Skip to content

Commit

Permalink
[hlf-peer] Update to Fabric 1.2.0, add TLS certificate secret option (h…
Browse files Browse the repository at this point in the history 
…elm#7887)

* [hlf-peer] Update to Fabric 1.2.0, add TLS certificate secret option

Signed-off-by: Alejandro Vicente Grabovetsky <sasha@aid.technology>

* Update README.ms with new TLS secret

Signed-off-by: Alejandro Vicente Grabovetsky <sasha@aid.technology>

* Update CA TLS certificate obtaining

Signed-off-by: Alejandro Vicente Grabovetsky <sasha@aid.technology>
Signed-off-by: Jakob Niggel <info@jakobniggel.de>
  • Loading branch information
@alexvicegrab @Jnig
alexvicegrab authored and Jnig committed Nov 13, 2018
1 parent 77c3528 commit 2cb91fc
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 5 deletions.
4 changes: 2 additions & 2 deletions stable/hlf-peer/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
apiVersion: v1
description: Hyperledger Fabric Peer chart (these charts are created by AID:Tech and are currently not directly associated with the Hyperledger project)
name: hlf-peer
version: 1.0.9
appVersion: 1.1.0
version: 1.1.0
appVersion: 1.2.0
keywords:
- blockchain
- hyperledger
Expand Down
1 change: 1 addition & 0 deletions stable/hlf-peer/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ The following table lists the configurable parameters of the Hyperledger Fabric
| `secrets.channel` | Secret containing Channel tx for peer to create/join | `` |
| `secrets.adminCert` | Secret containing Peer Org admin certificate | `` |
| `secrets.adminCert` | Secret containing Peer Org admin private key | `` |
| `secrets.caServerTls` | Secret containing CA Server TLS certificate | `ca--tls` |
| `resources` | CPU/Memory resource requests/limits | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
Expand Down
21 changes: 20 additions & 1 deletion stable/hlf-peer/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,11 @@ spec:
secret:
secretName: {{ .Values.secrets.adminKey }}
{{- end }}
{{- if .Values.secrets.caServerTls }}
- name: ca-server-tls
secret:
secretName: {{ .Values.secrets.caServerTls }}
{{- end }}
containers:
- name: peer
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
Expand Down Expand Up @@ -85,8 +90,13 @@ spec:
while [ ! -f ${CORE_PEER_MSPCONFIGPATH}/signcerts/cert.pem ];
do
{{- if .Values.secrets.caServerTls }}
echo ">\033[0;35m fabric-ca-client enroll -d -u https://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M ${CORE_PEER_MSPCONFIGPATH} --tls.certfiles /hl_config/ca_server/tls/tls.crt \033[0m"
fabric-ca-client enroll -d -u https://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M ${CORE_PEER_MSPCONFIGPATH} --tls.certfiles /hl_config/ca_server/tls/tls.crt
{{- else }}
echo ">\033[0;35m fabric-ca-client enroll -d -u http://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M ${CORE_PEER_MSPCONFIGPATH} \033[0m"
fabric-ca-client enroll -d -u http://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M ${CORE_PEER_MSPCONFIGPATH}
{{- end }}
if [ ! -f ${CORE_PEER_MSPCONFIGPATH}/signcerts/cert.pem ]
then
Expand All @@ -108,8 +118,13 @@ spec:
# Create TLS certificate for Peer
if [ ! -f ${CORE_PEER_TLS_PRIVATEKEY} ]
then
echo ">\033[0;35m fabric-ca-client enroll -d --enrollment.profile tls -u http://${CA_USERNAME}:${CA_PASSWORD}@http://${CA_ADDRESS} -M /tmp/tls --csr.hosts {{ include "hlf-peer.fullname" . }} \033[0m"
{{- if .Values.secrets.caServerTls }}
echo ">\033[0;35m fabric-ca-client enroll -d --enrollment.profile tls -u https://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M /tmp/tls --csr.hosts {{ include "hlf-peer.fullname" . }} --tls.certfiles /hl_config/ca_server/tls/tls.crt \033[0m"
fabric-ca-client enroll -d --enrollment.profile tls -u https://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M /tmp/tls --csr.hosts {{ include "hlf-peer.fullname" . }} --tls.certfiles /hl_config/ca_server/tls/tls.crt
{{- else }}
echo ">\033[0;35m fabric-ca-client enroll -d --enrollment.profile tls -u http://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M /tmp/tls --csr.hosts {{ include "hlf-peer.fullname" . }} \033[0m"
fabric-ca-client enroll -d --enrollment.profile tls -u http://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M /tmp/tls --csr.hosts {{ include "hlf-peer.fullname" . }}
{{- end }}
mkdir -p $(dirname $CORE_PEER_TLS_PRIVATEKEY)
cp /tmp/tls/keystore/* $CORE_PEER_TLS_PRIVATEKEY
Expand Down Expand Up @@ -155,6 +170,10 @@ spec:
- mountPath: /hl_config/admin/keystore
name: admin-key
{{- end }}
{{- if .Values.secrets.caServerTls }}
- mountPath: /hl_config/ca_server/tls
name: ca-server-tls
{{- end }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
Expand Down
6 changes: 4 additions & 2 deletions stable/hlf-peer/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

image:
repository: hyperledger/fabric-peer
tag: x86_64-1.1.0
tag: 1.2.0
pullPolicy: IfNotPresent

service:
Expand Down Expand Up @@ -39,7 +39,7 @@ caUsername: peer1

peer:
# Tools version
hlfToolsVersion: 1.1.0
hlfToolsVersion: 1.2.0
# Type of database ("goleveldb" or "CouchDB"):
databaseType: goleveldb
# If CouchDB is used, which chart holds it
Expand All @@ -58,6 +58,8 @@ secrets: {}
## This should contain the Private Key of the Peer Organisation admin
## This is necessary to successfully join a channel
# adminKey: hlf--peer-adminkey
## This should contain the CA server's TLS details under the key tls.crt (e.g. a Let's Encrypt Certificate PEM)
# caServerTls: ca--tls

resources: {}
## We usually recommend not to specify default resources and to leave this as a conscious
Expand Down

0 comments on commit 2cb91fc

Please sign in to comment.