{"id":17782215,"url":"https://github.com/hyperledger-bevel/bevel-operator-fabric","last_synced_at":"2025-05-16T04:03:35.634Z","repository":{"id":37930842,"uuid":"317022479","full_name":"hyperledger-bevel/bevel-operator-fabric","owner":"hyperledger-bevel","description":"Hyperledger Fabric Kubernetes operator - Hyperledger Fabric operator for Kubernetes (v2.3, v2.4 and v2.5, v3.0, v3.1)","archived":false,"fork":false,"pushed_at":"2025-05-04T11:59:43.000Z","size":7669,"stargazers_count":289,"open_issues_count":41,"forks_count":95,"subscribers_count":59,"default_branch":"main","last_synced_at":"2025-05-04T12:35:27.798Z","etag":null,"topics":["blockchain","chaincode","fabric","hacktoberfest","hacktoberfest-accepted","hyperledger","hyperledger-fabric","kubernetes","operator-sdk"],"latest_commit_sha":null,"homepage":"https://hyperledger-bevel.github.io/bevel-operator-fabric/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hyperledger-bevel.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-11-29T19:02:47.000Z","updated_at":"2025-05-04T11:51:26.000Z","dependencies_parsed_at":"2023-10-10T20:46:02.166Z","dependency_job_id":"550f8bc6-93ed-4a89-9ccb-439f94019949","html_url":"https://github.com/hyperledger-bevel/bevel-operator-fabric","commit_stats":{"total_commits":224,"total_committers":18,"mean_commits":"12.444444444444445","dds":0.5044642857142857,"last_synced_commit":"6f184aed1fff493c230c04d483207125dbd64d32"},"previous_names":["kfsoftware/hlf-operator","hyperledger-labs/hlf-operator","hyperledger-bevel/bevel-operator-fabric","hyperledger/bevel-operator-fabric"],"tags_count":174,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperledger-bevel%2Fbevel-operator-fabric","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperledger-bevel%2Fbevel-operator-fabric/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperledger-bevel%2Fbevel-operator-fabric/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperledger-bevel%2Fbevel-operator-fabric/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hyperledger-bevel","download_url":"https://codeload.github.com/hyperledger-bevel/bevel-operator-fabric/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254464891,"owners_count":22075570,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","chaincode","fabric","hacktoberfest","hacktoberfest-accepted","hyperledger","hyperledger-fabric","kubernetes","operator-sdk"],"created_at":"2024-10-27T05:04:18.154Z","updated_at":"2025-05-16T04:03:35.269Z","avatar_url":"https://github.com/hyperledger-bevel.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"---\nid: getting-started\ntitle: Getting started\n---\n\n# Hyperledger Fabric Operator\n\n## Features\n\n- [x] Create certificates authorities (CA)\n- [x] Create peers\n- [x] Create ordering services\n- [x] Create resources without manual provisioning of cryptographic material\n- [x] Domain routing with SNI using Istio\n- [x] Run chaincode as external chaincode in Kubernetes\n- [x] Support Hyperledger Fabric 2.3+ and 3.0\n- [x] Managed genesis for Ordering services\n- [x] E2E testing including the execution of chaincodes in KIND\n- [x] Renewal of certificates\n\n## Stay Up-to-Date\n\n`hlf-operator` is currently in stable. Watch **releases** of this repository to be notified for future updates:\n\n![hlf-operator-star-github](https://user-images.githubusercontent.com/6862893/123808402-022aa800-d8f1-11eb-8df4-8a9552f126a2.gif)\n\n## Discord\n\nFor discussions and questions, please join the Hyperledger Foundation Discord:\n\n[https://discord.com/invite/hyperledger](https://discord.com/invite/hyperledger)\n\nThe channel is located under `BEVEL`, named [`bevel-operator-fabric`](https://discordapp.com/channels/905194001349627914/967823782712594442).