user10931326
Reputation: 929
Hyperledger Fabric - migration from Docker swarm to Kubernetes possible?
My Hyperledger Fabric network in production runs on Docker swarm, but I want to migrate it to Kubernetes. I have tried searching online but found no resource explaining this process. Is this migration possible? What are the steps involved, and how straightforward would this process be?
I have three orderers deployed on three nodes. This is a sample orderer yaml file (I have three):
version: '3.4'
volumes:
orderer1.mycompany.com:
networks:
dept:
external:
name: ar2bc
services:
dev_orderer1:
image: hyperledger/fabric-orderer:latest
environment:
- ORDERER_GENERAL_LOGLEVEL=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/mycompany.com/orderers/orderer1.mycompany.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/mycompany.com/orderers/orderer1.mycompany.com/tls/:/var/hyperledger/orderer/tls
- orderer1.mycompany.com:/var/hyperledger/production/orderer
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.hostname == node1
ports:
- published: 7050
target: 7050
mode: host
networks:
dept:
aliases:
- orderer1.mycompany.com
I also have three peers deployed on the same three nodes. This is a sample peer yaml file (I have three):
version: '3.4'
volumes:
peer1.dept.mycompany.com:
couchdb1.dept.mycompany.com:
networks:
dept:
external:
name: ar2bc
services:
dev_couchdb1:
image: hyperledger/fabric-couchdb
environment:
- COUCHDB_USER= couchdb
- COUCHDB_PASSWORD=i5pr1nt_c0uchDB
volumes:
- couchdb1.dept.mycompany.com:/opt/couchdb/data
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.hostname == node1
ports:
- published: 5984
target: 5984
mode: host
networks:
dept:
aliases:
- couchdb1.dept.mycompany.com
dev_peer1:
image: hyperledger/fabric-peer:latest
environment:
# couchdb params
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb1.dept.mycompany.com:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=couchdb
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=i5pr1nt_c0uchDB
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_PEER_ID=peer1.dept.mycompany.com
- CORE_PEER_ADDRESS=peer1.dept.mycompany.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer2.dept.mycompany.com:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.dept.mycompany.com:7051
- CORE_PEER_LOCALMSPID=deptMSP
- CORE_VM_DOCKER_ATTACHSTDOUT=true
- CORE_CHAINCODE_STARTUPTIMEOUT=1200s
- CORE_CHAINCODE_EXECUTETIMEOUT=800s
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/tls:/etc/hyperledger/fabric/tls
- peer1.dept.mycompany.com:/var/hyperledger/production
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.hostname == node1
ports:
- published: 7051
target: 7051
mode: host
- published: 7053
target: 7053
mode: host
depends_on:
- dev_couchdb1
networks:
dept:
aliases:
- peer1.dept.mycompany.com
dev_cli1:
image: hyperledger/fabric-tools:latest
tty: true
stdin_open: true
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.hostname == node1
environment:
- SYS_CHANNEL=ar2dev-syschannel
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer1.dept.mycompany.com:7051
- CORE_PEER_LOCALMSPID=deptMSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/dept.mycompany.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- dev_peer1
networks:
- dept
Upvotes: 0
Views: 335
Answers (1)
mrq
Reputation: 567
The process can be really straightforward but it is not possible to avoid the inherent greater complexity of kubernetes (compared to swarm) which results, in turn, to a more complex configuration.
My advise is to start using kompose tool, which both gives you the yaml files corresponding to you original docker-compose.yml but also warn you regarding possible issues that may arise.
