From 2cb91fc9c756c368e49df91e19246732b885abfd Mon Sep 17 00:00:00 2001 From: "Sasha (Alejandro Vicente Grabovetsky)" Date: Mon, 24 Sep 2018 11:36:09 +0300 Subject: [PATCH] [hlf-peer] Update to Fabric 1.2.0, add TLS certificate secret option (#7887) * [hlf-peer] Update to Fabric 1.2.0, add TLS certificate secret option Signed-off-by: Alejandro Vicente Grabovetsky * Update README.ms with new TLS secret Signed-off-by: Alejandro Vicente Grabovetsky * Update CA TLS certificate obtaining Signed-off-by: Alejandro Vicente Grabovetsky Signed-off-by: Jakob Niggel --- stable/hlf-peer/Chart.yaml | 4 ++-- stable/hlf-peer/README.md | 1 + stable/hlf-peer/templates/deployment.yaml | 21 ++++++++++++++++++++- stable/hlf-peer/values.yaml | 6 ++++-- 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/stable/hlf-peer/Chart.yaml b/stable/hlf-peer/Chart.yaml index f3132e55cd3d..de8d4c64a17d 100644 --- a/stable/hlf-peer/Chart.yaml +++ b/stable/hlf-peer/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Hyperledger Fabric Peer chart (these charts are created by AID:Tech and are currently not directly associated with the Hyperledger project) name: hlf-peer -version: 1.0.9 -appVersion: 1.1.0 +version: 1.1.0 +appVersion: 1.2.0 keywords: - blockchain - hyperledger diff --git a/stable/hlf-peer/README.md b/stable/hlf-peer/README.md index bab627162bac..0c2ebaffb0de 100644 --- a/stable/hlf-peer/README.md +++ b/stable/hlf-peer/README.md @@ -95,6 +95,7 @@ The following table lists the configurable parameters of the Hyperledger Fabric | `secrets.channel` | Secret containing Channel tx for peer to create/join | `` | | `secrets.adminCert` | Secret containing Peer Org admin certificate | `` | | `secrets.adminCert` | Secret containing Peer Org admin private key | `` | +| `secrets.caServerTls` | Secret containing CA Server TLS certificate | `ca--tls` | | `resources` | CPU/Memory resource requests/limits | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | diff --git a/stable/hlf-peer/templates/deployment.yaml b/stable/hlf-peer/templates/deployment.yaml index 3c5e4d6d3496..6f04202d0b02 100644 --- a/stable/hlf-peer/templates/deployment.yaml +++ b/stable/hlf-peer/templates/deployment.yaml @@ -41,6 +41,11 @@ spec: secret: secretName: {{ .Values.secrets.adminKey }} {{- end }} + {{- if .Values.secrets.caServerTls }} + - name: ca-server-tls + secret: + secretName: {{ .Values.secrets.caServerTls }} + {{- end }} containers: - name: peer image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -85,8 +90,13 @@ spec: while [ ! -f ${CORE_PEER_MSPCONFIGPATH}/signcerts/cert.pem ]; do + {{- if .Values.secrets.caServerTls }} + echo ">\033[0;35m fabric-ca-client enroll -d -u https://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M ${CORE_PEER_MSPCONFIGPATH} --tls.certfiles /hl_config/ca_server/tls/tls.crt \033[0m" + fabric-ca-client enroll -d -u https://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M ${CORE_PEER_MSPCONFIGPATH} --tls.certfiles /hl_config/ca_server/tls/tls.crt + {{- else }} echo ">\033[0;35m fabric-ca-client enroll -d -u http://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M ${CORE_PEER_MSPCONFIGPATH} \033[0m" fabric-ca-client enroll -d -u http://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M ${CORE_PEER_MSPCONFIGPATH} + {{- end }} if [ ! -f ${CORE_PEER_MSPCONFIGPATH}/signcerts/cert.pem ] then @@ -108,8 +118,13 @@ spec: # Create TLS certificate for Peer if [ ! -f ${CORE_PEER_TLS_PRIVATEKEY} ] then - echo ">\033[0;35m fabric-ca-client enroll -d --enrollment.profile tls -u http://${CA_USERNAME}:${CA_PASSWORD}@http://${CA_ADDRESS} -M /tmp/tls --csr.hosts {{ include "hlf-peer.fullname" . }} \033[0m" + {{- if .Values.secrets.caServerTls }} + echo ">\033[0;35m fabric-ca-client enroll -d --enrollment.profile tls -u https://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M /tmp/tls --csr.hosts {{ include "hlf-peer.fullname" . }} --tls.certfiles /hl_config/ca_server/tls/tls.crt \033[0m" + fabric-ca-client enroll -d --enrollment.profile tls -u https://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M /tmp/tls --csr.hosts {{ include "hlf-peer.fullname" . }} --tls.certfiles /hl_config/ca_server/tls/tls.crt + {{- else }} + echo ">\033[0;35m fabric-ca-client enroll -d --enrollment.profile tls -u http://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M /tmp/tls --csr.hosts {{ include "hlf-peer.fullname" . }} \033[0m" fabric-ca-client enroll -d --enrollment.profile tls -u http://${CA_USERNAME}:${CA_PASSWORD}@${CA_ADDRESS} -M /tmp/tls --csr.hosts {{ include "hlf-peer.fullname" . }} + {{- end }} mkdir -p $(dirname $CORE_PEER_TLS_PRIVATEKEY) cp /tmp/tls/keystore/* $CORE_PEER_TLS_PRIVATEKEY @@ -155,6 +170,10 @@ spec: - mountPath: /hl_config/admin/keystore name: admin-key {{- end }} + {{- if .Values.secrets.caServerTls }} + - mountPath: /hl_config/ca_server/tls + name: ca-server-tls + {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} diff --git a/stable/hlf-peer/values.yaml b/stable/hlf-peer/values.yaml index 1304eaa2ed15..6e2fca1f234a 100644 --- a/stable/hlf-peer/values.yaml +++ b/stable/hlf-peer/values.yaml @@ -4,7 +4,7 @@ image: repository: hyperledger/fabric-peer - tag: x86_64-1.1.0 + tag: 1.2.0 pullPolicy: IfNotPresent service: @@ -39,7 +39,7 @@ caUsername: peer1 peer: # Tools version - hlfToolsVersion: 1.1.0 + hlfToolsVersion: 1.2.0 # Type of database ("goleveldb" or "CouchDB"): databaseType: goleveldb # If CouchDB is used, which chart holds it @@ -58,6 +58,8 @@ secrets: {} ## This should contain the Private Key of the Peer Organisation admin ## This is necessary to successfully join a channel # adminKey: hlf--peer-adminkey + ## This should contain the CA server's TLS details under the key tls.crt (e.g. a Let's Encrypt Certificate PEM) + # caServerTls: ca--tls resources: {} ## We usually recommend not to specify default resources and to leave this as a conscious