diff --git a/.github/workflows/zxc-fsnetman-tests.yaml b/.github/workflows/zxc-fsnetman-tests.yaml index 7bd016a40..1caeef9f6 100644 --- a/.github/workflows/zxc-fsnetman-tests.yaml +++ b/.github/workflows/zxc-fsnetman-tests.yaml @@ -1,5 +1,5 @@ ## -# Copyright (C) 2023 Hedera Hashgraph, LLC +# Copyright (C) 2023-2024 Hedera Hashgraph, LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -130,9 +130,14 @@ jobs: npm link fsnetman init -d ../charts fsnetman cluster create - fsnetman cluster setup - fsnetman chart install - npm run test-e2e + fsnetman cluster setup -d ../charts \ + --cert-manager \ + --cert-manager-crds + fsnetman chart install -d ../charts \ + --enable-tls \ + --self-signed \ + --enable-hedera-explorer-tls + - name: Output logs id: nodejs-test-e2e-logs working-directory: fullstack-network-manager diff --git a/charts/fullstack-cluster-setup/Chart.lock b/charts/fullstack-cluster-setup/Chart.lock index f921e92bb..db87c4259 100644 --- a/charts/fullstack-cluster-setup/Chart.lock +++ b/charts/fullstack-cluster-setup/Chart.lock @@ -10,12 +10,9 @@ dependencies: version: 0.27.1 - name: gateway-helm repository: oci://docker.io/envoyproxy - version: v0.5.0 + version: v0.6.0 - name: cert-manager repository: https://charts.jetstack.io - version: v1.13.2 -- name: acme-cluster-issuer - repository: "" - version: 0.3.0 -digest: sha256:630e4c5a362a5d9a9c8ea6b10653d9b35eb91e93a14e19578e8ef75eeb4a49c6 -generated: "2023-11-10T14:03:37.262415Z" + version: v1.13.3 +digest: sha256:6be28d5957a90c40e36baff239651c7d0ed730bf08b767694619cbc78e7dd325 +generated: "2024-01-05T21:22:49.794103Z" diff --git a/charts/fullstack-cluster-setup/Chart.yaml b/charts/fullstack-cluster-setup/Chart.yaml index 33a85e606..38204f44f 100644 --- a/charts/fullstack-cluster-setup/Chart.yaml +++ b/charts/fullstack-cluster-setup/Chart.yaml @@ -43,16 +43,11 @@ dependencies: - name: gateway-helm alias: envoy-gateway - version: v0.5.0 + version: v0.6.0 repository: oci://docker.io/envoyproxy condition: cloud.envoyGateway.enabled - name: cert-manager - version: v1.13.2 + version: v1.13.3 repository: https://charts.jetstack.io condition: cloud.certManager.enabled - - - name: acme-cluster-issuer - version: 0.3.0 - # TODO: uncomment #repository: https://swirldslabs.github.io/swirldslabs-helm-charts - condition: cloud.acmeClusterIssuer.enabled diff --git a/charts/fullstack-cluster-setup/templates/gateway-api/fst-gateway.yaml b/charts/fullstack-cluster-setup/templates/gateway-api/fst-gateway.yaml index f869dd944..9fe98cc30 100644 --- a/charts/fullstack-cluster-setup/templates/gateway-api/fst-gateway.yaml +++ b/charts/fullstack-cluster-setup/templates/gateway-api/fst-gateway.yaml @@ -1,4 +1,4 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: fst-gateway-class @@ -6,4 +6,3 @@ metadata: fullstack.hedera.com/type: gateway-class spec: controllerName: "gateway.envoyproxy.io/gatewayclass-controller" - #controllerName: "haproxy-ingress.github.io/controller" diff --git a/charts/fullstack-cluster-setup/values.yaml b/charts/fullstack-cluster-setup/values.yaml index 27ae1da62..203eaf512 100644 --- a/charts/fullstack-cluster-setup/values.yaml +++ b/charts/fullstack-cluster-setup/values.yaml @@ -19,21 +19,7 @@ cloud: enabled: false certManager: enabled: false - acmeClusterIssuer: - enabled: false - selfSignedClusterIssuer: - enabled: true cert-manager: namespace: cert-manager installCRDs: false - -acme-cluster-issuer: - issuers: - annotations: - helm.sh/hook: post-install - helm.sh/hook-weight: "2" - staging: - email: "" - production: - email: "" diff --git a/charts/fullstack-deployment/Chart.lock b/charts/fullstack-deployment/Chart.lock index 18cefa63a..b1672f7ce 100644 --- a/charts/fullstack-deployment/Chart.lock +++ b/charts/fullstack-deployment/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: tenant