Library to deploy Hyperledger Fabric projects to Kubernetes
Source resides at https://github.com/hyperledger-labs/nephos, originally developed at AID:Tech
Documentation resides at https://nephos.readthedocs.io
This library requires an existing Kubernetes cluster.
For best results, use a real cluster (e.g. on a cloud like AWS, GCP, Azure, IBM Cloud, etc.). However, you may also use Minikube.
Either way, you will need to have the following tools installed:
- python 3.7.0 or above
- kubectl
- helm
You can install nephos from PyPI by running:
pip install nephos
You can also download the git repository with:
git clone https://github.com/hyperledger-labs/nephos.git
And work locally by installing the following:
This library currently only supports Python 3:
python3 -m venv ./venv
source ./venv/bin/activate
All python-related requirments are held in the requirements.txt file
pip install -r requirements.txt
You will also need to install an initialise helm
for Kubernetes, as described here
Furthermore, you will need the Hyperledger Fabric utility binaries that can be installed with this script on Linux, or via Homebrew for the Fabric tools and CA tools on Mac OS X.
Once you have all requirments installed, all the unit tests should pass and provide full coverage:
PYTHONPATH=. pytest --ignore=./integration --cov=. --cov-report xml:coverage.xml --cov-report term-missing
The integration tests should also pass:
PYTHONPATH=. pytest -x -s ./integration
To use nephos, run the deploy.py
executable CLI script.
For instance, you can see available commands/options by running:
PYTHONPATH=. ./nephos/deploy.py --help
To install a full end-to-end fabric network, you can run:
PYTHONPATH=. ./nephos/deploy.py -f ./PATH_TO_YOUR_SETTINGS/file.yaml fabric
You can also upgrade a network:
PYTHONPATH=. ./nephos/deploy.py --upgrade -f ./PATH_TO_YOUR_SETTINGS/file.yaml fabric
Example of development/QA/production(-ish) networks are provided in the examples folder.
To run the dev example from the git repository, use this command:
./nephos/deploy.py --verbose -f ./examples/dev/nephos_config.yaml fabric
Note: The
nephos_config.yaml
is by default set to point to theminikube
context (even for theprod
example) to prevent accidental deployments to production clusters. If your K8S context name is different, please update this file.
For the QA and production examples, you will need to replace the CA hostname to one pointing to your K8S cluster Ingress Controller (e.g. NGINX or Traefik) IP address.
In a real cluster, you will wish to install an ingress controller and a certificate manager. We include in the repository two example Cluster Issuers (you will need to modify the email field in them) for the cert-manager
deployment:
helm install stable/nginx-ingress -n nginx-ingress --namespace ingress-controller
helm install stable/cert-manager -n cert-manager --namespace cert-manager
kubectl create -f ./examples/certManagerCI_staging.yaml
kubectl create -f ./examples/certManagerCI_production.yaml
To use the Composer examples, you will need a Cloud system capable of a "ReadWriteMany" policy (e.g. "azurefile" on Azure).
Given that we may wish to test locally on Minikube, we will need to use a local ingress controller and ignore cert-manager in favour of self-cooked SSL certificates.
In ./examples
we include the ca-nephos-local.*
self-signed certificates, created with OpenSSL as follows:
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=IE/ST=Dublin/L=Dublin/O=AID:Tech/CN=ca.nephos.local" -keyout ca-nephos-local.key -out ca-nephos-local.crt
openssl x509 -in ca-nephos-local.crt -out ca-nephos-local.pem -outform PEM
kubectl create ns cas
kubectl -n cas create secret tls ca--tls --cert=ca-nephos-local.crt --key=ca-nephos-local.key
We can save them to the cas
namespace as follows
cd ./examples
kubectl create ns cas
kubectl -n cas create secret tls ca--tls --cert=ca-nephos-local.crt --key=ca-nephos-local.key
We can then enable the ingress on minikube and update /etc/hosts
with the IP of minikube
:
minikube addons enable ingress
echo "$(minikube ip) ca.nephos.local" | sudo tee -a /etc/hosts
For more information on how to deploy Hyperledger Fabric to Kubernetes, please see the following resources:
We have released a set of Helm Charts, currently living in two locations:
- The official Helm Chart repository and KubeApps.
- The AID:Tech Helm Chart repository.
A workshop on the Hyperledger Global Forum, featuring slides and a part 1 and part 2 videos.
A(n older) webinar on deploying Hyperledger Fabric on Kubernetes.
We have also contributed the Composer chapter on the EdX course Blockchain for Business.
And we have also released a course on Packt, Udemy and O’Reilly called Hyperledger for Blockchain Applications.