Deployment patterns
The reference node is a single Go binary. It deploys like any stateful service. Quidnug ships first-party manifests for the common topologies.
Single-node (development)
Section titled “Single-node (development)”./bin/quidnug# Listening on :8080, state in ./data/Suitable for local development, demos, and early integration testing. No peer configuration required.
Three-node consortium (pre-production)
Section titled “Three-node consortium (pre-production)”deploy/compose/ ships a Docker Compose stack with three nodes + IPFS +
Prometheus + Grafana. Bring it up with:
cd deploy/compose/docker compose upThe three nodes seed each other via SEED_NODES, share trust over
gossip, and each produces its own Proof-of-Trust tiered chain.
Kubernetes (production)
Section titled “Kubernetes (production)”deploy/helm/quidnug/ is a production-grade StatefulSet chart with:
- PersistentVolumeClaims for each replica, the nonce ledger, trust registry, and block store are durable per-pod.
- PodDisruptionBudget for graceful rollouts.
- Anti-affinity so replicas land on different nodes.
- HPA stub, horizontal scaling is per-role, not per-shard (the protocol is not sharded).
helm install quidnug deploy/helm/quidnug/ \ --namespace quidnug --create-namespace \ --values my-values.yamlTLS termination
Section titled “TLS termination”Terminate TLS at your ingress (Cloudflare, nginx, Envoy, Caddy, AWS ALB). The node itself speaks plain HTTP on the bound port.
This is the recommended topology: your ingress already handles certs, rate limiting, and WAF. Don’t re-implement inside the binary.
Inter-node HMAC authentication
Section titled “Inter-node HMAC authentication”Set NODE_AUTH_SECRET=<32-byte-hex> and REQUIRE_NODE_AUTH=true on
every node in the consortium. Gossip, probe, and snapshot endpoints
then require a valid HMAC over the request. External (client) endpoints
continue to authenticate via the signed transaction itself, the HMAC
gates only node-to-node traffic.
Inter-region deployment
Section titled “Inter-region deployment”- Use the standard seeding mechanism; peers discover each other asynchronously.
- Prefer a small core set of operators with direct mutual trust edges (high-weight); let broader membership attach via those.
- Set a sensible
RATE_LIMIT_PER_MINUTEper node so a misbehaving peer cannot cause resource exhaustion.
Upgrading
Section titled “Upgrading”Use QDP-0009: Fork-Block Migration Trigger to coordinate protocol-level upgrades across a federated operator set. Binary upgrades (non-protocol) are rolling.
See also
Section titled “See also”- Configuration reference, all env vars.
- Observability, Prometheus metrics, Grafana dashboard, alerts.
- Integration guide, end-to-end walkthroughs.