Re: Hyperledger Fabric meets Kubernetes


Eryargi, Hakan
 

Dear All,

 

Below is a summary of recent updates to our Helm charts:

 

  • Support for hybrid networks. We also provided a sample of spreading the Fabric network over three Kubernetes clusters, covering all possible scenarios, with orderer, without orderer, etc.
    The same mechanism can be used for any combination of hybrid networks, some parts running on premises as plain Docker containers, or on bare metal or whatever.
    https://github.com/APGGroeiFabriek/PIVT/blob/master/README.md#cross-cluster-raft-network

  • Declaratively make almost arbitrary channel config updates. There is still room to improve here but it’s quite easy to extend and add more functionality
    https://github.com/APGGroeiFabriek/PIVT/blob/master/README.md#updating-channel-configuration

  • Support for Raft orderer without enabling TLS globally.  Thanks to Fabric 1.4.5 release, this is possible since FAB-15648 is backported to 1.4 branch.
    We were waiting for this feature since long time for transparent load balancing inside Kubernetes. Already applied to our environments and works great.
    But eventually we need to enable TLS and lose transparent load balancing again.
    I believe it will be really useful separating client and cluster facing ports on peers and orderers.  Please vote for FAB-17111 if you think similar.
    https://github.com/APGGroeiFabriek/PIVT/blob/master/README.md#scaled-up-raft-network-without-tls

  • Support and sample for Golang chaincode. Due to GOPATH variable they should be handled differently.
    Nobody reported any issue about Java chaincode, so possibly it just works out of the box.

So, cheers and happy Fabricing in Kubernetes as always!

Hakan



From: Eryargi, Hakan
Sent: Monday, 12 August 2019 15:13
To: 'fabric@...' <fabric@...>
Subject: RE: [Hyperledger Fabric] Hyperledger Fabric meets Kubernetes

 

Dear All,

 

We just recently published new functionality for our Helm charts. Managing peer organizations is now declarative.

 

To add new peer organizations:

  • Update configtx/crypto-config/network.yaml accordingly
  • Perform a cryptogen extend
  • Perform a helm upgrade
  • Run the new peer-org-flow

 

That’s it. This sequence launches everything, adds missing organizations to consortiums using the information in configtx.yaml and adds missing organizations to existing channels using the information in network.yaml.

 

Afterwards run the channel and chaincode flows to create new channels and populate existing channels and chaincodes regarding new organizations.

 

More details here:

https://github.com/APGGroeiFabriek/PIVT/blob/master/README.md#adding-new-peers-to-organizations

 

One of our initial promises was making it as easy as possible to add/remove organizations to an already running network and I guess we kept that promise :) Possibly this can’t get easier without a Fabric operator.

 

So, cheers and happy Fabricing in Kubernetes!

Hakan

 

 

From: Eryargi, Hakan
Sent: Wednesday, 31 July 2019 15:26
To: 'fabric@...' <fabric@...>
Subject: RE: [Hyperledger Fabric] Hyperledger Fabric meets Kubernetes

 

Dear HL Fabric Community,

 

We just recently published new functionality for our Helm charts:

https://github.com/APGGroeiFabriek/PIVT

 

  • Now the channel and chaincode flows are declarative and idempotent. They can be run several times. They query the network state and take action only required. They create channels only if not created, join peers to channels only not joined, install/instantiate/upgrade chaincodes only required, etc.
  • We have a new flow for adding new peer organization(s) to an already running network. It both adds new orgs to existing channels and also to consortiums.

 

Our next aim is making peer org flow declarative and idempotent.

 

I think, we are now so close to wrapping up everything in a Kubernetes operator, it will be even closer with a declarative peer org flow.

 

On the other hand, unfortunately we lack the Go language knowledge and experience. But still this looks so achievable by using CoreOS’s operator SDK. If there are experienced Go developers out there and willing to contribute such a project, please contact me.

https://github.com/operator-framework/operator-sdk

 

Remarks: As mentioned in our repo, declarative channel and chaincode flows use our home built CLI tools based on this patch. This patch didn’t go into Fabric codebase yet and needs some unit tests. If there are some volunteers for implementing unit tests, we will highly appreciate it! :)

 

Cheers and happy Fabricing in Kubernetes!

Hakan

 

From: Eryargi, Hakan
Sent: Thursday, 27 June 2019 12:59
To: fabric@...
Subject: Re: [Hyperledger Fabric] Hyperledger Fabric meets Kubernetes

 

Dear HL Fabric Community,

 

As promised, we had implemented support for Raft Orderer and also as a side effect for TLS and using actual domain names. This work is also published at our public GitHub repo.

 

Details can be found at relevant sections:

https://github.com/APGGroeiFabriek/PIVT#tls

https://github.com/APGGroeiFabriek/PIVT#scaled-up-raft-network

 

However, enabling TLS came with a huge cost, we lost transparent load balancing for peers and orderers.

 

As discussed in another email, we don’t need internal TLS since nothing is exposed to outer world. Even if we expose, since we have Ingress for TLS termination, internal TLS is still not required. As suggested by Yacov Manevich, I had created a Jira ticket that time, hopefully will be implemented soon.

https://jira.hyperledger.org/browse/FAB-15648

 

This is my post at Accenture’s public open source blog, contains some additional information which is not present in the GitHub repo (motivation, how it works, benefits regarding Accenture NFR's, etc.)

https://accenture.github.io/blog/2019/06/25/hl-fabric-meets-kubernetes.html

 

Last but not the least, please see the “Future (Dream) Work” section in the post.

https://accenture.github.io/blog/2019/06/25/hl-fabric-meets-kubernetes.html#future-dream-work

 

I’m not sure if we will have the resources to implement all of that, however there is one thing in particular I want to implement, which will be a major step towards that goal: making channel and chaincode flows declarative, i.e. given the desired state of network, flows will try to reach that state. Obviously one needs to query the current state of the network to achieve this. While it’s possible to implement this with current CLI tool, it’s not that easy and requires processing the output of CLI tool without additional fragile tools, like grep, awk, etc.

