test-network-k8s: Introduce initial support for BFT orderers (#1294)

This patch adds initial support for BFT orderers in the test-network-k8s.
When `TEST_NETWORK_ORDERER_TYPE` is set to `bft`, the network launches
four orderers configured with SmartBFT.

Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>

test-network-k8s/config/org0/bft/configtx-template.yaml

@@ -0,0 +1,358 @@
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+################################################################################
+#
+#   Section: Organizations
+#
+#   - This section defines the different organizational identities which will
+#   be referenced later in the configuration.
+#
+################################################################################
+Organizations:
+
+  # SampleOrg defines an MSP using the sampleconfig.  It should never be used
+  # in production but may be used as a template for other definitions
+  - &OrdererOrg
+    # DefaultOrg defines the organization which is used in the sampleconfig
+    # of the fabric.git development environment
+    Name: OrdererOrg
+
+    # ID to load the MSP definition as
+    ID: OrdererMSP
+
+    # MSPDir is the filesystem path which contains the MSP configuration
+    MSPDir: ./channel-msp/ordererOrganizations/org0/msp
+
+    # Policies defines the set of policies at this level of the config tree
+    # For organization policies, their canonical path is usually
+    #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
+    Policies:
+      Readers:
+        Type: Signature
+        Rule: "OR('OrdererMSP.member')"
+      Writers:
+        Type: Signature
+        Rule: "OR('OrdererMSP.member')"
+      Admins:
+        Type: Signature
+        Rule: "OR('OrdererMSP.admin')"
+
+    OrdererEndpoints:
+      - org0-orderer1.${ORG0_NS}.svc.cluster.local:6050
+      - org0-orderer2.${ORG0_NS}.svc.cluster.local:6050
+      - org0-orderer3.${ORG0_NS}.svc.cluster.local:6050
+      - org0-orderer4.${ORG0_NS}.svc.cluster.local:6050
+
+  - &Org1
+    # DefaultOrg defines the organization which is used in the sampleconfig
+    # of the fabric.git development environment
+    Name: Org1MSP
+
+    # ID to load the MSP definition as
+    ID: Org1MSP
+
+    MSPDir: ./channel-msp/peerOrganizations/org1/msp
+
+    # Policies defines the set of policies at this level of the config tree
+    # For organization policies, their canonical path is usually
+    #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
+    Policies:
+      Readers:
+        Type: Signature
+        Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
+      Writers:
+        Type: Signature
+        Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
+      Admins:
+        Type: Signature
+        Rule: "OR('Org1MSP.admin')"
+      Endorsement:
+        Type: Signature
+        Rule: "OR('Org1MSP.peer')"
+
+    # leave this flag set to true.
+    AnchorPeers:
+      # AnchorPeers defines the location of peers which can be used
+      # for cross org gossip communication.  Note, this value is only
+      # encoded in the genesis block in the Application section context
+      - Host: org1-peer1.${ORG1_NS}.svc.cluster.local
+        Port: 7051
+
+  - &Org2
+    # DefaultOrg defines the organization which is used in the sampleconfig
+    # of the fabric.git development environment
+    Name: Org2MSP
+
+    # ID to load the MSP definition as
+    ID: Org2MSP
+
+    MSPDir: ./channel-msp/peerOrganizations/org2/msp
+
+    # Policies defines the set of policies at this level of the config tree
+    # For organization policies, their canonical path is usually
+    #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
+    Policies:
+      Readers:
+        Type: Signature
+        Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
+      Writers:
+        Type: Signature
+        Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
+      Admins:
+        Type: Signature
+        Rule: "OR('Org2MSP.admin')"
+      Endorsement:
+        Type: Signature
+        Rule: "OR('Org2MSP.peer')"
+
+    AnchorPeers:
+      # AnchorPeers defines the location of peers which can be used
+      # for cross org gossip communication.  Note, this value is only
+      # encoded in the genesis block in the Application section context
+      - Host: org2-peer1.${ORG2_NS}.svc.cluster.local
+        Port: 7051
+
+################################################################################
+#
+#   SECTION: Capabilities
+#
+#   - This section defines the capabilities of fabric network. This is a new
+#   concept as of v1.1.0 and should not be utilized in mixed networks with
+#   v1.0.x peers and orderers.  Capabilities define features which must be
+#   present in a fabric binary for that binary to safely participate in the
+#   fabric network.  For instance, if a new MSP type is added, newer binaries
+#   might recognize and validate the signatures from this type, while older
+#   binaries without this support would be unable to validate those
+#   transactions.  This could lead to different versions of the fabric binaries
+#   having different world states.  Instead, defining a capability for a channel
+#   informs those binaries without this capability that they must cease
+#   processing transactions until they have been upgraded.  For v1.0.x if any
+#   capabilities are defined (including a map with all capabilities turned off)
+#   then the v1.0.x peer will deliberately crash.
+#
+################################################################################
+Capabilities:
+  # Channel capabilities apply to both the orderers and the peers and must be
+  # supported by both.
+  # Set the value of the capability to true to require it.
+  Channel: &ChannelCapabilities
+    # V3.0 for Channel is a catchall flag for behavior which has been
+    # determined to be desired for all orderers and peers running at the v3.0.0
+    # level, but which would be incompatible with orderers and peers from
+    # prior releases.
+    # Prior to enabling V3.0 channel capabilities, ensure that all
+    # orderers and peers on a channel are at v3.0.0 or later.
+    V3_0: true
+
+  # Orderer capabilities apply only to the orderers, and may be safely
+  # used with prior release peers.
+  # Set the value of the capability to true to require it.
+  Orderer: &OrdererCapabilities
+    # V2_0 orderer capability ensures that orderers behave according
+    # to v2.0 orderer capabilities. Orderers from
+    # prior releases would behave in an incompatible way, and are therefore
+    # not able to participate in channels at v2.0 orderer capability.
+    # Prior to enabling V2.0 orderer capabilities, ensure that all
+    # orderers on channel are at v2.0.0 or later.
+    V2_0: true
+
+  # Application capabilities apply only to the peer network, and may be safely
+  # used with prior release orderers.
+  # Set the value of the capability to true to require it.
+  Application: &ApplicationCapabilities
+    # V2_0 application capability ensures that peers behave according
+    # to v2.0 application capabilities. Peers from
+    # prior releases would behave in an incompatible way, and are therefore
+    # not able to participate in channels at v2.0 application capability.
+    # Prior to enabling V2.0 application capabilities, ensure that all
+    # peers on channel are at v2.0.0 or later.
+    V2_5: true
+
+################################################################################
+#
+#   SECTION: Application
+#
+#   - This section defines the values to encode into a config transaction or
+#   genesis block for application related parameters
+#
+################################################################################
+Application: &ApplicationDefaults
+
+  # Organizations is the list of orgs which are defined as participants on
+  # the application side of the network
+  Organizations:
+
+  # Policies defines the set of policies at this level of the config tree
+  # For Application policies, their canonical path is
+  #   /Channel/Application/<PolicyName>
+  Policies:
+    Readers:
+      Type: ImplicitMeta
+      Rule: "ANY Readers"
+    Writers:
+      Type: ImplicitMeta
+      Rule: "ANY Writers"
+    Admins:
+      Type: ImplicitMeta
+      Rule: "MAJORITY Admins"
+    LifecycleEndorsement:
+      Type: Signature
+      Rule: "OR('Org1MSP.peer','Org2MSP.peer')"
+    Endorsement:
+      Type: Signature
+      Rule: "OR('Org1MSP.peer','Org2MSP.peer')"
+
+  Capabilities:
+    <<: *ApplicationCapabilities
+################################################################################
+#
+#   SECTION: Orderer
+#
+#   - This section defines the values to encode into a config transaction or
+#   genesis block for orderer related parameters
+#
+################################################################################
+Orderer: &OrdererDefaults
+  # Batch Timeout: The amount of time to wait before creating a batch
+  BatchTimeout: 2s
+
+  # Batch Size: Controls the number of messages batched into a block
+  BatchSize:
+
+    # Max Message Count: The maximum number of messages to permit in a batch
+    MaxMessageCount: 10
+
+    # Absolute Max Bytes: The absolute maximum number of bytes allowed for
