mirror of
https://github.com/bigchaindb/bigchaindb.git
synced 2024-06-29 00:57:45 +02:00
Credential management using Secret in nginx_3scale
This commit is contained in:
parent
cf10d3199e
commit
af966f56df
|
@ -19,8 +19,7 @@ spec:
|
|||
terminationGracePeriodSeconds: 10
|
||||
containers:
|
||||
- name: nginx-3scale
|
||||
image: bigchaindb/nginx_3scale:1.1
|
||||
# TODO(Krish): Change later to IfNotPresent
|
||||
image: bigchaindb/nginx_3scale:1.4
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: MONGODB_FRONTEND_PORT
|
||||
|
@ -33,7 +32,6 @@ spec:
|
|||
- name: BIGCHAINDB_FRONTEND_PORT
|
||||
value: $(NGX_INSTANCE_0_SERVICE_PORT_NGX_PUBLIC_BDB_PORT)
|
||||
- name: BIGCHAINDB_BACKEND_HOST
|
||||
# NGINX requires FQDN to resolve names
|
||||
value: bdb-instance-0.default.svc.cluster.local
|
||||
- name: BIGCHAINDB_BACKEND_PORT
|
||||
value: "9984"
|
||||
|
@ -46,19 +44,6 @@ spec:
|
|||
value: "10.0.0.10"
|
||||
- name: NGINX_HEALTH_CHECK_PORT
|
||||
value: "8888"
|
||||
# TODO(Krish): use secrets for sensitive info
|
||||
- name: THREESCALE_SECRET_TOKEN
|
||||
value: "<Secret Token Here>"
|
||||
- name: THREESCALE_SERVICE_ID
|
||||
value: "<Service ID Here>"
|
||||
- name: THREESCALE_VERSION_HEADER
|
||||
value: "<Version Header Here>"
|
||||
- name: THREESCALE_PROVIDER_KEY
|
||||
value: "<Provider Key Here>"
|
||||
- name: THREESCALE_FRONTEND_API_DNS_NAME
|
||||
value: "<Frontend API FQDN Here>"
|
||||
- name: THREESCALE_UPSTREAM_API_PORT
|
||||
value: "<Upstream API Port Here>"
|
||||
ports:
|
||||
- containerPort: 27017
|
||||
hostPort: 27017
|
||||
|
@ -81,7 +66,10 @@ spec:
|
|||
name: public-api-port
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: https
|
||||
- name: threescale-credentials
|
||||
mountPath: /usr/local/openresty/nginx/conf/threescale
|
||||
readOnly: true
|
||||
- name: https-certs
|
||||
mountPath: /usr/local/openresty/nginx/conf/ssl/
|
||||
readOnly: true
|
||||
resources:
|
||||
|
@ -98,5 +86,9 @@ spec:
|
|||
volumes:
|
||||
- name: https
|
||||
secret:
|
||||
secretName: certs
|
||||
secretName: https-certs
|
||||
defaultMode: 0400
|
||||
- name: threescale-credentials
|
||||
secret:
|
||||
secretName: threescale-credentials
|
||||
defaultMode: 0400
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
# Certificate data should be base64 encoded before embedding them here by using
|
||||
# `cat cert.pem | base64 -w 0 > cert.pem.b64` and then copy the resulting
|
||||
# value here. Same goes for cert.key.
|
||||
# Ref: https://kubernetes.io/docs/concepts/configuration/secret/
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: certs
|
||||
type: Opaque
|
||||
data:
|
||||
cert.pem: <certificate data here>
|
||||
cert.key: <key data here>
|
Loading…
Reference in New Issue
Block a user