k8s搭建fabric1.4.6环境
2020-06-09 本文已影响0人
Li_MAX
文件已上传 https://github.com/lgy1027/fabric-network
直接上配置文件,相关文件生成可参考https://www.jianshu.com/p/a83db64be6b1
order.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: lgy
name: orderer1
spec:
replicas: 1
selector:
matchLabels:
orderer-id: orderer1
template:
metadata:
labels:
app: etcdraft
role: orderer
org: orderer-org
orderer-id: orderer1
spec:
nodeSelector:
orderer: one
containers:
- name: orderer1
image: core.harbor.domain/blockchain/hyperledger/hyperledger/fabric-orderer:1.4.6
env:
- name: ORDERER_GENERAL_GENESISMETHOD
value: file
# - name: CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE
# value: raft_clustor_default
- name: FABRIC_LOGGING_SPEC
value: debug
- name: ORDERER_GENERAL_LISTENADDRESS
value: 0.0.0.0
- name: ORDERER_GENERAL_LISTENPORT
value: "7050"
- name: ORDERER_GENERAL_GENESISFILE
value: /var/hyperledger/orderer/orderer.genesis.block
- name: ORDERER_GENERAL_LOCALMSPID
value: OrdererMSP
- name: ORDERER_GENERAL_LOCALMSPDIR
value: /var/hyperledger/orderer/msp
- name: ORDERER_GENERAL_TLS_ENABLED
value: "true"
- name: ORDERER_GENERAL_TLS_PRIVATEKEY
value: /var/hyperledger/orderer/tls/server.key
- name: ORDERER_GENERAL_TLS_CERTIFICATE
value: /var/hyperledger/orderer/tls/server.crt
- name: ORDERER_GENERAL_TLS_ROOTCAS
value: '[/var/hyperledger/orderer/tls/ca.crt]'
- name: ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR
value: "1"
- name: ORDERER_KAFKA_VERBOSE
value: "true"
- name: ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE
value: /var/hyperledger/orderer/tls/server.crt
- name: ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY
value: /var/hyperledger/orderer/tls/server.key
- name: ORDERER_GENERAL_CLUSTER_ROOTCAS
value: '[/var/hyperledger/orderer/tls/ca.crt]'
workingDir: /opt/gopath/src/github.com/hyperledger/fabric
command: ["orderer"]
volumeMounts:
- mountPath: /var/hyperledger/orderer/orderer.genesis.block
name: block-dir
- mountPath: /var/hyperledger/orderer/msp
name: msp-dir
- mountPath: /var/hyperledger/orderer/tls
name: tls-dir
- mountPath: /var/hyperledger/production/orderer
name: ledger-dir
ports:
- containerPort: 7050
volumes:
- name: block-dir
hostPath:
path: /opt/lgy/channel-artifacts/genesis.block
- name: msp-dir
hostPath:
path: /opt/lgy/crypto-config/ordererOrganizations/lgy/orderers/orderer1.lgy/msp
- name: tls-dir
hostPath:
path: /opt/lgy/crypto-config/ordererOrganizations/lgy/orderers/orderer1.lgy/tls
- name: ledger-dir
hostPath:
path: /opt/lgy/orderer1_ledger
---
apiVersion: v1
kind: Service
metadata:
namespace: lgy
name: orderer1
spec:
selector:
app: etcdraft
role: orderer
org: orderer-org
orderer-id: orderer1
clusterIP: None
ports:
- name: listen-endpoint
protocol: TCP
port: 7050
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: lgy
name: orderer2
spec:
replicas: 1
selector:
matchLabels:
orderer-id: orderer2
template:
metadata:
labels:
app: etcdraft
role: orderer
org: orderer-org
orderer-id: orderer2
spec:
nodeSelector:
orderer: two
containers:
- name: orderer2
image: core.harbor.domain/blockchain/hyperledger/hyperledger/fabric-orderer:1.4.6
env:
- name: ORDERER_GENERAL_GENESISMETHOD
value: file
# - name: CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE
# value: raft_clustor_default
- name: FABRIC_LOGGING_SPEC
