1. Retraced: Blockchain platform deployment in a Kubernetes cluster on Oracle Cloud
  2. Retraced: Blockchain Platform Deployment in a Kubernetes Cluster on Oracle Cloud

Retraced: Blockchain Platform Deployment in a Kubernetes Cluster on Oracle Cloud

To help fair trade fashion brands verify the authenticity of their suppliers’ materials and fair trade practices, Retraced runs its blockchain platform in a Kubernetes cluster on Oracle Cloud Infrastructure.

Because most certifying authorities don't expose their APIs to the public, it is often difficult for brands to validate their suppliers' materials. By using Retraced's blockchain network, these authorities can freely participate through private nodes and encrypted algorithms to validate the certificates.

When the certificates are validated, users can map their supply chain data into Retraced's application—including certified details about the cotton growers, textile manufacturers, fabric dyers, designers, and seamstresses. Fair trade fashion companies can update order, delivery, and production schedules and then create, print, and affix QR codes to both physical and digital garment tags.

After these chain-of-custody details are entered and mapped into Retraced's platform, suppliers are invited to download Retraced’s application and create a user account. When an order is placed—say, for 10 women’s blouses—the application automatically provides details about the materials needed to produce the blouses and sends each supplier a request to accept the order. Upon acceptance, the supplier is added to the chain so that its activities can be tracked throughout that order’s lifecycle.

The application traces the chain from the growers and up to the weavers, so that a fair trade fashion brand knows exactly when the cotton bolls are shipped from the farm, when they’re processed into yarn by the gin, and when the yarn is dyed, woven into fabric, and then sent to the company’s sewing workshops to be stitched into the finished garments.

Customer Story

Learn more about Retraced's journey to Oracle Cloud:

Architecture

After a clothing manufacturer, supplier, or farmer logs into the Retraced platform, they are authenticated by using Oracle Cloud Infrastructure Load Balancing. Depending on current network traffic, workloads are distributed to appropriate compute instances, all managed within an Oracle Container Engine for Kubernetes cluster.

After workloads are processed in either a bare metal or virtual machine (VM) compute instance, they are automatically routed to an available "pod" for further processing. Each pod executes Node.js instructions, such as sending user requests to an Oracle Autonomous Data Warehouse, so the user can view or download certificates of material authenticity.

Each certificate is verified through a "validation algorithm," which certifying authorities can use to create a "smart contract." These contracts are managed using Hyperledger Fabric, which is built into Oracle Blockchain Platform. These contracts are packaged into a chaincode, which is then deployed to Retraced's blockchain network for its users to view and download.

Retraced accesses its persistent storage through an Oracle service gateway, and then processes that data, using Oracle Autonomous Transaction Processing.

The following diagram illustrates this reference architecture.


Description of retraced-oci-architecture.png follows
Description of the illustration retraced-oci-architecture.png

retraced-oci-architecture-oracle.zip

The architecture has the following components:

  • Tenancy

    A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.

  • Web Application Firewall (WAF)

    Oracle Cloud Infrastructure Web Application Firewall (WAF) is a payment card industry (PCI) compliant, regional-based and edge enforcement service that is attached to an enforcement point, such as a load balancer or a web application domain name. WAF protects applications from malicious and unwanted internet traffic. WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications.

  • Identity and access management (IAM)

    Oracle Cloud Infrastructure Identity and Access Management (IAM) enables you to control who can access your resources in Oracle Cloud Infrastructure and the operations that they can perform on those resources.

  • Cloud Guard

    You can use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.

  • Security zone

    Security zones ensure Oracle's security best practices from the start by enforcing policies such as encrypting data and preventing public access to networks for an entire compartment. A security zone is associated with a compartment of the same name and includes security zone policies or a "recipe" that applies to the compartment and its sub-compartments. You can't add or move a standard compartment to a security zone compartment.

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Compartment

    Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.

  • Availability domain

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Security list

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • Route table

    Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • Network address translation (NAT) gateway

    A NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.

  • Service gateway

    The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

  • Local peering gateway (LPG)

    An LPG enables you to peer one VCN with another VCN in the same region. Peering means the VCNs communicate using private IP addresses, without the traffic traversing the internet or routing through your on-premises network.

  • Compute

    The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.

  • Load balancer

    The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.

  • Container Engine for Kubernetes

    Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing tenancy. Container Engine for Kubernetes uses Kubernetes to automate the deployment, scaling, and management of containerized applications across clusters of hosts.

  • Autonomous Data Warehouse

    Oracle Autonomous Data Warehouse is a self-driving, self-securing, self-repairing database service that is optimized for data warehousing workloads. You do not need to configure or manage any hardware, or install any software. Oracle Cloud Infrastructure handles creating the database, as well as backing up, patching, upgrading, and tuning the database.

  • Autonomous Transaction Processing

    Oracle Autonomous Transaction Processing is a self-driving, self-securing, self-repairing database service that is optimized for transaction processing workloads. You do not need to configure or manage any hardware, or install any software. Oracle Cloud Infrastructure handles creating the database, as well as backing up, patching, upgrading, and tuning the database.

  • Analytics

    Oracle Analytics Cloud is a scalable and secure public cloud service that empowers business analysts with modern, AI-powered, self-service analytics capabilities for data preparation, visualization, enterprise reporting, augmented analysis, and natural language processing and generation. With Oracle Analytics Cloud, you also get flexible service management capabilities, including fast setup, easy scaling and patching, and automated lifecycle management.

Get Featured in Built and Deployed

Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.

  1. Download the template (PPTX)

    Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.

  2. Watch the architecture tutorial

    Get step by step instructions on how to create a reference architecture.

  3. Submit your diagram

    Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.

Explore More

Learn more about the features of this architecture.

Acknowledgements

  • Authors: Sasha Banks-Louie, Mandip Bhuller, Chris Wells
  • Contributor: Robert Lies