Resource Requirements

Various resources required for deployment

The resource requirements pertain to the provisioning of resources for Kubernetes-based infrastructure required to house OpenG2P modules. See deployment architecture.

Virtual machines (VMs)

For development (internal)

PurposeConfigurationVMsNotes

2vCPU/4 GB RAM/32 GB storage

1

2 vCPU/8 GB RAM/128 GB storage

1

Used for persistence both Rancher and OpenG2P clusters. The actual size of storage will depend on usage.

4vCPU/16 GB RAM/128 GB storage

1

For high-availability 3 nodes are recommended

8 vCPU/32 GB RAM/128 GB storage

2

Start with 2 nodes and if required add another one

Nginx

2 vCPU/8 GB RAM/64 GB

1

OS for all nodes: Ubuntu 22.04 Server

To save costs, on AWS recommended EC2 instance type for cluster nodes is t3a.*

For production

PurposeConfigurationVMsNotes

2 vCPU/4 GB RAM/32 GB storage

1

One VM for Wireguard is sufficient for all the environments/setups in your network. This is used to facilitate VPN access to the pilot environments

4 vCPU/16 GB RAM/500 GB* storage

1

Used for persistence both Rancher and OpenG2P clusters. * The actual size of storage will depend on usage.

2 vCPU/8 GB RAM/128 GB storage

3

For high-availability 3 nodes are recommended. This cluster also holds organisation wide Keycloak.

8 vCPU/32 GB RAM/128 GB storage

3

Required for control-plane, master, etcd, work loads of Kubernetes cluster

Nginx

4 vCPU/16 GB RAM/64 GB storage

1

This VM is not required if using a Cloud Provider - the LB of Cloud Provider is recommended in that case

OS for all nodes: Ubuntu 22.04 Server

If provisioning VMs on cloud, try to assign nodes across subnets for higher resilience to failures

Networking

  • All the machines in the same network

  • Public IP assigned to the Wireguard machine

DNS

The following domain names and mappings will be required. The suggested domain name convention is as follows

<module>.<environment>.<organisation>.<tld>

Example:

  • spar.dev.openg2p.org

  • socialregistry.uat.openg2p.org

Domain mapping

Requirement DescriptionDomain Name (examples)Mapped to

Domain mapping to sandbox

  • dev.openg2p.net

  • uat.openg2p.net

  • staging.openg2p.org

"A" Record mapped to Load Balancer IP (For sandbox, where LB is not used, this can be mapped directly tonodes of the K8s cluster, at least 3 nodes).

Wild card mapping to modules

  • *.dev.openg2p.net

  • *.uat.openg2p.net

  • *.staging.openg2p.org

"CNAME" Record mapped to the domain of the above "A" record. (This is a wildcard DNS mapping)

The domain name mapping needs to be done on your domain service provider. For example on AWS this is configured on Route 53.

Certificates

One wildcard certificate is required at least, depending on the above domain names used. This can also be generated using Letsencrypt. See guide here.

Last updated

Logo

Copyright © 2024 OpenG2P. This work is licensed under Creative Commons Attribution International LicenseCC-BY-4.0 unless otherwise noted.