Getting started

There are two types of resources to manage a channel:

FabricMainChannel
FabricFollowerChannel

FabricMainChannel

This resource creates and manages the channel configuration, including:

Configuration
Peer organizations
Orderer organizations

FabricFollowerChannel

This resource joins the channel and manages the channel configuration, including:

Anchor peers
Peers to join

Wallet

For every resource we need a wallet to interact with the network.

The FabricMainChannel requires a wallet with the admin identity of the orderer organization and the peer organizations that will manage the channel.

The FabricFollowerChannel requires a wallet with the admin identity of the peer organization.

Enroll the orderer admin organization

CA_NAME=ord-ca
CA_NAMESPACE=default
CA_MSPID=OrdererMSP
CA_TYPE=tlsca # can be `ca` or `tlsca`
kubectl hlf ca register --name=$CA_NAME --namespace=$CA_NAMESPACE --user=admin --secret=adminpw --type=admin \
 --enroll-id enroll --enroll-secret=enrollpw --mspid OrdererMSP

kubectl hlf ca enroll --name=$CA_NAME --namespace=$CA_NAMESPACE \
    --user=admin --secret=adminpw --mspid $CA_MSPID \
    --ca-name $CA_TYPE  --output orderermsp.yaml

Enroll the admin peer organization

CA_NAME=org1-ca
CA_NAMESPACE=default
CA_MSPID=Org1MSP
CA_TYPE=ca # can be `ca` or `tlsca`
kubectl hlf ca register --name=$CA_NAME --namespace=$CA_NAMESPACE --user=admin --secret=adminpw --type=admin \
 --enroll-id enroll --enroll-secret=enrollpw --mspid Org1MSP

kubectl hlf ca enroll --name=$CA_NAME --namespace=$CA_NAMESPACE \
    --user=admin --secret=adminpw --mspid $CA_MSPID \
    --ca-name $CA_TYPE  --output org1msp.yaml

Create secret

We need to create a secret for the operator to use the certificates to create the channel and update the channel configuration.

kubectl create secret generic wallet --namespace=default \
        --from-file=org1msp.yaml=$PWD/org1msp.yaml \
        --from-file=orderermsp.yaml=$PWD/orderermsp.yaml

Create the channel

First, we need to obtain the orderer TLS certificate, this would need to be performed for each orderer that is in the consenters list.

kubectl get fabricorderernodes ord-node1 \
    -o jsonpath='{.status.tlsCert}' > ./orderer-cert.pem

Second, we create the main channel CRD and apply it.

kubectl hlf channelcrd main create \
    --channel-name=demo \
    --name=demo \
    --orderer-orgs=OrdererMSP \
    --peer-orgs=Org1MSP \
    --admin-orderer-orgs=OrdererMSP \
    --admin-peer-orgs=Org1MSP \
    --secret-name=wallet \
    --secret-ns=default \
    --consenters=ord-node1.default:7050 \
    --consenter-certificates=./orderer-cert.pem \
    --identities="OrdererMSP;admin-tls-ordservice.yaml" \
    --identities="Org1MSP;peer-org1.yaml" \
    --consenters=ord-node1.default:7050 --consenter-certificates="orderer0-tls-cert.pem"

Join the channel for Org1MSP

First, we need to obtain the orderer TLS certificate, this would need to be performed for each orderer that is in the consenters list.

kubectl get fabricorderernodes ord-node1 \
    -o jsonpath='{.status.tlsCert}' > ./orderer-cert.pem

Second, we create the main channel CRD and apply it.

kubectl hlf channelcrd follower create \
    --channel-name=demo \
    --mspid=Org1MSP \
    --name="demo-org1msp" \
    --orderer-certificates="./orderer-cert.pem" \
    --orderer-urls="grpcs://ord-node1.default:7050" \
    --anchor-peers="org1-peer0:7051" \
    --peers="org1-peer0.default" \
    --secret-name=wallet \
    --secret-ns=default \
    --secret-key="peer-org1.yaml"

FabricMainChannel​

FabricFollowerChannel​

Wallet​

Enroll the orderer admin organization​

Enroll the admin peer organization​

Create secret​

Create the channel​

Join the channel for Org1MSP​