- Standardize docker-compose workflow
- Change docker-compose version to 2.1
- why one might ask? because compose version
3.0 does not support depends on and inherits
like we want to and is more aimed towards migration to using
`docker stack`, for our current strategy `2.1` is a better choice.
- change `bdb` service `bigchaindb` service
- why? Introduced a new proxy service `bdb` which is just a dummy
`busybox` image.
- why? because this ensure via healthcheck of bigchaindb that BigchainDB
has started properly and makes a `curl` to ensure HTTP API server is up
and running.
- why? Because we have had scenarios where BigchainDB is not started
via docker compose and user has to check out the logs to find out what
the problem might be. This ensure that bigchaindb is up and running.
- Does this change deployment workflow? No.
- The only thing change is that if you want to run commands inside a bigchaindb
container e.g. `pytest` now you have to run the following command:
`docker-compose run --rm --no-deps bigchaindb pytest -v --cov=bigchaindb`
as opposed to `docker-compose run --rm --no-deps bdb pytest -v --cov=bigchaindb`
- Remove env variable `BIGCHAINDB_START_TENDERMINT`
- Remove TENDERMINT_INTEGRATION.rst and move to the new docs
- Change mdb -> mongodb because the other services were named with
full name.
- Add example to run specific tests or from a file
- Update config.toml for tendermint to use `bigchaindb` as proxy app
instead of `bdb`
- Remove `network` directory because it is deprecated
- Add comment about why PYTHONBUFFERED is used
* Fix for access token authorization for GET calls
- Naming inconsistency for cluster-fqdn causing issues
- Change cluster-frontend-port to node-frontend-port
* Change hardcoded 9984 to configurable
We manually add all the required configurations and secretes in config-map.yaml and secret.yaml. There is a need for a wrapper script which takes these generated mongodb certs and also process https certificates and populates config-map.yaml and secret.yaml
- Update docs for azure cluster deployment template
- Update entrypoint for MongoDB to handle user configuration
more efficiently
- remove `use admin` in js file, that is an invalid format
- Currently, we had to manually log into the MongoDB container
and create users, this change will configure the relevant users
from a single script `configure_mdb.sh`
- Improvements can be done but keeping it minimal for the workshop
Problem
The current production deployment template uses 3scale to ensure that POST requests to the network (from anyone) only get through if they come from a client with an account (app_id and app_key).
A private network wants to launch so that all HTTP requests (POST and GET) sent to the nodes in the network get be dropped unless they come from a small set of known (and unchanging) clients/sources. They don't need 3scale. They will want a modified version of the production deployment template.
Solution
Generate a special HTTP header and share it with all the known clients/sources.
Have a single NGINX in each node which checks for that HTTP header value. If it's present, let the request pass through to the network. (HTTP headers are encrypted if HTTPS is used.)
Are there other simpler or better options?
- Update imagePullPolicy from IfNotPresent to Always
for all unstable images we are using in k8s template,
because those images are updated regularly, we will
keep it unstable until the official release.
- Use Tendermint v0.13 as base docker image, since our current
integration is based out of v0.13
Description
Currently we manually configure ports in deployment and service files for k8s deployment e.g here. Instead these ports should be constant since these are always the same for each deployment
Issues This PR Fixes
Fixes#2077
- Separate deployments, services, statefulsets etc
`yaml` files for tendermint based deployment.
- Separate Dockerfiles for mongodb, nginx for
tendermint integrated BigchainDB.
In mongodb docker image STORAGE_ENGINE_CACHE_SIZE
will always be set to '' (two quotation marks)
and verification will fail. So it's impossible to
run image without --storage-engine-cache-size set.
This change removes double quotes while assigning
default value to STORAGE_ENGINE_CACHE_SIZE.
Skip Referer check on preflight request (OPTIONS) and set Referrer-Policy to origin-when-cross-origin in response to OPTIONS request. Once Referrer-Policy is set on the subsequent POST request referrer is set by the browser to expected value.
MongoDB cloud manager UI has been updated and they have changed Group ID to Project ID and merged Settings -> Group Settings into one consolidated panel Settings
This PR updates the k8s docs accordingly
