diff --git a/README.md b/README.md index d1ddadb1..5a432a39 100644 --- a/README.md +++ b/README.md @@ -4,31 +4,20 @@ signup-service is part of the esignet, but has a separate Helm chart to install ## Installing in k8s cluster using helm ### Pre-requisites -1. Set the kube config file of the Mosip cluster having dependent services is set correctly in PC. -2. Make sure [DB setup](db_scripts/README.md#install-in-existing-mosip-k8-cluster) is done. -3. Add / merge below mentioned properties files into existing config branch: - * [signup-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/esignet-default.properties) - * [application-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/application-default.properties) -4. Below are the dependent services required for signup service integrated with MOSIP IDA: +1. Set the kube config file of the Esignet k8 cluster having esignet services is set correctly in PC. +1. Below are the dependent services required for signup service integrated with MOSIP IDA: | Chart | Chart version | |---|---| |[Keycloak](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 7.1.18 | |[Keycloak-init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 12.0.1-B3 | - |[Postgres](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 10.16.2 | - |[Postgres Init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 12.0.1-B3 | - |[Minio](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/object-store) | 10.1.6 | |[Kafka](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/kafka) | 0.4.2 | - |[Config-server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/config-server) | 12.0.1-B3 | - |[Websub](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/websub) | 12.0.1-B2 | - |[Artifactory server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/artifactory) | 12.0.1-B3 | - |[Keymanager service](https://github.com/mosip/mosip-infra/blob/v1.2.0.1-B3/deployment/v3/mosip/keymanager) | 12.0.1-B2 | - |[Kernel services](https://github.com/mosip/mosip-infra/blob/v1.2.0.1-B3/deployment/v3/mosip/kernel) | 12.0.1-B2 | - |[Biosdk service](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/biosdk) | 12.0.1-B3 | - |[Idrepo services](https://github.com/mosip/mosip-infra/blob/v1.2.0.1-B3/deployment/v3/mosip/idrepo) | 12.0.1-B2 | - |[Pms services](https://github.com/mosip/mosip-infra/blob/v1.2.0.1-B3/deployment/v3/mosip/pms) | 12.0.1-B3 | - |[IDA services](https://github.com/mosip/mosip-infra/blob/v1.2.0.1-B3/deployment/v3/mosip/ida) | 12.0.1-B3 | -### Install +### Setup pre-requisites for signup services +``` +cd deploy +./prereq.sh +``` +### Install Signup service * Install `kubectl` and `helm` utilities. * Run `install.sh` to run the partner-onboarder to create the signup-oidc ``` @@ -37,28 +26,23 @@ signup-service is part of the esignet, but has a separate Helm chart to install ``` * Run `install-all.sh` to deploy signup services. ``` - cd helm - ./install-all.sh + cd deploy + ./install-signup.sh ``` -* During the execution of the `install-all.sh` script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server. -* If the server lacks a public domain and a valid SSL certificate, it is advisable to select the `n` option. Opting it will enable the `init-container` with an `emptyDir` volume and include it in the deployment process. -* The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., `cacerts`) file. -* This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates. - ### Delete -* Run `delete-all.sh` to remove signup services. +* Run `delete-signup.sh` to remove signup services. ``` - cd helm - ./delete-all.sh + cd deploy + ./delete-signup.sh ``` - ### Restart -* Run `restart-all.sh` to restart signup services. +* Run `restart-signup.sh` to restart signup services. ``` - cd helm - ./restart-all.sh + cd deploy + ./restart-signup.sh ``` - +## Partner onboarding +* Perform Partner onboarding for esignet Signup OIDC client using [steps](partner-onboarder/README.md) only if mosip-identity plugin is used. ## APIs API documentation is available [here](https://mosip.stoplight.io/docs/identity-provider/branches/signupV1/t9tvfbteqqokf-e-signet-signup-portal-ap-is). diff --git a/helm/copy_cm_func.sh b/deploy/copy_cm_func.sh similarity index 100% rename from helm/copy_cm_func.sh rename to deploy/copy_cm_func.sh diff --git a/helm/delete-all.sh b/deploy/delete-signup.sh similarity index 70% rename from helm/delete-all.sh rename to deploy/delete-signup.sh index 3f338a74..be557922 100755 --- a/helm/delete-all.sh +++ b/deploy/delete-signup.sh @@ -1,7 +1,6 @@ #!/bin/bash - -# deletes signup services in correct order -## Usage: ./delete-all.sh [kubeconfig] +# Deleted signup services in correct order +## Usage: ./restart-all.sh [kubeconfig] if [ $# -ge 1 ] ; then export KUBECONFIG=$1 @@ -9,15 +8,10 @@ fi function Deleting_All() { ROOT_DIR=`pwd` - SOFTHSM_NS=softhsm - - helm -n $SOFTHSM_NS delete softhsm-signup - declare -a module=("signup-service" - "signup-ui" - ) + declare -a module=("signup-service" "signup-ui") - echo Installing signup services + echo restarting signup services for i in "${module[@]}" do diff --git a/helm/install-all.sh b/deploy/install-signup.sh similarity index 50% rename from helm/install-all.sh rename to deploy/install-signup.sh index 8b424c1d..1beee5fc 100755 --- a/helm/install-all.sh +++ b/deploy/install-signup.sh @@ -1,7 +1,6 @@ #!/bin/bash - -# Installs signup services in correct order -## Usage: ./install-all.sh [kubeconfig] +## Installs signup services in correct order +## Usage: ./install.sh [kubeconfig] if [ $# -ge 1 ] ; then export KUBECONFIG=$1 @@ -9,30 +8,29 @@ fi ROOT_DIR=`pwd` -function installing_All() { - helm repo add mosip https://mosip.github.io/mosip-helm - helm repo update +function installing_signup() { - declare -a module=("signup-service" - "signup-ui" - ) + helm repo add mosip https://mosip.github.io/mosip-helm + # List of modules to install + declare -a modules=("signup-service" "signup-ui") - echo Installing signup services + echo "Installing signup services" - for i in "${module[@]}" + # Install modules + for module in "${modules[@]}" do - cd $ROOT_DIR/"$i" + cd $ROOT_DIR/"$module" ./install.sh done - echo All signup services deployed sucessfully. + echo "All signup services deployed successfully." return 0 } -# set commands for error handling. +# Set commands for error handling. set -e set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o nounset ## set -u : exit the script if you try to use an uninitialized variable set -o errtrace # trace ERR through 'time command' and other functions set -o pipefail # trace ERR through pipes -installing_All # calling function +installing_signup # calling function diff --git a/deploy/keycloak/keycloak-init-values.yaml b/deploy/keycloak/keycloak-init-values.yaml new file mode 100644 index 00000000..2e22f287 --- /dev/null +++ b/deploy/keycloak/keycloak-init-values.yaml @@ -0,0 +1,15 @@ +keycloak: + realms: + mosip: # realm + roles: + - AUTH + - ID_REPOSITORY + - REGISTRATION_ADMIN + clients: + - name: mosip-signup-client + mappers: [] + saroles: + - AUTH + - CREDENTIAL_REQUEST + - ID_REPOSITORY + - REGISTRATION_ADMIN diff --git a/deploy/keycloak/keycloak-init.sh b/deploy/keycloak/keycloak-init.sh new file mode 100755 index 00000000..09c0a2e2 --- /dev/null +++ b/deploy/keycloak/keycloak-init.sh @@ -0,0 +1,44 @@ +#!/bin/sh +# Initialises signup keycloak-init +## Usage: ./keycloak-init.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=signup +CHART_VERSION=0.0.1-develop +COPY_UTIL=../copy_cm_func.sh + +helm repo add mosip https://mosip.github.io/mosip-helm +helm repo update + +echo "checking if mosip-pms-client, mosip-ida-client & mpartner_default_auth client is created already" +IAMHOST_URL=$(kubectl -n esignet get cm esignet-global -o jsonpath={.data.mosip-iam-external-host}) +SIGNUP_CLIENT_SECRET_KEY='mosip_signup_client_secret' +SIGNUP_CLIENT_SECRET_VALUE=$(kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.