value: debug
- name: ORDERER_GENERAL_LISTENADDRESS
value: 0.0.0.0
- name: ORDERER_GENERAL_LISTENPORT
value: "7050"
- name: ORDERER_GENERAL_GENESISFILE
value: /var/hyperledger/orderer/orderer.genesis.block
- name: ORDERER_GENERAL_LOCALMSPID
value: OrdererMSP
- name: ORDERER_GENERAL_LOCALMSPDIR
value: /var/hyperledger/orderer/msp
- name: ORDERER_GENERAL_TLS_ENABLED
value: "true"
- name: ORDERER_GENERAL_TLS_PRIVATEKEY
value: /var/hyperledger/orderer/tls/server.key
- name: ORDERER_GENERAL_TLS_CERTIFICATE
value: /var/hyperledger/orderer/tls/server.crt
- name: ORDERER_GENERAL_TLS_ROOTCAS
value: '[/var/hyperledger/orderer/tls/ca.crt]'
- name: ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR
value: "1"
- name: ORDERER_KAFKA_VERBOSE
value: "true"
- name: ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE
value: /var/hyperledger/orderer/tls/server.crt
- name: ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY
value: /var/hyperledger/orderer/tls/server.key
- name: ORDERER_GENERAL_CLUSTER_ROOTCAS
value: '[/var/hyperledger/orderer/tls/ca.crt]'
workingDir: /opt/gopath/src/github.com/hyperledger/fabric
command: ["orderer"]
volumeMounts:
- mountPath: /var/hyperledger/orderer/orderer.genesis.block
name: block-dir
- mountPath: /var/hyperledger/orderer/msp
name: msp-dir
- mountPath: /var/hyperledger/orderer/tls
name: tls-dir
- mountPath: /var/hyperledger/production/orderer
name: ledger-dir
ports:
- containerPort: 7050
volumes:
- name: block-dir
hostPath:
path: /opt/lgy/channel-artifacts/genesis.block
- name: msp-dir
hostPath:
path: /opt/lgy/crypto-config/ordererOrganizations/lgy/orderers/orderer2.lgy/msp
- name: tls-dir
hostPath:
path: /opt/lgy/crypto-config/ordererOrganizations/lgy/orderers/orderer2.lgy/tls
- name: ledger-dir
hostPath:
path: /opt/lgy/orderer2_ledger
---
apiVersion: v1
kind: Service
metadata:
namespace: lgy
name: orderer2
spec:
selector:
app: etcdraft
role: orderer
org: orderer-org
orderer-id: orderer2
clusterIP: None
ports:
- name: listen-endpoint
protocol: TCP
port: 7050
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: lgy
name: orderer3
spec:
replicas: 1
selector:
matchLabels:
orderer-id: orderer3
template:
metadata:
labels:
app: etcdraft
role: orderer
org: orderer-org
orderer-id: orderer3
spec:
nodeSelector:
orderer: three
containers:
- name: orderer3
image: core.harbor.domain/blockchain/hyperledger/hyperledger/fabric-orderer:1.4.6
env:
- name: ORDERER_GENERAL_GENESISMETHOD
value: file
# - name: CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE
# value: raft_clustor_default
- name: FABRIC_LOGGING_SPEC
value: debug
- name: ORDERER_GENERAL_LISTENADDRESS
value: 0.0.0.0
- name: ORDERER_GENERAL_LISTENPORT
value: "7050"
- name: ORDERER_GENERAL_GENESISFILE
value: /var/hyperledger/orderer/orderer.genesis.block
- name: ORDERER_GENERAL_LOCALMSPID
value: OrdererMSP
- name: ORDERER_GENERAL_LOCALMSPDIR
value: /var/hyperledger/orderer/msp
- name: ORDERER_GENERAL_TLS_ENABLED
value: "true"
- name: ORDERER_GENERAL_TLS_PRIVATEKEY
value: /var/hyperledger/orderer/tls/server.key
- name: ORDERER_GENERAL_TLS_CERTIFICATE
value: /var/hyperledger/orderer/tls/server.crt
- name: ORDERER_GENERAL_TLS_ROOTCAS
value: '[/var/hyperledger/orderer/tls/ca.crt]'
