When I changed the config "storageClass: swarm-storage" in bee/values.yaml, then "helm install swarm-bee bee -n swarm" , then "kubectl describe pvc data-swarm-bee-0 -n swarm".

K8s show me the message:" Warning ProvisioningFailed 10s (x22 over 5m15s) persistentvolume-controller storageclass.storage.k8s.io "swarm-storage" not found"

Why?

PUBLIC_IP=$(wget -T 2 http://169.254.169.254/latest/meta-data/public-ipv4 -q -O -);

in POD wget 169.254.169.254, timeout。 how I get meta-data ？？？

- name: init-natport image: ethersphere/busybox:1.33 command: - sh - -c - > PUBLIC_IP=$(wget -T 2 http://169.254.169.254/latest/meta-data/public-ipv4 -q -O -); export INDEX=$(echo $(hostname) | rev | cut -d'-' -f 1 | rev); NAT_PORT=$(( {{ .Values.p2pFixedPort.nodePortStart }} + INDEX )); cp -p /tmp/.bee.yaml /home/bee/.bee.yaml; printf 'nat-addr: %s:%s\n' "${PUBLIC_IP}" "${NAT_PORT}" >> /home/bee/.bee.yaml; echo 'node initialization done'; volumeMounts: - name: config-file mountPath: /home/bee - name: config mountPath: /tmp/.bee.yaml subPath: .bee.yaml

When i get in bee node bash.
I can't excute wget command.
I need to know what's the default password of bee image and how to run as root?

Problem

The bee helm chart is pinning ethersphere/bee 0.4.2. The current version is 0.5.2. This is causing issues when attempting to deploy a new chequebook by attempting to use an old factory.

Logs

Fix requested
Update values.yaml in bee chart to use latest ethersphere/bee 0.5.2.

Problem

When deploying the helm chart, errors are thrown indicating the incorrect chain ID is being used.

Logs

time="2021-03-13T10:23:13.303384116Z" level=info msg="using default factory address for chain id 5: f0277caffea72734853b834afc9892461ea18474"
time="2021-03-13T10:23:14Z" level=info msg="no chequebook found, deploying new one."
Error: chequebook init: Invalid chain id.

Fix requsted
This is caused by the lack of a CLEF_CHAINID environment variable in the container definition. Add the following to the container definition:

          env:
            - name: CLEF_CHAINID
              value: "5"

I'm confused about the helm container node.

There is only one public IP in my machine

Hi there,
How I could pass a JWT to the StatefulSet's Nethermind client?
For example, I've loaded a jwt in my values.yaml, now what args I should set up?

Any clue?
Appreciate your support.

Problem

When operating a Kubernetes cluster behind a NAT gateway, it becomes very difficult to port forward to the respective nodes to allow bee to run with maximum accessibility.

Fix requested

Configuration to allow each replica to be deployed with a custom P2P port number, or alternatively a port range / base index and iterate up the port for each replica in the StatefulSet. The service should also be adapted to allow per-pod LoadBalancer type services to be deployed, with the ability to specify the IP address range for the LoadBalancerIP.

This would then require custom per-pod bee.yaml or environment variables to allow the NAT port to be specified.

Problem
Using a singular ConfigMap hamstrings flexibility when deploying at scale where environment variables may be worthy substitutions to allow for overriding on a per-pod basis. Given that docker compose is already using env files, the ethersphere/bee and ethersphere/clef are suitable candidates for sole configuration via environment variables.

Fix Requested

• Remove ConfigMap file template
• Migrate beeConfig to an environment variable / value construct for inclusion in the statefulset

[root@k8s-master ~]# kubectl describe pod beekeeper-pingpong-27053360-2r6t8
Name: beekeeper-pingpong-27053360-2r6t8
Namespace: default
Priority: 0
Node: k8s-node-2/192.168.1.17
Start Time: Wed, 09 Jun 2021 09:20:41 +0800
Labels: controller-uid=4ba4ff1f-db5f-4939-b459-a0104dcad55d
job-name=beekeeper-pingpong-27053360
Annotations: cni.projectcalico.org/podIP:
cni.projectcalico.org/podIPs:
Status: Failed
IP: 10.18.140.116
IPs:
IP: 10.18.140.116
Controlled By: Job/beekeeper-pingpong-27053360
Containers:
beekeeper:
Container ID: docker://c9ff6254824e80957489943a7994b6cbc3b2d5dae13b76c91adedee7eda456b0
Image: ethersphere/beekeeper:latest
Image ID: docker-pullable://ethersphere/beekeeper@sha256:613f87d3996bcea9fe1dda78237659d01c41dd38376540a78c5bf86bd4d33776
Port:
Host Port:
Args:
check
--in-cluster
pingpong
State: Terminated
Reason: Error
Exit Code: 1
Started: Wed, 09 Jun 2021 09:20:42 +0800
Finished: Wed, 09 Jun 2021 09:20:42 +0800
Ready: False
Restart Count: 0
Environment:
BEEKEEPER_API_DOMAIN: staging.internal
BEEKEEPER_API_HOSTNAMES: bee-%d
BEEKEEPER_API_INSECURE_TLS: false
BEEKEEPER_API_SCHEME: https
BEEKEEPER_DEBUG_API_DOMAIN: staging.internal
BEEKEEPER_DEBUG_API_HOSTNAMES: bee-%d-debug
BEEKEEPER_DEBUG_API_INSECURE_TLS: false
BEEKEEPER_DEBUG_API_SCHEME: https
BEEKEEPER_DISABLE_NAMESPACE: false
BEEKEEPER_INSECURE_TLS: false
BEEKEEPER_NAMESPACE: bee
BEEKEEPER_NODE_COUNT: 1
BEEKEEPER_PUSH_GATEWAY: http://localhost:9091/
BEEKEEPER_PUSH_METRICS: false
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-w72nl (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-w72nl:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message

Normal Scheduled 46m default-scheduler Successfully assigned default/beekeeper-pingpong-27053360-2r6t8 to k8s-node-2
Normal Pulled 46m kubelet Container image "ethersphere/beekeeper:latest" already present on machine
Normal Created 46m kubelet Created container beekeeper
Normal Started 46m kubelet Started container beekeeper

the beekeeper can not run for the arg ' --in-cluster'

Overview

Currently documentation is lacking with respect to deploying the charts for Kubernetes. When using clef, there are some very specific rules that must be followed, otherwise it will result in a configuration that does not work.

