Getting started
There are two types of resources to manage a channel:
- FabricMainChannel
- FabricFollowerChannel
FabricMainChannel
This resource creates and manages the channel configuration, including:
- Configuration
- Peer organizations
- Orderer organizations
FabricFollowerChannel
This resource joins the channel and manages the channel configuration, including:
- Anchor peers
- Peers to join
Wallet
For every resource we need a wallet to interact with the network.
The FabricMainChannel requires a wallet with the admin identity of the orderer organization and the peer organizations that will manage the channel.
The FabricFollowerChannel requires a wallet with the admin identity of the peer organization.
Enroll the orderer admin organization
CA_NAME=ord-ca
CA_NAMESPACE=default
CA_MSPID=OrdererMSP
CA_TYPE=tlsca # can be `ca` or `tlsca`
kubectl hlf ca register --name=$CA_NAME --namespace=$CA_NAMESPACE --user=admin --secret=adminpw --type=admin \
--enroll-id enroll --enroll-secret=enrollpw --mspid OrdererMSP
kubectl hlf ca enroll --name=$CA_NAME --namespace=$CA_NAMESPACE \
--user=admin --secret=adminpw --mspid $CA_MSPID \
--ca-name $CA_TYPE --output orderermsp.yaml
Enroll the admin peer organization
CA_NAME=org1-ca
CA_NAMESPACE=default
CA_MSPID=Org1MSP
CA_TYPE=ca # can be `ca` or `tlsca`
kubectl hlf ca register --name=$CA_NAME --namespace=$CA_NAMESPACE --user=admin --secret=adminpw --type=admin \
--enroll-id enroll --enroll-secret=enrollpw --mspid Org1MSP
kubectl hlf ca enroll --name=$CA_NAME --namespace=$CA_NAMESPACE \
--user=admin --secret=adminpw --mspid $CA_MSPID \
--ca-name $CA_TYPE --output org1msp.yaml
Create secret�
We need to create a secret for the operator to use the certificates to create the channel and update the channel configuration.
kubectl create secret generic wallet --namespace=default \
--from-file=org1msp.yaml=$PWD/org1msp.yaml \
--from-file=orderermsp.yaml=$PWD/orderermsp.yaml
Create the channel
First, we need to obtain the orderer TLS certificate, this would need to be performed for each orderer that is in the consenters list.
kubectl get fabricorderernodes ord-node1 \
-o jsonpath='{.status.tlsCert}' > ./orderer-cert.pem
Second, we create the main channel CRD and apply it.
kubectl hlf channelcrd main create \
--channel-name=demo \
--name=demo \
--orderer-orgs=OrdererMSP \
--peer-orgs=Org1MSP \
--admin-orderer-orgs=OrdererMSP \
--admin-peer-orgs=Org1MSP \
--secret-name=wallet \
--secret-ns=default \
--consenters=ord-node1.default:7050 \
--consenter-certificates=./orderer-cert.pem \
--identities="OrdererMSP;admin-tls-ordservice.yaml" \
--identities="Org1MSP;peer-org1.yaml" \
--consenters=ord-node1.default:7050 --consenter-certificates="orderer0-tls-cert.pem"
Join the channel for Org1MSP
First, we need to obtain the orderer TLS certificate, this would need to be performed for each orderer that is in the consenters list.
kubectl get fabricorderernodes ord-node1 \
-o jsonpath='{.status.tlsCert}' > ./orderer-cert.pem
Second, we create the main channel CRD and apply it.
kubectl hlf channelcrd follower create \
--channel-name=demo \
--mspid=Org1MSP \
--name="demo-org1msp" \
--orderer-certificates="./orderer-cert.pem" \
--orderer-urls="grpcs://ord-node1.default:7050" \
--anchor-peers="org1-peer0:7051" \
--peers="org1-peer0.default" \
--secret-name=wallet \
--secret-ns=default \
--secret-key="peer-org1.yaml"