CommunityLicense

Deployment

OpenG2P’s V4 deployment architecture offers a production-grade, Kubernetes-based platform designed to deliver secure, scalable, and reliable deployments of OpenG2P modules. Built on a robust Kubernetes orchestration framework, it supports multiple isolated environments—such as Development, QA, and Demo sandboxes—within a single organisational setup, enabling seamless management across the entire software lifecycle.

This infrastructure ensures secure access for internal development teams and has been rigorously tested, earning an A+ rating in third-party penetration testing, underscoring its strong security posture. By leveraging the same V4 base for both development and production, it facilitates an easy and efficient transition from development to production environments, significantly reducing complexity and risks.

For System Integrators, the V4 Deployment Infra represents a substantial time and resource saver by eliminating the need to build production-grade deployment setups from scratch. This turnkey solution accelerates implementation while maintaining enterprise-level security and operational excellence, making it the ideal foundation for organisations aiming to deploy OpenG2P at scale with confidence.

The V4 deployment is offered as a set of instructions, scripts, Helm charts, utilities and guidelines.

* This deployment architecture is referred to as "V4" by the OpenG2P team due to the way it has evolved over the past few years. The V4 deployment architecture is an evolution of MOSIP's V3 architecture. Unlike V3, where separate clusters are created for environments, in V4, all sandboxes and environments reside in the same cluster with finer access controls

V4 deployment architecture

Deployment Architecture

The V4 architecture consists of two clusters - one for Rancher (it requires its own dedicated Kubernetes cluster. Learn more >>) and one for all OpenG2P modules and supporting components. All sandboxes and environments reside in the OpenG2P cluster under separate namespaces. The RBAC of Kubernetes is used to provide users access to namespaces. Further, the secure access to applications can be controlled by the following means:

  1. Multiple Wireguard servers enable separate access channels.

  2. Access control at the application level, where login to dashboards and portals is controlled via authentication and authorisation defined in Keycloak.

The Keycloak inside the Rancher cluster provides organisation-wide authorisation and offers single sign-on for all resources.

Deployment modes

Depending on the resource availability and purpose, we offer different modes (or configurations) of deployment as follows:

Deployment Mode
Resource requirement

In-a-box

Single machine deployment. Good to start off with OpenG2P while still installing the entire V4 infrastructure packed in a box. You may use such a deployment for learning how to deploy and for trying out OpenG2P. However, this is not recommended for production.

Development

This is typically a multi-node deployment for your organization, hosting multiple sandboxes such as Dev, QA, and Demo on the same infrastructure to optimize resource utilization. It provides high security and full access control for internal development and testing. Components like Postgres and MinIO are installed as Docker containers here, whereas in production they are usually deployed on separate machines. This deployment facilitates a smooth transition to production.

Production

Extension of the Development mode. It consists of multi-node deployment for fail-safe operation and high availability for your services. Certain features related to scalability, manageability, and access control have been strengthened to support production deployments. This infrastructure also allows you to host multiple environments, such as Production and Staging/UAT, within the same infrastructure. Critical components like Postgres, Minio and installed on separate machines for better manageability, scale and access control.

If you would like to start off with OpenG2P and have limited hardware resources, you may deploy "OpenG2P in a box" that installs all essential components required to run OpenG2P modules. However, we recommend installing V4 deployment infrastructure in your organisation that offers several benefits:

  • Ability to scale up by adding machines when multiple sandboxes are required, or load on the system is high.

  • Single infrastructure to hold several sandboxes like dev, qa, staging and even production.

  • High security and access control.

  • High availability of services.

  • Seamless transition to production rollout (same infrastructure may be used with few additions. Refer to production guide).

The above is a recommended architecture that also optimises resource usage.

For deployment, set up the following in the sequence given below:

  • Base infrastructure

  • OpenG2P specific modules (instructions available in module-specific deployment pages)

Concepts

Concepts

Before proceeding with deployment, read up on the following topics to better understand each infrastructure component required for a successful setup:

  1. 🔒 Firewall Rules

  2. 📦 Kubernetes Cluster

  3. 🔐 WireGuard Bastion

  4. 📁 NFS Server

  5. 🔗 Kubernetes NFS CSI Driver

  6. 🧩 Istio Service Mesh

  7. 🔐 SSL Certificates

  8. 🧑‍💻 Rancher

  9. 🧾 Keycloak

  10. 📊 Prometheus Monitoring

  11. 📝 Logging and Fluentd

PreviousInteroperabilityNextBase Infrastructure

Last updated

Was this helpful?