feat(config): add UDP service for p2p-forge and ingress routes for pe…

beelocal.sh

@@ -38,6 +38,7 @@ declare -x SETUP_CONTRACT_IMAGE_TAG=${SETUP_CONTRACT_IMAGE_TAG:-latest}
 declare -x NAMESPACE=${NAMESPACE:-local}
 declare -x BEEKEEPER_CLUSTER=${BEEKEEPER_CLUSTER:-local}
 declare -x P2P_WSS_ENABLE=${P2P_WSS_ENABLE:-false}
+declare -x BEE_AUTOTLS_FIRST_NODE_INSTANCE=${BEE_AUTOTLS_FIRST_NODE_INSTANCE:-bee-autotls-0}
 declare -x PEBBLE_IMAGE_TAG=${PEBBLE_IMAGE_TAG:-2.9.0}
 declare -x P2P_FORGE_IMAGE_TAG=${P2P_FORGE_IMAGE_TAG:-v0.7.0}
 declare -x PEBBLE_CERTIFICATE_VALIDITY_PERIOD=${PEBBLE_CERTIFICATE_VALIDITY_PERIOD:-300}
@@ -350,6 +351,25 @@ ${LOCAL_TEST_BLOCK}"
     echo "Pebble and p2p-forge deployed successfully..."
 }
 
+deploy-bee-autotls-wss-expose() {
+    if [[ "${P2P_WSS_ENABLE}" != "true" ]]; then
+        return 0
+    fi
+    echo "exposing bee-autotls-0 WSS for TLS verification from host..."
+    if [[ -z $BEE_CONFIG ]]; then
+        config
+    fi
+    if [[ -f "${BEE_CONFIG}"/bee-autotls-wss-expose.yaml ]] && grep -q "^apiVersion:" "${BEE_CONFIG}"/bee-autotls-wss-expose.yaml 2>/dev/null; then
+        envsubst '${NAMESPACE},${BEE_AUTOTLS_FIRST_NODE_INSTANCE}' < "${BEE_CONFIG}"/bee-autotls-wss-expose.yaml | kubectl apply -f -
+    elif [[ -f config/bee-autotls-wss-expose.yaml ]]; then
+        envsubst '${NAMESPACE},${BEE_AUTOTLS_FIRST_NODE_INSTANCE}' < config/bee-autotls-wss-expose.yaml | kubectl apply -f -
+    else
+        echo "bee-autotls-wss-expose.yaml not found, skipping..."
+        return 0
+    fi
+    echo "bee-autotls-0 WSS exposed on NodePort 31635..."
+}
+
 stop() {
     if [[ -n $CI ]]; then
         echo "action not supported for CI"
@@ -431,7 +451,7 @@ for OPT in $OPTS; do
     fi
 done
 
-ACTIONS=(build check destroy geth install k8s-local uninstall start stop run prepare add-hosts del-hosts)
+ACTIONS=(build check destroy geth install k8s-local uninstall start stop run prepare add-hosts del-hosts deploy-p2p-wss deploy-bee-autotls-wss-expose)
 if [[ " ${ACTIONS[*]} " == *"$ACTION"* ]]; then
     if [[ $ACTION == "run" ]]; then
         check
@@ -443,6 +463,7 @@ if [[ " ${ACTIONS[*]} " == *"$ACTION"* ]]; then
         fi
         deploy-p2p-wss
         install
+        deploy-bee-autotls-wss-expose
     elif [[ $ACTION == "prepare" ]]; then
         check
         add-hosts
@@ -454,6 +475,7 @@ if [[ " ${ACTIONS[*]} " == *"$ACTION"* ]]; then
             build
         fi
         deploy-p2p-wss
+        deploy-bee-autotls-wss-expose
     else
         $ACTION
     fi

config/bee-autotls-wss-expose.yaml

@@ -0,0 +1,21 @@
+# Exposes the first autotls node's WSS port (1635) as NodePort 31635
+# so beekeeper can verify TLS from the host when forge-tls-host-address is set.
+# BEE_AUTOTLS_FIRST_NODE_INSTANCE must match the first node's instance label (e.g. bee-autotls-0).
+apiVersion: v1
+kind: Service
+metadata:
+  name: ${BEE_AUTOTLS_FIRST_NODE_INSTANCE}-wss
+  namespace: ${NAMESPACE}
+  labels:
+    app: bee-autotls-wss-expose
+spec:
+  type: NodePort
+  ports:
+  - name: wss
+    port: 1635
+    targetPort: 1635
+    protocol: TCP
+    nodePort: 31635
+  selector:
+    app.kubernetes.io/name: bee
+    app.kubernetes.io/instance: ${BEE_AUTOTLS_FIRST_NODE_INSTANCE}

config/k3d.yaml

@@ -9,6 +9,15 @@ ports:
   - port: 80:80
     nodeFilters:
       - loadbalancer
+  - port: 30533:30533/udp
+    nodeFilters:
+      - server:0
+  - port: 31635:31635
+    nodeFilters:
+      - server:0
+  - port: 31500:31500
+    nodeFilters:
+      - server:0
 registries:
   create:
     proxy:

config/p2p-forge-deployment.yaml

@@ -5,14 +5,27 @@ metadata:
   namespace: local
 data:
   Corefile: |
-    .:53 {
+    local.test:53 {
         errors
         log
+        ipparser local.test
         acme local.test {
             registration-domain p2p-forge.local.svc.cluster.local:8080 listen-address=:8080 external-tls=true
             database-type badger /data
         }
     }
+  local.test: |
+    $TTL 300
+    $ORIGIN local.test.
+    @ 86400 IN SOA ns.local.test. admin.local.test. (
+        2025010101 ; serial
+        86400      ; refresh
+        2400       ; retry
+        604800     ; expire
+        86400      ; minimum
+    )
+    local.test. 86400 IN NS ns.local.test.
+    ns.local.test. 86400 IN A 127.0.0.1
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -47,6 +60,8 @@ spec:
         volumeMounts:
         - name: p2p-forge-config
           mountPath: /config
+        - name: p2p-forge-zones
+          mountPath: /p2p-forge/zones
         - name: p2p-forge-data
           mountPath: /data
         resources:
@@ -60,6 +75,15 @@ spec:
       - name: p2p-forge-config
         configMap:
           name: p2p-forge-config
+          items:
+          - key: Corefile
+            path: Corefile
+      - name: p2p-forge-zones
+        configMap:
+          name: p2p-forge-config
+          items:
+          - key: local.test
+            path: local.test
       - name: p2p-forge-data
         emptyDir: {}
 ---
@@ -71,7 +95,7 @@ metadata:
   labels:
     app: p2p-forge
 spec:
-  type: ClusterIP
+  type: NodePort
   ports:
   - name: api
     port: 8080
@@ -81,6 +105,6 @@ spec:
     port: 53
     targetPort: 53
     protocol: UDP
+    nodePort: 30053
   selector:
     app: p2p-forge
-

config/pebble-deployment.yaml

@@ -83,7 +83,7 @@ metadata:
   labels:
     app: pebble
 spec:
-  type: ClusterIP
+  type: NodePort
   ports:
   - name: http
     port: 80
@@ -101,5 +101,6 @@ spec:
     port: 15000
     targetPort: 15000
     protocol: TCP
+    nodePort: 31500
   selector:
     app: pebble