From 757b4fc14c6256359bddafd069fab02b68e4a3a7 Mon Sep 17 00:00:00 2001 From: Ahmed Muawia Khan Date: Tue, 20 Mar 2018 19:34:01 +0100 Subject: [PATCH] Remove cluster-dns --- .../ca-installation.rst | 6 ++--- .../client-tls-certificate.rst | 2 +- .../node-config-map-and-secrets.rst | 12 ++++++++++ .../node-on-kubernetes.rst | 24 +++++++++---------- .../revoke-tls-certificate.rst | 2 +- .../server-tls-certificate.rst | 2 +- k8s/configuration/config-map.yaml | 8 +++---- k8s/dev-setup/nginx-https.yaml | 4 ++-- k8s/nginx-http/nginx-http-dep.yaml | 6 ++--- .../nginx-https-web-proxy-dep.yaml | 6 ++--- k8s/nginx-https/nginx-https-dep.yaml | 4 ++-- k8s/nginx-https/nginx-https-svc.yaml | 4 ++-- k8s/nginx-openresty/nginx-openresty-dep.yaml | 2 +- k8s/scripts/functions | 11 +++++---- k8s/scripts/generate_configs.sh | 2 +- k8s/scripts/vars | 7 +++++- 16 files changed, 60 insertions(+), 42 deletions(-) diff --git a/docs/server/source/production-deployment-template/ca-installation.rst b/docs/server/source/production-deployment-template/ca-installation.rst index 6b2644d8..799e6bc8 100644 --- a/docs/server/source/production-deployment-template/ca-installation.rst +++ b/docs/server/source/production-deployment-template/ca-installation.rst @@ -16,9 +16,9 @@ First create a directory for the CA and cd into it: .. code:: bash - mkdir bdb-cluster-ca + mkdir bdb-node-ca - cd bdb-cluster-ca + cd bdb-node-ca Then :ref:`install and configure Easy-RSA in that directory `. @@ -27,7 +27,7 @@ Step 2: Create a Self-Signed CA ------------------------------- You can create a self-signed CA -by going to the ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3`` directory and using: +by going to the ``bdb-node-ca/easy-rsa-3.0.1/easyrsa3`` directory and using: .. code:: bash diff --git a/docs/server/source/production-deployment-template/client-tls-certificate.rst b/docs/server/source/production-deployment-template/client-tls-certificate.rst index 3004d5cc..0f773eaa 100644 --- a/docs/server/source/production-deployment-template/client-tls-certificate.rst +++ b/docs/server/source/production-deployment-template/client-tls-certificate.rst @@ -68,7 +68,7 @@ to sign the request. If you are the admin of the managing organization's self-signed CA, then you can import the CSR and use Easy-RSA to sign it. -Go to your ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3/`` +Go to your ``bdb-node-ca/easy-rsa-3.0.1/easyrsa3/`` directory and do something like: .. code:: bash diff --git a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst index ae372b88..b11c7804 100644 --- a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst +++ b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst @@ -69,6 +69,18 @@ These parameters are shared across the cluster. More information about the gener of these parameters can be found at :ref:`generate-the-blockchain-id-and-genesis-time`. +vars.NODE_DNS_SERVER +^^^^^^^^^^^^^^^^^^^^ +`CLUSTER-IP` of Kubernetes service(kube-dns), can be retrieved using +using CLI(kubectl) or k8s dashboard. This parameter is used by the Nginx gateway instance +to resolve the hostnames of all the services running in the k8s cluster. +The value defaults to `10.0.0.1`. + +.. code:: + # retrieval via commandline. + $ kubectl get services + + .. _generate-config: Generate configuration diff --git a/docs/server/source/production-deployment-template/node-on-kubernetes.rst b/docs/server/source/production-deployment-template/node-on-kubernetes.rst index e1cf9c14..871a716a 