1 of 2

Deploy DIGIT

Topics covered:

DIGIT platform service deployment basics
Pre-requisites for deployment
Steps to run the deployer
Adding security group

Overview

This page details the steps to deploy the core platform services and reference applications.

The steps here can be used to deploy:

DIGIT core platform services
Public Grievance & Redressal module
Trade Licence module
Property Tax module
Water & Sewerage module etc.

Pre-requisites

DIGIT uses golang (required v1.13.3) automated scripts to deploy the builds onto Kubernetes - Linux or Windows or Mac
All DIGIT services are packaged using helm charts Installing Helm
kubectl is a CLI to connect to the Kubernetes cluster from your machine
Install CURL for making API calls
Install VisualStudio IDE Code for better code/configuration editing capabilities
Install Postman to run digit bootstrap scripts

Run Deployer

Once all the deployments configs are ready, run the command given below. Input the necessary details as prompted on the screen and the interactive installer will take care of the rest.

Run the egov-deployer golang script from the DIGIT-Devops repo.

root@ip:# cd DIGIT-DevOps/deploy-as-code/deployer

root@ip:# go run standalone_installer.go

#Be prepared for the following questions
1. Do you have the Kubernetes Setup?
2. Provide the path of the intented env kubeconfig file
3. Which version of the DIGIT that you want to install
4. What DIGIT Modules that you choose to install (Choose PGR)
5. All, done, Now do you want to preview the deployment manifests 
6. Are you good to proceed with the DIGIT Installation

All Done.

All done, wait and watch for 10 min. The DIGIT setup is complete, and the application will run on the URL.

Note:

If you do not have your domain yet, you can edit the host file entries and map the nginx-ingress-service load balancer id like below
- When you find it, add the following lines to the host file, save and close it.
- aws-load-balancer-id digit.try.com
If you have a GoDaddy account or similar and a DNS records edit access you can map the load balancer id to desired DNS. Create a cname record with the load balancer ID and domain.

You can now test the DIGIT application status in the command prompt/terminal using the command below.

curl -Is https://digit.try.com/employee/login |  head -n 1

OutPut:
HTTP/2 200

Prepare Deployment Configuration

Steps to prepare the deployment configuration file

Topics covered:

Pre-reads for preparing the deployment configuration file
Steps to prepare the configuration file

Overview

It's important to prepare a global deployment configuration yaml file that contains all necessary user-specific custom values like URL, gateways, persistent storage ids, DB details etc.

Pre-reads

Know the basics of Kubernetes: https://www.youtube.com/watch?v=PH-2FfFD2PU&t=3s
Know the basics of kubectl commands
Know kubernetes manifests: https://www.youtube.com/watch?v=ohSUtEfDefc
Know how to manage env values, secrets of any service deployed in kubernetes https://www.youtube.com/watch?v=OW244LxB4oI
Know how to port forward to a pod running inside k8s cluster and work locally https://www.youtube.com/watch?v=TT3nd5n5Yus
Know sops to secure your keys/creds: https://www.youtube.com/watch?v=DWzJ87KbwxA

Post-Kubernetes Cluster setup, the deployment consists of 2 stages. As part of this sample exercise, we can deploy PGR and show the required configurations. The deployment steps are similar for all other modules except that the prerequisites differ depending on required features like SMS Gateway, Payment Gateway, etc.

Steps To Prepare Deployment Configuration File

Navigate to the following file in your local machine from the previously cloned DevOps git repository.

Deployment Config Template

// Copy the content and replace your details at the marked places

global:
   domain: <Domain> ## Add your Domain Name Eg: digit.try.com
   
cluster-configs:
    namespaces:  
      create: true
      values: [ backbone, cert-manager, egov, es-cluster, kafka-kraft, logging, monitoring, playground ]
    
    root-ingress:
      cert-issuer: letsencrypt-prod
    configmaps:
        egov-config:
            data:
                db-host: <db-host name> ## Add db-host name eg: egov-demo.database.azure.com
                db-name: <db-name> ## Add db-name
                db-url: <Add jdbc-url" ## example: jdbc:postgresql://egov-demo.postgres.database.azure.com:5432/egov_demo
                domain: "your Domain Name" ## Add your Domain Name    
                egov-services-fqdn-name: "https://<Domain Name>/" ## Add your Domain Name
                egov-state-level-tenant-id: "pg" 
                s3-assets-bucket: "s3-assets-bucket name" ## Add s3-assets-bucket name
                
                 ## Do not Change
                es-host: "elasticsearch-data-v1.es-cluster"
                es-indexer-host: "http://elasticsearch-data-v1.es-cluster:9200/"
                flyway-locations: "filesystem:/flyway/sql,filesystem:/flyway/seed,filesystem:/flyway/qa"
                kafka-brokers: "kafka-v2.kafka-cluster:9092"
                kafka-infra-brokers: kafka-v2-infra.kafka-cluster:9092
                logging-level-jdbc: "DEBUG"
                mobile-validation-workaround: "true"
                serializers-timezone-in-ist: "true"
                server-tomcat-max-connections: "500"
                server-tomcat-max-threads: "10"
                sms-enabled: "true"
                spring-datasource-tomcat-initialSize: "1"
                spring-datasource-tomcat-max-active: "2"
                spring-jpa-show-sql: "true"
                timezone: Asia/Kolkata
                tracer-errors-provideexceptionindetails: "true"

