KFS LogoFabricLaunch - KFS
Bevel Fabric Operator v1.10.0

Bevel Fabric Operator v1.10.0

dviejo

dviejo

@dviejo

{/* START_CONTENT */}

New changes

The following pull requests have been merged

  • FabricIdentity: Manage the registering and enrolling of users automatically (including renewal)
  • FabricNetworkConfig: Manage the network configuration based on the Bevel Fabric Operator and external configuration
  • Enrollment for peers/orderers/identities now accepts a secret reference to get the TLS Cert of the FabricCA
  • FabricCA supports initialization from custom certificate authority referenced from secret
  • Minor bug fixes

FabricIdentity

You can now manage the registering and enrolling of users automatically. This includes renewal of the user certificates.

This is an example on how to create a FabricIdentity:

# This identity will register and enroll the user for org1
kubectl hlf identity create --name org1-admin --namespace default \
    --ca-name org1-ca --ca-namespace default \
    --ca ca --mspid Org1MSP --enroll-id explorer-admin --enroll-secret explorer-adminpw \
    --ca-enroll-id=enroll --ca-enroll-secret=enrollpw --ca-type=admin

FabricNetworkConfig

You can now manage the network configuration based on the Bevel Fabric Operator and external configuration.

This CRD will react to changes in the Identities and FabricCASecrets and update the network configuration accordingly.

This is an example on how to create a FabricNetworkConfig:

kubectl hlf networkconfig create --name=org1-cp \        
  -o Org1MSP -o OrdererMSP -c demo \          
  --identities=org1-admin.default --secret=org1-cp

Enrollment for peers/orderers/identities

You can now use a secret reference to get the TLS Cert of the FabricCA, instead of having to specify the certificate in the CRD.

apiVersion: hlf.kungfusoftware.es/v1alpha1
kind: FabricPeer
metadata:
# <your metadata>
spec:
...
  secret:
    enrollment:
      component:
        cahost: org1-ca.default
        caname: ca
        caport: 7054
        catls:
          cacert: ''
          secretRef:
            key: tls.crt
            name: org1-ca--tls-cryptomaterial
            namespace: default
        enrollid: peer
        enrollsecret: peerpw
        external: null
      tls:
        cahost: org1-ca.default
        caname: tlsca
        caport: 7054
        catls:
          cacert: ''
          secretRef:
            key: tls.crt
            name: org1-ca--tls-cryptomaterial
            namespace: default
        csr:
          cn: peer01
          hosts:
            - 127.0.0.1
            - localhost
            - peer01.org1.default
        enrollid: peer
        enrollsecret: peerpw
        external: null
...

FabricCA supports initialization from custom certificate authority

You can now initialize the FabricCA from a custom certificate authority referenced from a secret.

This includes support for both CAs, the signing CA and the TLS CA.

You can check the following example:

apiVersion: hlf.kungfusoftware.es/v1alpha1
kind: FabricCA
metadata:
  name: org1-ca
  namespace: default
spec:
  ca:
    ca:
      cert: ''
      chain: ''
      key: ''
      secret:
        name: org1-ca--tls-cryptomaterial
  tlsCA:
  ...
    ca:
      cert: ''
      chain: ''
      key: ''
      secret:
        name: <your secret containing the certfile, chainfile, keyfile>

Ready to get started?

Start saving time and money with FabricLaunch.

Schedule a demo