文章目录

1. 1. 1-HLF key concept
   1. 1.1. Feature
   2. 1.2. option1-How to deploy a Hyperledger fabric network on Kubernetes
      1. 1.2.1. Fabric CA
   3. 1.3. option2: deploy Fabric with helm
      1. 1.3.1. step1: fabric-ca

1-HLF key concept

Feature

1. Modularity: a pluggable ordering service, optional peer-to-peer gossip servce, smart contracts can run in container, ledger can support DBMS.
2. Permissioned Blockchain: Rather than an open permissionless system that allows unknown idnetities to participate in the network(requiring protocols like ‘proof of work’ to validate transactions and secure the network), the memebers of HLF network enroll thru a trusted Membership Service Provider(MSP).
3. Privacy and Confidentiality: use channel to control who can communicate? Only the participant can see ledter, only ORG peer node have ledger copy.
4. New architecture for transaction, execute-order-validate:
5. Pluggable consensus. Currently offers a CFT(crash fault-tolerant) ordering service implementation based on the etcd library of the the Raft protocol.
6. Performance and Scale working group currently works on a benchmarking framework called Hyperledger Caliper. The latest scaled Fabric to 20,000 transactions per second.

option1-How to deploy a Hyperledger fabric network on Kubernetes

https://www.zeeve.io/blog/how-to-deploy-a-hyperledger-fabric-network-on-kubernetes/

You will build the following:

• Fabric CA
  First, you will deploy a Fabric Certificate Authority, serviced by PostgresSQL, to manage identities.

• Fabric Orderer
  Next, you will deploy an Orderer service of various Fabric ordering nodes to establish consensus over the Raft cluster. This Fabric Ordering service enables consensus for development and production networks.

• Fabric Peer
  Finally, you will deploy several peers and connect them with a channel. We’ll bind the peers to a CouchDB database as described in the image below:

Fabric CA

1. Run the CA server.

2. Once the CA starts running, enroll in the Fabric CA’s identity.

   // To run the first command, use kubectl exec to check the existence of a certificate inside the folder of the Fabric CA membership service provider.
   kubectl exec -n blockchain $CA_POD -- cat/var/hyperledger/fabric-ca/msp/signcerts/cert.pem
   
   // Done correctly, you can run the Fabric CA client enroll command in the CA, which points to the CA’s ingress.
   kubectl exec -n blockchain $CA_POD -- bash -c 'fabric-ca-client enroll -d -u http://$CA_ADMIN:$CA_PASSWORD@$SERVICE_DNS:7054′
   
   // With this setup, you can run the curl command and get the CA info.
   CA_INGRESS=$(kubectl get ingress -n blockchain -l "app=hlfca,release=ca" -ojsonpath="{.items[0].spec.rules[0].host}")
   curl https://$CA_INGRESS/cainfo
   
   //Use Kubectl exec to execute the register command within the Fabric CA, which registers the organization responsible for hosting the Orderers and the Peers.
   FABRIC_CA_CLIENT_HOME=./config fabric-ca-client getcacert -u http://$CA_INGRESS -M ./AidTechMSP
   kubectl exec -n blockchain $CA_POD -- fabric-ca-client register -id.name org-admin -id.secret OrgAdm1nPW -id.attrs 'admin=true:ecert'
   
   // Upon successful registration, you can use the Fabric CA client again to enroll in the identity and receive your private key and certificate.
   FABRIC_CA_CLIENT_HOME=./config fabric-ca-client enroll -u http://org-admin:OrgAdm1nPW@$CA_INGRESS -M ./AidTechMSP

---

option2: deploy Fabric with helm

https://github.com/yuxuanh/helm-hlf

step1: fabric-ca

• what helm done

1. init db
2. init cert
3. fabric-ca-server start

so helm only start ca-server, so still need to enroll, register…

CA_POD=$(kubectl get pods -n blockchain -l "app=hlfca,release=ca" -ojsonpath="{.items[0].metadata.name}")
kubectl logs -n blockchain $CA_POD | grep 'Listening on'