Added clarifying comments to secret.yaml

2024-10-13 13:34:05 +00:00 · 2017-06-08 17:42:30 +02:00 · 2017-06-08 17:42:30 +02:00 · e1082af385
commit e1082af385
parent 03e9020909
1 changed files with 31 additions and 15 deletions
--- a/k8s/configuration/secret.yaml
+++ b/k8s/configuration/secret.yaml
@ -1,7 +1,11 @@
-# All secret data should be base64 encoded before embedding them here by
-# using `echo "secret string" | base64 -w 0 > secret.string.b64` and then
-# copy the resulting value here.
+# All secret data should be base64 encoded before embedding them here.
+# Short strings can be encoded using, e.g.
+# echo "secret string" | base64 -w 0 > secret.string.b64
+# Files (e.g. certificates) can be encoded using, e.g.
+# cat cert.pem | base64 -w 0 > cert.pem.b64
+# then copy the contents of cert.pem.b64 (for example) below.
 # Ref: https://kubernetes.io/docs/concepts/configuration/secret/
+# Unused values can be set to ""

 apiVersion: v1
 kind: Secret
@ -10,8 +14,8 @@ metadata:
  namespace: default
 type: Opaque
 data:
-  # This is the API Key obtained from MongoDB Cloud Manager
-  api-key: "<b64 encoded api key>"
+  # Base64-encoded Agent API Key (obtained from MongoDB Cloud Manager)
+  api-key: "<b64 encoded Agent API Key>"
 ---
 apiVersion: v1
 kind: Secret
@ -20,7 +24,8 @@ metadata:
  namespace: default
 type: Opaque
 data:
-  private.key: "<b64 encoded private key>"
+  # Base64-encoded BigchainDB private key of *this* node
+  private.key: "<b64 encoded BigchainDB private key>"
 ---
 apiVersion: v1
 kind: Secret
@ -29,9 +34,12 @@ metadata:
  namespace: default
 type: Opaque
 data:
-  mdb-instance.pem: "<b64 encoded, concatanated public and private keys>"
-  ca.pem: "<b64 encoded CA public key>" 
-  mdb-crl.pem: "<b64 encoded CRL data>" 
+  # Base64-encoded, concatenated certificate and private key
+  mdb-instance.pem: "<b64 encoded, concatenated certificate and private key>"
+  # Base64-encoded CA certificate (ca.crt)
+  ca.pem: "<b64 encoded CA certificate>"
+  # Base64-encoded MongoDB CRL
+  mdb-crl.pem: "<b64 encoded CRL data>"
 ---
 apiVersion: v1
 kind: Secret
@ -40,8 +48,10 @@ metadata:
  namespace: default
 type: Opaque
 data:
-  mdb-mon-instance.pem: "<b64 encoded, concatanated public and private keys>"
-  ca.pem: "<b64 encoded CA public key>" 
+  # Base64-encoded, concatenated certificate and private key
+  mdb-mon-instance.pem: "<b64 encoded, concatenated certificate and private key>"
+  # Base64-encoded CA certificate (ca.crt)
+  ca.pem: "<b64 encoded CA certificate>" 
 ---
 apiVersion: v1
 kind: Secret
@ -50,8 +60,10 @@ metadata:
  namespace: default
 type: Opaque
 data:
-  mdb-bak-instance.pem: "<b64 encoded, concatanated public and private keys>"
-  ca.pem: "<b64 encoded CA public key>" 
+  # Base64-encoded, concatenated certificate and private key
+  mdb-bak-instance.pem: "<b64 encoded, concatenated certificate and private key>"
+  # Base64-encoded CA certificate (ca.crt)
+  ca.pem: "<b64 encoded CA certificate>"
 ---
 apiVersion: v1
 kind: Secret
@ -60,8 +72,10 @@ metadata:
  namespace: default
 type: Opaque
 data:
-  bdb-instance.pem: "<b64 encoded, concatanated public and private keys>"
-  ca.pem: "<b64 encoded CA public key>" 
+  # Base64-encoded, concatenated certificate and private key
+  bdb-instance.pem: "<b64 encoded, concatenated certificate and private key>"
+  # Base64-encoded CA certificate (ca.crt)
+  ca.pem: "<b64 encoded CA certificate>"
 ---
 apiVersion: v1
 kind: Secret
@ -70,7 +84,9 @@ metadata:
  namespace: default
 type: Opaque
 data:
+  # Base64-encoded HTTPS private key
  cert.key: "<b64 encoded HTTPS private key>"
+  # Base64-encoded HTTPS Signed Certificate or Certificate Chain
  cert.pem: "<b64 encoded HTTPS Signed Certificate or Certificate Chain>"
 ---
 apiVersion: v1