\n\n## Hyperledger Meetups\n\nYou can watch this video to see how to use it to deploy your own network:\n\n[![Deploying a Network Using SmartBFT in Hyperledger Fabric 3.0](http://img.youtube.com/vi/4taLwa_pl9U/0.jpg)](https://www.youtube.com/watch?v=4taLwa_pl9U \"Deploying a Network Using SmartBFT in Hyperledger Fabric 3.0\")\n[![Deploying a Network Using SmartBFT in Hyperledger Fabric 3.0](http://img.youtube.com/vi/vM_UzryCOqs/0.jpg)](https://www.youtube.com/watch?v=vM_UzryCOqs \"Hyperledger Fabric on Kubernetes\")\n[![Hyperledger Fabric on Kubernetes](http://img.youtube.com/vi/namKDeJf5QI/0.jpg)](http://www.youtube.com/watch?v=namKDeJf5QI \"Hyperledger Fabric on Kubernetes\")\n\n\n## Tutorial Videos\n\nStep-by-step video tutorials to setup hlf-operator in Kubernetes\n\n[![Hyperledger Fabric on Kubernetes](https://img.youtube.com/vi/e04TcJHUI5M/0.jpg)](https://www.youtube.com/playlist?list=PLuAZTZDgj0csRQuNMY8wbYqOCpzggAuMo \"Hyperledger Fabric on Kubernetes\")\n\nThis workshop provides an in-depth hands on discussion and demonstration of using Bevel and the new Bevel-Operator-Fabric to deploy Hyperledger Fabric on Kubernetes.\n\n\n## Hyperledger Workshops\n\nThis workshop provides an in-depth, hands-on discussion and demonstration of using Bevel and the new Bevel-Operator-Fabric to deploy Hyperledger Fabric on Kubernetes.\n\n[![How to Deploy Hyperledger Fabric on Kubernetes with Hyperledger Bevel](https://img.youtube.com/vi/YUC12ahY5_k/0.jpg)](https://www.youtube.com/live/YUC12ahY5_k?feature=share\u0026t=4430)\n\n## Sponsor\n\n|                                                                               |                                                                                                                                                                                                                                                                                                                     |\n|-------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ![galagames logo](https://avatars.githubusercontent.com/u/135145372?s=200\u0026v=4) | Gala Games is a blockchain gaming platform that empowers players to earn cryptocurrencies and NFTs through gameplay. Founded in 2018 by Eric Schiermeyer, co-founder of Zynga, it aims to create a new type of gaming experience. The platform offers limited edition NFTs and allows players to earn Gala tokens |\n| ![kfs logo](https://avatars.githubusercontent.com/u/74511895?s=200\u0026v=4)       | If you want to design and deploy a secure Blockchain network based on the latest version of Hyperledger Fabric, feel free to contact dviejo@kungfusoftware.es or visit [https://kfs.es/blockchain](https://kfs.es/blockchain)                                                                                       |\n\n## Getting started\n\n# Tutorial\n\nResources:\n- [Hyperledger Fabric build ARM](https://www.polarsparc.com/xhtml/Hyperledger-ARM-Build.html)\n\n## Create Kubernetes Cluster\n\nTo start deploying our red fabric we have to have a Kubernetes cluster. For this we will use KinD.