update docs && inspect

kubectl-hlf/cmd/helpers/hlf.go

@@ -34,6 +34,8 @@ type ClusterCA struct {
 	Name       string
 	PublicURL  string
 	PrivateURL string
+	EnrollID   string
+	EnrollPWD  string
 	Item       hlfv1alpha1.FabricCA
 }
 
@@ -88,13 +90,22 @@ func GetClusterCAs(clientSet *kubernetes.Clientset, oclient *operatorv1.Clientse
 		if err != nil {
 			return nil, err
 		}
+		certAuthIdentities := certAuth.Spec.CA.Registry.Identities
+		var enrollId string
+		var enrollPwd string
+		if len(certAuthIdentities) > 0 {
+			enrollId = certAuthIdentities[0].Name
+			enrollPwd = certAuthIdentities[0].Pass
+		}
 		certAuths = append(certAuths, &ClusterCA{
 			Object:     certAuth,
 			Spec:       certAuth.Spec,
 			Status:     certAuth.Status,
 			Name:       certauthName,
 			PublicURL:  publicURL,
 			PrivateURL: privateURL,
+			EnrollID:   enrollId,
+			EnrollPWD:  enrollPwd,
 			Item:       certAuth,
 		})
 	}
@@ -311,7 +322,7 @@ func GetCAPublicURL(clientset *kubernetes.Clientset, node hlfv1alpha1.FabricCA)
 	return fmt.Sprintf("%s:%d", hostPort.Host, hostPort.Port), nil
 }
 func GetCAPrivateURL(node hlfv1alpha1.FabricCA) string {
-	return fmt.Sprintf("%s.%s:%s", node.Name, node.Namespace, "7050")
+	return fmt.Sprintf("%s.%s:%s", node.Name, node.Namespace, "7054")
 }
 
 func GetPeerPublicURL(clientset *kubernetes.Clientset, node hlfv1alpha1.FabricPeer) (string, error) {

kubectl-hlf/cmd/inspect/inspect.go

@@ -105,14 +105,20 @@ certificateAuthorities:
   
   "{{ $ca.Name }}":
 {{if $.Internal }}
-    url: grpcs://{{ $ca.PrivateURL }}
+    url: https://{{ $ca.PrivateURL }}
 {{ else }}
-    url: grpcs://{{ $ca.PublicURL }}
+    url: https://{{ $ca.PublicURL }}
+{{ end }}
+{{if $ca.EnrollID }}
+	registrar:
+		enrollId: {{ $ca.EnrollID }}
+		enrollSecret: {{ $ca.EnrollSecret }}
 {{ end }}
     caName: ca
     tlsCACerts:
-      pem: |
-{{ $ca.Status.TlsCert | indent 8 }}
+      pem: 
+		- |
+{{ $ca.Status.TlsCert | indent 12 }}
 
 {{- end }}
 

website-docs/docs/operator-guide/increase-resources.md

@@ -3,4 +3,96 @@ id: increase-resources
 title: Increase resources
 ---
 
-> To be released
+## Increase resources for the peer
+
+To increase the storage for the orderer node, you can modify the `resources` section in the fabricpeers object.
+
+Note that there are 5 different types of resources that can be increased:
+- peer
+- couchdb
+- chaincode
+- couchdbExporter
+
+```yaml
+resources:
+  peer:
+    limits:
+      cpu: "2"
+      memory: 2Gi
+    requests:
+      cpu: 10m
+      memory: 256Mi
+  chaincode:
+    limits:
+      cpu: 500m
+      memory: 256Mi
+    requests:
+      cpu: 10m
+      memory: 256Mi
+  couchdb:
+    limits:
+      cpu: "2"
+      memory: 2Gi
+    requests:
+      cpu: 10m
+      memory: 256Mi
+  couchdbExporter:
+    limits:
+      cpu: 500m
+      memory: 256Mi
+    requests:
+      cpu: 10m
+      memory: 256Mi
+```
+
+
+### Peer
+These resources are the ones used for the fabric-peer container.
+
+### CouchDB
+These resources are the ones used for the fabric-couchdb container.
+
+
+### CouchDB Exporter
+These resources are the ones used for the fabric-couchdb-exporter container in case it's enabled with the following property:
+
+```yaml
+  couchDBexporter:
+    enabled: true
+    image: gesellix/couchdb-prometheus-exporter
+    imagePullPolicy: IfNotPresent
+    tag: v30.0.0
+```
+
+### Chaincode
+
+This is used in case externalBuilder is enabled, in which case the chaincode container is created, this container is used to store the chaincode build output.
+
+
+## Increase storage for the orderer
+
+To increase the storage for the orderer node, you can modify the `resources` section in the fabricorderernode object
+
+```yaml
+resources:
+  limits:
+    cpu: "2"
+    memory: 2Gi
+  requests:
+    cpu: 10m
+    memory: 256Mi
+```
+
+## Increase storage for the certificate authority
+
+To increase the storage for the certificate authority, you can modify the `resources` section in the fabriccas object
+
+```yaml
+resources:
+  limits:
+    cpu: "2"
+    memory: 2Gi
+  requests:
+    cpu: 10m
+    memory: 256Mi
+```

