Catalyst Blockchain Manager
Hyperledger Fabric Service 2.3.0
Search…
⌃K
Links

Installation Instructions

Prerequisites

1. Setup Kubernetes or OpenShift cluster

Supported version of OpenShift: 4.7. Supported version of Kubernetes: 1.17 and later. We recommend AWS (EKS) or Google Cloud (GKE), but you can install it on a standalone cluster as well.
Define your cluster size considering the following minimum requirements and your business needs:
1. Minimal requirements for the Catalyst Blockchain Platform Hyperledger Fabric service for one organization — 1 instance with:
  • 2 core CPU
  • 4GB RAM
  • 10GB disk space
2. Each node (CA, orderer, or peer) that will be deployed consumes additional resources. Minimal requirements for one node:
Node
CPU
Memory, Mi
Storage, Gi
CA
0.1
128
1
Peer
0.1
128
1
Orderer
0.1
128
1
Note: Deciding on the size of the cluster, please consider the expected load of the nodes and increase these values accordingly.
3. Each chaincode installed to a peer runs as a separate pod and consumes additional resources (CPU and RAM).

2. Install Helm to your workstation

Installation manuals: https://helm.sh/docs/intro/install/ No customization is needed.
Supported version of Helm: 3.*.

3. Install Traefik ingress

The ingress-controller is needed for traffic routing to expose nodes (peer, CA, orderer). The Catalyst Blockchain Platform Hyperledger Fabric service creates a CRD resource (IngressRouteTCP in case of using Traefik or Route in case of using OpenShift), that is automatically started and deleted along with each node.
Installation manuals: https://github.com/traefik/traefik-helm-chart No customization is needed, the default port ( :443 ) for HTTPS traffic will be used.
Note: We recommend installing Traefik to a separate namespace from the application (creation of a namespace for the Catalyst Blockchain Platform Hyperledger Fabric service is described in step 6).
Supported version of Traefik: 2.3.
In case of using OpenShift, you should skip this step and specify it in the Helm chart values later (Helm chart values are described in the Setup section), because OpenShift has a built-in ingress-controller server.

4. Install cert-manager to create TLS certificate

TLS certificate is needed for secured communication between a User and the Сatalyst Blockchain Platform Hyperledger Fabric service components.
Installation manuals: https://cert-manager.io/docs/installation/helm/ We recommend using the last release of the official helm chart.
Note: You can skip this step and specify your TLS certificate and key as a Kubernetes secret in Helm chart values instead later (Helm chart values are described in the Setup section). You can find the manual on how to create a Kubernetes secret here: https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets

5. Create an A-record in a zone in your domain's DNS management panel and assign it to the load balancer created upon Traefik or OpenShift installation

Catalyst Blockchain Platform Hyperledger Fabric service needs a wildcard record *.<domain> to expose nodes. All created nodes (peers, orderers, CAs) will have a <NodeName>.<domainName> address.
For example, in case you are using AWS, follow these steps:
  1. 1.
    Go to the Route53 service.
  2. 2.
    Create a new domain or choose the existing domain.
  3. 3.
    Create an A record.
  4. 4.
    Switch “alias” to ON.
  5. 5.
    In the “Route traffic to” field select “Alias to application and classic load balancer.”
  6. 6.
    Select your region (where the cluster is installed).
  7. 7.
    Select an ELB balancer from the drop-down list.*
*Choose the ELB balancer, which was automatically configured upon the Traefik chart installation as described in step 3 (or upon OpenShift installation in case of using OpenShift). You can check the ELB by the following command:
kubectl get svc -n ${ingress-namespace}
where ${ingress-namespace} — the name of the namespace, where the ingress was installed. ELB is displayed in the EXTERNAL-IP field.

