Merge branch 'fix/readme' into 'main'

Tittu Varghese · Tittu Varghese · commit bdacaf23e524 · 2023-08-29T12:23:19.000Z
Updated hlf-builder image, readme corrections.

See merge request opensource/falcon!2
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,10 @@
 FROM hyperledger/fabric-tools:2.4
-RUN apk add openssl curl curl-dev
-RUN wget https://github.com/hyperledger/fabric-ca/releases/download/v1.5.6/hyperledger-fabric-ca-linux-arm64-1.5.6.tar.gz
-RUN tar -xvzf hyperledger-fabric-ca-linux-arm64-1.5.6.tar.gz
-RUN mv bin/fabric-ca-client /usr/local/bin/fabric-ca-client
+RUN apk add openssl curl curl-dev gcompat libc6-compat
+RUN wget https://github.com/hyperledger/fabric-ca/releases/download/v1.5.1/hyperledger-fabric-ca-linux-amd64-1.5.1.tar.gz
 RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.23.10/bin/linux/amd64/kubectl \
+     && tar -xvzf hyperledger-fabric-ca-linux-amd64-1.5.1.tar.gz \
+     && mv bin/fabric-ca-client /usr/local/bin/fabric-ca-client \
      && mv kubectl /usr/local/bin/ \
      && chmod 755 /usr/local/bin/fabric-ca-client \
-     && chmod 755 /usr/local/bin/kubectl
-
+     && chmod 755 /usr/local/bin/kubectl \
+     && ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2
diff --git a/README.md b/README.md
@@ -34,7 +34,7 @@ Whether you're a blockchain enthusiast, developer, or enterprise seeking to harn
 - [ ] Key Management using HSM / Vault
 
 ### Releases
-- v1.0.0
+- [v1.0.0](/releases/latest)
 
 ### Samples
 Please refer our [examples](examples/README.md) for running a complete blockchain network using the deployment helper.
diff --git a/examples/README.md b/examples/README.md
@@ -1,4 +1,4 @@
-## HLF Deployment Helper
+## Falcon : HLF Deployment Helper
 
 ### Reference Deployment Strategies
 [![HLF DEPLOYMENT HELPER](../images/hlf-open-deployment.png)]() 
@@ -11,20 +11,21 @@
 [![Helm Version](https://img.shields.io/badge/helm_version-v3.10.1+-blue)]() 
 [![Nginx Version](https://img.shields.io/badge/nginx_ingress_version-v1.7.0+-blue)]() 
 
-* Nginx Ingress can be replaced with any other K8S ingress that supports ```SNI based routing```. The ingress service should be exposed by two ```Nodeports for Ports: 80/TCP, 443/TCP```. Eg; NodePort 30000 => 443/TCP (Ingress service).
+* Nginx Ingress OR any other K8S ingress that supports ```SNI based routing```. The ingress service should be exposed by two ```Nodeports for Ports: 80/TCP, 443/TCP```. Eg; NodePort 30000 => 443/TCP (Ingress service).
 * ```--enable-ssl-passthrough``` Should be enabled on the Nginx Ingress pod. All of the Hyperledger Fabric related TLS requests should be terminated on the Pod level as long as we're keeping the certs in the POD itself. If Nginx, then a similar ssl passthrough annotation ```"nginx.ingress.kubernetes.io/ssl-passthrough: "true"``` must be added to all the HLF Ingress resources we create. This annotation can be handled from the values file for every helm chart. In case if you're not using Nginx Ingress, kindly add the proper annotations accordingly.
-* ```Configurable DNS```. You should have the ability to add custom DNS zones that are resolvable from the pods. If you're using CoreDNS, follow this guide to add custom zones on your Kubernetes cluster https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/. If deploying to GKE, you can make use of CloudDNS private zones. 
-* Once added the zone, then you need to add A record(s) point to the server(s) where the Ingress is listening. It must be a wildcard DNS entry.
+* ```Configurable DNS```. You should have the ability to add custom DNS zones that are resolvable from the pods. If you're using CoreDNS, follow this guide to add custom zones on your Kubernetes cluster https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/. If deploying to GKE on GCP, you can make use of CloudDNS private zones. 
+* Once added the zone, then you need to add A record(s) that points to the server(s) where the Ingress is listening. It must be a wildcard DNS entry.
     Eg, If your domain name is ```my-hlf-domain.com``` and you have 3 worker nodes ```10.10.10.10``` ```10.10.10.11``` ```10.10.10.12```. Then you need to create a DNS entry ```*.my-hlf-domain.com``` to point to above IPs. This is a must have configuration and make sure that wildcard DNS queries are resolving properly. If this fails, the deployment will fail. Kindly make sure this DNS is resolving and the tcp connections are reaching the ingress. You can verify it by simple telnet command. 
     ```telnet anyname.my-hlf-domain.com 30000 ``` assuming that 30000 is the Nodeport on Nginx Ingress that maps to Ingress 443. 
+  If you're in any public cloud platform, then hard coding the worker node IP in the DNS is not a reliable approach since the worker node can be changed at any time. In that case, you can deploy an Internal Cloud LB.
 * ```StorageClass``` that supports dynamic volume provisioning. 
 * We're using the docker hub upstream HyperLedger Fabric images for Fabric CA, Peers, Orderers and a custom builder tool which is hosted on NPCI docker hub registry. Make sure that your worker nodes can pull these images from docker hub. If not, upload them to your internal registry and the registry/repository can be managed over values.
 
