kojira

This page documents the usage of kojira crd.

Description

Kojira is a stand-alone process which handles buildroot repos.

It is deployed in its own pod and shares a repo volume with other components such as koji-builder and koji-hub.

Dependencies

Kojira Custom Resource Definition (CRD)

Kojira depends on koji-hub. This component is deployed as part of the operator deployment.

Parameters

Name Default Value Type
image quay.io/fedora/kojira:latest string
replicas 1 int
configmap kojira-config string
hub_usermname kojira string
hub_host koji-hub:8443 string
src no string
max_repo_tasks 15 int
repo_tasks_limit 15 int
shared_pvc koji-hub-mnt-pvc string
cacert_secret koji-hub-ca-cert string
client_cert_secret kojira-client-cert string
admin_secret kojira-admin-cert string
mbox “” string

image

The full qualified image name to pull kojira from.

replicas

The amount of kojira’s replicas to deploy.

configmap

The configmap name to use when deploying kojira.

This configmap object contains configuration files that are mounted in kojira pod filesystem.

hub_username

User to use when authenticating with koji-hub.

hub_host

Koji-hub hostname (includes port) for hub connections.

src

Indicates if kojira should include srpms in repos.

Possible choices are “yes” or “no”.

max_repo_tasks

The maximum/limit of newRepo tasks.

repo_tasks_limit

The maximum/limit of overall tasks.

shared_pvc

Name of the shared PersistentVolumeClaim kojira will use.

cacert_secret

The root CA secret name to use.

If not provided it uses the one generated by koji-hub (self-signed).

client_cert_secret

The koji-hub client secret name to use or create.

It will skip its creation (self signed) if one is already present.

It needs to be created and signed using the root CA certificate and private key.

Secret format:

apiVersion: v1
kind: Secret
metadata:
  name: myservice
  namespace: default
  labels:
    app: koji-builder
type: kubernetes.io/tls
data:
  tls.crt: -|
    fillme
  tls.key: -|
    fillme
  tls.pem: -|
    This is a combination of tls.key and tls.crt separated by '\n' and encoded in base64
    Example: "{{ (lookup('file', 'client_key.pem') + '\n' + lookup('file', 'client_cert.pem')) | b64encode }}"

admin_secret

A koji admin secret certificate.

An admin level certificate is needed to add all required permissions to the kojira user.

mbox

A Mbox resource name to retrieve shared data from such as shared pvc name.

Koji-builder will use the following var if this property is missing:

  • shared_pvc (shared koji mnt volume)
  • cacert_secret (root ca secret)

Usage

Upstream file can be found here

Create a file containing the following content (modify as needed):

apiVersion: apps.fedoraproject.org/v1alpha1
kind: MBKojira
metadata:
  name: mb-kojira
  labels:
    app: mb-kojira
spec:
  replicas: 1
  image: quay.io/fedora/kojira:latest
  configmap: kojira-config
  hub_username: kojira
  hub_host: koji-hub:8443
  src: 'no'
  max_repo_tasks: 15
  repo_tasks_limit: 15
  cacert_secret: koji-hub-ca-cert
  client_cert_secret: kojira-client-cert
  shared_pvc: koji-hub-mnt-pvc

Run the following command to create a koji-builder resource:

kubectl apply -f kojira-cr.yaml

You can check its status by running:

kubectl get mbkojira/example -o yaml