Configure Common Pre-requisites¶
GitOps Authentication¶
For synchronizing the Git repo with the cluster, Hyperledger Bevel configures Flux for each cluster. The authentication can be via SSH or HTTPS.
For HTTPS, generate a git access token and give that read-write access. Keep the token safe for use later.
For GitHub, you can follow these instrucitons on how to create a token.
For SSH, run the following command to generate a private-public key pair named gitops.
The above command generates an SSH key-pair: gitops (private key) and gitops.pub (public key).
Warning
Ensure that the Ansible host has read-access to the private key file (gitops).
And add the public key contents (starts with ssh-rsa) as an Access Key (with read-write permissions) in your Github repository by following this guide.
Unseal Hashicorp Vault¶
The Hashicorp Vault must be initialised and unsealed. Complete the following steps to unseal and access the Vault.
- Install Vault client. Follow the instructions on Install Vault.
Important
Vault version should be > 1.13.1
-
Set the environment Variable VAULT_ADDR as the Vault service.
Tip
Do not use 127.0.0.1 or localhost for any services like Kubernetes or Vault
Warning
The port should be accessible from the host where you are running this command from, as well as the Ansible controller and the Kubernetes nodes.
-
To initiliase the Vault, execute the following:
It will give following output: Save the root token and unseal key in a secure location. -
Unseal with the following command:
- Run this command to check if Vault is unsealed:
Tip
It is recommended to use Vault auto-unseal using Cloud KMS for Production Systems. And also, rotate the root token regularly.
Docker Images¶
Hyperledger Bevel provides pre-built docker images which are available on GitHub Repo. Ensure that the versions/tags you need are available. If not, ask a question.
Tip
Hyperledger Bevel recommends use of private container registry for production use. The username/password for the container registry can be provided in a network.yaml file so that the Kubernetes cluster can access the registry.
Corda Enterprise Docker Images¶
For Corda Enterprise, the corda_ent_node and corda_ent_firewall docker images should be built and put in a private docker registry. Please follow these instructions to build docker images for Corda Enterprise.
The official Corda images are available on Docker Hub. These are evaluation only, for production implementation, please aquire licensed images from R3, upload them into your private container registry and update the tags accordingly.
Following Corda Docker Images are used and needed by Hyperledger Bevel.
- Corda Network Map Service (Built as per these instructions)
- Corda Identity Manager Service
- Corda Signer
- Corda PKITool (Built as per these instructions)
- Corda Notary (Built as per these instructions)
- Corda Node (Built as per these instructions)
- Corda Firewall (Built as per these instructions)