Merge "[CE-696] Add certs for Peer and Orderer"

src/agent/fabric-operator/build/bin/templates/ca/ca_secret.yaml

@@ -0,0 +1,7 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: "<name>"
+type: Opaque
+data:
+  key: "YWRtaW4="

src/agent/fabric-operator/build/bin/templates/orderer/orderer_secret.yaml

@@ -0,0 +1,7 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: "<name>"
+type: Opaque
+data:
+  key: "YWRtaW4="

src/agent/fabric-operator/build/bin/templates/orderer/orderer_statefulset.yaml

@@ -25,6 +25,9 @@ spec:
         component: "orderer"
     spec:
       volumes:
+        - name: orderercerts
+          secret:
+            secretName: orderercerts
         - name: toolset
           configMap:
             name: fabric-configuration-toolset
@@ -40,5 +43,6 @@ spec:
           volumeMounts:
             - mountPath: "/etc/hyperledger/orderer"
               name: ordererstorage
+            - mountPath: "/certs"
+              name: orderercerts
           command: ["orderer"]
-

src/agent/fabric-operator/build/bin/templates/peer/peer_secret.yaml

@@ -0,0 +1,7 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: "<name>"
+type: Opaque
+data:
+  key: "YWRtaW4="

src/agent/fabric-operator/build/bin/templates/peer/peer_statefulset.yaml

@@ -26,6 +26,9 @@ spec:
         component: "peer"
     spec:
       volumes:
+        - name: peercerts
+          secret:
+            secretName: peercerts
         - name: toolset
           configMap:
             name: fabric-configuration-toolset
@@ -41,5 +44,7 @@ spec:
           volumeMounts:
             - mountPath: "/etc/hyperledger/peer"
               name: peerstorage
+            - mountPath: "/certs"
+              name: peercerts
           command: ["peer"]
           args:  ["node", "start"]

src/agent/fabric-operator/deploy/crds/fabric_v1alpha1_ca_cr.yaml

@@ -8,24 +8,22 @@ spec:
   # you have the k8s secret created.
   admin: "sampleadmin"
   adminPassword: "samplepassword"
-
-  # Specify Fabric binaries to be used to setup the fabric CA
-  image: "hyperledger/fabric-ca:1.4.1"
-
   # Specify storage being used by this Certificate Authority.
-  storageSize: "1Gi"
-  storageClass: "default"
+  #storageClass: "default"
+  #storageSize: "1Gi"
 
   # If you have an set of certs that you like to use instead of
   # generating a set by Fabric CA, you can specify as the following.
   # Certificates and private keys have all to be base64 encoded as
   # the values of the each item below.
-  # certs:
-  #   cert: "The base64 encoded certificate"
-  #   key: "The base64 encoded private key"
-  #   tlsCert: "The base64 encoded tls certificate"
-  #   tlsKey: "The base64 encoded tls private key"
-
+  #certs:
+  #  cert: 
+  #  key: 
+  #  tlsCert: 
+  #  tlsKey: 
+  nodeSpec:
+    # Specify Fabric binaries to be used to setup the fabric CA
+    image: "hyperledger/fabric-ca:1.4.1"
   # Optionally, FQDN can also be specified
   # hosts: ["ca.sample.com", "169.45.20.0"]
 
@@ -49,4 +47,4 @@ spec:
   #   FABRIC_CA_SERVER_CSR_NAMES_0_ST: "North Carolina"
   #   FABRIC_CA_SERVER_CSR_NAMES_0_L: "Cary"
   #   FABRIC_CA_SERVER_CSR_NAMES_0_O: "Sample Org"
-  #   FABRIC_CA_SERVER_CSR_NAMES_0_OU: "Sample Org Unit"
+  #   FABRIC_CA_SERVER_CSR_NAMES_0_OU: "Sample Org Unit"

src/agent/fabric-operator/deploy/crds/fabric_v1alpha1_orderer_cr.yaml

@@ -3,40 +3,56 @@ kind: Orderer
 metadata:
   name: orderer00
 spec:
-  storageSize: "1Gi"
-  storageClass: "default"
-  image: "hyperledger/fabric-orderer:1.4.1"
-
-  # To specify resource limits for this orderer node,
-  # use kubernetes resource requirements spec
-  # resources:
-  #   requests:
-  #     memory: "32Mi"
-  #     cpu: "200m"
-  #   limits:
-  #     memory: "1024mi"
-  #     cpu: "250"
-
-  # Add all the configurable peer parameters as 
+  # If you have an set of certs that you like to use instead of
+  # generating a set by Fabric CA, you can specify as the following.
+  # Certificates and private keys have all to be base64 encoded as
+  # the values of the each item below.
+  #certs:
+  #  tlsCerts:
+  #    tlsPrivatekey:
+  #    tlsCert:
+  #    tlsRootcas:
+  #  msp:
+  #    adminCerts:
+  #    caCerts:
+  #    keyStore:
+  #    signCerts:
+  #    tlsCacerts:
+  nodeSpec:
+    # To specify resource limits for this orderer node,
+    # use kubernetes resource requirements spec
+    # resources:
+    #   requests:
+    #     memory: "32Mi"
+    #     cpu: "200m"
+    #   limits:
+    #     memory: "1024mi"
+    #     cpu: "250"
+    storageSize: "1Gi"
+    storageClass: "default"
+    image: "hyperledger/fabric-orderer:1.4.1"
+  # Add all the configurable peer parameters as
   # name-value pairs
-  configParams:
-    - name: ORDERER_CFG_PATH
-      value: /shared/
-    - name: ORDERER_GENERAL_LEDGERTYPE
-      value: file
-    - name: ORDERER_FILELEDGER_LOCATION
-      value: /shared/ledger/orderer
-    - name: ORDERER_GENERAL_BATCHTIMEOUT
-      value: 1s
-    - name: ORDERER_GENERAL_BATCHSIZE_MAXMESSAGECOUNT
-      value: "10"
-    - name: ORDERER_GENERAL_MAXWINDOWSIZE
-      value: "1000"
-    - name: ORDERER_GENERAL_ORDERERTYPE
-      value: solo
-    - name: ORDERER_GENERAL_LISTENADDRESS
-      value: 0.0.0.0
-    - name: ORDERER_GENERAL_LISTENPORT
-      value: "31010"
-    - name: ORDERER_GENERAL_LOGLEVEL
-      value: debug
+    configParams:
+      - name: ORDERER_CFG_PATH
+        value: /shared/
+      - name: ORDERER_GENERAL_LEDGERTYPE
+        value: file
+      - name: ORDERER_FILELEDGER_LOCATION
+        value: /shared/ledger/orderer
+      - name: ORDERER_GENERAL_BATCHTIMEOUT
+        value: 1s
+      - name: ORDERER_GENERAL_BATCHSIZE_MAXMESSAGECOUNT
+        value: "10"
+      - name: ORDERER_GENERAL_MAXWINDOWSIZE
+        value: "1000"
+      - name: ORDERER_GENERAL_ORDERERTYPE
+        value: solo
+      - name: ORDERER_GENERAL_LISTENADDRESS
+        value: 0.0.0.0
+      - name: ORDERER_GENERAL_LISTENPORT
+        value: "31010"
+      - name: ORDERER_GENERAL_LOGLEVEL
+        value: debug
+      - name: ORDERER_GENERAL_TLS_ENABLED
+        value: "true"

src/agent/fabric-operator/deploy/crds/fabric_v1alpha1_orderer_crd.yaml

@@ -29,37 +29,95 @@ spec:
           type: object
         spec:
           properties:
-            configParams:
-              items:
-                properties:
-                  name:
-                    type: string
-                  value:
-                    type: string
-                required:
-                - name
-                - value
-                type: object
-              type: array
-            hosts:
-              items:
-                type: string
-              type: array
-            image:
+            certs:
               description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
                 Important: Run "operator-sdk generate k8s" to regenerate code after
                 modifying this file Add custom validation using kubebuilder tags:
                 https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
-              type: string
-            resources:
+              properties:
+                msp:
+                  properties:
+                    adminCerts:
+                      items:
+                        type: string
+                      type: array
+                    caCerts:
+                      items:
+                        type: string
+                      type: array
+                    intermediateCerts:
+                      items:
+                        type: string
+                      type: array
+                    keyStore:
+                      type: string
+                    signCerts:
+                      type: string
+                    tlsCacerts:
+                      items:
+                        type: string
+                      type: array
+                    tlsIntermediatecerts:
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - adminCerts
+                  - caCerts
+                  - keyStore
+                  - signCerts
+                  type: object
+                tlsCerts:
+                  properties:
+                    tlsCert:
+                      type: string
+                    tlsPrivatekey:
+                      type: string
+                    tlsRootcas:
+                      items:
+                        type: string
+                      type: array
+                    tlsRootcert:
+                      type: string
+                  type: object
+              required:
+              - msp
+              - tlsCerts
+              type: object
+            nodeSpec:
+              properties:
+                configParams:
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      value:
+                        type: string
+                    required:
+                    - name
+                    - value
+                    type: object
+                  type: array
+                hosts:
+                  items:
+                    type: string
+                  type: array
+                image:
+                  description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+                    Important: Run "operator-sdk generate k8s" to regenerate code
+                    after modifying this file Add custom validation using kubebuilder
+                    tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
+                  type: string
+                resources:
+                  type: object
+                storageClass:
+                  type: string
+                storageSize:
+                  type: string
+              required:
+              - image
+              - configParams
               type: object
-            storageClass:
-              type: string
-            storageSize:
-              type: string
-          required:
-          - image
-          - configParams
           type: object
         status:
           properties: