Substrate Architecture Reference

Kubernetes

Nodes with Ambassador proxy

The following diagram shows how substrate boot, member and validator nodes be deployed on your Kubernetes instance.

Figure: Substrate Kubernetes Deployment - Ambassador proxy

Notes:

  1. Pods are shown in blue in the diagram.

  2. Each peer pod will have five init-containers: node-secrets to get node-key, aura and grandpa secret seeds from Vault, retrieve-chainspec to retrieve the genesis file from Vault, download-chain-spec to download the chain spec if customChainspecUrl is defined and query-services to query the chain services.

  3. Each peer pod will then have one containers: {{ .Values.node.chain }} this being the name of the chain definied in the chart. This container is the substrate node.

  4. The storage uses a Kubernetes Persistent Volume.

Nodes with Kubernetes internal networking

The following diagram shows how substrate boot, member and validator nodes be deployed on your Kubernetes instance.

Figure: Substrate Kubernetes Deployment - Kubernetes internal networking

Notes:

  1. Pods are shown in blue in the diagram.

  2. Each peer pod will have five init-containers: node-secrets to get node-key, aura and grandpa secret seeds from Vault, retrieve-chainspec to retrieve the genesis file from Vault, download-chain-spec to download the chain spec if customChainspecUrl is defined and query-services to query the chain services.

  3. Each peer pod will then have one containers: {{ .Values.node.chain }} this being the name of the chain definied in the chart. This container is the substrate node.

  4. The storage uses a Kubernetes Persistent Volume.

Components

Figure: Substrate Components

Docker Images

As Substrate is a technology to build the perfect blockchain for your needs, we are using a Substrate Node built for the DSCP/Inteli project.

The following Quorum Images are used by Hyperledger Bevel.

Additionally, following common images are also used:

  • 7zip - Used for operating chainspec/genesis file

  • mysql-server - Used as utility to get Kubernetes network addresses

  • alpine-utils - Used as a utility to get crypto from Hashicorp Vault server

Ansible Playbooks

Detailed information on ansible playbooks can be referred here and the execution process can be referred here.

Helm Charts

Detailed information on helm charts can be referred here.

Vault Configuration

Hyperledger Bevel stores their crypto immediately in the Hashicorp Vault secrets engine. The crypto is stored by each organization under path secretsv2/org_namespace - it contains node keys, keystore, passwords, sudo keys, and CA certificates for proxy connections. Optionally, secret_path can be set on the network.yaml to change the secret engine from the default secretsv2/.

The complete key paths in the Vault can be referred here.