[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pulp-list] Fwd: Pulp on Kubernetes



Hello here.
Finally I managed to run Pulp in real baremetal Kubernetes based on Michal Hrivnak's work (https://github.com/mhrivnak/pulp-k8s) using CephFS shared storage. I tried to fetch and publish some RPM repositories and it works.
I can provide help and answers if you like and I'll know them.
Now I would like to make some changes for semi-production usage:
1) Switch from Fedora to Centos if it'll be possible
2) Change PKI to use our own infrastructure. And here I have a couple of questions:
Why are there TWO ROOT CA certificates generated (ca and auth-ca)? There is nothing signed with auth-ca, what is it's purpose?
And second question: I suppose there is NO NEED for ca key in NSS database for qpidd, provided I have the broker certificate properly signed. Is it true? Then I could generate all needed certificates using our CA infrastructure and import them together with ca cert into NSS db.

Thank you for the answer, regards,
Martin Horak

(Michael as an author of k8s solution advised me to ask in this maillist, that there are the best specialists) :-)



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]