can't enroll peer to hyperledger fabric on aks using hlf operator

Question

I keep getting this error when trying to enroll a peer to the fabric ca via the hlf operator:

Error: enroll failed: enroll failed: Failed to read response of request: POST >http://org1-ca.domain.com/enroll {"hosts":null,"certificate_request":"-----BEGIN CERTIFICATE REQUEST----->\nMIHxMIGYAgEAMBExDzANBgNVBAMTBmVucm9sbDBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABBQob4jvqjE/>E6OZPuKQdPUNw+SMXCI6FtPI3j0rPqxGu9DrnCgasGG\nzop5KWFZrMFL/JrbKfm2+GPrRPrLyjWgJTAjBgkqhki>G9w0BCQ4xFjAUMBIGA1Ud\nEQQLMAmCB0JVSDAwOTcwCgYIKoZIzj0EAwIDSAAwRQIhALWFAahmDd+lmQdkqSgI>n7M5m+BeFz8fZBzrDVbcbrVzCAiAsThJfkxEdNwm1AQ45KUqT0hDfnHQCAUK0Fjp5\n6IaPPQ==\n-----END >CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001->01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","ReturnPrecert":false,"CAName":""}: >unexpected EOF

I'm using the hlf operator by hyperledger fabric on an aks cluster with application gateway + nginx ingress for the routing / externalDNS for name resolution within an Azure dns zone.

Here is my fabric-ca.yaml:

apiVersion: hlf.kungfusoftware.es/v1alpha1
kind: FabricCA
metadata:
  creationTimestamp: null
  name: org1-ca
  namespace: fabric
spec:
  affinity: null
  ca:
    affiliations: null
    bccsp:
      default: SW
      sw:
        hash: SHA2
        security: "256"
    ca: null
    cfg:
      affiliations:
        allowRemove: true
      identities:
        allowRemove: true
    crl:
      expiry: 24h
    csr:
      ca:
        expiry: 131400h
        pathLength: 0
      cn: ca
      hosts:
      - localhost
      - org1-ca.domain.io
      names:
      - C: US
        L: ""
        O: Hyperledger
        OU: North Carolina
        ST: ""
    intermediate:
      parentServer:
        caName: ""
        url: ""
    name: ca
    registry:
      identities:
      - affiliation: ""
        attrs:
          hf.AffiliationMgr: true
          hf.GenCRL: true
          hf.IntermediateCA: true
          hf.Registrar.Attributes: '*'
          hf.Registrar.DelegateRoles: '*'
          hf.Registrar.Roles: '*'
          hf.Revoker: true
        name: enroll
        pass: enrollpw
        type: client
      max_enrollments: -1
    signing: null
    subject:
      C: ES
      L: Alicante
      O: Kung Fu Software
      OU: Tech
      ST: Alicante
      cn: ca
    tlsCa: null
  clrSizeLimit: 512000
  cors:
    enabled: false
    origins: []
  db:
    datasource: fabric-ca-server.db
    type: sqlite3
  debug: false
  env: null
  hosts:
  - localhost
  - org1-ca
  - org1-ca.fabric
  - org1-ca.domain.io
  image: hyperledger/fabric-ca
  imagePullSecrets: null
  istio:
  metrics:
    provider: prometheus
    statsd:
      address: 127.0.0.1:8125
      network: udp
      prefix: server
      writeInterval: 10s
  resources:
    limits:
      cpu: 300m
      memory: 256Mi
    requests:
      cpu: 10m
      memory: 128Mi
  rootCA:
    subject:
      C: California
      L: ""
      O: Hyperledger
      OU: Fabric
      ST: ""
      cn: ca
  service:
    type: ClusterIP
  serviceMonitor: null
  storage:
    accessMode: ReadWriteOnce
    size: 1Gi
    storageClass: default
  tlsCA:
    affiliations: null
    bccsp:
      default: SW
      sw:
        hash: SHA2
        security: "256"
    ca: null
    cfg:
      affiliations:
        allowRemove: true
      identities:
        allowRemove: true
    crl:
      expiry: 24h
    csr:
      ca:
        expiry: 131400h
        pathLength: 0
      cn: tlsca
      hosts:
      - localhost
      - org1-ca.domain.io
      names:
      - C: US
        L: ""
        O: Hyperledger
        OU: North Carolina
        ST: ""
    intermediate:
      parentServer:
        caName: ""
        url: ""
    name: tlsca
    registry:
      identities:
      - affiliation: ""
        attrs:
          hf.AffiliationMgr: true
          hf.GenCRL: true
          hf.IntermediateCA: true
          hf.Registrar.Attributes: '*'
          hf.Registrar.DelegateRoles: '*'
          hf.Registrar.Roles: '*'
          hf.Revoker: true
        name: enroll
        pass: enrollpw
        type: client
      max_enrollments: -1
    signing: null
    subject:
      C: ES
      L: Alicante
      O: Kung Fu Software
      OU: Tech
      ST: Alicante
      cn: tlsca
    tlsCa: null
  tolerations: null
  version: 1.4.9

here is the command I'm passing to the operator to enroll the peer identity and create the MSP

kubectl hlf ca register --name=org1-ca --user=peer --secret=peerpw --type=peer --enroll-id=enroll --enroll-secret=enrollpw --mspid=Org1MSP --namespace=fabric --ca-url=org1-ca.domain.io

Any help would be greatly appreciated!!

Answer 1

Please check if you are able to do telnet over ca host. Looks like you are using some different host. I don't see your host in the CA Custom Resource. Please verify the configuration once.