60 10000" # Save every 900s if 1 key changed, etc.
# Security
requirepass?: str
# Replication
master_host?: str
master_port?: int
# Clustering
cluster_enabled: bool = False
cluster_config_file?: str
# Logging
loglevel: "debug" | "verbose" | "notice" | "warning" = "notice"
logfile: str = "/var/log/redis/redis-server.log"
# Performance
tcp_keepalive: int = 300
timeout: int = 0
# Validation
check:
port > 0 and port < 65536, "Port must be between 1 and 65535"
len(version) > 0, "Version must be specified"
master_port == Undefined or (master_port > 0 and master_port < 65536), "Master port must be valid if specified"

107
taskservs/development/coder/kcl/coder.k Normal file
View File

@ -0,0 +1,107 @@
# Info: KCL Coder task schemas for provisioning (Provisioning)
# Author: Provisioning System
# Release: 0.0.1
# Date: 2025-07-24
import regex
schema User:
"""
User settings for Coder
"""
name: str
group: str = name
home?: str = "/home/${name}"
schema Database:
"""
Coder Database configuration
"""
typ: "sqlite" | "postgresql" = "postgresql"
host?: str = "127.0.0.1"
port?: int = 5432
database?: str = "coder"
username?: str
password?: str
ssl_mode?: "require" | "disable" = "disable"
path?: str = "/var/lib/coder/coder.db" if typ == "sqlite" else Undefined
check:
typ == "sqlite" or username != Undefined and len(username) > 0, "Database username required for ${typ}"
typ == "sqlite" or password != Undefined and len(password) > 0, "Database password required for ${typ}"
typ == "sqlite" or host != Undefined and len(host) > 0, "Database host required for ${typ}"
schema TLS:
"""
TLS configuration for Coder
"""
enabled: bool = False
cert_file?: str
key_file?: str
address?: str = "0.0.0.0:443"
check:
not enabled or cert_file != Undefined and len(cert_file) > 0, "cert_file required when TLS enabled"
not enabled or key_file != Undefined and len(key_file) > 0, "key_file required when TLS enabled"
not enabled or (regex.match(cert_file, "^\/.*\.(pem|crt)$") if cert_file != Undefined else True), \
"cert_file should be absolute path with .pem or .crt extension"
not enabled or (regex.match(key_file, "^\/.*\.(pem|key)$") if key_file != Undefined else True), \
"key_file should be absolute path with .pem or .key extension"
schema OAuth:
"""
OAuth configuration for Coder
"""
enabled: bool = False
provider: "github" | "oidc" | "google" = "github"
client_id?: str
client_secret?: str
issuer_url?: str
scopes?: [str] = ["openid", "profile", "email"]
check:
not enabled or client_id != Undefined and len(client_id) > 0, "client_id required when OAuth enabled"
not enabled or client_secret != Undefined and len(client_secret) > 0, "client_secret required when OAuth enabled"
not enabled or provider != "oidc" or issuer_url != Undefined and len(issuer_url) > 0, "issuer_url required for OIDC provider"
schema CoderServer:
"""
Coder server configuration
"""
name: str = "coder"
version: str
run_user: User = {
name = "coder"
}
work_path: str = "/var/lib/coder"
config_path: str = "/etc/coder"
run_path: str = "/usr/local/bin/coder"
access_url: str
wildcard_access_url?: str
http_address: str = "0.0.0.0:7080"
database: Database = {
typ = "postgresql"
}
tls: TLS = {
enabled = False
}
oauth: OAuth = {
enabled = False
}
log_level: "trace" | "debug" | "info" | "warn" | "error" = "info"
telemetry_enabled: bool = True
update_check_enabled: bool = True
redirect_to_access_url: bool = False
proxy_trusted_headers: [str] = []
proxy_trusted_origins: [str] = []
secure_auth_cookie: bool = False
max_session_token_lifetime: str = "24h"
disable_password_auth: bool = False
check:
len(access_url) > 0, "access_url is required"
regex.match(access_url, "^https?://.*$"), "access_url must be a valid HTTP/HTTPS URL"
wildcard_access_url == Undefined or regex.match(wildcard_access_url, "^\*\..*$"), "wildcard_access_url must start with *."
len(run_user.name) > 0, "Check run_user name"
len(work_path) > 0, "Check work_path"
len(config_path) > 0, "Check config_path"

15
taskservs/development/coder/kcl/version.k Normal file
View File

@ -0,0 +1,15 @@
import taskservs.version as schema
_version = schema.TaskservVersion {
name = "coder"
version = schema.Version {
current = "latest"
source = "https://api.github.com/repos/coder/coder/releases"
tags = "https://api.github.com/repos/coder/coder/tags"
site = "https://coder.com"
# Pinned for production stability
check_latest = False
grace_period = 86400
}
}
_version

126
taskservs/development/desktop/kcl/desktop.k Normal file
View File

@ -0,0 +1,126 @@
# Info: KCL Desktop task schemas for provisioning (Provisioning)
# Author: Provisioning System
# Release: 1.0.0
# Date: 2025-07-25
import regex
schema User:
"""
User settings for Desktop environment
"""
name: str
group: str = name
home?: str = "/home/${name}"
shell?: str = "/bin/bash"
schema DesktopEnvironment:
"""
Desktop environment configuration
"""
type: "xfce" | "gnome" | "kde" | "lxde" | "mate" = "xfce"
display_manager: "lightdm" | "gdm" | "sddm" = "lightdm"
resolution?: str = "1920x1080"
theme?: str
schema Applications:
"""
Applications to install with desktop
"""
editors: [str] = ["zed", "nano", "vim"]
browsers: [str] = ["firefox"]
terminals: [str] = ["xfce4-terminal"]
development: [str] = ["git", "build-essential"]
media: [str] = ["vlc", "gimp"]
office: [str] = ["libreoffice"]
utilities: [str] = ["htop", "curl", "wget", "tree"]
schema Graphics:
"""
Graphics and display configuration
"""
driver: "nouveau" | "nvidia" | "amd" | "intel" = "intel"
acceleration: bool = True
compositing: bool = True
schema VNC:
"""
VNC server configuration for remote desktop access
"""
enabled: bool = True
port: int = 5901
password?: str
geometry: str = "1920x1080"
depth: int = 24
check:
port > 1024 and port < 65535, "VNC port must be between 1024 and 65535"
depth in [8, 16, 24, 32], "VNC depth must be 8, 16, 24, or 32"
schema RustDesk:
"""
RustDesk remote desktop configuration
"""
enabled: bool = True
port: int = 21116
hbbr_port: int = 21117
custom_server?: str
password?: str
permanent_password?: str
allow_guest: bool = False
auto_start: bool = True
check:
port > 1024 and port < 65535, "RustDesk port must be between 1024 and 65535"
hbbr_port > 1024 and hbbr_port < 65535, "RustDesk hbbr port must be between 1024 and 65535"
port != hbbr_port, "RustDesk ports must be different"
schema SSH:
"""
SSH server configuration
"""
enabled: bool = True
port: int = 22
password_auth: bool = True
key_auth: bool = True
root_login: "yes" | "no" | "prohibit-password" = "prohibit-password"
max_auth_tries: int = 3
client_alive_interval: int = 300
client_alive_count_max: int = 2
allowed_users?: [str]
denied_users?: [str]
check:
port > 0 and port < 65535, "SSH port must be between 1 and 65535"
max_auth_tries > 0, "Max auth tries must be positive"
client_alive_interval >= 0, "Client alive interval must be non-negative"
client_alive_count_max >= 0, "Client alive count max must be non-negative"
schema DesktopServer:
"""
Desktop server configuration
"""
name: str = "desktop"
run_user: User = {
name = "desktop"
}
desktop_env: DesktopEnvironment = {
type = "xfce"
}
applications: Applications = {}
graphics: Graphics = {}
vnc: VNC = {
enabled = True
}
rustdesk: RustDesk = {
enabled = True
}
ssh: SSH = {
enabled = True
}
auto_login: bool = False
startup_script?: str
check:
len(run_user.name) > 0, "Check run_user name"
vnc.enabled or rustdesk.enabled or desktop_env.display_manager != Undefined, "At least one remote access method required"

22
taskservs/development/desktop/kcl/version.k Normal file
View File

@ -0,0 +1,22 @@
# KCL Version configuration for crun taskserv
# Uses proper TaskservVersion schema for type safety
#
import taskservs.version as schema
# Crun taskserv configuration
_version = schema.TaskservVersion {
name = "desktop"
version = schema.Version {
current = "latest"
source = ""
tags = ""
site = ""
# Auto-update for container runtime
check_latest = False
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

