CA certs should be created when creating Admin MSP

.gitignore

@@ -107,3 +107,7 @@ venv.bak/
 .envrc
 .idea
 
+# Examples
+genesis.block
+*channel.tx
+*MSP

examples/dev/config/configtx.yaml

@@ -0,0 +1,134 @@
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+################################################################################
+#
+#   Section: Organizations
+#
+#   - This section defines the different organizational identities which will
+#   be referenced later in the configuration.
+#
+################################################################################
+Organizations:
+
+    # Organisation controlling Orderers
+    - &OrdererOrg
+        # DefaultOrg defines the organization which is used in the sampleconfig
+        # of the fabric.git development environment
+        Name: OrdererOrg
+
+        # ID to load the MSP definition as
+        ID: OrdererMSP
+
+        # MSPDir is the filesystem path which contains the MSP configuration
+        MSPDir: ./OrdererMSP
+
+        # turn off security for the channel
+        AdminPrincipal: Role.MEMBER
+
+    # Organisation controlling Peers
+    - &PeerOrg
+        Name: PeerOrg
+
+        # ID to load the MSP definition as
+        ID: PeerMSP
+
+        MSPDir: ./PeerMSP
+
+        # turn off security for the peer
+        AdminPrincipal: Role.MEMBER
+
+        AnchorPeers:
+            # AnchorPeers defines the location of peers that can be used
+            # for cross org gossip communication.  Note, this value is only
+            # encoded in the genesis block in the Application section context
+            - Host: peer1-hlf-peer.peers.svc.cluster.local
+              Port: 7051
+
+################################################################################
+#
+#   SECTION: Orderer
+#
+#   - This section defines the values to encode into a config transaction or
+#   genesis block for orderer related parameters
+#
+################################################################################
+Orderer: &OrdererDefaults
+
+    # Orderer Type: The orderer implementation to start
+    # Available types are "solo" and "kafka"
+    OrdererType: solo
+
+    Addresses:
+        - ord1-hlf-ord.orderers.svc.cluster.local:7050
+
+    # Batch Timeout: The amount of time to wait before creating a batch
+    BatchTimeout: 2s
+
+    # Batch Size: Controls the number of messages batched into a block
+    BatchSize:
+
+        # Max Message Count: The maximum number of messages to permit in a batch
+        MaxMessageCount: 10
+
+        # Absolute Max Bytes: The absolute maximum number of bytes allowed for
+        # the serialized messages in a batch.
+        AbsoluteMaxBytes: 98 MB
+
+        # Preferred Max Bytes: The preferred maximum number of bytes allowed for
+        # the serialized messages in a batch. A message larger than the preferred
+        # max bytes will result in a batch larger than preferred max bytes.
+        PreferredMaxBytes: 512 KB
+
+    Kafka:
+        # Brokers: A list of Kafka brokers to which the orderer connects
+        # If using K8S, we specify the service exposing the brokers
+        # NOTE: Use Address/IP:port notation
+        Brokers:
+            - kafka-hlf.orderers.svc.cluster.local:9092
+
+    # Organizations is the list of orgs which are defined as participants on
+    # the orderer side of the network
+    Organizations:
+
+################################################################################
+#
+#   SECTION: Application
+#
+#   - This section defines the values to encode into a config transaction or
+#   genesis block for application related parameters
+#
+################################################################################
+Application: &ApplicationDefaults
+
+    # Organizations is the list of orgs which are defined as participants on
+    # the application side of the network
+    Organizations:
+
+################################################################################
+#
+#   Profile
+#
+#   - Different configuration profiles may be encoded here to be specified
+#   as parameters to the configtxgen tool
+#
+################################################################################
+Profiles:
+
+    OrdererGenesis:
+        Orderer:
+            <<: *OrdererDefaults
+            Organizations:
+                - *OrdererOrg
+        Consortiums:
+            MyConsortium:
+                Organizations:
+                    - *PeerOrg
+    MyChannel:
+        Consortium: MyConsortium
+        Application:
+            <<: *ApplicationDefaults
+            Organizations:
+                - *PeerOrg

