# # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: org0-orderer4-tls-cert namespace: ${ORG0_NS} spec: isCA: false privateKey: algorithm: ECDSA size: 256 dnsNames: - localhost - org0-orderer4 - org0-orderer4.${ORG0_NS}.svc.cluster.local - org0-orderer4.${DOMAIN} - org0-orderer4-admin.${DOMAIN} ipAddresses: - 127.0.0.1 secretName: org0-orderer4-tls-cert issuerRef: name: org0-tls-cert-issuer --- apiVersion: v1 kind: ConfigMap metadata: name: org0-orderer4-env data: FABRIC_CFG_PATH: /var/hyperledger/fabric/config FABRIC_LOGGING_SPEC: INFO # debug:cauthdsl,policies,msp,common.configtx,common.channelconfig=info ORDERER_GENERAL_LISTENADDRESS: 0.0.0.0 ORDERER_GENERAL_LISTENPORT: "6050" ORDERER_GENERAL_LOCALMSPID: OrdererMSP ORDERER_GENERAL_LOCALMSPDIR: /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/orderers/org0-orderer4.org0.example.com/msp ORDERER_GENERAL_TLS_ENABLED: "true" ORDERER_GENERAL_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt ORDERER_GENERAL_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt ORDERER_GENERAL_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key ORDERER_GENERAL_BOOTSTRAPMETHOD: none ORDERER_CHANNELPARTICIPATION_ENABLED: "true" ORDERER_ADMIN_TLS_ENABLED: "true" ORDERER_ADMIN_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt ORDERER_ADMIN_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt ORDERER_ADMIN_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key # Authenticate client connections with the org's ecert / admin user enrollments ORDERER_ADMIN_TLS_CLIENTROOTCAS: "[/var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/orderers/org0-orderer4.org0.example.com/msp/cacerts/org0-ca.pem]" ORDERER_FILELEDGER_LOCATION: /var/hyperledger/fabric/data/orderer4 ORDERER_CONSENSUS_WALDIR: /var/hyperledger/fabric/data/orderer4/etcdraft/wal ORDERER_CONSENSUS_SNAPDIR: /var/hyperledger/fabric/data/orderer4/etcdraft/wal ORDERER_OPERATIONS_LISTENADDRESS: 0.0.0.0:8443 ORDERER_ADMIN_LISTENADDRESS: 0.0.0.0:9443 --- apiVersion: apps/v1 kind: Deployment metadata: name: org0-orderer4 spec: replicas: 1 selector: matchLabels: app: org0-orderer4 template: metadata: labels: app: org0-orderer4 spec: containers: - name: main image: ${FABRIC_CONTAINER_REGISTRY}/fabric-orderer:${FABRIC_VERSION} imagePullPolicy: IfNotPresent envFrom: - configMapRef: name: org0-orderer4-env ports: - containerPort: 6050 - containerPort: 8443 - containerPort: 9443 volumeMounts: - name: fabric-volume mountPath: /var/hyperledger - name: fabric-config mountPath: /var/hyperledger/fabric/config - name: tls-cert-volume mountPath: /var/hyperledger/fabric/config/tls readOnly: true volumes: - name: fabric-volume persistentVolumeClaim: claimName: fabric-org0 - name: fabric-config configMap: name: org0-config - name: tls-cert-volume secret: secretName: org0-orderer4-tls-cert --- apiVersion: v1 kind: Service metadata: name: org0-orderer4 spec: ports: - name: general port: 6050 protocol: TCP - name: operations port: 8443 protocol: TCP - name: admin port: 9443 protocol: TCP selector: app: org0-orderer4 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s nginx.ingress.kubernetes.io/ssl-passthrough: "true" labels: app: org0-orderer4 name: org0-orderer4 spec: ingressClassName: nginx rules: - host: org0-orderer4.${DOMAIN} http: paths: - backend: service: name: org0-orderer4 port: name: general path: / pathType: ImplementationSpecific - host: org0-orderer4-admin.${DOMAIN} http: paths: - backend: service: name: org0-orderer4 port: name: admin path: / pathType: ImplementationSpecific tls: - hosts: - org0-orderer4.${DOMAIN} - hosts: - org0-orderer4-admin.${DOMAIN}