\n\nEnsure you have these ports available before creating the cluster:\n- 80\n- 443\n\nIf these ports are not available this tutorial will not work.\n\n### Using K3D\n\n```bash\nk3d cluster create  -p \"80:30949@agent:0\" -p \"443:30950@agent:0\" --agents 2 k8s-hlf\n```\n\n### Using KinD\n\n```bash\ncat \u003c\u003c EOF \u003e kind-config.yaml\nkind: Cluster\napiVersion: kind.x-k8s.io/v1alpha4\nnodes:\n- role: control-plane\n  image: kindest/node:v1.30.2\n  extraPortMappings:\n  - containerPort: 30949\n    hostPort: 80\n  - containerPort: 30950\n    hostPort: 443\nEOF\n\nkind create cluster --config=./kind-config.yaml\n\n```\n\n## Install Kubernetes operator\n\nIn this step we are going to install the kubernetes operator for Fabric, this will install:\n\n- CRD (Custom Resource Definitions) to deploy Certification Fabric Peers, Orderers and Authorities\n- Deploy the program to deploy the nodes in Kubernetes\n\nTo install helm: [https://helm.sh/docs/intro/install/](https://helm.sh/docs/intro/install/)\n\n```bash\nhelm repo add kfs https://kfsoftware.github.io/hlf-helm-charts --force-update\n\nhelm install hlf-operator --version=1.11.1 -- kfs/hlf-operator\n```\n\n\n### Install the Kubectl plugin\n\nTo install the kubectl plugin, you must first install Krew:\n[https://krew.sigs.k8s.io/docs/user-guide/setup/install/](https://krew.sigs.k8s.io/docs/user-guide/setup/install/)\n\nAfterwards, the plugin can be installed with the following command:\n\n```bash\nkubectl krew install hlf\n```\n\n### Install Istio\n\nInstall Istio binaries on the machine:\n```bash\ncurl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.23.3 sh -\n```\n\nInstall Istio on the Kubernetes cluster:\n\n```bash\n\nkubectl create namespace istio-system\n\nexport ISTIO_PATH=$(echo $PWD/istio-*/bin)\nexport PATH=\"$PATH:$ISTIO_PATH\"\n\nistioctl operator init\n\nkubectl apply -f - \u003c\u003cEOF\napiVersion: install.istio.io/v1alpha1\nkind: IstioOperator\nmetadata:\n  name: istio-gateway\n  namespace: istio-system\nspec:\n  addonComponents:\n    grafana:\n      enabled: false\n    kiali:\n      enabled: false\n    prometheus:\n      enabled: false\n    tracing:\n      enabled: false\n  components:\n    ingressGateways:\n      - enabled: true\n        k8s:\n          hpaSpec:\n            minReplicas: 1\n          resources:\n            limits:\n              cpu: 500m\n              memory: 512Mi\n            requests:\n              cpu: 100m\n              memory: 128Mi\n          service:\n            ports:\n              - name: http\n                port: 80\n                targetPort: 8080\n                nodePort: 30949\n              - name: https\n                port: 443\n                targetPort: 8443\n                nodePort: 30950\n            type: NodePort\n        name: istio-ingressgateway\n    pilot:\n      enabled: true\n      k8s:\n        hpaSpec:\n          minReplicas: 1\n        resources:\n          limits:\n            cpu: 300m\n            memory: 512Mi\n          requests:\n            cpu: 100m\n            memory: 128Mi\n  meshConfig:\n    accessLogFile: /dev/stdout\n    enableTracing: false\n    outboundTrafficPolicy:\n      mode: ALLOW_ANY\n  profile: default\n\nEOF\n\n```\n\n## Deploy a `Peer` organization\n\n\n### Environment Variables\n\n```bash\nexport PEER_IMAGE=hyperledger/fabric-peer\nexport PEER_VERSION=3.0.0\n\nexport ORDERER_IMAGE=hyperledger/fabric-orderer\nexport ORDERER_VERSION=3.0.0\n\nexport CA_IMAGE=hyperledger/fabric-ca\nexport CA_VERSION=1.5.13\n```\n\n### Configure Internal DNS\n\n```bash\nkubectl apply -f - \u003c\u003cEOF\nkind: ConfigMap\napiVersion: v1\nmetadata:\n  name: coredns\n  namespace: kube-system\ndata:\n  Corefile: |\n    .:53 {\n        errors\n        health {\n           lameduck 5s\n        }\n        rewrite name regex (.