Updated deployment to use secrets for the HLF certificates

84292923 · Javier Diaz · 55392f7a · 84292923 · 84292923 · 84292923
Commit 84292923 authored 10 months ago by Javier Diaz
--- a/deploy/tfs.sh
+++ b/deploy/tfs.sh
@@ -118,6 +118,19 @@ export PROM_EXT_PORT_HTTP=${PROM_EXT_PORT_HTTP:-"9090"}
 # If not already set, set the external port Grafana HTTP Dashboards will be exposed to.
 export GRAF_EXT_PORT_HTTP=${GRAF_EXT_PORT_HTTP:-"3000"}

+# ----- HLF Key Paths -----------------------------------------------------------
+
+echo "Create secret for keystore"
+KEY_DIRECTORY_PATH="${HOME}/fabric-samples/test-network/organizations/peerOrganizations/org1.adrenaline.com/users/User1@org1.adrenaline.com/msp/keystore"
+printf "\n"
+
+echo "Create secret for signcerts"
+CERT_DIRECTORY_PATH="${HOME}/fabric-samples/test-network/organizations/peerOrganizations/org1.adrenaline.com/users/User1@org1.adrenaline.com/msp/signcerts"
+printf "\n"
+
+echo "Create secret for ca.crt"
+TLS_CERT_PATH="${HOME}/fabric-samples/test-network/organizations/peerOrganizations/org1.adrenaline.com/peers/peer0.org1.adrenaline.com/tls/ca.crt"
+printf "\n"

 ########################################################################################################################
 # Automated steps start here
@@ -178,6 +191,19 @@ kubectl create secret generic qdb-data --namespace ${TFS_K8S_NAMESPACE} --type='
    --from-literal=METRICSDB_PASSWORD=${QDB_PASSWORD}
 printf "\n"

+echo "Create secret for HLF keystore"
+kubectl create secret generic dlt-keystone --namespace ${TFS_K8S_NAMESPACE} --from-file=keystore=${KEY_DIRECTORY_PATH}
+printf "\n"
+
+echo "Create secret for HLF signcerts"
+kubectl create secret generic dlt-signcerts --namespace ${TFS_K8S_NAMESPACE} --from-file=signcerts=${CERT_DIRECTORY_PATH}
+printf "\n"
+
+echo "Create secret for HLF ca.crt"
+kubectl create secret generic dlt-ca-crt --namespace ${TFS_K8S_NAMESPACE} --from-file=ca.crt=${TLS_CERT_PATH}
+printf "\n"
+
+
 echo "Deploying components and collecting environment variables..."
 ENV_VARS_SCRIPT=tfs_runtime_env_vars.sh
 echo "# Environment variables for TeraFlowSDN deployment" > $ENV_VARS_SCRIPT

--- a/manifests/dltservice.yaml
+++ b/manifests/dltservice.yaml
@@ -23,9 +23,9 @@ data:
  PEER_ENDPOINT: "10.1.1.96:7051"  #Change to required peer#
  PEER_HOST_ALIAS: "peer0.org1.adrenaline.com"
  CRYPTO_PATH: "/test-network/organizations/peerOrganizations/org1.adrenaline.com"
-  KEY_DIRECTORY_PATH: "/test-network/organizations/peerOrganizations/org1.adrenaline.com/users/User1@org1.adrenaline.com/msp/keystore"
-  CERT_DIRECTORY_PATH: "/test-network/organizations/peerOrganizations/org1.adrenaline.com/users/User1@org1.adrenaline.com/msp/signcerts"
-  TLS_CERT_PATH: "/test-network/organizations/peerOrganizations/org1.adrenaline.com/peers/peer0.org1.adrenaline.com/tls/ca.crt"
+  KEY_DIRECTORY_PATH: "/etc/hyperledger/fabric-keystore"
+  CERT_DIRECTORY_PATH: "/etc/hyperledger/fabric-signcerts"
+  TLS_CERT_PATH: "/etc/hyperledger/fabric-ca-crt/ca.crt"

 ---

@@ -87,6 +87,15 @@ spec:
        - mountPath: /test-network
          name: dlt-volume
          readOnly: true
+        - name: keystore
+          mountPath: /etc/hyperledger/fabric-keystore
+          readOnly: true
+        - name: signcerts
+          mountPath: /etc/hyperledger/fabric-signcerts
+          readOnly: true
+        - name: ca-crt
+          mountPath: /etc/hyperledger/fabric-ca-crt
+          readOnly: true
        env:
        - name: CHANNEL_NAME
          valueFrom:
@@ -119,24 +128,24 @@ spec:
              name: dlt-config
              key: CRYPTO_PATH
        - name: KEY_DIRECTORY_PATH
-          valueFrom:
-            configMapKeyRef:
-              name: dlt-config
-              key: KEY_DIRECTORY_PATH
+          value: "/etc/hyperledger/fabric-keystore"
        - name: CERT_DIRECTORY_PATH
-          valueFrom:
-            configMapKeyRef:
-              name: dlt-config
-              key: CERT_DIRECTORY_PATH
+          value: "/etc/hyperledger/fabric-signcerts"
        - name: TLS_CERT_PATH
-          valueFrom:
-            configMapKeyRef:
-              name: dlt-config
-              key: TLS_CERT_PATH
+          value: "/etc/hyperledger/fabric-ca-crt/ca.crt"
      volumes:
      - name: dlt-volume
        persistentVolumeClaim:
          claimName: dlt-pvc
+      - name: keystore
+        secret:
+          secretName: dlt-keystone
+      - name: signcerts
+        secret:
+          secretName: dlt-signcerts
+      - name: ca-crt
+        secret:
+          secretName: dlt-ca-cr

 ---


--- a/src/dlt/gateway/Dockerfile
+++ b/src/dlt/gateway/Dockerfile
@@ -24,4 +24,5 @@ RUN npm install
 EXPOSE 50051

 # Command to run the service
-CMD ["node", "src/dltGateway.js"]
\ No newline at end of file
+#CMD ["node", "src/dltGateway.js"]
+CMD ["sh", "-c", "sleep 3600"]  # Keep the container running for testing