+    # the serialized messages in a batch.
+    AbsoluteMaxBytes: 99 MB
+
+    # Preferred Max Bytes: The preferred maximum number of bytes allowed for
+    # the serialized messages in a batch. A message larger than the preferred
+    # max bytes will result in a batch larger than preferred max bytes.
+    PreferredMaxBytes: 512 KB
+
+  # Organizations is the list of orgs which are defined as participants on
+  # the orderer side of the network
+  Organizations:
+
+  # Policies defines the set of policies at this level of the config tree
+  # For Orderer policies, their canonical path is
+  #   /Channel/Orderer/<PolicyName>
+  Policies:
+    Readers:
+      Type: ImplicitMeta
+      Rule: "ANY Readers"
+    Writers:
+      Type: ImplicitMeta
+      Rule: "ANY Writers"
+    Admins:
+      Type: ImplicitMeta
+      Rule: "MAJORITY Admins"
+    # BlockValidation specifies what signatures must be included in the block
+    # from the orderer for the peer to validate it.
+    BlockValidation:
+      Type: ImplicitMeta
+      Rule: "ANY Writers"
+
+################################################################################
+#
+#   CHANNEL
+#
+#   This section defines the values to encode into a config transaction or
+#   genesis block for channel related parameters.
+#
+################################################################################
+Channel: &ChannelDefaults
+  # Policies defines the set of policies at this level of the config tree
+  # For Channel policies, their canonical path is
+  #   /Channel/<PolicyName>
+  Policies:
+    # Who may invoke the 'Deliver' API
+    Readers:
+      Type: ImplicitMeta
+      Rule: "ANY Readers"
+    # Who may invoke the 'Broadcast' API
+    Writers:
+      Type: ImplicitMeta
+      Rule: "ANY Writers"
+    # By default, who may modify elements at this config level
+    Admins:
+      Type: ImplicitMeta
+      Rule: "MAJORITY Admins"
+
+  # Capabilities describes the channel level capabilities, see the
+  # dedicated Capabilities section elsewhere in this file for a full
+  # description
+  Capabilities:
+    <<: *ChannelCapabilities
+
+################################################################################
+#
+#   Profile
+#
+#   - Different configuration profiles may be encoded here to be specified
+#   as parameters to the configtxgen tool
+#
+################################################################################
+Profiles:
+  ChannelUsingBFT:
+    <<: *ChannelDefaults
+    Orderer:
+      <<: *OrdererDefaults
+      Organizations:
+        - *OrdererOrg
+      Capabilities: *OrdererCapabilities
+      OrdererType: BFT
+      SmartBFT:
+        RequestBatchMaxCount: 100
+        RequestBatchMaxInterval: 50ms
+        RequestForwardTimeout: 2s
+        RequestComplainTimeout: 20s
+        RequestAutoRemoveTimeout: 3m0s
+        ViewChangeResendInterval: 5s
+        ViewChangeTimeout: 20s
+        LeaderHeartbeatTimeout: 1m0s
+        CollectTimeout: 1s
+        RequestBatchMaxBytes: 10485760
+        IncomingMessageBufferSize: 200
+        RequestPoolSize: 100000
+        LeaderHeartbeatCount: 10
+      ConsenterMapping:
+        - ID: 1
+          Host: org0-orderer1
+          Port: 6050
+          MSPID: OrdererMSP
+          Identity: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/cert.pem
+          ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
+          ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
+        - ID: 2
+          Host: org0-orderer2
+          Port: 6050
+          MSPID: OrdererMSP
+          Identity: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/cert.pem
+          ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
+          ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
+        - ID: 3
+          Host: org0-orderer3
+          Port: 6050
+          MSPID: OrdererMSP
+          Identity: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/cert.pem
+          ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
+          ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
+        - ID: 4
+          Host: org0-orderer4
+          Port: 6050
+          MSPID: OrdererMSP
+          Identity: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer4/cert.pem
+          ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer4/tls/signcerts/tls-cert.pem
+          ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer4/tls/signcerts/tls-cert.pem
+    Application:
+      <<: *ApplicationDefaults
+      Organizations:
+        - *Org1
+        - *Org2
+      Capabilities: *ApplicationCapabilities

