From 632383900a2e8798888987d2e2a37a3ae9f5a9a9 Mon Sep 17 00:00:00 2001 From: Josh Kneubuhl Date: Thu, 20 Jan 2022 11:30:03 -0500 Subject: [PATCH] Create a channel with TLS certs generated by cert-manager Signed-off-by: Josh Kneubuhl --- test-network-k8s/kube/org0/org0-orderer2.yaml | 2 +- test-network-k8s/kube/org0/org0-orderer3.yaml | 2 +- test-network-k8s/scripts/channel.sh | 8 +++--- test-network-k8s/scripts/test_network.sh | 28 +++++++++++++++++++ 4 files changed, 34 insertions(+), 6 deletions(-) diff --git a/test-network-k8s/kube/org0/org0-orderer2.yaml b/test-network-k8s/kube/org0/org0-orderer2.yaml index 5fe71252..611f22b7 100644 --- a/test-network-k8s/kube/org0/org0-orderer2.yaml +++ b/test-network-k8s/kube/org0/org0-orderer2.yaml @@ -90,7 +90,7 @@ spec: name: org0-config - name: tls-cert-volume secret: - secretName: org0-orderer1-tls-cert + secretName: org0-orderer2-tls-cert --- apiVersion: v1 kind: Service diff --git a/test-network-k8s/kube/org0/org0-orderer3.yaml b/test-network-k8s/kube/org0/org0-orderer3.yaml index e5133fa1..3981a9ed 100644 --- a/test-network-k8s/kube/org0/org0-orderer3.yaml +++ b/test-network-k8s/kube/org0/org0-orderer3.yaml @@ -90,7 +90,7 @@ spec: name: org0-config - name: tls-cert-volume secret: - secretName: org0-orderer2-tls-cert + secretName: org0-orderer3-tls-cert --- apiVersion: v1 kind: Service diff --git a/test-network-k8s/scripts/channel.sh b/test-network-k8s/scripts/channel.sh index bad4255d..7ebc5435 100755 --- a/test-network-k8s/scripts/channel.sh +++ b/test-network-k8s/scripts/channel.sh @@ -16,12 +16,12 @@ function create_channel_org_MSP() { cp \ $FABRIC_CA_CLIENT_HOME/'${ecert_ca}'/rcaadmin/msp/cacerts/'${ecert_ca}'.pem \ /var/hyperledger/fabric/organizations/'${org_type}'Organizations/'${org}'.example.com/msp/cacerts - + mkdir -p /var/hyperledger/fabric/organizations/'${org_type}'Organizations/'${org}'.example.com/msp/tlscacerts cp \ - $FABRIC_CA_CLIENT_HOME/tls-ca/tlsadmin/msp/cacerts/'${org}'-tls-ca.pem \ - /var/hyperledger/fabric/organizations/'${org_type}'Organizations/'${org}'.example.com/msp/tlscacerts - + /var/hyperledger/fabric-ca-server/tls/ca.crt \ + /var/hyperledger/fabric/organizations/'${org_type}'Organizations/'${org}'.example.com/msp/tlscacerts/'${org}'-tls-ca.pem + echo "NodeOUs: Enable: true ClientOUIdentifier: diff --git a/test-network-k8s/scripts/test_network.sh b/test-network-k8s/scripts/test_network.sh index db5295bc..276299ad 100755 --- a/test-network-k8s/scripts/test_network.sh +++ b/test-network-k8s/scripts/test_network.sh @@ -170,6 +170,30 @@ function create_local_MSP() { pop_fn } +function extract_orderer_tls_cert() { + local orderer=$1 + + echo 'set -x + + mkdir -p /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/orderers/'${orderer}'.org0.example.com/tls/signcerts/ + + cp \ + var/hyperledger/fabric-ca-server/tls/tls.crt \ + /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/orderers/'${orderer}'.org0.example.com/tls/signcerts/cert.pem + + ' | exec kubectl -n $NS exec deploy/${orderer} -i -c main -- /bin/sh +} + +function extract_orderer_tls_certs() { + push_fn "Extracting orderer TLS certs to local MSP folder" + + extract_orderer_tls_cert org0-orderer1 + extract_orderer_tls_cert org0-orderer2 + extract_orderer_tls_cert org0-orderer3 + + pop_fn +} + function network_up() { # Kube config @@ -191,6 +215,8 @@ function network_up() { launch_orderers launch_peers + + extract_orderer_tls_certs } function stop_services() { @@ -205,6 +231,8 @@ function stop_services() { kubectl -n $NS delete pod --all kubectl -n $NS delete service --all kubectl -n $NS delete configmap --all + kubectl -n $NS delete cert --all + kubectl -n $NS delete issuer --all kubectl -n $NS delete secret --all pop_fn