remove RPC requirements for CLN - fetch rune via http transfer from pod

other clean up for comments
remove rbac exec change

Author: macgyver13

resources/charts/bitcoincore/charts/cln/templates/pod.yaml

@@ -41,7 +41,12 @@ spec:
         - /bin/sh
         - -c
         - |
-          lightningd --conf=/root/.lightning/config
+          lightningd --conf=/root/.lightning/config &
+          sleep 1
+          lightning-cli createrune > /working/rune.json
+          echo "Here is the rune file contents"
+          cat /working/rune.json
+          wait
       livenessProbe:
         {{- toYaml .Values.livenessProbe | nindent 8 }}
       readinessProbe:
@@ -60,6 +65,20 @@ spec:
     {{- with .Values.extraContainers }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
+    - name: http-server
+      image: busybox
+      command: ["/bin/sh", "-c"]
+      args:
+        - |
+          echo "Starting HTTP server..."
+          busybox httpd -f -p 8080 -h /working
+      ports:
+        - containerPort: 8080
+          name: http
+      volumeMounts:
+        {{- with .Values.volumeMounts }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
   volumes:
     {{- with .Values.volumes }}
       {{- toYaml . | nindent 4 }}

resources/charts/bitcoincore/charts/cln/values.yaml

@@ -8,7 +8,6 @@ image:
   pullPolicy: IfNotPresent
   tag: "v25.02"
 
-imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
@@ -18,15 +17,8 @@ podLabels:
   mission: "lightning"
 
 podSecurityContext: {}
-  # fsGroup: 2000
 
 securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
 
 service:
   type: ClusterIP
@@ -35,22 +27,16 @@ P2PPort: 9735
 RPCPort: 9736
 RestPort: 3010
 
-# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
 ingress:
   enabled: false
   className: ""
   annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
   hosts:
     - host: chart-example.local
       paths:
         - path: /
           pathType: ImplementationSpecific
   tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
@@ -69,7 +55,7 @@ livenessProbe:
     command:
       - "/bin/sh"
       - "-c"
-      - "lightning-cli --network=regtest getinfo >/dev/null 2>&1"
+      - "lightning-cli getinfo >/dev/null 2>&1"
   failureThreshold: 3
   initialDelaySeconds: 5
   periodSeconds: 5
@@ -84,16 +70,17 @@ readinessProbe:
     command:
       - "/bin/sh"
       - "-c"
-      - "lightning-cli --network=regtest getinfo 2>/dev/null | grep -q 'id' || exit 1"
+      - "lightning-cli getinfo 2>/dev/null | grep -q 'id' || exit 1"
 
 # Additional volumes on the output Deployment definition.
-volumes: []
+volumes:
+  - name: working
+    emptyDir: {}
 
 # Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
+volumeMounts:
+  - name: working
+    mountPath: "/working"
 
 nodeSelector: {}
 

resources/charts/commander/templates/rbac.yaml

@@ -15,8 +15,8 @@ metadata:
     app.kubernetes.io/name: {{ .Chart.Name }}
 rules:
   - apiGroups: [""]
-    resources: ["pods", "configmaps", "pods/exec"]
-    verbs: ["get", "list", "watch", "exec"]
+    resources: ["pods", "configmaps"]
+    verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

resources/plugins/simln/plugin.py

@@ -11,11 +11,11 @@
 
 from warnet.constants import LIGHTNING_MISSION, PLUGIN_ANNEX, AnnexMember, HookValue, WarnetContent
 from warnet.k8s import (
+    copyfile,
     download,
     get_default_namespace,
     get_mission,
     get_static_client,
-    read_file_from_container,
     wait_for_init,
     write_file_to_container,
 )
@@ -189,7 +189,7 @@ def _generate_activity_json(activity: Optional[list[dict]]) -> str:
 
 def transfer_cln_certs(name):
     dst_container = "init"
-    cln_root = "/root/.lightning/regtest"
+    cln_root = "/root/.lightning/regtest"  # FIXME: figure out chain
     for i in get_mission(LIGHTNING_MISSION):
         ln_name = i.metadata.name
         if "cln" in i.metadata.labels["app.kubernetes.io/name"]:
@@ -219,22 +219,6 @@ def transfer_cln_certs(name):
             )
 