- name: ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR
value: "1"
- name: ORDERER_KAFKA_VERBOSE
value: "true"
- name: ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE
value: /var/hyperledger/orderer/tls/server.crt
- name: ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY
value: /var/hyperledger/orderer/tls/server.key
- name: ORDERER_GENERAL_CLUSTER_ROOTCAS
value: '[/var/hyperledger/orderer/tls/ca.crt]'
workingDir: /opt/gopath/src/github.com/hyperledger/fabric
command: ["orderer"]
volumeMounts:
- mountPath: /var/hyperledger/orderer/orderer.genesis.block
name: block-dir
- mountPath: /var/hyperledger/orderer/msp
name: msp-dir
- mountPath: /var/hyperledger/orderer/tls
name: tls-dir
- mountPath: /var/hyperledger/production/orderer
name: ledger-dir
ports:
- containerPort: 7050
volumes:
- name: block-dir
hostPath:
path: /opt/lgy/channel-artifacts/genesis.block
- name: msp-dir
hostPath:
path: /opt/lgy/crypto-config/ordererOrganizations/lgy/orderers/orderer3.lgy/msp
- name: tls-dir
hostPath:
path: /opt/lgy/crypto-config/ordererOrganizations/lgy/orderers/orderer3.lgy/tls
- name: ledger-dir
hostPath:
path: /opt/lgy/orderer3_ledger
---
apiVersion: v1
kind: Service
metadata:
namespace: lgy
name: orderer3
spec:
selector:
app: etcdraft
role: orderer
org: orderer-org
orderer-id: orderer3
clusterIP: None
ports:
- name: listen-endpoint
protocol: TCP
port: 7050
peer.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: lgy
name: peer0-org
spec:
selector:
matchLabels:
peer-id: peer0
serviceName: "peer0"
replicas: 1
template:
metadata:
labels:
app: etcdraft
role: peer
peer-id: peer0
org: peer-org
spec:
nodeSelector:
peer: two
containers:
- name: peer0-org
image: core.harbor.domain/blockchain/hyperledger/hyperledger/fabric-peer:1.4.6
env:
- name: CORE_VM_ENDPOINT
value: "unix:///host/var/run/docker.sock"
- name: CORE_PEER_LISTENADDRESS
# value: "0.0.0.0:7051"
# - name: CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE
# value: "raft_clustor_default"
- name: FABRIC_LOGGING_SPEC
value: "DEBUG"
- name: CORE_PEER_TLS_ENABLED
value: "true"
- name: CORE_PEER_GOSSIP_USELEADERELECTION
value: "true"
- name: CORE_PEER_GOSSIP_ORGLEADER
value: "false"
- name: CORE_PEER_PROFILE_ENABLED
value: "true"
- name: CORE_PEER_TLS_CERT_FILE
value: "/etc/hyperledger/fabric/tls/server.crt"
- name: CORE_PEER_TLS_KEY_FILE
value: "/etc/hyperledger/fabric/tls/server.key"
- name: CORE_PEER_TLS_ROOTCERT_FILE
value: "/etc/hyperledger/fabric/tls/ca.crt"
- name: CORE_PEER_ID
value: "peer0.lgy.svc.cluster.local"
- name: CORE_PEER_ADDRESS
value: "peer0.lgy.svc.cluster.local:7051"
# - name: CORE_PEER_GOSSIP_BOOTSTRAP
# value: "peer0.lgy:7051"
- name: CORE_PEER_GOSSIP_EXTERNALENDPOINT
value: "peer0.lgy.svc.cluster.local:7051"
- name: CORE_PEER_CHAINCODELISTENADDRESS
value: "0.0.0.0:7052"
- name: CORE_PEER_CHAINCODEADDRESS
value: "peer0.lgy.svc.cluster.local:7052"
- name: CORE_PEER_LOCALMSPID
value: "Org1MSP"
workingDir: /opt/gopath/src/github.com/hyperledger/fabric/peer
ports:
- containerPort: 7051
- containerPort: 7052
- containerPort: 7053
command: ["peer"]
args: ["node","start"]
volumeMounts:
- mountPath: /etc/hyperledger/fabric/msp
name: msp-dir
- mountPath: /etc/hyperledger/fabric/tls
name: tls-dir
- mountPath: /host/var/run/
name: run
