From 7d6455f1d7a38bba34e3aa8c7ce140d44c1f5445 Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Thu, 17 May 2018 11:19:05 +0200 Subject: [PATCH 1/2] Adding deployment replication spec --- .../DeploymentReplicationResource.md | 82 +++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 docs/Manual/Deployment/Kubernetes/DeploymentReplicationResource.md diff --git a/docs/Manual/Deployment/Kubernetes/DeploymentReplicationResource.md b/docs/Manual/Deployment/Kubernetes/DeploymentReplicationResource.md new file mode 100644 index 000000000..1b694d321 --- /dev/null +++ b/docs/Manual/Deployment/Kubernetes/DeploymentReplicationResource.md @@ -0,0 +1,82 @@ +# ArangoDeploymentReplication Custom Resource + +The ArangoDB Replication Operator creates and maintains ArangoDB +`arangosync` configurations in a Kubernetes cluster, given a replication specification. +This replication specification is a `CustomResource` following +a `CustomResourceDefinition` created by the operator. + +Example minimal replication definition: + +```yaml +apiVersion: "database.arangodb.com/v1alpha" +kind: "ArangoDeploymentReplication" +metadata: + name: "replication-from-a-to-b" +spec: + source: + deploymentName: cluster-a + destination: + deploymentName: cluster-b + auth: + clientSecretName: client-auth-cert +``` + +This definition results in: + +- the arangosync `SyncMaster` in deployment `cluster-b` is called to configure a synchronization + from `cluster-a` to `cluster-b`, using the client authentication certificate stored in + `Secret` `client-auth-cert`. + +## Specification reference + +Below you'll find all settings of the `ArangoDeploymentReplication` custom resource. + +### `spec.source.deploymentName: string` + +This setting specifies the name of an `ArangoDeployment` resource that runs a cluster +with sync enabled. + +This cluster configured as the replication source. + +### `spec.source.deploymentNamespace: string` + +This setting specifies the Kubernetes namespace of an `ArangoDeployment` resource specified in `spec.source.deploymentName`. + +If this setting is empty, the namespace of the `ArangoDeploymentReplication` is used. + +### `spec.source.masterEndpoints: []string` + +This setting specifies zero or more master endpoint URL's of the source cluster. + +Use this setting if the source cluster is not running inside a Kubernetes cluster +that is reachable from the Kubernetes cluster the `ArangoDeploymentReplication` resource is deployed in. + +Specifying this setting and `spec.source.deploymentName` at the same time is not allowed. + +### `spec.destination.deploymentName: string` + +This setting specifies the name of an `ArangoDeployment` resource that runs a cluster +with sync enabled. + +This cluster configured as the replication destination. + +### `spec.destination.deploymentNamespace: string` + +This setting specifies the Kubernetes namespace of an `ArangoDeployment` resource specified in `spec.destination.deploymentName`. + +If this setting is empty, the namespace of the `ArangoDeploymentReplication` is used. + +### `spec.destination.masterEndpoints: []string` + +This setting specifies zero or more master endpoint URL's of the destination cluster. + +Use this setting if the destination cluster is not running inside a Kubernetes cluster +that is reachable from the Kubernetes cluster the `ArangoDeploymentReplication` resource is deployed in. + +Specifying this setting and `spec.destination.deploymentName` at the same time is not allowed. + +### `spec.auth.clientSecretName: string` + +This setting specifies the name of a `Secret` containing a client authentication certificate, +used to authenticate the SyncMaster in the destination cluster with the SyncMaster in the +source cluster. From 67228821a9c46626da26b392e6a73e38159fa039 Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Tue, 22 May 2018 13:26:23 +0200 Subject: [PATCH 2/2] Updated spec --- .../DeploymentReplicationResource.md | 34 +++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/docs/Manual/Deployment/Kubernetes/DeploymentReplicationResource.md b/docs/Manual/Deployment/Kubernetes/DeploymentReplicationResource.md index 1b694d321..6e64f1784 100644 --- a/docs/Manual/Deployment/Kubernetes/DeploymentReplicationResource.md +++ b/docs/Manual/Deployment/Kubernetes/DeploymentReplicationResource.md @@ -8,7 +8,7 @@ a `CustomResourceDefinition` created by the operator. Example minimal replication definition: ```yaml -apiVersion: "database.arangodb.com/v1alpha" +apiVersion: "replication.database.arangodb.com/v1alpha" kind: "ArangoDeploymentReplication" metadata: name: "replication-from-a-to-b" @@ -18,7 +18,7 @@ spec: destination: deploymentName: cluster-b auth: - clientSecretName: client-auth-cert + clientAuthSecretName: client-auth-cert ``` This definition results in: @@ -53,6 +53,20 @@ that is reachable from the Kubernetes cluster the `ArangoDeploymentReplication` Specifying this setting and `spec.source.deploymentName` at the same time is not allowed. +### `spec.source.auth.jwtSecretName: string` + +This setting specifies the name of a `Secret` containing a JWT `token` used to authenticate +with the SyncMaster at the specified source. + +This setting is required, unless `spec.source.deploymentName` has been set. + +### `spec.source.tls.caSecretName: string` + +This setting specifies the name of a `Secret` containing a TLS CA certificate `ca.crt` used to verify +the TLS connection created by the SyncMaster at the specified source. + +This setting is required, unless `spec.source.deploymentName` has been set. + ### `spec.destination.deploymentName: string` This setting specifies the name of an `ArangoDeployment` resource that runs a cluster @@ -75,7 +89,21 @@ that is reachable from the Kubernetes cluster the `ArangoDeploymentReplication` Specifying this setting and `spec.destination.deploymentName` at the same time is not allowed. -### `spec.auth.clientSecretName: string` +### `spec.destination.auth.jwtSecretName: string` + +This setting specifies the name of a `Secret` containing a JWT `token` used to authenticate +with the SyncMaster at the specified destination. + +This setting is required, unless `spec.destination.deploymentName` has been set. + +### `spec.destination.tls.caSecretName: string` + +This setting specifies the name of a `Secret` containing a TLS CA certificate `ca.crt` used to verify +the TLS connection created by the SyncMaster at the specified destination. + +This setting is required, unless `spec.destination.deploymentName` has been set. + +### `spec.auth.clientAuthSecretName: string` This setting specifies the name of a `Secret` containing a client authentication certificate, used to authenticate the SyncMaster in the destination cluster with the SyncMaster in the