├── LICENSE ├── README.md ├── fabric-kube ├── .gitignore ├── README.md ├── artifacts-flow │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ └── artifacts-workflow.yaml │ └── values.yaml ├── backup-flow │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ └── backup-workflow.yaml │ └── values.yaml ├── chaincode-flow │ ├── .gitignore │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ └── chaincodes-workflow.yaml │ ├── values.invoke.yaml │ └── values.yaml ├── channel-flow │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ └── channel-workflow.yaml │ └── values.yaml ├── collect_host_aliases.sh ├── docker │ └── fabric-tools │ │ └── Dockerfile ├── docs │ └── hl_config_sample │ │ ├── configtx.yaml │ │ ├── core.yaml │ │ └── orderer.yaml ├── hlf-init-kube │ ├── .gitignore │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── requirements.yaml │ ├── scripts │ │ ├── add_newpeerorg_to_channel_config.sh │ │ ├── add_newpeerorg_to_consortium.sh │ │ ├── attach_anchor_peers.sh │ │ ├── prepare_config_update_block.sh │ │ └── start-root-ca.sh │ ├── templates │ │ ├── NOTES.txt │ │ ├── chaincode-configmap.yaml │ │ ├── channel-artifacts-pvc.yaml │ │ ├── configtx-secret.yaml │ │ ├── orderer-ca-deployment.yaml │ │ ├── orderer-ca-ingress.yaml │ │ ├── orderer-ca-pvc.yaml │ │ ├── orderer-ca-service.yaml │ │ ├── orderer-host-pvc.yaml │ │ ├── orderer-pvc.yaml │ │ ├── peer-org-pvc.yaml │ │ ├── peer-pvc.yaml │ │ ├── peerorg-ca-deployment.yaml │ │ ├── peerorg-ca-pvc.yaml │ │ ├── peerorg-ca-service.yaml │ │ ├── peerorgca-ingress.yaml │ │ └── scripts-configmap.yaml │ └── values.yaml ├── hlf-kube │ ├── .gitignore │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── couchdb-ingress.yaml │ │ ├── couchdb-service.yaml │ │ ├── kafka-service.yaml │ │ ├── orderer-org-service.yaml │ │ ├── orderer-rsync-service.yaml │ │ ├── orderer-service.yaml │ │ ├── orderer-statefulset.yaml │ │ ├── peer-org-service.yaml │ │ ├── peer-rsync-service.yaml │ │ ├── peer-service.yaml │ │ └── peer-statefulset.yaml │ └── values.yaml ├── peer-org-flow │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ └── peerorg-workflow.yaml │ └── values.yaml ├── prepare_chaincodes.sh ├── restore-flow │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ └── restore-workflow.yaml │ └── values.yaml ├── samples │ ├── chaincode │ │ ├── README.md │ │ ├── even-simpler │ │ │ ├── even-simpler.js │ │ │ ├── index.js │ │ │ └── package.json │ │ └── very-simple │ │ │ ├── index.js │ │ │ ├── package.json │ │ │ └── very-simple.js │ ├── scaled-kafka │ │ ├── .gitignore │ │ ├── README.md │ │ ├── configtx.yaml │ │ ├── crypto-config.yaml │ │ ├── network.yaml │ │ ├── values.yaml │ │ └── vault.yaml │ ├── scaled-raft-tls │ │ ├── .gitignore │ │ ├── README.md │ │ ├── configtx.yaml │ │ ├── crypto-config.yaml │ │ ├── extended │ │ │ ├── configtx.yaml │ │ │ ├── crypto-config.yaml │ │ │ └── network.yaml │ │ ├── network.yaml │ │ ├── persistence.yaml │ │ └── vault.yaml │ ├── simple-persistent │ │ ├── .gitignore │ │ ├── README.md │ │ ├── configtx.yaml │ │ ├── crypto-config.yaml │ │ ├── network.yaml │ │ ├── values.yaml │ │ └── vault.yaml │ └── simple │ │ ├── .gitignore │ │ ├── configtx-original.yaml │ │ ├── configtx.yaml │ │ ├── crypto-config.yaml │ │ ├── extended │ │ ├── configtx.yaml │ │ ├── crypto-config.yaml │ │ └── network.yaml │ │ ├── network.yaml │ │ └── vault.yaml ├── storage │ └── azurefile │ │ ├── azure-file-sc.yaml │ │ └── azure-pvc-roles.yaml └── util.sh └── images ├── artifacts-flow-simple.png ├── chaincode-flow-simple.png ├── chaincode-flow-upgrade-2.png ├── chaincode-flow-upgrade-3.png ├── channel-flow-simple.png ├── hlf-init-kube-pod-watch-simple-1.png ├── hlf-init-kube-pod-watch-simple.png ├── hlf-kube-init-pod-watch-kafka.png ├── hlf-kube-pod-watch-simple.png └── peer-org-flow.png /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /fabric-kube/.gitignore: -------------------------------------------------------------------------------- 1 | crypto-config/ 2 | channel-artifacts/ 3 | wtf.yaml 4 | tmp/* 5 | **/hostAliases.yaml 6 | -------------------------------------------------------------------------------- /fabric-kube/README.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /fabric-kube/artifacts-flow/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /fabric-kube/artifacts-flow/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: artifacts-flow 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /fabric-kube/artifacts-flow/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for artifacts-workflow. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # number of times to retry a failed leaf task 6 | retryCount: 4 7 | 8 | hyperledgerVersion: 1.4.3 9 | 10 | # see the Raft sample in the README for how to enable TLS 11 | tlsEnabled: false 12 | 13 | # use actual domain names like peer0.atlantis.com instead of internal service names 14 | # this should be set to true for TLS 15 | useActualDomains: false 16 | logLevel: info 17 | adminCerts: true 18 | ca: 19 | userName: admin 20 | password: adminpw 21 | logLevel: info 22 | ingress: 23 | enabled: false 24 | 25 | flow: 26 | orderer: 27 | # run orderer certificate generation in parallel 28 | parallel: false 29 | peerorgs: 30 | # run peer org certificate generation in parallel 31 | parallel: false 32 | 33 | 34 | -------------------------------------------------------------------------------- /fabric-kube/backup-flow/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /fabric-kube/backup-flow/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: backup-flow 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /fabric-kube/backup-flow/templates/backup-workflow.yaml: -------------------------------------------------------------------------------- 1 | {{- $backupKey := (not .Values.backup.key) | ternary (now | htmlDate) .Values.backup.key }} 2 | 3 | 4 | apiVersion: argoproj.io/v1alpha1 5 | kind: Workflow 6 | metadata: 7 | generateName: hlf-backup- 8 | spec: 9 | entrypoint: backup 10 | 11 | templates: 12 | - name: backup 13 | steps: 14 | - 15 | # top level: peer/orderer 16 | {{- if or $.Values.flow.peer.backup.enabled $.Values.flow.couchdb.backup.enabled }} 17 | - name: backup-peers 18 | template: backup-peers 19 | {{- end }} 20 | {{- if $.Values.flow.orderer.backup.enabled }} 21 | - name: backup-orderers 22 | template: backup-orderers 23 | {{- end }} 24 | 25 | # second level: peers 26 | {{- if or $.Values.flow.peer.backup.enabled $.Values.flow.couchdb.backup.enabled }} 27 | - name: backup-peers 28 | steps: 29 | - 30 | {{- range $i, $org := .Values.PeerOrgs }} 31 | {{- range $peerIndex := until ($org.Template.Count | int) }} 32 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 33 | 34 | - name: backup-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 35 | template: backup-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 36 | 37 | {{- end }} {{- /* Peers */ -}} 38 | {{- end }} {{- /* Orgs */ -}} 39 | {{- end }} {{- /* if peer/couchdb backup enabled */ -}} {{""}} 40 | 41 | # second level: orderers 42 | {{- if $.Values.flow.orderer.backup.enabled }} 43 | 44 | - name: backup-orderers 45 | steps: 46 | - 47 | {{- range $i, $org := .Values.OrdererOrgs }} 48 | {{- range $i, $host := $org.Specs }} 49 | {{- range $orderer := until ($.Values.flow.orderer.replicas | int) }} 50 | 51 | - name: backup-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 52 | template: backup-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 53 | 54 | {{- end }} {{- /* orderer */ -}} 55 | {{- end }} {{- /* org.Specs */ -}} 56 | {{- end }} {{- /* OrdererOrgs */ -}} 57 | {{- end }} {{- /* if orderer backup enabled */ -}} {{""}} 58 | 59 | 60 | # third level: peers get/backup data 61 | {{- if or $.Values.flow.peer.backup.enabled $.Values.flow.couchdb.backup.enabled }} 62 | {{- range $i, $org := .Values.PeerOrgs }} 63 | {{- range $peerIndex := until ($org.Template.Count | int) }} 64 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 65 | 66 | - name: backup-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 67 | steps: 68 | - - name: get-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 69 | template: get-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 70 | - - name: backup-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 71 | template: backup-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 72 | arguments: 73 | artifacts: 74 | - name: peer-backup 75 | from: "{{ "{{" }}steps.get-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }}.outputs.artifacts.peer-backup{{ "}}" }}" 76 | 77 | {{- end }} {{- /* Peers */ -}} 78 | {{- end }} {{- /* Orgs */ -}} 79 | {{- end }} {{- /* if peer/couchdb backup enabled */ -}} {{""}} 80 | 81 | # third level: orderers get/backup data 82 | {{- if $.Values.flow.orderer.backup.enabled }} 83 | {{- range $i, $org := .Values.OrdererOrgs }} 84 | {{- range $i, $host := $org.Specs }} 85 | {{- range $orderer := until ($.Values.flow.orderer.replicas | int) }} 86 | 87 | - name: backup-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 88 | steps: 89 | - - name: get-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 90 | template: get-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 91 | - - name: backup-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 92 | template: backup-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 93 | arguments: 94 | artifacts: 95 | - name: orderer-backup 96 | from: "{{ "{{" }}steps.get-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }}.outputs.artifacts.orderer-backup{{ "}}" }}" 97 | 98 | {{- end }} {{- /* orderer */ -}} 99 | {{- end }} {{- /* org.Specs */ -}} 100 | {{- end }} {{- /* OrdererOrgs */ -}} 101 | {{- end }} {{- /* if orderer backup enabled */ -}} {{""}} 102 | 103 | # leaf get-peer-data templates 104 | {{- if or $.Values.flow.peer.backup.enabled $.Values.flow.couchdb.backup.enabled }} 105 | {{- range $i, $org := .Values.PeerOrgs }} 106 | {{- range $peerIndex := until ($org.Template.Count | int) }} 107 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 108 | 109 | - name: get-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 110 | # org: {{ $org.Name }} 111 | # peer: {{ $peer }} 112 | retryStrategy: 113 | limit: {{ $.Values.retryCount }} 114 | container: 115 | image: axiom/rsync-server:latest 116 | command: ["sh", "-c", "mkdir /hlf-backup && \ 117 | rsync -avz rsync://user@hlf-peer-rsync--{{ $org.Name | lower }}--{{ $peer | lower }}/volume /hlf-backup/"] 118 | env: 119 | - name: RSYNC_PASSWORD 120 | value: pass 121 | outputs: 122 | artifacts: 123 | - name: peer-backup 124 | path: /hlf-backup/ 125 | 126 | 127 | {{- end }} {{- /* Peers */ -}} 128 | {{- end }} {{- /* Orgs */ -}} 129 | {{- end }} {{- /* if peer/couchdb backup enabled */ -}} {{""}} 130 | 131 | # leaf backup-peer-data templates 132 | {{- if or $.Values.flow.peer.backup.enabled $.Values.flow.couchdb.backup.enabled }} 133 | {{- range $i, $org := .Values.PeerOrgs }} 134 | {{- range $peerIndex := until ($org.Template.Count | int) }} 135 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 136 | 137 | - name: backup-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 138 | # org: {{ $org.Name }} 139 | # peer: {{ $peer }} 140 | # backupKey: {{ $backupKey }} 141 | inputs: 142 | artifacts: 143 | - name: peer-backup 144 | path: /hlf-backup/ 145 | retryStrategy: 146 | limit: {{ $.Values.retryCount }} 147 | 148 | container: 149 | 150 | {{- if eq $.Values.backup.target.type "azureBlobStorage" }} 151 | image: microsoft/azure-cli:latest 152 | command: ["sh", "-c", "az storage blob upload-batch \ 153 | --source /hlf-backup/ \ 154 | --destination-path {{ $backupKey }}/PeerOrgs/{{ $org.Name }}/{{ $peer }} \ 155 | --account-name {{ required "backup.target.azureBlobStorage.accountName is required!" $.Values.backup.target.azureBlobStorage.accountName }} \ 156 | --destination {{ required "backup.target.azureBlobStorage.destination is required!" $.Values.backup.target.azureBlobStorage.destination }} \ 157 | "] 158 | env: 159 | - name: AZURE_STORAGE_KEY 160 | value: {{ required "backup.target.azureBlobStorage.accessKey is required!" $.Values.backup.target.azureBlobStorage.accessKey }} 161 | {{- end }} 162 | 163 | {{- end }} {{- /* Peers */ -}} 164 | {{- end }} {{- /* Orgs */ -}} 165 | {{- end }} {{- /* if peer/couchdb backup enabled */ -}} {{""}} 166 | 167 | 168 | # leaf get-orderer-data templates 169 | {{- if $.Values.flow.orderer.backup.enabled }} 170 | {{- range $i, $org := .Values.OrdererOrgs }} 171 | {{- range $i, $host := $org.Specs }} 172 | {{- range $orderer := until ($.Values.flow.orderer.replicas | int) }} 173 | 174 | - name: get-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 175 | # org: {{ $org.Name }} 176 | # hostname: {{ $host.Hostname }} 177 | # orderer: {{ $orderer }} 178 | retryStrategy: 179 | limit: {{ $.Values.retryCount }} 180 | container: 181 | image: axiom/rsync-server:latest 182 | command: ["sh", "-c", "mkdir /hlf-backup && \ 183 | rsync -avz rsync://user@hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}-{{ $orderer }}.hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}/volume /hlf-backup/"] 184 | env: 185 | - name: RSYNC_PASSWORD 186 | value: pass 187 | outputs: 188 | artifacts: 189 | - name: orderer-backup 190 | path: /hlf-backup/ 191 | 192 | 193 | {{- end }} {{- /* orderer */ -}} 194 | {{- end }} {{- /* org.Specs */ -}} 195 | {{- end }} {{- /* OrdererOrgs */ -}} 196 | {{- end }} {{- /* if orderer backup enabled */ -}} {{""}} 197 | 198 | # leaf backup-orderer-data templates 199 | {{- if $.Values.flow.orderer.backup.enabled }} 200 | {{- range $i, $org := .Values.OrdererOrgs }} 201 | {{- range $i, $host := $org.Specs }} 202 | {{- range $orderer := until ($.Values.flow.orderer.replicas | int) }} 203 | 204 | - name: backup-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 205 | # org: {{ $org.Name }} 206 | # hostname: {{ $host.Hostname }} 207 | # orderer: {{ $orderer }} 208 | # backupKey: {{ $backupKey }} 209 | inputs: 210 | artifacts: 211 | - name: orderer-backup 212 | path: /hlf-backup/ 213 | retryStrategy: 214 | limit: {{ $.Values.retryCount }} 215 | 216 | container: 217 | 218 | {{- if eq $.Values.backup.target.type "azureBlobStorage" }} 219 | image: microsoft/azure-cli:latest 220 | command: ["sh", "-c", "az storage blob upload-batch \ 221 | --source /hlf-backup/ \ 222 | --destination-path {{ $backupKey }}/OrdererOrgs/{{ $org.Name }}/{{ $host.Hostname }}/{{ $orderer }} \ 223 | --account-name {{ required "backup.target.azureBlobStorage.accountName is required!" $.Values.backup.target.azureBlobStorage.accountName }} \ 224 | --destination {{ required "backup.target.azureBlobStorage.destination is required!" $.Values.backup.target.azureBlobStorage.destination }} \ 225 | "] 226 | env: 227 | - name: AZURE_STORAGE_KEY 228 | value: {{ required "backup.target.azureBlobStorage.accessKey is required!" $.Values.backup.target.azureBlobStorage.accessKey }} 229 | {{- end }} 230 | 231 | {{- end }} {{- /* orderer */ -}} 232 | {{- end }} {{- /* org.Specs */ -}} 233 | {{- end }} {{- /* OrdererOrgs */ -}} 234 | {{- end }} {{- /* if orderer backup enabled */ -}} {{""}} 235 | --- -------------------------------------------------------------------------------- /fabric-kube/backup-flow/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for hlf-kube. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # number of times to retry a failed leaf task 6 | retryCount: 4 7 | 8 | backup: 9 | # if not specified defaults to current date 10 | key: 11 | target: 12 | # only azureBlobStorage for now, feel free to implement S3 13 | type: azureBlobStorage 14 | azureBlobStorage: 15 | # storage account name 16 | accountName: 17 | # container name in storage account 18 | destination: hlf-backup 19 | # credentials 20 | accessKey: 21 | 22 | flow: 23 | peer: 24 | backup: 25 | # take backup of peers? 26 | enabled: true 27 | couchdb: 28 | backup: 29 | # take backup of CouchDB's? 30 | enabled: true 31 | orderer: 32 | replicas: 1 33 | backup: 34 | # take backup of orderers? 35 | enabled: true 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /fabric-kube/chaincode-flow/.gitignore: -------------------------------------------------------------------------------- 1 | chaincode/ 2 | -------------------------------------------------------------------------------- /fabric-kube/chaincode-flow/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /fabric-kube/chaincode-flow/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: chaincode-flow 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /fabric-kube/chaincode-flow/values.invoke.yaml: -------------------------------------------------------------------------------- 1 | # This is a YAML-formatted file. 2 | # Declare variables to be passed into your templates. 3 | 4 | flow: 5 | chaincode: 6 | parallel: true 7 | install: 8 | enabled: false 9 | instantiate: 10 | enabled: false -------------------------------------------------------------------------------- /fabric-kube/chaincode-flow/values.yaml: -------------------------------------------------------------------------------- 1 | # This is a YAML-formatted file. 2 | # Declare variables to be passed into your templates. 3 | 4 | # number of times to retry a failed leaf task 5 | # especially on high end machines install step frequently fails, that's why this number is high 6 | # see https://jira.hyperledger.org/browse/FAB-15026 7 | retryCount: 20 8 | 9 | hyperledgerVersion: 1.4.3 10 | 11 | # see the Raft sample in the README for how to enable TLS 12 | tlsEnabled: false 13 | 14 | # use actual domain names like peer0.atlantis.com instead of internal service names 15 | # this should be set to true for TLS 16 | useActualDomains: false 17 | 18 | # adds additional DNS entries to /etc/hosts files 19 | # see https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/#adding-additional-entries-with-hostaliases 20 | # this value should be provided if either tlsEnabled or useActualDomains is set to true 21 | # see the Raft sample in the README for how to use this 22 | hostAliases: [] 23 | 24 | logLevel: debug 25 | 26 | flow: 27 | chaincode: 28 | # should we run top level chaincode flows in parallel? 29 | parallel: false 30 | # fill in this array with chaincode names to limit the chaincode flows only to these ones 31 | include: [] 32 | install: 33 | # should we run install step? 34 | enabled: true 35 | parallel: true 36 | instantiate: 37 | # should we run instantiate/upgrade step? 38 | enabled: true 39 | parallel: true 40 | invoke: 41 | # should we run invoke step? 42 | # we invoke chaincode after instantiate/upgrade to force the peers to actually create the chaincode containers 43 | enabled: true 44 | parallel: true 45 | function: '{"function":"ping","Args":[""]}' 46 | 47 | chaincode: 48 | version: "1.0" 49 | language: node 50 | -------------------------------------------------------------------------------- /fabric-kube/channel-flow/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /fabric-kube/channel-flow/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: channel-flow 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /fabric-kube/channel-flow/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for hlf-kube. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # number of times to retry a failed leaf task 6 | retryCount: 4 7 | 8 | hyperledgerVersion: 1.4.3 9 | 10 | # see the Raft sample in the README for how to enable TLS 11 | tlsEnabled: false 12 | 13 | # use actual domain names like peer0.atlantis.com instead of internal service names 14 | # this should be set to true for TLS 15 | useActualDomains: false 16 | 17 | # adds additional DNS entries to /etc/hosts files 18 | # see https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/#adding-additional-entries-with-hostaliases 19 | # this value should be provided if either tlsEnabled or useActualDomains is set to true 20 | # see the Raft sample in the README for how to use this 21 | #hostAliases: [] 22 | 23 | logLevel: info 24 | 25 | flow: 26 | channel: 27 | # should we run top level channel flows in parallel? 28 | # dont set to true if you are using Kafka orderer (as of HL 1.4.0) 29 | parallel: false 30 | # fill in this array with channel names to limit the channel flow only to these ones 31 | include: [] 32 | join: 33 | # run channel join flows in parallel? 34 | parallel: true 35 | update: 36 | # run channel update flows in parallel? 37 | parallel: true 38 | 39 | -------------------------------------------------------------------------------- /fabric-kube/collect_host_aliases.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if test "$#" -lt 1; then 4 | echo "usage: collect_host_aliases.sh [additional arguments for kubectl]" 5 | exit 2 6 | fi 7 | 8 | project_folder=$1 9 | 10 | kubectl get svc -l addToHostAliases=true \ 11 | -o jsonpath='{"hostAliases:\n"}{range..items[*]}- ip: {.spec.clusterIP}{"\n"} hostnames: [{.metadata.labels.fqdn}]{"\n"}{end}' \ 12 | "${@:2}" \ 13 | > $project_folder/hostAliases.yaml 14 | 15 | cat $project_folder/hostAliases.yaml -------------------------------------------------------------------------------- /fabric-kube/docker/fabric-tools/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM raft/hl-fabric-tools:1.4.1 2 | 3 | # install yq via pip 4 | RUN curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py" && \ 5 | python get-pip.py && \ 6 | pip install yq 7 | 8 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/.gitignore: -------------------------------------------------------------------------------- 1 | configtx.yaml 2 | newpeerorg-configtx.yaml 3 | crypto-config/ 4 | channel-artifacts/ 5 | chaincode/ 6 | charts/ 7 | requirements.lock 8 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: hlf-init-kube 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/README.md: -------------------------------------------------------------------------------- 1 | This is the main Helm chart to configure and launch the HL Fabric network. 2 | It's also used for transitioning between normal operation and backup/restore modes. 3 | 4 | This chart can also optionally deploy a Kafka cluster as part of this chart. 5 | 6 | Please refer to [README](../../README.md) in the top level directory and also 7 | inline comments in the [values.yaml](values.yaml) file for how to use this chart. 8 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: kafka 3 | alias: hlf-kafka 4 | repository: http://storage.googleapis.com/kubernetes-charts-incubator 5 | version: 0.14.5 6 | condition: hlf-kafka.enabled 7 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/scripts/add_newpeerorg_to_channel_config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # adds new peer org to given channel config.json and writes output to updated_config.json 4 | 5 | if test "$#" -ne 4; then 6 | echo "usage: add_newpeerorg_to_channel_config.sh " 7 | exit 2 8 | fi 9 | 10 | # switch to caller directory so we can work with relative paths 11 | cd $(pwd) 12 | 13 | # exit when any command fails 14 | set -e 15 | # set -x 16 | 17 | orgID=$1 18 | neworg_json=$2 19 | config_json=$3 20 | updated_config_json=$4 21 | 22 | jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'$(echo $orgID)'":.