test-network-k8s/config/org0/configtx-template.yaml

@@ -169,7 +169,7 @@ Capabilities:
     # not able to participate in channels at v2.0 application capability.
     # Prior to enabling V2.0 application capabilities, ensure that all
     # peers on channel are at v2.0.0 or later.
-    V2_0: true
+    V2_5: true
 
 ################################################################################
 #

test-network-k8s/kube/org0/org0-orderer4.yaml

@@ -0,0 +1,160 @@
+#
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: org0-orderer4-tls-cert
+  namespace: ${ORG0_NS}
+spec:
+  isCA: false
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  dnsNames:
+    - localhost
+    - org0-orderer4
+    - org0-orderer4.${ORG0_NS}.svc.cluster.local
+    - org0-orderer4.${DOMAIN}
+    - org0-orderer4-admin.${DOMAIN}
+  ipAddresses:
+    - 127.0.0.1
+  secretName: org0-orderer4-tls-cert
+  issuerRef:
+    name: org0-tls-cert-issuer
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: org0-orderer4-env
+data:
+  FABRIC_CFG_PATH: /var/hyperledger/fabric/config
+  FABRIC_LOGGING_SPEC: INFO # debug:cauthdsl,policies,msp,common.configtx,common.channelconfig=info
+  ORDERER_GENERAL_LISTENADDRESS: 0.0.0.0
+  ORDERER_GENERAL_LISTENPORT: "6050"
+  ORDERER_GENERAL_LOCALMSPID: OrdererMSP
+  ORDERER_GENERAL_LOCALMSPDIR: /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/orderers/org0-orderer4.org0.example.com/msp
+  ORDERER_GENERAL_TLS_ENABLED: "true"
+  ORDERER_GENERAL_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt
+  ORDERER_GENERAL_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
+  ORDERER_GENERAL_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key
+  ORDERER_GENERAL_BOOTSTRAPMETHOD: none
+  ORDERER_CHANNELPARTICIPATION_ENABLED: "true"
+  ORDERER_ADMIN_TLS_ENABLED: "true"
+  ORDERER_ADMIN_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt
+  ORDERER_ADMIN_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
+  ORDERER_ADMIN_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key
+  # Authenticate client connections with the org's ecert / admin user enrollments
+  ORDERER_ADMIN_TLS_CLIENTROOTCAS: "[/var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/orderers/org0-orderer4.org0.example.com/msp/cacerts/org0-ca.pem]"
+  ORDERER_FILELEDGER_LOCATION: /var/hyperledger/fabric/data/orderer4
+  ORDERER_CONSENSUS_WALDIR: /var/hyperledger/fabric/data/orderer4/etcdraft/wal
+  ORDERER_CONSENSUS_SNAPDIR: /var/hyperledger/fabric/data/orderer4/etcdraft/wal
+  ORDERER_OPERATIONS_LISTENADDRESS: 0.0.0.0:8443
+  ORDERER_ADMIN_LISTENADDRESS: 0.0.0.0:9443
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: org0-orderer4
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: org0-orderer4
+  template:
+    metadata:
+      labels:
+        app: org0-orderer4
+    spec:
+      containers:
+        - name: main
+          image: ${FABRIC_CONTAINER_REGISTRY}/fabric-orderer:${FABRIC_VERSION}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: org0-orderer4-env
+          ports:
+            - containerPort: 6050
+            - containerPort: 8443
+            - containerPort: 9443
+          volumeMounts:
+            - name: fabric-volume
+              mountPath: /var/hyperledger
+            - name: fabric-config
+              mountPath: /var/hyperledger/fabric/config
+            - name: tls-cert-volume
+              mountPath: /var/hyperledger/fabric/config/tls
+              readOnly: true
+      volumes:
+        - name: fabric-volume
+          persistentVolumeClaim:
+            claimName: fabric-org0
+        - name: fabric-config
+          configMap:
+            name: org0-config
+        - name: tls-cert-volume
+          secret:
+            secretName: org0-orderer4-tls-cert
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: org0-orderer4
+spec:
+  ports:
+    - name: general
+      port: 6050
+      protocol: TCP
+    - name: operations
+      port: 8443
+      protocol: TCP
+    - name: admin
+      port: 9443
+      protocol: TCP
+  selector:
+    app: org0-orderer4
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+  labels:
+    app: org0-orderer4
+  name: org0-orderer4
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: org0-orderer4.${DOMAIN}
+      http:
+        paths:
+          - backend:
+              service:
+                name: org0-orderer4
+                port:
+                  name: general
+            path: /
+            pathType: ImplementationSpecific
+    - host: org0-orderer4-admin.${DOMAIN}
+      http:
+        paths:
+          - backend:
+              service:
+                name: org0-orderer4
+                port:
+                  name: admin
+            path: /
+            pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - org0-orderer4.${DOMAIN}
+    - hosts:
+        - org0-orderer4-admin.${DOMAIN}

