├── .github ├── CODEOWNERS ├── dependabot.yml └── workflows │ ├── docker-build.yml │ └── helm.yml ├── .gitignore ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── CONTRIBUTORS.md ├── LICENSE ├── README.md ├── charts └── hlf-k8s │ ├── .gitignore │ ├── CHANGELOG.md │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── UPGRADE.md │ ├── templates │ ├── _helpers.tpl │ ├── configmap-application-organization.yaml │ ├── configmap-application-proposal-organization.yaml │ ├── configmap-enrollment.yaml │ ├── configmap-fabric.yaml │ ├── configmap-system-organizations.yaml │ ├── deployment-appchannel-operator.yaml │ ├── deployment-chaincode-operator.yaml │ ├── deployment-chaincode.yaml │ ├── deployment-config-operator.yaml │ ├── deployment-enrollement-operator.yaml │ ├── deployment-genesis-operator.yaml │ ├── deployment-monitor.yaml │ ├── deployment-system-channel-operator.yaml │ ├── deployment-toolbox.yaml │ ├── ingress-application-channel.yaml │ ├── ingress-config.yaml │ ├── job-hook-delete-secrets.yaml │ ├── rbac.yaml │ └── secret-couchdb-credentials.yaml │ └── values.yaml ├── docker ├── fabric-peer │ ├── Dockerfile │ ├── builders │ │ └── bin │ │ │ ├── build │ │ │ ├── detect │ │ │ └── release │ └── core.yaml └── fabric-tools │ └── Dockerfile ├── examples ├── 2-orgs-policy-any-no-ca-same-cc │ ├── skaffold.yaml │ └── values │ │ ├── orderer.yaml │ │ ├── org-1-peer-1.yaml │ │ └── org-2-peer-1.yaml ├── 2-orgs-policy-any-no-ca │ ├── skaffold.yaml │ └── values │ │ ├── orderer.yaml │ │ ├── org-1-peer-1.yaml │ │ └── org-2-peer-1.yaml ├── 2-orgs-policy-any │ ├── skaffold.yaml │ └── values │ │ ├── orderer.yaml │ │ ├── org-1-peer-1.yaml │ │ └── org-2-peer-1.yaml ├── 3-orgs-policy-majority │ ├── skaffold.yaml │ └── values │ │ ├── orderer.yaml │ │ ├── org-1-peer-1.yaml │ │ ├── org-2-peer-1.yaml │ │ └── org-3-peer-1.yaml ├── 4-orgs-policy-any │ ├── skaffold.yaml │ └── values │ │ ├── orderer.yaml │ │ ├── org-1-peer-1.yaml │ │ ├── org-2-peer-1.yaml │ │ ├── org-3-peer-1.yaml │ │ └── org-4-peer-1.yaml ├── 4-orgs-policy-majority │ ├── skaffold.yaml │ └── values │ │ ├── orderer.yaml │ │ ├── org-1-peer-1.yaml │ │ ├── org-2-peer-1.yaml │ │ ├── org-3-peer-1.yaml │ │ └── org-4-peer-1.yaml ├── README.md ├── dev-secrets.sh ├── secrets │ ├── secrets-orderer-genesis.yaml │ ├── secrets-orderer.yaml │ ├── secrets-org-1.yaml │ ├── secrets-org-2.yaml │ ├── secrets-org-3.yaml │ ├── secrets-org-4.yaml │ └── skaffold.yaml ├── serviceAccounts │ ├── README.md │ ├── serviceAccount-orderer.yaml │ ├── serviceAccount-org-1.yaml │ ├── serviceAccount-org-2.yaml │ ├── serviceAccount-org-3.yaml │ ├── serviceAccount-org-4.yaml │ └── skaffold.yaml └── test-dev-network.sh └── skaffold.yaml /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @substra/code-owners 2 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | schedule: 6 | interval: "monthly" 7 | - package-ecosystem: "docker" 8 | directory: "/docker/fabric-peer" 9 | schedule: 10 | interval: "monthly" 11 | - package-ecosystem: "docker" 12 | directory: "/docker/fabric-tools" 13 | schedule: 14 | interval: "monthly" 15 | -------------------------------------------------------------------------------- /.github/workflows/docker-build.yml: -------------------------------------------------------------------------------- 1 | name: Docker build 2 | on: 3 | workflow_dispatch: 4 | push: 5 | branches: [main] 6 | release: 7 | types: [published, edited] 8 | pull_request: 9 | branches: [main] 10 | 11 | concurrency: 12 | group: "${{ github.workflow_ref }} - ${{ github.ref }} - ${{ github.event_name }}" 13 | cancel-in-progress: true 14 | 15 | jobs: 16 | build: 17 | strategy: 18 | matrix: 19 | images: [fabric-peer, fabric-tools] 20 | uses: substra/substra-gha-workflows/.github/workflows/docker-build.yaml@main 21 | with: 22 | image: ${{ matrix.images }} -------------------------------------------------------------------------------- /.github/workflows/helm.yml: -------------------------------------------------------------------------------- 1 | name: Helm 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - "charts/**" 9 | pull_request: 10 | branches: 11 | - main 12 | paths: 13 | - "charts/**" 14 | 15 | jobs: 16 | test: 17 | name: Tests 18 | runs-on: ubuntu-latest 19 | steps: 20 | - uses: actions/checkout@v4 21 | - uses: azure/setup-helm@v3.5 22 | with: 23 | version: "v3.5.0" 24 | id: install 25 | - name: Install tools 26 | run: | 27 | sudo snap install yq 28 | - name: Build dependencies 29 | run: helm dep update charts/hlf-k8s 30 | - name: Lint Chart 31 | run: helm lint charts/hlf-k8s 32 | - name: Validate version increment 33 | run: | 34 | helm repo add substra https://substra.github.io/charts 35 | RES=$(helm search repo substra/hlf-k8s --version $(yq eval .version charts/hlf-k8s/Chart.yaml)) 36 | if [ "${RES}" == "No results found" ]; then 37 | echo "Version incremented" 38 | else 39 | echo "Validation failed, you should upgrade the chart version in Chart.yaml" 40 | exit 1 41 | fi 42 | 43 | publish: 44 | name: Publish 45 | runs-on: ubuntu-latest 46 | if: github.ref == 'refs/heads/main' && github.event_name == 'push' 47 | needs: test 48 | steps: 49 | - uses: actions/checkout@v4 50 | 51 | - uses: azure/setup-helm@v3.5 52 | with: 53 | version: "v3.5.0" 54 | id: install 55 | 56 | - name: Package chart 57 | run: | 58 | helm repo add owkin https://owkin.github.io/charts/ 59 | helm repo add couchdb https://apache.github.io/couchdb-helm 60 | helm dep build charts/hlf-k8s 61 | helm package charts/hlf-k8s 62 | 63 | - name: Clone Substra charts 64 | uses: actions/checkout@v4 65 | with: 66 | repository: Substra/charts 67 | ref: 'main' 68 | token: ${{ secrets.CHARTS_GITHUB_TOKEN }} 69 | path: substra-charts 70 | 71 | - name: Publish chart 72 | run: | 73 | mv hlf-k8s-$(grep -e "^version" charts/hlf-k8s/Chart.yaml | cut -c10-).tgz substra-charts/ 74 | cd substra-charts 75 | helm repo index . 76 | git add . 77 | git config --global user.email "gh-actions@github.com" 78 | git config --global user.name "GitHub Action" 79 | git commit -s --message "GitHub Action: ${{ github.repository }}@${{ github.sha }}" 80 | git push --quiet --set-upstream origin main 81 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | *.pyc 3 | .venv 4 | .vscode/ 5 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | **Repository archived on 2024-02-05.** 2 | 3 | **This repository is not maintained anymore. The last Substra version using this repository is Susbtra 0.34.0. Please refer to the [documentation](https://docs.substra.org/en/stable/additional/release.html) to see compatible versions.** 4 | 5 | ___ 6 | 7 | 8 | # Changelog 9 | 10 | All notable changes to this project will be documented in this file. 11 | 12 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 13 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 14 | 15 | ## [Unreleased] 16 | 17 | ## [0.2.4] - 2023-05-11 18 | 19 | ### Fixed 20 | 21 | - Update libcurl in fabric-tools image ([#151](https://github.com/Substra/hlf-k8s/pull/151)) 22 | 23 | ## [0.2.3] - 2023-02-06 24 | 25 | ### Added 26 | 27 | - Contributing, contributors & code of conduct files (#145) 28 | 29 | ### Modified 30 | 31 | - Updated Skaffold configuration ([#147](https://github.com/Substra/hlf-k8s/pull/147)) 32 | 33 | ## [0.2.2] - 2022-09-13 34 | 35 | ## [0.2.1] - 2022-03-01 36 | 37 | ### Fixed 38 | 39 | - recreate expired example certificates 40 | 41 | ## [0.2.0] - 2021-10-04 42 | 43 | ### Added 44 | 45 | - orchestrator (#1) 46 | 47 | ### Fixed 48 | 49 | - Update fabric-ca to 1.5.1. (#25) 50 | - Add missing library to fabric-tools (#29) 51 | 52 | ## [0.1.0] - 2021-07-21 53 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | Substra repositories' code of conduct is available in the Substra documentation [here](https://docs.substra.org/en/stable/contributing/code-of-conduct.html). 2 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | Substra repositories' contributing guide is available in the Substra documentation [here](https://docs.substra.org/en/stable/contributing/contributing-guide.html). 2 | -------------------------------------------------------------------------------- /CONTRIBUTORS.md: -------------------------------------------------------------------------------- 1 | This is a file of people that have made significant contributions to the Substra hyperledger fabric network. It is sorted in chronological order. Please include your contribution at the bottom of this document in the following format : name (N), email (E), description of work (W) and date (D). 2 | 3 | To have your contribution listed, your work must meet the minimum [threshold of originality](https://en.wikipedia.org/wiki/Threshold_of_originality), which will be evaluated by the maintainers of the repository. 4 | 5 | Thank you for your contribution, your work is greatly appreciated ! 6 | 7 | —-- Example —-- 8 | 9 | - N: John Doe 10 | - E: john.doe@owkin.com 11 | - W: Integrated new feature 12 | - D: 02/02/2023 13 | 14 | --- 15 | 16 | Copyright (c) 2018-present Owkin Inc. All rights reserved. 17 | 18 | All other contributions: 19 | Copyright (c) 2023 to the respective contributors. 20 | All rights reserved. 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | **Repository archived on 2024-02-05.** 2 | 3 | **This repository is not maintained anymore. The last Substra version using this repository is Susbtra 0.34.0. Please refer to the [documentation](https://docs.substra.org/en/stable/additional/release.html) to see compatible versions.** 4 | 5 | ___ 6 | 7 | # HLF k8s [![Helm](https://github.com/Substra/hlf-k8s/actions/workflows/helm.yml/badge.svg)](https://github.com/Substra/hlf-k8s/actions/workflows/helm.yml) 8 | 9 | HLF-k8s is a network of [Hyperledger Fabric](https://hyperledger-fabric.readthedocs.io/en/latest/) orderers and peers forming a permissioned blockchain. 10 | 11 | It is part of the [Substra project](https://github.com/Substra). 12 | 13 | ## Prerequisites 14 | 15 | - [kubernetes](https://kubernetes.io/) v1.19 16 | - [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) v1.19 17 | - [helm](https://github.com/helm/helm) v3 18 | 19 | ## Local install 20 | 21 | Use [skaffold](https://github.com/GoogleContainerTools/skaffold) v1.20+. 22 | 23 | To start hlf-k8s, run: 24 | 25 | ``` 26 | skaffold run 27 | ``` 28 | 29 | This will deploy hlf-k8s with: 30 | 31 | - 1 orderer `MyOrderer` 32 | - 2 organizations: `MyOrg1` and `MyOrg2` 33 | 34 | ### Running a specific version 35 | 36 | To deploy locally a specific version of hlf-k8s, the recommended way is the following: 37 | ```bash 38 | SUBSTRA_HLF_VERSION=0.0.16 39 | git checkout $SUBSTRA_HLF_VERSION 40 | skaffold deploy --images substra/fabric-tools:$SUBSTRA_HLF_VERSION --images substra/fabric-peer:$SUBSTRA_HLF_VERSION 41 | ``` 42 | 43 | ## Install a custom chaincode 44 | 45 | By default, the `skaffold run` command will start a network using the default [orchestrator-chaincode](https://github.com/Substra/orchestrator) image. 46 | 47 | To use a custom chaincode locally, you need to build and replace the `chaincodes.image` fields to use your local image of orchestrator-chaincode. 48 | 49 | You can check how to do it in the [helm chart documentation](./charts/hlf-k8s/README.md) in the `Test hlf-k8s with your own chaincode` section 50 | 51 | ## Production install / Changelog 52 | 53 | Please refer to the [helm chart documentation](./charts/hlf-k8s/README.md). 54 | 55 | ## License 56 | 57 | This project is developed under the Apache License, Version 2.0 (Apache-2.0), located in the [LICENSE](./LICENSE) file. 58 | -------------------------------------------------------------------------------- /charts/hlf-k8s/.gitignore: -------------------------------------------------------------------------------- 1 | charts/ 2 | -------------------------------------------------------------------------------- /charts/hlf-k8s/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 10.2.4 4 | 5 | ### Changed 6 | 7 | - Update image versions 8 | 9 | ## 10.2.3 10 | 11 | ### Changed 12 | 13 | - Update image versions 14 | 15 | ## 10.2.2 16 | 17 | ### Changed 18 | 19 | - Update image versions 20 | 21 | ## 10.2.1 22 | 23 | ### Changed 24 | 25 | - Updated documentation 26 | 27 | ## 10.2.0 28 | 29 | ### Changed 30 | 31 | - Update default images to use public substra registry 32 | - Use `latest` tags of fabric-peer and fabric-tools 33 | 34 | ## 10.1.2 35 | 36 | ### Changed 37 | 38 | - Update chart metadata 39 | 40 | ## 10.1.1 41 | 42 | ### Added 43 | 44 | - Component annotation for chaincode pods 45 | 46 | ## 10.0.1 47 | 48 | ### Removed 49 | 50 | - Unused `users` values. 51 | 52 | ## 10.0.0 53 | 54 | ### Changed 55 | 56 | - Use couchdb chart instead of hlf-couchdb 57 | 58 | ## 9.1.2 59 | 60 | ### Changed 61 | 62 | - Update chart's logo 63 | 64 | ## 9.1.1 65 | 66 | ### Added 67 | 68 | - Support for 1.19.x pre-releases 69 | 70 | ## 9.1.0 71 | 72 | ### Added 73 | 74 | - Support for chaincode init containers 75 | 76 | ## 9.0.0 77 | 78 | ### Added 79 | 80 | - Support for Kubernetes 1.22 81 | 82 | ### Removed 83 | 84 | - Support for Kubernetes versions inferior to 1.19 85 | 86 | ## 8.0.0 87 | 88 | ### Added 89 | 90 | - pullImageSecret on fabric-tools and chaincode images 91 | - Update `hlf-peer` chart to 3.2.0 92 | 93 | ### Breaking changes 94 | 95 | - add `hlf-peer.peer.couchdbSecret` to make the value explicit 96 | 97 | ## 7.1.0 98 | 99 | ### Changed 100 | 101 | - Update HLF images to 2.4 102 | 103 | ### Removed 104 | 105 | - Remove `fabric-ca-tools` dependency and replace it by `fabric-tools` 106 | 107 | ## 7.0.1 108 | 109 | ### Fixed 110 | 111 | - The application channel operator doesn't misbehave anymore when a peer joins 2 channels with overlapping names 112 | 113 | ## 7.0.0 114 | 115 | ### Changed 116 | 117 | - Charts using API v2 now, officially dropping support form Helm v2 118 | 119 | ### Removed 120 | 121 | - Remove `nginx-ingress` dependency 122 | 123 | ## 6.2.2 124 | 125 | - Reduce the delay between each "add organization" operation in the appchannel operator from 5 secs to 1 sec 126 | 127 | ## 6.2.1 128 | 129 | ### Fixed 130 | 131 | - `jq` does not fail anymore on mspid containing a special character in the chaincode operator. 132 | - The condition to enter the chaincode commit process in the chaincode operator was always true, now we enter only if the chaincode is not already commited. 133 | 134 | ## 6.2.0 135 | 136 | - Set persistence value for each service to true by default 137 | 138 | ## 6.1.0 139 | 140 | - Bug fix chaincode operator if same chaincode is used over multiple channels. 141 | - Fix examples 142 | - Add new example 2 orgs 2 channels 1 chaincode 143 | 144 | ## 6.0.0 145 | 146 | - Add sequence field to the structure of the `appChannels.chaincodes` value. Please see [`UPDGRADE.md`](./UPGRADE.md). 147 | 148 | ## 5.1.3 149 | 150 | ### Fixed 151 | 152 | - only approve chaincode once 153 | 154 | ## 5.1.1 155 | 156 | ### Fixed 157 | 158 | - moved `hlf-peer.docker.enabled` to `hlf-peer.peer.docker.enabled` to correctly disable docker socket mount. 159 | 160 | ## 5.0.0 161 | 162 | - Add support for using the same chaincode on multiple channels. 163 | - This changes the structure of the `appChannels` value. Please see [`UPDGRADE.md`](./UPGRADE.md). 164 | 165 | ## 4.0.0 166 | 167 | - Bump hyperledger fabric to 2.x. Please update values accordingly. 168 | - Use couchdb instead of goleveldb 169 | - Remove docker dependency and add chaincode pod 170 | 171 | ## 3.0.2 172 | 173 | - Added `genesis.generate` (defaults to `true` - behavior unchanged) 174 | 175 | ## 3.0.1 176 | 177 | - Bump `hlf-peer` chart to `v1.6.0` 178 | 179 | ## 3.0.0 180 | 181 | - Switched to Helm3 182 | - Added `hooks.serviceAccount.name` to specify the serviceAccount used by the post-delete hook `-hook-delete-secrets` 183 | - Added `hooks.serviceAccount.namespace` to specify the serviceAccount namespace (this will also set `-hook-delete-secrets` namespace) 184 | 185 | ## 1.5.0 186 | 187 | - `appChannel` changed to `appChannels` (list) 188 | - `appChannel.name` renamed to `appChannels[].channelName` 189 | - `applicationChannelOperator.ingress` moved to `appChannels[].ingress` 190 | -------------------------------------------------------------------------------- /charts/hlf-k8s/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: hlf-ca 3 | repository: https://owkin.github.io/charts/ 4 | version: 2.1.0 5 | - name: hlf-ord 6 | repository: https://owkin.github.io/charts/ 7 | version: 3.1.0 8 | - name: hlf-peer 9 | repository: https://owkin.github.io/charts/ 10 | version: 5.1.0 11 | - name: couchdb 12 | repository: https://apache.github.io/couchdb-helm 13 | version: 3.3.4 14 | digest: sha256:fa87ba038d4ed93f1598d7006fdfb028727b2bf2952ccad77467e89cad9e0701 15 | generated: "2022-02-25T16:30:40.111983373-05:00" 16 | -------------------------------------------------------------------------------- /charts/hlf-k8s/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018-2022 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v2 16 | name: hlf-k8s 17 | description: Substra tools to configure the hyperledger fabric network 18 | type: application 19 | version: 10.2.4 20 | kubeVersion: ">= 1.19.0-0" 21 | home: https://github.com/Substra 22 | icon: https://avatars.githubusercontent.com/u/84009910?s=400 23 | sources: 24 | - https://github.com/Substra/hlf-k8s 25 | keywords: 26 | - substra 27 | - hyperledger-fabric 28 | dependencies: 29 | - name: hlf-ca 30 | version: 2.1.0 31 | repository: https://owkin.github.io/charts/ 32 | condition: hlf-ca.enabled 33 | - name: hlf-ord 34 | version: 3.1.0 35 | repository: https://owkin.github.io/charts/ 36 | condition: hlf-ord.enabled 37 | - name: hlf-peer 38 | version: 5.1.0 39 | repository: https://owkin.github.io/charts/ 40 | condition: hlf-peer.enabled 41 | - name: couchdb 42 | version: 3.3.4 43 | repository: https://apache.github.io/couchdb-helm 44 | condition: hlf-peer.enabled 45 | -------------------------------------------------------------------------------- /charts/hlf-k8s/UPGRADE.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | 4 | # 10.0.0 5 | 6 | Switch from hlf-couchdb to couchdb 7 | 8 | # 9.0.0 9 | 10 | This is a major verision since we drop compatibility with kubernetes versions before `1.19` but there is no big change to the values. The only thing you should pay attention to is the new `PathType` key for the `appChannels` ingresses. 11 | 12 | # 6.0.0 13 | 14 | Application channel chaincodes have now a [sequence](https://hyperledger-fabric.readthedocs.io/en/release-2.2/commands/peerlifecycle.html?highlight=sequence) field. 15 | 16 | Example: 17 | 18 | ```yaml 19 | chaincodes: 20 | - name: mycc 21 | address: network-org-1-peer-1-hlf-k8s-chaincode-mycc.org-1.svc.cluster.local 22 | port: 7052 23 | version: "1.0" 24 | image: 25 | repository: substra/substra-chaincode 26 | tag: 0.1.1 27 | pullPolicy: IfNotPresent 28 | 29 | 30 | appChannels: 31 | - channelName: mychannel 32 | chaincodes: 33 | - name: mycc 34 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 35 | version: "1.0" 36 | sequence: "1" 37 | ``` 38 | 39 | # 5.0.0 40 | 41 | Chaincode properties have been moved from `appChannels[].chaincodes[]` to `chaincodes[]`, which the exception of the `policy`, `name` and `version` fields. 42 | 43 | Example: 44 | 45 | ```yaml 46 | chaincodes: 47 | - name: mycc 48 | address: network-org-1-peer-1-hlf-k8s-chaincode-mycc.org-1.svc.cluster.local 49 | port: 7052 50 | version: "1.0" 51 | image: 52 | repository: substra/substra-chaincode 53 | tag: 0.1.1 54 | pullPolicy: IfNotPresent 55 | 56 | 57 | appChannels: 58 | - channelName: mychannel 59 | chaincodes: 60 | - name: mycc 61 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 62 | version: "1.0" 63 | ``` 64 | 65 | ## 4.0.0 66 | 67 | 68 | Peer use now couchdb as default instead of goleveldb 69 | Orderer is now under etcdraft type and not solo anymore 70 | Policies are mandatory and need to be set for : SystemChannel, Application and Channel 71 | 72 | 73 | hlf-k8s appChannels field expose now : 74 | - application policies 75 | - channel policies 76 | - chaincodes, which is not isolated anymore 77 | 78 | Rename images from hlf-k8s to fabric-tools and fabric-ca-tools 79 | 80 | /!\ As we use TLS for chaincode and peer communications, you need to add chaincode fqdn in the csrHost of the CA enrollement 81 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "substra.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "substra.fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/configmap-application-organization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if index .Values "hlf-peer" "enabled" }} 16 | {{- range .Values.appChannels }} 17 | --- 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: {{ template "substra.fullname" $ }}-application-organizations-{{ .channelName }} 22 | data: 23 | application-organizations: | 24 | {{- range .organizations }} 25 | {{ .org }} {{ .mspid }} {{ .configUrl }} 26 | {{- end }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/configmap-application-proposal-organization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if index .Values "hlf-peer" "enabled" }} 16 | {{- range .Values.appChannels }} 17 | --- 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: {{ template "substra.fullname" $ }}-application-proposal-organizations-{{ .channelName }} 22 | data: 23 | application-proposal-organizations: | 24 | {{- range .proposalOrganizations }} 25 | {{ .org }} {{ .mspid }} {{ .proposalServerUrl }} 26 | {{- end }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/configmap-enrollment.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v1 16 | kind: ConfigMap 17 | metadata: 18 | name: {{ template "substra.fullname" . }}-enrollment 19 | data: 20 | enrollments: | 21 | {{- range .Values.enrollments.creds }} 22 | {{ .name }} {{ .secret }} {{ .options }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/configmap-fabric.