$SIGNUP_CLIENT_SECRET_KEY} | base64 -d) +echo "Copying keycloak configmaps and secret" +$COPY_UTIL configmap keycloak-host keycloak $NS +$COPY_UTIL configmap keycloak-env-vars keycloak $NS +$COPY_UTIL secret keycloak keycloak $NS + +echo "creating and adding roles to keycloak pms & mpartner_default_auth clients for ESIGNET" +kubectl -n $NS delete secret --ignore-not-found=true keycloak-client-secrets +helm -n $NS delete signup-keycloak-init +helm -n $NS install signup-keycloak-init mosip/keycloak-init \ + -f keycloak-init-values.yaml \ + --set clientSecrets[0].name="$SIGNUP_CLIENT_SECRET_KEY" \ + --set clientSecrets[0].secret="$SIGNUP_CLIENT_SECRET_VALUE" \ + --version $CHART_VERSION --wait --wait-for-jobs + +SIGNUP_CLIENT_SECRET_VALUE=$(kubectl -n $NS get secrets keycloak-client-secrets -o jsonpath={.data.$SIGNUP_CLIENT_SECRET_KEY}) +# Check if the secret exists +if kubectl get secret keycloak-client-secrets -n keycloak >/dev/null 2>&1; then + echo "Secret 'keycloak-client-secrets' exists. Performing secret update..." + kubectl -n keycloak get secret keycloak-client-secrets -o json | + jq ".data[\"$SIGNUP_CLIENT_SECRET_KEY\"]=\"$SIGNUP_CLIENT_SECRET_VALUE\"" | + kubectl apply -f - +else + echo "Secret 'keycloak-client-secrets' does not exist. Copying the secret to the keycloak namespace." + $COPY_UTIL secret keycloak-client-secrets $NS keycloak +fi diff --git a/deploy/prereq.sh b/deploy/prereq.sh new file mode 100755 index 00000000..0c188e85 --- /dev/null +++ b/deploy/prereq.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +# Installs signup services in correct order +## Usage: ./install-all.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +ROOT_DIR=`pwd` +NS=signup + +echo "This script considers below mentioned points:" +echo "1. Keycloak is installed in keycloak namespace and already initialised once during esignet pre-requisites initialisation." +echo "2. Redis is installed and relevant secret and configmap is present in redis namespace as part of esignet pre-requisites installation." +echo "3. Kafka is installed in kafka namespace as part of esignet pre-requisites installation." + +function installing_prereq() { + helm repo add mosip https://mosip.github.io/mosip-helm + helm repo update + + echo Create $NS namespace + kubectl create ns $NS || true + + ./copy_cm_func.sh configmap esignet-global esignet $NS + echo "Sucessfully copied esignet-global configmap from esignet namespace to "$NS" " + + + ./copy_cm_func.sh configmap redis-config redis $NS + ./copy_cm_func.sh secret redis redis $NS + echo "Sucessfully copied configmaps and secrets required to connect to the redis server from redis namespace which is also shared with esignet" + + echo "Note: By default pointing to the Kafka installed in kafka namespace used by esignet service as well. In case want to change the same, deploy new kafka server and update in signup application properties." + + cd $ROOT_DIR/keycloak + ./keycloak-init.sh + + SIGNUP_HOST=$(kubectl -n esignet get cm esignet-global -o jsonpath={.data.mosip-signup-host}) + echo "Please enter the recaptcha admin site key for domain "$SIGNUP_HOST"" + read SSITE_KEY + echo Please enter the recaptcha admin secret key for domain $SIGNUP_HOST + read SSECRET_KEY + + echo Setting up captcha secrets + kubectl -n $NS create secret generic signup-captcha --from-literal=signup-captcha-site-key=$SSITE_KEY --from-literal=signup-captcha-secret-key=$SSECRET_KEY --dry-run=client -o yaml | kubectl apply -f - + + echo creating empty signup-keystore-password secret + kubectl -n $NS create secret generic signup-keystore-password --from-literal=signup-keystore-password='' --dry-run=client -o yaml | kubectl apply -f - + + echo creating empty signup-keystore secret + kubectl -n $NS create secret generic signup-keystore --from-literal=oidckeystore.p12='' --dry-run=client -o yaml | kubectl apply -f - + + echo All signup services pre-requisites deployed sucessfully. + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +installing_prereq # calling function diff --git a/helm/reporting/signup.ndjson b/deploy/reporting/signup.ndjson similarity index 100% rename from helm/reporting/signup.ndjson rename to deploy/reporting/signup.ndjson diff --git a/helm/restart-all.sh b/deploy/restart-signup.sh similarity index 90% rename from helm/restart-all.sh rename to deploy/restart-signup.sh index 467f53c3..ce05b487 100755 --- a/helm/restart-all.sh +++ b/deploy/restart-signup.sh @@ -1,5 +1,4 @@ #!/bin/bash - # restarts signup services in correct order ## Usage: ./restart-all.sh [kubeconfig] @@ -10,9 +9,7 @@ fi function Restarting_All() { ROOT_DIR=`pwd` - declare -a module=("signup-service" - "signup-ui" - ) + declare -a module=("signup-service" "signup-ui") echo restarting signup services diff --git a/helm/signup-service/delete.sh b/deploy/signup-service/delete.sh similarity index 81% rename from helm/signup-service/delete.sh rename to deploy/signup-service/delete.sh index 44994309..d7460605 100755 --- a/helm/signup-service/delete.sh +++ b/deploy/signup-service/delete.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Uninstalls all signup helm charts +# Deletes signup helm chart ## Usage: ./delete.sh [kubeconfig] if [ $# -ge 1 ] ; then @@ -9,8 +9,8 @@ fi function Deleting_signup() { NS=signup while true; do - read -p "Are you sure you want to delete all signup helm charts?(Y/n) " yn - if [ $yn = "Y" ] + read -p "Are you sure you want to delete signup helm charts?(Y/n) " yn + if [[ $yn = "Y" ]] || [[ $yn = "y" ]]; then helm -n $NS delete signup break diff --git a/deploy/signup-service/install.sh b/deploy/signup-service/install.sh new file mode 100755 index 00000000..68088c8f --- /dev/null +++ b/deploy/signup-service/install.sh @@ -0,0 +1,93 @@ +#!/bin/bash +# Installs signup helm chart +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=signup +CHART_VERSION=0.0.1-develop + +function installing_signup() { + helm repo add mosip https://mosip.github.io/mosip-helm + helm repo update + + echo Create $NS namespace + kubectl create ns $NS || true + + while true; do + read -p "Is Prometheus Service Monitor Operator deployed in the k8s cluster? (y/n): " response + if [[ "$response" == "y" || "$response" == "Y" ]]; then + servicemonitorflag=true + break + elif [[ "$response" == "n" || "$response" == "N" ]]; then + servicemonitorflag=false + break + else + echo "Not a correct response. Please respond with y (yes) or n (no)." + fi + done + + echo "Do you have public domain & valid SSL? (Y/n) " + echo "Y: if you have public domain & valid ssl certificate" + echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments." + read -p "" flag + + if [ -z "$flag" ]; then + echo "'flag' was provided; EXITING;" + exit 1; + fi + ENABLE_INSECURE='' + if [ "$flag" = "n" ]; then + ENABLE_INSECURE='--set enable_insecure=true'; + fi + + while true; do + read -p "Do you want to use the default plugins? (y/n): " ans + if [[ "$ans" == "y" || "$ans" == "Y" ]]; then + echo "Default plugins are listed below, please provide the correct plugin number." + echo "1. esignet-mock-plugin.jar" + echo "2. mosip-identity-plugin.jar" + read -p "Enter the plugin number: " plugin_no + while true; do + if [[ "$plugin_no" == "1" ]]; then + plugin_option="--set plugin_name_env=esignet-mock-plugin.jar" + break + elif [[ "$plugin_no" == "2" ]]; then + plugin_option="--set plugin_name_env=mosip-identity-plugin.jar" + break + else + echo "please provide the correct plugin number (1 or 2)." + fi + done + break + elif [[ "$ans" == "n" || "$ans" == "N" ]]; then + read -p "Provide the URL to download the plugins zip " plugin_url + read -p "Provide the plugin jar name (with extension eg., test-plugin.jar) " plugin_jar + plugin_option="--set pluginNameEnv=$plugin_jar --set pluginUrlEnv=$plugin_url" + break + else + echo " Invalid response. Please respond with y (yes) or n (no)." + fi + done + + + echo Installing signup + helm -n $NS install signup mosip/signup \ + -f values.yaml --version $CHART_VERSION $ENABLE_INSECURE $plugin_option \ + --set metrics.serviceMonitor.enabled=$servicemonitorflag --wait + + kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + + echo Installed signup + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +installing_signup # calling function diff --git a/helm/signup-service/restart.sh b/deploy/signup-service/restart.sh similarity index 100% rename from helm/signup-service/restart.sh rename to deploy/signup-service/restart.sh diff --git a/deploy/signup-service/values.yaml b/deploy/signup-service/values.yaml new file mode 100644 index 00000000..49c4500c --- /dev/null +++ b/deploy/signup-service/values.yaml @@ -0,0 +1,60 @@ +## Uncomment required parms added with single '#' when needed. +#image: +# registry: docker.io +# repository: mosipdev/signup-service +# tag: develop + +#extraEnvVars: | +# - name: MOSIP_ESIGNET_HOST +# valueFrom: +# configMapKeyRef: +# name: esignet-global +# key: mosip-esignet-host +# - name: MOSIP_SIGNUP_HOST +# valueFrom: +# configMapKeyRef: +# name: esignet-global +# key: mosip-signup-host +# - name: KEYCLOAK_EXTERNAL_URL +# valueFrom: +# configMapKeyRef: +# name: keycloak-host +# key: keycloak-external-url +# - name: MOSIP_SIGNUP_CAPTCHA_SITE_KEY +# valueFrom: +# secretKeyRef: +# name: signup-captcha +# key: signup-captcha-site-key +# - name: MOSIP_SIGNUP_OIDC_KEYSTORE_PWD +# valueFrom: +# secretKeyRef: +# name: signup-keystore-password +# key: signup-keystore-password +# - name: REDIS_HOST +# valueFrom: +# configMapKeyRef: +# name: redis-config +# key: redis-host +# - name: REDIS_PORT +# valueFrom: +# configMapKeyRef: +# name: redis-config +# key: redis-port +# - name: REDIS_PASSWORD +# valueFrom: +# secretKeyRef: +# name: redis +# key: redis-password +# - name: MOSIP_SIGNUP_CLIENT_SECRET +# valueFrom: +# secretKeyRef: +# name: keycloak-client-secrets +# key: mosip_signup_client_secret + +## ConfigMap with extra environment variables that used +## +#extraEnvVarsCM: [] + +## Secret with extra environment variables +## +#extraEnvVarsSecret: [] diff --git a/helm/signup-ui/delete.sh b/deploy/signup-ui/delete.sh similarity index 85% rename from helm/signup-ui/delete.sh rename to deploy/signup-ui/delete.sh index c264c4a0..600b907e 100755 --- a/helm/signup-ui/delete.sh +++ b/deploy/signup-ui/delete.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Uninstalls signup-ui helm charts +## Deletes signup-ui helm chart ## Usage: ./delete.sh [kubeconfig] if [ $# -ge 1 ] ; then @@ -10,9 +10,9 @@ function Deleting_signup-ui() { NS=signup while true; do read -p "Are you sure you want to delete all signup-ui helm charts?(Y/n) " yn - if [ $yn = "Y" ] + if [[ $yn = "Y" ]] || [[ $yn = "y" ]]; then - helm -n $NS delete signup-service + helm -n $NS delete signup-ui break else break diff --git a/helm/signup-ui/install.sh b/deploy/signup-ui/install.sh similarity index 80% rename from helm/signup-ui/install.sh rename to deploy/signup-ui/install.sh index 3c2a7ab7..3a387e83 100755 --- a/helm/signup-ui/install.sh +++ b/deploy/signup-ui/install.sh @@ -1,28 +1,25 @@ #!/bin/bash -# Installs oidc-ui helm charts +## Installs signup-ui helm chart ## Usage: ./install.sh [kubeconfig] if [ $# -ge 1 ] ; then export KUBECONFIG=$1 fi -NS=signup -CHART_VERSION=0.0.1-develop +function installing_signup-ui() { + NS=signup + CHART_VERSION=0.0.1-develop -echo Create $NS namespace -kubectl create ns $NS + echo Create $NS namespace + kubectl create ns $NS || true -function installing_signup-ui() { echo Istio label kubectl label ns $NS istio-injection=enabled --overwrite helm repo add mosip https://mosip.github.io/mosip-helm helm repo update - echo Copy configmaps - ./copy_cm.sh - - SIGNUP_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-signup-host}) + SIGNUP_HOST=$(kubectl -n $NS get cm esignet-global -o jsonpath={.data.mosip-signup-host}) echo Installing SIGNUP UI helm -n $NS install signup-ui mosip/signup-ui \ @@ -30,7 +27,7 @@ function installing_signup-ui() { --set signup_ui.configmaps.signup-ui.REACT_APP_SBI_DOMAIN_URI="http://signup.$NS" \ --set signup_ui.configmaps.signup-ui.SIGNUP_UI_PUBLIC_URL=''\ --set istio.hosts\[0\]=$SIGNUP_HOST \ - --version $CHART_VERSION + -f values.yaml --version $CHART_VERSION --wait kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status diff --git a/helm/signup-ui/restart.sh b/deploy/signup-ui/restart.sh similarity index 89% rename from helm/signup-ui/restart.sh rename to deploy/signup-ui/restart.sh index ee2802e4..10cfead9 100755 --- a/helm/signup-ui/restart.sh +++ b/deploy/signup-ui/restart.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Restart the signup-ui services +## Restarts the signup-ui services if [ $# -ge 1 ] ; then @@ -22,4 +22,4 @@ set -o errexit ## set -e : exit the script if any statement returns a non-true set -o nounset ## set -u : exit the script if you try to use an uninitialised variable set -o errtrace # trace ERR through 'time command' and other functions set -o pipefail # trace ERR through pipes -Restarting_signup-ui # calling function \ No newline at end of file +Restarting_signup-ui # calling function diff --git a/deploy/signup-ui/values.yaml b/deploy/signup-ui/values.yaml new file mode 100644 index 00000000..2b5646ec --- /dev/null +++ b/deploy/signup-ui/values.yaml @@ -0,0 +1,49 @@ +## Uncomment required parms added with single '#' when needed. +#image: +# registry: docker.io +# repository: mosipdev/signup-ui +# tag: develop + +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +#extraEnvVars: [] + +## ConfigMap with extra environment variables +## +#extraEnvVarsCM: +# - signup-ui + +## Secret with extra environment variables +## +#extraEnvVarsSecret: [] + +#signup_ui: +# signup_ui_port: '3000' +# signup_service_host: 'signup.signup' +# i18n_url_env: '' +# theme_url_env: '' +# images_url_env: '' +# configmaps: +# signup-ui: +# REACT_APP_API_BASE_URL: 'http://signup.signup/v1/signup' +# REACT_APP_SBI_DOMAIN_URI: 'http://signup.$NS' +# SIGNUP_UI_PUBLIC_URL: '' +# SIGN_IN_WITH_ESIGNET_PLUGIN_URL: '' +## SIGNUP UI swagger should have only internal access. Hence linked to internal gateway +## We create a gateway for esignet specific URL(s) listed under `hosts` +#istio: +# enabled: true +# ingressController: +# name: ingressgateway +# gateways: +# - name: signup-ui-gateway +# protocol: HTTP +# portName: http +# port: 80 +# hosts: +# - signup.sandbox.xyz.net +# prefix: / diff --git a/helm/signup-service/copy_cm.sh b/helm/signup-service/copy_cm.sh deleted file mode 100755 index b1633658..00000000 --- a/helm/signup-service/copy_cm.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# Copy configmaps from other namespaces -# DST_NS: Destination namespace - -function copying_cm() { - COPY_UTIL=./copy_cm_func.sh - DST_NS=signup - - $COPY_UTIL configmap global default $DST_NS - $COPY_UTIL configmap config-server-share config-server $DST_NS - $COPY_UTIL configmap softhsm-signup-share softhsm $DST_NS - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -copying_cm # calling function diff --git a/helm/signup-service/copy_cm_func.sh b/helm/signup-service/copy_cm_func.sh deleted file mode 100755 index 7b225948..00000000 --- a/helm/signup-service/copy_cm_func.