 
 
 ##### Keep in mind the following things throughout this example deployment;
 
-  1. We'll be using the domain `my-hlf-domain.com`. If you have created a different domain as specified in the pre-req section, then update the `my-hlf-domain.com` to your domain name whereever there is a mention. 
+  1. We'll be using the domain `my-hlf-domain.com`. If you have created a different domain as specified in the pre-req section, then update the `my-hlf-domain.com` to your domain name wherever there is a mention. 
   2. The Ingress classname is `nginx`. You need to change it to the appropriate value on your environment if you have a different one.
   3. Nginx ingress services are exposed on `30000` and `30001` for `https` and `http` nodeports respectively.
   4. StorageClass we use `standard-rwo`. Feel free to to change it to your storageclass.
@@ -58,16 +59,17 @@ Clone this repository and change your directory to the root directory. First you
 
 2. **Deploy ROOT CA**
 
-Create a kubernetes secret with ```user``` and ```password``` as keys for this ROOTCA server. We kept this secret out of the helm charts/values to get more security. All CA/ICA/TLSCA server username/password are handled in this way. Change the ```namespace``` & ```secret``` name if you need a different one and update the secret name at `ca_server.admin_secret`
+Create a kubernetes secret with ```user``` and ```password``` as keys for this `ROOTCA` server. We kept this secret out of the helm charts/values to get more security. All CA/ICA/TLSCA server username/password are handled in this way. Change the ```namespace``` & ```secret``` name if you need a different one and update the secret name at `ca_server.admin_secret`
 ```
+# kubectl create ns orderer
 # kubectl -n orderer create secret generic rca-secret --from-literal=user=rca-admin --from-literal=password=rcaComplexPassword
 ```
   
 Apply the `fabric-ca` chart with our values file. If you change the ```tls_domain, docker images, secret & storageClass``` then update the [examples/fabric-ca/root-ca.yaml](./fabric-ca/root-ca.yaml) accordingly.
 ```
 # helm install root-ca -n orderer helm-charts/fabric-ca -f examples/fabric-ca/root-ca.yaml
 ```
-his will deploy the `root-ca` server for you and the server will be available at `https://root-ca.my-hlf-domain.com`. To verify the server, you can get into any running pod in the cluster and send a curl request as below;
+This will deploy the `root-ca` server for you and the server will be available at `https://root-ca.my-hlf-domain.com`. To verify the server, you can get into any running pod in the cluster and send a curl request as below;
 ```
 curl https://root-ca.my-hlf-domain.com:30000/cainfo --insecure
 ```
@@ -77,7 +79,7 @@ You will get the CA response like below.
 
