-
-
Save rflorenc/09a0ded5de183e3158c5ce405d89a306 to your computer and use it in GitHub Desktop.
Basic blockchain running on a Istio service mesh.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: composer | |
name: composer | |
spec: | |
ports: | |
- name: http | |
port: 8080 | |
selector: | |
app: composer | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
annotations: | |
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4 | |
creationTimestamp: null | |
name: composer | |
spec: | |
replicas: 1 | |
template: | |
metadata: | |
annotations: | |
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4 | |
creationTimestamp: null | |
labels: | |
app: composer | |
spec: | |
containers: | |
- env: | |
- name: COMPOSER_CONFIG | |
value: | | |
{ | |
"connectionProfiles": { | |
"hlfabric": { | |
"type": "hlf", | |
"keyValStore": "/home/composer/.composer-credentials", | |
"membershipServicesURL": "grpc://membersrvc:7054", | |
"peerURL": "grpc://vp0:7051", | |
"eventHubURL": "grpc://vp0:7053", | |
"deployWaitTime": 300, | |
"invokeWaitTime": 30 | |
} | |
}, | |
"credentials": { | |
"hlfabric": { | |
"admin": "Xurw3yU9zI0l" | |
} | |
} | |
} | |
image: hyperledger/composer-playground | |
name: composer | |
ports: | |
- containerPort: 8080 | |
resources: {} | |
- args: | |
- proxy | |
- sidecar | |
- -v | |
- "2" | |
- --configPath | |
- /etc/istio/proxy | |
- --binaryPath | |
- /usr/local/bin/envoy | |
- --serviceCluster | |
- istio-proxy | |
- --drainDuration | |
- 45s | |
- --parentShutdownDuration | |
- 1m0s | |
- --discoveryAddress | |
- istio-pilot.istio-system:8080 | |
- --discoveryRefreshDelay | |
- 1s | |
- --zipkinAddress | |
- zipkin.istio-system:9411 | |
- --connectTimeout | |
- 10s | |
- --statsdUdpAddress | |
- istio-mixer.istio-system:9125 | |
- --proxyAdminPort | |
- "15000" | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
fieldPath: status.podIP | |
image: docker.io/istio/proxy_debug:0.2.7 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
resources: {} | |
securityContext: | |
privileged: true | |
readOnlyRootFilesystem: false | |
runAsUser: 1337 | |
volumeMounts: | |
- mountPath: /etc/istio/proxy | |
name: istio-envoy | |
- mountPath: /etc/certs/ | |
name: istio-certs | |
readOnly: true | |
initContainers: | |
- args: | |
- -p | |
- "15001" | |
- -u | |
- "1337" | |
image: docker.io/istio/proxy_init:0.2.7 | |
imagePullPolicy: IfNotPresent | |
name: istio-init | |
resources: {} | |
securityContext: | |
capabilities: | |
add: | |
- NET_ADMIN | |
privileged: true | |
- args: | |
- -c | |
- sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c | |
unlimited | |
command: | |
- /bin/sh | |
image: alpine | |
imagePullPolicy: IfNotPresent | |
name: enable-core-dump | |
resources: {} | |
securityContext: | |
privileged: true | |
restartPolicy: Always | |
volumes: | |
- emptyDir: | |
medium: Memory | |
sizeLimit: "0" | |
name: istio-envoy | |
- name: istio-certs | |
secret: | |
optional: true | |
secretName: istio.default | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: vp0 | |
name: vp0 | |
spec: | |
ports: | |
- name: http | |
port: 7050 | |
targetPort: 7050 | |
- name: http-7051 | |
port: 7051 | |
targetPort: 7051 | |
- name: http-7052 | |
port: 7052 | |
targetPort: 7052 | |
- name: http-7053 | |
port: 7053 | |
targetPort: 7053 | |
selector: | |
app: vp0 | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
annotations: | |
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4 | |
creationTimestamp: null | |
name: vp0 | |
spec: | |
replicas: 1 | |
strategy: | |
type: Recreate | |
template: | |
metadata: | |
annotations: | |
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4 | |
creationTimestamp: null | |
labels: | |
app: vp0 | |
spec: | |
containers: | |
- args: | |
- sh | |
- -c | |
- sleep 5; peer node start | |
env: | |
- name: CORE_PEER_ADDRESSAUTODETECT | |
value: "true" | |
- name: CORE_VM_ENDPOINT | |
value: unix:///var/run/docker.sock | |
- name: CORE_LOGGING_LEVEL | |
value: DEBUG | |
- name: CORE_PEER_ID | |
value: vp0 | |
- name: CORE_PEER_PKI_ECA_PADDR | |
value: membersrvc:7054 | |
- name: CORE_PEER_PKI_TCA_PADDR | |
value: membersrvc:7054 | |
- name: CORE_PEER_PKI_TLSCA_PADDR | |
value: membersrvc:7054 | |
- name: CORE_SECURITY_ENABLED | |
value: "true" | |
- name: CORE_SECURITY_ENROLLID | |
value: test_vp0 | |
- name: CORE_SECURITY_ENROLLSECRET | |
value: MwYpmSRjupbT | |
image: hyperledger/fabric-peer:x86_64-1.0.0 | |
name: vp0 | |
ports: | |
- containerPort: 7050 | |
- containerPort: 7051 | |
- containerPort: 7052 | |
- containerPort: 7053 | |
resources: {} | |
volumeMounts: | |
- mountPath: /var/run/docker.sock | |
name: vp0-claim0 | |
- args: | |
- proxy | |
- sidecar | |