*)\\.localho\\.st istio-ingressgateway.istio-system.svc.cluster.local\n        hosts {\n          fallthrough\n        }\n        ready\n        kubernetes cluster.local in-addr.arpa ip6.arpa {\n           pods insecure\n           fallthrough in-addr.arpa ip6.arpa\n           ttl 30\n        }\n        prometheus :9153\n        forward . /etc/resolv.conf {\n           max_concurrent 1000\n        }\n        cache 30\n        loop\n        reload\n        loadbalance\n    }\nEOF\n```\n\n### Configure Storage Class\nSet storage class depending on the Kubernetes cluster you are using:\n```bash\n# for Kind\nexport SC_NAME=standard\n# for K3D\nexport SC_NAME=local-path\n```\n\n### Deploy a certificate authority\n\n```bash\nkubectl hlf ca create  --image=$CA_IMAGE --version=$CA_VERSION --storage-class=$SC_NAME --capacity=1Gi --name=org1-ca \\\n    --enroll-id=enroll --enroll-pw=enrollpw --hosts=org1-ca.localho.st --istio-port=443\n\nkubectl wait --timeout=180s --for=condition=Running fabriccas.hlf.kungfusoftware.es --all\n```\n\nCheck that the certification authority is deployed and works:\n\n```bash\ncurl -k https://org1-ca.localho.st:443/cainfo\n```\n\nRegister a user in the certification authority of the peer organization (Org1MSP)\n\n```bash\n# register user in CA for peers\nkubectl hlf ca register --name=org1-ca --user=peer --secret=peerpw --type=peer \\\n --enroll-id enroll --enroll-secret=enrollpw --mspid Org1MSP\n\n```\n\n### Deploy a peer\n\n```bash\nkubectl hlf peer create --statedb=leveldb --image=$PEER_IMAGE --version=$PEER_VERSION --storage-class=$SC_NAME --enroll-id=peer --mspid=Org1MSP \\\n        --enroll-pw=peerpw --capacity=5Gi --name=org1-peer0 --ca-name=org1-ca.default \\\n        --hosts=peer0-org1.localho.st --istio-port=443\n\n\nkubectl wait --timeout=180s --for=condition=Running fabricpeers.hlf.kungfusoftware.es --all\n```\n\nCheck that the peer is deployed and works:\n\n```bash\nopenssl s_client -connect peer0-org1.localho.st:443\n```\n\n## Deploy an `Orderer` organization\n\nTo deploy an `Orderer` organization we have to:\n\n1. Create a certification authority\n2. Register user `orderer` with password `ordererpw`\n3. Create orderer\n\n### Create the certification authority\n\n```bash\n\nkubectl hlf ca create  --image=$CA_IMAGE --version=$CA_VERSION --storage-class=$SC_NAME --capacity=1Gi --name=ord-ca \\\n    --enroll-id=enroll --enroll-pw=enrollpw --hosts=ord-ca.localho.st --istio-port=443\n\nkubectl wait --timeout=180s --for=condition=Running fabriccas.hlf.kungfusoftware.es --all\n\n```\n\nCheck that the certification authority is deployed and works:\n\n```bash\ncurl -vik https://ord-ca.localho.st:443/cainfo\n```\n\n### Register user `orderer`\n\n```bash\nkubectl hlf ca register --name=ord-ca --user=orderer --secret=ordererpw \\\n    --type=orderer --enroll-id enroll --enroll-secret=enrollpw --mspid=OrdererMSP --ca-url=\"https://ord-ca.localho.st:443\"\n\n```\n### Deploy orderer\n\n```bash\n\nkubectl hlf ordnode create --image=$ORDERER_IMAGE --version=$ORDERER_VERSION \\\n    --storage-class=$SC_NAME --enroll-id=orderer --mspid=OrdererMSP \\\n    --enroll-pw=ordererpw --capacity=2Gi --name=ord-node1 --ca-name=ord-ca.default \\\n    --hosts=orderer0-ord.localho.st --admin-hosts=admin-orderer0-ord.localho.st --istio-port=443\n\n\nkubectl hlf ordnode create --image=$ORDERER_IMAGE --version=$ORDERER_VERSION \\\n    --storage-class=$SC_NAME --enroll-id=orderer --mspid=OrdererMSP \\\n    --enroll-pw=ordererpw --capacity=2Gi --name=ord-node2 --ca-name=ord-ca.default \\\n    --hosts=orderer1-ord.localho.st --admin-hosts=admin-orderer1-ord.localho.st --istio-port=443\n\n\nkubectl hlf ordnode create --image=$ORDERER_IMAGE --version=$ORDERER_VERSION \\\n    --storage-class=$SC_NAME --enroll-id=orderer --mspid=OrdererMSP \\\n    --enroll-pw=ordererpw --capacity=2Gi --name=ord-node3 --ca-name=ord-ca.default \\\n    --hosts=orderer2-ord.localho.st --admin-hosts=admin-orderer2-ord.localho.st --istio-port=443\n\n\nkubectl hlf ordnode create --image=$ORDERER_IMAGE --version=$ORDERER_VERSION \\\n    --storage-class=$SC_NAME --enroll-id=orderer --mspid=OrdererMSP \\\n    --enroll-pw=ordererpw --capacity=2Gi --name=ord-node4 --ca-name=ord-ca.default \\\n    --hosts=orderer3-ord.localho.st --admin-hosts=admin-orderer3-ord.localho.st --istio-port=443\n\n\n\nkubectl wait --timeout=180s --for=condition=Running fabricorderernodes.hlf.kungfusoftware.es --all\n```\n\nCheck that the orderer is running:\n\n```bash\nkubectl get pods\n```\n\n```bash\nopenssl s_client -connect orderer0-ord.localho.st:443\nopenssl s_client -connect orderer1-ord.localho.st:443\nopenssl s_client -connect orderer2-ord.localho.st:443\nopenssl s_client -connect orderer3-ord.localho.st:443\n```\n\n\n## Create channel\n\nTo create the channel we need to first create the wallet secret, which will contain the identities used by the operator to manage the channel\n\n### Register and enrolling OrdererMSP identity\n\n```bash\n# register\nkubectl hlf ca register --name=ord-ca --user=admin --secret=adminpw \\\n    --type=admin --enroll-id enroll --enroll-secret=enrollpw --mspid=OrdererMSP\n\n# enroll\n\nkubectl hlf ca enroll --name=ord-ca --namespace=default \\\n    --user=admin --secret=adminpw --mspid OrdererMSP \\\n    --ca-name tlsca  --output orderermsp.yaml\n    \nkubectl hlf ca enroll --name=ord-ca --namespace=default \\\n    --user=admin --secret=adminpw --mspid OrdererMSP \\\n    --ca-name ca  --output orderermspsign.yaml\n```\n\n### Register and enrolling Org1MSP Orderer identity\n\n```bash\n# register\nkubectl hlf ca register --name=org1-ca --user=admin --secret=adminpw \\\n    --type=admin --enroll-id enroll --enroll-secret=enrollpw --mspid=Org1MSP\n\n# enroll\n\nkubectl hlf ca enroll --name=org1-ca --namespace=default \\\n    --user=admin --secret=adminpw --mspid Org1MSP \\\n    --ca-name tlsca  --output org1msp-tlsca.yaml\n```\n\n\n### Register and enrolling Org1MSP identity\n\n```bash\n# register\nkubectl hlf ca register --name=org1-ca --namespace=default --user=admin --secret=adminpw \\\n    --type=admin --enroll-id enroll --enroll-secret=enrollpw --mspid=Org1MSP\n\n# enroll\nkubectl hlf ca enroll --name=org1-ca --namespace=default \\\n    --user=admin --secret=adminpw --mspid Org1MSP \\\n    --ca-name ca  --output org1msp.yaml\n\n# enroll\nkubectl hlf identity create --name org1-admin --namespace default \\\n    --ca-name