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v1 16 | kind: ConfigMap 17 | metadata: 18 | name: {{ template "substra.fullname" . }}-fabric 19 | data: 20 | discoverConfig.yaml: | 21 | version: 0 22 | tlsconfig: 23 | certpath: /var/hyperledger/tls/client/pair/tls.crt 24 | keypath: /var/hyperledger/tls/client/pair/tls.key 25 | peercacertpath: /var/hyperledger/tls/server/cert/cacert.pem 26 | timeout: 0s 27 | signerconfig: 28 | mspid: {{ .Values.organization.id }} 29 | identitypath: /var/hyperledger/msp/signcerts/cert.pem 30 | keypath: /var/hyperledger/msp/keystore/key.pem 31 | configtx.yaml: | 32 | Organizations: 33 | - &id001 34 | Name: {{ .Values.organization.name }} 35 | ID: {{ .Values.organization.id }} 36 | MSPDir: /var/hyperledger/admin_msp 37 | 38 | Policies: &id002 39 | Readers: 40 | Type: Signature 41 | Rule: "OR('{{ .Values.organization.id }}.member')" 42 | Writers: 43 | Type: Signature 44 | Rule: "OR('{{ .Values.organization.id }}.member')" 45 | Admins: 46 | Type: Signature 47 | Rule: "OR('{{ .Values.organization.id }}.admin')" 48 | Endorsement: 49 | Type: Signature 50 | Rule: "OR('{{ .Values.organization.id }}.member')" 51 | 52 | {{- if index .Values "hlf-peer" "enabled" }} 53 | AnchorPeers: 54 | - Host: {{ index .Values "hlf-peer" "host" }} 55 | Port: {{ index .Values "hlf-peer" "port" }} 56 | {{- end }} 57 | 58 | {{- if index .Values "hlf-ord" "enabled" }} 59 | OrdererEndpoints: 60 | - "{{ index .Values "hlf-ord" "host" }}:{{ index .Values "hlf-ord" "port" }}" 61 | {{- end }} 62 | 63 | Capabilities: 64 | Channel: &ChannelCapabilities 65 | V2_0: true 66 | 67 | Orderer: &OrdererCapabilities 68 | V2_0: true 69 | 70 | Application: &ApplicationCapabilities 71 | V2_0: true 72 | 73 | Application: &ApplicationDefaults 74 | 75 | Organizations: null 76 | 77 | Policies: &ApplicationDefaultPolicies 78 | LifecycleEndorsement: 79 | Type: ImplicitMeta 80 | Rule: "ANY Endorsement" 81 | Endorsement: 82 | Type: ImplicitMeta 83 | Rule: "ANY Endorsement" 84 | Readers: 85 | Type: ImplicitMeta 86 | Rule: "ANY Readers" 87 | Writers: 88 | Type: ImplicitMeta 89 | Rule: "ANY Writers" 90 | Admins: 91 | Type: ImplicitMeta 92 | Rule: "ANY Admins" 93 | 94 | Capabilities: 95 | <<: *ApplicationCapabilities 96 | 97 | Profiles: 98 | {{- if index .Values "hlf-peer" "enabled" }} 99 | {{- range .Values.appChannels }} 100 | OrgsChannel-{{ .channelName }}: 101 | Capabilities: 102 | V2_0: true 103 | Policies: 104 | {{- .channelPolicies | nindent 12 }} 105 | Application: 106 | <<: *ApplicationDefaults 107 | {{- if .appPolicies }} 108 | Policies: 109 | {{- .appPolicies | nindent 12 -}} 110 | {{- end }} 111 | Organizations: 112 | - *id001 113 | Consortium: SampleConsortium 114 | {{- end }} 115 | {{- end }} 116 | 117 | {{- if index .Values "hlf-ord" "enabled" }} 118 | GenerateGenesis: 119 | Policies: 120 | {{- .Values.systemChannel.policies | nindent 12 }} 121 | Capabilities: 122 | V2_0: true 123 | Consortiums: 124 | SampleConsortium: 125 | Organizations: *id001 126 | Orderer: 127 | Addresses: 128 | - {{ index .Values "hlf-ord" "host" }}:{{ index .Values "hlf-ord" "port" }} 129 | EtcdRaft: 130 | Consenters: 131 | - Host: {{ index .Values "hlf-ord" "host" }} 132 | Port: {{ index .Values "hlf-ord" "port" }} 133 | ClientTLSCert: /var/hyperledger/tls/client/pair/tls.crt 134 | ServerTLSCert: /var/hyperledger/tls/server/pair/tls.crt 135 | BatchSize: 136 | AbsoluteMaxBytes: 99 MB 137 | MaxMessageCount: {{ index .Values "hlf-ord" "maxMessageCount" }} 138 | PreferredMaxBytes: 512 KB 139 | BatchTimeout: {{ index .Values "hlf-ord" "batchTimeout" }} 140 | OrdererType: etcdraft 141 | Organizations: 142 | - *id001 143 | Capabilities: 144 | V2_0: true 145 | Policies: 146 | {{- index .Values "hlf-ord" "policies" | nindent 12 }} 147 | {{- end }} 148 | 149 | core.yaml: | 150 | chaincode: 151 | builder: {{ index .Values "hlf-peer" "peer" "chaincode" "builder" }} 152 | golang: 153 | runtime: {{index .Values "hlf-peer" "peer" "chaincode" "runtime" "golang"}} 154 | externalBuilders: 155 | - name: external-builder 156 | path: /builders 157 | peer: 158 | BCCSP: 159 | Default: SW 160 | PKCS11: 161 | FileKeyStore: 162 | KeyStore: null 163 | Hash: null 164 | Label: null 165 | Library: null 166 | Pin: null 167 | Security: null 168 | SW: 169 | FileKeyStore: 170 | KeyStore: null 171 | Hash: SHA2 172 | Security: 256 173 | {{- if index .Values "hlf-ord" "enabled" }} 174 | address: {{ index .Values "hlf-ord" "host" }}:{{ index .Values "hlf-ord" "port" }} 175 | {{- else }} 176 | address: {{ index .Values "hlf-peer" "host" }}:{{ index .Values "hlf-peer" "port" }} 177 | {{- end }} 178 | addressAutoDetect: false 179 | adminService: null 180 | authentication: 181 | timewindow: 15m 182 | client: 183 | connTimeout: 3s 184 | deliveryclient: 185 | connTimeout: 3s 186 | reConnectBackoffThreshold: 3600s 187 | reconnectTotalTimeThreshold: 3600s 188 | discovery: 189 | authCacheEnabled: true 190 | authCacheMaxSize: 1000 191 | authCachePurgeRetentionRatio: 0.75 192 | enabled: true 193 | orgMembersAllowedAccess: false 194 | fileSystemPath: /var/hyperledger/production 195 | gomaxprocs: -1 196 | gossip: 197 | aliveExpirationTimeout: 25s 198 | aliveTimeInterval: 5s 199 | bootstrap: 127.0.0.1:7051 200 | connTimeout: 2s 201 | dialTimeout: 3s 202 | digestWaitTime: 1s 203 | election: 204 | leaderAliveThreshold: 10s 205 | leaderElectionDuration: 5s 206 | membershipSampleInterval: 1s 207 | startupGracePeriod: 15s 208 | endpoint: null 209 | {{- if index .Values "hlf-ord" "enabled" }} 210 | externalEndpoint: {{ index .Values "hlf-ord" "host" }}:{{ index .Values "hlf-ord" "port" }} 211 | {{- else }} 212 | externalEndpoint: {{ index .Values "hlf-peer" "host" }}:{{ index .Values "hlf-peer" "port" }} 213 | {{- end }} 214 | maxBlockCountToStore: 100 215 | maxPropagationBurstLatency: 10ms 216 | maxPropagationBurstSize: 10 217 | membershipTrackerInterval: 5s 218 | orgLeader: 'false' 219 | propagateIterations: 1 220 | propagatePeerNum: 3 221 | publishCertPeriod: 10s 222 | publishStateInfoInterval: 4s 223 | pullInterval: 4s 224 | pullPeerNum: 3 225 | pvtData: 226 | btlPullMargin: 10 227 | pullRetryThreshold: 60s 228 | pushAckTimeout: 3s 229 | reconcileBatchSize: 10 230 | reconcileSleepInterval: 1m 231 | reconciliationEnabled: true 232 | transientstoreMaxBlockRetention: 1000 233 | reconnectInterval: 25s 234 | recvBuffSize: 20 235 | requestStateInfoInterval: 4s 236 | requestWaitTime: 1500ms 237 | responseWaitTime: 2s 238 | sendBuffSize: 200 239 | skipBlockVerification: false 240 | skipHandshake: 'true' 241 | stateInfoRetentionInterval: null 242 | useLeaderElection: 'true' 243 | handlers: 244 | authFilters: 245 | - name: DefaultAuth 246 | - name: ExpirationCheck 247 | decorators: 248 | - name: DefaultDecorator 249 | endorsers: 250 | escc: 251 | library: null 252 | name: DefaultEndorsement 253 | validators: 254 | vscc: 255 | library: null 256 | name: DefaultValidation 257 | id: {{ .Values.organization.name }} 258 | keepalive: 259 | client: 260 | interval: 60s 261 | timeout: 20s 262 | deliveryClient: 263 | interval: 60s 264 | timeout: 20s 265 | minInterval: 60s 266 | listenAddress: 0.0.0.0:7051 267 | localMspId: {{ .Values.organization.id }} 268 | localMspType: bccsp 269 | mspConfigPath: /var/hyperledger/admin_msp 270 | networkId: dev 271 | profile: 272 | enabled: false 273 | listenAddress: 0.0.0.0:6060 274 | tls: 275 | enabled: 'true' 276 | cert: 277 | file: /var/hyperledger/tls/server/pair/tls.crt 278 | key: 279 | file: /var/hyperledger/tls/server/pair/tls.key 280 | clientAuthRequired: 'true' 281 | clientCert: 282 | file: /var/hyperledger/tls/client/pair/tls.crt 283 | clientKey: 284 | file: /var/hyperledger/tls/client/pair/tls.key 285 | clientRootCAs: 286 | - /var/hyperledger/admin_msp/cacerts/cacert.pem 287 | rootcert: 288 | file: /var/hyperledger/admin_msp/cacerts/cacert.pem 289 | validatorPoolSize: null 290 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/configmap-system-organizations.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if index .Values "hlf-ord" "enabled" }} 16 | --- 17 | apiVersion: v1 18 | kind: ConfigMap 19 | metadata: 20 | name: {{ template "substra.fullname" . }}-system-organizations 21 | data: 22 | system-organizations: | 23 | {{- range .Values.systemChannel.organizations }} 24 | {{ .org }} {{ .mspid}} {{ .configUrl }} 25 | {{- end }} 26 | --- 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/deployment-chaincode.yaml: -------------------------------------------------------------------------------- 1 | {{- if index .Values "hlf-peer" "enabled" }} 2 | {{- range .Values.chaincodes }} 3 | --- 4 | apiVersion: apps/v1 5 | kind: Deployment 6 | metadata: 7 | name: {{ template "substra.fullname" $ }}-chaincode-{{ .name }} 8 | labels: 9 | app.kubernetes.io/managed-by: {{ $.Release.Service }} 10 | app.kubernetes.io/instance: {{ $.Release.Name }} 11 | helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} 12 | app.kubernetes.io/name: {{ template "substra.name" $ }}-chaincode 13 | app.kubernetes.io/part-of: {{ template "substra.name" $ }} 14 | spec: 15 | replicas: 1 16 | selector: 17 | matchLabels: 18 | app.kubernetes.io/name: {{ template "substra.name" $ }}-chaincode-{{ .name }} 19 | app.kubernetes.io/instance: {{ $.Release.Name }} 20 | app.kubernetes.io/component: {{ template "substra.name" $ }}-chaincode 21 | template: 22 | metadata: 23 | labels: 24 | app.kubernetes.io/name: {{ template "substra.name" $ }}-chaincode-{{ .name }} 25 | app.kubernetes.io/instance: {{ $.Release.Name }} 26 | app.kubernetes.io/component: {{ template "substra.name" $ }}-chaincode 27 | spec: 28 | {{- if .image.pullImageSecret }} 29 | imagePullSecrets: 30 | - name: {{ .image.pullImageSecret }} 31 | {{- end }} 32 | {{- if .init }} 33 | initContainers: 34 | - name: substra-chaincode-{{ .name }}-init 35 | image: {{ .init.image.repository }}:{{ .init.image.tag }} 36 | imagePullPolicy: "{{ .image.pullPolicy }}" 37 | envFrom: 38 | - secretRef: 39 | name: {{ template "substra.fullname" $ }}-couchdb-credentials 40 | env: 41 | - name: CHAINCODE_NAME 42 | value: {{ .name }} 43 | - name: COUCHDB_INSTANCE 44 | 45 | value: {{ index $.Values "hlf-peer" "peer" "couchdbService" }}:{{ index $.Values "hlf-peer" "peer" "couchdbPort" }} 46 | - name: CHANNELS 47 | {{- $channels := list }} 48 | {{- $ccName := .name }} 49 | {{- range $.Values.appChannels }} 50 | {{- $channelChaincodes := list }} 51 | {{- range .chaincodes }} 52 | {{- $channelChaincodes = append $channelChaincodes .name }} 53 | {{- end }} 54 | {{- if has $ccName $channelChaincodes }} 55 | {{- $channels = append $channels .channelName }} 56 | {{- end }} 57 | {{- end }} 58 | value: {{ join "," $channels }} 59 | {{- end }} 60 | containers: 61 | - name: substra-chaincode-{{ .name }} 62 | image: {{ .image.repository }}:{{ .image.tag }} 63 | imagePullPolicy: "{{ .image.pullPolicy }}" 64 | command: ['./chaincode'] 65 | env: 66 | - name: LOG_LEVEL 67 | value: DEBUG 68 | - name: CHAINCODE_CCID 69 | valueFrom: 70 | secretKeyRef: 71 | name: chaincode-ccid-{{ .name }}-{{ .version }} 72 | key: ccid 73 | - name: CHAINCODE_ADDRESS 74 | value: "0.0.0.0:{{ .port }}" 75 | - name: TLS_CERT_FILE 76 | value: "/var/hyperledger/tls/client/pair/tls.crt" 77 | - name: TLS_KEY_FILE 78 | value: "/var/hyperledger/tls/client/pair/tls.key" 79 | - name: TLS_ROOTCERT_FILE 80 | value: "/var/hyperledger/tls/client/cert/cacert.pem" 81 | {{- if .logLevel }} 82 | - name: LOG_LEVEL 83 | value: {{ .logLevel }} 84 | {{- end }} 85 | volumeMounts: 86 | - mountPath: /var/hyperledger/tls/client/pair 87 | name: tls-client 88 | - mountPath: /var/hyperledger/tls/client/cert 89 | name: tls-clientrootcert 90 | ports: 91 | - containerPort: {{ .port }} 92 | volumes: 93 | - name: tls-client 94 | secret: 95 | secretName: {{ $.Values.secrets.tlsClient }} 96 | - name: tls-clientrootcert 97 | secret: 98 | secretName: {{ $.Values.secrets.tlsClientRootCert }} 99 | --- 100 | apiVersion: v1 101 | kind: Service 102 | metadata: 103 | name: {{ template "substra.fullname" $ }}-chaincode-{{ .name }} 104 | labels: 105 | app.kubernetes.io/managed-by: {{ $.Release.Service }} 106 | app.kubernetes.io/instance: {{ $.Release.Name }} 107 | helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} 108 | app.kubernetes.io/name: {{ template "substra.name" $ }}-chaincode-{{ .name }} 109 | spec: 110 | type: ClusterIP 111 | ports: 112 | - name: chaincode 113 | port: {{ .port }} 114 | protocol: TCP 115 | targetPort: {{ .port }} 116 | selector: 117 | app.kubernetes.io/name: {{ template "substra.name" $ }}-chaincode-{{ .name }} 118 | app.kubernetes.io/instance: {{ $.Release.Name }} 119 | {{- end }} 120 | {{- end }} 121 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/deployment-config-operator.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if index .Values "hlf-peer" "enabled" }} 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | metadata: 19 | name: {{ template "substra.fullname" . }}-config-operator 20 | labels: 21 | app.kubernetes.io/managed-by: {{ .Release.Service }} 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 24 | app.kubernetes.io/name: {{ template "substra.name" . }} 25 | spec: 26 | replicas: 1 27 | selector: 28 | matchLabels: 29 | app.kubernetes.io/name: {{ template "substra.name" . }}-config-operator 30 | app.kubernetes.io/instance: {{ .Release.Name }} 31 | template: 32 | metadata: 33 | labels: 34 | app.kubernetes.io/name: {{ template "substra.name" . }}-config-operator 35 | app.kubernetes.io/instance: {{ .Release.Name }} 36 | spec: 37 | serviceAccountName: {{ template "substra.fullname" . }} 38 | {{- if index $.Values "fabric-tools" "image" "pullImageSecret" }} 39 | imagePullSecrets: 40 | - name: {{ index $.Values "fabric-tools" "image" "pullImageSecret" }} 41 | {{- end }} 42 | containers: 43 | - name: fabric-tools 44 | image: {{ index $.Values "fabric-tools" "image" "repository" }}:{{ index $.Values "fabric-tools" "image" "tag" }} 45 | imagePullPolicy: "{{ index $.Values "fabric-tools" "image" "pullPolicy" }}" 46 | command: ['sh', '-c'] 47 | args: 48 | - | 49 | ## Create configuration files (public keys) for the organization 50 | while true; do 51 | 52 | until [ -f "/data/configOrg.json" ]; do 53 | printf "[DEBUG] Create the organization config file\n" 54 | configtxgen -printOrg {{ .Values.organization.name }} > /data/configOrg.json 55 | sleep 1 56 | done 57 | 58 | until [ -f "/data/configOrgWithAnchors.json" ]; do 59 | printf "[DEBUG] Create the org config anchor file\n" 60 | jq -s '.[0] * {"values":{"AnchorPeers":{"mod_policy":"Admins", "value":{"anchor_peers":[{"host":"{{ index .Values "hlf-peer" "host" }}", "port":"{{ index .Values "hlf-peer" "port" }}"}]}, "version": "0"}}}' /data/configOrg.json > /data/configOrgWithAnchors.json 61 | sleep 1 62 | done 63 | 64 | sleep 10 65 | done 66 | resources: 67 | {{- toYaml .Values.resources | nindent 14 }} 68 | env: 69 | - name: CORE_PEER_MSPCONFIGPATH 70 | value: /var/hyperledger/admin_msp 71 | - name: GODEBUG 72 | value: "netdns=go+1" 73 | volumeMounts: 74 | - mountPath: /etc/hyperledger/fabric 75 | name: fabric-config 76 | readOnly: true 77 | - mountPath: /var/hyperledger/msp/signcerts 78 | name: id-cert 79 | - mountPath: /var/hyperledger/msp/keystore 80 | name: id-key 81 | - mountPath: /var/hyperledger/msp/cacerts 82 | name: cacert 83 | - mountPath: /var/hyperledger/msp/tlscacerts 84 | name: cacert 85 | - mountPath: /var/hyperledger/msp/admincerts 86 | name: admin-cert 87 | - mountPath: /var/hyperledger/tls/server/pair 88 | name: tls 89 | - mountPath: /var/hyperledger/tls/server/cert 90 | name: tls-rootcert 91 | - mountPath: /var/hyperledger/tls/client/pair 92 | name: tls-client 93 | - mountPath: /var/hyperledger/tls/client/cert 94 | name: tls-clientrootcert 95 | - mountPath: /var/hyperledger/tls/ord/cert 96 | name: ord-tls-rootcert 97 | - mountPath: /var/hyperledger/admin_msp/signcerts 98 | name: admin-cert 99 | - mountPath: /var/hyperledger/admin_msp/keystore 100 | name: admin-key 101 | - mountPath: /var/hyperledger/admin_msp/cacerts 102 | name: cacert 103 | - mountPath: /var/hyperledger/admin_msp/tlscacerts 104 | name: cacert 105 | - mountPath: /var/hyperledger/admin_msp/admincerts 106 | name: admin-cert 107 | - mountPath: /data 108 | name: data 109 | {{- if .Values.privateCa.enabled }} 110 | - mountPath: /usr/local/share/ca-certificates/{{ .Values.privateCa.configMap.fileName }} 111 | name: private-ca 112 | subPath: {{ .Values.privateCa.configMap.fileName }} 113 | {{- end }} 114 | - name: nginx 115 | image: nginx:1.17.6 116 | ports: 117 | - containerPort: 80 118 | volumeMounts: 119 | - mountPath: /usr/share/nginx/html/config 120 | name: data 121 | volumes: 122 | - name: fabric-config 123 | configMap: 124 | name: {{ template "substra.fullname" . }}-fabric 125 | - name: id-cert 126 | secret: 127 | secretName: {{ .Values.secrets.cert }} 128 | - name: id-key 129 | secret: 130 | secretName: {{ .Values.secrets.key }} 131 | - name: cacert 132 | secret: 133 | secretName: {{ .Values.secrets.caCert }} 134 | - name: tls 135 | secret: 136 | secretName: {{ .Values.secrets.tls }} 137 | - name: tls-rootcert 138 | secret: 139 | secretName: {{ .Values.secrets.tlsRootCert }} 140 | - name: tls-client 141 | secret: 142 | secretName: {{ .Values.secrets.tlsClient }} 143 | - name: tls-clientrootcert 144 | secret: 145 | secretName: {{ .Values.secrets.tlsClientRootCert }} 146 | - name: admin-cert 147 | secret: 148 | secretName: {{ .Values.secrets.adminCert }} 149 | - name: admin-key 150 | secret: 151 | secretName: {{ .Values.secrets.adminKey }} 152 | - name: ord-tls-rootcert 153 | secret: 154 | secretName: {{ .Values.secrets.ordTlsRootCert }} 155 | - name: data 156 | emptyDir: {} 157 | {{- if .Values.privateCa.enabled }} 158 | - name: private-ca 159 | configMap: 160 | name: {{ .Values.privateCa.configMap.name }} 161 | {{- end }} 162 | {{- with .Values.nodeSelector }} 163 | nodeSelector: 164 | {{- toYaml . | nindent 8 }} 165 | {{- end }} 166 | --- 167 | apiVersion: v1 168 | kind: Service 169 | metadata: 170 | name: {{ template "substra.fullname" . }}-config-operator 171 | labels: 172 | app.kubernetes.io/managed-by: {{ .Release.Service }} 173 | app.kubernetes.io/instance: {{ .Release.Name }} 174 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 175 | app.kubernetes.io/name: {{ template "substra.name" . }} 176 | spec: 177 | type: ClusterIP 178 | ports: 179 | - name: http 180 | port: 80 181 | protocol: TCP 182 | targetPort: 80 183 | selector: 184 | app.kubernetes.io/name: {{ template "substra.name" . }}-config-operator 185 | app.kubernetes.io/instance: {{ .Release.Name }} 186 | {{- end }} 187 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/deployment-enrollement-operator.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if index .Values "hlf-ca" "enabled" }} 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | metadata: 19 | name: {{ template "substra.fullname" . }}-enrollment-operator 20 | labels: 21 | app.kubernetes.io/managed-by: {{ .Release.Service }} 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 24 | app.kubernetes.io/name: {{ template "substra.name" . }} 25 | spec: 26 | replicas: 1 27 | selector: 28 | matchLabels: 29 | app.kubernetes.io/name: {{ template "substra.name" . }}-enrollment-operator 30 | app.kubernetes.io/instance: {{ .Release.Name }} 31 | template: 32 | metadata: 33 | labels: 34 | app.kubernetes.io/name: {{ template "substra.name" . }}-enrollment-operator 35 | app.kubernetes.io/instance: {{ .Release.Name }} 36 | spec: 37 | serviceAccountName: {{ template "substra.fullname" . }} 38 | {{- if index $.Values "fabric-tools" "image" "pullImageSecret" }} 39 | imagePullSecrets: 40 | - name: {{ index $.Values "fabric-tools" "image" "pullImageSecret" }} 41 | {{- end }} 42 | containers: 43 | - name: fabric-tools 44 | image: {{ index $.Values "fabric-tools" "image" "repository" }}:{{ index $.Values "fabric-tools" "image" "tag" }} 45 | imagePullPolicy: "{{ index $.Values "fabric-tools" "image" "pullPolicy" }}" 46 | command: ['sh', '-c'] 47 | args: 48 | - | 49 | ## Update CA certs 50 | update-ca-certificates 51 | 52 | ## Check connection with the Certificate Authority 53 | printf "[DEBUG] Testing the connection with this node's Certificate Authority ({{ index .Values "hlf-ca" "scheme" }}://{{ index .Values "hlf-ca" "host" }}:{{ index .Values "hlf-ca" "port" }})\n" 54 | until fabric-ca-client getcainfo -u {{ index .Values "hlf-ca" "scheme" }}://{{ index .Values "hlf-ca" "host" }}:{{ index .Values "hlf-ca" "port" }}; do 55 | printf "[DEBUG] Certificate Authority ({{ index .Values "hlf-ca" "scheme" }}://{{ index .Values "hlf-ca" "host" }}:{{ index .Values "hlf-ca" "port" }}) server is not reacheable, retry in 5s\n" 56 | sleep 5 57 | done 58 | 59 | ## Enroll CA administrator 60 | printf "[DEBUG] Testing enrollment of CA admin\n" 61 | until fabric-ca-client identity list -u {{ index .Values "hlf-ca" "scheme" }}://{{ index .Values "hlf-ca" "adminUsername" }}:{{ index .Values "hlf-ca" "adminPassword" }}@{{ index .Values "hlf-ca" "host" }}:{{ index .Values "hlf-ca" "port" }} --id {{ index .Values "hlf-ca" "adminUsername" }}; do 62 | printf "[DEBUG] Certificate Authority admin is not enrolled, enrolling it now:\n" 63 | fabric-ca-client enroll -d -u {{ index .Values "hlf-ca" "scheme" }}://{{ index .Values "hlf-ca" "adminUsername" }}:{{ index .Values "hlf-ca" "adminPassword" }}@{{ index .Values "hlf-ca" "host" }}:{{ index .Values "hlf-ca" "port" }} -M /var/hyperledger/fabric-ca/msp 64 | sleep 1 65 | done 66 | 67 | ## Create CA cert kubernetes secret 68 | ## Note: The CA cert is shared between all identities (CA admin, admins, and users) 69 | until kubectl get secret {{ .Values.secrets.caCert }} > /dev/null; do 70 | printf "[DEBUG] CA cacerts k8s secret not found, creating it now:\n" 71 | kubectl create secret generic {{ .Values.secrets.caCert }} --from-file=cacert.pem=$(find /var/hyperledger/fabric-ca/msp/cacerts -type f) 72 | sleep 1 73 | done 74 | 75 | ## Check connection with the Orderer Certificate Authority 76 | printf "[DEBUG] Testing the connection with the Orderer Certificate Authority ({{ index .Values "hlf-ca" "orderer" "scheme" }}://{{ index .Values "hlf-ca" "orderer" "host" }}:{{ index .Values "hlf-ca" "orderer" "port"}})\n" 77 | until fabric-ca-client getcainfo -u {{ index .Values "hlf-ca" "orderer" "scheme" }}://{{ index .Values "hlf-ca" "orderer" "host" }}:{{ index .Values "hlf-ca" "orderer" "port" }} -H /tmp/orderer; do 78 | printf "[DEBUG] Orderer Certificate Authority ({{ index .Values "hlf-ca" "orderer" "scheme" }}://{{ index .Values "hlf-ca" "orderer" "host" }}:{{ index .Values "hlf-ca" "orderer" "port"}}) server is not reacheable, retry in 5s\n" 79 | sleep 5 80 | done 81 | 82 | ## Create Orderer CA Cert kubernetes secret 83 | until kubectl get secret {{ .Values.secrets.ordTlsRootCert }} > /dev/null; do 84 | printf "[DEBUG] Orderer CA cacerts k8s secret not found, creating it now:\n" 85 | kubectl create secret generic {{ .Values.secrets.ordTlsRootCert }} --from-file=cacert.pem=$(find /tmp/orderer/msp/cacerts -type f) 86 | sleep 1 87 | done 88 | 89 | ## Enroll users 90 | while true; do 91 | 92 | while IFS=" " read -r name secret options; do 93 | 94 | printf "[DEBUG] Checking enrollment of CA user $name\n" 95 | 96 | ## Register user 97 | until fabric-ca-client identity list -u {{ index .Values "hlf-ca" "scheme" }}://{{ index .Values "hlf-ca" "adminUsername" }}:{{ index .Values "hlf-ca" "adminPassword" }}@{{ index .Values "hlf-ca" "host" }}:{{ index .Values "hlf-ca" "port" }} --id $name; do 98 | printf "[DEBUG] User $name is not registered, registering the user now:\n" 99 | fabric-ca-client register -d -u {{ index .Values "hlf-ca" "scheme" }}://{{ index .Values "hlf-ca" "adminUsername" }}:{{ index .Values "hlf-ca" "adminPassword" }}@{{ index .Values "hlf-ca" "host" }}:{{ index .Values "hlf-ca" "port" }} --id.name $name --id.secret $secret $options 100 | sleep 1 101 | done 102 | 103 | ## Enroll user (MSP) 104 | until [ -d "/data/$name/msp" ]; do 105 | printf "[DEBUG] MSP certificate not found: enrolling user '$name' now:\n" 106 | fabric-ca-client enroll -d -u {{ index .Values "hlf-ca" "scheme" }}://$name:$secret@{{ index .Values "hlf-ca" "host" }}:{{ index .Values "hlf-ca" "port" }} -M /data/$name/msp 107 | sleep 1 108 | done 109 | 110 | ## Enroll user (TLS) 111 | until [ -d "/data/$name/tls" ]; do 112 | printf "[DEBUG] TLS certificate not found: enrolling user '$name' with TLS profile now:\n" 113 | fabric-ca-client enroll -d --enrollment.profile tls -u {{ index .Values "hlf-ca" "scheme" }}://$name:$secret@{{ index .Values "hlf-ca" "host" }}:{{ index .Values "hlf-ca" "port" }} -M /data/$name/tls --csr.hosts "localhost,127.0.0.1,{{ .Values.enrollments.csrHost }}" 114 | sleep 1 115 | done 116 | 117 | ## Create secret: MSP cert 118 | until kubectl get secret hlf-msp-cert-$name > /dev/null; do 119 | printf "[DEBUG] User '$name' 'MSP cert' secret not found, creating it now:\n" 120 | kubectl create secret generic hlf-msp-cert-$name --from-file=cert.pem=/data/$name/msp/signcerts/cert.pem 121 | sleep 1 122 | done 123 | 124 | ## Create secret: MSP key 125 | until kubectl get secret hlf-msp-key-$name > /dev/null; do 126 | printf "[DEBUG] User '$name' 'MSP key' secret not found, creating it now:\n" 127 | kubectl create secret generic hlf-msp-key-$name --from-file=key.pem=$(find /data/$name/msp/keystore -type f) 128 | sleep 1 129 | done 130 | 131 | ## Create secret: TLS pair 132 | until kubectl get secret hlf-tls-$name > /dev/null; do 133 | printf "[DEBUG] User '$name' 'TLS pair' secret not found, creating it now:\n" 134 | kubectl create secret tls hlf-tls-$name --key $(find /data/$name/tls/keystore -type f) --cert /data/$name/tls/signcerts/cert.pem 135 | sleep 1 136 | done 137 | 138 | done < /config/enrollments 139 | 140 | sleep 10 141 | done 142 | resources: 143 | {{- toYaml .Values.resources | nindent 14 }} 144 | volumeMounts: 145 | - mountPath: /etc/hyperledger/fabric 146 | name: fabric-config 147 | readOnly: true 148 | - mountPath: /config 149 | name: enrollment 150 | readOnly: true 151 | - mountPath: /data 152 | name: data 153 | {{- if .Values.privateCa.enabled }} 154 | - mountPath: /usr/local/share/ca-certificates/{{ .Values.privateCa.configMap.fileName }} 155 | name: private-ca 156 | subPath: {{ .Values.privateCa.configMap.fileName }} 157 | {{- end }} 158 | {{- if index $.Values "fabric-tools" "image" "pullImageSecret" }} 159 | imagePullSecrets: 160 | - name: {{ index $.Values "fabric-tools" "image" "pullImageSecret" }} 161 | {{- end }} 162 | volumes: 163 | - name: fabric-config 164 | configMap: 165 | name: {{ template "substra.fullname" . }}-fabric 166 | - name: enrollment 167 | configMap: 168 | name: {{ template "substra.fullname" . }}-enrollment 169 | - name: data 170 | emptyDir: {} 171 | {{- if .Values.privateCa.enabled }} 172 | - name: private-ca 173 | configMap: 174 | name: {{ .Values.privateCa.configMap.name }} 175 | {{- end }} 176 | {{- with .Values.nodeSelector }} 177 | nodeSelector: 178 | {{- toYaml . | nindent 8 }} 179 | {{- end }} 180 | {{- end}} 181 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/deployment-genesis-operator.