 3. **Deploy TLSCA**
 
-Create an another kubernetes secret for your `TLSCA` server just like we did it for `ROOTCA` and update the secret name in the values file `examples/fabric-ca/tls-ca.yaml`. If you change the ```tls_domain, docker images, secret & storageClass``` then update the [examples/fabric-ca/root-ca.yaml](./fabric-ca/root-ca.yaml) accordingly.
+Create an another kubernetes secret for your `TLSCA` server just like we did it for `ROOTCA` and update the secret name in the values file `examples/fabric-ca/tls-ca.yaml`. If you change the ```tls_domain, docker images, secret & storageClass``` then update the [examples/fabric-ca/tls-ca.yaml](./fabric-ca/tls-ca.yaml) accordingly.
 ```
 # helm install tls-ca -n orderer helm-charts/fabric-ca -f examples/fabric-ca/tls-ca.yaml
 ```
@@ -94,29 +96,29 @@ You can verify it with the similar way we verified the root-ca end-point above.
 ```
 6. **Deploy Orderer ICA**
 
-You need to create an admin secret like we did for ROOTCA and update [examples/fabric-ca/ica-orderer.yaml](./fabric-ca/ica-orderer.yaml) with your secret. Or create the secret mentioned in this file if you do not want to change it. Once done, apply the following.
+Here, we're deplyoing the same Fabric-ca charts for this CA but this will be in ICA mode. This time you need to create the kubernetes secret with the username and password that you registered at ROOTCA identities job. If you have changed that identities then, create the secret with those values and update the secret name here [examples/fabric-ca/ica-orderer.yaml](./fabric-ca/ica-orderer.yaml) with your secret. If you have not touched anything, then simply apply the following.
 ```
 # helm install ica-orderer -n orderer helm-charts/fabric-ca -f examples/fabric-ca/ica-orderer.yaml
 ```
 7. **Deploy Initial peer org ICA**
 
-You need to create an admin secret like we did for ROOTCA and update [examples/fabric-ca/ica-initialpeerorg.yaml](./fabric-ca/ica-initialpeerorg.yaml) with your secret. Or create the secret mentioned in this file if you do not want to change it. Once done, apply the following.
+Follow the same ICA Orderer deployment steps here and update [examples/fabric-ca/ica-initialpeerorg.yaml](./fabric-ca/ica-initialpeerorg.yaml) with your secret if you have created the secret with a different name. If you have not touched anything, then simply apply the following.
 ```
 # helm install ica-initialpeerorg -n initialpeerorg helm-charts/fabric-ca -f examples/fabric-ca/ica-initialpeerorg.yaml 
 ```
-8. **Create Orderer identties with ica-orderer**
+8. **Create Orderer identities with ica-orderer**
 ```
 # helm install orderer-ops -n orderer helm-charts/fabric-ops/ -f examples/fabric-ops/orderer/orderer-identities.yaml
 ```
-9. **Create Initialpeerorg identties with ica-initialpeerorg**
+9. **Create Initialpeerorg identities with ica-initialpeerorg**
 ```
 # helm install initialpeerorg-ops -n initialpeerorg helm-charts/fabric-ops/ -f examples/fabric-ops/initialpeerorg/identities.yaml
 ```
 10. **Generate Genesisblock & Channel transaction file**
 ```
 # helm install cryptogen -n orderer helm-charts/fabric-ops/ -f examples/fabric-ops/orderer/orderer-cryptogen.yaml
 ```
-After successful completion of this `cryptogen Job`, you'll see the Genesisblock file and channel transaction file in your filestore under your project directory. If your project name is `yourproject`, then your project directory will be created as `/usr/share/nginx/html/yourproject`.
+After successful completion of this `cryptogen Job`, you'll see the `Genesisblock` file and `Channel transaction` file in your filestore under your project directory. If your project name is `yourproject`, then your project directory will be created as `/usr/share/nginx/html/yourproject`.
 
 11. **Deploy Orderers**
 ```
@@ -126,7 +128,7 @@ After successful completion of this `cryptogen Job`, you'll see the Genesisblock
 ```
 # helm install peer -n initialpeerorg helm-charts/fabric-peer/ -f examples/fabric-peer/initialpeerorg/values.yaml
 ```
-After successful deployment of the Peers, you will get 3 peers in initialpeerorg namespace. Each of these peers will have 1 Init container and 3 app containers `(Fabric Peer, Dind & CouchDB)`. If everything went fine, then you'll see similar logs in the `peer0-initialpeerorg-0`.   
+After successful deployment of the Peers, you will get 3 peers in initialpeerorg namespace. Each of these peers will have 1 Init container and 3 app containers `(Fabric Peer, Dind & CouchDB)`. If everything went fine, then you'll see some successful connectivity logs in the `peer0-initialpeerorg-0`.   
 
