Hyperledger Fabric course is out!

KFS

IntroducingBevel Fabric Operator v1.10.0

New changes

The following pull requests have been merged

  • FabricIdentity: Manage the registering and enrolling of users automatically (including renewal)
  • FabricNetworkConfig: Manage the network configuration based on the Bevel Fabric Operator and external configuration
  • Enrollment for peers/orderers/identities now accepts a secret reference to get the TLS Cert of the FabricCA
  • FabricCA supports initialization from custom certificate authority referenced from secret
  • Minor bug fixes

FabricIdentity

You can now manage the registering and enrolling of users automatically. This includes renewal of the user certificates.

This is an example on how to create a FabricIdentity:

# This identity will register and enroll the user for org1
kubectl hlf identity create --name org1-admin --namespace default \
    --ca-name org1-ca --ca-namespace default \
    --ca ca --mspid Org1MSP --enroll-id explorer-admin --enroll-secret explorer-adminpw \
    --ca-enroll-id=enroll --ca-enroll-secret=enrollpw --ca-type=admin

FabricNetworkConfig

You can now manage the network configuration based on the Bevel Fabric Operator and external configuration.

This CRD will react to changes in the Identities and FabricCASecrets and update the network configuration accordingly.

This is an example on how to create a FabricNetworkConfig:

kubectl hlf networkconfig create --name=org1-cp \        
  -o Org1MSP -o OrdererMSP -c demo \          
  --identities=org1-admin.default --secret=org1-cp

Enrollment for peers/orderers/identities

You can now use a secret reference to get the TLS Cert of the FabricCA, instead of having to specify the certificate in the CRD.

apiVersion: hlf.kungfusoftware.es/v1alpha1
kind: FabricPeer
metadata:
# <your metadata>
spec:
...
  secret:
    enrollment:
      component:
        cahost: org1-ca.default
        caname: ca
        caport: 7054
        catls:
          cacert: ''
          secretRef:
            key: tls.crt
            name: org1-ca--tls-cryptomaterial
            namespace: default
        enrollid: peer
        enrollsecret: peerpw
        external: null
      tls:
        cahost: org1-ca.default
        caname: tlsca
        caport: 7054
        catls:
          cacert: ''
          secretRef:
            key: tls.crt
            name: org1-ca--tls-cryptomaterial
            namespace: default
        csr:
          cn: peer01
          hosts:
            - 127.0.0.1
            - localhost
            - peer01.org1.default
        enrollid: peer
        enrollsecret: peerpw
        external: null
...

FabricCA supports initialization from custom certificate authority

You can now initialize the FabricCA from a custom certificate authority referenced from a secret.

This includes support for both CAs, the signing CA and the TLS CA.

You can check the following example:

apiVersion: hlf.kungfusoftware.es/v1alpha1
kind: FabricCA
metadata:
  name: org1-ca
  namespace: default
spec:
  ca:
    ca:
      cert: ''
      chain: ''
      key: ''
      secret:
        name: org1-ca--tls-cryptomaterial
  tlsCA:
  ...
    ca:
      cert: ''
      chain: ''
      key: ''
      secret:
        name: <your secret containing the certfile, chainfile, keyfile>

If you liked this content and you want more, there are 2 ways I can help you:

  • Hyperledger Fabric Course: Hyperledger Fabric explained how to level up your skills and be in the top 1% of blockchain engineers.
  • Work with me : We build your blockchain project and help you from start to end with simple pricing.