Skip to content

Falcon:v1.1.0

Latest
Latest
Compare
Choose a tag to compare
@tittuvarghese tittuvarghese released this 05 Jan 03:31
v1.1.0
000eb6e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Updates/Changes on existing charts

Common changes that affects all charts.

  1. Changed default ImagepullPolicy from Always to IfNotPresent on all charts.
  2. Added additionalLabels for every charts to include more labels. For orderers and peers the value will be per orderer/peer or you can set it globally as well (.Values.global.additionalLabels), for the rest of the charts it will be .Values.additionalLabels.
  3. Removed the unecessary peer identity enrollment from most of the channel/chaincode related fabric-ops jobs which improved the overall job execution time. (Reduced to 50% of the previous execution time)
  4. All charts have been updated with Readme with complete list of parameters.

Chart : fabric-ops

  1. Separated all fabric-ops jobs and configmaps to different template files for easy management.
  2. Filestore fileupload/download are now separated into functions in the common script.
  3. Fixed bug on the filestore upload as it was reporting successful upload even if the uploads were failing.
  4. Restructured the common functions such as enrollment function to support msp/tls enrollments.
  5. Removed the dependency on identity_type to decide whether tls/msp enrollement is needed.
  6. From now on, you don't need to add a step to download the CA server public key explicitly using fabric_public_key_fetch function if you're using the common enrollment function. When you call the common enroll function by passing 10 parameters, it will handle the public key fetch itself.
  7. All the above common functions are now in fabric_enroll.sh which is default when rendering this chart. All jobs can source this file and start using it, so that no separate enrollment script is needed as it supports most of the use cases.

Job: approve-chaincode

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.approve_chaincode to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform chaincode approval operations.
  5. New parameter required .Values.core_peer_address

Job: channel-create

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.create_channel to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform the channel creation operation.

Job: commit-chaincode

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.commit_chaincode to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform the chaincode commit operation.
  5. New parameter required .Value.core_peer_address

Job: configure-org-channel

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.configure_org_channel to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform org addition operations.
  5. New Org's ica username/password is not required to add it to the channel. Instead only an admin user credentials are required instead of ica user.
  6. New Org's msp_dir will be taken from the chart default. You don't have to specify it unless there is a reason.

Job: Identities

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.identity to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ca_endpoint
  4. Modified .Values.ca.admin_secret to .Values.ca_secret
  5. Added hlf_domain to support common enrollment function.

Job: install-chaincode

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.install_chaincode to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform chaincode installation. And no peer identities and enrollments are required.
  5. Added .Values.peer_identities array for target peers on which chaincode needs to be installed.
  6. Added .peer_endpoint field to peer_identities array, so that chaincode can be installed remotely (Optionally). By default it will be {{ .identity_name }}:{{ $.Values.peer_internal_service_port }}

Job: Update-anchor-peer

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.update_anchor_peer to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform anchor peer update.

Job: Cryptogen

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.cryptogen to true is required.
  2. Orderer orgname can be completely managed from values. Previously it was hardcoded to OrdererMSP in the template.
  3. No need to expose the Orderer Org OR Initialpeer Org ICA credentials. Instead, provide any user credentials that has admin privileges.
  4. Initial network organization array has been simplfied and eliminated many repetitve items, it's clean and more readable than the previous version. Previously the orderer organization and peer org name were mentioned twice in the values file. Now with a single .Values.organizations array, you can specify the Orderer org, its identities & Peer org and its anchor peer list. All you need to do is mark org_type as "orderer" for orderer organization and org_type as "peerorg" for initial peer org.
  5. Removed .Values.orderer_org_name & .Values.peer_org_name since this is now handled in .Values.organizations array.
  6. Removed .Values.anchorPeers since this can be handled under .Values.organizations array.
  7. Removed .Values.orderer_port since it is not used anywhere.
  8. Removed .Values.orderer_identities since this can be handled under .Values.organizations array.
  9. Modified .Values.tls.ca_endpoint to .Values.tlsca_endpoint and .Values.tls.cert_path will be handled by default values.

Chart : fabric-orderer

  1. Modified .Values.global.enroll_on_every_pod_recreation to .Values.global.require_certs_dir_persistence which is more readable. This can be set per orderer or globally.
  2. Changed .Values.block_file to .Values.global.block_file. This can be overridden using .block_file per orderer when deploying new orderers with different genesis blockfile.
  3. Added .tls_cert_archive field per orderer incase if the orderer want to use a non-default tls_cert_archive file from the filestore. Default is <orderer-identity>-tls-certs.tar.gz in the filestore.
  4. Added .renew_orderer_certs for re-generating certs. This will delete the existing certs and do new enrollment on pod startup.
  5. Added .use_existing_pvc_data, this option will allow you to use an existing pvc for your orderer. This only handles the kubernetes part of mouting an existing pvc to the falcon managed orderer. But it is your responsibility to make sure that data inside the existing pvc matching to the new orderer in terms of all other configurations.
  6. Ingress resource is now optional, you can turn it off using ingressEnabled true/false globally or per orderer.
  7. Modified .Values.ca.ica_endpoint to .Values.global.ica_endpoint
  8. Modified .Values.ca.tlsca_endpoint to .Values.global.tlsca_endpoint
  9. Removed env variable ORDERER_GENERAL_LOCALMSPID from values file and added new parameter .Values.MspIdOverride if you want to override the default value, which is .Values.nameOverride. This env is now part of deployment template.
  10. Removed env variable ORDERER_GENERAL_GENESISFILE from values file since this value needs to be customised per orderer using (.block_file). This env is now part of deployment template.
  11. Added new field .additionalEnvironmentVars for indiviaul orderes if required to add custom env variable unique to orderers.
  12. livenessprobe, readinessprobes & startupprobes can now be handled per orderer or to Chart default from .Values.livenessprobe, .Values.readinessprobes & .Values.startupprobes.
  13. affinities, tolerations, nodeselectors & resources can also be handled per orderer or globally using .Values.global.affinities etc.
  14. To disable default livenessprobe, use .disableDefaultLivenessProbe per orderer or under .Values.global.disableDefaultLivenessProbe. Similarly, use disableDefaultStartupProbe, disableDefaultReadinessProbe, disableGlobalTolerations, disableGlobalAffinity & disableGlobalNodeSelector to disable them.

Chart : fabric-peer

  1. Modified .Values.enroll_on_every_pod_recreation to .Values.global.require_certs_dir_persistence. This can be specified under global or per peer.
  2. Added .renew_peer_certs for re-generating certs. This will delete the existing certs and do new enrollment. This has to be specified per peer.
  3. Added new field .additionalEnvironmentVars for individual peers if required to add custom env variable unique to peer. This can be specified per peer or globally.
  4. Ingress resource is now optional, you can turn it off using ingressEnabled true/false globally or per peer.
  5. Modified .Values.ica_tls_cert_file to .Values.ica_tls_certfile
  6. Modified .Values.tlsca_tls_cert_file to .Values.tlsca_tls_certfile
  7. Moved health check probes from .Values.global to .Values. since it is chart specific default. So that the custom values file will looks clean & shorter. But still it can be disabled from values file.

Chart : fabric-ca

  1. Now supports additional domain name in csr. Use .Values.ca_server.additional_sans to provide list of additional tls domains if required.
  2. Added PVC support to store intermediate-ca-cert when running in ICA mode. So that the pod does not have to fetch the parent ca certificate on every pod restart.
  3. Added an option to delete the intermediate certificate and fetch a new public key cert of the parent server if required. Set .Values.recreate_intermediate_cert to true to do that, default value is false.

New Feature addition

Chart : fabric-ops

Orderer addition

  1. Orderer addition in a running fabric network is now supported.
  2. This job will update the required channels with new orderer crypto materials. Read https://github.com/npci/falcon/tree/main/helm-charts/fabric-ops#how-to-add-new-order-node-into-a-running-hyperpedger-fabric-network-

Renew orderer TLS cert

  1. This job will update the TLS cert of an orderer identity in the channel.
  2. The scope of this job is only to handle the channel updation with new TLS cert. Once this done, the existing orderer node has to be redeployed with new cert and genesis block. Read https://github.com/npci/falcon/tree/main/helm-charts/fabric-ops#how-to-updaterenew-orderer-node-tls-certificates-in-a-running-hyperpedger-fabric-network-
Assets 2