separate namespace for each organization (hyperledger#817)

* seperate namespace for each organization

Signed-off-by: Basil K Y <[email protected]>

* rest server working

Signed-off-by: Basil K Y <[email protected]>

* use single namespace by default, fix k8s buider

Signed-off-by: Basil K Y <[email protected]>

* added ci test for testing k8s n/w on multiple namespaces

Signed-off-by: Basil K Y <[email protected]>

* fix: access rest server via gateway

Signed-off-by: Basil K Y <[email protected]>

Signed-off-by: Basil K Y <[email protected]>

ci/azure-pipelines.yml

@@ -147,6 +147,13 @@ jobs:
           CHAINCODE_NAME: basic
           CHAINCODE_LANGUAGE: java
           CHAINCODE_BUILDER: k8s
+        Multi-Namespace:
+          ORG0_NS: org0-namespace
+          ORG1_NS: org1-namespace
+          ORG2_NS: org2-namespace
+          CHAINCODE_NAME: basic
+          CHAINCODE_LANGUAGE: java
+          CHAINCODE_BUILDER: k8s
 
     steps:
       - template: templates/install-k8s-deps.yml

test-network-k8s/config/org0/configtx.yaml → test-network-k8s/config/org0/configtx-template.yaml

@@ -25,7 +25,7 @@ Organizations:
     ID: OrdererMSP
 
     # MSPDir is the filesystem path which contains the MSP configuration
-    MSPDir: ../../build/channel-msp/ordererOrganizations/org0/msp
+    MSPDir: ./channel-msp/ordererOrganizations/org0/msp
 
     # Policies defines the set of policies at this level of the config tree
     # For organization policies, their canonical path is usually
@@ -42,9 +42,9 @@ Organizations:
         Rule: "OR('OrdererMSP.admin')"
 
     OrdererEndpoints:
-      - org0-orderer1:6050
-      - org0-orderer2:6050
-      - org0-orderer3:6050
+      - org0-orderer1.${ORG0_NS}.svc.cluster.local:6050
+      - org0-orderer2.${ORG0_NS}.svc.cluster.local:6050
+      - org0-orderer3.${ORG0_NS}.svc.cluster.local:6050
 
   - &Org1
     # DefaultOrg defines the organization which is used in the sampleconfig
@@ -54,7 +54,7 @@ Organizations:
     # ID to load the MSP definition as
     ID: Org1MSP
 
-    MSPDir: ../../build/channel-msp/peerOrganizations/org1/msp
+    MSPDir: ./channel-msp/peerOrganizations/org1/msp
 
     # Policies defines the set of policies at this level of the config tree
     # For organization policies, their canonical path is usually
@@ -78,7 +78,7 @@ Organizations:
       # AnchorPeers defines the location of peers which can be used
       # for cross org gossip communication.  Note, this value is only
       # encoded in the genesis block in the Application section context
-      - Host: org1-peer1
+      - Host: org1-peer1.${ORG1_NS}.svc.cluster.local
         Port: 7051
 
   - &Org2
@@ -89,7 +89,7 @@ Organizations:
     # ID to load the MSP definition as
     ID: Org2MSP
 
-    MSPDir: ../../build/channel-msp/peerOrganizations/org2/msp
+    MSPDir: ./channel-msp/peerOrganizations/org2/msp
 
     # Policies defines the set of policies at this level of the config tree
     # For organization policies, their canonical path is usually
@@ -112,7 +112,7 @@ Organizations:
       # AnchorPeers defines the location of peers which can be used
       # for cross org gossip communication.  Note, this value is only
       # encoded in the genesis block in the Application section context
-      - Host: org2-peer1
+      - Host: org2-peer1.${ORG2_NS}.svc.cluster.local
         Port: 7051
 
 ################################################################################
@@ -224,16 +224,16 @@ Orderer: &OrdererDefaults
     Consenters:
       - Host: org0-orderer1
         Port: 6050
-        ClientTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
-        ServerTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
+        ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
+        ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
       - Host: org0-orderer2
         Port: 6050
-        ClientTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
-        ServerTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
+        ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
+        ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
       - Host: org0-orderer3
         Port: 6050
-        ClientTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
-        ServerTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
+        ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
+        ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
 