119
taskservs/development/gitea/kcl/gitea.k Normal file
View File

@ -0,0 +1,119 @@
# Info: KCL Gitea task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 11-12-2023
import regex
schema User:
"""
User settings
"""
name: str
password?: str
group: str = name
home?: str = "/home/${name}"
email?: str
schema DB:
"""
Gitea DB settings
"""
typ: "sqlite" | "postgres" | "mysql" = "sqlite"
host?: str = "127.0.0.1:5432" if typ == "postgres" else Undefined
name: str
user?: str
password?: str
charset?: str = "utf8" if typ != "sqlite" else Undefined
ssl_mode?: "enable" | "disable" = "disable" if typ == "postgres" else Undefined
path?: str = "/var/lib/gitea/gitea.db"
schema Gitea:
"""
Gitea app.ini main settings
"""
#_with_ssh = True if ssh_domain != Undefined and len(ssh_domain) > 0 else False
# _protocol = "https" if certs_path != Undefined and len(certs_path) > 0 else "http"
#_ssh_port = 22
# _cert_file = Undefined if _protocol == "http" else cert_file
# _key_file = key_file if certs_path != Undefined and _protocol == "https" else Udefined
name: str = "gitea"
version: str
app_name: str
run_user: User = {
name = "gitea"
}
adm_user: User
work_path: str = "/var/lib/gitea"
etc_path: str = "/etc/gitea"
config_path: str = "app.ini"
run_path: str = "/usr/local/bin/gitea"
"protocol": "http" | "https" = "http"
http_addr: str = "localhost"
http_port: int = 3000
root_url: str
domain: str
db: DB
disable_registration: bool = True
require_signin_view: bool = False
webhook_allowed_hosts_list?: str
cdci_user?: str
cdci_group?: str = "${cdci_user}"
cdci_user_home?: str = "/home/${cdci_user}"
cdci_key?: str
copy_paths?: [str]
# #if $with_https == True:
# # _protocol = "https"
# if _with_ssh == True:
# _ssh_port = 22
# # if _protocol == "http":
# # _cert_file = Undefined
# # _key_file = Undefined
# # cert_file = ""
# print (_with_ssh, ssh_domain, ssh_port)
# print (_protocol, certs_path, cert_file, _cert_file)
check:
1 <= http_port <= 65535, "http_port must be between 1 and 65535, inclusive"
len(adm_user.name) > 0, "Check Admin User name 'adm_user.name'"
len(adm_user.password) > 0, "Check Admin User password 'adm_user.password'"
len(adm_user.email) > 0, "Check Admin User email 'adm_user.email'"
len(db.name) > 0, "Check DB name"
db.typ == "sqlite" or db.user != Undefined and len(db.user) > 0, "Check DB user for ${db.typ}"
db.typ == "sqlite" or db.password != Undefined and len(db.password) > 0, "Check DB password for ${db.typ}"
# 1 <= ssh_port <= 65535 , "ssh_port must be between 1 and 65535, inclusive"
# _cert_file == Undefined or regex.match(_cert_file, "^\/([A-z0-9-_+]+\/)*([A-z0-9]+\.(pem))$"), "'cert_file= ${_cert_file}' should be absolute path with '.pem' extension"
# _key_file == Undefined or regex.match(_key_file, "^\/([A-z0-9-_+]+\/)*([A-z0-9]+\.(pem))$"), "'key_file= ${_key_file}' should be absolute path with '.pem' extension"
#_protocol == "https" and len(certs_path) == 0, "certs_path has to be set for protocol https"
#ssh_port == 1 IF ssh_domain? [""]
schema Gitea_SSH(Gitea):
"""
Gitea app.ini main settings with SSL and SSH
"""
"protocol": "http" | "https" = "https"
ssh_domain: str
ssh_port: int = 2022
start_ssh_server: bool = True
builtin_ssh_server_user: str = "git"
ssh_root_path: str = "/home/gitea/.ssh"
check:
1 <= ssh_port <= 65535 , "ssh_port must be between 1 and 65535, inclusive"
schema Gitea_SSH_SSL(Gitea_SSH):
"""
Gitea app.ini main settings with SSL
"""
"protocol": "http" | "https" = "https"
certs_path: str
cert_file: str = "${certs_path}/fullchain.pem"
key_file: str = "${certs_path}/privkey.pem"
check:
1 <= http_port <= 65535, "http_port must be between 1 and 65535, inclusive"
regex.match(certs_path, "^\/.*$"), "'certs_path= ${certs_path}' should be absolute path"
regex.match(cert_file, "^\/([A-z0-9-_+]+\/)*([A-z0-9]+\.(pem))$"), "'cert_file= ${cert_file}' should be absolute path with '.pem' extension"
regex.match(key_file, "^\/([A-z0-9-_+]+\/)*([A-z0-9]+\.(pem))$"), "'key_file= ${key_file}' should be absolute path with '.pem' extension"

16
taskservs/development/gitea/kcl/version.k Normal file
View File

@ -0,0 +1,16 @@
import taskservs.version as schema
# Containerd taskserv configuration
_version = schema.TaskservVersion {
name = "gitea"
version = schema.Version {
current = "latest"
source = "https://github.com/go-gitea/gitea/releases"
tags = "https://github.com/go-gitea/gitea/tags"
site = "https://gitea.io"
# Auto-update for development tools
check_latest = True
grace_period = 86400
}
}
_version

21
taskservs/development/nushell/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for nushell taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Nushell shell taskserv configuration
_version = schema.TaskservVersion {
name = "nushell"
version = schema.Version {
current = "0.107.1"
source = "https://github.com/nushell/nushell/releases"
tags = "https://github.com/nushell/nushell/tags"
site = "https://www.nushell.sh/"
# Pinned for system stability
check_latest = True
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

8
taskservs/development/oras/kcl/oras.k Normal file
View File

@ -0,0 +1,8 @@
schema Oras:
"""
Oras settings
"""
version: str
name: str = "oras"
copy_paths: [str]

21
taskservs/development/oras/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for oras taskserv
# Uses proper TaskservVersion schema for type safety
import taskservs.version as schema
# Oras taskserv configuration
_version = schema.TaskservVersion {
name = "oras"
version = schema.Version {
current = "latest"
source = "https://github.com/oras-project/oras/releases"
tags = "https://github.com/oras-project/oras/tags"
site = "https://oras.land"
# Auto-update for container registry tools
check_latest = True
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

58
taskservs/development/radicle/kcl/radicle.k Normal file
View File

@ -0,0 +1,58 @@
# Info: KCL Radicle task schemas for provisioning (Provisioning)
# Author: Provisioning System
# Release: 0.0.1
# Date: 2025-07-24
import regex
schema User:
"""
User settings for Radicle
"""
name: str
group: str = name
home?: str = "/home/${name}"
schema RadicleNode:
"""
Radicle Node configuration
"""
name: str = "radicle"
version: str
run_user: User = {
name = "radicle"
}
work_path: str = "/var/lib/radicle"
config_path: str = "/etc/radicle"
run_path: str = "/usr/local/bin/rad"
bind_addr: str = "0.0.0.0"
bind_port: int = 8776
peer_port: int = 8777
web_ui_port: int = 8080
storage_path: str = "/var/lib/radicle/storage"
seeds: [str] = []
external_addresses: [str] = []
connect_timeout: int = 10
announce: bool = True
log_level: "trace" | "debug" | "info" | "warn" | "error" = "info"
check:
1 <= bind_port <= 65535, "bind_port must be between 1 and 65535, inclusive"
1 <= peer_port <= 65535, "peer_port must be between 1 and 65535, inclusive"
1 <= web_ui_port <= 65535, "web_ui_port must be between 1 and 65535, inclusive"
len(run_user.name) > 0, "Check run_user name"
len(work_path) > 0, "Check work_path"
len(storage_path) > 0, "Check storage_path"
connect_timeout > 0, "connect_timeout must be positive"
schema RadicleHttpd:
"""
Radicle HTTP daemon configuration
"""
enabled: bool = True
bind_addr: str = "0.0.0.0"
bind_port: int = 8080
assets_path?: str
check:
1 <= bind_port <= 65535, "bind_port must be between 1 and 65535, inclusive"

21
taskservs/development/radicle/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for radicle taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Radicle (decentralized git) taskserv configuration
_version = schema.TaskservVersion {
name = "radicle"
version = schema.Version {
current = "1.0.0"
source = "https://github.com/radicle-dev/radicle/releases"
tags = "https://github.com/radicle-dev/radicle/tags"
site = "https://radicle.xyz"
check_latest = True # Can auto-update for development tools
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

84
taskservs/infrastructure/kms/kcl/kms.k Normal file
View File

@ -0,0 +1,84 @@
# Info: KCL Cosmian KMS task schemas for provisioning (Provisioning)
# Author: Provisioning System
# Release: 0.0.1
# Date: 2025-07-24
import regex
schema User:
"""
User settings for KMS
"""
name: str
group: str = name
home?: str = "/home/${name}"
schema Database:
"""
KMS Database configuration
"""
typ: "sqlite" | "mysql" | "postgresql" | "redis" = "sqlite"
host?: str = "127.0.0.1"
port?: int = 5432 if typ == "postgresql" else 3306 if typ == "mysql" else 6379 if typ == "redis" else Undefined
database?: str = "kms"
username?: str
password?: str
path?: str = "/var/lib/kms/kms.db" if typ == "sqlite" else Undefined
ssl_mode?: "require" | "disable" = "disable"
check:
typ == "sqlite" or username != Undefined and len(username) > 0, "Database username required for ${typ}"
typ == "sqlite" or password != Undefined and len(password) > 0, "Database password required for ${typ}"
typ == "sqlite" or host != Undefined and len(host) > 0, "Database host required for ${typ}"
schema Auth:
"""
Authentication configuration
"""
enabled: bool = False
jwt_issuer_uri?: str
jwks_uri?: str
jwt_audience?: str
check:
not enabled or jwt_issuer_uri != Undefined and len(jwt_issuer_uri) > 0, "JWT issuer URI required when auth enabled"
schema CosmianKMS:
"""
Cosmian KMS server configuration
"""
name: str = "kms"
version: str
run_user: User = {
name = "kms"
}
work_path: str = "/var/lib/kms"
config_path: str = "/etc/cosmian"
config_file: str = "kms.toml"
run_path: str = "/usr/local/bin/cosmian_kms"
bind_addr: str = "0.0.0.0"
port: int = 9998
database: Database = {
typ = "sqlite"
}
auth: Auth = {
enabled = False
}
log_level: "trace" | "debug" | "info" | "warn" | "error" = "info"
fips_mode: bool = False
tls_enabled: bool = False
cert_file?: str
key_file?: str
ca_cert_file?: str
check:
1 <= port <= 65535, "port must be between 1 and 65535, inclusive"
len(run_user.name) > 0, "Check run_user name"
len(work_path) > 0, "Check work_path"
len(config_path) > 0, "Check config_path"
not tls_enabled or cert_file != Undefined and len(cert_file) > 0, "cert_file required when TLS enabled"
not tls_enabled or key_file != Undefined and len(key_file) > 0, "key_file required when TLS enabled"
not tls_enabled or (regex.match(cert_file, "^\/.*\.(pem|crt)$") if cert_file != Undefined else True), \
"cert_file should be absolute path with .pem or .crt extension"
not tls_enabled or (regex.match(key_file, "^\/.*\.(pem|key)$") if key_file != Undefined else True), \
"key_file should be absolute path with .pem or .key extension"

21
taskservs/infrastructure/kms/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for kms taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# KMS (Key Management Service) taskserv configuration
_version = schema.TaskservVersion {
name = "kms"
version = schema.Version {
current = "latest"
source = "https://github.com/aws/aws-cli/releases"
tags = "https://github.com/aws/aws-cli/tags"
site = "https://aws.amazon.com/kms/"
# Pinned for security
check_latest = True
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