[1]}}}}}' "$config_json" "$neworg_json" > "$updated_config_json" 23 | echo "-- attached new peer organization $orgID and wrote to $updated_config_json" 24 | 25 | 26 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/scripts/add_newpeerorg_to_consortium.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # adds new peer org to list of consortiums in given system channel config.json and writes output to updated_config.json 4 | 5 | if test "$#" -ne 5; then 6 | echo "usage: add_newpeerorg_to_consortium.sh " 7 | exit 2 8 | fi 9 | 10 | # switch to caller directory so we can work with relative paths 11 | cd $(pwd) 12 | 13 | # exit when any command fails 14 | set -e 15 | # set -x 16 | 17 | orgID=$1 18 | consortium=$2 19 | neworg_json=$3 20 | config_json=$4 21 | updated_config_json=$5 22 | 23 | jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups": {"'$(echo $consortium)'": {"groups": {"'$(echo $orgID)'":.[1]}}}}}}}' "$config_json" "$neworg_json" > "$updated_config_json" 24 | echo "-- attached new peer organization $orgID to consortium $consortium and wrote to $updated_config_json" 25 | 26 | 27 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/scripts/attach_anchor_peers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # parses anchor peers for an organization from configtx.yaml, 4 | # attaches it to config.json and writes output to updated_config.json 5 | 6 | if test "$#" -ne 4; then 7 | echo "usage: attach_anchor_peers.sh " 8 | exit 2 9 | fi 10 | 11 | # switch to caller directory so we can work with relative paths 12 | cd $(pwd) 13 | 14 | # exit when any command fails 15 | set -e 16 | # set -x 17 | 18 | orgID=$1 19 | configtx_yaml=$2 20 | config_json=$3 21 | updated_config_json=$4 22 | workdir="/tmp" 23 | 24 | # parse AnchorPeers from configtx.yaml 25 | anchor_peers=$(yq -c '.Organizations[] | select (.Name == "'$(echo $orgID)'") | .AnchorPeers' "$configtx_yaml") 26 | if [ -z "$anchor_peers" ]; then 27 | echo "-- couldn't parse AnchorPeers for organization $orgID from $configtx_yaml" 28 | exit 1 29 | fi 30 | 31 | echo "-- parsed AnchorPeers for organization $orgID from $configtx_yaml: $anchor_peers" 32 | 33 | # convert keys to lower case in AnchorPeers 34 | anchor_peers=$(echo "$anchor_peers" | jq -c '.[] | with_entries(.key |=ascii_downcase)' | jq -cs .) 35 | echo "-- converted keys in AnchorPeers to lower case: $anchor_peers" 36 | 37 | jq '.channel_group.groups.Application.groups.'$(echo $orgID)'.values += 38 | {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": '$(echo $anchor_peers)'},"version": "0"}}' \ 39 | "$config_json" > "$updated_config_json" 40 | echo "-- attached anchor peers for organization $orgID and wrote to $updated_config_json" 41 | 42 | 43 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/scripts/prepare_config_update_block.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # takes config.json and updated_config.json as inputs 4 | # calculate a config update, wraps in enveleope and convert to protobuf format 5 | # the resulting output block is ready for `peer channel update` 6 | 7 | if test "$#" -ne 4; then 8 | echo "usage: prepare_config_update_block.sh " 9 | exit 2 10 | fi 11 | 12 | # switch to caller directory so we can work with relative paths 13 | cd $(pwd) 14 | 15 | # exit when any command fails 16 | set -e 17 | # set -x 18 | 19 | channelID=$1 20 | config_json=$2 21 | updated_config_json=$3 22 | output_block=$4 23 | workdir="/tmp" 24 | 25 | # convert config.json and updated_config.json to protobuf 26 | configtxlator proto_encode --input "$config_json" --type common.Config --output $workdir/config.pb 27 | echo "-- converted $config_json to protobuf" 28 | configtxlator proto_encode --input "$updated_config_json" --type common.Config --output $workdir/updated_config.pb 29 | echo "-- converted $updated_config_json to protobuf" 30 | 31 | # calculate compute_update 32 | configtxlator compute_update --channel_id $channelID --original $workdir/config.pb --updated $workdir/updated_config.pb --output $workdir/config_update.pb 33 | echo "-- calculated compute_update and wrote to config_update.pb" 34 | 35 | # convert config_update.pb to json 36 | configtxlator proto_decode --input $workdir/config_update.pb --type common.ConfigUpdate | jq . > $workdir/config_update.json 37 | echo "-- converted config_update.pb to json" 38 | 39 | # wrap in envelope 40 | echo '{"payload":{"header":{"channel_header":{"channel_id":'$(echo \"$channelID\")', "type":2}},"data":{"config_update":'$(cat $workdir/config_update.json)'}}}' \ 41 | | jq . > $workdir/config_update_in_envelope.json 42 | echo "-- wrapped config_update.json in envelope" 43 | 44 | # convert to protobuf 45 | configtxlator proto_encode --input $workdir/config_update_in_envelope.json --type common.Envelope --output "$output_block" 46 | echo "-- wrote final protobuf to $output_block" 47 | 48 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/scripts/start-root-ca.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright IBM Corp. All Rights Reserved. 4 | # 5 | # SPDX-License-Identifier: Apache-2.0 6 | # 7 | 8 | set -e 9 | 10 | # Initialize the root CA 11 | fabric-ca-server init --ca.certfile $MY_CA_CERTFILE --ca.keyfile $MY_CA_KEYFILE -b $BOOTSTRAP_USER_PASS 12 | 13 | #persist CA files so that they can be used later 14 | cp $FABRIC_CA_HOME/ca-cert.pem $MY_CA_CERTFILE 15 | cp $FABRIC_CA_HOME/ca-key.pem $MY_CA_KEYFILE 16 | 17 | # Copy the root CA's signing certificate to the data directory to be used by others 18 | #cp $FABRIC_CA_HOME/ca-cert.pem $TARGET_CERTFILE 19 | 20 | # Add the custom orgs 21 | for o in $FABRIC_ORGS; do 22 | aff=$aff"\n $o: []" 23 | done 24 | aff="${aff#\\n }" 25 | sed -i "/affiliations:/a \\ $aff" \ 26 | $FABRIC_CA_HOME/fabric-ca-server-config.yaml 27 | 28 | # Start the root CA 29 | fabric-ca-server start 30 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Wait for all CA pods to come up 2 | This is necessary to run artifacts-flow to retreive necessary crypto material from CA's 3 | 4 | Intermediate CA's are not supported 5 | 6 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/chaincode-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- range $i, $chaincode := .Values.network.chaincodes }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: hlf-chaincode--{{ $chaincode.name | lower }} 6 | labels: 7 | chaincodeName: {{ $chaincode.name }} 8 | type: chaincode 9 | binaryData: 10 | {{ $chaincode.name }}.tar: |- 11 | {{ ($.Files.Get (printf "chaincode/%s.tar" $chaincode.name)) | b64enc }} 12 | --- 13 | {{- end }} {{- /* chaincode */ -}} 14 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/channel-artifacts-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{ if eq .Values.vault.type "pvc" }} 2 | 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: channel-artifacts 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: {{ $.Values.vault.pvc.storageClass }} 11 | resources: 12 | requests: 13 | storage: {{ $.Values.vault.pvc.size }} 14 | 15 | --- 16 | {{- end }} {{- /* pvc */ -}} 17 | 18 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/configtx-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: hlf-configtx.yaml 6 | data: 7 | configtx.yaml: |- 8 | {{ $.Files.Get "configtx.yaml" | b64enc }} 9 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/orderer-ca-deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- range $i, $org := .Values.OrdererOrgs }} 2 | 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: hlf-ca--{{ $org.Name | lower }} 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: hlf-ca--{{ $org.Name | lower }} 12 | template: 13 | metadata: 14 | labels: 15 | app: hlf-ca--{{ $org.Name | lower }} 16 | spec: 17 | 18 | volumes: 19 | # name: ca-tls 20 | # secret: 21 | # secretName: hlf-ca--{{ $org.Name | lower }}-tls 22 | - name: hlf-scripts 23 | configMap: 24 | name: hlf-scripts 25 | defaultMode: 0777 26 | #- name: hlf-data 27 | # hostPath: 28 | # path: hlf-data 29 | - name: hlf-ca--{{ $org.Name | lower }} 30 | persistentVolumeClaim: 31 | claimName: hlf-ca--{{ $org.Name | lower }} 32 | containers: 33 | - name: ca 34 | image: hyperledger/fabric-ca:{{ $.Values.hyperledgerVersion }} 35 | #command: ["sh", "-c", "fabric-ca-server start \ 36 | # --ca.certfile /etc/hyperledger/fabric-ca-server-config/cert.pem \ 37 | # --ca.keyfile /etc/hyperledger/fabric-ca-server-config/private_key \ 38 | # -b {{ $.Values.ca.userName }}:{{ $.Values.ca.password }} -d"] 39 | command: ["sh", "-c", "/hlf-scripts/start-root-ca.sh "] 40 | volumeMounts: 41 | - mountPath: /etc/hyperledger/fabric-ca-server-config/ 42 | name: hlf-ca--{{ $org.Name | lower }} 43 | #subPath: ca/{{$org.Name|lower}} 44 | 45 | - mountPath: /hlf-scripts 46 | name: hlf-scripts 47 | #- mountPath: /hlf-data 48 | # name: hlf-data 49 | 50 | 51 | env: 52 | # TODO move configurable ones to configmaps 53 | - name: FABRIC_LOGGING_SPEC 54 | value: {{ $.Values.ca.logLevel }} 55 | - name: FABRIC_CA_HOME 56 | value: /etc/hyperledger/fabric-ca-server 57 | - name: FABRIC_CA_SERVER_CA_NAME 58 | value: ca-{{ $org.Name }} 59 | - name: FABRIC_CA_SERVER_TLS_ENABLED 60 | value: "false" # it's always false as we use Ingress for TLS termination. # {{ $.Values.tlsEnabled | quote }} 61 | - name: FABRIC_CA_SERVER_TLS_CERTFILE 62 | value: /etc/hyperledger/fabric-ca-server-config/cert.pem 63 | - name: FABRIC_CA_SERVER_TLS_KEYFILE 64 | value: /etc/hyperledger/fabric-ca-server-config/private_key 65 | - name: BOOTSTRAP_USER_PASS 66 | value: {{ $.Values.ca.userName }}:{{ $.Values.ca.password }} 67 | - name: MY_CA_CERTFILE 68 | value: /etc/hyperledger/fabric-ca-server-config/cert.pem 69 | - name: MY_CA_KEYFILE 70 | value: /etc/hyperledger/fabric-ca-server-config/private_key 71 | --- 72 | {{- end }} {{- /* Orgs */ -}} 73 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/orderer-ca-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ca.ingress.enabled -}} 2 | apiVersion: extensions/v1beta1 3 | kind: Ingress 4 | metadata: 5 | name: hlf-ca--ingress 6 | annotations: 7 | {{- range $key, $value := .Values.ingress.annotations }} 8 | {{ $key }}: {{ $value | quote }} 9 | {{- end }} 10 | spec: 11 | rules: 12 | {{- range $i, $org := .Values.OrdererOrgs }} 13 | - host: hlf-ca-{{ $org.Name | lower }}.{{ $.Values.ingress.parentDomain }} 14 | http: 15 | paths: 16 | - path: / 17 | backend: 18 | serviceName: hlf-ca--{{ $org.Name | lower }} 19 | servicePort: 7054 20 | {{- end }} 21 | tls: 22 | - hosts: 23 | {{- range $i, $org := .Values.OrdererOrgs }} 24 | - hlf-ca-{{ $org.Name | lower }}.{{ $.Values.ingress.parentDomain }} 25 | {{- end }} 26 | secretName: hlf-ca--ingress-tls 27 | {{- end }} {{- /* if ingress.enabled */ -}} 28 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/orderer-ca-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{ if eq .Values.vault.type "pvc" }} 2 | {{- range $i, $org := .Values.OrdererOrgs }} 3 | 4 | apiVersion: v1 5 | kind: PersistentVolumeClaim 6 | metadata: 7 | name: hlf-ca--{{ $org.Name | lower }} 8 | spec: 9 | accessModes: 10 | - ReadWriteMany 11 | storageClassName: {{ $.Values.vault.pvc.storageClass }} 12 | resources: 13 | requests: 14 | storage: {{ $.Values.vault.pvc.size }} 15 | 16 | --- 17 | {{- end }} {{- /* Orderers */ -}} 18 | {{- end }} {{- /* pvc */ -}} 19 | 20 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/orderer-ca-service.yaml: -------------------------------------------------------------------------------- 1 | {{- range $i, $org := .Values.OrdererOrgs }} 2 | 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: hlf-ca--{{ $org.Name | lower }} 7 | labels: 8 | name: hlf-ca--{{ $org.Name | lower }} 9 | spec: 10 | type: ClusterIP 11 | selector: 12 | app: hlf-ca--{{ $org.Name | lower }} 13 | ports: 14 | - protocol: TCP 15 | port: 7054 16 | name: http 17 | --- 18 | {{- end }} {{- /* Orderers */ -}} 19 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/orderer-host-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{ if eq .Values.vault.type "pvc" }} 2 | {{- range $i, $org := .Values.OrdererOrgs }} 3 | {{- range $i, $host := $org.Specs }} 4 | 5 | apiVersion: v1 6 | kind: PersistentVolumeClaim 7 | metadata: 8 | name: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 9 | spec: 10 | accessModes: 11 | - ReadWriteMany 12 | storageClassName: {{ $.Values.vault.pvc.storageClass }} 13 | resources: 14 | requests: 15 | storage: {{ $.Values.vault.pvc.size }} 16 | 17 | --- 18 | {{- end }} {{- /* hosts */ -}} 19 | {{- end }} {{- /* Orderers */ -}} 20 | {{- end }} {{- /* pvc */ -}} 21 | 22 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/orderer-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{ if eq .Values.vault.type "pvc" }} 2 | {{- range $i, $org := .Values.OrdererOrgs }} 3 | 4 | apiVersion: v1 5 | kind: PersistentVolumeClaim 6 | metadata: 7 | name: hlf-orderer--{{ $org.Name | lower }} 8 | spec: 9 | accessModes: 10 | - ReadWriteMany 11 | storageClassName: {{ $.Values.vault.pvc.storageClass }} 12 | resources: 13 | requests: 14 | storage: {{ $.Values.vault.pvc.size }} 15 | 16 | --- 17 | {{- end }} {{- /* Orderers */ -}} 18 | {{- end }} {{- /* pvc */ -}} 19 | 20 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/peer-org-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{ if eq .Values.vault.type "pvc" }} 2 | {{- range $i, $org := .Values.PeerOrgs }} 3 | 4 | apiVersion: v1 5 | kind: PersistentVolumeClaim 6 | metadata: 7 | name: hlf-peer-org--{{ $org.Name | lower }} 8 | spec: 9 | accessModes: 10 | - ReadWriteMany 11 | storageClassName: {{ $.Values.vault.pvc.storageClass }} 12 | resources: 13 | requests: 14 | storage: {{ $.Values.vault.pvc.size }} 15 | 16 | --- 17 | {{- end }} {{- /* Peer Orgs */ -}} 18 | {{- end }} {{- /* pvc */ -}} 19 | 20 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/peer-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{ if eq .Values.vault.type "pvc" }} 2 | {{- range $i, $org := .Values.PeerOrgs }} 3 | {{- range $peerIndex := until ($org.Template.Count | int) }} 4 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 5 | 6 | 7 | apiVersion: v1 8 | kind: PersistentVolumeClaim 9 | metadata: 10 | name: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 11 | spec: 12 | accessModes: 13 | - ReadWriteMany 14 | storageClassName: {{ $.Values.vault.pvc.storageClass }} 15 | resources: 16 | requests: 17 | storage: {{ $.Values.vault.pvc.size }} 18 | 19 | --- 20 | {{- end }} {{- /* Peers */ -}} 21 | {{- end }} {{- /* Peer Orgs */ -}} 22 | {{- end }} {{- /* pvc */ -}} 23 | 24 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/peerorg-ca-deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- range $i, $org := .Values.PeerOrgs }} 2 | 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: hlf-ca--{{ $org.Name | lower }} 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: hlf-ca--{{ $org.Name | lower }} 12 | template: 13 | metadata: 14 | labels: 15 | app: hlf-ca--{{ $org.Name | lower }} 16 | spec: 17 | #volumeClaimTemplates: 18 | #{{- if $.Values.orderer.persistence.enabled }} 19 | - metadata: 20 | name: hlf-ca--{{ $org.Name | lower }} 21 | spec: 22 | accessModes: 23 | - ReadWriteOnce 24 | storageClassName: {{ $.Values.persistence.storageClass }} 25 | resources: 26 | requests: 27 | storage: {{ $.Values.orderer.persistence.size }} 28 | #{{- end }} 29 | volumes: 30 | # name: ca-tls 31 | # secret: 32 | # secretName: hlf-ca--{{ $org.Name | lower }}-tls 33 | - name: hlf-scripts 34 | configMap: 35 | name: hlf-scripts 36 | defaultMode: 0777 37 | - name: hlf-ca--{{ $org.Name | lower }} 38 | persistentVolumeClaim: 39 | claimName: hlf-ca--{{ $org.Name | lower }} 40 | containers: 41 | - name: ca 42 | image: hyperledger/fabric-ca:{{ $.Values.hyperledgerVersion }} 43 | #command: ["sh", "-c", "fabric-ca-server start \ 44 | # --ca.certfile /etc/hyperledger/fabric-ca-server-config/cert.pem \ 45 | # --ca.keyfile /etc/hyperledger/fabric-ca-server-config/private_key \ 46 | # -b {{ $.Values.ca.userName }}:{{ $.Values.ca.password }} -d"] 47 | command: ["sh", "-c", "/hlf-scripts/start-root-ca.sh"] 48 | volumeMounts: 49 | #- mountPath: /etc/hyperledger/fabric-ca-server-config/ 50 | # name: ca-tls 51 | - mountPath: /etc/hyperledger/fabric-ca-server-config/ 52 | name: hlf-ca--{{ $org.Name | lower }} 53 | #subPath: ca/{{$org.Name|lower}} 54 | 55 | 56 | - mountPath: /hlf-scripts 57 | name: hlf-scripts 58 | 59 | 60 | env: 61 | # TODO move configurable ones to configmaps 62 | - name: FABRIC_LOGGING_SPEC 63 | value: {{ $.Values.ca.logLevel }} 64 | - name: FABRIC_CA_HOME 65 | value: /etc/hyperledger/fabric-ca-server 66 | - name: FABRIC_CA_SERVER_CA_NAME 67 | value: ca-{{ $org.Name }} 68 | - name: FABRIC_CA_SERVER_TLS_ENABLED 69 | value: "false" # it's always false as we use Ingress for TLS termination. # {{ $.Values.tlsEnabled | quote }} 70 | - name: FABRIC_CA_SERVER_TLS_CERTFILE 71 | value: /etc/hyperledger/fabric-ca-server-config/cert.pem 72 | #- name: FABRIC_CA_SERVER_TLS_KEYFILE 73 | # value: /etc/hyperledger/fabric-ca-server-config/private_key 74 | - name: BOOTSTRAP_USER_PASS 75 | value: {{ $.Values.ca.userName }}:{{ $.Values.ca.password }} 76 | - name: TARGET_CERTFILE 77 | value: /hlf-data/{{$org.Name|lower}}-ca-cert.pem 78 | - name: MY_CA_CERTFILE 79 | value: /etc/hyperledger/fabric-ca-server-config/cert.pem 80 | - name: MY_CA_KEYFILE 81 | value: /etc/hyperledger/fabric-ca-server-config/private_key 82 | --- 83 | {{- end }} {{- /* Orgs */ -}} 84 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/peerorg-ca-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{ if eq .Values.vault.type "pvc" }} 2 | {{- range $i, $org := .Values.PeerOrgs }} 3 | 4 | apiVersion: v1 5 | kind: PersistentVolumeClaim 6 | metadata: 7 | name: hlf-ca--{{ $org.Name | lower }} 8 | spec: 9 | accessModes: 10 | - ReadWriteMany 11 | storageClassName: {{ $.Values.vault.pvc.storageClass }} 12 | resources: 13 | requests: 14 | storage: {{ $.Values.vault.pvc.size }} 15 | --- 16 | {{- end }} {{- /* Peer Orgs */ -}} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/peerorg-ca-service.yaml: -------------------------------------------------------------------------------- 1 | {{- range $i, $org := .Values.PeerOrgs }} 2 | 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: hlf-ca--{{ $org.Name | lower }} 7 | labels: 8 | name: hlf-ca--{{ $org.Name | lower }} 9 | spec: 10 | type: ClusterIP 11 | selector: 12 | app: hlf-ca--{{ $org.Name | lower }} 13 | ports: 14 | - protocol: TCP 15 | port: 7054 16 | name: http 17 | --- 18 | {{- end }} {{- /* Orgs */ -}} 19 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/peerorgca-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ca.ingress.enabled -}} 2 | apiVersion: extensions/v1beta1 3 | kind: Ingress 4 | metadata: 5 | name: hlf-ca--ingress 6 | annotations: 7 | {{- range $key, $value := .Values.ingress.annotations }} 8 | {{ $key }}: {{ $value | quote }} 9 | {{- end }} 10 | spec: 11 | rules: 12 | {{- range $i, $org := .Values.PeerOrgs }} 13 | - host: hlf-ca-{{ $org.Name | lower }}.{{ $.Values.ingress.parentDomain }} 14 | http: 15 | paths: 16 | - path: / 17 | backend: 18 | serviceName: hlf-ca--{{ $org.Name | lower }} 19 | servicePort: 7054 20 | {{- end }} 21 | tls: 22 | - hosts: 23 | {{- range $i, $org := .Values.PeerOrgs }} 24 | - hlf-ca-{{ $org.Name | lower }}.{{ $.Values.ingress.parentDomain }} 25 | {{- end }} 26 | secretName: hlf-ca--ingress-tls 27 | {{- end }} {{- /* if ingress.enabled */ -}} 28 | -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/templates/scripts-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: hlf-scripts 5 | labels: 6 | data: 7 | {{- (.Files.Glob "scripts/*").AsConfig | nindent 2 }} -------------------------------------------------------------------------------- /fabric-kube/hlf-init-kube/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for hlf-kube. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | hyperledgerVersion: 1.4.3 6 | 7 | # see the Raft sample in the README for how to enable TLS 8 | tlsEnabled: false 9 | 10 | # use actual domain names like peer0.atlantis.com instead of internal service names 11 | # this should be set to true for TLS 12 | useActualDomains: false 13 | 14 | # adds additional DNS entries to /etc/hosts files 15 | # see https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/#adding-additional-entries-with-hostaliases 16 | # this value should be provided if either tlsEnabled or useActualDomains is set to true 17 | # see the Raft sample in the README for how to use this 18 | hostAliases: [] 19 | 20 | # common persistence settings 21 | persistence: 22 | storageClass: default 23 | 24 | backup: 25 | # initiate backup procedure? 26 | enabled: false 27 | restore: 28 | # initiate restore procedure? 29 | enabled: false 30 | 31 | # common ingress settings 32 | ingress: 33 | # all ingress subdomains will be created under this domain 34 | parentDomain: 35 | annotations: 36 | kubernetes.io/ssl-redirect: "true" 37 | certmanager.k8s.io/cluster-issuer: letsencrypt-prod 38 | 39 | # peer settings. applies to all peers 40 | peer: 41 | logLevel: debug 42 | # launch peer pods? setting to false is useful for collecting host aliases and fast restart afterwards 43 | launchPods: true 44 | chaincode: 45 | logging: 46 | level: info 47 | shim: info 48 | persistence: 49 | enabled: false 50 | size: 16Gi 51 | backup: 52 | # take backup of peers during backup procedure? 53 | enabled: true 54 | restore: 55 | # restore peers data from backup during restore procedure? 56 | enabled: true 57 | operations: 58 | enabled: false 59 | metrics: 60 | provider: prometheus 61 | 62 | # CouchDB settings. applies to all CouchDB's 63 | couchdb: 64 | version: 0.4.15 65 | userName: 66 | password: 67 | persistence: 68 | enabled: false 69 | size: 16Gi 70 | ingress: 71 | enabled: false 72 | backup: 73 | # take backup of CouchDB's during backup procedure? 74 | enabled: true 75 | restore: 76 | # restore CouchDB's data from backup during restore procedure? 77 | enabled: true 78 | 79 | # Orderer settings. applies to all Orderer pods 80 | orderer: 81 | # should be greater than 1 only if kafka orderer is used 82 | replicas: 1 83 | logLevel: info 84 | # launch orderer pods? setting to false is useful for collecting host aliases and fast restart afterwards 85 | launchPods: true 86 | persistence: 87 | enabled: false 88 | size: 16Gi 89 | backup: 90 | # take backup of orderers during backup procedure? 91 | enabled: true 92 | restore: 93 | # restore orderers data from backup during restore procedure? 94 | enabled: true 95 | 96 | # CA (Certificate Authority) settings. applies to all CA's 97 | ca: 98 | userName: admin 99 | password: adminpw 100 | logLevel: info 101 | ingress: 102 | enabled: false 103 | 104 | # kafka settings 105 | hlf-kafka: 106 | # install kafka? 107 | enabled: false 108 | 109 | # number of Kafka brokers, should be at least 4 110 | # https://hyperledger-fabric.readthedocs.io/en/release-1.4/kafka.html 111 | replicas: 4 112 | podManagementPolicy: Parallel 113 | 114 | # TODO storage classs? 