Corda Network on Kubernetes

Dinesh Rivankar
3 min readJun 30, 2020

The core of any Blockchain application is the network on which it runs. Orchestrating this network in a secured environment which can be easily managed is the key for any successful deployment. There are many practices emerged to orchestrate and manage the network. Today we will focus on how Kubernetes can be used to orchestrate Corda Open Source Network.

First step in the Kubernetes orchestration is to create a cluster of nodes. Use the below article to create a Kubernetes cluster with a single Master and 3 Worker Nodes.

Dockerzise the Node

Kubernetes is a container orchestration tool which helps in deploying, managing and monitoring the containers. There are many open source images available for Corda, however we will create our own image so that we can mount required artifacts.

While creating the docker image for container orchestration, one needs to divide the artifacts into 2 categories, common and specific to the participants. The common artifacts for Corda nodes are the Cordapps and Corda jar files. The specific to nodes are node.conf, network-parameters and node certificates.

In our case we will mount additional-node-infos files for the network. If we use the CENM tool then we don’t need to build Docker images with additional-node-infos files.

We will also open some ports for node communication like port 30000 is for P2P communication and port 2222 for node ssh. Finally the node startup script which will be used to start the node service once the container is up.

Cluster IP

It’s a unique IP address assigned to the Kubernetes services. This IP address is tied to the service and will not change till the lifespan of the service. We will assign static Cluster IP to all the services for the Corda Network. This will avoid editing the node.conf file for all the participants.

Below are the static cluster IP assigned to the network participants.

notary   ClusterIP  
partya ClusterIP
partyb ClusterIP

Clone the below repository on master node for better understanding.

git clone

Edit the .env file to add details of docker image name and hostname for each participant.

If hostnames are unknown then use the “ kubectl get nodes ” command on master. Name column in the output is the hostname for the node..


Network Bootstrapping

Since we are making use of Cluster IP concepts, we don’t need to change the P2P addresses for all the node.conf files. For bootstrapping the node, use below commands.

cd network-bootstrapper/

Network Deployment

Before deploying the network, add the CorDapp jar files in the cordapps directory of the repository. These jar files will be mounted in the container. For exploration add IOU jar files. Use the below tutorial for building an IOU jar.

The “ ./ “ script located in the root directory of the repository will deploy the network on respected VM’s. Kubernetes secrets created during the network bootstrap will be used to mount the node.conf, network-parameters and node certificates.

Network Testing

Login to PartyA container and ssh to the node shell. Replace <<container-id>> in the below command with PartyA node container ID

docker exec -it <<container-id>> bash
ssh -p 2222 localhost -l user1

Invoke a transaction with PartyB

start IOUFlow iouValue: 99, otherParty: "O=PartyB,L=New York,C=US"


✓ Starting
Requesting signature by notary service
Requesting signature by Notary service
Validating response from Notary service
✓ Broadcasting transaction to participants
▶︎ Done
Flow completed with result: kotlin.Unit

Query a transaction

run vaultQuery contractStateType: com.template.states.IOUState


- state:
data: !<com.template.states.IOUState>
value: 99
lender: "O=PartyA, L=London, C=GB"
borrower: "O=PartyB, L=New York, C=US"
contract: "com.template.contracts.IOUContract"
notary: "O=Notary, L=London, C=GB"
encumbrance: null
constraint: !<net.corda.core.contracts.SignatureAttachmentConstraint>
key: "aSq9DsNNvGhYxYyqA9wd2eduEAZ5AXWgJTbTEw3G5d2maAq8vtLE4kZHgCs5jcB1N31cx1hpsLeqG2ngSysVHqcXhbNts6SkRWDaV7xNcr6MtcbufGUchxredBb6"
txhash: "5E8EC316D506A3A129FCD7C52F4AA8A60F05C039FF5EEB44A9CF40F92E65075E"
index: 0
- ref:
txhash: "5E8EC316D506A3A129FCD7C52F4AA8A60F05C039FF5EEB44A9CF40F92E65075E"
index: 0
contractStateClassName: "com.template.states.IOUState"
recordedTime: "2020-06-28T06:04:42.932Z"
consumedTime: null
status: "UNCONSUMED"
notary: "O=Notary, L=London, C=GB"
lockId: null
lockUpdateTime: null
relevancyStatus: "RELEVANT"
key: "aSq9DsNNvGhYxYyqA9wd2eduEAZ5AXWgJTbTEw3G5d2maAq8vtLE4kZHgCs5jcB1N31cx1hpsLeqG2ngSysVHqcXhbNts6SkRWDaV7xNcr6MtcbufGUchxredBb6"
totalStatesAvailable: -1
stateTypes: "UNCONSUMED"
otherResults: []



Dinesh Rivankar

Architect, Blockchain Innovation Group. #TOGAF #ConfidentialComputing #Corda #Hyperledger #SmartContract