test-network-k8s/network

@@ -47,6 +47,7 @@ context ORG1_NS                       ${NS}
 context ORG2_NS                       ${NS}
 context DOMAIN                        localho.st
 context CHANNEL_NAME                  mychannel
+context ORDERER_TYPE                  raft                  # or bft for BFT Orderer (for Fabric v3.0+)
 context ORDERER_TIMEOUT               10s                   # see https://github.com/hyperledger/fabric/issues/3372
 context TEMP_DIR                      ${PWD}/build
 context CHAINCODE_BUILDER             ccaas                 # see https://github.com/hyperledgendary/fabric-builder-k8s/blob/main/docs/TEST_NETWORK_K8S.md
@@ -77,6 +78,7 @@ function print_help() {
   log "Network name       \t\t: ${NETWORK_NAME}"
   log "Ingress domain     \t\t: ${DOMAIN}"
   log "Channel name       \t\t: ${CHANNEL_NAME}"
+  log "Orderer type       \t\t: ${ORDERER_TYPE}"
   log
   log "--- Cluster Information"
   log "Cluster runtime      \t: ${CLUSTER_RUNTIME}"

test-network-k8s/scripts/channel.sh

@@ -150,9 +150,12 @@ function create_channel_MSP() {
   create_channel_org_MSP org1 peer $ORG1_NS
   create_channel_org_MSP org2 peer $ORG2_NS
 
-  extract_orderer_tls_cert org0 orderer1
+  extract_orderer_cert org0 orderer1
-  extract_orderer_tls_cert org0 orderer2
+  extract_orderer_cert org0 orderer2
-  extract_orderer_tls_cert org0 orderer3
+  extract_orderer_cert org0 orderer3
+  if  [ "${ORDERER_TYPE}" == "bft" ]; then
+      extract_orderer_cert org0 orderer4
+  fi
 
   pop_fn
 }
@@ -185,13 +188,13 @@ function create_channel_org_MSP() {
   create_msp_config_yaml ${ca_name} ca-signcert.pem ${ORG_MSP_DIR}
 }
 
-# Extract an orderer's TLS signing certificate for inclusion in the channel config block
+# Extract an orderer's signing certificate for inclusion in the channel config block
-function extract_orderer_tls_cert() {
+function extract_orderer_cert() {
   local org=$1
   local orderer=$2
   local ns=$ORG0_NS
 