100644 --- a/docs/server/source/production-deployment-template/node-on-kubernetes.rst +++ b/docs/server/source/production-deployment-template/node-on-kubernetes.rst @@ -73,7 +73,7 @@ to the above command (i.e. the path to the private key). $ kubectl get pods will get a list of the pods in the Kubernetes cluster associated - with the context named ``k8s-bdb-test-cluster-0``. + with the context named ``k8s-bdb-test-node-0``. Step 2: Connect to Your Cluster's Web UI (Optional) --------------------------------------------------- @@ -157,9 +157,9 @@ Step 5: Assign DNS Name to the NGINX Public IP * Once a public IP is assigned, you can map it to a DNS name. - We usually assign ``bdb-test-cluster-0``, ``bdb-test-cluster-1`` and + We usually assign ``bdb-test-node-0``, ``bdb-test-node-1`` and so on in our documentation. - Let's assume that we assign the unique name of ``bdb-test-cluster-0`` here. + Let's assume that we assign the unique name of ``bdb-test-node-0`` here. **Set up DNS mapping in Azure.** @@ -171,7 +171,7 @@ changes to be reflected. Select the ``Public IP`` resource that is attached to your service (it should have the Azure DNS prefix name along with a long random string, without the ``master-ip`` string), select ``Configuration``, add the DNS assigned above -(for example, ``bdb-test-cluster-0``), click ``Save``, and wait for the +(for example, ``bdb-test-node-0``), click ``Save``, and wait for the changes to be applied. To verify the DNS setting is operational, you can run ``nslookup /api/v1/streams/valid_transactions + $ wsc -er wss:///api/v1/streams/valid_transactions - $ curl -X GET http://:27017 + $ curl -X GET http://:27017 The above curl command should result in the response ``It looks like you are trying to access MongoDB over HTTP on the native driver port.`` @@ -776,7 +776,7 @@ Check the MongoDB monitoring agent on the MongoDB Cloud Manager portal to verify they are working fine. If you are using the NGINX with HTTP support, accessing the URL -``http://:cluster-frontend-port`` +``http://:node-frontend-port`` on your browser should result in a JSON response that shows the BigchainDB server version, among other things. If you are using the NGINX with HTTPS support, use ``https`` instead of diff --git a/docs/server/source/production-deployment-template/revoke-tls-certificate.rst b/docs/server/source/production-deployment-template/revoke-tls-certificate.rst index 617ff82d..240525d6 100644 --- a/docs/server/source/production-deployment-template/revoke-tls-certificate.rst +++ b/docs/server/source/production-deployment-template/revoke-tls-certificate.rst @@ -14,7 +14,7 @@ Since we used Easy-RSA version 3 to we use it to revoke certificates too. Go to the following directory (associated with the self-signed CA): -``.../bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3``. +``.../bdb-node-ca/easy-rsa-3.0.1/easyrsa3``. You need to be aware of the file name used to import the certificate using the ``./easyrsa import-req`` before. Run the following command to revoke a certificate: diff --git a/docs/server/source/production-deployment-template/server-tls-certificate.rst b/docs/server/source/production-deployment-template/server-tls-certificate.rst index caf0806f..622aeecc 100644 --- a/docs/server/source/production-deployment-template/server-tls-certificate.rst +++ b/docs/server/source/production-deployment-template/server-tls-certificate.rst @@ -70,7 +70,7 @@ to sign the request. If you are the admin of the managing