# Deployment

The instructions here pertain to the deployment of all Social Registry and associated components on the Kubernetes cluster using [Helm charts](https://github.com/OpenG2P/openg2p-documentation/blob/1.3/social-registry/deployment/broken-reference/README.md). All the components are installed in the same namespace. The deployment may be achieved by the following methods:

* [Using Rancher UI](#installation-using-rancher-ui)
* [Using command line](#installation-using-the-command-line)

## Prerequisites

Before you deploy, make sure the following are available:

* [Base infrastructure](/1.3/deployment/base-infrastructure.md) along with domain name and certificates for Rancher and Keycloak
* [Domain names and certificates](/1.3/social-registry/deployment/domain-names-and-certificates.md) specific to Social Registry.
* Nginx server configuration
  * A conf file is created under `sites-enabled` on Nginx containing the above SSL certs. See [sample conf file](https://github.com/OpenG2P/openg2p-deployment/blob/main/kubernetes/nginx/server.sample.conf).
* Namespace is created (On Rancher a namespace is created under a Project).
* [Project Owner](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles#project-roles) permission on the namespace of OpenG2P cluster.
* Gateways are setup for the domain as given here [Istio namespace setup](/1.3/deployment/base-infrastructure/openg2p-cluster/cluster-setup/istio.md#namespace-setup).

## Installation using Rancher UI

1. Log in to Rancher admin console.
2. Select your cluster.
3. Under *Apps -> Repositories* click on *Create* to add a repository.
4. Provide *Name* as "openg2p" and target HTTPS *Index URL* as <https://openg2p.github.io/openg2p-helm/rancher> and click *Create*.
5. Select the namespace in which you would like to install Social Registry, from the namespace filter on the top-right.
6. To display prerelease versions of OpenG2P apps, click on your user avatar in the upper right corner of the Rancher dashboard. Then click on "Include Prerelease Versions" under *Preferences* under *Helm Charts*.
7. Navigate to *Apps->Charts* page on Rancher. You should see "OpenG2P Social Registry" Helm charts listed.

<div align="left"><figure><img src="/files/NWOYwHLSBRlCiCEaZbig" alt=""><figcaption></figcaption></figure></div>

7. Click on "Part 1" Helm chart, select the version to be installed, and click *Install*.
8. On the next screen, choose a name for installation, like `social-registry`. Select the checkbox *Customise Helm options before install*, and click *Next*.
9. Go through each app's configuration page, and configure the following:
   1. Configure a hostname for each app in the following way. `<appname>.<base-hostname>` , where base hostname is the wildcard hostname chosen during [Istio namespace setup](/1.3/deployment/base-infrastructure/openg2p-cluster/cluster-setup/istio.md#namespace-setup). Example: `socialregistry.dev.openg2p.org` and `odk-sr.dev.openg2p.org` , etc. `<appname>` is arbitrary - default names have been provided.
   2. *Keycloak Base Url* is your organization-wide Keycloak URL. (Refer to [Keycloak installation](/1.3/deployment/base-infrastructure/rancher.md#keycloak-installation)).
   3. Create a Keycloak client,
   4. OIDC Client details are asked. Refer to [Keycloak Client Creation](/1.3/deployment/deployment-guide/keycloak-client-creation.md) guide.
   5. To change the docker image from the default image, click on *Edit YAML* table and update the following section in Helm:

```yaml
image:
    pullPolicy: Always
    repository: openg2p/openg2p-social-registry-odoo-package
    tag: 17.0-develop-social-registry
```

10. To pull docker from a private repository on Docker Hub, follow guide [here](/1.3/deployment/deployment-guide/pulling-docker-from-private-repository-on-docker-hub.md).
11. Click *Next* to reach *Helm Options* page. Disable `wait` flag. Click on *Install*.
12. Navigate back to *Apps->Charts* page on Rancher. Choose "Part 2" Helm chart. Select the same version as for "Part 1", and click *Install*.
13. On the next screen, give the same installation name as for "Part 1" but with suffix `-p2` , like `social-registry-p2`. Select the same namespace as "Part 1". Select the checkbox *Customise Helm options before install*, and click *Next*.
14. Repeat steps 9 & 10.
15. Wait for all pods to get into *Running* state. This may take several minutes.

<div align="center"><figure><img src="/files/7sRPWy87YxVoOB5IhmNu" alt="" width="147"><figcaption></figcaption></figure></div>

## Installation using the command line

* Install the following utilities on your machine:
  * `kubectl`, `istioctl`, `helm`, `jq`, `curl`, `wget`, `git`, `bash`, `envsubst`.
* TBD

## Post Installation

### Keycloak

#### Assigning roles to users

Create[ Keycloak client roles](https://www.keycloak.org/docs/latest/server_admin/#con-client-roles_server_administration_guide) for the following components and assign them to users:

<table><thead><tr><th width="336">Component</th><th>Role name</th></tr></thead><tbody><tr><td>OpenSearch Dashboards for logging</td><td><code>admin</code></td></tr><tr><td>OpenSearch Dashboards for <a href="/pages/RcfZTdyMAt7fen9opjGH">Reporting</a></td><td><code>admin</code></td></tr><tr><td>Kafka UI for <a href="/pages/RcfZTdyMAt7fen9opjGH">Reporting</a></td><td><code>Admin</code></td></tr><tr><td>Apache Superset</td><td><code>Admin</code></td></tr><tr><td>Minio Console</td><td><code>consoleAdmin</code></td></tr></tbody></table>

#### Assigning roles to clients

* For Social Registry to be able to access Keymanager APIs, create a realm role in Keycloak with the name "KEYMANAGER\_ADMIN" and assign this as a service account role to the Social Registry Keycloak client.

### Odoo

* Follow with [Odoo post-install guide](/1.3/deployment/deployment-guide/odoo-post-install-configuration.md) to activate Odoo modules.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.openg2p.org/1.3/social-registry/deployment.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.