Finally I managed to run Pulp in real baremetal Kubernetes based on Michal Hrivnak's work (
https://github.com/mhrivnak/pulp-k8s) using CephFS shared storage. I tried to fetch and publish some RPM repositories and it works.
I can provide help and answers if you like and I'll know them.
Now I would like to make some changes for semi-production usage:
1) Switch from Fedora to Centos if it'll be possible
2) Change PKI to use our own infrastructure. And here I have a couple of questions:
Why are there TWO ROOT CA certificates generated (ca and auth-ca)? There is nothing signed with auth-ca, what is it's purpose?
And second question: I suppose there is NO NEED for ca key in NSS database for qpidd, provided I have the broker certificate properly signed. Is it true? Then I could generate all needed certificates using our CA infrastructure and import them together with ca cert into NSS db.