DIGIT services deployment in azure cloud platform
Make sure you have your Azure account with the necessary credentials.
All DIGIT services are packaged using helm charts, Install helm using the link Installing Helm
kubectl is a CLI to connect to the Kubernetes cluster on your machine
Install CURL for making API calls
Install VisualStudio IDE Code for better code visualization/editing capabilities
Install Postman to run digit bootstrap scripts
Install Terraform to provide infrastructure on Azure
Clone the DIGIT-DevOps Repo and check out to the Azure branch
Change to the remote state in the sample-azure directory
Login to Azure using the below command in the terminal
Update the variables in variables.tf file
Run the below commands to create resource-group, storage-account and container
Copy the storage account name and change to the sample-azure directory
Open main.tf file and update the below placeholder details
Create client-id and client-secret with necessary permissions
Open variables.tf file - update the variables and run the below commands
Note the db_name and server_name
Fetch the kubeconfig using the below command. This will automatically store your kubeconfig in .kube folder
Check the kubeconfig and pods by running the below commands
Change to the environments directory and open egov-demo.yaml
Update the below configurations in egov-demo.yaml
Open the egov-demo-secrets.yaml file and update db details and private key
Generate SSH key pairs (Use either method (a) or method (b)) to update the private key.
a. Using the online website (not recommended for production setup. To be only used for demo setups): https://8gwifi.org/sshfunctions.jsp
b. Using OpenSSL :
openssl genpkey -algorithm RSA -out private_key.pem openssl rsa -pubout -in private_key.pem -out public_key.pem
Add the public key to your GitHub account (reference: https://www.youtube.com/watch?v=9C7_jBn9XJ0&ab_channel=AOSNote )
Change to the deployer directory
Run the below command to deploy nginx-ingress
Check the pods once all services are deployed successfully
Run the below command to get the load balancer id
Copy the load balancer id and add it to your domain provider against your domain name.
DIGIT Quickstart is recommended to jump-start with minimal DIGIT services to get a sense of the various installation steps and system requirements.
DIGIT Automation on AWS
Following are the pre-requisites and installation steps for setting up DIGIT on AWS:
Install Golang:
For Linux: Follow the instructions here to install Golang on Linux.
For Windows: Download the installer using the link here and follow the installation instructions.
For Mac: Download the installer using the link here and follow the installation instructions.
Install Helm - DIGIT services are packaged with Helm Charts
Install kubectl - CLI to connect to the Kubernetes cluster on your machine
Install cURL - for making API calls
Install Visual Studio Code - for better code visualization/editing capabilities
Install Postman - to run digit bootstrap scripts
Install Terraform - to provide infrastructure on AWS
Install AWS CLI and IAM Authenticator
Once you have installed all these pre-requisites, you are ready to set up DIGIT and its services.
To provision infrastructure and set up DIGIT, follow the steps below:
Clone the DIGIT-DevOps repository:
Navigate to the cloned repository and checkout the release-1.28-kubernetes branch:
cd DIGIT-DevOps git checkout release-1.28-kubernetes
Check if correct credentials are configured using the command:
aws configure list
Generate ssh key pairs using either method (a) or method (b). a. Using online website (not recommended in production setup. To be only used for demo setups): https://8gwifi.org/sshfunctions.jsp
b. Using openssl :
openssl genpkey -algorithm RSA -out private_key.pem openssl rsa -pubout -in private_key.pem -out public_key.pem
Add the public key to your github account - (reference: https://www.youtube.com/watch?v=9C7_jBn9XJ0&ab_channel=AOSNote )
Open input.yaml file in vscode. You can use the below code to directly open it in VS code:
code infra-as-code/terraform/sample-aws/input.yaml
If the command does not work you can manually go and open the file in VS code. Once the file is open, fill the inputs. (In case you are not using vscode, you can open it any editor of your choice)
Fill in the inputs as per the regex mentioned in the comments.
Open egov-demo-secret.yaml and add DB password (line number 5), flywayPassword (line number 7) and private key.
code config-as-code/environments/egov-demo-secrets.yaml
Make sure the DB password and flywayPassword are same. Private key has to be added inside git-sync key against ssh key (line number 37).
Go to infra-as-code/terraform/sample-aws and run init.go script to enrich different files based on input.yaml.
cd infra-as-code/terraform/sample-aws go run ../scripts/init.go
Navigate to the remote-state folder and run terraform to create a S3 bucket and DynamoDB.
cd remote-state
terraform init
terraform plan
terraform apply
Navigate back to sample-aws folder and run terraform to provision infrastructure for DIGIT.
cd ..
terraform init
terraform plan
terraform apply
(Add the same DB password which you have added in egov-demo-secret.yaml when prompted after running terraform apply)
Execute the following command to generate a kubeConfig file and update the volumeIds, DB URL, and other relevant details in the egov-demo.yaml file.
terraform output -json | go run ../scripts/envYAMLUpdater.go
Run the export KUBECONFIG command shown on terminal. (Note: The exact command to run will be printed on terminal. It will be something like this: export KUBECONFIG=<LOCAL_KUBECONFIGPATH> )
Run the digit-installer.go script to install DIGIT using the following command:
cd ../../../deploy-as-code/deployer go run digit_installer.go
Once the deployment is done get the CNAME of the nginx-ingress-controller:
kubectl get svc nginx-ingress-controller -n egov -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
The output of this will be the something like this: ae210873da6ff4c03bde2ad22e18fe04-233d3411.ap-south-1.elb.amazonaws.com Add the CNAME to your domain provider against your domain name.
Follow the steps below to set up seed data:
Import the provided postman collection.
Port-forward user pod using the following command -
kubectl port-forward <egov_user_pod> 8080:8080 -n egov
Hit super_user_creation cURL. This will create a super user with username as GRO and password as eGov@4321.
Open the accessToken_generation cURL. The credentials have already been populated. Change "{{YOUR_DOMAIN_NAME}}" placeholder to the domain name defined in input.yaml file while provisioning and hit the cURL.
In the response, you will get "access_token" field. Highlight this value, right click on it and set it as global "token "value.
Execute rainmaker common, rainmaker locality, rainmaker PGR localization and PGR workflow cURLs by changing "{{YOUR_DOMAIN_NAME}}" placeholder to the domain name defined in input.yaml file to setup localization and workflow seed data.
Follow the steps below to destroy the cluster once the demo is done:
Delete the nginx-ingress-controller service in the egov namespace using the below command and navigate to the infra-as-code/terraform/sample-aws directory: kubectl delete svc nginx-ingress-controller -n egov cd ../../infra-as-code/terraform/sample-aws terraform destroy Run the Terraform destroy command to delete the cluster.
To destroy the remote state bucket, first set the lifecycle value to false in the main.tf file in the remote-state folder:
lifecycle { prevent_destroy = false }
After making this change, go to the AWS console and empty the S3 bucket associated with the remote state.
Once the bucket is emptied, you can proceed to destroy the remote state bucket using the Terraform destroy command.
Make sure that the above command reflects the set AWS credentials. Proceed once the details are confirmed. (Refer to the AWS document in case of any doubts on how to set the credentials: Configuring the AWS CLI - AWS Command Line Interface )
