Authors:
This tutorial guides you through deploying a production-ready Hyperledger Fabric blockchain network using NPCI's Falcon platform. You'll learn to set up certificate authorities, deploy orderers and peers, and configure smart contracts across multiple organisations.
By the end of this tutorial, you'll have deployed:
Estimated completion time: 45-60 minutes
Before starting this tutorial, ensure you have:
Infrastructure Requirements:
Network Configuration:
Verification Commands:
# Verify Kubernetes version
kubectl version --client
# Check Helm installation
helm version
# Verify Nginx Ingress
kubectl get pods -n ingress-nginx
Domain Setup:
# Test DNS resolution (replace with your domain)
nslookup test.my-hlf-domain.com
# Verify ingress connectivity
telnet anyname.my-hlf-domain.com 30000
First, clone the Falcon repository and prepare your deployment environment.
# Clone Falcon repository
git clone https://github.com/npci/falcon.git
cd falcon
# Set your domain name (replace with your actual domain)
export HLF_DOMAIN="my-hlf-domain.com"
export PROJECT_NAME="yourproject"
Deploy FileStore Server
The FileStore server manages shared artifacts like genesis blocks and chaincode packages.
# Deploy filestore with namespace creation
helm install filestore -n filestore helm-charts/filestore/ \
-f examples/filestore/values.yaml --create-namespace
Verify deployment:
# Check filestore pod status
kubectl get pods -n filestore
# Test filestore connectivity
curl http://filestore.${HLF_DOMAIN}:30001
Expected output:
If you see the FileStore Server page, your infrastructure is correctly configured.
Deploy Root Certificate Authority
Create the foundation certificate authority for your network.
# Create orderer namespace
kubectl create ns orderer
# Create Root CA credentials
kubectl -n orderer create secret generic rca-secret \
--from-literal=user=rca-admin \
--from-literal=password=rcaComplexPassword
# Deploy Root CA
helm install root-ca -n orderer helm-charts/fabric-ca \
-f examples/fabric-ca/root-ca.yaml
Verify Root CA deployment:
# Check Root CA pod status
kubectl get pods -n orderer -l app=root-ca
# Test Root CA connectivity
curl https://root-ca.${HLF_DOMAIN}:30000/cainfo --insecure
Expected JSON response:
The JSON response confirms your Root CA is operational and ready to issue certificates.
Deploy TLS Certificate Authority
Set up the TLS CA for secure inter-node communication.
# Create TLS CA credentials
kubectl -n orderer create secret generic tlsca-secret \
--from-literal=user=tls-admin \
--from-literal=password=TlsComplexPassword
# Deploy TLS CA
helm install tls-ca -n orderer helm-charts/fabric-ca \
-f examples/fabric-ca/tls-ca.yaml
Verify TLS CA:
# Check TLS CA status
kubectl get pods -n orderer -l app=tls-ca
# Test TLS CA connectivity
curl https://tls-ca.${HLF_DOMAIN}:30000/cainfo --insecure
Before proceeding with deployment, understand the two deployment strategies Falcon supports:
Single DC Strategy: All components in one data center - ideal for development and testing.
Multi DC Strategy:Components distributed across multiple data centers - suitable for production with high availability requirements.
Create Root CA Identities
Register organisational identities with the Root CA.
# Register identities with Root CA
helm install rootca-ops -n orderer helm-charts/fabric-ops/ \
-f examples/fabric-ops/rootca/rootca-identities.yaml
Create TLS CA Identities
Register TLS identities for secure communications.
# Register TLS identities
helm install tlsca-ops -n orderer helm-charts/fabric-ops/ \
-f examples/fabric-ops/tlsca/tlsca-identities.yaml
Monitor identity registration:
# Check job completion
kubectl get jobs -n orderer
# View job logs for verification
kubectl logs -n orderer job/rootca-ops
kubectl logs -n orderer job/tlsca-ops
Deploy Orderer ICA
Create intermediate CA for the orderer organisation.
# Deploy Orderer ICA
helm install ica-orderer -n orderer helm-charts/fabric-ca \
-f examples/fabric-ca/ica-orderer.yaml
Deploy Initial Peer Organisation ICA
Set up the intermediate CA for the first peer organisation.
# Create namespace for initial peer org
kubectl create ns initialpeerorg
# Deploy Initial Peer Org ICA
helm install ica-initialpeerorg -n initialpeerorg helm-charts/fabric-ca \
-f examples/fabric-ca/ica-initialpeerorg.yaml
Verify ICA deployments:
# Check orderer ICA
kubectl get pods -n orderer -l app=ica-orderer
# Check initial peer org ICA
kubectl get pods -n initialpeerorg -l app=ica-initialpeerorg
Create Orderer and Peer Identities
Generate identities for orderer and peer organisations.
