diff --git a/.github/workflows/test-kubectl-plugin.yml b/.github/workflows/test-kubectl-plugin.yml
index cb35f24c..efa162b7 100644
--- a/.github/workflows/test-kubectl-plugin.yml
+++ b/.github/workflows/test-kubectl-plugin.yml
@@ -60,14 +60,13 @@ jobs:
           export PATH=$HOME/.krew/bin:$PATH
           kubectl krew install hlf
           helm repo add kfs "https://kfsoftware.github.io/hlf-helm-charts" --force-update
-          helm install hlf-operator --version=1.9.2 kfs/hlf-operator
+          helm install hlf-operator --version=1.10.0 kfs/hlf-operator
           kubectl hlf
 
       - name: Install Istio
         run: |
-          curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.16.1 TARGET_ARCH=x86_64 sh -
-          mv $PWD/istio-1.16.1 $HOME/.istio
-          export PATH="$HOME/.istio/bin:$PATH"
+          curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.20.0 TARGET_ARCH=x86_64 sh -
+          export PATH="$PATH:$PWD/istio-1.20.0/bin"
           kubectl create namespace istio-system
 
           istioctl operator init
@@ -143,6 +142,7 @@ jobs:
         run: |
           CLUSTER_IP=$(kubectl -n istio-system get svc istio-ingressgateway -o json | jq -r .spec.clusterIP)
           echo "CLUSTER_IP=${CLUSTER_IP}"
+
           kubectl apply -f - <<EOF
           kind: ConfigMap
           apiVersion: v1
@@ -156,9 +156,8 @@ jobs:
                   health {
                      lameduck 5s
                   }
-                  rewrite name regex (.*)\.localho\.st host.ingress.internal
+                  rewrite name regex (.*)\.localho\.st istio-ingressgateway.istio-system.svc.cluster.local
                   hosts {
-                    ${CLUSTER_IP} host.ingress.internal
                     fallthrough
                   }
                   ready
@@ -185,10 +184,10 @@ jobs:
           export PATH="$HOME/.krew/bin:$HOME/.istio/bin:$PATH"    
           kubectl hlf 
           export PEER_IMAGE=hyperledger/fabric-peer
-          export PEER_VERSION=2.5.0
+          export PEER_VERSION=2.5.5
 
           export CA_IMAGE=hyperledger/fabric-ca
-          export CA_VERSION=1.5.6
+          export CA_VERSION=1.5.7
 
           kubectl hlf ca create --image=$CA_IMAGE --version=$CA_VERSION --storage-class=standard --capacity=2Gi --name=org1-ca \
               --enroll-id=enroll --hosts=org1-ca.localho.st --enroll-pw=enrollpw
@@ -208,10 +207,10 @@ jobs:
         run: |
           export PATH="$HOME/.krew/bin:$HOME/.istio/bin:$PATH"
           export ORDERER_IMAGE=hyperledger/fabric-orderer
-          export ORDERER_VERSION=2.5.0
+          export ORDERER_VERSION=2.5.5
 
           export CA_IMAGE=hyperledger/fabric-ca
-          export CA_VERSION=1.5.6
+          export CA_VERSION=1.5.7
 
           kubectl hlf ca create --image=$CA_IMAGE --version=$CA_VERSION --storage-class=standard --capacity=2Gi --name=ord-ca \
               --enroll-id=enroll --enroll-pw=enrollpw --hosts=ord-ca.localho.st
@@ -221,7 +220,7 @@ jobs:
               --type=orderer --enroll-id enroll --enroll-secret=enrollpw --mspid=OrdererMSP
 
