# All secret data should be base64 encoded before embedding them here.
# Short strings can be encoded using, e.g.
# echo "secret string" | base64 -w 0 > secret.string.b64
# Files (e.g. certificates) can be encoded using, e.g.
# cat cert.pem | base64 -w 0 > cert.pem.b64
# then copy the contents of cert.pem.b64 (for example) below.
# Ref: https://kubernetes.io/docs/concepts/configuration/secret/
# Unused values can be set to ""

apiVersion: v1
kind: Secret
metadata:
  name: cloud-manager-credentials
  namespace: default
type: Opaque
data:
  # Base64-encoded Group ID
  group-id: "<b64 encoded Group ID>"
  # Base64-encoded Agent API Key
  agent-api-key: "<b64 encoded Agent API Key>"
---
apiVersion: v1
kind: Secret
metadata:
  name: bdb-private-key
  namespace: default
type: Opaque
data:
  # Base64-encoded BigchainDB private key of *this* node
  private.key: "<b64 encoded BigchainDB private key>"
---
apiVersion: v1
kind: Secret
metadata:
  name: mdb-certs
  namespace: default
type: Opaque
data:
  # Base64-encoded, concatenated certificate and private key
  mdb-instance.pem: "<b64 encoded, concatenated certificate and private key>"
  # Base64-encoded CA certificate (ca.crt)
  ca.pem: "<b64 encoded CA certificate>"
  # Base64-encoded MongoDB CRL
  mdb-crl.pem: "<b64 encoded CRL data>"
---
apiVersion: v1
kind: Secret
metadata:
  name: mdb-mon-certs
  namespace: default
type: Opaque
data:
  # Base64-encoded, concatenated certificate and private key
  mdb-mon-instance.pem: "<b64 encoded, concatenated certificate and private key>"
  # Base64-encoded CA certificate (ca.crt)
  ca.pem: "<b64 encoded CA certificate>" 
---
apiVersion: v1
kind: Secret
metadata:
  name: mdb-bak-certs
  namespace: default
type: Opaque
data:
  # Base64-encoded, concatenated certificate and private key
  mdb-bak-instance.pem: "<b64 encoded, concatenated certificate and private key>"
  # Base64-encoded CA certificate (ca.crt)
  ca.pem: "<b64 encoded CA certificate>"
---
apiVersion: v1
kind: Secret
metadata:
  name: bdb-certs
  namespace: default
type: Opaque
data:
  # Base64-encoded CA certificate (ca.crt)
  ca.pem: "<b64 encoded CA certificate>"
  # Base64-encoded CRL file
  crlfile: "<b64 encoded CRL>"
  # Base64-encoded BigchainDB instance certificate
  bdb-instance.pem: "<b64 encoded certificate>"
  # Base64-encoded private key
  bdb-instance.key: "<b64 encoded private key>"
  # Base64-encoded instance authentication credentials
  bdb-user: "<b64 encoded user name>"
---
apiVersion: v1
kind: Secret
metadata:
  name: https-certs
  namespace: default
type: Opaque
data:
  # Base64-encoded HTTPS private key
  cert.key: "<b64 encoded HTTPS private key>"
  # Base64-encoded HTTPS certificate chain
  # starting with your primary SSL cert (e.g. your_domain.crt)
  # followed by all intermediate certs.
  # If cert if from DigiCert, download "Best format for nginx".
  cert.pem: "<b64 encoded HTTPS certificate chain"
---
apiVersion: v1
kind: Secret
metadata:
  name: threescale-credentials
  namespace: default
type: Opaque
data:
  secret-token: "<b64 encoded 3scale secret-token>"
  service-id: "<b64 encoded 3scale service-id>"
  version-header: "<b64 encoded 3scale version-header>"
  provider-key: "<b64 encoded 3scale provider-key>"
  # The frontend-api-dns-name will be DNS name registered for your HTTPS
  # certificate.
  frontend-api-dns-name: "<b64 encoded DNS/FQDN>"
  # The upstream-api-port can be set to any port other than 9984, 9985, 443,
  # 8888 and 27017. We usually use port '9999', which is 'OTk5OQo=' in base 64.
  upstream-api-port: "OTk5OQo="