# Deployment This document contains instructions for all the deployment of PBMS modules and their related components on the Kubernetes cluster using [Helm charts](https://docs.openg2p.org/pbms/deployment/helm-charts). All the components are installed in the same namespace. The methods used to achieve the deployment are: * [Using Rancher UI](#installation-using-rancher-ui) * [Using command line](#installation-using-the-command-line) ## Prerequisites Before you deploy, make sure the following are available: * [Base infrastructure](https://docs.openg2p.org/deployment/base-infrastructure) including the domain name and certificates from Rancher and Keycloak. * PBMS's [Domain names and certificates](https://docs.openg2p.org/pbms/deployment/domain-names-and-certificates). * Nginx server configuration * A conf file is created under `sites-enabled` on Nginx containing the above SSL certs. See [sample conf file](https://github.com/OpenG2P/openg2p-deployment/blob/main/kubernetes/nginx/server.sample.conf). * Rancher must have a Namespace created under a Project. * [Project Owner](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles#project-roles) permission to use the OpenG2P cluster's namespace. * Gateways are setup for the domain as given here [Istio namespace setup](https://docs.openg2p.org/deployment/base-infrastructure/openg2p-cluster/cluster-setup/istio#namespace-setup). ## Installation using Rancher UI 1. Log in to Rancher admin console. 2. Select your cluster. 3. Under ***Apps -> Repositories*** click the ***Create*** to add a repository. 4. Provide ***Name*** as "openg2p" and target HTTPS ***Index URL*** as and click on ***Create***. 5. Select the namespace in which you would like to install PBMS, from the namespace filter on the top-right. 6. To display prerelease versions of OpenG2P apps, click on your user avatar in the upper right corner of the Rancher dashboard. Then click on ***Include Prerelease Versions*** under ***Preferences*** below the ***Helm Charts***. 7. Navigate to **Apps->Charts** page on Rancher. You can find the ***OpenG2P PBMS*** is listed in the dashboard.
7. Click the ***Part 1*** Helm chart, select the version you want to install, and click on ***Install***. 8. On the next screen, choose a name for installation, like `pbms.` Check the option ***Customise Helm*** before the installation, and then click on ***Next***. 9. Navigate to each app's configuration page, and configure the following: 1. Configure a hostname for each app in the following way. `.` , where base hostname is the wildcard hostname chosen during [Istio namespace setup](https://docs.openg2p.org/deployment/base-infrastructure/openg2p-cluster/cluster-setup/istio#namespace-setup). Example: `pbms.dev.openg2p.org` and `odk-pbms.dev.openg2p.org` , etc. `` is arbitrary - default names have been provided. 2. Your organization-wide Keycloak URL is *Keycloak Base Url* . (Refer to [Keycloak installation](https://docs.openg2p.org/deployment/base-infrastructure/rancher#keycloak-installation)). 3. Create a Keycloak client. 4. Provide the OIDC Client details. Refer to [Keycloak Client Creation](https://docs.openg2p.org/deployment/deployment-guide/keycloak-client-creation) guide. 5. Click on ***Next*** to navigate to ***Helm Options*** page. Disable `wait` flag. Click on ***Install***. 6. Navigate back to ***Apps->Charts*** page on Rancher. Choose ***Part 2*** Helm chart. Select the same version as for ***Part 1***, and click on ***Install***. 7. On the next screen, give the same installation name as for ***Part 1*** but with suffix `-p2` , like `pbms-p2`. Select the same namespace as ***Part 1***. Check the option ***Customise Helm*** before the installation, and click on ***Next***. 8. Follow the step 9 for other application installation. 9. Watch for every pods to enter a ***Running*** state. This may take several minutes. ## Installation using the command line * Install the following utilities on your machine. * `kubectl`, `istioctl`, `helm`, `jq`, `curl`, `wget`, `git`, `bash`, `envsubst`. * TBD ## Post installation ### Keycloak **Assigning roles to users** Create[ Keycloak client roles](https://www.keycloak.org/docs/latest/server_admin/#con-client-roles_server_administration_guide) for the following components and assign them to users. | Component | Role name | | ----------------------------------- | -------------- | | OpenSearch Dashboards for logging | `admin` | | OpenSearch Dashboards for Reporting | `admin` | | Apache Superset | `Admin` | | Minio Console | `consoleAdmin` | | Kafka UI for Reporting | `Admin` | **Assigning roles to clients** * Create a realm role in Keycloak with the name "KEYMANAGER\_ADMIN" and assign it as a service account role to the PBMS Keycloak client in order for PBMS to be able to access Keymanager APIs. #### Odoo * Refer the [Odoo post-install guide](https://docs.openg2p.org/deployment/deployment-guide/odoo-post-install-configuration) to activate Odoo modules. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.openg2p.org/1.3/pbms/deployment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.