Deploy Private IBFT 2.0 Network

Deploy Private Network Node
In this tutorial we will use the following private keys and their corresponding addresses.
DON'T use these keys in production.
Address
Private Key
0xbAa5f05af4A67A467cEcA89085f162aFb4206Aaa
fb5411342ae51291447515c89bcf6a057e3dbd0b51e060c45cb73406c38f851d
0xc1381ED43B327e3C7A1ADb21285f1e9cB82Bc00d
153b174f5e9948ae4678baed54f88244cc9c39d56b9f17ecef93d7ede633f56b
0x7DE985E2f878c83C4e91b6B1312c0f63A56C844a
89b03c4de62d61be16d22e09c8a48929a9bccd11fa6b37809cfef290292bcba3
Let's describe an Ethereum Node that uses a custom genesis block to join a private Proof of Authority network using ibft2 consensus configuration in the genesis block.
besu-ibft2-node.yaml
1
apiVersion: ethereum.kotal.io/v1alpha1
2
kind: Node
3
metadata:
4
  name: besu-ibft2-node
5
spec:
6
  client: besu
7
  nodePrivatekeySecretName: besu-ibft2-nodekey
8
  rpc: true
9
  genesis:
10
    chainId: 4444
11
    networkId: 4444
12
    ibft2:
13
      validators:
14
        - "0xbAa5f05af4A67A467cEcA89085f162aFb4206Aaa"
15
        - "0xc1381ED43B327e3C7A1ADb21285f1e9cB82Bc00d"
16
        - "0x7DE985E2f878c83C4e91b6B1312c0f63A56C844a"
Copied!
In this node, we're using Hyperledger besu client client: besu, enabling JSON-RPC server rpc: true so we can query number of peers later in this tutorial, and we're loading the node private key from Kubernetes secretd called besu-ibft2-nodekey.
The node private key will give the node a unique identity and node URL, and will allow the node to generate blocks, because the address 0xbAa5f05af4A67A467cEcA89085f162aFb4206Aaa that's corresponding to the node private key is in the initial block validators.
We're defining a genesis block that uses the value 4444 as network and chain identifier, and we start the chain with 3 validators as defined by spec.genesis.ibft2.validators.
This node private key secret can be created by:
1
kubectl create secret generic besu-ibft2-nodekey --from-literal=key=fb5411342ae51291447515c89bcf6a057e3dbd0b51e060c45cb73406c38f851d
Copied!
Private key must not start with 0x, and must be stored in secret data field called key.
Let's deploy the node:
1
kubectl apply -f besu-ibft2-node.yaml
Copied!
Kotal operator will notice your besu-ibft2-node and will create all the necessary pods, persistent volumes, services, configmaps, and secrets.
You can fetch the deployed Ethereum Node using:
1
kubectl get nodes.ethereum
Copied!
It will return an output similar to the following:
1
NAME                 CLIENT   Consensus   Network
2
besu-ibft2-node      besu     ibft2       private
Copied!
Fetch Node Logs
Get the pods that has been created by Kotal for the node:
1
kubectl get pods
Copied!
It will return an output similar to the following:
1
NAME                  READY   STATUS    RESTARTS   AGE
2
besu-ibft2-node-0     1/1     Running   0          1m
Copied!
Get the logs of the running node:
1
kubectl logs -f besu-ibft2-node-0
Copied!
Deploy a Second Node
Let's deploy another go-ethereum node, and connect it to the previous node in our private proof of authority network.
Genesis block must be the same in both nodes, or they will fork at genesis block, and won't reach consensus.
geth-ibft2-node.yaml
1
apiVersion: ethereum.kotal.io/v1alpha1
2
kind: Node
3
metadata:
4
  name: geth-ibft2-node
5
spec:
6
  client: geth
7
  miner: true
8
  coinbase: "0xc1381ED43B327e3C7A1ADb21285f1e9cB82Bc00d"
9
  import:
10
    privatekeySecretName: geth-ibft2-account-key
11
    passwordSecretName: geth-ibft2-account-password
12
  staticNodes:
13
    - besu-ibft2-node
14
  genesis:
15
    chainId: 4444
16
    networkId: 4444
17
    ibft2:
18
      validators:
19
        - "0xbAa5f05af4A67A467cEcA89085f162aFb4206Aaa"
20
        - "0xc1381ED43B327e3C7A1ADb21285f1e9cB82Bc00d"
21
        - "0x7DE985E2f878c83C4e91b6B1312c0f63A56C844a"
Copied!
In this node, we're using go-ethereum client client: geth, starting the PoA consensus engine miner: true, setting the second address in the genesis validators list spec.genesis.ibft2.validators as the coinbase coinbase: "0xc1381ED43B327e3C7A1ADb21285f1e9cB82Bc00d", and loading the validator account private key and password from kubernetes secrets privatekeySecretName: ... and passwordSecretName: .... We're connecting to the first node using staticNodes option which accepts Node name or enode url.
staticNodes accept Node name or enode URL. Node name has the format of name.namespace, namespace is optional if Node is in the same namespace. If the node doesn't exist, or is not up and running yet, Kotal will not raise an error.
You can create the private key and password secrets using:
1
kubectl create secret generic geth-ibft2-account-key --from-literal=key=153b174f5e9948ae4678baed54f88244cc9c39d56b9f17ecef93d7ede633f56b
2
kubectl create secret generic geth-ibft2-account-password --from-literal=password=s3cr3t
Copied!
Deploy the second node using:
1
kubectl apply -f geth-ibft2-node.yaml
Copied!
Kotal operator will notice your second geth-ibft2-node and will create all the necessary pods, persistent volumes, services, configmaps, and secrets.
You can fetch the deployed Ethereum Nodes using:
1
kubectl get nodes.ethereum
Copied!
It will return an output similar to the following:
1
NAME                 CLIENT   Consensus   Network
2
besu-ibft2-node      besu     poa         private
3
geth-ibft2-node      geth     poa         private
Copied!
Call JSON-RPC Method net_peerCount
Get the pods that has been created by Kotal for the node:
1
kubectl get pods
Copied!
It will return an output similar to the following:
1
NAME                  READY   STATUS    RESTARTS   AGE
2
besu-ibft2-node-0     1/1     Running   0          1m
3
geth-ibft2-node-0     1/1     Running   0          1m
Copied!
Forward localhost:8545 calls to the node pod:
1
kubectl port-forward besu-ibft2-node-0 8545
Copied!
In another terminal window call net_peerCount JSON-RPC method
1
curl -X POST -H 'content-type: application/json' --data '{"jsonrpc":"2.0","method":"net_peerCount","params":[],"id":32}' http://127.0.0.1:8545
Copied!
You will get JSON result similar to the following:
1
{
2
  "jsonrpc" : "2.0",
3
  "id" : 32,
4
  "result" : "0x1"
5
}
Copied!
Homework
Deploy a third node that uses Nethermind client, and signing blocks using the third key in the validators list spec.genesis.ibft2.validators. Nethermind client is similar to geth, you will import validator account private key and password from kubernetes secrets, and use the same genesis as the other nodes.
Finally you can delete all the nodes by:
1
kubectl delete nodes.ethereum --all
Copied!
Kubernetes garbage collector will delete all the resources that has been created by Kotal Ethereum Node controller.
Deploy Private Ethash Network
Next - Tutorials
Ethereum 2.0
Last modified 10d ago
Export as PDF
Copy link
Contents
Deploy Private Network Node
Fetch Node Logs
Deploy a Second Node
Call JSON-RPC Method net_peerCount
Homework