[MOSIP-35816] added deployment scripts for signup service and ui

Signed-off-by: ckm007 <[email protected]>

deploy/copy_cm_func.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+# Copy configmap and secret from one namespace to another.
+# ./copy_cm_func.sh <resource> <configmap_name> <source_namespace> <destination_namespace> [name]
+# Parameters:
+#   resource: configmap|secret
+#   name: Optional new name of the configmap or secret in destination namespace.  This may be needed if there is
+#         clash of names
+
+if [ $1 = "configmap" ]
+then
+  RESOURCE=configmap
+elif [ $1 = "secret" ]
+then
+  RESOURCE=secret
+else
+  echo "Incorrect resource $1. Exiting.."
+  exit 1
+fi
+
+
+if [ $# -ge 5 ]
+then
+   kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5
+   kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f -  
+else
+   kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2
+   kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" |  kubectl -n $4 create -f -  
+fi 
+
+
+
+
+

deploy/keycloak/keycloak-init-values.yaml

@@ -0,0 +1,15 @@
+keycloak:
+  realms:
+    mosip: # realm
+      roles:
+        - AUTH
+        - ID_REPOSITORY
+        - REGISTRATION_ADMIN
+      clients:   
+        - name: mosip-signup-client
+          mappers: []
+          saroles:
+            - AUTH
+            - CREDENTIAL_REQUEST
+            - ID_REPOSITORY
+            - REGISTRATION_ADMIN

deploy/keycloak/keycloak-init.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+# Installs all esignet keycloak-init
+## Usage: ./keycloak-init.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=signup
+CHART_VERSION=0.0.1-develop
+COPY_UTIL=../copy_cm_func.sh
+
+helm repo add mosip https://mosip.github.io/mosip-helm
+helm repo update
+
+echo "checking if mosip-pms-client, mosip-ida-client & mpartner_default_auth client is created already"
+IAMHOST_URL=$(kubectl -n esignet get cm esignet-global -o jsonpath={.data.mosip-iam-external-host})
+SIGNUP_CLIENT_SECRET_KEY='mosip_signup_client_secret'
+SIGNUP_CLIENT_SECRET_VALUE=$(kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.$SIGNUP_CLIENT_SECRET_KEY} | base64 -d)
+echo "Copying keycloak configmaps and secret"
+$COPY_UTIL configmap keycloak-host keycloak $NS
+$COPY_UTIL configmap keycloak-env-vars keycloak $NS
+$COPY_UTIL secret keycloak keycloak $NS
+
+echo "creating and adding roles to keycloak pms & mpartner_default_auth clients for ESIGNET"
+kubectl -n $NS delete secret --ignore-not-found=true keycloak-client-secrets
+helm -n $NS delete signup-keycloak-init
+helm -n $NS install signup-keycloak-init mosip/keycloak-init \
+  -f keycloak-init-values.yaml \
+  --set clientSecrets[0].name="$SIGNUP_CLIENT_SECRET_KEY" \
+  --set clientSecrets[0].secret="$SIGNUP_CLIENT_SECRET_VALUE" \
+  --version $CHART_VERSION --wait --wait-for-jobs
+
+SIGNUP_CLIENT_SECRET_VALUE=$(kubectl -n $NS get secrets keycloak-client-secrets -o jsonpath={.data.$SIGNUP_CLIENT_SECRET_KEY})
+# Check if the secret exists
+if kubectl get secret keycloak-client-secrets -n keycloak >/dev/null 2>&1; then
+  echo "Secret 'keycloak-client-secrets' exists. Performing secret update..."
+  kubectl -n keycloak get secret keycloak-client-secrets -o json |
+  jq ".data[\"$SIGNUP_CLIENT_SECRET_KEY\"]=\"$SIGNUP_CLIENT_SECRET_VALUE\"" |
+  kubectl apply -f -
+else
+  echo "Secret 'keycloak-client-secrets' does not exist. Copying the secret to the keycloak namespace."
+  $COPY_UTIL secret keycloak-client-secrets $NS keycloak
+fi

deploy/prereq.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# Installs signup services in correct order
+## Usage: ./install-all.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+ROOT_DIR=`pwd`
+NS=signup
+
+echo "This script considers below mentioned points:"
+echo "1. Keycloak is installed in keycloak namespace and already initialised once during esignet pre-requisites initialisation."
+echo "2. Redis is installed and relevant secret and configmap is present in redis namespace as part of esignet pre-requisites installation."
+echo "3. Kafka is installed in kafka namespace as part of esignet pre-requisites installation."
+
+function installing_prereq() {
+  helm repo add mosip https://mosip.github.io/mosip-helm
+  helm repo update
+
+  echo Create $NS namespace
+  kubectl create ns $NS || true
+
+  ./copy_cm_func.sh configmap esignet-global esignet $NS
+  echo "Sucessfully copied esignet-global configmap from esignet namespace to "$NS" "
+
+
+  ./copy_cm_func.sh configmap redis-config redis $NS
+  ./copy_cm_func.sh secret redis redis $NS
+  echo "Sucessfully copied configmaps and secrets required to connect to the redis server from redis namespace which is also shared with esignet"
+
+  echo "Note: By default pointing to the Kafka installed in kafka namespace used by esignet service as well. In case want to change the same, deploy new kafka server and update in signup application properties."
+
+  cd $ROOT_DIR/keycloak
+  ./keycloak-init.sh
+
+  SIGNUP_HOST=$(kubectl -n esignet get cm esignet-global -o jsonpath={.data.mosip-signup-host})
+  echo "Please enter the recaptcha admin site key for domain "$SIGNUP_HOST""
+  read SSITE_KEY
+  echo Please enter the recaptcha admin secret key for domain $SIGNUP_HOST
+  read SSECRET_KEY
+
+  echo Setting up captcha secrets
+  kubectl -n $NS create secret generic signup-captcha --from-literal=signup-captcha-site-key=$SSITE_KEY --from-literal=signup-captcha-secret-key=$SSECRET_KEY --dry-run=client -o yaml | kubectl apply -f -
+
+  echo creating empty signup-keystore-password secret
+  kubectl -n $NS create secret generic signup-keystore-password --from-literal=signup-keystore-password='' --dry-run=client -o yaml | kubectl apply -f -
+
+  echo creating empty signup-keystore secret
+  kubectl -n $NS create secret generic signupoidc --from-literal=oidckeystore.p12='' --dry-run=client -o yaml | kubectl apply -f -
+
+  echo All signup services pre-requisites deployed sucessfully.
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+installing_prereq   # calling function