           kubectl hlf ordnode create --image=$ORDERER_IMAGE --version=$ORDERER_VERSION \
-              --storage-class=standard --enroll-id=orderer --mspid=OrdererMSP --hosts=orderer0-ord.localho.st \
+              --storage-class=standard --enroll-id=orderer --mspid=OrdererMSP --hosts=orderer0-ord.localho.st --admin-hosts=admin-orderer0-ord.localho.st \
               --enroll-pw=ordererpw --capacity=2Gi --name=ord-node1 --ca-name=ord-ca.default
           kubectl wait --timeout=180s --for=condition=Running fabricorderernodes.hlf.kungfusoftware.es --all
       - name: Prepare Connection string for Orderer Node
@@ -274,12 +273,12 @@ jobs:
               --admin-peer-orgs=Org1MSP \
               --secret-name=wallet \
               --secret-ns=default \
-              --consenters=ord-node1.default:7050 \
+              --consenters=orderer0-ord.localho.st:7050 \
               --consenter-certificates=./orderer-cert.pem \
               --identities="OrdererMSP;admin-tls-ordservice.yaml" \
               --identities="Org1MSP;peer-org1.yaml"
 
-          kubectl wait --timeout=180s --for=condition=Created fabricmainchannels.hlf.kungfusoftware.es --all 
+          kubectl wait --timeout=180s --for=condition=RUNNING fabricmainchannels.hlf.kungfusoftware.es --all 
 
 
       - name: Join peers to channel
@@ -291,14 +290,14 @@ jobs:
               --mspid=Org1MSP \
               --name="demo-org1msp" \
               --orderer-certificates="./orderer-cert.pem" \
-              --orderer-urls="grpcs://ord-node1.default:7050" \
+              --orderer-urls="grpcs://orderer0-ord.localho.st:443" \
               --anchor-peers="org1-peer0:7051" \
               --peers="org1-peer0.default" \
               --secret-name=wallet \
               --secret-ns=default \
               --secret-key="peer-org1.yaml"
 
-          kubectl wait --timeout=180s --for=condition=Created fabricfollowerchannels.hlf.kungfusoftware.es --all 
+          kubectl wait --timeout=180s --for=condition=RUNNING fabricfollowerchannels.hlf.kungfusoftware.es --all
       - name: Get channel
         run: |
           export PATH="$HOME/.krew/bin:$HOME/.istio/bin:$PATH"
@@ -376,14 +375,17 @@ jobs:
           export PATH="$HOME/.krew/bin:$HOME/.istio/bin:$PATH"
           kubectl get nodes -o=wide
           kubectl get pods -o=wide -A
+          kubectl get service -o=wide -A
           kubectl get crds
           kubectl get fabricpeers.hlf.kungfusoftware.es  -A -o=custom-columns='NAME:metadata.name,NAMESPACE:metadata.namespace,STATE:status.status,MESSAGE:status.message'
           kubectl get fabricorderernodes.hlf.kungfusoftware.es  -A -o=custom-columns='NAME:metadata.name,NAMESPACE:metadata.namespace,STATE:status.status,MESSAGE:status.message'
           kubectl get fabriccas.hlf.kungfusoftware.es -A -o=custom-columns='NAME:metadata.name,NAMESPACE:metadata.namespace,STATE:status.status,MESSAGE:status.message'
           kubectl get fabricmainchannels.hlf.kungfusoftware.es -A -o=custom-columns='NAME:metadata.name,NAMESPACE:metadata.namespace,STATE:status.status,MESSAGE:status.message'
           kubectl get fabricfollowerchannels.hlf.kungfusoftware.es -A -o=custom-columns='NAME:metadata.name,NAMESPACE:metadata.namespace,STATE:status.status,MESSAGE:status.message'
+          kubectl get configmap coredns -n kube-system -o yaml
 
           kubectl get fabricmainchannels  -o yaml
+          kubectl get fabricfollowerchannels  -o yaml
 
           POD=$(kubectl get pod -l 'release in (org1-peer0)'  -o jsonpath="{.items[0].metadata.name}")
           kubectl logs $POD -c peer
diff --git a/.github/workflows/test-on-push.yml b/.github/workflows/test-on-push.yml
index 6b033586..10c9fbc5 100644
--- a/.github/workflows/test-on-push.yml
+++ b/.github/workflows/test-on-push.yml
@@ -83,7 +83,7 @@ jobs:
           export PATH=$HOME/.krew/bin:$PATH
           kubectl krew install hlf
           helm repo add kfs "https://kfsoftware.github.io/hlf-helm-charts" --force-update
-          helm install hlf-operator --version=1.9.2 kfs/hlf-operator
+          helm install hlf-operator --version=1.10.0 kfs/hlf-operator
           kubectl hlf
 
