diff --git a/.github/actions/fsat-setup/action.yaml b/.github/actions/fsat-setup/action.yaml index 4adb50b830..8b0ff661b5 100644 --- a/.github/actions/fsat-setup/action.yaml +++ b/.github/actions/fsat-setup/action.yaml @@ -12,10 +12,10 @@ inputs: default: v0.25.3 fabric-version: description: Version of Hyperledger Fabric - default: '2.5.1' + default: '2.5.4' ca-version: description: Version of Hyperledger Fabric CA - default: '1.5.6' + default: '1.5.7' runs: using: "composite" diff --git a/.github/actions/test-network-setup/action.yaml b/.github/actions/test-network-setup/action.yaml index eb4eb392b3..af339aae59 100644 --- a/.github/actions/test-network-setup/action.yaml +++ b/.github/actions/test-network-setup/action.yaml @@ -3,7 +3,7 @@ description: Set up the Test Network Runtime inputs: go-version: description: Version of go - default: 1.19.6 + default: 1.20.7 node-version: description: Version of node default: 18.x @@ -12,10 +12,10 @@ inputs: default: 11.x fabric-version: description: Version of Hyperledger Fabric - default: 2.5.1 + default: 2.5.4 ca-version: description: Version of Hyperledger Fabric CA - default: 1.5.6 + default: 1.5.7 runs: using: "composite" diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 73795616b1..c31f3e8cc6 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -16,7 +16,7 @@ concurrency: cancel-in-progress: true env: - GO_VER: 1.19.6 + GO_VER: 1.20.7 NODE_VER: 18.x JAVA_VER: 11.x diff --git a/full-stack-asset-transfer-guide/check.sh b/full-stack-asset-transfer-guide/check.sh index 459843f44e..c3ec464102 100755 --- a/full-stack-asset-transfer-guide/check.sh +++ b/full-stack-asset-transfer-guide/check.sh @@ -12,7 +12,7 @@ else echo -e "${SUCCESS} Docker found:\t$(cat /tmp/cmdpath)" fi -KUBECTL_VERSION=v1.24.4 # $(curl -L -s https://dl.k8s.io/release/stable.txt) +KUBECTL_VERSION=v1.28.2 # $(curl -L -s https://dl.k8s.io/release/stable.txt) if ! command -v kubectl &> /tmp/cmdpath then echo "${WARN} Please install kubectl if you want to use k8s; suggested install commands:" @@ -46,7 +46,7 @@ else fi # Install kind -KIND_VERSION=0.14.0 +KIND_VERSION=0.20.0 if ! command -v kind &> /tmp/cmdpath then echo "${WARN} Please install kind; suggested install commands:" diff --git a/full-stack-asset-transfer-guide/infrastructure/kind_console_ingress/templates/ingress/kustomization.yaml b/full-stack-asset-transfer-guide/infrastructure/kind_console_ingress/templates/ingress/kustomization.yaml index 6d57058b52..e1392885b4 100644 --- a/full-stack-asset-transfer-guide/infrastructure/kind_console_ingress/templates/ingress/kustomization.yaml +++ b/full-stack-asset-transfer-guide/infrastructure/kind_console_ingress/templates/ingress/kustomization.yaml @@ -19,19 +19,18 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://github.com/kubernetes/ingress-nginx.git/deploy/static/provider/cloud?ref=controller-v1.1.2 +- https://github.com/kubernetes/ingress-nginx.git/deploy/static/provider/cloud?ref=controller-v1.1.2 -patchesStrategicMerge: - - ingress-nginx-controller.yaml # Remove the port `appProtocol` attribute as this is not accepted by all cloud providers -patchesJson6902: - - target: - kind: Service - name: ingress-nginx-controller - version: v1 - patch: |- - - op: remove - path: "/spec/ports/0/appProtocol" - - op: remove - path: "/spec/ports/1/appProtocol" +patches: +- patch: |- + - op: remove + path: "/spec/ports/0/appProtocol" + - op: remove + path: "/spec/ports/1/appProtocol" + target: + kind: Service + name: ingress-nginx-controller + version: v1 +- path: ingress-nginx-controller.yaml diff --git a/full-stack-asset-transfer-guide/infrastructure/kind_with_nginx.sh b/full-stack-asset-transfer-guide/infrastructure/kind_with_nginx.sh index 82bba90014..39ac1a58a2 100755 --- a/full-stack-asset-transfer-guide/infrastructure/kind_with_nginx.sh +++ b/full-stack-asset-transfer-guide/infrastructure/kind_with_nginx.sh @@ -21,7 +21,7 @@ set -eo pipefail set -x KIND_CLUSTER_NAME=kind -KIND_CLUSTER_IMAGE=${KIND_CLUSTER_IMAGE:-kindest/node:v1.24.4} # Important! k8s v1.25.0 brings breaking changes. +KIND_CLUSTER_IMAGE=${KIND_CLUSTER_IMAGE:-kindest/node:v1.28.0} # Important! k8s v1.25.0 brings breaking changes. KIND_API_SERVER_ADDRESS=${KIND_API_SERVER_ADDRESS:-127.0.0.1} KIND_API_SERVER_PORT=${KIND_API_SERVER_PORT:-8888} CONTAINER_REGISTRY_NAME=${CONTAINER_REGISTRY_NAME:-kind-registry} diff --git a/full-stack-asset-transfer-guide/infrastructure/operator_console_playbooks/01-operator-install.yml b/full-stack-asset-transfer-guide/infrastructure/operator_console_playbooks/01-operator-install.yml index 256f98b99a..daba33ced2 100644 --- a/full-stack-asset-transfer-guide/infrastructure/operator_console_playbooks/01-operator-install.yml +++ b/full-stack-asset-transfer-guide/infrastructure/operator_console_playbooks/01-operator-install.yml @@ -10,4 +10,4 @@ state: present wait_timeout: 3600 roles: - - ibm.blockchain_platform.fabric_operator_crds + - hyperledger.fabric_ansible_collection.fabric_operator_crds diff --git a/full-stack-asset-transfer-guide/infrastructure/operator_console_playbooks/02-console-install.yml b/full-stack-asset-transfer-guide/infrastructure/operator_console_playbooks/02-console-install.yml index 13718bc2df..936621ffd6 100644 --- a/full-stack-asset-transfer-guide/infrastructure/operator_console_playbooks/02-console-install.yml +++ b/full-stack-asset-transfer-guide/infrastructure/operator_console_playbooks/02-console-install.yml @@ -10,4 +10,4 @@ state: present wait_timeout: 3600 roles: - - ibm.blockchain_platform.fabric_console + - hyperledger.fabric_ansible_collection.fabric_console diff --git a/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/fabric-operator-clusterrole.yaml b/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/fabric-operator-clusterrole.yaml index 3a775e7617..4c0619998b 100644 --- a/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/fabric-operator-clusterrole.yaml +++ b/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/fabric-operator-clusterrole.yaml @@ -27,14 +27,6 @@ metadata: app.kubernetes.io/instance: "ibm-hlfsupport" app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" rules: - - apiGroups: - - extensions - resourceNames: - - ibm-hlfsupport-psp - resources: - - podsecuritypolicies - verbs: - - use - apiGroups: - apiextensions.k8s.io resources: diff --git a/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/fabric-operator-psp.yaml b/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/fabric-operator-psp.yaml deleted file mode 100644 index dcd53c72ee..0000000000 --- a/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/fabric-operator-psp.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# -# Copyright contributors to the Hyperledger Fabric Operator project -# -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: ibm-hlfsupport-psp -spec: - hostIPC: false - hostNetwork: false - hostPID: false - privileged: true - allowPrivilegeEscalation: true - readOnlyRootFilesystem: false - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - fsGroup: - rule: RunAsAny - requiredDropCapabilities: - - ALL - allowedCapabilities: - - NET_BIND_SERVICE - - CHOWN - - DAC_OVERRIDE - - SETGID - - SETUID - - FOWNER - volumes: - - '*' diff --git a/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/kustomization.yaml b/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/kustomization.yaml index a6930c5dc5..bdb0039e94 100644 --- a/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/kustomization.yaml +++ b/full-stack-asset-transfer-guide/infrastructure/sample-network/config/rbac/kustomization.yaml @@ -19,7 +19,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - fabric-operator-psp.yaml - fabric-operator-serviceaccount.yaml - fabric-operator-clusterrole.yaml - fabric-operator-clusterrolebinding.yaml diff --git a/full-stack-asset-transfer-guide/infrastructure/sample-network/scripts/sample_network.sh b/full-stack-asset-transfer-guide/infrastructure/sample-network/scripts/sample_network.sh index 8a56e89240..8fd8d636b7 100644 --- a/full-stack-asset-transfer-guide/infrastructure/sample-network/scripts/sample_network.sh +++ b/full-stack-asset-transfer-guide/infrastructure/sample-network/scripts/sample_network.sh @@ -60,6 +60,9 @@ metadata: name: ${NS} EOF + # https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/ + kubectl label --overwrite namespace $NS pod-security.kubernetes.io/enforce=baseline + pop_fn } diff --git a/full-stack-asset-transfer-guide/justfile b/full-stack-asset-transfer-guide/justfile index 6502b4c31b..782ee58d37 100644 --- a/full-stack-asset-transfer-guide/justfile +++ b/full-stack-asset-transfer-guide/justfile @@ -284,7 +284,7 @@ cloud-frontend: # ANSIBLE PLAYBOOK TARGETS # ############################################################################### -ansible_image := env_var_or_default("ANSIBLE_IMAGE", "ghcr.io/ibm-blockchain/ofs-ansibe:sha-ac6fd82") +ansible_image := env_var_or_default("ANSIBLE_IMAGE", "ghcr.io/hyperledger-labs/fabric-ansible:latest") namespace := env_var_or_default("WORKSHOP_NAMESPACE", "fabricinfra") # just set up everything with Ansible @@ -339,7 +339,7 @@ ansible-ingress: docker run \ --rm \ - -v ${HOME}/.kube/:/home/ibp-user/.kube/ \ + -v ${HOME}/.kube/:/home/hlf-user/.kube/ \ -v ${CWDIR}/_cfg:/_cfg \ -v $(pwd)/infrastructure/kind_console_ingress:/playbooks \ --network=host ${EXTRAS} \ @@ -361,7 +361,7 @@ ansible-operator: docker run \ --rm \ - -v ${HOME}/.kube/:/home/ibp-user/.kube/ \ + -v ${HOME}/.kube/:/home/hlf-user/.kube/ \ -v ${CWDIR}/_cfg:/_cfg \ -v $(pwd)/infrastructure/operator_console_playbooks:/playbooks ${EXTRAS} \ --network=host \ @@ -380,7 +380,7 @@ ansible-console: docker run \ --rm \ - -v ${HOME}/.kube/:/home/ibp-user/.kube/ \ + -v ${HOME}/.kube/:/home/hlf-user/.kube/ \ -v $(pwd)/infrastructure/operator_console_playbooks:/playbooks ${EXTRAS} \ -v ${CWDIR}/_cfg:/_cfg \ --network=host \ @@ -418,7 +418,7 @@ ansible-network: ansible-auth docker run \ --rm \ -u $(id -u) \ - -v ${HOME}/.kube/:/home/ibp-user/.kube/ \ + -v ${HOME}/.kube/:/home/hlf-user/.kube/ \ -v ${CWDIR}/infrastructure/fabric_network_playbooks:/playbooks ${EXTRAS} \ -v ${CWDIR}/_cfg:/_cfg \ --network=host \ @@ -469,7 +469,7 @@ ansible-deploy-chaincode: docker run \ --rm \ -u $(id -u) \ - -v ${HOME}/.kube/:/home/ibp-user/.kube/ \ + -v ${HOME}/.kube/:/home/hlf-user/.kube/ \ -v ${CWDIR}/infrastructure/production_chaincode_playbooks:/playbooks ${EXTRAS} \ -v ${CWDIR}/_cfg:/_cfg \ --network=host \ @@ -479,7 +479,7 @@ ansible-deploy-chaincode: docker run \ --rm \ -u $(id -u) \ - -v ${HOME}/.kube/:/home/ibp-user/.kube/ \ + -v ${HOME}/.kube/:/home/hlf-user/.kube/ \ -v ${CWDIR}/infrastructure/production_chaincode_playbooks:/playbooks ${EXTRAS} \ -v ${CWDIR}/_cfg:/_cfg \ --network=host \ @@ -489,7 +489,7 @@ ansible-deploy-chaincode: docker run \ --rm \ -u $(id -u) \ - -v ${HOME}/.kube/:/home/ibp-user/.kube/ \ + -v ${HOME}/.kube/:/home/hlf-user/.kube/ \ -v ${CWDIR}/infrastructure/production_chaincode_playbooks:/playbooks ${EXTRAS} \ -v ${CWDIR}/_cfg:/_cfg \ --network=host \ @@ -509,7 +509,7 @@ ansible-ready-application: docker run \ --rm \ -u $(id -u) \ - -v ${HOME}/.kube/:/home/ibp-user/.kube/ \ + -v ${HOME}/.kube/:/home/hlf-user/.kube/ \ -v ${CWDIR}/infrastructure/production_chaincode_playbooks:/playbooks ${EXTRAS} \ -v ${CWDIR}/_cfg:/_cfg \ --network=host \