* Support for secure TLS communication in MongoDB, MongoDB Monitoring
Agent and MongoDB Backup Agent
- Move from Golang to Bash for entrypoint program
- Update image tag to 2.0 for Backup and Monitoring Agents and to
3.4.4 for MongoDB
- Add documentation
* changed title & rewrote Step 1 of workflow.rst
* copy-edited ca-installation.rst
* copy-edited & modified structure of workflow.rst
* moved repeated Easy-RSA install & config docs to new page
* edited the sentences describing the Easy-RSA dirs
* copy-edited the page about generating server certificate
* copy-edited the page about generating client certificate
* renamed page to 'How to Set Up a Self-Signed Certificate Authority'
* copy-edited page about how to revoke a certificate
* Comments on how to uniquely name all instances in the cluster
* Added comments about the other questions when setting up a CA
* Added note about one Agent Api Key per Cloud Manager backup
* docs: clarified instructions for generating server CSR
* docs: added back 'from your PKI infrastructure'
* docs: fixed step & added step re/ FQDNs & certs in workflow.rst
* docs: added note re/ the Distinguished Name
* Update docs for env vars setup
* docs: added tip: how to get help with the easyrsa command
- Added NGINX deployment to frontend both BDB and MDB.
- Nginx is configured with a whitelist (which is read from a ConfigMap)
to allow only other MDB nodes in the closter to communicate with it.
- Azure LB apparently does not support proxy protocol and hence
whitelisting fails as nginx always observer the LB IP instead of the
real IP in the TCP stream.
- Whitelisting source IPs for MongoDB
- Removing deprecated folder
- Better log format
- Intuitive port number usage
- README and examples
- Addressed a typo in PYTHON_STYLE_GUIDE.md
- Azure LB apparently does not support proxy protocol and hence
whitelisting fails as nginx always observer the LB IP instead of the
real IP in the TCP stream.
- Whitelisting source IPs for MongoDB
- Removing deprecated folder
- Multiple changes:
- Better log format
- Intuitive port number usage
- README and examples
- Addressed a typo in PYTHON_STYLE_GUIDE.md
- Documentation
- add the k8s directory to the ignore list in codecov.yml
* Single node as a StatefulSet in k8s
- uses bigchaindb/bigchaindb:0.9.1
* Updating README
* rdb, mdb as stateful services
* [WIP] bdb as a statefulset
* [WIP] bdb w/ rdb and bdb w/ mdb backends
- does not work as of now
* Split mdb & bdb into separate pods + enhancements
* discovery of the mongodb service by the bdb pod by using dns name.
* using separate storage classes to map 2 different volumes exposed by the
mongo docker container; one for /data/db (dbPath) and the other for
/data/configdb (configDB).
* using the `persistentVolumeReclaimPolicy: Retain` in k8s pvc. However,
this seems to be unsupported in Azure and the disks still show a reclaim
policy of `delete`.
* mongodb container runs the `mongod` process as user `mongodb` and group
`mongodb. The corresponding `uid` and `gid` for the `mongod` process is 999
and 999 respectively. When the constinaer runs on a host with a mounted disk,
the writes fail, when there is no user with uid 999. To avoid this, I use the
docker provided feature of --cap-add=FOWNER in k8s. This bypasses the uid and
gid permission checks during writes and allows writes.
Ref: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
* Delete redundant k8s files, add cluster deletion steps.
* Single node as a StatefulSet in k8s
- uses bigchaindb/bigchaindb:0.9.1
* Updating README
* rdb, mdb as stateful services
* [WIP] bdb as a statefulset
* [WIP] bdb w/ rdb and bdb w/ mdb backends
- does not work as of now
* Split mdb & bdb into separate pods + enhancements
* discovery of the mongodb service by the bdb pod by using dns name.
* using separate storage classes to map 2 different volumes exposed by the
mongo docker container; one for /data/db (dbPath) and the other for
/data/configdb (configDB).
* using the `persistentVolumeReclaimPolicy: Retain` in k8s pvc. However,
this seems to be unsupported in Azure and the disks still show a reclaim
policy of `delete`.
* mongodb container runs the `mongod` process as user `mongodb` and group
`mongodb. The corresponding `uid` and `gid` for the `mongod` process is 999
and 999 respectively. When the constinaer runs on a host with a mounted disk,
the writes fail, when there is no user with uid 999. To avoid this, I use the
docker provided feature of --cap-add=FOWNER in k8s. This bypasses the uid and
gid permission checks during writes and allows writes.
Ref: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
* Delete redundant k8s files, add cluster deletion steps.
* Documentation: running a single node with distinct mongodb and bigchaindb
pods on k8s
* Updates as per @ttmc's comments