6. Create a namespace for the Catalyst Blockchain Platform Hyperledger Fabric service application

kubectl create ns ${ns_name}
where ${ns_name} — name of namespace (can be any). 6.1. Get the credentials to the Helm repository in the JFrog artifactory provided by the IntellectEU admin team.
6.2. Add the repo to Helm with the username and password provided:
helm repo add catbp <https://intellecteu.jfrog.io/artifactory/catbp-helm> --username ${ARTIFACTORY_USERNAME} --password ${ARTIFACTORY_PASSWORD}
As a result: "catbp" has been added to your repositories

7. Create an ImagePullSecret to access the Catalyst Blockchain Platform Hyperledger service deployable images

For example, create this Secret, naming it intellecteu-jfrog-access:
kubectl create secret intellecteu-jfrog-access regcred --docker-server=intellecteu-catbp-docker.jfrog.io --docker-username=${your-name} --docker-password=${your-password} --docker-email=${your-email} -n ${ns_name}
where:
  • ${your-name} — your Docker username.
  • ${your-password} — your Docker password.
  • ${your-email} — your Docker email.
  • ${ns_name} — the namespace created for the Catalyst Blockchain Platform Hyperledger Fabric service on the previous step.

8. Deploy a message broker

A message broker is needed by the Catalyst Blockchain Platform Hyperledger Fabric service to schedule commands, emit events, and control workflows.
Currently, only RabbitMQ is supported.
Version: 3.7 and later.
No specific configurations are needed. You can check the official production checklist: https://www.rabbitmq.com/production-checklist.html
We recommend 1GB RAM as a minimum setup.
Info: In case you want to use a readiness check and use a private repository for the image, you should create a “secret” file with your credentials in Kubernetes/OpenShift for further specifying it in the Helm chart upon Catalyst Blockchain Platform installation. Please refer to the official Kubernetes documentation: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
Helm chart configuration instructions you will find here.

9. Deploy a database

A database is required by the Catalyst Blockchain Platform Hyperledger Fabric service to support internal architecture for workflows as well as store users' action logs.
Info: No secure data is stored in the database.
Catalyst Blockchain Platform supports PostgreSQL and MySQL. You can use any.
Supported version of PostgreSQL: 12.8 and later.
Supported version of MySQL: 8.0.21 and later.
No specific configurations are needed. You can use the official manuals:
We recommend 1GB RAM as a minimum setup.
Info: In case you want to use a readiness check and use a private repository for the image, you should create a “secret” file with your credentials in Kubernetes/OpenShift for further specifying it in the Helm chart upon Catalyst Blockchain Platform installation. Please refer to the official Kubernetes documentation: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
Helm chart configuration instructions you will find here.

As a result, you will get:

  1. 1.
    Kubernetes (or Openshift) cluster deployed.
  2. 2.
    Helm installed to your workstation.
  3. 3.
    Traefik ingress installed to your Kubernetes cluster. In case of using OpenShift, you should skip this step. You will specify OpenShift in the Helm chart values instead (as described in the Setup section).
  4. 4.
    Cert-manager installed to your cluster or TLS certificate prepared.
  5. 5.
    A-record created, for example, in your account on AWS or Google Cloud.
  6. 6.
    Namespace created in your cluster and Helm repository added to your workstation.
  7. 7.
    Kubernetes (OpenShift) secret created in the namespace on your Kubernetes (OpenShift) cluster.
  8. 8.
    A message broker (RabbitMQ) deployed.
  9. 9.
    A database deployed.

Setup

Configure helm chart values

Following values are needed to be configured.
  • domainName
# -- address where the application will be hosted. All created nodes (peers, orderers, cas) will have <NodeName>.proxy.<domainName> address
domainName: ""
  • auth
You can choose one of two possible methods:
  • basicAuth
  • openID
# -- auth config
auth:
# -- enabled auth for api/v1 endpoints
enabled: true
# -- available methods are: 'basic', 'openid'
method: basic
# -- BasicAuth
basic:
## -- BasicAuth username
username: ""
## -- BasicAuth password
password: ""
# -- OpenID authorization scheme. Only public access type is supported.
openid:
## --OpenID provider endpoint for obtaining access token
url: ""
## -- OpenID configuration is a Well-known URI Discovery Mechanism
wellKnownURL: ""
## - OpenID client ID
clientID: ""
  • openshiftRoute
Specify enabled = true in case of using OpenShift.
# -- Route for Openshift Controller
openshiftRoute:
enabled: false
# -- it requires a raw certificate here
certificate: ""
# -- it requires a raw private key here
key: ""
  • ingressConfig
ingressConfig:
# -- specify whether to create IngresRoute resource
enabled: false
# -- #Currently supported traefik and openshift ingress controller: [traefik, openshift]
provider: traefik
tls:
enabled: false
# -- Certificate and Issuer will be created with Cert-Manager. Names will be autogenerated.
# if `certManager.enabled` `ingressConfig.tls.secretName` will be ignored
certManager:
enabled: false
server: "https://acme-staging-v02.api.letsencrypt.org/directory"
# -- secret name with own tls certificate to use with ingress
secretName: ""
tlsStore:
enabled: false
  • amqp
Configure connection settings to your message broker.
# -- external RabbitMQ Message broker parameters
amqp:
readinessCheck:
# -- Whether to perform readiness check with initContainer. Simple `nc` command
enabled: true
# -- which image to use for initContainer performing readiness check
initContainer:
image:
repository: busybox
pullPolicy: IfNotPresent
tag: latest
# -- example values for rabbitmq queue. change them for your env
host: "rabbitmq.rabbitmq"
port: "5672"
username: "test1"
password: "Abcd1234"
vhost: "test1"
Info: In case of using a private repository specify the secret you created before in the api.imagePullSecrets section:
api:
imagePullSecrets:
- name: mysecret1 # for registry with api images
- name: mysecret2 # for registry with busybox images
  • database
Configure connection settings to your database.
# -- external database parameters
database:
readinessCheck:
# -- Whether to perform readiness check with initContainer. Simple `nc` command
enabled: true
# -- which image to use for initContainer performing readiness check
initContainer:
image:
repository: busybox
pullPolicy: IfNotPresent
tag: latest
# -- database type. `postgres` or `mysql` can be specified here
type: postgres
# -- example values for postgres database. change them for your env
host: "postgresql.postgresql"
port: "5432"
username: "test1"
password: "Abcd1234"
dbname: "test1"
Info: In case of using a private repository specify the secret you created before in the api.imagePullSecrets section:
api:
imagePullSecrets:
- name: mysecret1 # for registry with api images
- name: mysecret2 # for registry with busybox images
You can configure other helm chart values if needed. You can see the full list of values here:
## -- Declare variables to be passed into your templates.
# -- address where application will be hosted. All created nodes (peers, orderers, cas) will have <NodeName>.<domainName> address
domainName: ""
# -- available envs: prod, staging, testing, dev. For customer usage suggested only 'prod'
logs:
level: info
# -- auth config
auth:
# -- enabled auth for api/v1 endpoints
enabled: true
# -- available methods are: `basic`, `openid`
method: basic
# -- BasicAuth
basic:
## -- BasicAuth username
username: ""
## -- BasicAuth password
password: ""
# -- OpenID authorization mechanism
openid:
## --OpenID provider endpoint for obtaining access token
url: ""
## -- OpenID configuration is a Well-known URI Discovery Mechanism
wellKnownURL: ""
## - OpenID client ID
clientID: ""
