-
Notifications
You must be signed in to change notification settings - Fork 715
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[fabic] Introduce helm chart deployment capability for version 2.5 (#…
…2529) **Primary Changes** 1. This PR includes changes to deploy fabric 2.5.4 without a channel using helm charts. 2. Version 2.2.2 is pending 3. Deploy with Ansible pending **Changes in charts** platforms/hyperledger-fabric/charts/fabric-ca-server platforms/hyperledger-fabric/charts/fabric-cacerts-gen platforms/hyperledger-fabric/charts/fabric-catools platforms/hyperledger-fabric/charts/fabric-cli platforms/hyperledger-fabric/charts/fabric-orderernode platforms/hyperledger-fabric/charts/fabric-peernode fixes #2484 Signed-off-by: mgCepeda <[email protected]>
- Loading branch information
Showing
59 changed files
with
4,109 additions
and
2,829 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,135 @@ | ||
[//]: # (##############################################################################################) | ||
[//]: # (Copyright Accenture. All Rights Reserved.) | ||
[//]: # (SPDX-License-Identifier: Apache-2.0) | ||
[//]: # (##############################################################################################) | ||
|
||
# Charts for Hyperledger Fabric components | ||
|
||
## About | ||
This folder contains the helm charts which are used for the deployment of the Hyperledger Fabric components. Each helm that you can use has the following keys and you need to set them. The `global.cluster.provider` is used as a key for the various cloud features enabled. Also you only need to specify one cloud provider, **not** both if deploying to cloud. As of writing this doc, AWS is fully supported. | ||
|
||
```yaml | ||
global: | ||
serviceAccountName: vault-auth | ||
cluster: | ||
provider: aws # choose from: minikube | aws | ||
cloudNativeServices: false # future: set to true to use Cloud Native Services | ||
kubernetesUrl: "https://yourkubernetes.com" # Provide the k8s URL, ignore if not using Hashicorp Vault | ||
vault: | ||
type: hashicorp # choose from hashicorp | kubernetes | ||
network: besu # must be besu for these charts | ||
# Following are necessary only when hashicorp vault is used. | ||
address: http://vault.url:8200 | ||
authPath: supplychain | ||
secretEngine: secretsv2 | ||
secretPrefix: "data/supplychain" | ||
role: vault-role | ||
``` | ||
## Usage | ||
### Pre-requisites | ||
- Kubernetes Cluster (either Managed cloud option like EKS or local like minikube) | ||
- Accessible and unsealed Hahsicorp Vault (if using Vault) | ||
- Configured Haproxy (if using Haproxy as proxy) | ||
- Update the dependencies | ||
``` | ||
helm dependency update fabric-ca-server | ||
helm dependency update fabric-orderernode | ||
helm dependency update fabric-peernode | ||
``` | ||
|
||
### _Without Proxy or Vault_ | ||
|
||
### To setup Orderer organization | ||
```bash | ||
kubectl create namespace supplychain-net | ||
helm install supplychain-ca ./fabric-ca-server --namespace supplychain-net --values ./values/noproxy-and-novault/ordererOrganization/ca-server.yaml | ||
# Install the Orderers | ||
helm install orderer1 ./fabric-orderernode --namespace supplychain-net --values ./values/noproxy-and-novault/ordererOrganization/orderer.yaml | ||
helm install orderer2 ./fabric-orderernode --namespace supplychain-net --values ./values/noproxy-and-novault/ordererOrganization/orderer.yaml | ||
helm install orderer3 ./fabric-orderernode --namespace supplychain-net --values ./values/noproxy-and-novault/ordererOrganization/orderer.yaml | ||
``` | ||
|
||
### To setup Peer organization | ||
|
||
```bash | ||
kubectl create namespace carrier-net | ||
# Get the Orderer tls certificate and place in fabric-catools/files | ||
cd ./fabric-catools/files | ||
kubectl --namespace supplychain-net get configmap orderer-tls-cacert -o jsonpath='{.data.cacert}' > orderer.crt | ||
# Before installing, we must use the dependencies again, due to the addition of the file in the files folder | ||
cd ../.. | ||
helm dependency update fabric-ca-server | ||
helm install carrier-ca ./fabric-ca-server --namespace carrier-net --values ./values/noproxy-and-novault/peerOrganization/ca-server.yaml | ||