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -# Copy configmap and secret from one namespace to another. -# ./copy_cm_func.sh [name] -# Parameters: -# resource: configmap|secret -# name: Optional new name of the configmap or secret in destination namespace. This may be needed if there is -# clash of names - -if [ $1 = "configmap" ] -then - RESOURCE=configmap -elif [ $1 = "secret" ] -then - RESOURCE=secret -else - echo "Incorrect resource $1. Exiting.." - exit 1 -fi - - -if [ $# -ge 5 ] -then - kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5 - kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f - -else - kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2 - kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | kubectl -n $4 create -f - -fi - - - - - diff --git a/helm/signup-service/copy_secrets.sh b/helm/signup-service/copy_secrets.sh deleted file mode 100755 index c96d4735..00000000 --- a/helm/signup-service/copy_secrets.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -# Copy secrets from other namespaces -# DST_NS: Destination namespace -function copying_secrets() { - COPY_UTIL=./copy_cm_func.sh - #DST_NS=signup - $COPY_UTIL secret signup-captcha signup config-server - return 0 -} -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -copying_secrets # calling function diff --git a/helm/signup-service/index.yaml b/helm/signup-service/index.yaml deleted file mode 100644 index d450b81c..00000000 --- a/helm/signup-service/index.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -entries: - common: - - annotations: - category: Infrastructure - apiVersion: v2 - appVersion: 1.17.1 - created: "2023-12-05T10:52:28.791683171+05:30" - description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. - digest: 2a623d42475796af0ff0d18bbfa3b76ead1ccd7efab8280ea079b6a53f5ac627 - home: https://github.com/bitnami/charts/tree/master/bitnami/common - icon: https://bitnami.com/downloads/logos/bitnami-mark.png - keywords: - - common - - helper - - template - - function - - bitnami - maintainers: - - name: Bitnami - url: https://github.com/bitnami/charts - name: common - sources: - - https://github.com/bitnami/charts - - https://www.bitnami.com/ - type: library - urls: - - charts/common-1.17.1.tgz - version: 1.17.1 -generated: "2023-12-05T10:52:28.790727051+05:30" diff --git a/helm/signup-service/install.sh b/helm/signup-service/install.sh deleted file mode 100755 index c70b6e6e..00000000 --- a/helm/signup-service/install.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/bash -# Installs all signup helm charts -## Usage: ./install.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -SOFTHSM_NS=softhsm -SOFTHSM_CHART_VERSION=0.0.1-develop - -echo Create $SOFTHSM_NS namespace -kubectl create ns $SOFTHSM_NS - -NS=signup -CHART_VERSION=0.0.1-develop - -SIGNUP_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-signup-host}) - -echo Create $NS namespace -kubectl create ns $NS - -function installing_signup() { - echo Istio label - kubectl label ns $SOFTHSM_NS istio-injection=enabled --overwrite - helm repo add mosip https://mosip.github.io/mosip-helm - helm repo update - - echo Installing Softhsm for signup - helm -n $SOFTHSM_NS install softhsm-signup mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait - echo Installed Softhsm for signup - - echo Copy configmaps - ./copy_cm_func.sh configmap global default config-server - - echo Copy secrets - ./copy_cm_func.sh secret softhsm-signup softhsm config-server - - kubectl -n config-server set env --keys=mosip-signup-host --from configmap/global deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - kubectl -n config-server set env --keys=security-pin --from secret/softhsm-signup deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_SIGNUP_ - kubectl -n config-server rollout restart deploy config-server - kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status - - ./keycloak-init.sh - - echo Please enter the recaptcha admin site key for domain $SIGNUP_HOST - read SIGNUP_SITE_KEY - echo Please enter the recaptcha admin secret key for domain $SIGNUP_HOST - read SIGNUP_SECRET_KEY - - echo Setting up captcha secrets - kubectl -n $NS create secret generic signup-captcha --from-literal=signup-captcha-site-key=$SIGNUP_SITE_KEY --from-literal=signup-captcha-secret-key=$SIGNUP_SECRET_KEY --dry-run=client -o yaml | kubectl apply -f - - - echo Setting up dummy values for signup misp license key - kubectl create secret generic signup-misp-onboarder-key -n $NS --from-literal=mosip-signup-misp-key='' --dry-run=client -o yaml | kubectl apply -f - - - ./copy_cm_func.sh secret signup-misp-onboarder-key signup config-server - - echo Copy configmaps - ./copy_cm.sh - - echo copy secrets - ./copy_secrets.sh - - SIGNUP_CLIENT_SECRET_KEY='mosip_signup_client_secret' - SIGNUP_CLIENT_SECRET_VALUE=$(kubectl get secret keycloak-client-secrets -n signup -o jsonpath='{.data.mosip_signup_client_secret}') - echo $SIGNUP_CLIENT_SECRET_VALUE - kubectl patch secret keycloak-client-secrets --namespace=config-server --type=json -p='[{"op": "add", "path": "/data/'$SIGNUP_CLIENT_SECRET_KEY'", "value": "'$SIGNUP_CLIENT_SECRET_VALUE'"}]' - - - kubectl -n config-server set env --keys=mosip_signup_client_secret --from secret/keycloak-client-secrets deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - kubectl -n config-server set env --keys=mosip-signup-host --from configmap/global deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - kubectl -n config-server set env --keys=signup-captcha-site-key --from secret/signup-captcha deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - kubectl -n config-server set env --keys=signup-captcha-secret-key --from secret/signup-captcha deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - kubectl -n config-server set env --keys=mosip-signup-misp-key --from secret/signup-misp-onboarder-key deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - - kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status - - echo "Do you have public domain & valid SSL? (Y/n) " - echo "Y: if you have public domain & valid ssl certificate" - echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments." - read -p "" flag - - if [ -z "$flag" ]; then - echo "'flag' was provided; EXITING;" - exit 1; - fi - ENABLE_INSECURE='' - if [ "$flag" = "n" ]; then - ENABLE_INSECURE='--set enable_insecure=true'; - fi - - echo Installing signup - helm -n $NS install signup mosip/signup --version $CHART_VERSION $ENABLE_INSECURE - - kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status - - echo Installed signup - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -installing_signup # calling function diff --git a/helm/signup-service/keycloak-init-values.yaml b/helm/signup-service/keycloak-init-values.yaml deleted file mode 100644 index acfb5d5a..00000000 --- a/helm/signup-service/keycloak-init-values.yaml +++ /dev/null @@ -1,116 +0,0 @@ -keycloak: - realms: - mosip: # realm - roles: - - PARTNER_ADMIN - - PUBLISH_OIDC_CLIENT_CREATED_GENERAL - - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL - - PUBLISH_APIKEY_APPROVED_GENERAL - - PUBLISH_APIKEY_UPDATED_GENERAL - - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_MISP_LICENSE_GENERATED_GENERAL - - PUBLISH_MISP_LICENSE_UPDATED_GENERAL - - PUBLISH_PARTNER_UPDATED_GENERAL - - PUBLISH_POLICY_UPDATED_GENERAL - - ZONAL_ADMIN - - CREATE_SHARE - - DEVICE_PROVIDER - - PARTNER - - PMS_ADMIN - - PMS_USER - - REGISTRATION_PROCESSOR - - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL - client_scopes: - - name: add_oidc_client - description: Scope required to create OIDC client - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: update_oidc_client - description: '' - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: get_certificate - description: Scope required