- -v | |
- "2" | |
- --configPath | |
- /etc/istio/proxy | |
- --binaryPath | |
- /usr/local/bin/envoy | |
- --serviceCluster | |
- vp0 | |
- --drainDuration | |
- 45s | |
- --parentShutdownDuration | |
- 1m0s | |
- --discoveryAddress | |
- istio-pilot.istio-system:8080 | |
- --discoveryRefreshDelay | |
- 1s | |
- --zipkinAddress | |
- zipkin.istio-system:9411 | |
- --connectTimeout | |
- 10s | |
- --statsdUdpAddress | |
- istio-mixer.istio-system:9125 | |
- --proxyAdminPort | |
- "15000" | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
fieldPath: status.podIP | |
image: docker.io/istio/proxy_debug:0.2.7 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
resources: {} | |
securityContext: | |
privileged: true | |
readOnlyRootFilesystem: false | |
runAsUser: 1337 | |
volumeMounts: | |
- mountPath: /etc/istio/proxy | |
name: istio-envoy | |
- mountPath: /etc/certs/ | |
name: istio-certs | |
readOnly: true | |
initContainers: | |
- args: | |
- -p | |
- "15001" | |
- -u | |
- "1337" | |
image: docker.io/istio/proxy_init:0.2.7 | |
imagePullPolicy: IfNotPresent | |
name: istio-init | |
resources: {} | |
securityContext: | |
capabilities: | |
add: | |
- NET_ADMIN | |
privileged: true | |
- args: | |
- -c | |
- sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c | |
unlimited | |
command: | |
- /bin/sh | |
image: alpine | |
imagePullPolicy: IfNotPresent | |
name: enable-core-dump | |
resources: {} | |
securityContext: | |
privileged: true | |
restartPolicy: Always | |
volumes: | |
- emptyDir: | |
sizeLimit: "0" | |
name: vp0-claim0 | |
- emptyDir: | |
medium: Memory | |
sizeLimit: "0" | |
name: istio-envoy | |
- name: istio-certs | |
secret: | |
optional: true | |
secretName: istio.default | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: membersrvc | |
name: membersrvc | |
spec: | |
ports: | |
- name: http | |
port: 7054 | |
targetPort: 7054 | |
selector: | |
app: membersrvc | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
annotations: | |
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4 | |
creationTimestamp: null | |
name: membersrvc | |
spec: | |
replicas: 1 | |
strategy: {} | |
template: | |
metadata: | |
annotations: | |
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4 | |
creationTimestamp: null | |
labels: | |
app: membersrvc | |
spec: | |
containers: | |
- args: | |
- membersrvc | |
env: | |
- name: MEMBERSRVC_CA_ACA_ENABLED | |
value: "true" | |
image: hyperledger/fabric-membersrvc | |
name: membersrvc | |
ports: | |
- containerPort: 7054 | |
resources: {} | |
- args: | |
- proxy | |
- sidecar | |
- -v | |
- "2" | |
- --configPath | |
- /etc/istio/proxy | |
- --binaryPath | |
- /usr/local/bin/envoy | |
- --serviceCluster | |
- membersrvc | |
- --drainDuration | |
- 45s | |
- --parentShutdownDuration | |
- 1m0s | |
- --discoveryAddress | |
- istio-pilot.istio-system:8080 | |
- --discoveryRefreshDelay | |
- 1s | |
- --zipkinAddress | |
- zipkin.istio-system:9411 | |
- --connectTimeout | |
- 10s | |
- --statsdUdpAddress | |
- istio-mixer.istio-system:9125 | |
- --proxyAdminPort | |
- "15000" | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
fieldPath: status.podIP | |
image: docker.io/istio/proxy_debug:0.2.7 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
resources: {} | |
securityContext: | |
privileged: true | |
readOnlyRootFilesystem: false | |
runAsUser: 1337 | |
volumeMounts: | |
- mountPath: /etc/istio/proxy | |
name: istio-envoy | |
- mountPath: /etc/certs/ | |
name: istio-certs | |
readOnly: true | |
initContainers: | |
- args: | |
- -p | |
- "15001" | |
- -u | |
- "1337" | |
image: docker.io/istio/proxy_init:0.2.7 | |
imagePullPolicy: IfNotPresent | |
name: istio-init | |
resources: {} | |
securityContext: | |
capabilities: | |
add: | |
- NET_ADMIN | |
privileged: true | |
- args: | |
- -c | |
- sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c | |
unlimited | |
command: | |
- /bin/sh | |
image: alpine | |
imagePullPolicy: IfNotPresent | |
name: enable-core-dump | |
resources: {} | |
securityContext: | |
privileged: true | |
restartPolicy: Always | |
volumes: | |
- emptyDir: | |
medium: Memory | |
sizeLimit: "0" | |
name: istio-envoy | |
- name: istio-certs | |
secret: | |
optional: true | |
secretName: istio.default | |
--- | |
# Ingress resource (gateway) | |
apiVersion: extensions/v1beta1 | |
kind: Ingress | |
metadata: | |
name: gateway | |
annotations: | |
kubernetes.io/ingress.class: "istio" | |
spec: | |
rules: | |
- http: | |
paths: | |
- path: /login | |
backend: | |
serviceName: composer | |
servicePort: 8080 | |
- path: /chain/blocks/0 | |
backend: | |
serviceName: vp0 | |
servicePort: 7050 | |
--- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment