fabric-samples/test-network-k8s/kube/org0/org0-orderer3.yaml

#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: org0-orderer3-tls-cert
  namespace: ${ORG0_NS}
spec:
  isCA: false
  privateKey:
    algorithm: ECDSA
    size: 256
  dnsNames:
    - localhost
    - org0-orderer3
    - org0-orderer3.${ORG0_NS}.svc.cluster.local
    - org0-orderer3.${DOMAIN}
    - org0-orderer3-admin.${DOMAIN}
  ipAddresses:
    - 127.0.0.1
  secretName: org0-orderer3-tls-cert
  issuerRef:
    name: org0-tls-cert-issuer

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: org0-orderer3-env
data:
  FABRIC_CFG_PATH: /var/hyperledger/fabric/config
  FABRIC_LOGGING_SPEC: INFO # debug:cauthdsl,policies,msp,common.configtx,common.channelconfig=info
  ORDERER_GENERAL_LISTENADDRESS: 0.0.0.0
  ORDERER_GENERAL_LISTENPORT: "6050"
  ORDERER_GENERAL_LOCALMSPID: OrdererMSP
  ORDERER_GENERAL_LOCALMSPDIR: /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/orderers/org0-orderer3.org0.example.com/msp
  ORDERER_GENERAL_TLS_ENABLED: "true"
  ORDERER_GENERAL_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt
  ORDERER_GENERAL_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
  ORDERER_GENERAL_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key
  ORDERER_GENERAL_BOOTSTRAPMETHOD: none
  ORDERER_CHANNELPARTICIPATION_ENABLED: "true"
  ORDERER_ADMIN_TLS_ENABLED: "true"
  ORDERER_ADMIN_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt
  ORDERER_ADMIN_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
  ORDERER_ADMIN_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key
  # Authenticate client connections with the org's ecert / admin user enrollments
  ORDERER_ADMIN_TLS_CLIENTROOTCAS: "[/var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/orderers/org0-orderer3.org0.example.com/msp/cacerts/org0-ca.pem]"
  ORDERER_FILELEDGER_LOCATION: /var/hyperledger/fabric/data/orderer3
  ORDERER_CONSENSUS_WALDIR: /var/hyperledger/fabric/data/orderer3/etcdraft/wal
  ORDERER_CONSENSUS_SNAPDIR: /var/hyperledger/fabric/data/orderer3/etcdraft/wal
  ORDERER_OPERATIONS_LISTENADDRESS: 0.0.0.0:8443
  ORDERER_ADMIN_LISTENADDRESS: 0.0.0.0:9443

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: org0-orderer3
spec:
  replicas: 1
  selector:
    matchLabels:
      app: org0-orderer3
  template:
    metadata:
      labels:
        app: org0-orderer3
    spec:
      containers:
        - name: main
          image: ${FABRIC_CONTAINER_REGISTRY}/fabric-orderer:${FABRIC_VERSION}
          imagePullPolicy: IfNotPresent
          envFrom:
            - configMapRef:
                name: org0-orderer3-env
          ports:
            - containerPort: 6050
            - containerPort: 8443
            - containerPort: 9443
          volumeMounts:
            - name: fabric-volume
              mountPath: /var/hyperledger
            - name: fabric-config
              mountPath: /var/hyperledger/fabric/config
            - name: tls-cert-volume
              mountPath: /var/hyperledger/fabric/config/tls
              readOnly: true
      volumes:
        - name: fabric-volume
          persistentVolumeClaim:
            claimName: fabric-org0
        - name: fabric-config
          configMap:
            name: org0-config
        - name: tls-cert-volume
          secret:
            secretName: org0-orderer3-tls-cert
---
apiVersion: v1
kind: Service
metadata:
  name: org0-orderer3
spec:
  ports:
    - name: general
      port: 6050
      protocol: TCP
    - name: operations
      port: 8443
      protocol: TCP
    - name: admin
      port: 9443
      protocol: TCP
  selector:
    app: org0-orderer3

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
  labels:
    app: org0-orderer3
  name: org0-orderer3
spec:
  ingressClassName: nginx
  rules:
    - host: org0-orderer3.${DOMAIN}
      http:
        paths:
          - backend:
              service:
                name: org0-orderer3
                port:
                  name: general
            path: /
            pathType: ImplementationSpecific
    - host: org0-orderer3-admin.${DOMAIN}
      http:
        paths:
          - backend:
              service:
                name: org0-orderer3
                port:
                  name: admin
            path: /
            pathType: ImplementationSpecific
  tls:
    - hosts:
        - org0-orderer3.${DOMAIN}
    - hosts:
        - org0-orderer3-admin.${DOMAIN}