Using Fabric-CA instead of Cryptogen to deploy Hyperledger Fabric 1.4 on Kubernetes

Introduction

I have been working on deploying Hyperledger fabric 1.4 to Kubernetes cluster with different sets of network configurations. HLF(Hyper Ledger Fabric) network configurations significantly vary across enterprises and depends on what the network is used for and the target industry. It is very important to have a deployment framework that is flexible enough to accommodate different network models

Though technically feasible, there is no framework that would help to create and operate HLF that would allow

• Multiple organizations hosted on different infrastructure (Cloud/On-Premise) or to seamlessly create and operate HLF network with a different set of network topologies
• Set of methodologies/approaches to share required crypto data (Public keys) across various organizations
• Guidelines for HLF operators to create and operate production-ready HLF network

Hyperledger Cello is a great initiative that aims to create on-demand as a service model for blockchain deployments. However, it is not production-ready yet.

I came across this repository which was created as a result of a collaborative effort between APG and Accenture NL . This looked very promising and accomplished a lot of functionality that can be used to create a production-ready deployment framework. As I started working on the framework, I noticed that the code used “Cryptogen” utility to generate certificates and Private keys. This is not a recommended approach.

I forked this repository and have done changes to use Fabric CA to generate certificates and private keys than using cryptogen.

Source code and installation instructions are available at https://github.com/mallikprojects/hyperledger-k8

Functionality

This repository contains a couple of Helm charts to:

Configure and launch the whole HL Fabric network, either:

• A simple one, one peer per organization and Solo orderer
• Or scaled up one, multiple peers per organization and Kafka or Raft orderer
• Custom Network architectures (Multi cluster architectures are not supported in this release).

Generate Artifacts

• Register identities with Fabric CA and generate necessary artifacts to setup up blockchain network

Populate the network declaratively:

• Create the channels, join peers to channels, update channels for Anchor peers
• Install/Instantiate all chaincodes, or some of them, or upgrade them to newer version .
• Add new peer organizations to an already running network declaratively
• Backup and restore the state of the whole network

Detailed instruction to configure, deploy and run HLF network with different network configurations are available at https://github.com/mallikprojects/hyperledger-k8

Roadmap

Secure Vault

Current version uses Persistent Volumes (PV) to store all generated certificates and private keys. Production networks should secure sensitive data (Certificates/Private keys) using Vault (Hashicorp, Azure vault etc.).

Channel Policies

Current version does not support channel policies and will be made available in next release

Multi cluster deployment

Current version is limited to deploying entire HLF in a single cluster. In real work, HLF spans across multiple clusters. I am working to support the following network model.

HLF network across multiple k8 clusters

Don’t hesitate to correct any mistakes I’ve made or start a (healthy) discussion in the comments. Please get in touch if you would like to contribute to this repository.