Prerequisites
The Corda deployment process has the following prerequisites:
- Kubernetes A powerful tool for managing containerized applications at scale, making it easier for teams to deploy and manage their applications with high reliability and efficiency. for container orchestration
- Kafka The means by which Corda workers communicate, acting as a central message bus between the worker processes. for messaging
- PostgreSQL for persistence
See the Infrastructure Topology subsection for example topologies on the Amazon Web Services and Microsoft Azure cloud platforms, including initial sizing guidance.
Container Orchestration
Corda uses Kubernetes to manage the scheduling and availability of Corda workers. Corda is tested on the following:
| Software | Version |
|---|---|
| Kubernetes | 1.28 or later |
| Helm | 3.10 |
| Amazon Elastic Kubernetes Service (EKS). Currently only supported on EC2, not Fargate. | 1.28 or later |
| Microsoft Azure Kubernetes Service (AKS) | 1.28 or later |
RedHat OpenShift Container Platform (OCP) | 4.14 or later |
The Corda deployment process requires a Kubernetes context with credentials that provide access to the namespace in which Corda is to be installed. It needs permission to create deployments, secrets, and, if automatic bootstrapping is used, jobs. Corda does not create any persistent volumes and does not install any cluster-scoped resources.
Messaging
Corda uses Kafka for communication between the Corda workers. Corda is tested with the following:
| Software | Version |
|---|---|
| Kafka R3 recommends using KRaft. | 3.6.1 or later patch version |
| Amazon Managed Streaming for Apache Kafka (MSK) | 3.6.0 or later patch version |
| Confluent Cloud |
The Corda deployment process requires the following:
- Kafka bootstrap server addresses and their ports.
- Automatic bootstrapping: user name and password for a user that has permission to:
- create topics with the given topic prefix.
- define ACLs for each topic. You should use a separate user for each type of Corda worker although, for development and test, a single user can be used.
- If the Kafka brokers are using TLS Transport Layer Security. A protocol that establishes an encrypted session between two computers on the Internet. and the certificates used are not trusted by the default JVM trust store In the context of X.500 certificates and digital security, this is a repository or database containing a collection of trusted digital certificates, often from Certificate Authorities (CAs). , a trust store containing the root certificate is required.
Database
Corda uses PostgreSQL for the persistence of system and application data, including configuration and state information. Corda is tested with the following:
| Database | Version |
|---|---|
| PostgreSQL | 14.10 or later minor version |
| Amazon RDS for PostgreSQL | 14.10 or later minor version |
| Amazon Aurora PostgreSQL | 14.6 (LTS) or later minor version |
| Microsoft Azure for PostgreSQL | 14 |
The Corda deployment process requires the following:
- PostgreSQL hostnames and ports.
- Automatic bootstrapping: user name and password for a user in each database that has the ability to:
- create the configuration, crypto, RBAC, and state manager schemas.
- create crypto, RBAC, and state manager users.
- grant the users access to their respective schemas.
- Manual bootstrapping: additional virtual node The combination of the context of a user and the ephemeral compute instances created to progress a transaction on that identity's behalf. user with the ability to create schemas dynamically at runtime.
Security Vault
Corda Enterprise supports integration with HashiCorp Vault as an external secret management system. This is the recommended deployment configuration. For more information, see Configuration Secrets. Corda is tested with the following:
| Software | Version |
|---|---|
| HashiCorp Vault | 1.15.2 |
Was this page helpful?
Thanks for your feedback!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.
We're sorry this page wasn't helpful. Let us know how we can make it better!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Create an issue
Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.