103
taskservs/infrastructure/os/kcl/dependencies.k Normal file
View File

@ -0,0 +1,103 @@
# KCL Dependency configuration for os taskserv
# Defines comprehensive dependency, resource, and health requirements
import provisioning.dependencies as schema
# OS taskserv dependency configuration
_dependencies = schema.TaskservDependencies {
name = "os"
# Base OS has no dependencies - it's the foundation
requires = []
# Optional enhancements - install if available
optional = ["resolv", "ip-aliases", "proxy"]
# No conflicts - OS is foundational
conflicts = []
# Services provided by this taskserv
provides = ["base-os", "systemd", "networking", "package-manager", "filesystem"]
# Resource requirements for OS configuration
resources = schema.ResourceRequirement {
cpu = "100m" # Minimal CPU for OS operations
memory = "128Mi" # 128MB RAM minimum
disk = "10Gi" # 10GB minimum for OS and packages
network = True # Requires network for package updates
privileged = True # Needs full system access for OS configuration
}
# Health checks for OS components
health_checks = [
schema.HealthCheck {
command = "systemctl is-system-running | grep -E 'running|degraded'"
interval = 60
timeout = 10
retries = 2
success_threshold = 1
failure_threshold = 3
},
schema.HealthCheck {
command = "df / | tail -1 | awk '{print $5}' | tr -d '%' | awk '$1 < 90'"
interval = 300
timeout = 5
retries = 1
},
schema.HealthCheck {
command = "free -m | awk 'NR==2{printf \"%.1f\", $3*100/$2 }' | awk '$1 < 95'"
interval = 120
timeout = 5
retries = 2
}
]
# Readiness probe for installation completion
readiness_probe = schema.HealthCheck {
command = "systemctl list-failed | grep -q '0 loaded units listed' || systemctl list-failed --state=failed | wc -l | grep -q '^0$'"
interval = 30
timeout = 10
retries = 5
success_threshold = 2
}
# Installation phases for ordered deployment
phases = [
schema.InstallationPhase {
name = "pre-install"
order = 1
parallel = False
required = True
},
schema.InstallationPhase {
name = "install"
order = 2
parallel = True # OS updates can run in parallel
required = True
},
schema.InstallationPhase {
name = "post-install"
order = 3
parallel = True
required = True
},
schema.InstallationPhase {
name = "validate"
order = 4
parallel = False
required = True
}
]
# Installation control
timeout = 900 # 15 minutes for OS updates and configuration
retry_count = 2 # Conservative retry for OS operations
# Platform compatibility - all supported platforms
os_support = ["linux"]
arch_support = ["amd64", "arm64"]
k8s_versions = [] # OS doesn't depend on K8s versions
}
# Output for dynamic dependency resolution
_dependencies

13
taskservs/infrastructure/os/kcl/os.k Normal file
View File

@ -0,0 +1,13 @@
# Info: KCL OS task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 10-12-2023
import regex
schema OS:
name: str = "os"
admin_user: str
admin_group: str = "${admin_user}"
src_user_path: str
ssh_keys: str

21
taskservs/infrastructure/os/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for os taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Operating System configuration taskserv
_version = schema.TaskservVersion {
name = "os"
version = schema.Version {
current = "latest"
source = ""
tags = ""
site = ""
check_latest = False # System component
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

115
taskservs/infrastructure/polkadot/bootnode/kcl/polkadot-bootnode.k Normal file
View File

@ -0,0 +1,115 @@
# Info: KCL Polkadot Bootnode task schemas for provisioning (Provisioning)
# Author: Provisioning System
# Release: 0.0.1
# Date: 2025-07-24
import regex
schema User:
"""
User settings for Polkadot bootnode
"""
name: str
group: str = name
home?: str = "/home/${name}"
schema SSL:
"""
SSL certificate configuration for bootnode
"""
enabled: bool = False
cert_file?: str
key_file?: str
ca_file?: str
check:
not enabled or cert_file != Undefined and len(cert_file) > 0, "cert_file required when SSL enabled"
not enabled or key_file != Undefined and len(key_file) > 0, "key_file required when SSL enabled"
schema NetworkPorts:
"""
Network port configuration for bootnode
"""
p2p_port: int = 30310
ws_port: int = 30311
wss_port: int = 30312
check:
1 <= p2p_port <= 65535, "P2P port must be between 1 and 65535"
1 <= ws_port <= 65535, "WebSocket port must be between 1 and 65535"
1 <= wss_port <= 65535, "WSS port must be between 1 and 65535"
p2p_port != ws_port, "P2P and WebSocket ports must be different"
p2p_port != wss_port, "P2P and WSS ports must be different"
ws_port != wss_port, "WebSocket and WSS ports must be different"
schema WSS:
"""
Secure WebSocket configuration for bootnode
"""
enabled: bool = False
domain?: str
proxy_type: "nginx" | "apache" = "nginx"
rate_limit: int = 1000 # requests per minute
ssl: SSL = {}
check:
not enabled or ssl.enabled, "SSL must be enabled for WSS"
not enabled or domain != Undefined and len(domain) > 0, "domain required for WSS"
schema Network:
"""
Network configuration for bootnode
"""
chain: "polkadot" | "kusama" | "westend" = "polkadot"
listen_addrs: [str] = [
"/ip4/0.0.0.0/tcp/30310",
"/ip4/0.0.0.0/tcp/30311/ws"
]
public_addr?: str
external_addresses: [str] = []
max_peers: int = 50
ports: NetworkPorts = {}
check:
max_peers > 0, "max_peers must be positive"
len(listen_addrs) > 0, "At least one listen address required"
schema Telemetry:
"""
Telemetry configuration for bootnode
"""
enabled: bool = True
url: str = "wss://telemetry.polkadot.io/submit/"
verbosity: int = 0
check:
0 <= verbosity <= 9, "verbosity must be between 0 and 9"
schema PolkadotBootnode:
"""
Polkadot bootnode configuration
"""
name: str = "polkadot-bootnode"
version: str = "latest"
run_user: User = {
name = "polkadot"
}
work_path: str = "/var/lib/polkadot-bootnode"
config_path: str = "/etc/polkadot-bootnode"
bin_path: str = "/usr/local/bin/polkadot"
base_path: str = "/var/lib/polkadot-bootnode/data"
node_key_file?: str = "/etc/polkadot-bootnode/node-key"
network: Network = {}
telemetry: Telemetry = {}
wss: WSS = {}
log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
log_targets: [str] = ["sub-libp2p"]
execution: "native" | "wasm" | "both" = "wasm"
state_cache_size: int = 67108864 # 64MB
check:
len(run_user.name) > 0, "Check run_user name"
len(work_path) > 0, "Check work_path"
len(config_path) > 0, "Check config_path"
len(base_path) > 0, "Check base_path"
state_cache_size > 0, "state_cache_size must be positive"

21
taskservs/infrastructure/polkadot/bootnode/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for polkadot-bootnode taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Polkadot bootnode taskserv configuration
_version = schema.TaskservVersion {
name = "polkadot-bootnode"
version = schema.Version {
current = "1.15.0"
source = "https://github.com/paritytech/polkadot/releases"
tags = "https://github.com/paritytech/polkadot/tags"
site = "https://polkadot.network"
# Pinned for network stability
check_latest = True
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

143
taskservs/infrastructure/polkadot/node/kcl/polkadot-node.k Normal file
View File

@ -0,0 +1,143 @@
# Info: KCL Polkadot Node task schemas for provisioning (Provisioning)
# Author: Provisioning System
# Release: 0.0.1
# Date: 2025-07-24
import regex
schema User:
"""
User settings for Polkadot node
"""
name: str
group: str = name
home?: str = "/home/${name}"
schema SSL:
"""
SSL certificate configuration
"""
enabled: bool = False
cert_file?: str
key_file?: str
ca_file?: str
check:
not enabled or cert_file != Undefined and len(cert_file) > 0, "cert_file required when SSL enabled"
not enabled or key_file != Undefined and len(key_file) > 0, "key_file required when SSL enabled"
schema WSS:
"""
Secure WebSocket configuration
"""
enabled: bool = False
port: int = 443
domain?: str
proxy_type: "nginx" | "apache" = "nginx"
rate_limit: int = 100 # requests per minute
ssl: SSL = {}
check:
1 <= port <= 65535, "WSS port must be between 1 and 65535"
not enabled or ssl.enabled, "SSL must be enabled for WSS"
not enabled or domain != Undefined and len(domain) > 0, "domain required for WSS"
schema Pruning:
"""
Pruning configuration for Polkadot node
"""
enabled: bool = True
mode: "state" | "block" | "both" = "state"
blocks_to_keep: int = 256
state_pruning: int = 256
block_pruning?: int = 256 if mode == "block" else Undefined
check:
blocks_to_keep > 0, "blocks_to_keep must be positive"
state_pruning > 0, "state_pruning must be positive"
block_pruning == Undefined or block_pruning > 0, "block_pruning must be positive if set"
schema Network:
"""
Network configuration
"""
chain: "polkadot" | "kusama" | "westend" = "polkadot"
listen_addr: str = "/ip4/0.0.0.0/tcp/30333"
public_addr?: str
bootnodes: [str] = []
reserved_nodes: [str] = []
reserved_only: bool = False
max_peers: int = 50
max_peers_light: int = 100
check:
max_peers > 0, "max_peers must be positive"
max_peers_light > 0, "max_peers_light must be positive"
schema RPC:
"""
RPC configuration
"""
enabled: bool = True
bind_addr: str = "127.0.0.1"
port: int = 9944
ws_port: int = 9944
http_port: int = 9933
max_connections: int = 100
cors: [str] = ["all"]
methods: [str] = ["safe"]
rate_limit?: int = 1000 # requests per minute
check:
1 <= port <= 65535, "RPC port must be between 1 and 65535"
1 <= ws_port <= 65535, "WebSocket port must be between 1 and 65535"
1 <= http_port <= 65535, "HTTP port must be between 1 and 65535"
max_connections > 0, "max_connections must be positive"
schema Telemetry:
"""
Telemetry configuration
"""
enabled: bool = True
url: str = "wss://telemetry.polkadot.io/submit/"
verbosity: int = 0
check:
0 <= verbosity <= 9, "verbosity must be between 0 and 9"
schema PolkadotNode:
"""
Polkadot node configuration
"""
name: str = "polkadot-node"
version: str = "latest"
node_type: "full" | "light" | "validator" = "full"
sync_mode: "full" | "fast" | "warp" = "warp"
pruning: Pruning = {}
archive_mode: bool = False
run_user: User = {
name = "polkadot"
}
work_path: str = "/var/lib/polkadot"
config_path: str = "/etc/polkadot"
bin_path: str = "/usr/local/bin/polkadot"
base_path: str = "/var/lib/polkadot/data"
network: Network = {}
rpc: RPC = {}
telemetry: Telemetry = {}
wss: WSS = {}
log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
log_targets: [str] = []
execution: "native" | "wasm" | "both" = "wasm"
wasm_execution: "compiled" | "interpreted" = "compiled"
state_cache_size: int = 67108864 # 64MB
db_cache: int = 1024 # MB
check:
len(run_user.name) > 0, "Check run_user name"
len(work_path) > 0, "Check work_path"
len(config_path) > 0, "Check config_path"
len(base_path) > 0, "Check base_path"
state_cache_size > 0, "state_cache_size must be positive"
db_cache > 0, "db_cache must be positive"
not (archive_mode and pruning.enabled), "Cannot enable both archive mode and pruning"

