Skip to content

Instantly share code, notes, and snippets.

@rflorenc

rflorenc/blockchain.yaml Secret

Created October 12, 2017 13:31
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rflorenc/09a0ded5de183e3158c5ce405d89a306 to your computer and use it in GitHub Desktop.
Save rflorenc/09a0ded5de183e3158c5ce405d89a306 to your computer and use it in GitHub Desktop.
Download ZIP
Basic blockchain running on a Istio service mesh.
Raw
blockchain.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: composer
name: composer
spec:
ports:
- name: http
port: 8080
selector:
app: composer
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4
creationTimestamp: null
name: composer
spec:
replicas: 1
template:
metadata:
annotations:
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4
creationTimestamp: null
labels:
app: composer
spec:
containers:
- env:
- name: COMPOSER_CONFIG
value: |
{
"connectionProfiles": {
"hlfabric": {
"type": "hlf",
"keyValStore": "/home/composer/.composer-credentials",
"membershipServicesURL": "grpc://membersrvc:7054",
"peerURL": "grpc://vp0:7051",
"eventHubURL": "grpc://vp0:7053",
"deployWaitTime": 300,
"invokeWaitTime": 30
}
},
"credentials": {
"hlfabric": {
"admin": "Xurw3yU9zI0l"
}
}
}
image: hyperledger/composer-playground
name: composer
ports:
- containerPort: 8080
resources: {}
- args:
- proxy
- sidecar
- -v
- "2"
- --configPath
- /etc/istio/proxy
- --binaryPath
- /usr/local/bin/envoy
- --serviceCluster
- istio-proxy
- --drainDuration
- 45s
- --parentShutdownDuration
- 1m0s
- --discoveryAddress
- istio-pilot.istio-system:8080
- --discoveryRefreshDelay
- 1s
- --zipkinAddress
- zipkin.istio-system:9411
- --connectTimeout
- 10s
- --statsdUdpAddress
- istio-mixer.istio-system:9125
- --proxyAdminPort
- "15000"
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: docker.io/istio/proxy_debug:0.2.7
imagePullPolicy: IfNotPresent
name: istio-proxy
resources: {}
securityContext:
privileged: true
readOnlyRootFilesystem: false
runAsUser: 1337
volumeMounts:
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /etc/certs/
name: istio-certs
readOnly: true
initContainers:
- args:
- -p
- "15001"
- -u
- "1337"
image: docker.io/istio/proxy_init:0.2.7
imagePullPolicy: IfNotPresent
name: istio-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
- args:
- -c
- sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c
unlimited
command:
- /bin/sh
image: alpine
imagePullPolicy: IfNotPresent
name: enable-core-dump
resources: {}
securityContext:
privileged: true
restartPolicy: Always
volumes:
- emptyDir:
medium: Memory
sizeLimit: "0"
name: istio-envoy
- name: istio-certs
secret:
optional: true
secretName: istio.default
---
apiVersion: v1
kind: Service
metadata:
labels:
app: vp0
name: vp0
spec:
ports:
- name: http
port: 7050
targetPort: 7050
- name: http-7051
port: 7051
targetPort: 7051
- name: http-7052
port: 7052
targetPort: 7052
- name: http-7053
port: 7053
targetPort: 7053
selector:
app: vp0
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4
creationTimestamp: null
name: vp0
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
annotations:
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4
creationTimestamp: null
labels:
app: vp0
spec:
containers:
- args:
- sh
- -c
- sleep 5; peer node start
env:
- name: CORE_PEER_ADDRESSAUTODETECT
value: "true"
- name: CORE_VM_ENDPOINT
value: unix:///var/run/docker.sock
- name: CORE_LOGGING_LEVEL
value: DEBUG
- name: CORE_PEER_ID
value: vp0
- name: CORE_PEER_PKI_ECA_PADDR
value: membersrvc:7054
- name: CORE_PEER_PKI_TCA_PADDR
value: membersrvc:7054
- name: CORE_PEER_PKI_TLSCA_PADDR
value: membersrvc:7054
- name: CORE_SECURITY_ENABLED
value: "true"
- name: CORE_SECURITY_ENROLLID
value: test_vp0
- name: CORE_SECURITY_ENROLLSECRET
value: MwYpmSRjupbT
image: hyperledger/fabric-peer:x86_64-1.0.0
name: vp0
ports:
- containerPort: 7050
- containerPort: 7051