       - name: Install Istio
diff --git a/e2e-network/k8s/test-01-simple-k8s.sh b/e2e-network/k8s/test-01-simple-k8s.sh
index e8385a3d..f6f43cfb 100755
--- a/e2e-network/k8s/test-01-simple-k8s.sh
+++ b/e2e-network/k8s/test-01-simple-k8s.sh
@@ -19,7 +19,6 @@ dumpLogs() {
 }
 
 networkDown() {
-  rm -rf "$TEST_LOGS"
   (cd "$TEST_TMP" && "$(find . -type f -iname 'fabric-k8s.sh')" down)
 }
 
@@ -54,8 +53,8 @@ waitForContainer "$orderer" "Beginning to serve requests"
 waitForContainer "$peer0" "grpc.peer_subject=\"CN=peer,OU=peer\" grpc.code=OK"
 waitForContainer "$peer1" "grpc.peer_subject=\"CN=peer,OU=peer\" grpc.code=OK"
 #waitForContainer "$orderer" "Starting raft node as part of a new channel channel=my-channel1 node=1"
-#waitForContainer "$peer0" "Joining gossip network of channel my-channel1 with 1 organizations"
-#waitForContainer "$peer1" "Joining gossip network of channel my-channel1 with 1 organizations"
+waitForContainer "$peer0" "Joining gossip network of channel my-channel1 with 1 organizations"
+waitForContainer "$peer1" "Joining gossip network of channel my-channel1 with 1 organizations"
 #waitForContainer "$peer0" "Learning about the configured anchor peers of Org1MSP for channel my-channel1"
 #waitForContainer "$peer1" "Learning about the configured anchor peers of Org1MSP for channel my-channel1"
 
diff --git a/src/setup-k8s/templates/fabric-k8s.sh b/src/setup-k8s/templates/fabric-k8s.sh
index b53591ee..f456884e 100755
--- a/src/setup-k8s/templates/fabric-k8s.sh
+++ b/src/setup-k8s/templates/fabric-k8s.sh
@@ -19,7 +19,7 @@ networkUp() {
   printHeadline "Checking dependencies..." "U1F984"
   verifyKubernetesConnectivity
   startNetwork
-#  installChannels
+  installChannels
 #  installChaincodes
   printHeadline "Done! Enjoy your fresh network" "U1F984"
 }
diff --git a/src/setup-k8s/templates/fabric-k8s/scripts/base-functions.sh b/src/setup-k8s/templates/fabric-k8s/scripts/base-functions.sh
index 2bceb013..0b6b89b4 100644
--- a/src/setup-k8s/templates/fabric-k8s/scripts/base-functions.sh
+++ b/src/setup-k8s/templates/fabric-k8s/scripts/base-functions.sh
@@ -74,6 +74,97 @@ registerOrdererUser() {
     --mspid="$MSPID"
 }
 