21
taskservs/infrastructure/polkadot/node/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for polkadot-node taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Polkadot node taskserv configuration
_version = schema.TaskservVersion {
name = "polkadot-node"
version = schema.Version {
current = "1.15.0"
source = "https://github.com/paritytech/polkadot/releases"
tags = "https://github.com/paritytech/polkadot/tags"
site = "https://polkadot.network"
# Pinned for node stability
check_latest = True
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

131
taskservs/infrastructure/polkadot/solochain/kcl/polkadot-solochain.k Normal file
View File

@ -0,0 +1,131 @@
# Info: KCL Polkadot Solochain task schemas for provisioning (Provisioning)
# Author: Provisioning System
# Release: 0.0.1
# Date: 2025-07-24
import regex
schema User:
"""
User settings for Polkadot solochain
"""
name: str
group: str = name
home?: str = "/home/${name}"
schema NetworkConfig:
"""
Network configuration for Polkadot solochain
"""
name: str = "local"
chain_id: str = "local_testnet"
node_key?: str
listen_addr: str = "/ip4/0.0.0.0/tcp/30333"
public_addr?: str
bootnodes: [str] = []
reserved_nodes: [str] = []
reserved_only: bool = False
max_peers: int = 50
schema Consensus:
"""
Consensus configuration
"""
algorithm: "aura" | "babe" = "aura"
finality: "grandpa" = "grandpa"
block_time: int = 6000 # milliseconds
epoch_duration: int = 600 # blocks for BABE
schema RPC:
"""
RPC configuration
"""
enabled: bool = True
bind_addr: str = "127.0.0.1"
port: int = 9944
ws_port: int = 9944
http_port: int = 9933
max_connections: int = 100
cors: [str] = ["all"]
methods: [str] = ["safe"]
schema Telemetry:
"""
Telemetry configuration
"""
enabled: bool = False
url?: str
verbosity: int = 0
schema Runtime:
"""
Runtime configuration including PVM support
"""
name: str = "solochain-template"
version: str = "1.0.0"
pvm_enabled: bool = True
wasm_execution: "compiled" | "interpreted" = "compiled"
heap_pages: int = 64
max_block_weight: int = 2000000000000 # Weight units
max_block_length: int = 5242880 # 5MB
pallets: [str] = [
"system",
"timestamp",
"aura",
"grandpa",
"balances",
"transaction_payment",
"sudo"
]
schema Validator:
"""
Validator configuration
"""
enabled: bool = False
key_type: "sr25519" | "ed25519" = "sr25519"
session_keys?: str
validator_id?: str
schema PolkadotSolochain:
"""
Polkadot solochain node configuration
"""
name: str = "polkadot-solochain"
version: str = "stable2024"
run_user: User = {
name = "polkadot"
}
work_path: str = "/var/lib/polkadot"
config_path: str = "/etc/polkadot"
bin_path: str = "/usr/local/bin"
node_binary: str = "solochain-template-node"
base_path: str = "/var/lib/polkadot/data"
keystore_path: str = "/var/lib/polkadot/keystore"
network: NetworkConfig = {}
consensus: Consensus = {}
rpc: RPC = {}
telemetry: Telemetry = {}
runtime: Runtime = {}
validator: Validator = {}
execution_strategy: "native" | "wasm" | "both" = "wasm"
wasm_runtime_overrides?: str
pruning: "archive" | int = 256
state_cache_size: int = 67108864 # 64MB
log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
log_targets: [str] = []
dev_mode: bool = False
alice_validator: bool = False if not dev_mode else True
check:
1 <= rpc.port <= 65535, "RPC port must be between 1 and 65535"
1 <= rpc.ws_port <= 65535, "WebSocket port must be between 1 and 65535"
1 <= rpc.http_port <= 65535, "HTTP port must be between 1 and 65535"
len(run_user.name) > 0, "Check run_user name"
len(work_path) > 0, "Check work_path"
len(config_path) > 0, "Check config_path"
len(base_path) > 0, "Check base_path"
network.max_peers > 0, "max_peers must be positive"
consensus.block_time > 0, "block_time must be positive"
runtime.heap_pages > 0, "heap_pages must be positive"
state_cache_size > 0, "state_cache_size must be positive"

21
taskservs/infrastructure/polkadot/solochain/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for polkadot-solochain taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Polkadot solochain taskserv configuration
_version = schema.TaskservVersion {
name = "polkadot-solochain"
version = schema.Version {
current = "1.15.0"
source = "https://github.com/paritytech/polkadot/releases"
tags = "https://github.com/paritytech/polkadot/tags"
site = "https://polkadot.network"
# Pinned for chain stability
check_latest = True
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

145
taskservs/infrastructure/polkadot/validator/kcl/polkadot-validator.k Normal file
View File

@ -0,0 +1,145 @@
# Info: KCL Polkadot Validator task schemas for provisioning (Provisioning)
# Author: Provisioning System
# Release: 0.0.1
# Date: 2025-07-24
import regex
schema User:
"""
User settings for Polkadot validator
"""
name: str
group: str = name
home?: str = "/home/${name}"
schema ValidatorAccount:
"""
Validator account configuration (Stash/Controller)
"""
stash_address?: str
controller_address?: str
reward_destination: "Staked" | "Stash" | "Controller" | "Account" = "Staked"
commission: int = 0 # Commission percentage (0-100)
check:
0 <= commission <= 100, "Commission must be between 0 and 100"
schema SessionKeys:
"""
Session keys configuration
"""
keys_file?: str = "/var/lib/polkadot/session-keys"
auto_rotate: bool = False
rotation_interval?: int = 86400 # seconds (24 hours)
babe_key?: str
grandpa_key?: str
im_online_key?: str
para_validator_key?: str
para_assignment_key?: str
authority_discovery_key?: str
check:
rotation_interval == Undefined or rotation_interval > 0, "Rotation interval must be positive"
schema Network:
"""
Network configuration for validator
"""
chain: "polkadot" | "kusama" | "westend" = "polkadot"
listen_addr: str = "/ip4/0.0.0.0/tcp/30333"
public_addr?: str
node_key_file?: str = "/var/lib/polkadot/node-key"
bootnodes: [str] = []
reserved_nodes: [str] = []
reserved_only: bool = False
max_peers: int = 50
max_peers_light: int = 100
check:
max_peers > 0, "max_peers must be positive"
max_peers_light > 0, "max_peers_light must be positive"
schema RPC:
"""
RPC configuration (restricted for validators)
"""
enabled: bool = True
bind_addr: str = "127.0.0.1" # Localhost only for security
port: int = 9944
ws_port: int = 9944
http_port: int = 9933
max_connections: int = 10 # Limited for validators
cors: [str] = [] # No CORS for validators
methods: [str] = ["safe"] # Only safe methods
check:
1 <= port <= 65535, "RPC port must be between 1 and 65535"
1 <= ws_port <= 65535, "WebSocket port must be between 1 and 65535"
1 <= http_port <= 65535, "HTTP port must be between 1 and 65535"
max_connections <= 50, "Validator RPC connections should be limited"
schema Monitoring:
"""
Monitoring configuration for validator
"""
enabled: bool = True
prometheus_port: int = 9615
prometheus_bind_addr: str = "127.0.0.1"
telemetry_enabled: bool = True
telemetry_url: str = "wss://telemetry.polkadot.io/submit/"
telemetry_verbosity: int = 0
check:
1 <= prometheus_port <= 65535, "Prometheus port must be between 1 and 65535"
0 <= telemetry_verbosity <= 9, "Telemetry verbosity must be between 0 and 9"
schema Security:
"""
Security configuration for validator
"""
enable_firewall: bool = True
allowed_ssh_ips: [str] = []
fail2ban_enabled: bool = True
auto_updates: bool = True
secure_keystore: bool = True
backup_keys: bool = True
backup_path?: str = "/var/backups/polkadot"
schema PolkadotValidator:
"""
Polkadot validator node configuration
"""
name: str = "polkadot-validator"
version: str = "latest"
run_user: User = {
name = "polkadot"
}
work_path: str = "/var/lib/polkadot"
config_path: str = "/etc/polkadot"
bin_path: str = "/usr/local/bin/polkadot"
base_path: str = "/var/lib/polkadot/data"
keystore_path: str = "/var/lib/polkadot/keystore"
validator_accounts: ValidatorAccount = {}
session_keys: SessionKeys = {}
network: Network = {}
rpc: RPC = {}
monitoring: Monitoring = {}
security: Security = {}
log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
log_targets: [str] = ["runtime::system"]
execution: "native" | "wasm" | "both" = "wasm"
wasm_execution: "compiled" | "interpreted" = "compiled"
state_cache_size: int = 134217728 # 128MB for validators
db_cache: int = 2048 # 2GB for validators
pruning: "archive" | int = 1000 # Keep more blocks for validators
unsafe_pruning: bool = False
check:
len(run_user.name) > 0, "Check run_user name"
len(work_path) > 0, "Check work_path"
len(config_path) > 0, "Check config_path"
len(base_path) > 0, "Check base_path"
state_cache_size > 0, "state_cache_size must be positive"
db_cache > 0, "db_cache must be positive"
not unsafe_pruning or pruning != "archive", "Cannot use unsafe pruning with archive mode"