 13. **Create channel**
 ```
@@ -152,7 +154,7 @@ If you have your own chaincode, then package it and upload the same to filestore
 
 1. **Deploy Org1 ICA**
 
-You need to create an admin secret like we did for ROOTCA and update [examples/fabric-ca/ica-org1.yaml](./fabric-ca/ica-org1.yaml) with your secret. Or create the secret mentioned in this file if you do not want to change it. Once done, apply the following.
+You need to create a kubernetes secret with the one registered with rootca identities registration job and update [examples/fabric-ca/ica-org1.yaml](./fabric-ca/ica-org1.yaml) if you're creating a different secret name. Or create the secret mentioned in this file if you do not want to change it. Once done, apply the following.
 ```
 # helm install ica-org1 -n org1 helm-charts/fabric-ca -f examples/fabric-ca/ica-org1.yaml
 ```
@@ -162,7 +164,7 @@ Once the `Org1` ICA started successfully, you would need to add this `Org1` to t
 ```
 # helm install configorgchannel -n initialpeerorg helm-charts/fabric-ops/ -f examples/fabric-ops/initialpeerorg/configure-org-channel.yaml
 ```
-3. **Create Org1 identties with ica-org1**
+3. **Create Org1 identities with ica-org1**
 ```
 # helm install org1-ca-ops -n org1 helm-charts/fabric-ops/ -f examples/fabric-ops/org1/identities.yaml 
 ```
@@ -183,17 +185,17 @@ Once the `Org1` ICA started successfully, you would need to add this `Org1` to t
 
 1. **Deploy Org2 ICA**
 
-You need to create an admin secret like we did for ROOTCA and update [examples/fabric-ca/ica-org2.yaml](./fabric-ca/ica-org2.yaml) with your secret. Or create the secret mentioned in this file if you do not want to change it. Once done, apply the following.
+You need to create a kubernetes secret with the one registered with rootca identities registration job and update [examples/fabric-ca/ica-org2.yaml](./fabric-ca/ica-org2.yaml) if you're creating a different secret name. Or create the secret mentioned in this file if you do not want to change it. Once done, apply the following.
 ```
 # helm install ica-org2 -n org2 helm-charts/fabric-ca -f examples/fabric-ca/ica-org2.yaml
 ```
 2. **Add Org2 to network**
 
 Once the `Org2` ICA started successfully, you would need to add this `Org2` to the network. For that, you need to upgrade the following `configorgchannel` Job in `initialpeerorg`. This time, uncomment the `org2` section in the `Values.organizatons` array in the values file [examples/fabric-ops/initialpeerorg/configure-org-channel.yaml](./fabric-ops/initialpeerorg/configure-org-channel.yaml).
 ```
-helm upgrade configorgchannel -n initialpeerorg helm-charts/fabric-ops/ -f examples/fabric-ops/initialpeerorg/configure-org-channel.yaml
+# helm upgrade configorgchannel -n initialpeerorg helm-charts/fabric-ops/ -f examples/fabric-ops/initialpeerorg/configure-org-channel.yaml
 ```
-3. **Create Org1 identties with ica-org1.**
+3. **Create Org1 identities with ica-org1.**
 ```
 # helm install org2-ca-ops -n org2 helm-charts/fabric-ops/ -f examples/fabric-ops/org2/identities.yaml 
 ```
@@ -218,7 +220,7 @@ helm upgrade configorgchannel -n initialpeerorg helm-charts/fabric-ops/ -f examp
 
 1. **Approve ChainCode on Initialpeerorg**
 
- Ensure that you have updated the Chaincode package ID in [examples/fabric-ops/initialpeerorg/approve-chaincode.yaml](./fabric-ops/initialpeerorg/approve-chaincode.yaml), below are the required fields for updating with your own chaincode details.
+ Ensure that you have updated the Chaincode package ID in [examples/fabric-ops/initialpeerorg/approve-chaincode.yaml](./fabric-ops/initialpeerorg/approve-chaincode.yaml), below are the required fields for updating with your own chaincode details. (This Chaincode package ID update is only required if you use your own chaincode package. If not, simply apply the following helm approval jobs)
 - cc_name
 - cc_version
 - cc_package_id
@@ -228,7 +230,7 @@ helm upgrade configorgchannel -n initialpeerorg helm-charts/fabric-ops/ -f examp
 ```
 2. **Approve ChainCode on Org1**
 
