description |
---|
SPAR Deployment |
The instructions here pertain to the deployment of all SPAR components on the Kubernetes cluster using Helm charts. The charts install SPAR components along with the Postgresql server specific to SPAR. All the components are installed in the same namespace. The deployment may be achieved by the following methods:
Before you deploy SPAR, make sure the following are available:
- Base infrastructure along with domain name and certificates for Rancher and Keycloak
- Domain names and certificates specific to Social Registry.
- Nginx server configuration
- A conf file is created under
sites-enabled
on Nginx containing the above SSL certs. See sample conf file.
- A conf file is created under
- Namespace is created (On Rancher a namespace is created under a Project).
- Project Owner permission on the namespace of OpenG2P cluster.
- Gateways are setup for the domain as given here Istio namespace setup.
- Log in to Rancher admin console.
- Select your cluster.
- Under Apps -> Repositories click the Create to add a repository.
- Provide Name as "openg2p" and target HTTPS Index URL as https://openg2p.github.io/openg2p-helm/rancher and click on Create.
- Select the namespace in which you would like to install PBMS, from the namespace filter on the top-right.
- To display prerelease versions of OpenG2P apps, click on your user avatar in the upper right corner of the Rancher dashboard. Then click on Include Prerelease Versions under Preferences below the Helm Charts.
- Navigate to Apps->Charts page on Rancher. You can find the OpenG2P SPAR is listed in the dashboard.
- Click on the Helm chart, select the version to be installed, and click Install.
- On the next screen, choose a name for installation, like
spar
. Select the checkbox Customise Helm before the installation, and then click on Next. - Navigate to each app's configuration page, and configure the following:
- Configure a hostname for each app in the following way.
<appname>.<base-hostname>
, where base hostname is the wildcard hostname chosen during Istio namespace setup. Example:spar.dev.openg2p.org
etc.<appname>
is arbitrary - default names have been provided. - Your organization-wide Keycloak URL is Keycloak Base Url . (Refer to Keycloak installation).
- Create a Keycloak client.
- Provide the OIDC Client details. Refer to Keycloak Client Creation guide.
- Click on Next to navigate to Helm Options page. Disable
wait
flag. Click on Install. - Watch for every pods to enter a Running state. This may take several minutes.
- Configure a hostname for each app in the following way.
-
Install the following utilities on your machine:
kubectl
,istioctl
,helm
,jq
,curl
,wget
,git
,bash
,envsubst
.
-
Clone the https://github.com/openg2p/openg2p-spar-deployment repo. Switch to the branch of interest. Navigate to
deployment
directory. -
Run.
SPAR_HOSTNAME=spar.openg2p.sandbox.net \ NS=<namespace> \ ./install.sh
After installation, SPAR is accessible over following URLs based on the SPAR_HOSTNAME
given above:
- SPAR Self Service UI: https://spar.openg2p.sandbox.net
- SPAR Self Service API: https://spar.openg2p.sandbox.net/api/selfservice
- SPAR Mapper: https://spar.openg2p.sandbox.net/api/mapper
Postgresql is installed as part of the above procedure in the same namespace. The default database created is spardb
.
- Create OIDC Client for SPAR in eSignet. Follow the method suggested by the ID Provider.
- If using mock eSignet, use this API to create OIDC client.
- During OIDC client creation, you will be asked for (or given) a client ID and private key JWK as client secret.
- Edit the SPAR DB,
login_provider
table and modify theauthorization_parameters
row of the first entry, with:- appropriate URLs for
authorize_endpoint
,token_endpoint
,validate_endpoint
,jwks_endpoint
, andredirect_uri
fields. - above client ID under the
client_id
field. - and above private key jwk under the
client_assertion_jwk
field.
- appropriate URLs for
- Seed/edit metadata of banks, wallets, branches, etc for the SPAR self-service portal in database. TODO: Elaborate.
TBD