# To use a custom peer configuration, copy core.yaml file into ./fabric-peernode/files | ||
# This step is optional | ||
cp /home/bevel/build/peer0-core.yaml ./fabric-peernode/files | ||
# Install the Peers | ||
helm install peer0 ./fabric-peernode --namespace carrier-net --values ./values/noproxy-and-novault/peerOrganization/peer.yaml | ||
``` | ||
|
||
### _With Ambassador proxy and Vault_ | ||
|
||
### To setup Orderer organization | ||
|
||
Replace the `global.vault.address`, `global.cluster.kubernetesUrl` and `global.proxy.externalUrlSuffix` in all the files in `./values/proxy-and-vault/` folder. | ||
|
||
```bash | ||
kubectl create namespace supplychain-net | ||
kubectl -n supplychain-net create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN> | ||
helm install supplychain-ca ./fabric-ca-server --namespace supplychain-net --values ./values/proxy-and-vault/ordererOrganization/ca-server.yaml | ||
# Install the Orderers | ||
helm install orderer1 ./fabric-orderernode --namespace supplychain-net --values ./values/proxy-and-vault/ordererOrganization/orderer.yaml | ||
helm install orderer2 ./fabric-orderernode --namespace supplychain-net --values ./values/proxy-and-vault/ordererOrganization/orderer.yaml | ||
helm install orderer3 ./fabric-orderernode --namespace supplychain-net --values ./values/proxy-and-vault/ordererOrganization/orderer.yaml | ||
``` | ||
|
||
### To setup Peer organization | ||
|
||
```bash | ||
kubectl create namespace carrier-net | ||
kubectl -n carrier-net create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN> | ||
# Get the Orderer tls certificate and place in fabric-catools/files | ||
cd ./fabric-catools/files | ||
kubectl --namespace supplychain-net get configmap orderer-tls-cacert -o jsonpath='{.data.cacert}' > orderer.crt | ||
# Before installing, we must use the dependencies again, due to the addition of the file in the files folder | ||
cd ../.. | ||
helm dependency update fabric-ca-server | ||
helm install carrier-ca ./fabric-ca-server --namespace carrier-net --values ./values/noproxy-and-novault/peerOrganization/ca-server.yaml | ||
# To use a custom peer configuration, copy core.yaml file into ./fabric-peernode/files | ||
# This step is optional | ||
cp /home/bevel/build/peer0-core.yaml ./fabric-peernode/files | ||
# Install the Peers | ||
helm install peer0 ./fabric-peernode --namespace carrier-net --values ./values/proxy-and-vault/peerOrganization/peer.yaml | ||
``` | ||
|
||
### Clean-up | ||
|
||
To clean up, just uninstall the helm releases. | ||
```bash | ||
helm uninstall --namespace supplychain-net orderer1 | ||
helm uninstall --namespace supplychain-net orderer2 | ||
helm uninstall --namespace supplychain-net orderer3 | ||
helm uninstall --namespace supplychain-net supplychain-ca | ||
helm uninstall --namespace carrier-net peer0 | ||
helm uninstall --namespace carrier-net carrier-ca | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,7 +5,23 @@ | |
############################################################################################## | ||
|
||
apiVersion: v1 | ||
appVersion: "2.0" | ||
description: "Hyperledger Fabric: Deploys a CA server." | ||
name: fabric-ca-server | ||
description: "Hyperledger Fabric: Deploys a CA server." | ||
version: 1.0.0 | ||
appVersion: latest | ||
keywords: | ||
- bevel | ||
- ethereum | ||
- fabric | ||
- hyperledger | ||
- enterprise | ||
- blockchain | ||
- deployment | ||
- accenture | ||
home: https://hyperledger-bevel.readthedocs.io/en/latest/ | ||
sources: | ||
- https://github.com/hyperledger/bevel | ||
maintainers: | ||
- name: Hyperledger Bevel maintainers | ||
email: [email protected] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
platforms/hyperledger-fabric/charts/fabric-ca-server/requirements.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
dependencies: | ||
- name: bevel-vault-mgmt | ||
repository: "file://../../../shared/charts/bevel-vault-mgmt" | ||
tags: | ||
- bevel | ||
version: ~1.0.0 | ||
- name: bevel-scripts | ||
repository: "file://../../../shared/charts/bevel-scripts" | ||
tags: | ||
- bevel | ||
version: ~1.0.0 | ||
- name: bevel-storageclass | ||
alias: storage | ||
repository: "file://../../../shared/charts/bevel-storageclass" | ||
tags: | ||
- storage | ||
version: ~1.0.0 | ||
- name: fabric-cacerts-gen | ||
alias: cacerts | ||
repository: "file://../fabric-cacerts-gen" | ||
tags: | ||
- cacerts | ||
