Installation Instructions

Welcome to the Installation Guide for Catalyst Blockchain Manager - Hyperledger Besu Edition.

This document is designed to provide you with a straightforward, step-by-step approach to install Catalyst Blockchain Manager.

Prerequisites

1. Setup Kubernetes or OpenShift cluster

Supported version of Kubernetes: 1.21 and later.

We recommend AWS (EKS) or Google Cloud (GKE), but you can install it on a standalone cluster as well.

Define your cluster size considering the following minimum requirements and your business needs.

Deciding on the size of the cluster, please consider the expected load of the nodes and increase these values accordingly.

2. Install Helm to your workstation

Installation manuals: helm.sh/docs/intro/install/

No customization is needed.

Supported version of Helm: 3.*.

3. Install Traefik ingress

The ingress-controller is needed for traffic routing to expose nodes (domains & applications). The Catalyst Blockchain Manager Besu service creates a CRD resource (IngressRoute in case of using Traefik), that is automatically started and deleted along with each application (and on demand for domains).

Installation manuals: github.com/traefik/traefik-helm-chart

No customization is needed, the default port ( :443 ) for HTTPS traffic will be used.

We recommend installing Traefik to a separate namespace from the application (creation of a namespace for the Catalyst Blockchain Manager Besu service is described in step 6).
Supported version of Traefik: 2.3.

4. Install cert-manager to create TLS certificate

TLS certificate is needed for secured communication between a User and the Сatalyst Blockchain Manager Besu service components.

Installation manuals: cert-manager.io/docs/installation/helm/

We recommend using the last release of the official helm chart.

You can skip this step and specify your TLS certificate and key as a Kubernetes secret in Helm chart values instead later (Helm chart values are described in the Setup section). You can find the manual on how to create a Kubernetes secret here: kubernetes.io/docs/concepts/configuration/secret/#tls-secrets

5. Create an A-record in a zone in your domain’s DNS management panel and assign it to the load balancer created upon Traefik or OpenShift installation

Catalyst Blockchain Manager Besu service needs a wildcard record *.<domain> to expose nodes. All created nodes (domains, participants, applications) will have a <NodeName>.<domainName> address.

For example, in case you are using AWS, follow these steps:

  1. Go to the Route53 service.

  2. Create a new domain or choose the existing domain.

  3. Create an A record.

  4. Switch “alias” to ON.

  5. In the “Route traffic to” field select “Alias to application and classic load balancer.”

  6. Select your region (where the cluster is installed).

  7. Select an ELB balancer from the drop-down list.*

*Choose the ELB balancer, which was automatically configured upon the Traefik chart installation as described in step 3 (or upon OpenShift installation in case of using OpenShift). You can check the ELB by the following command:

kubectl get svc -n ${ingress-namespace}

where ${ingress-namespace} — the name of the namespace, where the ingress was installed. ELB is displayed in the _EXTERNAL-IP field.

6. Create a namespace for the Catalyst Blockchain Manager Besu service application

kubectl create ns ${ns_name}

where ${ns_name} — name of namespace (can be any).

6.1 Get the credentials to the Helm repository in the JFrog artifactory provided by the IntellectEU admin team

6.2 Add the repo to Helm with the username and password provided:

helm repo add catbp <https://intellecteu.jfrog.io/artifactory/catbp-helm> --username ${ARTIFACTORY_USERNAME} --password ${ARTIFACTORY_PASSWORD}

As a result: "catbp" has been added to your repositories

7. Create an ImagePullSecret to access the Catalyst Blockchain Manager Besu service deployable images

For example, create this Secret, naming it intellecteu-jfrog-access:

kubectl create secret intellecteu-jfrog-access regcred --docker-server=intellecteu-catbp-docker.jfrog.io --docker-username=${your-name} --docker-password=${your-password} --docker-email=${your-email} -n ${ns_name}

where:

  • _ ${your-name} _ - your Docker username.

  • _ ${your-password} _ — your Docker password.

  • ${your-email} — your Docker email.

  • ${ns_name} — the namespace created for the Catalyst Blockchain Manager Besu service on the previous step.

In case you want to use a readiness check and use a private repository for the image, you should create a “secret” file with your credentials in Kubernetes for further specifying it in the Helm chart upon Catalyst Blockchain Manager installation. Please refer to the official Kubernetes documentation

Asl IntellectEU to provide you with the Helm chart configuration instructions.

8. Setup Keycloak realm

To install Keycloak follow the steps described on this KeyCloack on K8s guide

Ask IntellectEU to provide you with the realm.json file and import it to create necessary clients, scopes & users in your keycloak realm.

User roles besu_viewer & besu_writer will be evaluated by the Catalyst Blockchain Manager Besu service

After creating realm, set url and realm name in helm values.

Setup

Please contact IntellectEU to provide you access to Catalyst Blockchain Manager setup instructions.