Missing configuration in OTC cluster

[tangobravo62]

The following problems still have to be solved on the OTC test cluster:

• [x] Image pulling does not work (certificate for proseo-registry.eoc.dlr.de cannot be validated) Solved: Secret proseo-regcred was created from an empty Docker config file (Docker Desktop stores the authentication data elsewhere, not in $HOME/.docker/config); executing the procedure on a host with a regular Docker installation worked
• [x] Access to Kubernetes with kubectl does not work, error message is: error: You must be logged in to the server (error when creating "nfs-server.yaml": the server has asked for the client to provide credentials (post services)) --> Solved: Configure the Nginx username and password in the KUBECONFIG file (and in the ProcessingFacility database entry); this is because Nginx does not redirect to the K8S API Server, but to a kubectl proxy running locally on the bastion host.
• [x] Kubernetes is only configured for certificate authentication, but the Production Planner expects Basic Authentication. TBD: Change Planner or change K8S deployment? --> Solved: Access to the Kubernetes API is via kubectl proxy on the bastion host (see above) --> Implement connection from Planner to K8S using username/password from database configuration of processing facility.
• [x] Provision of initial disk for file server (file system cache) does not work (tried "GCE" from NFS example (https://github.com/kubernetes/examples/blob/master/staging/volumes/nfs/provisioner/nfs-server-gce-pv.yaml), which works fine in Docker Desktop; workaround is to use HostPath) --> Solved by creating an NFS server on the bastion host, which is not controlled by Kubernetes
• [x] Every (worker) node has 2 x 400 GB attached (400 GB Docker -> OK, 400 GB "cache" -> local working disk space? TBC) --> OK, "cache" can be used as working disk space