Deployment

The instructions here pertain to the deployment of all Social Registry and associated components on the Kubernetes cluster using Helm charts. All the components are installed in the same namespace. The deployment may be achieved by the following methods:

• Using Rancher UI

• Using command line

Prerequisites

Before you deploy, make sure the following are available:

• Base infrastructure along with domain name and certificates for Rancher and Keycloak

• Domain names and certificates specific to Social Registry.

• Nginx server configuration

  • A conf file is created under sites-enabled on Nginx containing the above SSL certs. See sample conf file.

• Namespace is created (On Rancher a namespace is created under a Project).

• Project Owner permission on the namespace of OpenG2P cluster.

• Gateways are setup for the domain as given here Istio namespace setup.

Installation using Rancher UI

1. Log in to Rancher admin console.

2. Select your cluster.

3. Under Apps -> Repositories click on Create to add a repository.

4. Provide Name as "openg2p" and target HTTPS Index URL as https://openg2p.github.io/openg2p-helm/rancher and click Create.

5. Select the namespace in which you would like to install Social Registry, from the namespace filter on the top-right.

6. To display prerelease versions of OpenG2P apps, click on your user avatar in the upper right corner of the Rancher dashboard. Then click on "Include Prerelease Versions" under Preferences under Helm Charts.

7. Navigate to Apps->Charts page on Rancher. You should see "OpenG2P Social Registry" Helm charts listed.

1. Click on "Part 1" Helm chart, select the version to be installed, and click Install.

2. On the next screen, choose a name for installation, like social-registry. Select the checkbox Customise Helm options before install, and click Next.

3. Go through each app's configuration page, and configure the following:

   1. Configure a hostname for each app in the following way. <appname>.<base-hostname> , where base hostname is the wildcard hostname chosen during Istio namespace setup. Example: socialregistry.dev.openg2p.org and odk-sr.dev.openg2p.org , etc. <appname> is arbitrary - default names have been provided.

   2. Keycloak Base Url is your organization-wide Keycloak URL. (Refer to Keycloak installation).

   3. Create a Keycloak client,

   4. OIDC Client details are asked. Refer to Keycloak Client Creation guide.

   5. To change the docker image from the default image, click on Edit YAML table and update the following section in Helm:

image:
    pullPolicy: Always
    repository: openg2p/openg2p-social-registry-odoo-package
    tag: 17.0-develop-social-registry

1. To pull docker from a private repository on Docker Hub, follow guide here.

2. Click Next to reach Helm Options page. Disable wait flag. Click on Install.

3. Navigate back to Apps->Charts page on Rancher. Choose "Part 2" Helm chart. Select the same version as for "Part 1", and click Install.

4. On the next screen, give the same installation name as for "Part 1" but with suffix -p2 , like social-registry-p2. Select the same namespace as "Part 1". Select the checkbox Customise Helm options before install, and click Next.

5. Repeat steps 9 & 10.

6. Wait for all pods to get into Running state. This may take several minutes.

Installation using the command line

• Install the following utilities on your machine:

  • kubectl, istioctl, helm, jq, curl, wget, git, bash, envsubst.

• TBD

Post Installation

Keycloak

Assigning roles to users

Create Keycloak client roles for the following components and assign them to users:

Assigning roles to clients

• For Social Registry to be able to access Keymanager APIs, create a realm role in Keycloak with the name "KEYMANAGER_ADMIN" and assign this as a service account role to the Social Registry Keycloak client.

Odoo

• Follow with Odoo post-install guide to activate Odoo modules.