+registerOrdererAdmin() {
+  local CA_HOST="$1"
+  local MSPID="$2"
+  local CA_NAME="$(echo "$CA_HOST" | sed 's/\./-/g')"
+
+  inputLog "Registering orderer admin user for $MSPID"
+
+  kubectl hlf ca register \
+    --name="$CA_NAME" \
+    --user=admin \
+    --secret=adminpw \
+    --type=admin \
+    --enroll-id=enroll \
+    --enroll-secret=enrollpw \
+    --mspid="$MSPID"
+
+  inputLog "Preparing orderer admin connection for $MSPID"
+
+  kubectl hlf inspect \
+    --output "ordservice-$MSPID.yaml" \
+    -o "$MSPID"
+
+  # TODO `--ca-name ca` or `--ca-name="$CA_NAME.$NAMESPACE" ??
+  kubectl hlf ca enroll \
+    --name="$CA_NAME" \
+    --user=admin \
+    --secret=adminpw \
+    --mspid "$MSPID" \
+    --ca-name=ca \
+    --output "admin-ordservice-$MSPID.yaml"
+
+  ## add user from admin-ordservice.yaml to ordservice.yaml
+  kubectl hlf utils adduser \
+    --userPath="admin-ordservice-$MSPID.yaml" \
+    --config="ordservice-$MSPID.yaml" \
+    --username=admin \
+    --mspid="$MSPID"
+}
+
+saveOrdererCert() {
+  local ORDERER_HOST="$1"
+  local ORDERER_MSPID="$2"
+  local ORDERER_NAME="$(echo "$ORDERER_HOST" | sed 's/\./-/g')"
+
+  inputLog "Saving orderer cert for $ORDERER_NAME"
+
+  kubectl get fabricorderernodes "$ORDERER_NAME" \
+    -o jsonpath='{.status.tlsCert}' \
+    > "orderer-cert-$ORDERER_MSPID.pem"
+}
+
+registerPeerAdmin() {
+  local CA_HOST="$1"
+  local MSPID="$2"
+  local ORDERER_MSPID="$3"
+  local CA_NAME="$(echo "$CA_HOST" | sed 's/\./-/g')"
+
+  inputLog "Registering peer admin user for $MSPID"
+
+  kubectl hlf ca register \
+    --name="$CA_NAME" \
+    --user=admin \
+    --secret=adminpw \
+    --type=admin \
+    --enroll-id=enroll \
+    --enroll-secret=enrollpw \
+    --mspid="$MSPID"
+
+  inputLog "Preparing peer admin connection for $MSPID and $ORDERER_MSPID"
+
+  kubectl hlf inspect \
+    --output "peer-$MSPID-$ORDERER_MSPID.yaml" \
+    -o "$MSPID" \
+    -o "$ORDERER_MSPID"
+
+  # TODO `--ca-name ca` or `--ca-name="$CA_NAME.$NAMESPACE" ??
+  kubectl hlf ca enroll \
+    --name="$CA_NAME" \
+    --user=admin \
+    --secret=adminpw \
+    --mspid "$MSPID" \
+    --ca-name=ca \
+    --output "admin-peer-$MSPID-$ORDERER_MSPID.yaml"
+
+  kubectl hlf utils adduser \
+    --userPath="admin-peer-$MSPID-$ORDERER_MSPID.yaml" \
+    --config="peer-$MSPID-$ORDERER_MSPID.yaml" \
+    --username=admin \
+    --mspid="$MSPID"
+}
+
 deployOrderer() {
   local ORDERER_HOST="$1"
   local CA_HOST="$2"
@@ -91,6 +182,7 @@ deployOrderer() {
     --enroll-pw=ordererpw \
     --name="$ORDERER_NAME" \
     --hosts="$ORDERER_HOST" \
+    --admin-hosts="admin-$ORDERER_HOST" \
     --ca-name="$CA_NAME.$NAMESPACE" \
     --mspid="$MSPID"
 }
@@ -128,8 +220,78 @@ startNetwork() {
 }
 
 installChannels() {
+  <% orgs.forEach((org) => { -%>
+    # TODO missing support for orderer groups
+    <% if(org.ordererGroups.length > 0 ) { -%>
+      registerOrdererAdmin "<%= org.ca.address %>" "<%= org.mspName %>"
+      saveOrdererCert "<%= org.ordererGroups[0].orderers[0].address %>" "<%= org.mspName %>"
+    <% } -%>
+  <% }) -%>
+  <% channels.forEach((channel) => { -%>
+    <% channel.orgs.forEach((org) => { -%>
+      registerPeerAdmin "<%= org.ca.address %>" "<%= org.mspName %>" "<%= channel.ordererHead.orgMspName %>"
+    <% }) -%>
+  <% }) -%>
+
+  set -x
+  inputLog "Creating secret wallet for channel creation"
+  kubectl create secret generic wallet \
+    <% orgs.forEach((org) => { -%>
+      <% if(org.ordererGroups.length > 0 ) { -%>
+        --from-file="admin-ordservice-<%= org.mspName %>.yaml=$PWD/admin-ordservice-<%= org.mspName %>.yaml" \
+      <% } -%>
+    <% }) -%>
+    <% channels.forEach((channel) => { -%>
+      <% channel.orgs.forEach((org) => { -%>
+        --from-file="admin-peer-<%= org.mspName %>-<%= channel.ordererHead.orgMspName %>.yaml=$PWD/admin-peer-<%= org.mspName %>-<%= channel.ordererHead.orgMspName %>.yaml" \
+      <% }) -%>
+    <% }) -%>
+    --namespace="$NAMESPACE"
 
