|
Michal Konečný |
1a4352 |
# MBBox deployment guide
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
## Description
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
This guide will describe the deployment of [MBBox](https://github.com/fedora-infra/mbbox) operator in OpenShift 4 cluster and it's prerequisites.
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
## Prerequisites
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
### Persistent Volumes
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
The MBBox needs several Persistent Volumes created in prior to deployment:
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
* mbox-registry (Recommended: 100 Gi) - Used as image registry
|
|
Michal Konečný |
1a4352 |
* httpd (Recommended: 1Gi) - Used by koji-hub httpd server
|
|
Michal Konečný |
1a4352 |
* koji (Recommended: 50Gi) - Used for shared koji space
|
|
Michal Konečný |
1a4352 |
* postgres (Recommended: 5Gi) - Used by postgreSQL database
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
### Postgres
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
MBBox needs PostgreSQL database for various tasks.
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
* Version: 10.4
|
|
Michal Konečný |
1a4352 |
* Volumes: postgredb:/var/lib/postgresql
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
### Secrets
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
MBBox needs plenty of secrets to be created for the components. Following is the list of secrets.
|
|
Michal Konečný |
1a4352 |
|
|
Michal Konečný |
1a4352 |
* ca-cert
|
|
Michal Konečný |
1a4352 |
Description: Certificate for Certification Authority
|
|
Michal Konečný |
1a4352 |
Key/value: cert/CA certificate
|
|
Michal Konečný |
1a4352 |
* koji-builder-client-cert
|
|
Michal Konečný |
1a4352 |
Description: Koji builder client certificate (must have the CN: koji builder host name)
|
|
Michal Konečný |
1a4352 |
Key/value: tls.pem/Combined certificate with key signed by CA
|
|
Michal Konečný |
1a4352 |
* koji-hub-service-cert
|
|
Michal Konečný |
1a4352 |
Description: Server certificate for koji-hub
|
|
Michal Konečný |
1a4352 |
Key/value: tls.crt/Koji server certificate signed by CA
|
|
Michal Konečný |
1a4352 |
Key/value: tls.key/Private key for the tls.crt
|
|
Michal Konečný |
1a4352 |
* koji-hub-admin-cert
|
|
Michal Konečný |
1a4352 |
Description: Certificate for koji admin user (must have the CN: koji admin username)
|
|
Michal Konečný |
1a4352 |
Key/value: client.pem/Combined certificate with key signed by CA
|
|
Michal Konečný |
1a4352 |
* koji-hub-web-client-cert
|
|
Michal Konečný |
1a4352 |
Description: Certificate for koji web client user (must have the CN: koji web client username)
|
|
Michal Konečný |
1a4352 |
Key/value: client.pem/Combined certificate with key signed by CA
|
|
Michal Konečný |
1a4352 |
* koji-hub-msg
|
|
Michal Konečný |
1a4352 |
Description: Koji hub messaging certificate for fedora messaging
|
|
Michal Konečný |
1a4352 |
Key/value: koji.ca/CA certificate for messaging
|
|
Michal Konečný |
1a4352 |
Key/value: koji.crt/Messaging certificate
|
|
Michal Konečný |
1a4352 |
Key/value: koji.key/Private key for messaging certificate
|
|
Michal Konečný |
1a4352 |
* kojira-client-cert
|
|
Michal Konečný |
1a4352 |
Description: Kojira client certificate to communicate with koji-hub (must have the CN: koji hub username for kojira)
|
|
Michal Konečný |
1a4352 |
Key/value: client.pem/Combined certificate with key signed by CA
|
|
Michal Konečný |
1a4352 |
* mbs-client-cert
|
|
Michal Konečný |
1a4352 |
Description: MBS backend client certificate to communicate with koji-hub (must have the CN: koji hub username for MBS)
|
|
Michal Konečný |
1a4352 |
Key/value: client.pem/Combined certificate with key signed by CA
|
|
Michal Konečný |
1a4352 |
* mbs-frontend-client-cert
|
|
Michal Konečný |
1a4352 |
Description: MBS frontend client certificate to communicate with koji-hub (must have the CN: koji hub hostname)
|
|
Michal Konečný |
1a4352 |
Key/value: client.pem/Combined certificate with key signed by CA
|
|
Michal Konečný |
1a4352 |
* mbs-frontend-client-cert
|
|
Michal Konečný |
1a4352 |
Description: MBS frontend server certificate
|
|
Michal Konečný |
1a4352 |
Key/value: tls.crt/MBS server certificate signed by CA
|
|
Michal Konečný |
1a4352 |
Key/value: tls.key/Private key for server certificate
|
|
Michal Konečný |
1a4352 |
|