Marek Malik <info@...>
Your proposal is very good. Only thing I would like to have the blockchain network configuration separated from how the k8s network works. Let’s say, there would be a second Ingress that would be using a different PEER endpoint then this one. Correct me if I’m wrong, but that would make the setup harder to maintain and required blockchain configuration updates for the peers or firing new dedicated peers for each K8s Ingress controller.
I was reading the source code and discovered also that I’m able to configure the SD in such way that it overrides the hostname locally this would be using the property name: serviceDiscoveryProperties
(from Channel class). This property is used when constructing peers that are holding the information how to communicate when the transaction is send. This way I would be able to setup the peers with the hostname and url overridden from the once that are configured
at the network (the hostname used for TLS handshake is overridden and would work).
The problem I have is to find the best suited way how to setup the Gateway with the SD already having this properties set.
Currently this is who I’m setting the Gateway with use of the service discovery.
Builder builder = Gateway.createBuilder()
The networkConfig is inputStream from the connection-pool file.
I’m not able to setup the properties for the channel before actually the run the discovery service on that channel.
Od: <fabric@...> w imieniu użytkownika Tsvetan Georgiev <tsvetan@...>
I guess your SDK is set yo use the peer discovery service to detect dynamically the list of endorsing peers across MSPs(orgs). For that to work properly you need to have the external endpoint property set properly on each peer which takes part in the endorsement.
If you don't expose those endorsing peers "external endpoint" properly in k8s they will not be visible from outside the k8s cluster and your SDK will not be able to connect.
The details behind the anchor peers and cross org peer discovery and communication are described here: https://hyperledger-fabric.readthedocs.io/en/latest/gossip.html#external-and-internal-endpoints
When you SDK runs outside the k8s cluster you must expose any endorsing peer similar to what you did with your first peer. Just make sure to set property the external endpoint for each peer (CORE_PEER_GOSSIP_EXTERNALENDPOINT).
For example in your case for peer0.org2.example.com you have to set the property external endpoint to hlf-peers--org2-peer-0.mydomain.com (assuming hlf-peers--org2-peer-0.mydomain.com is the url visible from outside k8s that is routing internally to peer0.org2.example.com).
When using end-to-end TLS you may also want to add the external url (i.e. hlf-peers--org2-peer-0.mydomain.com) of the peer to the peer's TLS cert so you don't have to do host name override ...
Hope I got your problem right and my notes above will help you solve it.
---- On Thu, 25 Feb 2021 17:26:17 -0500 Marek Malik <info@...> wrote ----