 
     # Options to be specified for all the etcd/raft nodes. The values here

test-network-k8s/kube/fabric-builder-rolebinding.yaml

@@ -13,6 +13,6 @@ roleRef:
   kind: Role
   name: fabric-builder-role
 subjects:
-  - namespace: ${NS}
+  - namespace: ${ORG1_NS}
     kind: ServiceAccount
     name: default

test-network-k8s/kube/fabric-rest-sample.yaml

@@ -11,7 +11,7 @@ metadata:
 data:
   HLF_CONNECTION_PROFILE_ORG1: |
     {
-        "name": "${NS}-org1",
+        "name": "Org1",
         "version": "1.0.0",
         "client": {
             "organization": "Org1",
@@ -87,7 +87,7 @@ data:
     -----END PRIVATE KEY-----
   HLF_CONNECTION_PROFILE_ORG2: |
     {
-        "name": "${NS}-org2",
+        "name": "Org2",
         "version": "1.0.0",
         "client": {
             "organization": "Org2",
@@ -112,7 +112,7 @@ data:
         },
         "peers": {
             "org2-peers": {
-                "url": "grpcs://org2-peer-gateway-svc:7051",
+                "url": "org2-peer-gateway-svc:7051",
                 "tlsCACerts": {
                     "pem": "-----BEGIN CERTIFICATE-----\\nMIICKDCCAc6gAwIBAgIUJJ4wGOSCfw8XOOIx29o67wBpFB4wCgYIKoZIzj0EAwIw\\naDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK\\nEwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt\\nY2Etc2VydmVyMB4XDTIxMDkyMDExNDEwMFoXDTM2MDkxNjExNDEwMFowaDELMAkG\\nA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQKEwtIeXBl\\ncmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMtY2Etc2Vy\\ndmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyzGJLZX6pe59QAIBacjfzU4I\\nHezBYLyEu4ySpFx4xwxNLE4BWqLhB1VaOuenSQATM8pmSAy7i1830oM9elKWK6NW\\nMFQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE\\nFEoAAhmjq/3M8CFPc7N8SL53erL5MA8GA1UdEQQIMAaHBH8AAAEwCgYIKoZIzj0E\\nAwIDSAAwRQIhAJQ5PJOT4Gg8oiBU2KthMPkZqOLeu3Li4S3yBpLFgbsgAiB960P2\\nXPMu3HLoNXrktYOL9JzWlGyYRSPAnkap5Bsj0w==\\n-----END CERTIFICATE-----\\n"
                 },

test-network-k8s/kube/org0/org0-ca.yaml

@@ -16,7 +16,7 @@ spec:
   dnsNames:
     - localhost
     - org0-ca
-    - org0-ca.${NS}.svc.cluster.local
+    - org0-ca.${ORG0_NS}.svc.cluster.local
     - org0-ca.${DOMAIN}
   ipAddresses:
     - 127.0.0.1

test-network-k8s/kube/org0/org0-job-scrub-fabric-volumes.yaml

@@ -0,0 +1,32 @@
+#
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-scrub-fabric-volumes
+spec:
+  backoffLimit: 0
+  completions: 1
+  template:
+    metadata:
+      name: job-scrub-fabric-volumes
+    spec:
+      restartPolicy: "Never"
+      containers:
+        - name: main
+          image: busybox:latest
+          command:
+            - sh
+            - -c
+            - "rm -rvf /mnt/fabric-*/*"
+          volumeMounts:
+            - name: fabric-org0-volume
+              mountPath: /mnt/fabric-org0
+      volumes:
+        - name: fabric-org0-volume
+          persistentVolumeClaim:
+            claimName: fabric-org0

test-network-k8s/kube/org0/org0-orderer1.yaml

@@ -9,7 +9,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: org0-orderer1-tls-cert
-  namespace: ${NS}
+  namespace: ${ORG0_NS}
 spec:
   isCA: false
   privateKey:
@@ -18,7 +18,7 @@ spec:
   dnsNames:
     - localhost
     - org0-orderer1
-    - org0-orderer1.${NS}.svc.cluster.local
+    - org0-orderer1.${ORG0_NS}.svc.cluster.local
     - org0-orderer1.${DOMAIN}
     - org0-orderer1-admin.${DOMAIN}
   ipAddresses:

test-network-k8s/kube/org0/org0-orderer2.yaml

@@ -9,7 +9,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: org0-orderer2-tls-cert
-  namespace: ${NS}
+  namespace: ${ORG0_NS}
 spec:
   isCA: false
   privateKey:
@@ -18,7 +18,7 @@ spec:
   dnsNames:
     - localhost
     - org0-orderer2
-    - org0-orderer2.${NS}.svc.cluster.local
+    - org0-orderer2.${ORG0_NS}.svc.cluster.local
     - org0-orderer2.${DOMAIN}
     - org0-orderer2-admin.${DOMAIN}
   ipAddresses:

test-network-k8s/kube/org0/org0-orderer3.yaml

@@ -9,7 +9,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: org0-orderer3-tls-cert
-  namespace: ${NS}
+  namespace: ${ORG0_NS}
 spec:
   isCA: false
   privateKey:
@@ -18,7 +18,7 @@ spec:
   dnsNames:
     - localhost
     - org0-orderer3
-    - org0-orderer3.${NS}.svc.cluster.local
+    - org0-orderer3.${ORG0_NS}.svc.cluster.local
     - org0-orderer3.${DOMAIN}
     - org0-orderer3-admin.${DOMAIN}
   ipAddresses:

test-network-k8s/kube/org1/org1-ca.yaml

@@ -16,7 +16,7 @@ spec:
   dnsNames:
     - localhost
     - org1-ca
-    - org1-ca.${NS}.svc.cluster.local
+    - org1-ca.${ORG1_NS}.svc.cluster.local
     - org1-ca.${DOMAIN}
   ipAddresses:
     - 127.0.0.1

test-network-k8s/kube/org1/org1-job-scrub-fabric-volumes.yaml

@@ -0,0 +1,32 @@
+#
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-scrub-fabric-volumes
+spec:
+  backoffLimit: 0
+  completions: 1
+  template:
+    metadata:
+      name: job-scrub-fabric-volumes
+    spec:
+      restartPolicy: "Never"
+      containers:
+        - name: main
+          image: busybox:latest
+          command:
+            - sh
+            - -c
+            - "rm -rvf /mnt/fabric-*/*"
+          volumeMounts:
+            - name: fabric-org1-volume
+              mountPath: /mnt/fabric-org1
+      volumes:
+        - name: fabric-org1-volume
+          persistentVolumeClaim:
+            claimName: fabric-org1

test-network-k8s/kube/org1/org1-peer1.yaml

@@ -8,7 +8,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: org1-peer1-tls-cert
-  namespace: ${NS}
+  namespace: ${ORG1_NS}
 spec:
   isCA: false
   privateKey:
@@ -17,7 +17,7 @@ spec:
   dnsNames:
     - localhost
     - org1-peer1
-    - org1-peer1.${NS}.svc.cluster.local
+    - org1-peer1.${ORG1_NS}.svc.cluster.local
     - org1-peer1.${DOMAIN}
     - org1-peer-gateway-svc
     - org1-peer-gateway-svc.${DOMAIN}
@@ -46,7 +46,7 @@ data:
   CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
   # bootstrap peer is the other peer in the same org
   CORE_PEER_GOSSIP_BOOTSTRAP: org1-peer2:7051
-  CORE_PEER_GOSSIP_EXTERNALENDPOINT: org1-peer1:7051
+  CORE_PEER_GOSSIP_EXTERNALENDPOINT: org1-peer1.${ORG1_NS}.svc.cluster.local:7051
   CORE_PEER_LOCALMSPID: Org1MSP
   CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/organizations/peerOrganizations/org1.example.com/peers/org1-peer1.org1.example.com/msp
   CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443

test-network-k8s/kube/org1/org1-peer2.yaml

@@ -8,7 +8,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: org1-peer2-tls-cert
-  namespace: ${NS}
+  namespace: ${ORG1_NS}
 spec:
   isCA: false
   privateKey:
@@ -18,7 +18,7 @@ spec:
     - localhost
     - org1-peer2
     - org1-peer-gateway-svc
-    - org1-peer2.${NS}.svc.cluster.local
+    - org1-peer2.${ORG1_NS}.svc.cluster.local
     - org1-peer2.${DOMAIN}
   ipAddresses:
     - 127.0.0.1
@@ -46,7 +46,7 @@ data:
   CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
   # bootstrap peer is the other peer in the same org
   CORE_PEER_GOSSIP_BOOTSTRAP: org1-peer1:7051
-  CORE_PEER_GOSSIP_EXTERNALENDPOINT: org1-peer2:7051
+  CORE_PEER_GOSSIP_EXTERNALENDPOINT: org1-peer2.${ORG1_NS}.svc.cluster.local:7051
   CORE_PEER_LOCALMSPID: Org1MSP
   CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/organizations/peerOrganizations/org1.example.com/peers/org1-peer2.org1.example.com/msp
   CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443

test-network-k8s/kube/org2/org2-ca.yaml

@@ -16,7 +16,7 @@ spec:
   dnsNames:
     - localhost
     - org2-ca
-    - org2-ca.${NS}.svc.cluster.local
+    - org2-ca.${ORG2_NS}.svc.cluster.local
     - org2-ca.${DOMAIN}
   ipAddresses:
     - 127.0.0.1

test-network-k8s/kube/job-scrub-fabric-volumes.yaml → test-network-k8s/kube/org2/org2-job-scrub-fabric-volumes.yaml

@@ -24,19 +24,9 @@ spec:
             - -c
             - "rm -rvf /mnt/fabric-*/*"
           volumeMounts:
-            - name: fabric-org0-volume
-              mountPath: /mnt/fabric-org0
-            - name: fabric-org1-volume
-              mountPath: /mnt/fabric-org1
             - name: fabric-org2-volume
               mountPath: /mnt/fabric-org2
       volumes:
-        - name: fabric-org0-volume
-          persistentVolumeClaim:
-            claimName: fabric-org0
-        - name: fabric-org1-volume
-          persistentVolumeClaim:
-            claimName: fabric-org1
         - name: fabric-org2-volume
           persistentVolumeClaim:
             claimName: fabric-org2

test-network-k8s/kube/org2/org2-peer1.yaml

@@ -8,7 +8,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: org2-peer1-tls-cert
-  namespace: ${NS}
+  namespace: ${ORG2_NS}
 spec:
   isCA: false
   privateKey:
@@ -17,7 +17,7 @@ spec:
   dnsNames:
     - localhost
     - org2-peer1
-    - org2-peer1.${NS}.svc.cluster.local
+    - org2-peer1.${ORG2_NS}.svc.cluster.local
     - org2-peer1.${DOMAIN}
     - org2-peer-gateway-svc
     - org2-peer-gateway-svc.${DOMAIN}
@@ -46,7 +46,7 @@ data:
   CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
   # bootstrap peer is the other peer in the same org
   CORE_PEER_GOSSIP_BOOTSTRAP: org2-peer2:7051
-  CORE_PEER_GOSSIP_EXTERNALENDPOINT: org2-peer1:7051
+  CORE_PEER_GOSSIP_EXTERNALENDPOINT: org2-peer1.${ORG2_NS}.svc.cluster.local:7051
   CORE_PEER_LOCALMSPID: Org2MSP
   CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/organizations/peerOrganizations/org2.example.com/peers/org2-peer1.org2.example.com/msp
   CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443