[MOSIP-34233]

.github/workflows/chart-lint-publish.yml

@@ -0,0 +1,62 @@
+name: Validate / Publish helm charts
+
+on:
+  release:
+    types: [published]
+  pull_request:
+    types: [opened, reopened, synchronize]
+    paths:
+      - 'helm/**'
+  workflow_dispatch:
+    inputs:
+      IGNORE_CHARTS:
+        description: 'Provide list of charts to be ignored separated by pipe(|)'
+        required: false
+        default: '""'
+        type: string
+      CHART_PUBLISH:
+        description: 'Chart publishing to gh-pages branch'
+        required: false
+        default: 'NO'
+        type: string
+        options:
+          - YES
+          - NO
+      INCLUDE_ALL_CHARTS:
+        description: 'Include all charts for Linting/Publishing (YES/NO)'
+        required: false
+        default: 'NO'
+        type: string
+        options:
+          - YES
+          - NO
+  push:
+    branches:
+      - '!release-branch'
+      - '!master'
+      - 1.*
+      - 0.*
+      - develop
+      - release*
+    paths:
+      - 'helm/**'
+
+jobs:
+  chart-lint-publish:
+    uses: mosip/kattu/.github/workflows/chart-lint-publish.yml@master
+    with:
+      CHARTS_DIR: ./helm
+      CHARTS_URL: https://mosip.github.io/mosip-helm
+      REPOSITORY: mosip-helm
+      BRANCH: gh-pages
+      INCLUDE_ALL_CHARTS: "${{ inputs.INCLUDE_ALL_CHARTS || 'NO' }}"
+      IGNORE_CHARTS: "${{ inputs.IGNORE_CHARTS || '\"\"' }}"
+      CHART_PUBLISH: "${{ inputs.CHART_PUBLISH || 'YES' }}"
+      LINTING_CHART_SCHEMA_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/chart-schema.yaml"
+      LINTING_LINTCONF_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/lintconf.yaml"
+      LINTING_CHART_TESTING_CONFIG_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/chart-testing-config.yaml"
+      LINTING_HEALTH_CHECK_SCHEMA_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/health-check-schema.yaml"
+      DEPENDENCIES: "mosip,https://mosip.github.io/mosip-helm;"
+    secrets:
+      TOKEN: ${{ secrets.ACTION_PAT }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

deploy/README.md

@@ -0,0 +1,41 @@
+# Pre-Registration Module
+
+## Install
+
+* Make sure your prereg UI domain name is set in [global configmap](../../cluster/global_configmap.yaml.sample)
+* Make sure this domain points to the public load balancer as PreReg UI is exposed to public.
+* Install
+  ```sh
+  ./install.sh
+  ```
+
+## Uninstall
+
+```sh
+./delete.sh
+```
+
+## Test
+On a browser open  `https://<prereg ui domain>/pre-registration-ui/`. Example `https://prereg.sandbox.xyz.net/pre-registration-ui`.  Follow the instructions.  You may use [sample documents](samples/) to upload during pre-registration. 
+
+## Rate Control Using Envoyfilter
+
+- Using Envoyfilter one can limit the rate of http requests coming in to a resource. Reference: [Istio Policty Enforcement](https://istio.io/latest/docs/tasks/policy-enforcement/rate-limit/#local-rate-limit) and [Rate Limit Filter](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter).
+- Edit the envoyfilter [here](./rate-control-envoyfilter.yaml)
+  - Edit these values in the envoyfilter accordingly.
+    ```
+    token_bucket:
+      max_tokens: <preferred same as tokens_per_fill>
+      tokens_per_fill: <no of reqeust allowed in "fill_internal" ammount of time>
+      fill_interval: <minimum_50ms>
+    ```
+  - Edit the workload selector label properly, like;
+    ```
+    workloadSelector:
+      labels:
+        app.kubernetes.io/instance: <prereg-ui or prereg-application, etc>
+    ```
+- Apply the envoyfilter in the prereg namespace.
+  ```
+  kubectl apply -n prereg -f rate-control-envoyfilter.yaml
+  ```

deploy/copy_cm.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+# Copy configmaps from other namespaces
+# DST_NS: Destination namespace
+
+function copying_cm() {
+  UTIL_URL=https://github.com/mosip/mosip-infra/blob/master/deployment/v3/utils/copy_cm_func.sh
+  COPY_UTIL=./copy_cm_func.sh
+  DST_NS=prereg
+
+  wget -q $UTIL_URL -O copy_cm_func.sh && chmod +x copy_cm_func.sh
+
+  $COPY_UTIL configmap global default $DST_NS
+  $COPY_UTIL configmap artifactory-share artifactory $DST_NS
+  $COPY_UTIL configmap config-server-share config-server $DST_NS
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+copying_cm   # calling function