-  echo "Extracting TLS cert for $org $orderer"
+  echo "Extracting cert for $org $orderer"
 
   ORDERER_TLS_DIR=${TEMP_DIR}/channel-msp/ordererOrganizations/${org}/orderers/${org}-${orderer}/tls
   mkdir -p $ORDERER_TLS_DIR/signcerts
@@ -200,14 +203,33 @@ function extract_orderer_tls_cert() {
     | jq -r .data.\"tls.crt\" \
     | base64 -d \
     > ${ORDERER_TLS_DIR}/signcerts/tls-cert.pem
+
+  # For the orderer type is BFT, retrieve the enrollment certificate from the pod
+  POD_NAME=$(kubectl -n $ns get pods -l app=${org}-${orderer} -o jsonpath="{.items[0].metadata.name}")
+  # - Check if the pod exists before proceeding
+  if [ -z "$POD_NAME" ]; then
+    fatalln "Error: No Pod found with label app=${org}-${orderer} in namespace $ns"
+  fi
+  # - Copy the enrollment certificate from the pod to the local machine
+  kubectl -n $ns cp ${POD_NAME}:var/hyperledger/fabric/organizations/ordererOrganizations/${org}.example.com/orderers/${org}-${orderer}.${org}.example.com/msp/signcerts/cert.pem ${TEMP_DIR}/channel-msp/ordererOrganizations/${org}/orderers/${org}-${orderer}/cert.pem
 }
 
 function create_genesis_block() {
   push_fn "Creating channel genesis block"
+
+  # Define the default channel configtx and profile
+  local profile="TwoOrgsApplicationGenesis"
   cat ${PWD}/config/org0/configtx-template.yaml | envsubst > ${TEMP_DIR}/configtx.yaml
+
+  # Overwrite configtx and profile for bft orderer
+  if  [ "${ORDERER_TYPE}" == "bft" ]; then
+    cat ${PWD}/config/org0/bft/configtx-template.yaml | envsubst > ${TEMP_DIR}/configtx.yaml
+    profile="ChannelUsingBFT"
+  fi
+
   FABRIC_CFG_PATH=${TEMP_DIR} \
     configtxgen \
-      -profile      TwoOrgsApplicationGenesis \
+      -profile      $profile \
       -channelID    $CHANNEL_NAME \
       -outputBlock  ${TEMP_DIR}/genesis_block.pb
 
@@ -222,6 +244,9 @@ function join_channel_orderers() {
   join_channel_orderer org0 orderer1
   join_channel_orderer org0 orderer2
   join_channel_orderer org0 orderer3
+  if  [ "${ORDERER_TYPE}" == "bft" ]; then
+    join_channel_orderer org0 orderer4
+  fi
 
   # todo: readiness / liveiness equivalent for channel?  Needs a little bit to settle before peers can join.
   sleep 10

test-network-k8s/scripts/test_network.sh

@@ -16,6 +16,11 @@ function launch_orderers() {
   kubectl -n $ORG0_NS rollout status deploy/org0-orderer2
   kubectl -n $ORG0_NS rollout status deploy/org0-orderer3
 
+  if  [ "${ORDERER_TYPE}" == "bft" ]; then
+    apply_template kube/org0/org0-orderer4.yaml $ORG0_NS
+    kubectl -n $ORG0_NS rollout status deploy/org0-orderer4
+  fi
+
   pop_fn
 }
 
@@ -115,6 +120,9 @@ function create_local_MSP() {
   create_orderer_local_MSP org0 orderer1
   create_orderer_local_MSP org0 orderer2
   create_orderer_local_MSP org0 orderer3
+  if  [ "${ORDERER_TYPE}" == "bft" ]; then
+    create_orderer_local_MSP org0 orderer4
+  fi
 
   create_peer_local_MSP org1 peer1 $ORG1_NS
   create_peer_local_MSP org1 peer2 $ORG1_NS