org1-ca --ca-namespace default \\\n    --ca ca --mspid Org1MSP --enroll-id admin --enroll-secret adminpw\n\n\n```\n\n### Create the secret\n\n```bash\nkubectl create secret generic wallet --namespace=default \\\n        --from-file=org1msp.yaml=$PWD/org1msp.yaml \\\n        --from-file=orderermsp.yaml=$PWD/orderermsp.yaml \\\n        --from-file=orderermspsign.yaml=$PWD/orderermspsign.yaml\n\n```\n\n### Create main channel\n\n```bash\nexport PEER_ORG_SIGN_CERT=$(kubectl get fabriccas org1-ca -o=jsonpath='{.status.ca_cert}')\nexport PEER_ORG_TLS_CERT=$(kubectl get fabriccas org1-ca -o=jsonpath='{.status.tlsca_cert}')\n\nexport IDENT_8=$(printf \"%8s\" \"\")\nexport ORDERER_TLS_CERT=$(kubectl get fabriccas ord-ca -o=jsonpath='{.status.tlsca_cert}' | sed -e \"s/^/${IDENT_8}/\" )\nexport ORDERER0_TLS_CERT=$(kubectl get fabricorderernodes ord-node1 -o=jsonpath='{.status.tlsCert}' | sed -e \"s/^/${IDENT_8}/\" )\nexport ORDERER1_TLS_CERT=$(kubectl get fabricorderernodes ord-node2 -o=jsonpath='{.status.tlsCert}' | sed -e \"s/^/${IDENT_8}/\" )\nexport ORDERER2_TLS_CERT=$(kubectl get fabricorderernodes ord-node3 -o=jsonpath='{.status.tlsCert}' | sed -e \"s/^/${IDENT_8}/\" )\nexport ORDERER3_TLS_CERT=$(kubectl get fabricorderernodes ord-node4 -o=jsonpath='{.status.tlsCert}' | sed -e \"s/^/${IDENT_8}/\" )\n\nkubectl apply -f - \u003c\u003cEOF\napiVersion: hlf.kungfusoftware.es/v1alpha1\nkind: FabricMainChannel\nmetadata:\n  name: demo\nspec:\n  name: demo\n  adminOrdererOrganizations:\n    - mspID: OrdererMSP\n  adminPeerOrganizations:\n    - mspID: Org1MSP\n  channelConfig:\n    application:\n      acls: null\n      capabilities:\n        - V2_0\n        - V2_5\n      policies: null\n    capabilities:\n      - V2_0\n    orderer:\n      batchSize:\n        absoluteMaxBytes: 1048576\n        maxMessageCount: 10\n        preferredMaxBytes: 524288\n      batchTimeout: 2s\n      capabilities:\n        - V2_0\n      etcdRaft:\n        options:\n          electionTick: 10\n          heartbeatTick: 1\n          maxInflightBlocks: 5\n          snapshotIntervalSize: 16777216\n          tickInterval: 500ms\n      ordererType: etcdraft\n      policies: null\n      state: STATE_NORMAL\n    policies: null\n  externalOrdererOrganizations: []\n  externalPeerOrganizations: []\n  peerOrganizations:\n    - mspID: Org1MSP\n      caName: \"org1-ca\"\n      caNamespace: \"default\"\n\n  identities:\n    OrdererMSP:\n      secretKey: orderermsp.yaml\n      secretName: wallet\n      secretNamespace: default\n    OrdererMSP-tls:\n      secretKey: orderermsp.yaml\n      secretName: wallet\n      secretNamespace: default\n    OrdererMSP-sign:\n      secretKey: orderermspsign.yaml\n      secretName: wallet\n      secretNamespace: default\n    Org1MSP:\n      secretKey: org1msp.yaml\n      secretName: wallet\n      secretNamespace: default\n\n  ordererOrganizations:\n    - caName: \"ord-ca\"\n      caNamespace: \"default\"\n      externalOrderersToJoin:\n        - host: ord-node1.default\n          port: 7053\n        - host: ord-node2.default\n          port: 7053\n        - host: ord-node3.default\n          port: 7053\n        - host: ord-node4.default\n          port: 7053\n      mspID: OrdererMSP\n      ordererEndpoints:\n        - orderer0-ord.localho.st:443\n        - orderer1-ord.localho.st:443\n        - orderer2-ord.localho.st:443\n        - orderer3-ord.localho.st:443\n      orderersToJoin: []\n  orderers:\n    - host: orderer0-ord.localho.st\n      port: 443\n      tlsCert: |-\n${ORDERER0_TLS_CERT}\n    - host: orderer1-ord.localho.st\n      port: 443\n      tlsCert: |-\n${ORDERER1_TLS_CERT}\n    - host: orderer2-ord.localho.st\n      port: 443\n      tlsCert: |-\n${ORDERER2_TLS_CERT}\n    - host: orderer3-ord.localho.st\n      port: 443\n      tlsCert: |-\n${ORDERER3_TLS_CERT}\n\nEOF\n\n```\n\n## Join peer to the channel\n\n```bash\n\nexport IDENT_8=$(printf \"%8s\" \"\")\nexport ORDERER0_TLS_CERT=$(kubectl get fabricorderernodes ord-node1 -o=jsonpath='{.status.tlsCert}' | sed -e \"s/^/${IDENT_8}/\" )\n\nkubectl apply -f - \u003c\u003cEOF\napiVersion: hlf.kungfusoftware.es/v1alpha1\nkind: FabricFollowerChannel\nmetadata:\n  name: demo-org1msp\nspec:\n  anchorPeers:\n    - host: peer0-org1.localho.st\n      port: 443\n  hlfIdentity:\n    secretKey: org1msp.yaml\n    secretName: wallet\n    secretNamespace: default\n  mspId: Org1MSP\n  name: demo\n  externalPeersToJoin: []\n  orderers:\n    - certificate: |\n${ORDERER0_TLS_CERT}\n      url: grpcs://ord-node1.default:7050\n  peersToJoin:\n    - name: org1-peer0\n      namespace: default\nEOF\n\n\n```\n\n## Install a chaincode\n\n### Prepare connection string for a peer\n\nTo prepare the connection string, we have to:\n\n1. Get connection string without users for organization Org1MSP and OrdererMSP\n2. Register a user in the certification authority for signing (register)\n3. Obtain the certificates using the previously created user (enroll)\n4. Attach the user to the connection string\n\n1. Get connection string without users for organization Org1MSP and OrdererMSP\n\n\n```bash\nkubectl hlf inspect --output org1.yaml -o Org1MSP -o OrdererMSP\n```\n\n2. Register a user in the certification authority for signing\n```bash\nkubectl hlf ca register --name=org1-ca --user=admin --secret=adminpw --type=admin \\\n --enroll-id enroll --enroll-secret=enrollpw --mspid Org1MSP  \n```\n\n3. Get the certificates using the user created above\n```bash\nkubectl hlf ca enroll --name=org1-ca --user=admin --secret=adminpw --mspid Org1MSP \\\n        --ca-name ca  --output peer-org1.yaml\n```\n\n4. Attach the user to the connection string\n```bash\nkubectl hlf utils adduser --userPath=peer-org1.yaml --config=org1.yaml --username=admin --mspid=Org1MSP\n```\n\n\n### Create metadata file\n\n```bash\n# remove the code.tar.gz chaincode.tgz if they exist\nrm code.tar.gz chaincode.tgz\nexport CHAINCODE_NAME=asset\nexport CHAINCODE_LABEL=asset\ncat \u003c\u003c METADATA-EOF \u003e \"metadata.json\"\n{\n    \"type\": \"ccaas\",\n    \"label\": \"${CHAINCODE_LABEL}\"\n}\nMETADATA-EOF\n## chaincode as a service\n```\n\n### Prepare connection file\n\n```bash\ncat \u003e \"connection.json\" \u003c\u003cCONN_EOF\n{\n  \"address\": \"${CHAINCODE_NAME}:7052\",\n  \"dial_timeout\": \"10s\",\n  \"tls_required\": false\n}\nCONN_EOF\n\ntar cfz code.tar.gz connection.json\ntar cfz chaincode.tgz metadata.json code.tar.gz\nexport PACKAGE_ID=$(kubectl hlf chaincode calculatepackageid --path=chaincode.tgz --language=node --label=$CHAINCODE_LABEL)\necho \"PACKAGE_ID=$PACKAGE_ID\"\n\nkubectl hlf chaincode install --path=./chaincode.tgz \\\n    --config=org1.yaml --language=golang --label=$CHAINCODE_LABEL --user=admin --peer=org1-peer0.default\n\n```\n\n\n## Deploy chaincode container on cluster\nThe following command will create or update the CRD based on the packageID, chaincode name, and docker image.