115 | persistence: 116 | enabled: false 117 | storageClass: default 118 | size: 16Gi 119 | 120 | configurationOverrides: 121 | "default.replication.factor": 4 # given a 4 node Kafka cluster 122 | "unclean.leader.election.enable": false 123 | "min.insync.replicas": 3 # to permit one Kafka replica to go offline 124 | "message.max.bytes": "103809024" # 99 * 1024 * 1024 B 125 | "replica.fetch.max.bytes": "103809024" # 99 * 1024 * 1024 B 126 | "log.retention.ms": -1 # Since we need to keep logs indefinitely for the HL Fabric Orderer 127 | 128 | zookeeper: 129 | # should be 3, 5, or 7 130 | replicaCount: 3 131 | 132 | persistence: 133 | enabled: false 134 | storageClass: default 135 | size: 16Gi 136 | 137 | 138 | 139 | 140 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/.gitignore: -------------------------------------------------------------------------------- 1 | configtx.yaml 2 | newpeerorg-configtx.yaml 3 | crypto-config/ 4 | channel-artifacts/ 5 | chaincode/ 6 | charts/ 7 | requirements.lock 8 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: hlf-kube 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/README.md: -------------------------------------------------------------------------------- 1 | This is the main Helm chart to configure and launch the HL Fabric network. 2 | It's also used for transitioning between normal operation and backup/restore modes. 3 | 4 | This chart can also optionally deploy a Kafka cluster as part of this chart. 5 | 6 | Please refer to [README](../../README.md) in the top level directory and also 7 | inline comments in the [values.yaml](values.yaml) file for how to use this chart. 8 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ if .Values.backup.enabled }} 2 | 3 | HL Fabric network is now prepared for backup! 4 | 5 | Wait for all pods are up and running then run the backup Argo flow! 6 | After that is completed, make another Helm upgrade to return back to normal operation. 7 | 8 | {{- if (index .Values "hlf-kafka").enabled }} 9 | 10 | IMPORTANT: Looks like you are using Kafka Orderer. 11 | In this case you also need to manually backup Kafka cluster! 12 | 13 | {{- end}} 14 | 15 | {{ else if .Values.restore.enabled }} 16 | 17 | HL Fabric network is now prepared for restore! 18 | 19 | Wait for all pods are up and running then run the restore Argo flow! 20 | After that is completed, make another Helm upgrade to return back to normal operation. 21 | 22 | {{- if (index .Values "hlf-kafka").enabled }} 23 | 24 | IMPORTANT: Looks like you are using Kafka Orderer. 25 | In this case you also need to manually restore Kafka cluster! 26 | 27 | {{- end}} 28 | 29 | {{ else }} 30 | 31 | Happy BlockChaining :) 32 | 33 | And don't forget the first rule of BlockChain club: 34 | 35 | "Do not use BlockChain unless absolutely necessary!" 36 | 37 | r a f t 38 | 39 | {{- end }} -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/couchdb-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.couchdb.ingress.enabled -}} 2 | apiVersion: extensions/v1beta1 3 | kind: Ingress 4 | metadata: 5 | name: hlf-couchdb--ingress 6 | annotations: 7 | {{- range $key, $value := .Values.ingress.annotations }} 8 | {{ $key }}: {{ $value | quote }} 9 | {{- end }} 10 | spec: 11 | rules: 12 | {{- range $i, $org := .Values.PeerOrgs }} 13 | {{- range $peerIndex := until ($org.Template.Count | int) }} 14 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 15 | - host: hlf-couchdb-{{ $org.Name | lower }}-{{ $peer | lower }}.{{ $.Values.ingress.parentDomain }} 16 | http: 17 | paths: 18 | - path: / 19 | backend: 20 | serviceName: hlf-couchdb--{{ $org.Name | lower }}--{{ $peer | lower }} 21 | servicePort: 5984 22 | {{- end }} {{- /* Peers */ -}} 23 | {{- end }} {{- /* Orgs */ -}}{{""}} 24 | tls: 25 | - hosts: 26 | {{- range $i, $org := .Values.PeerOrgs }} 27 | {{- range $peerIndex := until ($org.Template.Count | int) }} 28 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 29 | - hlf-couchdb-{{ $org.Name | lower }}-{{ $peer | lower }}.{{ $.Values.ingress.parentDomain }} 30 | {{- end }} {{- /* Peers */ -}} 31 | {{- end }} {{- /* Orgs */ -}}{{""}} 32 | secretName: hlf-couchdb--ingress-tls 33 | {{- end }} {{- /* if ingress.enabled */ -}} 34 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/couchdb-service.yaml: -------------------------------------------------------------------------------- 1 | {{- range $i, $org := .Values.PeerOrgs }} 2 | {{- range $peerIndex := until ($org.Template.Count | int) }} 3 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 4 | 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: hlf-couchdb--{{ $org.Name | lower }}--{{ $peer | lower }} 9 | labels: 10 | name: hlf-couchdb--{{ $org.Name | lower }}--{{ $peer | lower }} 11 | spec: 12 | type: ClusterIP 13 | selector: 14 | app: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 15 | ports: 16 | - protocol: TCP 17 | port: 5984 18 | name: couchdb 19 | --- 20 | {{- end }} {{- /* Peers */ -}} 21 | {{- end }} {{- /* Orgs */ -}} 22 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/kafka-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if (index .Values "hlf-kafka").enabled }} 2 | # Kafka service name is release name dependent 3 | # we specify our service to make configtx.yaml release name independent 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: hlf-kafka-service 8 | labels: 9 | name: hlf-kafka-service 10 | spec: 11 | type: ClusterIP 12 | ports: 13 | - name: broker 14 | port: 9092 15 | protocol: TCP 16 | targetPort: kafka 17 | selector: 18 | app: hlf-kafka 19 | {{- end }} {{- /* hlf-kafka.enabled */ -}} 20 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/orderer-org-service.yaml: -------------------------------------------------------------------------------- 1 | {{- range $i, $org := .Values.OrdererOrgs }} 2 | 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: hlf-orderer--{{ $org.Name | lower }} 7 | labels: 8 | name: hlf-orderer--{{ $org.Name | lower }} 9 | spec: 10 | type: ClusterIP 11 | selector: 12 | name: hlf-orderer 13 | org: hlf-orderer--{{ $org.Name | lower }} 14 | ports: 15 | - protocol: TCP 16 | port: 7050 17 | name: grpc 18 | --- 19 | {{- end }} {{- /* OrdererOrgs */ -}} 20 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/orderer-rsync-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.backup.enabled .Values.restore.enabled }} 2 | {{- $vars:= dict "ordererIndex" 0 }} 3 | {{- range $i, $org := .Values.OrdererOrgs }} 4 | {{- range $i, $host := $org.Specs }} 5 | 6 | apiVersion: v1 7 | kind: Service 8 | metadata: 9 | name: hlf-orderer-rsync--{{ $org.Name | lower }}-{{ $vars.ordererIndex }} 10 | labels: 11 | name: hlf-orderer-rsync--{{ $org.Name | lower }}-{{ $vars.ordererIndex }} 12 | spec: 13 | type: ClusterIP 14 | clusterIP: None # Headless service for StatefulSet, required to access each pod invividually 15 | selector: 16 | app: hlf-orderer--{{ $org.Name | lower }}-{{ $vars.ordererIndex }} 17 | ports: 18 | - protocol: TCP 19 | port: 873 20 | name: rsync 21 | --- 22 | {{- $_ := set $vars "ordererIndex" (add1 $vars.ordererIndex) }} 23 | {{- end }} {{- /* org.Specs */ -}} 24 | {{- end }} {{- /* OrdererOrgs */ -}} 25 | {{- end }} {{- /* if backup/restore enabled */ -}} -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/orderer-service.yaml: -------------------------------------------------------------------------------- 1 | {{- range $i, $org := .Values.OrdererOrgs }} 2 | {{- range $i, $host := $org.Specs }} 3 | 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 8 | labels: 9 | name: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 10 | fqdn: {{ $host.Hostname }}.{{ $org.Domain }} 11 | addToHostAliases: "true" 12 | spec: 13 | type: ClusterIP 14 | selector: 15 | app: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 16 | ports: 17 | - protocol: TCP 18 | port: 7050 19 | name: grpc 20 | --- 21 | {{- end }} {{- /* org.Specs */ -}} 22 | {{- end }} {{- /* OrdererOrgs */ -}} 23 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/orderer-statefulset.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.orderer.launchPods }} 2 | {{- range $i, $org := $.Values.OrdererOrgs }} 3 | {{- range $i, $host := $org.Specs }} 4 | 5 | apiVersion: apps/v1 6 | kind: StatefulSet 7 | metadata: 8 | name: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 9 | spec: 10 | replicas: {{ $.Values.orderer.replicas }} 11 | podManagementPolicy: Parallel 12 | serviceName: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 13 | selector: 14 | matchLabels: 15 | app: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 16 | volumeClaimTemplates: 17 | {{- if $.Values.orderer.persistence.enabled }} 18 | - metadata: 19 | name: orderer-disk 20 | spec: 21 | accessModes: 22 | - ReadWriteOnce 23 | storageClassName: {{ $.Values.persistence.storageClass }} 24 | resources: 25 | requests: 26 | storage: {{ $.Values.orderer.persistence.size }} 27 | {{- end }} 28 | template: 29 | metadata: 30 | labels: 31 | name: hlf-orderer 32 | org: hlf-orderer--{{ $org.Name | lower }} 33 | app: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 34 | spec: 35 | volumes: 36 | {{- if not $.Values.orderer.persistence.enabled }} 37 | - name: orderer-disk 38 | emptyDir: {} 39 | {{- end }} 40 | - name: rsync-disk 41 | emptyDir: {} 42 | 43 | {{- range $i, $org := $.Values.OrdererOrgs }} 44 | - name: hlf-orderer--{{ $org.Name | lower }} 45 | persistentVolumeClaim: 46 | claimName: hlf-orderer--{{ $org.Name | lower }} 47 | #- name: hlf-ca--{{ $org.Name | lower }} 48 | # persistentVolumeClaim: 49 | # claimName: hlf-ca--{{ $org.Name | lower }} 50 | {{- range $i, $host := $org.Specs }} 51 | 52 | - name: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 53 | persistentVolumeClaim: 54 | claimName: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 55 | 56 | {{- end }} {{- /* orderer hosts */ -}}{{""}} 57 | {{- end }} {{- /* orderer orgs */ -}}{{""}} 58 | - name: channel-artifacts 59 | persistentVolumeClaim: 60 | claimName: channel-artifacts 61 | 62 | 63 | {{- if $.Values.hostAliases }} 64 | hostAliases: 65 | {{- range $i, $alias := $.Values.hostAliases }} 66 | - ip: {{ $alias.ip }} 67 | hostnames: {{ $alias.hostnames }} 68 | {{- end }} 69 | {{- end }}{{""}} 70 | 71 | containers: 72 | 73 | {{- if $.Values.backup.enabled }} 74 | 75 | # rsync-server container 76 | - name: rsync 77 | image: axiom/rsync-server:latest 78 | command: ["sh", "-c", "mkdir -p /data && sleep 30 && \ 79 | {{- if $.Values.orderer.backup.enabled }} 80 | tar -czf /data/orderer.tar -C /var/hyperledger/production/orderer/ --exclude='lost+found' . && \ 81 | echo 'prepared orderer data for backup' && \ 82 | {{- end }} 83 | touch /ready && \ 84 | /entrypoint.sh rsync_server"] 85 | 86 | readinessProbe: 87 | exec: 88 | command: ["ls", "/ready"] 89 | 90 | volumeMounts: 91 | - mountPath: /var/hyperledger/production/orderer/ 92 | name: orderer-disk 93 | 94 | env: 95 | - name: ALLOW 96 | value: 0.0.0.0/0 97 | 98 | {{- else if $.Values.restore.enabled }} 99 | 100 | # rsync-server container 101 | - name: rsync 102 | image: axiom/rsync-server:latest 103 | command: ["sh", "-c", "/entrypoint.sh rsync_server"] 104 | 105 | volumeMounts: 106 | - mountPath: /data/ 107 | name: rsync-disk 108 | 109 | env: 110 | - name: ALLOW 111 | value: 0.0.0.0/0 112 | 113 | - name: shell 114 | image: debian:jessie 115 | command: ["sh", "-c", "echo 'waiting for file /data/ready..' && \ 116 | while [ ! -f /data/ready ]; do sleep 5; done && \ 117 | echo 'data is ready, proceeding..' && \ 118 | {{- if $.Values.orderer.restore.enabled }} 119 | rm -rf /var/hyperledger/production/orderer/* && \ 120 | tar -xf /data/orderer.tar -C /var/hyperledger/production/orderer/ && \ 121 | echo 'restored orderer data from backup' && \ 122 | {{- end }} 123 | echo 'ready to continue..' && \ 124 | while true; do sleep 60; done"] 125 | 126 | volumeMounts: 127 | - mountPath: /var/hyperledger/production/orderer/ 128 | name: orderer-disk 129 | - mountPath: /data/ 130 | name: rsync-disk 131 | 132 | {{- else }} 133 | 134 | - name: orderer 135 | image: hyperledger/fabric-orderer:{{ $.Values.hyperledgerVersion }} 136 | command: ["sh", "-c", "orderer"] 137 | 138 | volumeMounts: 139 | 140 | - mountPath: /hlf-orderer--{{ $org.Name | lower }} 141 | name: hlf-orderer--{{ $org.Name | lower }} 142 | 143 | - mountPath: /var/hyperledger/production/orderer/ 144 | name: orderer-disk 145 | 146 | - mountPath: /var/hyperledger/orderer/tls/ 147 | name: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 148 | subPath: tls 149 | 150 | - mountPath: /var/hyperledger/orderer/msp/ 151 | name: hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }} 152 | subPath: msp 153 | 154 | - mountPath: /var/hyperledger/orderer/ 155 | name: channel-artifacts 156 | #subPath: channel-artifacts 157 | 158 | 159 | 160 | env: 161 | # TODO move configurable ones to configmaps 162 | - name: FABRIC_LOGGING_SPEC 163 | value: {{ $.Values.orderer.logLevel }} 164 | - name: ORDERER_GENERAL_LISTENADDRESS 165 | value: 0.0.0.0 166 | - name: ORDERER_GENERAL_GENESISMETHOD 167 | value: file 168 | - name: ORDERER_GENERAL_GENESISFILE 169 | value: /var/hyperledger/orderer/genesis.block 170 | - name: ORDERER_GENERAL_LOCALMSPID 171 | value: {{ $org.Name }}MSP 172 | - name: ORDERER_GENERAL_LOCALMSPDIR 173 | value: /var/hyperledger/orderer/msp 174 | - name: ORDERER_GENERAL_TLS_ENABLED 175 | value: {{ $.Values.tlsEnabled | quote }} 176 | - name: ORDERER_GENERAL_TLS_PRIVATEKEY 177 | value: /var/hyperledger/orderer/tls/server.key 178 | - name: ORDERER_GENERAL_TLS_CERTIFICATE 179 | value: /var/hyperledger/orderer/tls/server.crt 180 | - name: ORDERER_GENERAL_TLS_ROOTCAS 181 | value: /var/hyperledger/orderer/msp/tlscacerts/hlf-ca--{{ $org.Name | lower }}-7054.pem 182 | 183 | - name: ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY 184 | value: /var/hyperledger/orderer/tls/server.key 185 | - name: ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE 186 | value: /var/hyperledger/orderer/tls/server.crt 187 | # - name: ORDERER_GENERAL_CLUSTER_SERVERPRIVATEKEY 188 | # value: /var/hyperledger/orderer/tls/server.key 189 | # - name: ORDERER_GENERAL_CLUSTER_SERVERCERTIFICATE 190 | # value: /var/hyperledger/orderer/tls/server.crt 191 | # - name: ORDERER_GENERAL_CLUSTER_LISTENPORT 192 | # value: "7059" 193 | # - name: ORDERER_GENERAL_CLUSTER_LISTENADDRESS 194 | # value: 0.0.0.0 195 | 196 | - name: HFC_LOGGING 197 | value: '{"info":"console"}' 198 | - name: GRPC_VERBOSITY 199 | value: ERROR 200 | - name: GRPC_TRACE 201 | value: all 202 | {{- end }} {{- /* if/else backup/restore enabled */ -}}{{""}} 203 | --- 204 | {{- end }} {{- /* org.Specs */ -}} 205 | {{- end }} {{- /* Orgs */ -}} 206 | {{- end }} {{- /* if launchPods */ -}} -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/peer-org-service.yaml: -------------------------------------------------------------------------------- 1 | {{- range $i, $org := .Values.PeerOrgs }} 2 | 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: hlf-org-peer--{{ $org.Name | lower }} 7 | labels: 8 | name: hlf-org-peer--{{ $org.Name | lower }} 9 | spec: 10 | type: ClusterIP 11 | selector: 12 | name: hlf-peer 13 | org: hlf-peer--{{ $org.Name | lower }} 14 | ports: 15 | - protocol: TCP 16 | port: 7051 17 | name: grpc 18 | - protocol: TCP 19 | port: 7052 20 | name: chaincode 21 | --- 22 | {{- end }} {{- /* Orgs */ -}} 23 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/peer-rsync-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.backup.enabled .Values.restore.enabled }} 2 | {{- range $i, $org := .Values.PeerOrgs }} 3 | {{- range $peerIndex := until ($org.Template.Count | int) }} 4 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 5 | 6 | apiVersion: v1 7 | kind: Service 8 | metadata: 9 | name: hlf-peer-rsync--{{ $org.Name | lower }}--{{ $peer | lower }} 10 | labels: 11 | name: hlf-peer-rsync--{{ $org.Name | lower }}--{{ $peer | lower }} 12 | spec: 13 | type: ClusterIP 14 | selector: 15 | name: hlf-peer 16 | app: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 17 | ports: 18 | - protocol: TCP 19 | port: 873 20 | name: rsync 21 | --- 22 | {{- end }} {{- /* Peers */ -}} 23 | {{- end }} {{- /* Orgs */ -}} 24 | {{- end }} {{- /* if backup/restore enabled */ -}} -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/peer-service.yaml: -------------------------------------------------------------------------------- 1 | {{- range $i, $org := .Values.PeerOrgs }} 2 | {{- range $peerIndex := until ($org.Template.Count | int) }} 3 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 4 | 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 9 | labels: 10 | name: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 11 | fqdn: {{ $peer }}.{{ $org.Domain }} 12 | addToHostAliases: "true" 13 | 14 | spec: 15 | type: ClusterIP 16 | selector: 17 | name: hlf-peer 18 | app: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 19 | ports: 20 | - protocol: TCP 21 | port: 7051 22 | name: grpc 23 | - protocol: TCP 24 | port: 7052 25 | name: chaincode 26 | --- 27 | {{- end }} {{- /* Peers */ -}} 28 | {{- end }} {{- /* Orgs */ -}} 29 | -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/templates/peer-statefulset.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.peer.launchPods }} 2 | {{- range $i, $org := $.Values.PeerOrgs }} 3 | {{- range $peerIndex := until ($org.Template.Count | int) }} 4 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 5 | {{- $peerAddress := $.Values.useActualDomains | ternary (printf "%s.%s:7051" $peer $org.Domain) (printf "hlf-peer--%s--%s:7051" ($org.Name | lower) ($peer | lower)) }} 6 | # peerAddress: {{ $peerAddress }} 7 | 8 | apiVersion: apps/v1 9 | kind: StatefulSet 10 | metadata: 11 | name: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 12 | spec: 13 | replicas: 1 14 | serviceName: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 15 | selector: 16 | matchLabels: 17 | app: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 18 | volumeClaimTemplates: 19 | {{- if $.Values.peer.persistence.enabled }} 20 | - metadata: 21 | name: peer-disk 22 | spec: 23 | accessModes: 24 | - ReadWriteOnce 25 | storageClassName: {{ $.Values.persistence.storageClass }} 26 | resources: 27 | requests: 28 | storage: {{ $.Values.peer.persistence.size }} 29 | {{- end }} 30 | {{- if $.Values.couchdb.persistence.enabled }} 31 | - metadata: 32 | name: couchdb-disk 33 | spec: 34 | accessModes: 35 | - ReadWriteOnce 36 | storageClassName: {{ $.Values.persistence.storageClass }} 37 | resources: 38 | requests: 39 | storage: {{ $.Values.couchdb.persistence.size }} 40 | {{- end }} 41 | template: 42 | metadata: 43 | labels: 44 | name: hlf-peer 45 | org: hlf-peer--{{ $org.Name | lower }} 46 | app: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 47 | spec: 48 | volumes: 49 | {{- if not $.Values.peer.persistence.enabled }} 50 | - name: peer-disk 51 | emptyDir: {} 52 | {{- end }} 53 | {{- if not $.Values.couchdb.persistence.enabled }} 54 | - name: couchdb-disk 55 | emptyDir: {} 56 | {{- end }} 57 | - name: rsync-disk 58 | emptyDir: {} 59 | - name: dockersocket 60 | hostPath: 61 | path: /var/run/docker.sock 62 | {{- range $i, $org := $.Values.PeerOrgs }} 63 | - name: hlf-peer-org--{{ $org.Name | lower }} 64 | persistentVolumeClaim: 65 | claimName: hlf-peer-org--{{ $org.Name | lower }} 66 | - name: hlf-ca--{{ $org.Name | lower }} 67 | persistentVolumeClaim: 68 | claimName: hlf-ca--{{ $org.Name | lower }} 69 | {{- range $peerIndex := until ($org.Template.Count | int) }} 70 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 71 | 72 | - name: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 73 | persistentVolumeClaim: 74 | claimName: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 75 | 76 | {{- end }} {{- /* peers */ -}}{{""}} 77 | {{- end }} {{- /* peer orgs */ -}}{{""}} 78 | 79 | {{- range $i, $chaincode := $.Values.network.chaincodes }} 80 | - name: chaincode-{{ $chaincode.name | lower }} 81 | configMap: 82 | name: hlf-chaincode--{{ $chaincode.name | lower }} 83 | {{- end }} 84 | 85 | {{- if $.Values.hostAliases }} 86 | hostAliases: 87 | {{- range $i, $alias := $.Values.hostAliases }} 88 | - ip: {{ $alias.ip }} 89 | hostnames: {{ $alias.hostnames }} 90 | {{- end }} 91 | {{- end }}{{""}} 92 | 93 | containers: 94 | 95 | {{- if $.Values.backup.enabled }} 96 | 97 | # rsync-server container 98 | - name: rsync 99 | image: axiom/rsync-server:latest 100 | command: ["sh", "-c", "mkdir -p /data && sleep 30 && \ 101 | {{- if $.Values.peer.backup.enabled }} 102 | tar -czf /data/peer.tar -C /var/hyperledger/production ledgersData/ chaincodes/ && \ 103 | echo 'prepared peer data for backup' && \ 104 | {{- end }} 105 | {{- if $.Values.couchdb.backup.enabled }} 106 | tar -czf /data/couchdb.tar -C /opt/couchdb/data --exclude='lost+found' . && \ 107 | echo 'prepared CouchDB data for backup' && \ 108 | {{- end }} 109 | touch /ready && \ 110 | /entrypoint.sh rsync_server"] 111 | 112 | readinessProbe: 113 | exec: 114 | command: ["ls", "/ready"] 115 | 116 | volumeMounts: 117 | - mountPath: /var/hyperledger/production/ 118 | name: peer-disk 119 | - mountPath: /opt/couchdb/data/ 120 | name: couchdb-disk 121 | 122 | env: 123 | - name: ALLOW 124 | value: 0.0.0.0/0 125 | 126 | {{- else if $.Values.restore.enabled }} 127 | 128 | # rsync-server container 129 | - name: rsync 130 | image: axiom/rsync-server:latest 131 | command: ["sh", "-c", "/entrypoint.sh rsync_server"] 132 | 133 | volumeMounts: 134 | - mountPath: /data/ 135 | name: rsync-disk 136 | 137 | env: 138 | - name: ALLOW 139 | value: 0.0.0.0/0 140 | 141 | - name: shell 142 | image: debian:jessie 143 | command: ["sh", "-c", "echo 'waiting for file /data/ready..' && \ 144 | while [ ! -f /data/ready ]; do sleep 5; done && \ 145 | echo 'data is ready, proceeding..' && \ 146 | {{- if $.Values.peer.restore.enabled }} 147 | rm -rf /var/hyperledger/production/* && \ 148 | tar -xf /data/peer.tar -C /var/hyperledger/production/ && \ 149 | echo 'restored peer data from backup' && \ 150 | {{- end }} 151 | {{- if $.Values.couchdb.restore.enabled }} 152 | rm -rf /opt/couchdb/data/* && \ 153 | tar -xf /data/couchdb.tar -C /opt/couchdb/data/ && \ 154 | echo 'restored CouchDB data from backup' && \ 155 | {{- end }} 156 | echo 'ready to continue..' && \ 157 | while true; do sleep 60; done"] 158 | 159 | volumeMounts: 160 | - mountPath: /var/hyperledger/production/ 161 | name: peer-disk 162 | - mountPath: /opt/couchdb/data/ 163 | name: couchdb-disk 164 | - mountPath: /data/ 165 | name: rsync-disk 166 | 167 | env: 168 | - name: ALLOW 169 | value: 0.0.0.0/0 170 | 171 | {{- else }} {{- /* if backup/restore enabled */ -}}{{""}} 172 | 173 | # Peer container 174 | - name: peer 175 | image: hyperledger/fabric-peer:{{ $.Values.hyperledgerVersion }} 176 | command: ["sh", "-c", "peer node start"] 177 | 178 | volumeMounts: 179 | 180 | 181 | - mountPath: /hlf-peer-org--{{ $org.Name | lower }} 182 | name: hlf-peer-org--{{ $org.Name | lower }} 183 | - mountPath: /var/hyperledger/production/ 184 | name: peer-disk 185 | - mountPath: /host/var/run/docker.sock 186 | name: dockersocket 187 | - mountPath: /etc/hyperledger/fabric/tls/ 188 | name: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 189 | subPath: tls 190 | 191 | - mountPath: /etc/hyperledger/fabric/msp/ 192 | name: hlf-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 193 | subPath: msp 194 | 195 | - mountPath: /etc/hyperledger/fabric/admin-msp/ 196 | name: hlf-peer-org--{{ $org.Name | lower }} 197 | subPath: msp 198 | # chaincodes 199 | {{- range $i, $chaincode := $.Values.network.chaincodes }} 200 | - mountPath: /chaincode/{{ $chaincode.name }} 201 | name: chaincode-{{ $chaincode.name | lower }} 202 | {{- end }} 203 | 204 | env: 205 | # TODO move configurable ones to configmaps 206 | - name: CORE_PEER_ID 207 | value: {{ $peer }}.