fixup: Source ingress configuration from the cluster

Author: maru-ava

tests/fixture/tmpnet/flags/kube_runtime.go

@@ -7,7 +7,6 @@ import (
 	"errors"
 	"flag"
 	"fmt"
-	"strings"
 
 	"github.com/spf13/pflag"
 
@@ -21,10 +20,9 @@ const (
 )
 
 var (
-	errKubeNamespaceRequired         = errors.New("--kube-namespace is required")
-	errKubeImageRequired             = errors.New("--kube-image is required")
-	errKubeMinVolumeSizeRequired     = fmt.Errorf("--kube-volume-size must be >= %d", tmpnet.MinimumVolumeSizeGB)
-	errKubeBaseAccessibleURIRequired = errors.New("--kube-base-accessible-uri is required when running outside of cluster")
+	errKubeNamespaceRequired     = errors.New("--kube-namespace is required")
+	errKubeImageRequired         = errors.New("--kube-image is required")
+	errKubeMinVolumeSizeRequired = fmt.Errorf("--kube-volume-size must be >= %d", tmpnet.MinimumVolumeSizeGB)
 )
 
 type kubeRuntimeVars struct {
@@ -34,7 +32,6 @@ type kubeRuntimeVars struct {
 	useExclusiveScheduling bool
 	schedulingLabelKey     string
 	schedulingLabelValue   string
-	baseAccessibleURI      string
 	config                 *KubeconfigVars
 }
 
@@ -88,12 +85,6 @@ func (v *kubeRuntimeVars) register(stringVar varFunc[string], uintVar varFunc[ui
 		"",
 		kubeDocPrefix+"The label value to use for exclusive scheduling for node selection and toleration",
 	)
-	stringVar(
-		&v.baseAccessibleURI,
-		"kube-base-accessible-uri",
-		"",
-		kubeDocPrefix+"The base URI for constructing node URIs when running outside of the cluster hosting nodes",
-	)
 }
 
 func (v *kubeRuntimeVars) getKubeRuntimeConfig() (*tmpnet.KubeRuntimeConfig, error) {
@@ -106,17 +97,6 @@ func (v *kubeRuntimeVars) getKubeRuntimeConfig() (*tmpnet.KubeRuntimeConfig, err
 	if v.volumeSizeGB < tmpnet.MinimumVolumeSizeGB {
 		return nil, errKubeMinVolumeSizeRequired
 	}
-	baseAccessibleURI := v.baseAccessibleURI
-	if strings.HasPrefix(v.config.Context, "kind-kind") && len(baseAccessibleURI) == 0 {
-		// Use the base uri expected for the kind cluster deployed by tmpnet. Not supplying this as a default
-		// ensures that an explicit value is required for non-kind clusters.
-		//
-		// TODO(marun) Log why this value is being used. This will require passing a log through the call chain.
-		baseAccessibleURI = "http://localhost:30791"
-	}
-	if !tmpnet.IsRunningInCluster() && len(baseAccessibleURI) == 0 {
-		return nil, errKubeBaseAccessibleURIRequired
-	}
 	return &tmpnet.KubeRuntimeConfig{
 		ConfigPath:             v.config.Path,
 		ConfigContext:          v.config.Context,
@@ -126,7 +106,5 @@ func (v *kubeRuntimeVars) getKubeRuntimeConfig() (*tmpnet.KubeRuntimeConfig, err
 		UseExclusiveScheduling: v.useExclusiveScheduling,
 		SchedulingLabelKey:     v.schedulingLabelKey,
 		SchedulingLabelValue:   v.schedulingLabelValue,
-		// Strip trailing slashes to simplify path composition
-		BaseAccessibleURI: strings.TrimRight(baseAccessibleURI, "/"),
 	}, nil
 }

tests/fixture/tmpnet/kube_runtime.go

@@ -54,10 +54,14 @@ const (
 	antiAffinityLabelValue = "exclusive"
 
 	// Name of config map containing tmpnet defaults
-	kubeRuntimeConfigMapName = "tmpnet"
+	defaultsConfigMapName = "tmpnet-defaults"
+	ingressHostKey        = "ingressHost"
 )
 