examples/dev/config/fabric-ca-client-config.yaml

@@ -0,0 +1,159 @@
+
+#############################################################################
+#   This is a configuration file for the fabric-ca-client command.
+#
+#   COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
+#   ------------------------------------------------
+#   Each configuration element can be overridden via command line
+#   arguments or environment variables.  The precedence for determining
+#   the value of each element is as follows:
+#   1) command line argument
+#      Examples:
+#      a) --url https://localhost:7054
+#         To set the fabric-ca server url
+#      b) --tls.client.certfile certfile.pem
+#         To set the client certificate for TLS
+#   2) environment variable
+#      Examples:
+#      a) FABRIC_CA_CLIENT_URL=https://localhost:7054
+#         To set the fabric-ca server url
+#      b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
+#         To set the client certificate for TLS
+#   3) configuration file
+#   4) default value (if there is one)
+#      All default values are shown beside each element below.
+#
+#   FILE NAME ELEMENTS
+#   ------------------
+#   The value of all fields whose name ends with "file" or "files" are
+#   name or names of other files.
+#   For example, see "tls.certfiles" and "tls.client.certfile".
+#   The value of each of these fields can be a simple filename, a
+#   relative path, or an absolute path.  If the value is not an
+#   absolute path, it is interpretted as being relative to the location
+#   of this configuration file.
+#
+#############################################################################
+
+#############################################################################
+# Client Configuration
+#############################################################################
+
+# URL of the Fabric-ca-server (default: http://localhost:7054)
+url:
+
+# Membership Service Provider (MSP) directory
+# This is useful when the client is used to enroll a peer or orderer, so
+# that the enrollment artifacts are stored in the format expected by MSP.
+mspdir:
+
+#############################################################################
+#    TLS section for secure socket connection
+#
+#  certfiles - PEM-encoded list of trusted root certificate files
+#  client:
+#    certfile - PEM-encoded certificate file for when client authentication
+#    is enabled on server
+#    keyfile - PEM-encoded key file for when client authentication
+#    is enabled on server
+#############################################################################
+tls:
+  # TLS section for secure socket connection
+  certfiles:
+  client:
+    certfile:
+    keyfile:
+
+#############################################################################
+#  Certificate Signing Request section for generating the CSR for an
+#  enrollment certificate (ECert)
+#
+#  cn - Used by CAs to determine which domain the certificate is to be generated for
+#
+#  serialnumber - The serialnumber field, if specified, becomes part of the issued
+#     certificate's DN (Distinguished Name).  For example, one use case for this is
+#     a company with its own CA (Certificate Authority) which issues certificates
+#     to its employees and wants to include the employee's serial number in the DN
+#     of its issued certificates.
+#     WARNING: The serialnumber field should not be confused with the certificate's
+#     serial number which is set by the CA but is not a component of the
+#     certificate's DN.
+#
+#  names -  A list of name objects. Each name object should contain at least one
+#    "C", "L", "O", or "ST" value (or any combination of these) where these
+#    are abbreviations for the following:
+#        "C": country
+#        "L": locality or municipality (such as city or town name)
+#        "O": organization
+#        "OU": organizational unit, such as the department responsible for owning the key;
+#         it can also be used for a "Doing Business As" (DBS) name
+#        "ST": the state or province
+#
+#    Note that the "OU" or organizational units of an ECert are always set according
+#    to the values of the identities type and affiliation. OUs are calculated for an enroll
+#    as OU=<type>, OU=<affiliationRoot>, ..., OU=<affiliationLeaf>. For example, an identity
+#    of type "client" with an affiliation of "org1.dept2.team3" would have the following
+#    organizational units: OU=client, OU=org1, OU=dept2, OU=team3
+#
+#  hosts - A list of host names for which the certificate should be valid
+#
+#############################################################################
+csr:
+  cn: ord-admin
+  serialnumber:
+  names:
+    - C: IE
+      ST: Dublin
+      L:
+      O: "AID:Tech"
+      OU: Blockchain
+  hosts:
+    - Alejandros-MacBook-Pro.local
+
+#############################################################################
+#  Registration section used to register a new identity with fabric-ca server
+#
+#  name - Unique name of the identity
+#  type - Type of identity being registered (e.g. 'peer, app, user')
+#  affiliation - The identity's affiliation
+#  maxenrollments - The maximum number of times the secret can be reused to enroll.
+#                   Specially, -1 means unlimited; 0 means to use CA's max enrollment
+#                   value.
+#  attributes - List of name/value pairs of attribute for identity
+#############################################################################
+id:
+  name:
+  type:
+  affiliation:
+  maxenrollments: 0
+  attributes:
+   # - name:
+   #   value:
+
+#############################################################################
+#  Enrollment section used to enroll an identity with fabric-ca server
+#
+#  profile - Name of the signing profile to use in issuing the certificate
+#  label - Label to use in HSM operations
+#############################################################################
+enrollment:
+  profile:
+  label:
+
+#############################################################################
+# Name of the CA to connect to within the fabric-ca server
+#############################################################################
+caname:
+
+#############################################################################
+# BCCSP (BlockChain Crypto Service Provider) section allows to select which
+# crypto implementation library to use
+#############################################################################
+bccsp:
+    default: SW
+    sw:
+        hash: SHA2
+        security: 256
+        filekeystore:
+            # The directory used for the software file-based keystore
+            keystore: msp/keystore