# Create orderer identities
helm install orderer-ops -n orderer helm-charts/fabric-ops/ \
-f examples/fabric-ops/orderer/orderer-identities.yaml
# Create initial peer org identities
helm install initialpeerorg-ops -n initialpeerorg helm-charts/fabric-ops/ \
-f examples/fabric-ops/initialpeerorg/identities.yaml
Generate Genesis Block and Channel Configuration
Create the foundational network configuration.
# Generate genesis block and channel transaction
helm install cryptogen -n orderer helm-charts/fabric-ops/ \
-f examples/fabric-ops/orderer/orderer-cryptogen.yaml
Verify artifact generation:
# Check job completion
kubectl get jobs -n orderer -l app=cryptogen
# Verify artifacts in filestore
curl http://filestore.${HLF_DOMAIN}:30001/yourproject/
Deploy Orderer Services
Launch the orderer services that manage transaction ordering.
# Deploy orderers
helm install orderer -n orderer helm-charts/fabric-orderer/ \
-f examples/fabric-orderer/orderer.yaml
Verify orderer deployment:
# Check orderer pods (should see 3 orderers)
kubectl get pods -n orderer -l app=orderer
# Check orderer logs
kubectl logs -n orderer orderer-0
Deploy Initial Peer Organisation
Deploy peers for the initial organisation.
# Deploy initial peer org peers
helm install peer -n initialpeerorg helm-charts/fabric-peer/ \
-f examples/fabric-peer/initialpeerorg/values.yaml
Verify peer deployment:
# Check peer pods (should see 3 peers with multiple containers each)
kubectl get pods -n initialpeerorg
# Verify peer connectivity
kubectl logs -n initialpeerorg peer0-initialpeerorg-0 -c peer
Create Application Channel
Set up the channel where transactions will occur.
# Create channel
helm install channelcreate -n initialpeerorg helm-charts/fabric-ops/ \
-f examples/fabric-ops/initialpeerorg/channel-create.yaml
# Update anchor peers
helm install updateanchorpeer -n initialpeerorg helm-charts/fabric-ops/ \
-f examples/fabric-ops/initialpeerorg/update-anchor-peer.yaml
Deploy Smart Contract
Install and instantiate a sample smart contract.
Upload Chaincode to FileStore
Before installing chaincode, upload the package to the filestore.
# If using the sample chaincode (no action needed - it's included)
# If using custom chaincode, upload it:
# curl -X POST -F "file=@your-chaincode.tar.gz" \
# http://filestore.${HLF_DOMAIN}:30001/upload/yourproject/
# Verify chaincode file exists in filestore
curl http://filestore.${HLF_DOMAIN}:30001/yourproject/
Install chaincode:
# Install chaincode on initial peer org
helm install installchaincode -n initialpeerorg helm-charts/fabric-ops/ \
-f examples/fabric-ops/initialpeerorg/install-chaincode.yaml
Deploy Organisation 1
Add the first additional organisation to your network.
# Create Org1 namespace
kubectl create ns org1
# Deploy Org1 ICA
helm install ica-org1 -n org1 helm-charts/fabric-ca \
-f examples/fabric-ca/ica-org1.yaml
# Create Org1 identities
helm install org1-ca-ops -n org1 helm-charts/fabric-ops/ \
-f examples/fabric-ops/org1/identities.yaml
# Add Org1 to network channel
helm install configorgchannel -n initialpeerorg helm-charts/fabric-ops/ \
-f examples/fabric-ops/initialpeerorg/configure-org-channel.yaml
# Deploy Org1 peers
helm install peer -n org1 helm-charts/fabric-peer/ \
-f examples/fabric-peer/org1/values.yaml
# Install chaincode on Org1
helm install installchaincode -n org1 helm-charts/fabric-ops/ \
-f examples/fabric-ops/org1/install-chaincode.yaml
# Update Org1 anchor peers
helm install updateanchorpeer -n org1 helm-charts/fabric-ops/ \
-f examples/fabric-ops/org1/update-anchor-peer.yaml
Deploy Organisation 2
Add the second organisation following the same pattern.
# Create Org2 namespace
kubectl create ns org2
# Deploy Org2 ICA
helm install ica-org2 -n org2 helm-charts/fabric-ca \
-f examples/fabric-ca/ica-org2.yaml
# Create Org2 identities
helm install org2-ca-ops -n org2 helm-charts/fabric-ops/ \
-f examples/fabric-ops/org2/identities.yaml
# Update channel configuration to include Org2
helm upgrade configorgchannel -n initialpeerorg helm-charts/fabric-ops/ \
-f examples/fabric-ops/initialpeerorg/configure-org-channel.yaml
# Deploy Org2 peers
helm install peer -n org2 helm-charts/fabric-peer/ \
-f examples/fabric-peer/org2/values.yaml
# Install chaincode on Org2
helm install installchaincode -n org2 helm-charts/fabric-ops/ \
-f examples/fabric-ops/org2/install-chaincode.yaml
# Update Org2 anchor peers
helm install updateanchorpeer -n org2 helm-charts/fabric-ops/ \
-f examples/fabric-ops/org2/update-anchor-peer.yaml
Approve Chaincode Across Organisations
Each organisation must approve the chaincode before it can be used.
