Post Kubernetes Cluster setup, the deployment has got 2 stages. As part of this sample exercise we can deploy PGR and show what are the various configuration required, however deployment steps are similar for all other modules too, just that the prerequisites differ depending on the feature like SMS Gateway, Payment Gateway, etc
1. Prepare Deployment Configuration File
It's important to prepare a your global deployment configuration yaml file that will contain all the necessary user specific custom values like URL, gateways, persistent storage ids, DB details etc.
Navigate to the following file in your local machine from previously cloned DevOps git repository
cluster-configs:
secrets:
db: // Create postgres db user and mention the details
username: demo
password: demo
flywayUsername: demo #same as above
flywayPassword: demo #same as above
egov-notification-sms: // sms provider details
username: demo
password: demo
egov-filestore: // AWS S3 access IAM details.
aws-key: aswedfghew
aws-secret-key: xdefghgdxc
egov-location: // Location service add your gmap key
gmapskey: AIzaSyAQOd09-sdfegv
egov-pg-service: // Payment Gateway add your bank gateway provider details
axis-merchant-id: demo
axis-merchant-secret-key: demo
axis-merchant-user: demo
axis-merchant-pwd: demo
axis-merchant-access-code: demo
payu-merchant-key: demo
payu-merchant-salt: demo
pgadmin: // To work pgadmin service add details
admin-email: demo@demo.com
admin-password: demo
read-email: demo@demo.com
read-password: demo
egov-enc-service: // To work egov-enc service add the details
master-password: demo
master-salt: q7.fr.cr
master-initialvector: 9J&asfgrU-H2
egov-notification-mail: // To work mail notification service add respective mail details
mailsenderusername: demo@demo
mailsenderpassword: demo
git-sync: // To clone the config and mdms repos, Create github user and add your ssh private key below. This private should have access to config and mdms repo.
ssh: |
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAxN3yoWfXEl7227hAXUTpeN5SiGUe22sIlGSYk3fx2Zl1xW0t
B5Y/Rn0yCQEtQ <add your ssh key this is just a placeholder >
FwiaDbuwQ+eA1RJ4Lxm9sGFuM1T
-----END RSA PRIVATE KEY-----
known-hosts: github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
kibana: // Add Kibana details
namespace: es-cluster
credentials: demo
egov-si-microservice: // Add finance service details
si-microservice-user: demo
si-microservice-password: demo
mail-sender-password: demo
egov-edcr-notification: // Add edcr service details
edcr-mail-username: demo@demo.com
edcr-mail-password: demo
edcr-sms-username: demo
edcr-sms-password: demo
chatbot: // Add chatbot details
valuefirst-username: demo
valuefirst-password: demo
egov-user-chatbot: // Add user chatbot details
citizen-login-password-otp-fixed-value: "546941"
oauth2-proxy: // To work oauth2-proxy service, create and add your github OAuth Apps details
clientID: qwgethjymnbv
clientSecret: 3a08079easd9d8055470475696fd3baad5292
cookieSecret: QVbnq0L8npoyfxZs96wtBg==
Clone the following DIGIT-DevOps repo (If not already done as part of Infra setup), you may need to install git and then run git clone it to your machine.
After cloning the repo CD into the folder DIGIT-DevOps and type the "code ." command that will open the visual editor and opens all the files from the repo DIGIT-DevOps
root@ip:/# cd DIGIT-DevOps
root@ip:DIGIT-DevOps# code .
Update the deployment config file with your details, you can use the following template egov-demo-sample.
credentials, secrets (You need to encrypt using sops and create a <env>-secret.yamlseparately)
SOPS expects an encryption key to use it to encrypt/decrypt a specified plain text and keep the details secured, there are couple of option which you can use it to generate the encryption key
Once you generate your encryption key, create a .sops.yaml configuration file under the /helm directory of the cloned repo to define which keys are used for which specific file. refer to the sops doc for info.
Note: For demo purpose, you can use the egov-demo-secrets.yaml as it is without sops configuration, but make sure you update your specific details like Git SSH, URL etc. When you decide to push these configurations into any git or public space, please make sure you follow the sops configuration mentioned in this article sops to encrypt your secrets.
You have to fork the following repos that contains the master data and default configs which you would customize as per your specific implementation later point in time. Like (Master Data, ULB, Tenant details, Users, etc) to your respective github account.
fork both the mdms, and config repos into your GitHub account
Update the deployment configs for the below as per your specification
Number of replicas/scale of each individual services (Depending on whether dev or prod load)
You must update sms g/w, email g/w, payment g/w details for the notification and payment gateway services, etc.
Update the config, mdmd github repos wherever marked
Update GMap key (In case you are using Google Map services in your PGR, PT, TL, etc)
You must create one private s3 Bucket for Filestore and one public bucket for logos and add the bucket details respectively and create an IAM user with the s3 bucket access. Add IAM user details to <env-secrets.yaml>.
URL/DNS on which the DIGIT will be exposed
SSL Certificate for the above URL
Any specific endpoints configs (Internal/external)