examples/dev/helm_values/hlf-ca/ca.yaml

@@ -0,0 +1,60 @@
+image:
+  tag: 1.3.0
+
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    certmanager.k8s.io/cluster-issuer: "letsencrypt-production"
+  path: /
+  hosts:
+    # TODO: Change this to your Domain Name
+    - ca.nephos.aidtech-test.xyz
+  tls:
+    - secretName: ca--tls
+      hosts:
+        # TODO: Change this to your Domain Name
+        - ca.nephos.aidtech-test.xyz
+
+persistence:
+  accessMode: ReadWriteOnce
+  size: 1Gi
+
+caName: ca
+
+externalDatabase:
+  type: postgres
+  host: ca-pg-postgresql
+  username: postgres
+  # password:
+  database: fabric_ca
+  port: "5432"
+
+config:
+  hlfToolsVersion: 1.3.0
+  csr:
+    names:
+      c: IE
+      st: Dublin
+      l:
+      o: "AID:Tech"
+      ou: Blockchain
+  affiliations:
+    aidtech: []
+
+affinity:
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 95
+        podAffinityTerm:
+          topologyKey: "kubernetes.io/hostname"
+          labelSelector:
+            matchLabels:
+              app: hlf-ca
+  podAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+    - labelSelector:
+        matchLabels:
+          app: postgresql
+          release: ca-pg
+      topologyKey: "kubernetes.io/hostname"

examples/dev/helm_values/hlf-couchdb/cdb-peer1.yaml

@@ -0,0 +1,5 @@
+image:
+  tag: 0.4.10
+
+persistence:
+  size: 1Gi

examples/dev/helm_values/hlf-ord/ord1.yaml

@@ -0,0 +1,18 @@
+image:
+  tag: 1.3.0
+
+persistence:
+  accessMode: ReadWriteOnce
+  size: 1Gi
+
+ord:
+  type: solo
+  mspID: OrdererMSP
+
+secrets:
+  ord:
+    cert: hlf--ord1-idcert
+    key: hlf--ord1-idkey
+    caCert: hlf--ordadmin-cacert
+  genesis: hlf--genesis
+  adminCert: hlf--ordadmin-idcert