# # - OpenID client secret
# clientSecret: ""
# -- Whether to parse and send logs to centralised storage
# FluentD Output Configuration. Fluentd aggregates and parses logs
# FluentD is a part of Logging Operator. CRs `Output` and `Flow`s will be created
logOutput:
# -- This section defines Loki specific configuration
loki:
enabled: false
# -- url of loki instance
url: http://loki.logging.svc.cluster.local:3100
# -- labels to set on log streams
# format `label_name`: `log_field_name`
labels:
namespace: namespace
app_name: app_name
# -- This section defines logz.io specific configuration
logzIo:
enabled: false
# -- message bus configuration
messageBus:
queue: message_bus
topic: message_bus_exchange
# -- this module enabled integration with prometheus-operator. Fetches metrics from all the peers, orderers and CAs in the system
monitoring:
# -- specify whether to create monitoring resources
# prometheus operator and grafana need to be installed beforehand
enabled: false
# -- configuration for ServiceMonitor resource
serviceMonitor:
enabled: false
# -- how often to pull metrics from resources
interval: 15s
# -- HTTP path to scrape for metrics
path: /metrics
# -- RelabelConfigs to apply to samples before scraping
relabelings: []
# -- MetricRelabelConfigs to apply to samples before ingestion
metricRelabelings: []
grafana:
# -- grafana default admin username and email. Grafana is authenticated through default API authentication automatically.
user: admin
# -- grafana defaul path to dashboard
dashboardPath: "/grafana/d/pUnN6JgWz/hyperledger-fabric-monitoring?orgId=1&refresh=30s&kiosk&var-namespace="
# -- grafana service and port for ingress
service:
name: grafana
namespace: monitoring
port: 80
# -- Route for Openshift Controller
openshiftRoute:
enabled: false
# -- it requires a raw certificate here
certificate: ""
# -- it requires a raw private key here
key: ""
# -- IngressRoute for Traefik Ingress Controller
ingressConfig:
# -- specify whether to create IngresRoute resource
enabled: false
# -- #Currently supported traefik and openshift ingress controller: [traefik, openshift]
provider: traefik
tls:
enabled: false
# -- Certificate and Issuer will be created with Cert-Manager. Names will be autogenerated.
# if `certManager.enabled` `ingressConfig.tls.secretName` will be ignored
certManager:
enabled: false
server: "https://acme-staging-v02.api.letsencrypt.org/directory"
# -- secret name with own tls certificate to use with ingress
secretName: ""
tlsStore:
enabled: false
rbac:
# -- Whether to create RBAC Resourses (Role, SA, RoleBinding)
enabled: true
# -- Service Account Name to use for api, ui, operator, consumer
serviceAccountName: fabric-console
# operator component values
operator:
# -- number of operator pods to run
replicaCount: 1
# -- operator image settings
image:
repository: intellecteu-catbp-docker.jfrog.io/catbp/fabric-platform/fabric-console
pullPolicy: Always
tag: 2.3
# -- operator image pull secrets
imagePullSecrets:
- name: intellecteu-jfrog-access
# -- annotations for operator pods
podAnnotations: {}
# -- security context on a pod level
podSecurityContext: {}
# -- security context on a container level
securityContext: {}
# -- CPU and Memory requests and limits
resources:
limits:
cpu: "150m"
memory: "300Mi"
requests:
cpu: "100m"
memory: "100Mi"
# -- Specify Node Labels to place operator pods on
nodeSelector: {}
# -- https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
tolerations: []
# -- https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
affinity: {}
# -- metrics server and Prometheus Operator configuration
metrics:
# -- should metrics server be enabled
enabled: false
# -- service port for metrics server
servicePort: 8082
# -- container port for metrics server
containerPort: 8082
# -- HTTP path to scrape for metrics.
path: /metrics
serviceMonitor:
# -- should ServiceMonitor be created
enabled: false
# -- how often to pull metrics from resources
interval: 30s
# -- RelabelConfigs to apply to samples before scraping
relabelings: []
# -- MetricRelabelConfigs to apply to samples before ingestion.
metricRelabelings: []
## api component values
api:
# -- api autoscaling settings
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# -- number of api pods to run
