Add gRPC proxy for guardian's publicRPC interface.

Change-Id: Iafdf57536724b2eaaec1c62132717ab9019b177d

Tiltfile

@@ -87,6 +87,17 @@ k8s_resource("guardian", resource_deps=["proto-gen", "solana-devnet"], port_forw
     port_forward(6060, name="Debug/Status Server [:6060]"),
 ])
 
+# publicRPC proxy that allows grpc over http1, for local development
+
+k8s_yaml_with_ns("./devnet/envoy-proxy.yaml")
+
+k8s_resource("envoy-proxy", resource_deps=["guardian"],
+  objects=['envoy-proxy:ConfigMap:wormhole'],
+  port_forwards=[
+    port_forward(8080, name="gRPC proxy for guardian's publicRPC data [:8080]"),
+    port_forward(9901, name="gRPC proxy admin [:9901]"), # for proxy debugging
+])
+
 # solana agent and cli (runs alongside bridge)
 
 docker_build(

devnet/envoy-proxy.yaml

@@ -0,0 +1,128 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: envoy-proxy
+  name: envoy-proxy
+spec:
+  ports:
+  - name: http-debug
+    port: 8080
+    protocol: TCP
+  - name: admin-debug
+    port: 9901
+    protocol: TCP
+  selector:
+    app: envoy-proxy
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: envoy-proxy
+  name: envoy-proxy
+spec:
+  serviceName: envoy-proxy
+  replicas: 1
+  selector:
+    matchLabels:
+      app: envoy-proxy
+  template:
+    metadata:
+      labels:
+        app: envoy-proxy
+    spec:
+      containers:
+        - name: envoy-proxy
+          image: envoyproxy/envoy:v1.17.0@sha256:80df344b5651c57265a03b47f583c139d3ce955415746c00cf5aff08c7e78e44
+          volumeMounts:
+          - name: config-volume
+            mountPath: /etc/envoy/envoy.yaml
+            subPath: envoy.yaml
+          command: [
+            "/usr/local/bin/envoy",
+            "-c",
+            "/etc/envoy/envoy.yaml",
+            "-l",
+            "trace",
+            "--log-path",
+            "/tmp/envoy_info.log"]
+          ports:
+            - containerPort: 8080
+              name: http-debug
+              protocol: TCP
+            - containerPort: 9901
+              name: admin-debug
+              protocol: TCP
+      volumes:
+        - name: config-volume
+          configMap:
+            name: envoy-proxy
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: envoy-proxy
+  labels:
+    app: envoy-proxy
+selector:
+  matchLabels:
+    app: envoy-proxy
+data:
+  envoy.yaml: |
+    admin:
+      access_log_path: /tmp/admin_access.log
+      address:
+        socket_address: { address: 0.0.0.0, port_value: 9901 }
+
+    static_resources:
+      listeners:
+      - name: listener_0
+        address:
+          socket_address: { address: 0.0.0.0, port_value: 8080 }
+        filter_chains:
+        - filters:
+          - name: envoy.filters.network.http_connection_manager
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+              codec_type: auto
+              stat_prefix: ingress_http
+              route_config:
+                name: local_route
+                virtual_hosts:
+                - name: local_service
+                  domains: ["*"]
+                  routes:
+                  - match: { prefix: "/" }
+                    route:
+                      cluster: echo_service
+                      timeout: 0s
+                      max_stream_duration:
+                        grpc_timeout_header_max: 0s
+                  cors:
+                    allow_origin_string_match:
+                    - prefix: "*"
+                    allow_methods: GET, PUT, DELETE, POST, OPTIONS
+                    allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
+                    max_age: "1728000"
+                    expose_headers: custom-header-1,grpc-status,grpc-message
+              http_filters:
+              - name: envoy.filters.http.grpc_web
+              - name: envoy.filters.http.cors
+              - name: envoy.filters.http.router
+      clusters:
+      - name: echo_service
+        connect_timeout: 0.25s
+        type: logical_dns
+        http2_protocol_options: {}
+        lb_policy: round_robin
+        load_assignment:
+          cluster_name: cluster_0
+          endpoints:
+            - lb_endpoints:
+                - endpoint:
+                    address:
+                      socket_address:
+                        address: guardian
+                        port_value: 7070
+---