Merge pull request #2345 from mgCepeda/feature-1847v4

[fabric] Added creation of Vault auths through cluster_id.
hyperledger · Aug 23, 2023 · 5092476 · 5092476
2 parents 0113fb8 + b66e82f
commit 5092476
Show file tree

Hide file tree

Showing 30 changed files with 117 additions and 3 deletions.
diff --git a/platforms/hyperledger-fabric/configuration/add-orderer.yaml b/platforms/hyperledger-fabric/configuration/add-orderer.yaml
@@ -33,6 +33,7 @@
       component: "{{ item.name | lower}}"
       component_type: "{{ item.type | lower}}"
       component_services: "{{ item.services }}"
+      sc_name: "{{ component }}-{{ item.cloud_provider | lower }}-storageclass"
       kubernetes: "{{ item.k8s }}"
       vault: "{{ item.vault }}"
       ca: "{{ item.services.ca }}"

diff --git a/platforms/hyperledger-fabric/configuration/deploy-network.yaml b/platforms/hyperledger-fabric/configuration/deploy-network.yaml
@@ -64,6 +64,27 @@
       loop: "{{ network['organizations'] }}"
       loop_control:
         loop_var: org
+      when: org.k8s.cluster_id is not defined
+
+    #Setup Vault-Kubernetes accesses and Regcred for docker registry
+    - name: Setup Vault Kubernetes for each organization
+      include_role: 
+        name: "{{playbook_dir}}/../../shared/configuration/roles/setup/vault_kubernetes"
+      vars:
+        name: "{{ org.name | lower }}"
+        component_name: "{{ org.name | lower }}-vaultk8s-job"
+        component_type: "{{ org.type | lower }}"
+        component_ns: "{{ org.name | lower }}-net"
+        component_auth: "{{ org.k8s.cluster_id }}{{ component_ns }}-auth"
+        kubernetes: "{{ org.k8s }}"
+        vault: "{{ org.vault }}"
+        policy_type: "fabric"
+        gitops: "{{ org.gitops }}"
+        reset_path: "platforms/hyperledger-fabric/configuration"
+      loop: "{{ network['organizations'] }}"
+      loop_control:
+        loop_var: org
+      when: org.k8s.cluster_id is defined
 
     # Create Storageclass 
     - name: Create storageclass for each organization

diff --git a/...rms/hyperledger-fabric/configuration/roles/create/anchorpeer/tasks/nested_anchorpeer.yaml b/...rms/hyperledger-fabric/configuration/roles/create/anchorpeer/tasks/nested_anchorpeer.yaml
@@ -35,6 +35,7 @@
     git_branch: "{{ org.gitops.branch }}"
     charts_dir: "{{ org.gitops.chart_source }}"
     vault: "{{ org.vault }}"
+    k8s: "{{ org.k8s }}"
     fabrictools_image: "hyperledger/fabric-tools:{{ network.version }}"
     alpine_image: "{{ docker_url }}/alpine-utils:1.0"
     anchorstx: "{{ lookup('file', '{{ build_path }}/channel-artifacts/{{item.channel_name|lower}}{{participant.name|lower}}MSPAnchor.tx.base64') }}"

diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/orderer/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/orderer/tasks/main.yaml
@@ -8,7 +8,7 @@
 # This role creates value file for the deployment of CA Tools CLI
 #############################################################################################
 
-# # Check if CA server is available
+# Check if CA server is available
 - name: "waiting for the CA server to be created in {{ item.name | lower }}-net"
   include_role:
     name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"

diff --git a/platforms/hyperledger-fabric/configuration/roles/create/channels/tasks/valuefile.yaml b/platforms/hyperledger-fabric/configuration/roles/create/channels/tasks/valuefile.yaml
@@ -49,6 +49,7 @@
     git_branch: "{{ org.gitops.branch }}"
     charts_dir: "{{ org.gitops.chart_source }}"
     vault: "{{ org.vault }}"
+    k8s: "{{ org.k8s }}"
     fabrictools_image: "hyperledger/fabric-tools:{{ network.version }}"
     alpine_image: "{{ docker_url }}/alpine-utils:1.0"
     channeltx: "{{ lookup('file', '{{ build_path }}/channel-artifacts/{{item.channel_name|lower}}.tx.base64') }}"

diff --git a/...yperledger-fabric/configuration/roles/create/channels_join/tasks/nested_channel_join.yaml b/...yperledger-fabric/configuration/roles/create/channels_join/tasks/nested_channel_join.yaml
@@ -37,6 +37,7 @@
     fabrictools_image: "hyperledger/fabric-tools:{{ network.version }}"
     alpine_image: "{{ docker_url }}/alpine-utils:1.0"
     vault: "{{ org.vault }}"
+    k8s: "{{ org.k8s }}"
     values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
   loop: "{{ participant.peers }}"
   loop_control:

diff --git a/...nfiguration/roles/create/new_orderer/create_appchannel_block/tasks/nested_create_cli.yaml b/...nfiguration/roles/create/new_orderer/create_appchannel_block/tasks/nested_create_cli.yaml
@@ -25,7 +25,7 @@
     fabrictools_image: "hyperledger/fabric-tools:{{ network.version }}"
     alpine_image: "{{ docker_url }}/alpine-utils:1.0"
     channel_name: "{{ channel_name }}"
-    storage_class: "{{ org.name }}sc"
+    storage_class: "{{ org.name }}-{{ org.cloud_provider | lower }}-storageclass"
     release_dir: "{{ build_path }}"
     orderer_component: "{{ orderer.name | lower }}.{{ org.name | lower }}-net"
     orderer_address: "{{ orderer.ordererAddress }}"

diff --git a/...nfiguration/roles/create/new_orderer/create_syschannel_block/tasks/nested_create_cli.yaml b/...nfiguration/roles/create/new_orderer/create_syschannel_block/tasks/nested_create_cli.yaml
@@ -24,7 +24,7 @@
     fabrictools_image: "hyperledger/fabric-tools:{{ network.version }}"
     alpine_image: "{{ docker_url }}/alpine-utils:1.0"
     channel_name: "{{ channel_name }}"
-    storage_class: "{{ org.name }}sc"
+    storage_class: "{{ org.name }}-{{ org.cloud_provider | lower }}-storageclass"
     release_dir: "{{ build_path }}"
     orderer_component: "{{ orderer.name | lower }}.{{ component_ns }}"
     orderer_address: "{{ orderer.ordererAddress }}"

diff --git a/platforms/hyperledger-fabric/configuration/roles/delete/vault_secrets/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/delete/vault_secrets/tasks/main.yaml
@@ -82,6 +82,16 @@
     VAULT_ADDR: "{{ item.vault.url }}"
     VAULT_TOKEN: "{{ item.vault.root_token }}"
 
+############################################################################################
+# This task deletes vault auth
+- name: Delete vault-auth path
+  shell: |
+    vault kv delete sys/auth/{{ item.k8s.cluster_id }}{{ component_name }}-auth
+  environment:
+    VAULT_ADDR: "{{ item.vault.url }}"
+    VAULT_TOKEN: "{{ item.vault.root_token }}"
+  when: item.k8s.cluster_id is defined
+
 ############################################################################################
 # This task deletes crypto materials from vault
 - name: Delete Crypto for orderers

diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/anchorpeer_job.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/anchorpeer_job.tpl
@@ -37,7 +37,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if k8s.cluster_id is defined %}
+      authpath: {{ k8s.cluster_id }}{{ component_ns }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ component_ns }}-auth
+{% endif %}
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_ns }}/users/admin
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_ns }}/orderer
       serviceaccountname: vault-auth

diff --git a/...hyperledger-fabric/configuration/roles/helm_component/templates/approve_chaincode_job.tpl b/...hyperledger-fabric/configuration/roles/helm_component/templates/approve_chaincode_job.tpl
@@ -31,7 +31,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if org.k8s.cluster_id is defined %}
+      authpath: {{ org.k8s.cluster_id }}{{ namespace | e }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ namespace | e }}-auth
+{% endif %}
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/users/admin 
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/orderer
       serviceaccountname: vault-auth

diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-orderer.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-orderer.tpl
@@ -57,7 +57,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if item.k8s.cluster_id is defined %}
+      authpath: {{ item.k8s.cluster_id }}{{ component_name }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ component_name }}-auth
+{% endif %}
       secretcert: {{ vault.secret_path | default('secretsv2') }}/data/crypto/ordererOrganizations/{{ component_name | e }}/ca?ca.{{ component_name | e }}-cert.pem
       secretkey: {{ vault.secret_path | default('secretsv2') }}/data/crypto/ordererOrganizations/{{ component_name | e }}/ca?{{ component_name | e }}-CA.key
       secretadminpass: {{ vault.secret_path | default('secretsv2') }}/data/credentials/{{ component_name | e }}/ca/{{ component }}?user

diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-peer.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-peer.tpl
@@ -57,7 +57,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if item.k8s.cluster_id is defined %}
+      authpath: {{ item.k8s.cluster_id }}{{ component_name | e }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ component_name | e }}-auth
+{% endif %}
       secretcert: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_name | e }}/ca?ca.{{ component_name | e }}-cert.pem
       secretkey: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_name | e }}/ca?{{ component_name | e }}-CA.key
       secretadminpass: {{ vault.secret_path | default('secretsv2') }}/data/credentials/{{ component_name | e }}/ca/{{ component }}?user

diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-tools.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-tools.tpl
@@ -59,7 +59,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if item.k8s.cluster_id is defined %}
+      authpath: {{ item.k8s.cluster_id }}{{ component_name }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ component_name }}-auth
+{% endif %}
       secretusers: {{ vault.secret_path | default('secretsv2') }}/data/crypto/{{ component_type }}Organizations/{{ component_name }}/users
       secretorderer: {{ vault.secret_path | default('secretsv2') }}/data/crypto/{{ component_type }}Organizations/{{ component_name }}/orderers
       secretpeer: {{ vault.secret_path | default('secretsv2') }}/data/crypto/{{ component_type }}Organizations/{{ component_name }}/peers

diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cacerts_job.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cacerts_job.tpl
@@ -28,7 +28,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if item.k8s.cluster_id is defined %}
+      authpath: {{ item.k8s.cluster_id }}{{ component_ns }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ component_ns }}-auth
+{% endif %}
       secretcryptoprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/{{ component_type }}Organizations/{{ component }}-net/ca
       secretcredentialsprefix: {{ vault.secret_path | default('secretsv2') }}/data/credentials/{{ component }}-net/ca/{{ component }}
       serviceaccountname: vault-auth

diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cli.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cli.tpl
@@ -28,7 +28,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if org.k8s.cluster_id is defined %}
+      authpath: {{ org.k8s.cluster_id }}{{ component_ns }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ component_ns }}-auth
+{% endif %}
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_ns }}/users/admin
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_ns }}/orderer
       serviceaccountname: vault-auth

diff --git a/.../hyperledger-fabric/configuration/roles/helm_component/templates/commit_chaincode_job.tpl b/.../hyperledger-fabric/configuration/roles/helm_component/templates/commit_chaincode_job.tpl
@@ -31,7 +31,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if org.k8s.cluster_id is defined %}
+      authpath: {{ org.k8s.cluster_id }}{{ namespace | e }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ namespace | e }}-auth
+{% endif %}
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/users/admin
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/orderer
       secretpath: {{ vault.secret_path | default('secretsv2') }}

diff --git a/...ms/hyperledger-fabric/configuration/roles/helm_component/templates/create_channel_job.tpl b/...ms/hyperledger-fabric/configuration/roles/helm_component/templates/create_channel_job.tpl
@@ -34,7 +34,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if k8s.cluster_id is defined %}
+      authpath: {{ k8s.cluster_id }}{{ component_ns }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ component_ns }}-auth
+{% endif %}
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_ns }}/users/admin
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_ns }}/orderer 
       serviceaccountname: vault-auth

diff --git a/...hyperledger-fabric/configuration/roles/helm_component/templates/install_chaincode_job.tpl b/...hyperledger-fabric/configuration/roles/helm_component/templates/install_chaincode_job.tpl
@@ -33,7 +33,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if org.k8s.cluster_id is defined %}
+      authpath: {{ org.k8s.cluster_id }}{{ namespace | e }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ namespace | e }}-auth
+{% endif %}
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/users/admin 
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/orderer
       secretgitprivatekey: {{ vault.secret_path | default('secretsv2') }}/data/credentials/{{ namespace }}/git

diff --git a/...er-fabric/configuration/roles/helm_component/templates/install_external_chaincode_job.tpl b/...er-fabric/configuration/roles/helm_component/templates/install_external_chaincode_job.tpl
@@ -33,7 +33,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if item.k8s.cluster_id is defined %}
+      authpath: {{ item.k8s.cluster_id }}{{ namespace | e }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ namespace | e }}-auth
+{% endif %}
       chaincodesecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/peers/{{ peer_name }}.{{ namespace }}/chaincodes
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/users/admin 
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/orderer

diff --git a/...rledger-fabric/configuration/roles/helm_component/templates/instantiate_chaincode_job.tpl b/...rledger-fabric/configuration/roles/helm_component/templates/instantiate_chaincode_job.tpl
@@ -31,7 +31,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if org.k8s.cluster_id is defined %}
+      authpath: {{ org.k8s.cluster_id }}{{ namespace | e }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ namespace | e }}-auth
+{% endif %}
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/users/admin 
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/orderer
       serviceaccountname: vault-auth

diff --git a/.../hyperledger-fabric/configuration/roles/helm_component/templates/invoke_chaincode_job.tpl b/.../hyperledger-fabric/configuration/roles/helm_component/templates/invoke_chaincode_job.tpl
@@ -34,7 +34,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if org.k8s.cluster_id is defined %}
+      authpath: {{ org.k8s.cluster_id }}{{ namespace | e }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ namespace | e }}-auth
+{% endif %}
       secretpath: {{ vault.secret_path | default('secretsv2') }}
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/users/admin 
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/orderer