{{ $org.Domain }} 208 | - name: CORE_PEER_ADDRESS 209 | value: {{ $peerAddress }} 210 | - name: CORE_PEER_LISTENADDRESS 211 | value: 0.0.0.0:7051 212 | - name: CORE_PEER_CHAINCODELISTENADDRESS 213 | value: 0.0.0.0:7052 214 | - name: CORE_PEER_GOSSIP_BOOTSTRAP 215 | value: >- 216 | {{- range $peerIndexInner := until ($org.Template.Count | int) }} 217 | {{- $peer := (printf "peer%s" ($peerIndexInner | toString)) }} 218 | {{- $peerGossipAddress := $.Values.useActualDomains | ternary (printf "%s.%s:7051" $peer $org.Domain) (printf "hlf-peer--%s--%s:7051" ($org.Name | lower) ($peer | lower)) }} 219 | {{ $peerGossipAddress }} 220 | {{- end }} {{- /* Peers */ -}}{{""}} 221 | 222 | - name: CORE_PEER_GOSSIP_EXTERNALENDPOINT 223 | value: {{ $peerAddress }} 224 | - name: CORE_PEER_LOCALMSPID 225 | value: {{ $org.Name }}MSP 226 | 227 | - name: CORE_VM_ENDPOINT 228 | value: unix:///host/var/run/docker.sock 229 | - name: FABRIC_LOGGING_SPEC 230 | value: {{ $.Values.peer.logLevel }} 231 | - name: CORE_PEER_TLS_ENABLED 232 | value: {{ $.Values.tlsEnabled | quote }} 233 | - name: CORE_PEER_GOSSIP_USELEADERELECTION 234 | value: "true" 235 | - name: CORE_PEER_GOSSIP_ORGLEADER 236 | value: "false" 237 | - name: CORE_PEER_PROFILE_ENABLED 238 | value: "true" 239 | - name: CORE_PEER_ADDRESSAUTODETECT 240 | value: "true" # looks like absolutely necessary, o/w chaincode instantiate fails, no clue why 241 | - name: CORE_PEER_TLS_CERT_FILE 242 | value: /etc/hyperledger/fabric/tls/server.crt 243 | - name: CORE_PEER_TLS_KEY_FILE 244 | value: /etc/hyperledger/fabric/tls/server.key 245 | - name: CORE_PEER_TLS_ROOTCERT_FILE 246 | value: /etc/hyperledger/fabric/msp/tlscacerts/hlf-ca--{{ $org.Name | lower }}-7054.pem 247 | 248 | - name: CORE_CHAINCODE_LOGGING_LEVEL 249 | value: {{ $.Values.peer.chaincode.logging.level }} 250 | - name: CORE_CHAINCODE_LOGGING_SHIM 251 | value: {{ $.Values.peer.chaincode.logging.shim }} 252 | 253 | - name: CORE_LEDGER_STATE_STATEDATABASE 254 | value: CouchDB 255 | - name: CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS 256 | value: localhost:5984 257 | - name: CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME 258 | value: {{ $.Values.couchdb.userName | quote }} 259 | - name: CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD 260 | value: {{ $.Values.couchdb.password | quote }} 261 | 262 | - name: HFC_LOGGING 263 | value: '{"info":"console"}' 264 | - name: GRPC_VERBOSITY 265 | value: DEBUG 266 | - name: GRPC_TRACE 267 | value: all 268 | 269 | # CouchDB container 270 | - name: couchdb 271 | image: hyperledger/fabric-couchdb:{{ $.Values.couchdb.version }} 272 | 273 | volumeMounts: 274 | - mountPath: /opt/couchdb/data/ 275 | name: couchdb-disk 276 | 277 | env: 278 | - name: COUCHDB_USER 279 | value: {{ $.Values.couchdb.userName | quote }} 280 | - name: COUCHDB_PASSWORD 281 | value: {{ $.Values.couchdb.password | quote }} 282 | 283 | {{- end }} {{- /* if/else backup/restore enabled */ -}}{{""}} 284 | --- 285 | {{- end }} {{- /* Peers */ -}} 286 | {{- end }} {{- /* Orgs */ -}} 287 | {{- end }} {{- /* if launchPods */ -}} -------------------------------------------------------------------------------- /fabric-kube/hlf-kube/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for hlf-kube. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | hyperledgerVersion: 1.4.3 6 | 7 | # see the Raft sample in the README for how to enable TLS 8 | tlsEnabled: false 9 | 10 | # use actual domain names like peer0.atlantis.com instead of internal service names 11 | # this should be set to true for TLS 12 | useActualDomains: false 13 | 14 | # adds additional DNS entries to /etc/hosts files 15 | # see https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/#adding-additional-entries-with-hostaliases 16 | # this value should be provided if either tlsEnabled or useActualDomains is set to true 17 | # see the Raft sample in the README for how to use this 18 | hostAliases: [] 19 | 20 | # common persistence settings 21 | persistence: 22 | storageClass: default 23 | 24 | backup: 25 | # initiate backup procedure? 26 | enabled: false 27 | restore: 28 | # initiate restore procedure? 29 | enabled: false 30 | 31 | # common ingress settings 32 | ingress: 33 | # all ingress subdomains will be created under this domain 34 | parentDomain: 35 | annotations: 36 | kubernetes.io/ssl-redirect: "true" 37 | certmanager.k8s.io/cluster-issuer: letsencrypt-prod 38 | 39 | # peer settings. applies to all peers 40 | peer: 41 | logLevel: debug 42 | # launch peer pods? setting to false is useful for collecting host aliases and fast restart afterwards 43 | launchPods: true 44 | chaincode: 45 | logging: 46 | level: info 47 | shim: info 48 | persistence: 49 | enabled: false 50 | size: 16Gi 51 | backup: 52 | # take backup of peers during backup procedure? 53 | enabled: true 54 | restore: 55 | # restore peers data from backup during restore procedure? 56 | enabled: true 57 | operations: 58 | enabled: false 59 | metrics: 60 | provider: prometheus 61 | 62 | # CouchDB settings. applies to all CouchDB's 63 | couchdb: 64 | version: 0.4.15 65 | userName: 66 | password: 67 | persistence: 68 | enabled: false 69 | size: 16Gi 70 | ingress: 71 | enabled: false 72 | backup: 73 | # take backup of CouchDB's during backup procedure? 74 | enabled: true 75 | restore: 76 | # restore CouchDB's data from backup during restore procedure? 77 | enabled: true 78 | 79 | # Orderer settings. applies to all Orderer pods 80 | orderer: 81 | # should be greater than 1 only if kafka orderer is used 82 | replicas: 1 83 | logLevel: info 84 | # launch orderer pods? setting to false is useful for collecting host aliases and fast restart afterwards 85 | launchPods: true 86 | persistence: 87 | enabled: false 88 | size: 16Gi 89 | backup: 90 | # take backup of orderers during backup procedure? 91 | enabled: true 92 | restore: 93 | # restore orderers data from backup during restore procedure? 94 | enabled: true 95 | 96 | # CA (Certificate Authority) settings. applies to all CA's 97 | ca: 98 | userName: admin 99 | password: adminpw 100 | logLevel: info 101 | ingress: 102 | enabled: false 103 | 104 | # kafka settings 105 | hlf-kafka: 106 | # install kafka? 107 | enabled: false 108 | 109 | # number of Kafka brokers, should be at least 4 110 | # https://hyperledger-fabric.readthedocs.io/en/release-1.4/kafka.html 111 | replicas: 4 112 | podManagementPolicy: Parallel 113 | 114 | # TODO storage classs? 115 | persistence: 116 | enabled: false 117 | storageClass: default 118 | size: 16Gi 119 | 120 | configurationOverrides: 121 | "default.replication.factor": 4 # given a 4 node Kafka cluster 122 | "unclean.leader.election.enable": false 123 | "min.insync.replicas": 3 # to permit one Kafka replica to go offline 124 | "message.max.bytes": "103809024" # 99 * 1024 * 1024 B 125 | "replica.fetch.max.bytes": "103809024" # 99 * 1024 * 1024 B 126 | "log.retention.ms": -1 # Since we need to keep logs indefinitely for the HL Fabric Orderer 127 | 128 | zookeeper: 129 | # should be 3, 5, or 7 130 | replicaCount: 3 131 | 132 | persistence: 133 | enabled: false 134 | storageClass: default 135 | size: 16Gi 136 | 137 | 138 | 139 | 140 | -------------------------------------------------------------------------------- /fabric-kube/peer-org-flow/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /fabric-kube/peer-org-flow/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: peer-org-flow 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /fabric-kube/peer-org-flow/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for hlf-kube. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | retryCount: 4 6 | 7 | hyperledgerVersion: 1.4.3 8 | 9 | # see the Raft sample in the README for how to enable TLS 10 | tlsEnabled: false 11 | 12 | # use actual domain names like peer0.atlantis.com instead of internal service names 13 | # this should be set to true for TLS 14 | useActualDomains: false 15 | 16 | # adds additional DNS entries to /etc/hosts files 17 | # see https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/#adding-additional-entries-with-hostaliases 18 | # this value should be provided if either tlsEnabled or useActualDomains is set to true 19 | # see the Raft sample in the README for how to use this 20 | hostAliases: [] 21 | 22 | logLevel: info 23 | 24 | # not sure if it's possible to change this, but better define here 25 | ordererSystemChannel: aretechainid 26 | 27 | flow: 28 | consortium: 29 | # should we add new org(s) to existing consortiums? 30 | enabled: true 31 | # fill in this array with consortium names to limit adding new org only to these ones 32 | include: [] 33 | channel: 34 | # should we add new org(s) to existing channels? 35 | enabled: true 36 | # should we add new org(s) to multiple channels in parallel? 37 | parallel: true 38 | # fill in this array with channel names to limit adding new org(s) only to these ones 39 | include: [] 40 | -------------------------------------------------------------------------------- /fabric-kube/prepare_chaincodes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if test "$#" -ne 2; then 4 | echo "usage: init.sh " 5 | exit 2 6 | fi 7 | 8 | # exit when any command fails 9 | set -e 10 | 11 | project_folder=$1 12 | chaincode_folder=$2 13 | 14 | config_file=$project_folder/network.yaml 15 | 16 | rm -rf hlf-init-kube/chaincode 17 | mkdir -p hlf-init-kube/chaincode 18 | 19 | chaincodes=$(yq ".network.chaincodes[].name" $config_file -c -r) 20 | for chaincode in $chaincodes; do 21 | echo "creating hlf-init-kube/chaincode/$chaincode.tar" 22 | 23 | tar -czf hlf-init-kube/chaincode/$chaincode.tar -C $chaincode_folder $chaincode/ 24 | done 25 | 26 | -------------------------------------------------------------------------------- /fabric-kube/restore-flow/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /fabric-kube/restore-flow/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: backup-flow 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /fabric-kube/restore-flow/templates/restore-workflow.yaml: -------------------------------------------------------------------------------- 1 | {{ $backupKey := required "backup.key is required!" .Values.backup.key }} 2 | 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: Workflow 5 | metadata: 6 | generateName: hlf-restore- 7 | spec: 8 | entrypoint: restore 9 | 10 | templates: 11 | - name: restore 12 | steps: 13 | - 14 | # top level: peer/orderer 15 | {{- if or $.Values.flow.peer.restore.enabled $.Values.flow.couchdb.restore.enabled }} 16 | - name: restore-peers 17 | template: restore-peers 18 | {{- end }} 19 | {{- if $.Values.flow.orderer.restore.enabled }} 20 | - name: restore-orderers 21 | template: restore-orderers 22 | {{- end }} 23 | 24 | # second level: peers 25 | {{- if or $.Values.flow.peer.restore.enabled $.Values.flow.couchdb.restore.enabled }} 26 | - name: restore-peers 27 | steps: 28 | - 29 | {{- range $i, $org := .Values.PeerOrgs }} 30 | {{- range $peerIndex := until ($org.Template.Count | int) }} 31 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 32 | 33 | - name: restore-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 34 | template: restore-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 35 | 36 | {{- end }} {{- /* Peers */ -}} 37 | {{- end }} {{- /* Orgs */ -}} 38 | {{- end }} {{- /* if peer/couchdb restore enabled */ -}} {{""}} 39 | 40 | # second level: orderers 41 | {{- if $.Values.flow.orderer.restore.enabled }} 42 | - name: restore-orderers 43 | steps: 44 | - 45 | {{- range $i, $org := .Values.OrdererOrgs }} 46 | {{- range $i, $host := $org.Specs }} 47 | {{- range $orderer := until ($.Values.flow.orderer.replicas | int) }} 48 | 49 | - name: restore-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 50 | template: restore-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 51 | 52 | {{- end }} {{- /* orderer */ -}} 53 | {{- end }} {{- /* org.Specs */ -}} 54 | {{- end }} {{- /* OrdererOrgs */ -}} 55 | {{- end }} {{- /* if orderer restore enabled */ -}} {{""}} 56 | 57 | 58 | # third level: peers retrieve/restore data 59 | {{- if or $.Values.flow.peer.restore.enabled $.Values.flow.couchdb.restore.enabled }} 60 | {{- range $i, $org := .Values.PeerOrgs }} 61 | {{- range $peerIndex := until ($org.Template.Count | int) }} 62 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 63 | 64 | - name: restore-peer--{{ $org.Name | lower }}--{{ $peer | lower }} 65 | steps: 66 | - - name: retrieve-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 67 | template: retrieve-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 68 | - - name: restore-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 69 | template: restore-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 70 | arguments: 71 | artifacts: 72 | - name: peer-backup 73 | from: "{{ "{{" }}steps.retrieve-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }}.outputs.artifacts.peer-backup{{ "}}" }}" 74 | 75 | {{- end }} {{- /* Peers */ -}} 76 | {{- end }} {{- /* Orgs */ -}} 77 | {{- end }} {{- /* if peer/couchdb restore enabled */ -}} {{""}} 78 | 79 | # third level: orderers retrieve/restore data 80 | {{- if $.Values.flow.orderer.restore.enabled }} 81 | {{- range $i, $org := .Values.OrdererOrgs }} 82 | {{- range $i, $host := $org.Specs }} 83 | {{- range $orderer := until ($.Values.flow.orderer.replicas | int) }} 84 | 85 | - name: restore-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 86 | steps: 87 | - - name: retrieve-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 88 | template: retrieve-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 89 | - - name: restore-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 90 | template: restore-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 91 | arguments: 92 | artifacts: 93 | - name: orderer-backup 94 | from: "{{ "{{" }}steps.retrieve-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }}.outputs.artifacts.orderer-backup{{ "}}" }}" 95 | 96 | {{- end }} {{- /* orderer */ -}} 97 | {{- end }} {{- /* org.Specs */ -}} 98 | {{- end }} {{- /* OrdererOrgs */ -}} 99 | {{- end }} {{- /* if orderer restore enabled */ -}} {{""}} 100 | 101 | # leaf retrieve-peer-data templates 102 | {{- if or $.Values.flow.peer.restore.enabled $.Values.flow.couchdb.restore.enabled }} 103 | {{- range $i, $org := .Values.PeerOrgs }} 104 | {{- range $peerIndex := until ($org.Template.Count | int) }} 105 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 106 | 107 | - name: retrieve-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 108 | # org: {{ $org.Name }} 109 | # peer: {{ $peer }} 110 | # backupKey: {{ $backupKey }} 111 | retryStrategy: 112 | limit: {{ $.Values.retryCount }} 113 | 114 | {{- if eq $.Values.backup.target.type "azureBlobStorage" }} 115 | container: 116 | image: microsoft/azure-cli:latest 117 | command: ["sh", "-c", "mkdir /hlf-backup && \ 118 | \ 119 | az storage blob download-batch \ 120 | --destination /hlf-backup/ \ 121 | --source {{ required "backup.target.azureBlobStorage.source is required!" $.Values.backup.target.azureBlobStorage.source }} \ 122 | --pattern '{{ $backupKey }}/PeerOrgs/{{ $org.Name }}/{{ $peer }}/*' \ 123 | --account-name {{ required "backup.target.azureBlobStorage.accountName is required!" $.Values.backup.target.azureBlobStorage.accountName }} \ 124 | "] 125 | env: 126 | - name: AZURE_STORAGE_KEY 127 | value: {{ required "backup.target.azureBlobStorage.accessKey is required!" $.Values.backup.target.azureBlobStorage.accessKey }} 128 | outputs: 129 | artifacts: 130 | - name: peer-backup 131 | path: /hlf-backup/{{ $backupKey }}/PeerOrgs/{{ $org.Name }}/{{ $peer }}/ 132 | 133 | {{- end }} 134 | 135 | {{- end }} {{- /* Peers */ -}} 136 | {{- end }} {{- /* Orgs */ -}} 137 | {{- end }} {{- /* if peer/couchdb restore enabled */ -}} {{""}} 138 | 139 | 140 | # leaf restore-peer-data templates 141 | {{- if or $.Values.flow.peer.restore.enabled $.Values.flow.couchdb.restore.enabled }} 142 | {{- range $i, $org := .Values.PeerOrgs }} 143 | {{- range $peerIndex := until ($org.Template.Count | int) }} 144 | {{- $peer := (printf "peer%s" ($peerIndex | toString)) }} 145 | 146 | - name: restore-peer-data--{{ $org.Name | lower }}--{{ $peer | lower }} 147 | # org: {{ $org.Name }} 148 | # peer: {{ $peer }} 149 | inputs: 150 | artifacts: 151 | - name: peer-backup 152 | path: /hlf-backup/ 153 | retryStrategy: 154 | limit: {{ $.Values.retryCount }} 155 | container: 156 | image: axiom/rsync-server:latest 157 | command: ["sh", "-c", "rsync -avz /hlf-backup/ rsync://user@hlf-peer-rsync--{{ $org.Name | lower }}--{{ $peer | lower }}/volume && \ 158 | touch /hlf-backup/ready && \ 159 | rsync -avz /hlf-backup/ rsync://user@hlf-peer-rsync--{{ $org.Name | lower }}--{{ $peer | lower }}/volume"] 160 | env: 161 | - name: RSYNC_PASSWORD 162 | value: pass 163 | 164 | 165 | {{- end }} {{- /* Peers */ -}} 166 | {{- end }} {{- /* Orgs */ -}} 167 | {{- end }} {{- /* if peer/couchdb restore enabled */ -}} {{""}} 168 | 169 | # leaf retrieve-orderer-data templates 170 | {{- if $.Values.flow.orderer.restore.enabled }} 171 | {{- range $i, $org := .Values.OrdererOrgs }} 172 | {{- range $i, $host := $org.Specs }} 173 | {{- range $orderer := until ($.Values.flow.orderer.replicas | int) }} 174 | 175 | - name: retrieve-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 176 | # org: {{ $org.Name }} 177 | # hostname: {{ $host.Hostname }} 178 | # orderer: {{ $orderer }} 179 | # backupKey: {{ $backupKey }} 180 | retryStrategy: 181 | limit: {{ $.Values.retryCount }} 182 | 183 | container: 184 | 185 | {{- if eq $.Values.backup.target.type "azureBlobStorage" }} 186 | image: microsoft/azure-cli:latest 187 | command: ["sh", "-c", "mkdir /hlf-backup && \ 188 | \ 189 | az storage blob download-batch \ 190 | --destination /hlf-backup/ \ 191 | --source {{ required "backup.target.azureBlobStorage.source is required!" $.Values.backup.target.azureBlobStorage.source }} \ 192 | --pattern '{{ $backupKey }}/OrdererOrgs/{{ $org.Name }}/{{ $host.Hostname }}/{{ $orderer }}/*' \ 193 | --account-name {{ required "backup.target.azureBlobStorage.accountName is required!" $.Values.backup.target.azureBlobStorage.accountName }} \ 194 | "] 195 | env: 196 | - name: AZURE_STORAGE_KEY 197 | value: {{ required "backup.target.azureBlobStorage.accessKey is required!" $.Values.backup.target.azureBlobStorage.accessKey }} 198 | outputs: 199 | artifacts: 200 | - name: orderer-backup 201 | path: /hlf-backup/{{ $backupKey }}/OrdererOrgs/{{ $org.Name }}/{{ $host.Hostname }}/{{ $orderer }}/ 202 | {{- end }} 203 | 204 | {{- end }} {{- /* orderer */ -}} 205 | {{- end }} {{- /* org.Specs */ -}} 206 | {{- end }} {{- /* OrdererOrgs */ -}} 207 | {{- end }} {{- /* if orderer restore enabled */ -}} {{""}} 208 | 209 | # leaf restore-orderer-data templates 210 | {{- if $.Values.flow.orderer.restore.enabled }} 211 | {{- range $i, $org := .Values.OrdererOrgs }} 212 | {{- range $i, $host := $org.Specs }} 213 | {{- range $orderer := until ($.Values.flow.orderer.replicas | int) }} 214 | 215 | - name: restore-orderer-data--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}--{{ $orderer }} 216 | # org: {{ $org.Name }} 217 | # hostname: {{ $host.Hostname }} 218 | # orderer: {{ $orderer }} 219 | inputs: 220 | artifacts: 221 | - name: orderer-backup 222 | path: /hlf-backup/ 223 | retryStrategy: 224 | limit: {{ $.Values.retryCount }} 225 | container: 226 | image: axiom/rsync-server:latest 227 | command: ["sh", "-c", "rsync -avz /hlf-backup/ rsync://user@hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}-{{ $orderer }}.hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}/volume && \ 228 | touch /hlf-backup/ready && \ 229 | rsync -avz /hlf-backup/ rsync://user@hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}-{{ $orderer }}.hlf-orderer--{{ $org.Name | lower }}--{{ $host.Hostname | lower }}/volume"] 230 | env: 231 | - name: RSYNC_PASSWORD 232 | value: pass 233 | 234 | {{- end }} {{- /* orderer */ -}} 235 | {{- end }} {{- /* org.Specs */ -}} 236 | {{- end }} {{- /* OrdererOrgs */ -}} 237 | {{- end }} {{- /* if orderer restore enabled */ -}} {{""}} 238 | --- -------------------------------------------------------------------------------- /fabric-kube/restore-flow/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for hlf-kube. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # number of times to retry a failed leaf task 6 | retryCount: 4 7 | 8 | backup: 9 | # required. the key pointing to backup 10 | key: 11 | target: 12 | # only azureBlobStorage for now, feel free to implement S3 13 | type: azureBlobStorage 14 | azureBlobStorage: 15 | # storage account name 16 | accountName: 17 | # container name in storage account 18 | source: hlf-backup 19 | # credentials 20 | accessKey: 21 | 22 | flow: 23 | peer: 24 | restore: 25 | # restore peers data from backup? 26 | enabled: true 27 | couchdb: 28 | restore: 29 | # restore CouchDB's data from backup? 30 | enabled: true 31 | orderer: 32 | replicas: 1 33 | restore: 34 | # restore orderers data from backup? 35 | enabled: true 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /fabric-kube/samples/chaincode/README.md: -------------------------------------------------------------------------------- 1 | Some primitive chaincodes for demonstration. 