Skip to content

pulp3

Metadata

Field Value
Service pulp3
Purpose Content distribution platform for Debian and RPM repositories
Criticality Tier 1
Owner Platform / Content supply owner
Clusters homelab, ozirepo
Namespace pulp3
Exposure internet
Stateful yes
Backup class app-native
RPO / RTO Daily backup target, 4 to 8 hours to restore
Last reviewed 2026-05-20

1. Service Overview

Pulp 3 provides repository mirroring, publication, and distribution workflows for Debian and RPM content with internal signing integration.

Summary

If Pulp 3 fails, mirrored repositories and package publication workflows stop until operator, storage, and service state are restored.

Dependencies

Dependency Type Why it matters
Pulp Operator control plane Creates and manages the Pulp custom resource
Traefik ingress Exposes the Pulp web and content endpoints
PostgreSQL and Redis state Support Pulp application runtime

2. Architecture Diagram

[Mirror sync scripts]
  -> [Pulp API / content]
  -> [PostgreSQL / Redis / PVC-backed storage]
  -> [Traefik]
  -> [Repository consumers]

3. Deployment Specifications

Item Value
Source path pulp3/base, pulp3/operator, and pulp3/overlays/*
Deployment model Operator bootstrap plus Kustomize overlays
Namespace pulp3
Workload kind Operator Deployment plus Pulp custom resource
Chart or image version Pulp Operator 2.0.0, application image tags from the Pulp CR
Config files base/kustomization.yaml, operator/kustomization.yaml, overlays/homelab, overlays/ozirepo, fleet.yaml

Cluster mapping

Cluster Overlay path Notes
homelab pulp3/overlays/homelab Current homelab deployment
ozirepo pulp3/overlays/ozirepo Alternate externally exposed deployment

4. Configuration Guide

Environment variables

Variable Source Purpose Secret?
Pulp settings and signing inputs overlay secrets, Pulp settings files, and CR values API behavior, signing, and external URL settings mixed

ConfigMaps

Resource Path Purpose
Pulp settings resources pulp3/base and overlay-specific settings Control application runtime and external URLs

Secrets management

  • Secret names: admin password, signing passphrases, and overlay-specific credentials in the pulp3 namespace
  • Source of truth: local secret input files and generated manifests
  • Rotation trigger: signing key changes, admin credential rotation, or migration work
  • Recovery note: restore signing passphrases and admin credentials before reconciling the overlay

5. Access Protocols

Path URL or endpoint Audience Auth TLS terminates at
Internal Pulp web and API services in the pulp3 namespace Cluster workloads and operators Pulp auth Traefik / service
External Overlay-specific Pulp hostnames exposed through Traefik Repository consumers and operators Pulp auth and signing trust Traefik

6. Operations and Observability

  • Primary health indicators: Pulp CR healthy, operator healthy, content and API pods Ready, and ingress responsive.
  • Dashboards or alerts: shared cluster monitoring plus app-level health checks.
  • Log locations: operator logs and Pulp workload logs in the pulp3 namespace.
  • Known failure modes: operator reconciliation issues, bad secrets, failed content sync, or storage problems.

7. Backup and Recovery Notes

  • Backup method: application backup, database backup, and snapshot of content storage.
  • Restore prerequisites: restored operator, signing secrets, and persistent content state.
  • Related runbook: ../runbooks/pulp3.md

8. Release and Change Notes

  • Current deployed app version: see the Pulp CR and operator overlay.
  • Current chart version: N/A.
  • Last significant change: README and service coverage updated for the embedded operator layout and current overlays.
  • Rollback reference: previous operator or overlay revision in Git.