Deployment

PBMS Deployment

This document contains instructions for all the deployment of PBMS modules and their related components on the Kubernetes cluster using Helm charts. All the components are installed in the same namespace. The methods used to achieve the deployment are:

Prerequisites

Before you deploy, make sure the following are available:

Base infrastructure including the domain name and certificates from Rancher and Keycloak.
PBMS's Domain names and certificates.
Nginx server configuration
- A conf file is created under sites-enabled on Nginx containing the above SSL certs. See sample conf file.
Rancher must have a Namespace created under a Project.
Project Owner permission to use the OpenG2P cluster's namespace.
Gateways are setup for the domain as given here Istio namespace setup.

Installation using Rancher UI

Log in to Rancher admin console.
Select your cluster.
Under Apps -> Repositories click the Create to add a repository.
Provide Name as openg2p and target HTTPS Index URL as https://openg2p.github.io/openg2p-helm/rancher and click Create.
To display prerelease versions of OpenG2P apps, click on your user avatar in the upper right corner of the Rancher dashboard. Then click on Include Prerelease Versions under Preferences under Helm Charts.
Select the namespace in which you would like to install PBMS, from the namespace filter on the top-right.
Navigate to Apps->Charts page on Rancher. You should see OpenG2P PBMS Helm charts listed.
Note: You can ignore "Part 2" as it refers to an older version of the Helm chart.
Proceed to Install OpenG2P PBMS chart select the latest version to be installed, and click Install.
On the next screen, choose a name for installation, like pbms. Select the checkbox Customise Helm options before install, and click Next.
Navigate to each app's configuration page, and configure the following:
1. Configure a hostname for each app in the following way. <appname>.<base-hostname> , where base hostname is the wildcard hostname chosen during Istio namespace setup. Example: pbms.dev.openg2p.org and odk-pbms.dev.openg2p.org , etc. <appname> is arbitrary - default names have been provided.
2. Keycloak Base Url is your organization-wide Keycloak URL. (Ex: keycloak.<your domain>.org)
3. OIDC Client details are asked. Create Keycloak Client, refer to Keycloak Client Creation guide.
Click on Next to navigate to Helm Options page. Disable wait flag. Click on Install.
Watch for every pods to enter a Running state. This may take several minutes.

Installation using the command line

Install the following utilities on your machine.
- kubectl, istioctl, helm, jq, curl, wget, git, bash, envsubst.
To Be Done

Post installation

Keycloak

Assigning roles to users

Create Keycloak client roles for the following components and assign them to users.

Component

Role name

OpenSearch Dashboards for logging

admin

OpenSearch Dashboards for Reporting

admin

Apache Superset

Admin

Minio Console

consoleAdmin

Kafka UI for Reporting

Admin

Assigning roles to clients

Create a realm role in Keycloak with the name "KEYMANAGER_ADMIN" and assign it as a service account role to the PBMS Keycloak client in order for PBMS to be able to access Keymanager APIs.

Odoo

Refer the Odoo post-install guide to activate Odoo modules.

PreviousTechnology Stack Nexti18n

Last updated 5 days ago

Was this helpful?