Corda Opensource Architecture Reference¶
Kubernetes¶
Peer Nodes¶
The following diagram shows how Corda peer nodes will be deployed on your Kubernetes instance.
Figure: R3 Corda Kubernetes Deployment - Peers
Notes:
- Pods are shown in blue in the diagram.
- Certificates are mounted as in-memory volumes from the vault.
- The node-pod runs corda.jar.
- The h2 database is a separate pod running in the same namespace
- All storage uses a Kubernetes Persistent Volume.
Support Services¶
The following diagram shows how the Corda Support Services (Doorman, Networkmap and Notary) will be deployed on your Kubernetes instance.
Figure: R3 Corda Kubernetes Deployment - Support Services
Notes:
- Pods are shown in blue in the diagram.
- Certificates are mounted as in-memory volumes from the vault.
- Doorman and Networkmap services have a separate MongoDB pod for data storage.
- Notary service has a separate H2 pod for data storage.
- All storage uses a Kubernetes Persistent Volume.
Components¶
Figure: Corda Components
Docker Images¶
Hyperledger Bevel creates/provides a set of Corda Docker images that can be found in the GitHub Repo or can be built as per configuring prerequisites. The following Corda Docker Images are used and needed by Hyperledger Bevel.
Vault Configuration¶
Hyperledger Bevel stores their crypto
and credentials
immediately within the secret secrets engine.
Optionally, secret_path
can be set on the network.yaml to change the secret engine from the default secretsv2/
.
Crypto Material Path | Credentials Path |
---|---|
secretsv2/<servicename> |
secretsv2/<servicename>/credentials |
secrets/doorman/credentials/mongodb
- Contains password for doorman mongodb database.
mongodbPassword="admin"
secrets/doorman/credentials/userpassword
- Contains password for doorman mongodb database user:
sa="newdbnm"
secrets/networkmap/credentials/mongodb
- Contains password for networkmap mongodb database:
mongodbPassword="newdbnm"
secrets/networkmap/credentials/userpassword
- Contains password for networkmap mongodb database user:
sa="admin"
secrets/notary/credentials/database
- Contains password for notary database for admin and user:
sa="newh2pass" notaryUser1="xyz1234" notaryUser2="xyz1236"
secrets/notary/credentials/keystore
- Contains password for notary keystore:
keyStorePassword="newpass" trustStorePassword="newpass" defaultTrustStorePassword"=trustpass" defaultKeyStorePassword="cordacadevpass" sslkeyStorePassword="sslpass" ssltrustStorePassword="sslpass"
secrets/notary/credentials/networkmappassword
- Contains password for networkmap:
sa="admin"
secrets/notary/credentials/rpcusers
- Contains password for rpc users:
notaryoperations="usera" notaryoperations1="usera" notaryoperations2="usera" notaryadmin="usera"
secrets/notary/credentials/vaultroottoken
- Contains password for vault root token in the format:
rootToken="<vault.root_token>"
secrets/<org-name>/credentials/database
- Contains password for notary database for admin and user:
sa="newh2pass" <org-name>User1="xyz1234" <org-name>User2="xyz1236"
secrets/<org-name>/credentials/keystore
- Contains password for notary keystore:
keyStorePassword="newpass" trustStorePassword="newpass" defaultTrustStorePassword"=trustpass" defaultKeyStorePassword="cordacadevpass" sslkeyStorePassword="sslpass" ssltrustStorePassword="sslpass"
secrets/<org-name>/credentials/networkmappassword
- Contains password for networkmap:
sa="admin"
secrets/<org-name>/credentials/rpcusers
- Contains password for rpc users:
<org-name>operations="usera" <org-name>operations1="usera" <org-name>operations2="usera" <org-name>admin="usera"
secrets/<org-name>/credentials/vaultroottoken
- Contains password for vault root token in the format:
rootToken="<vault.root_token>"
The complete Certificate and key paths in the vault can be referred here