V4 Deployment Architecture

The V4 architecture consists of a Rancher (it requires its own dedicated Kubernetes cluster. Learn more >>) and one (or more clusters) for all application modules and supporting components. Rancher is capable of managing several clusters if required. However, in our case it suffices to have one "OpenG2P cluster" which hosts all environments (sandboxes) under separate namespaces. The RBAC of Kubernetes is used to provide users access to namespaces. Further, the secure access to applications can be controlled by the following means:

Multiple Wireguard servers enable separate access channels.
Access control at the application level, where login to dashboards and portals is controlled via authentication and authorisation defined in Keycloak.

The Keycloak inside the Rancher cluster provides organisation-wide authorisation and offers single sign-on for all resources.

This deployment architecture is referred to as "V4" by the OpenG2P team due to the way it has evolved over the past few years. The V4 deployment architecture is an evolution of MOSIP's V3 architecture. Unlike V3, where separate clusters are created for environments, in V4, all sandboxes and environments reside in the same cluster with finer access controls

PreviousEnvironment Deployment Next_Archive

Last updated 22 hours ago

Was this helpful?