Deployment
PBMS Deployment
Last updated
Was this helpful?
PBMS Deployment
Last updated
Was this helpful?
This document contains instructions for all the deployment of PBMS modules and their related components on the Kubernetes cluster using . All the components are installed in the same namespace. The methods used to achieve the deployment are:
Before you deploy, make sure the following are available:
including the domain name and certificates from Rancher and Keycloak.
PBMS's .
Nginx server configuration
A conf file is created under sites-enabled
on Nginx containing the above SSL certs. See .
Rancher must have a Namespace created under a Project.
permission to use the OpenG2P cluster's namespace.
Gateways are setup for the domain as given here .
Log in to Rancher admin console.
Select your cluster.
Under Apps -> Repositories click the Create to add a repository.
Provide Name as "openg2p" and target HTTPS Index URL as and click on Create.
Select the namespace in which you would like to install PBMS, from the namespace filter on the top-right.
To display prerelease versions of OpenG2P apps, click on your user avatar in the upper right corner of the Rancher dashboard. Then click on Include Prerelease Versions under Preferences below the Helm Charts.
Navigate to Apps->Charts page on Rancher. You can find the OpenG2P PBMS is listed in the dashboard.
You can ignore "Part 1" as it refers to an older version of the Helm chart, and proceed directly to "Part 2" for the updated Helm chart instructions.
Click on "Part 2" Helm chart, select the latest version to be installed, and click Install.
On the next screen, choose a name for installation, like pbms.
Check the option Customise Helm before the installation, and then click on Next.
Navigate to each app's configuration page, and configure the following:
Click on Next to navigate to Helm Options page. Disable wait
flag. Click on Install.
Watch for every pods to enter a Running state. This may take several minutes.
Install the following utilities on your machine.
kubectl
, istioctl
, helm
, jq
, curl
, wget
, git
, bash
, envsubst
.
TBD
Assigning roles to users
OpenSearch Dashboards for logging
admin
OpenSearch Dashboards for Reporting
admin
Apache Superset
Admin
Minio Console
consoleAdmin
Kafka UI for Reporting
Admin
Assigning roles to clients
Create a realm role in Keycloak with the name "KEYMANAGER_ADMIN" and assign it as a service account role to the PBMS Keycloak client in order for PBMS to be able to access Keymanager APIs.
Configure a hostname for each app in the following way. <appname>.<base-hostname>
, where base hostname is the wildcard hostname chosen during . Example: pbms.dev.openg2p.org
and odk-pbms.dev.openg2p.org
, etc. <appname>
is arbitrary - default names have been provided.
Your organization-wide Keycloak URL is Keycloak Base Url . (Refer to ).
OIDC Client details are asked. Create Keycloak client, refer to guide.
Create for the following components and assign them to users.
Refer the to activate Odoo modules.