to create OIDC client - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: upload_certificate - description: '' - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: sending_binding_otp - description: Scope required to create OIDC client - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: wallet_binding - description: '' - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - clients: - - name: mosip-pms-client - mappers: [] - saroles: - - PARTNER_ADMIN - - PUBLISH_OIDC_CLIENT_CREATED_GENERAL - - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL - - PUBLISH_APIKEY_APPROVED_GENERAL - - PUBLISH_APIKEY_UPDATED_GENERAL - - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_MISP_LICENSE_GENERATED_GENERAL - - PUBLISH_MISP_LICENSE_UPDATED_GENERAL - - PUBLISH_PARTNER_UPDATED_GENERAL - - PUBLISH_POLICY_UPDATED_GENERAL - - ZONAL_ADMIN - - CREATE_SHARE - - DEVICE_PROVIDER - - PARTNER - - PMS_ADMIN - - PMS_USER - - REGISTRATION_PROCESSOR - assign_client_scopes: - - update_oidc_client - - add_oidc_client - - get_certificate - - upload_certificate - - name: mpartner-default-auth - mappers: [] - saroles: - - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL - assign_client_scopes: - - update_oidc_client - - add_oidc_client - - name: mosip-signup-client - mappers: [] - saroles: - - AUTH - - CREDENTIAL_REQUEST - - ID_REPOSITORY - - REGISTRATION_ADMIN -# clientSecrets: - # - name: mosip_signup_client_secret - # secret: "" \ No newline at end of file diff --git a/helm/signup-service/keycloak-init.sh b/helm/signup-service/keycloak-init.sh deleted file mode 100755 index 0b21d60a..00000000 --- a/helm/signup-service/keycloak-init.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh -# Installs all signup keycloak-init -## Usage: ./keycloak-init.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -NS=signup -CHART_VERSION=0.0.1-develop -COPY_UTIL=./copy_cm_func.sh - -helm repo add mosip https://mosip.github.io/mosip-helm -helm repo update - -echo "checking if PMS & mpartner_default_auth client is created already" -IAMHOST_URL=$(kubectl get cm global -o jsonpath={.data.mosip-iam-external-host}) -PMS_CLIENT_SECRET_KEY='mosip_pms_client_secret' -PMS_CLIENT_SECRET_VALUE=$( kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.$PMS_CLIENT_SECRET_KEY} | base64 -d ) -MPARTNER_DEFAULT_AUTH_SECRET_KEY='mpartner_default_auth_secret' -MPARTNER_DEFAULT_AUTH_SECRET_VALUE=$( kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.$MPARTNER_DEFAULT_AUTH_SECRET_KEY} | base64 -d ) - -NAMESPACE="keycloak" -SECRET_NAME="keycloak-client-secrets" -SIGNUP_CLIENT_SECRET_KEY='mosip_signup_client_secret' - -# Check if the secret key exists -if kubectl -n $NAMESPACE get secret $SECRET_NAME -o jsonpath="{.data.$SIGNUP_CLIENT_SECRET_KEY}" &> /dev/null; then - # If key exists, retrieve the value - SIGNUP_CLIENT_SECRET_VALUE=$(kubectl -n $NAMESPACE get secret $SECRET_NAME -o jsonpath="{.data.$SIGNUP_CLIENT_SECRET_KEY}" | base64 -d) -else - # If key doesn't exist, generate a random value - SIGNUP_CLIENT_SECRET_VALUE=$(openssl rand -base64 32) - # Create or patch the secret with the new key-value pair - kubectl patch secret generic $SECRET_NAME --namespace=$NAMESPACE --from-literal=$SIGNUP_CLIENT_SECRET_KEY="$SIGNUP_CLIENT_SECRET_VALUE" --dry-run=client -o yaml | kubectl apply -f - -fi - -echo "Copying keycloak configmaps and secret" -$COPY_UTIL configmap keycloak-host keycloak $NS -$COPY_UTIL configmap keycloak-env-vars keycloak $NS -$COPY_UTIL secret keycloak keycloak $NS - -echo "creating and adding roles to keycloak pms & mpartner_default_auth clients for SIGNUP" -kubectl -n $NS delete secret --ignore-not-found=true keycloak-client-secrets -helm -n $NS delete signup-keycloak-init -helm -n $NS install signup-keycloak-init mosip/keycloak-init \ --f keycloak-init-values.yaml \ ---set clientSecrets[0].name="$PMS_CLIENT_SECRET_KEY" \ ---set clientSecrets[0].secret="$PMS_CLIENT_SECRET_VALUE" \ ---set clientSecrets[1].name="$MPARTNER_DEFAULT_AUTH_SECRET_KEY" \ ---set clientSecrets[1].secret="$MPARTNER_DEFAULT_AUTH_SECRET_VALUE" \ ---set clientSecrets[2].name="$SIGNUP_CLIENT_SECRET_KEY" \ ---set clientSecrets[2].secret="$SIGNUP_CLIENT_SECRET_VALUE" \ ---version $CHART_VERSION - -MPARTNER_DEFAULT_AUTH_SECRET_VALUE=$( kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.$MPARTNER_DEFAULT_AUTH_SECRET_KEY} ) -PMS_CLIENT_SECRET_VALUE=$( kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.$PMS_CLIENT_SECRET_KEY} ) -SIGNUP_CLIENT_SECRET_VALUE=$( kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.$SIGNUP_CLIENT_SECRET_KEY} ) - -kubectl -n keycloak get secret keycloak-client-secrets -o json | jq ".data[\"$PMS_CLIENT_SECRET_KEY\"]=\"$PMS_CLIENT_SECRET_VALUE\"" | jq ".data[\"$MPARTNER_DEFAULT_AUTH_SECRET_KEY\"]=\"$MPARTNER_DEFAULT_AUTH_SECRET_VALUE\"" | kubectl apply -f - -kubectl -n config-server get secret keycloak-client-secrets -o json | jq ".data[\"$PMS_CLIENT_SECRET_KEY\"]=\"$PMS_CLIENT_SECRET_VALUE\"" | jq ".data[\"$MPARTNER_DEFAULT_AUTH_SECRET_KEY\"]=\"$MPARTNER_DEFAULT_AUTH_SECRET_VALUE\"" | kubectl apply -f - - -echo "Check the existence of the secret & host placeholder & pass the secret & SIGNUP host to config-server deployment if the placeholder does not exist." -SIGNUP_HOST_PLACEHOLDER=$( kubectl -n config-server get deployment -o json | jq -c '.items[].spec.template.spec.containers[].env[]| select(.name == "SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_SIGNUP_HOST")|.name' ) -if [ -z $SIGNUP_HOST_PLACEHOLDER ]; then - kubectl -n config-server set env --keys=mosip-signup-host --from configmap/global deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - echo "Waiting for config-server to be Up and running" - kubectl -n config-server rollout status deploy/config-server -fi -PMS_CLIENT_SECRET_PLACEHOLDER=$( kubectl -n config-server get deployment -o json | jq -c '.items[].spec.template.spec.containers[].env[]| select(.name == "SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_PMS_CLIENT_SECRET")|.name' ) -if [ -z $PMS_CLIENT_SECRET_PLACEHOLDER ]; then - kubectl -n config-server set env --keys=$PMS_CLIENT_SECRET_KEY --from secret/keycloak-client-secrets deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - echo "Waiting for config-server to be Up and running" - kubectl -n config-server rollout status deploy/config-server -fi -MPARTNER_DEFAULT_AUTH_SECRET_PLACEHOLDER=$( kubectl -n config-server get deployment -o json | jq -c '.items[].spec.template.spec.containers[].env[]| select(.name == "SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MPARTNER_DEFAULT_AUTH_SECRET")|.name' ) -if [ -z $MPARTNER_DEFAULT_AUTH_SECRET_PLACEHOLDER ]; then - kubectl -n config-server set env --keys=$MPARTNER_DEFAULT_AUTH_SECRET_KEY --from secret/keycloak-client-secrets deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - echo "Waiting for config-server to be Up and running" - kubectl -n config-server rollout status deploy/config-server -fi diff --git a/helm/signup-service/softhsm-values.yaml b/helm/signup-service/softhsm-values.yaml deleted file mode 100644 index 581bbd13..00000000 --- a/helm/signup-service/softhsm-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -resources: - limits: {} - # cpu: 250m - # memory: 1Gi - requests: - cpu: 100m - memory: 20Mi diff --git a/helm/signup-service/templates/configmap-share.yaml b/helm/signup-service/templates/configmap-share.yaml deleted file mode 100644 index 0ca93178..00000000 --- a/helm/signup-service/templates/configmap-share.