2 | -------------------------------------------------------------------------------- /fabric-kube/samples/chaincode/even-simpler/even-simpler.js: -------------------------------------------------------------------------------- 1 | const shim = require('fabric-shim'); 2 | const logger = shim.newLogger('chaincode'); 3 | 4 | const Chaincode = class { 5 | async Init() { 6 | logger.info("even-simpler init", ""); 7 | return shim.success(); 8 | } 9 | 10 | async Invoke(stub) { 11 | const ret = stub.getFunctionAndParameters(); 12 | logger.info(ret); 13 | 14 | const method = this[ret.fcn]; 15 | if (!method) { 16 | logger.info('no function of name:${ret.fcn} found'); 17 | return shim.error(`Received unknown function ${ret.fcn} invocation`); 18 | } 19 | try { 20 | const payload = await method(stub, ret.params); 21 | return shim.success(payload); 22 | } catch (err) { 23 | logger.info(err); 24 | return shim.error(err); 25 | } 26 | } 27 | 28 | async ping() { 29 | logger.info("ping called with update", ""); 30 | const answer = { ping: 'pong with update' }; 31 | return Buffer.from(JSON.stringify(answer), 'utf8'); 32 | } 33 | }; 34 | 35 | module.exports = Chaincode; 36 | -------------------------------------------------------------------------------- /fabric-kube/samples/chaincode/even-simpler/index.js: -------------------------------------------------------------------------------- 1 | const shim = require('fabric-shim'); 2 | const Chaincode = require('./even-simpler'); 3 | 4 | shim.start(new Chaincode()); 5 | -------------------------------------------------------------------------------- /fabric-kube/samples/chaincode/even-simpler/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "even-simpler", 3 | "version": "1.0.0", 4 | "description": "even-simpler chaincode implemented in node.js", 5 | "engines": { 6 | "node": ">=8.4.0", 7 | "npm": ">=5.3.0" 8 | }, 9 | "scripts": { 10 | "start": "node index.js" 11 | }, 12 | "engine-strict": true, 13 | "license": "Apache-2.0", 14 | "dependencies": { 15 | "fabric-shim": "1.4.0" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /fabric-kube/samples/chaincode/very-simple/index.js: -------------------------------------------------------------------------------- 1 | const shim = require('fabric-shim'); 2 | const Chaincode = require('./very-simple'); 3 | 4 | shim.start(new Chaincode()); 5 | -------------------------------------------------------------------------------- /fabric-kube/samples/chaincode/very-simple/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "simplest-ever", 3 | "version": "1.0.0", 4 | "description": "simplest-ever chaincode implemented in node.js", 5 | "engines": { 6 | "node": ">=8.4.0", 7 | "npm": ">=5.3.0" 8 | }, 9 | "scripts": { 10 | "start": "node index.js" 11 | }, 12 | "engine-strict": true, 13 | "license": "Apache-2.0", 14 | "dependencies": { 15 | "fabric-shim": "1.4.0" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /fabric-kube/samples/chaincode/very-simple/very-simple.js: -------------------------------------------------------------------------------- 1 | const shim = require('fabric-shim'); 2 | const logger = shim.newLogger('chaincode'); 3 | 4 | const Chaincode = class { 5 | async Init() { 6 | logger.info("very-simple init", ""); 7 | return shim.success(); 8 | } 9 | 10 | async Invoke(stub) { 11 | const ret = stub.getFunctionAndParameters(); 12 | logger.info(ret); 13 | 14 | const method = this[ret.fcn]; 15 | if (!method) { 16 | logger.info(`no function of name:${ret.fcn} found`); 17 | return shim.error(`Received unknown function ${ret.fcn} invocation`); 18 | } 19 | try { 20 | const payload = await method(stub, ret.params); 21 | return shim.success(payload); 22 | } catch (err) { 23 | logger.info(err); 24 | return shim.error(err); 25 | } 26 | } 27 | 28 | async ping() { 29 | logger.info("ping called with update", ""); 30 | const answer = { ping: 'pong with update' }; 31 | return Buffer.from(JSON.stringify(answer), 'utf8'); 32 | } 33 | }; 34 | 35 | module.exports = Chaincode; 36 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-kafka/.gitignore: -------------------------------------------------------------------------------- 1 | crypto-config/ 2 | channel-artifacts/ -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-kafka/README.md: -------------------------------------------------------------------------------- 1 | A scaled up HL Fabric network with 3 nodes of Kafka orderer and 2 peers per organization. 2 | Also installs backing up Kafka cluster. No persistence. 3 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-kafka/configtx.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | ################################################################################ 4 | # 5 | # Section: Organizations 6 | # 7 | # - This section defines the different organizational identities which will 8 | # be referenced later in the configuration. 9 | # 10 | ################################################################################ 11 | Organizations: 12 | 13 | # SampleOrg defines an MSP using the sampleconfig. It should never be used 14 | # in production but may be used as a template for other definitions 15 | - &AreteOrderer 16 | # DefaultOrg defines the organization which is used in the sampleconfig 17 | # of the fabric.git development environment 18 | Name: AreteOrdererMSP 19 | 20 | # ID to load the MSP definition as 21 | ID: AreteOrdererMSP 22 | 23 | # MSPDir is the filesystem path which contains the MSP configuration 24 | MSPDir: /hlf-orderer--areteorderer/msp 25 | 26 | # Policies defines the set of policies at this level of the config tree 27 | # For organization policies, their canonical path is usually 28 | # /Channel/// 29 | # Policies: 30 | # Readers: 31 | # Type: Signature 32 | # Rule: "OR('AreteOrdererMSP.member')" 33 | # Writers: 34 | # Type: Signature 35 | # Rule: "OR('AreteOrdererMSP.member')" 36 | # Admins: 37 | # Type: Signature 38 | # Rule: "OR('AreteOrdererMSP.admin')" 39 | 40 | - &AreteCorporate 41 | # DefaultOrg defines the organization which is used in the sampleconfig 42 | # of the fabric.git development environment 43 | Name: AreteCorporateMSP 44 | 45 | # ID to load the MSP definition as 46 | ID: AreteCorporateMSP 47 | 48 | MSPDir: /hlf-peer-org--aretecorporate/msp 49 | 50 | # Policies defines the set of policies at this level of the config tree 51 | # For organization policies, their canonical path is usually 52 | # /Channel/// 53 | # Policies: 54 | # Readers: 55 | # Type: Signature 56 | # Rule: "OR('AreteCorporateMSP.admin', 'AreteCorporateMSP.peer', 'AreteCorporateMSP.client')" 57 | # Writers: 58 | # Type: Signature 59 | # Rule: "OR('AreteCorporateMSP.admin', 'AreteCorporateMSP.client')" 60 | # Admins: 61 | # Type: Signature 62 | # Rule: "OR('AreteCorporateMSP.admin')" 63 | 64 | AnchorPeers: 65 | # AnchorPeers defines the location of peers which can be used 66 | # for cross org gossip communication. Note, this value is only 67 | # encoded in the genesis block in the Application section context 68 | - Host: hlf-peer--aretecorporate--peer0 69 | Port: 7051 70 | 71 | - &ABCVendor 72 | # DefaultOrg defines the organization which is used in the sampleconfig 73 | # of the fabric.git development environment 74 | Name: ABCVendorMSP 75 | 76 | # ID to load the MSP definition as 77 | ID: ABCVendorMSP 78 | 79 | MSPDir: /hlf-peer-org--abcvendor/msp 80 | 81 | # Policies defines the set of policies at this level of the config tree 82 | # For organization policies, their canonical path is usually 83 | # /Channel/// 84 | # Policies: 85 | # Readers: 86 | # Type: Signature 87 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.peer', 'ABCVendorMSP.client')" 88 | # Writers: 89 | # Type: Signature 90 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.client')" 91 | # Admins: 92 | # Type: Signature 93 | # Rule: "OR('ABCVendorMSP.admin')" 94 | 95 | AnchorPeers: 96 | # AnchorPeers defines the location of peers which can be used 97 | # for cross org gossip communication. Note, this value is only 98 | # encoded in the genesis block in the Application section context 99 | - Host: hlf-peer--abcvendor--peer0 100 | Port: 7051 101 | 102 | 103 | ################################################################################ 104 | # 105 | # SECTION: Capabilities 106 | # 107 | # - This section defines the capabilities of fabric network. This is a new 108 | # concept as of v1.1.0 and should not be utilized in mixed networks with 109 | # v1.0.x peers and orderers. Capabilities define features which must be 110 | # present in a fabric binary for that binary to safely participate in the 111 | # fabric network. For instance, if a new MSP type is added, newer binaries 112 | # might recognize and validate the signatures from this type, while older 113 | # binaries without this support would be unable to validate those 114 | # transactions. This could lead to different versions of the fabric binaries 115 | # having different world states. Instead, defining a capability for a channel 116 | # informs those binaries without this capability that they must cease 117 | # processing transactions until they have been upgraded. For v1.0.x if any 118 | # capabilities are defined (including a map with all capabilities turned off) 119 | # then the v1.0.x peer will deliberately crash. 120 | # 121 | ################################################################################ 122 | Capabilities: 123 | # Channel capabilities apply to both the orderers and the peers and must be 124 | # supported by both. 125 | # Set the value of the capability to true to require it. 126 | Channel: &ChannelCapabilities 127 | # V1.4.2 for Channel is a catchall flag for behavior which has been 128 | # determined to be desired for all orderers and peers running at the v1.4.2 129 | # level, but which would be incompatible with orderers and peers from 130 | # prior releases. 131 | # Prior to enabling V1.4.2 channel capabilities, ensure that all 132 | # orderers and peers on a channel are at v1.4.2 or later. 133 | V1_4_2: true 134 | V1_3: false 135 | V1_1: false 136 | # Orderer capabilities apply only to the orderers, and may be safely 137 | # manipulated without concern for upgrading peers. Set the value of the 138 | # capability to true to require it. 139 | Orderer: &OrdererCapabilities 140 | # V1.1 for Order is a catchall flag for behavior which has been 141 | # determined to be desired for all orderers running v1.0.x, but the 142 | # modification of which would cause incompatibilities. Users should 143 | # leave this flag set to true. 144 | V1_4_2: true 145 | V1_1: false 146 | 147 | # Application capabilities apply only to the peer network, and may be safely 148 | # manipulated without concern for upgrading orderers. Set the value of the 149 | # capability to true to require it. 150 | Application: &ApplicationCapabilities 151 | # V1.2 for Application is a catchall flag for behavior which has been 152 | # determined to be desired for all peers running v1.0.x, but the 153 | # modification of which would cause incompatibilities. Users should 154 | # leave this flag set to true. 155 | V1_4_2: true 156 | V1_3: false 157 | V1_2: false 158 | V1_1: false 159 | 160 | ################################################################################ 161 | # 162 | # APPLICATION 163 | # 164 | # This section defines the values to encode into a config transaction or 165 | # genesis block for application-related parameters. 166 | # 167 | ################################################################################ 168 | Application: &ApplicationDefaults 169 | 170 | # Organizations lists the orgs participating on the application side of the 171 | # network. 172 | Organizations: 173 | 174 | # Policies defines the set of policies at this level of the config tree 175 | # For Application policies, their canonical path is 176 | # /Channel/Application/ 177 | # Policies: 178 | # Readers: 179 | # Type: ImplicitMeta 180 | # Rule: "ANY Readers" 181 | # Writers: 182 | # Type: ImplicitMeta 183 | # Rule: "ANY Writers" 184 | # Admins: 185 | # Type: ImplicitMeta 186 | # Rule: "MAJORITY Admins" 187 | 188 | # Capabilities describes the application level capabilities, see the 189 | # dedicated Capabilities section elsewhere in this file for a full 190 | # description 191 | Capabilities: 192 | <<: *ApplicationCapabilities 193 | 194 | ################################################################################ 195 | # 196 | # SECTION: Orderer 197 | # 198 | # - This section defines the values to encode into a config transaction or 199 | # genesis block for orderer related parameters 200 | # 201 | ################################################################################ 202 | Orderer: &OrdererDefaults 203 | 204 | # Orderer Type: The orderer implementation to start 205 | # Available types are "solo" and "kafka" 206 | OrdererType: kafka 207 | 208 | Addresses: 209 | - hlf-orderer--areteorderer--orderer0:7050 210 | 211 | # Batch Timeout: The amount of time to wait before creating a batch 212 | BatchTimeout: 1s 213 | 214 | # Batch Size: Controls the number of messages batched into a block 215 | BatchSize: 216 | 217 | # Max Message Count: The maximum number of messages to permit in a batch 218 | MaxMessageCount: 5 219 | 220 | # Absolute Max Bytes: The absolute maximum number of bytes allowed for 221 | # the serialized messages in a batch. 222 | AbsoluteMaxBytes: 98 MB 223 | 224 | # Preferred Max Bytes: The preferred maximum number of bytes allowed for 225 | # the serialized messages in a batch. A message larger than the preferred 226 | # max bytes will result in a batch larger than preferred max bytes. 227 | PreferredMaxBytes: 1024 KB 228 | 229 | Kafka: 230 | # Brokers: A list of Kafka brokers to which the orderer connects 231 | # NOTE: Use IP:port notation 232 | Brokers: 233 | - hlf-kafka-service:9092 234 | 235 | 236 | # Organizations is the list of orgs which are defined as participants on 237 | # the orderer side of the network 238 | Organizations: 239 | 240 | # Policies defines the set of policies at this level of the config tree 241 | # For Orderer policies, their canonical path is 242 | # /Channel/Orderer/ 243 | # Policies: 244 | # Readers: 245 | # Type: ImplicitMeta 246 | # Rule: "ANY Readers" 247 | # Writers: 248 | # Type: ImplicitMeta 249 | # Rule: "ANY Writers" 250 | # Admins: 251 | # Type: ImplicitMeta 252 | # Rule: "MAJORITY Admins" 253 | # # BlockValidation specifies what signatures must be included in the block 254 | # # from the orderer for the peer to validate it. 255 | # BlockValidation: 256 | # Type: ImplicitMeta 257 | # Rule: "ANY Writers" 258 | 259 | # Capabilities describes the orderer level capabilities, see the 260 | # dedicated Capabilities section elsewhere in this file for a full 261 | # description 262 | Capabilities: 263 | <<: *OrdererCapabilities 264 | 265 | ################################################################################ 266 | # 267 | # CHANNEL 268 | # 269 | # This section defines the values to encode into a config transaction or 270 | # genesis block for channel related parameters. 271 | # 272 | ################################################################################ 273 | Channel: &ChannelDefaults 274 | # Policies defines the set of policies at this level of the config tree 275 | # For Channel policies, their canonical path is 276 | # /Channel/ 277 | # Policies: 278 | # # Who may invoke the 'Deliver' API 279 | # Readers: 280 | # Type: ImplicitMeta 281 | # Rule: "ANY Readers" 282 | # # Who may invoke the 'Broadcast' API 283 | # Writers: 284 | # Type: ImplicitMeta 285 | # Rule: "ANY Writers" 286 | # # By default, who may modify elements at this config level 287 | # Admins: 288 | # Type: ImplicitMeta 289 | # Rule: "MAJORITY Admins" 290 | 291 | # Capabilities describes the channel level capabilities, see the 292 | # dedicated Capabilities section elsewhere in this file for a full 293 | # description 294 | Capabilities: 295 | <<: *ChannelCapabilities 296 | 297 | ################################################################################ 298 | # 299 | # Profile 300 | # 301 | # - Different configuration profiles may be encoded here to be specified 302 | # as parameters to the configtxgen tool 303 | # 304 | ################################################################################ 305 | Profiles: 306 | 307 | OrdererGenesis: 308 | <<: *ChannelDefaults 309 | Orderer: 310 | <<: *OrdererDefaults 311 | Organizations: 312 | - *AreteOrderer 313 | 314 | Consortiums: 315 | TheConsortium: 316 | Organizations: 317 | - *AreteCorporate 318 | - *ABCVendor 319 | 320 | SecondConsortium: 321 | Organizations: 322 | - *AreteCorporate 323 | 324 | common: 325 | Consortium: TheConsortium 326 | <<: *ChannelDefaults 327 | Application: 328 | <<: *ApplicationDefaults 329 | Organizations: 330 | - *AreteCorporate 331 | - *ABCVendor 332 | 333 | private-arete: 334 | Consortium: TheConsortium 335 | <<: *ChannelDefaults 336 | Application: 337 | <<: *ApplicationDefaults 338 | Organizations: 339 | - *AreteCorporate 340 | 341 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-kafka/crypto-config.yaml: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------- 2 | # "OrdererOrgs" - Definition of organizations managing orderer nodes 3 | # --------------------------------------------------------------------------- 4 | OrdererOrgs: 5 | # --------------------------------------------------------------------------- 6 | # Orderer 7 | # --------------------------------------------------------------------------- 8 | - Name: AreteOrderer 9 | Domain: arete.com 10 | Specs: 11 | - Hostname: orderer0 12 | # --------------------------------------------------------------------------- 13 | # "PeerOrgs" - Definition of organizations managing peer nodes 14 | # --------------------------------------------------------------------------- 15 | PeerOrgs: 16 | - Name: AreteCorporate 17 | Domain: corporate.arete.com 18 | EnableNodeOUs: true 19 | Template: 20 | Count: 2 21 | Users: 22 | Count: 1 23 | 24 | - Name: ABCVendor 25 | Domain: vendor.abc.com 26 | EnableNodeOUs: true 27 | Template: 28 | Count: 1 29 | Users: 30 | Count: 1 31 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-kafka/network.yaml: -------------------------------------------------------------------------------- 1 | network: 2 | # used by init script to create genesis block and by peer-org-flow to parse consortiums 3 | genesisProfile: OrdererGenesis 4 | # used by init script to create genesis block 5 | systemChannelID: aretechainid 6 | 7 | # defines which organizations will join to which channels 8 | channels: 9 | - name: common 10 | # all peers in these organizations will join the channel 11 | orgs: [AreteCorporate, ABCVendor] 12 | - name: private-arete 13 | # all peers in these organizations will join the channel 14 | orgs: [AreteCorporate] 15 | 16 | # defines which chaincodes will be installed to which organizations 17 | chaincodes: 18 | - name: very-simple 19 | # if defined, this will override the global chaincode.version value 20 | version: # "2.0" 21 | # chaincode will be installed to all peers in these organizations 22 | orgs: [AreteCorporate, ABCVendor] 23 | # at which channels are we instantiating/upgrading chaincode? 24 | channels: 25 | - name: common 26 | # chaincode will be instantiated/upgraded using the first peer in the first organization 27 | # chaincode will be invoked on all peers in these organizations 28 | orgs: [AreteCorporate, ABCVendor] 29 | policy: OR('AreteCorporateMSP.member','ABCVendorMSP.member') 30 | 31 | - name: even-simpler 32 | orgs: [AreteCorporate] 33 | channels: 34 | - name: private-arete 35 | orgs: [AreteCorporate] 36 | policy: OR('AreteCorporateMSP.member') 37 | 38 | 39 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-kafka/values.yaml: -------------------------------------------------------------------------------- 1 | orderer: 2 | replicas: 3 3 | 4 | hlf-kafka: 5 | enabled: true 6 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-kafka/vault.yaml: -------------------------------------------------------------------------------- 1 | vault: 2 | type: pvc 3 | pvc: 4 | storageClass: azurefile 5 | size: 1Gi 6 | 7 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-raft-tls/.gitignore: -------------------------------------------------------------------------------- 1 | crypto-config/ 2 | channel-artifacts/ -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-raft-tls/README.md: -------------------------------------------------------------------------------- 1 | A scaled up HL Fabric network with 3 nodes of Raft orderer spanning 2 organizations and 2 peers per organization. 2 | Also demonstrates how TLS can be enabled and actual domain names (instead of internal Kubernetes service names) can be used. 3 | 4 | Transparent load balancing is not posssible because of TLS as of Fabric 1.4.1. 5 | https://jira.hyperledger.org/browse/FAB-15648 6 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-raft-tls/crypto-config.yaml: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------- 2 | # "OrdererOrgs" - Definition of organizations managing orderer nodes 3 | # --------------------------------------------------------------------------- 4 | OrdererOrgs: 5 | # --------------------------------------------------------------------------- 6 | # Orderer 7 | # --------------------------------------------------------------------------- 8 | - Name: AreteOrderer 9 | Domain: arete.com 10 | Specs: 11 | - Hostname: orderer0 12 | - Hostname: orderer1 13 | 14 | - Name: ABCOrderer 15 | Domain: abc.com 16 | Specs: 17 | - Hostname: orderer0 18 | # --------------------------------------------------------------------------- 19 | # "PeerOrgs" - Definition of organizations managing peer nodes 20 | # --------------------------------------------------------------------------- 21 | PeerOrgs: 22 | - Name: AreteCorporate 23 | Domain: corporate.arete.com 24 | EnableNodeOUs: true 25 | Template: 26 | Count: 2 27 | Users: 28 | Count: 1 29 | 30 | - Name: ABCVendor 31 | Domain: vendor.abc.com 32 | EnableNodeOUs: true 33 | Template: 34 | Count: 1 35 | Users: 36 | Count: 1 37 | 38 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-raft-tls/extended/crypto-config.yaml: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------- 2 | # "OrdererOrgs" - Definition of organizations managing orderer nodes 3 | # --------------------------------------------------------------------------- 4 | OrdererOrgs: 5 | # --------------------------------------------------------------------------- 6 | # Orderer 7 | # --------------------------------------------------------------------------- 8 | - Name: AreteOrderer 9 | Domain: arete.com 10 | Specs: 11 | - Hostname: orderer0 12 | - Hostname: orderer1 13 | 14 | - Name: ABCOrderer 15 | Domain: abc.com 16 | Specs: 17 | - Hostname: orderer0 18 | # --------------------------------------------------------------------------- 19 | # "PeerOrgs" - Definition of organizations managing peer nodes 20 | # --------------------------------------------------------------------------- 21 | PeerOrgs: 22 | - Name: AreteCorporate 23 | Domain: corporate.arete.com 24 | EnableNodeOUs: true 25 | Template: 26 | Count: 2 27 | Users: 28 | Count: 1 29 | 30 | - Name: ABCVendor 31 | Domain: vendor.abc.com 32 | EnableNodeOUs: true 33 | Template: 34 | Count: 1 35 | Users: 36 | Count: 1 37 | 38 | - Name: DEFVendor 39 | Domain: vendor.def.com 40 | EnableNodeOUs: true 41 | Template: 42 | Count: 1 43 | Users: 44 | Count: 1 45 | 46 | - Name: XYZVendor 47 | Domain: vendor.xyz.com 48 | EnableNodeOUs: true 49 | Template: 50 | Count: 1 51 | Users: 52 | Count: 1 -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-raft-tls/extended/network.yaml: -------------------------------------------------------------------------------- 1 | tlsEnabled: true 2 | useActualDomains: true 3 | 4 | network: 5 | # used by init script to create genesis block and by peer-org-flow to parse consortiums 6 | genesisProfile: OrdererGenesis 7 | # used by init script to create genesis block 8 | systemChannelID: testchainid 9 | 10 | # defines which organizations will join to which channels 11 | channels: 12 | - name: common 13 | # all peers in these organizations will join the channel 14 | orgs: [Karga, Nevergreen, Atlantis, Valhalla, Cimmeria] 15 | - name: private-karga-atlantis 16 | # all peers in these organizations will join the channel 17 | orgs: [Karga, Atlantis] 18 | - name: private-valhalla-cimmeria 19 | # all peers in these organizations will join the channel 20 | orgs: [Valhalla, Cimmeria] 21 | - name: private-karga-valhalla-cimmeria 22 | # all peers in these organizations will join the channel 23 | orgs: [Karga, Valhalla, Cimmeria] 24 | 25 | # defines which chaincodes will be installed to which organizations 26 | chaincodes: 27 | - name: very-simple 28 | # if defined, this will override the global chaincode.version value 29 | version: # "2.0" 30 | # chaincode will be installed to all peers in these organizations 31 | orgs: [Karga, Nevergreen, Atlantis, Valhalla, Cimmeria] 32 | # at which channels are we instantiating/upgrading chaincode? 