Deployment
SPAR Deployment
The instructions here pertain to the deployment of all SPAR components on the Kubernetes cluster using Helm charts. The charts install SPAR components along with the Postgresql server specific to SPAR. All the components are installed in the same namespace. The deployment may be achieved by the following methods:
Prerequisites
Before you deploy SPAR, make sure the following are available:
Base infrastructure along with domain name and certificates for Rancher and Keycloak
Domain names and certificates specific to Social Registry.
Nginx server configuration
A conf file is created under
sites-enabledon Nginx containing the above SSL certs. See sample conf file.
Namespace is created (On Rancher a namespace is created under a Project).
Project Owner permission on the namespace of OpenG2P cluster.
Gateways are setup for the domain as given here Istio namespace setup.
Installation using Rancher UI
Log in to Rancher admin console.
Select your cluster.
Under Apps -> Repositories click the Create to add a repository.
Provide Name as "openg2p" and target HTTPS Index URL as https://openg2p.github.io/openg2p-helm/rancher and click on Create.
Select the namespace in which you would like to install PBMS, from the namespace filter on the top-right.
To display prerelease versions of OpenG2P apps, click on your user avatar in the upper right corner of the Rancher dashboard. Then click on Include Prerelease Versions under Preferences below the Helm Charts.
Navigate to Apps->Charts page on Rancher. You can find the OpenG2P SPAR is listed in the dashboard.
Click on the Helm chart, select the version to be installed, and click Install.
On the next screen, choose a name for installation, like
spar. Select the checkbox Customise Helm before the installation, and then click on Next.Navigate to each app's configuration page, and configure the following:
Configure a hostname for each app in the following way.
<appname>.<base-hostname>, where base hostname is the wildcard hostname chosen during Istio namespace setup. Example:spar.dev.openg2p.orgetc.<appname>is arbitrary - default names have been provided.Your organization-wide Keycloak URL is Keycloak Base Url . (Refer to Keycloak installation).
Create a Keycloak client.
Provide the OIDC Client details. Refer to Keycloak Client Creation guide.
Click on Next to navigate to Helm Options page. Disable
waitflag. Click on Install.Watch for every pods to enter a Running state. This may take several minutes.
Installation using the command line
Install the following utilities on your machine:
kubectl,istioctl,helm,jq,curl,wget,git,bash,envsubst.
Clone the https://github.com/openg2p/openg2p-spar-deployment repo. Switch to the branch of interest. Navigate to
deploymentdirectory.Run.
Access links
After installation, SPAR is accessible over following URLs based on the SPAR_HOSTNAME given above:
SPAR Self Service UI: https://spar.openg2p.sandbox.net
SPAR Self Service API: https://spar.openg2p.sandbox.net/api/selfservice
SPAR Mapper: https://spar.openg2p.sandbox.net/api/mapper
Database
Postgresql is installed as part of the above procedure in the same namespace. The default database created is spardb .
Onboard SPAR on eSignet
Create OIDC Client for SPAR in eSignet. Follow the method suggested by the ID Provider.
If using mock eSignet, use this API to create OIDC client.
During OIDC client creation, you will be asked for (or given) a client ID and private key JWK as client secret.
Edit the SPAR DB,
login_providertable and modify theauthorization_parametersrow of the first entry, with:appropriate URLs for
authorize_endpoint,token_endpoint,validate_endpoint,jwks_endpoint, andredirect_urifields.above client ID under the
client_idfield.and above private key jwk under the
client_assertion_jwkfield.
Seed/edit metadata of banks, wallets, branches, etc for the SPAR self-service portal in database. TODO: Elaborate.
Sanity testing
TBD
Last updated