After following kompose installation steps, naming orderer.yaml your first file and peer.yaml your second file it's only a matter of executing
$ kompose convert -f pathToFile/orderer.yaml --volumes
hostPath
INFO Service name in docker-compose has been changed from "dev_orderer1" to "dev-orderer1"
INFO Network ar2bc is detected at Source, shall be converted to equivalent NetworkPolicy at Destination
INFO Kubernetes file "dev-orderer1-service.yaml" created
INFO Kubernetes file "dev-orderer1-pod.yaml" created
INFO Kubernetes file "ar2bc-networkpolicy.yaml" created
and
$ kompose convert -f pathToFile/peer.yaml --volumes hostPath
INFO Service name in docker-compose has been changed from "dev_couchdb1" to "dev-couchdb1"
INFO Service name in docker-compose has been changed from "dev_peer1" to "dev-peer1"
INFO Service name in docker-compose has been changed from "dev_cli1" to "dev-cli1"
INFO Network ar2bc is detected at Source, shall be converted to equivalent NetworkPolicy at Destination
INFO Network ar2bc is detected at Source, shall be converted to equivalent NetworkPolicy at Destination
INFO Network ar2bc is detected at Source, shall be converted to equivalent NetworkPolicy at Destination
INFO Kubernetes file "dev-couchdb1-service.yaml" created
INFO Kubernetes file "dev-peer1-service.yaml" created
INFO Kubernetes file "dev-cli1-pod.yaml" created
INFO Kubernetes file "ar2bc-networkpolicy.yaml" created
INFO Kubernetes file "dev-couchdb1-pod.yaml" created
INFO Kubernetes file "dev-peer1-pod.yaml" created
and you get new yaml files ready to deploy to kubernetes
$ ls
ar2bc-networkpolicy.yaml dev-couchdb1-pod.yaml dev-orderer1-pod.yaml dev-peer1-pod.yaml
dev-cli1-pod.yaml dev-couchdb1-service.yaml dev-orderer1-service.yaml dev-peer1-service.yaml
Just to show a little more the result, this is the generated peer1 pod's yaml file
apiVersion: v1
kind: Pod
metadata:
annotations:
kompose.cmd: kompose convert -f peer.yaml --volumes hostPath
kompose.version: 1.22.0 (955b78124)
creationTimestamp: null
labels:
io.kompose.network/ar2bc: "true"
io.kompose.service: dev-peer1
name: dev-peer1
spec:
containers:
- args:
- peer
- node
- start
env:
- name: CORE_CHAINCODE_EXECUTETIMEOUT
value: 800s
- name: CORE_CHAINCODE_STARTUPTIMEOUT
value: 1200s
- name: CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS
value: couchdb1.dept.mycompany.com:5984
- name: CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
value: i5pr1nt_c0uchDB
- name: CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME
value: couchdb
- name: CORE_LEDGER_STATE_STATEDATABASE
value: CouchDB
- name: CORE_PEER_ADDRESS
value: peer1.dept.mycompany.com:7051
- name: CORE_PEER_CHAINCODELISTENADDRESS
value: 0.0.0.0:7052
- name: CORE_PEER_GOSSIP_BOOTSTRAP
value: peer2.dept.mycompany.com:8051
- name: CORE_PEER_GOSSIP_EXTERNALENDPOINT
value: peer1.dept.mycompany.com:7051
- name: CORE_PEER_GOSSIP_ORGLEADER
value: "false"
- name: CORE_PEER_GOSSIP_USELEADERELECTION
value: "true"
- name: CORE_PEER_ID
value: peer1.dept.mycompany.com
- name: CORE_PEER_LOCALMSPID
value: deptMSP
- name: CORE_PEER_PROFILE_ENABLED
value: "true"
- name: CORE_PEER_TLS_CERT_FILE
value: /etc/hyperledger/fabric/tls/server.crt
- name: CORE_PEER_TLS_ENABLED
value: "true"
- name: CORE_PEER_TLS_KEY_FILE
value: /etc/hyperledger/fabric/tls/server.key
- name: CORE_PEER_TLS_ROOTCERT_FILE
value: /etc/hyperledger/fabric/tls/ca.crt
- name: CORE_VM_DOCKER_ATTACHSTDOUT
value: "true"
- name: CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE
value: fabric
- name: CORE_VM_ENDPOINT
value: unix:///host/var/run/docker.sock
- name: FABRIC_LOGGING_SPEC
value: INFO
image: hyperledger/fabric-peer:latest
name: dev-peer1
