Deployment changes: (#1623)

Update MongoDB container tag to `3.0`. Doc change to reflect bdb-config.bdb-user parameter usage. Fix typo in configuration.md. Add BIGCHAINDB_DATABASE_SSL parameter to bigchaindb-dep.yaml for Kubernetes deployments. Refer the the `bdb-user` parameter from ConfigMap in bigchaindb-dep.yaml. Consolidate all BigchainDB parameter values under the `bdb-config` ConfigMap. Remove `bdb-user` from secrets.yaml.
2024-10-13 13:34:05 +00:00 · 2017-07-03 15:55:43 +02:00 · 2017-07-03 15:55:43 +02:00 · ece195ff8d
commit ece195ff8d
parent e89623c836
6 changed files with 37 additions and 40 deletions
--- a/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst
+++ b/docs/server/source/production-deployment-template/node-config-map-and-secrets.rst
@ -49,7 +49,7 @@ There are some things worth noting about the ``mdb-instance-name``:
 * We use ``mdb-instance-0``, ``mdb-instance-1`` and so on in our
  documentation. Your BigchainDB cluster may use a different naming convention.

-bdb-keyring.bdb-keyring
+bdb-config.bdb-keyring
 ~~~~~~~~~~~~~~~~~~~~~~~

 This lists the BigchainDB public keys
@ -70,29 +70,8 @@ of all *other* nodes in your BigchainDB cluster
  For example,
  ``"DPjpKbmbPYPKVAuf6VSkqGCf5jzrEh69Ldef6TrLwsEQ:EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"``

-
-Edit secret.yaml
----------------
-
-Make a copy of the file ``k8s/configuration/secret.yaml``
-and edit the data values in the various Secrets.
-That file includes many comments to explain the required values.
-**In particular, note that all values must be base64-encoded.**
-There are tips at the top of the file
-explaining how to convert values into base64-encoded values.
-
-Your BigchainDB node might not need all the Secrets.
-For example, if you plan to access the BigchainDB API over HTTP, you
-don't need the ``https-certs`` Secret.
-You can delete the Secrets you don't need,
-or set their data values to ``""``.
-
-Note that ``ca.pem`` is just another name for ``ca.crt``
-(the certificate of your BigchainDB cluster's self-signed CA).
-
-
-bdb-certs.bdb-user
-~~~~~~~~~~~~~~~~~~
+bdb-config.bdb-user
+~~~~~~~~~~~~~~~~~~~

 This is the user name that BigchainDB uses to authenticate itself to the
 backend MongoDB database.
@ -114,13 +93,33 @@ You should see an output line that resembles:
   subject= emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE

 The ``subject`` line states the complete user name we need to use for this
-field (``bdb-certs.bdb-user``), i.e.
+field (``bdb-config.bdb-user``), i.e.

 .. code:: bash

   emailAddress=dev@bigchaindb.com,CN=test-bdb-ssl,OU=BigchainDB-Instance,O=BigchainDB GmbH,L=Berlin,ST=Berlin,C=DE


+Edit secret.yaml
+----------------
+
+Make a copy of the file ``k8s/configuration/secret.yaml``
+and edit the data values in the various Secrets.
+That file includes many comments to explain the required values.
+**In particular, note that all values must be base64-encoded.**
+There are tips at the top of the file
+explaining how to convert values into base64-encoded values.
+
+Your BigchainDB node might not need all the Secrets.
+For example, if you plan to access the BigchainDB API over HTTP, you
+don't need the ``https-certs`` Secret.
+You can delete the Secrets you don't need,
+or set their data values to ``""``.
+
+Note that ``ca.pem`` is just another name for ``ca.crt``
+(the certificate of your BigchainDB cluster's self-signed CA).
+
+
 threescale-credentials.*
 ~~~~~~~~~~~~~~~~~~~~~~~~

--- a/docs/server/source/server-reference/configuration.md
+++ b/docs/server/source/server-reference/configuration.md
@ -37,7 +37,7 @@ For convenience, here's a list of all the relevant environment variables (docume
 `BIGCHAINDB_LOG_FMT_LOGFILE`<br>
 `BIGCHAINDB_LOG_GRANULAR_LEVELS`<br>
 `BIGCHAINDB_DATABASE_SSL`<br>
-`BIGCHIANDB_DATABASE_LOGIN`<br>
+`BIGCHAINDB_DATABASE_LOGIN`<br>
 `BIGCHAINDB_DATABASE_PASSWORD`<br>
 `BIGCHAINDB_DATABASE_CA_CERT`<br>
 `BIGCHAINDB_DATABASE_CERTFILE`<br>
--- a/k8s/bigchaindb/bigchaindb-dep.yaml
+++ b/k8s/bigchaindb/bigchaindb-dep.yaml
@ -39,7 +39,7 @@ spec:
        - name: BIGCHAINDB_KEYPAIR_PUBLIC
          valueFrom:
            configMapKeyRef:
-              name: bdb-public-key
+              name: bdb-config
              key: bdb-public-key
        - name: BIGCHAINDB_KEYPAIR_PRIVATE
          value: "<private key here>"
@ -51,6 +51,8 @@ spec:
          value: "120"
        - name: BIGCHAINDB_LOG_LEVEL_CONSOLE
          value: debug
+        - name: BIGCHAINDB_DATABASE_SSL
+          value: "true"
        - name: BIGCHAINDB_DATABASE_CA_CERT
          value: /etc/bigchaindb/ssl/ca.pem
        - name: BIGCHAINDB_DATABASE_CRLFILE
@ -60,12 +62,15 @@ spec:
        - name: BIGCHAINDB_DATABASE_KEYFILE
          value: /etc/bigchaindb/ssl/bdb-instance.key
        - name: BIGCHAINDB_DATABASE_LOGIN
-          value: /etc/bigchaindb/ssl/bdb-user
+          valueFrom:
+            configMapKeyRef:
+              name: bdb-config
+              key: bdb-user
        # The following env var is not required for the bootstrap/first node
        #- name: BIGCHAINDB_KEYRING
        #   valueFrom:
        #     configMapKeyRef:
-        #       name: bdb-keyring
+        #       name: bdb-config
        #       key: bdb-keyring
        ports:
        - containerPort: 9984
--- a/k8s/configuration/config-map.yaml
+++ b/k8s/configuration/config-map.yaml
@ -30,18 +30,13 @@ data:
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: bdb-keyring
+  name: bdb-config
  namespace: default
 data:
  # Colon-separated list of all *other* nodes' BigchainDB public keys.
  bdb-keyring: "<':' separated list of public keys>"
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: bdb-public-key
-  namespace: default
-data:
+  # BigchainDB instance authentication user name
+  bdb-user: "<user name>"
  # BigchainDB public key of *this* node.
  # Example: "EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"
  bdb-public-key: "<public key>"
--- a/k8s/configuration/secret.yaml
+++ b/k8s/configuration/secret.yaml
@ -82,8 +82,6 @@ data:
  bdb-instance.pem: "<b64 encoded certificate>"
  # Base64-encoded private key
  bdb-instance.key: "<b64 encoded private key>"
-  # Base64-encoded instance authentication credentials
-  bdb-user: "<b64 encoded user name>"
 ---
 apiVersion: v1
 kind: Secret
--- a/k8s/mongodb/mongo-ss.yaml
+++ b/k8s/mongodb/mongo-ss.yaml
@ -21,7 +21,7 @@ spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: mongodb
-        image: bigchaindb/mongodb:3.4.4
+        image: bigchaindb/mongodb:3.0
        imagePullPolicy: Always
        env:
        - name: MONGODB_FQDN