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if index .Values "hlf-ord" "enabled" }} 16 | {{- if .Values.genesis.generate }} 17 | apiVersion: apps/v1 18 | kind: Deployment 19 | metadata: 20 | name: {{ template "substra.fullname" . }}-genesis-operator 21 | labels: 22 | app.kubernetes.io/managed-by: {{ .Release.Service }} 23 | app.kubernetes.io/instance: {{ .Release.Name }} 24 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 25 | app.kubernetes.io/name: {{ template "substra.name" . }}-genesis-operator 26 | app.kubernetes.io/part-of: {{ template "substra.name" . }} 27 | spec: 28 | replicas: 1 29 | selector: 30 | matchLabels: 31 | app.kubernetes.io/name: {{ template "substra.name" . }}-genesis-operator 32 | app.kubernetes.io/instance: {{ .Release.Name }} 33 | template: 34 | metadata: 35 | labels: 36 | app.kubernetes.io/name: {{ template "substra.name" . }}-genesis-operator 37 | app.kubernetes.io/instance: {{ .Release.Name }} 38 | spec: 39 | serviceAccountName: {{ template "substra.fullname" . }} 40 | {{- if index $.Values "fabric-tools" "image" "pullImageSecret" }} 41 | imagePullSecrets: 42 | - name: {{ index $.Values "fabric-tools" "image" "pullImageSecret" }} 43 | {{- end }} 44 | containers: 45 | - name: fabric-tools 46 | image: {{ index $.Values "fabric-tools" "image" "repository" }}:{{ index $.Values "fabric-tools" "image" "tag" }} 47 | imagePullPolicy: "{{ index $.Values "fabric-tools" "image" "pullPolicy" }}" 48 | command: ['sh', '-c'] 49 | args: 50 | - | 51 | while true; do 52 | 53 | ## Generate Genesis block 54 | until [ -f "genesis.block" ] ; do 55 | printf "[DEBUG] Generating genesis block\n" 56 | configtxgen -profile GenerateGenesis -channelID {{ .Values.systemChannel.name }} -outputBlock genesis.block --configPath /etc/hyperledger/fabric 57 | sleep 1 58 | done 59 | 60 | ## Create genesis block kubernetes secret 61 | until kubectl get secret {{ .Values.secrets.genesis }} > /dev/null; do 62 | printf "[DEBUG] Genesis block kubernetes secret not found, creating it now:\n" 63 | kubectl create secret generic {{ .Values.secrets.genesis }} --from-file=genesis.block 64 | sleep 1 65 | done 66 | 67 | printf "[DEBUG] All done. Looping...\n" 68 | sleep 10 69 | done 70 | env: 71 | - name: CORE_PEER_MSPCONFIGPATH 72 | value: /var/hyperledger/admin_msp 73 | - name: GODEBUG 74 | value: "netdns=go+1" 75 | volumeMounts: 76 | - mountPath: /etc/hyperledger/fabric 77 | name: fabric-config 78 | readOnly: true 79 | - mountPath: /var/hyperledger/msp/signcerts 80 | name: id-cert 81 | - mountPath: /var/hyperledger/msp/keystore 82 | name: id-key 83 | - mountPath: /var/hyperledger/msp/cacerts 84 | name: cacert 85 | - mountPath: /var/hyperledger/msp/tlscacerts 86 | name: cacert 87 | - mountPath: /var/hyperledger/msp/admincerts 88 | name: admin-cert 89 | - mountPath: /var/hyperledger/tls/server/pair 90 | name: tls 91 | - mountPath: /var/hyperledger/tls/server/cert 92 | name: tls-rootcert 93 | - mountPath: /var/hyperledger/tls/client/pair 94 | name: tls-client 95 | - mountPath: /var/hyperledger/tls/client/cert 96 | name: tls-clientrootcert 97 | - mountPath: /var/hyperledger/admin_msp/signcerts 98 | name: admin-cert 99 | - mountPath: /var/hyperledger/admin_msp/keystore 100 | name: admin-key 101 | - mountPath: /var/hyperledger/admin_msp/cacerts 102 | name: cacert 103 | - mountPath: /var/hyperledger/admin_msp/tlscacerts 104 | name: cacert 105 | - mountPath: /var/hyperledger/admin_msp/admincerts 106 | name: admin-cert 107 | volumes: 108 | - name: fabric-config 109 | configMap: 110 | name: {{ template "substra.fullname" . }}-fabric 111 | - name: id-cert 112 | secret: 113 | secretName: {{ index .Values "hlf-ord" "secrets" "ord" "cert" }} 114 | - name: id-key 115 | secret: 116 | secretName: {{ index .Values "hlf-ord" "secrets" "ord" "key" }} 117 | - name: cacert 118 | secret: 119 | secretName: {{ index .Values "hlf-ord" "secrets" "ord" "caCert" }} 120 | - name: tls 121 | secret: 122 | secretName: {{ index .Values "hlf-ord" "secrets" "ord" "tls" }} 123 | - name: tls-rootcert 124 | secret: 125 | secretName: {{ index .Values "hlf-ord" "secrets" "ord" "tlsRootCert" }} 126 | - name: tls-client 127 | secret: 128 | secretName: {{ index .Values "hlf-ord" "secrets" "ord" "tlsClient" }} 129 | - name: tls-clientrootcert 130 | secret: 131 | secretName: {{ index .Values "hlf-ord" "secrets" "ord" "tlsClientRootCert" }} 132 | - name: admin-cert 133 | secret: 134 | secretName: {{ index .Values "hlf-ord" "secrets" "adminCert" }} 135 | - name: admin-key 136 | secret: 137 | secretName: {{ index .Values "hlf-ord" "secrets" "adminKey" }} 138 | {{- with .Values.nodeSelector }} 139 | nodeSelector: 140 | {{- toYaml . | nindent 8 }} 141 | {{- end }} 142 | {{- with .Values.affinity }} 143 | affinity: 144 | {{- toYaml . | nindent 8 }} 145 | {{- end }} 146 | {{- with .Values.tolerations }} 147 | tolerations: 148 | {{- toYaml . | nindent 8 }} 149 | {{- end }} 150 | {{- end }} 151 | {{- end }} 152 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/deployment-toolbox.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if .Values.toolbox.enabled }} 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | metadata: 19 | name: {{ template "substra.fullname" . }}-toolbox 20 | labels: 21 | app.kubernetes.io/managed-by: {{ $.Release.Service }} 22 | app.kubernetes.io/instance: {{ $.Release.Name }} 23 | helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} 24 | app.kubernetes.io/name: {{ template "substra.fullname" . }}-toolbox 25 | app.kubernetes.io/part-of: {{ $.Release.Name | lower | trunc 63 | trimSuffix "-" }} 26 | spec: 27 | replicas: 1 28 | selector: 29 | matchLabels: 30 | app.kubernetes.io/name: {{ template "substra.fullname" . }}-toolbox 31 | app.kubernetes.io/instance: {{ $.Release.Name }} 32 | template: 33 | metadata: 34 | labels: 35 | app.kubernetes.io/name: {{ template "substra.fullname" . }}-toolbox 36 | app.kubernetes.io/instance: {{ $.Release.Name }} 37 | spec: 38 | serviceAccountName: {{ template "substra.fullname" . }} 39 | {{- if index $.Values "fabric-tools" "image" "pullImageSecret" }} 40 | imagePullSecrets: 41 | - name: {{ index $.Values "fabric-tools" "image" "pullImageSecret" }} 42 | {{- end }} 43 | containers: 44 | - name: fabric-tools 45 | image: {{ index $.Values "fabric-tools" "image" "repository" }}:{{ index $.Values "fabric-tools" "image" "tag" }} 46 | imagePullPolicy: "{{ index $.Values "fabric-tools" "image" "pullPolicy" }}" 47 | command: ['sleep'] 48 | args: 49 | - infinity 50 | env: 51 | - name: CORE_PEER_MSPCONFIGPATH 52 | value: /var/hyperledger/admin_msp 53 | - name: GODEBUG 54 | value: "netdns=go+1" 55 | resources: 56 | limits: 57 | cpu: 100m 58 | memory: 256Mi 59 | requests: 60 | cpu: 100m 61 | memory: 256Mi 62 | volumeMounts: 63 | - mountPath: /etc/hyperledger/fabric 64 | name: fabric-config 65 | readOnly: true 66 | - mountPath: /var/hyperledger/msp/signcerts 67 | name: id-cert 68 | - mountPath: /var/hyperledger/msp/keystore 69 | name: id-key 70 | - mountPath: /var/hyperledger/msp/cacerts 71 | name: cacert 72 | - mountPath: /var/hyperledger/msp/tlscacerts 73 | name: cacert 74 | - mountPath: /var/hyperledger/msp/admincerts 75 | name: admin-cert 76 | - mountPath: /var/hyperledger/tls/server/pair 77 | name: tls 78 | - mountPath: /var/hyperledger/tls/server/cert 79 | name: tls-rootcert 80 | - mountPath: /var/hyperledger/tls/client/pair 81 | name: tls-client 82 | - mountPath: /var/hyperledger/tls/client/cert 83 | name: tls-clientrootcert 84 | - mountPath: /var/hyperledger/tls/ord/cert 85 | name: ord-tls-rootcert 86 | - mountPath: /var/hyperledger/admin_msp/signcerts 87 | name: admin-cert 88 | - mountPath: /var/hyperledger/admin_msp/keystore 89 | name: admin-key 90 | - mountPath: /var/hyperledger/admin_msp/cacerts 91 | name: cacert 92 | - mountPath: /var/hyperledger/admin_msp/tlscacerts 93 | name: cacert 94 | - mountPath: /var/hyperledger/admin_msp/admincerts 95 | name: admin-cert 96 | {{- if index $.Values "fabric-tools" "image" "pullImageSecret" }} 97 | imagePullSecrets: 98 | - name: {{ index $.Values "fabric-tools" "image" "pullImageSecret" }} 99 | {{- end }} 100 | volumes: 101 | - name: fabric-config 102 | configMap: 103 | name: {{ template "substra.fullname" $ }}-fabric 104 | - name: id-cert 105 | secret: 106 | secretName: {{ $.Values.secrets.cert }} 107 | - name: id-key 108 | secret: 109 | secretName: {{ $.Values.secrets.key }} 110 | - name: cacert 111 | secret: 112 | secretName: {{ $.Values.secrets.caCert }} 113 | - name: tls 114 | secret: 115 | secretName: {{ $.Values.secrets.tls }} 116 | - name: tls-rootcert 117 | secret: 118 | secretName: {{ $.Values.secrets.tlsRootCert }} 119 | - name: tls-client 120 | secret: 121 | secretName: {{ $.Values.secrets.tlsClient }} 122 | - name: tls-clientrootcert 123 | secret: 124 | secretName: {{ $.Values.secrets.tlsClientRootCert }} 125 | - name: admin-cert 126 | secret: 127 | secretName: {{ $.Values.secrets.adminCert }} 128 | - name: admin-key 129 | secret: 130 | secretName: {{ $.Values.secrets.adminKey }} 131 | - name: ord-tls-rootcert 132 | secret: 133 | secretName: {{ $.Values.secrets.ordTlsRootCert }} 134 | {{- with $.Values.nodeSelector }} 135 | nodeSelector: 136 | {{- toYaml . | nindent 8 }} 137 | {{- end }} 138 | {{- with $.Values.affinity }} 139 | affinity: 140 | {{- toYaml . | nindent 8 }} 141 | {{- end }} 142 | {{- with $.Values.tolerations }} 143 | tolerations: 144 | {{- toYaml . | nindent 8 }} 145 | {{- end }} 146 | {{- end }} 147 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/ingress-application-channel.yaml: -------------------------------------------------------------------------------- 1 | {{- range $channel := .Values.appChannels }} 2 | {{- if .ingress }} 3 | {{- if .ingress.enabled }} 4 | --- 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | name: {{ template "substra.fullname" $ }}-appchannel-operator-{{ $channel.channelName }} 9 | labels: 10 | app.kubernetes.io/name: {{ template "substra.fullname" $ }}-appchannel-operator-{{ $channel.channelName }} 11 | helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} 12 | app.kubernetes.io/managed-by: {{ $.Release.Service }} 13 | app.kubernetes.io/instance: {{ $.Release.Name }} 14 | {{- with .ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .ingress.ingressClassName }} 20 | ingressClassName: {{ .ingress.ingressClassName | quote }} 21 | {{- end }} 22 | {{- $pathType := .ingress.pathType }} 23 | rules: 24 | {{- range .ingress.hosts }} 25 | - host: {{ .host | quote }} 26 | http: 27 | paths: 28 | {{- range .paths }} 29 | - path: {{ . }} 30 | pathType: {{ $pathType }} 31 | backend: 32 | serviceName: {{ template "substra.fullname" $ }}-appchannel-operator-{{ $channel.channelName }} 33 | port: 34 | name: http 35 | {{- end }} 36 | {{- end }} 37 | {{- if .ingress.tls }} 38 | tls: 39 | {{- range .ingress.tls }} 40 | - hosts: 41 | {{- range .hosts }} 42 | - {{ . | quote }} 43 | {{- end }} 44 | secretName: {{ .secretName }} 45 | {{- end }} 46 | {{- end }} 47 | {{- end }} 48 | {{- end }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/ingress-config.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.configOperator.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ template "substra.fullname" . }}-config-operator 6 | labels: 7 | app.kubernetes.io/name: {{ template "substra.fullname" . }}-config-operator 8 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | {{- with .Values.configOperator.ingress.annotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | {{- if .Values.configOperator.ingress.ingressClassName }} 17 | ingressClassName: {{ .Values.ingress.ingerssClassName | quote }} 18 | {{- end }} 19 | {{- $pathType := .Values.configOperator.ingress.pathType }} 20 | rules: 21 | {{- range .Values.configOperator.ingress.hosts }} 22 | - host: {{ .host | quote }} 23 | http: 24 | paths: 25 | {{- range .paths }} 26 | - path: {{ . }} 27 | pathType: {{ $pathType }} 28 | backend: 29 | serviceName: {{ template "substra.fullname" $ }}-config-operator 30 | port: 31 | name: http 32 | {{- end }} 33 | {{- end }} 34 | {{- if .Values.configOperator.ingress.tls }} 35 | tls: 36 | {{- range .Values.configOperator.ingress.tls }} 37 | - hosts: 38 | {{- range .hosts }} 39 | - {{ . | quote }} 40 | {{- end }} 41 | secretName: {{ .secretName }} 42 | {{- end }} 43 | {{- end }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/job-hook-delete-secrets.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if .Values.hooks.deleteSecrets.enabled }} 16 | apiVersion: batch/v1 17 | kind: Job 18 | metadata: 19 | name: {{ template "substra.fullname" . }}-hook-delete-secrets 20 | labels: 21 | app.kubernetes.io/managed-by: {{ .Release.Service }} 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 24 | app.kubernetes.io/name: {{ template "substra.name" . }}-hook-delete-secrets 25 | app.kubernetes.io/part-of: {{ template "substra.name" . }} 26 | annotations: 27 | "helm.sh/hook": post-delete 28 | "helm.sh/hook-delete-policy": hook-succeeded 29 | namespace: {{ .Values.hooks.serviceAccount.namespace | default .Release.Namespace | quote }} 30 | spec: 31 | template: 32 | spec: 33 | restartPolicy: OnFailure 34 | serviceAccountName: {{ .Values.hooks.serviceAccount.name }} 35 | {{- if index $.Values "fabric-tools" "image" "pullImageSecret" }} 36 | imagePullSecrets: 37 | - name: {{ index $.Values "fabric-tools" "image" "pullImageSecret" }} 38 | {{- end }} 39 | containers: 40 | - name: fabric-tools 41 | image: {{ index $.Values "fabric-tools" "image" "repository" }}:{{ index $.Values "fabric-tools" "image" "tag" }} 42 | imagePullPolicy: "{{ index $.Values "fabric-tools" "image" "pullPolicy" }}" 43 | command: ['kubectl'] 44 | args: 45 | - delete 46 | - secrets 47 | - -n 48 | - {{ .Release.Namespace }} 49 | - {{ .Values.secrets.cert }} 50 | - {{ .Values.secrets.key }} 51 | - {{ .Values.secrets.caCert }} 52 | - {{ .Values.secrets.tls }} 53 | - {{ .Values.secrets.tlsClient }} 54 | - {{ .Values.secrets.tlsRootCert }} 55 | - {{ .Values.secrets.tlsClientRootCert }} 56 | - {{ .Values.secrets.adminCert }} 57 | - {{ .Values.secrets.adminKey }} 58 | - {{ .Values.secrets.ordTlsRootCert }} 59 | - {{ .Values.secrets.genesis }} 60 | - --ignore-not-found=true 61 | - --wait=true 62 | - -v=4 63 | {{- with .Values.nodeSelector }} 64 | nodeSelector: 65 | {{- toYaml . | nindent 8 }} 66 | {{- end }} 67 | {{- with .Values.affinity }} 68 | affinity: 69 | {{- toYaml . | nindent 8 }} 70 | {{- end }} 71 | {{- with .Values.tolerations }} 72 | tolerations: 73 | {{- toYaml . | nindent 8 }} 74 | {{- end }} 75 | {{- end }} 76 | 77 | {{- if index .Values "hlf-peer" "enabled" }} 78 | {{- if .Values.hooks.deleteCCIDSecrets.enabled }} 79 | --- 80 | apiVersion: batch/v1 81 | kind: Job 82 | metadata: 83 | name: {{ template "substra.fullname" . }}-hook-chaincode-delete-secrets 84 | labels: 85 | app.kubernetes.io/managed-by: {{ .Release.Service }} 86 | app.kubernetes.io/instance: {{ .Release.Name }} 87 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 88 | app.kubernetes.io/name: {{ template "substra.name" . }}-hook-chaincode-delete-secrets 89 | app.kubernetes.io/part-of: {{ template "substra.name" . }} 90 | annotations: 91 | "helm.sh/hook": post-delete 92 | "helm.sh/hook-delete-policy": hook-succeeded 93 | namespace: {{ .Values.hooks.serviceAccount.namespace | default .Release.Namespace | quote }} 94 | spec: 95 | template: 96 | spec: 97 | restartPolicy: OnFailure 98 | serviceAccountName: {{ .Values.hooks.serviceAccount.name }} 99 | {{- if index $.Values "fabric-tools" "image" "pullImageSecret" }} 100 | imagePullSecrets: 101 | - name: {{ index $.Values "fabric-tools" "image" "pullImageSecret" }} 102 | {{- end }} 103 | containers: 104 | - name: fabric-tools 105 | image: {{ index $.Values "fabric-tools" "image" "repository" }}:{{ index $.Values "fabric-tools" "image" "tag" }} 106 | imagePullPolicy: "{{ index $.Values "fabric-tools" "image" "pullPolicy" }}" 107 | command: ['kubectl'] 108 | args: 109 | - delete 110 | - secrets 111 | - -n 112 | - {{ .Release.Namespace }} 113 | {{- range .Values.chaincodes }} 114 | - chaincode-ccid-{{ .name }}-{{ .version }} 115 | {{- end }} 116 | - --ignore-not-found=true 117 | - --wait=true 118 | - -v=4 119 | {{- with .Values.nodeSelector }} 120 | nodeSelector: 121 | {{- toYaml . | nindent 8 }} 122 | {{- end }} 123 | {{- with .Values.affinity }} 124 | affinity: 125 | {{- toYaml . | nindent 8 }} 126 | {{- end }} 127 | {{- with .Values.tolerations }} 128 | tolerations: 129 | {{- toYaml . | nindent 8 }} 130 | {{- end }} 131 | {{- end }} 132 | {{- end }} 133 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | apiVersion: v1 17 | kind: ServiceAccount 18 | metadata: 19 | name: {{ template "substra.fullname" . }} 20 | labels: 21 | app.kubernetes.io/managed-by: {{ .Release.Service }} 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 24 | app.kubernetes.io/name: {{ template "substra.name" . }} 25 | app.kubernetes.io/part-of: {{ template "substra.name" . }} 26 | --- 27 | kind: Role 28 | apiVersion: rbac.authorization.k8s.io/v1 29 | metadata: 30 | name: {{ template "substra.fullname" . }} 31 | labels: 32 | app.kubernetes.io/managed-by: {{ .Release.Service }} 33 | app.kubernetes.io/instance: {{ .Release.Name }} 34 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 35 | app.kubernetes.io/name: {{ template "substra.name" . }} 36 | app.kubernetes.io/part-of: {{ template "substra.name" . }} 37 | rules: 38 | - apiGroups: [""] 39 | resources: ["secrets"] 40 | verbs: 41 | - get 42 | - watch 43 | - list 44 | - create 45 | {{- if or .Values.hooks.deleteSecrets.enabled .Values.hooks.deleteCCIDSecrets.enabled }} 46 | - delete 47 | {{- end }} 48 | --- 49 | kind: RoleBinding 50 | apiVersion: rbac.authorization.k8s.io/v1 51 | metadata: 52 | name: {{ template "substra.fullname" . }} 53 | labels: 54 | app.kubernetes.io/managed-by: {{ .Release.Service }} 55 | app.kubernetes.io/instance: {{ .Release.Name }} 56 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} 57 | app.kubernetes.io/name: {{ template "substra.name" . }} 58 | app.kubernetes.io/part-of: {{ template "substra.name" . }} 59 | subjects: 60 | - kind: ServiceAccount 61 | name: {{ template "substra.fullname" . }} 62 | namespace: {{ .Release.Namespace }} 63 | roleRef: 64 | kind: Role 65 | name: {{ template "substra.fullname" . }} 66 | apiGroup: rbac.authorization.k8s.io 67 | -------------------------------------------------------------------------------- /charts/hlf-k8s/templates/secret-couchdb-credentials.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: {{ template "substra.fullname" . }}-couchdb-credentials 6 | data: 7 | COUCHDB_USER: {{ index .Values "couchdb" "adminUsername" | b64enc }} 8 | COUCHDB_PASSWORD: {{ index .Values "couchdb" "adminPassword" | b64enc }} 9 | -------------------------------------------------------------------------------- /docker/fabric-peer/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM hyperledger/fabric-peer:2.4 2 | 3 | COPY ./docker/fabric-peer/core.yaml /etc/hyperledger/fabric/core.yaml 4 | COPY ./docker/fabric-peer/builders /builders 5 | 6 | RUN chmod 777 -R /builders 7 | -------------------------------------------------------------------------------- /docker/fabric-peer/builders/bin/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # The bin/build script is responsible for building, compiling, or transforming the contents 4 | # of a chaincode package into artifacts that can be used by release and run. 5 | # 6 | # The peer invokes build with three arguments: 7 | # bin/build CHAINCODE_SOURCE_DIR CHAINCODE_METADATA_DIR BUILD_OUTPUT_DIR 8 | # 9 | # When build is invoked, CHAINCODE_SOURCE_DIR contains the chaincode source and 10 | # CHAINCODE_METADATA_DIR contains the metadata.json file from the chaincode package installed to the peer. 11 | # BUILD_OUTPUT_DIR is the directory where build must place artifacts needed by release and run. 12 | # The build script should treat the input directories CHAINCODE_SOURCE_DIR and 13 | # CHAINCODE_METADATA_DIR as read only, but the BUILD_OUTPUT_DIR is writeable. 14 | 15 | CHAINCODE_SOURCE_DIR="$1" 16 | CHAINCODE_METADATA_DIR="$2" 17 | BUILD_OUTPUT_DIR="$3" 18 | 19 | set -euo pipefail 20 | 21 | # external chaincodes expect connection.json file in the chaincode package 22 | if [ ! -f "$CHAINCODE_SOURCE_DIR/connection.json" ]; then 23 | >&2 echo "$CHAINCODE_SOURCE_DIR/connection.json not found" 24 | exit 1 25 | fi 26 | 27 | # simply copy the endpoint information to specified output location 28 | cp -af $CHAINCODE_SOURCE_DIR/connection.json $BUILD_OUTPUT_DIR/connection.json 29 | sync 30 | 31 | if [ -d "$CHAINCODE_SOURCE_DIR/metadata" ]; then 32 | cp -af $CHAINCODE_SOURCE_DIR/metadata $BUILD_OUTPUT_DIR/metadata 33 | sync 34 | fi 35 | -------------------------------------------------------------------------------- /docker/fabric-peer/builders/bin/detect: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # The bin/detect script is responsible for determining whether or not a buildpack 4 | # should be used to build a chaincode package and launch it. 5 | # 6 | # The peer invokes detect with two arguments: 7 | # bin/detect CHAINCODE_SOURCE_DIR CHAINCODE_METADATA_DIR 8 | # 9 | # When detect is invoked, CHAINCODE_SOURCE_DIR contains the chaincode source and 10 | # CHAINCODE_METADATA_DIR contains the metadata.json file from the chaincode package installed to the peer. 11 | # The CHAINCODE_SOURCE_DIR and CHAINCODE_METADATA_DIR should be treated as read only inputs. 12 | # If the buildpack should be applied to the chaincode source package, detect must return an exit code of 0; 13 | # any other exit code will indicate that the buildpack should not be applied. 