Private Channels - Using Kubernetes

Here you will find instructions to create a private channel using Tessera on Kubernetes.

Minimum System Requirements

Recommended hardware features for Tessera node:

Recommended Hardware On Pro-TestnetOn Mainnet-Omega
CPU 2 vCPUs4 vCPUs compute optimized
RAM Memory 8 GB16 GB
Hard Disk 200 GB SSD300 GB SSD
IOPs —–70,000 IOPS READ 50,000 IOPS WRITE

Kubernetes: Google Kubernestes Engine GKE.

It is necessary to enable the following network ports in the machine in which we are going to deploy the node:

Tessera Node (Optional component for private transactions):

  • Por 4040: TCP – To communicate with other Tessera nodes.
  • Port 4444: TCP – For communication between Besu and Tessera.


Install Kubectl

Install Helm

For this installation we will use Kubectl. It is necessary to install Kubectl on a local machine that will perform the installation of the node on a kubernetes clusterFollowing the instructions to install kubectl in your local machine.

For this installation we will use Helm. It is necessary to install helm on a local machine that will perform the installation of the node on a kubernetes clusterFollowing the instructions to install helm in your local machine.

Clone Repository

To configure and install Besu and Tessera, you must clone this git repository in your local machine.

					$ git clone
$ cd besu-networks/helm/

Node Installation

Variable Values

You need to set the values in tessera.yml. The values you have to set are in the deploy section. These are the following:


  • network: Type Network – david19-net | protest-net | main-net.
  • typenode: Type of Node – writer | validator | bootnode | tessera.
  • publicIP: TCP Public IP Ingress.
  • p2p – host: P2P Public IP Egress.
  • p2p – port: P2P PORT – Default (60606).
  • workerName: Name of the node worker where always the pod will be installed.
  • dnsName: Organization domain name (e.g.
  • nodeName: Name you want for your node in the network monitoring tool.
  • nodeEmail: email address you want to register for your node in the network monitoring tool. It’s a good idea to provide the e-mail of the technical contact identified or to be identified in the registration form as part of the on-boarding process.
  • tessera:peer: Another Tessera node in the private network.

Set value to environment variable

TCP Public IP Ingress: Generate a static public IP in your cloud provider. Then replace the public ip in the load balance (loadBalancerIP) service manifest. finally update the publicIP environment variable with this IP.

P2P Public IP Egress: Outgoing p2p traffic to synchronize besu nodes. This is the permissioned IP for the network. Therefore, the pod must always be installed on the same worker node so that the IP does not change. We obtain the name and IP of the cluster nodes with the following command.

					$ kubectl get nodes -o wide

We choose a worker and update the “nodeName” value in the manifest of the pod we are going to deploy. finally update the p2p – host environment variable with worker IP external .

Note: We validate that the pod has been deployed in the selected worker with the following command.

					$ kubectl get pod -o wide 

Deploying the new Tessera node

Depending type node you want to deploy, you need execute the following command (this deployment is compalitible only Google Kubernestes Engine GKE):

  • To deploy a Node Tessera

					$ helm install <chart-name>  ./charts/besu-node --namespace  <namespace-name> --create-namespace --values ./values/tessera.yml 
  • e.g. deploy Node Writer on Mainnet-Omega network

					  $ helm install lacnet-writer-1 ./charts/besu-node --namespace  lacchain-main-net --create-namespace --values ./values/writer.yml

At the end of the installation, if everything worked a BESU service will be created managed by Systemctl with Running status. Aditional objects created are namespace, service load balancer, configmap, and volume.

Now you can check log node Tessera:

					$ kubectl logs <pod name> -c <container name> -f -n <namespace>

You should get something like this:

If you need to update the node, try redeploy the Tessera node, run:

					$ $ helm upgrade <chart-name> ./charts/besu-node --namespace  <namespace-name>  --values ./values/tessera.yml 

If any of these two checks doesn’t work, try to restart the Tessera pod:

					$ kubectl delete pod <pod name> -n <namespace>


If that doesn’t solve the problem, open a ticket if you already have a membership or contact us at [email protected].

Copyright 2024 © All rights Reserved. Designed by LACNet