Brian Behlendorf <bbehlendorf@...>
Would libp2p be helpful here? I had a
conversation with someone about how other blockchain projects use
it to abstract away some of the issues with using gossip for
networking between nodes and how it simplifies the dev
On 10/31/19 11:43 AM, Nye Liu wrote:
Yes, i have extensive hacks that do exactly that. It's a
mess and illustrates exactly how badly some of k8s networking
On 10/31/2019 11:38 AM, Alexandre
You should be able to leverage coredns rewrites to avoid
On Thu, Oct 31, 2019 at 2:18
PM Nye Liu <nye@...
Unfortunately, the internal DNS inside of a k8s
cluster is completely screwed up since a service can't
have more than two dots in them w/o a hairpin and
external DNS resolution (e.g.
On 10/31/2019 10:42 AM, Alexandre Pauwels wrote:
There should be no issue using k8s for Fabric
gossip, and there should be no reason you need to
expose anything other than port 443 externally.
Expose your endpoints as subdomains on 443 and map
those subdomains to appropriate ports internally.
K8s has all the tools required to setup a network in
On Thu, Oct 31, 2019
at 11:55 AM Nye Liu <nye@...
I had this issue as well with k8s.
k8s is a disaster for p2p protocols, it is
a very bad match. Great for monolithic
microservice stacks, not much else.
When get stuff running on k8s
and behind load balancer or proxy, you do
not get chance to use port 7051. As a matter
of fact, on k8s in majority of cases your
port wont be 7051, that does not mean other
ports are not open. Just saying that we
should not assume that it will be always
On Thursday, October 31, 2019, 9:33:59
AM EDT, Yacov <yacovm@...>
you have trouble opening ports
between companies, you shouldn't use
a Blockchain at all, since
Blockchain is a decentralized peer
to peer protocol.
peer to peer communication works
through the same port (7051 by
default), it's not like you need to
open extra ports.
Re: [Hyperledger Fabric] Major
security hole in Hyperledger Fabric
- Private Data is not private
#fabric-dstorage #database #dstorage
Sent by: fabric@...
Hi Dave, Alexandre,
I think private data’s
p2p connection is a real problem
(partially agree with Ivan).
In some commercial scenario, we need
to open firewalls for every company
connecting to each other, which is a
disaster for project deployment.
And that is not the end
of story. When a new company needs
to join the existing fabric network,
it needs to connect to each company.
Again, we need to open firewalls,
not only for the one newly joining,
but also for those already joined.
Hard to explain to everyone why a
new company joining leads to such a
tremendous configuration change. You
don’t know how terrible it is you
get challenged by IT departments of
those companies ONE BY ONE, and you
have no solution.
Do you have solution
for such issue?
Thank you all
Executive Director, Hyperledger