 
-def copyfile(pod_name, src_container, source_path, dst_name, dst_container, dst_path):
-    namespace = get_default_namespace()
-    file_data = read_file_from_container(pod_name, source_path, src_container, namespace)
-    if write_file_to_container(
-        dst_name,
-        dst_container,
-        dst_path,
-        file_data,
-        namespace=namespace,
-        quiet=True,
-    ):
-        log.info(f"Copied {source_path} to {dst_path}")
-    else:
-        log.error(f"Failed to copy {source_path} from {pod_name} to {dst_name}:{dst_path}")
-
-
 def _sh(pod, method: str, params: tuple[str, ...]) -> str:
     namespace = get_default_namespace()
 

resources/scenarios/commander.py

@@ -70,9 +70,9 @@
         )
 
     if pod.metadata.labels["mission"] == "lightning":
-        lnnode = LND(pod.metadata.name)
+        lnnode = LND(pod.metadata.name, pod.status.pod_ip)
         if "cln" in pod.metadata.labels["app.kubernetes.io/name"]:
-            lnnode = CLN(pod.metadata.name)
+            lnnode = CLN(pod.metadata.name, pod.status.pod_ip)
         WARNET["lightning"].append(lnnode)
 
 for cm in cmaps.items:

resources/scenarios/ln_framework/ln.py

@@ -2,14 +2,11 @@
 import http.client
 import json
 import logging
-import os
 import ssl
 from abc import ABC, abstractmethod
 from time import sleep
-from typing import Optional
 
-from kubernetes import client, config
-from kubernetes.stream import stream
+import requests
 
 # hard-coded deterministic lnd credentials
 ADMIN_MACAROON_HEX = "0201036c6e6402f801030a1062beabbf2a614b112128afa0c0b4fdd61201301a160a0761646472657373120472656164120577726974651a130a04696e666f120472656164120577726974651a170a08696e766f69636573120472656164120577726974651a210a086d616361726f6f6e120867656e6572617465120472656164120577726974651a160a076d657373616765120472656164120577726974651a170a086f6666636861696e120472656164120577726974651a160a076f6e636861696e120472656164120577726974651a140a057065657273120472656164120577726974651a180a067369676e6572120867656e657261746512047265616400000620b17be53e367290871681055d0de15587f6d1cd47d1248fe2662ae27f62cfbdc6"
@@ -19,36 +16,6 @@
 INSECURE_CONTEXT.verify_mode = ssl.CERT_NONE
 
 
-# execute kubernetes command
-def run_command(name, command: list[str], namespace: Optional[str] = "default") -> str:
-    if os.getenv("KUBERNETES_SERVICE_HOST") and os.getenv("KUBERNETES_SERVICE_PORT"):
-        config.load_incluster_config()
-    else:
-        config.load_kube_config()
-    sclient = client.CoreV1Api()
-    resp = stream(
-        sclient.connect_get_namespaced_pod_exec,
-        name,
-        namespace,
-        command=command,
-        stderr=True,
-        stdin=False,
-        stdout=True,
-        tty=False,
-        _request_timeout=20,
-        _preload_content=False,
-    )
-    result = ""
-    while resp.is_open():
-        resp.update(timeout=5)
-        if resp.peek_stdout():
-            result += resp.read_stdout()
-        if resp.peek_stderr():
-            raise Exception(resp.read_stderr())
-    resp.close()
-    return result
-
-
 # https://github.com/lightningcn/lightning-rfc/blob/master/07-routing-gossip.md#the-channel_update-message
 # We use the field names as written in the BOLT as our canonical, internal field names.
 # In LND, Policy objects returned by DescribeGraph have completely different labels
@@ -113,19 +80,16 @@ def to_lnd_chanpolicy(self, capacity):
 
 class LNNode(ABC):
     @abstractmethod
-    def __init__(self, pod_name):
+    def __init__(self, pod_name, ip_address):
         self.name = pod_name
+        self.ip_address = ip_address
         self.log = logging.getLogger(pod_name)
         handler = logging.StreamHandler()
-        formatter = logging.Formatter(f'%(name)-8s - %(levelname)s: %(message)s')
+        formatter = logging.Formatter("%(name)-8s - %(levelname)s: %(message)s")
         handler.setFormatter(formatter)
         self.log.addHandler(handler)
         self.log.setLevel(logging.INFO)
 