organization's self-signed CA, then you can import the CSR and use Easy-RSA to sign it. -Go to your ``bdb-cluster-ca/easy-rsa-3.0.1/easyrsa3/`` +Go to your ``bdb-node-ca/easy-rsa-3.0.1/easyrsa3/`` directory and do something like: .. code:: bash diff --git a/k8s/configuration/config-map.yaml b/k8s/configuration/config-map.yaml index d3e02138..06babccd 100644 --- a/k8s/configuration/config-map.yaml +++ b/k8s/configuration/config-map.yaml @@ -14,15 +14,15 @@ data: # are available to external clients. node-frontend-port: "443" - # cluster-health-check-port is the port number on which an external load + # node-health-check-port is the port number on which an external load # balancer can check the status/liveness of the external/public server. # In our deployment, Kubernetes sends 'livenessProbes' to this port and # interprets a successful response as a 'healthy' service. - cluster-health-check-port: "8888" + node-health-check-port: "8888" - # cluster-dns-server-ip is the IP of the DNS server. A Kubernetes deployment + # node-dns-server-ip is the IP of the DNS server. A Kubernetes deployment # always has a DNS server (kube-dns) running at 10.0.0.10 - cluster-dns-server-ip: "10.0.0.10" + node-dns-server-ip: "10.0.0.10" # mdb-instance-name is the name of the MongoDB instance in this cluster. mdb-instance-name: "" diff --git a/k8s/dev-setup/nginx-https.yaml b/k8s/dev-setup/nginx-https.yaml index 4610b193..8c9248c7 100644 --- a/k8s/dev-setup/nginx-https.yaml +++ b/k8s/dev-setup/nginx-https.yaml @@ -29,11 +29,11 @@ spec: ports: - port: 443 targetPort: 443 - name: public-secure-cluster-port + name: public-secure-node-port protocol: TCP - port: 80 targetPort: 80 - name: public-insecure-cluster-port + name: public-insecure-node-port protocol: TCP - port: 27017 targetPort: 27017 diff --git a/k8s/nginx-http/nginx-http-dep.yaml b/k8s/nginx-http/nginx-http-dep.yaml index eba18d5d..dba776c5 100644 --- a/k8s/nginx-http/nginx-http-dep.yaml +++ b/k8s/nginx-http/nginx-http-dep.yaml @@ -24,12 +24,12 @@ spec: valueFrom: configMapKeyRef: name: vars - key: cluster-health-check-port + key: node-health-check-port - name: DNS_SERVER valueFrom: configMapKeyRef: name: vars - key: cluster-dns-server-ip + key: node-dns-server-ip - name: MONGODB_BACKEND_HOST valueFrom: configMapKeyRef: @@ -71,7 +71,7 @@ spec: name: tendermint-config key: tm-p2p-port ports: - - containerPort: "" + - containerPort: "" protocol: TCP name: ngx-health - containerPort: "" diff --git a/k8s/nginx-https-web-proxy/nginx-https-web-proxy-dep.yaml b/k8s/nginx-https-web-proxy/nginx-https-web-proxy-dep.yaml index e92aba7d..efdecbb9 100644 --- a/k8s/nginx-https-web-proxy/nginx-https-web-proxy-dep.yaml +++ b/k8s/nginx-https-web-proxy/nginx-https-web-proxy-dep.yaml @@ -54,12 +54,12 @@ spec: valueFrom: configMapKeyRef: name: vars - key: cluster-dns-server-ip + key: node-dns-server-ip - name: HEALTH_CHECK_PORT valueFrom: configMapKeyRef: name: vars - key: cluster-health-check-port + key: node-health-check-port - name: BIGCHAINDB_BACKEND_HOST valueFrom: configMapKeyRef: @@ -76,7 +76,7 @@ spec: livenessProbe: httpGet: path: /health - port: + port: initialDelaySeconds: 15 periodSeconds: 15 failureThreshold: 3 diff --git a/k8s/nginx-https/nginx-https-dep.yaml b/k8s/nginx-https/nginx-https-dep.yaml index 7ba29128..3694dda5 100644 --- a/k8s/nginx-https/nginx-https-dep.yaml +++ b/k8s/nginx-https/nginx-https-dep.yaml @@ -24,7 +24,7 @@ spec: valueFrom: configMapKeyRef: name: vars - key: cluster-health-check-port + key: node-health-check-port - name: NODE_FQDN valueFrom: configMapKeyRef: @@ -34,7 +34,7 @@ spec: valueFrom: configMapKeyRef: name: vars - key: cluster-dns-server-ip + key: node-dns-server-ip - name: MONGODB_BACKEND_HOST valueFrom: configMapKeyRef: diff --git a/k8s/nginx-https/nginx-https-svc.yaml b/k8s/nginx-https/nginx-https-svc.yaml index e8501ba0..1a79ce10 100644 --- a/k8s/nginx-https/nginx-https-svc.yaml +++ b/k8s/nginx-https/nginx-https-svc.yaml @@ -15,7 +15,7 @@ spec: ports: - port: 443 targetPort: 443 - name: public-secure-cluster-port + name: public-secure-node-port protocol: TCP - port: 27017 targetPort: 27017 @@ -31,6 +31,6 @@ spec: name: tm-p2p-port - port: 80 targetPort: 80 - name: public-insecure-cluster-port + name: public-insecure-node-port protocol: TCP type: LoadBalancer diff --git a/k8s/nginx-openresty/nginx-openresty-dep.yaml b/k8s/nginx-openresty/nginx-openresty-dep.yaml index f8f6a09b..6c7149ae 100644 --- a/k8s/nginx-openresty/nginx-openresty-dep.yaml +++ b/k8s/nginx-openresty/nginx-openresty-dep.yaml @@ -19,7 +19,7 @@ spec: valueFrom: configMapKeyRef: name: vars - key: cluster-dns-server-ip + key: node-dns-server-ip - name: OPENRESTY_FRONTEND_PORT valueFrom: configMapKeyRef: diff --git a/k8s/scripts/functions b/k8s/scripts/functions index 1a5a7841..ab203e62 100755 --- a/k8s/scripts/functions +++ b/k8s/scripts/functions @@ -227,6 +227,7 @@ function generate_config_map(){ tm_genesis_time=$7 tm_chain_id=$8 tm_instance_name=$9 + dns_resolver_k8s=$10 cat > config-map.yaml << EOF apiVersion: v1 @@ -242,15 +243,15 @@ data: # are available to external clients. node-frontend-port: "443" - # cluster-health-check-port is the port number on which an external load + # node-health-check-port is the port number on which an external load # balancer can check the status/liveness of the external/public server. # In our deployment, Kubernetes sends 'livenessProbes' to this port and # interprets a successful response as a 'healthy' service. - cluster-health-check-port: "8888" + node-health-check-port: "8888" - # cluster-dns-server-ip is the IP of the DNS server. A Kubernetes deployment - # always has a DNS server (kube-dns) running at 10.0.0.10 - cluster-dns-server-ip: "10.0.0.10" + # node-dns-server-ip is the IP of the DNS server. A Kubernetes deployment + # always has a DNS server (kube-dns). + node-dns-server-ip: "${dns_resolver_k8s}" # mdb-instance-name is the name of the MongoDB instance in this cluster. mdb-instance-name: "${mdb_instance_name}" diff --git a/k8s/scripts/generate_configs.sh b/k8s/scripts/generate_configs.sh index cbca35d5..d43b4f2b 100755 --- a/k8s/scripts/generate_configs.sh +++ b/k8s/scripts/generate_configs.sh @@ -56,7 +56,7 @@ fi BASE_DIR="$(pwd)/${CERT_DIR}" mkdir -p "${BASE_DIR}" -BASE_CA_DIR="${BASE_DIR}"/bdb-cluster-ca +BASE_CA_DIR="${BASE_DIR}"/bdb-node-ca BASE_MEMBER_CERT_DIR="${BASE_DIR}"/member-cert BASE_CLIENT_CERT_DIR="${BASE_DIR}"/client-cert BASE_EASY_RSA_PATH='easy-rsa-3.0.1/easyrsa3' diff --git a/k8s/scripts/vars b/k8s/scripts/vars index 583632b4..1f9a7fd7 100644 --- a/k8s/scripts/vars +++ b/k8s/scripts/vars @@ -38,4 +38,9 @@ TM_GENESIS_TIME='0001-01-01T00:00:00Z' # Blockchain ID must be unique for # every blockchain -TM_CHAIN_ID='test-chain-rwcPML' \ No newline at end of file +TM_CHAIN_ID='test-chain-rwcPML' + +# IP Address of the resolver(DNS server). +# i.e. CLUSTER-IP of `kubernetes` service(kube-dns) +# Can be retrieved using `$ kubectl get svc` +NODE_DNS_SERVER='10.0.0.10'