14 | 15 | CHAINCODE_METADATA_DIR="$2" 16 | 17 | set -euo pipefail 18 | 19 | # use awk to extract the chaincode type from metadata.json and exit with 20 | # success if the chaincode type is external 21 | if [ "$(cat "$CHAINCODE_METADATA_DIR/metadata.json" | sed -e 's/[{}]/''/g' | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'type'\042/){print $(i+1)}}}' | tr -d '"')" = "external" ]; then 22 | exit 0 23 | fi 24 | 25 | exit 1 26 | -------------------------------------------------------------------------------- /docker/fabric-peer/builders/bin/release: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # The bin/release script is responsible for providing chaincode metadata to the peer. 4 | # bin/release is optional. If it is not provided, this step is skipped. 5 | # 6 | # The peer invokes release with two arguments: 7 | # bin/release BUILD_OUTPUT_DIR RELEASE_OUTPUT_DIR 8 | # 9 | # When release is invoked, BUILD_OUTPUT_DIR contains the artifacts 10 | # populated by the build program and should be treated as read only input. 11 | # RELEASE_OUTPUT_DIR is the directory where release must place artifacts to be consumed by the peer. 12 | 13 | set -euo pipefail 14 | 15 | BUILD_OUTPUT_DIR="$1" 16 | RELEASE_OUTPUT_DIR="$2" 17 | 18 | # copy indexes from metadata/* to the output directory 19 | # if [ -d "$BUILD_OUTPUT_DIR/metadata" ] ; then 20 | # cp -a "$BUILD_OUTPUT_DIR/metadata/"* "$RELEASE_OUTPUT_DIR/" 21 | # fi 22 | 23 | #external chaincodes expect artifacts to be placed under "$RELEASE_OUTPUT_DIR"/chaincode/server 24 | if [ -f $BUILD_OUTPUT_DIR/connection.json ]; then 25 | mkdir -p "$RELEASE_OUTPUT_DIR"/chaincode/server 26 | cp -af $BUILD_OUTPUT_DIR/connection.json "$RELEASE_OUTPUT_DIR"/chaincode/server 27 | sync 28 | #if tls_required is true, copy TLS files (using above example, the fully qualified path for these fils would be "$RELEASE_OUTPUT_DIR"/chaincode/server/tls) 29 | 30 | exit 0 31 | fi 32 | 33 | exit 1 34 | -------------------------------------------------------------------------------- /docker/fabric-tools/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM hyperledger/fabric-tools:2.4 2 | 3 | # avoid the shell swallowing errors 4 | SHELL ["/bin/ash", "-eo", "pipefail", "-c"] 5 | 6 | # Install curl and netcat 7 | RUN apk --no-cache add curl netcat-openbsd vim libc6-compat && \ 8 | apk upgrade libcurl 9 | 10 | # Install fabric-ca-client 11 | RUN curl -SL https://github.com/hyperledger/fabric-ca/releases/download/v1.5.1/hyperledger-fabric-ca-linux-amd64-1.5.1.tar.gz | tar xz --strip-components=1 && \ 12 | mv ./fabric-ca-client /bin 13 | 14 | # Install kubectl 15 | RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.16.6/bin/linux/amd64/kubectl && \ 16 | chmod +x ./kubectl && \ 17 | mv ./kubectl /bin 18 | 19 | # Install grpcurl for convenience 20 | RUN curl -LO https://github.com/fullstorydev/grpcurl/releases/download/v1.3.0/grpcurl_1.3.0_linux_x86_64.tar.gz && \ 21 | tar xvzf grpcurl_1.3.0_linux_x86_64.tar.gz && \ 22 | mv grpcurl /bin 23 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any-no-ca-same-cc/skaffold.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | --- 15 | apiVersion: skaffold/v4beta2 16 | kind: Config 17 | requires: 18 | - path: ../serviceAccounts/skaffold.yaml 19 | configs: 20 | # For chaincode secrets deletion 21 | - org-1+2 22 | - path: ../secrets/skaffold.yaml 23 | build: 24 | artifacts: 25 | - image: substra/fabric-tools 26 | context: ../../ 27 | docker: 28 | dockerfile: docker/fabric-tools/Dockerfile 29 | - image: substra/fabric-peer 30 | context: ../../ 31 | docker: 32 | dockerfile: docker/fabric-peer/Dockerfile 33 | helm: 34 | releases: 35 | - name: network-orderer 36 | chartPath: ../../charts/hlf-k8s 37 | valuesFiles: 38 | - values/orderer.yaml 39 | namespace: orderer 40 | setValueTemplates: 41 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 42 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 43 | createNamespace: true 44 | - name: network-org-1-peer-1 45 | chartPath: ../../charts/hlf-k8s 46 | valuesFiles: 47 | - values/org-1-peer-1.yaml 48 | namespace: org-1 49 | setValueTemplates: 50 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 51 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 52 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 53 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 54 | createNamespace: true 55 | - name: network-org-2-peer-1 56 | chartPath: ../../charts/hlf-k8s 57 | valuesFiles: 58 | - values/org-2-peer-1.yaml 59 | namespace: org-2 60 | setValueTemplates: 61 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 62 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 63 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 64 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 65 | createNamespace: true 66 | deploy: 67 | helm: {} 68 | kubectl: {} 69 | statusCheckDeadlineSeconds: 300 70 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any-no-ca-same-cc/values/orderer.yaml: -------------------------------------------------------------------------------- 1 | # Orderer values for 1 orderer 2 organizations setup 2 | 3 | organization: 4 | id: MyOrdererMSP 5 | name: MyOrderer 6 | 7 | hlf-peer: 8 | enabled: false 9 | 10 | hlf-ca: 11 | enabled: false 12 | caName: rcaOrderer 13 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 14 | orderer: 15 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 16 | 17 | hlf-ord: 18 | enabled: true 19 | monitor: 20 | enabled: true 21 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 22 | ord: 23 | mspID: MyOrdererMSP 24 | 25 | appChannels: 26 | - channelName: mychannel 27 | - channelName: yourchannel 28 | 29 | systemChannel: 30 | organizations: 31 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrg.json } 32 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrg.json } 33 | 34 | enrollments: 35 | creds: 36 | - { name: admin, secret: adminpwd, options: "--id.attrs admin=true:ecert"} 37 | - { name: user, secret: pwd, options: "--id.type orderer"} 38 | csrHost: "network-orderer-hlf-ord.orderer.svc.cluster.local" 39 | 40 | toolbox: 41 | enabled: true 42 | 43 | hooks: 44 | deleteSecrets: 45 | enabled: false 46 | 47 | genesis: 48 | generate: false 49 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any-no-ca-same-cc/values/org-1-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg1MSP 3 | name: MyOrg1 4 | 5 | hlf-ca: 6 | enabled: false 7 | caName: rcaOrg1 8 | host: network-org-1-peer-1-hlf-ca.org-1.svc.cluster.local 9 | orderer: 10 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 11 | 12 | hlf-ord: 13 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 14 | 15 | hlf-peer: 16 | host: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local 17 | image: 18 | peer: 19 | couchdbSecret: network-org-1-peer-1-hlf-k8s-couchdb-credentials 20 | couchdbService: network-org-1-peer-1-svc-couchdb.org-1.svc.cluster.local 21 | mspID: MyOrg1MSP 22 | gossip: 23 | externalEndpoint: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local:7051 24 | discover-monitor: 25 | enabled: true 26 | 27 | 28 | chaincodes: 29 | - name: mycc 30 | address: network-org-1-peer-1-hlf-k8s-chaincode-mycc.org-1.svc.cluster.local 31 | port: 7052 32 | version: "1.0" 33 | image: 34 | repository: ghcr.io/substra/orchestrator-chaincode 35 | tag: latest 36 | pullPolicy: IfNotPresent 37 | init: 38 | image: 39 | repository: ghcr.io/substra/orchestrator-chaincode-init 40 | tag: latest 41 | 42 | 43 | appChannels: 44 | - channelName: mychannel 45 | channelPolicies: |- 46 | Readers: 47 | Type: ImplicitMeta 48 | Rule: "ANY Readers" 49 | Writers: 50 | Type: ImplicitMeta 51 | Rule: "ANY Writers" 52 | Admins: 53 | Type: ImplicitMeta 54 | Rule: "ANY Admins" 55 | appPolicies: |- 56 | LifecycleEndorsement: 57 | Type: ImplicitMeta 58 | Rule: "ANY Endorsement" 59 | Endorsement: 60 | Type: ImplicitMeta 61 | Rule: "ANY Endorsement" 62 | Readers: 63 | Type: ImplicitMeta 64 | Rule: "ANY Readers" 65 | Writers: 66 | Type: ImplicitMeta 67 | Rule: "ANY Writers" 68 | Admins: 69 | Type: ImplicitMeta 70 | Rule: "ANY Admins" 71 | 72 | chaincodes: 73 | - name: mycc 74 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 75 | version: "1.0" 76 | sequence: "1" 77 | 78 | organizations: 79 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 80 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 81 | 82 | - channelName: yourchannel 83 | channelPolicies: |- 84 | Readers: 85 | Type: ImplicitMeta 86 | Rule: "ANY Readers" 87 | Writers: 88 | Type: ImplicitMeta 89 | Rule: "ANY Writers" 90 | Admins: 91 | Type: ImplicitMeta 92 | Rule: "ANY Admins" 93 | appPolicies: |- 94 | LifecycleEndorsement: 95 | Type: ImplicitMeta 96 | Rule: "ANY Endorsement" 97 | Endorsement: 98 | Type: ImplicitMeta 99 | Rule: "ANY Endorsement" 100 | Readers: 101 | Type: ImplicitMeta 102 | Rule: "ANY Readers" 103 | Writers: 104 | Type: ImplicitMeta 105 | Rule: "ANY Writers" 106 | Admins: 107 | Type: ImplicitMeta 108 | Rule: "ANY Admins" 109 | 110 | chaincodes: 111 | - name: mycc 112 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 113 | version: "1.0" 114 | sequence: "1" 115 | 116 | organizations: 117 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 118 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 119 | 120 | 121 | enrollments: 122 | creds: 123 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 124 | - { name: user, secret: pwd, options: "--id.type peer"} 125 | # csrHost is set for peer and chaincodes communications 126 | csrHost: "*.org-1.svc.cluster.local" 127 | 128 | 129 | toolbox: 130 | enabled: true 131 | 132 | hooks: 133 | deleteSecrets: 134 | enabled: false 135 | 136 | # Name used for chaincode delete secret 137 | serviceAccount: 138 | name: substra-delete-hook 139 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any-no-ca-same-cc/values/org-2-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg2MSP 3 | name: MyOrg2 4 | 5 | hlf-ca: 6 | enabled: false 7 | caName: rcaOrg2 8 | host: network-org-2-peer-1-hlf-ca.org-2.svc.cluster.local 9 | orderer: 10 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 11 | 12 | hlf-ord: 13 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 14 | 15 | hlf-peer: 16 | host: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local 17 | peer: 18 | couchdbSecret: network-org-2-peer-1-hlf-k8s-couchdb-credentials 19 | couchdbService: network-org-2-peer-1-svc-couchdb.org-2.svc.cluster.local 20 | mspID: MyOrg2MSP 21 | gossip: 22 | externalEndpoint: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local:7051 23 | discover-monitor: 24 | enabled: true 25 | 26 | 27 | chaincodes: 28 | - name: mycc 29 | address: network-org-2-peer-1-hlf-k8s-chaincode-mycc.org-2.svc.cluster.local 30 | port: 7052 31 | version: "1.0" 32 | image: 33 | repository: ghcr.io/substra/orchestrator-chaincode 34 | tag: latest 35 | pullPolicy: IfNotPresent 36 | init: 37 | image: 38 | repository: ghcr.io/substra/orchestrator-chaincode-init 39 | tag: latest 40 | 41 | appChannels: 42 | - channelName: mychannel 43 | channelPolicies: |- 44 | Readers: 45 | Type: ImplicitMeta 46 | Rule: "ANY Readers" 47 | Writers: 48 | Type: ImplicitMeta 49 | Rule: "ANY Writers" 50 | Admins: 51 | Type: ImplicitMeta 52 | Rule: "ANY Admins" 53 | appPolicies: |- 54 | LifecycleEndorsement: 55 | Type: ImplicitMeta 56 | Rule: "ANY Endorsement" 57 | Endorsement: 58 | Type: ImplicitMeta 59 | Rule: "ANY Endorsement" 60 | Readers: 61 | Type: ImplicitMeta 62 | Rule: "ANY Readers" 63 | Writers: 64 | Type: ImplicitMeta 65 | Rule: "ANY Writers" 66 | Admins: 67 | Type: ImplicitMeta 68 | Rule: "ANY Admins" 69 | 70 | chaincodes: 71 | - name: mycc 72 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 73 | version: "1.0" 74 | sequence: "1" 75 | 76 | - channelName: yourchannel 77 | channelPolicies: |- 78 | Readers: 79 | Type: ImplicitMeta 80 | Rule: "ANY Readers" 81 | Writers: 82 | Type: ImplicitMeta 83 | Rule: "ANY Writers" 84 | Admins: 85 | Type: ImplicitMeta 86 | Rule: "ANY Admins" 87 | appPolicies: |- 88 | LifecycleEndorsement: 89 | Type: ImplicitMeta 90 | Rule: "ANY Endorsement" 91 | Endorsement: 92 | Type: ImplicitMeta 93 | Rule: "ANY Endorsement" 94 | Readers: 95 | Type: ImplicitMeta 96 | Rule: "ANY Readers" 97 | Writers: 98 | Type: ImplicitMeta 99 | Rule: "ANY Writers" 100 | Admins: 101 | Type: ImplicitMeta 102 | Rule: "ANY Admins" 103 | 104 | chaincodes: 105 | - name: mycc 106 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 107 | version: "1.0" 108 | sequence: "1" 109 | 110 | enrollments: 111 | creds: 112 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 113 | - { name: user, secret: pwd, options: "--id.type peer"} 114 | # csrHost is set for peer and chaincodes communications 115 | csrHost: "*.org-2.svc.cluster.local" 116 | 117 | 118 | toolbox: 119 | enabled: true 120 | 121 | hooks: 122 | deleteSecrets: 123 | enabled: false 124 | 125 | # Name used for chaincode delete secret 126 | serviceAccount: 127 | name: substra-delete-hook 128 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any-no-ca/skaffold.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | --- 15 | apiVersion: skaffold/v4beta2 16 | kind: Config 17 | requires: 18 | - path: ../serviceAccounts/skaffold.yaml 19 | configs: 20 | # For chaincode secrets deletion 21 | - org-1+2 22 | - path: ../secrets/skaffold.yaml 23 | build: 24 | artifacts: 25 | - image: substra/fabric-tools 26 | context: ../../ 27 | docker: 28 | dockerfile: docker/fabric-tools/Dockerfile 29 | - image: substra/fabric-peer 30 | context: ../../ 31 | docker: 32 | dockerfile: docker/fabric-peer/Dockerfile 33 | manifests: 34 | helm: 35 | releases: 36 | - name: network-orderer 37 | chartPath: ../../charts/hlf-k8s 38 | valuesFiles: 39 | - values/orderer.yaml 40 | namespace: orderer 41 | setValueTemplates: 42 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 43 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 44 | createNamespace: true 45 | - name: network-org-1-peer-1 46 | chartPath: ../../charts/hlf-k8s 47 | valuesFiles: 48 | - values/org-1-peer-1.yaml 49 | namespace: org-1 50 | setValueTemplates: 51 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 52 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 53 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 54 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 55 | createNamespace: true 56 | - name: network-org-2-peer-1 57 | chartPath: ../../charts/hlf-k8s 58 | valuesFiles: 59 | - values/org-2-peer-1.yaml 60 | namespace: org-2 61 | setValueTemplates: 62 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 63 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 64 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 65 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 66 | createNamespace: true 67 | deploy: 68 | helm: {} 69 | kubectl: {} 70 | statusCheckDeadlineSeconds: 300 71 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any-no-ca/values/orderer.yaml: -------------------------------------------------------------------------------- 1 | # Orderer values for 1 orderer 2 organizations setup 2 | 3 | organization: 4 | id: MyOrdererMSP 5 | name: MyOrderer 6 | 7 | hlf-peer: 8 | enabled: false 9 | 10 | hlf-ca: 11 | enabled: false 12 | caName: rcaOrderer 13 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 14 | orderer: 15 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 16 | 17 | hlf-ord: 18 | enabled: true 19 | monitor: 20 | enabled: true 21 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 22 | ord: 23 | mspID: MyOrdererMSP 24 | 25 | appChannels: 26 | - channelName: mychannel 27 | - channelName: yourchannel 28 | 29 | systemChannel: 30 | organizations: 31 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrg.json } 32 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrg.json } 33 | 34 | enrollments: 35 | creds: 36 | - { name: admin, secret: adminpwd, options: "--id.attrs admin=true:ecert"} 37 | - { name: user, secret: pwd, options: "--id.type orderer"} 38 | csrHost: "network-orderer-hlf-ord.orderer.svc.cluster.local" 39 | 40 | toolbox: 41 | enabled: true 42 | 43 | hooks: 44 | deleteSecrets: 45 | enabled: false 46 | 47 | genesis: 48 | generate: false 49 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any-no-ca/values/org-1-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg1MSP 3 | name: MyOrg1 4 | 5 | hlf-ca: 6 | enabled: false 7 | caName: rcaOrg1 8 | host: network-org-1-peer-1-hlf-ca.org-1.svc.cluster.local 9 | orderer: 10 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 11 | 12 | hlf-ord: 13 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 14 | 15 | hlf-peer: 16 | host: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local 17 | peer: 18 | couchdbSecret: network-org-1-peer-1-hlf-k8s-couchdb-credentials 19 | couchdbService: network-org-1-peer-1-svc-couchdb.org-1.svc.cluster.local 20 | mspID: MyOrg1MSP 21 | gossip: 22 | externalEndpoint: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local:7051 23 | discover-monitor: 24 | enabled: true 25 | 26 | 27 | chaincodes: 28 | - name: mycc 29 | address: network-org-1-peer-1-hlf-k8s-chaincode-mycc.org-1.svc.cluster.local 30 | port: 7052 31 | version: "1.0" 32 | logLevel: DEBUG 33 | image: 34 | repository: ghcr.io/substra/orchestrator-chaincode 35 | tag: latest 36 | pullPolicy: IfNotPresent 37 | init: 38 | image: 39 | repository: ghcr.io/substra/orchestrator-chaincode-init 40 | tag: latest 41 | 42 | - name: yourcc 43 | address: network-org-1-peer-1-hlf-k8s-chaincode-yourcc.org-1.svc.cluster.local 44 | port: 7052 45 | version: "1.0" 46 | logLevel: DEBUG 47 | image: 48 | repository: ghcr.io/substra/orchestrator-chaincode 49 | tag: latest 50 | pullPolicy: IfNotPresent 51 | init: 52 | image: 53 | repository: ghcr.io/substra/orchestrator-chaincode-init 54 | tag: latest 55 | 56 | 57 | appChannels: 58 | - channelName: mychannel 59 | channelPolicies: |- 60 | Readers: 61 | Type: ImplicitMeta 62 | Rule: "ANY Readers" 63 | Writers: 64 | Type: ImplicitMeta 65 | Rule: "ANY Writers" 66 | Admins: 67 | Type: ImplicitMeta 68 | Rule: "ANY Admins" 69 | appPolicies: |- 70 | LifecycleEndorsement: 71 | Type: ImplicitMeta 72 | Rule: "ANY Endorsement" 73 | Endorsement: 74 | Type: ImplicitMeta 75 | Rule: "ANY Endorsement" 76 | Readers: 77 | Type: ImplicitMeta 78 | Rule: "ANY Readers" 79 | Writers: 80 | Type: ImplicitMeta 81 | Rule: "ANY Writers" 82 | Admins: 83 | Type: ImplicitMeta 84 | Rule: "ANY Admins" 85 | 86 | chaincodes: 87 | - name: mycc 88 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 89 | version: "1.0" 90 | sequence: "1" 91 | 92 | organizations: 93 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 94 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 95 | 96 | - channelName: yourchannel 97 | channelPolicies: |- 98 | Readers: 99 | Type: ImplicitMeta 100 | Rule: "ANY Readers" 101 | Writers: 102 | Type: ImplicitMeta 103 | Rule: "ANY Writers" 104 | Admins: 105 | Type: ImplicitMeta 106 | Rule: "ANY Admins" 107 | appPolicies: |- 108 | LifecycleEndorsement: 109 | Type: ImplicitMeta 110 | Rule: "ANY Endorsement" 111 | Endorsement: 112 | Type: ImplicitMeta 113 | Rule: "ANY Endorsement" 114 | Readers: 115 | Type: ImplicitMeta 116 | Rule: "ANY Readers" 117 | Writers: 118 | Type: ImplicitMeta 119 | Rule: "ANY Writers" 120 | Admins: 121 | Type: ImplicitMeta 122 | Rule: "ANY Admins" 123 | 124 | chaincodes: 125 | - name: yourcc 126 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 127 | version: "1.0" 128 | sequence: "1" 129 | 130 | organizations: 131 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 132 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 133 | 134 | 135 | enrollments: 136 | creds: 137 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 138 | - { name: user, secret: pwd, options: "--id.type peer"} 139 | # csrHost is set for peer and chaincodes communications 140 | csrHost: "*.org-1.svc.cluster.local" 141 | 142 | 143 | toolbox: 144 | enabled: true 145 | 146 | hooks: 147 | deleteSecrets: 148 | enabled: false 149 | 150 | # Name used for chaincode delete secret 151 | serviceAccount: 152 | name: substra-delete-hook 153 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any-no-ca/values/org-2-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg2MSP 3 | name: MyOrg2 4 | 5 | hlf-ca: 6 | enabled: false 7 | caName: rcaOrg2 8 | host: network-org-2-peer-1-hlf-ca.org-2.svc.cluster.local 9 | orderer: 10 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 11 | 12 | hlf-ord: 13 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 14 | 15 | hlf-peer: 16 | host: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local 17 | peer: 18 | couchdbSecret: network-org-2-peer-1-hlf-k8s-couchdb-credentials 19 | couchdbService: network-org-2-peer-1-svc-couchdb.org-2.svc.cluster.local 20 | mspID: MyOrg2MSP 21 | gossip: 22 | externalEndpoint: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local:7051 23 | discover-monitor: 24 | enabled: true 25 | 26 | 27 | chaincodes: 28 | - name: mycc 29 | address: network-org-2-peer-1-hlf-k8s-chaincode-mycc.org-2.svc.cluster.local 30 | port: 7052 31 | version: "1.0" 32 | image: 33 | repository: ghcr.io/substra/orchestrator-chaincode 34 | tag: latest 35 | pullPolicy: IfNotPresent 36 | init: 37 | image: 38 | repository: ghcr.io/substra/orchestrator-chaincode-init 39 | tag: latest 40 | - name: yourcc 41 | address: network-org-2-peer-1-hlf-k8s-chaincode-yourcc.org-2.svc.cluster.local 42 | port: 7052 43 | version: "1.0" 44 | image: 45 | repository: ghcr.io/substra/orchestrator-chaincode 46 | tag: latest 47 | pullPolicy: IfNotPresent 48 | init: 49 | image: 50 | repository: ghcr.io/substra/orchestrator-chaincode-init 51 | tag: latest 52 | 53 | 54 | appChannels: 55 | - channelName: mychannel 56 | channelPolicies: |- 57 | Readers: 58 | Type: ImplicitMeta 59 | Rule: "ANY Readers" 60 | Writers: 61 | Type: ImplicitMeta 62 | Rule: "ANY Writers" 63 | Admins: 64 | Type: ImplicitMeta 65 | Rule: "ANY Admins" 66 | appPolicies: |- 67 | LifecycleEndorsement: 68 | Type: ImplicitMeta 69 | Rule: "ANY Endorsement" 70 | Endorsement: 71 | Type: ImplicitMeta 72 | Rule: "ANY Endorsement" 73 | Readers: 74 | Type: ImplicitMeta 75 | Rule: "ANY Readers" 76 | Writers: 77 | Type: ImplicitMeta 78 | Rule: "ANY Writers" 79 | Admins: 80 | Type: ImplicitMeta 81 | Rule: "ANY Admins" 82 | 83 | chaincodes: 84 | - name: mycc 85 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 86 | version: "1.0" 87 | sequence: "1" 88 | 89 | - channelName: yourchannel 90 | channelPolicies: |- 91 | Readers: 92 | Type: ImplicitMeta 93 | Rule: "ANY Readers" 94 | Writers: 95 | Type: ImplicitMeta 96 | Rule: "ANY Writers" 97 | Admins: 98 | Type: ImplicitMeta 99 | Rule: "ANY Admins" 100 | appPolicies: |- 101 | LifecycleEndorsement: 102 | Type: ImplicitMeta 103 | Rule: "ANY Endorsement" 104 | Endorsement: 105 | Type: ImplicitMeta 106 | Rule: "ANY Endorsement" 107 | Readers: 108 | Type: ImplicitMeta 109 | Rule: "ANY Readers" 110 | Writers: 111 | Type: ImplicitMeta 112 | Rule: "ANY Writers" 113 | Admins: 114 | Type: ImplicitMeta 115 | Rule: "ANY Admins" 116 | 117 | chaincodes: 118 | - name: yourcc 119 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 120 | version: "1.0" 121 | sequence: "1" 122 | 123 | enrollments: 124 | creds: 125 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 126 | - { name: user, secret: pwd, options: "--id.type peer"} 127 | # csrHost is set for peer and chaincodes communications 128 | csrHost: "*.org-2.svc.cluster.local" 129 | 130 | 131 | toolbox: 132 | enabled: true 133 | 134 | hooks: 135 | deleteSecrets: 136 | enabled: false 137 | 138 | # Name used for chaincode delete secret 139 | serviceAccount: 140 | name: substra-delete-hook 141 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any/skaffold.