Skip to content

Falcon:v1.0.2
Compare
Choose a tag to compare
@tittuvarghese tittuvarghese released this 24 Oct 12:51
· 119 commits to main since this release
v1.0.2
0e7f14b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

v1.0.2 features:

  • Peers & Orderes charts
    • Added a new feature to skip msp/tls enrollments on every pod recreation through the boolean variable enroll_on_every_pod_recreation. If set to true, (by default) then deployment/sts will use an emptydir ephemeral volume for storing the certs and on every pod re-creation the init container performs the enrollment. If set to false, a pvc will be created from the given storageclass and stores the certificates there. On pod recreation, the init script checks the existence of the certs and skip the enrollment if the the certs exists.
    • This will remove the dependency on the CA Server when a peer/orderer pod gets recreated due to any node failure. (But for the very first deployment, the CA server end-point should be available.)
  • Filestore chart
    • Added custom hostname/fqdn support for the filestore endpoint. This will remove the dependency on running filestore end-point with the same HLF domain. You can override the default chart generated filestore endpoint with any resolvable dns (If you have one already) using the .Values.hostOverride with your own FQDN.
    • Added optional TLS support for the filestore ingress resource. To do that, create a kubenetes secret of tls type and provide it here in .Values.ingress.tls.secretName
  • Peer
    • New option to renew peer certificates. Set .Values.renew_peer_certs: true to delete the existing certificates and generate new certs through an enrollment. Once the certs got renewed, change this to false again via a helm upgrade. Make this to true only when you want to renew the certs.
    • Added a feature to use existing PVCs for peer,dind & couchdb containers. So that falcon can be integrated into an already running peer without any data lose if it was not managed through falcon peer charts. Use the following vars under .Values.peers array to specify the existing volumes per peer OR you can add it under .Values.global for all peers. Do a comparison by running helm template and verify the output before you deploy it. The volume name prefix under the volumeClaimTemplates.metadata.name of your sts must match with the existing pvc.
      Example:
  peers:
    - name: peer0
      identity_name: peer0-org
      identity_secret: peer0orgSamplePassword
      couchUseExistingPvcPrefix: couch-pvc
      peerUseExistingPvcPrefix: peer-pvc
      dindUseExistingPvcPrefix: dind-pvc

By specifying the above values, the chart assumes that a pvc exists already with the name couch-pvc-peer0-org-0 for the peer0.

Assets 2