 

That’s why I also created a Jira ticket for making CLI scripting friendly:
https://jira.hyperledger.org/browse/FAB-15824

 

I’m guessing both Jira tickets are relatively easy to implement, so we will highly appreciate if these are implemented soon:)

 

Cheers and happy Fabricing in Kubernetes!

Hakan

 

 

From: Eryargi, Hakan
Sent: Tuesday, 4 June 2019 19:32
To: fabric@...
Subject: RE: [External] Re: [Hyperledger Fabric] Hyperledger Fabric meets Kubernetes

 

Hi,

 

We were aware of Cello, we didn’t try it but checked the docs. The tool we had implemented, call it fabric-kube and Cello are different. Maybe fabric-kube can be a complementary part of Cello but judging from the docs, it’s a bit hard to imagine that with current focus of Cello. But I guess better to discuss that with Cello maintainers :)

 

We also had investigated the existing work to run HL Fabric in Kubernetes before implementing fabric-kube. There are a few Helm charts out there and a few non-Helm based samples, and none of them is reducing complexity. Our main focus is reducing complexity and running Fabric in a managed environment -like Kubernetes-  instead of plain Docker containers in a DevOps (CI/CD) friendly way.

 

As mentioned we had developed fabric-kube for our own needs, we will continue to improve it again based on project’s needs, in particular will add support for Raft orderer and make it as easy as possible to add/remove organizations to an already running network. But for long term commitment, honestly I’m not sure if that is possible. That’s the reason we strongly encourage fabric community to take ownership of fabric-kube.

 

Best,

Hakan

 

From: fabric@... <fabric@...> On Behalf Of Brian Behlendorf
Sent: Tuesday, 4 June 2019 18:43
To: Brett T Logan <Brett.T.Logan@...>
Cc: fabric@...
Subject: [External] Re: [Hyperledger Fabric] Hyperledger Fabric meets Kubernetes

 

I got that.  I also realize Cello has a lot of this kind of work going on, but wasn't sure if it was right there.  This code or something like it should land somewhere, if not within a Fabric-related repo then documented clearly from the Fabric docs so someone else doesn't think it doesn't exist and re-builds it.  Or did the original author not realize Cello already has this?

 

Brian

 

On 6/4/19 9:12 AM, Brett T Logan wrote:

This isn't support within Fabric for Kubernetes, it is a set of tools (Helm Charts) for deploying the existing Fabric components

 

----- Original message -----
From: "Brian Behlendorf" <bbehlendorf@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Hyperledger Fabric meets Kubernetes
Date: Tue, Jun 4, 2019 11:59 AM
 

Thanks Hakan.  And thank you to APG and Accenture NL for agreeing to open up the code.  With major contributions like this it's always best to engage the community at the start of the work, so you can build upon what's been done already, or contribute to existing efforts.  Hopefully you didn't duplicate much ongoing work.  Presuming it didn't, the best course will be to submit it as a PR to Gerrit, rather than just posting a link to a Github repo.  And with all contributions of code, hopefully it comes with an implied commitment to help maintain it going forward, as presumably you'd be maintaining it for your own needs yourselves going forward anyways.

 

Can a Fabric maintainer comment on the current or anticipated state of Kube support in Fabric is?  Whether this code is helpful or a different approach is being taken?

 

Brian

 

On 6/4/19 4:59 AM, Hakan Eryargi wrote:

Dear HL Fabric Community,

 

We are so happy and excited to announce that we have just opened our source code for running HL Fabric in Kubernetes :)

https://github.com/APGGroeiFabriek/PIVT

 

This repository contains a couple of Helm charts to:

 

·         Configure and launch the whole HL Fabric network, either:

o    A simple one, one peer per organization and Solo orderer

o    Or scaled up one, multiple peers per organization and Kafka orderer

·         Populate the network:

o    Create the channels, join peers to channels, update channels for Anchor peers

o    Install/Instantiate all chaincodes, or some of them, or upgrade them to newer version

·         Backup and restore the state of whole network

 

This work is a result of collaborative effort between APG and Accenture NL.

 

We had implemented these Helm charts for our project's needs, and as the results looks very promising, decided to share the source code with HL Fabric community. Hopefully it will fill a large gap! Special thanks to APG for allowing opening the source code :)

 

We strongly encourage the HL Fabric community to take ownership of this repository, extend it for further use cases, use it as a test bed and adapt it to the Fabric provided samples to get rif of endless Docker Compose files and Bash scripts.

 

Cheers and happy BlockChaining in Kubernetes!

Hakan Eryargi (r a f t)

 

 

 

 

 

 

 



This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com

 

--
Brian Behlendorf
Executive Director, Hyperledger
bbehlendorf@...
Twitter: @brianbehlendorf

 

 

 

-- 
 
Brian Behlendorf
 
Executive Director, Hyperledger
 
bbehlendorf@...
 
Twitter: @brianbehlendorf

Join fabric@lists.hyperledger.org to automatically receive all group messages.