This folder contains the helm charts which are used for the deployment of the Hyperledger Quorum components. Each helm that you can use has the following keys and you need to set them. The global.cluster.provider
is used as a key for the various cloud features enabled. Also you only need to specify one cloud provider, not both if deploying to cloud. As of writing this doc, AWS is fully supported.
global:
serviceAccountName: vault-auth
cluster:
provider: aws # choose from: minikube | aws
cloudNativeServices: false # future: set to true to use Cloud Native Services
kubernetesUrl: "https://yourkubernetes.com" # Provide the k8s URL, ignore if not using Hashicorp Vault
vault:
type: hashicorp # choose from hashicorp | kubernetes
network: quorum # must be quorum for these charts
# Following are necessary only when hashicorp vault is used.
address: http://vault.url:8200
authPath: supplychain
secretEngine: secretsv2
secretPrefix: "data/supplychain"
role: vault-role
- Kubernetes Cluster (either Managed cloud option like EKS or local like minikube)
- Accessible and unsealed Hahsicorp Vault (if using Vault)
- Configured Ambassador AES (if using Ambassador as proxy)
- Update the dependencies
helm dependency update quorum-genesis helm dependency update quorum-node
helm install genesis ./quorum-genesis --namespace supplychain-quo --create-namespace --values ./values/noproxy-and-novault/genesis.yaml
# Install validator nodes
helm install validator-0 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml
helm install validator-1 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml
helm install validator-2 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml
helm install validator-3 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml
helm install member-0 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/txnode.yaml
# Get the genesis and static nodes from existing member and place them in the directory 'besu-genesis/files'
cd ./quorum-genesis/files/
kubectl --namespace supplychain-quo get configmap quorum-peers -o jsonpath='{.data.static-nodes\.json}' > static-nodes.json
kubectl --namespace supplychain-quo get configmap quorum-genesis -o jsonpath='{.data.genesis\.json}' > genesis.json
# Install secondary genesis node
helm install genesis ./quorum-genesis --namespace carrier-quo --create-namespace --values ./values/noproxy-and-novault/genesis-sec.yaml
# Install secondary member node
helm install member-1 ./quorum-node --namespace carrier-quo --values ./values/noproxy-and-novault/txnode-sec.yaml
- To securely integrate AWS Secrets Manager with an EKS Cluster, refer to the guide available here.
- After completing all the steps mentioned in the guide, keep the IAM Role ARN handy. For example, it should look something like this:
arn:aws:iam::<account-id>:role/BevelEKSSecretsRole
helm install genesis ./quorum-genesis --namespace supplychain-quo --create-namespace --values ./values/noproxy-and-novault/genesis.yaml --set global.cluster.cloudNativeServices=true,global.cluster.secretManagerArn="<YOUR_AWS_SECRET_MANAGER_ROLE_ARN>",global.cluster.secretManagerRegion="<YOUR_AWS_REGION>"
helm install validator-0 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml --set global.cluster.cloudNativeServices=true,global.cluster.secretManagerRegion="<YOUR_AWS_REGION>"
helm install validator-1 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml --set global.cluster.cloudNativeServices=true,global.cluster.secretManagerRegion="<YOUR_AWS_REGION>"
helm install validator-2 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml --set global.cluster.cloudNativeServices=true,global.cluster.secretManagerRegion="<YOUR_AWS_REGION>"
helm install validator-3 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml --set global.cluster.cloudNativeServices=true,global.cluster.secretManagerRegion="<YOUR_AWS_REGION>"
helm install member-0 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/txnode.yaml --set global.cluster.cloudNativeServices=true,global.cluster.secretManagerRegion="<YOUR_AWS_REGION>",tessera.enabled=false
# 5.1. Get the genesis and static nodes from existing member and place them in the directory 'besu-genesis/files'
cd ./quorum-genesis/files/
kubectl --namespace supplychain-quo get configmap quorum-peers -o jsonpath='{.data.static-nodes\.json}' > static-nodes.json
kubectl --namespace supplychain-quo get configmap quorum-genesis -o jsonpath='{.data.genesis\.json}' > genesis.json
# 5.2. Install secondary genesis node
helm install genesis ./quorum-genesis --namespace carrier-quo --create-namespace --values ./values/noproxy-and-novault/genesis-sec.yaml --set global.cluster.cloudNativeServices=true,global.cluster.secretManagerArn="<YOUR_AWS_SECRET_MANAGER_ROLE_ARN>"