website-docs/docs/operator-guide/increase-storage.md

@@ -3,4 +3,31 @@ id: increase-storage
 title: Increase storage
 ---
 
-> To be released
+## Increase storage for the peer
+```bash
+kubectl hlf peer upgrade-storage \
+    --name=peer1 --namespace=default \
+    --storage-size=10Gi
+```
+
+## Increase storage for the orderer
+```bash
+kubectl hlf orderer upgrade-storage \
+    --name=orderer1 --namespace=default \
+    --storage-size=10Gi
+```
+
+## Increase storage for the certificate authority
+```bash
+kubectl hlf peer upgrade-storage \
+    --name=peer1 --namespace=default \
+    --storage-size=10Gi
+```
+
+## Increase storage for the CouchDB
+
+```bash
+kubectl hlf peer upgrade-storage \
+    --name=peer1 --namespace=default \
+    --storage-size=10Gi
+```

website-docs/docs/operator-guide/migrate-network.md

@@ -3,4 +3,32 @@ id: migrate-network
 title: Migrate network
 ---
 
-> To be released
+This document is a walkthrough of the steps required to migrate a network from another method to the HLF operator.
+
+## Peer migration
+
+The best migration is to perform migration at all. For the peers this is possible by spinning up a new set of peers with new domains.
+
+In order to do this, we must create the certificate authority with the Keys and Certificates that were used to create the previous peer certificates.
+
+## Ordering service migration
+
+For the ordering service, a new set of orderer nodes must be created with new domains. In order to do this, we must create the certificate authority with the Keys and Certificates that were used to create the previous peer certificates.
+
+For example, if we have an existing ordering service with the following URLs:
+- orderer1.myorg.com:7050
+- orderer2.myorg.com:7050
+- orderer3.myorg.com:7050
+- orderer4.myorg.com:7050
+- orderer5.myorg.com:7050
+
+
+We must create with the HLF operator the following orderer nodes:
+- orderer6.myorg.com:7050
+- orderer7.myorg.com:7050
+- orderer8.myorg.com:7050
+- orderer9.myorg.com:7050
+- orderer10.myorg.com:7050
+
+
+After these nodes are created, we must join them to the channel, when the orderer nodes are joined to the channel and we're confident enough about the new set of orderers, progressively, we must update the channel configuration to include the new orderers as consenters, and remove the old ones.

website-docs/docs/operator-guide/monitoring.md

@@ -3,4 +3,16 @@ id: monitoring
 title: Monitoring
 ---
 
-> To be released
+The CRDs for the orderer, peer, and certificate authority have an optional parameter to create the service monitors to scrape the metrics automatically if Prometheus Operator is installed on the cluster.
+
+
+```yaml
+  serviceMonitor:
+    enabled: true
+    interval: 10s
+    labels: {}
+    sampleLimit: 0
+    scrapeTimeout: 10s
+```
+
+There are some dashboards available in the Github repository for Grafana available at https://github.com/kfsoftware/hlf-operator.

website-docs/docs/operator-guide/renew-certificates.md

@@ -3,4 +3,25 @@ id: renew-certificates
 title: Renew certificates
 ---
 
-> To be released
+In order to trigger the renewal of the certificates, either for the orderer or for the peer, we can use the `hlf ca renew <node_type>` command.
+
+## Renewing certificates for the peer
+
+```bash
+PEER_NAME=peer1
+PEER_NS=default
+hlf ca renew peer --name=peer-ca --namespace=default
+```
+
+## Renewing certificates for the orderer
+
+```bash
+ORDERER_NAME=orderer1
+ORDERER_NS=default
+hlf ca renew orderer --name=$ORDERER_NAME --namespace=$ORDERER_NS
+```
+### !!!! IMPORTANT !!!!
+When renewing the orderer certificates, the channel which the orderer is consenter of must be updated with the new certificates generated by the operator.
+
+This operation is not handled by the operator, since the operator does not know the channels that the orderer is consenter of, neither has the authority to update the channel since the signatures needed can vary depending on the configuration.
+

website-docs/docs/user-guide/enroll-users.md

@@ -3,4 +3,43 @@ id: enroll-users
 title: Register & Enroll users
 ---
 
-> To be released
+
+## Registering users
+
+```bash
+ENROLL_ID=enroll # enroll id for the CA, default `enroll`
+ENROLL_SECRET=enrollpw # enroll secret for the CA, default `enrollpw`
+USER_TYPE=peer # can be `peer`, `orderer`, `client` or `admin`
+USER_NAME=peer
+USER_SECRET=peerpw
+MSP_ID=Org1MSP
+kubectl hlf ca register --name=$CA_NAME --namespace=$CA_NAMESPACE \
+    --user $USER --secret=$USER_SECRET --type=$USER_TYPE \
+    --enroll-id=$ENROLL_ID --enroll-secret=$ENROLL_SECRET \
+    --mspid $MSP_ID
+```
+
+## Enrolling users in the TLS CA
+
+```bash
+CA_NAME=org1-ca
+CA_NAMESPACE=default
+CA_MSPID=Org1MSP
+CA_TYPE=ca # can be `ca` or `tlsca`
+kubectl hlf ca enroll --name=$CA_NAME --namespace=$CA_NAMESPACE \
+    --user=admin --secret=adminpw --mspid $CA_MSPID \
+    --ca-name $CA_TYPE  --output user.yaml 
+```
+
+
+## Enrolling users in the Sign CA
+
+```bash
+CA_NAME=org1-ca
+CA_NAMESPACE=default
+CA_MSPID=Org1MSP
+CA_TYPE=tlsca # can be `ca` or `tlsca`
+kubectl hlf ca enroll --name=$CA_NAME --namespace=$CA_NAMESPACE \
+    --user=admin --secret=adminpw --mspid $CA_MSPID \
+    --ca-name $CA_TYPE  --output user.yaml 
+```