[12.0.1] partner-onboarder installation errors / misisng minimoto

Support
1

Hi, I’m trying to install MOSIP 12.0.1 in an AWS EKS cluster (since a while…)
I managed to get to deploy the partner-onboarder module, but all the jobs have errors.

Mostly, the error is related to a missing RBAC ClusterRole and missing secrets in namespaces.

As an example, the partner-onboarder-resident tries to download a secret from the esignet namespace that does not exist, using a cluster role “partner-onboarder” that does not exist - should it be deployed by the partner-onboarder install script?

 1.  TypeError                                                                   
                Cannot read properties of null (reading 'signedCertificateData') 
                at test-script                                                   
                inside "cert_upload / upload-leaf-certificate"                   
Updating Resident OIDC Client Id
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=secrets", GroupVersionKind: "/v1, Kind=Secret"
Name: "resident-oidc-onboarder-key", Namespace: "esignet"
from server for: "STDIN": secrets "resident-oidc-onboarder-key" is forbidden: User "system:serviceaccount:onboarder:partner-onboarder" cannot get resource "secrets" in API group "" in the namespace "esignet": RBAC: clusterrole.rbac.authorization.k8s.io "partner-onboarder" not found
Resident OIDC client id updated successfully

All the partner-onboarder jobs have the similar errors, as the partner-onboarder-mimoto

 1.  TypeError                                                                   
                Cannot read properties of null (reading 'signedCertificateData') 
                at test-script                                                   
                inside "cert_upload / upload-leaf-certificate"                   
Updating Mimoto Wallet Binding Partner API Key
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=secrets", GroupVersionKind: "/v1, Kind=Secret"
Name: "mimoto-wallet-binding-partner-api-key", Namespace: "mimoto"
from server for: "STDIN": secrets "mimoto-wallet-binding-partner-api-key" is forbidden: User "system:serviceaccount:onboarder:partner-onboarder" cannot get resource "secrets" in API group "" in the namespace "mimoto": RBAC: clusterrole.rbac.authorization.k8s.io "partner-onboarder" not found
Mimoto Wallet Binding Partner API Key updated successfully

Again, the mimoto namespace does not exists…

3

The resident module delete the mimoto release, but It’s not clear to me who should have installed it in the first place

4

Ok, I managed to create the mimoto api key. I manually created the RBAC role, and granted s3:* on all resources to the datashare AWS Iam User

Now the README is telling me to restart the pod “mimoto”, but I don’t have any mimoto running in my cluster…

5

Hi, We are deploying Mimoto independently and onboarding separately. You can find the repository here: link. For the partner-onboarder, please set the mimoto-keybinding to false in values.yaml and disregard the command ‘helm -n $NS delete mimoto’ as it was mistakenly left in. We apologize for any inconvenience caused