From 1a4352cb49c314cd54000c7e97c63721a38c786b Mon Sep 17 00:00:00 2001 From: Michal Konečný Date: Dec 10 2020 13:39:34 +0000 Subject: Write down prerequisites for MBBox deployment Signed-off-by: Michal Konečný --- diff --git a/mbbox/deployment.md b/mbbox/deployment.md new file mode 100644 index 0000000..8c0d86c --- /dev/null +++ b/mbbox/deployment.md @@ -0,0 +1,63 @@ +# MBBox deployment guide + +## Description + +This guide will describe the deployment of [MBBox](https://github.com/fedora-infra/mbbox) operator in OpenShift 4 cluster and it's prerequisites. + +## Prerequisites + +### Persistent Volumes + +The MBBox needs several Persistent Volumes created in prior to deployment: + +* mbox-registry (Recommended: 100 Gi) - Used as image registry +* httpd (Recommended: 1Gi) - Used by koji-hub httpd server +* koji (Recommended: 50Gi) - Used for shared koji space +* postgres (Recommended: 5Gi) - Used by postgreSQL database + +### Postgres + +MBBox needs PostgreSQL database for various tasks. + +* Version: 10.4 +* Volumes: postgredb:/var/lib/postgresql + +### Secrets + +MBBox needs plenty of secrets to be created for the components. Following is the list of secrets. + +* ca-cert +Description: Certificate for Certification Authority +Key/value: cert/CA certificate +* koji-builder-client-cert +Description: Koji builder client certificate (must have the CN: koji builder host name) +Key/value: tls.pem/Combined certificate with key signed by CA +* koji-hub-service-cert +Description: Server certificate for koji-hub +Key/value: tls.crt/Koji server certificate signed by CA +Key/value: tls.key/Private key for the tls.crt +* koji-hub-admin-cert +Description: Certificate for koji admin user (must have the CN: koji admin username) +Key/value: client.pem/Combined certificate with key signed by CA +* koji-hub-web-client-cert +Description: Certificate for koji web client user (must have the CN: koji web client username) +Key/value: client.pem/Combined certificate with key signed by CA +* koji-hub-msg +Description: Koji hub messaging certificate for fedora messaging +Key/value: koji.ca/CA certificate for messaging +Key/value: koji.crt/Messaging certificate +Key/value: koji.key/Private key for messaging certificate +* kojira-client-cert +Description: Kojira client certificate to communicate with koji-hub (must have the CN: koji hub username for kojira) +Key/value: client.pem/Combined certificate with key signed by CA +* mbs-client-cert +Description: MBS backend client certificate to communicate with koji-hub (must have the CN: koji hub username for MBS) +Key/value: client.pem/Combined certificate with key signed by CA +* mbs-frontend-client-cert +Description: MBS frontend client certificate to communicate with koji-hub (must have the CN: koji hub hostname) +Key/value: client.pem/Combined certificate with key signed by CA +* mbs-frontend-client-cert +Description: MBS frontend server certificate +Key/value: tls.crt/MBS server certificate signed by CA +Key/value: tls.key/Private key for server certificate +