Re: Does Raft orderer work across multiple Kubernetes clusters?
toggle quoted messageShow quoted text
I've said it before on this mailing list and I guess I'll say it again, I don't understand this hate with k8s and Fabric.
Using nginx and coredns you can achieve nearly any sort of routing combination you want. The ONLY port that needs to be exposed to the outside world is 443, any endpoint on any internal pod can be defined as a subdomain and routed to the correct pod internally using clusterIP services. CoreDNS rewrites are leveraged to avoid hairpinning traffic (which I don't see as hack...it's just using DNS for what it was meant to do, interpreting a hostname and routing it to the appropriate IP, no more no less).
To answer the original question: yes, RAFT orderers on multiple clusters absolutely CAN communicate with each other AND identify each other using TLS certificate pinning, and without exposing anything other than the default port 443. Select an ingress which supports TLS passthrough/L4 routing (nginx supports this just fine). Enable passthrough on your ingress resource. Define your ingress to route a particular subdomain to a specific port on your orderer's service.
I think putting down leveraging k8s to host Fabric is harmful to Fabric adoption as a whole. K8s is an apt host of Fabric services.
On Tue, Nov 19, 2019, 17:08 Nye Liu <nye@...> wrote: