Skip to content

Hashicorp Vault Integration #260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 26 commits into from
Jul 22, 2025
Merged

Hashicorp Vault Integration #260

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
783ec05
Start the implementation of Hashicorp Vault for bevel operator fabric
dviejokfs Mar 9, 2025
070a3f9
Update in implementation vault
dviejokfs Mar 19, 2025
26291a7
CA controller integration with Hashicorp Vault
dviejokfs Mar 25, 2025
5213ead
Modify types for impl
dviejokfs Apr 26, 2025
f4da88a
Progress on HLF vault
dviejokfs Apr 27, 2025
298d1a9
Update
dviejokfs Apr 27, 2025
99805b4
Implement vault in identity_controller
dviejokfs Apr 27, 2025
730abc6
Update
dviejokfs Apr 27, 2025
ec3a8fb
Update
dviejokfs Apr 29, 2025
4869c2f
Merge remote-tracking branch 'origin/main' into feat/implement-hashic…
dviejokfs Apr 29, 2025
76f6d54
Fix go.mod/go.sum
dviejokfs Apr 29, 2025
3d6ac38
Update
dviejokfs May 1, 2025
f1389f5
Update
dviejokfs May 2, 2025
778db3e
Merge branch 'feat/implement-hashicorp-vault' of https://github.com/h…
dviejokfs May 2, 2025
8e08997
Update
dviejokfs May 4, 2025
3b551fe
Fix tests
dviejokfs May 5, 2025
0cec526
Fix tests
dviejokfs May 5, 2025
22e7334
Fix tests
dviejokfs May 5, 2025
c82b102
Update
dviejokfs Jul 22, 2025
7a06066
Merge remote-tracking branch 'origin' into feat/implement-hashicorp-v…
dviejokfs Jul 22, 2025
d7959d8
Enhance Fabric CA configuration by making replicas field nullable and…
dviejokfs Jul 22, 2025
c87e3d6
Fix tests
dviejokfs Jul 22, 2025
5473889
Merge remote-tracking branch 'origin' into feat/implement-hashicorp-v…
dviejokfs Jul 22, 2025
e36d8a5
Update dependencies and remove unused client examples
dviejokfs Jul 22, 2025
95257a4
Update dependencies in go.mod and go.sum
dviejokfs Jul 22, 2025
21c4d4e
Update
dviejokfs Jul 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/test-kubectl-plugin.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ jobs:
export CA_IMAGE=hyperledger/fabric-ca
export CA_VERSION=1.5.13

kubectl hlf ca create --image=$CA_IMAGE --version=$CA_VERSION --storage-class=standard --capacity=2Gi --name=org1-ca \
kubectl hlf ca create --credential-store=kubernetes --image=$CA_IMAGE --version=$CA_VERSION --storage-class=standard --capacity=2Gi --name=org1-ca \
--enroll-id=enroll --hosts=org1-ca.localho.st --enroll-pw=enrollpw
kubectl wait --timeout=240s --for=condition=Running fabriccas.hlf.kungfusoftware.es --all

Expand All @@ -182,7 +182,7 @@ jobs:
--enroll-id enroll --enroll-secret=enrollpw --mspid Org1MSP


kubectl hlf peer create --statedb=couchdb --image=$PEER_IMAGE --version=$PEER_VERSION \
kubectl hlf peer create --credential-store=kubernetes --statedb=couchdb --image=$PEER_IMAGE --version=$PEER_VERSION \
--storage-class=standard --enroll-id=peer --mspid=Org1MSP \
--enroll-pw=peerpw --hosts=peer0-org1.localho.st --capacity=5Gi --name=org1-peer0 --ca-name=org1-ca.default
kubectl wait --timeout=240s --for=condition=Running fabricpeers.hlf.kungfusoftware.es --all
Expand All @@ -194,14 +194,14 @@ jobs:
export CA_IMAGE=hyperledger/fabric-ca
export CA_VERSION=1.5.13

kubectl hlf ca create --image=$CA_IMAGE --version=$CA_VERSION --storage-class=standard --capacity=2Gi --name=ord-ca \
kubectl hlf ca create --credential-store=kubernetes --image=$CA_IMAGE --version=$CA_VERSION --storage-class=standard --capacity=2Gi --name=ord-ca \
--enroll-id=enroll --enroll-pw=enrollpw --hosts=ord-ca.localho.st

kubectl wait --timeout=240s --for=condition=Running fabriccas.hlf.kungfusoftware.es --all
kubectl hlf ca register --name=ord-ca --user=orderer --secret=ordererpw \
--type=orderer --enroll-id enroll --enroll-secret=enrollpw --mspid=OrdererMSP

kubectl hlf ordnode create --image=$ORDERER_IMAGE --version=$ORDERER_VERSION \
kubectl hlf ordnode create --credential-store=kubernetes --image=$ORDERER_IMAGE --version=$ORDERER_VERSION \
--storage-class=standard --enroll-id=orderer --mspid=OrdererMSP --hosts=orderer0-ord.localho.st --admin-hosts=admin-orderer0-ord.localho.st \
--enroll-pw=ordererpw --capacity=2Gi --name=ord-node1 --ca-name=ord-ca.default
kubectl wait --timeout=240s --for=condition=Running fabricorderernodes.hlf.kungfusoftware.es --all
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ jobs:
test:
strategy:
matrix:
go-version: [ 1.23.1 ]
go-version: [ 1.23.5 ]
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}
steps:
Expand Down
6 changes: 3 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,13 +222,13 @@ EOF

```bash
export PEER_IMAGE=hyperledger/fabric-peer
export PEER_VERSION=3.0.0
export PEER_VERSION=3.1.0

export ORDERER_IMAGE=hyperledger/fabric-orderer
export ORDERER_VERSION=3.0.0
export ORDERER_VERSION=3.1.0

export CA_IMAGE=hyperledger/fabric-ca
export CA_VERSION=1.5.13
export CA_VERSION=1.5.15
```

### Configure Internal DNS
Expand Down
138 changes: 129 additions & 9 deletions config/crd/bases/hlf.kungfusoftware.es_fabriccas.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -647,13 +647,13 @@ spec:
attrs:
properties:
hf.AffiliationMgr:
default: true
default: false
type: boolean
hf.GenCRL:
default: true
default: false
type: boolean
hf.IntermediateCA:
default: true
default: false
type: boolean
hf.Registrar.Attributes:
default: '*'
Expand All @@ -665,7 +665,7 @@ spec:
default: '*'
type: string
hf.Revoker:
default: true
default: false
type: boolean
required:
- hf.AffiliationMgr
Expand Down Expand Up @@ -826,6 +826,12 @@ spec:
- enabled
- origins
type: object
credentialStore:
default: kubernetes
enum:
- kubernetes
- vault
type: string
db:
properties:
datasource:
Expand Down Expand Up @@ -1050,6 +1056,7 @@ spec:
type: object
replicas:
default: 1
nullable: true
type: integer
resources:
properties:
Expand Down Expand Up @@ -1336,13 +1343,13 @@ spec:
attrs:
properties:
hf.AffiliationMgr:
default: true
default: false
type: boolean
hf.GenCRL:
default: true
default: false
type: boolean
hf.IntermediateCA:
default: true
default: false
type: boolean
hf.Registrar.Attributes:
default: '*'
Expand All @@ -1354,7 +1361,7 @@ spec:
default: '*'
type: string
hf.Revoker:
default: true
default: false
type: boolean
required:
- hf.AffiliationMgr
Expand Down Expand Up @@ -1546,6 +1553,120 @@ spec:
required:
- entryPoints
type: object
vault:
nullable: true
properties:
request:
properties:
pki:
type: string
role:
type: string
ttl:
default: 8760h
type: string
userIDs:
default: []
items:
type: string
nullable: true
type: array
required:
- pki
- role
type: object
vault:
properties:
authPath:
default: kubernetes
nullable: true
type: string
backend:
default: kv
type: string
caCert:
type: string
clientCert:
type: string
clientKey:
properties:
key:
type: string
name:
type: string
namespace:
type: string
required:
- key
- name
- namespace
type: object
kvVersion:
default: 2
type: integer
maxRetries:
default: 2
type: integer
path:
nullable: true
type: string
role:
nullable: true
type: string
secretIdSecretRef:
nullable: true
properties:
key:
type: string
name:
type: string
namespace:
type: string
required:
- key
- name
- namespace
type: object
serverCert:
nullable: true
type: string
serverName:
type: string
serviceAccountTokenPath:
nullable: true
type: string
timeout:
default: 30s
type: string
tlsSkipVerify:
default: false
type: boolean
tokenSecretRef:
nullable: true
properties:
key:
type: string
name:
type: string
namespace:
type: string
required:
- key
- name
- namespace
type: object
url:
type: string
required:
- maxRetries
- timeout
- tlsSkipVerify
- url
type: object
required:
- request
- vault
type: object
version:
minLength: 1
type: string
Expand All @@ -1558,7 +1679,6 @@ spec:
- hosts
- image
- metrics
- replicas
- resources
- rootCA
- service
Expand Down
Loading