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: artifactory - name: artifactory-share - {{- if .Values.commonAnnotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - artifactory_url_env: {{ include "artifactory.baseUrl" . | quote }} - iam_adapter_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.iamAdapter | quote }} - iam_adapter_regproc_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.iamAdapterRegproc | quote }} - iam_adapter_regproc_ext_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.iamAdapterRegprocExt | quote }} - zip_file_path: {{ .Values.artifacts.hsmClientZip | quote }} - cache_provider_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.cacheProvider | quote }} - runtime_dep_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.runtimeDep | quote }} - regproc_jars_env: {{ .Values.artifacts.regprocJars | quote }} - preregistration_i18n_bundle_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.preregistrationBundleUrl | quote }} - virusscanner_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.virusscannerUrl | quote }} - auth_wrapper_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.authwrapperUrl | quote }} - esignet_wrapper_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.esignetauthwrapperUrl | quote }} - diff --git a/helm/signup-service/templates/deployment.yaml b/helm/signup-service/templates/deployment.yaml index b507bbb5..83f73a63 100644 --- a/helm/signup-service/templates/deployment.yaml +++ b/helm/signup-service/templates/deployment.yaml @@ -94,6 +94,14 @@ spec: value: {{ .Values.containerSecurityContext.runAsUser }} - name: JDK_JAVA_OPTIONS value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.pluginUrlEnv }} + - name: plugin_url_env + value: {{ .Values.pluginUrlEnv }} + {{- end }} + {{- if .Values.pluginNameEnv }} + - name: plugin_name_env + value: {{ .Values.pluginNameEnv }} + {{- end }} {{- if .Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} @@ -156,4 +164,4 @@ spec: secret: secretName: {{ $secretName }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/helm/signup-service/values.yaml b/helm/signup-service/values.yaml index 43e8ed4a..42e6bd61 100644 --- a/helm/signup-service/values.yaml +++ b/helm/signup-service/values.yaml @@ -52,8 +52,8 @@ service: image: registry: docker.io - repository: mosipqa/signup-service - tag: release-1.x.x + repository: mosipdev/signup-service + tag: develop ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -67,7 +67,7 @@ image: # - myRegistryKeySecretName ## Port on which this particular spring service module is running. -springServicePort: 8088 +springServicePort: 8089 ## Configure extra options for liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes @@ -76,7 +76,7 @@ startupProbe: enabled: true httpGet: path: /v1/signup/actuator/health - port: 8088 + port: 8089 initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 5 @@ -87,7 +87,7 @@ livenessProbe: enabled: true httpGet: path: /v1/signup/actuator/health - port: 8088 + port: 8089 initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 @@ -98,7 +98,7 @@ readinessProbe: enabled: true httpGet: path: /v1/signup/actuator/health - port: 8088 + port: 8089 initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 5 @@ -240,19 +240,60 @@ updateStrategy: ## - name: FOO ## value: "bar" ## -extraEnvVars: [] +extraEnvVars: | + - name: MOSIP_ESIGNET_HOST + valueFrom: + configMapKeyRef: + name: esignet-global + key: mosip-esignet-host + - name: MOSIP_SIGNUP_HOST + valueFrom: + configMapKeyRef: + name: esignet-global + key: mosip-signup-host + - name: KEYCLOAK_EXTERNAL_URL + valueFrom: + configMapKeyRef: + name: keycloak-host + key: keycloak-external-url + - name: MOSIP_SIGNUP_CAPTCHA_SITE_KEY + valueFrom: + secretKeyRef: + name: signup-captcha + key: signup-captcha-site-key + - name: MOSIP_SIGNUP_OIDC_KEYSTORE_PWD + valueFrom: + secretKeyRef: + name: signup-keystore-password + key: signup-keystore-password + - name: REDIS_HOST + valueFrom: + configMapKeyRef: + name: redis-config + key: redis-host + - name: REDIS_PORT + valueFrom: + configMapKeyRef: + name: redis-config + key: redis-port + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis + key: redis-password + - name: MOSIP_SIGNUP_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: keycloak-client-secrets + key: mosip_signup_client_secret ## ConfigMap with extra environment variables that used ## -extraEnvVarsCM: - - global - - config-server-share - - artifactory-share - - softhsm-signup-share +extraEnvVarsCM: [] ## Secret with extra environment variables ## -extraEnvVarsSecret: +extraEnvVarsSecret: [] ## Extra volumes to add to the deployment ## @@ -445,20 +486,6 @@ metrics: rules: [] ## There are various jars and libs in artifactory. Listing their locations here. The locations are vis-a-vis ## /usr/share/nginx/html/artifactory path in artifactory docker -artifacts: - iamAdapter: /artifactory/libs-release-local/io/mosip/kernel/kernel-auth-adapter-lite.jar - iamAdapterRegproc: /artifactory/libs-release-local/io/mosip/kernel/kernel-auth-adapter.jar - iamAdapterRegprocExt: /artifactory/libs-release-local/io/mosip/kernel/kernel-auth-adapter.jar - hsmClientZip: /artifactory/libs-release-local/hsm/client.zip - cacheProvider: /artifactory/libs-release-local/cache/cache-provider.jar - runtimeDep: /artifactory/libs-release-local/io/mosip/kernel/ - regprocJars: /artifactory/libs-release-local/clamav/kernel-virusscanner-clamav.jar - runtimeDepUrl: /artifactory/libs-release-local/io/mosip/kernel/ - preregistrationBundleUrl: /artifactory/libs-release-local/i18n/pre-registration-i18n-bundle.zip - virusscannerUrl: /artifactory/libs-release-local/clamav/kernel-virusscanner-clamav.jar - authwrapperUrl: /artifactory/libs-release-local/idp/idp-auth-wrapper/authentication-wrapper.jar - esignetauthwrapperUrl: /artifactory/libs-release-local/esignet/esignet-wrapper.zip - signup: ## Only internal access istio: @@ -472,6 +499,8 @@ enable_insecure: false volumes: secrets: - signupoidc: + signup-keystore: key: oidckeystore.p12 path: /home/mosip/keys +pluginNameEnv: esignet-mock-plugin.jar +pluginUrlEnv: diff --git a/helm/signup-ui/copy_cm.sh b/helm/signup-ui/copy_cm.sh deleted file mode 100755 index ac43caac..00000000 --- a/helm/signup-ui/copy_cm.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# Copy configmaps from other namespaces -# DST_NS: Destination namespace - -function copying_cm() { - COPY_UTIL=./copy_cm_func.sh - DST_NS=signup - - $COPY_UTIL configmap global default $DST_NS - $COPY_UTIL configmap artifactory-share artifactory $DST_NS - $COPY_UTIL configmap config-server-share config-server $DST_NS - $COPY_UTIL configmap softhsm-esignet-share softhsm $DST_NS - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -copying_cm # calling function diff --git a/helm/signup-ui/copy_cm_func.sh b/helm/signup-ui/copy_cm_func.sh deleted file mode 100755 index 7b225948..00000000 --- a/helm/signup-ui/copy_cm_func.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -# Copy configmap and secret from one namespace to another. -# ./copy_cm_func.sh [name] -# Parameters: -# resource: configmap|secret -# name: Optional new name of the configmap or secret in destination namespace. This may be needed if there is -# clash of names - -if [ $1 = "configmap" ] -then - RESOURCE=configmap -elif [ $1 = "secret" ] -then - RESOURCE=secret -else - echo "Incorrect resource $1. Exiting.." - exit 1 -fi - - -if [ $# -ge 5 ] -then - kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5 - kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f - -else - kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2 - kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | kubectl -n $4 create -f - -fi - - - - - diff --git a/helm/signup-ui/templates/deployment.yaml b/helm/signup-ui/templates/deployment.yaml index a52791e8..f5346808 100644 --- a/helm/signup-ui/templates/deployment.yaml +++ b/helm/signup-ui/templates/deployment.yaml @@ -93,6 +93,18 @@ spec: value: {{ .Values.container_user }} - name: JDK_JAVA_OPTIONS value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.signup_ui.i18n_url_env }} + - name: i18n_url_env + value: {{ .Values.signup_ui.i18n_url_env }} + {{- end }} + {{- if .Values.signup_ui.theme_url_env }} + - name: theme_url_env + value: {{ .Values.signup_ui.theme_url_env }} + {{- end }} + {{- if .Values.signup_ui.images_url_env }} + - name: images_url_env + value: {{ .Values.signup_ui.images_url_env }} + {{- end }} {{- if .Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} @@ -141,4 +153,4 @@ spec: name: {{ template "common.names.fullname" . }}-nginx-cm items: - key: nginx.conf - path: nginx.conf \ No newline at end of file + path: nginx.conf diff --git a/helm/signup-ui/values.yaml b/helm/signup-ui/values.yaml index 1a24e041..98acc2bc 100755 --- a/helm/signup-ui/values.yaml +++ b/helm/signup-ui/values.yaml @@ -51,8 +51,8 @@ service: image: registry: docker.io - repository: mosipqa/signup-ui - tag: release-1.x.x + repository: mosipdev/signup-ui + tag: develop ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -245,15 +245,11 @@ extraEnvVars: [] ## ConfigMap with extra environment variables ## extraEnvVarsCM: - - global - - config-server-share - - artifactory-share - - softhsm-signup-share - signup-ui ## Secret with extra environment variables ## -extraEnvVarsSecret: +extraEnvVarsSecret: [] ## Extra volumes to add to the deployment ## @@ -420,12 +416,15 @@ metrics: signup_ui: signup_ui_port: '3000' signup_service_host: 'signup.signup' + i18n_url_env: '' + theme_url_env: '' + images_url_env: '' configmaps: signup-ui: REACT_APP_API_BASE_URL: 'http://signup.signup/v1/signup' REACT_APP_SBI_DOMAIN_URI: 'http://signup.$NS' SIGNUP_UI_PUBLIC_URL: '' - SIGN_IN_WITH_ESIGNET_PLUGIN_URL: 'http://artifactory.artifactory:80/artifactory/libs-release-local/mosip-plugins/sign-in-with-esignet.zip' + SIGN_IN_WITH_ESIGNET_PLUGIN_URL: '' ## SIGNUP UI swagger should have only internal access. Hence linked to internal gateway ## We create a gateway for esignet specific URL(s) listed under `hosts` diff --git a/helm/softhsm-values.yaml b/helm/softhsm-values.yaml deleted file mode 100644 index 581bbd13..00000000 --- a/helm/softhsm-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -resources: - limits: {} - # cpu: 250m - # memory: 1Gi - requests: - cpu: 100m - memory: 20Mi diff --git a/partner-onboarder/README.md b/partner-onboarder/README.md index f757cd40..7e627aec 100644 --- a/partner-onboarder/README.md +++ b/partner-onboarder/README.md @@ -1,7 +1,7 @@ # Partner Onboarder ## Overview -* Upload certificate for default partners. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding). +Creates and onboards eSignet signup OIDC client. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding). ## Install * Set `values.yaml` to run onboarder for specific modules. @@ -10,24 +10,13 @@ ./install.sh ``` # Troubleshootings - -* After completion of the job, a very detailed `html report` is prepared and stored in minio as part of onboarding bucket. - -* The user can go and view the same for more information or response messages. +* Once onboarder job is completed, detailed `html report` is prepared and stored at provided S3 bucket / NFS directory. +* Once onboarder helm installation is complted, please check the reports to confirm sucessfull onboarding. ### Commonly found issues - - 1. KER-ATH-401: Authentication Failed - +1. KER-ATH-401: Authentication Failed Resolution: You need to provide correct secretkey for mosip-deployment-client. - - 2. Certificate dates are not valid - +1. Certificate dates are not valid Resolution: Check with admin regarding adding grace period in configuration. - - 3. Upload of certificate will not be allowed to update other domain certificate - - Resolution: This is expected when you try to upload `ida-cred` certificate twice. It should only run once and if you see this error while uploading a second time it can be ignored as the cert is already present. - - - +1. Upload of certificate will not be allowed to update other domain certificate + Resolution: This is expected when you try to upload `ida-cred` certificate twice. It should only run once and if you see this error while uploading a second time it can be ignored as the cert is already present. diff --git a/partner-onboarder/copy_cm.sh b/partner-onboarder/copy_cm.sh deleted file mode 100755 index d73bffcb..00000000 --- a/partner-onboarder/copy_cm.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -# Copy configmaps from other namespaces -# DST_NS: Destination namespace - -COPY_UTIL=./copy_cm_func.sh -DST_NS=signup - -$COPY_UTIL configmap global default $DST_NS -$COPY_UTIL configmap keycloak-env-vars keycloak $DST_NS -$COPY_UTIL configmap keycloak-host keycloak $DST_NS diff --git a/partner-onboarder/copy_cm_func.sh b/partner-onboarder/copy_cm_func.sh deleted file mode 100755 index 7b225948..00000000 --- a/partner-onboarder/copy_cm_func.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -# Copy configmap and secret from one namespace to another. -# ./copy_cm_func.sh [name] -# Parameters: -# resource: configmap|secret -# name: Optional new name of the configmap or secret in destination namespace. This may be needed if there is -# clash of names - -if [ $1 = "configmap" ] -then - RESOURCE=configmap -elif [ $1 = "secret" ] -then - RESOURCE=secret -else - echo "Incorrect resource $1. Exiting.." - exit 1 -fi - - -if [ $# -ge 5 ] -then - kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5 - kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f - -else - kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2 - kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | kubectl -n $4 create -f - -fi - - - - - diff --git a/partner-onboarder/copy_secrets.sh b/partner-onboarder/copy_secrets.sh deleted file mode 100755 index 137c1e7b..00000000 --- a/partner-onboarder/copy_secrets.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -# Copy secrets from other namespaces -# DST_NS: Destination namespace - -COPY_UTIL=./copy_cm_func.sh -DST_NS=signup - -$COPY_UTIL secret s3 s3 $DST_NS -$COPY_UTIL secret keycloak keycloak $DST_NS -$COPY_UTIL secret keycloak-client-secrets keycloak $DST_NS diff --git a/partner-onboarder/delete.sh b/partner-onboarder/delete.sh index 10aee991..00793f34 100755 --- a/partner-onboarder/delete.sh +++ b/partner-onboarder/delete.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Uninstalls partner-onboarder helm +# Uninstalls Signup OIDC client onboarder helm ## Usage: ./delete.sh [kubeconfig] if [ $# -ge 1 ] ; then @@ -10,8 +10,8 @@ function deleting_onboarder() { NS=signup while true; do read -p "Are you sure you want to delete all partner-onboarder ?(Y/n) " yn - if [ $yn = "Y" ]; then - echo Deleting signup-partner-onboarder helm + if [[ $yn = "Y" ]] || [[ $yn = "y" ]]; then + echo Deleting signup-oidc-onboarder helm helm -n $NS delete signup-partner-onboarder break fi diff --git a/partner-onboarder/install.sh b/partner-onboarder/install.sh index 68a38f13..960d69e5 100755 --- a/partner-onboarder/install.sh +++ b/partner-onboarder/install.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Onboards default partners +# Installs signup OIDC client onboarder helm ## Usage: ./install.sh [kubeconfig] if [ $# -ge 1 ] ; then @@ -8,11 +8,11 @@ fi echo "Do you have public domain & valid SSL? (Y/n) " echo "Y: if you have public domain & valid ssl certificate" -echo "n: if you don't have a public domain and a valid SSL certificate. It will add an ssl certificate in onboarder docker. Only recommended to use in local development environments" +echo "n: if you don't have public domain & valid ssl certificate" read -p "" flag if [ -z "$flag" ]; then - echo "'flag' was provided; EXITING;" + echo "'flag' was not provided; EXITING;" exit 1; fi ENABLE_INSECURE='' @@ -24,81 +24,104 @@ NS=signup CHART_VERSION=0.0.1-develop echo Create $NS namespace -kubectl create ns $NS +kubectl create ns $NS || true function installing_onboarder() { - read -p "Is values.yaml for onboarder chart set correctly as part of Pre-requisites?