toggle quoted messageShow quoted text
You should be able to leverage coredns rewrites to avoid hairpinning traffic.
On Thu, Oct 31, 2019 at 2:18 PM Nye Liu <nye@...
Unfortunately, the internal DNS inside of a k8s cluster is
completely screwed up since a service can't have more than two
dots in them w/o a hairpin and external DNS resolution (e.g.
On 10/31/2019 10:42 AM, Alexandre
There should be no issue using k8s for Fabric gossip, and
there should be no reason you need to expose anything other
than port 443 externally. Expose your endpoints as subdomains
on 443 and map those subdomains to appropriate ports
internally. K8s has all the tools required to setup a network
in this manner.
On Thu, Oct 31, 2019 at 11:55
AM Nye Liu <nye@...
I had this issue as well with k8s.
k8s is a disaster for p2p protocols, it is a very bad
match. Great for monolithic microservice stacks, not
When get stuff running on k8s and
behind load balancer or proxy, you do not get chance
to use port 7051. As a matter of fact, on k8s in
majority of cases your port wont be 7051, that does
not mean other ports are not open. Just saying that we
should not assume that it will be always port 7051.
On Thursday, October 31, 2019, 9:33:59 AM EDT,
If you have
trouble opening ports between companies, you
shouldn't use a Blockchain at all, since
Blockchain is a decentralized peer to peer
All peer to
peer communication works through the same port
(7051 by default), it's not like you need to
open extra ports.
Re: [Hyperledger Fabric] Major security hole
in Hyperledger Fabric - Private Data is not
private #fabric #fabric-questions
#fabric-dstorage #database #dstorage
#dstorage-fabric #fabric-chaincode #ssl
Hi Dave, Alexandre, Yacov, Ivan
I think private data’s p2p
connection is a real problem (partially agree
In some commercial scenario, we need to open
firewalls for every company connecting to each
other, which is a disaster for project
And that is not the end of story.
When a new company needs to join the existing
fabric network, it needs to connect to each
company. Again, we need to open firewalls, not
only for the one newly joining, but also for
those already joined. Hard to explain to
everyone why a new company joining leads to
such a tremendous configuration change. You
don’t know how terrible it is you get
challenged by IT departments of those
companies ONE BY ONE, and you have no
Do you have solution for such
Thank you all