-var errMissingSchedulingLabels = errors.New("--kube-scheduling-label-key and --kube-scheduling-label-value are required when exclusive scheduling is enabled")
+var (
+	errMissingSchedulingLabels = errors.New("--kube-scheduling-label-key and --kube-scheduling-label-value are required when exclusive scheduling is enabled")
+	errMissingIngressHost      = errors.New("IngressHost is a required value. Ensure the " + defaultsConfigMapName + " ConfigMap contains an entry for " + ingressHostKey)
+)
 
 type KubeRuntimeConfig struct {
 	// Path to the kubeconfig file identifying the target cluster
@@ -78,14 +82,18 @@ type KubeRuntimeConfig struct {
 	SchedulingLabelKey string `json:"schedulingLabelKey,omitempty"`
 	// Label value to use for exclusive scheduling for node selection and toleration
 	SchedulingLabelValue string `json:"schedulingLabelValue,omitempty"`
-	// Base URI for constructing node URIs when running outside of the cluster hosting nodes (e.g., "http://localhost:30791")
-	BaseAccessibleURI string `json:"baseAccessibleURI,omitempty"`
+	// Host for ingress rules (e.g., "localhost:30791" for kind, "tmpnet.example.com" for EKS)
+	IngressHost string `json:"ingressHost,omitempty"`
+	// TLS secret name for ingress (empty for HTTP, populated for HTTPS)
+	IngressSecret string `json:"ingressSecret,omitempty"`
 }
 
 // ensureDefaults sets cluster-specific defaults for fields not already set by flags.
 func (c *KubeRuntimeConfig) ensureDefaults(ctx context.Context, log logging.Logger) error {
+	// Only read defaults if necessary
 	requireSchedulingDefaults := c.UseExclusiveScheduling && (len(c.SchedulingLabelKey) == 0 || len(c.SchedulingLabelValue) == 0)
-	if !requireSchedulingDefaults {
+	requireIngressDefaults := !IsRunningInCluster() && len(c.IngressHost) == 0
+	if !requireSchedulingDefaults && !requireIngressDefaults {
 		return nil
 	}
 
@@ -96,34 +104,55 @@ func (c *KubeRuntimeConfig) ensureDefaults(ctx context.Context, log logging.Logg
 
 	log.Info("attempting to retrieve configmap containing tmpnet defaults",
 		zap.String("namespace", c.Namespace),
-		zap.String("configMap", kubeRuntimeConfigMapName),
+		zap.String("configMap", defaultsConfigMapName),
 	)
 
-	configMap, err := clientset.CoreV1().ConfigMaps(c.Namespace).Get(ctx, kubeRuntimeConfigMapName, metav1.GetOptions{})
+	configMap, err := clientset.CoreV1().ConfigMaps(c.Namespace).Get(ctx, defaultsConfigMapName, metav1.GetOptions{})
 	if err != nil {
 		return fmt.Errorf("failed to get ConfigMap: %w", err)
 	}
 
-	var (
-		schedulingLabelKey   = configMap.Data["schedulingLabelKey"]
-		schedulingLabelValue = configMap.Data["schedulingLabelValue"]
-	)
-	if len(c.SchedulingLabelKey) == 0 && len(schedulingLabelKey) > 0 {
-		log.Info("setting default value for SchedulingLabelKey",
-			zap.String("schedulingLabelKey", schedulingLabelKey),
+	if requireSchedulingDefaults {
+		var (
+			schedulingLabelKey   = configMap.Data["schedulingLabelKey"]
+			schedulingLabelValue = configMap.Data["schedulingLabelValue"]
 		)
-		c.SchedulingLabelKey = schedulingLabelKey
+		if len(c.SchedulingLabelKey) == 0 && len(schedulingLabelKey) > 0 {
+			log.Info("setting default value for SchedulingLabelKey",
+				zap.String("schedulingLabelKey", schedulingLabelKey),
+			)
+			c.SchedulingLabelKey = schedulingLabelKey
+		}
+		if len(c.SchedulingLabelValue) == 0 && len(schedulingLabelValue) > 0 {
+			log.Info("setting default value for SchedulingLabelValue",
+				zap.String("schedulingLabelValue", schedulingLabelValue),
+			)
+			c.SchedulingLabelValue = schedulingLabelValue
+		}
+		if len(c.SchedulingLabelKey) == 0 || len(c.SchedulingLabelValue) == 0 {
+			return errMissingSchedulingLabels
+		}
 	}
-	if len(c.SchedulingLabelValue) == 0 && len(schedulingLabelValue) > 0 {
-		log.Info("setting default value for SchedulingLabelValue",
-			zap.String("schedulingLabelValue", schedulingLabelValue),
+	if requireIngressDefaults {
+		var (
+			ingressHost   = configMap.Data[ingressHostKey]
+			ingressSecret = configMap.Data["ingressSecret"]
 		)
-		c.SchedulingLabelValue = schedulingLabelValue
-	}
-
-	// Validate that the scheduling labels are now set
-	if len(c.SchedulingLabelKey) == 0 || len(c.SchedulingLabelValue) == 0 {
-		return errMissingSchedulingLabels
+		if len(c.IngressHost) == 0 && len(ingressHost) > 0 {
+			log.Info("setting default value for IngressHost",
+				zap.String("ingressHost", ingressHost),
+			)
+			c.IngressHost = ingressHost
+		}
+		if len(c.IngressSecret) == 0 && len(ingressSecret) > 0 {
+			log.Info("setting default value for IngressSecret",
+				zap.String("ingressSecret", ingressSecret),
+			)
+			c.IngressSecret = ingressSecret
+		}
+		if len(c.IngressHost) == 0 {
+			return errMissingIngressHost
+		}
 	}
 