# Approve chaincode on Initial Peer Org
helm install approvechaincode -n initialpeerorg helm-charts/fabric-ops/ \
-f examples/fabric-ops/initialpeerorg/approve-chaincode.yaml
# Approve chaincode on Org1
helm install approvechaincode -n org1 helm-charts/fabric-ops/ \
-f examples/fabric-ops/org1/approve-chaincode.yaml
# Approve chaincode on Org2
helm install approvechaincode -n org2 helm-charts/fabric-ops/ \
-f examples/fabric-ops/org2/approve-chaincode.yaml
Commit Chaincode to Network
Finalise the chaincode deployment across the network.
# Commit chaincode to the network
helm install commitchaincode -n initialpeerorg helm-charts/fabric-ops/ \
-f examples/fabric-ops/initialpeerorg/commit-chaincode.yaml
Verify successful commit:
# Check commit job logs
kubectl logs -n initialpeerorg job/commitchaincode
# Look for success message
kubectl logs -n initialpeerorg job/commitchaincode | grep "SUCCESS"
Expected success output:
This confirms your chaincode is successfully committed across all organisations.
Deploy CLI Tools for Testing
Install CLI tools for network interaction and testing.
bash
# Deploy CLI tools for initial peer org
helm install cli-tools -n initialpeerorg helm-charts/fabric-tools/ \
-f examples/fabric-ops/initialpeerorg/identities.yaml
# Deploy CLI tools for org1
helm install cli-tools -n org1 helm-charts/fabric-tools/ \
-f examples/fabric-ops/org1/identities.yaml
# Deploy CLI tools for org2
helm install cli-tools -n org2 helm-charts/fabric-tools/ \
-f examples/fabric-ops/org2/identities.yaml
Test Network Operations
Enroll identities and test basic network functions.
bash
# Exec into CLI pod
kubectl exec -it -n initialpeerorg cli-tools-0 -- bash
# Run enrollment script
/scripts/enroll.sh
# Test chaincode invocation (inside pod)
peer chaincode invoke -o orderer-0.orderer:7050 \
-C mychannel -n basic-chaincode \
--peerAddresses peer0-initialpeerorg.initialpeerorg:7051 \
--peerAddresses peer0-org1.org1:7051 \
--peerAddresses peer0-org2.org2:7051 \
-c '{"function":"InitLedger","Args":[]}'
# Query chaincode
peer chaincode query -C mychannel -n basic-chaincode \
-c '{"function":"GetAllAssets","Args":[]}'
Check Overall Network Status
Verify all components are running correctly.
# Check all pods across namespaces
kubectl get pods --all-namespaces | grep -E "(orderer|initialpeerorg|org1|org2|filestore)"
# Verify all services
kubectl get svc --all-namespaces | grep -E "(orderer|initialpeerorg|org1|org2|filestore)"
View Component Logs
Monitor logs for any issues
# Check orderer logs
kubectl logs -n orderer orderer-0 | tail -20
# Check peer logs
kubectl logs -n initialpeerorg peer0-initialpeerorg-0 -c peer | tail -20
# Check CA logs
kubectl logs -n orderer root-ca-0 | tail -20
DNS Resolution Problems
# Test DNS resolution from inside cluster
kubectl run test-dns --image=busybox -it --rm -- nslookup root-ca.${HLF_DOMAIN}
Certificate Issues
# Check certificate authority status
kubectl get pods -n orderer -l app=root-ca
kubectl logs -n orderer root-ca-0
Storage Issues
# Check persistent volumes
kubectl get pv
kubectl get pvc --all-namespaces
Network Connectivity
# Test ingress connectivity
telnet ${HLF_DOMAIN} 30000
curl -I http://filestore.${HLF_DOMAIN}:30001
Congratulations! You've successfully deployed a complete Hyperledger Fabric network using Falcon. Your network includes:
To continue development:
1. Deploy custom chaincode by uploading your smart contracts to the filestore
2. Add more organisations following the Org1/Org2 pattern
3. Create additional channels for different business use cases
4. Integrate applications using Fabric SDKs
5. Set up monitoring with Prometheus and Grafana
Clean up resources:
# Remove all deployments
helm list --all-namespaces | grep -v NAME | awk '{print $1 " -n " $2}' | xargs -n 3 helm uninstall
# Delete namespaces
kubectl delete ns orderer initialpeerorg org1 org2 filestore
For production deployments, consider implementing backup strategies, monitoring solutions, and security hardening measures appropriate for your environment
As India continues advancing its digital economy, platforms like Falcon provide the foundation necessary for organisations to participate in global blockchain innovation while maintaining enterprise-grade security and reliability.
The GitHub repository for Falcon is available at: [https://github.com/npci/falcon]