        egov-service-host: ## Change only if have changed the defaults
            data:
                billing-service: http://billing-service.egov:8080/
                collection-services: http://collection-services.egov:8080/
                collection-search-indexer: http://collection-search-indexer.egov:8080/
                dashboard-analytics: http://dashboard-analytics.egov:8080/
                dashboard-ingest: http://dashboard-ingest.egov:8080/
                egov-common-masters: http://egov-common-masters.egov:8080/
                egov-apportion-service: http://egov-apportion-service.egov:8080/
                egf-master: http://egf-master.egov:8080/
                egf-instrument: http://egf-instrument.egov:8080/
                egov-accesscontrol: http://egov-accesscontrol.egov:8080/
                egov-user: http://egov-user.egov:8080/
                egov-location: http://egov-location.egov:8080/
                egov-filestore: http://egov-filestore.egov:8080/
                egov-localization: http://egov-localization.egov:8080/
                egov-idgen: http://egov-idgen.egov:8080/
                egov-otp: http://egov-otp.egov:8080/
                egov-mdms-service: http://egov-mdms-service.egov:8080/
                egov-mdms-create: http://egov-mdms-create.egov:8080/
                egov-enc-service: http://egov-enc-service.egov:8080/
                egov-workflow-v2: http://egov-workflow-v2.egov:8080/
                egov-searcher: http://egov-searcher.egov:8080/
                egov-data-uploader: http://egov-data-uploader.egov:8080/
                egov-indexer: http://egov-indexer.egov:8080/
                egov-hrms: http://egov-hrms.egov:8080/
                es-client: http://elasticsearch-data-v1.es-cluster:9200
                location: http://location.egov:8080/
                property-services: http://property-services.egov:8080/
                pt-calculator-v2: http://pt-calculator-v2.egov:8080/
                pt-services-v2: http://pt-services-v2.egov:8080/
                pdf-service: http://pdf-service.egov:8080/
                report: http://report.egov:8080/
                tl-services: http://tl-services.egov:8080/
                tl-workflow: http://tl-workflow.egov:8080/
                tl-calculator: http://tl-calculator.egov:8080/
                user-otp: http://user-otp.egov:8080/
                ws-calculator: http://ws-calculator.egov:8080/
                ws-services: http://ws-services.egov:8080/
                firenoc-services: http://firenoc-services.egov:8080/
                firenoc-calculator: http://firenoc-calculator.egov:8080/
                egov-user-event: http://egov-user-event.egov:8080/
                sw-services: "http://sw-services.egov:8080/"
                sw-calculator: "http://sw-calculator.egov:8080/"
                bpa-services: "http://bpa-services.egov:8080/"
                bpa-calculator: "http://bpa-calculator.egov:8080/"
                rainmaker-pgr: "http://rainmaker-pgr:8080/"
                egov-user-chatbot: "http://egov-user-chatbot:8080/"
                zuul: "http://zuul:8080/"


# Frontend services >>>>>>>>>>>>>>>>>>>>>>>>
employee:
  custom-js-injection: |
    sub_filter.conf: "
      sub_filter  '<head>' '<head>
      <script src=https://s3.ap-south-1.amazonaws.com/egov-telemetry-data/ulb-overrides.js type=text/javascript></script>
      <script src=https://raw.githack.com/egovernments/egov-mdms-data/CURFEW_E_PASS/data/in/logo/globalConfigs.js type=text/javascript></script>
      ';"
      
citizen:
  custom-js-injection: |
    sub_filter.conf: "
      sub_filter  '<head>' '<head>
      <script src=https://s3.ap-south-1.amazonaws.com/egov-telemetry-data/ulb-overrides.js type=text/javascript></script>
      <script src=https://raw.githack.com/egovernments/egov-mdms-data/CURFEW_E_PASS/data/in/logo/globalConfigs.js type=text/javascript></script>
      ';"

digit-ui:
  custom-js-injection: |
    sub_filter.conf: "
      sub_filter  '<head>' '<head>
      <script src=https://s3.ap-south-1.amazonaws.com/egov-uat-assets/globalConfigs.js type=text/javascript></script>
      ';"            
      
#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

egov-filestore:
  volume: /opt/eGov/filestore
  is-bucket-fixed: "true"
  is-s3-enabled: "true"
  fixed-bucketname: filestore bucket name  ## Add filestore bucket name

egov-idgen:
  idformat-from-mdms: "true"

egov-notification-sms:
  sms-provider-url: "sms provider url" ## Add sms provider url
  sms.provider.class: "Generic"
  sms.provider.contentType:  "application/x-www-form-urlencoded"
  sms-config-map: "{'User':'$username', 'passwd': '$password', 'sid':'$senderid', 'mobilenumber':'$mobileno', 'message':'$message', 'mtype':'N', 'DR':'N', 'smsservicetype':'singlemsg'}"
  sms-gateway-to-use: "sms provider name" ## Add sms provider name
  sms-sender: "sms sender" ## Add sms sender
  sms-sender-requesttype: "GET"
  sms-custom-config: "true"
  sms-extra-req-params: "mtype=N&DR=Y"
  sms-sender-req-param-name: "sid"
  sms-sender-username-req-param-name: "User"
  sms-sender-password-req-param-name: "passwd"
  sms-destination-mobile-req-param-name: "mobilenumber"
  sms-message-req-param-name: "message"
  sms-error-codes: "401,403,404,405,406,407,408,409,410,411,412,413,414"


chatbot:
  kafka-topics-partition-count: 3
  kafka-topics-replication-factor: 2
  kafka-consumer-poll-ms: 10
  kafka-producer-linger-ms: 5

  contact-card-whatsapp-number: "+918744960111" 
  contact-card-whatsapp-name: "mSeva Punjab"
  valuefirst-whatsapp-number: "918744960111"
  valuefirst-notification-assigned-templateid: "194781"
  valuefirst-notification-resolved-templateid: "194783"
  valuefirst-notification-rejected-templateid: "194785"
  valuefirst-notification-reassigned-templateid: "194787"
  valuefirst-notification-commented-templateid: "194789"
  valuefirst-notification-welcome-templateid: "194791"
  valuefirst-notification-root-templateid: "194795"
  valuefirst-send-message-url: "https://api.myvaluefirst.com/psms/servlet/psms.JsonEservice"
  user-service-chatbot-citizen-passwrord: "123456"

#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
egov-mdms-service:
  replicas: 1
  images:
    - egovio/egov-mdms-service
  mdms-path: "/work-dir/egov-mdms-data/data"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/egov-mdms-data" ### Change this to Your MDMS Repo
      branch: "UAT"  ### Branch need to be changed as per your env
  mdms-folder: "egov-mdms-data" 
  masters-config-url: "file:///work-dir/egov-mdms-data/master-config.json"
  java-args: -Dspring.profiles.active=monitoring

egov-indexer:
  heap: "-Xmx512m -Xms512m"
  memory_limits: "768Mi"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs" ### Change this to Your Config Repo
      branch: "UAT"
  egov-indexer-yaml-repo-path: "file:///work-dir/configs/egov-indexer/billingservices-indexer.yml,file:///work-dir/configs/egov-indexer/collection-indexer.yml,file:///work-dir/configs/egov-indexer/egov-telemetry-indexer.yml,file:///work-dir/configs/egov-indexer/egov-uploader-indexer.yml,file:///work-dir/configs/egov-indexer/error-queue.yml,file:///work-dir/configs/egov-indexer/finance-rolloutadotpion-indexer.yml,file:///work-dir/configs/egov-indexer/payment-indexer.yml,file:///work-dir/configs/egov-indexer/rainmaker-pgr-indexer.yml,file:///work-dir/configs/egov-indexer/rainmaker-pt-indexer.yml,file:///work-dir/configs/egov-indexer/rainmaker-tl-indexer.yml,file:///work-dir/configs/egov-indexer/chatbot-telemetry.yaml"

egov-persister:
  replicas: 1
  images:
    - egovio/egov-persister
  persist-yml-path: "file:///work-dir/configs/egov-persister/pt-mutation-calculator-persister.yml,file:///work-dir/configs/egov-persister/apportion-persister.yml,file:///work-dir/configs/egov-persister/billing-services-persist.yml,file:///work-dir/configs/egov-persister/egf-bill.yaml,file:///work-dir/configs/egov-persister/egov-user-event-persister.yml,file:///work-dir/configs/egov-persister/egov-workflow-v2-persister.yml,file:///work-dir/configs/egov-persister/firenoc_persiter.yaml,file:///work-dir/configs/egov-persister/hrms-employee-persister.yml,file:///work-dir/configs/egov-persister/pdf-generator.yml,file:///work-dir/configs/egov-persister/pg-service-persister.yml,file:///work-dir/configs/egov-persister/pgr.v3.yml,file:///work-dir/configs/egov-persister/property-services.yml,file:///work-dir/configs/egov-persister/pt-calculator-v2-persister.yml,file:///work-dir/configs/egov-persister/pt-drafts.yml,file:///work-dir/configs/egov-persister/pt-persist.yml,file:///work-dir/configs/egov-persister/tl-billing-slab-persister.yml,file:///work-dir/configs/egov-persister/tl-calculation-persister.yml,file:///work-dir/configs/egov-persister/uploader-persister.yml,file:///work-dir/configs/egov-persister/collection-migration-persister.yml,file:///work-dir/configs/egov-persister/property-services-registry.yml,file:///work-dir/configs/egov-persister/tradelicense.yml,file:///work-dir/configs/egov-persister/sewerage-persist.yml,file:///work-dir/configs/egov-persister/water-persist.yml,file:///work-dir/configs/egov-persister/water-meter.yml,file:///work-dir/configs/egov-persister/bpa-persister.yml,file:///work-dir/configs/egov-persister/assessment-persister.yml,file:///work-dir/configs/egov-persister/chatbot.yml"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs" ### Change this to Your Config Repo
      branch: "UAT" ### Branch need to be changed as per your env

egov-data-uploader:
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs" ### Change this to Your Config Repo
      branch: "UAT" ### Branch need to be changed as per your env

egov-searcher:
  search-yaml-path: "file:///work-dir/configs/egov-searcher/rainmaker-pgr-v2.yml,file:///work-dir/configs/egov-searcher/weekly-impact-emailer-searcher.yml,file:///work-dir/configs/egov-searcher/PTDemandBasedSearcher.yml,file:///work-dir/configs/egov-searcher/bill-genie.yml,file:///work-dir/configs/egov-searcher/rainmaker-tl.yml,file:///work-dir/configs/egov-searcher/localitySearcher.yml"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs"  ### Change this to Your Config Repo
      branch: "UAT" ### Branch need to be changed as per your env
            
dashboard-analytics:
  config-schema-paths: "file:///work-dir/configs/egov-dss-dashboards/dashboard-analytics/*.json"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs"
      branch: "UAT"

dashboard-ingest:
  config-schema-paths: "file:///work-dir/configs/egov-dss-dashboards/dashboard-ingest/*.json"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs"
      branch: "UAT"


# reportinfra >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
report:
  heap: "-Xmx512m -Xms512m"
  tracing-enabled: "true"
  spring-datasource-tomcat-max-active: 5
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs"
      branch: "UAT"
  report-locationsfile-path: "file:///work-dir/configs/reports/reportFileLocationsv1.txt"

pdf-service:
  initContainers:
    gitSync:
      repo: "git@github.com:<yours>/configs"  ### Change this to Your Config Repo
      branch: "UAT"   ### Branch need to be changed as per your env
  data-config-urls: "file:///work-dir/configs/pdf-service/data-config/tradelicense-receipt.json,file:///work-dir/configs/pdf-service/data-config/property-receipt.json,file:///work-dir/configs/pdf-service/data-config/property-bill.json,file:///work-dir/configs/pdf-service/data-config/tradelicense-bill.json,file:///work-dir/configs/pdf-service/data-config/firenoc-receipt.json,file:///work-dir/configs/pdf-service/data-config/pt-receipt.json,file:///work-dir/configs/pdf-service/data-config/tl-receipt.json,file:///work-dir/configs/pdf-service/data-config/consolidatedbill.json,file:///work-dir/configs/pdf-service/data-config/consolidatedreceipt.json,file:///work-dir/configs/pdf-service/data-config/tlapplication.json,file:///work-dir/configs/pdf-service/data-config/passvehicle-certificate.json,file:///work-dir/configs/pdf-service/data-config/ws-consolidatedacknowlegment.json,file:///work-dir/configs/pdf-service/data-config/ws-consolidatedsewerageconnection.json,file:///work-dir/configs/pdf-service/data-config/buildingpermit.json,file:///work-dir/configs/pdf-service/data-config/ptmutationcertificate.json,file:///work-dir/configs/pdf-service/data-config/tlrenewalcertificate.json,file:///work-dir/configs/pdf-service/data-config/bpa-revocation.json,file:///work-dir/configs/pdf-service/data-config/buildingpermit-low.json,file:///work-dir/configs/pdf-service/data-config/misc-receipt.json,file:///work-dir/configs/pdf-service/data-config/ws-applicationwater.json,file:///work-dir/configs/pdf-service/data-config/ws-sanctionletter.json,file:///work-dir/configs/pdf-service/data-config/ws-estimationnotice.json,file:///work-dir/configs/pdf-service/data-config/ws-applicationsewerage.json,file:///work-dir/configs/pdf-service/data-config/tlcertificate.json"
  format-config-urls: "file:///work-dir/configs/pdf-service/format-config/tradelicense-receipt.json,file:///work-dir/configs/pdf-service/format-config/property-receipt.json,file:///work-dir/configs/pdf-service/format-config/property-bill.json,file:///work-dir/configs/pdf-service/format-config/tradelicense-bill.json,file:///work-dir/configs/pdf-service/format-config/firenoc-receipt.json,file:///work-dir/configs/pdf-service/format-config/pt-receipt.json,file:///work-dir/configs/pdf-service/format-config/tl-receipt.json,file:///work-dir/configs/pdf-service/format-config/consolidatedbill.json,file:///work-dir/configs/pdf-service/format-config/consolidatedreceipt.json,file:///work-dir/configs/pdf-service/format-config/tlapplication.json,file:///work-dir/configs/pdf-service/format-config/passvehicle-certificate.json,file:///work-dir/configs/pdf-service/format-config/ws-consolidatedacknowlegment.json,file:///work-dir/configs/pdf-service/format-config/ws-consolidatedsewerageconnection.json,file:///work-dir/configs/pdf-service/format-config/buildingpermit.json,file:///work-dir/configs/pdf-service/format-config/ptmutationcertificate.json,file:///work-dir/configs/pdf-service/format-config/tlrenewalcertificate.json,file:///work-dir/configs/pdf-service/format-config/bpa-revocation.json,file:///work-dir/configs/pdf-service/format-config/buildingpermit-low.json,file:///work-dir/configs/pdf-service/format-config/misc-receipt.json,file:///work-dir/configs/pdf-service/format-config/ws-applicationwater.json,file:///work-dir/configs/pdf-service/format-config/ws-sanctionletter.json,file:///work-dir/configs/pdf-service/format-config/ws-estimationnotice.json,file:///work-dir/configs/pdf-service/format-config/ws-applicationsewerage.json,file:///work-dir/configs/pdf-service/format-config/tlcertificate.json"