 	return nil
@@ -150,8 +179,8 @@ func (p *KubeRuntime) readState(ctx context.Context) error {
 	)
 
 	// Validate that it will be possible to construct accessible URIs when running external to the kube cluster
-	if !IsRunningInCluster() && len(runtimeConfig.BaseAccessibleURI) == 0 {
-		return errors.New("BaseAccessibleURI must be set when running outside of the kubernetes cluster")
+	if !IsRunningInCluster() && len(runtimeConfig.IngressHost) == 0 {
+		return errors.New("IngressHost must be set when running outside of the kubernetes cluster")
 	}
 
 	clientset, err := p.getClientset()
@@ -207,11 +236,18 @@ func (p *KubeRuntime) GetAccessibleURI() string {
 		return p.node.URI
 	}
 
-	baseURI := p.runtimeConfig().BaseAccessibleURI
-	nodeID := p.node.NodeID.String()
-	networkUUID := p.node.network.UUID
+	var (
+		protocol      = "http"
+		nodeID        = p.node.NodeID.String()
+		networkUUID   = p.node.network.UUID
+		runtimeConfig = p.runtimeConfig()
+	)
+	// Assume tls is configured for an ingress secret
+	if len(runtimeConfig.IngressSecret) > 0 {
+		protocol = "https"
+	}
 
-	return fmt.Sprintf("%s/networks/%s/%s", baseURI, networkUUID, nodeID)
+	return fmt.Sprintf("%s://%s/networks/%s/%s", protocol, runtimeConfig.IngressHost, networkUUID, nodeID)
 }
 
 // GetAccessibleStakingAddress retrieves a StakingAddress for the node intended to be
@@ -993,6 +1029,35 @@ func (p *KubeRuntime) createNodeIngress(ctx context.Context, serviceName string)
 		pathType    = networkingv1.PathTypeImplementationSpecific
 	)
 
+	// Build the ingress rules
+	ingressRules := []networkingv1.IngressRule{
+		{
+			IngressRuleValue: networkingv1.IngressRuleValue{
+				HTTP: &networkingv1.HTTPIngressRuleValue{
+					Paths: []networkingv1.HTTPIngressPath{
+						{
+							Path:     pathPattern,
+							PathType: &pathType,
+							Backend: networkingv1.IngressBackend{
+								Service: &networkingv1.IngressServiceBackend{
+									Name: serviceName,
+									Port: networkingv1.ServiceBackendPort{
+										Number: config.DefaultHTTPPort,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	// Add host if not localhost
+	if !strings.HasPrefix(runtimeConfig.IngressHost, "localhost") {
+		ingressRules[0].Host = runtimeConfig.IngressHost
+	}
+
 	ingress := &networkingv1.Ingress{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      serviceName,
@@ -1012,31 +1077,20 @@ func (p *KubeRuntime) createNodeIngress(ctx context.Context, serviceName string)
 		},
 		Spec: networkingv1.IngressSpec{
 			IngressClassName: &ingressClassName,
-			Rules: []networkingv1.IngressRule{
-				{
-					IngressRuleValue: networkingv1.IngressRuleValue{
-						HTTP: &networkingv1.HTTPIngressRuleValue{
-							Paths: []networkingv1.HTTPIngressPath{
-								{
-									Path:     pathPattern,
-									PathType: &pathType,
-									Backend: networkingv1.IngressBackend{
-										Service: &networkingv1.IngressServiceBackend{
-											Name: serviceName,
-											Port: networkingv1.ServiceBackendPort{
-												Number: config.DefaultHTTPPort,
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
+			Rules:            ingressRules,
 		},
 	}
 
