Corda Opensource Architecture Reference

Kubernetes

Peer Nodes

The following diagram shows how Corda peer nodes will be deployed on your Kubernetes instance.

../_images/corda-kubernetes-node.pngFigure: R3 Corda Kubernetes Deployment - Peers

Notes:

  1. Pods are shown in blue in the diagram.
  2. Certificates are mounted as in-memory volumes from the vault.
  3. The node-pod runs corda.jar.
  4. The h2 database is a separate pod running in the same namespace
  5. All storage uses a Kubernetes Persistent Volume.

Support Services

The following diagram shows how the Corda Support Services (Doorman, Networkmap and Notary) will be deployed on your Kubernetes instance.

../_images/corda-support-services.pngFigure: R3 Corda Kubernetes Deployment - Support Services

Notes:

  1. Pods are shown in blue in the diagram.
  2. Certificates are mounted as in-memory volumes from the vault.
  3. Doorman and Networkmap services have a separate MongoDB pod for data storage.
  4. Notary service has a separate H2 pod for data storage.
  5. All storage uses a Kubernetes Persistent Volume.

Components

../_images/blockchain-automation-framework-corda.pngFigure: Corda Components

Docker Images

The Blockchain Automation Framework creates/provides a set of Corda Docker images that can be found in the Hyperledger-Labs repository or can be built as per configuring prerequisites. The following Corda Docker Images are used and needed by the Blockchain Automation Framework.

Ansible Playbooks

Detailed information on ansible playbooks can be referred here and the execution process can be referred here

Helm Charts

Detailed information on helm charts can be referred here

Vault Configuration

The Blockchain Automation Framework stores their crypto and credentials immediately within the secret secrets engine. Optionally, secret_path can be set on the network.yaml to change the secret engine from the default secretsv2/. | Crypto Material Path | Credentials Path | |———————-|———————-| | secretsv2/<servicename> | secretsv2/<servicename>/credentials |

  • secrets/doorman/credentials/mongodb - Contains password for doorman mongodb database.
mongodbPassword="admin"
  • secrets/doorman/credentials/userpassword - Contains password for doorman mongodb database user:
sa="newdbnm"
  • secrets/networkmap/credentials/mongodb - Contains password for networkmap mongodb database:
mongodbPassword="newdbnm"
  • secrets/networkmap/credentials/userpassword - Contains password for networkmap mongodb database user:
sa="admin"
  • secrets/notary/credentials/database - Contains password for notary database for admin and user:
sa="newh2pass" notaryUser1="xyz1234" notaryUser2="xyz1236"
  • secrets/notary/credentials/keystore - Contains password for notary keystore:
keyStorePassword="newpass" trustStorePassword="newpass" defaultTrustStorePassword"=trustpass" defaultKeyStorePassword="cordacadevpass" sslkeyStorePassword="sslpass" ssltrustStorePassword="sslpass"
  • secrets/notary/credentials/networkmappassword - Contains password for networkmap:
sa="admin"
  • secrets/notary/credentials/rpcusers - Contains password for rpc users:
notaryoperations="usera" notaryoperations1="usera" notaryoperations2="usera" notaryadmin="usera"
  • secrets/notary/credentials/vaultroottoken - Contains password for vault root token in the format:
rootToken="<vault.root_token>"
  • secrets/<org-name>/credentials/database - Contains password for notary database for admin and user:
sa="newh2pass" <org-name>User1="xyz1234" <org-name>User2="xyz1236"
  • secrets/<org-name>/credentials/keystore - Contains password for notary keystore:
keyStorePassword="newpass" trustStorePassword="newpass" defaultTrustStorePassword"=trustpass" defaultKeyStorePassword="cordacadevpass" sslkeyStorePassword="sslpass" ssltrustStorePassword="sslpass"
  • secrets/<org-name>/credentials/networkmappassword - Contains password for networkmap:
sa="admin"
  • secrets/<org-name>/credentials/rpcusers - Contains password for rpc users:
<org-name>operations="usera" <org-name>operations1="usera" <org-name>operations2="usera" <org-name>admin="usera"
  • secrets/<org-name>/credentials/vaultroottoken - Contains password for vault root token in the format:
rootToken="<vault.root_token>"

The complete Certificate and key paths in the vault can be referred here