(Y/n) " yn; - if [ $yn = "Y" ]; then - echo Istio label + read -p "Is values.yaml for onboarder chart set correctly as part of pre-requisites? (Y/n) : " yn; + if [[ $yn = "Y" ]] || [[ $yn = "y" ]] ; then + NFS_OPTION='' + S3_OPTION='' + config_complete=false # flag to check if S3 or NFS is configured + while [ "$config_complete" = false ]; do + read -p "Do you have S3 details for storing Onboarder reports? (Y/n) : " ans + if [[ "$ans" == "y" || "$ans" == "Y" ]]; then + read -p "Please provide S3 host: " s3_host + if [[ -z $s3_host ]]; then + echo "S3 host not provided; EXITING;" + exit 1; + fi + read -p "Please provide S3 region: " s3_region + if [[ $s3_region == *[' !@#$%^&*()+']* ]]; then + echo "S3 region should not contain spaces or special characters; EXITING;" + exit 1; + fi + read -p "Please provide S3 bucket: " s3_bucket + if [[ $s3_bucket == *[' !@#$%^&*()+']* ]]; then + echo "S3 bucket should not contain spaces or special characters; EXITING;" + exit 1; + fi + read -p "Please provide S3 access key: " s3_user_key + if [[ -z $s3_user_key ]]; then + echo "S3 access key not provided; EXITING;" + exit 1; + fi + read -p "Please provide S3 secret key: " s3_secret_key + if [[ -z $s3_secret_key ]]; then + echo "S3 secret key not provided; EXITING;" + exit 1; + fi + S3_OPTION="--set onboarding.configmaps.s3.s3-host=$s3_host --set onboarding.configmaps.s3.s3-user-key=$s3_user_key --set onboarding.configmaps.s3.s3-region=$s3_region --set onboarding.configmaps.s3.s3-bucket-name=$s3_bucket --set onboarding.secrets.s3.s3-user-secret=$s3_secret_key" + push_reports_to_s3=true + config_complete=true + elif [[ "$ans" == "n" || "$ans" == "N" ]]; then + push_reports_to_s3=false + read -p "Since S3 details are not available, do you want to use NFS directory mount for storing reports? (y/n) : " answer + if [[ $answer == "Y" ]] || [[ $answer == "y" ]]; then + read -p "Please provide NFS Server IP: " nfs_server + if [[ -z $nfs_server ]]; then + echo "NFS server not provided; EXITING." + exit 1; + fi + read -p "Please provide NFS directory to store reports from NFS server (e.g. /srv/nfs/mosip/onboarder/): " nfs_path + if [[ -z $nfs_path ]]; then + echo "NFS Path not provided; EXITING." + exit 1; + fi + NFS_OPTION="--set onboarding.volumes.reports.nfs.server=$nfs_server --set onboarding.volumes.reports.nfs.path=$nfs_path" + config_complete=true + else + echo "Please rerun the script with either S3 or NFS server details." + exit 1; + fi + else + echo "Invalid input. Please respond with Y (yes) or N (no)." + fi + done + + echo "Istio label" kubectl label ns $NS istio-injection=disabled --overwrite helm repo update - echo Copy configmaps - kubectl -n $NS --ignore-not-found=true delete cm s3 - kubectl -n $NS --ignore-not-found=true delete cm onboarder-namespace - sed -i 's/\r$//' copy_cm.sh - ./copy_cm.sh + echo "Copy configmaps" + COPY_UTIL=../deploy/copy_cm_func.sh + $COPY_UTIL configmap keycloak-env-vars keycloak $NS + $COPY_UTIL configmap keycloak-host keycloak $NS - echo Copy secrets - sed -i 's/\r$//' copy_secrets.sh - ./copy_secrets.sh + $COPY_UTIL secret keycloak keycloak $NS + $COPY_UTIL secret keycloak-client-secrets keycloak $NS - read -p "Provide onboarder bucket name : " s3_bucket - if [[ -z $s3_bucket ]]; then - echo "s3_bucket not provided; EXITING;"; - exit 1; - fi - if [[ $s3_bucket == *[' !@#$%^&*()+']* ]]; then - echo "s3_bucket should not contain spaces / any special character; EXITING"; - exit 1; - fi - read -p "Provide onboarder s3 bucket region : " s3_region - if [[ $s3_region == *[' !@#$%^&*()+']* ]]; then - echo "s3_region should not contain spaces / any special character; EXITING"; - exit 1; - fi - - read -p "Provide S3 URL : " s3_url - if [[ -z $s3_url ]]; then - echo "s3_url not provided; EXITING;" - exit 1; - fi - - s3_user_key=$( kubectl -n s3 get cm s3 -o json | jq -r '.data."s3-user-key"' ) - - echo Onboarding default partners + echo "Onboarding Esignet Signup OIDC client" helm -n $NS install signup-partner-onboarder mosip/partner-onboarder \ - --set image.repository=mosipdev/partner-onboarder \ - --set image.tag=develop \ - --set onboarding.configmaps.s3.s3-host="$s3_url" \ - --set onboarding.configmaps.s3.s3-user-key="$s3_user_key" \ - --set onboarding.configmaps.s3.s3-region="$s3_region" \ - --set onboarding.configmaps.s3.s3-bucket-name="$s3_bucket" \ - $ENABLE_INSECURE \ - -f values.yaml \ - --version $CHART_VERSION \ - --wait --wait-for-jobs - - echo Updating signup-keystore-password value - kubectl -n $NS create secret generic signup-keystore-password --from-literal=signup-keystore-password='mosip123' --dry-run=client -o yaml | kubectl apply -f - - ./copy_cm_func.sh secret signup-keystore-password signup config-server - - echo Updating signup keystore-password - kubectl -n config-server set env --keys=signup-keystore-password --from secret/signup-keystore-password deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - - kubectl -n config-server rollout restart deployment config-server - kubectl -n config-server rollout status deployment config-server - - echo Reports are moved to S3 under onboarder bucket + $NFS_OPTION \ + $S3_OPTION \ + --set onboarding.variables.push_reports_to_s3=$push_reports_to_s3 \ + --set extraEnvVarsCM[0]=esignet-global \ + --set extraEnvVarsCM[1]=keycloak-env-vars \ + --set extraEnvVarsCM[2]=keycloak-host \ + $ENABLE_INSECURE \ + -f values.yaml \ + --version $CHART_VERSION \ + --wait --wait-for-jobs + echo "Partner onboarded successfully and reports are moved to S3 or NFS" return 0 fi } # set commands for error handling. set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errexit # exit the script if any statement returns a non-true return value +set -o nounset # exit the script if you try to use an uninitialised variable set -o errtrace # trace ERR through 'time command' and other functions set -o pipefail # trace ERR through pipes installing_onboarder # calling function diff --git a/partner-onboarder/values.yaml b/partner-onboarder/values.yaml index fbf1ff69..a777ab8b 100644 --- a/partner-onboarder/values.yaml +++ b/partner-onboarder/values.yaml @@ -1,26 +1,37 @@ +image: + registry: docker.io + repository: mosipdev/partner-onboarder + tag: MOSIP-35987 + onboarding: modules: - - name: ida - enabled: false - - name: print - enabled: false - - name: abis - enabled: false - - name: resident - enabled: false - - name: mobileid - enabled: false - - name: digitalcard - enabled: false - - name: esignet - enabled: false - - name: resident-oidc - enabled: false - - name: demo-oidc - enabled: false - - name: mimoto-keybinding - enabled: false - - name: mimoto-oidc - enabled: false - name: signup-oidc enabled: true + +# configmaps: +# s3: +# s3-host: 'http://minio.minio:9000' +# s3-user-key: 'admin' +# s3-region: '' +# onboarder-namespace: +# ns_mimoto: mimoto +# ns_esignet: esignet +# ns_signup: signup +# secrets: +# s3: +# s3-user-secret: 'password' +# volumes: +# reports: +# name: onboarder-reports +# storageClass: nfs-client +# accessModes: +# - ReadWriteMany +# size: 10Mi +# existingClaim: +# # Dir where config and keys are written inside container +# mountDir: /home/mosip/reports +# nfs: +# path: "/srv/nfs/sandbox/onboarding" # Dir within the nfs server where config repo is cloned/maintained locally. +# server: "nfs-server" # Ip address of nfs server. +# variables: +# push_reports_to_s3: true