# 5.3. Install secondary member node
helm install member-1 ./quorum-node --namespace carrier-quo --values ./values/noproxy-and-novault/txnode-sec.yaml --set global.cluster.cloudNativeServices=true,global.cluster.secretManagerRegion="<YOUR_AWS_REGION>",tessera.enabled=false
# Create a namespace
kubectl create namespace supplychain-quo
# Create the roottoken secret
kubectl -n supplychain-quo create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN>
# Install the genesis node
helm install genesis ./quorum-genesis --namespace supplychain-quo --values ./values/proxy-and-vault/genesis.yaml
# Install validator nodes
helm install validator-0 ./quorum-node --namespace supplychain-quo --values ./values/proxy-and-vault/validator.yaml --set global.proxy.p2p=15011
helm install validator-1 ./quorum-node --namespace supplychain-quo --values ./values/proxy-and-vault/validator.yaml --set global.proxy.p2p=15012
helm install validator-2 ./quorum-node --namespace supplychain-quo --values ./values/proxy-and-vault/validator.yaml --set global.proxy.p2p=15013
helm install validator-3 ./quorum-node --namespace supplychain-quo --values ./values/proxy-and-vault/validator.yaml --set global.proxy.p2p=15014
# Deploy Quorum and Tessera node pair
helm install member-0 ./quorum-node --namespace supplychain-quo --values ./values/proxy-and-vault/txnode.yaml --set global.proxy.p2p=15015
# Get the genesis and static nodes from existing member and and place them in the directory 'quorum-genesis/files'
cd ./quorum-genesis/files/
kubectl --namespace supplychain-quo get configmap quorum-peers -o jsonpath='{.data.static-nodes\.json}' > static-nodes.json
kubectl --namespace supplychain-quo get configmap quorum-genesis -o jsonpath='{.data.genesis\.json}' > genesis.json
# Create a new namespace
kubectl create namespace carrier-quo
# Create the roottoken secret
kubectl -n carrier-quo create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN>
# Install secondary genesis node
helm install genesis ./quorum-genesis --namespace carrier-quo --create-namespace --values ./values/proxy-and-vault/genesis-sec.yaml
# Install secondary member node
helm install member-0 ./quorum-node --namespace carrier-quo --values ./values/proxy-and-vault/txnode-sec.yaml --set global.proxy.p2p=15016
Once your services are deployed, they can be accessed using the domain name provided in your global.proxy.externalUrlSuffix
.
-
Retrieve the Source Host for Your Node
Run the following command to get the mapping for your node:
kubectl get mapping --namespace supplychain-quo
From the output, copy the source host for your node.
-
Make HTTP RPC API Calls
You can interact with your node using HTTP RPC API calls. Here's an example of how to do it:
curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' http://<source-host>
Replace
<source-host>
with the source host you copied earlier. -
Verify the Node Syncing Status
If the node running the JSON-RPC service is syncing correctly, the previous command should return the following:
{ "jsonrpc" : "2.0", "id" : 1, "result" : "0x64" }
This confirms that your node is syncing as expected.
To deploy the proposed validator chart for IBFT, you first need to set up the Quorum DLT network. Below are the steps you can follow:
-
Deploy Quorum DLT Network: You have two options for deploying the Quorum DLT network:
- With Vault and Proxy
- Without Vault and Proxy
Choose the appropriate method based on your requirements.
-
Install Validator Chart: Utilize Helm for installing the validator chart. Ensure to adjust values accordingly:
helm install validator-4 ./quorum-propose-validator --namespace supplychain-quo --values quorum-propose-validator/values.yaml
This chart facilitates the addition or removal of validators through majority voting.
-
Verify Validator Status: Confirm the validator status by executing:
curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"istanbul_getValidators","params":["latest"],"id":1}' http://<SOURCE-HOST>
This command retrieves the current list of validators for the latest block.
Replace
<SOURCE-HOST>
with the appropriate host address.
To clean up, simply uninstall the Helm releases. It's important to uninstall the genesis Helm chart at the end to prevent any cleanup failure.
helm uninstall --namespace supplychain-quo validator-0
helm uninstall --namespace supplychain-quo validator-1
helm uninstall --namespace supplychain-quo validator-2
helm uninstall --namespace supplychain-quo validator-3
helm uninstall --namespace supplychain-quo validator-4
helm uninstall --namespace supplychain-quo member-0
helm uninstall --namespace supplychain-quo genesis
helm uninstall --namespace carrier-quo member-0
helm uninstall --namespace carrier-quo genesis