How to Deploy a Hyperledger Besu Network on Kubernetes

Deploying a Hyperledger Besu network on Kubernetes has become a go-to strategy for enterprise-grade blockchain solutions. With growing adoption by organizations like LACChain, Poste Italiane, and Public Mint, Hyperledger Besu stands out as a robust, permissioned Ethereum client ideal for scalable and secure enterprise networks. Kubernetes, with its powerful orchestration capabilities, complements Besu perfectly—enabling automated scaling, high availability, and seamless management of distributed nodes.

This guide walks you through deploying a private Hyperledger Besu network using Kubernetes in nine structured steps. Whether you're building a proof-of-concept or preparing for production, this tutorial ensures clarity, consistency, and operational efficiency.

Why Use Kubernetes for Hyperledger Besu Deployment?

Kubernetes is the preferred platform for deploying blockchain networks due to its ability to manage containerized workloads at scale. When it comes to Hyperledger Besu, Kubernetes offers:

• Automated scaling of validator, RPC, and transaction nodes
• Self-healing mechanisms that restart failed containers
• Declarative configuration via Helm charts for repeatable deployments
• High availability across multi-node clusters

Unlike traditional virtualized environments, Kubernetes enables immutable infrastructure patterns—ensuring consistent node behavior across development, testing, and production stages. In enterprise settings where uptime and reliability are critical, Kubernetes significantly reduces operational overhead.

👉 Discover how enterprise blockchain deployment can be simplified with modern infrastructure tools.

Step-by-Step: Deploying a Hyperledger Besu Network on Kubernetes

Before diving into the deployment process, ensure your environment meets the following prerequisites:

• A running Kubernetes cluster (local or cloud-based)
• kubectl installed and configured to communicate with the cluster
• Helm 3 installed for managing Kubernetes packages (charts)
• Clone the Quorum-Kubernetes repository (used for Besu deployment templates)

Step 1: Verify Cluster Connectivity

Ensure kubectl is properly connected to your cluster by running:

kubectl version

You should see both client and server version outputs, confirming successful connectivity.

Step 2: Navigate to the Helm Directory

Switch to the helm directory in your cloned repository:

cd helm

This directory contains the necessary Helm charts for deploying Besu components.

Step 3: Create a Namespace

Organize your deployment using a dedicated namespace:

kubectl create namespace besu

Using namespaces isolates resources and improves manageability—especially in multi-team environments.

Step 4: Generate the Genesis File Using Helm

The genesis file defines core network parameters such as chain ID, consensus mechanism (e.g., QBFT, IBFT), block period, gas limit, and initial validators.

Use the besu-genesis Helm chart with a custom values file (genesis-besu.yml) to generate this configuration. Below is an example override:

cluster:
  provider: local
  cloudNativeServices: false

rawGenesisConfig:
  genesis:
    config:
      chainId: 1337
      algorithm:
        consensus: qbft
      blockperiodseconds: 10
      epochlength: 30000
      requesttimeoutseconds: 20
    gasLimit: '0x47b760'
    difficulty: '0x1'
  blockchain:
    nodes:
      generate: true
      count: 4
      accountPassword: 'password'

Deploy the genesis chart:

helm install genesis ./charts/besu-genesis --namespace besu --create-namespace --values ./values/genesis-besu.yml

Upon success, Kubernetes will create ConfigMaps containing the genesis block and enode information.

Step 5: Deploy Bootnodes (Optional but Recommended)

Bootnodes help new nodes discover peers in the network. For production setups, deploy at least two bootnodes.

Modify your values file to set:

quorumFlags:
  isBootnode: true
  usesBootnodes: true

Then deploy:

helm install bootnode-1 ./charts/besu-node --namespace besu --values ./values/bootnode.yml

All subsequent nodes must reference these bootnodes during connection.

Step 6: Deploy Validator Nodes

Validators participate in block creation and consensus. Deploy four initial validators using the besu-node chart:

helm install validator-1 ./charts/besu-node --namespace besu --values ./values/validator.yml
helm install validator-2 ./charts/besu-node --namespace besu --values ./values/validator.yml
helm install validator-3 ./charts/besu-node --namespace besu --values ./values/validator.yml
helm install validator-4 ./charts/besu-node --namespace besu --values ./values/validator.yml

These nodes will begin syncing once connected via bootnodes.

Step 7: Add or Remove Validators Dynamically

To expand or reduce the validator pool, use Besu’s voting mechanism. A new node must first join as a regular node, then receive votes from existing validators via JSON-RPC calls.

Example API call to add a validator:

{
  "jsonrpc": "2.0",
  "method": "qbft_proposeValidatorVote",
  "params": ["0x...", true],
  "id": 1
}

Majority approval is required for the change to take effect.

👉 Learn how dynamic node management enhances enterprise blockchain governance.

Step 8: Deploy RPC and Transaction Nodes

RPC Nodes (reader nodes) allow external applications to query blockchain data:

helm install rpc-1 ./charts/besu-node --namespace besu --values ./values/reader.yml

Transaction Nodes (member nodes) support private transactions using Tessera:

helm install member-1 ./charts/besu-node --namespace besu --values ./values/txnode.yml

These nodes enhance network functionality without participating in consensus.

Step 9: Interact with the Network Locally

Expose services securely using an ingress controller. Install NGINX Ingress:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install quorum-network-ingress ingress-nginx/ingress-nginx --namespace besu ...

Apply ingress rules:

kubectl apply -f ../ingress/ingress-rules-besu.yml

Retrieve the external IP:

kubectl -n besu get services quorum-network-ingress-ingress-nginx-controller

Test connectivity with a JSON-RPC call:

curl -X POST -H "Content-Type: application/json" \
  --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' \
  http://<INGRESS_IP>/rpc

A successful response confirms node synchronization.

Frequently Asked Questions (FAQ)

Q: Can I deploy a public Besu network using this method?
A: Yes, but this guide focuses on private networks. For public networks, refer to Hyperledger Besu’s official documentation for configuration adjustments.

Q: What consensus algorithms are supported in Besu on Kubernetes?
A: Besu supports QBFT, IBFT 2.0, RAFT, and Clique. QBFT is recommended for production due to its fault tolerance and finality guarantees.

Q: How do I monitor node health in Kubernetes?
A: Use built-in Kubernetes monitoring tools or integrate Prometheus and Grafana via service monitors defined in Helm values.

Q: Is persistent storage required for Besu nodes?
A: Yes. Use PersistentVolumeClaims (PVCs) to preserve node data across restarts. Configure reclaimPolicy: Delete or Retain based on retention needs.

Q: Can I upgrade Besu versions without downtime?
A: Yes. Leverage Kubernetes rolling updates to gradually replace pods with newer images while maintaining network availability.

👉 Explore how real-time monitoring boosts blockchain node reliability.

Core Keywords

• Hyperledger Besu
• Kubernetes deployment
• Blockchain node orchestration
• Enterprise blockchain
• Private blockchain network
• Helm charts
• Validator nodes
• JSON-RPC

By combining Hyperledger Besu with Kubernetes, enterprises gain a powerful foundation for secure, scalable, and maintainable blockchain infrastructures. This deployment pattern supports evolving business needs—from internal audits to cross-organizational consortia—while leveraging cloud-native best practices.