+	// Add TLS configuration if IngressSecret is set
+	if len(runtimeConfig.IngressSecret) > 0 && !strings.HasPrefix(runtimeConfig.IngressHost, "localhost") {
+		ingress.Spec.TLS = []networkingv1.IngressTLS{
+			{
+				Hosts:      []string{runtimeConfig.IngressHost},
+				SecretName: runtimeConfig.IngressSecret,
+			},
+		}
+	}
+
 	_, err = clientset.NetworkingV1().Ingresses(namespace).Create(ctx, ingress, metav1.CreateOptions{})
 	if err != nil {
 		return fmt.Errorf("failed to create Ingress: %w", err)

tests/fixture/tmpnet/start_kind_cluster.go

@@ -112,6 +112,10 @@ func StartKindCluster(
 		return fmt.Errorf("failed to deploy ingress controller: %w", err)
 	}
 
+	if err := createDefaultsConfigMap(ctx, log, configPath, configContext, DefaultTmpnetNamespace); err != nil {
+		return fmt.Errorf("failed to create defaults ConfigMap: %w", err)
+	}
+
 	return nil
 }
 
@@ -410,3 +414,48 @@ func runHelmCommand(ctx context.Context, args ...string) error {
 	cmd.Stderr = os.Stderr
 	return cmd.Run()
 }
+
+// createDefaultsConfigMap creates a ConfigMap containing defaults for the tmpnet namespace.
+func createDefaultsConfigMap(ctx context.Context, log logging.Logger, configPath string, configContext string, namespace string) error {
+	clientset, err := GetClientset(log, configPath, configContext)
+	if err != nil {
+		return fmt.Errorf("failed to get clientset: %w", err)
+	}
+
+	configMapName := defaultsConfigMapName
+
+	// Check if configmap already exists
+	_, err = clientset.CoreV1().ConfigMaps(namespace).Get(ctx, configMapName, metav1.GetOptions{})
+	if err == nil {
+		log.Info("defaults ConfigMap already exists",
+			zap.String("namespace", namespace),
+			zap.String("configMap", configMapName),
+		)
+		return nil
+	}
+	if !apierrors.IsNotFound(err) {
+		return fmt.Errorf("failed to check for configmap %s/%s: %w", namespace, configMapName, err)
+	}
+
+	log.Info("creating defaults ConfigMap",
+		zap.String("namespace", namespace),
+		zap.String("configMap", configMapName),
+	)
+
+	configMap := &corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      configMapName,
+			Namespace: namespace,
+		},
+		Data: map[string]string{
+			ingressHostKey: "localhost:30791",
+		},
+	}
+
+	_, err = clientset.CoreV1().ConfigMaps(namespace).Create(ctx, configMap, metav1.CreateOptions{})
+	if err != nil {
+		return fmt.Errorf("failed to create configmap %s/%s: %w", namespace, configMapName, err)
+	}
+
+	return nil
+}

tests/fixture/tmpnet/yaml/tmpnet-rbac.yaml

@@ -28,6 +28,9 @@ rules:
 - apiGroups: ["networking.k8s.io"]
   resources: ["ingresses"]
   verbs: ["get", "create"]
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["get"]
 - apiGroups: [""]
   resources: ["endpoints"]
   verbs: ["get"]

tests/load2/main/main.go

@@ -67,7 +67,7 @@ func main() {
 	e2e.NewTestEnvironment(tc, flagVars, network)
 
 	ctx := tests.DefaultNotifyContext(0, tc.DeferCleanup)
-	wsURIs, err := tmpnet.GetNodeWebsocketURIs(ctx, network.Nodes, blockchainID, tc.DeferCleanup)
+	wsURIs, err := tmpnet.GetNodeWebsocketURIs(network.Nodes, blockchainID)
 	require.NoError(err)
 
 	registry := prometheus.NewRegistry()