- mountPath: /var/hyperledger/production
name: ledger-dir
volumes:
- name: msp-dir
hostPath:
path: /opt/lgy/crypto-config/peerOrganizations/lgy.svc.cluster.local/peers/peer0.lgy.svc.cluster.local/msp
- name: tls-dir
hostPath:
path: /opt/lgy/crypto-config/peerOrganizations/lgy.svc.cluster.local/peers/peer0.lgy.svc.cluster.local/tls
- name: run
hostPath:
path: /var/run
- name: ledger-dir
hostPath:
path: /opt/lgy/peer0_ledger
---
apiVersion: v1
kind: Service
metadata:
namespace: lgy
name: peer0
spec:
selector:
app: etcdraft
role: peer
peer-id: peer0
org: peer-org
clusterIP: None
ports:
- name: listen-endpoint
protocol: TCP
port: 7051
- name: chaincode-listen
protocol: TCP
port: 7052
- name: event-listen
protocol: TCP
port: 7053
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: lgy
name: peer1-org
spec:
selector:
matchLabels:
peer-id: peer1
serviceName: "peer1"
replicas: 1
template:
metadata:
labels:
app: etcdraft
role: peer
peer-id: peer1
org: peer-org
spec:
nodeSelector:
peer: one
containers:
- name: peer1-org
image: core.harbor.domain/blockchain/hyperledger/hyperledger/fabric-peer:1.4.6
env:
- name: CORE_VM_ENDPOINT
value: "unix:///host/var/run/docker.sock"
- name: CORE_PEER_LISTENADDRESS
value: "0.0.0.0:7051"
# - name: CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE
# value: "raft_clustor_default"
- name: FABRIC_LOGGING_SPEC
value: "DEBUG"
- name: CORE_PEER_TLS_ENABLED
value: "true"
- name: CORE_PEER_GOSSIP_USELEADERELECTION
value: "true"
- name: CORE_PEER_GOSSIP_ORGLEADER
value: "false"
- name: CORE_PEER_PROFILE_ENABLED
value: "true"
- name: CORE_PEER_TLS_CERT_FILE
value: "/etc/hyperledger/fabric/tls/server.crt"
- name: CORE_PEER_TLS_KEY_FILE
value: "/etc/hyperledger/fabric/tls/server.key"
- name: CORE_PEER_TLS_ROOTCERT_FILE
value: "/etc/hyperledger/fabric/tls/ca.crt"
- name: CORE_PEER_ID
value: "peer1.lgy.svc.cluster.local"
- name: CORE_PEER_ADDRESS
value: "peer1.lgy.svc.cluster.local:7051"
# - name: CORE_PEER_GOSSIP_BOOTSTRAP
# value: "peer0.lgy:7051"
- name: CORE_PEER_GOSSIP_EXTERNALENDPOINT
value: "peer1.lgy.svc.cluster.local:7051"
- name: CORE_PEER_CHAINCODELISTENADDRESS
value: "0.0.0.0:7052"
- name: CORE_PEER_CHAINCODEADDRESS
value: "peer1.lgy.svc.cluster.local:7052"
- name: CORE_PEER_LOCALMSPID
value: "Org1MSP"
workingDir: /opt/gopath/src/github.com/hyperledger/fabric/peer
ports:
- containerPort: 7051
- containerPort: 7052
- containerPort: 7053
command: ["peer"]
args: ["node","start"]
volumeMounts:
- mountPath: /etc/hyperledger/fabric/msp
name: msp-dir
- mountPath: /etc/hyperledger/fabric/tls
name: tls-dir
- mountPath: /host/var/run/
name: run
- mountPath: /var/hyperledger/production
name: ledger-dir
volumes:
- name: msp-dir
hostPath:
path: /opt/lgy/crypto-config/peerOrganizations/lgy.svc.cluster.local/peers/peer1.lgy.svc.cluster.local/msp
- name: tls-dir
hostPath:
path: /opt/lgy/crypto-config/peerOrganizations/lgy.svc.cluster.local/peers/peer1.lgy.svc.cluster.local/tls
- name: run
hostPath:
path: /var/run
- name: ledger-dir
hostPath:
path: /opt/lgy/peer1_ledger
---
apiVersion: v1
kind: Service
metadata:
namespace: lgy
name: peer1
spec:
selector:
app: etcdraft
role: peer
peer-id: peer1
org: peer-org
clusterIP: None
ports:
- name: listen-endpoint
protocol: TCP
port: 7051