-    @staticmethod
-    def param_dict_to_list(params: dict) -> list[str]:
-        return [f"{k}={v}" for k, v in params.items()]
-
     @staticmethod
     def hex_to_b64(hex):
         return base64.b64encode(bytes.fromhex(hex)).decode()
@@ -167,23 +131,20 @@ def update(self, txid_hex: str, policy: dict, capacity: int) -> dict:
 
 
 class CLN(LNNode):
-    def __init__(self, pod_name):
-        super().__init__(pod_name)
-        self.conn = http.client.HTTPSConnection(
-            host=pod_name, port=8080, timeout=5, context=INSECURE_CONTEXT
-        )
+    def __init__(self, pod_name, ip_address):
+        super().__init__(pod_name, ip_address)
+        self.conn = None
         self.headers = {}
         self.impl = "cln"
+        self.reset_connection()
 
     def reset_connection(self):
         self.conn = http.client.HTTPSConnection(
             host=self.name, port=3010, timeout=5, context=INSECURE_CONTEXT
         )
 
     def setRune(self, rune):
-        self.headers = {
-            "Rune": rune
-        }
+        self.headers = {"Rune": rune}
 
     def get(self, uri):
         attempt = 0
@@ -204,7 +165,9 @@ def get(self, uri):
                     return None
                 sleep(1)
 
-    def post(self, uri, data={}):
+    def post(self, uri, data=None):
+        if not data:
+            data = {}
         body = json.dumps(data)
         post_header = self.headers
         post_header["Content-Length"] = str(len(body))
@@ -239,37 +202,15 @@ def post(self, uri, data={}):
                     return None
                 sleep(1)
 
-    def rpc(
-        self,
-        method: str,
-        params: list[str] = None,
-        namespace: Optional[str] = "default",
-        max_tries=5,
-    ):
-        cmd = ["lightning-cli", method]
-        if params:
-            cmd.extend(params)
-        attempt = 0
-        while attempt < max_tries:
-            attempt += 1
-            try:
-                response = run_command(self.name, cmd, namespace)
-                if not response:
-                    continue
-                return response
-            except Exception as e:
-                self.log.error(f"CLN rpc error: {e}, wait and retry...")
-                sleep(2)
-        return None
-    
     def createrune(self, max_tries=2):
         attempt = 0
         while attempt < max_tries:
             attempt += 1
-            response = self.rpc("createrune")
+            response = requests.get(f"http://{self.ip_address}:8080/rune.json", timeout=5).text
             if not response:
                 sleep(2)
                 continue
+            self.log.debug(response)
             res = json.loads(response)
             self.setRune(res["rune"])
             return
@@ -367,14 +308,16 @@ def channel(self, pk, capacity, push_amt, fee_rate, max_tries=5) -> dict:
         return None
 
     def createinvoice(self, sats, label, description="new invoice") -> str:
-        response = self.post("invoice", {"amount_msat": sats * 1000, "label": label, "description": description})
+        response = self.post(
+            "invoice", {"amount_msat": sats * 1000, "label": label, "description": description}
+        )
         if response:
             res = json.loads(response)
             return res["bolt11"]
         return None
 
     def payinvoice(self, payment_request) -> str:
-        response = self.rpc("pay", {"bolt11": payment_request})
+        response = self.post("/v1/pay", {"bolt11": payment_request})
         if response:
             res = json.loads(response)
             if "code" in res:
@@ -413,8 +356,8 @@ def update(self, txid_hex: str, policy: dict, capacity: int, max_tries=2) -> dic
 
 
 class LND(LNNode):
-    def __init__(self, pod_name):
-        super().__init__(pod_name)
+    def __init__(self, pod_name, ip_address):
+        super().__init__(pod_name, ip_address)
         self.conn = http.client.HTTPSConnection(
             host=pod_name, port=8080, timeout=5, context=INSECURE_CONTEXT
         )