version: ~1.0.0 | ||
- name: fabric-catools | ||
alias: catools | ||
repository: "file://../fabric-catools" | ||
tags: | ||
- catools | ||
version: ~1.0.0 |
33 changes: 28 additions & 5 deletions
33
platforms/hyperledger-fabric/charts/fabric-ca-server/templates/_helpers.tpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
125 changes: 125 additions & 0 deletions
125
platforms/hyperledger-fabric/charts/fabric-ca-server/templates/ca-job-cleanup.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
--- | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: {{ include "fabric-ca-server.name" . }}-cleanup | ||
labels: | ||
app.kubernetes.io/name: fabric-ca-server-job-cleanup | ||
app.kubernetes.io/component: ca-server-job-cleanup | ||
app.kubernetes.io/part-of: {{ include "fabric-ca-server.fullname" . }} | ||
app.kubernetes.io/namespace: {{ .Release.Namespace }} | ||
app.kubernetes.io/managed-by: helm | ||
namespace: {{ .Release.Namespace }} | ||
annotations: | ||
helm.sh/hook-weight: "0" | ||
helm.sh/hook: "pre-delete" | ||
helm.sh/hook-delete-policy: "hook-succeeded" | ||
spec: | ||
backoffLimit: 3 | ||
completions: 1 | ||
template: | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: fabric-ca-server-job-cleanup | ||
app.kubernetes.io/component: ca-server-job-cleanup | ||
app.kubernetes.io/part-of: {{ include "fabric-ca-server.fullname" . }} | ||
app.kubernetes.io/namespace: {{ .Release.Namespace }} | ||
app.kubernetes.io/managed-by: helm | ||
spec: | ||
serviceAccountName: {{ .Values.global.serviceAccountName }} | ||
restartPolicy: "Never" | ||
containers: | ||
- name: delete-secrets | ||
image: "{{ $.Values.image.alpineUtils }}" | ||
securityContext: | ||
runAsUser: 0 | ||
imagePullPolicy: IfNotPresent | ||
env: | ||
- name: COMPONENT_TYPE | ||
value: {{ $.Values.catools.orgData.type }} | ||
- name: ORDERERS_NAMES | ||
value: "{{ $.Values.catools.orderers | join " " -}}" | ||
- name: PEERS_NAMES | ||
value: "{{ $.Values.catools.peers | join " " -}}" | ||
- name: USERS_IDENTITIES | ||
value: "{{ $.Values.catools.users.usersIdentities | join " " -}}" | ||
command: ["sh", "-c"] | ||
args: | ||
- |- | ||
{{- if .Values.settings.removeCertsOnDelete }} | ||
|
||
function deleteSecret { | ||
key=$1 | ||
kubectl get secret ${key} --namespace {{ .Release.Namespace }} -o json > /dev/null 2>&1 | ||
if [ $? -eq 0 ]; then | ||
kubectl delete secret ${key} --namespace {{ .Release.Namespace }} | ||
fi | ||
} | ||
deleteSecret ca-certs | ||
deleteSecret ca-credentials | ||
|
||
deleteSecret admin-tls | ||
deleteSecret admin-msp | ||
|
||
if [ "$COMPONENT_TYPE" = "orderer" ]; then | ||
SERVICES_NAMES=$ORDERERS_NAMES; | ||
fi; | ||
|
||
if [ "$COMPONENT_TYPE" = "peer" ]; then | ||
SERVICES_NAMES=$PEERS_NAMES; | ||
fi; | ||
|
||
for SERVICE in $SERVICES_NAMES | ||
do | ||
# Check if orderer/peer msp already created | ||
if [ "$COMPONENT_TYPE" = "peer" ]; then | ||
SERVICE_NAME="${SERVICE%%,*}" | ||
deleteSecret ${SERVICE_NAME}-msp | ||
fi; | ||
|
||
if [ "$COMPONENT_TYPE" = "orderer" ]; then | ||
SERVICE_NAME="${SERVICE}" | ||
deleteSecret ${SERVICE_NAME}-msp | ||
fi; | ||
|
||
# Check if orderer/peer msp already created | ||
if [ "$COMPONENT_TYPE" = "peer" ]; then | ||
SERVICE_NAME="${SERVICE%%,*}" | ||
deleteSecret ${SERVICE_NAME}-tls | ||
fi; | ||
|
||
if [ "$COMPONENT_TYPE" = "orderer" ]; then | ||
SERVICE_NAME="${SERVICE}" | ||
deleteSecret ${SERVICE_NAME}-tls | ||
fi; | ||
done | ||
|
||
if [ $COMPONENT_TYPE == 'peer' ]; | ||
then | ||
# Check if msp config file already created | ||
deleteSecret msp-config | ||
deleteSecret orderer-tls | ||
deleteSecret couchdb | ||
fi; | ||
|
||
if [ "$USERS_IDENTITIES" ] | ||
then | ||
for user_identity in $USERS_IDENTITIES | ||
do | ||
# Check if users tls already created | ||
deleteSecret ${user_identity}-tls | ||
# Check if users msp already created for users | ||
deleteSecret ${user_identity}-msp | ||
done | ||
fi | ||
|
||
{{- end}} | ||
|
||
{{- if .Values.settings.removeOrdererTlsOnDelete }} | ||
|
||
if kubectl get configmap --namespace {{ .Release.Namespace }} orderer-tls-cacert &> /dev/null; then | ||
echo "Deleting orderer-tls-cacert configmap in k8s ..." | ||
kubectl delete configmap --namespace {{ .Release.Namespace }} orderer-tls-cacert | ||
fi | ||
{{- end}} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.