diff --git a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst index 6e25c77b..1509091c 100644 --- a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst +++ b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst @@ -89,6 +89,36 @@ Note that ``ca.pem`` is just another name for ``ca.crt`` (the certificate of your BigchainDB cluster's self-signed CA). +bdb-certs.bdb-user +~~~~~~~~~~~~~~~~~~ + +This is the user name that BigchainDB uses to authenticate itself to the +backend MongoDB database. + +We need to specify the user name *as seen in the certificate* issued to +the BigchainDB instance in order to authenticate correctly. Use +the following ``openssl`` command to extract the user name from the +certificate: + +.. code:: bash + + $ openssl x509 -in \ + -inform PEM -subject -nameopt RFC2253 + +You should see an output line that resembles: + +.. code:: bash + + subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE + +The ``subject`` line states the complete user name we need to use for this +field (``bdb-certs.bdb-user``), i.e. + +.. code:: bash + + emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE + + Deploy Your config-map.yaml and secret.yaml ------------------------------------------- diff --git a/k8s/bigchaindb/bigchaindb-dep.yaml b/k8s/bigchaindb/bigchaindb-dep.yaml index 376c5c86..9aea8f7c 100644 --- a/k8s/bigchaindb/bigchaindb-dep.yaml +++ b/k8s/bigchaindb/bigchaindb-dep.yaml @@ -59,8 +59,6 @@ spec: value: /etc/bigchaindb/ssl/bdb-instance.pem - name: BIGCHAINDB_DATABASE_KEYFILE value: /etc/bigchaindb/ssl/bdb-instance.key - - name: BIGCHAINDB_DATABASE_KEYFILE_PASSPHRASE - value: /etc/bigchaindb/ssl/bdb-keyfile-passphrase - name: BIGCHAINDB_DATABASE_LOGIN value: /etc/bigchaindb/ssl/bdb-user # The following env var is not required for the bootstrap/first node diff --git a/k8s/configuration/secret.yaml b/k8s/configuration/secret.yaml index e42ac4c9..795e4756 100644 --- a/k8s/configuration/secret.yaml +++ b/k8s/configuration/secret.yaml @@ -82,8 +82,6 @@ data: bdb-instance.pem: "" # Base64-encoded private key bdb-instance.key: "" - # Base64-encoded private key passphrase - bdb-keyfile-passphrase: "" # Base64-encoded instance authentication credentials bdb-user: "" ---