The following problems still have to be solved on the OTC test cluster:
[x] Image pulling does not work (certificate for proseo-registry.eoc.dlr.de cannot be validated)
Solved: Secret proseo-regcred was created from an empty Docker config file (Docker Desktop stores the authentication data elsewhere, not in $HOME/.docker/config); executing the procedure on a host with a regular Docker installation worked
[x] Access to Kubernetes with kubectl does not work, error message is:
error: You must be logged in to the server (error when creating "nfs-server.yaml": the server has asked for the client to provide credentials (post services))
--> Solved: Configure the Nginx username and password in the KUBECONFIG file (and in the ProcessingFacility database entry); this is because Nginx does not redirect to the K8S API Server, but to a kubectl proxy running locally on the bastion host.
[x] Kubernetes is only configured for certificate authentication, but the Production Planner expects Basic Authentication. TBD: Change Planner or change K8S deployment?
--> Solved: Access to the Kubernetes API is via kubectl proxy on the bastion host (see above)
--> Implement connection from Planner to K8S using username/password from database configuration of processing facility.
[x] Every (worker) node has 2 x 400 GB attached (400 GB Docker -> OK, 400 GB "cache" -> local working disk space? TBC)
--> OK, "cache" can be used as working disk space
The following problems still have to be solved on the OTC test cluster:
proseo-regcred
was created from an empty Docker config file (Docker Desktop stores the authentication data elsewhere, not in $HOME/.docker/config); executing the procedure on a host with a regular Docker installation workederror: You must be logged in to the server (error when creating "nfs-server.yaml": the server has asked for the client to provide credentials (post services))
--> Solved: Configure the Nginx username and password in the KUBECONFIG file (and in the ProcessingFacility database entry); this is because Nginx does not redirect to the K8S API Server, but to akubectl proxy
running locally on the bastion host.kubectl proxy
on the bastion host (see above) --> Implement connection from Planner to K8S using username/password from database configuration of processing facility.