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | --- 15 | apiVersion: skaffold/v4beta2 16 | kind: Config 17 | requires: 18 | - path: ../serviceAccounts/skaffold.yaml 19 | configs: 20 | # For chaincode secrets deletion 21 | - org-1+2 22 | # We create the serviceAccounts with the kubectl deployer to ensure the serviceAccounts will stay present for the Helm deletion hooks 23 | # By design Skaffold create and delete ressources in a fixed order (Helm > kubectl > kustomize) 24 | # Ref: https://github.com/GoogleContainerTools/skaffold/blob/dedd545/pkg/skaffold/runner/new.go#L191-L214 (func getDeployer) 25 | - orderer 26 | build: 27 | artifacts: 28 | - image: substra/fabric-tools 29 | context: ../../ 30 | docker: 31 | dockerfile: docker/fabric-tools/Dockerfile 32 | - image: substra/fabric-peer 33 | context: ../../ 34 | docker: 35 | dockerfile: docker/fabric-peer/Dockerfile 36 | 37 | # FIXME: Replace `deploy` by `manifests` when these functions are refactored https://github.com/owkin/substra-ci/blob/main/ci/deploy.py#L89 and https://github.com/owkin/substra-ci/blob/main/ci/deploy.py#L141 38 | deploy: 39 | helm: 40 | releases: 41 | - name: network-orderer 42 | chartPath: ../../charts/hlf-k8s 43 | valuesFiles: 44 | - values/orderer.yaml 45 | namespace: orderer 46 | setValueTemplates: 47 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 48 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 49 | createNamespace: true 50 | - name: network-org-1-peer-1 51 | chartPath: ../../charts/hlf-k8s 52 | valuesFiles: 53 | - values/org-1-peer-1.yaml 54 | namespace: org-1 55 | setValueTemplates: 56 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 57 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 58 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 59 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 60 | createNamespace: true 61 | - name: network-org-2-peer-1 62 | chartPath: ../../charts/hlf-k8s 63 | valuesFiles: 64 | - values/org-2-peer-1.yaml 65 | namespace: org-2 66 | setValueTemplates: 67 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 68 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 69 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 70 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 71 | createNamespace: true 72 | statusCheckDeadlineSeconds: 300 73 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any/values/orderer.yaml: -------------------------------------------------------------------------------- 1 | # Orderer values for 1 orderer 2 organizations setup 2 | 3 | organization: 4 | id: MyOrdererMSP 5 | name: MyOrderer 6 | 7 | hlf-peer: 8 | enabled: false 9 | 10 | hlf-ca: 11 | caName: rcaOrderer 12 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 13 | orderer: 14 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 15 | 16 | hlf-ord: 17 | enabled: true 18 | monitor: 19 | enabled: true 20 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 21 | ord: 22 | mspID: MyOrdererMSP 23 | 24 | appChannels: 25 | - channelName: mychannel 26 | - channelName: yourchannel 27 | 28 | systemChannel: 29 | organizations: 30 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrg.json } 31 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrg.json } 32 | 33 | enrollments: 34 | creds: 35 | - { name: admin, secret: adminpwd, options: "--id.attrs admin=true:ecert"} 36 | - { name: user, secret: pwd, options: "--id.type orderer"} 37 | csrHost: "network-orderer-hlf-ord.orderer.svc.cluster.local" 38 | 39 | toolbox: 40 | enabled: true 41 | 42 | hooks: 43 | serviceAccount: 44 | name: substra-delete-hook 45 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any/values/org-1-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg1MSP 3 | name: MyOrg1 4 | 5 | hlf-ca: 6 | caName: rcaOrg1 7 | host: network-org-1-peer-1-hlf-ca.org-1.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-1-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-1-peer-1-svc-couchdb.org-1.svc.cluster.local 19 | mspID: MyOrg1MSP 20 | gossip: 21 | externalEndpoint: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-1-peer-1-hlf-k8s-chaincode-mycc.org-1.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | - name: yourcc 39 | address: network-org-1-peer-1-hlf-k8s-chaincode-yourcc.org-1.svc.cluster.local 40 | port: 7052 41 | version: "1.0" 42 | image: 43 | repository: ghcr.io/substra/orchestrator-chaincode 44 | tag: latest 45 | pullPolicy: IfNotPresent 46 | init: 47 | image: 48 | repository: ghcr.io/substra/orchestrator-chaincode-init 49 | tag: latest 50 | 51 | appChannels: 52 | - channelName: mychannel 53 | channelPolicies: |- 54 | Readers: 55 | Type: ImplicitMeta 56 | Rule: "ANY Readers" 57 | Writers: 58 | Type: ImplicitMeta 59 | Rule: "ANY Writers" 60 | Admins: 61 | Type: ImplicitMeta 62 | Rule: "ANY Admins" 63 | appPolicies: |- 64 | LifecycleEndorsement: 65 | Type: ImplicitMeta 66 | Rule: "ANY Endorsement" 67 | Endorsement: 68 | Type: ImplicitMeta 69 | Rule: "ANY Endorsement" 70 | Readers: 71 | Type: ImplicitMeta 72 | Rule: "ANY Readers" 73 | Writers: 74 | Type: ImplicitMeta 75 | Rule: "ANY Writers" 76 | Admins: 77 | Type: ImplicitMeta 78 | Rule: "ANY Admins" 79 | 80 | chaincodes: 81 | - name: mycc 82 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 83 | version: "1.0" 84 | sequence: "1" 85 | 86 | organizations: 87 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 88 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 89 | 90 | - channelName: yourchannel 91 | channelPolicies: |- 92 | Readers: 93 | Type: ImplicitMeta 94 | Rule: "ANY Readers" 95 | Writers: 96 | Type: ImplicitMeta 97 | Rule: "ANY Writers" 98 | Admins: 99 | Type: ImplicitMeta 100 | Rule: "ANY Admins" 101 | appPolicies: |- 102 | LifecycleEndorsement: 103 | Type: ImplicitMeta 104 | Rule: "ANY Endorsement" 105 | Endorsement: 106 | Type: ImplicitMeta 107 | Rule: "ANY Endorsement" 108 | Readers: 109 | Type: ImplicitMeta 110 | Rule: "ANY Readers" 111 | Writers: 112 | Type: ImplicitMeta 113 | Rule: "ANY Writers" 114 | Admins: 115 | Type: ImplicitMeta 116 | Rule: "ANY Admins" 117 | 118 | chaincodes: 119 | - name: yourcc 120 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 121 | version: "1.0" 122 | sequence: "1" 123 | 124 | organizations: 125 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 126 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 127 | 128 | 129 | enrollments: 130 | creds: 131 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 132 | - { name: user, secret: pwd, options: "--id.type peer"} 133 | # csrHost is set for peer and chaincodes communications 134 | csrHost: "*.org-1.svc.cluster.local" 135 | 136 | 137 | toolbox: 138 | enabled: true 139 | 140 | hooks: 141 | serviceAccount: 142 | name: substra-delete-hook 143 | -------------------------------------------------------------------------------- /examples/2-orgs-policy-any/values/org-2-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg2MSP 3 | name: MyOrg2 4 | 5 | hlf-ca: 6 | caName: rcaOrg2 7 | host: network-org-2-peer-1-hlf-ca.org-2.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-2-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-2-peer-1-svc-couchdb.org-2.svc.cluster.local 19 | mspID: MyOrg2MSP 20 | gossip: 21 | externalEndpoint: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-2-peer-1-hlf-k8s-chaincode-mycc.org-2.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | - name: yourcc 39 | address: network-org-2-peer-1-hlf-k8s-chaincode-yourcc.org-2.svc.cluster.local 40 | port: 7052 41 | version: "1.0" 42 | image: 43 | repository: ghcr.io/substra/orchestrator-chaincode 44 | tag: latest 45 | pullPolicy: IfNotPresent 46 | init: 47 | image: 48 | repository: ghcr.io/substra/orchestrator-chaincode-init 49 | tag: latest 50 | 51 | appChannels: 52 | - channelName: mychannel 53 | channelPolicies: |- 54 | Readers: 55 | Type: ImplicitMeta 56 | Rule: "ANY Readers" 57 | Writers: 58 | Type: ImplicitMeta 59 | Rule: "ANY Writers" 60 | Admins: 61 | Type: ImplicitMeta 62 | Rule: "ANY Admins" 63 | appPolicies: |- 64 | LifecycleEndorsement: 65 | Type: ImplicitMeta 66 | Rule: "ANY Endorsement" 67 | Endorsement: 68 | Type: ImplicitMeta 69 | Rule: "ANY Endorsement" 70 | Readers: 71 | Type: ImplicitMeta 72 | Rule: "ANY Readers" 73 | Writers: 74 | Type: ImplicitMeta 75 | Rule: "ANY Writers" 76 | Admins: 77 | Type: ImplicitMeta 78 | Rule: "ANY Admins" 79 | 80 | chaincodes: 81 | - name: mycc 82 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 83 | version: "1.0" 84 | sequence: "1" 85 | 86 | - channelName: yourchannel 87 | channelPolicies: |- 88 | Readers: 89 | Type: ImplicitMeta 90 | Rule: "ANY Readers" 91 | Writers: 92 | Type: ImplicitMeta 93 | Rule: "ANY Writers" 94 | Admins: 95 | Type: ImplicitMeta 96 | Rule: "ANY Admins" 97 | appPolicies: |- 98 | LifecycleEndorsement: 99 | Type: ImplicitMeta 100 | Rule: "ANY Endorsement" 101 | Endorsement: 102 | Type: ImplicitMeta 103 | Rule: "ANY Endorsement" 104 | Readers: 105 | Type: ImplicitMeta 106 | Rule: "ANY Readers" 107 | Writers: 108 | Type: ImplicitMeta 109 | Rule: "ANY Writers" 110 | Admins: 111 | Type: ImplicitMeta 112 | Rule: "ANY Admins" 113 | 114 | chaincodes: 115 | - name: yourcc 116 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member')" 117 | version: "1.0" 118 | sequence: "1" 119 | 120 | enrollments: 121 | creds: 122 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 123 | - { name: user, secret: pwd, options: "--id.type peer"} 124 | # csrHost is set for peer and chaincodes communications 125 | csrHost: "*.org-2.svc.cluster.local" 126 | 127 | 128 | toolbox: 129 | enabled: true 130 | 131 | hooks: 132 | serviceAccount: 133 | name: substra-delete-hook 134 | -------------------------------------------------------------------------------- /examples/3-orgs-policy-majority/skaffold.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # ABOUT 16 | # 17 | # This is An hlf-k8s deployment with 3 organizations using the default 18 | # application channel policy ("MAJORITY") 19 | # 20 | --- 21 | apiVersion: skaffold/v4beta2 22 | kind: Config 23 | requires: 24 | - path: ../serviceAccounts/skaffold.yaml 25 | configs: 26 | - org-1+2 27 | - org-3 28 | - orderer 29 | build: 30 | artifacts: 31 | - image: substra/fabric-tools 32 | context: ../../ 33 | docker: 34 | dockerfile: docker/fabric-tools/Dockerfile 35 | - image: substra/fabric-peer 36 | context: ../../ 37 | docker: 38 | dockerfile: docker/fabric-peer/Dockerfile 39 | 40 | helm: 41 | releases: 42 | - name: network-orderer 43 | chartPath: ../../charts/hlf-k8s 44 | valuesFiles: 45 | - values/orderer.yaml 46 | namespace: orderer 47 | setValueTemplates: 48 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 49 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 50 | createNamespace: true 51 | - name: network-org-1-peer-1 52 | chartPath: ../../charts/hlf-k8s 53 | valuesFiles: 54 | - values/org-1-peer-1.yaml 55 | namespace: org-1 56 | setValueTemplates: 57 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 58 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 59 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 60 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 61 | createNamespace: true 62 | - name: network-org-2-peer-1 63 | chartPath: ../../charts/hlf-k8s 64 | valuesFiles: 65 | - values/org-2-peer-1.yaml 66 | namespace: org-2 67 | setValueTemplates: 68 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 69 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 70 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 71 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 72 | createNamespace: true 73 | - name: network-org-3-peer-1 74 | chartPath: ../../charts/hlf-k8s 75 | valuesFiles: 76 | - values/org-3-peer-1.yaml 77 | namespace: org-3 78 | setValueTemplates: 79 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 80 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 81 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 82 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 83 | createNamespace: true 84 | deploy: 85 | helm: {} 86 | kubectl: {} 87 | statusCheckDeadlineSeconds: 300 88 | -------------------------------------------------------------------------------- /examples/3-orgs-policy-majority/values/orderer.yaml: -------------------------------------------------------------------------------- 1 | # Orderer values for 1 orderer 2 organizations setup 2 | 3 | organization: 4 | id: MyOrdererMSP 5 | name: MyOrderer 6 | 7 | hlf-peer: 8 | enabled: false 9 | 10 | hlf-ca: 11 | caName: rcaOrderer 12 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 13 | orderer: 14 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 15 | 16 | hlf-ord: 17 | enabled: true 18 | monitor: 19 | enabled: true 20 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 21 | ord: 22 | mspID: MyOrdererMSP 23 | 24 | appChannels: 25 | - channelName: mychannel 26 | 27 | systemChannel: 28 | organizations: 29 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrg.json } 30 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrg.json } 31 | - { org: MyOrg3, mspid: MyOrg3MSP, configUrl: network-org-3-peer-1-hlf-k8s-config-operator.org-3.svc.cluster.local/config/configOrg.json } 32 | 33 | enrollments: 34 | creds: 35 | - { name: admin, secret: adminpwd, options: "--id.attrs admin=true:ecert"} 36 | - { name: user, secret: pwd, options: "--id.type orderer"} 37 | csrHost: "network-orderer-hlf-ord.orderer.svc.cluster.local" 38 | 39 | toolbox: 40 | enabled: true 41 | 42 | hooks: 43 | serviceAccount: 44 | name: substra-delete-hook 45 | -------------------------------------------------------------------------------- /examples/3-orgs-policy-majority/values/org-1-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg1MSP 3 | name: MyOrg1 4 | 5 | hlf-ca: 6 | caName: rcaOrg1 7 | host: network-org-1-peer-1-hlf-ca.org-1.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-1-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-1-peer-1-svc-couchdb.org-1.svc.cluster.local 19 | mspID: MyOrg1MSP 20 | gossip: 21 | externalEndpoint: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-1-peer-1-hlf-k8s-chaincode-mycc.org-1.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | 39 | appChannels: 40 | - channelName: mychannel 41 | channelPolicies: |- 42 | Readers: 43 | Type: ImplicitMeta 44 | Rule: "ANY Readers" 45 | Writers: 46 | Type: ImplicitMeta 47 | Rule: "ANY Writers" 48 | Admins: 49 | Type: ImplicitMeta 50 | Rule: "MAJORITY Admins" 51 | appPolicies: |- 52 | LifecycleEndorsement: 53 | Type: ImplicitMeta 54 | Rule: "MAJORITY Endorsement" 55 | Endorsement: 56 | Type: ImplicitMeta 57 | Rule: "MAJORITY Endorsement" 58 | Readers: 59 | Type: ImplicitMeta 60 | Rule: "ANY Readers" 61 | Writers: 62 | Type: ImplicitMeta 63 | Rule: "ANY Writers" 64 | Admins: 65 | Type: ImplicitMeta 66 | Rule: "MAJORITY Admins" 67 | 68 | chaincodes: 69 | - name: mycc 70 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member')" 71 | version: "1.0" 72 | sequence: "1" 73 | 74 | organizations: 75 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 76 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 77 | - { org: MyOrg3, mspid: MyOrg3MSP, configUrl: network-org-3-peer-1-hlf-k8s-config-operator.org-3.svc.cluster.local/config/configOrgWithAnchors.json } 78 | 79 | proposalOrganizations: 80 | - { org: MyOrg1, mspid: MyOrg1MSP, proposalServerUrl: network-org-1-peer-1-hlf-k8s-appchannel-operator-mychannel.org-1.svc.cluster.local/proposal/ } 81 | - { org: MyOrg2, mspid: MyOrg2MSP, proposalServerUrl: network-org-2-peer-1-hlf-k8s-appchannel-operator-mychannel.org-2.svc.cluster.local/proposal/ } 82 | - { org: MyOrg3, mspid: MyOrg3MSP, proposalServerUrl: network-org-3-peer-1-hlf-k8s-appchannel-operator-mychannel.org-3.svc.cluster.local/proposal/ } 83 | 84 | enrollments: 85 | creds: 86 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 87 | - { name: user, secret: pwd, options: "--id.type peer"} 88 | csrHost: "*.org-1.svc.cluster.local" 89 | 90 | 91 | toolbox: 92 | enabled: true 93 | 94 | hooks: 95 | serviceAccount: 96 | name: substra-delete-hook 97 | -------------------------------------------------------------------------------- /examples/3-orgs-policy-majority/values/org-2-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg2MSP 3 | name: MyOrg2 4 | 5 | hlf-ca: 6 | caName: rcaOrg2 7 | host: network-org-2-peer-1-hlf-ca.org-2.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-2-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-2-peer-1-svc-couchdb.org-2.svc.cluster.local 19 | mspID: MyOrg2MSP 20 | gossip: 21 | externalEndpoint: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-2-peer-1-hlf-k8s-chaincode-mycc.org-2.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | appChannels: 39 | - channelName: mychannel 40 | channelPolicies: |- 41 | Readers: 42 | Type: ImplicitMeta 43 | Rule: "ANY Readers" 44 | Writers: 45 | Type: ImplicitMeta 46 | Rule: "ANY Writers" 47 | Admins: 48 | Type: ImplicitMeta 49 | Rule: "MAJORITY Admins" 50 | appPolicies: |- 51 | LifecycleEndorsement: 52 | Type: ImplicitMeta 53 | Rule: "MAJORITY Endorsement" 54 | Endorsement: 55 | Type: ImplicitMeta 56 | Rule: "MAJORITY Endorsement" 57 | Readers: 58 | Type: ImplicitMeta 59 | Rule: "ANY Readers" 60 | Writers: 61 | Type: ImplicitMeta 62 | Rule: "ANY Writers" 63 | Admins: 64 | Type: ImplicitMeta 65 | Rule: "MAJORITY Admins" 66 | 67 | chaincodes: 68 | - name: mycc 69 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member')" 70 | version: "1.0" 71 | sequence: "1" 72 | 73 | organizations: 74 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 75 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 76 | - { org: MyOrg3, mspid: MyOrg3MSP, configUrl: network-org-3-peer-1-hlf-k8s-config-operator.org-3.svc.cluster.local/config/configOrgWithAnchors.json } 77 | 78 | proposalOrganizations: 79 | - { org: MyOrg1, mspid: MyOrg1MSP, proposalServerUrl: network-org-1-peer-1-hlf-k8s-appchannel-operator-mychannel.org-1.svc.cluster.local/proposal/ } 80 | - { org: MyOrg2, mspid: MyOrg2MSP, proposalServerUrl: network-org-2-peer-1-hlf-k8s-appchannel-operator-mychannel.org-2.svc.cluster.local/proposal/ } 81 | - { org: MyOrg3, mspid: MyOrg3MSP, proposalServerUrl: network-org-3-peer-1-hlf-k8s-appchannel-operator-mychannel.org-3.svc.cluster.local/proposal/ } 82 | 83 | 84 | enrollments: 85 | creds: 86 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 87 | - { name: user, secret: pwd, options: "--id.type peer"} 88 | csrHost: "*.org-2.svc.cluster.local" 89 | 90 | 91 | toolbox: 92 | enabled: true 93 | 94 | hooks: 95 | serviceAccount: 96 | name: substra-delete-hook 97 | -------------------------------------------------------------------------------- /examples/3-orgs-policy-majority/values/org-3-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg3MSP 3 | name: MyOrg3 4 | 5 | hlf-ca: 6 | caName: rcaOrg3 7 | host: network-org-3-peer-1-hlf-ca.org-3.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-3-peer-1-hlf-peer.org-3.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-3-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-3-peer-1-svc-couchdb.org-3.svc.cluster.local 19 | mspID: MyOrg3MSP 20 | gossip: 21 | externalEndpoint: network-org-3-peer-1-hlf-peer.org-3.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-3-peer-1-hlf-k8s-chaincode-mycc.org-3.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | 39 | appChannels: 40 | - channelName: mychannel 41 | channelPolicies: |- 42 | Readers: 43 | Type: ImplicitMeta 44 | Rule: "ANY Readers" 45 | Writers: 46 | Type: ImplicitMeta 47 | Rule: "ANY Writers" 48 | Admins: 49 | Type: ImplicitMeta 50 | Rule: "MAJORITY Admins" 51 | appPolicies: |- 52 | LifecycleEndorsement: 53 | Type: ImplicitMeta 54 | Rule: "MAJORITY Endorsement" 55 | Endorsement: 56 | Type: ImplicitMeta 57 | Rule: "MAJORITY Endorsement" 58 | Readers: 59 | Type: ImplicitMeta 60 | Rule: "ANY Readers" 61 | Writers: 62 | Type: ImplicitMeta 63 | Rule: "ANY Writers" 64 | Admins: 65 | Type: ImplicitMeta 66 | Rule: "MAJORITY Admins" 67 | 68 | chaincodes: 69 | - name: mycc 70 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member')" 71 | version: "1.0" 72 | sequence: "1" 73 | 74 | organizations: 75 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 76 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 77 | - { org: MyOrg3, mspid: MyOrg3MSP, configUrl: network-org-3-peer-1-hlf-k8s-config-operator.org-3.svc.cluster.local/config/configOrgWithAnchors.json } 78 | 79 | proposalOrganizations: 80 | - { org: MyOrg1, mspid: MyOrg1MSP, proposalServerUrl: network-org-1-peer-1-hlf-k8s-appchannel-operator-mychannel.org-1.svc.cluster.local/proposal/ } 81 | - { org: MyOrg2, mspid: MyOrg2MSP, proposalServerUrl: network-org-2-peer-1-hlf-k8s-appchannel-operator-mychannel.org-2.svc.cluster.local/proposal/ } 82 | - { org: MyOrg3, mspid: MyOrg3MSP, proposalServerUrl: network-org-3-peer-1-hlf-k8s-appchannel-operator-mychannel.org-3.svc.cluster.local/proposal/ } 83 | 84 | enrollments: 85 | creds: 86 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 87 | - { name: user, secret: pwd, options: "--id.type peer"} 88 | csrHost: "*.org-3.svc.cluster.local" 89 | 90 | 91 | toolbox: 92 | enabled: true 93 | 94 | hooks: 95 | serviceAccount: 96 | name: substra-delete-hook 97 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-any/skaffold.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # ABOUT 16 | # 17 | # This is An hlf-k8s deployment with 4 organizations using the "ANY" 18 | # application channel policy. A chosen node (here MyOrg1) is responsible 19 | # for adding all the other nodes to the application channel. 20 | --- 21 | apiVersion: skaffold/v4beta2 22 | kind: Config 23 | requires: 24 | - configs: 25 | - org-1+2 26 | - org-3 27 | - org-4 28 | - orderer 29 | path: ../serviceAccounts/skaffold.yaml 30 | build: 31 | artifacts: 32 | - image: substra/fabric-tools 33 | context: ../../ 34 | docker: 35 | dockerfile: docker/fabric-tools/Dockerfile 36 | - image: substra/fabric-peer 37 | context: ../../ 38 | docker: 39 | dockerfile: docker/fabric-peer/Dockerfile 40 | manifests: 41 | helm: 42 | releases: 43 | - name: network-orderer 44 | chartPath: ../../charts/hlf-k8s 45 | valuesFiles: 46 | - values/orderer.yaml 47 | namespace: orderer 48 | setValueTemplates: 49 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 50 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 51 | createNamespace: true 52 | - name: network-org-1-peer-1 53 | chartPath: ../../charts/hlf-k8s 54 | valuesFiles: 55 | - values/org-1-peer-1.yaml 56 | namespace: org-1 57 | setValueTemplates: 58 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 59 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 60 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 61 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 62 | createNamespace: true 63 | - name: network-org-2-peer-1 64 | chartPath: ../../charts/hlf-k8s 65 | valuesFiles: 66 | - values/org-2-peer-1.yaml 67 | namespace: org-2 68 | setValueTemplates: 69 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 70 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 71 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 72 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 73 | createNamespace: true 74 | - name: network-org-3-peer-1 75 | chartPath: ../../charts/hlf-k8s 76 | valuesFiles: 77 | - values/org-3-peer-1.yaml 78 | namespace: org-3 79 | setValueTemplates: 80 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 81 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 82 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 83 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 84 | createNamespace: true 85 | - name: network-org-4-peer-1 86 | chartPath: ../../charts/hlf-k8s 87 | valuesFiles: 88 | - values/org-4-peer-1.yaml 89 | namespace: org-4 90 | setValueTemplates: 91 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 92 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 93 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 94 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 95 | createNamespace: true 96 | deploy: 97 | helm: {} 98 | statusCheckDeadlineSeconds: 300 99 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-any/values/orderer.yaml: -------------------------------------------------------------------------------- 1 | # Orderer values for 1 orderer 2 organizations setup 2 | 3 | organization: 4 | id: MyOrdererMSP 5 | name: MyOrderer 6 | 7 | hlf-peer: 8 | enabled: false 9 | 10 | hlf-ca: 11 | caName: rcaOrderer 12 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 13 | orderer: 14 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 15 | 16 | hlf-ord: 17 | enabled: true 18 | monitor: 19 | enabled: true 20 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 21 | ord: 22 | mspID: MyOrdererMSP 23 | 24 | appChannels: 25 | - channelName: mychannel 26 | 27 | systemChannel: 28 | organizations: 29 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrg.json } 30 | 31 | enrollments: 32 | creds: 33 | - { name: admin, secret: adminpwd, options: "--id.attrs admin=true:ecert"} 34 | - { name: user, secret: pwd, options: "--id.type orderer"} 35 | csrHost: "network-orderer-hlf-ord.orderer.svc.cluster.local" 36 | 37 | toolbox: 38 | enabled: true 39 | 40 | hooks: 41 | serviceAccount: 42 | name: substra-delete-hook 43 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-any/values/org-1-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg1MSP 3 | name: MyOrg1 4 | 5 | hlf-ca: 6 | caName: rcaOrg1 7 | host: network-org-1-peer-1-hlf-ca.org-1.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-1-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-1-peer-1-svc-couchdb.org-1.svc.cluster.local 19 | mspID: MyOrg1MSP 20 | gossip: 21 | externalEndpoint: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-1-peer-1-hlf-k8s-chaincode-mycc.org-1.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | 39 | appChannels: 40 | - channelName: mychannel 41 | channelPolicies: |- 42 | Readers: 43 | Type: ImplicitMeta 44 | Rule: "ANY Readers" 45 | Writers: 46 | Type: ImplicitMeta 47 | Rule: "ANY Writers" 48 | Admins: 49 | Type: ImplicitMeta 50 | Rule: "ANY Admins" 51 | appPolicies: |- 52 | LifecycleEndorsement: 53 | Type: ImplicitMeta 54 | Rule: "ANY Endorsement" 55 | Endorsement: 56 | Type: ImplicitMeta 57 | Rule: "ANY Endorsement" 58 | Readers: 59 | Type: ImplicitMeta 60 | Rule: "ANY Readers" 61 | Writers: 62 | Type: ImplicitMeta 63 | Rule: "ANY Writers" 64 | Admins: 65 | Type: ImplicitMeta 66 | Rule: "ANY Admins" 67 | 68 | chaincodes: 69 | - name: mycc 70 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member','MyOrg4MSP.member')" 71 | version: "1.0" 72 | sequence: "1" 73 | 74 | organizations: 75 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 76 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 77 | - { org: MyOrg3, mspid: MyOrg3MSP, configUrl: network-org-3-peer-1-hlf-k8s-config-operator.org-3.svc.cluster.local/config/configOrgWithAnchors.json } 78 | - { org: MyOrg4, mspid: MyOrg4MSP, configUrl: network-org-4-peer-1-hlf-k8s-config-operator.org-4.svc.cluster.local/config/configOrgWithAnchors.json } 79 | 80 | enrollments: 81 | creds: 82 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 83 | - { name: user, secret: pwd, options: "--id.type peer"} 84 | csrHost: "*.org-1.svc.cluster.local" 85 | 86 | 87 | toolbox: 88 | enabled: true 89 | 90 | hooks: 91 | serviceAccount: 92 | name: substra-delete-hook 93 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-any/values/org-2-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg2MSP 3 | name: MyOrg2 4 | 5 | hlf-ca: 6 | caName: rcaOrg2 7 | host: network-org-2-peer-1-hlf-ca.org-2.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-2-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-2-peer-1-svc-couchdb.org-2.svc.cluster.local 19 | mspID: MyOrg2MSP 20 | gossip: 21 | externalEndpoint: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-2-peer-1-hlf-k8s-chaincode-mycc.org-2.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | 39 | appChannels: 40 | - channelName: mychannel 41 | channelPolicies: |- 42 | Readers: 43 | Type: ImplicitMeta 44 | Rule: "ANY Readers" 45 | Writers: 46 | Type: ImplicitMeta 47 | Rule: "ANY Writers" 48 | Admins: 49 | Type: ImplicitMeta 50 | Rule: "ANY Admins" 51 | appPolicies: |- 52 | LifecycleEndorsement: 53 | Type: ImplicitMeta 54 | Rule: "ANY Endorsement" 55 | Endorsement: 56 | Type: ImplicitMeta 57 | Rule: "ANY Endorsement" 58 | Readers: 59 | Type: ImplicitMeta 60 | Rule: "ANY Readers" 61 | Writers: 62 | Type: ImplicitMeta 63 | Rule: "ANY Writers" 64 | Admins: 65 | Type: ImplicitMeta 66 | Rule: "ANY Admins" 67 | 68 | chaincodes: 69 | - name: mycc 70 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member','MyOrg4MSP.member')" 71 | version: "1.0" 72 | sequence: "1" 73 | 74 | enrollments: 75 | creds: 76 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 77 | - { name: user, secret: pwd, options: "--id.type peer"} 78 | csrHost: "*.org-2.svc.cluster.local" 79 | 80 | 81 | toolbox: 82 | enabled: true 83 | 84 | hooks: 85 | serviceAccount: 86 | name: substra-delete-hook 87 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-any/values/org-3-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg3MSP 3 | name: MyOrg3 4 | 5 | hlf-ca: 6 | caName: rcaOrg3 7 | host: network-org-3-peer-1-hlf-ca.org-3.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-3-peer-1-hlf-peer.org-3.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-3-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-3-peer-1-svc-couchdb.org-3.svc.cluster.local 19 | mspID: MyOrg3MSP 20 | gossip: 21 | externalEndpoint: network-org-3-peer-1-hlf-peer.org-3.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-3-peer-1-hlf-k8s-chaincode-mycc.org-3.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | 39 | appChannels: 40 | - channelName: mychannel 41 | channelPolicies: |- 42 | Readers: 43 | Type: ImplicitMeta 44 | Rule: "ANY Readers" 45 | Writers: 46 | Type: ImplicitMeta 47 | Rule: "ANY Writers" 48 | Admins: 49 | Type: ImplicitMeta 50 | Rule: "ANY Admins" 51 | appPolicies: |- 52 | LifecycleEndorsement: 53 | Type: ImplicitMeta 54 | Rule: "ANY Endorsement" 55 | Endorsement: 56 | Type: ImplicitMeta 57 | Rule: "ANY Endorsement" 58 | Readers: 59 | Type: ImplicitMeta 60 | Rule: "ANY Readers" 61 | Writers: 62 | Type: ImplicitMeta 63 | Rule: "ANY Writers" 64 | Admins: 65 | Type: ImplicitMeta 66 | Rule: "ANY Admins" 67 | 68 | chaincodes: 69 | - name: mycc 70 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member','MyOrg4MSP.member')" 71 | version: "1.0" 72 | sequence: "1" 73 | 74 | enrollments: 75 | creds: 76 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 77 | - { name: user, secret: pwd, options: "--id.type peer"} 78 | csrHost: "*.org-3.svc.cluster.local" 79 | 80 | 81 | toolbox: 82 | enabled: true 83 | 84 | hooks: 85 | serviceAccount: 86 | name: substra-delete-hook 87 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-any/values/org-4-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg4MSP 3 | name: MyOrg4 4 | 5 | hlf-ca: 6 | caName: rcaOrg4 7 | host: network-org-4-peer-1-hlf-ca.org-4.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-4-peer-1-hlf-peer.org-4.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-4-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-4-peer-1-svc-couchdb.org-4.svc.cluster.local 19 | mspID: MyOrg4MSP 20 | gossip: 21 | externalEndpoint: network-org-4-peer-1-hlf-peer.org-4.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-4-peer-1-hlf-k8s-chaincode-mycc.org-4.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | 39 | appChannels: 40 | - channelName: mychannel 41 | channelPolicies: |- 42 | Readers: 43 | Type: ImplicitMeta 44 | Rule: "ANY Readers" 45 | Writers: 46 | Type: ImplicitMeta 47 | Rule: "ANY Writers" 48 | Admins: 49 | Type: ImplicitMeta 50 | Rule: "ANY Admins" 51 | appPolicies: |- 52 | LifecycleEndorsement: 53 | Type: ImplicitMeta 54 | Rule: "ANY Endorsement" 55 | Endorsement: 56 | Type: ImplicitMeta 57 | Rule: "ANY Endorsement" 58 | Readers: 59 | Type: ImplicitMeta 60 | Rule: "ANY Readers" 61 | Writers: 62 | Type: ImplicitMeta 63 | Rule: "ANY Writers" 64 | Admins: 65 | Type: ImplicitMeta 66 | Rule: "ANY Admins" 67 | 68 | chaincodes: 69 | - name: mycc 70 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member','MyOrg4MSP.member')" 71 | version: "1.0" 72 | sequence: "1" 73 | 74 | enrollments: 75 | creds: 76 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 77 | - { name: user, secret: pwd, options: "--id.type peer"} 78 | csrHost: "*.org-4.svc.cluster.local" 79 | 80 | 81 | toolbox: 82 | enabled: true 83 | 84 | hooks: 85 | serviceAccount: 86 | name: substra-delete-hook 87 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-majority/skaffold.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Owkin, inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # ABOUT 16 | # 17 | # This is An hlf-k8s deployment with 4 organizations using the default 18 | # application channel policy ("MAJORITY") 19 | # 20 | --- 21 | apiVersion: skaffold/v4beta2 22 | kind: Config 23 | requires: 24 | - path: ../serviceAccounts/skaffold.yaml 25 | configs: 26 | - org-1+2 27 | - org-3 28 | - org-4 29 | - orderer 30 | build: 31 | artifacts: 32 | - image: substra/fabric-tools 33 | context: ../../ 34 | docker: 35 | dockerfile: docker/fabric-tools/Dockerfile 36 | - image: substra/fabric-peer 37 | context: ../../ 38 | docker: 39 | dockerfile: docker/fabric-peer/Dockerfile 40 | manifests: 41 | helm: 42 | releases: 43 | - name: network-orderer 44 | chartPath: ../../charts/hlf-k8s 45 | valuesFiles: 46 | - values/orderer.yaml 47 | namespace: orderer 48 | setValueTemplates: 49 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 50 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 51 | createNamespace: true 52 | - name: network-org-1-peer-1 53 | chartPath: ../../charts/hlf-k8s 54 | valuesFiles: 55 | - values/org-1-peer-1.yaml 56 | namespace: org-1 57 | setValueTemplates: 58 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 59 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 60 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 61 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 62 | createNamespace: true 63 | - name: network-org-2-peer-1 64 | chartPath: ../../charts/hlf-k8s 65 | valuesFiles: 66 | - values/org-2-peer-1.yaml 67 | namespace: org-2 68 | setValueTemplates: 69 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 70 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 71 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 72 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 73 | createNamespace: true 74 | - name: network-org-3-peer-1 75 | chartPath: ../../charts/hlf-k8s 76 | valuesFiles: 77 | - values/org-3-peer-1.yaml 78 | namespace: org-3 79 | setValueTemplates: 80 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 81 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 82 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 83 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 84 | createNamespace: true 85 | - name: network-org-4-peer-1 86 | chartPath: ../../charts/hlf-k8s 87 | valuesFiles: 88 | - values/org-4-peer-1.yaml 89 | namespace: org-4 90 | setValueTemplates: 91 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 92 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 93 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 94 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 95 | createNamespace: true 96 | deploy: 97 | helm: {} 98 | kubectl: {} 99 | statusCheckDeadlineSeconds: 300 100 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-majority/values/orderer.yaml: -------------------------------------------------------------------------------- 1 | # Orderer values for 1 orderer 2 organizations setup 2 | 3 | organization: 4 | id: MyOrdererMSP 5 | name: MyOrderer 6 | 7 | hlf-peer: 8 | enabled: false 9 | 10 | hlf-ca: 11 | caName: rcaOrderer 12 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 13 | orderer: 14 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 15 | 16 | hlf-ord: 17 | enabled: true 18 | monitor: 19 | enabled: true 20 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 21 | ord: 22 | mspID: MyOrdererMSP 23 | 24 | appChannels: 25 | - channelName: mychannel 26 | 27 | systemChannel: 28 | organizations: 29 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrg.json } 30 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrg.json } 31 | - { org: MyOrg3, mspid: MyOrg3MSP, configUrl: network-org-3-peer-1-hlf-k8s-config-operator.org-3.svc.cluster.local/config/configOrg.json } 32 | - { org: MyOrg4, mspid: MyOrg4MSP, configUrl: network-org-4-peer-1-hlf-k8s-config-operator.org-4.svc.cluster.local/config/configOrg.json } 33 | 34 | enrollments: 35 | creds: 36 | - { name: admin, secret: adminpwd, options: "--id.attrs admin=true:ecert"} 37 | - { name: user, secret: pwd, options: "--id.type orderer"} 38 | csrHost: "network-orderer-hlf-ord.orderer.svc.cluster.local" 39 | 40 | toolbox: 41 | enabled: true 42 | 43 | hooks: 44 | serviceAccount: 45 | name: substra-delete-hook 46 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-majority/values/org-1-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg1MSP 3 | name: MyOrg1 4 | 5 | hlf-ca: 6 | caName: rcaOrg1 7 | host: network-org-1-peer-1-hlf-ca.org-1.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-1-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-1-peer-1-svc-couchdb.org-1.svc.cluster.local 19 | mspID: MyOrg1MSP 20 | gossip: 21 | externalEndpoint: network-org-1-peer-1-hlf-peer.org-1.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-1-peer-1-hlf-k8s-chaincode-mycc.org-1.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | 39 | appChannels: 40 | - channelName: mychannel 41 | channelPolicies: |- 42 | Readers: 43 | Type: ImplicitMeta 44 | Rule: "ANY Readers" 45 | Writers: 46 | Type: ImplicitMeta 47 | Rule: "ANY Writers" 48 | Admins: 49 | Type: ImplicitMeta 50 | Rule: "MAJORITY Admins" 51 | appPolicies: |- 52 | LifecycleEndorsement: 53 | Type: ImplicitMeta 54 | Rule: "MAJORITY Endorsement" 55 | Endorsement: 56 | Type: ImplicitMeta 57 | Rule: "MAJORITY Endorsement" 58 | Readers: 59 | Type: ImplicitMeta 60 | Rule: "ANY Readers" 61 | Writers: 62 | Type: ImplicitMeta 63 | Rule: "ANY Writers" 64 | Admins: 65 | Type: ImplicitMeta 66 | Rule: "MAJORITY Admins" 67 | 68 | chaincodes: 69 | - name: mycc 70 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member','MyOrg4MSP.member')" 71 | version: "1.0" 72 | sequence: "1" 73 | 74 | organizations: 75 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 76 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 77 | - { org: MyOrg3, mspid: MyOrg3MSP, configUrl: network-org-3-peer-1-hlf-k8s-config-operator.org-3.svc.cluster.local/config/configOrgWithAnchors.json } 78 | - { org: MyOrg4, mspid: MyOrg4MSP, configUrl: network-org-4-peer-1-hlf-k8s-config-operator.org-4.svc.cluster.local/config/configOrgWithAnchors.json } 79 | 80 | proposalOrganizations: 81 | - { org: MyOrg1, mspid: MyOrg1MSP, proposalServerUrl: network-org-1-peer-1-hlf-k8s-appchannel-operator-mychannel.org-1.svc.cluster.local/proposal/ } 82 | - { org: MyOrg2, mspid: MyOrg2MSP, proposalServerUrl: network-org-2-peer-1-hlf-k8s-appchannel-operator-mychannel.org-2.svc.cluster.local/proposal/ } 83 | - { org: MyOrg3, mspid: MyOrg3MSP, proposalServerUrl: network-org-3-peer-1-hlf-k8s-appchannel-operator-mychannel.org-3.svc.cluster.local/proposal/ } 84 | - { org: MyOrg4, mspid: MyOrg4MSP, proposalServerUrl: network-org-4-peer-1-hlf-k8s-appchannel-operator-mychannel.org-4.svc.cluster.local/proposal/ } 85 | 86 | enrollments: 87 | creds: 88 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 89 | - { name: user, secret: pwd, options: "--id.type peer"} 90 | csrHost: "*.org-1.svc.cluster.local" 91 | 92 | 93 | toolbox: 94 | enabled: true 95 | 96 | hooks: 97 | serviceAccount: 98 | name: substra-delete-hook 99 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-majority/values/org-2-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg2MSP 3 | name: MyOrg2 4 | 5 | hlf-ca: 6 | caName: rcaOrg2 7 | host: network-org-2-peer-1-hlf-ca.org-2.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-2-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-2-peer-1-svc-couchdb.org-2.svc.cluster.local 19 | mspID: MyOrg2MSP 20 | gossip: 21 | externalEndpoint: network-org-2-peer-1-hlf-peer.org-2.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-2-peer-1-hlf-k8s-chaincode-mycc.org-2.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | 39 | appChannels: 40 | - channelName: mychannel 41 | channelPolicies: |- 42 | Readers: 43 | Type: ImplicitMeta 44 | Rule: "ANY Readers" 45 | Writers: 46 | Type: ImplicitMeta 47 | Rule: "ANY Writers" 48 | Admins: 49 | Type: ImplicitMeta 50 | Rule: "MAJORITY Admins" 51 | appPolicies: |- 52 | LifecycleEndorsement: 53 | Type: ImplicitMeta 54 | Rule: "MAJORITY Endorsement" 55 | Endorsement: 56 | Type: ImplicitMeta 57 | Rule: "MAJORITY Endorsement" 58 | Readers: 59 | Type: ImplicitMeta 60 | Rule: "ANY Readers" 61 | Writers: 62 | Type: ImplicitMeta 63 | Rule: "ANY Writers" 64 | Admins: 65 | Type: ImplicitMeta 66 | Rule: "MAJORITY Admins" 67 | 68 | chaincodes: 69 | - name: mycc 70 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member','MyOrg4MSP.member')" 71 | version: "1.0" 72 | sequence: "1" 73 | 74 | organizations: 75 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 76 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 77 | - { org: MyOrg3, mspid: MyOrg3MSP, configUrl: network-org-3-peer-1-hlf-k8s-config-operator.org-3.svc.cluster.local/config/configOrgWithAnchors.json } 78 | - { org: MyOrg4, mspid: MyOrg4MSP, configUrl: network-org-4-peer-1-hlf-k8s-config-operator.org-4.svc.cluster.local/config/configOrgWithAnchors.json } 79 | 80 | proposalOrganizations: 81 | - { org: MyOrg1, mspid: MyOrg1MSP, proposalServerUrl: network-org-1-peer-1-hlf-k8s-appchannel-operator-mychannel.org-1.svc.cluster.local/proposal/ } 82 | - { org: MyOrg2, mspid: MyOrg2MSP, proposalServerUrl: network-org-2-peer-1-hlf-k8s-appchannel-operator-mychannel.org-2.svc.cluster.local/proposal/ } 83 | - { org: MyOrg3, mspid: MyOrg3MSP, proposalServerUrl: network-org-3-peer-1-hlf-k8s-appchannel-operator-mychannel.org-3.svc.cluster.local/proposal/ } 84 | - { org: MyOrg4, mspid: MyOrg4MSP, proposalServerUrl: network-org-4-peer-1-hlf-k8s-appchannel-operator-mychannel.org-4.svc.cluster.local/proposal/ } 85 | 86 | 87 | enrollments: 88 | creds: 89 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 90 | - { name: user, secret: pwd, options: "--id.type peer"} 91 | csrHost: "*.org-2.svc.cluster.local" 92 | 93 | 94 | toolbox: 95 | enabled: true 96 | 97 | hooks: 98 | serviceAccount: 99 | name: substra-delete-hook 100 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-majority/values/org-3-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg3MSP 3 | name: MyOrg3 4 | 5 | hlf-ca: 6 | caName: rcaOrg3 7 | host: network-org-3-peer-1-hlf-ca.org-3.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-3-peer-1-hlf-peer.org-3.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-3-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-3-peer-1-svc-couchdb.org-3.svc.cluster.local 19 | mspID: MyOrg3MSP 20 | gossip: 21 | externalEndpoint: network-org-3-peer-1-hlf-peer.org-3.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-3-peer-1-hlf-k8s-chaincode-mycc.org-3.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | 39 | appChannels: 40 | - channelName: mychannel 41 | channelPolicies: |- 42 | Readers: 43 | Type: ImplicitMeta 44 | Rule: "ANY Readers" 45 | Writers: 46 | Type: ImplicitMeta 47 | Rule: "ANY Writers" 48 | Admins: 49 | Type: ImplicitMeta 50 | Rule: "MAJORITY Admins" 51 | appPolicies: |- 52 | LifecycleEndorsement: 53 | Type: ImplicitMeta 54 | Rule: "MAJORITY Endorsement" 55 | Endorsement: 56 | Type: ImplicitMeta 57 | Rule: "MAJORITY Endorsement" 58 | Readers: 59 | Type: ImplicitMeta 60 | Rule: "ANY Readers" 61 | Writers: 62 | Type: ImplicitMeta 63 | Rule: "ANY Writers" 64 | Admins: 65 | Type: ImplicitMeta 66 | Rule: "MAJORITY Admins" 67 | 68 | chaincodes: 69 | - name: mycc 70 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member','MyOrg4MSP.member')" 71 | version: "1.0" 72 | sequence: "1" 73 | 74 | organizations: 75 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 76 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 77 | - { org: MyOrg3, mspid: MyOrg3MSP, configUrl: network-org-3-peer-1-hlf-k8s-config-operator.org-3.svc.cluster.local/config/configOrgWithAnchors.json } 78 | - { org: MyOrg4, mspid: MyOrg4MSP, configUrl: network-org-4-peer-1-hlf-k8s-config-operator.org-4.svc.cluster.local/config/configOrgWithAnchors.json } 79 | 80 | proposalOrganizations: 81 | - { org: MyOrg1, mspid: MyOrg1MSP, proposalServerUrl: network-org-1-peer-1-hlf-k8s-appchannel-operator-mychannel.org-1.svc.cluster.local/proposal/ } 82 | - { org: MyOrg2, mspid: MyOrg2MSP, proposalServerUrl: network-org-2-peer-1-hlf-k8s-appchannel-operator-mychannel.org-2.svc.cluster.local/proposal/ } 83 | - { org: MyOrg3, mspid: MyOrg3MSP, proposalServerUrl: network-org-3-peer-1-hlf-k8s-appchannel-operator-mychannel.org-3.svc.cluster.local/proposal/ } 84 | - { org: MyOrg4, mspid: MyOrg4MSP, proposalServerUrl: network-org-4-peer-1-hlf-k8s-appchannel-operator-mychannel.org-4.svc.cluster.local/proposal/ } 85 | 86 | enrollments: 87 | creds: 88 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 89 | - { name: user, secret: pwd, options: "--id.type peer"} 90 | csrHost: "*.org-3.svc.cluster.local" 91 | 92 | 93 | toolbox: 94 | enabled: true 95 | 96 | hooks: 97 | serviceAccount: 98 | name: substra-delete-hook 99 | -------------------------------------------------------------------------------- /examples/4-orgs-policy-majority/values/org-4-peer-1.yaml: -------------------------------------------------------------------------------- 1 | organization: 2 | id: MyOrg4MSP 3 | name: MyOrg4 4 | 5 | hlf-ca: 6 | caName: rcaOrg4 7 | host: network-org-4-peer-1-hlf-ca.org-4.svc.cluster.local 8 | orderer: 9 | host: network-orderer-hlf-ca.orderer.svc.cluster.local 10 | 11 | hlf-ord: 12 | host: network-orderer-hlf-ord.orderer.svc.cluster.local 13 | 14 | hlf-peer: 15 | host: network-org-4-peer-1-hlf-peer.org-4.svc.cluster.local 16 | peer: 17 | couchdbSecret: network-org-4-peer-1-hlf-k8s-couchdb-credentials 18 | couchdbService: network-org-4-peer-1-svc-couchdb.org-4.svc.cluster.local 19 | mspID: MyOrg4MSP 20 | gossip: 21 | externalEndpoint: network-org-4-peer-1-hlf-peer.org-4.svc.cluster.local:7051 22 | discover-monitor: 23 | enabled: true 24 | 25 | chaincodes: 26 | - name: mycc 27 | address: network-org-4-peer-1-hlf-k8s-chaincode-mycc.org-4.svc.cluster.local 28 | port: 7052 29 | version: "1.0" 30 | image: 31 | repository: ghcr.io/substra/orchestrator-chaincode 32 | tag: latest 33 | pullPolicy: IfNotPresent 34 | init: 35 | image: 36 | repository: ghcr.io/substra/orchestrator-chaincode-init 37 | tag: latest 38 | 39 | appChannels: 40 | - channelName: mychannel 41 | channelPolicies: |- 42 | Readers: 43 | Type: ImplicitMeta 44 | Rule: "ANY Readers" 45 | Writers: 46 | Type: ImplicitMeta 47 | Rule: "ANY Writers" 48 | Admins: 49 | Type: ImplicitMeta 50 | Rule: "MAJORITY Admins" 51 | appPolicies: |- 52 | LifecycleEndorsement: 53 | Type: ImplicitMeta 54 | Rule: "MAJORITY Endorsement" 55 | Endorsement: 56 | Type: ImplicitMeta 57 | Rule: "MAJORITY Endorsement" 58 | Readers: 59 | Type: ImplicitMeta 60 | Rule: "ANY Readers" 61 | Writers: 62 | Type: ImplicitMeta 63 | Rule: "ANY Writers" 64 | Admins: 65 | Type: ImplicitMeta 66 | Rule: "MAJORITY Admins" 67 | 68 | chaincodes: 69 | - name: mycc 70 | policy: "OR('MyOrg1MSP.member','MyOrg2MSP.member','MyOrg3MSP.member','MyOrg4MSP.member')" 71 | version: "1.0" 72 | sequence: "1" 73 | 74 | organizations: 75 | - { org: MyOrg1, mspid: MyOrg1MSP, configUrl: network-org-1-peer-1-hlf-k8s-config-operator.org-1.svc.cluster.local/config/configOrgWithAnchors.json } 76 | - { org: MyOrg2, mspid: MyOrg2MSP, configUrl: network-org-2-peer-1-hlf-k8s-config-operator.org-2.svc.cluster.local/config/configOrgWithAnchors.json } 77 | - { org: MyOrg3, mspid: MyOrg3MSP, configUrl: network-org-3-peer-1-hlf-k8s-config-operator.org-3.svc.cluster.local/config/configOrgWithAnchors.json } 78 | - { org: MyOrg4, mspid: MyOrg4MSP, configUrl: network-org-4-peer-1-hlf-k8s-config-operator.org-4.svc.cluster.local/config/configOrgWithAnchors.json } 79 | 80 | proposalOrganizations: 81 | - { org: MyOrg1, mspid: MyOrg1MSP, proposalServerUrl: network-org-1-peer-1-hlf-k8s-appchannel-operator-mychannel.org-1.svc.cluster.local/proposal/ } 82 | - { org: MyOrg2, mspid: MyOrg2MSP, proposalServerUrl: network-org-2-peer-1-hlf-k8s-appchannel-operator-mychannel.org-2.svc.cluster.local/proposal/ } 83 | - { org: MyOrg3, mspid: MyOrg3MSP, proposalServerUrl: network-org-3-peer-1-hlf-k8s-appchannel-operator-mychannel.org-3.svc.cluster.local/proposal/ } 84 | - { org: MyOrg4, mspid: MyOrg4MSP, proposalServerUrl: network-org-4-peer-1-hlf-k8s-appchannel-operator-mychannel.org-4.svc.cluster.local/proposal/ } 85 | 86 | enrollments: 87 | creds: 88 | - { name: admin, secret: adminpwd, options: "--id.attrs hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"} 89 | - { name: user, secret: pwd, options: "--id.type peer"} 90 | csrHost: "*.org-4.svc.cluster.local" 91 | 92 | 93 | toolbox: 94 | enabled: true 95 | 96 | hooks: 97 | serviceAccount: 98 | name: substra-delete-hook 99 | -------------------------------------------------------------------------------- /examples/README.md: -------------------------------------------------------------------------------- 1 | These tools are presented for local development and documentation purposes only. 2 | 3 | They are maintained on a "best effort" policy. 