README.md

MBBox deployment guide

Description

This guide will describe the deployment of MBBox operator in OpenShift 4 cluster and it's prerequisites.

Prerequisites

Persistent Volumes

The MBBox needs several Persistent Volumes created in prior to deployment:

  • mbox-registry (Recommended: 100 Gi) - Used as image registry
  • httpd (Recommended: 1Gi) - Used by koji-hub httpd server
  • koji (Recommended: 50Gi) - Used for shared koji space
  • postgres (Recommended: 5Gi) - Used by postgreSQL database

Postgres

MBBox needs PostgreSQL database for various tasks.

  • Version: 10.4
  • Volumes: postgredb:/var/lib/postgresql

Secrets

MBBox needs plenty of secrets to be created for the components. Following is the list of secrets.

  • ca-cert
    Description: Certificate for Certification Authority
    Key/value: cert/CA certificate
  • koji-builder-client-cert
    Description: Koji builder client certificate (must have the CN: koji builder host name)
    Key/value: tls.pem/Combined certificate with key signed by CA
  • koji-hub-service-cert
    Description: Server certificate for koji-hub
    Key/value: tls.crt/Koji server certificate signed by CA
    Key/value: tls.key/Private key for the tls.crt
  • koji-hub-admin-cert
    Description: Certificate for koji admin user (must have the CN: koji admin username)
    Key/value: client.pem/Combined certificate with key signed by CA
  • koji-hub-web-client-cert
    Description: Certificate for koji web client user (must have the CN: koji web client username)
    Key/value: client.pem/Combined certificate with key signed by CA
  • koji-hub-msg
    Description: Koji hub messaging certificate for fedora messaging
    Key/value: koji.ca/CA certificate for messaging
    Key/value: koji.crt/Messaging certificate
    Key/value: koji.key/Private key for messaging certificate
  • kojira-client-cert
    Description: Kojira client certificate to communicate with koji-hub (must have the CN: koji hub username for kojira)
    Key/value: client.pem/Combined certificate with key signed by CA
  • mbs-client-cert
    Description: MBS backend client certificate to communicate with koji-hub (must have the CN: koji hub username for MBS)
    Key/value: client.pem/Combined certificate with key signed by CA
  • mbs-frontend-client-cert
    Description: MBS frontend client certificate to communicate with koji-hub (must have the CN: koji hub hostname)
    Key/value: client.pem/Combined certificate with key signed by CA
  • mbs-frontend-client-cert
    Description: MBS frontend server certificate
    Key/value: tls.crt/MBS server certificate signed by CA
    Key/value: tls.key/Private key for server certificate