Skip to content

Releases: npci/falcon

Falcon:v1.2.0

17 Jul 04:55
@jithindevasia jithindevasia
v1.2.0
52687f7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Falcon:v1.2.0 Latest
Latest

Updates/Changes on existing charts

Common changes.

  1. Added support for NodePort service type and Port specification. Affected charts fabric-ca,fabric-orderer,fabric-peers.
  2. Changed default peerServicePort from 30002 to standard 7051 port.
  3. Changed all core_peer_address from peer0-initialpeerorg:30002 => core_peer_address: peer0-initialpeerorg:7051. Affected charts fabric-ops/approve-cc,commit cc

Chart: fabric-ops

Job: Channel creation

Multi channel support is available.

  1. Removed .Values.config_transaction_filename. Job will create txn file named as <channel-name>.tx due to multi-channel support.
  2. Removed Values.channel_block_filename. Job will create channel block file named as <channel-name>.block due to multi-channel support.
  3. Removed Values.hlf_channel and added multi-channel support. Use .Values.app_channels a list of channels to be created. Example.
app_channels:
 - mychannel1
 - mychannel2
  1. Replaced .Values.admin_identity and replaced it with .Values.admin_organizations for supporting the multi-channel functionalities and for re-using the existing configtx.yaml used by the cryptogen job. Example.
admin_organizations:
 - org_type: consortium
   org_name: initialpeerorg
   ica_endpoint: ica-initialpeerorg.my-hlf-domain.com:30000
   cert_path: /root/initialpeerorg.pem
   admin_identity: admin
   admin_secret: initialpeerorgAdminSamplePassword
   require_msp_enrollment: true
   require_tls_enrollment: false
   anchor_peers:
   - host: peer0-initialpeerorg.my-hlf-domain.com
     port: "30000"
  1. Added new value .Values.configTxProfileType for specifying configtxn profile. The value should be ConsortiumProfile
  2. Added new value .Values.consortiumName. The value should be InitialConsortium. Prior to Falcon 1.2.0, the default name was "SampleConsortium".
  3. Added more verbosity to the channel txn file print section
  4. Added .Values.core_peer_mspconfigpath_override. Optional.

Chart: fabric-ops

Job: Configure-org-channel

  1. Corrected typo in variable name .Values.organizatons to .Values.organizations
  2. Removed identity_name & identity_secret fields from .Values.organizations array since it is not required.
  3. Added support to delete orgs from channel. Added new field "status" with acceptable values active or disabled for add/remove an org respectively. Example;
- name: org1
  ica_endpoint: ica-org1.my-hlf-domain.com:30000
  anchor_peer: peer0-org1.my-hlf-domain.com
  anchor_peer_port: 30000
  status: active # Set to `disabled` to remove an org from the network.

Chart: fabric-ops

Job: Cryptogen

  1. Changed variable .Values.organizations to Values.admin_organizations
  2. Changed Org type value from peerorg type to consortium for the consortium member org.
  3. Removed .Values.channel_artifact_dir
  4. Removed .Values.base_dir
  5. Removed .Values.hlf_channel
  6. Removed .Values.config_transaction_filename
  7. Added .Values.configTxProfileType
  8. Added .Values.consortiumName
  9. Added more verbosity to the gensis.block print section.

Charts: fabric-orderer

  1. Added individual hlf_domain support for orderers. Optional
  2. Added option to add commands/args to orderers in-case if required.
  3. Fixed orderer data pvc variable name mismatch
  4. Changed the tcp health to http health check since the tcp health check was causing handshake error in orderer.

Chart: fabric-peer

  1. Changed .Values.global.peerServicePort from 30002 to 7051
  2. Added option to choose ingress as optional for peers.

What's Changed

Full Changelog: v1.1.0...v1.2.0

Contributors

jithindevasia
Assets 2
Loading

Falcon:v1.1.0

05 Jan 03:31
@tittuvarghese tittuvarghese
v1.1.0
000eb6e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Falcon:v1.1.0

Updates/Changes on existing charts

Common changes that affects all charts.

  1. Changed default ImagepullPolicy from Always to IfNotPresent on all charts.
  2. Added additionalLabels for every charts to include more labels. For orderers and peers the value will be per orderer/peer or you can set it globally as well (.Values.global.additionalLabels), for the rest of the charts it will be .Values.additionalLabels.
  3. Removed the unecessary peer identity enrollment from most of the channel/chaincode related fabric-ops jobs which improved the overall job execution time. (Reduced to 50% of the previous execution time)
  4. All charts have been updated with Readme with complete list of parameters.

Chart : fabric-ops

  1. Separated all fabric-ops jobs and configmaps to different template files for easy management.
  2. Filestore fileupload/download are now separated into functions in the common script.
  3. Fixed bug on the filestore upload as it was reporting successful upload even if the uploads were failing.
  4. Restructured the common functions such as enrollment function to support msp/tls enrollments.
  5. Removed the dependency on identity_type to decide whether tls/msp enrollement is needed.
  6. From now on, you don't need to add a step to download the CA server public key explicitly using fabric_public_key_fetch function if you're using the common enrollment function. When you call the common enroll function by passing 10 parameters, it will handle the public key fetch itself.
  7. All the above common functions are now in fabric_enroll.sh which is default when rendering this chart. All jobs can source this file and start using it, so that no separate enrollment script is needed as it supports most of the use cases.

Job: approve-chaincode

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.approve_chaincode to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform chaincode approval operations.
  5. New parameter required .Values.core_peer_address

Job: channel-create

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.create_channel to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform the channel creation operation.

Job: commit-chaincode

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.commit_chaincode to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform the chaincode commit operation.
  5. New parameter required .Value.core_peer_address

Job: configure-org-channel

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.configure_org_channel to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform org addition operations.
  5. New Org's ica username/password is not required to add it to the channel. Instead only an admin user credentials are required instead of ica user.
  6. New Org's msp_dir will be taken from the chart default. You don't have to specify it unless there is a reason.

Job: Identities

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.identity to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ca_endpoint
  4. Modified .Values.ca.admin_secret to .Values.ca_secret
  5. Added hlf_domain to support common enrollment function.

Job: install-chaincode

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.install_chaincode to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform chaincode installation. And no peer identities and enrollments are required.
  5. Added .Values.peer_identities array for target peers on which chaincode needs to be installed.
  6. Added .peer_endpoint field to peer_identities array, so that chaincode can be installed remotely (Optionally). By default it will be {{ .identity_name }}:{{ $.Values.peer_internal_service_port }}

Job: Update-anchor-peer

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.update_anchor_peer to true is required.
  2. Modified .Values.ca.tlss_ca_endpoint to .Values.tlsca_endpoint
  3. Modified .Values.ca.ca_endpoint to .Values.ica_endpoint
  4. Modified .Values.identities to .Values.admin_identity and removed identity_type field. Also added additional fields require_msp_enrollment & require_tls_enrollment. Only the Org admin credentials are required to perform anchor peer update.

Job: Cryptogen

  1. Removed job_type: chaincode_ops and only .Values.fabric_actions.cryptogen to true is required.
  2. Orderer orgname can be completely managed from values. Previously it was hardcoded to OrdererMSP in the template.
  3. No need to expose the Orderer Org OR Initialpeer Org ICA credentials. Instead, provide any user credentials that has admin privileges.
  4. Initial network organization array has been simplfied and eliminated many repetitve items, it's clean and more readable than the previous version. Previously the orderer organization and peer org name were mentioned twice in the values file. Now with a single .Values.organizations array, you can specify the Orderer org, its identities & Peer org and its anchor peer list. All you need to do is mark org_type as "orderer" for orderer organization and org_type as "peerorg" for initial peer org.
  5. Removed .Values.orderer_org_name & .Values.peer_org_name since this is now handled in .Values.organizations array.
  6. Removed .Values.anchorPeers since this can be handled under .Values.organizations array.
  7. Removed .Values.orderer_port since it is not used anywhere.
  8. Removed .Values.orderer_identities since this can be handled under .Values.organizations array.
  9. Modified .Values.tls.ca_endpoint to .Values.tlsca_endpoint and .Values.tls.cert_path will be handled by default values.

Chart : fabric-orderer

  1. Modified .Values.global.enroll_on_every_pod_recreation to .Values.global.require_certs_dir_persistence which is more readable. This can be set per orderer or globally.
  2. Changed .Values.block_file to .Values.global.block_file. This can be overridden using .block_file per orderer when deploying new orderers with different genesis blockfile.
  3. Added .tls_cert_archive field per orderer incase if the orderer want to use a non-default tls_cert_archive file from the filestore. Default is <orderer-identity>-tls-certs.tar.gz in the filestore.
  4. Added .renew_orderer_certs for re-generating certs. This will delete the existing certs and do new enrollment on pod startup.
  5. Added .use_existing_pvc_data, this option will allow you to use an existing pvc for your orderer. This only handles the kubernetes part of mouting an existing pvc to the falcon managed orderer. But it is your responsibility to make sure that data inside the existing pvc matching to the new orderer in terms of all other configurations.
  6. Ingress resource is now optional, you can turn it off using ingressEnabled true/false globally or per orderer.
  7. Modified .Values.ca.ica_endpoint to .Values.global.ica_endpoint
  8. Modified .Values.ca.tlsca_endpoint to .Values.global.tlsca_endpoint
  9. Removed env variable ORDERER_GENERAL_LOCALMSPID from values file and added new parameter .Values.MspIdOverride if you want to override the default value, which is .Values.nameOverride. This env is now part of deployment template.
  10. Removed env variable ORDERER_GENERAL_GENESISFILE from values file since this value needs to be customised per orderer using (.block_file). This env is now part of deployment template.
  11. Added new field .additionalEnvironmentVars for indiviaul orderes if required to add custom env variable unique to orderers.
  12. livenessprobe, readinessprobes & startupprobes can now be handled per orderer or to Chart default from .Values.livenessprobe, .Values.readinessprobes & .Values.startupprobes.
  13. affinities, tolerations, nodeselectors & resources can also be handled per orderer or globally using .Values.global.affinities etc.
  14. To disable default livenessprobe, use .disableDefaultLivenessProbe per orderer or under .Values.global.disableDefaultLivenessProbe. Similarly, use `disableDefaultStartupPr...
Read more
Loading

Falcon:v1.0.2

24 Oct 12:51
@tittuvarghese tittuvarghese
v1.0.2
0e7f14b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Falcon:v1.0.2

v1.0.2 features:

  • Peers & Orderes charts
    • Added a new feature to skip msp/tls enrollments on every pod recreation through the boolean variable enroll_on_every_pod_recreation. If set to true, (by default) then deployment/sts will use an emptydir ephemeral volume for storing the certs and on every pod re-creation the init container performs the enrollment. If set to false, a pvc will be created from the given storageclass and stores the certificates there. On pod recreation, the init script checks the existence of the certs and skip the enrollment if the the certs exists.
    • This will remove the dependency on the CA Server when a peer/orderer pod gets recreated due to any node failure. (But for the very first deployment, the CA server end-point should be available.)
  • Filestore chart
    • Added custom hostname/fqdn support for the filestore endpoint. This will remove the dependency on running filestore end-point with the same HLF domain. You can override the default chart generated filestore endpoint with any resolvable dns (If you have one already) using the .Values.hostOverride with your own FQDN.
    • Added optional TLS support for the filestore ingress resource. To do that, create a kubenetes secret of tls type and provide it here in .Values.ingress.tls.secretName
  • Peer
    • New option to renew peer certificates. Set .Values.renew_peer_certs: true to delete the existing certificates and generate new certs through an enrollment. Once the certs got renewed, change this to false again via a helm upgrade. Make this to true only when you want to renew the certs.
    • Added a feature to use existing PVCs for peer,dind & couchdb containers. So that falcon can be integrated into an already running peer without any data lose if it was not managed through falcon peer charts. Use the following vars under .Values.peers array to specify the existing volumes per peer OR you can add it under .Values.global for all peers. Do a comparison by running helm template and verify the output before you deploy it. The volume name prefix under the volumeClaimTemplates.metadata.name of your sts must match with the existing pvc.
      Example:
  peers:
    - name: peer0
      identity_name: peer0-org
      identity_secret: peer0orgSamplePassword
      couchUseExistingPvcPrefix: couch-pvc
      peerUseExistingPvcPrefix: peer-pvc
      dindUseExistingPvcPrefix: dind-pvc

By specifying the above values, the chart assumes that a pvc exists already with the name couch-pvc-peer0-org-0 for the peer0.

Loading

Falcon:v1.0.1

04 Oct 09:04
@tittuvarghese tittuvarghese
v1.0.1
a7d689e

Choose a tag to compare

View all tags
Falcon:v1.0.1
  • Standardized all storage-class to "standard" in the example setup. Previously it was a mix of standard & standard-rwo.
  • Updated Orderers / Tools charts to support StorageClass value to be passed from values file. Previously it was hard coded.
  • Added additional ENV variable support on Peer / Orderer charts. Now you can add additional ENV variables of individual pods from values file.
  • Added NodeSelector, Affinity, Tolerations, Resources, Probes, SecurityContext to Peer charts. Some of them were hard coded in 1.0.0 version.
  • Fixed Imagepullpolicy value mapping on all charts. Few of them were hard coded previously.
Loading

Falcon:v1.0.0

29 Aug 12:28
@tittuvarghese tittuvarghese
v1.0.0
bdacaf2

Choose a tag to compare

View all tags
Falcon:v1.0.0

Falcon - the hyperledger fabric deployment helper for Kubernetes is an open-source project designed to streamline the deployment and management of Hyperledger Fabric based blockchain networks on Kubernetes clusters. This tool simplifies the complex process of setting up, configuring, and maintaining Fabric nodes, peers, orderers, and channels within a Kubernetes environment. With templatised helm charts and customizable configuration options, the project empowers developers and administrators to effortlessly deploy and scale secure and robust Hyperledger Fabric networks, leveraging the flexibility and scalability of Kubernetes orchestration.

Features

  • CA Management (Root CA, TLS CA & Intermediate CAs)
  • Peer Creation
  • Orderer Creation
  • Channel Management
  • Chaincode Lifecycle Management (Install, Approve, Commit and CC Upgrades)
  • Cryptographic operations support and certification management
  • Domain Name support and SNI Based Routing
  • Ingress resource provisioning
  • File Registry support for centralised config files
  • Support for Hyperledger Fabric 2.3+
  • Multi-zone, Multi-DC, Private Network (On-prem DCs) deployment support
Loading