4 | 5 | For the officially supported deployment, please refer to the main [skaffold.yaml](../skaffold.yaml) file. 6 | 7 | ## Updating crypto material 8 | 9 | In order to deploy faster, the default deployed example contains pre-generated crypto material. 10 | 11 | However, they will expire at some point. The symptom is that the enrollment operator won't start: 12 | 13 | ``` 14 | 2022-02-28 15:10:49.227 UTC 0004 PANI [orderer.common.server] loadLocalMSP -> Failed to setup local msp with config: signing identity expired 48h52m49.227068342s ago 15 | ``` 16 | 17 | Fortunately, there is also an example with a proper CA to issue the required certificates: 18 | ``` 19 | cd 4-orgs-policy-any 20 | skaffold run 21 | ``` 22 | 23 | This should properly deploy a fabric network. 24 | Now, let's retrieve the secrets and update the manifests (in `secrets` directory): 25 | 26 | ``` 27 | kubectl -n orderer get secret hlf-genesis -oyaml > secrets-orderer-genesis.yaml 28 | kubectl -n orderer get secret hlf-cacert hlf-msp-cert-admin hlf-msp-cert-user hlf-msp-key-admin hlf-msp-key-user hlf-tls-admin hlf-tls-user ord-tls-rootcert -oyaml > secrets-orderer.yaml 29 | kubectl -n org-1 get secret hlf-cacert hlf-msp-cert-admin hlf-msp-cert-user hlf-msp-key-admin hlf-msp-key-user hlf-tls-admin hlf-tls-user ord-tls-rootcert -oyaml > secrets-org-1.yaml 30 | kubectl -n org-2 get secret hlf-cacert hlf-msp-cert-admin hlf-msp-cert-user hlf-msp-key-admin hlf-msp-key-user hlf-tls-admin hlf-tls-user ord-tls-rootcert -oyaml > secrets-org-2.yaml 31 | kubectl -n org-3 get secret hlf-cacert hlf-msp-cert-admin hlf-msp-cert-user hlf-msp-key-admin hlf-msp-key-user hlf-tls-admin hlf-tls-user ord-tls-rootcert -oyaml > secrets-org-3.yaml 32 | kubectl -n org-4 get secret hlf-cacert hlf-msp-cert-admin hlf-msp-cert-user hlf-msp-key-admin hlf-msp-key-user hlf-tls-admin hlf-tls-user ord-tls-rootcert -oyaml > secrets-org-4.yaml 33 | ``` 34 | -------------------------------------------------------------------------------- /examples/dev-secrets.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script creates HLF kubernetes secrets for orderer, org-1 and org-2. 4 | # 5 | # To speed up local deployment, run this script before running `skaffold run`: 6 | # 7 | # $ ./examples/dev-secrets.sh create 8 | # $ skaffold run 9 | 10 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" 11 | KUBECTL="kubectl" 12 | 13 | if [ "$1" != "create" ] && [ "$1" != "delete" ]; then 14 | echo "Usage: dev-secrets.sh [create|delete]" 15 | exit 16 | fi 17 | 18 | OP=$1 19 | if [ "$OP" == "create" ]; then 20 | OP="apply" 21 | fi 22 | 23 | if [ -n "$KUBE_CONTEXT" ]; then 24 | KUBECTL="kubectl --context=${KUBE_CONTEXT}" 25 | fi 26 | 27 | if [ "$OP" = "apply" ]; then 28 | ${KUBECTL} create namespace orderer 29 | ${KUBECTL} create namespace org-1 30 | ${KUBECTL} create namespace org-2 31 | fi 32 | 33 | ${KUBECTL} "$OP" -f "${DIR}/secrets/secrets-orderer-genesis.yaml" 34 | ${KUBECTL} "$OP" -f "${DIR}/secrets/secrets-orderer.yaml" 35 | ${KUBECTL} "$OP" -f "${DIR}/secrets/secrets-org-1.yaml" 36 | ${KUBECTL} "$OP" -f "${DIR}/secrets/secrets-org-2.yaml" 37 | -------------------------------------------------------------------------------- /examples/secrets/secrets-org-1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: v1 4 | data: 5 | cacert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNJakNDQWNtZ0F3SUJBZ0lVRklHTHBIMHRhSnlUbXYrQVFqS3RjM1J6ZU4wd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN4TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRNM01ESXlOREUzTlRnd01Gb3cKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN4TUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFUTdtL2phYjkKU04xVDRZb2NzU3owNy9PYWNvZDJXUnF3UTlKcVRLRHcwM0YvcVU1SGpycjREc0wxeDhaaTRMNFp3d1lWcEIzdQp1NHhyOVlQZE5UMkdZNk5GTUVNd0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDCkFRRXdIUVlEVlIwT0JCWUVGSkhXWDBhakpTMlhaRnVKRlkvOUZQcHJBc1ZMTUFvR0NDcUdTTTQ5QkFNQ0EwY0EKTUVRQ0lEclBZY0NudFVTN3VjRmVNWWxKZkExVWlyaGNnOWVhM094NndxZHBjWlczQWlBeVNud2czTFgxOHdKdAp3VGNQUXE5d2dYRTg4RlVMcGRlTW1pN0U0VisvRWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 6 | kind: Secret 7 | metadata: 8 | creationTimestamp: "2022-02-28T18:03:31Z" 9 | name: hlf-cacert 10 | namespace: org-1 11 | resourceVersion: "1156980" 12 | uid: 6dc14d9f-fb21-4219-9ed1-b4f62a20b304 13 | type: Opaque 14 | - apiVersion: v1 15 | data: 16 | cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrRENDQXArZ0F3SUJBZ0lVSGdNcC9Hamh4cmZXa2VHNW94THBDUTFEd21Vd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN4TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKWFRFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFUE1BMEdBMVVFQ3hNR1kyeHBaVzUwTVE0d0RBWURWUVFERXdWaFpHMXBiakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkc2RTZQN010RE0vS2thQVladE0zaVpDL3NvRk5MdDkKMkY3TnpCMGNxS1NhYWRIRmZNOHkwcXJnSTJZYzdYOFhIVUwyRjRETEpaU2dIdmdRdVNMS0tWaWpnZ0VxTUlJQgpKakFPQmdOVkhROEJBZjhFQkFNQ0I0QXdEQVlEVlIwVEFRSC9CQUl3QURBZEJnTlZIUTRFRmdRVUlodUVXM2VrCkZPM0YxaDFzRkxxeUQ5VGs2dVV3SHdZRFZSMGpCQmd3Rm9BVWtkWmZScU1sTFpka1c0a1ZqLzBVK21zQ3hVc3cKU2dZRFZSMFJCRU13UVlJL2JtVjBkMjl5YXkxdmNtY3RNUzF3WldWeUxURXRhR3htTFdzNGN5MWxibkp2Ykd4dApaVzUwTFc5d1pYSmhkRzl5TFRVMU56UmpaalkzWkRkdWFIQm9NSG9HQ0NvREJBVUdCd2dCQkc1N0ltRjBkSEp6CklqcDdJbUZpWVdNdWFXNXBkQ0k2SW5SeWRXVWlMQ0poWkcxcGJpSTZJblJ5ZFdVaUxDSm9aaTVCWm1acGJHbGgKZEdsdmJpSTZJaUlzSW1obUxrVnVjbTlzYkcxbGJuUkpSQ0k2SW1Ga2JXbHVJaXdpYUdZdVZIbHdaU0k2SW1OcwphV1Z1ZENKOWZUQUtCZ2dxaGtqT1BRUURBZ05IQURCRUFpQTdub2R4YldJTm53QktBUVBwdW1aV1ZSL1dYNGdvCjl3eExpdnd4dFdGd1BBSWdZc1BMSk9JaUJlZ01DLzVGUmZCWmZZOHNwRUtMOUhRV3JTamJXaXV5c2ZzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 17 | kind: Secret 18 | metadata: 19 | creationTimestamp: "2022-02-28T18:03:37Z" 20 | name: hlf-msp-cert-admin 21 | namespace: org-1 22 | resourceVersion: "1157024" 23 | uid: b7f92aef-25db-4c36-abec-af1a0ef9bdc3 24 | type: Opaque 25 | - apiVersion: v1 26 | data: 27 | cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwRENDQW5lZ0F3SUJBZ0lVVnlOUXBrVFovSUpmdFlxOG9YNm9iZkdQSkZRd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN4TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKV2pFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFTk1Bc0dBMVVFQ3hNRWNHVmxjakVOTUFzR0ExVUVBeE1FZFhObGNqQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCTHBSSFlmNVA1eDM5a2NIcm9GSHc1NHdsY25hREdyU0JPeisKOTd6Nm9admpydndqU2lxbFNZUGIxalVHelZTN1JNalZtUGVNb3JFNWkyOGdVNkdvOFNTamdnRUZNSUlCQVRBTwpCZ05WSFE4QkFmOEVCQU1DQjRBd0RBWURWUjBUQVFIL0JBSXdBREFkQmdOVkhRNEVGZ1FVQWxOVFBPZmpSbmtaCkdZN013MjIwNGZtYkxOZ3dId1lEVlIwakJCZ3dGb0FVa2RaZlJxTWxMWmRrVzRrVmovMFUrbXNDeFVzd1NnWUQKVlIwUkJFTXdRWUkvYm1WMGQyOXlheTF2Y21jdE1TMXdaV1Z5TFRFdGFHeG1MV3M0Y3kxbGJuSnZiR3h0Wlc1MApMVzl3WlhKaGRHOXlMVFUxTnpSalpqWTNaRGR1YUhCb01GVUdDQ29EQkFVR0J3Z0JCRWw3SW1GMGRISnpJanA3CkltaG1Ma0ZtWm1sc2FXRjBhVzl1SWpvaUlpd2lhR1l1Ulc1eWIyeHNiV1Z1ZEVsRUlqb2lkWE5sY2lJc0ltaG0KTGxSNWNHVWlPaUp3WldWeUluMTlNQW9HQ0NxR1NNNDlCQU1DQTBjQU1FUUNJQW5Ec3RSMTNiWk9USEpOK01yMQpud1VteEtwQ2VVM1htTWxIUHcvbkRCdlRBaUFxMUlBN0xBd3hOdzRkWEg3WnphaFVkWWtzVlM4ZVBDN1ZveTF4ClZSNGNMdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 28 | kind: Secret 29 | metadata: 30 | creationTimestamp: "2022-02-28T18:03:44Z" 31 | name: hlf-msp-cert-user 32 | namespace: org-1 33 | resourceVersion: "1157078" 34 | uid: 0fc4c5e0-0de6-46fa-a62b-72bd9c07d58c 35 | type: Opaque 36 | - apiVersion: v1 37 | data: 38 | key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ280L2tKQW1wLzg2ZW94K2sKeHc5endqTnRpdEZvRXN3MCtNUzVPMWVlY1ZhaFJBTkNBQVJ1aE9qK3pMUXpQeXBHZ0dHYlRONG1RdjdLQlRTNwpmZGhlemN3ZEhLaWttbW5SeFh6UE10S3E0Q05tSE8xL0Z4MUM5aGVBeXlXVW9CNzRFTGtpeWlsWQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 39 | kind: Secret 40 | metadata: 41 | creationTimestamp: "2022-02-28T18:03:38Z" 42 | name: hlf-msp-key-admin 43 | namespace: org-1 44 | resourceVersion: "1157033" 45 | uid: e291b653-44e2-4c07-b871-fe8dbbfd745a 46 | type: Opaque 47 | - apiVersion: v1 48 | data: 49 | key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ09ZVlVjdVR4RmxrRXJKQVUKeWdtTGNROGYrVmpxRUpBeFRaNTUvMWpOL25haFJBTkNBQVM2VVIySCtUK2NkL1pIQjY2QlI4T2VNSlhKMmd4cQowZ1RzL3ZlOCtxR2I0Njc4STBvcXBVbUQyOVkxQnMxVXUwVEkxWmozaktLeE9ZdHZJRk9ocVBFawotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 50 | kind: Secret 51 | metadata: 52 | creationTimestamp: "2022-02-28T18:03:45Z" 53 | name: hlf-msp-key-user 54 | namespace: org-1 55 | resourceVersion: "1157089" 56 | uid: efd2486b-6607-4277-8b93-d78a4c6a07f5 57 | type: Opaque 58 | - apiVersion: v1 59 | data: 60 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBakNDQXFtZ0F3SUJBZ0lVQXlkcC83cDEyZkt0b292cHlVaDB0VmdrL3Rrd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN4TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKWFRFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFUE1BMEdBMVVFQ3hNR1kyeHBaVzUwTVE0d0RBWURWUVFERXdWaFpHMXBiakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkx6ejE1UHZTVm01Mml2LzBMNW1NY3BlbEdUUW51Z20KbXFySmx6eE1iS0lsUEh4ckUyOUdsMTF2dmhDNTNabFM3dzdkSGFkYzhPT2lmVjFSM1RsOUlWV2pnZ0UwTUlJQgpNREFPQmdOVkhROEJBZjhFQkFNQ0E2Z3dIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DCk1Bd0dBMVVkRXdFQi93UUNNQUF3SFFZRFZSME9CQllFRlB2MlQrdzQ5cUMxMUs3cnRwZzlOVUxDRGszOU1COEcKQTFVZEl3UVlNQmFBRkpIV1gwYWpKUzJYWkZ1SkZZLzlGUHByQXNWTE1EVUdBMVVkRVFRdU1DeUNDV3h2WTJGcwphRzl6ZElJWktpNXZjbWN0TVM1emRtTXVZMngxYzNSbGNpNXNiMk5oYkljRWZ3QUFBVEI2QmdncUF3UUZCZ2NJCkFRUnVleUpoZEhSeWN5STZleUpoWW1GakxtbHVhWFFpT2lKMGNuVmxJaXdpWVdSdGFXNGlPaUowY25WbElpd2kKYUdZdVFXWm1hV3hwWVhScGIyNGlPaUlpTENKb1ppNUZibkp2Ykd4dFpXNTBTVVFpT2lKaFpHMXBiaUlzSW1obQpMbFI1Y0dVaU9pSmpiR2xsYm5RaWZYMHdDZ1lJS29aSXpqMEVBd0lEUndBd1JBSWdKQmNzZWhJQW9UU20zaElLClBoc1JNL0srN3lGYkIwYVBzZ2ZwQmNmMTNDa0NJRWlkL2NVQk14TDlXYjk0WmhKRC9lTmp5NndFdnducDU5dzQKWkRkeUJrejYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 61 | tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ1RoVW1jU0RrRjBSKzlUbUUKSjZxaCtRWTFpZ1ZHQ1ByVkxNS2ZqRWhITTR5aFJBTkNBQVM4ODllVDcwbFp1ZG9yLzlDK1pqSEtYcFJrMEo3bwpKcHFxeVpjOFRHeWlKVHg4YXhOdlJwZGRiNzRRdWQyWlV1OE8zUjJuWFBEam9uMWRVZDA1ZlNGVgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 62 | kind: Secret 63 | metadata: 64 | creationTimestamp: "2022-02-28T18:03:39Z" 65 | name: hlf-tls-admin 66 | namespace: org-1 67 | resourceVersion: "1157044" 68 | uid: a9b1db2b-24e7-4a2b-addd-8c3a11aa454f 69 | type: kubernetes.io/tls 70 | - apiVersion: v1 71 | data: 72 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMyekNDQW9HZ0F3SUJBZ0lVTEZDOEYxWExmQVBrWVl4K3QwUGc5Z3dVekswd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN4TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKV2pFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFTk1Bc0dBMVVFQ3hNRWNHVmxjakVOTUFzR0ExVUVBeE1FZFhObGNqQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCQ29SOWFZTVJZMjlheDVDRmpsYnBnV2NCajkwdW5KY1VHN3oKWUd1NTJYeEdqQy83ajFoUVJoSVZySUUrNVNzYTZtdEpLV2ZiMCt3VTJ6MEhnNFdBNmUyamdnRVBNSUlCQ3pBTwpCZ05WSFE4QkFmOEVCQU1DQTZnd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHCkExVWRFd0VCL3dRQ01BQXdIUVlEVlIwT0JCWUVGUDFJTHhxTVYyNjFOZmhKM2JxRnpkUHZqR0p5TUI4R0ExVWQKSXdRWU1CYUFGSkhXWDBhakpTMlhaRnVKRlkvOUZQcHJBc1ZMTURVR0ExVWRFUVF1TUN5Q0NXeHZZMkZzYUc5egpkSUlaS2k1dmNtY3RNUzV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiSWNFZndBQUFUQlZCZ2dxQXdRRkJnY0lBUVJKCmV5SmhkSFJ5Y3lJNmV5Sm9aaTVCWm1acGJHbGhkR2x2YmlJNklpSXNJbWhtTGtWdWNtOXNiRzFsYm5SSlJDSTYKSW5WelpYSWlMQ0pvWmk1VWVYQmxJam9pY0dWbGNpSjlmVEFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUVBNkJpbQpINTN2UlhqdEtBcHRsR2ozYXVpOW5Lc0E0Q3cvQ3hMQ0VkQWR2ZklDSUdkVXBGWXhOdE5PUjVXNDlOQnhEVU5lClU3eHVEV3VFT1EzeUo5SCtJek1KCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 73 | tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ2c0V0pvR2NuZlR2YkFlQksKT3VTdGwzSGJyUnphT0l0UlRjc2VFd0paN1IyaFJBTkNBQVFxRWZXbURFV052V3NlUWhZNVc2WUZuQVkvZExweQpYRkJ1ODJCcnVkbDhSb3d2KzQ5WVVFWVNGYXlCUHVVckd1cHJTU2xuMjlQc0ZOczlCNE9GZ09udAotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 74 | kind: Secret 75 | metadata: 76 | creationTimestamp: "2022-02-28T18:03:46Z" 77 | name: hlf-tls-user 78 | namespace: org-1 79 | resourceVersion: "1157098" 80 | uid: 74d9ffc4-4711-4882-bda6-63c533a117ea 81 | type: kubernetes.io/tls 82 | - apiVersion: v1 83 | data: 84 | cacert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNLVENDQWMrZ0F3SUJBZ0lVUm5RWXpnNk5xcldFSTJzRlVpQUNZUTlWM1lJd0NnWUlLb1pJemowRUF3SXcKY1RFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUk13CkVRWURWUVFERXdweVkyRlBjbVJsY21WeU1CNFhEVEl5TURJeU9ERTNOVGN3TUZvWERUTTNNREl5TkRFM05UY3cKTUZvd2NURUxNQWtHQTFVRUJoTUNSbEl4R1RBWEJnTlZCQWdURUV4dmFYSmxMVUYwYkdGdWRHbHhkV1V4RHpBTgpCZ05WQkFjVEJrNWhiblJsY3pFUU1BNEdBMVVFQ2hNSFUzVmljM1J5WVRFUE1BMEdBMVVFQ3hNR1JtRmljbWxqCk1STXdFUVlEVlFRREV3cHlZMkZQY21SbGNtVnlNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUKSUdUNnc3OS9oZ2JScVdVcU9OemU0WnRuY3BvWmdXTGZMSXFmUUF2dUp3ZUtCSnhCaUdOSGxISWZXVStKWExXcAo5Tk1Dcno3VVZUY2J3MDVsVDJpcy9hTkZNRU13RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJCk1BWUJBZjhDQVFFd0hRWURWUjBPQkJZRUZIU2JQNUNzU1R2MmdkN3MrYXBuWDFiK2RWWm9NQW9HQ0NxR1NNNDkKQkFNQ0EwZ0FNRVVDSVFEenNJRlJXQTdYd1MwMnNjdGZKNTVvWjNoeGRuMHpSZWMyOThROTdoOStMQUlnSitlUwpVemwzcFR5RFRJOHlMeG55VTRnWUpvZVNobmJPbWhuaWRDR2VzMGc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 85 | kind: Secret 86 | metadata: 87 | creationTimestamp: "2022-02-28T18:03:32Z" 88 | name: ord-tls-rootcert 89 | namespace: org-1 90 | resourceVersion: "1156989" 91 | uid: 1f56b6fb-0d79-4227-a433-b5f211661fa3 92 | type: Opaque 93 | kind: List 94 | metadata: 95 | resourceVersion: "" 96 | selfLink: "" 97 | -------------------------------------------------------------------------------- /examples/secrets/secrets-org-2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: v1 4 | data: 5 | cacert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNJekNDQWNtZ0F3SUJBZ0lVSjE0ajBtNHh1d25SUE11VkoyTFRVOGtTZDdJd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN5TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRNM01ESXlOREUzTlRnd01Gb3cKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN5TUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFU29SdmdkcTgKRysrRERGNDV4MldxTW45ZUduR3pPMU5XbTB2dkFKRk56SlRnSHAwUnpNN2xwQXVCUlJEOVpEdFE2djRidk5OaAoxWHBYb0NsV3g2U3hmcU5GTUVNd0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDCkFRRXdIUVlEVlIwT0JCWUVGR2NuZ1J3Q3NEMisrUW1UOHRTeW5yK0w0V2NnTUFvR0NDcUdTTTQ5QkFNQ0EwZ0EKTUVVQ0lRQzRYMzczUFJWdko4dS9KMG9YYWN5V1VWYlF2YlYxUGpHZk1ud1luUUUzZndJZ0QyaDQ3TzRBbzVXNwpvQWdvSXVqeUtRZ0JJZ3dlajZ4Y211NElLRS85RFRJPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 6 | kind: Secret 7 | metadata: 8 | creationTimestamp: "2022-02-28T18:03:29Z" 9 | name: hlf-cacert 10 | namespace: org-2 11 | resourceVersion: "1156967" 12 | uid: f9008270-d9b9-4768-8afd-722d390d7745 13 | type: Opaque 14 | - apiVersion: v1 15 | data: 16 | cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrVENDQXArZ0F3SUJBZ0lVYjIwRGtGVXJBQUFKK3lpTkxMZlZzNzVUS2RJd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN5TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKWFRFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFUE1BMEdBMVVFQ3hNR1kyeHBaVzUwTVE0d0RBWURWUVFERXdWaFpHMXBiakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk8yRnYxUi82SFlnaTlZN3o4cEtnVUJBOEYzU01Fc3cKYW9pSFp6ZFNxSzdER3p6TzArVTVwSVFyK2VEMWZuU29ZKy9DNFVFb1FKc0tBVUprN0lTbHEvdWpnZ0VxTUlJQgpKakFPQmdOVkhROEJBZjhFQkFNQ0I0QXdEQVlEVlIwVEFRSC9CQUl3QURBZEJnTlZIUTRFRmdRVUd2UDNybDZoCmt2aHN4VVlaN3Y0aXJvblhQQ1l3SHdZRFZSMGpCQmd3Rm9BVVp5ZUJIQUt3UGI3NUNaUHkxTEtldjR2aFp5QXcKU2dZRFZSMFJCRU13UVlJL2JtVjBkMjl5YXkxdmNtY3RNaTF3WldWeUxURXRhR3htTFdzNGN5MWxibkp2Ykd4dApaVzUwTFc5d1pYSmhkRzl5TFRnMk56Wm1OR001T0hoM2JtSTJNSG9HQ0NvREJBVUdCd2dCQkc1N0ltRjBkSEp6CklqcDdJbUZpWVdNdWFXNXBkQ0k2SW5SeWRXVWlMQ0poWkcxcGJpSTZJblJ5ZFdVaUxDSm9aaTVCWm1acGJHbGgKZEdsdmJpSTZJaUlzSW1obUxrVnVjbTlzYkcxbGJuUkpSQ0k2SW1Ga2JXbHVJaXdpYUdZdVZIbHdaU0k2SW1OcwphV1Z1ZENKOWZUQUtCZ2dxaGtqT1BRUURBZ05JQURCRkFpRUFrcW5HcUlXU0VRNHlsMlVCa21lSTh5TkNwVUkvCjJ0UVZKVDJkeTBjdkh0Z0NJQW12dUYwSkt5c25pWjVQUVFXNEpEYkhvUDdJSmIwUEplejJVUXNBdnFyLwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 17 | kind: Secret 18 | metadata: 19 | creationTimestamp: "2022-02-28T18:03:35Z" 20 | name: hlf-msp-cert-admin 21 | namespace: org-2 22 | resourceVersion: "1157011" 23 | uid: bd71d7d3-f9ef-4a7e-a3e7-1c2b1b8bb2fb 24 | type: Opaque 25 | - apiVersion: v1 26 | data: 27 | cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwVENDQW5lZ0F3SUJBZ0lVUVk3dXhEanpuSTZnMzhNMU1FVTI5VlQ4bGxFd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN5TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKV2pFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFTk1Bc0dBMVVFQ3hNRWNHVmxjakVOTUFzR0ExVUVBeE1FZFhObGNqQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCSTlSb1h1MHNRQVlkdXk5VVJndzFwektDdWRNa2Y1MHFVd08KRnVtL25XanBlSlZINklhd1ZZbTc3Nld4dktPR3FNNEJWYUtYVGc3M1VzcmlwSXR2ZVltamdnRUZNSUlCQVRBTwpCZ05WSFE4QkFmOEVCQU1DQjRBd0RBWURWUjBUQVFIL0JBSXdBREFkQmdOVkhRNEVGZ1FVczNCVWRtd29MNzA2CjVuQ1NTN0tiSWo2UFNOSXdId1lEVlIwakJCZ3dGb0FVWnllQkhBS3dQYjc1Q1pQeTFMS2V2NHZoWnlBd1NnWUQKVlIwUkJFTXdRWUkvYm1WMGQyOXlheTF2Y21jdE1pMXdaV1Z5TFRFdGFHeG1MV3M0Y3kxbGJuSnZiR3h0Wlc1MApMVzl3WlhKaGRHOXlMVGcyTnpabU5HTTVPSGgzYm1JMk1GVUdDQ29EQkFVR0J3Z0JCRWw3SW1GMGRISnpJanA3CkltaG1Ma0ZtWm1sc2FXRjBhVzl1SWpvaUlpd2lhR1l1Ulc1eWIyeHNiV1Z1ZEVsRUlqb2lkWE5sY2lJc0ltaG0KTGxSNWNHVWlPaUp3WldWeUluMTlNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJUURrZGFXRUhJdzhySzY3Tk1DVwoxcTB2RnJHSXdvLzdSaUlGKzBlbXFucXNSQUlnYlE0dm5LSVo1alovQ2RuaklPWmpIdXFscTJ3aVEwU1FiU05VCkF5alZMY0E9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 28 | kind: Secret 29 | metadata: 30 | creationTimestamp: "2022-02-28T18:03:42Z" 31 | name: hlf-msp-cert-user 32 | namespace: org-2 33 | resourceVersion: "1157064" 34 | uid: de3bb69d-ef64-42d1-ba66-b359dcba4b3d 35 | type: Opaque 36 | - apiVersion: v1 37 | data: 38 | key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0xkY2tUd3VTVVc3ZkFNZi8KRjhzYXNqTjJPZUw1T0Z4emJiRWVFWHhsOUt1aFJBTkNBQVR0aGI5VWYraDJJSXZXTzgvS1NvRkFRUEJkMGpCTApNR3FJaDJjM1VxaXV3eHM4enRQbE9hU0VLL25nOVg1MHFHUHZ3dUZCS0VDYkNnRkNaT3lFcGF2NwotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 39 | kind: Secret 40 | metadata: 41 | creationTimestamp: "2022-02-28T18:03:36Z" 42 | name: hlf-msp-key-admin 43 | namespace: org-2 44 | resourceVersion: "1157020" 45 | uid: edf9860c-df6a-492d-aa76-83f47f2337df 46 | type: Opaque 47 | - apiVersion: v1 48 | data: 49 | key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ2F2UGJnbGRnbDZGczc5QTMKL2dYVDlzblg3MTJFUk1QcWoyUW0yVHJkZm9DaFJBTkNBQVNQVWFGN3RMRUFHSGJzdlZFWU1OYWN5Z3JuVEpIKwpkS2xNRGhicHY1MW82WGlWUitpR3NGV0p1Kytsc2J5amhxak9BVldpbDA0TzkxTEs0cVNMYjNtSgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 50 | kind: Secret 51 | metadata: 52 | creationTimestamp: "2022-02-28T18:03:43Z" 53 | name: hlf-msp-key-user 54 | namespace: org-2 55 | resourceVersion: "1157074" 56 | uid: 066ad927-44e8-431f-b794-9e3bdd91a3a1 57 | type: Opaque 58 | - apiVersion: v1 59 | data: 60 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBakNDQXFtZ0F3SUJBZ0lVTkVkTTBxRWFicmNINGgrV1g2ZVErOHJ6MWZFd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN5TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKWFRFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFUE1BMEdBMVVFQ3hNR1kyeHBaVzUwTVE0d0RBWURWUVFERXdWaFpHMXBiakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk1vSUNnUFN1Z3pQS3hxVVQwejcxbkRMekZXVVNLWGQKOENSaEI3MWFmLy9kT2FUcG9QYTRXWjhIZ1lFVjMrRHpsb1J2NFhrVm42SnNFZUhVM3Y5Q2RpMmpnZ0UwTUlJQgpNREFPQmdOVkhROEJBZjhFQkFNQ0E2Z3dIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DCk1Bd0dBMVVkRXdFQi93UUNNQUF3SFFZRFZSME9CQllFRkJUcG10c0JKRTVmS21INVlSaXdGejFKTzgzb01COEcKQTFVZEl3UVlNQmFBRkdjbmdSd0NzRDIrK1FtVDh0U3lucitMNFdjZ01EVUdBMVVkRVFRdU1DeUNDV3h2WTJGcwphRzl6ZElJWktpNXZjbWN0TWk1emRtTXVZMngxYzNSbGNpNXNiMk5oYkljRWZ3QUFBVEI2QmdncUF3UUZCZ2NJCkFRUnVleUpoZEhSeWN5STZleUpoWW1GakxtbHVhWFFpT2lKMGNuVmxJaXdpWVdSdGFXNGlPaUowY25WbElpd2kKYUdZdVFXWm1hV3hwWVhScGIyNGlPaUlpTENKb1ppNUZibkp2Ykd4dFpXNTBTVVFpT2lKaFpHMXBiaUlzSW1obQpMbFI1Y0dVaU9pSmpiR2xsYm5RaWZYMHdDZ1lJS29aSXpqMEVBd0lEUndBd1JBSWdUV3lNZy96V2NiUVkxNjRGCmROcFdpUzZheVFTVFZKUml6ZER5OFF0ZHNkQUNJRUdMVzN1RFZMcUVJaS9DZkhQeDBGa0RSa1FpUFM5Rm1RSmoKQnVaeWIyY3oKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 61 | tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZzNuMnI5SHo5OXhoRkNKbjUKTzJUSUo4elp2YUlhdmJRdDlZWkJnR1QxZlBxaFJBTkNBQVRLQ0FvRDByb016eXNhbEU5TSs5Wnd5OHhWbEVpbAozZkFrWVFlOVduLy8zVG1rNmFEMnVGbWZCNEdCRmQvZzg1YUViK0Y1RloraWJCSGgxTjcvUW5ZdAotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 62 | kind: Secret 63 | metadata: 64 | creationTimestamp: "2022-02-28T18:03:38Z" 65 | name: hlf-tls-admin 66 | namespace: org-2 67 | resourceVersion: "1157030" 68 | uid: ad7df83a-0ae4-4140-9710-c83ab5610416 69 | type: kubernetes.io/tls 