kojira¶
This page documents the usage of kojira crd.
Description¶
Kojira is a stand-alone process which handles buildroot repos.
It is deployed in its own pod and shares a repo volume with other components such as koji-builder and koji-hub.
Dependencies¶
Kojira Custom Resource Definition (CRD)
Kojira depends on koji-hub. This component is deployed as part of the operator deployment.
Parameters¶
Name | Default Value | Type |
---|---|---|
image | quay.io/fedora/kojira:latest | string |
replicas | 1 | int |
configmap | kojira-config | string |
hub_usermname | kojira | string |
hub_host | koji-hub:8443 | string |
src | no | string |
max_repo_tasks | 15 | int |
repo_tasks_limit | 15 | int |
shared_pvc | koji-hub-mnt-pvc | string |
cacert_secret | koji-hub-ca-cert | string |
client_cert_secret | kojira-client-cert | string |
admin_secret | kojira-admin-cert | string |
mbox | “” | string |
image¶
The full qualified image name to pull kojira from.
replicas¶
The amount of kojira’s replicas to deploy.
configmap¶
The configmap name to use when deploying kojira.
This configmap object contains configuration files that are mounted in kojira pod filesystem.
hub_username¶
User to use when authenticating with koji-hub.
hub_host¶
Koji-hub hostname (includes port) for hub connections.
max_repo_tasks¶
The maximum/limit of newRepo tasks.
repo_tasks_limit¶
The maximum/limit of overall tasks.
cacert_secret¶
The root CA secret name to use.
If not provided it uses the one generated by koji-hub (self-signed).
client_cert_secret¶
The koji-hub client secret name to use or create.
It will skip its creation (self signed) if one is already present.
It needs to be created and signed using the root CA certificate and private key.
Secret format:
apiVersion: v1
kind: Secret
metadata:
name: myservice
namespace: default
labels:
app: koji-builder
type: kubernetes.io/tls
data:
tls.crt: -|
fillme
tls.key: -|
fillme
tls.pem: -|
This is a combination of tls.key and tls.crt separated by '\n' and encoded in base64
Example: "{{ (lookup('file', 'client_key.pem') + '\n' + lookup('file', 'client_cert.pem')) | b64encode }}"
admin_secret¶
A koji admin secret certificate.
An admin level certificate is needed to add all required permissions to the kojira user.
mbox¶
A Mbox resource name to retrieve shared data from such as shared pvc name.
Koji-builder will use the following var if this property is missing:
- shared_pvc (shared koji mnt volume)
- cacert_secret (root ca secret)
Usage¶
Upstream file can be found here
Create a file containing the following content (modify as needed):
apiVersion: apps.fedoraproject.org/v1alpha1
kind: MBKojira
metadata:
name: mb-kojira
labels:
app: mb-kojira
spec:
replicas: 1
image: quay.io/fedora/kojira:latest
configmap: kojira-config
hub_username: kojira
hub_host: koji-hub:8443
src: 'no'
max_repo_tasks: 15
repo_tasks_limit: 15
cacert_secret: koji-hub-ca-cert
client_cert_secret: kojira-client-cert
shared_pvc: koji-hub-mnt-pvc
Run the following command to create a koji-builder resource:
kubectl apply -f kojira-cr.yaml
You can check its status by running:
kubectl get mbkojira/example -o yaml