\n\n```bash\nkubectl hlf externalchaincode sync --image=kfsoftware/chaincode-external:latest \\\n    --name=$CHAINCODE_NAME \\\n    --namespace=default \\\n    --package-id=$PACKAGE_ID \\\n    --tls-required=false \\\n    --replicas=1\n```\n\n\n## Check installed chaincodes\n```bash\nkubectl hlf chaincode queryinstalled --config=org1.yaml --user=admin --peer=org1-peer0.default\n```\n\n## Approve chaincode\n```bash\nexport SEQUENCE=1\nexport VERSION=\"1.0\"\nkubectl hlf chaincode approveformyorg --config=org1.yaml --user=admin --peer=org1-peer0.default \\\n    --package-id=$PACKAGE_ID \\\n    --version \"$VERSION\" --sequence \"$SEQUENCE\" --name=asset \\\n    --policy=\"OR('Org1MSP.member')\" --channel=demo\n```\n\n## Commit chaincode\n```bash\nkubectl hlf chaincode commit --config=org1.yaml --user=admin --mspid=Org1MSP \\\n    --version \"$VERSION\" --sequence \"$SEQUENCE\" --name=asset \\\n    --policy=\"OR('Org1MSP.member')\" --channel=demo\n```\n\n\n## Invoke a transaction on the channel\n\n```bash\nkubectl hlf chaincode invoke --config=org1.yaml \\\n    --user=admin --peer=org1-peer0.default \\\n    --chaincode=asset --channel=demo \\\n    --fcn=initLedger -a '[]'\n```\n\n## Query assets in the channel\n\n```bash\nkubectl hlf chaincode query --config=org1.yaml \\\n    --user=admin --peer=org1-peer0.default \\\n    --chaincode=asset --channel=demo \\\n    --fcn=GetAllAssets -a '[]'\n```\n\n\nAt this point, you should have:\n\n- Ordering service with 1 nodes and a CA\n- Peer organization with a peer and a CA\n- A channel **demo**\n- A chaincode install in peer0\n- A chaincode approved and committed\n\nIf something went wrong or didn't work, please, open an issue.\n\n\n## Cleanup the environment\n\n```bash\nkubectl delete fabricorderernodes.hlf.kungfusoftware.es --all-namespaces --all\nkubectl delete fabricpeers.hlf.kungfusoftware.es --all-namespaces --all\nkubectl delete fabriccas.hlf.kungfusoftware.es --all-namespaces --all\nkubectl delete fabricchaincode.hlf.kungfusoftware.es --all-namespaces --all\nkubectl delete fabricmainchannels --all-namespaces --all\nkubectl delete fabricfollowerchannels --all-namespaces --all\n```\n\n## Troubleshooting\n\n### Chaincode installation/build error\n\nChaincode installation/build can fail due to unsupported local kubertenes version such as [minikube](https://github.com/kubernetes/minikube).\n\n```shell\n$ kubectl hlf chaincode install --path=./fixtures/chaincodes/fabcar/go \\\n        --config=org1.yaml --language=golang --label=fabcar --user=admin --peer=org1-peer0.default\n\nError: Transaction processing for endorser [192.168.49.2:31278]: Chaincode status Code: (500) UNKNOWN.\nDescription: failed to invoke backing implementation of 'InstallChaincode': could not build chaincode:\nexternal builder failed: external builder failed to build: external builder 'my-golang-builder' failed:\nexit status 1\n```\n\nIf your purpose is to test the hlf-operator please consider to switch to [kind](https://github.com/kubernetes-sigs/kind) that is tested and supported.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhyperledger-bevel%2Fbevel-operator-fabric","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhyperledger-bevel%2Fbevel-operator-fabric","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhyperledger-bevel%2Fbevel-operator-fabric/lists"}