21
taskservs/infrastructure/polkadot/validator/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for polkadot-validator taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Polkadot validator taskserv configuration
_version = schema.TaskservVersion {
name = "polkadot-validator"
version = schema.Version {
current = "1.15.0"
source = "https://github.com/paritytech/polkadot/releases"
tags = "https://github.com/paritytech/polkadot/tags"
site = "https://polkadot.network"
# Pinned for validator stability
check_latest = True
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

138
taskservs/infrastructure/polkadot/zombienet/kcl/polkadot-zombienet.k Normal file
View File

@ -0,0 +1,138 @@
# Info: KCL Polkadot Zombienet task schemas for provisioning (Provisioning)
# Author: Provisioning System
# Release: 0.0.1
# Date: 2025-07-24
import regex
schema User:
"""
User settings for Zombienet
"""
name: str
group: str = name
home?: str = "/home/${name}"
schema RelayChainNode:
"""
Relay chain node configuration
"""
name: str
image?: str = "parity/polkadot:latest"
command?: str = "polkadot"
args?: [str] = []
validator: bool = True
balance?: int = 1000000000000
check:
len(name) > 0, "Node name cannot be empty"
schema CollatorNode:
"""
Parachain collator node configuration
"""
name: str
image?: str = "parity/polkadot-parachain:latest"
command?: str = "polkadot-parachain"
args?: [str] = []
balance?: int = 1000000000000
check:
len(name) > 0, "Collator name cannot be empty"
schema Parachain:
"""
Parachain configuration
"""
id: int
chain?: str
balance?: int = 1000000
collators: [CollatorNode] = []
genesis_wasm?: str
genesis_state?: str
check:
1 <= id <= 4000, "Parachain ID must be between 1 and 4000"
len(collators) > 0, "At least one collator required"
schema RelayChain:
"""
Relay chain configuration
"""
chain: "rococo-local" | "westend-local" | "kusama-local" | "polkadot-local" = "rococo-local"
default_image?: str = "parity/polkadot:latest"
default_command?: str = "polkadot"
nodes: [RelayChainNode] = []
genesis?: str
runtime_genesis_patch?: str
check:
len(nodes) >= 2, "At least 2 relay chain nodes required"
schema Settings:
"""
Zombienet settings configuration
"""
timeout: int = 1000
node_spawn_timeout?: int = 300
provider: "native" | "kubernetes" | "podman" = "native"
enable_tracing?: bool = False
backchannel?: bool = True
check:
timeout > 0, "Timeout must be positive"
node_spawn_timeout == Undefined or node_spawn_timeout > 0, "Node spawn timeout must be positive"
schema KubernetesProvider:
"""
Kubernetes provider specific configuration
"""
namespace?: str = "zombienet"
monitoring?: bool = True
prometheus_prefix?: str = "substrate_"
schema PodmanProvider:
"""
Podman provider specific configuration
"""
monitoring?: bool = True
monitoring_port?: int = 9090
check:
monitoring_port == Undefined or (1 <= monitoring_port <= 65535), "Monitoring port must be between 1 and 65535"
schema NativeProvider:
"""
Native provider specific configuration
"""
monitoring?: bool = False
schema PolkadotZombienet:
"""
Polkadot Zombienet configuration
"""
name: str = "polkadot-zombienet"
version: str = "1.3.133"
run_user: User = {
name = "zombienet"
}
work_path: str = "/var/lib/zombienet"
config_path: str = "/etc/zombienet"
bin_path: str = "/usr/local/bin"
zombienet_binary: str = "zombienet"
networks_path: str = "/var/lib/zombienet/networks"
binaries_path: str = "/var/lib/zombienet/binaries"
logs_path: str = "/var/lib/zombienet/logs"
settings: Settings = {}
relaychain: RelayChain = {}
parachains: [Parachain] = []
kubernetes_config?: KubernetesProvider = {}
podman_config?: PodmanProvider = {}
native_config?: NativeProvider = {}
log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
check:
len(run_user.name) > 0, "Check run_user name"
len(work_path) > 0, "Check work_path"
len(config_path) > 0, "Check config_path"
len(relaychain.nodes) >= 2, "At least 2 relay chain nodes required"

21
taskservs/infrastructure/polkadot/zombienet/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for zombienet taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Zombienet testing taskserv configuration
_version = schema.TaskservVersion {
name = "zombienet"
version = schema.Version {
current = "1.3.119"
source = "https://github.com/paritytech/zombienet/releases"
tags = "https://github.com/paritytech/zombienet/tags"
site = "https://github.com/paritytech/zombienet"
check_latest = True # Can auto-update for testing tool
grace_period = 86400
}
dependencies = ["polkadot"]
}
# Output for dynamic cache system
_version

15
taskservs/infrastructure/provisioning/kcl/provisioning.k Normal file
View File

@ -0,0 +1,15 @@
# Info: KCL Provisioning task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 10-12-2023
schema Provisioning:
name: str = "provisioning"
provisioning_version: str
# where to intall
provisioning_root_path: str = "/usr/local"
provisioning_root_bin: str = "/usr/local/bin"
provisioning_run_mode: str = "mode-ui"
admin_user: str
admin_user_home: str = "/home/${admin_user}"

21
taskservs/infrastructure/provisioning/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for provisioning taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Provisioning tools taskserv configuration
_version = schema.TaskservVersion {
name = "provisioning"
version = schema.Version {
current = "2.0.0"
source = "https://github.com/provisioning-project/releases"
tags = "https://github.com/provisioning-project/tags"
site = "https://provisioning.local"
# Pinned for project stability
check_latest = True
grace_period = 86400
}
dependencies = ["nushell", "kcl", "sops", "age"]
}
# Output for dynamic cache system
_version

21
taskservs/infrastructure/webhook/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for webhook taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Webhook taskserv configuration
_version = schema.TaskservVersion {
name = "webhook"
version = schema.Version {
current = "latest"
source = "https://github.com/webhooksite/webhook.site/releases"
tags = "https://github.com/webhooksite/webhook.site/tags"
site = "https://webhook.site"
check_latest = True # Can auto-update for development tools
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

39
taskservs/infrastructure/webhook/kcl/webhook.k Normal file
View File

@ -0,0 +1,39 @@
# Info: KCL Webhook task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 10-12-2023
import regex
schema Webhook:
name: str = "webhook"
# https://github.com/adnanh/webhook/release
webhook_version: str
# config file for webhook in /etc/webhook
webhook_conf: str = "hooks.conf"
# IP to listen
webhook_ip: str = "$network_private_ip"
# Port to listen
webhook_port: int = 9000
# Path for logs
webhook_logs_path: str = "/var/log/webhooks.logs"
# User
webhook_user: str = "webhook"
webhook_group: str = "${webhook_user}"
webhook_home: str = "/home/${webhook_user}"
repo_username: str
# hostname for ssh/config
repo_hostname: str
# IMPORTANT: repo_ssh_key keys are copied form local to devops_admin (devadm)
# Has to be registered in repositiory (giteaa) to be used for git commands
# should not have passphrase, use private key name
repo_ssh_key: str
repo_ssh_port: int = 2022
# kloud path to clone repositories
provisioning_kloud: str
# default aws profie for env
aws_profile: str
check:
len(repo_hostname) > 0, "Check repo_hostname"
webhook_ip == Undefined or regex.match(webhook_ip,"^\$.*$") or regex.match(webhook_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'webhook_ip = ${webhook_ip}' check value definition (use $vaule or xx.xx.xx.xx)"

34
taskservs/kubernetes/k8s_nodejoin/kcl/k8s_nodejoin.k Normal file
View File

@ -0,0 +1,34 @@
# Info: KCL Kubeconfig task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 15-12-2023
#schema Kubernetes:
# name: str = "kubernetes"
# version: str
# major_version: str
# cmd_task: "install"| "update" | "remove" = "install"
schema K8sNodejoin:
name: str = "k8s-nodejoin"
cp_hostname: str
# Task to get kubernetes config file to set KUBECONFIG or .kunbe/config
cluster: str
#req_sudo: bool = True
# Path to copy file
target_path: str = "/tmp/k8s_join.sh"
# source file path
source_path: str = "/tmp/k8s_join.sh"
# host to admin service or where ${source_path} can be found
admin_host?: str
# Cluster services admin hosts port to connect via SSH
admin_port?: int
# Cluster services admin user connect via SSH
admin_user?: str
ssh_key_path?: str
source_cmd: str = "kubeadm token create --print-join-command > ${source_path}"
target_cmd: str = "sudo bash ${target_path}"
check:
len(cluster) > 0, "Check cluster value"
len(cp_hostname) > 0, "Check cp_hostname value"

21
taskservs/kubernetes/k8s_nodejoin/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for k8s-nodejoin taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Kubernetes node join taskserv configuration
_version = schema.TaskservVersion {
name = "k8s-nodejoin"
version = schema.Version {
current = "1.31.0"
source = "https://github.com/kubernetes/kubernetes/releases"
tags = "https://github.com/kubernetes/kubernetes/tags"
site = "https://kubernetes.io"
check_latest = False # Pinned to match kubernetes version
grace_period = 86400
}
dependencies = ["kubernetes"]
}
# Output for dynamic cache system
_version