deploy/restart-all.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# restarts signup services in correct order
+## Usage: ./restart-all.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function Restarting_All() {
+  ROOT_DIR=`pwd`
+
+  declare -a module=("signup-service"
+         "signup-ui"
+                     )
+
+  echo restarting signup services
+
+  for i in "${module[@]}"
+  do
+    cd $ROOT_DIR/"$i"
+    ./restart.sh
+  done
+
+  echo All signup services restarted sucessfully.
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+Restarting_All   # calling function

deploy/signup-service/delete.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+# Uninstalls all signup helm charts
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function Deleting_signup() {
+  NS=signup
+  while true; do
+      read -p "Are you sure you want to delete all signup helm charts?(Y/n) " yn
+      if [[ $yn = "Y" ]] || [[ $yn = "y" ]];
+        then
+          helm -n $NS delete signup
+          break
+        else
+          break
+      fi
+  done
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+Deleting_signup   # calling function
+

deploy/signup-service/install.sh

@@ -0,0 +1,90 @@
+#!/bin/bash
+# Installs all signup helm charts
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=signup
+CHART_VERSION=0.0.1-develop
+
+function installing_signup() {
+  helm repo add mosip https://mosip.github.io/mosip-helm
+  helm repo update
+
+  echo Create $NS namespace
+  kubectl create ns $NS || true
+
+  while true; do
+    read -p "Is Prometheus Service Monitor Operator deployed in the k8s cluster? (y/n): " response
+    if [[ "$response" == "y" || "$response" == "Y" ]]; then
+      servicemonitorflag=true
+      break
+    elif [[ "$response" == "n" || "$response" == "N" ]]; then
+      servicemonitorflag=false
+      break
+    else
+      echo "Not a correct response. Please respond with y (yes) or n (no)."
+    fi
+  done
+
+  echo "Do you have public domain & valid SSL? (Y/n) "
+  echo "Y: if you have public domain & valid ssl certificate"
+  echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments."
+  read -p "" flag
+
+  if [ -z "$flag" ]; then
+    echo "'flag' was provided; EXITING;"
+    exit 1;
+  fi
+  ENABLE_INSECURE=''
+  if [ "$flag" = "n" ]; then
+    ENABLE_INSECURE='--set enable_insecure=true';
+  fi
+
+  while true; do
+    read -p "Do you want to use the default plugins? (y/n): " ans
+    if [[ "$ans" == "y" || "$ans" == "Y" ]]; then
+      echo "Default plugins are listed below, please provide the correct plugin number."
+      echo "1. esignet-mock-plugin.jar"
+      echo "2. mosip-identity-plugin.jar"
+      read -p "Enter the plugin number: " plugin_no
+        while true; do
+          if [[ "$plugin_no" == "1" ]]; then
+            plugin_option="--set plugin_name_env=esignet-mock-plugin.jar"
+            break
+          elif [[ "$plugin_no" == "2" ]]; then
+            plugin_option="--set plugin_name_env=mosip-identity-plugin.jar"
+            break
+          else
+            echo "please provide the correct plugin number (1 or 2)."
+          fi
+        done
+      break
+    elif [[ "$ans" == "n" || "$ans" == "N" ]]; then
+      read -p "Provide the URL to download the plugins zip " plugin_url
+      read -p "Provide the plugin jar name (with extension eg., test-plugin.jar) " plugin_jar
+      plugin_option="--set pluginNameEnv=$plugin_jar --set pluginUrlEnv=$plugin_url"
+      break
+    else
+      echo " Invalid response. Please respond with y (yes) or n (no)."
+    fi
+  done
+
+
+  echo Installing signup
+  helm -n $NS install signup mosip/signup -f values.yaml --version $CHART_VERSION $ENABLE_INSECURE $plugin_option --set metrics.serviceMonitor.enabled=$servicemonitorflag --wait
+  kubectl -n $NS  get deploy -o name |  xargs -n1 -t  kubectl -n $NS rollout status
+
+  echo Installed signup
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+installing_signup   # calling function

deploy/signup-service/restart.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+# Restart the signup services
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function Restarting_signup() {
+  NS=signup
+  kubectl -n $NS rollout restart deploy signup
+
+  kubectl -n $NS  get deploy -o name |  xargs -n1 -t  kubectl -n $NS rollout status
+
+  echo Restarted signup services
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+Restarting_signup   # calling function