33 | channels: 34 | - name: common 35 | # chaincode will be instantiated/upgraded using the first peer in the first organization 36 | # chaincode will be invoked on all peers in these organizations 37 | orgs: [Karga, Nevergreen, Atlantis, Valhalla, Cimmeria] 38 | policy: OR('KargaMSP.member','NevergreenMSP.member','AtlantisMSP.member','ValhallaMSP.member','CimmeriaMSP.member') 39 | 40 | - name: even-simpler 41 | orgs: [Karga, Atlantis,Valhalla, Cimmeria] 42 | channels: 43 | - name: private-karga-atlantis 44 | orgs: [Karga, Atlantis] 45 | policy: OR('KargaMSP.member','AtlantisMSP.member') 46 | - name: private-valhalla-cimmeria 47 | orgs: [Valhalla, Cimmeria] 48 | policy: OR('ValhallaMSP.member','CimmeriaMSP.member') 49 | - name: private-karga-valhalla-cimmeria 50 | orgs: [Karga, Valhalla, Cimmeria] 51 | policy: OR('KargaMSP.member','ValhallaMSP.member','CimmeriaMSP.member') 52 | 53 | 54 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-raft-tls/network.yaml: -------------------------------------------------------------------------------- 1 | tlsEnabled: true 2 | useActualDomains: true 3 | 4 | network: 5 | # used by init script to create genesis block and by peer-org-flow to parse consortiums 6 | genesisProfile: OrdererGenesis 7 | # used by init script to create genesis block 8 | systemChannelID: aretechainid 9 | 10 | # defines which organizations will join to which channels 11 | channels: 12 | - name: common 13 | # all peers in these organizations will join the channel 14 | orgs: [AreteCorporate, ABCVendor] 15 | - name: private-arete 16 | # all peers in these organizations will join the channel 17 | orgs: [AreteCorporate] 18 | 19 | # defines which chaincodes will be installed to which organizations 20 | chaincodes: 21 | - name: very-simple 22 | # if defined, this will override the global chaincode.version value 23 | version: # "2.0" 24 | # chaincode will be installed to all peers in these organizations 25 | orgs: [AreteCorporate, ABCVendor] 26 | # at which channels are we instantiating/upgrading chaincode? 27 | channels: 28 | - name: common 29 | # chaincode will be instantiated/upgraded using the first peer in the first organization 30 | # chaincode will be invoked on all peers in these organizations 31 | orgs: [AreteCorporate, ABCVendor] 32 | policy: OR('AreteCorporateMSP.member','ABCVendorMSP.member') 33 | 34 | - name: even-simpler 35 | orgs: [AreteCorporate] 36 | channels: 37 | - name: private-arete 38 | orgs: [AreteCorporate] 39 | policy: OR('AreteCorporateMSP.member') 40 | 41 | 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-raft-tls/persistence.yaml: -------------------------------------------------------------------------------- 1 | peer: 2 | persistence: 3 | enabled: true 4 | 5 | orderer: 6 | persistence: 7 | enabled: true 8 | 9 | couchdb: 10 | persistence: 11 | enabled: true -------------------------------------------------------------------------------- /fabric-kube/samples/scaled-raft-tls/vault.yaml: -------------------------------------------------------------------------------- 1 | vault: 2 | type: pvc 3 | pvc: 4 | storageClass: azurefile 5 | size: 1Gi 6 | 7 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple-persistent/.gitignore: -------------------------------------------------------------------------------- 1 | crypto-config/ 2 | channel-artifacts/ -------------------------------------------------------------------------------- /fabric-kube/samples/simple-persistent/README.md: -------------------------------------------------------------------------------- 1 | A simple HL Fabric network with Solo orderer and one peer per organization and also with persistence. 2 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple-persistent/configtx.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | ################################################################################ 4 | # 5 | # Section: Organizations 6 | # 7 | # - This section defines the different organizational identities which will 8 | # be referenced later in the configuration. 9 | # 10 | ################################################################################ 11 | Organizations: 12 | 13 | # SampleOrg defines an MSP using the sampleconfig. It should never be used 14 | # in production but may be used as a template for other definitions 15 | - &AreteOrderer 16 | # DefaultOrg defines the organization which is used in the sampleconfig 17 | # of the fabric.git development environment 18 | Name: AreteOrdererMSP 19 | 20 | # ID to load the MSP definition as 21 | ID: AreteOrdererMSP 22 | 23 | # MSPDir is the filesystem path which contains the MSP configuration 24 | MSPDir: /hlf-orderer--areteorderer/msp 25 | 26 | # Policies defines the set of policies at this level of the config tree 27 | # For organization policies, their canonical path is usually 28 | # /Channel/// 29 | # Policies: 30 | # Readers: 31 | # Type: Signature 32 | # Rule: "OR('AreteOrdererMSP.member')" 33 | # Writers: 34 | # Type: Signature 35 | # Rule: "OR('AreteOrdererMSP.member')" 36 | # Admins: 37 | # Type: Signature 38 | # Rule: "OR('AreteOrdererMSP.admin')" 39 | 40 | - &AreteCorporate 41 | # DefaultOrg defines the organization which is used in the sampleconfig 42 | # of the fabric.git development environment 43 | Name: AreteCorporateMSP 44 | 45 | # ID to load the MSP definition as 46 | ID: AreteCorporateMSP 47 | 48 | MSPDir: /hlf-peer-org--aretecorporate/msp 49 | 50 | # Policies defines the set of policies at this level of the config tree 51 | # For organization policies, their canonical path is usually 52 | # /Channel/// 53 | # Policies: 54 | # Readers: 55 | # Type: Signature 56 | # Rule: "OR('AreteCorporateMSP.admin', 'AreteCorporateMSP.peer', 'AreteCorporateMSP.client')" 57 | # Writers: 58 | # Type: Signature 59 | # Rule: "OR('AreteCorporateMSP.admin', 'AreteCorporateMSP.client')" 60 | # Admins: 61 | # Type: Signature 62 | # Rule: "OR('AreteCorporateMSP.admin')" 63 | 64 | AnchorPeers: 65 | # AnchorPeers defines the location of peers which can be used 66 | # for cross org gossip communication. Note, this value is only 67 | # encoded in the genesis block in the Application section context 68 | - Host: hlf-peer--aretecorporate--peer0 69 | Port: 7051 70 | 71 | - &ABCVendor 72 | # DefaultOrg defines the organization which is used in the sampleconfig 73 | # of the fabric.git development environment 74 | Name: ABCVendorMSP 75 | 76 | # ID to load the MSP definition as 77 | ID: ABCVendorMSP 78 | 79 | MSPDir: /hlf-peer-org--abcvendor/msp 80 | 81 | # Policies defines the set of policies at this level of the config tree 82 | # For organization policies, their canonical path is usually 83 | # /Channel/// 84 | # Policies: 85 | # Readers: 86 | # Type: Signature 87 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.peer', 'ABCVendorMSP.client')" 88 | # Writers: 89 | # Type: Signature 90 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.client')" 91 | # Admins: 92 | # Type: Signature 93 | # Rule: "OR('ABCVendorMSP.admin')" 94 | 95 | AnchorPeers: 96 | # AnchorPeers defines the location of peers which can be used 97 | # for cross org gossip communication. Note, this value is only 98 | # encoded in the genesis block in the Application section context 99 | - Host: hlf-peer--abcvendor--peer0 100 | Port: 7051 101 | 102 | 103 | ################################################################################ 104 | # 105 | # SECTION: Capabilities 106 | # 107 | # - This section defines the capabilities of fabric network. This is a new 108 | # concept as of v1.1.0 and should not be utilized in mixed networks with 109 | # v1.0.x peers and orderers. Capabilities define features which must be 110 | # present in a fabric binary for that binary to safely participate in the 111 | # fabric network. For instance, if a new MSP type is added, newer binaries 112 | # might recognize and validate the signatures from this type, while older 113 | # binaries without this support would be unable to validate those 114 | # transactions. This could lead to different versions of the fabric binaries 115 | # having different world states. Instead, defining a capability for a channel 116 | # informs those binaries without this capability that they must cease 117 | # processing transactions until they have been upgraded. For v1.0.x if any 118 | # capabilities are defined (including a map with all capabilities turned off) 119 | # then the v1.0.x peer will deliberately crash. 120 | # 121 | ################################################################################ 122 | Capabilities: 123 | # Channel capabilities apply to both the orderers and the peers and must be 124 | # supported by both. 125 | # Set the value of the capability to true to require it. 126 | Channel: &ChannelCapabilities 127 | # V1.4.2 for Channel is a catchall flag for behavior which has been 128 | # determined to be desired for all orderers and peers running at the v1.4.2 129 | # level, but which would be incompatible with orderers and peers from 130 | # prior releases. 131 | # Prior to enabling V1.4.2 channel capabilities, ensure that all 132 | # orderers and peers on a channel are at v1.4.2 or later. 133 | V1_4_2: true 134 | V1_3: false 135 | V1_1: false 136 | # Orderer capabilities apply only to the orderers, and may be safely 137 | # manipulated without concern for upgrading peers. Set the value of the 138 | # capability to true to require it. 139 | Orderer: &OrdererCapabilities 140 | # V1.1 for Order is a catchall flag for behavior which has been 141 | # determined to be desired for all orderers running v1.0.x, but the 142 | # modification of which would cause incompatibilities. Users should 143 | # leave this flag set to true. 144 | V1_4_2: true 145 | V1_1: false 146 | 147 | # Application capabilities apply only to the peer network, and may be safely 148 | # manipulated without concern for upgrading orderers. Set the value of the 149 | # capability to true to require it. 150 | Application: &ApplicationCapabilities 151 | # V1.2 for Application is a catchall flag for behavior which has been 152 | # determined to be desired for all peers running v1.0.x, but the 153 | # modification of which would cause incompatibilities. Users should 154 | # leave this flag set to true. 155 | V1_4_2: true 156 | V1_3: false 157 | V1_2: false 158 | V1_1: false 159 | 160 | ################################################################################ 161 | # 162 | # APPLICATION 163 | # 164 | # This section defines the values to encode into a config transaction or 165 | # genesis block for application-related parameters. 166 | # 167 | ################################################################################ 168 | Application: &ApplicationDefaults 169 | 170 | # Organizations lists the orgs participating on the application side of the 171 | # network. 172 | Organizations: 173 | 174 | # Policies defines the set of policies at this level of the config tree 175 | # For Application policies, their canonical path is 176 | # /Channel/Application/ 177 | # Policies: 178 | # Readers: 179 | # Type: ImplicitMeta 180 | # Rule: "ANY Readers" 181 | # Writers: 182 | # Type: ImplicitMeta 183 | # Rule: "ANY Writers" 184 | # Admins: 185 | # Type: ImplicitMeta 186 | # Rule: "MAJORITY Admins" 187 | 188 | # Capabilities describes the application level capabilities, see the 189 | # dedicated Capabilities section elsewhere in this file for a full 190 | # description 191 | Capabilities: 192 | <<: *ApplicationCapabilities 193 | 194 | ################################################################################ 195 | # 196 | # SECTION: Orderer 197 | # 198 | # - This section defines the values to encode into a config transaction or 199 | # genesis block for orderer related parameters 200 | # 201 | ################################################################################ 202 | Orderer: &OrdererDefaults 203 | 204 | # Orderer Type: The orderer implementation to start 205 | # Available types are "solo" and "kafka" 206 | OrdererType: solo 207 | 208 | Addresses: 209 | - hlf-orderer--areteorderer--orderer0:7050 210 | 211 | # Batch Timeout: The amount of time to wait before creating a batch 212 | BatchTimeout: 1s 213 | 214 | # Batch Size: Controls the number of messages batched into a block 215 | BatchSize: 216 | 217 | # Max Message Count: The maximum number of messages to permit in a batch 218 | MaxMessageCount: 5 219 | 220 | # Absolute Max Bytes: The absolute maximum number of bytes allowed for 221 | # the serialized messages in a batch. 222 | AbsoluteMaxBytes: 98 MB 223 | 224 | # Preferred Max Bytes: The preferred maximum number of bytes allowed for 225 | # the serialized messages in a batch. A message larger than the preferred 226 | # max bytes will result in a batch larger than preferred max bytes. 227 | PreferredMaxBytes: 1024 KB 228 | 229 | # Organizations is the list of orgs which are defined as participants on 230 | # the orderer side of the network 231 | Organizations: 232 | 233 | # Policies defines the set of policies at this level of the config tree 234 | # For Orderer policies, their canonical path is 235 | # /Channel/Orderer/ 236 | # Policies: 237 | # Readers: 238 | # Type: ImplicitMeta 239 | # Rule: "ANY Readers" 240 | # Writers: 241 | # Type: ImplicitMeta 242 | # Rule: "ANY Writers" 243 | # Admins: 244 | # Type: ImplicitMeta 245 | # Rule: "MAJORITY Admins" 246 | # # BlockValidation specifies what signatures must be included in the block 247 | # # from the orderer for the peer to validate it. 248 | # BlockValidation: 249 | # Type: ImplicitMeta 250 | # Rule: "ANY Writers" 251 | 252 | # Capabilities describes the orderer level capabilities, see the 253 | # dedicated Capabilities section elsewhere in this file for a full 254 | # description 255 | Capabilities: 256 | <<: *OrdererCapabilities 257 | 258 | ################################################################################ 259 | # 260 | # CHANNEL 261 | # 262 | # This section defines the values to encode into a config transaction or 263 | # genesis block for channel related parameters. 264 | # 265 | ################################################################################ 266 | Channel: &ChannelDefaults 267 | # Policies defines the set of policies at this level of the config tree 268 | # For Channel policies, their canonical path is 269 | # /Channel/ 270 | # Policies: 271 | # # Who may invoke the 'Deliver' API 272 | # Readers: 273 | # Type: ImplicitMeta 274 | # Rule: "ANY Readers" 275 | # # Who may invoke the 'Broadcast' API 276 | # Writers: 277 | # Type: ImplicitMeta 278 | # Rule: "ANY Writers" 279 | # # By default, who may modify elements at this config level 280 | # Admins: 281 | # Type: ImplicitMeta 282 | # Rule: "MAJORITY Admins" 283 | 284 | # Capabilities describes the channel level capabilities, see the 285 | # dedicated Capabilities section elsewhere in this file for a full 286 | # description 287 | Capabilities: 288 | <<: *ChannelCapabilities 289 | 290 | ################################################################################ 291 | # 292 | # Profile 293 | # 294 | # - Different configuration profiles may be encoded here to be specified 295 | # as parameters to the configtxgen tool 296 | # 297 | ################################################################################ 298 | Profiles: 299 | 300 | OrdererGenesis: 301 | <<: *ChannelDefaults 302 | Orderer: 303 | <<: *OrdererDefaults 304 | Organizations: 305 | - *AreteOrderer 306 | 307 | Consortiums: 308 | TheConsortium: 309 | Organizations: 310 | - *AreteCorporate 311 | - *ABCVendor 312 | 313 | SecondConsortium: 314 | Organizations: 315 | - *AreteCorporate 316 | 317 | common: 318 | Consortium: TheConsortium 319 | <<: *ChannelDefaults 320 | Application: 321 | <<: *ApplicationDefaults 322 | Organizations: 323 | - *AreteCorporate 324 | - *ABCVendor 325 | 326 | private-arete: 327 | Consortium: TheConsortium 328 | <<: *ChannelDefaults 329 | Application: 330 | <<: *ApplicationDefaults 331 | Organizations: 332 | - *AreteCorporate 333 | 334 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple-persistent/crypto-config.yaml: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------- 2 | # "OrdererOrgs" - Definition of organizations managing orderer nodes 3 | # --------------------------------------------------------------------------- 4 | OrdererOrgs: 5 | # --------------------------------------------------------------------------- 6 | # Orderer 7 | # --------------------------------------------------------------------------- 8 | - Name: AreteOrderer 9 | Domain: arete.com 10 | Specs: 11 | - Hostname: orderer0 12 | # --------------------------------------------------------------------------- 13 | # "PeerOrgs" - Definition of organizations managing peer nodes 14 | # --------------------------------------------------------------------------- 15 | PeerOrgs: 16 | - Name: AreteCorporate 17 | Domain: corporate.arete.com 18 | EnableNodeOUs: true 19 | Template: 20 | Count: 2 21 | Users: 22 | Count: 1 23 | 24 | - Name: ABCVendor 25 | Domain: vendor.abc.com 26 | EnableNodeOUs: true 27 | Template: 28 | Count: 1 29 | Users: 30 | Count: 1 31 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple-persistent/network.yaml: -------------------------------------------------------------------------------- 1 | network: 2 | # used by init script to create genesis block and by peer-org-flow to parse consortiums 3 | genesisProfile: OrdererGenesis 4 | # used by init script to create genesis block 5 | systemChannelID: aretechainid 6 | 7 | # defines which organizations will join to which channels 8 | channels: 9 | - name: common 10 | # all peers in these organizations will join the channel 11 | orgs: [AreteCorporate, ABCVendor] 12 | - name: private-arete 13 | # all peers in these organizations will join the channel 14 | orgs: [AreteCorporate] 15 | 16 | # defines which chaincodes will be installed to which organizations 17 | chaincodes: 18 | - name: very-simple 19 | # if defined, this will override the global chaincode.version value 20 | version: # "2.0" 21 | # chaincode will be installed to all peers in these organizations 22 | orgs: [AreteCorporate, ABCVendor] 23 | # at which channels are we instantiating/upgrading chaincode? 24 | channels: 25 | - name: common 26 | # chaincode will be instantiated/upgraded using the first peer in the first organization 27 | # chaincode will be invoked on all peers in these organizations 28 | orgs: [AreteCorporate, ABCVendor] 29 | policy: OR('AreteCorporateMSP.member','ABCVendorMSP.member') 30 | 31 | - name: even-simpler 32 | orgs: [AreteCorporate] 33 | channels: 34 | - name: private-arete 35 | orgs: [AreteCorporate] 36 | policy: OR('AreteCorporateMSP.member') 37 | 38 | 39 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple-persistent/values.yaml: -------------------------------------------------------------------------------- 1 | peer: 2 | persistence: 3 | enabled: true 4 | 5 | orderer: 6 | persistence: 7 | enabled: true 8 | 9 | couchdb: 10 | persistence: 11 | enabled: true 12 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple-persistent/vault.yaml: -------------------------------------------------------------------------------- 1 | vault: 2 | type: pvc 3 | pvc: 4 | storageClass: azurefile 5 | size: 1Gi 6 | 7 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple/.gitignore: -------------------------------------------------------------------------------- 1 | crypto-config/ 2 | channel-artifacts/ -------------------------------------------------------------------------------- /fabric-kube/samples/simple/configtx-original.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | ################################################################################ 4 | # 5 | # Section: Organizations 6 | # 7 | # - This section defines the different organizational identities which will 8 | # be referenced later in the configuration. 9 | # 10 | ################################################################################ 11 | Organizations: 12 | 13 | # SampleOrg defines an MSP using the sampleconfig. It should never be used 14 | # in production but may be used as a template for other definitions 15 | - &AreteOrderer 16 | # DefaultOrg defines the organization which is used in the sampleconfig 17 | # of the fabric.git development environment 18 | Name: AreteOrdererMSP 19 | 20 | # ID to load the MSP definition as 21 | ID: AreteOrdererMSP 22 | 23 | # MSPDir is the filesystem path which contains the MSP configuration 24 | MSPDir: /hlf-data/orgs/areteorderer/msp 25 | 26 | # Policies defines the set of policies at this level of the config tree 27 | # For organization policies, their canonical path is usually 28 | # /Channel/// 29 | Policies: 30 | Readers: 31 | Type: Signature 32 | Rule: "OR('AreteOrdererMSP.member')" 33 | Writers: 34 | Type: Signature 35 | Rule: "OR('AreteOrdererMSP.member')" 36 | Admins: 37 | Type: Signature 38 | Rule: "OR('AreteOrdererMSP.admin')" 39 | 40 | - &AreteCorporate 41 | # DefaultOrg defines the organization which is used in the sampleconfig 42 | # of the fabric.git development environment 43 | Name: AreteCorporateMSP 44 | 45 | # ID to load the MSP definition as 46 | ID: AreteCorporateMSP 47 | 48 | MSPDir: /hlf-data/orgs/aretecorporate/msp 49 | 50 | # Policies defines the set of policies at this level of the config tree 51 | # For organization policies, their canonical path is usually 52 | # /Channel/// 53 | Policies: 54 | Readers: 55 | Type: Signature 56 | Rule: "OR('AreteCorporateMSP.admin', 'AreteCorporateMSP.peer', 'AreteCorporateMSP.client')" 57 | Writers: 58 | Type: Signature 59 | Rule: "OR('AreteCorporateMSP.admin', 'AreteCorporateMSP.client')" 60 | Admins: 61 | Type: Signature 62 | Rule: "OR('AreteCorporateMSP.admin')" 63 | 64 | AnchorPeers: 65 | # AnchorPeers defines the location of peers which can be used 66 | # for cross org gossip communication. Note, this value is only 67 | # encoded in the genesis block in the Application section context 68 | - Host: hlf-peer--aretecorporate--peer0 69 | Port: 7051 70 | 71 | - &ABCVendor 72 | # DefaultOrg defines the organization which is used in the sampleconfig 73 | # of the fabric.git development environment 74 | Name: ABCVendorMSP 75 | 76 | # ID to load the MSP definition as 77 | ID: ABCVendorMSP 78 | 79 | MSPDir: /hlf-data/orgs/abcvendor/msp 80 | 81 | # Policies defines the set of policies at this level of the config tree 82 | # For organization policies, their canonical path is usually 83 | # /Channel/// 84 | Policies: 85 | Readers: 86 | Type: Signature 87 | Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.peer', 'ABCVendorMSP.client')" 88 | Writers: 89 | Type: Signature 90 | Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.client')" 91 | Admins: 92 | Type: Signature 93 | Rule: "OR('ABCVendorMSP.admin')" 94 | 95 | AnchorPeers: 96 | # AnchorPeers defines the location of peers which can be used 97 | # for cross org gossip communication. Note, this value is only 98 | # encoded in the genesis block in the Application section context 99 | - Host: hlf-peer--abcvendor--peer0 100 | Port: 7051 101 | 102 | 103 | ################################################################################ 104 | # 105 | # SECTION: Capabilities 106 | # 107 | # - This section defines the capabilities of fabric network. This is a new 108 | # concept as of v1.1.0 and should not be utilized in mixed networks with 109 | # v1.0.x peers and orderers. Capabilities define features which must be 110 | # present in a fabric binary for that binary to safely participate in the 111 | # fabric network. For instance, if a new MSP type is added, newer binaries 112 | # might recognize and validate the signatures from this type, while older 113 | # binaries without this support would be unable to validate those 114 | # transactions. This could lead to different versions of the fabric binaries 115 | # having different world states. Instead, defining a capability for a channel 116 | # informs those binaries without this capability that they must cease 117 | # processing transactions until they have been upgraded. For v1.0.x if any 118 | # capabilities are defined (including a map with all capabilities turned off) 119 | # then the v1.0.x peer will deliberately crash. 