In the template values.yaml in the bee chart, the following is featured for clef:

## If enabled it will start clef sidecar container that will auto approve every request
## Clef keys are pregenerated examples and can be replaced with other values
clefSettings:
  enabled: false
  clefKeys:
    bee-0: '{"address":"fd50ede4954655b993ed69238c55219da7e81acf","crypto":{"cipher":"aes-128-ctr","ciphertext":"1c0f603b0dffe53294c7ca02c1a2800d81d855970db0df1a84cc11bc1d6cf364","cipherparams":{"iv":"11c9ac512348d7ccfe5ee59d9c9388d3"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":262144,"p":1,"r":8,"salt":"f6d7a0947da105fa5ef70fa298f65409d12967108c0e6260f847dc2b10455b89"},"mac":"fc6585e300ad3cb21c5f648b16b8a59ca33bcf13c58197176ffee4786628eaeb"},"id":"4911f965-b425-4011-895d-a2008f859859","version":3}'
  ## Use existing secret (ignores previous clefKeys)
  # existingSecret:
  ## Password for decrypting key (please change it for production deployments)
  password: clefbeesecret
  ## Use existing password (ignores previous keyPassword)
  # existingPasswordSecret:

Requested Fix

Documentation that is required on the above:

1. How to generate multiple clefKeys to be used for deploying many nodes.
2. How to achieve (1) when using the same passphrase for all keys.
3. The fact that the bee-0 key nomenclature is assumed and has dire consequences if you install the helm with a release name anything other than 'bee'. You MUST use bee-0, bee-1 etc, and you MUST install the helm chart with a release name bee, ie. helm upgrade --install bee ethersphere/bee --values config.yaml -n namespace where config.yaml are your specific values and namespace is the namespace you wish to install the nodes in.

As a general question to those that are more experienced with clef, is it required to have masterseed.json accessible in the pod? I personally found that I had to do this to get it working. This led to a whole raft of problems when including masterseed.json from a secret and mounting it (specifically, the issues are with the securityContext settings in the Pod. You must ensure that the secret is mounted using octal notation defaultMode: 0400). This then created issues as there is an fsGroup by default. As an fsGroup is specified, Kubernetes will automatically mount the secret with 0440 privileges, and this will cause clef to throw errors and not start.

The only way I got around the aforementioned was by overwriting the securityContext, running everything as root, and deleting the fsGroup declaration in the securityContext. Obviously this has ramifications, but an option to either relax the permission checking by clef, or something else would be an ideal way to fix this?

Currently getting on bee 1.0.0
warning msg="no bootnodes defined for network ID1" due to missing mainnet config key.

[root@master bee]# helm install --generate-name ethersphere/bee
Error: failed to download "ethersphere/bee" (hint: running helm repo update may help)

How to resolve this ERROE?
Which repo can be installed?

Enable SWAP

swap_enable: true

Set swap ethereum blockchain endpoint

swap_endpoint: wss://goerli.infura.io/ws/v3/mykey-here

it is error after set swap_enable to true and set swap_endpoint.
pods error info:
Events:
Type Reason Age From Message

Normal Scheduled 8m47s default-scheduler Successfully assigned default/bzz-helm-release-bee-0 to node02
Normal Pulled 8m45s kubelet Container image "ethersphere/clef:0.4.13" already present on machine
Normal Created 8m45s kubelet Created container init-clef
Normal Started 8m45s kubelet Started container init-clef
Normal Pulled 8m41s kubelet Container image "ethersphere/bee:0.5.3" already present on machine
Normal Created 8m41s kubelet Created container bee
Normal Started 8m41s kubelet Started container bee
Normal Pulled 8m41s kubelet Container image "ethersphere/clef:0.4.13" already present on machine
Normal Created 8m40s kubelet Created container clef
Normal Started 8m40s kubelet Started container clef
Warning Unhealthy 3m40s (x27 over 8m20s) kubelet Readiness probe failed: HTTP probe failed with statuscode: 404

notice for last Warning, HTTP 404 err.
i cannot fix this issue.
i was do one my virtual box machine, ubuntu 20.04.
anyone else have the same issue?

Problem

When deploying the helm chart with clefSettings.enabled: true, the clef initContainer is missing from the resulting Helm template. This causes problems when trying to connect to the clef sidecar container from the bee container.

Fix requested
In file charts/bee/templates/statefulset.yaml:

      {{- end }}
      {{- if or .Values.libp2pSettings.enabled .Values.p2pFixedPort.enabled .Values.swarmSettings.enabled .Values.clefSettings.enabled }}
      initContainers:
        {{- if .Values.libp2pSettings.enabled }}

Problem
The API being used by the bee chart for Ingress resources is deprecated.

Logs

W0313 12:58:03.242389   80230 warnings.go:67] networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
W0313 12:58:03.244980   80230 warnings.go:67] networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress

Fix Requested

• Update to Ingress API networking.k8s.io/v1
• Update TLS definitions to use one secret to cover all sub-domains, or alternatively, automatically generate the TLS secret names for each ingress / debug ingress