- Ensure that you have updated the Chaincode package ID in [examples/fabric-ops/org1/approve-chaincode.yaml](./fabric-ops/org1/approve-chaincode.yaml), below are the required fields for updating with your own chaincode details.
+ Ensure that you have updated the Chaincode package ID in [examples/fabric-ops/org1/approve-chaincode.yaml](./fabric-ops/org1/approve-chaincode.yaml), below are the required fields for updating with your own chaincode details. (This Chaincode package ID update is only required if you use your own chaincode package. If not, simply apply the following helm approval jobs)
 - cc_name
 - cc_version
 - cc_package_id
@@ -238,7 +240,7 @@ helm upgrade configorgchannel -n initialpeerorg helm-charts/fabric-ops/ -f examp
 ```
 3. **Approve ChainCode on Org2**
 
- Ensure that you have updated the Chaincode package ID in [examples/fabric-ops/org2/approve-chaincode.yaml](./fabric-ops/org2/approve-chaincode.yaml), below are the required fields for updating with your own chaincode details.
+ Ensure that you have updated the Chaincode package ID in [examples/fabric-ops/org2/approve-chaincode.yaml](./fabric-ops/org2/approve-chaincode.yaml), below are the required fields for updating with your own chaincode details. (This Chaincode package ID update is only required if you use your own chaincode package. If not, simply apply the following helm approval jobs)
 - cc_name
 - cc_version
 - cc_package_id
@@ -248,7 +250,7 @@ helm upgrade configorgchannel -n initialpeerorg helm-charts/fabric-ops/ -f examp
 ```
 4. **Commit ChainCode on Initialpeerorg**
 
- Ensure that you have updated the Chaincode package ID in [examples/fabric-ops/initialpeerorg/approve-chaincode.yaml](./fabric-ops/initialpeerorg/approve-chaincode.yaml), below are the required fields for updating with your own chaincode details.
+ Ensure that you have updated the Chaincode package ID in [examples/fabric-ops/initialpeerorg/approve-chaincode.yaml](./fabric-ops/initialpeerorg/approve-chaincode.yaml), below are the required fields for updating with your own chaincode details. (This Chaincode package ID update is only required if you use your own chaincode package. If not, simply apply the following helm commit job)
 - cc_name
 - cc_version
 - cc_package_id
diff --git a/helm-charts/fabric-ca/templates/NOTES.txt b/helm-charts/fabric-ca/templates/NOTES.txt
@@ -7,15 +7,15 @@ APP VERSION: {{ .Chart.AppVersion }}
 
 {{- if .Values.ica.enabled }}
 ------------------------------------------------------
-| The Fabric CA chart has been deployed in ICA mode. |
+The Fabric CA chart has been deployed in ICA mode.
 ------------------------------------------------------
-| ICA Endpoint  : {{ include "fabric-ca.fullname" $ }}.{{ $.Values.tls_domain }} 
-| The Parent CA : {{ .Values.ica.parent_ca_endpoint }}
+ICA Endpoint  : {{ include "fabric-ca.fullname" $ }}.{{ $.Values.tls_domain }} 
+The Parent CA : {{ .Values.ica.parent_ca_endpoint }}
 {{ else }}
 ---------------------------------------------------------------------
-| The Fabric CA chart has been deployed as ParentCA/Standalone mode. |
+The Fabric CA chart has been deployed in ParentCA/Standalone mode.
 ---------------------------------------------------------------------
-| CA Endpoint : {{ include "fabric-ca.fullname" $ }}.{{ $.Values.tls_domain }}
+CA Endpoint : {{ include "fabric-ca.fullname" $ }}.{{ $.Values.tls_domain }}
 
 {{- end }}
 
diff --git a/images/falcon-hlf-logo.png b/images/falcon-hlf-logo.png
diff --git a/images/hlf-deployment-helper.png b/images/hlf-deployment-helper.png