ports:
- containerPort: 7051
- containerPort: 7053
resources: {}
volumeMounts:
- mountPath: /host/var/run/
name: dev-peer1-hostpath0
- mountPath: /etc/hyperledger/fabric/msp
name: dev-peer1-hostpath1
- mountPath: /etc/hyperledger/fabric/tls
name: dev-peer1-hostpath2
- mountPath: /var/hyperledger/production
name: peer1.dept.mycompany.com
workingDir: /opt/gopath/src/github.com/hyperledger/fabric/peer
nodeSelector:
kubernetes.io/hostname: node1
restartPolicy: OnFailure
volumes:
- hostPath:
path: /var/run/
name: dev-peer1-hostpath0
- hostPath:
path: /mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose/crypto-config/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/msp
name: dev-peer1-hostpath1
- hostPath:
path: /mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose/crypto-config/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/tls
name: dev-peer1-hostpath2
- hostPath:
path: /mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose
name: peer1.dept.mycompany.com
status: {}
and this is the generated peer1 service's yaml file
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -f peer.yaml --volumes hostPath
kompose.version: 1.22.0 (955b78124)
creationTimestamp: null
labels:
io.kompose.service: dev-peer1
name: dev-peer1
spec:
ports:
- name: "7051"
port: 7051
targetPort: 7051
- name: "7053"
port: 7053
targetPort: 7053
selector:
io.kompose.service: dev-peer1
status:
loadBalancer: {}
To understand which kind of hints kompose is able to give you, please try to run the conversion command without the --volumes hostPath option and you will be given appropriate warnings
$ kompose convert -f pathToFile/orderer.yaml
INFO Service name in docker-compose has been changed from "dev_orderer1" to "dev-orderer1"
WARN Volume mount on the host "/mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose/channel-artifacts/genesis.block" isn't supported - ignoring path on the host
WARN Volume mount on the host "/mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose/crypto-config/ordererOrganizations/mycompany.com/orderers/orderer1.mycompany.com/msp" isn't supported - ignoring path on the host
WARN Volume mount on the host "/mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose/crypto-config/ordererOrganizations/mycompany.com/orderers/orderer1.mycompany.com/tls" isn't supported - ignoring path on the host
INFO Network ar2bc is detected at Source, shall be converted to equivalent NetworkPolicy at Destination
INFO Kubernetes file "dev-orderer1-service.yaml" created
INFO Kubernetes file "dev-orderer1-pod.yaml" created
INFO Kubernetes file "dev-orderer1-claim0-persistentvolumeclaim.yaml" created
INFO Kubernetes file "dev-orderer1-claim1-persistentvolumeclaim.yaml" created
INFO Kubernetes file "dev-orderer1-claim2-persistentvolumeclaim.yaml" created
INFO Kubernetes file "orderer1.mycompany.com-persistentvolumeclaim.yaml" created
INFO Kubernetes file "ar2bc-networkpolicy.yaml" created
After the conversion of your actual files you can instantiate kubernetes object with
$ kubectl apply -f *.yaml
or whatever more appropriate command you need (which is not strictly the matter of your question)
Upvotes: 1
Related Questions
- Deploy hyperledger fabric to docker swarm
- Can an existing Kubernetes cluster be converted to openshift cluster?
- How to deploy hyperledger fabric cluster on kubernetes?
- Docker Swarm Deployment Hyperledger Fabric
- How to Deploy Fabric Network on Kubernetes?
- Kubernetes pod distribution
- possibility of having docker-swarm and kubernetes together
- Can I run Kubernetes and Swarm at the same time?
- Hyperledger fabricV1 on docker swarm
- Can I put kubernetes in a docker container?