epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-17 15:35:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix KIND cluster creation for test-network-k8s

Browse source 
This PR replaces deprecated containerd registry.mirrors configuration with
config_path mode and hosts.toml, required for containerd 2.x
(KIND v0.27.0+). The old configuration prevents the CRI plugin
from loading, causing kubelet to fail on startup.

Also, this fixes CA enrollment in create_node_local_MSP() to specify
port 443 explicitly, and other minor issues.

Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>
This commit is contained in:
Tatsuya Sato 2026-02-09 09:21:41 +00:00
parent 6fdd68b8a8
commit 1d3db2818d
2 changed files with 27 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
test-network-k8s/scripts/kind.sh
View file

@ -43,16 +43,32 @@ nodes:
#networking:
# kubeProxyMode: "ipvs"
# create a cluster with the local registry enabled in containerd
# Create a cluster with the local registry enabled in containerd.
# KIND v0.27.0+ uses containerd 2.x, which requires config_path mode
# instead of the deprecated registry.mirrors configuration.
# See: https://github.com/kubernetes-sigs/kind/releases/tag/v0.27.0
# See: https://github.com/containerd/containerd/blob/main/docs/hosts.md
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:${reg_port}"]
endpoint = ["http://${reg_name}:${reg_port}"]
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
EOF
# Configure registry for containerd 2.x using config_path mode
for node in $(kind get nodes --name $CLUSTER_NAME);
do
docker exec "$node" mkdir -p "/etc/containerd/certs.d/localhost:${reg_port}"
docker exec "$node" sh -c "cat > /etc/containerd/certs.d/localhost:${reg_port}/hosts.toml <<EOT
server = \"http://localhost:${reg_port}\"
[host.\"http://${reg_name}:${reg_port}\"]
capabilities = [\"pull\", \"resolve\", \"push\"]
EOT"
done
# workaround for https://github.com/hyperledger/fabric-samples/issues/550 - pods can not resolve external DNS
for node in $(kind get nodes);
for node in $(kind get nodes --name $CLUSTER_NAME);
do
docker exec "$node" sysctl net.ipv4.conf.all.route_localnet=1;
done

8
test-network-k8s/scripts/test_network.sh
View file

@ -74,11 +74,17 @@ function create_node_local_MSP() {
export FABRIC_CA_CLIENT_HOME=/var/hyperledger/fabric-ca-client
export FABRIC_CA_CLIENT_TLS_CERTFILES=/var/hyperledger/fabric/config/tls/ca.crt
# Enroll from inside the CA pod. Must specify port 443 explicitly.
# CA server listens on port 443, but fabric-ca-client defaults to 7054 when port is omitted in the URL.
fabric-ca-client enroll \
--url https://${id_name}:${id_secret}@${ca_name} \
--url https://${id_name}:${id_secret}@${ca_name}:443 \
--csr.hosts ${csr_hosts} \
--mspdir /var/hyperledger/fabric/organizations/${node_type}Organizations/${org}.example.com/${node_type}s/${id_name}.${org}.example.com/msp
# Copy CA cert to expected filename (fabric-ca-client saves it as <hostname>-<port>.pem)
cp /var/hyperledger/fabric/organizations/${node_type}Organizations/${org}.example.com/${node_type}s/${id_name}.${org}.example.com/msp/cacerts/*.pem \
/var/hyperledger/fabric/organizations/${node_type}Organizations/${org}.example.com/${node_type}s/${id_name}.${org}.example.com/msp/cacerts/${org}-ca.pem
# Create local MSP config.yaml
echo "NodeOUs:
Enable: true