- name: chaincode-listen
protocol: TCP
port: 7052
- name: event-listen
protocol: TCP
port: 7053
注意点:k8s管理peer后配置的
CORE_VM_ENDPOINT:unix:///host/var/run/docker.sock
sdk配置文件
version: 1.0.0
client:
organization: Org1MSP
logging:
level: debug
cryptoconfig:
path: /fabricServer/crypto-config
credentialStore:
path: /tmp/raft-store
cryptoStore:
path: /tmp/raft-msp
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
systemCertPool: false
client:
key:
path:
cert:
path:
channels:
lgychannel:
peers:
peer0.lgy.svc.cluster.local:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.lgy.svc.cluster.local:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
policies:
queryChannelConfig:
minResponses: 1
maxTargets: 1
retryOpts:
attempts: 5
initialBackoff: 500ms
maxBackoff: 5s
backoffFactor: 2.0
discovery:
maxTargets: 2
retryOpts:
attempts: 4
initialBackoff: 500ms
maxBackoff: 5s
backoffFactor: 2.0
eventService:
resolverStrategy: PreferOrg
balancer: Random
blockHeightLagThreshold: 5
reconnectBlockHeightLagThreshold: 10
peerMonitorPeriod: 5s
organizations:
Org1MSP:
mspid: Org1MSP
cryptoPath: peerOrganizations/lgy.svc.cluster.local/users/{userName}@lgy.svc.cluster.local/msp
peers:
- peer0.lgy.svc.cluster.local
- peer1.lgy.svc.cluster.local
certificateAuthorities:
- ca.lgy.svc.cluster.local
# Orderer组织名称
ordererorg:
# 组织的MSPID
mspID: OrdererMSP
# 加载用户需要的密钥和证书,绝对路径或相对路径
cryptoPath: ordererOrganizations/lgy/users/{username}@lgy/msp
# 发送交易请求或通道创建、更新请求到的orderers列表
# 如果定义了超过一个orderer,SDK使用哪一个orderer由代码实现时指定
orderers:
# orderer节点,可以定义多个
orderer1.lgy:
url: orderer1.lgy:7050
# 以下属性由gRPC库定义,会被传递给gRPC客户端构造函数
grpcOptions:
ssl-target-name-override: orderer1.lgy
# 下列参数用于设置服务器上的keepalive策略,不兼容的设置会导致连接关闭
# 当keep-alive-time被设置为0或小于激活客户端的参数,下列参数失效
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: false
# 证书的绝对路径
tlsCACerts:
# Certificate location absolute path
path: /fabricServer/crypto-config/ordererOrganizations/lgy/tlsca/tlsca.lgy-cert.pem
# peers节点列表
peers:
# peer节点定义,可以定义多个
peer0.lgy.svc.cluster.local:
# this URL is used to send endorsement and query requests
# URL用于发送背书和查询请求
url: peer0.lgy.svc.cluster.local:7051
# eventUrl is only needed when using eventhub (default is delivery service)
eventUrl: peer0.lgy.svc.cluster.local:7053
grpcOptions:
ssl-target-name-override: peer0.lgy.svc.cluster.local
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
# 证书的绝对路径
tlsCACerts:
# Certificate location absolute path
path: /fabricServer/crypto-config/peerOrganizations/lgy.svc.cluster.local/tlsca/tlsca.lgy.svc.cluster.local-cert.pem
peer1.lgy.svc.cluster.local:
# this URL is used to send endorsement and query requests
url: peer1.lgy.svc.cluster.local:7051
# eventUrl is only needed when using eventhub (default is delivery service)
eventUrl: peer1.lgy.svc.cluster.local:7053
grpcOptions:
ssl-target-name-override: peer1.lgy.svc.cluster.local
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: /fabricServer/crypto-config/peerOrganizations/lgy.svc.cluster.local/tlsca/tlsca.lgy.svc.cluster.local-cert.pem
certificateAuthorities:
ca.lgy.svc.cluster.local:
url: http://ca.lgy.svc.cluster.local:7054
tlsCACerts:
path: /fabricServer/crypto-config/peerOrganizations/lgy.svc.cluster.local/tlsca/tlsca.lgy.svc.cluster.local-cert.pem
registrar:
enrollId: admin
enrollSecret: adminpw
# [Optional] The optional name of the CA.
caName: ca.lgy.svc.cluster.local
entityMatchers:
peer:
- pattern: (\w*)peer0.lgy.svc.cluster.local(\w*)
urlSubstitutionExp: peer0.lgy.svc.cluster.local:7051
eventUrlSubstitutionExp: peer0.lgy.svc.cluster.local:7053
sslTargetOverrideUrlSubstitutionExp: peer0.lgy.svc.cluster.local
mappedHost: peer0.lgy.svc.cluster.local
- pattern: (\w*)peer1.lgy.svc.cluster.local(\w*)
urlSubstitutionExp: peer1.lgy.svc.cluster.local:7051
eventUrlSubstitutionExp: peer1.lgy.svc.cluster.local:7053
sslTargetOverrideUrlSubstitutionExp: peer1.lgy.svc.cluster.local
mappedHost: peer1.lgy.svc.cluster.local
orderer:
- pattern: (\w*)orderer1.lgy(\w*)
urlSubstitutionExp: orderer1.lgy:7050
sslTargetOverrideUrlSubstitutionExp: orderer1.lgy
mappedHost: orderer1.lgy
certificateAuthorities:
- pattern: (\w*)ca.lgy.svc.cluster.local(\w*)
urlSubstitutionExp: http://ca.lgy.svc.cluster.local:7054
mappedHost: ca.lgy.svc.cluster.local
sdk.yaml(服务端)
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: lgy
name: sdk
spec:
replicas: 1
selector:
matchLabels:
sdk-id: sdk
template:
metadata:
labels:
sdk-id: sdk
spec:
nodeSelector:
peer: one
volumes:
- name: fabric-dir
hostPath:
path: /opt/lgy/log
containers:
- name: sdk
image: core.harbor.domain/blockchain/hyperledger/fabric_sdk:v1
workingDir: /fabricServer
command: ["sh"]
args: ["-c","./fabricServer -cc=false -jc=false -icc=false -itcc=false -ucc=false"]
ports:
- containerPort: 8899
volumeMounts:
- mountPath: /fabricServer/log
name: fabric-dir
---
apiVersion: v1
kind: Service
metadata:
namespace: lgy
name: sdk-service
spec:
selector:
sdk-id: sdk
ports:
- name: sdk-port
protocol: TCP
port: 8899
问题:
J5FD6KN@8(J5R21%ORMTJU3.png
在 Fabric 设计中, chaincode 目前是以 Docker 容器的方式运行在 peer 容器所在的宿主机上,peer 容器需要调用 Docker 引擎的接口来构建和创建 chaincode 容器,调用接口是通过这个连接:
unix:///var/run/docker.sock
通过 docker.sock 创建的容器脱离在 Kubernetes 的体系之外,虽然它仍在 Flannel 的网络上,但却无法获得 peer 节点的 IP 地址。这是因为创建该容器的 Docker 引擎使用宿主机默认的 DNS 解析来 peer 的域名,所以无法找到。
为了解决解析域名的问题,需要在每个 worker 的 DOCKER_OPTS 中加入相关参数,我的 kube-dns 的 IP 为10.68.0.2,宿主机网络 DNS 的 IP 地址假设为 10.4.246.1,为使得 chaincode 的容器可以解析到 peer 节点,在每个 Docker 节点,修改步骤如下:
# echo 'DOCKER_OPTS="--dns=10.68.0.2 --dns=10.4.246.1 --dns-search default.svc.cluster.local --dns-search svc.cluster.local --dns-opt ndots:2 --dns-opt timeout:2 --dns-opt attempts:2"' >> /etc/default/docker
# echo 'EnvironmentFile=-/etc/default/docker' >> /etc/systemd/system/docker.service
# systemctl daemon-reload && systemctl restart docker && systemctl status docker