#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

egov-custom-consumer:
  erp-host: "https://mohali-qa.egovernments.org/"

egf-master:
  db-url: "db-url" ## Add db-url
  memory_limits: 512Mi
  heap: "-Xmx256m -Xms256m"

redoc:
  replicas: 1
  images:
    - egovio/redoc:v1.0.5
  service_type: LoadBalancer

nginx-ingress:
  images:
    - quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
  replicas: 1
  default-backend-service: "egov/nginx"
  namespace: egov
  cert-issuer: "letsencrypt-prod"
  ssl-protocols: "TLSv1.2 TLSv1.3"
  ssl-ciphers: "EECDH+CHACHA20:EECDH+AES"
  ssl-ecdh-curve: "X25519:prime256v1:secp521r1:secp384r1"

cert-manager:
  email: "email id" ## Add email id
  images:
    - "quay.io/jetstack/cert-manager-controller:v0.10.1"
  namespace: egov

collection-receipt-voucher-consumer:
  jalandhar-erp-host: "https://jalandhar-qa.egovernments.org/"
  mohali-erp-host: "https://mohali-qa.egovernments.org/"
  nayagaon-erp-host: "https://nayagaon-qa.egovernments.org/"
  amritsar-erp-host: "https://amritsar-qa.egovernments.org/"
  kharar-erp-host: "https://kharar-qa.egovernments.org/"
  zirakpur-erp-host: "https://zirakpur-qa.egovernments.org/"

finance-collections-voucher-consumer:
  erp-env-name: "qa"
  erp-domain-name: "egovernments.org"

Secrets File Template

cluster-configs:
    secrets:
        db:      // Create postgres db user and mention the details
            username: demo
            password: demo
            flywayUsername: demo #same as above
            flywayPassword: demo #same as above
        egov-notification-sms: // sms provider details
            username: demo
            password: demo
        egov-filestore:   // AWS S3 access IAM details.
            aws-key: aswedfghew
            aws-secret-key: xdefghgdxc
        egov-location:  // Location service add your gmap key
            gmapskey: AIzaSyAQOd09-sdfegv
        egov-pg-service:    // Payment Gateway add your bank gateway provider details
            axis-merchant-id: demo
            axis-merchant-secret-key: demo
            axis-merchant-user: demo
            axis-merchant-pwd: demo
            axis-merchant-access-code: demo
            payu-merchant-key: demo
            payu-merchant-salt: demo
        pgadmin:  // To work pgadmin service add details
            admin-email: demo@demo.com
            admin-password:  demo
            read-email: demo@demo.com
            read-password: demo
        egov-enc-service:  // To work egov-enc service add the details
            master-password: demo
            master-salt: q7.fr.cr
            master-initialvector: 9J&asfgrU-H2
        egov-notification-mail:  // To work mail notification service add respective mail details
            mailsenderusername: demo@demo
            mailsenderpassword: demo
        git-sync:   // To clone the config and mdms repos, Create github user and add your ssh private key below. This private should have access to config and mdms repo.  
            ssh: |
                -----BEGIN RSA PRIVATE KEY-----
                MIIJKQIBAAKCAgEAxN3yoWfXEl7227hAXUTpeN5SiGUe22sIlGSYk3fx2Zl1xW0t
                B5Y/Rn0yCQEtQ     <add your ssh key this is just a placeholder > 
                FwiaDbuwQ+eA1RJ4Lxm9sGFuM1T
                -----END RSA PRIVATE KEY-----
            known-hosts: github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
        kibana:    // Add Kibana details
            namespace: es-cluster
            credentials: demo
        egov-si-microservice:  // Add finance service details
            si-microservice-user: demo
            si-microservice-password: demo
            mail-sender-password: demo
        egov-edcr-notification:  // Add edcr service details
            edcr-mail-username: demo@demo.com
            edcr-mail-password: demo
            edcr-sms-username: demo
            edcr-sms-password: demo
        chatbot:     // Add chatbot details
            valuefirst-username: demo
            valuefirst-password: demo
        egov-user-chatbot:  // Add user chatbot details
            citizen-login-password-otp-fixed-value: "546941"
        oauth2-proxy:   // To work oauth2-proxy service, create and add your github OAuth Apps details
            clientID: qwgethjymnbv
            clientSecret: 3a08079easd9d8055470475696fd3baad5292
            cookieSecret: QVbnq0L8npoyfxZs96wtBg==

Step 1: Clone the following DIGIT-DevOps repo (If not already done as part of Infra setup), you may need to install git and then run git clone it to your machine.

$ git clone -b digit-lts-go https://github.com/egovernments/DIGIT-DevOps

Step 2: After cloning the repo CD to the DIGIT-DevOps folder, type the "code" command to open the visual editor and open all the files from the DIGIT-DevOps repo.

$ cd DIGIT-DevOps
$ code

Step 3: Update the deployment config file with your details, you can use the following template egov-demo-sample.

$ vi deploy-as-code/helm/environments/egov-demo.yaml

Replace the following as per the applicable values -
- Important: Add your domain name here, which you want to use for accessing DIGIT. ( Do not use the dummy domain )
- SMS gateway to receive OTP, transaction mobile notification, etc.
- MDMS, Config repo URL, here is where you provide master data, tenants and various user/role access details.
- GMap key for the location service
- Payment gateway, in case you use PT, TL, etc

Step 4: Update your credentials and sensitive data in the secret file as per your details.

$ vi deploy-as-code/helm/environments/egov-demo-secrets.yaml

credentials, secrets (You need to encrypt using sops and create a <env>-secret.yaml separately)
SOPS expects an encryption key to encrypt/decrypt a specified plain text and keep the details secured. The following are the options to generate the encryption key -
- Option 1: Generate PGP keys https://fedingo.com/how-to-generate-pgp-key-in-ubuntu
- Option 2: Create AWS KMS keys when you want to use the AWS cloud provider.
Once you generate your encryption key, create a .sops.yaml configuration file under the /helm directory of the cloned repo to define the keys used for specific files. Refer to the SOP doc for more details.

Note: For demo purposes, you can use the egov-demo-secrets.yaml as it is without sops configuration, but make sure you update your specific details like Git SSH, URL etc. When you decide to push these configurations into any git or public space, make sure you follow the sops configuration mentioned in this article sops to encrypt your secrets.

Step 5: Important: Fork the following repos that contain the master data and default configs which you would customize as per your specific implementation later. Like (Master Data, ULB, Tenant details, Users, etc) to your respective GitHub organization account.

fork both the mdms, and config repos into your GitHub organization account
Once you fork the repos into your GitHub organization account, Create a github user account, generate an SSH authentication key generate new SSH key and add it to above user account.
New GitHub users should be enabled to access the earlier forked repos.
Add the ssh private key that you generated in the previous step to egov-demo-secrets.yaml under the git-sync section.
Modify the services git-Sync repo and branch with your fork repo and branch in egov-demo.yaml.

vi deploy-as-code/helm/environments/egov-demo-secrets.yaml

Step 6: Update the deployment configs for the below as per your specification:

Number of replicas/scale of each service (depending on whether dev or prod load).
Update the SMS Gateway, Email Gateway, and Payment Gateway details for the notification and payment gateway services, etc.
Update the config, MDMS GitHub repos wherever marked
Update GMap key (In case you are using Google Map services in your PGR, PT, TL, etc)
Create one private S3 bucket for Filestore and one public bucket for logos. Add the bucket details respectively and create an IAM user with the s3 bucket access. Add IAM user details to <env-secrets.yaml>.
URL/DNS on which the DIGIT will be exposed.
SSL certificate for the above URL.
Any specific endpoint configs (Internal/external).

$ vi deploy-as-code/helm/environments/egov-demo.yaml

Prepare Deployment Configuration

Steps to prepare the deployment configuration file

Topics covered:

Pre-reads for preparing the deployment configuration file
Steps to prepare the configuration file

Overview

It's important to prepare a global deployment configuration yaml file that contains all necessary user-specific custom values like URL, gateways, persistent storage ids, DB details etc.

Pre-reads

Know the basics of Kubernetes: https://www.youtube.com/watch?v=PH-2FfFD2PU&t=3s
Know the basics of kubectl commands
Know kubernetes manifests: https://www.youtube.com/watch?v=ohSUtEfDefc
Know how to manage env values, secrets of any service deployed in kubernetes https://www.youtube.com/watch?v=OW244LxB4oI
Know how to port forward to a pod running inside k8s cluster and work locally https://www.youtube.com/watch?v=TT3nd5n5Yus
Know sops to secure your keys/creds: https://www.youtube.com/watch?v=DWzJ87KbwxA

Steps To Prepare Deployment Configuration File

Navigate to the following file in your local machine from the previously cloned DevOps git repository.

Deployment Config Template

// Copy the content and replace your details at the marked places

global:
   domain: <Domain> ## Add your Domain Name Eg: digit.try.com
   
cluster-configs:
    namespaces:  
      create: true
      values: [ backbone, cert-manager, egov, es-cluster, kafka-kraft, logging, monitoring, playground ]
    
    root-ingress:
      cert-issuer: letsencrypt-prod
    configmaps:
        egov-config:
            data:
                db-host: <db-host name> ## Add db-host name eg: egov-demo.database.azure.com
                db-name: <db-name> ## Add db-name
                db-url: <Add jdbc-url" ## example: jdbc:postgresql://egov-demo.postgres.database.azure.com:5432/egov_demo
                domain: "your Domain Name" ## Add your Domain Name    
                egov-services-fqdn-name: "https://<Domain Name>/" ## Add your Domain Name
                egov-state-level-tenant-id: "pg" 
                s3-assets-bucket: "s3-assets-bucket name" ## Add s3-assets-bucket name
                
                 ## Do not Change
                es-host: "elasticsearch-data-v1.es-cluster"
                es-indexer-host: "http://elasticsearch-data-v1.es-cluster:9200/"
                flyway-locations: "filesystem:/flyway/sql,filesystem:/flyway/seed,filesystem:/flyway/qa"
                kafka-brokers: "kafka-v2.kafka-cluster:9092"
                kafka-infra-brokers: kafka-v2-infra.kafka-cluster:9092
                logging-level-jdbc: "DEBUG"
                mobile-validation-workaround: "true"
                serializers-timezone-in-ist: "true"
                server-tomcat-max-connections: "500"
                server-tomcat-max-threads: "10"
                sms-enabled: "true"
                spring-datasource-tomcat-initialSize: "1"
                spring-datasource-tomcat-max-active: "2"
                spring-jpa-show-sql: "true"
                timezone: Asia/Kolkata
                tracer-errors-provideexceptionindetails: "true"

        egov-service-host: ## Change only if have changed the defaults
            data:
                billing-service: http://billing-service.egov:8080/
                collection-services: http://collection-services.egov:8080/
                collection-search-indexer: http://collection-search-indexer.egov:8080/
                dashboard-analytics: http://dashboard-analytics.egov:8080/
                dashboard-ingest: http://dashboard-ingest.egov:8080/
                egov-common-masters: http://egov-common-masters.egov:8080/
                egov-apportion-service: http://egov-apportion-service.egov:8080/
                egf-master: http://egf-master.egov:8080/
                egf-instrument: http://egf-instrument.egov:8080/
                egov-accesscontrol: http://egov-accesscontrol.egov:8080/
                egov-user: http://egov-user.egov:8080/
                egov-location: http://egov-location.egov:8080/
                egov-filestore: http://egov-filestore.egov:8080/
                egov-localization: http://egov-localization.egov:8080/
                egov-idgen: http://egov-idgen.egov:8080/
                egov-otp: http://egov-otp.egov:8080/
                egov-mdms-service: http://egov-mdms-service.egov:8080/
                egov-mdms-create: http://egov-mdms-create.egov:8080/
                egov-enc-service: http://egov-enc-service.egov:8080/
                egov-workflow-v2: http://egov-workflow-v2.egov:8080/
                egov-searcher: http://egov-searcher.egov:8080/
                egov-data-uploader: http://egov-data-uploader.egov:8080/
                egov-indexer: http://egov-indexer.egov:8080/
                egov-hrms: http://egov-hrms.egov:8080/
                es-client: http://elasticsearch-data-v1.es-cluster:9200
                location: http://location.egov:8080/
                property-services: http://property-services.egov:8080/
                pt-calculator-v2: http://pt-calculator-v2.egov:8080/
                pt-services-v2: http://pt-services-v2.egov:8080/
                pdf-service: http://pdf-service.egov:8080/
                report: http://report.egov:8080/
                tl-services: http://tl-services.egov:8080/
                tl-workflow: http://tl-workflow.egov:8080/
                tl-calculator: http://tl-calculator.egov:8080/
                user-otp: http://user-otp.egov:8080/
                ws-calculator: http://ws-calculator.egov:8080/
                ws-services: http://ws-services.egov:8080/
                firenoc-services: http://firenoc-services.egov:8080/
                firenoc-calculator: http://firenoc-calculator.egov:8080/
                egov-user-event: http://egov-user-event.egov:8080/
                sw-services: "http://sw-services.egov:8080/"
                sw-calculator: "http://sw-calculator.egov:8080/"
                bpa-services: "http://bpa-services.egov:8080/"
                bpa-calculator: "http://bpa-calculator.egov:8080/"
                rainmaker-pgr: "http://rainmaker-pgr:8080/"
                egov-user-chatbot: "http://egov-user-chatbot:8080/"
                zuul: "http://zuul:8080/"


# Frontend services >>>>>>>>>>>>>>>>>>>>>>>>
employee:
  custom-js-injection: |
    sub_filter.conf: "
      sub_filter  '<head>' '<head>
      <script src=https://s3.ap-south-1.amazonaws.com/egov-telemetry-data/ulb-overrides.js type=text/javascript></script>
      <script src=https://raw.githack.com/egovernments/egov-mdms-data/CURFEW_E_PASS/data/in/logo/globalConfigs.js type=text/javascript></script>
      ';"
      
citizen:
  custom-js-injection: |
    sub_filter.conf: "
      sub_filter  '<head>' '<head>
      <script src=https://s3.ap-south-1.amazonaws.com/egov-telemetry-data/ulb-overrides.js type=text/javascript></script>
      <script src=https://raw.githack.com/egovernments/egov-mdms-data/CURFEW_E_PASS/data/in/logo/globalConfigs.js type=text/javascript></script>
      ';"

digit-ui:
  custom-js-injection: |
    sub_filter.conf: "
      sub_filter  '<head>' '<head>
      <script src=https://s3.ap-south-1.amazonaws.com/egov-uat-assets/globalConfigs.js type=text/javascript></script>
      ';"            
      
#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

egov-filestore:
  volume: /opt/eGov/filestore
  is-bucket-fixed: "true"
  is-s3-enabled: "true"
  fixed-bucketname: filestore bucket name  ## Add filestore bucket name

egov-idgen:
  idformat-from-mdms: "true"

egov-notification-sms:
  sms-provider-url: "sms provider url" ## Add sms provider url
  sms.provider.class: "Generic"
  sms.provider.contentType:  "application/x-www-form-urlencoded"
  sms-config-map: "{'User':'$username', 'passwd': '$password', 'sid':'$senderid', 'mobilenumber':'$mobileno', 'message':'$message', 'mtype':'N', 'DR':'N', 'smsservicetype':'singlemsg'}"
  sms-gateway-to-use: "sms provider name" ## Add sms provider name
  sms-sender: "sms sender" ## Add sms sender
  sms-sender-requesttype: "GET"
  sms-custom-config: "true"
  sms-extra-req-params: "mtype=N&DR=Y"
  sms-sender-req-param-name: "sid"
  sms-sender-username-req-param-name: "User"
  sms-sender-password-req-param-name: "passwd"
  sms-destination-mobile-req-param-name: "mobilenumber"
  sms-message-req-param-name: "message"
  sms-error-codes: "401,403,404,405,406,407,408,409,410,411,412,413,414"


chatbot:
  kafka-topics-partition-count: 3
  kafka-topics-replication-factor: 2
  kafka-consumer-poll-ms: 10
  kafka-producer-linger-ms: 5

  contact-card-whatsapp-number: "+918744960111" 
  contact-card-whatsapp-name: "mSeva Punjab"
  valuefirst-whatsapp-number: "918744960111"
  valuefirst-notification-assigned-templateid: "194781"
  valuefirst-notification-resolved-templateid: "194783"
  valuefirst-notification-rejected-templateid: "194785"
  valuefirst-notification-reassigned-templateid: "194787"
  valuefirst-notification-commented-templateid: "194789"
  valuefirst-notification-welcome-templateid: "194791"
  valuefirst-notification-root-templateid: "194795"
  valuefirst-send-message-url: "https://api.myvaluefirst.com/psms/servlet/psms.JsonEservice"
  user-service-chatbot-citizen-passwrord: "123456"

#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
egov-mdms-service:
  replicas: 1
  images:
    - egovio/egov-mdms-service
  mdms-path: "/work-dir/egov-mdms-data/data"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/egov-mdms-data" ### Change this to Your MDMS Repo
      branch: "UAT"  ### Branch need to be changed as per your env
  mdms-folder: "egov-mdms-data" 
  masters-config-url: "file:///work-dir/egov-mdms-data/master-config.json"
  java-args: -Dspring.profiles.active=monitoring

egov-indexer:
  heap: "-Xmx512m -Xms512m"
  memory_limits: "768Mi"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs" ### Change this to Your Config Repo
      branch: "UAT"
  egov-indexer-yaml-repo-path: "file:///work-dir/configs/egov-indexer/billingservices-indexer.yml,file:///work-dir/configs/egov-indexer/collection-indexer.yml,file:///work-dir/configs/egov-indexer/egov-telemetry-indexer.yml,file:///work-dir/configs/egov-indexer/egov-uploader-indexer.yml,file:///work-dir/configs/egov-indexer/error-queue.yml,file:///work-dir/configs/egov-indexer/finance-rolloutadotpion-indexer.yml,file:///work-dir/configs/egov-indexer/payment-indexer.yml,file:///work-dir/configs/egov-indexer/rainmaker-pgr-indexer.yml,file:///work-dir/configs/egov-indexer/rainmaker-pt-indexer.yml,file:///work-dir/configs/egov-indexer/rainmaker-tl-indexer.yml,file:///work-dir/configs/egov-indexer/chatbot-telemetry.yaml"

egov-persister:
  replicas: 1
  images:
    - egovio/egov-persister
  persist-yml-path: "file:///work-dir/configs/egov-persister/pt-mutation-calculator-persister.yml,file:///work-dir/configs/egov-persister/apportion-persister.yml,file:///work-dir/configs/egov-persister/billing-services-persist.yml,file:///work-dir/configs/egov-persister/egf-bill.yaml,file:///work-dir/configs/egov-persister/egov-user-event-persister.yml,file:///work-dir/configs/egov-persister/egov-workflow-v2-persister.yml,file:///work-dir/configs/egov-persister/firenoc_persiter.yaml,file:///work-dir/configs/egov-persister/hrms-employee-persister.yml,file:///work-dir/configs/egov-persister/pdf-generator.yml,file:///work-dir/configs/egov-persister/pg-service-persister.yml,file:///work-dir/configs/egov-persister/pgr.v3.yml,file:///work-dir/configs/egov-persister/property-services.yml,file:///work-dir/configs/egov-persister/pt-calculator-v2-persister.yml,file:///work-dir/configs/egov-persister/pt-drafts.yml,file:///work-dir/configs/egov-persister/pt-persist.yml,file:///work-dir/configs/egov-persister/tl-billing-slab-persister.yml,file:///work-dir/configs/egov-persister/tl-calculation-persister.yml,file:///work-dir/configs/egov-persister/uploader-persister.yml,file:///work-dir/configs/egov-persister/collection-migration-persister.yml,file:///work-dir/configs/egov-persister/property-services-registry.yml,file:///work-dir/configs/egov-persister/tradelicense.yml,file:///work-dir/configs/egov-persister/sewerage-persist.yml,file:///work-dir/configs/egov-persister/water-persist.yml,file:///work-dir/configs/egov-persister/water-meter.yml,file:///work-dir/configs/egov-persister/bpa-persister.yml,file:///work-dir/configs/egov-persister/assessment-persister.yml,file:///work-dir/configs/egov-persister/chatbot.yml"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs" ### Change this to Your Config Repo
      branch: "UAT" ### Branch need to be changed as per your env

egov-data-uploader:
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs" ### Change this to Your Config Repo
      branch: "UAT" ### Branch need to be changed as per your env

egov-searcher:
  search-yaml-path: "file:///work-dir/configs/egov-searcher/rainmaker-pgr-v2.yml,file:///work-dir/configs/egov-searcher/weekly-impact-emailer-searcher.yml,file:///work-dir/configs/egov-searcher/PTDemandBasedSearcher.yml,file:///work-dir/configs/egov-searcher/bill-genie.yml,file:///work-dir/configs/egov-searcher/rainmaker-tl.yml,file:///work-dir/configs/egov-searcher/localitySearcher.yml"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs"  ### Change this to Your Config Repo
      branch: "UAT" ### Branch need to be changed as per your env
            
dashboard-analytics:
  config-schema-paths: "file:///work-dir/configs/egov-dss-dashboards/dashboard-analytics/*.json"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs"
      branch: "UAT"

dashboard-ingest:
  config-schema-paths: "file:///work-dir/configs/egov-dss-dashboards/dashboard-ingest/*.json"
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs"
      branch: "UAT"


# reportinfra >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
report:
  heap: "-Xmx512m -Xms512m"
  tracing-enabled: "true"
  spring-datasource-tomcat-max-active: 5
  initContainers:
    gitSync:
      repo: "git@github.com:egovernments/configs"
      branch: "UAT"
  report-locationsfile-path: "file:///work-dir/configs/reports/reportFileLocationsv1.txt"

pdf-service:
  initContainers:
    gitSync:
      repo: "git@github.com:<yours>/configs"  ### Change this to Your Config Repo
      branch: "UAT"   ### Branch need to be changed as per your env
  data-config-urls: "file:///work-dir/configs/pdf-service/data-config/tradelicense-receipt.json,file:///work-dir/configs/pdf-service/data-config/property-receipt.json,file:///work-dir/configs/pdf-service/data-config/property-bill.json,file:///work-dir/configs/pdf-service/data-config/tradelicense-bill.json,file:///work-dir/configs/pdf-service/data-config/firenoc-receipt.json,file:///work-dir/configs/pdf-service/data-config/pt-receipt.json,file:///work-dir/configs/pdf-service/data-config/tl-receipt.json,file:///work-dir/configs/pdf-service/data-config/consolidatedbill.json,file:///work-dir/configs/pdf-service/data-config/consolidatedreceipt.json,file:///work-dir/configs/pdf-service/data-config/tlapplication.json,file:///work-dir/configs/pdf-service/data-config/passvehicle-certificate.json,file:///work-dir/configs/pdf-service/data-config/ws-consolidatedacknowlegment.json,file:///work-dir/configs/pdf-service/data-config/ws-consolidatedsewerageconnection.json,file:///work-dir/configs/pdf-service/data-config/buildingpermit.json,file:///work-dir/configs/pdf-service/data-config/ptmutationcertificate.json,file:///work-dir/configs/pdf-service/data-config/tlrenewalcertificate.json,file:///work-dir/configs/pdf-service/data-config/bpa-revocation.json,file:///work-dir/configs/pdf-service/data-config/buildingpermit-low.json,file:///work-dir/configs/pdf-service/data-config/misc-receipt.json,file:///work-dir/configs/pdf-service/data-config/ws-applicationwater.json,file:///work-dir/configs/pdf-service/data-config/ws-sanctionletter.json,file:///work-dir/configs/pdf-service/data-config/ws-estimationnotice.json,file:///work-dir/configs/pdf-service/data-config/ws-applicationsewerage.json,file:///work-dir/configs/pdf-service/data-config/tlcertificate.json"
  format-config-urls: "file:///work-dir/configs/pdf-service/format-config/tradelicense-receipt.json,file:///work-dir/configs/pdf-service/format-config/property-receipt.json,file:///work-dir/configs/pdf-service/format-config/property-bill.json,file:///work-dir/configs/pdf-service/format-config/tradelicense-bill.json,file:///work-dir/configs/pdf-service/format-config/firenoc-receipt.json,file:///work-dir/configs/pdf-service/format-config/pt-receipt.json,file:///work-dir/configs/pdf-service/format-config/tl-receipt.json,file:///work-dir/configs/pdf-service/format-config/consolidatedbill.json,file:///work-dir/configs/pdf-service/format-config/consolidatedreceipt.json,file:///work-dir/configs/pdf-service/format-config/tlapplication.json,file:///work-dir/configs/pdf-service/format-config/passvehicle-certificate.json,file:///work-dir/configs/pdf-service/format-config/ws-consolidatedacknowlegment.json,file:///work-dir/configs/pdf-service/format-config/ws-consolidatedsewerageconnection.json,file:///work-dir/configs/pdf-service/format-config/buildingpermit.json,file:///work-dir/configs/pdf-service/format-config/ptmutationcertificate.json,file:///work-dir/configs/pdf-service/format-config/tlrenewalcertificate.json,file:///work-dir/configs/pdf-service/format-config/bpa-revocation.json,file:///work-dir/configs/pdf-service/format-config/buildingpermit-low.json,file:///work-dir/configs/pdf-service/format-config/misc-receipt.json,file:///work-dir/configs/pdf-service/format-config/ws-applicationwater.json,file:///work-dir/configs/pdf-service/format-config/ws-sanctionletter.json,file:///work-dir/configs/pdf-service/format-config/ws-estimationnotice.json,file:///work-dir/configs/pdf-service/format-config/ws-applicationsewerage.json,file:///work-dir/configs/pdf-service/format-config/tlcertificate.json"


