It's important to prepare a global deployment configuration yaml file that contains all necessary user-specific custom values like URL, gateways, persistent storage ids, DB details etc.
Post-Kubernetes Cluster setup, the deployment has got 2 stages. As part of this sample exercise, we can deploy PGR and show what are the various configurations required, however deployment steps are similar for all other modules too, just that the prerequisites differ depending on the feature like SMS Gateway, Payment Gateway, etc
Steps To Prepare Deployment Configuration File
Navigate to the following file in your local machine from the previously cloned DevOps git repository.
cluster-configs:
secrets:
db: // Create postgres db user and mention the details
username: demo
password: demo
flywayUsername: demo #same as above
flywayPassword: demo #same as above
egov-notification-sms: // sms provider details
username: demo
password: demo
egov-filestore: // AWS S3 access IAM details.
aws-key: aswedfghew
aws-secret-key: xdefghgdxc
egov-location: // Location service add your gmap key
gmapskey: AIzaSyAQOd09-sdfegv
egov-pg-service: // Payment Gateway add your bank gateway provider details
axis-merchant-id: demo
axis-merchant-secret-key: demo
axis-merchant-user: demo
axis-merchant-pwd: demo
axis-merchant-access-code: demo
payu-merchant-key: demo
payu-merchant-salt: demo
pgadmin: // To work pgadmin service add details
admin-email: demo@demo.com
admin-password: demo
read-email: demo@demo.com
read-password: demo
egov-enc-service: // To work egov-enc service add the details
master-password: demo
master-salt: q7.fr.cr
master-initialvector: 9J&asfgrU-H2
egov-notification-mail: // To work mail notification service add respective mail details
mailsenderusername: demo@demo
mailsenderpassword: demo
git-sync: // To clone the config and mdms repos, Create github user and add your ssh private key below. This private should have access to config and mdms repo.
ssh: |
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAxN3yoWfXEl7227hAXUTpeN5SiGUe22sIlGSYk3fx2Zl1xW0t
B5Y/Rn0yCQEtQ <add your ssh key this is just a placeholder >
FwiaDbuwQ+eA1RJ4Lxm9sGFuM1T
-----END RSA PRIVATE KEY-----
known-hosts: github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
kibana: // Add Kibana details
namespace: es-cluster
credentials: demo
egov-si-microservice: // Add finance service details
si-microservice-user: demo
si-microservice-password: demo
mail-sender-password: demo
egov-edcr-notification: // Add edcr service details
edcr-mail-username: demo@demo.com
edcr-mail-password: demo
edcr-sms-username: demo
edcr-sms-password: demo
chatbot: // Add chatbot details
valuefirst-username: demo
valuefirst-password: demo
egov-user-chatbot: // Add user chatbot details
citizen-login-password-otp-fixed-value: "546941"
oauth2-proxy: // To work oauth2-proxy service, create and add your github OAuth Apps details
clientID: qwgethjymnbv
clientSecret: 3a08079easd9d8055470475696fd3baad5292
cookieSecret: QVbnq0L8npoyfxZs96wtBg==
Step 1: Clone the following DIGIT-DevOps repo (If not already done as part of Infra setup), you may need to install git and then run git clone it to your machine.
Step 2: After cloning the repo CD into the folder DIGIT-DevOps and type the "code ." command that will open the visual editor and opens all the files from the repo DIGIT-DevOps
root@ip:/# cd DIGIT-DevOps
root@ip:DIGIT-DevOps# code
Step 3: Update the deployment config file with your details, you can use the following template egov-demo-sample.
Here you need to replace the following as per your values
Important: Add your domain name here, which you want to use for accessing DIGIT. ( Do not use the dummy domain )
Important: As per your cloud provider uncomment the related backbone services (Kafka, Zk, elasticsearch, etc) and comment on others. As per your cloud provider, you have to add the volume_ids/diskURI/iqn and zone/diskName/targetPortal in egov-demo.yaml that you got as a terraform output or from sdc team (Kafka, Zk, elasticsearch, etc)
SMS gateway to receive OTP, transaction mobile notification, etc.
MDMS, Config repo URL, here is where you provide master data, tenants and various user/role access details.
GMap key for the location service
Payment gateway, in case you use PT, TL, etc
Step 4: Update your credentials and sensitive data in the secret file as per your details.
credentials, secrets (You need to encrypt using sops and create a <env>-secret.yamlseparately)
SOPS expects an encryption key to use it to encrypt/decrypt a specified plain text and keep the details secured, there are a couple of options which you can use to generate the encryption key
Once you generate your encryption key, create a .sops.yaml configuration file under the /helm directory of the cloned repo to define which keys are used for which specific file. refer to the SOP doc for info.
Note: For demo purposes, you can use the egov-demo-secrets.yaml as it is without sops configuration, but make sure you update your specific details like Git SSH, URL etc. When you decide to push these configurations into any git or public space, please make sure you follow the sops configuration mentioned in this article sops to encrypt your secrets.
Step 5: Important: Fork the following repos that contain the master data and default configs which you would customize as per your specific implementation later. Like (Master Data, ULB, Tenant details, Users, etc) to your respective GitHub organization account.
fork both the mdms, and config repos into your GitHub organization account
Step 6: Update the deployment configs for the below as per your specification:
Number of replicas/scale of each individual service (Depending on whether dev or prod load)
You must update sms gateway, email gateway, and payment gateway details for the notification and payment gateway services, etc.
Update the config, MDMS github repos wherever marked
Update GMap key (In case you are using Google Map services in your PGR, PT, TL, etc)
Create one private s3 Bucket for Filestore and one public bucket for logos. Add the bucket details respectively and create an IAM user with the s3 bucket access. Add IAM user details to <env-secrets.yaml>.
URL/DNS on which the DIGIT will be exposed.
SSL certificate for the above URL.
Any specific endpoints configs (Internal/external)