https://github.com/kompitech/hyperledger-fabric-operator

Hyperledger Fabric Kubernetes operator - scale and automate management of Hyperledger Fabric blockchain infrastructure
https://github.com/kompitech/hyperledger-fabric-operator

Last synced: 4 months ago
JSON representation

Hyperledger Fabric Kubernetes operator - scale and automate management of Hyperledger Fabric blockchain infrastructure

• Host: GitHub
• URL: https://github.com/kompitech/hyperledger-fabric-operator
• Owner: KompiTech
• License: apache-2.0
• Created: 2018-11-16T11:50:42.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2021-10-14T12:09:34.000Z (over 4 years ago)
• Last Synced: 2025-04-02T06:35:32.772Z (10 months ago)
• Language: Go
• Homepage: https://blockchain.kompitech.com/
• Size: 419 KB
• Stars: 27
• Watchers: 12
• Forks: 10
• Open Issues: 7
• Metadata Files:
  • Readme: README.rst
  • License: LICENSE

Awesome Lists containing this project

README

          
.. image:: docs/img/operator.jpg

===========================

Hyperledger Fabric Operator

===========================

**NOTE: This project is in pre-alpha**

Kubernetes operator for hyperledger fabric. This project is using Kubernetes Custom Resource Definition

(more information https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)

to manage Fabric Peers and Orderers in Kubernetes.

Installation

------------

CRD needs to be applied into the k8s cluster first.

.. code:: bash

    kubectl apply -f deploy/crds/

Operator deployment with RBAC

.. code:: bash

    kubectl apply -f deploy/rbac.yaml

    kubectl apply -f deploy/operator.yaml

User guide

----------

Pre-requirements:

=================

Currently Hyperledger Fabric Operator support only one use case which requires that Kubernetes has

deployed HashiCorp Vault, Istio and CoreDNS.

HashiCorp Vault is used for issuing signing certificate and key which are used in MSP for peers and orderers. TLS certificate and key is also issued from Vault. Currenly there is init

container which is using Vault Kubernetes Auth. Operator requires that HashiCorp Vault is properly configured. (https://www.vaultproject.io/docs/auth/kubernetes.html).

PKI in Vault should be configured with roles MSP and TLS.

Vault auth url is format `"$VAULT_ADDRESS"/v1/auth/kubernetes-"$REGION_NAME"/login`. Vault address could be changed via env variable OPERATOR_VAULT_ADDRESS in operator manifest.

You can use annotation in peer and orderer resources to define REGION_NAME.

.. code:: yaml

    apiVersion: hl-fabric.kompitech.com/v1alpha1

    kind: FabricPeer

    metadata:

    name: peer1

    namespace: 2657db63-8a32-41c6-814c-6fa3d21c4731

    annotations:

      region: Region1

Istio is needed because operator will create by default Ingress for created services.

Operator will also try to write dns record into Etcd. This etcd is backend for CoreDNS. Etcd address is currently staticly set to `etcd-client.etcd:2379`.

Cleanup

-------

If you want to delete all resources after you are done.

.. code:: bash

    kubectl delete -f deploy/operator.yaml

    kubectl delete -f deploy/rbac.yaml

    kubectl delete -f deploy/crds