- containerPort: 7052
- containerPort: 7053
resources: {}
volumeMounts:
- mountPath: /var/run/docker.sock
name: vp0-claim0
- args:
- proxy
- sidecar
- -v
- "2"
- --configPath
- /etc/istio/proxy
- --binaryPath
- /usr/local/bin/envoy
- --serviceCluster
- vp0
- --drainDuration
- 45s
- --parentShutdownDuration
- 1m0s
- --discoveryAddress
- istio-pilot.istio-system:8080
- --discoveryRefreshDelay
- 1s
- --zipkinAddress
- zipkin.istio-system:9411
- --connectTimeout
- 10s
- --statsdUdpAddress
- istio-mixer.istio-system:9125
- --proxyAdminPort
- "15000"
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: docker.io/istio/proxy_debug:0.2.7
imagePullPolicy: IfNotPresent
name: istio-proxy
resources: {}
securityContext:
privileged: true
readOnlyRootFilesystem: false
runAsUser: 1337
volumeMounts:
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /etc/certs/
name: istio-certs
readOnly: true
initContainers:
- args:
- -p
- "15001"
- -u
- "1337"
image: docker.io/istio/proxy_init:0.2.7
imagePullPolicy: IfNotPresent
name: istio-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
- args:
- -c
- sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c
unlimited
command:
- /bin/sh
image: alpine
imagePullPolicy: IfNotPresent
name: enable-core-dump
resources: {}
securityContext:
privileged: true
restartPolicy: Always
volumes:
- emptyDir:
sizeLimit: "0"
name: vp0-claim0
- emptyDir:
medium: Memory
sizeLimit: "0"
name: istio-envoy
- name: istio-certs
secret:
optional: true
secretName: istio.default
---
apiVersion: v1
kind: Service
metadata:
labels:
app: membersrvc
name: membersrvc
spec:
ports:
- name: http
port: 7054
targetPort: 7054
selector:
app: membersrvc
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4
creationTimestamp: null
name: membersrvc
spec:
replicas: 1
strategy: {}
template:
metadata:
annotations:
sidecar.istio.io/status: injected-version-root@f1eeb85f62ab-0.2.7-6b145c189aad8306b13af1725123bebfbc7eefd4
creationTimestamp: null
labels:
app: membersrvc
spec:
containers:
- args:
- membersrvc
env:
- name: MEMBERSRVC_CA_ACA_ENABLED
value: "true"
image: hyperledger/fabric-membersrvc
name: membersrvc
ports:
- containerPort: 7054
resources: {}
- args:
- proxy
- sidecar
- -v
- "2"
- --configPath
- /etc/istio/proxy
- --binaryPath
- /usr/local/bin/envoy
- --serviceCluster
- membersrvc
- --drainDuration
- 45s
- --parentShutdownDuration
- 1m0s
- --discoveryAddress
- istio-pilot.istio-system:8080
- --discoveryRefreshDelay
- 1s
- --zipkinAddress
- zipkin.istio-system:9411
- --connectTimeout
- 10s
- --statsdUdpAddress
- istio-mixer.istio-system:9125
- --proxyAdminPort
- "15000"
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: docker.io/istio/proxy_debug:0.2.7
imagePullPolicy: IfNotPresent
name: istio-proxy
resources: {}
securityContext:
privileged: true
readOnlyRootFilesystem: false
runAsUser: 1337
volumeMounts:
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /etc/certs/
name: istio-certs
readOnly: true
initContainers:
- args:
- -p
- "15001"
- -u
- "1337"
image: docker.io/istio/proxy_init:0.2.7
imagePullPolicy: IfNotPresent
name: istio-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
- args:
- -c
- sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c
unlimited
command:
- /bin/sh
image: alpine
imagePullPolicy: IfNotPresent
name: enable-core-dump
resources: {}
securityContext:
privileged: true
restartPolicy: Always
volumes:
- emptyDir:
medium: Memory
sizeLimit: "0"
name: istio-envoy
- name: istio-certs
secret:
optional: true
secretName: istio.default
---
# Ingress resource (gateway)
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gateway
annotations:
kubernetes.io/ingress.class: "istio"
spec:
rules:
- http:
paths:
- path: /login
backend:
serviceName: composer
servicePort: 8080
- path: /chain/blocks/0
backend:
serviceName: vp0
servicePort: 7050
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment