PR#2: Write down prerequisites for MBBox deployment - centos/stream-team-docs

centos / stream-team-docs

#2 Write down prerequisites for MBBox deployment

Merged 3 years ago by lrossett. Opened 3 years ago by zlopez.

centos/ zlopez/stream-team-docs mbbox into master

Write down prerequisites for MBBox deployment

Michal Konečný • 3 years ago

1a4352

mbbox/deployment.md

file added

+63

		`@@ -0,0 +1,63 @@`
		`+ # MBBox deployment guide`
		`+`
		`+ ## Description`
		`+`
		`+ This guide will describe the deployment of [MBBox](https://github.com/fedora-infra/mbbox) operator in OpenShift 4 cluster and it's prerequisites.`
		`+`
		`+ ## Prerequisites`
		`+`
		`+ ### Persistent Volumes`
		`+`
		`+ The MBBox needs several Persistent Volumes created in prior to deployment:`
		`+`
		`+ * mbox-registry (Recommended: 100 Gi) - Used as image registry`
		`+ * httpd (Recommended: 1Gi) - Used by koji-hub httpd server`
		`+ * koji (Recommended: 50Gi) - Used for shared koji space`
		`+ * postgres (Recommended: 5Gi) - Used by postgreSQL database`
		`+`
		`+ ### Postgres`
		`+`
		`+ MBBox needs PostgreSQL database for various tasks.`
		`+`
		`+ * Version: 10.4`
		`+ * Volumes: postgredb:/var/lib/postgresql`
		`+`
		`+ ### Secrets`
		`+`
		`+ MBBox needs plenty of secrets to be created for the components. Following is the list of secrets.`
		`+`
		`+ * ca-cert`
		`+ Description: Certificate for Certification Authority`
		`+ Key/value: cert/CA certificate`
		`+ * koji-builder-client-cert`
		`+ Description: Koji builder client certificate (must have the CN: koji builder host name)`
		`+ Key/value: tls.pem/Combined certificate with key signed by CA`
		`+ * koji-hub-service-cert`
		`+ Description: Server certificate for koji-hub`
		`+ Key/value: tls.crt/Koji server certificate signed by CA`
		`+ Key/value: tls.key/Private key for the tls.crt`
		`+ * koji-hub-admin-cert`
		`+ Description: Certificate for koji admin user (must have the CN: koji admin username)`
		`+ Key/value: client.pem/Combined certificate with key signed by CA`
		`+ * koji-hub-web-client-cert`
		`+ Description: Certificate for koji web client user (must have the CN: koji web client username)`
		`+ Key/value: client.pem/Combined certificate with key signed by CA`
		`+ * koji-hub-msg`
		`+ Description: Koji hub messaging certificate for fedora messaging`
		`+ Key/value: koji.ca/CA certificate for messaging`
		`+ Key/value: koji.crt/Messaging certificate`
		`+ Key/value: koji.key/Private key for messaging certificate`
		`+ * kojira-client-cert`
		`+ Description: Kojira client certificate to communicate with koji-hub (must have the CN: koji hub username for kojira)`
		`+ Key/value: client.pem/Combined certificate with key signed by CA`
		`+ * mbs-client-cert`
		`+ Description: MBS backend client certificate to communicate with koji-hub (must have the CN: koji hub username for MBS)`
		`+ Key/value: client.pem/Combined certificate with key signed by CA`
		`+ * mbs-frontend-client-cert`
		`+ Description: MBS frontend client certificate to communicate with koji-hub (must have the CN: koji hub hostname)`
		`+ Key/value: client.pem/Combined certificate with key signed by CA`
		`+ * mbs-frontend-client-cert`
		`+ Description: MBS frontend server certificate`
		`+ Key/value: tls.crt/MBS server certificate signed by CA`
		`+ Key/value: tls.key/Private key for server certificate`
		`+`