97
taskservs/kubernetes/kcl/dependencies.k Normal file
View File

@ -0,0 +1,97 @@
# KCL Dependency configuration for kubernetes taskserv
# Defines comprehensive dependency, resource, and health requirements
import provisioning.dependencies as schema
# Kubernetes taskserv dependency configuration
_dependencies = schema.TaskservDependencies {
name = "kubernetes"
# Critical dependencies - must be installed first
requires = ["containerd", "etcd", "os"]
# Optional enhancements - install if available
optional = ["coredns", "cilium", "proxy"]
# Cannot coexist with alternative container runtimes
conflicts = ["docker", "podman", "crio"]
# Services provided by this taskserv
provides = ["k8s-api", "kubelet", "kubectl", "kube-scheduler", "kube-controller-manager"]
# Resource requirements for Kubernetes installation
resources = schema.ResourceRequirement {
cpu = "2000m" # 2 CPU cores minimum
memory = "2Gi" # 2GB RAM minimum
disk = "20Gi" # 20GB for etcd, logs, images
network = True # Requires network for cluster communication
privileged = True # Needs privileged access for system integration
}
# Health checks for Kubernetes components
health_checks = [
schema.HealthCheck {
command = "kubectl cluster-info"
interval = 60
timeout = 15
retries = 3
success_threshold = 2
failure_threshold = 3
},
schema.HealthCheck {
command = "systemctl is-active kubelet"
interval = 30
timeout = 5
retries = 2
}
]
# Readiness probe for installation completion
readiness_probe = schema.HealthCheck {
command = "kubectl get nodes --no-headers | grep -q Ready"
interval = 30
timeout = 10
retries = 10
success_threshold = 3
}
# Installation phases for ordered deployment
phases = [
schema.InstallationPhase {
name = "pre-install"
order = 1
parallel = False
required = True
},
schema.InstallationPhase {
name = "install"
order = 2
parallel = False
required = True
},
schema.InstallationPhase {
name = "post-install"
order = 3
parallel = True
required = True
},
schema.InstallationPhase {
name = "validate"
order = 4
parallel = False
required = True
}
]
# Installation control
timeout = 1200 # 20 minutes for full cluster setup
retry_count = 3
# Platform compatibility
os_support = ["linux"]
arch_support = ["amd64", "arm64"]
k8s_versions = ["1.31.0", "1.30.x", "1.29.x"]
}
# Output for dynamic dependency resolution
_dependencies

81
taskservs/kubernetes/kcl/kubernetes.k Normal file
View File

@ -0,0 +1,81 @@
# Info: KCL Kubernetes task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 10-12-2023
import regex
schema ETCD_endpoint:
prot: "http"| "https" = "https"
name?: str
addr?: str
port: int = 2379
check:
addr == Undefined or regex.match(addr,"^\$.*$") or regex.match(addr, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'addr = ${addr}' check value definition (use $vaule or xx.xx.xx.xx)"
schema Kubernetes:
name: str = "kubernetes"
version: str
major_version: str
cri: "crio" | "containerd" = "crio"
runtime_default: "crun" | "runc" | "youki" = "crun"
runtimes: str = "crun,runc"
cni: "cilium" | "calico" = "cilium"
cni_version: str = ""
bind_port: int = 6443
timeout_cp: str = "4m0s"
certs_dir: str = "/etc/kubernetes/pki"
auth_mode: str = "Node,RBAC"
taints_effect: "PreferNoSchedule" = "PreferNoSchedule"
pull_policy: "IfNotPresent" = "IfNotPresent"
# Kubernetes addons separated with commans
addons: str
tpl: str = "kubeadm-config.yaml.j2"
repo: str = "registry.k8s.io"
dns_domain: str = "cluster.local"
pod_net: str = "10.244.0.0/16"
service_net: str = "10.96.0.0/12"
cert_sans: [str] = [ "$hostname", "$cluster_name", "127.0.0.1" ]
# External IPs separated with commans for ingress
external_ips: [str]
# Cluster name
cluster_name: str
hostname: str
# ControlPanel IP
cp_ip?: str
cp_name: str
# If HOSTNAME == K8S_MASTER it will be MASTER_0
# othewise set HOSTNAME value to be resolved in same K8S_MASTER network
# By using -cp- as part of HOSTNAME will be consider node as controlpanel
# Other options: -wk-0 or -wkr-0 for worker nodes
ip: str
# K8s cluster role: controlpnlane or worker
mode: "controlplane" | "worker"
# K8s command task
cmd_task: "install" | "update" | "remove" | "reinstall" = "install"
admin_user: str
target_path: str
taint_node: bool = True
etcd_mode: "" | "external" = ""
etcd_prefix: str = ""
etcd_endpoints: [ETCD_endpoint] = []
etcd_ca_path: str = "/etc/kubernetes/pki/etcd/ca.crt"
etcd_cert_path: str = "/etc/kubernetes/pki/etcd/server.crt"
etcd_key_path: str = "/etc/kubernetes/pki/etcd/server.key"
etcd_cluster_name: str = ""
etcd_peers: str = ""
# etcd certs path
prov_etcd_path: str = "etcdcerts"
# install etcd certs path
etcd_certs_path: str = "etcd_certs"
# LOG path for kubeadm
install_log_path: str = "/tmp/k8s.log"
# Work path for config generated file
work_path: str = "$cluster_name"
check:
cp_ip == Undefined or regex.match(cp_ip,"^\$.*$") or regex.match(cp_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'cp_ip = ${cp_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
regex.match(pod_net,"^\$.*$") or regex.match(pod_net, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'pod_net = ${pod_net}' check value definition"
regex.match(service_net,"^\$.*$") or regex.match(service_net, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'service_net = ${service_net}' check value definition"

21
taskservs/kubernetes/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for kubernetes taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Kubernetes taskserv configuration
_version = schema.TaskservVersion {
name = "kubernetes"
version = schema.Version {
current = "1.31.0"
source = "https://github.com/kubernetes/kubernetes/releases"
tags = "https://github.com/kubernetes/kubernetes/tags"
site = "https://kubernetes.io"
# Pinned for production stability
check_latest = True
grace_period = 86400
}
dependencies = ["containerd", "etcd", "coredns"]
}
# Output for dynamic cache system
_version

24
taskservs/kubernetes/kubeconfig/kcl/kubeconfig.k Normal file
View File

@ -0,0 +1,24 @@
# Info: KCL Kubeconfig task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 15-12-2023
schema Kubeconfig:
# Task to get kubernetes config file to set KUBECONFIG or .kunbe/config
cluster: str
# To get path sudo is required
req_sudo: bool = True
# Path to copy file
target_path: str = "HOME/.kube/config"
# source file path
source_path: str = "/etc/kubernetes/admin.conf"
# host to admin service or where ${source_path} can be found
admin_host?: str
# Cluster services admin hosts port to connect via SSH
admin_port?: int
# Cluster services admin user connect via SSH
admin_user?: str
ssh_key_path?: str
check:
len(cluster) > 0, "Check cluster value"

21
taskservs/kubernetes/kubeconfig/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for kubeconfig taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Kubeconfig management taskserv configuration
_version = schema.TaskservVersion {
name = "kubeconfig"
version = schema.Version {
current = "1.31.0"
source = "https://github.com/kubernetes/kubernetes/releases"
tags = "https://github.com/kubernetes/kubernetes/tags"
site = "https://kubernetes.io"
check_latest = False # Pinned to match kubernetes version
grace_period = 86400
}
dependencies = ["kubernetes"]
}
# Output for dynamic cache system
_version

10
taskservs/kubernetes/kubectl/kcl/kubernetes.k Normal file
View File

@ -0,0 +1,10 @@
# Info: KCL Kubernetes task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 15-12-2023
schema Kubernetes:
name: str = "kubernetes"
version: str
major_version: str
cmd_task: "install"| "update" | "remove" = "install"

21
taskservs/kubernetes/kubectl/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for kubectl taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Kubectl CLI taskserv configuration
_version = schema.TaskservVersion {
name = "kubectl"
version = schema.Version {
current = "1.31.0"
source = "https://github.com/kubernetes/kubernetes/releases"
tags = "https://github.com/kubernetes/kubernetes/tags"
site = "https://kubernetes.io"
check_latest = False # Pinned to match kubernetes version
grace_period = 86400
}
dependencies = ["kubernetes"]
}
# Output for dynamic cache system
_version

9
taskservs/networking/cilium/kcl/cilium.k Normal file
View File

@ -0,0 +1,9 @@
# Info: Cilium Runc schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.1
# Date: 30-06-2024
schema Cilium:
name: str = "cilium"
version: str

103
taskservs/networking/cilium/kcl/dependencies.k Normal file
View File

@ -0,0 +1,103 @@
# KCL Dependency configuration for cilium taskserv
# Defines comprehensive dependency, resource, and health requirements
import provisioning.dependencies as schema
# Cilium taskserv dependency configuration
_dependencies = schema.TaskservDependencies {
name = "cilium"
# Critical dependencies - must be installed first
requires = ["kubernetes", "containerd"]
# Optional enhancements - install if available
optional = ["coredns", "proxy"]
# Cannot coexist with other CNI solutions
conflicts = ["calico", "flannel", "weave"]
# Services provided by this taskserv
provides = ["cni", "network-policy", "load-balancer", "service-mesh", "hubble-ui"]
# Resource requirements for Cilium installation
resources = schema.ResourceRequirement {
cpu = "500m" # 500m CPU for network processing
memory = "512Mi" # 512MB RAM for network state
disk = "2Gi" # 2GB for logs and network data
network = True # Core network functionality
privileged = True # Needs privileged access for network operations
}
# Health checks for Cilium components
health_checks = [
schema.HealthCheck {
command = "kubectl get pods -n kube-system -l k8s-app=cilium | grep -v Running | wc -l | grep -q '^0$'"
interval = 60
timeout = 15
retries = 3
success_threshold = 2
failure_threshold = 3
},
schema.HealthCheck {
command = "kubectl exec -n kube-system ds/cilium -- cilium status | grep -q 'OK'"
interval = 120
timeout = 20
retries = 3
},
schema.HealthCheck {
command = "kubectl get ciliumnodeconfig -A | wc -l | grep -v '^0$'"
interval = 180
timeout = 10
retries = 2
}
]
# Readiness probe for installation completion
readiness_probe = schema.HealthCheck {
command = "kubectl get nodes -o jsonpath='{.items[*].status.conditions[?(@.type==\"Ready\")].status}' | grep -v True | wc -l | grep -q '^0$'"
interval = 30
timeout = 10
retries = 8
success_threshold = 3
}
# Installation phases for ordered deployment
phases = [
schema.InstallationPhase {
name = "pre-install"
order = 1
parallel = False
required = True
},
schema.InstallationPhase {
name = "install"
order = 2
parallel = False
required = True
},
schema.InstallationPhase {
name = "post-install"
order = 3
parallel = True
required = True
},
schema.InstallationPhase {
name = "validate"
order = 4
parallel = False
required = True
}
]
# Installation control
timeout = 600 # 10 minutes for CNI setup
retry_count = 3
# Platform compatibility
os_support = ["linux"]
arch_support = ["amd64", "arm64"]
k8s_versions = ["1.31.x", "1.30.x", "1.29.x", "1.28.x"]
}
# Output for dynamic dependency resolution
_dependencies

