Installation Instructions

Prerequisites

Setup Kubernetes cluster

We recommend AWS (EKS) or Google Cloud (GKE), but you can install it on a standalone cluster as well.

Note: Supported version of Kubernetes: 1.17.

Minimal requirements for one organization — 1 instance with:

  • 2 core CPU

  • 4GB RAM

  • 10GB disk space

Catalyst Blockchain Platform also supports OpenShift (v4.7).

Install helm to your workstation

Installation manuals: https://helm.sh/docs/intro/install/

Install traefik ingress

Installation manuals: https://doc.traefik.io/traefik/getting-started/install-traefik/#use-the-helm-chart No customization needed.

In case of using OpenShift, you can skip this step. Specify openshiftRoute.enabled = true in helm values, so our operator will be able to create v1.Route resources for each peer, orderer or CA as described here.

Install cert-manager

Needed to create SSL certificates for fabric-console for UI. Installation manuals: https://cert-manager.io/docs/installation/kubernetes/ We recommend using the official helm chart and the last release is recommended.

Note: This step is optional. You can specify a TLS certificate and key in helm chart values as a Secret instead.

# -- IngressRoute for Traefik Ingress Controller
ingressConfig:
# -- specify whether to create IngresRoute resource
enabled: true
tls:
...
secretName: "$HERE_IS_YOU_CERTIFICATE_NAME"

Create a zone in your domain's DNS management panel and assign it to the created load balancer

Catalyst Blockchain Platform needs a wildcard record *.<domain> to expose nodes. All created nodes (peers, orderers, CAs) will have a <NodeName>.<domainName> address.

Create a namespace for the Catalyst Blockchain Platform Hypeledger Fabric service application

kubectl create ns $ns_name

where $ns_name — name of namespace (could be any). Get the credentials to the helm repository in the JFrog artifactory provided by the IntellectEU admin team. Add repo to helm with the username and password provided:

helm repo add catbp <https://intellecteu.jfrog.io/artifactory/catbp-helm> --username ${ARTIFACTORY_USERNAME} --password ${ARTIFACTORY_PASSWORD}

As a result: "catbp" has been added to your repositories

Create a "secret" file in Kubernetes with the provided username and password in the namespace you created earlier

For example, create this Secret, naming it intellecteu-jfrog-access:

kubectl create secret docker-registry intellecteu-jfrog-access --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-password> --docker-email=<your-email>

where:

  • <your-registry-server> - your Private Docker Registry FQDN.

  • <your-name> - your Docker username.

  • <your-password>- your Docker password.

  • <your-email> - your Docker email.

As a result, you will get:

  • Helm installed to your workstation.

  • Traefik ingress installed to your Kubernetes cluster.

  • Cert-manager installed to your Kubernetes cluster.

  • A-record created in your account on AWS or Google Cloud.

  • Namespace created in your cluster.

  • Helm repository added to your workstation.

  • Kubernetes secret created in namespace on your kubernetes cluster.

After that you can setup Catalyst Blockchain Platform Hypeledger Fabric service to your cluster.

Setup

Configure helm chart values

Following values are needed to be configured.

  • domainName

# -- address where application will be hosted. All created nodes (peers, orderers, cas) will have <NodeName>.proxy.<domainName> address
domainName: ""
  • env

# -- available envs: prod, staging, testing, dev. For customer usage suggested only 'prod'
env: prod # use 'testing' for test env
  • auth

You can choose one of two possible methods:

  • basicAuth

  • openID

# -- auth config
auth:
# -- enabled auth for api/v1 endpoints
enabled: true
# -- secret for signing JWT
secretKey: ""
# -- available methods are: 'basic', 'openid'
method: basic
# -- BasicAuth
basic:
## -- BasicAuth username
username: ""
## -- BasicAuth password
password: ""
# -- OpenID authorization mechanism
openid:
## --OpenID provider endpoint for obtaining access token
url: ""
## -- OpenID provider endpoint for fetching end-user information
userInfoURL: ""
## - OpenID client ID
clientID: ""
## - OpenID client secret
clientSecret: ""
  • openshiftRoute

Specify enabled = true in case of using OpenShift.

# -- Route for Openshift Controller
openshiftRoute:
enabled: false
# -- it requires raw certificate here
certificate: ""
# -- it requires raw private key here
key: ""
  • ingressConfig

# -- IngressRoute for Traefik Ingress Controller or Route for Openshift
ingressConfig:
# -- specify whether to create IngresRoute resource
enabled: false
# -- enable when running inside openshift
tls:
# -- Certificate and Issuer will be created with Cert-Manager. Names will be autogenerated.
# if `certManager.enabled` `ingressConfig.tls.secretName` will be ignored
certManager:
enabled: false
server: "https://acme-staging-v02.api.letsencrypt.org/directory"
# -- secret name with own tls certificate to use with ingress
secretName: ""

You can configure other helm chart values if needed. You can see the full list of values here.

Install Catalyst Blockchain Platform Hypeledger Fabric service

Use the following command:

helm upgrade --install $fabric_release_name catbp/fabric-console --values values.yaml

where:

  • $fabric_release_name — name of Catalyst Blockchain Platform Hypeledger Fabric service

    release. You can choose any name/alias. It is used to address for updating, deleting helmchart.

  • catbp/fabric-console— chart name, where “catbp” is a repository name, “fabric-console” is a chart name.

  • values.yaml — a values file.

You can check the status of the installation by using these commands:

  • helm ls— check the "status" field of installed chart.

Status “deployed” should be shown.

  • kubectl get pods— get the status off applications separately.

All pods statuses must be “running.”

  • kubectl describe pod $pod_name — get the detailed information about pods.