Prerequisites
There are three prerequisites to the Corda deployment process:
- Kubernetes A powerful tool for managing containerized applications at scale, making it easier for teams to deploy and manage their applications with high reliability and efficiency. for container orchestration
- Kafka The means by which Corda workers communicate, acting as a central message bus between the worker processes. for messaging
- PostgreSQL for persistence
See the Infrastructure Topology subsection for example topologies on the Amazon Web Services and Microsoft Azure cloud platforms, including initial sizing guidance.
Container Orchestration
Corda uses Kubernetes to manage the scheduling and availability of Corda workers. Corda is tested on version 1.23 of Kubernetes, running on Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and Red Hat OpenShift Container Platform.
| Software | Version |
|---|---|
| Kubernetes | 1.25 |
| Amazon Elastic Kubernetes Service (EKS). Currently only supported on EC2, not Fargate. | 1.25 |
| Microsoft Azure Kubernetes Service (AKS) | 1.25 |
RedHat OpenShift Container Platform (OCP) | 4.12.12 |
The Corda deployment process requires a Kubernetes context with credentials that provide access to the namespace in which Corda is to be installed. It needs permission to create deployments, secrets, and, if automatic bootstrapping is used, jobs. Corda does not create any persistent volumes and does not install any cluster-scoped resources.
Messaging
Corda uses Kafka for communication between the Corda workers. Corda is tested with Kafka 3.2.0, including Amazon Managed Streaming for Apache Kafka (MSK). Corda is also tested with Confluent Cloud.
| Software | Version |
|---|---|
| Kafka | 3.2.0 |
| Amazon Managed Streaming for Apache Kafka (MSK) | 3.2.0 |
| Confluent Cloud | 3.2.0 |
The Corda deployment process requires the Kafka bootstrap server addresses and their ports. If the Kafka brokers are using TLS Transport Layer Security. A protocol that establishes an encrypted session between two computers on the Internet. and the certificates used will not be trusted by the JVM’s default trust store In the context of X.500 certificates and digital security, this is a repository or database containing a collection of trusted digital certificates, often from Certificate Authorities (CAs). , then a trust store containing the root certificate is required. If automatic bootstrapping is used, the user name and password are required for a user that has permission to create topics with the given topic prefix and then define ACLs for each topic. It is recommended that a separate user is then used for each of the seven types of Corda workers although, for development and test, a single user can be used.
Database
Corda uses PostgreSQL for the persistence of system and application data, including configuration and state information. Corda is tested with PostgreSQL 14.4 including Amazon RDS for PostgreSQL, Amazon Aurora PostgreSQL, and Microsoft Azure PostgreSQL.
| Database | Version |
|---|---|
| PostgreSQL | 14.4 |
| Amazon RDS for PostgreSQL | 14.4 |
| Amazon Aurora PostgreSQL | 14.4 |
| Microsoft Azure for PostgreSQL | 14.4 |
The Corda deployment process requires the PostgreSQL hostname and port. If automatic bootstrapping is used, a user name and password are required for a user that has the ability to create the schemas for configuration, crypto, and RBAC Role-based access control. Also known as role-based security. A permission system to restrict system access based on assigned permissions. , and can create crypto and RBAC users and grant them access to their respective schemas. If bootstrapping manually, an additional virtual node The combination of the context of a user and the ephemeral compute instances created to progress a transaction on that identity's behalf. user will still need the ability to create schemas dynamically at runtime.
Security Vault
Corda Enterprise supports integration with HashiCorp Vault as an external secret management system. This is the recommended deployment configuration. For more information, see Configuration Secrets.
| Software | Version |
|---|---|
| HashiCorp Vault | 1.13.1 |
Was this page helpful?
Thanks for your feedback!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.
We're sorry this page wasn't helpful. Let us know how we can make it better!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Create an issue
Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.