search
CommunityLicense

Environment Installation

The instructions here pertain to the deployment of common components for an environment on the Kubernetes cluster. All the components are installed in the same namespace.

hashtag
Prerequisites

Before you deploy, make sure the following are in place:

  • Infrastruction setup is completed

  • ✅ Domain name esignet.<your environment>.<your domain name> (e.g. esignet.qa.openg2p.org) is available along with SSL certificate for the domain (the wild certificate should have already been loaded during Infrastructure setup)

  • Project Owner access on the OpenG2P namespace

hashtag
Installation using Rancher UI

  1. Log in to Rancher admin console.

  2. Select your cluster.

  3. Under Apps -> Repositories click on Create to add a repository.

  4. Provide Name as openg2p and target HTTPS Index URL as https://openg2p.github.io/openg2p-helm/rancherarrow-up-right and click Create.

  5. To display prerelease versions of OpenG2P apps, click on your user avatar in the upper right corner of the Rancher dashboard. Then click on Include Prerelease Versions under Preferences under Helm Charts.

  6. Select the namespace from the namespace filter on the top-right.

  7. Navigate to Apps->Charts page on Rancher. You should see OpenG2P commons Helm charts listed.

  8. Proceed to Install OpenG2P Commons chart select the latest version to be installed, and click Install.

  9. On the next screen, provie installation name as commons . Select the checkbox Customise Helm options before install, and click Next. Note: Make sure the installation name should be commons only.

  10. Go through each app's configuration page, and configure the following:

    1. Configure a hostname for each app in the following way. <appname>.<base-hostname> , where base hostname is the wildcard hostname chosen during Istio namespacearrow-up-right setup. Example: esignet.dev.openg2p.org and odk.dev.openg2p.org , etc. is arbitrary - default names have been provided.

    2. Keycloak Base Url is your organization-wide Keycloak URL. (Ex: keycloak..org)

    3. OIDC Client details are asked. Create Keycloak Client, refer to Keycloak Client Creation arrow-up-rightguide.

  11. Click Next to reach Helm Options page. Disable wait flag. Click on Install.

  12. Wait for all the pods to get into Running state. This may take several minutes.

hashtag
Installation using the command line

  • Install the following utilities on your machine:

    • kubectl, istioctl, helm, jq, curl, wget, git, bash, envsubst.

  • To Be Done

hashtag
Post Installation

hashtag
Keycloak

hashtag
Assigning roles to users

Create Keycloak client rolesarrow-up-right for the following components and assign them to users:

Component
Role name

OpenSearch Dashboards for logging

admin

OpenSearch Dashboards for Reporting

admin

Kafka UI for Reporting

Admin

Apache Superset

Admin

Minio Console

consoleAdmin

hashtag
Assigning roles to clients

  • For Social Registry to be able to access Keymanager APIs, create a realm role in Keycloak with the name "KEYMANAGER_ADMIN" and assign this as a service account role to the Social Registry Keycloak client.

hashtag
Modules

Install the modules and other utility apps individually using their respective instructions:

  1. Registry

  2. PBMSarrow-up-right

  3. SPARarrow-up-right

  4. G2P Bridgearrow-up-right

  5. Beneficiary Portal

PreviousInfrastructure SetupNextProduction Deployment Best Practices

Last updated

Was this helpful?