replicaCount: 1
# -- api image settings
image:
repository: intellecteu-catbp-docker.jfrog.io/catbp/fabric-platform/fabric-console
pullPolicy: Always
tag: 2.3
# -- api image pull secrets
imagePullSecrets:
- name: intellecteu-jfrog-access
# -- api service port and name
service:
port: 8000
portName: http
# -- annotations for api pods
podAnnotations: {}
# -- securtiry context on a pod level
podSecurityContext: {}
# -- security context on a container level
securityContext: {}
# -- CPU and Memory requests and limits
resources:
limits:
cpu: "150m"
memory: "500Mi"
requests:
cpu: "100m"
memory: "200Mi"
# -- Specify Node Labels to place api pods on
nodeSelector: {}
# -- https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
tolerations: []
# -- https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
affinity: {}
# -- metrics server and Prometheus Operator configuration
metrics:
# -- should metrics server be enabled
enabled: false
# -- service port for metrics server
servicePort: 8082
# -- container port for metrics server
containerPort: 8082
# -- HTTP path to scrape for metrics.
path: /metrics
serviceMonitor:
# -- should ServiceMonitor be created
enabled: false
# -- how often to pull metrics from resources
interval: 30s
# -- RelabelConfigs to apply to samples before scraping
relabelings: []
# -- MetricRelabelConfigs to apply to samples before ingestion.
metricRelabelings: []
ui:
# -- number of ui pods to run
replicaCount: 1
# -- ui image settings
image:
repository: intellecteu-catbp-docker.jfrog.io/catbp/fabric-platform/fabric-console-ui
tag: 2.3
# -- api image pull secrets
imagePullSecrets:
- name: intellecteu-jfrog-access
# -- ui service port and name
service:
port: 3001
portName: http
# -- annotations for consumer pods
podAnnotations: {}
# -- security context on a pod level
podSecurityContext: {}
# -- security context on a container level
securityContext: {}
# -- CPU and Memory requests and limits
resources:
limits:
cpu: "100m"
memory: "100Mi"
requests:
cpu: "30m"
memory: "50Mi"
# -- Specify Node Labels to place ui pods on
nodeSelector: {}
# -- https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
tolerations: []
# -- https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
affinity: {}
# -- external RabbitMQ Message broker parameters
amqp:
readinessCheck:
# -- Whether to perform readiness check with initContainer. Simple `nc` command
enabled: true
# -- which image to use for initContainer performing readiness check
initContainer:
image:
repository: busybox
pullPolicy: IfNotPresent
tag: latest
# -- example values for rabbitmq queue. change them for your env
host: "rabbitmq.rabbitmq"
port: "5672"
username: "test1"
password: "Abcd1234"
vhost: "test1"
# -- external database parameters
database:
readinessCheck:
# -- Whether to perform readiness check with initContainer. Simple `nc` command
enabled: true
# -- which image to use for initContainer performing readiness check
initContainer:
image:
repository: busybox
pullPolicy: IfNotPresent
tag: latest
# -- database type. `postgres` or `mysql` can be specified here
type: postgres
# -- example values for postgres database. change them for your env
host: "postgresql.postgresql"
port: "5432"
username: "test1"
password: "Abcd1234"
dbname: "test1"

Install the Catalyst Blockchain Platform Hypeledger Fabric service

Use the following command:
helm upgrade --install ${fabric_release_name} catbp/fabric-console --values values.yaml -n ${ns_name}
where:
  • ${fabric_release_name} — name of the Catalyst Blockchain Platform Hypeledger Fabric service
    release. You can choose any name/alias. It is used to address for updating, deleting the Helm chart.
  • catbp/fabric-console— chart name, where “catbp” is a repository name, “fabric-console” is the chart name.
  • values.yaml — a values file.
  • ${ns_name} — name of the namespace you've created before.
You can check the status of the installation by using these commands:
  • helm ls— check the "status" field of the installed chart.
Status “deployed” should be shown.
  • kubectl get pods— get the status of applications separately.
All pods statuses must be “running.”
  • kubectl describe pod $pod_name — get detailed information about pods.