Mirroristas/bigchaindb
2
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
bigchaindb/k8s/configuration/secret.yaml
Muawia Khan fbee5db40f Common secret for CA in secret.yaml 
- Creating a common secret for CA, since all the members of the replica set
and the clients need to have a common CA, moving all the relevant configuration
to a common secret.
- Modifying Dockerfiles for some components, once changes are approved
we will publish the new images.
- No documentation changes required.
2017-08-15 14:26:47 +02:00

114 lines
3.0 KiB
YAML
Raw Blame History

# All secret data should be base64 encoded before embedding them here.
# Short strings can be encoded using, e.g.
# echo "secret string" | base64 -w 0 > secret.string.b64
# Files (e.g. certificates) can be encoded using, e.g.
# cat cert.pem | base64 -w 0 > cert.pem.b64
# then copy the contents of cert.pem.b64 (for example) below.
# Ref: https://kubernetes.io/docs/concepts/configuration/secret/
# Unused values can be set to ""
apiVersion: v1
kind: Secret
metadata:
name: cloud-manager-credentials
namespace: default
type: Opaque
data:
# Base64-encoded Group ID
# Group ID used by MongoDB deployment
group-id: "<b64 encoded Group ID>"
# Base64-encoded MongoDB Agent API Key for the group
agent-api-key: "<b64 encoded Agent API Key>"
---
apiVersion: v1
kind: Secret
metadata:
name: bdb-private-key
namespace: default
type: Opaque
data:
# Base64-encoded BigchainDB private key of *this* node
# Generated using bigchaindb_driver in the docs
private.key: "<b64 encoded BigchainDB private key>"
---
apiVersion: v1
kind: Secret
metadata:
name: mdb-certs
namespace: default
type: Opaque
data:
# Base64-encoded, concatenated certificate and private key
mdb-instance.pem: "<b64 encoded, concatenated certificate and private key>"
---
apiVersion: v1
kind: Secret
metadata:
name: mdb-mon-certs
namespace: default
type: Opaque
data:
# Base64-encoded, concatenated certificate and private key
mdb-mon-instance.pem: "<b64 encoded, concatenated certificate and private key>"
---
apiVersion: v1
kind: Secret
metadata:
name: mdb-bak-certs
namespace: default
type: Opaque
data:
# Base64-encoded, concatenated certificate and private key
mdb-bak-instance.pem: "<b64 encoded, concatenated certificate and private key>"
---
apiVersion: v1
kind: Secret
metadata:
name: bdb-certs
namespace: default
type: Opaque
data:
# Base64-encoded BigchainDB instance certificate
bdb-instance.pem: "<b64 encoded certificate>"
# Base64-encoded private key (<bdb-instance-name>.key)
bdb-instance.key: "<b64 encoded private key>"
---
apiVersion: v1
kind: Secret
metadata:
name: https-certs
namespace: default
type: Opaque
data:
# Base64-encoded HTTPS private key
cert.key: "<b64 encoded HTTPS private key>"
# Base64-encoded HTTPS certificate chain
# starting with your primary SSL cert (e.g. your_domain.crt)
# followed by all intermediate certs.
# If cert if from DigiCert, download "Best format for nginx".
cert.pem: "<b64 encoded HTTPS certificate chain"
---
apiVersion: v1
kind: Secret
metadata:
name: threescale-credentials
namespace: default
type: Opaque
data:
secret-token: "<b64 encoded 3scale secret-token>"
service-id: "<b64 encoded 3scale service-id>"
version-header: "<b64 encoded 3scale version-header>"
service-token: "<b64 encoded 3scale service-token>"
---
apiVersion: v1
kind: Secret
metadata:
name: ca-auth
namespace: default
type: Opaque
data:
# CA used to issue members/client certificates
# Base64-encoded CA certificate (ca.crt)
ca.pem: "<b64 encoded CA certificate>"
crl.pem: "<b64 encoded CRL>"
Reference in New Issue View Git Blame Copy Permalink