120 | # 121 | ################################################################################ 122 | Capabilities: 123 | # Channel capabilities apply to both the orderers and the peers and must be 124 | # supported by both. 125 | # Set the value of the capability to true to require it. 126 | Channel: &ChannelCapabilities 127 | # V1.4.2 for Channel is a catchall flag for behavior which has been 128 | # determined to be desired for all orderers and peers running at the v1.4.2 129 | # level, but which would be incompatible with orderers and peers from 130 | # prior releases. 131 | # Prior to enabling V1.4.2 channel capabilities, ensure that all 132 | # orderers and peers on a channel are at v1.4.2 or later. 133 | V1_4_2: true 134 | V1_3: false 135 | V1_1: false 136 | # Orderer capabilities apply only to the orderers, and may be safely 137 | # manipulated without concern for upgrading peers. Set the value of the 138 | # capability to true to require it. 139 | Orderer: &OrdererCapabilities 140 | # V1.1 for Order is a catchall flag for behavior which has been 141 | # determined to be desired for all orderers running v1.0.x, but the 142 | # modification of which would cause incompatibilities. Users should 143 | # leave this flag set to true. 144 | V1_4_2: true 145 | V1_1: false 146 | 147 | # Application capabilities apply only to the peer network, and may be safely 148 | # manipulated without concern for upgrading orderers. Set the value of the 149 | # capability to true to require it. 150 | Application: &ApplicationCapabilities 151 | # V1.2 for Application is a catchall flag for behavior which has been 152 | # determined to be desired for all peers running v1.0.x, but the 153 | # modification of which would cause incompatibilities. Users should 154 | # leave this flag set to true. 155 | V1_4_2: true 156 | V1_3: false 157 | V1_2: false 158 | V1_1: false 159 | 160 | ################################################################################ 161 | # 162 | # APPLICATION 163 | # 164 | # This section defines the values to encode into a config transaction or 165 | # genesis block for application-related parameters. 166 | # 167 | ################################################################################ 168 | Application: &ApplicationDefaults 169 | 170 | # Organizations lists the orgs participating on the application side of the 171 | # network. 172 | Organizations: 173 | 174 | # Policies defines the set of policies at this level of the config tree 175 | # For Application policies, their canonical path is 176 | # /Channel/Application/ 177 | Policies: 178 | Readers: 179 | Type: ImplicitMeta 180 | Rule: "ANY Readers" 181 | Writers: 182 | Type: ImplicitMeta 183 | Rule: "ANY Writers" 184 | Admins: 185 | Type: ImplicitMeta 186 | Rule: "MAJORITY Admins" 187 | 188 | # Capabilities describes the application level capabilities, see the 189 | # dedicated Capabilities section elsewhere in this file for a full 190 | # description 191 | Capabilities: 192 | <<: *ApplicationCapabilities 193 | 194 | ################################################################################ 195 | # 196 | # SECTION: Orderer 197 | # 198 | # - This section defines the values to encode into a config transaction or 199 | # genesis block for orderer related parameters 200 | # 201 | ################################################################################ 202 | Orderer: &OrdererDefaults 203 | 204 | # Orderer Type: The orderer implementation to start 205 | # Available types are "solo" and "kafka" 206 | OrdererType: solo 207 | 208 | Addresses: 209 | - hlf-orderer--areteorderer--orderer0:7050 210 | 211 | # Batch Timeout: The amount of time to wait before creating a batch 212 | BatchTimeout: 1s 213 | 214 | # Batch Size: Controls the number of messages batched into a block 215 | BatchSize: 216 | 217 | # Max Message Count: The maximum number of messages to permit in a batch 218 | MaxMessageCount: 5 219 | 220 | # Absolute Max Bytes: The absolute maximum number of bytes allowed for 221 | # the serialized messages in a batch. 222 | AbsoluteMaxBytes: 98 MB 223 | 224 | # Preferred Max Bytes: The preferred maximum number of bytes allowed for 225 | # the serialized messages in a batch. A message larger than the preferred 226 | # max bytes will result in a batch larger than preferred max bytes. 227 | PreferredMaxBytes: 1024 KB 228 | 229 | # Organizations is the list of orgs which are defined as participants on 230 | # the orderer side of the network 231 | Organizations: 232 | 233 | # Policies defines the set of policies at this level of the config tree 234 | # For Orderer policies, their canonical path is 235 | # /Channel/Orderer/ 236 | Policies: 237 | Readers: 238 | Type: ImplicitMeta 239 | Rule: "ANY Readers" 240 | Writers: 241 | Type: ImplicitMeta 242 | Rule: "ANY Writers" 243 | Admins: 244 | Type: ImplicitMeta 245 | Rule: "MAJORITY Admins" 246 | # BlockValidation specifies what signatures must be included in the block 247 | # from the orderer for the peer to validate it. 248 | BlockValidation: 249 | Type: ImplicitMeta 250 | Rule: "ANY Writers" 251 | 252 | # Capabilities describes the orderer level capabilities, see the 253 | # dedicated Capabilities section elsewhere in this file for a full 254 | # description 255 | Capabilities: 256 | <<: *OrdererCapabilities 257 | 258 | ################################################################################ 259 | # 260 | # CHANNEL 261 | # 262 | # This section defines the values to encode into a config transaction or 263 | # genesis block for channel related parameters. 264 | # 265 | ################################################################################ 266 | Channel: &ChannelDefaults 267 | # Policies defines the set of policies at this level of the config tree 268 | # For Channel policies, their canonical path is 269 | # /Channel/ 270 | Policies: 271 | # Who may invoke the 'Deliver' API 272 | Readers: 273 | Type: ImplicitMeta 274 | Rule: "ANY Readers" 275 | # Who may invoke the 'Broadcast' API 276 | Writers: 277 | Type: ImplicitMeta 278 | Rule: "ANY Writers" 279 | # By default, who may modify elements at this config level 280 | Admins: 281 | Type: ImplicitMeta 282 | Rule: "MAJORITY Admins" 283 | 284 | # Capabilities describes the channel level capabilities, see the 285 | # dedicated Capabilities section elsewhere in this file for a full 286 | # description 287 | Capabilities: 288 | <<: *ChannelCapabilities 289 | 290 | ################################################################################ 291 | # 292 | # Profile 293 | # 294 | # - Different configuration profiles may be encoded here to be specified 295 | # as parameters to the configtxgen tool 296 | # 297 | ################################################################################ 298 | Profiles: 299 | 300 | OrdererGenesis: 301 | <<: *ChannelDefaults 302 | Orderer: 303 | <<: *OrdererDefaults 304 | Organizations: 305 | - *AreteOrderer 306 | 307 | Consortiums: 308 | TheConsortium: 309 | Organizations: 310 | - *AreteCorporate 311 | - *ABCVendor 312 | 313 | SecondConsortium: 314 | Organizations: 315 | - *AreteCorporate 316 | 317 | common: 318 | Consortium: TheConsortium 319 | <<: *ChannelDefaults 320 | Application: 321 | <<: *ApplicationDefaults 322 | Organizations: 323 | - *AreteCorporate 324 | - *ABCVendor 325 | 326 | private-arete: 327 | Consortium: TheConsortium 328 | <<: *ChannelDefaults 329 | Application: 330 | <<: *ApplicationDefaults 331 | Organizations: 332 | - *AreteCorporate 333 | 334 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple/configtx.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | ################################################################################ 4 | # 5 | # Section: Organizations 6 | # 7 | # - This section defines the different organizational identities which will 8 | # be referenced later in the configuration. 9 | # 10 | ################################################################################ 11 | Organizations: 12 | 13 | # SampleOrg defines an MSP using the sampleconfig. It should never be used 14 | # in production but may be used as a template for other definitions 15 | - &AreteOrderer 16 | # DefaultOrg defines the organization which is used in the sampleconfig 17 | # of the fabric.git development environment 18 | Name: AreteOrdererMSP 19 | 20 | # ID to load the MSP definition as 21 | ID: AreteOrdererMSP 22 | 23 | # MSPDir is the filesystem path which contains the MSP configuration 24 | MSPDir: /hlf-orderer--areteorderer/msp 25 | 26 | # Policies defines the set of policies at this level of the config tree 27 | # For organization policies, their canonical path is usually 28 | # /Channel/// 29 | # Policies: 30 | # Readers: 31 | # Type: Signature 32 | # Rule: "OR('AreteOrdererMSP.member')" 33 | # Writers: 34 | # Type: Signature 35 | # Rule: "OR('AreteOrdererMSP.member')" 36 | # Admins: 37 | # Type: Signature 38 | # Rule: "OR('AreteOrdererMSP.admin')" 39 | 40 | - &AreteCorporate 41 | # DefaultOrg defines the organization which is used in the sampleconfig 42 | # of the fabric.git development environment 43 | Name: AreteCorporateMSP 44 | 45 | # ID to load the MSP definition as 46 | ID: AreteCorporateMSP 47 | 48 | MSPDir: /hlf-peer-org--aretecorporate/msp 49 | 50 | # Policies defines the set of policies at this level of the config tree 51 | # For organization policies, their canonical path is usually 52 | # /Channel/// 53 | # Policies: 54 | # Readers: 55 | # Type: Signature 56 | # Rule: "OR('AreteCorporateMSP.admin', 'AreteCorporateMSP.peer', 'AreteCorporateMSP.client')" 57 | # Writers: 58 | # Type: Signature 59 | # Rule: "OR('AreteCorporateMSP.admin', 'AreteCorporateMSP.client')" 60 | # Admins: 61 | # Type: Signature 62 | # Rule: "OR('AreteCorporateMSP.admin')" 63 | 64 | AnchorPeers: 65 | # AnchorPeers defines the location of peers which can be used 66 | # for cross org gossip communication. Note, this value is only 67 | # encoded in the genesis block in the Application section context 68 | - Host: hlf-peer--aretecorporate--peer0 69 | Port: 7051 70 | 71 | - &ABCVendor 72 | # DefaultOrg defines the organization which is used in the sampleconfig 73 | # of the fabric.git development environment 74 | Name: ABCVendorMSP 75 | 76 | # ID to load the MSP definition as 77 | ID: ABCVendorMSP 78 | 79 | MSPDir: /hlf-peer-org--abcvendor/msp 80 | 81 | # Policies defines the set of policies at this level of the config tree 82 | # For organization policies, their canonical path is usually 83 | # /Channel/// 84 | # Policies: 85 | # Readers: 86 | # Type: Signature 87 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.peer', 'ABCVendorMSP.client')" 88 | # Writers: 89 | # Type: Signature 90 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.client')" 91 | # Admins: 92 | # Type: Signature 93 | # Rule: "OR('ABCVendorMSP.admin')" 94 | 95 | AnchorPeers: 96 | # AnchorPeers defines the location of peers which can be used 97 | # for cross org gossip communication. Note, this value is only 98 | # encoded in the genesis block in the Application section context 99 | - Host: hlf-peer--abcvendor--peer0 100 | Port: 7051 101 | 102 | 103 | ################################################################################ 104 | # 105 | # SECTION: Capabilities 106 | # 107 | # - This section defines the capabilities of fabric network. This is a new 108 | # concept as of v1.1.0 and should not be utilized in mixed networks with 109 | # v1.0.x peers and orderers. Capabilities define features which must be 110 | # present in a fabric binary for that binary to safely participate in the 111 | # fabric network. For instance, if a new MSP type is added, newer binaries 112 | # might recognize and validate the signatures from this type, while older 113 | # binaries without this support would be unable to validate those 114 | # transactions. This could lead to different versions of the fabric binaries 115 | # having different world states. Instead, defining a capability for a channel 116 | # informs those binaries without this capability that they must cease 117 | # processing transactions until they have been upgraded. For v1.0.x if any 118 | # capabilities are defined (including a map with all capabilities turned off) 119 | # then the v1.0.x peer will deliberately crash. 120 | # 121 | ################################################################################ 122 | Capabilities: 123 | # Channel capabilities apply to both the orderers and the peers and must be 124 | # supported by both. 125 | # Set the value of the capability to true to require it. 126 | Channel: &ChannelCapabilities 127 | # V1.4.2 for Channel is a catchall flag for behavior which has been 128 | # determined to be desired for all orderers and peers running at the v1.4.2 129 | # level, but which would be incompatible with orderers and peers from 130 | # prior releases. 131 | # Prior to enabling V1.4.2 channel capabilities, ensure that all 132 | # orderers and peers on a channel are at v1.4.2 or later. 133 | V1_4_2: true 134 | V1_3: false 135 | V1_1: false 136 | # Orderer capabilities apply only to the orderers, and may be safely 137 | # manipulated without concern for upgrading peers. Set the value of the 138 | # capability to true to require it. 139 | Orderer: &OrdererCapabilities 140 | # V1.1 for Order is a catchall flag for behavior which has been 141 | # determined to be desired for all orderers running v1.0.x, but the 142 | # modification of which would cause incompatibilities. Users should 143 | # leave this flag set to true. 144 | V1_4_2: true 145 | V1_1: false 146 | 147 | # Application capabilities apply only to the peer network, and may be safely 148 | # manipulated without concern for upgrading orderers. Set the value of the 149 | # capability to true to require it. 150 | Application: &ApplicationCapabilities 151 | # V1.2 for Application is a catchall flag for behavior which has been 152 | # determined to be desired for all peers running v1.0.x, but the 153 | # modification of which would cause incompatibilities. Users should 154 | # leave this flag set to true. 155 | V1_4_2: true 156 | V1_3: false 157 | V1_2: false 158 | V1_1: false 159 | 160 | ################################################################################ 161 | # 162 | # APPLICATION 163 | # 164 | # This section defines the values to encode into a config transaction or 165 | # genesis block for application-related parameters. 166 | # 167 | ################################################################################ 168 | Application: &ApplicationDefaults 169 | 170 | # Organizations lists the orgs participating on the application side of the 171 | # network. 172 | Organizations: 173 | 174 | # Policies defines the set of policies at this level of the config tree 175 | # For Application policies, their canonical path is 176 | # /Channel/Application/ 177 | # Policies: 178 | # Readers: 179 | # Type: ImplicitMeta 180 | # Rule: "ANY Readers" 181 | # Writers: 182 | # Type: ImplicitMeta 183 | # Rule: "ANY Writers" 184 | # Admins: 185 | # Type: ImplicitMeta 186 | # Rule: "MAJORITY Admins" 187 | 188 | # Capabilities describes the application level capabilities, see the 189 | # dedicated Capabilities section elsewhere in this file for a full 190 | # description 191 | Capabilities: 192 | <<: *ApplicationCapabilities 193 | 194 | ################################################################################ 195 | # 196 | # SECTION: Orderer 197 | # 198 | # - This section defines the values to encode into a config transaction or 199 | # genesis block for orderer related parameters 200 | # 201 | ################################################################################ 202 | Orderer: &OrdererDefaults 203 | 204 | # Orderer Type: The orderer implementation to start 205 | # Available types are "solo" and "kafka" 206 | OrdererType: solo 207 | 208 | Addresses: 209 | - hlf-orderer--areteorderer--orderer0:7050 210 | 211 | # Batch Timeout: The amount of time to wait before creating a batch 212 | BatchTimeout: 1s 213 | 214 | # Batch Size: Controls the number of messages batched into a block 215 | BatchSize: 216 | 217 | # Max Message Count: The maximum number of messages to permit in a batch 218 | MaxMessageCount: 5 219 | 220 | # Absolute Max Bytes: The absolute maximum number of bytes allowed for 221 | # the serialized messages in a batch. 222 | AbsoluteMaxBytes: 98 MB 223 | 224 | # Preferred Max Bytes: The preferred maximum number of bytes allowed for 225 | # the serialized messages in a batch. A message larger than the preferred 226 | # max bytes will result in a batch larger than preferred max bytes. 227 | PreferredMaxBytes: 1024 KB 228 | 229 | # Organizations is the list of orgs which are defined as participants on 230 | # the orderer side of the network 231 | Organizations: 232 | 233 | # Policies defines the set of policies at this level of the config tree 234 | # For Orderer policies, their canonical path is 235 | # /Channel/Orderer/ 236 | # Policies: 237 | # Readers: 238 | # Type: ImplicitMeta 239 | # Rule: "ANY Readers" 240 | # Writers: 241 | # Type: ImplicitMeta 242 | # Rule: "ANY Writers" 243 | # Admins: 244 | # Type: ImplicitMeta 245 | # Rule: "MAJORITY Admins" 246 | # # BlockValidation specifies what signatures must be included in the block 247 | # # from the orderer for the peer to validate it. 248 | # BlockValidation: 249 | # Type: ImplicitMeta 250 | # Rule: "ANY Writers" 251 | 252 | # Capabilities describes the orderer level capabilities, see the 253 | # dedicated Capabilities section elsewhere in this file for a full 254 | # description 255 | Capabilities: 256 | <<: *OrdererCapabilities 257 | 258 | ################################################################################ 259 | # 260 | # CHANNEL 261 | # 262 | # This section defines the values to encode into a config transaction or 263 | # genesis block for channel related parameters. 264 | # 265 | ################################################################################ 266 | Channel: &ChannelDefaults 267 | # Policies defines the set of policies at this level of the config tree 268 | # For Channel policies, their canonical path is 269 | # /Channel/ 270 | # Policies: 271 | # # Who may invoke the 'Deliver' API 272 | # Readers: 273 | # Type: ImplicitMeta 274 | # Rule: "ANY Readers" 275 | # # Who may invoke the 'Broadcast' API 276 | # Writers: 277 | # Type: ImplicitMeta 278 | # Rule: "ANY Writers" 279 | # # By default, who may modify elements at this config level 280 | # Admins: 281 | # Type: ImplicitMeta 282 | # Rule: "MAJORITY Admins" 283 | 284 | # Capabilities describes the channel level capabilities, see the 285 | # dedicated Capabilities section elsewhere in this file for a full 286 | # description 287 | Capabilities: 288 | <<: *ChannelCapabilities 289 | 290 | ################################################################################ 291 | # 292 | # Profile 293 | # 294 | # - Different configuration profiles may be encoded here to be specified 295 | # as parameters to the configtxgen tool 296 | # 297 | ################################################################################ 298 | Profiles: 299 | 300 | OrdererGenesis: 301 | <<: *ChannelDefaults 302 | Orderer: 303 | <<: *OrdererDefaults 304 | Organizations: 305 | - *AreteOrderer 306 | 307 | Consortiums: 308 | TheConsortium: 309 | Organizations: 310 | - *AreteCorporate 311 | - *ABCVendor 312 | 313 | SecondConsortium: 314 | Organizations: 315 | - *AreteCorporate 316 | 317 | common: 318 | Consortium: TheConsortium 319 | <<: *ChannelDefaults 320 | Application: 321 | <<: *ApplicationDefaults 322 | Organizations: 323 | - *AreteCorporate 324 | - *ABCVendor 325 | 326 | private-arete: 327 | Consortium: TheConsortium 328 | <<: *ChannelDefaults 329 | Application: 330 | <<: *ApplicationDefaults 331 | Organizations: 332 | - *AreteCorporate 333 | 334 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple/crypto-config.yaml: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------- 2 | # "OrdererOrgs" - Definition of organizations managing orderer nodes 3 | # --------------------------------------------------------------------------- 4 | OrdererOrgs: 5 | # --------------------------------------------------------------------------- 6 | # Orderer 7 | # --------------------------------------------------------------------------- 8 | - Name: AreteOrderer 9 | Domain: arete.com 10 | Specs: 11 | - Hostname: orderer0 12 | # --------------------------------------------------------------------------- 13 | # "PeerOrgs" - Definition of organizations managing peer nodes 14 | # --------------------------------------------------------------------------- 15 | PeerOrgs: 16 | - Name: AreteCorporate 17 | Domain: corporate.arete.com 18 | EnableNodeOUs: true 19 | Template: 20 | Count: 2 21 | Users: 22 | Count: 1 23 | 24 | - Name: ABCVendor 25 | Domain: vendor.abc.com 26 | EnableNodeOUs: true 27 | Template: 28 | Count: 1 29 | Users: 30 | Count: 1 31 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple/extended/configtx.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | ################################################################################ 4 | # 5 | # Section: Organizations 6 | # 7 | # - This section defines the different organizational identities which will 8 | # be referenced later in the configuration. 