Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BESU-507] Resolve crashing NAT detectors on GKE #731

Merged
merged 9 commits into from
Apr 17, 2020
Merged

[BESU-507] Resolve crashing NAT detectors on GKE #731

merged 9 commits into from
Apr 17, 2020

Conversation

matkt
Copy link
Contributor

@matkt matkt commented Apr 16, 2020
edited
Loading

Signed-off-by: Karim TAAM [email protected]

PR description

Issue : #507

  • Resolve the NatManager crash when besu is launched on GKE.
  • Improved logs when switching to the fallback mode

It is no longer necessary in KUBERNETES to create a volume and to move the kubeconfig file in this volume

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/name: besu
    app.kubernetes.io/release: "1.0.0"
  name: besu
spec:
  ports:
  - name: "json-rpc"
    port: 8545
    targetPort: 8545
  - name: "rlpx"
    port: 30303
    targetPort: 30303
  selector:
    app.kubernetes.io/name: besu
    app.kubernetes.io/release: "1.0.0"
  type: LoadBalancer

You can check the service thanks to this command

kubectl describe services besu

Name:                     besu
Namespace:                default
Labels:                   app.kubernetes.io/name=besu
                          app.kubernetes.io/release=1.0.0
Annotations:              kubectl.kubernetes.io/last-applied-configuration:
                            {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"besu","app.kubernetes.io/release":"1....
Selector:                 app.kubernetes.io/name=besu,app.kubernetes.io/release=1.0.0
Type:                     LoadBalancer
IP:                       --------
LoadBalancer Ingress:     ***<IP>***

And then deploy Besu

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: besu-config
  labels:
    app.kubernetes.io/name: besu
    app.kubernetes.io/release: 1.0.0
data:
  BESU_LOGGING: "INFO"
  BESU_NETWORK: "dev"
  BESU_P2P_ENABLED: "true"
  BESU_RPC_HTTP_ENABLED: "true"
  BESU_RPC_HTTP_APIS: "eth,net,web3,debug,admin"
  KUBE_CONFIG_PATH: "/opt/besu/shared/kube-config"
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: besu
  labels:
    app.kubernetes.io/name: besu
    app.kubernetes.io/release: "1.0.0"
spec:
  replicas: 1
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app.kubernetes.io/name: besu
        app.kubernetes.io/release: "1.0.0"
    spec:
      containers:
      - name: besu
        image: "hyperledger/besu:1.4.4-SNAPSHOT"
        imagePullPolicy: Always
        ports:
          - containerPort: 8545
          - containerPort: 30303
        envFrom:
        - configMapRef:
            name: besu-config
      restartPolicy: Always
status: {}

On GKE it may be necessary to give permissions to besu so that it can retrieve the list of services via the Kubernetes API

A simple solution is to call this command.

kubectl create clusterrolebinding myapp-view-binding --clusterrole=admin --serviceaccount=default:default

This command should only be used in DEV and not in production. In production we need a finer management of permissions using Kubernetes Role-based access control

If BESU does not have permissions (or if it does not detect the service) it will use the fallback mechanism by warning the user.
If the user does not want to use the detection he can call BESU with the --nat-method = NONE option

shemnon and others added 5 commits April 8, 2020 10:37
@shemnon @usmansaleem @matkt
Log to trace denied because of host whitelisting (hyperledger#663)
2fc0324 
When we deny a connection based on HTTP hostname log to trace the
rejected value.

Signed-off-by: Danno Ferrin <[email protected]>
Co-authored-by: Usman Saleem <[email protected]>
Signed-off-by: Karim TAAM <[email protected]>
@matkt
Merge branch 'master' of https://github.com/hyperledger/besu into dev…
d521961 
…elop

Signed-off-by: Karim TAAM <[email protected]>
@matkt
fix crashing NAT detectors on GKE
20e5956 
Signed-off-by: Karim TAAM <[email protected]>
@matkt
Merge commit '4a8f9996d9d3c59ced73188650efa14c6ff42326' into feature/…
0a98f4c 
…besu-507-crash-gke-nat-detector

Signed-off-by: Karim TAAM <[email protected]>
@AbdelStark
Merge branch 'master' into feature/besu-507-crash-gke-nat-detector
b2d4f2f
AbdelStark
AbdelStark approved these changes Apr 17, 2020
View reviewed changes
Copy link
Contributor

@AbdelStark AbdelStark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@matkt
fix review issues
a53f060 
Signed-off-by: Karim TAAM <[email protected]>
@matkt
Merge commit 'b2d4f2fa5d636e7fc41ba3975e4df6e41c5f1900' into feature/…
7fb7ea3 
…besu-507-crash-gke-nat-detector

Signed-off-by: Karim TAAM <[email protected]>
@matkt
fix IP detection for Kubernetes
696d6d0 
Signed-off-by: Karim TAAM <[email protected]>
@matkt
fix pipeline
04f0ca8 
Signed-off-by: Karim TAAM <[email protected]>
@AbdelStark AbdelStark merged commit d7a65c0 into hyperledger:master Apr 17, 2020
@AbdelStark AbdelStark added the doc-change-required Indicates an issue or PR that requires doc to be updated label Apr 17, 2020
@matkt matkt deleted the feature/besu-507-crash-gke-nat-detector branch April 24, 2020 08:12
@MadelineMurray MadelineMurray mentioned this pull request May 1, 2020
Closed
@bgravenorst bgravenorst removed the doc-change-required Indicates an issue or PR that requires doc to be updated label Mar 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AbdelStark AbdelStark AbdelStark approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@matkt @AbdelStark @bgravenorst @shemnon