70 | - apiVersion: v1 71 | data: 72 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMyekNDQW9HZ0F3SUJBZ0lVQk0wcVFqWnZtZ1BHek1tUU1vY2lyeHhyQktzd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN5TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKV2pFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFTk1Bc0dBMVVFQ3hNRWNHVmxjakVOTUFzR0ExVUVBeE1FZFhObGNqQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCSG9rMWYxOGp1TFRQZlk3YzEwK2xzYUpFQjZZdWF3RmUvQ0MKMlFYeGtZcjhSdWlqYm9xRkszc2hwWGhFU1NjNElEL2F6MVUveHBpUTBtSVNKT2tzWEVTamdnRVBNSUlCQ3pBTwpCZ05WSFE4QkFmOEVCQU1DQTZnd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHCkExVWRFd0VCL3dRQ01BQXdIUVlEVlIwT0JCWUVGSGw4TDE4bjVIdlRRSndSMWZWR3dGY1VIdTNqTUI4R0ExVWQKSXdRWU1CYUFGR2NuZ1J3Q3NEMisrUW1UOHRTeW5yK0w0V2NnTURVR0ExVWRFUVF1TUN5Q0NXeHZZMkZzYUc5egpkSUlaS2k1dmNtY3RNaTV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiSWNFZndBQUFUQlZCZ2dxQXdRRkJnY0lBUVJKCmV5SmhkSFJ5Y3lJNmV5Sm9aaTVCWm1acGJHbGhkR2x2YmlJNklpSXNJbWhtTGtWdWNtOXNiRzFsYm5SSlJDSTYKSW5WelpYSWlMQ0pvWmk1VWVYQmxJam9pY0dWbGNpSjlmVEFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUVBbHdqYQpMMXBBSGR1UUFFRGpyZUlzMVBrVm9yUDMzczV0N3BWbTNnTGdFeVVDSUQxMVJhU3JKVzJ0SlgwQ1c4Z2hVakR5CjZuRkFJbE9ZbHRSVUU5TE5paHg4Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 73 | tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ054ckdnUERvMzg5aVFsbzgKK0s2YmFQOG5YN2FyV1gwb0RlY2JFU2JsNmEraFJBTkNBQVI2Sk5YOWZJN2kwejMyTzNOZFBwYkdpUkFlbUxtcwpCWHZ3Z3RrRjhaR0svRWJvbzI2S2hTdDdJYVY0UkVrbk9DQS8yczlWUDhhWWtOSmlFaVRwTEZ4RQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 74 | kind: Secret 75 | metadata: 76 | creationTimestamp: "2022-02-28T18:03:45Z" 77 | name: hlf-tls-user 78 | namespace: org-2 79 | resourceVersion: "1157084" 80 | uid: b3d764b0-5f92-4a0c-8d02-80dc00ca772e 81 | type: kubernetes.io/tls 82 | - apiVersion: v1 83 | data: 84 | cacert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNLVENDQWMrZ0F3SUJBZ0lVUm5RWXpnNk5xcldFSTJzRlVpQUNZUTlWM1lJd0NnWUlLb1pJemowRUF3SXcKY1RFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUk13CkVRWURWUVFERXdweVkyRlBjbVJsY21WeU1CNFhEVEl5TURJeU9ERTNOVGN3TUZvWERUTTNNREl5TkRFM05UY3cKTUZvd2NURUxNQWtHQTFVRUJoTUNSbEl4R1RBWEJnTlZCQWdURUV4dmFYSmxMVUYwYkdGdWRHbHhkV1V4RHpBTgpCZ05WQkFjVEJrNWhiblJsY3pFUU1BNEdBMVVFQ2hNSFUzVmljM1J5WVRFUE1BMEdBMVVFQ3hNR1JtRmljbWxqCk1STXdFUVlEVlFRREV3cHlZMkZQY21SbGNtVnlNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUKSUdUNnc3OS9oZ2JScVdVcU9OemU0WnRuY3BvWmdXTGZMSXFmUUF2dUp3ZUtCSnhCaUdOSGxISWZXVStKWExXcAo5Tk1Dcno3VVZUY2J3MDVsVDJpcy9hTkZNRU13RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJCk1BWUJBZjhDQVFFd0hRWURWUjBPQkJZRUZIU2JQNUNzU1R2MmdkN3MrYXBuWDFiK2RWWm9NQW9HQ0NxR1NNNDkKQkFNQ0EwZ0FNRVVDSVFEenNJRlJXQTdYd1MwMnNjdGZKNTVvWjNoeGRuMHpSZWMyOThROTdoOStMQUlnSitlUwpVemwzcFR5RFRJOHlMeG55VTRnWUpvZVNobmJPbWhuaWRDR2VzMGc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 85 | kind: Secret 86 | metadata: 87 | creationTimestamp: "2022-02-28T18:03:30Z" 88 | name: ord-tls-rootcert 89 | namespace: org-2 90 | resourceVersion: "1156977" 91 | uid: 5e532d04-5643-45d7-8cff-85ba887655a0 92 | type: Opaque 93 | kind: List 94 | metadata: 95 | resourceVersion: "" 96 | selfLink: "" 97 | -------------------------------------------------------------------------------- /examples/secrets/secrets-org-3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: v1 4 | data: 5 | cacert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNJekNDQWNtZ0F3SUJBZ0lVRlAxbkR4Wm5FZGZQYWRwM2lUdDQ0SjlyTHR3d0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN6TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRNM01ESXlOREUzTlRnd01Gb3cKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN6TUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFNlNIbXZrMUIKWUk5YWcrblV2NlRKbVBDTXMzbnVrZGFuWXFVYTNQWXhseWF6cW55VVVIOUkxalZsOEdRd3gwN0xZVkRWYWdPUApxOFAycTFSNHJMS3VFNk5GTUVNd0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDCkFRRXdIUVlEVlIwT0JCWUVGR0h1dXRkMDhFZjV5c3V0bzNQTWd3UTRyNFlVTUFvR0NDcUdTTTQ5QkFNQ0EwZ0EKTUVVQ0lRRGE3WmdqdFZkYmFPUnJWTmJ3S2cwcVo0ODlVMjFoWGtxMCt3MVRCb2k5QlFJZ0NMT3dZYmFPeWFNQgplQnp5MTlnbUt1MktSVFpiaFlpdndpMUtPK2RySWtrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 6 | kind: Secret 7 | metadata: 8 | creationTimestamp: "2022-02-28T18:03:25Z" 9 | name: hlf-cacert 10 | namespace: org-3 11 | resourceVersion: "1156908" 12 | uid: 88010f25-601d-4592-9269-7869435e49e7 13 | type: Opaque 14 | - apiVersion: v1 15 | data: 16 | cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrRENDQXArZ0F3SUJBZ0lVRWw3dHVEckZyVUdYcDlqYi9HSzBEd3ZwNTUwd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN6TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURNd01Gb3cKWFRFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFUE1BMEdBMVVFQ3hNR1kyeHBaVzUwTVE0d0RBWURWUVFERXdWaFpHMXBiakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQks3VU5YR0R2dklzMTAxYlhPWmNPekdHazNZd0NvdWkKeDF0K3hEa1E1VktXNU5BZUN5YlN6dkwrNDZ2bUVoL1VyVHZwVWdPZnUxYmloRW9LNGJ3dlBDMmpnZ0VxTUlJQgpKakFPQmdOVkhROEJBZjhFQkFNQ0I0QXdEQVlEVlIwVEFRSC9CQUl3QURBZEJnTlZIUTRFRmdRVVBDcmUrZG50CnljUzloUzF1ZVE5bUU5djZNNjB3SHdZRFZSMGpCQmd3Rm9BVVllNjYxM1R3Ui9uS3k2MmpjOHlEQkRpdmhoUXcKU2dZRFZSMFJCRU13UVlJL2JtVjBkMjl5YXkxdmNtY3RNeTF3WldWeUxURXRhR3htTFdzNGN5MWxibkp2Ykd4dApaVzUwTFc5d1pYSmhkRzl5TFRZMU5UYzVOemxqWTNnNFpucDRNSG9HQ0NvREJBVUdCd2dCQkc1N0ltRjBkSEp6CklqcDdJbUZpWVdNdWFXNXBkQ0k2SW5SeWRXVWlMQ0poWkcxcGJpSTZJblJ5ZFdVaUxDSm9aaTVCWm1acGJHbGgKZEdsdmJpSTZJaUlzSW1obUxrVnVjbTlzYkcxbGJuUkpSQ0k2SW1Ga2JXbHVJaXdpYUdZdVZIbHdaU0k2SW1OcwphV1Z1ZENKOWZUQUtCZ2dxaGtqT1BRUURBZ05IQURCRUFpQnZRRmlqRHZhQUlMcGVsL1IxTmVuZzBpckQ1biswCnJxREVvRWlnV0tuRUp3SWdZbFhoU08ybWxTdTRhZWxPeWpaeFg2clpIaSt4eG1yanh1dklpQmhqNG5vPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 17 | kind: Secret 18 | metadata: 19 | creationTimestamp: "2022-02-28T18:03:31Z" 20 | name: hlf-msp-cert-admin 21 | namespace: org-3 22 | resourceVersion: "1156981" 23 | uid: 2e2e3221-8204-497b-b676-c4ae20e31a2c 24 | type: Opaque 25 | - apiVersion: v1 26 | data: 27 | cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwVENDQW5lZ0F3SUJBZ0lVVml6S1BscWphc2JhT1RJWjQ4cWtadzhidWxFd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN6TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKV2pFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFTk1Bc0dBMVVFQ3hNRWNHVmxjakVOTUFzR0ExVUVBeE1FZFhObGNqQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCTHU0WHVHYzh3bkkwZlJMa1RWZjNZMEJUN3U3YXAveGZ3NG0Ka0hUVWYxRUd5RVozaHFFN1kvZFI3UzBrVWpKTHJPTU9MQ1krelpINXZjWXQwdUUvOTVpamdnRUZNSUlCQVRBTwpCZ05WSFE4QkFmOEVCQU1DQjRBd0RBWURWUjBUQVFIL0JBSXdBREFkQmdOVkhRNEVGZ1FVbWViZGphSjBnTWtSCnpnWGRHWWxxdVR0ajBac3dId1lEVlIwakJCZ3dGb0FVWWU2NjEzVHdSL25LeTYyamM4eURCRGl2aGhRd1NnWUQKVlIwUkJFTXdRWUkvYm1WMGQyOXlheTF2Y21jdE15MXdaV1Z5TFRFdGFHeG1MV3M0Y3kxbGJuSnZiR3h0Wlc1MApMVzl3WlhKaGRHOXlMVFkxTlRjNU56bGpZM2c0Wm5wNE1GVUdDQ29EQkFVR0J3Z0JCRWw3SW1GMGRISnpJanA3CkltaG1Ma0ZtWm1sc2FXRjBhVzl1SWpvaUlpd2lhR1l1Ulc1eWIyeHNiV1Z1ZEVsRUlqb2lkWE5sY2lJc0ltaG0KTGxSNWNHVWlPaUp3WldWeUluMTlNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJUUNkQ1prZTVYY0Z5UWtsTVY4VAp6RTlDQ2RablBOeVZ0UHFkQmxxRHMrUEtOQUlnUlBKU2FvVlhHUHA4ZVE1bjg0eHF1QUVpL2hGbHpVVlExK1lhCnRUVjRHMUk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 28 | kind: Secret 29 | metadata: 30 | creationTimestamp: "2022-02-28T18:03:38Z" 31 | name: hlf-msp-cert-user 32 | namespace: org-3 33 | resourceVersion: "1157035" 34 | uid: 210b4d2d-25df-42f5-b0aa-64882a53ad4a 35 | type: Opaque 36 | - apiVersion: v1 37 | data: 38 | key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0ZidHpSc0krZG9zUUwwOUwKbHE4WGVOYW9CcmtVbHFkR2lOVUFyeU5FWFppaFJBTkNBQVN1MURWeGc3N3lMTmROVzF6bVhEc3hocE4yTUFxTApvc2RiZnNRNUVPVlNsdVRRSGdzbTBzN3kvdU9yNWhJZjFLMDc2VklEbjd0VzRvUktDdUc4THp3dAotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 39 | kind: Secret 40 | metadata: 41 | creationTimestamp: "2022-02-28T18:03:32Z" 42 | name: hlf-msp-key-admin 43 | namespace: org-3 44 | resourceVersion: "1156991" 45 | uid: c533a45e-2528-4bbe-9594-0fbbd46d7ef2 46 | type: Opaque 47 | - apiVersion: v1 48 | data: 49 | key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0NhQVNEcUJmZS9WV0xMaUIKS25RejZoeDcyN3ZSdC95MzJIa2ZoMFhzY0ZLaFJBTkNBQVM3dUY3aG5QTUp5TkgwUzVFMVg5Mk5BVSs3dTJxZgo4WDhPSnBCMDFIOVJCc2hHZDRhaE8yUDNVZTB0SkZJeVM2empEaXdtUHMyUitiM0dMZExoUC9lWQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 50 | kind: Secret 51 | metadata: 52 | creationTimestamp: "2022-02-28T18:03:39Z" 53 | name: hlf-msp-key-user 54 | namespace: org-3 55 | resourceVersion: "1157045" 56 | uid: c97fc370-cc07-40ce-83d4-bb475dc1363d 57 | type: Opaque 58 | - apiVersion: v1 59 | data: 60 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBakNDQXFtZ0F3SUJBZ0lVSjJoeGpkREdaUzZMdVVxaTE3T1BpakRudERNd0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN6TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKWFRFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFUE1BMEdBMVVFQ3hNR1kyeHBaVzUwTVE0d0RBWURWUVFERXdWaFpHMXBiakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkNOd1BPUXZqdkZKSEcrUW5iQkRUbWNlUDl0M1U5OHgKQ1FjUkRWM09JRzlBdUVUUVBXS2dNcXJka0pYaVo3aHFlSlhEcEJvdms4eWY2YnFqTGZDTmxDdWpnZ0UwTUlJQgpNREFPQmdOVkhROEJBZjhFQkFNQ0E2Z3dIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DCk1Bd0dBMVVkRXdFQi93UUNNQUF3SFFZRFZSME9CQllFRkxQbUtId3VjVTc5VlpmYkFBaXFZVG9tV2FJZk1COEcKQTFVZEl3UVlNQmFBRkdIdXV0ZDA4RWY1eXN1dG8zUE1nd1E0cjRZVU1EVUdBMVVkRVFRdU1DeUNDV3h2WTJGcwphRzl6ZElJWktpNXZjbWN0TXk1emRtTXVZMngxYzNSbGNpNXNiMk5oYkljRWZ3QUFBVEI2QmdncUF3UUZCZ2NJCkFRUnVleUpoZEhSeWN5STZleUpoWW1GakxtbHVhWFFpT2lKMGNuVmxJaXdpWVdSdGFXNGlPaUowY25WbElpd2kKYUdZdVFXWm1hV3hwWVhScGIyNGlPaUlpTENKb1ppNUZibkp2Ykd4dFpXNTBTVVFpT2lKaFpHMXBiaUlzSW1obQpMbFI1Y0dVaU9pSmpiR2xsYm5RaWZYMHdDZ1lJS29aSXpqMEVBd0lEUndBd1JBSWdBcVd1QjRkdUhWU0dxRHovCkhPRmxna3pOQkorc1IwZmxhZFhmaVJFUmdza0NJRTlFVUJQdVBrZEp4NFhNUnJFNWtRSG5FT0dIa1BPaUF4M0sKWlg3VnQ2UmgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 61 | tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZzIvaHQ5TnJLekxEdS9UeEwKQnNHVGpuTHhjQjJwSmwwbHlpbURBVFp2dFppaFJBTkNBQVFqY0R6a0w0N3hTUnh2a0oyd1EwNW5Iai9iZDFQZgpNUWtIRVExZHppQnZRTGhFMEQxaW9ES3EzWkNWNG1lNGFuaVZ3NlFhTDVQTW4rbTZveTN3alpRcgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 62 | kind: Secret 63 | metadata: 64 | creationTimestamp: "2022-02-28T18:03:33Z" 65 | name: hlf-tls-admin 66 | namespace: org-3 67 | resourceVersion: "1157001" 68 | uid: a2fe811e-d4e5-45c6-a2ad-0c1cf5601b28 69 | type: kubernetes.io/tls 70 | - apiVersion: v1 71 | data: 72 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMyakNDQW9HZ0F3SUJBZ0lVRFpwMlg2RWttRldYK0pWL09KNk9HSW95aE84d0NnWUlLb1pJemowRUF3SXcKYmpFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUkF3CkRnWURWUVFERXdkeVkyRlBjbWN6TUI0WERUSXlNREl5T0RFM05UZ3dNRm9YRFRJM01ESXlOekU0TURRd01Gb3cKV2pFTE1Ba0dBMVVFQmhNQ1ZWTXhGekFWQmdOVkJBZ1REazV2Y25Sb0lFTmhjbTlzYVc1aE1SUXdFZ1lEVlFRSwpFd3RJZVhCbGNteGxaR2RsY2pFTk1Bc0dBMVVFQ3hNRWNHVmxjakVOTUFzR0ExVUVBeE1FZFhObGNqQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCR1U4MXhhQU1NQWxjOGMvSmdFTWc5MUJrRHZlUUVnZ3dzOGQKeFRsRzBvMy9FekV1UnQ5VTNXOWl4M2tEWjFBUFNCbXdEamx2bGtlcVJDYW1Ic0NMYnBpamdnRVBNSUlCQ3pBTwpCZ05WSFE4QkFmOEVCQU1DQTZnd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHCkExVWRFd0VCL3dRQ01BQXdIUVlEVlIwT0JCWUVGTWQ0L0pQL1J6Wnh5R05iNzJFWkxDeWVIemZXTUI4R0ExVWQKSXdRWU1CYUFGR0h1dXRkMDhFZjV5c3V0bzNQTWd3UTRyNFlVTURVR0ExVWRFUVF1TUN5Q0NXeHZZMkZzYUc5egpkSUlaS2k1dmNtY3RNeTV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiSWNFZndBQUFUQlZCZ2dxQXdRRkJnY0lBUVJKCmV5SmhkSFJ5Y3lJNmV5Sm9aaTVCWm1acGJHbGhkR2x2YmlJNklpSXNJbWhtTGtWdWNtOXNiRzFsYm5SSlJDSTYKSW5WelpYSWlMQ0pvWmk1VWVYQmxJam9pY0dWbGNpSjlmVEFLQmdncWhrak9QUVFEQWdOSEFEQkVBaUFYU0dVbgpzeUlETnB1UzY1K1JqQkRCbm1kVTdZbk5aR09wK3g1NEdWbjkvd0lnSlFvU3RhbDNSdW0zaS9CRUdsWGdCc3NiClh5WUdnNGE5dUg3UkxaWGZFVTQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 73 | tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0NxQjMvQW1KVlY3MDdWdzQKZzB2VjUwUno3OFBKQzFINGhSSTQ5cENIVW5LaFJBTkNBQVJsUE5jV2dEREFKWFBIUHlZQkRJUGRRWkE3M2tCSQpJTUxQSGNVNVJ0S04veE14TGtiZlZOMXZZc2Q1QTJkUUQwZ1pzQTQ1YjVaSHFrUW1waDdBaTI2WQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 74 | kind: Secret 75 | metadata: 76 | creationTimestamp: "2022-02-28T18:03:41Z" 77 | name: hlf-tls-user 78 | namespace: org-3 79 | resourceVersion: "1157055" 80 | uid: 47290814-2d28-4a99-9661-575db3671f94 81 | type: kubernetes.io/tls 82 | - apiVersion: v1 83 | data: 84 | cacert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNLVENDQWMrZ0F3SUJBZ0lVUm5RWXpnNk5xcldFSTJzRlVpQUNZUTlWM1lJd0NnWUlLb1pJemowRUF3SXcKY1RFTE1Ba0dBMVVFQmhNQ1JsSXhHVEFYQmdOVkJBZ1RFRXh2YVhKbExVRjBiR0Z1ZEdseGRXVXhEekFOQmdOVgpCQWNUQms1aGJuUmxjekVRTUE0R0ExVUVDaE1IVTNWaWMzUnlZVEVQTUEwR0ExVUVDeE1HUm1GaWNtbGpNUk13CkVRWURWUVFERXdweVkyRlBjbVJsY21WeU1CNFhEVEl5TURJeU9ERTNOVGN3TUZvWERUTTNNREl5TkRFM05UY3cKTUZvd2NURUxNQWtHQTFVRUJoTUNSbEl4R1RBWEJnTlZCQWdURUV4dmFYSmxMVUYwYkdGdWRHbHhkV1V4RHpBTgpCZ05WQkFjVEJrNWhiblJsY3pFUU1BNEdBMVVFQ2hNSFUzVmljM1J5WVRFUE1BMEdBMVVFQ3hNR1JtRmljbWxqCk1STXdFUVlEVlFRREV3cHlZMkZQY21SbGNtVnlNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUKSUdUNnc3OS9oZ2JScVdVcU9OemU0WnRuY3BvWmdXTGZMSXFmUUF2dUp3ZUtCSnhCaUdOSGxISWZXVStKWExXcAo5Tk1Dcno3VVZUY2J3MDVsVDJpcy9hTkZNRU13RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJCk1BWUJBZjhDQVFFd0hRWURWUjBPQkJZRUZIU2JQNUNzU1R2MmdkN3MrYXBuWDFiK2RWWm9NQW9HQ0NxR1NNNDkKQkFNQ0EwZ0FNRVVDSVFEenNJRlJXQTdYd1MwMnNjdGZKNTVvWjNoeGRuMHpSZWMyOThROTdoOStMQUlnSitlUwpVemwzcFR5RFRJOHlMeG55VTRnWUpvZVNobmJPbWhuaWRDR2VzMGc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 85 | kind: Secret 86 | metadata: 87 | creationTimestamp: "2022-02-28T18:03:26Z" 88 | name: ord-tls-rootcert 89 | namespace: org-3 90 | resourceVersion: "1156930" 91 | uid: f9e84f7c-6c0f-4753-98bc-cb4de6700e52 92 | type: Opaque 93 | kind: List 94 | metadata: 95 | resourceVersion: "" 96 | selfLink: "" 97 | -------------------------------------------------------------------------------- /examples/secrets/skaffold.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: skaffold/v4beta2 2 | kind: Config 3 | metadata: 4 | name: common 5 | manifests: 6 | rawYaml: 7 | - ./secrets-orderer-genesis.yaml 8 | - ./secrets-orderer.yaml 9 | - ./secrets-org-1.yaml 10 | - ./secrets-org-2.yaml -------------------------------------------------------------------------------- /examples/serviceAccounts/README.md: -------------------------------------------------------------------------------- 1 | # K8s manifests 2 | 3 | These manifests are only used in the case of a local skaffold deployment. 4 | We need these service accounts because the Helm post-delete hooks we use needs the permission to delete secrets. 5 | 6 | If you want to deploy substra using plain helm and want to use the hooks to clean everything you can adapt these manifests to create a serviceAccount with the right permissions in your cluster. 7 | -------------------------------------------------------------------------------- /examples/serviceAccounts/serviceAccount-orderer.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: substra-delete-hook 6 | namespace: orderer 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: Role 10 | metadata: 11 | name: substra-delete-hook 12 | namespace: orderer 13 | rules: 14 | - apiGroups: [""] 15 | resources: ["secrets"] 16 | verbs: 17 | - delete 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: RoleBinding 21 | metadata: 22 | name: substra-delete-hook 23 | namespace: orderer 24 | subjects: 25 | - kind: ServiceAccount 26 | name: substra-delete-hook 27 | namespace: orderer 28 | roleRef: 29 | kind: Role 30 | name: substra-delete-hook 31 | apiGroup: rbac.authorization.k8s.io 32 | -------------------------------------------------------------------------------- /examples/serviceAccounts/serviceAccount-org-1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: substra-delete-hook 6 | namespace: org-1 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: Role 10 | metadata: 11 | name: substra-delete-hook 12 | namespace: org-1 13 | rules: 14 | - apiGroups: [""] 15 | resources: ["secrets"] 16 | verbs: 17 | - delete 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: RoleBinding 21 | metadata: 22 | name: substra-delete-hook 23 | namespace: org-1 24 | subjects: 25 | - kind: ServiceAccount 26 | name: substra-delete-hook 27 | namespace: org-1 28 | roleRef: 29 | kind: Role 30 | name: substra-delete-hook 31 | apiGroup: rbac.authorization.k8s.io 32 | -------------------------------------------------------------------------------- /examples/serviceAccounts/serviceAccount-org-2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: substra-delete-hook 6 | namespace: org-2 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: Role 10 | metadata: 11 | name: substra-delete-hook 12 | namespace: org-2 13 | rules: 14 | - apiGroups: [""] 15 | resources: ["secrets"] 16 | verbs: 17 | - delete 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: RoleBinding 21 | metadata: 22 | name: substra-delete-hook 23 | namespace: org-2 24 | subjects: 25 | - kind: ServiceAccount 26 | name: substra-delete-hook 27 | namespace: org-2 28 | roleRef: 29 | kind: Role 30 | name: substra-delete-hook 31 | apiGroup: rbac.authorization.k8s.io 32 | -------------------------------------------------------------------------------- /examples/serviceAccounts/serviceAccount-org-3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: substra-delete-hook 6 | namespace: org-3 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: Role 10 | metadata: 11 | name: substra-delete-hook 12 | namespace: org-3 13 | rules: 14 | - apiGroups: [""] 15 | resources: ["secrets"] 16 | verbs: 17 | - delete 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: RoleBinding 21 | metadata: 22 | name: substra-delete-hook 23 | namespace: org-3 24 | subjects: 25 | - kind: ServiceAccount 26 | name: substra-delete-hook 27 | namespace: org-3 28 | roleRef: 29 | kind: Role 30 | name: substra-delete-hook 31 | apiGroup: rbac.authorization.k8s.io 32 | -------------------------------------------------------------------------------- /examples/serviceAccounts/serviceAccount-org-4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: substra-delete-hook 6 | namespace: org-4 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: Role 10 | metadata: 11 | name: substra-delete-hook 12 | namespace: org-4 13 | rules: 14 | - apiGroups: [""] 15 | resources: ["secrets"] 16 | verbs: 17 | - delete 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: RoleBinding 21 | metadata: 22 | name: substra-delete-hook 23 | namespace: org-4 24 | subjects: 25 | - kind: ServiceAccount 26 | name: substra-delete-hook 27 | namespace: org-4 28 | roleRef: 29 | kind: Role 30 | name: substra-delete-hook 31 | apiGroup: rbac.authorization.k8s.io 32 | -------------------------------------------------------------------------------- /examples/serviceAccounts/skaffold.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: skaffold/v4beta2 2 | kind: Config 3 | metadata: 4 | name: org-1+2 5 | manifests: 6 | rawYaml: 7 | - ./serviceAccount-org-1.yaml 8 | - ./serviceAccount-org-2.yaml 9 | --- 10 | apiVersion: skaffold/v4beta2 11 | kind: Config 12 | metadata: 13 | name: orderer 14 | manifests: 15 | rawYaml: 16 | - ./serviceAccount-orderer.yaml 17 | --- 18 | apiVersion: skaffold/v4beta2 19 | kind: Config 20 | metadata: 21 | name: org-3 22 | manifests: 23 | rawYaml: 24 | - ./serviceAccount-org-3.yaml 25 | --- 26 | apiVersion: skaffold/v4beta2 27 | kind: Config 28 | metadata: 29 | name: org-4 30 | manifests: 31 | rawYaml: 32 | - ./serviceAccount-org-4.yaml -------------------------------------------------------------------------------- /examples/test-dev-network.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # (Local development script) 4 | # This script verifies that the network is functional by invoking a smart 5 | # contract on each node. 6 | # 7 | # Usage: 8 | # ./test-dev-network.sh N 9 | # where N is the number of nodes on your network 10 | # 11 | # Example: 12 | # ./test-dev-network.sh 2 13 | # 14 | 15 | NUM_ORGS=${1:-2} 16 | PARAMS='{\"msg\":\"{\\\"filter\\\":{}}\",\"request_id\":\"30a59245\"}' 17 | 18 | for i in `seq $NUM_ORGS`; do 19 | echo org-$i 20 | kubectl exec -it -n org-$i `kubectl get pods -n org-$i | grep toolbox | cut -d' ' -f1` -- \ 21 | bash -c "peer chaincode invoke \ 22 | -C mychannel \ 23 | -n mycc \ 24 | --tls \ 25 | --clientauth \ 26 | --cafile /var/hyperledger/tls/ord/cert/cacert.pem \ 27 | --certfile /var/hyperledger/tls/server/pair/tls.crt \ 28 | --keyfile /var/hyperledger/tls/server/pair/tls.key \ 29 | -o network-orderer-hlf-ord.orderer.svc.cluster.local:7050 \ 30 | -c '{\"Args\":[\"orchestrator.computetask:QueryTasks\", \"${PARAMS}\"]}'" 31 | echo '-----------' 32 | done 33 | -------------------------------------------------------------------------------- /skaffold.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: skaffold/v4beta2 2 | kind: Config 3 | build: 4 | artifacts: 5 | - image: substra/fabric-tools 6 | context: . 7 | docker: 8 | dockerfile: docker/fabric-tools/Dockerfile 9 | - image: substra/fabric-peer 10 | context: . 11 | docker: 12 | dockerfile: docker/fabric-peer/Dockerfile 13 | 14 | requires: 15 | - path: examples/secrets/skaffold.yaml 16 | - path: examples/serviceAccounts/skaffold.yaml 17 | configs: 18 | - org-1+2 19 | 20 | # FIXME: Replace `deploy` by `manifests` when these functions are refactored https://github.com/owkin/substra-ci/blob/main/ci/deploy.py#L89 and https://github.com/owkin/substra-ci/blob/main/ci/deploy.py#L141 21 | deploy: 22 | helm: 23 | releases: 24 | - name: network-orderer 25 | chartPath: charts/hlf-k8s 26 | valuesFiles: 27 | - examples/2-orgs-policy-any-no-ca/values/orderer.yaml 28 | namespace: orderer 29 | setValueTemplates: 30 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 31 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 32 | createNamespace: true 33 | - name: network-org-1-peer-1 34 | chartPath: charts/hlf-k8s 35 | valuesFiles: 36 | - examples/2-orgs-policy-any-no-ca/values/org-1-peer-1.yaml 37 | namespace: org-1 38 | setValueTemplates: 39 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 40 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 41 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 42 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 43 | createNamespace: true 44 | skipBuildDependencies: true 45 | - name: network-org-2-peer-1 46 | chartPath: charts/hlf-k8s 47 | valuesFiles: 48 | - examples/2-orgs-policy-any-no-ca/values/org-2-peer-1.yaml 49 | namespace: org-2 50 | setValueTemplates: 51 | fabric-tools.image.repository: '{{.IMAGE_REPO_substra_fabric_tools}}' 52 | fabric-tools.image.tag: '{{.IMAGE_TAG_substra_fabric_tools}}@{{.IMAGE_DIGEST_substra_fabric_tools}}' 53 | hlf-peer.image.repository: '{{.IMAGE_REPO_substra_fabric_peer}}' 54 | hlf-peer.image.tag: '{{.IMAGE_TAG_substra_fabric_peer}}@{{.IMAGE_DIGEST_substra_fabric_peer}}' 55 | createNamespace: true 56 | skipBuildDependencies: true 57 | statusCheckDeadlineSeconds: 300 58 | 59 | profiles: 60 | - name: nodeps 61 | patches: 62 | - op: add 63 | path: /deploy/helm/releases/0/skipBuildDependencies 64 | value: true 65 | - name: single-org 66 | patches: 67 | - op: remove 68 | path: /deploy/helm/releases/2 69 | # Removes the org-2 manifests, at indexes 3 and 5. 70 | # we remove index 5 first because starting with index 3 turns index 5 into index 4 and that's 71 | # confusing. 72 | - op: remove 73 | path: /manifests/rawYaml/manifests/5 74 | - op: remove 75 | path: /manifests/rawYaml/manifests/3 76 | --------------------------------------------------------------------------------