15
taskservs/networking/cilium/kcl/version.k Normal file
View File

@ -0,0 +1,15 @@
import taskservs.version as schema
_version = schema.TaskservVersion {
name = "cilium"
version = schema.Version {
current = "1.16.5"
source = "https://github.com/cilium/cilium/releases"
tags = "https://github.com/cilium/cilium/tags"
site = "https://cilium.io"
# Pinned for production stability
check_latest = True
grace_period = 86400
}
}
_version

57
taskservs/networking/coredns/kcl/coredns.k Normal file
View File

@ -0,0 +1,57 @@
# Info: KCL CoreDNS task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 29-12-2023
import regex
schema CoreDNSForward:
source: str = "."
forward_ip?: str
check:
forward_ip == Undefined or regex.match(forward_ip,"^\$.*$") or regex.match(forward_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'network_private_ip = ${forward_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
schema CoreDNSRecord:
name: str
ttl: int = 300
rectype: "A" | "AAAA" | "CNAME" | "MX" | "TXT" | "NS" | "SOA" | "SRV" | "PTR"
server_pos?: int
source?: str
target_ip?: str
# use for SRV like: "0 0 2380" (priority weight port)
# user for MX like: "300 ip-or-FQND" (priority target)
# user for TXT or CNAME with target content
value?: str
comment?: str
etcd_dns_ttl: int = 300
etcd_peer_port: int = 2380
etcd_cli_port: int = 2379
check:
target_ip == Undefined or regex.match(target_ip,"^\$.*$") or regex.match(target_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'target_ip = ${target_ip}' check value definition (use $value or xx.xx.xx.xx)"
schema NameServer:
ns_ip: str
check:
ns_ip == Undefined or regex.match(ns_ip,"^\$.*$") or regex.match(ns_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'ns_ip = ${ns_ip}' check value definition (use $value or xx.xx.xx.xx)"
schema CoreDNSEntry:
domain: str
port: int = 53
file?: str
records?: [CoreDNSRecord]
forward?: CoreDNSForward
use_log: bool = True
use_errors: bool = True
use_cache: bool = True
etcd_cluster_name: str = ""
schema COREDNS:
version: str
name: str
hostname: str
etc_corefile: str = "/etc/coredns/Corefile"
nameservers: [NameServer]
domains_search: str = ""
entries: [ CoreDNSEntry ]

20
taskservs/networking/coredns/kcl/version.k Normal file
View File

@ -0,0 +1,20 @@
# KCL Version configuration for coredns taskserv
# Uses proper TaskservVersion schema for type safety
#
import taskservs.version as schema
# CoreDNS taskserv configuration
_version = schema.TaskservVersion {
name = "coredns"
version = schema.Version {
current = "1.11.4"
source = "https://github.com/coredns/coredns/releases"
tags = "https://github.com/coredns/coredns/tags"
site = "https://coredns.io"
# Pinned for production stability
check_latest = True
grace_period = 86400
}
dependencies = ["kubernetes"]
}
_version

57
taskservs/networking/etcd/kcl/etcd.k Normal file
View File

@ -0,0 +1,57 @@
# Info: KCL ETCD task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 29-12-2023
import regex
schema ETCD:
version: str
name: str = "etcd"
etcd_name: str = "$hostname"
# how to generate ssl certificates
ssl_mode: "cfssl"| "openssl" = "openssl"
# It seems only RSA works (dic-2023)
ssl_sign: "ECC" | "RSA" = "RSA"
ca_sign: "ECC" | "RSA" = "RSA"
ssl_curve: "" | "secp384r1" | "secp256k1" | "secp521r1" | "prime256v1" = "prime256v1"
long_sign: 2048 | 4096 = 4096
cipher: "" | "-aes256" = ""
ca_sign_days: int = 1460
sign_days: int = 730
sign_sha: 256 | 384 | 512 = 256
sign_pass: str = ""
etcd_protocol: "https"| "http" = "https"
source_url: "google" | "github" = "github"
cluster_name: str
hostname: str
cn: str
c: str
data_dir: str = "/var/lib/etcd"
conf_path: str = "/etc/etcd/config.yaml"
log_level: "warn" | "error" = "warn"
log_out: "stdout" | "stderr" = "stderr"
discover_url: str = ""
cli_ip: str
cli_port: int = 2379
peer_ip: str
peer_port: int = 2380
cluster_list: str
token: str
certs_path: str = "/etc/ssl/etcd"
prov_path: str = "etcdcerts"
listen_peers: str = ""
adv_listen_peers: str = ""
initial_peers: str = ""
listen_clients: str = ""
adv_listen_clients: str = ""
use_localhost: bool = False
dns_domain_path: str = ""
domain_name: str = ""
discovery_srv: str = ""
use_dns: bool = True
#check:
# cli_ip == Undefined or regex.match(cli_ip,"^\$.*$") or regex.match(cli_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'cp_ip = ${cp_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
# peer_ip == Undefined or regex.match(peer_ip,"^\$.*$") or regex.match(peer_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'cp_ip = ${cp_ip}' check value definition (use $vaule or xx.xx.xx.xx)"

22
taskservs/networking/etcd/kcl/version.k Normal file
View File

@ -0,0 +1,22 @@
# KCL Version configuration for etcd taskserv
# Simple format without imports for now
#
import taskservs.version as schema
# Etcd taskserv configuration
_version = schema.TaskservVersion {
name = "etcd"
version = schema.Version {
current = "3.5.16"
source = "https://github.com/etcd-io/etcd/releases"
tags = "https://github.com/etcd-io/etcd/tags"
site = "https://etcd.io"
# Pinned for production stability
check_latest = True
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

25
taskservs/networking/ip_aliases/kcl/ip_aliases.k Normal file
View File

@ -0,0 +1,25 @@
# Info: KCL IP alias task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 4-08-2024
import regex
schema IPalias:
setup_mode: "system" | "alias" = "alias"
address: str
hostname: str = ""
main_hostname: bool = False
interface: str
dev_interface: str
netmask: str = "255.255.255.0"
nameservers: str = ""
search: str = ""
check:
address == Undefined or regex.match(address,"^\$.*$") or regex.match(address,"^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'address = ${address}' check value definition (use $vaule or xx.xx.xx.xx)"
netmask == Undefined or regex.match(netmask,"^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'netmask = ${netmask}' check value definition (use $vaule or xx.xx.xx.xx)"
schema IPaliases:
name: str = "IPaliases"
aliases: [IPalias]

21
taskservs/networking/ip_aliases/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for crun taskserv
# Uses proper TaskservVersion schema for type safety
import taskservs.version as schema
# Crun taskserv configuration
_version = schema.TaskservVersion {
name = "ip-aliases"
version = schema.Version {
current = "latest"
source = ""
tags = ""
site = ""
# Auto-update for container runtime
check_latest = False
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

47
taskservs/networking/proxy/kcl/proxy.k Normal file
View File

@ -0,0 +1,47 @@
# Info: KCL Proxy task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 10-12-2023
import regex
schema ProxyBackend:
"""
ProxyBackend
"""
name: str = "be_repo"
ssl_sni: str = "localrepo.cloudnative.zone"
mode: "http"| "tcp" = "tcp"
balance: str = "roundrobin"
option: str
server_name: str
server_host_ip: str
server_port: int
server_ops: str = "check fall 3 rise 2"
check:
regex.match(server_host_ip,"^\$.*$") or regex.match(server_host_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'server_hosts_ip = ${server_host_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
schema IPBind:
"""
IP bind settings for https
"""
ip: str
port: int
check:
regex.match(ip,"^\$.*$") or regex.match(ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'ip = ${ip}' check value definition (use $vaule or xx.xx.xx.xx)"
schema Proxy:
"""
Proxy settings
"""
proxy_version: str
proxy_lib: str = "/var/lib/haproxy"
proxy_cfg_file: str = "haproxy.cfg"
run_user: str = "haproxy"
run_group: str = "haproxy"
run_user_home: str = "/home/${run_user}"
https_in_binds: [ IPBind ]
https_options: [ str ] = [ "tcplog", "dontlognull" ]
https_log_format: str = "%H %ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"
backends: [ ProxyBackend ]

19
taskservs/networking/proxy/kcl/version.k Normal file
View File

@ -0,0 +1,19 @@
# KCL Version configuration for proxy taskserv
# Uses proper TaskservVersion schema for type safety
import taskservs.version as schema
# Proxy taskserv configuration
_version = schema.TaskservVersion {
name = "proxy"
version = schema.Version {
current = "latest"
site = "Internal provisioning component"
# Internal component, no upstream
check_latest = False
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

16
taskservs/networking/resolv/kcl/resolv.k Normal file
View File

@ -0,0 +1,16 @@
# Info: KCL Resolv task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 31-12-2023
import regex
schema NameServer:
ns_ip: str
check:
ns_ip == Undefined or regex.match(ns_ip,"^\$.*$") or regex.match(ns_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'ns_ip = ${ns_ip}' check value definition (use $value or xx.xx.xx.xx)"
schema Resolv:
name: str = "resolv"
nameservers: [NameServer]
domains_search: str = ""

21
taskservs/networking/resolv/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for resolv taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Resolv (DNS resolution) taskserv configuration
_version = schema.TaskservVersion {
name = "resolv"
version = schema.Version {
current = "1.0.0"
source = ""
tags = ""
site = ""
check_latest = False # System component
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

