- Create certificates authorities (CA)
- Create peers
- Create ordering services
- Create resources without manual provisioning of cryptographic material
- Domain routing with SNI using Istio
- Run chaincode as external chaincode in Kubernetes
- Support Hyperledger Fabric 2.3+
- Managed genesis for Ordering services
- E2E testing including the execution of chaincodes in KIND
- More parametrization on the Peer
- More parametrization on the Fabric CA
- More parametrization on the Fabric Ordering services
- Install chaincode in peer using Custom Resource Definitions
- Manage channel configuration using Custom Resource Definitions
- Fabric CA client
- YQ binary to replace values in YAML (for the getting started)
- KubeCTL
- Kubernetes 1.15+
- Istio
kubectl apply -f ./hack/istio-operator/crds/*
helm template ./hack/istio-operator/ \
--set hub=docker.io/istio \
--set tag=1.8.0 \
--set operatorNamespace=istio-operator \
--set watchedNamespaces=istio-system | kubectl apply -f -
kubectl create ns istio-system
kubectl apply -n istio-system -f ./hack/istio-operator.yaml
helm install hlf-operator ./chart/hlf-operator
# when kubectl-hlf is in the krew-index
kubectl krew install hlf
# now
kubectl krew install --manifest=krew-plugin.yaml
kubectl hlf ca create --storage-class=standard --capacity=2Gi --name=org1-ca \
--enroll-id=enroll --enroll-pw=enrollpw
kubectl wait --timeout=180s --for=condition=Running fabriccas.hlf.kungfusoftware.es --all
# register user for the peers
kubectl hlf ca register --name=org1-ca --user=peer --secret=peerpw --type=peer \
--enroll-id enroll --enroll-secret=enrollpw --mspid Org1MSP
kubectl hlf peer create --storage-class=standard --enroll-id=peer --mspid=Org1MSP \
--enroll-pw=peerpw --capacity=5Gi --name=org1-peer0 --ca-name=org1-ca.default
kubectl wait --timeout=180s --for=condition=Running fabricpeers.hlf.kungfusoftware.es --all
kubectl hlf ca create --storage-class=standard --capacity=2Gi --name=ord-ca \
--enroll-id=enroll --enroll-pw=enrollpw
kubectl wait --timeout=180s --for=condition=Running fabriccas.hlf.kungfusoftware.es --all
kubectl hlf ca register --name=ord-ca --user=orderer --secret=ordererpw \
--type=orderer --enroll-id enroll --enroll-secret=enrollpw --mspid=OrdererMSP
kubectl hlf ordservice create --storage-class=standard --enroll-id=orderer --mspid=OrdererMSP \
--enroll-pw=ordererpw --capacity=2Gi --name=ordservice --ca-name=ord-ca.default \
--system-channel testchainid --num-orderers=1
kubectl wait --timeout=180s --for=condition=Running fabricorderingservices.hlf.kungfusoftware.es --all
kubectl hlf inspect --output ordservice.yaml -o OrdererMSP
kubectl hlf ca register --name=ord-ca --user=admin --secret=adminpw \
--type=admin --enroll-id enroll --enroll-secret=enrollpw --mspid=Ord2MSP
kubectl hlf ca enroll --name=ord-ca --user=admin --secret=adminpw --mspid Ord2MSP \
--ca-name ca --output admin-ordservice.yaml
## add user from admin-ordservice.yaml to ordservice.yaml
kubectl hlf consortiums create --name=Default --system-channel-id="testchainid" \
--config=ordservice.yaml --orderer-org=ordservice.default --user=admin \
-p=org1-peer0.default
kubectl hlf ca register --name=org1-ca --user=admin --secret=adminpw --type=admin \
--enroll-id enroll --enroll-secret=enrollpw --mspid Org1MSP
kubectl hlf ca enroll --name=org1-ca --user=admin --secret=adminpw --mspid Org1MSP \
--ca-name ca --output peer-org1.yaml
kubectl hlf inspect --output org1.yaml -o Org1MSP -o OrdererMSP
## add user key and cert to org1.yaml from admin-ordservice.yaml
kubectl hlf channel create --name=ch1 --config=org1.yaml \
--admin-org=org1-peer0.default --user=admin \
-p=org1-peer0.default --ordering-service=ordservice.default \
--consortium=Default
kubectl hlf channel addanchorpeer --channel=ch1 --config=org1.yaml \
--user=admin --peer=org1-peer0.default
kubectl hlf channel join --name=ch1 --config=org1.yaml \
--user=admin -p=org1-peer0.default
In case of error, you may need to add the following to the org1.yaml configuration file:
channels:
_default:
peers:
"org1-peer0.default":
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
kubectl hlf channel top --channel=ch1 --config=org1.yaml \
--user=admin -p=org1-peer0.default
kubectl hlf chaincode install --path=./fixtures/chaincodes/fabcar/go \
--config=org1.yaml --language=golang --label=fabcar --user=admin --peer=org1-peer0.default
# this can take 3-4 minutes
kubectl hlf chaincode queryinstalled --config=org1.yaml --user=admin --peer=org1-peer0.default
kubectl hlf chaincode approveformyorg --config=org1.yaml --user=admin --peer=org1-peer0.default \
--package-id=fabcar:db8d009f7e2e9fa4a40ddfd6b7e603d3177b126d18cdbeabcf8481f9a6de519f \
--version "1.0" --sequence 1 --name=fabcar \
--policy="OR('Org1MSP.member')" --channel=ch1
kubectl hlf chaincode commit --config=org1.yaml --user=admin --peer=org1-peer0.default \
--version "1.0" --sequence 1 --name=fabcar \
--policy="OR('Org1MSP.member')" --channel=ch1
kubectl hlf chaincode invoke --config=org1.yaml \
--user=admin --peer=org1-peer0.default \
--chaincode=fabcar --channel=ch1 \
--fcn=initLedger -a '[]'
kubectl hlf chaincode query --config=org1.yaml \
--user=admin --peer=org1-peer0.default \
--chaincode=fabcar --channel=ch1 \
--fcn=QueryAllCars -a '[]'
At this point, you should have:
- Ordering service with 3 nodes and a CA
- Peer organization with a peer and a CA
- A channel ch1
- A chaincode install in peer0
- A chaincode approved and committed
If something went wrong or didn't work, please, open an issue.
kubectl delete fabricorderingservices.hlf.kungfusoftware.es --all-namespaces --all
kubectl delete fabricpeers.hlf.kungfusoftware.es --all-namespaces --all
kubectl delete fabriccas.hlf.kungfusoftware.es --all-namespaces --all