Esignet Manual Deployment(Pod)

e-Signet
1

Pod status:
[sudakar@ip-10-0-25-60 ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
config-server-54c48ff8b9-mkkcd 0/1 CreateContainerConfigError 0 22h
keycloak-674fc86db9-4h8td 0/1 Running 1 (103s ago) 4m31s

In General:
Specifically, we require assistance with understanding the contents of ConfigMaps and Secrets, as well as determining the necessary environment variable details for the following services: Keycloak, Config Server, Redis Cache, and global secrets & config maps.

2

@Arjunkore

We are using the bitnami helm chart for the keycloak service

helm repo add mosip https://mosip.github.io/mosip-helm
helm repo update

helm -n $NS install keycloak mosip/keycloak --version "7.1.18"

Environmental variables passed to keycloak service statefulset:

        - env:
            - name: KUBERNETES_NAMESPACE
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.namespace
            - name: BITNAMI_DEBUG
              value: 'false'
            - name: KEYCLOAK_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: admin-password
                  name: keycloak
            - name: KEYCLOAK_MANAGEMENT_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: management-password
                  name: keycloak
            - name: KEYCLOAK_DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: password
                  name: keycloak-postgresql
            - name: KEYCLOAK_EXTRA_ARGS
              value: '-Dkeycloak.profile.feature.upload_scripts=enabled'
          envFrom:
            - configMapRef:
                name: keycloak-env-vars

Environmental passed to keycloak-postgres statefulset:

        - env:
            - name: BITNAMI_DEBUG
              value: 'false'
            - name: POSTGRESQL_PORT_NUMBER
              value: '5432'
            - name: POSTGRESQL_VOLUME_DIR
              value: /bitnami/postgresql
            - name: PGDATA
              value: /bitnami/postgresql/data
            - name: POSTGRES_USER
              value: bn_keycloak
            - name: POSTGRES_POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: postgres-password
                  name: keycloak-postgresql
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: password
                  name: keycloak-postgresql
            - name: POSTGRES_DB
              value: bitnami_keycloak
            - name: POSTGRESQL_ENABLE_LDAP
              value: 'no'
            - name: POSTGRESQL_ENABLE_TLS
              value: 'no'
            - name: POSTGRESQL_LOG_HOSTNAME
              value: 'false'
            - name: POSTGRESQL_LOG_CONNECTIONS
              value: 'false'
            - name: POSTGRESQL_LOG_DISCONNECTIONS
              value: 'false'
            - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
              value: 'off'
            - name: POSTGRESQL_CLIENT_MIN_MESSAGES
              value: error
            - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
              value: pgaudit

Configmaps and secrets required for keycloak:

image
image602×580 56.7 KB

image
image870×569 69.1 KB

image
image668×532 47.9 KB

image
image644×583 53.3 KB

Also, we have a keycloak-init helm chart that runs a k8s job to create keycloak realms, clients, & roles required by MOSIP services to proceed.

Please go through the readme

3

Config-server is a configuration management service that points to either the local directory or / github repository.

Please go through the Readme:

We have copy_cm.sh & copy_secrets.sh to copy required configmaps / secrets to the config-server namespace.

4

@Arjunkore

global configmap created on the default namespace used by all services of MOSIP.

The default template is available here.

For redis, please follow the documentation esignet/helm/redis at develop · mosip/esignet · GitHub

1 Like