Global ConfigMap and Secret

2017-05-24 14:45:27 +02:00 · 2017-05-24 14:45:27 +02:00 · 7208310111
parent fe0bd625dc
commit 7208310111
2 changed files with 115 additions and 19 deletions
--- a/k8s/configuration/config-map.yaml
+++ b/k8s/configuration/config-map.yaml
@ -2,29 +2,18 @@
 # This YAML file desribes a ConfigMap for the cluster #
 #######################################################

+## Common Env Variables For This Node
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: mdb-mon
+  name: vars
  namespace: default
 data:
-  api-key: "<api key here>"
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: mdb-backup
-  namespace: default
-data:
-  api-key: "<api key here>"
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: mdb-fqdn
-  namespace: default
-data:
-  fqdn: mdb-instance-0
+  mdb-instance-name: "<name of the mdb instance>"
+  bdb-instance-name: "<name of the bdb instance>"
+  ngx-instance-name: "<name of the ngx instance>"
+  mdb-mon-instance-name: "<name of the mdb monitoring agent instance>"
+  mdb-bak-instance-name: "<name of the mdb backup agent instance>"
 ---
 apiVersion: v1
 kind: ConfigMap
@ -32,5 +21,21 @@ metadata:
  name: mongodb-whitelist
  namespace: default
 data:
+  # We support only 'all' currently
  allowed-hosts: "all"
-
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bdb-keyring
+  namespace: default
+data:
+  bdb-keyring: "<b64 encoded, ':' separated list of public keys>"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bdb-public-key
+  namespace: default
+data:
+  bdb-public-key: "<b64 encoded public key>"
--- a/k8s/configuration/secret.yaml
+++ b/k8s/configuration/secret.yaml
@ -0,0 +1,91 @@
+# All secret data should be base64 encoded before embedding them here by
+# using `echo "secret string" | base64 -w 0 > secret.string.b64` and then
+# copy the resulting value here.
+# Ref: https://kubernetes.io/docs/concepts/configuration/secret/
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mdb-agent-api-key
+  namespace: default
+type: Opaque
+data:
+  api-key: "<b64 encoded api key>"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: bdb-private-key
+  namespace: default
+type: Opaque
+data:
+  private.key: "<b64 encoded private key>"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mdb-certs
+  namespace: default
+type: Opaque
+data:
+  mdb-instance.pem: "<b64 encoded, concatanated public and private keys>"
+  ca.pem: "<b64 encoded CA public key>" 
+  mdb-crl.pem: "<b64 encoded CRL data>" 
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mdb-mon-certs
+  namespace: default
+type: Opaque
+data:
+  mdb-mon-instance.pem: "<b64 encoded, concatanated public and private keys>"
+  ca.pem: "<b64 encoded CA public key>" 
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mdb-bak-certs
+  namespace: default
+type: Opaque
+data:
+  mdb-bak-instance.pem: "<b64 encoded, concatanated public and private keys>"
+  ca.pem: "<b64 encoded CA public key>" 
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: bdb-certs
+  namespace: default
+type: Opaque
+data:
+  bdb-instance.pem: "<b64 encoded, concatanated public and private keys>"
+  ca.pem: "<b64 encoded CA public key>" 
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: https-certs
+  namespace: default
+type: Opaque
+data:
+  cert.pem: "<b64 encoded HTTPS key>"
+  cert.key: "<b64 encoded HTTPS Signed Certificate or Certificate Chain>"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: threescale-credentials
+  namespace: default
+type: Opaque
+data:
+  secret-token: "<b64 encoded 3scale secret-token>"
+  service-id: "<b64 encoded 3scale service-id>"
+  version-header: "<b64 encoded 3scale version-header>"
+  provider-key: "<b64 encoded 3scale provider-key>"
+  # The frontend-api-dns-name will be DNS name registered for your HTTPS
+  # certificate.
+  frontend-api-dns-name: "<b64 encoded DNS/FQDN>"
+  # The upstream-api-port can be set to any port other than 9984, 9985, 443,
+  # 8888 and 27017. We usually use port '9999', which is 'OTk5OQo=' in base 64.
+  upstream-api-port: "OTk5OQo="