repository: https://operator.min.io/ version: 5.0.7 -digest: sha256:07f6ea06b7748b59dd24b34f2e742222ca2718592efc66d6fc55f78b628d4366 -generated: "2023-11-03T13:52:20.781862Z" +- name: acme-cluster-issuer + repository: "" + version: 0.3.0 +digest: sha256:65f708d654ba6d14c7b193cc833f132f6133cca53850bcd37cf27809246df0f6 +generated: "2024-01-05T21:23:17.852519Z" diff --git a/charts/fullstack-deployment/Chart.yaml b/charts/fullstack-deployment/Chart.yaml index 134be2e41..159203de4 100644 --- a/charts/fullstack-deployment/Chart.yaml +++ b/charts/fullstack-deployment/Chart.yaml @@ -45,3 +45,7 @@ dependencies: repository: https://operator.min.io/ condition: cloud.minio.enabled + - name: acme-cluster-issuer + version: 0.3.0 + # TODO: uncomment #repository: https://swirldslabs.github.io/swirldslabs-helm-charts + condition: cloud.acmeClusterIssuer.enabled diff --git a/charts/fullstack-cluster-setup/charts/acme-cluster-issuer/.helmignore b/charts/fullstack-deployment/charts/acme-cluster-issuer/.helmignore similarity index 100% rename from charts/fullstack-cluster-setup/charts/acme-cluster-issuer/.helmignore rename to charts/fullstack-deployment/charts/acme-cluster-issuer/.helmignore diff --git a/charts/fullstack-cluster-setup/charts/acme-cluster-issuer/Chart.yaml b/charts/fullstack-deployment/charts/acme-cluster-issuer/Chart.yaml similarity index 100% rename from charts/fullstack-cluster-setup/charts/acme-cluster-issuer/Chart.yaml rename to charts/fullstack-deployment/charts/acme-cluster-issuer/Chart.yaml diff --git a/charts/fullstack-cluster-setup/charts/acme-cluster-issuer/templates/production.yaml b/charts/fullstack-deployment/charts/acme-cluster-issuer/templates/production.yaml similarity index 59% rename from charts/fullstack-cluster-setup/charts/acme-cluster-issuer/templates/production.yaml rename to charts/fullstack-deployment/charts/acme-cluster-issuer/templates/production.yaml index 2acb6b353..274bf538b 100644 --- a/charts/fullstack-cluster-setup/charts/acme-cluster-issuer/templates/production.yaml +++ b/charts/fullstack-deployment/charts/acme-cluster-issuer/templates/production.yaml @@ -16,10 +16,21 @@ spec: solvers: {{- if .Values.solvers.http01.enabled }} - http01: + {{- if .Values.solvers.http01.solverType | eq "ingress" }} ingress: {{- with .Values.solvers.http01.ingress }} name: {{ .name }} class: {{ .class }} serviceType: {{ .serviceType }} {{- end }} + {{- end }} + {{- if .Values.solvers.http01.solverType | eq "gatewayHTTPRoute" }} + gatewayHTTPRoute: + {{- with .Values.solvers.http01.gatewayHTTPRoute }} + parentRefs: + - name: {{ .name }} + namespace: {{ default $.Release.Namespace $.Values.global.namespaceOverride }} + kind: Gateway + {{- end }} + {{- end }} {{- end }} diff --git a/charts/fullstack-cluster-setup/charts/acme-cluster-issuer/templates/staging.yaml b/charts/fullstack-deployment/charts/acme-cluster-issuer/templates/staging.yaml similarity index 59% rename from charts/fullstack-cluster-setup/charts/acme-cluster-issuer/templates/staging.yaml rename to charts/fullstack-deployment/charts/acme-cluster-issuer/templates/staging.yaml index 652458a8e..cd8e3a698 100644 --- a/charts/fullstack-cluster-setup/charts/acme-cluster-issuer/templates/staging.yaml +++ b/charts/fullstack-deployment/charts/acme-cluster-issuer/templates/staging.yaml @@ -16,10 +16,21 @@ spec: solvers: {{- if .Values.solvers.http01.enabled }} - http01: + {{- if .Values.solvers.http01.solverType | eq "ingress" }} ingress: {{- with .Values.solvers.http01.ingress }} name: {{ .name }} class: {{ .class }} serviceType: {{ .serviceType }} {{- end }} + {{- end }} + {{- if .Values.solvers.http01.solverType | eq "gatewayHTTPRoute" }} + gatewayHTTPRoute: + {{- with .Values.solvers.http01.gatewayHTTPRoute }} + parentRefs: + - name: {{ .name }} + namespace: {{ default $.Release.Namespace $.Values.global.namespaceOverride }} + kind: Gateway + {{- end }} + {{- end }} {{- end }} diff --git a/charts/fullstack-cluster-setup/charts/acme-cluster-issuer/values.yaml b/charts/fullstack-deployment/charts/acme-cluster-issuer/values.yaml similarity index 67% rename from charts/fullstack-cluster-setup/charts/acme-cluster-issuer/values.yaml rename to charts/fullstack-deployment/charts/acme-cluster-issuer/values.yaml index 0e0410a9b..6a09643ae 100644 --- a/charts/fullstack-cluster-setup/charts/acme-cluster-issuer/values.yaml +++ b/charts/fullstack-deployment/charts/acme-cluster-issuer/values.yaml @@ -10,8 +10,11 @@ issuers: solvers: http01: enabled: true + solverType: "ingress" # "ingress" or "gatewayHTTPRoute" ingress: name: "" class: "" serviceType: "NodePort" - + gatewayHTTPRoute: + name: "" + namespace: "" diff --git a/charts/fullstack-cluster-setup/templates/cert-manager/cluster-issuer.yaml b/charts/fullstack-deployment/templates/cert-manager/cluster-issuer.yaml similarity index 100% rename from charts/fullstack-cluster-setup/templates/cert-manager/cluster-issuer.yaml rename to charts/fullstack-deployment/templates/cert-manager/cluster-issuer.yaml diff --git a/charts/fullstack-deployment/templates/gateway-api/certificate-requests.yaml b/charts/fullstack-deployment/templates/gateway-api/certificate-requests.yaml index 251f72537..071bc6d09 100644 --- a/charts/fullstack-deployment/templates/gateway-api/certificate-requests.yaml +++ b/charts/fullstack-deployment/templates/gateway-api/certificate-requests.yaml @@ -7,6 +7,8 @@ metadata: spec: isCA: false commonName: {{ $.Values.deployment.hederaExplorer.hostname }} + dnsNames: + - {{ $.Values.deployment.hederaExplorer.hostname }} secretName: {{ $.Values.gatewayApi.gateway.tlsClusterIssuerName }}-ca-secret-hedera-explorer privateKey: algorithm: RSA diff --git a/charts/fullstack-deployment/templates/gateway-api/envoy-grpc-web-routes.yaml b/charts/fullstack-deployment/templates/gateway-api/envoy-grpc-web-routes.yaml index 3fcf63a80..d7c9893e3 100644 --- a/charts/fullstack-deployment/templates/gateway-api/envoy-grpc-web-routes.yaml +++ b/charts/fullstack-deployment/templates/gateway-api/envoy-grpc-web-routes.yaml @@ -3,7 +3,7 @@ {{- $defaults := $.Values.defaults.envoyProxy }} {{- if default $defaults.enabled $envoyProxy.enabled | eq "true" }} --- -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: envoy-grpc-web-route-{{ $node.name }} diff --git a/charts/fullstack-deployment/templates/gateway-api/gateway.yaml b/charts/fullstack-deployment/templates/gateway-api/gateway.yaml index da28e63c9..fdffc48d8 100644 --- a/charts/fullstack-deployment/templates/gateway-api/gateway.yaml +++ b/charts/fullstack-deployment/templates/gateway-api/gateway.yaml @@ -1,5 +1,5 @@ {{- if $.Values.gatewayApi.gateway.enabled | eq "true" }} -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: {{ $.Values.gatewayApi.gateway.name }} @@ -9,6 +9,10 @@ metadata: {{- include "fullstack.testLabels" $ | nindent 4 }} spec: gatewayClassName: {{ $.Values.gatewayApi.gatewayClass.name }} + {{- if $.Values.gatewayApi.gateway.loadBalancerEnabled }} + addresses: + - value: {{ $.Values.gatewayApi.gateway.loadBalancerIP }} + {{- end }} listeners: {{- $gossip_start_port := $.Values.gatewayApi.gateway.listeners.gossip.port }} # i.e. node0:51000 ... node999: 51999, points to 50111 port in haproxy or network-node {{- $grpc_start_port := $.Values.gatewayApi.gateway.listeners.grpc.port }} # i.e. node0:52000 ... node999: 52999, points to 50211 port in haproxy or network-node diff --git a/charts/fullstack-deployment/templates/gateway-api/hedera-explorer-route.yaml b/charts/fullstack-deployment/templates/gateway-api/hedera-explorer-route.yaml index a5de323fb..b0b8b674f 100644 --- a/charts/fullstack-deployment/templates/gateway-api/hedera-explorer-route.yaml +++ b/charts/fullstack-deployment/templates/gateway-api/hedera-explorer-route.yaml @@ -1,4 +1,4 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: hedera-explorer-route diff --git a/charts/fullstack-deployment/values.yaml b/charts/fullstack-deployment/values.yaml index bf35a1456..dd5b3f9c3 100644 --- a/charts/fullstack-deployment/values.yaml +++ b/charts/fullstack-deployment/values.yaml @@ -14,6 +14,10 @@ cloud: enabled: "true" minio: enabled: true + acmeClusterIssuer: + enabled: false + selfSignedClusterIssuer: + enabled: false # telemetry configurations telemetry: @@ -35,6 +39,22 @@ tester: pullPolicy: "IfNotPresent" resources: {} +# lets encrypt acme cluster issuer configuration +acme-cluster-issuer: + issuers: + staging: + email: "" + name: fst-letsencrypt-staging + production: + email: "" + name: fst-letsencrypt-prod + solvers: + http01: + solverType: "gatewayHTTPRoute" + gatewayHTTPRoute: + name: "fst" # needs to match gatewayApi.gateway.name in this values.yaml file + namespace: "{{ tpl (.Values.global.namespaceOverride | toString) }}" + # gateway-api configuration gatewayApi: gatewayClass: @@ -45,6 +65,8 @@ gatewayApi: tlsEnabled: false tlsClusterIssuerName: "" # for acme-cluster-setup: staging = letsencrypt-staging, prod = letsencrypt-prod tlsClusterIssuerNamespace: "" # for acme-cluster-setup: cert-manager # TODO is this needed? + loadBalancerIP: "" + loadBalancerEnabled: false listeners: gossip: port: 51000 # i.e. node0:51000 ... node999: 51999, points to 50111 port in haproxy or network-node @@ -54,7 +76,7 @@ gatewayApi: enabled: "true" grpcs: # tls-grpc-port port: 53000 # i.e. node0:53000 ... node999: 53999, points to 50212 port in haproxy or network-node - enabled: "true" + enabled: "false" tlsEnabled: false grpcWeb: port: 18000 # i.e. node0:18000 ... node999: 18999, points to 8080 port in envoy proxy diff --git a/fullstack-network-manager/package-lock.json b/fullstack-network-manager/package-lock.json index a26c91904..08dbd7f85 100644 --- a/fullstack-network-manager/package-lock.json +++ b/fullstack-network-manager/package-lock.json @@ -13,14 +13,16 @@ "linux" ], "dependencies": { - "@hashgraph/sdk": "^2.38.0", + "@hashgraph/sdk": "^2.39.0", "@listr2/prompt-adapter-enquirer": "^1.0.2", "adm-zip": "^0.5.10", + "axios": "^1.6.4", "chalk": "^5.3.0", "dotenv": "^16.3.1", "enquirer": "^2.4.1", "esm": "^3.2.25", "figlet": "^1.6.0", + "follow-redirects": "^1.15.4", "got": "^13.0.0", "inquirer": "^9.2.11", "listr2": "^7.0.2", @@ -1221,15 +1223,15 @@ "integrity": "sha512-lcHwpNoggQTObv5apGNCTdJrO69eHOZMi4BNC+rTLER8iHAqGrUVeLh/irVIM7zTw2bOXA8T6uNPeujwOLg/2Q==" }, "node_modules/@hashgraph/cryptography": { - "version": "1.4.8-beta.4", - "resolved": "https://registry.npmjs.org/@hashgraph/cryptography/-/cryptography-1.4.8-beta.4.tgz", - "integrity": "sha512-43wpRuE6ML04dFNpNPHvEZTKlVT9+dOE7SxyQPMYunsFitJvlIDl1VvOXeOSGbVdsV+nDQQV7C9pZWRSV1e32g==", + "version": "1.4.8-beta.5", + "resolved": "https://registry.npmjs.org/@hashgraph/cryptography/-/cryptography-1.4.8-beta.5.tgz", + "integrity": "sha512-soq2vGLRkdl2Evr+gIvIjCXJjqA1hOAjysBGG+dhP6tKx2PEgEjb3hON/sMbxm3Q4qQdkML/vEthdAV707+flw==", "dependencies": { "asn1js": "^3.0.5", "bignumber.js": "^9.1.1", "bn.js": "^5.2.1", "buffer": "^6.0.3", - "crypto-js": "^4.1.1", + "crypto-js": "^4.2.0", "elliptic": "^6.5.4", "js-base64": "^3.7.4", "node-forge": "^1.3.1", @@ -1241,7 +1243,7 @@ "node": ">=12.0.0" }, "peerDependencies": { - "expo": "^45.0.3", + "expo": "^49.0.16", "expo-crypto": "^10.1.2", "expo-random": "^12.1.2" }, @@ -1281,9 +1283,9 @@ } }, "node_modules/@hashgraph/proto": { - "version": "2.14.0-beta.2", - "resolved": "https://registry.npmjs.org/@hashgraph/proto/-/proto-2.14.0-beta.2.tgz", - "integrity": "sha512-LuypRVyDc05podG/FoDlElgirAiBa8LuyKoAdOmZHUQOC3zNA7bFneTkZJR92Oxhnc56++QCLCOsRPjVLOYBcw==", + "version": "2.14.0-beta.3", + "resolved": "https://registry.npmjs.org/@hashgraph/proto/-/proto-2.14.0-beta.3.tgz", + "integrity": "sha512-y2DYFXpXZN0ywULaPycRmmryaUBzSDQ2+UAAYdE1jQr8NPcIL2gv8wB5GKBBQqz1HihRNXiyJgYSGoNSeq9qsg==", "dependencies": { "long": "^4.0.0", "protobufjs": "^7.2.5" @@ -1293,21 +1295,21 @@ } }, "node_modules/@hashgraph/sdk": { - "version": "2.38.0", - "resolved": "https://registry.npmjs.org/@hashgraph/sdk/-/sdk-2.38.0.tgz", - "integrity": "sha512-fe28I/xEAyaA1S8VrwR4oWGLonyjadD0sHyCbaO+9zPgpQXcM4wMeBZrbkia5riemY+adPHwrJ5FxASk3Rr3eg==", + "version": "2.39.0", + "resolved": "https://registry.npmjs.org/@hashgraph/sdk/-/sdk-2.39.0.tgz", + "integrity": "sha512-/VvJvO9z1yOEzQgvvg3dTzNfbaOVIsLjmo2GzwEgvycuVwuvWT2cmuNVQ/D5Fd53ELqTHusk999TkxYUYQJeqA==", "dependencies": { "@ethersproject/abi": "^5.7.0", "@ethersproject/bignumber": "^5.7.0", "@ethersproject/bytes": "^5.7.0", "@ethersproject/rlp": "^5.7.0", "@grpc/grpc-js": "1.8.2", - "@hashgraph/cryptography": "1.4.8-beta.4", - "@hashgraph/proto": "2.14.0-beta.2", - "axios": "^1.3.1", + "@hashgraph/cryptography": "1.4.8-beta.5", + "@hashgraph/proto": "2.14.0-beta.3", + "axios": "^1.6.0", "bignumber.js": "^9.1.1", "bn.js": "^5.1.1", - "crypto-js": "^4.1.1", + "crypto-js": "^4.2.0", "js-base64": "^3.7.4", "long": "^4.0.0", "pino": "^8.14.1", @@ -1319,7 +1321,7 @@ "node": ">=14.0.0" }, "peerDependencies": { - "expo": "^49.0.10" + "expo": "^49.0.16" }, "peerDependenciesMeta": { "expo": { @@ -2671,11 +2673,11 @@ } }, "node_modules/axios": { - "version": "1.6.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.2.tgz", - "integrity": "sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==", + "version": "1.6.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.4.tgz", + "integrity": "sha512-heJnIs6N4aa1eSthhN9M5ioILu8Wi8vmQW9iHQ9NUvfkJb0lEEDUiIdQNAuBtfUt3FxReaKdpQA5DbmMOqzF/A==", "dependencies": { - "follow-redirects": "^1.15.0", + "follow-redirects": "^1.15.4", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } @@ -4673,9 +4675,9 @@ "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw==" }, "node_modules/follow-redirects": { - "version": "1.15.3", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz", - "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==", + "version": "1.15.4", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.4.tgz", + "integrity": "sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw==", "funding": [ { "type": "individual", diff --git a/fullstack-network-manager/package.json b/fullstack-network-manager/package.json index ebb82c634..bc359bc36 100644 --- a/fullstack-network-manager/package.json +++ b/fullstack-network-manager/package.json @@ -24,14 +24,16 @@ "author": "Lenin Mehedy", "license": "Apache2.0", "dependencies": { - "@hashgraph/sdk": "^2.38.0", + "@hashgraph/sdk": "^2.39.0", "@listr2/prompt-adapter-enquirer": "^1.0.2", "adm-zip": "^0.5.10", + "axios": "^1.6.4", "chalk": "^5.3.0", "dotenv": "^16.3.1", "enquirer": "^2.4.1", "esm": "^3.2.25", "figlet": "^1.6.0", + "follow-redirects": "^1.15.4", "got": "^13.0.0", "inquirer": "^9.2.11", "listr2": "^7.0.2", diff --git a/fullstack-network-manager/src/commands/chart.mjs b/fullstack-network-manager/src/commands/chart.mjs index 809cd7bbe..ff24cdb61 100644 --- a/fullstack-network-manager/src/commands/chart.mjs +++ b/fullstack-network-manager/src/commands/chart.mjs @@ -7,7 +7,7 @@ import { constants } from '../core/index.mjs' import * as prompts from './prompts.mjs' export class ChartCommand extends BaseCommand { - getTlsValueArguments(enableTls, tlsClusterIssuerName, tlsClusterIssuerNamespace) { + getTlsValueArguments(enableTls, tlsClusterIssuerName, tlsClusterIssuerNamespace, enableHederaExplorerTls) { const gatewayPrefix = 'gatewayApi.gateway' let valuesArg = ` --set ${gatewayPrefix}.tlsEnabled=${enableTls}` @@ -17,7 +17,10 @@ export class ChartCommand extends BaseCommand { const listenerPrefix = `${gatewayPrefix}.listeners` valuesArg += ` --set ${listenerPrefix}.grpcs.tlsEnabled=${enableTls}` valuesArg += ` --set ${listenerPrefix}.grpcWeb.tlsEnabled=${enableTls}` - valuesArg += ` --set ${listenerPrefix}.hederaExplorer.tlsEnabled=${enableTls}` + + if (enableTls || enableHederaExplorerTls) { + valuesArg += ` --set ${listenerPrefix}.hederaExplorer.tlsEnabled=true` + } return valuesArg } @@ -35,7 +38,8 @@ export class ChartCommand extends BaseCommand { return valuesArg } - prepareValuesArg (chartDir, valuesFile, deployMirrorNode, deployHederaExplorer, enableTls, tlsClusterIssuerName, tlsClusterIssuerNamespace) { + prepareValuesArg (chartDir, valuesFile, deployMirrorNode, deployHederaExplorer, enableTls, tlsClusterIssuerName, + tlsClusterIssuerNamespace, enableHederaExplorerTls, acmeClusterIssuer, selfSignedClusterIssuer) { let valuesArg = '' if (chartDir) { valuesArg = `-f ${chartDir}/fullstack-deployment/values.yaml` @@ -44,9 +48,11 @@ export class ChartCommand extends BaseCommand { valuesArg += this.prepareValuesFiles(valuesFile) valuesArg += ` --set hedera-mirror-node.enabled=${deployMirrorNode} --set hedera-explorer.enabled=${deployHederaExplorer}` + valuesArg += ` --set cloud.acmeClusterIssuer.enabled=${acmeClusterIssuer}` + valuesArg += ` --set cloud.selfSignedClusterIssuer.enabled=${selfSignedClusterIssuer}` if (enableTls) { - valuesArg += this.getTlsValueArguments(enableTls, tlsClusterIssuerName, tlsClusterIssuerNamespace) + valuesArg += this.getTlsValueArguments(enableTls, tlsClusterIssuerName, tlsClusterIssuerNamespace, enableHederaExplorerTls) } return valuesArg @@ -62,6 +68,9 @@ export class ChartCommand extends BaseCommand { const enableTls = this.configManager.flagValue(cachedConfig, flags.enableTls) const tlsClusterIssuerName = this.configManager.flagValue(cachedConfig, flags.tlsClusterIssuerName) const tlsClusterIssuerNamespace = this.configManager.flagValue(cachedConfig, flags.tlsClusterIssuerNamespace) + const enableHederaExplorerTls = this.configManager.flagValue(cachedConfig, flags.enableHederaExplorerTls) + const acmeClusterIssuer = this.configManager.flagValue(cachedConfig, flags.acmeClusterIssuer) + const selfSignedClusterIssuer = this.configManager.flagValue(cachedConfig, flags.selfSignedClusterIssuer) // prompt if values are missing and create a config object const config = { @@ -73,6 +82,9 @@ export class ChartCommand extends BaseCommand { enableTls: await prompts.promptEnableTls(task, enableTls), tlsClusterIssuerName: await prompts.promptTlsClusterIssuerName(task, tlsClusterIssuerName), tlsClusterIssuerNamespace: await prompts.promptTlsClusterIssuerNamespace(task, tlsClusterIssuerNamespace), + enableHederaExplorerTls: await prompts.promptEnableHederaExplorerTls(task, enableHederaExplorerTls), + acmeClusterIssuer: await prompts.promptAcmeClusterIssuer(task, acmeClusterIssuer), + selfSignedClusterIssuer: await prompts.promptSelfSignedClusterIssuer(task, selfSignedClusterIssuer), timeout: '900s', version: cachedConfig.version } @@ -83,7 +95,8 @@ export class ChartCommand extends BaseCommand { config.valuesArg = this.prepareValuesArg(config.chartDir, config.valuesFile, config.deployMirrorNode, config.deployHederaExplorer, - config.enableTls, config.tlsClusterIssuerName, config.tlsClusterIssuerNamespace) + config.enableTls, config.tlsClusterIssuerName, config.tlsClusterIssuerNamespace, config.enableHederaExplorerTls, + config.acmeClusterIssuer, config.selfSignedClusterIssuer) return config } @@ -232,7 +245,10 @@ export class ChartCommand extends BaseCommand { flags.chartDirectory, flags.enableTls, flags.tlsClusterIssuerName, - flags.tlsClusterIssuerNamespace + flags.tlsClusterIssuerNamespace, + flags.enableHederaExplorerTls, + flags.acmeClusterIssuer, + flags.selfSignedClusterIssuer ) }, handler: argv => { @@ -278,7 +294,10 @@ export class ChartCommand extends BaseCommand { flags.chartDirectory, flags.enableTls, flags.tlsClusterIssuerName, - flags.tlsClusterIssuerNamespace + flags.tlsClusterIssuerNamespace, + flags.enableHederaExplorerTls, + flags.acmeClusterIssuer, + flags.selfSignedClusterIssuer ), handler: argv => { chartCmd.logger.debug("==== Running 'chart upgrade' ===") diff --git a/fullstack-network-manager/src/commands/cluster.mjs b/fullstack-network-manager/src/commands/cluster.mjs index 86223e141..c02d39a0b 100644 --- a/fullstack-network-manager/src/commands/cluster.mjs +++ b/fullstack-network-manager/src/commands/cluster.mjs @@ -244,7 +244,6 @@ export class ClusterCommand extends BaseCommand { const deployEnvoyGateway = self.configManager.flagValue(cachedConfig, flags.deployEnvoyGateway) const deployCertManager = self.configManager.flagValue(cachedConfig, flags.deployCertManager) const deployCertManagerCrds = self.configManager.flagValue(cachedConfig, flags.deployCertManagerCrds) - const acmeClusterIssuer = self.configManager.flagValue(cachedConfig, flags.acmeClusterIssuer) // get existing choices const clusters = await self.kind.getClusters('-q') @@ -260,7 +259,6 @@ export class ClusterCommand extends BaseCommand { deployEnvoyGateway: await prompts.promptDeployEnvoyGateway(task, deployEnvoyGateway), deployCertManager: await prompts.promptDeployCertManager(task, deployCertManager), deployCertManagerCrds: await prompts.promptDeployCertManagerCrds(task, deployCertManagerCrds), - acmeClusterIssuer: await prompts.promptAcmeClusterIssuer(task, acmeClusterIssuer) } self.logger.debug('Prepare ctx.config', { config: ctx.config, argv }) @@ -278,8 +276,7 @@ export class ClusterCommand extends BaseCommand { ctx.config.deployMinio, ctx.config.deployEnvoyGateway, ctx.config.deployCertManager, - ctx.config.deployCertManagerCrds, - ctx.config.acmeClusterIssuer + ctx.config.deployCertManagerCrds ) }, skip: (ctx, _) => ctx.isChartInstalled @@ -450,8 +447,7 @@ export class ClusterCommand extends BaseCommand { flags.deployMinio, flags.deployEnvoyGateway, flags.deployCertManager, - flags.deployCertManagerCrds, - flags.acmeClusterIssuer + flags.deployCertManagerCrds ), handler: argv => { clusterCmd.logger.debug("==== Running 'cluster setup' ===", { argv }) @@ -500,7 +496,6 @@ export class ClusterCommand extends BaseCommand { * @param envoyGatewayEnabled a bool to denote whether to install envoy-gateway * @param certManagerEnabled a bool to denote whether to install cert manager * @param certManagerCrdsEnabled a bool to denote whether to install cert manager CRDs - * @param acmeClusterIssuer a bool to denote whether to install the acme certificate issuers * @returns {string} */ prepareValuesArg (chartDir = flags.chartDirectory.definition.default, @@ -508,8 +503,7 @@ export class ClusterCommand extends BaseCommand { minioEnabled = flags.deployMinio.definition.default, envoyGatewayEnabled = flags.deployEnvoyGateway.definition.default, certManagerEnabled = flags.deployCertManager.definition.default, - certManagerCrdsEnabled = flags.deployCertManagerCrds.definition.default, - acmeClusterIssuer = flags.acmeClusterIssuer.definition.default + certManagerCrdsEnabled = flags.deployCertManagerCrds.definition.default ) { let valuesArg = '' if (chartDir) { @@ -520,10 +514,6 @@ export class ClusterCommand extends BaseCommand { valuesArg += ` --set cloud.minio.enabled=${minioEnabled}` valuesArg += ` --set cloud.envoyGateway.enabled=${envoyGatewayEnabled}` valuesArg += ` --set cloud.certManager.enabled=${certManagerEnabled}` - // automatically install the acme cluster issuer if cert-manager is enabled - if (certManagerEnabled || acmeClusterIssuer) { - valuesArg += ` --set cloud.acmeClusterIssuer.enabled=true` - } valuesArg += ` --set cert-manager.installCRDs=${certManagerCrdsEnabled}` if (certManagerEnabled && !certManagerCrdsEnabled) { diff --git a/fullstack-network-manager/src/commands/flags.mjs b/fullstack-network-manager/src/commands/flags.mjs index ca30f1a38..0e1100236 100644 --- a/fullstack-network-manager/src/commands/flags.mjs +++ b/fullstack-network-manager/src/commands/flags.mjs @@ -230,6 +230,15 @@ export const tlsClusterIssuerName = { } } +export const selfSignedClusterIssuer = { + name: 'self-signed', + definition: { + describe: 'Enable the self signed cluster issuer', + default: false, + type: 'boolean' + } +} + export const tlsClusterIssuerNamespace = { name: 'tls-cluster-issuer-namespace', definition: { @@ -248,6 +257,15 @@ export const acmeClusterIssuer = { } } +export const enableHederaExplorerTls = { + name: 'enable-hedera-explorer-tls', + definition: { + describe: 'Enable the Hedera Explorer TLS, defaults to false', + default: false, + type: 'boolean' + } +} + export const allFlags = [ clusterName, namespace, @@ -272,5 +290,7 @@ export const allFlags = [ operatorKey, enableTls, tlsClusterIssuerName, - tlsClusterIssuerNamespace + tlsClusterIssuerNamespace, + enableHederaExplorerTls, + selfSignedClusterIssuer ] diff --git a/fullstack-network-manager/src/commands/prompts.mjs b/fullstack-network-manager/src/commands/prompts.mjs index 31a92c72c..190c4308a 100644 --- a/fullstack-network-manager/src/commands/prompts.mjs +++ b/fullstack-network-manager/src/commands/prompts.mjs @@ -350,6 +350,23 @@ export async function promptEnableTls(task, input) { } } +export async function promptSelfSignedClusterIssuer(task, input) { + try { + if (input === undefined) { + input = await task.prompt(ListrEnquirerPromptAdapter).run({ + type: 'toggle', + default: flags.selfSignedClusterIssuer.definition.default, + message: 'Would you like to enable the self signed cluster issuer?' + }) + } + + return input + } catch (e) { + throw new FullstackTestingError(`input failed: ${flags.selfSignedClusterIssuer.name}`, e) + } + +} + export async function promptTlsClusterIssuerName(task, input) { try { if (!input) { @@ -382,6 +399,22 @@ export async function promptTlsClusterIssuerNamespace(task, input) { } } +export async function promptEnableHederaExplorerTls(task, input) { + try { + if (input === undefined) { + input = await task.prompt(ListrEnquirerPromptAdapter).run({ + type: 'toggle', + default: flags.enableHederaExplorerTls.definition.default, + message: 'Would you like to enable the Hedera Explorer TLS?' + }) + } + + return input + } catch (e) { + throw new FullstackTestingError(`input failed: ${flags.enableHederaExplorerTls.name}`, e) + } +} + export async function promptOperatorId (task, input) { try { if (!input) { diff --git a/fullstack-network-manager/src/core/helm.mjs b/fullstack-network-manager/src/core/helm.mjs index 25ebee1e0..46c9df55a 100644 --- a/fullstack-network-manager/src/core/helm.mjs +++ b/fullstack-network-manager/src/core/helm.mjs @@ -19,7 +19,7 @@ export class Helm extends ShellRunner { * @returns {Promise} console output as an array of strings */ async install (...args) { - return this.run(this.prepareCommand('install', ...args)) + return this.run(this.prepareCommand('install', ...args), true) } /** diff --git a/fullstack-network-manager/test/unit/core/helm.test.mjs b/fullstack-network-manager/test/unit/core/helm.test.mjs index 734325023..daaead6b8 100644 --- a/fullstack-network-manager/test/unit/core/helm.test.mjs +++ b/fullstack-network-manager/test/unit/core/helm.test.mjs @@ -9,7 +9,7 @@ describe('Helm', () => { it('should run helm install', async () => { await helm.install('arg') - expect(shellSpy).toHaveBeenCalledWith('helm install arg') + expect(shellSpy).toHaveBeenCalledWith('helm install arg', true) }) it('should run helm uninstall', async () => {