-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Resolves #66 Signed-off-by: James Taylor <[email protected]>
- Loading branch information
Showing
16 changed files
with
321 additions
and
161 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
// For format details, see https://aka.ms/devcontainer.json. For config options, see the | ||
// README at: https://github.com/devcontainers/templates/tree/main/src/python | ||
{ | ||
"name": "Fabric k8s builder", | ||
// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile | ||
"image": "mcr.microsoft.com/devcontainers/python:1-3.12-bullseye", | ||
|
||
// Features to add to the dev container. More info: https://containers.dev/features. | ||
"features": { | ||
"ghcr.io/devcontainers-contrib/features/mkdocs:2": { | ||
"plugins": "mkdocs-material mike" | ||
} | ||
} | ||
|
||
// Use 'forwardPorts' to make a list of ports inside the container available locally. | ||
// "forwardPorts": [], | ||
|
||
// Use 'postCreateCommand' to run commands after the container is created. | ||
// "postCreateCommand": "pip3 install --user -r requirements.txt", | ||
|
||
// Configure tool-specific properties. | ||
// "customizations": {}, | ||
|
||
// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. | ||
// "remoteUser": "root" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# To get started with Dependabot version updates, you'll need to specify which | ||
# package ecosystems to update and where the package manifests are located. | ||
# Please see the documentation for more information: | ||
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates | ||
# https://containers.dev/guide/dependabot | ||
|
||
version: 2 | ||
updates: | ||
- package-ecosystem: "devcontainers" | ||
directory: "/" | ||
schedule: | ||
interval: weekly |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
## Usage | ||
|
||
The k8s builder can be run in cluster using the `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` environment variables, or it can connect using a `KUBECONFIG_PATH` environment variable. | ||
|
||
The following optional environment variables can be used to configure the k8s builder: | ||
|
||
- `FABRIC_K8S_BUILDER_DEBUG` whether to enable additional logging | ||
- `FABRIC_K8S_BUILDER_NAMESPACE` specifies the namespace to deploy chaincode to | ||
- `FABRIC_K8S_BUILDER_SERVICE_ACCOUNT` specifies the service account for the chaincode pod | ||
|
||
A `CORE_PEER_ID` environment variable is also currently required. | ||
|
||
External builders are configured in the `core.yaml` file, for example: | ||
|
||
``` | ||
externalBuilders: | ||
- name: k8s_builder | ||
path: /opt/hyperledger/k8s_builder | ||
propagateEnvironment: | ||
- CORE_PEER_ID | ||
- FABRIC_K8S_BUILDER_DEBUG | ||
- FABRIC_K8S_BUILDER_NAMESPACE | ||
- FABRIC_K8S_BUILDER_SERVICE_ACCOUNT | ||
- KUBERNETES_SERVICE_HOST | ||
- KUBERNETES_SERVICE_PORT | ||
``` | ||
|
||
See [External Builders and Launchers](https://hyperledger-fabric.readthedocs.io/en/latest/cc_launcher.html) for details of Hyperledger Fabric builders. | ||
|
||
As well as configuring Fabric to use the k8s builder, you will need to [configure Kubernetes](docs/KUBERNETES_CONFIG.md) to allow the builder to start chaincode pods successfully. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
## Chaincode Docker image | ||
|
||
Unlike the traditional chaincode language support for Go, Java, and Node.js, the k8s builder *does not* build a chaincode Docker image using Docker-in-Docker. | ||
Instead, a chaincode Docker image must be built and published before it can be used with the k8s builder. | ||
|
||
The chaincode will have access to the following environment variables: | ||
|
||
- CORE_CHAINCODE_ID_NAME | ||
- CORE_PEER_ADDRESS | ||
- CORE_PEER_TLS_ENABLED | ||
- CORE_PEER_TLS_ROOTCERT_FILE | ||
- CORE_TLS_CLIENT_KEY_PATH | ||
- CORE_TLS_CLIENT_CERT_PATH | ||
- CORE_TLS_CLIENT_KEY_FILE | ||
- CORE_TLS_CLIENT_CERT_FILE | ||
- CORE_PEER_LOCALMSPID | ||
|
||
See the [sample contracts for Go, Java, and Node.js](samples/README.md) for basic docker images which will work with the k8s builder. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
## Chaincode package | ||
|
||
The k8s chaincode package file, which is installed by the `peer lifecycle chaincode install` command, must contain the Docker image name and digest of the chaincode being deployed. | ||
|
||
[Fabric chaincode packages](https://hyperledger-fabric.readthedocs.io/en/latest/cc_launcher.html#chaincode-packages) are `.tgz` files which contain two files: | ||
|
||
- metadata.json - the chaincode label and type | ||
- code.tar.gz - source artifacts for the chaincode | ||
|
||
To create a k8s chaincode package file, start by creating an `image.json` file. | ||
For example, | ||
|
||
```shell | ||
cat << IMAGEJSON-EOF > image.json | ||
{ | ||
"name": "ghcr.io/hyperledger-labs/go-contract", | ||
"digest": "sha256:802c336235cc1e7347e2da36c73fa2e4b6437cfc6f52872674d1e23f23bba63b" | ||
} | ||
IMAGEJSON-EOF | ||
``` | ||
|
||
Note: the k8s chaincode package file uses digests because these are immutable, unlike tags. | ||
The docker inspect command can be used to find the digest if required. | ||
|
||
``` | ||
docker pull ghcr.io/hyperledger-labs/go-contract:v0.7.2 | ||
docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/hyperledger-labs/go-contract:v0.7.2 | cut -d'@' -f2 | ||
``` | ||
|
||
Create a `code.tar.gz` archive containing the `image.json` file. | ||
|
||
```shell | ||
tar -czf code.tar.gz image.json | ||
``` | ||
|
||
Create a `metadata.json` file for the chaincode package. | ||
For example, | ||
|
||
```shell | ||
cat << METADATAJSON-EOF > metadata.json | ||
{ | ||
"type": "k8s", | ||
"label": "go-contract" | ||
} | ||
METADATAJSON-EOF | ||
``` | ||
|
||
Create the final chaincode package archive. | ||
|
||
```shell | ||
tar -czf go-contract.tgz metadata.json code.tar.gz | ||
``` | ||
|
||
Ideally the chaincode package should be created in the same CI/CD pipeline which builds the docker image. | ||
There is an example [package-k8s-chaincode-action](https://github.com/hyperledgendary/package-k8s-chaincode-action) GitHub Action which can create the required k8s chaincode package. | ||
|
||
The GitHub Action repository includes a basic shell script which can also be used for automating the process above outside GitHub workflows. | ||
For example, to create a basic k8s chaincode package using the `pkgk8scc.sh` helper script. | ||
|
||
```shell | ||
curl -fsSL https://raw.githubusercontent.com/hyperledgendary/package-k8s-chaincode-action/main/pkgk8scc.sh -o pkgk8scc.sh && chmod u+x pkgk8scc.sh | ||
./pkgk8scc.sh -l go-contract -n ghcr.io/hyperledger-labs/go-contract -d sha256:802c336235cc1e7347e2da36c73fa2e4b6437cfc6f52872674d1e23f23bba63b | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Frequently Asked Questions | ||
|
||
## Chaincode | ||
|
||
### Are private chaincode images supported? | ||
|
||
Yes. [Link to details tbc] | ||
|
||
### Will chaincode work in multi-architecture Fabric networks? | ||
|
||
Yes. [Link to details tbc] |
Oops, something went wrong.