   <% channels.forEach((channel) => { -%>
+    kubectl hlf channelcrd main create \
+      --channel-name="<%= channel.name %>" \
+      --name="<%= channel.name %>" \
+      <% channel.ordererGroup.orderers.forEach((orderer) => { -%>
+        --orderer-orgs="<%= orderer.orgMspName %>" \
+        --admin-orderer-orgs="<%= orderer.orgMspName %>" \
+        --consenters="<%= orderer.address.replaceAll(".", "-") %>.default:7050" \
+        --consenter-certificates="./orderer-cert-<%= orderer.orgMspName %>.pem" \
+        --identities="<%= orderer.orgMspName %>;admin-ordservice-<%= orderer.orgMspName %>.yaml" \
+      <% }) -%>
+      <% channel.orgs.forEach((org) => { -%>
+        --peer-orgs="<%= org.mspName %>" \
+        --admin-peer-orgs="<%= org.mspName %>" \
+        --identities="<%= org.mspName %>;admin-peer-<%= org.mspName %>-<%= channel.ordererHead.orgMspName %>.yaml" \
+      <% }) -%>
+      --secret-name=wallet \
+      --secret-ns=default
+  <% }) -%>
+  kubectl wait --timeout=180s --for=condition=RUNNING fabricmainchannels.hlf.kungfusoftware.es --all
+
+  <% channels.forEach((channel) => { -%>
+    <% channel.orgs.forEach((org) => { -%>
+      kubectl hlf channelcrd follower create \
+        --channel-name="<%= channel.name %>" \
+        --mspid="<%= org.mspName %>" \
+        --name="<%= channel.name %>-<%= org.mspName.toLowerCase() %>" \
+        --orderer-urls="<%= channel.ordererHead.address.replaceAll(".", "-") %>.default:7050" \
+        --orderer-certificates="./orderer-cert-<%= channel.ordererHead.orgMspName %>.pem" \
+        <% org.peers.forEach((peer) => { -%>
+          --anchor-peers="<%= peer.address.replaceAll(".", "-") %>.default:7051" \
+          --peers="<%= peer.address.replaceAll(".", "-") %>.default" \
+        <% }) -%>
+        --secret-name=wallet \
+        --secret-ns=default \
+        --secret-key="admin-peer-<%= org.mspName %>-<%= channel.ordererHead.orgMspName %>.yaml"
+    <% }) -%>
+  <% }) -%>
+  kubectl wait --timeout=180s --for=condition=Created fabricfollowerchannels.hlf.kungfusoftware.es --all
+
+  echo "DONE"
+  exit 1
+
+   <% channels.forEach((channel) => { -%>
     <% channel.orgs.forEach((org) => { -%>
        printItalics "Creating '<%= channel.name %>' on /peer0" "U1F63B"
         sleep 10
@@ -184,6 +346,10 @@ installChaincodes() {
 }
 
 destroyNetwork() {
+  # we need to manually remove channels
+  kubectl delete fabricmainchannels.hlf.kungfusoftware.es --all-namespaces --all
+  kubectl delete fabricfollowerchannels.hlf.kungfusoftware.es --all-namespaces --all
+  kubectl delete secret wallet --namespace="$NAMESPACE" || true
   kubectl delete fabricpeers.hlf.kungfusoftware.es --all-namespaces --all
   kubectl delete fabriccas.hlf.kungfusoftware.es --all-namespaces --all
   kubectl delete fabricorderernodes.hlf.kungfusoftware.es --all-namespaces --all