diff --git a/beelocal.sh b/beelocal.sh index ce42b9b..917bdcb 100755 --- a/beelocal.sh +++ b/beelocal.sh @@ -38,6 +38,7 @@ declare -x SETUP_CONTRACT_IMAGE_TAG=${SETUP_CONTRACT_IMAGE_TAG:-latest} declare -x NAMESPACE=${NAMESPACE:-local} declare -x BEEKEEPER_CLUSTER=${BEEKEEPER_CLUSTER:-local} declare -x P2P_WSS_ENABLE=${P2P_WSS_ENABLE:-false} +declare -x BEE_AUTOTLS_FIRST_NODE_INSTANCE=${BEE_AUTOTLS_FIRST_NODE_INSTANCE:-bee-autotls-0} declare -x PEBBLE_IMAGE_TAG=${PEBBLE_IMAGE_TAG:-2.9.0} declare -x P2P_FORGE_IMAGE_TAG=${P2P_FORGE_IMAGE_TAG:-v0.7.0} declare -x PEBBLE_CERTIFICATE_VALIDITY_PERIOD=${PEBBLE_CERTIFICATE_VALIDITY_PERIOD:-300} @@ -350,6 +351,25 @@ ${LOCAL_TEST_BLOCK}" echo "Pebble and p2p-forge deployed successfully..." } +deploy-bee-autotls-wss-expose() { + if [[ "${P2P_WSS_ENABLE}" != "true" ]]; then + return 0 + fi + echo "exposing bee-autotls-0 WSS for TLS verification from host..." + if [[ -z $BEE_CONFIG ]]; then + config + fi + if [[ -f "${BEE_CONFIG}"/bee-autotls-wss-expose.yaml ]] && grep -q "^apiVersion:" "${BEE_CONFIG}"/bee-autotls-wss-expose.yaml 2>/dev/null; then + envsubst '${NAMESPACE},${BEE_AUTOTLS_FIRST_NODE_INSTANCE}' < "${BEE_CONFIG}"/bee-autotls-wss-expose.yaml | kubectl apply -f - + elif [[ -f config/bee-autotls-wss-expose.yaml ]]; then + envsubst '${NAMESPACE},${BEE_AUTOTLS_FIRST_NODE_INSTANCE}' < config/bee-autotls-wss-expose.yaml | kubectl apply -f - + else + echo "bee-autotls-wss-expose.yaml not found, skipping..." + return 0 + fi + echo "bee-autotls-0 WSS exposed on NodePort 31635..." +} + stop() { if [[ -n $CI ]]; then echo "action not supported for CI" @@ -431,7 +451,7 @@ for OPT in $OPTS; do fi done -ACTIONS=(build check destroy geth install k8s-local uninstall start stop run prepare add-hosts del-hosts) +ACTIONS=(build check destroy geth install k8s-local uninstall start stop run prepare add-hosts del-hosts deploy-p2p-wss deploy-bee-autotls-wss-expose) if [[ " ${ACTIONS[*]} " == *"$ACTION"* ]]; then if [[ $ACTION == "run" ]]; then check @@ -443,6 +463,7 @@ if [[ " ${ACTIONS[*]} " == *"$ACTION"* ]]; then fi deploy-p2p-wss install + deploy-bee-autotls-wss-expose elif [[ $ACTION == "prepare" ]]; then check add-hosts @@ -454,6 +475,7 @@ if [[ " ${ACTIONS[*]} " == *"$ACTION"* ]]; then build fi deploy-p2p-wss + deploy-bee-autotls-wss-expose else $ACTION fi diff --git a/config/bee-autotls-wss-expose.yaml b/config/bee-autotls-wss-expose.yaml new file mode 100644 index 0000000..5547ce4 --- /dev/null +++ b/config/bee-autotls-wss-expose.yaml @@ -0,0 +1,21 @@ +# Exposes the first autotls node's WSS port (1635) as NodePort 31635 +# so beekeeper can verify TLS from the host when forge-tls-host-address is set. +# BEE_AUTOTLS_FIRST_NODE_INSTANCE must match the first node's instance label (e.g. bee-autotls-0). +apiVersion: v1 +kind: Service +metadata: + name: ${BEE_AUTOTLS_FIRST_NODE_INSTANCE}-wss + namespace: ${NAMESPACE} + labels: + app: bee-autotls-wss-expose +spec: + type: NodePort + ports: + - name: wss + port: 1635 + targetPort: 1635 + protocol: TCP + nodePort: 31635 + selector: + app.kubernetes.io/name: bee + app.kubernetes.io/instance: ${BEE_AUTOTLS_FIRST_NODE_INSTANCE} diff --git a/config/k3d.yaml b/config/k3d.yaml index aa6f4a5..449fa44 100644 --- a/config/k3d.yaml +++ b/config/k3d.yaml @@ -9,6 +9,15 @@ ports: - port: 80:80 nodeFilters: - loadbalancer + - port: 30533:30533/udp + nodeFilters: + - server:0 + - port: 31635:31635 + nodeFilters: + - server:0 + - port: 31500:31500 + nodeFilters: + - server:0 registries: create: proxy: diff --git a/config/p2p-forge-deployment.yaml b/config/p2p-forge-deployment.yaml index 8a80554..9dbc111 100644 --- a/config/p2p-forge-deployment.yaml +++ b/config/p2p-forge-deployment.yaml @@ -5,14 +5,27 @@ metadata: namespace: local data: Corefile: | - .:53 { + local.test:53 { errors log + ipparser local.test acme local.test { registration-domain p2p-forge.local.svc.cluster.local:8080 listen-address=:8080 external-tls=true database-type badger /data } } + local.test: | + $TTL 300 + $ORIGIN local.test. + @ 86400 IN SOA ns.local.test. admin.local.test. ( + 2025010101 ; serial + 86400 ; refresh + 2400 ; retry + 604800 ; expire + 86400 ; minimum + ) + local.test. 86400 IN NS ns.local.test. + ns.local.test. 86400 IN A 127.0.0.1 --- apiVersion: apps/v1 kind: Deployment @@ -47,6 +60,8 @@ spec: volumeMounts: - name: p2p-forge-config mountPath: /config + - name: p2p-forge-zones + mountPath: /p2p-forge/zones - name: p2p-forge-data mountPath: /data resources: @@ -60,6 +75,15 @@ spec: - name: p2p-forge-config configMap: name: p2p-forge-config + items: + - key: Corefile + path: Corefile + - name: p2p-forge-zones + configMap: + name: p2p-forge-config + items: + - key: local.test + path: local.test - name: p2p-forge-data emptyDir: {} --- @@ -71,7 +95,7 @@ metadata: labels: app: p2p-forge spec: - type: ClusterIP + type: NodePort ports: - name: api port: 8080 @@ -81,6 +105,6 @@ spec: port: 53 targetPort: 53 protocol: UDP + nodePort: 30053 selector: app: p2p-forge - diff --git a/config/pebble-deployment.yaml b/config/pebble-deployment.yaml index c268d58..b3c3c7f 100644 --- a/config/pebble-deployment.yaml +++ b/config/pebble-deployment.yaml @@ -83,7 +83,7 @@ metadata: labels: app: pebble spec: - type: ClusterIP + type: NodePort ports: - name: http port: 80 @@ -101,5 +101,6 @@ spec: port: 15000 targetPort: 15000 protocol: TCP + nodePort: 31500 selector: app: pebble