deploy/delete.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# Uninstalls all prereg helm charts
+
+function deleting_prereg() {
+  while true; do
+      read -p "Are you sure you want to delete all prereg helm charts?(Y/n) " yn
+      if [ $yn = "Y" ]
+        then
+          kubectl -n prereg delete -f rate-control-envoyfilter.yaml
+          helm -n prereg delete prereg-gateway
+          helm -n prereg delete prereg-captcha
+          helm -n prereg delete prereg-application
+          helm -n prereg delete prereg-batchjob
+          helm -n prereg delete prereg-booking
+          helm -n prereg delete prereg-datasync
+          break
+        else
+          break
+      fi
+  done
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+deleting_prereg   # calling function

deploy/get_logs.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+# pod name
+kubectl -n prereg logs -f $1 | grep -v "/preregistration/v1/actuator/health" | grep -v "/preregistration/v1/actuator/prometheus"

deploy/install.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+# Installs all prereg helm charts
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=prereg
+CHART_VERSION=12.0.1-develop
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+function installing_prereg() {
+  echo Istio label
+  ## TODO: Istio proxy disabled for now as prereui does not come up if
+  ## envoy filter container gets installed after prereg container.
+  kubectl label ns $NS istio-injection=disabled --overwrite
+  helm repo update
+
+  echo Copy configmaps
+  sed -i 's/\r$//' copy_cm.sh
+  ./copy_cm.sh
+
+  API_HOST=`kubectl get cm global -o jsonpath={.data.mosip-api-host}`
+  PREREG_HOST=`kubectl get cm global -o jsonpath={.data.mosip-prereg-host}`
+
+  echo Install prereg-gateway
+  helm -n $NS install prereg-gateway mosip/prereg-gateway --set istio.hosts[0]=$PREREG_HOST --version $CHART_VERSION
+
+  echo Installing prereg-captcha
+  helm -n $NS install prereg-captcha mosip/prereg-captcha --version $CHART_VERSION
+
+  echo Installing prereg-application
+  helm -n $NS install prereg-application mosip/prereg-application --version $CHART_VERSION
+
+  echo Installing prereg-booking
+  helm -n $NS install prereg-booking mosip/prereg-booking --version $CHART_VERSION
+
+  echo Installing prereg-datasync
+  helm -n $NS install prereg-datasync mosip/prereg-datasync --version $CHART_VERSION
+
+  echo Installing prereg-batchjob
+  helm -n $NS install prereg-batchjob mosip/prereg-batchjob --version $CHART_VERSION
+
+  echo Installing prereg-ui
+  helm -n $NS install prereg-ui mosip/prereg-ui --set prereg.apiHost=$PREREG_HOST --version $CHART_VERSION
+
+  echo Installing prereg rate-control Envoyfilter
+  kubectl apply -n $NS -f rate-control-envoyfilter.yaml
+
+  kubectl -n $NS  get deploy -o name |  xargs -n1 -t  kubectl -n $NS rollout status
+
+  echo Installed prereg services
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+installing_prereg   # calling function

deploy/rate-control-envoyfilter.yaml

@@ -0,0 +1,44 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: local-rate-limit
+spec:
+  workloadSelector:
+    labels:
+      app.kubernetes.io/instance: prereg-ui
+  configPatches:
+    - applyTo: HTTP_FILTER
+      match:
+        context: SIDECAR_INBOUND
+        listener:
+          filterChain:
+            filter:
+              name: "envoy.filters.network.http_connection_manager"
+      patch:
+        operation: INSERT_BEFORE
+        value:
+          name: envoy.filters.http.local_ratelimit
+          typed_config:
+            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
+            type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
+            value:
+              stat_prefix: http_local_rate_limiter
+              token_bucket:
+                max_tokens: 100
+                tokens_per_fill: 100
+                fill_interval: 50ms
+              filter_enabled:
+                runtime_key: local_rate_limit_enabled
+                default_value:
+                  numerator: 100
+                  denominator: HUNDRED
+              filter_enforced:
+                runtime_key: local_rate_limit_enforced
+                default_value:
+                  numerator: 100
+                  denominator: HUNDRED
+              response_headers_to_add:
+                - append: false
+                  header:
+                    key: x-local-rate-limit
+                    value: 'true'

deploy/restart.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+# Restart the prereg services
+## Usage: ./restart.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+
+function Restarting_prereg() {
+  NS=prereg
+  kubectl -n $NS rollout restart deploy
+
+  kubectl -n $NS  get deploy -o name |  xargs -n1 -t  kubectl -n $NS rollout status
+
+  echo Restarted prereg services
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+Restarting_prereg   # calling function

helm/prereg-application/.gitignore

@@ -0,0 +1,2 @@
+charts/
+Charts.lock

helm/prereg-application/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

helm/prereg-application/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+name: prereg-application
+description: A Helm chart for MOSIP Pre-registration Application service
+type: application
+version: 12.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - prereg-application
+  - kernel
+maintainers:
+  - email: [email protected]
+    name: MOSIP

helm/prereg-application/README.md

@@ -0,0 +1,11 @@
+# PreReg Application
+
+Helm chart for installing Pre-Registration Application service.
+
+## Install
+```console
+$ kubectl create namespace prereg
+$ helm repo add mosip https://mosip.github.io
+$ helm -n prereg install my-release mosip/prereg-application
+```
+

helm/prereg-application/templates/NOTES.txt

@@ -0,0 +1 @@
+