- Standardize docker-compose workflow
- Change docker-compose version to 2.1
- why one might ask? because compose version
3.0 does not support depends on and inherits
like we want to and is more aimed towards migration to using
`docker stack`, for our current strategy `2.1` is a better choice.
- change `bdb` service `bigchaindb` service
- why? Introduced a new proxy service `bdb` which is just a dummy
`busybox` image.
- why? because this ensure via healthcheck of bigchaindb that BigchainDB
has started properly and makes a `curl` to ensure HTTP API server is up
and running.
- why? Because we have had scenarios where BigchainDB is not started
via docker compose and user has to check out the logs to find out what
the problem might be. This ensure that bigchaindb is up and running.
- Does this change deployment workflow? No.
- The only thing change is that if you want to run commands inside a bigchaindb
container e.g. `pytest` now you have to run the following command:
`docker-compose run --rm --no-deps bigchaindb pytest -v --cov=bigchaindb`
as opposed to `docker-compose run --rm --no-deps bdb pytest -v --cov=bigchaindb`
- Remove env variable `BIGCHAINDB_START_TENDERMINT`
- Remove TENDERMINT_INTEGRATION.rst and move to the new docs
- Change mdb -> mongodb because the other services were named with
full name.
- Add example to run specific tests or from a file
- Update config.toml for tendermint to use `bigchaindb` as proxy app
instead of `bdb`
- Remove `network` directory because it is deprecated
- Add comment about why PYTHONBUFFERED is used
* Fix for access token authorization for GET calls
- Naming inconsistency for cluster-fqdn causing issues
- Change cluster-frontend-port to node-frontend-port
* Change hardcoded 9984 to configurable
We manually add all the required configurations and secretes in config-map.yaml and secret.yaml. There is a need for a wrapper script which takes these generated mongodb certs and also process https certificates and populates config-map.yaml and secret.yaml
- Update docs for azure cluster deployment template
- Update entrypoint for MongoDB to handle user configuration
more efficiently
- remove `use admin` in js file, that is an invalid format
- Currently, we had to manually log into the MongoDB container
and create users, this change will configure the relevant users
from a single script `configure_mdb.sh`
- Improvements can be done but keeping it minimal for the workshop
Problem
The current production deployment template uses 3scale to ensure that POST requests to the network (from anyone) only get through if they come from a client with an account (app_id and app_key).
A private network wants to launch so that all HTTP requests (POST and GET) sent to the nodes in the network get be dropped unless they come from a small set of known (and unchanging) clients/sources. They don't need 3scale. They will want a modified version of the production deployment template.
Solution
Generate a special HTTP header and share it with all the known clients/sources.
Have a single NGINX in each node which checks for that HTTP header value. If it's present, let the request pass through to the network. (HTTP headers are encrypted if HTTPS is used.)
Are there other simpler or better options?
- Update imagePullPolicy from IfNotPresent to Always
for all unstable images we are using in k8s template,
because those images are updated regularly, we will
keep it unstable until the official release.
- Use Tendermint v0.13 as base docker image, since our current
integration is based out of v0.13
Description
Currently we manually configure ports in deployment and service files for k8s deployment e.g here. Instead these ports should be constant since these are always the same for each deployment
Issues This PR Fixes
Fixes#2077
- Separate deployments, services, statefulsets etc
`yaml` files for tendermint based deployment.
- Separate Dockerfiles for mongodb, nginx for
tendermint integrated BigchainDB.
In mongodb docker image STORAGE_ENGINE_CACHE_SIZE
will always be set to '' (two quotation marks)
and verification will fail. So it's impossible to
run image without --storage-engine-cache-size set.
This change removes double quotes while assigning
default value to STORAGE_ENGINE_CACHE_SIZE.
Skip Referer check on preflight request (OPTIONS) and set Referrer-Policy to origin-when-cross-origin in response to OPTIONS request. Once Referrer-Policy is set on the subsequent POST request referrer is set by the browser to expected value.
MongoDB cloud manager UI has been updated and they have changed Group ID to Project ID and merged Settings -> Group Settings into one consolidated panel Settings
This PR updates the k8s docs accordingly
- Currently, MongoDB container crashed because of resource constaints i.e.
out of memory exception. This change updates the resources and provides
data on how the configure/calculate them(if not following the guide).
- Also, add the ability to specify the storage engine(WiredTiger) cache
size for MongoDB, this configuration also helps with keeping the resources
constrained for MongoDB containers.
- Minor changes in some other documents as well.
- turned off server tokens so the server does not leak nginx information
on errors and header
- Added header to turn off cross site scripting
- use stable release of nginx instead of mainline
- limit available methods
- update response code
- All files moved to k8s/nginx-3scale with directory structure consistent
with k8s/nginx-http(s)
- Top level LICENCES.md updated
- Renaming entry point script to nginx_openresty_entrypoint.bash
Currently, the requests from public websites (like
`bigchaindb.com/getstarted` and tutorials.bigchaindb.com/crab) cannot have the
app_id and app_key required to access IPDB in the web page.
We pass such requests through a web proxy that adds the required headers
to any POST requests from `*.bigchaindb.com`.
- If a mandatory variable is not specified, it will exit with the relevant
code and error message.
- For more verbosity, we will also echo the values for all the mandatory
variables.
- Documentation support to add a new BDB node to an existing
replica set, using x.509 certificates and SSL/TSL connections, across
geographically dispersed clusters.
- Fix some documentation issues and add more references i.e.
specifically about signing of MongoDB member certificates.
- Minor fixes for nginx-https-dep.yaml(invalid configMap var)
- Reconfigure nginx keep_alive between MongoDB front and backend ports.
- Editor removed whitespaces
- Creating a common secret for CA, since all the members of the replica set
and the clients need to have a common CA, moving all the relevant configuration
to a common secret.
- Modifying Dockerfiles for some components, once changes are approved
we will publish the new images.
- No documentation changes required.
-- Fixed typos in the guide
-- Fixed some syntax errors in commandline instructions
-- Fixed strucuture of sample jsons
-- Fixed bugs in nginx-https-dep file, it was trying to access
an invalid variable in the configmap.
-- Improved some docs to give more clarity for the user.
Atleast all the issues I faced. :)
* Remove support for whitelist
* Rename nginx to nginx-api
* Remove websocket support from nginx-api
* Change nginx to nginx-api service
The nginx-api service will proxy requests to the BigchainDB HTTP API.
* Rename ngx-instance-0 to ngx-api-instance-0 in nginx_3scale
* Update nginx-api service base docker image and README
* Add nginx-ws service to support Websocket
* Add config files for simple dev setup
* WS support with split NGINX
* NGINX module as single entrypoint into the cluster.
* Tested HTTP and WS with latest configs
* Openresty as separate service
* Remove upstream api port as configuration parameter
* Changes while testing
* Adding READMEs for nginx-http and nginx-https modules
* Documentation update
* Change 'Openresty' to 'OpenResty'.
- MongoDB StatefulSet hitting memory limit, so k8s restarts it.
We have had multiple instances of restarts lately.
- Changing it to 3.5 GB, data and reasoning to back it up
is mentioned in the ticket #1655
Update MongoDB container tag to `3.0`.
Doc change to reflect bdb-config.bdb-user parameter usage.
Fix typo in configuration.md.
Add BIGCHAINDB_DATABASE_SSL parameter to bigchaindb-dep.yaml for
Kubernetes deployments.
Refer the the `bdb-user` parameter from ConfigMap in
bigchaindb-dep.yaml.
Consolidate all BigchainDB parameter values under the
`bdb-config` ConfigMap.
Remove `bdb-user` from secrets.yaml.