mirror of
https://github.com/bigchaindb/bigchaindb.git
synced 2024-10-13 13:34:05 +00:00
d977753831
- Currently, we had to manually log into the MongoDB container and create users, this change will configure the relevant users from a single script `configure_mdb.sh` - Improvements can be done but keeping it minimal for the workshop
114 lines
2.9 KiB
YAML
114 lines
2.9 KiB
YAML
# All secret data should be base64 encoded before embedding them here.
|
|
# Short strings can be encoded using, e.g.
|
|
# echo "secret string" | base64 -w 0 > secret.string.b64
|
|
# Files (e.g. certificates) can be encoded using, e.g.
|
|
# cat cert.pem | base64 -w 0 > cert.pem.b64
|
|
# then copy the contents of cert.pem.b64 (for example) below.
|
|
# Ref: https://kubernetes.io/docs/concepts/configuration/secret/
|
|
# Unused values can be set to ""
|
|
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: cloud-manager-credentials
|
|
namespace: default
|
|
type: Opaque
|
|
data:
|
|
# Base64-encoded Project ID
|
|
# Project ID used by MongoDB deployment
|
|
group-id: "<b64 encoded Project ID>"
|
|
# Base64-encoded MongoDB Agent API Key for the group
|
|
agent-api-key: "<b64 encoded Agent API Key>"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: mdb-certs
|
|
namespace: default
|
|
type: Opaque
|
|
data:
|
|
# Base64-encoded, concatenated certificate and private key
|
|
mdb-instance.pem: "<b64 encoded, concatenated certificate and private key>"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: mdb-mon-certs
|
|
namespace: default
|
|
type: Opaque
|
|
data:
|
|
# Base64-encoded, concatenated certificate and private key
|
|
mdb-mon-instance.pem: "<b64 encoded, concatenated certificate and private key>"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: bdb-certs
|
|
namespace: default
|
|
type: Opaque
|
|
data:
|
|
# Base64-encoded BigchainDB instance certificate
|
|
bdb-instance.pem: "<b64 encoded certificate>"
|
|
# Base64-encoded private key (<bdb-instance-name>.key)
|
|
bdb-instance.key: "<b64 encoded private key>"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: nginx-secret-header
|
|
namespace: default
|
|
type: Opaque
|
|
data:
|
|
# Base64-encoded secret token to authorize POST requests
|
|
secret-token: "<b64 encoded secret token for authorization>"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: https-certs
|
|
namespace: default
|
|
type: Opaque
|
|
data:
|
|
# Base64-encoded HTTPS private key
|
|
cert.key: "<b64 encoded HTTPS private key>"
|
|
# Base64-encoded HTTPS certificate chain
|
|
# starting with your primary SSL cert (e.g. your_domain.crt)
|
|
# followed by all intermediate certs.
|
|
# If cert if from DigiCert, download "Best format for nginx".
|
|
cert.pem: "<b64 encoded HTTPS certificate chain>"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: threescale-credentials
|
|
namespace: default
|
|
type: Opaque
|
|
data:
|
|
secret-token: "<b64 encoded 3scale secret-token>"
|
|
service-id: "<b64 encoded 3scale service-id>"
|
|
version-header: "<b64 encoded 3scale version-header>"
|
|
service-token: "<b64 encoded 3scale service-token>"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: ca-auth
|
|
namespace: default
|
|
type: Opaque
|
|
data:
|
|
# CA used to issue members/client certificates
|
|
# Base64-encoded CA certificate (ca.crt)
|
|
ca.pem: "<b64 encoded CA certificate>"
|
|
crl.pem: "<b64 encoded CRL>"
|
|
---
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: mdb-config
|
|
namespace: default
|
|
type: Opaque
|
|
data:
|
|
# Password for for MongoDB adminuser
|
|
mdb-admin-password: "<b64 encoded mdb admin password>"
|