18
taskservs/storage/external_nfs/kcl/external_nfs.k Normal file
View File

@ -0,0 +1,18 @@
# Info: KCL ExternalNFS task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 10-12-2023
import regex
schema ExternalNFS:
# NFS server IP
ip: str = "$network_private_ip"
# NFS net to share
net: str = "$net"
# NFS share path
shared: str = "/shared"
check:
regex.match(ip,"^\$.*$") or regex.match(ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'ip = ${ip}' check value definition (use $vaule or xx.xx.xx.xx)"
regex.match(net,"^\$.*$") or regex.match(net, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'net = ${net}' check value definition"

21
taskservs/storage/external_nfs/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for crun taskserv
# Uses proper TaskservVersion schema for type safety
import taskservs.version as schema
# Crun taskserv configuration
_version = schema.TaskservVersion {
name = "crun"
version = schema.Version {
current = "latest"
source = ""
tags = ""
site = ""
# Auto-update for container runtime
check_latest = False
grace_period = 86400
}
dependencies = []
}
# Output for dynamic cache system
_version

9
taskservs/storage/mayastor/kcl/mayastor.k Normal file
View File

@ -0,0 +1,9 @@
# Info: KCL MAYASTOR task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 15-12-2023
schema Mayastor:
name: str = "mayastor"
nr_hugepages: int = 1024

21
taskservs/storage/mayastor/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for mayastor taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Mayastor storage taskserv configuration
_version = schema.TaskservVersion {
name = "mayastor"
version = schema.Version {
current = "2.6.1"
source = "https://github.com/openebs/mayastor/releases"
tags = "https://github.com/openebs/mayastor/tags"
site = "https://openebs.io/docs/concepts/mayastor"
# Pinned for storage stability
check_latest = True
grace_period = 86400
}
dependencies = ["kubernetes"]
}
# Output for dynamic cache system
_version

104
taskservs/storage/oci_reg/kcl/oci-reg.k Normal file
View File

@ -0,0 +1,104 @@
# Info: KCL OCIReg task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 11-01-2024
import regex
schema OCIRegStorageDriver:
name: str
rootdirectory: str
region: str
bucket: str
secure: bool = True
regionendpoint: str
accesskey: str
secretkey: str
skipverify: bool = False
schema OCIRegTLS:
cert: str = "/etc/zot/ssl/fullchain.pem"
key: str ="/etc/zot/ssl/privkey.pem"
schema OCIRegHtpasswd:
path: str = "/etc/zot/htpasswd"
schema OCIRegAuth:
htpasswd?: OCIRegHtpasswd
failDelay: int = 5
schema OCIRegHTTP:
address: str = "0.0.0.0"
port: int = 5000
realm: str = "zot"
tls?: OCIRegTLS
auth?: OCIRegAuth
check:
address == Undefined or regex.match(address,"^\$.*$") or regex.match(address,"^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'address = ${address}' check value definition (use $vaule or xx.xx.xx.xx)"
schema OCIRegLog:
level: str = "debug"
output: str = "/var/log/zot/zot.log"
audit: str = "/var/log/zot/zot-audit.log"
schema OCIRegRegistry:
urls: [str]
onDemand: bool = True
maxRetries?: int
retryDelay?: str # "5m"
pollInterval?: str # "6h"
schema OCIRegCVE:
updateInterval: str = "24h"
schema OCIRegExtUI:
enable: bool = True
schema OCIRegExtSearch:
enable: bool = True
cve: OCIRegCVE = { updateInterval = "24h"}
schema OCIRegExtSync:
enable: bool = True
registries?: [OCIRegRegistry]
schema OCIRegExtScrub:
enable: bool = True
interval: str = "24h"
schema OCIRegStorage:
rootDirectory: str
dedupe: bool = True
gc?: bool
gcDelay?: str # "1h"
gcInterval?: str # "6h"
remoteCache?: bool = False
storageDriver?: OCIRegStorageDriver
schema OCIRegExtensions:
ui?: OCIRegExtUI
search?: OCIRegExtSearch
sync?: OCIRegExtSync
scrub?: OCIRegExtScrub
schema OCIRegConfig:
distSpecVersion: str = "1.0.1"
storage: OCIRegStorage
http?: OCIRegHTTP
log?: OCIRegLog
extensions?: OCIRegExtensions
schema OCIReg:
version: str
name: str
oci_data: str = "/data/zot"
oci_etc: str = "/etc/zot"
oci_log: str = "/var/log/zot"
oci_user: str = "zot"
oci_user_group: str = "zot"
oci_cmds: str = "zot zli"
oci_memory_high: int = 30
oci_memory_max: int =32
oci_bin_path: str = "/usr/local/bin"
copy_paths: [str]
config: OCIRegConfig

16
taskservs/storage/oci_reg/kcl/version.k Normal file
View File

@ -0,0 +1,16 @@
import taskservs.version as schema
# Containerd taskserv configuration
_version = schema.TaskservVersion {
name = "oci_reg"
version = schema.Version {
current = "v2.1.8"
source = "https://github.com/distribution/distribution/releases"
tags = "https://github.com/distribution/distribution/tags"
site = "https://distribution.github.io/distribution/"
# Auto-update for registry
check_latest = True
grace_period = 86400
}
}
_version

103
taskservs/storage/rook_ceph/kcl/dependencies.k Normal file
View File

@ -0,0 +1,103 @@
# KCL Dependency configuration for rook-ceph taskserv
# Defines comprehensive dependency, resource, and health requirements
import provisioning.dependencies as schema
# Rook-Ceph taskserv dependency configuration
_dependencies = schema.TaskservDependencies {
name = "rook-ceph"
# Critical dependencies - must be installed first
requires = ["kubernetes", "containerd"]
# Optional enhancements - install if available
optional = ["cilium", "coredns"]
# Cannot coexist with other storage solutions
conflicts = ["external-nfs", "mayastor"]
# Services provided by this taskserv
provides = ["ceph-storage", "block-storage", "file-storage", "object-storage", "storage-class"]
# Resource requirements for Rook-Ceph installation
resources = schema.ResourceRequirement {
cpu = "1000m" # 1 CPU core for Ceph daemons
memory = "2Gi" # 2GB RAM minimum for Ceph operations
disk = "50Gi" # 50GB minimum for Ceph storage
network = True # Requires network for cluster replication
privileged = True # Needs privileged access for storage operations
}
# Health checks for Rook-Ceph components
health_checks = [
schema.HealthCheck {
command = "kubectl get cephcluster -n rook-ceph -o jsonpath='{.items[0].status.phase}' | grep -q Ready"
interval = 120
timeout = 30
retries = 5
success_threshold = 2
failure_threshold = 3
},
schema.HealthCheck {
command = "kubectl get pods -n rook-ceph | grep -E 'rook-ceph-mon|rook-ceph-mgr|rook-ceph-osd' | grep -v Running | wc -l | grep -q '^0$'"
interval = 60
timeout = 15
retries = 3
},
schema.HealthCheck {
command = "kubectl exec -n rook-ceph deployment/rook-ceph-tools -- ceph status | grep -q 'HEALTH_OK'"
interval = 180
timeout = 30
retries = 3
}
]
# Readiness probe for installation completion
readiness_probe = schema.HealthCheck {
command = "kubectl get storageclass rook-ceph-block -o jsonpath='{.metadata.name}' | grep -q rook-ceph-block"
interval = 60
timeout = 15
retries = 10
success_threshold = 3
}
# Installation phases for ordered deployment
phases = [
schema.InstallationPhase {
name = "pre-install"
order = 1
parallel = False
required = True
},
schema.InstallationPhase {
name = "install"
order = 2
parallel = False
required = True
},
schema.InstallationPhase {
name = "post-install"
order = 3
parallel = True
required = True
},
schema.InstallationPhase {
name = "validate"
order = 4
parallel = False
required = True
}
]
# Installation control - Ceph deployment takes longer
timeout = 1800 # 30 minutes for full Ceph cluster setup
retry_count = 2 # Fewer retries due to complexity
# Platform compatibility
os_support = ["linux"]
arch_support = ["amd64", "arm64"]
k8s_versions = ["1.31.x", "1.30.x", "1.29.x", "1.28.x"]
}
# Output for dynamic dependency resolution
_dependencies

22
taskservs/storage/rook_ceph/kcl/rook_ceph.k Normal file
View File

@ -0,0 +1,22 @@
# Info: KCL Rook-Ceph task schemas for provisioning (Provisioning)
# Author: JesusPerezLorenzo
# Release: 0.0.4
# Date: 19-04-2024
schema RookCephNode:
name: str
devices: [str] = []
schema RookCeph:
name: str = "rook-ceph"
namespace: str = "rook-ceph"
clustername: str = "rook-ceph"
ceph_image: str = "quay.io/ceph/ceph:v18.2.4"
rookCeph_image: str = "rook/ceph:master"
dataDirHostPath: str = "/var/lib/rook"
object_user: str = "dao-user"
object_storename: str = "dao-rook"
object_displayname: str = "rook-dao-rook"
storage_fsName: str = "daofs"
storage_pool: str = "daofs-replicated"
nodes: [RookCephNode] = []

21
taskservs/storage/rook_ceph/kcl/version.k Normal file
View File

@ -0,0 +1,21 @@
# KCL Version configuration for rook-ceph taskserv
# Uses proper import from centralized schema definitions
import taskservs.version as schema
# Rook-Ceph storage taskserv configuration
_version = schema.TaskservVersion {
name = "rook-ceph"
version = schema.Version {
current = "1.15.5"
source = "https://github.com/rook/rook/releases"
tags = "https://github.com/rook/rook/tags"
site = "https://rook.io"
# Pinned for storage stability
check_latest = True
grace_period = 86400
}
dependencies = ["kubernetes"]
}
# Output for dynamic cache system
_version

9
taskservs/version.k Normal file
View File

@ -0,0 +1,9 @@
# KCL Version Schema Re-export for Taskservs
# Re-exports schemas from main kcl/version.k for use in taskserv definitions
import provisioning.version as v
# Re-export schemas for taskserv use
Version = v.Version
TaskservVersion = v.TaskservVersion
VersionCache = v.VersionCache