# Deployment

The instructions here pertain to the deployment of all Social Registry and associated components on the Kubernetes cluster using [Helm charts](https://github.com/OpenG2P/openg2p-documentation/blob/1.3/social-registry/deployment/broken-reference/README.md). All the components are installed in the same namespace. The deployment may be achieved by the following methods:

* [Using Rancher UI](#installation-using-rancher-ui)
* [Using command line](#installation-using-the-command-line)

## Prerequisites

Before you deploy, make sure the following are available:

* [Base infrastructure](https://docs.openg2p.org/1.3/deployment/base-infrastructure) along with domain name and certificates for Rancher and Keycloak
* [Domain names and certificates](https://docs.openg2p.org/1.3/social-registry/deployment/domain-names-and-certificates) specific to Social Registry.
* Nginx server configuration
  * A conf file is created under `sites-enabled` on Nginx containing the above SSL certs. See [sample conf file](https://github.com/OpenG2P/openg2p-deployment/blob/main/kubernetes/nginx/server.sample.conf).
* Namespace is created (On Rancher a namespace is created under a Project).
* [Project Owner](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles#project-roles) permission on the namespace of OpenG2P cluster.
* Gateways are setup for the domain as given here [Istio namespace setup](https://docs.openg2p.org/1.3/deployment/base-infrastructure/openg2p-cluster/cluster-setup/istio#namespace-setup).

## Installation using Rancher UI

1. Log in to Rancher admin console.
2. Select your cluster.
3. Under *Apps -> Repositories* click on *Create* to add a repository.
4. Provide *Name* as "openg2p" and target HTTPS *Index URL* as <https://openg2p.github.io/openg2p-helm/rancher> and click *Create*.
5. Select the namespace in which you would like to install Social Registry, from the namespace filter on the top-right.
6. To display prerelease versions of OpenG2P apps, click on your user avatar in the upper right corner of the Rancher dashboard. Then click on "Include Prerelease Versions" under *Preferences* under *Helm Charts*.
7. Navigate to *Apps->Charts* page on Rancher. You should see "OpenG2P Social Registry" Helm charts listed.

<div align="left"><figure><img src="https://1895884874-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnKdOHLbjDdIln1QDNwSx%2Fuploads%2Fgit-blob-c149ef77bf0e239a148cf3a98572f706d603f164%2Fsocial-registry-deployment-rancher-list.png?alt=media" alt=""><figcaption></figcaption></figure></div>

7. Click on "Part 1" Helm chart, select the version to be installed, and click *Install*.
8. On the next screen, choose a name for installation, like `social-registry`. Select the checkbox *Customise Helm options before install*, and click *Next*.
9. Go through each app's configuration page, and configure the following:
   1. Configure a hostname for each app in the following way. `<appname>.<base-hostname>` , where base hostname is the wildcard hostname chosen during [Istio namespace setup](https://docs.openg2p.org/1.3/deployment/base-infrastructure/openg2p-cluster/cluster-setup/istio#namespace-setup). Example: `socialregistry.dev.openg2p.org` and `odk-sr.dev.openg2p.org` , etc. `<appname>` is arbitrary - default names have been provided.
   2. *Keycloak Base Url* is your organization-wide Keycloak URL. (Refer to [Keycloak installation](https://docs.openg2p.org/1.3/deployment/base-infrastructure/rancher#keycloak-installation)).
   3. Create a Keycloak client,
   4. OIDC Client details are asked. Refer to [Keycloak Client Creation](https://docs.openg2p.org/1.3/deployment/deployment-guide/keycloak-client-creation) guide.
   5. To change the docker image from the default image, click on *Edit YAML* table and update the following section in Helm:

```yaml
image:
    pullPolicy: Always
    repository: openg2p/openg2p-social-registry-odoo-package
    tag: 17.0-develop-social-registry
```

10. To pull docker from a private repository on Docker Hub, follow guide [here](https://docs.openg2p.org/1.3/deployment/deployment-guide/pulling-docker-from-private-repository-on-docker-hub).
11. Click *Next* to reach *Helm Options* page. Disable `wait` flag. Click on *Install*.
12. Navigate back to *Apps->Charts* page on Rancher. Choose "Part 2" Helm chart. Select the same version as for "Part 1", and click *Install*.
13. On the next screen, give the same installation name as for "Part 1" but with suffix `-p2` , like `social-registry-p2`. Select the same namespace as "Part 1". Select the checkbox *Customise Helm options before install*, and click *Next*.
14. Repeat steps 9 & 10.
15. Wait for all pods to get into *Running* state. This may take several minutes.

<div align="center"><figure><img src="https://1895884874-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnKdOHLbjDdIln1QDNwSx%2Fuploads%2Fgit-blob-d8b97ca7f54720827d08f21e52f74524addfa645%2Fpod-running.png?alt=media" alt="" width="147"><figcaption></figcaption></figure></div>

## Installation using the command line

* Install the following utilities on your machine:
  * `kubectl`, `istioctl`, `helm`, `jq`, `curl`, `wget`, `git`, `bash`, `envsubst`.
* TBD

## Post Installation

### Keycloak

#### Assigning roles to users

Create[ Keycloak client roles](https://www.keycloak.org/docs/latest/server_admin/#con-client-roles_server_administration_guide) for the following components and assign them to users:

<table><thead><tr><th width="336">Component</th><th>Role name</th></tr></thead><tbody><tr><td>OpenSearch Dashboards for logging</td><td><code>admin</code></td></tr><tr><td>OpenSearch Dashboards for <a href="../monitoring-and-reporting/reporting-framework">Reporting</a></td><td><code>admin</code></td></tr><tr><td>Kafka UI for <a href="../monitoring-and-reporting/reporting-framework">Reporting</a></td><td><code>Admin</code></td></tr><tr><td>Apache Superset</td><td><code>Admin</code></td></tr><tr><td>Minio Console</td><td><code>consoleAdmin</code></td></tr></tbody></table>

#### Assigning roles to clients

* For Social Registry to be able to access Keymanager APIs, create a realm role in Keycloak with the name "KEYMANAGER\_ADMIN" and assign this as a service account role to the Social Registry Keycloak client.

### Odoo

* Follow with [Odoo post-install guide](https://docs.openg2p.org/1.3/deployment/deployment-guide/odoo-post-install-configuration) to activate Odoo modules.