9 | # 10 | ################################################################################ 11 | Organizations: 12 | 13 | # SampleOrg defines an MSP using the sampleconfig. It should never be used 14 | # in production but may be used as a template for other definitions 15 | - &AreteOrderer 16 | # DefaultOrg defines the organization which is used in the sampleconfig 17 | # of the fabric.git development environment 18 | Name: AreteOrdererMSP 19 | 20 | # ID to load the MSP definition as 21 | ID: AreteOrdererMSP 22 | 23 | # MSPDir is the filesystem path which contains the MSP configuration 24 | MSPDir: /hlf-orderer--areteorderer/msp 25 | 26 | # Policies defines the set of policies at this level of the config tree 27 | # For organization policies, their canonical path is usually 28 | # /Channel/// 29 | # Policies: 30 | # Readers: 31 | # Type: Signature 32 | # Rule: "OR('AreteOrdererMSP.member')" 33 | # Writers: 34 | # Type: Signature 35 | # Rule: "OR('AreteOrdererMSP.member')" 36 | # Admins: 37 | # Type: Signature 38 | # Rule: "OR('AreteOrdererMSP.admin')" 39 | 40 | - &AreteCorporate 41 | # DefaultOrg defines the organization which is used in the sampleconfig 42 | # of the fabric.git development environment 43 | Name: AreteCorporateMSP 44 | 45 | # ID to load the MSP definition as 46 | ID: AreteCorporateMSP 47 | 48 | MSPDir: /hlf-peer-org--aretecorporate/msp 49 | 50 | # Policies defines the set of policies at this level of the config tree 51 | # For organization policies, their canonical path is usually 52 | # /Channel/// 53 | # Policies: 54 | # Readers: 55 | # Type: Signature 56 | # Rule: "OR('AreteCorporateMSP.admin', 'AreteCorporateMSP.peer', 'AreteCorporateMSP.client')" 57 | # Writers: 58 | # Type: Signature 59 | # Rule: "OR('AreteCorporateMSP.admin', 'AreteCorporateMSP.client')" 60 | # Admins: 61 | # Type: Signature 62 | # Rule: "OR('AreteCorporateMSP.admin')" 63 | 64 | AnchorPeers: 65 | # AnchorPeers defines the location of peers which can be used 66 | # for cross org gossip communication. Note, this value is only 67 | # encoded in the genesis block in the Application section context 68 | - Host: hlf-peer--aretecorporate--peer0 69 | Port: 7051 70 | 71 | - &ABCVendor 72 | # DefaultOrg defines the organization which is used in the sampleconfig 73 | # of the fabric.git development environment 74 | Name: ABCVendorMSP 75 | 76 | # ID to load the MSP definition as 77 | ID: ABCVendorMSP 78 | 79 | MSPDir: /hlf-peer-org--abcvendor/msp 80 | 81 | # Policies defines the set of policies at this level of the config tree 82 | # For organization policies, their canonical path is usually 83 | # /Channel/// 84 | # Policies: 85 | # Readers: 86 | # Type: Signature 87 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.peer', 'ABCVendorMSP.client')" 88 | # Writers: 89 | # Type: Signature 90 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.client')" 91 | # Admins: 92 | # Type: Signature 93 | # Rule: "OR('ABCVendorMSP.admin')" 94 | 95 | AnchorPeers: 96 | # AnchorPeers defines the location of peers which can be used 97 | # for cross org gossip communication. Note, this value is only 98 | # encoded in the genesis block in the Application section context 99 | - Host: hlf-peer--abcvendor--peer0 100 | Port: 7051 101 | 102 | - &DEFVendor 103 | # DefaultOrg defines the organization which is used in the sampleconfig 104 | # of the fabric.git development environment 105 | Name: DEFVendorMSP 106 | 107 | # ID to load the MSP definition as 108 | ID: DEFVendorMSP 109 | 110 | MSPDir: /hlf-peer-org--defvendor/msp 111 | 112 | # Policies defines the set of policies at this level of the config tree 113 | # For organization policies, their canonical path is usually 114 | # /Channel/// 115 | # Policies: 116 | # Readers: 117 | # Type: Signature 118 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.peer', 'ABCVendorMSP.client')" 119 | # Writers: 120 | # Type: Signature 121 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.client')" 122 | # Admins: 123 | # Type: Signature 124 | # Rule: "OR('ABCVendorMSP.admin')" 125 | 126 | AnchorPeers: 127 | # AnchorPeers defines the location of peers which can be used 128 | # for cross org gossip communication. Note, this value is only 129 | # encoded in the genesis block in the Application section context 130 | - Host: hlf-peer--defvendor--peer0 131 | Port: 7051 132 | 133 | - &XYZVendor 134 | # DefaultOrg defines the organization which is used in the sampleconfig 135 | # of the fabric.git development environment 136 | Name: XYZVendorMSP 137 | 138 | # ID to load the MSP definition as 139 | ID: XYZVendorMSP 140 | 141 | MSPDir: /hlf-peer-org--xyzvendor/msp 142 | 143 | # Policies defines the set of policies at this level of the config tree 144 | # For organization policies, their canonical path is usually 145 | # /Channel/// 146 | # Policies: 147 | # Readers: 148 | # Type: Signature 149 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.peer', 'ABCVendorMSP.client')" 150 | # Writers: 151 | # Type: Signature 152 | # Rule: "OR('ABCVendorMSP.admin', 'ABCVendorMSP.client')" 153 | # Admins: 154 | # Type: Signature 155 | # Rule: "OR('ABCVendorMSP.admin')" 156 | 157 | AnchorPeers: 158 | # AnchorPeers defines the location of peers which can be used 159 | # for cross org gossip communication. Note, this value is only 160 | # encoded in the genesis block in the Application section context 161 | - Host: hlf-peer--xyzvendor--peer0 162 | Port: 7051 163 | 164 | ################################################################################ 165 | # 166 | # SECTION: Capabilities 167 | # 168 | # - This section defines the capabilities of fabric network. This is a new 169 | # concept as of v1.1.0 and should not be utilized in mixed networks with 170 | # v1.0.x peers and orderers. Capabilities define features which must be 171 | # present in a fabric binary for that binary to safely participate in the 172 | # fabric network. For instance, if a new MSP type is added, newer binaries 173 | # might recognize and validate the signatures from this type, while older 174 | # binaries without this support would be unable to validate those 175 | # transactions. This could lead to different versions of the fabric binaries 176 | # having different world states. Instead, defining a capability for a channel 177 | # informs those binaries without this capability that they must cease 178 | # processing transactions until they have been upgraded. For v1.0.x if any 179 | # capabilities are defined (including a map with all capabilities turned off) 180 | # then the v1.0.x peer will deliberately crash. 181 | # 182 | ################################################################################ 183 | Capabilities: 184 | # Channel capabilities apply to both the orderers and the peers and must be 185 | # supported by both. 186 | # Set the value of the capability to true to require it. 187 | Channel: &ChannelCapabilities 188 | # V1.4.2 for Channel is a catchall flag for behavior which has been 189 | # determined to be desired for all orderers and peers running at the v1.4.2 190 | # level, but which would be incompatible with orderers and peers from 191 | # prior releases. 192 | # Prior to enabling V1.4.2 channel capabilities, ensure that all 193 | # orderers and peers on a channel are at v1.4.2 or later. 194 | V1_4_2: true 195 | V1_3: false 196 | V1_1: false 197 | # Orderer capabilities apply only to the orderers, and may be safely 198 | # manipulated without concern for upgrading peers. Set the value of the 199 | # capability to true to require it. 200 | Orderer: &OrdererCapabilities 201 | # V1.1 for Order is a catchall flag for behavior which has been 202 | # determined to be desired for all orderers running v1.0.x, but the 203 | # modification of which would cause incompatibilities. Users should 204 | # leave this flag set to true. 205 | V1_4_2: true 206 | V1_1: false 207 | 208 | # Application capabilities apply only to the peer network, and may be safely 209 | # manipulated without concern for upgrading orderers. Set the value of the 210 | # capability to true to require it. 211 | Application: &ApplicationCapabilities 212 | # V1.2 for Application is a catchall flag for behavior which has been 213 | # determined to be desired for all peers running v1.0.x, but the 214 | # modification of which would cause incompatibilities. Users should 215 | # leave this flag set to true. 216 | V1_4_2: true 217 | V1_3: false 218 | V1_2: false 219 | V1_1: false 220 | 221 | ################################################################################ 222 | # 223 | # APPLICATION 224 | # 225 | # This section defines the values to encode into a config transaction or 226 | # genesis block for application-related parameters. 227 | # 228 | ################################################################################ 229 | Application: &ApplicationDefaults 230 | 231 | # Organizations lists the orgs participating on the application side of the 232 | # network. 233 | Organizations: 234 | 235 | # Policies defines the set of policies at this level of the config tree 236 | # For Application policies, their canonical path is 237 | # /Channel/Application/ 238 | # Policies: 239 | # Readers: 240 | # Type: ImplicitMeta 241 | # Rule: "ANY Readers" 242 | # Writers: 243 | # Type: ImplicitMeta 244 | # Rule: "ANY Writers" 245 | # Admins: 246 | # Type: ImplicitMeta 247 | # Rule: "MAJORITY Admins" 248 | 249 | # Capabilities describes the application level capabilities, see the 250 | # dedicated Capabilities section elsewhere in this file for a full 251 | # description 252 | Capabilities: 253 | <<: *ApplicationCapabilities 254 | 255 | ################################################################################ 256 | # 257 | # SECTION: Orderer 258 | # 259 | # - This section defines the values to encode into a config transaction or 260 | # genesis block for orderer related parameters 261 | # 262 | ################################################################################ 263 | Orderer: &OrdererDefaults 264 | 265 | # Orderer Type: The orderer implementation to start 266 | # Available types are "solo" and "kafka" 267 | OrdererType: solo 268 | 269 | Addresses: 270 | - hlf-orderer--areteorderer--orderer0:7050 271 | 272 | # Batch Timeout: The amount of time to wait before creating a batch 273 | BatchTimeout: 1s 274 | 275 | # Batch Size: Controls the number of messages batched into a block 276 | BatchSize: 277 | 278 | # Max Message Count: The maximum number of messages to permit in a batch 279 | MaxMessageCount: 5 280 | 281 | # Absolute Max Bytes: The absolute maximum number of bytes allowed for 282 | # the serialized messages in a batch. 283 | AbsoluteMaxBytes: 98 MB 284 | 285 | # Preferred Max Bytes: The preferred maximum number of bytes allowed for 286 | # the serialized messages in a batch. A message larger than the preferred 287 | # max bytes will result in a batch larger than preferred max bytes. 288 | PreferredMaxBytes: 1024 KB 289 | 290 | # Organizations is the list of orgs which are defined as participants on 291 | # the orderer side of the network 292 | Organizations: 293 | 294 | # Policies defines the set of policies at this level of the config tree 295 | # For Orderer policies, their canonical path is 296 | # /Channel/Orderer/ 297 | # Policies: 298 | # Readers: 299 | # Type: ImplicitMeta 300 | # Rule: "ANY Readers" 301 | # Writers: 302 | # Type: ImplicitMeta 303 | # Rule: "ANY Writers" 304 | # Admins: 305 | # Type: ImplicitMeta 306 | # Rule: "MAJORITY Admins" 307 | # # BlockValidation specifies what signatures must be included in the block 308 | # # from the orderer for the peer to validate it. 309 | # BlockValidation: 310 | # Type: ImplicitMeta 311 | # Rule: "ANY Writers" 312 | 313 | # Capabilities describes the orderer level capabilities, see the 314 | # dedicated Capabilities section elsewhere in this file for a full 315 | # description 316 | Capabilities: 317 | <<: *OrdererCapabilities 318 | 319 | ################################################################################ 320 | # 321 | # CHANNEL 322 | # 323 | # This section defines the values to encode into a config transaction or 324 | # genesis block for channel related parameters. 325 | # 326 | ################################################################################ 327 | Channel: &ChannelDefaults 328 | # Policies defines the set of policies at this level of the config tree 329 | # For Channel policies, their canonical path is 330 | # /Channel/ 331 | # Policies: 332 | # # Who may invoke the 'Deliver' API 333 | # Readers: 334 | # Type: ImplicitMeta 335 | # Rule: "ANY Readers" 336 | # # Who may invoke the 'Broadcast' API 337 | # Writers: 338 | # Type: ImplicitMeta 339 | # Rule: "ANY Writers" 340 | # # By default, who may modify elements at this config level 341 | # Admins: 342 | # Type: ImplicitMeta 343 | # Rule: "MAJORITY Admins" 344 | 345 | # Capabilities describes the channel level capabilities, see the 346 | # dedicated Capabilities section elsewhere in this file for a full 347 | # description 348 | Capabilities: 349 | <<: *ChannelCapabilities 350 | 351 | ################################################################################ 352 | # 353 | # Profile 354 | # 355 | # - Different configuration profiles may be encoded here to be specified 356 | # as parameters to the configtxgen tool 357 | # 358 | ################################################################################ 359 | Profiles: 360 | 361 | OrdererGenesis: 362 | <<: *ChannelDefaults 363 | Orderer: 364 | <<: *OrdererDefaults 365 | Organizations: 366 | - *AreteOrderer 367 | 368 | Consortiums: 369 | TheConsortium: 370 | Organizations: 371 | - *AreteCorporate 372 | - *ABCVendor 373 | - *DEFVendor 374 | - *XYZVendor 375 | 376 | SecondConsortium: 377 | Organizations: 378 | - *AreteCorporate 379 | 380 | common: 381 | Consortium: TheConsortium 382 | <<: *ChannelDefaults 383 | Application: 384 | <<: *ApplicationDefaults 385 | Organizations: 386 | - *AreteCorporate 387 | - *ABCVendor 388 | - *DEFVendor 389 | - *XYZVendor 390 | 391 | private-arete: 392 | Consortium: TheConsortium 393 | <<: *ChannelDefaults 394 | Application: 395 | <<: *ApplicationDefaults 396 | Organizations: 397 | - *AreteCorporate 398 | 399 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple/extended/crypto-config.yaml: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------- 2 | # "OrdererOrgs" - Definition of organizations managing orderer nodes 3 | # --------------------------------------------------------------------------- 4 | OrdererOrgs: 5 | # --------------------------------------------------------------------------- 6 | # Orderer 7 | # --------------------------------------------------------------------------- 8 | - Name: AreteOrderer 9 | Domain: arete.com 10 | Specs: 11 | - Hostname: orderer0 12 | # --------------------------------------------------------------------------- 13 | # "PeerOrgs" - Definition of organizations managing peer nodes 14 | # --------------------------------------------------------------------------- 15 | PeerOrgs: 16 | - Name: AreteCorporate 17 | Domain: corporate.arete.com 18 | EnableNodeOUs: true 19 | Template: 20 | Count: 2 21 | Users: 22 | Count: 1 23 | 24 | - Name: ABCVendor 25 | Domain: vendor.abc.com 26 | EnableNodeOUs: true 27 | Template: 28 | Count: 1 29 | Users: 30 | Count: 1 31 | 32 | - Name: DEFVendor 33 | Domain: vendor.def.com 34 | EnableNodeOUs: true 35 | Template: 36 | Count: 1 37 | Users: 38 | Count: 1 39 | 40 | - Name: XYZVendor 41 | Domain: vendor.xyz.com 42 | EnableNodeOUs: true 43 | Template: 44 | Count: 1 45 | Users: 46 | Count: 1 -------------------------------------------------------------------------------- /fabric-kube/samples/simple/extended/network.yaml: -------------------------------------------------------------------------------- 1 | network: 2 | # used by init script to create genesis block and by peer-org-flow to parse consortiums 3 | genesisProfile: OrdererGenesis 4 | # used by init script to create genesis block 5 | systemChannelID: aretechainid 6 | 7 | # defines which organizations will join to which channels 8 | channels: 9 | - name: common 10 | # all peers in these organizations will join the channel 11 | orgs: [AreteCorporate, ABCVendor, DEFVendor, XYZVendor] 12 | - name: private-arete 13 | # all peers in these organizations will join the channel 14 | orgs: [AreteCorporate] 15 | #- name: private-abc 16 | # all peers in these organizations will join the channel 17 | # orgs: [AreteCorporate, ABCVendor] 18 | #- name: private-def 19 | # all peers in these organizations will join the channel 20 | # orgs: [AreteCorporate, DEFVendor] 21 | 22 | # defines which chaincodes will be installed to which organizations 23 | chaincodes: 24 | - name: very-simple 25 | # if defined, this will override the global chaincode.version value 26 | version: # "2.0" 27 | # chaincode will be installed to all peers in these organizations 28 | orgs: [AreteCorporate, ABCVendor, DEFVendor, XYZVendor] 29 | # at which channels are we instantiating/upgrading chaincode? 30 | channels: 31 | - name: common 32 | # chaincode will be instantiated/upgraded using the first peer in the first organization 33 | # chaincode will be invoked on all peers in these organizations 34 | orgs: [AreteCorporate, ABCVendor, DEFVendor, XYZVendor] 35 | policy: OR('AreteCorporateMSP.member','ABCVendorMSP.member', 'DEFVendorMSP.member','XYZVendorMSP.member') 36 | 37 | - name: even-simpler 38 | orgs: [AreteCorporate] 39 | channels: 40 | - name: private-arete 41 | orgs: [AreteCorporate] 42 | policy: OR('AreteCorporateMSP.member') 43 | 44 | 45 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple/network.yaml: -------------------------------------------------------------------------------- 1 | network: 2 | # used by init script to create genesis block and by peer-org-flow to parse consortiums 3 | genesisProfile: OrdererGenesis 4 | # used by init script to create genesis block 5 | systemChannelID: aretechainid 6 | 7 | # defines which organizations will join to which channels 8 | channels: 9 | - name: common 10 | # all peers in these organizations will join the channel 11 | orgs: [AreteCorporate, ABCVendor] 12 | - name: private-arete 13 | # all peers in these organizations will join the channel 14 | orgs: [AreteCorporate] 15 | 16 | # defines which chaincodes will be installed to which organizations 17 | chaincodes: 18 | - name: very-simple 19 | # if defined, this will override the global chaincode.version value 20 | version: # "2.0" 21 | # chaincode will be installed to all peers in these organizations 22 | orgs: [AreteCorporate, ABCVendor] 23 | # at which channels are we instantiating/upgrading chaincode? 24 | channels: 25 | - name: common 26 | # chaincode will be instantiated/upgraded using the first peer in the first organization 27 | # chaincode will be invoked on all peers in these organizations 28 | orgs: [AreteCorporate, ABCVendor] 29 | policy: OR('AreteCorporateMSP.member','ABCVendorMSP.member') 30 | 31 | - name: even-simpler 32 | orgs: [AreteCorporate] 33 | channels: 34 | - name: private-arete 35 | orgs: [AreteCorporate] 36 | policy: OR('AreteCorporateMSP.member') 37 | 38 | 39 | -------------------------------------------------------------------------------- /fabric-kube/samples/simple/vault.yaml: -------------------------------------------------------------------------------- 1 | vault: 2 | type: pvc 3 | pvc: 4 | storageClass: azurefile 5 | size: 1Gi 6 | 7 | -------------------------------------------------------------------------------- /fabric-kube/storage/azurefile/azure-file-sc.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: azurefile 5 | provisioner: kubernetes.io/azure-file 6 | mountOptions: 7 | - dir_mode=0777 8 | - file_mode=0777 9 | - uid=1000 10 | - gid=1000 11 | parameters: 12 | skuName: Standard_LRS 13 | -------------------------------------------------------------------------------- /fabric-kube/storage/azurefile/azure-pvc-roles.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: system:azure-cloud-provider 6 | rules: 7 | - apiGroups: [''] 8 | resources: ['secrets'] 9 | verbs: ['get','create'] 10 | --- 11 | apiVersion: rbac.authorization.k8s.io/v1 12 | kind: ClusterRoleBinding 13 | metadata: 14 | name: system:azure-cloud-provider 15 | roleRef: 16 | kind: ClusterRole 17 | apiGroup: rbac.authorization.k8s.io 18 | name: system:azure-cloud-provider 19 | subjects: 20 | - kind: ServiceAccount 21 | name: persistent-volume-binder 22 | namespace: kube-system 23 | -------------------------------------------------------------------------------- /fabric-kube/util.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #This script performs two functions 3 | #copies configtx.yaml to hlf-init-kube directoy 4 | #prepare chain codes 5 | #Run this script before you start/update your fabric network 6 | 7 | if test "$#" -ne 2; then 8 | echo "usage: util.sh " 9 | exit 2 10 | fi 11 | 12 | # exit when any command fails 13 | set -e 14 | 15 | project_folder=$1 16 | chaincode_folder=$2 17 | 18 | cp -r $project_folder/configtx.yaml hlf-init-kube/ 19 | 20 | # prepare chaincodes 21 | ./prepare_chaincodes.sh $project_folder $chaincode_folder 22 | -------------------------------------------------------------------------------- /images/artifacts-flow-simple.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mallikprojects/hyperledger-k8/b299619a39400010e671c1589f8ede27cff15f8e/images/artifacts-flow-simple.png -------------------------------------------------------------------------------- /images/chaincode-flow-simple.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mallikprojects/hyperledger-k8/b299619a39400010e671c1589f8ede27cff15f8e/images/chaincode-flow-simple.png -------------------------------------------------------------------------------- /images/chaincode-flow-upgrade-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mallikprojects/hyperledger-k8/b299619a39400010e671c1589f8ede27cff15f8e/images/chaincode-flow-upgrade-2.png -------------------------------------------------------------------------------- /images/chaincode-flow-upgrade-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mallikprojects/hyperledger-k8/b299619a39400010e671c1589f8ede27cff15f8e/images/chaincode-flow-upgrade-3.png -------------------------------------------------------------------------------- /images/channel-flow-simple.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mallikprojects/hyperledger-k8/b299619a39400010e671c1589f8ede27cff15f8e/images/channel-flow-simple.png -------------------------------------------------------------------------------- /images/hlf-init-kube-pod-watch-simple-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mallikprojects/hyperledger-k8/b299619a39400010e671c1589f8ede27cff15f8e/images/hlf-init-kube-pod-watch-simple-1.png -------------------------------------------------------------------------------- /images/hlf-init-kube-pod-watch-simple.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mallikprojects/hyperledger-k8/b299619a39400010e671c1589f8ede27cff15f8e/images/hlf-init-kube-pod-watch-simple.png -------------------------------------------------------------------------------- /images/hlf-kube-init-pod-watch-kafka.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mallikprojects/hyperledger-k8/b299619a39400010e671c1589f8ede27cff15f8e/images/hlf-kube-init-pod-watch-kafka.png -------------------------------------------------------------------------------- /images/hlf-kube-pod-watch-simple.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mallikprojects/hyperledger-k8/b299619a39400010e671c1589f8ede27cff15f8e/images/hlf-kube-pod-watch-simple.png -------------------------------------------------------------------------------- /images/peer-org-flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mallikprojects/hyperledger-k8/b299619a39400010e671c1589f8ede27cff15f8e/images/peer-org-flow.png --------------------------------------------------------------------------------