diff --git a/...orms/hyperledger-fabric/configuration/roles/helm_component/templates/join_channel_job.tpl b/...orms/hyperledger-fabric/configuration/roles/helm_component/templates/join_channel_job.tpl
@@ -37,7 +37,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if k8s.cluster_id is defined %}
+      authpath: {{ k8s.cluster_id }}{{ component_ns }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ component_ns }}-auth
+{% endif %}
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_ns }}/users/admin
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_ns }}/orderer
       serviceaccountname: vault-auth

diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/orderernode.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/orderernode.tpl
@@ -73,7 +73,11 @@ spec:
     vault:
       address: {{ vault.url }}
       role: vault-role
+{% if item.k8s.cluster_id is defined %}
+      authpath: {{ item.k8s.cluster_id }}{{ namespace }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ namespace }}-auth
+{% endif %}
       type: {{ vault.type | default("hashicorp") }}
       secretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/ordererOrganizations/{{ namespace }}/orderers/{{ orderer.name }}.{{ namespace }}
 {% if network.docker.username is defined and network.docker.password is defined %}

diff --git a/...hyperledger-fabric/configuration/roles/helm_component/templates/upgrade_chaincode_job.tpl b/...hyperledger-fabric/configuration/roles/helm_component/templates/upgrade_chaincode_job.tpl
@@ -31,7 +31,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if org.k8s.cluster_id is defined %}
+      authpath: {{ org.k8s.cluster_id }}{{ namespace | e }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ namespace | e }}-auth
+{% endif %}
       adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/users/admin 
       orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/orderer
       serviceaccountname: vault-auth

diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/value_peer.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/value_peer.tpl
@@ -78,7 +78,11 @@ spec:
     vault:
       role: vault-role
       address: {{ vault.url }}
+{% if item.k8s.cluster_id is defined %}
+      authpath: {{ item.k8s.cluster_id }}{{ namespace }}-auth
+{% else %}
       authpath: {{ network.env.type }}{{ namespace }}-auth
+{% endif %}
       secretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/peers/{{ peer_name }}.{{ namespace }}
       secretambassador: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ namespace }}/ambassador
       serviceaccountname: vault-auth

diff --git a/...forms/hyperledger-fabric/configuration/roles/k8_component/templates/existing_peer_cli.tpl b/...forms/hyperledger-fabric/configuration/roles/k8_component/templates/existing_peer_cli.tpl
@@ -9,7 +9,11 @@ storage:
 vault:
   role: vault-role
   address: {{ vault.url }}
+{% if org.k8s.cluster_id is defined %}
+  authpath: {{ org.k8s.cluster_id }}{{ component_ns }}-auth
+{% else %}
   authpath: {{ network.env.type }}{{ component_ns }}-auth
+{% endif %}
   adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_ns }}/users/admin
   orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/peerOrganizations/{{ component_ns }}/orderer
   serviceaccountname: vault-auth

diff --git a/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/orderer_cli.tpl b/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/orderer_cli.tpl
@@ -9,7 +9,11 @@ storage:
 vault:
   role: vault-role
   address: {{ vault.url }}
+{% if org.k8s.cluster_id is defined %}
+  authpath: {{ org.k8s.cluster_id }}{{ component_ns }}-auth
+{% else %}
   authpath: {{ network.env.type }}{{ component_ns }}-auth
+{% endif %}
   adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/ordererOrganizations/{{ component_ns }}/users/admin
   orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/crypto/ordererOrganizations/{{ component_ns }}/orderers/{{ orderer_component }}
   serviceaccountname: vault-auth

diff --git a/platforms/network-schema.json b/platforms/network-schema.json
@@ -178,6 +178,7 @@
         "shared_k8s":{
           "type": "object",
           "properties": {
+            "cluster_id": { "type": "string"},
             "provider": { "type": "string","enum": ["aws", "azure","gcp","minikube"]},
             "region": { "type": "string"},
             "context":{ "type": "string","description": "Context/Name of the cluster where the organization entities should be deployed"},

diff --git a/platforms/shared/charts/vault-k8s-mgmt/templates/job.yaml b/platforms/shared/charts/vault-k8s-mgmt/templates/job.yaml
@@ -120,10 +120,12 @@ spec:
                 done < /var/run/secrets/kubernetes.io/serviceaccount/ca.crt > ca_formatted.txt
 
                 KUBE_SA_CRT_ONELINE=$(cat ca_formatted.txt)
+                SA_JWT_TOKEN=$(cat cat /var/run/secrets/kubernetes.io/serviceaccount/token)
 
                 # This echo get the certificate for the cluster
                 echo "
                   {
+                    \"token_reviewer_jwt\": \"${SA_JWT_TOKEN}\",
                     \"kubernetes_host\": \"${KUBERNETES_URL}\",
                     \"kubernetes_ca_cert\": \"${KUBE_SA_CRT_ONELINE}\",
                     \"disable_iss_validation\": \"true\"