#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

egov-custom-consumer:
  erp-host: "https://mohali-qa.egovernments.org/"

egf-master:
  db-url: "db-url" ## Add db-url
  memory_limits: 512Mi
  heap: "-Xmx256m -Xms256m"

redoc:
  replicas: 1
  images:
    - egovio/redoc:v1.0.5
  service_type: LoadBalancer

nginx-ingress:
  images:
    - quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
  replicas: 1
  default-backend-service: "egov/nginx"
  namespace: egov
  cert-issuer: "letsencrypt-prod"
  ssl-protocols: "TLSv1.2 TLSv1.3"
  ssl-ciphers: "EECDH+CHACHA20:EECDH+AES"
  ssl-ecdh-curve: "X25519:prime256v1:secp521r1:secp384r1"

cert-manager:
  email: "email id" ## Add email id
  images:
    - "quay.io/jetstack/cert-manager-controller:v0.10.1"
  namespace: egov

collection-receipt-voucher-consumer:
  jalandhar-erp-host: "https://jalandhar-qa.egovernments.org/"
  mohali-erp-host: "https://mohali-qa.egovernments.org/"
  nayagaon-erp-host: "https://nayagaon-qa.egovernments.org/"
  amritsar-erp-host: "https://amritsar-qa.egovernments.org/"
  kharar-erp-host: "https://kharar-qa.egovernments.org/"
  zirakpur-erp-host: "https://zirakpur-qa.egovernments.org/"

finance-collections-voucher-consumer:
  erp-env-name: "qa"
  erp-domain-name: "egovernments.org"

Secrets File Template

cluster-configs:
    secrets:
        db:      // Create postgres db user and mention the details
            username: demo
            password: demo
            flywayUsername: demo #same as above
            flywayPassword: demo #same as above
        egov-notification-sms: // sms provider details
            username: demo
            password: demo
        egov-filestore:   // AWS S3 access IAM details.
            aws-key: aswedfghew
            aws-secret-key: xdefghgdxc
        egov-location:  // Location service add your gmap key
            gmapskey: AIzaSyAQOd09-sdfegv
        egov-pg-service:    // Payment Gateway add your bank gateway provider details
            axis-merchant-id: demo
            axis-merchant-secret-key: demo
            axis-merchant-user: demo
            axis-merchant-pwd: demo
            axis-merchant-access-code: demo
            payu-merchant-key: demo
            payu-merchant-salt: demo
        pgadmin:  // To work pgadmin service add details
            admin-email: demo@demo.com
            admin-password:  demo
            read-email: demo@demo.com
            read-password: demo
        egov-enc-service:  // To work egov-enc service add the details
            master-password: demo
            master-salt: q7.fr.cr
            master-initialvector: 9J&asfgrU-H2
        egov-notification-mail:  // To work mail notification service add respective mail details
            mailsenderusername: demo@demo
            mailsenderpassword: demo
        git-sync:   // To clone the config and mdms repos, Create github user and add your ssh private key below. This private should have access to config and mdms repo.  
            ssh: |
                -----BEGIN RSA PRIVATE KEY-----
                MIIJKQIBAAKCAgEAxN3yoWfXEl7227hAXUTpeN5SiGUe22sIlGSYk3fx2Zl1xW0t
                B5Y/Rn0yCQEtQ     <add your ssh key this is just a placeholder > 
                FwiaDbuwQ+eA1RJ4Lxm9sGFuM1T
                -----END RSA PRIVATE KEY-----
            known-hosts: github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
        kibana:    // Add Kibana details
            namespace: es-cluster
            credentials: demo
        egov-si-microservice:  // Add finance service details
            si-microservice-user: demo
            si-microservice-password: demo
            mail-sender-password: demo
        egov-edcr-notification:  // Add edcr service details
            edcr-mail-username: demo@demo.com
            edcr-mail-password: demo
            edcr-sms-username: demo
            edcr-sms-password: demo
        chatbot:     // Add chatbot details
            valuefirst-username: demo
            valuefirst-password: demo
        egov-user-chatbot:  // Add user chatbot details
            citizen-login-password-otp-fixed-value: "546941"
        oauth2-proxy:   // To work oauth2-proxy service, create and add your github OAuth Apps details
            clientID: qwgethjymnbv
            clientSecret: 3a08079easd9d8055470475696fd3baad5292
            cookieSecret: QVbnq0L8npoyfxZs96wtBg==

Step 1: Clone the following DIGIT-DevOps repo (If not already done as part of Infra setup), you may need to install git and then run git clone it to your machine.

$ git clone -b digit-lts-go https://github.com/egovernments/DIGIT-DevOps

Step 2: After cloning the repo CD to the DIGIT-DevOps folder, type the "code" command to open the visual editor and open all the files from the DIGIT-DevOps repo.

$ cd DIGIT-DevOps
$ code

Step 3: Update the deployment config file with your details, you can use the following template egov-demo-sample.

$ vi deploy-as-code/helm/environments/egov-demo.yaml

Replace the following as per the applicable values -
- Important: Add your domain name here, which you want to use for accessing DIGIT. ( Do not use the dummy domain )
- SMS gateway to receive OTP, transaction mobile notification, etc.
- MDMS, Config repo URL, here is where you provide master data, tenants and various user/role access details.
- GMap key for the location service
- Payment gateway, in case you use PT, TL, etc

Step 4: Update your credentials and sensitive data in the secret file as per your details.

$ vi deploy-as-code/helm/environments/egov-demo-secrets.yaml

credentials, secrets (You need to encrypt using sops and create a <env>-secret.yaml separately)
SOPS expects an encryption key to encrypt/decrypt a specified plain text and keep the details secured. The following are the options to generate the encryption key -
- Option 1: Generate PGP keys https://fedingo.com/how-to-generate-pgp-key-in-ubuntu
- Option 2: Create AWS KMS keys when you want to use the AWS cloud provider.
Once you generate your encryption key, create a .sops.yaml configuration file under the /helm directory of the cloned repo to define the keys used for specific files. Refer to the SOP doc for more details.

fork both the mdms, and config repos into your GitHub organization account
Once you fork the repos into your GitHub organization account, Create a github user account, generate an SSH authentication key generate new SSH key and add it to above user account.
New GitHub users should be enabled to access the earlier forked repos.
Add the ssh private key that you generated in the previous step to egov-demo-secrets.yaml under the git-sync section.
Modify the services git-Sync repo and branch with your fork repo and branch in egov-demo.yaml.

vi deploy-as-code/helm/environments/egov-demo-secrets.yaml

Step 6: Update the deployment configs for the below as per your specification:

Number of replicas/scale of each service (depending on whether dev or prod load).
Update the SMS Gateway, Email Gateway, and Payment Gateway details for the notification and payment gateway services, etc.
Update the config, MDMS GitHub repos wherever marked
Update GMap key (In case you are using Google Map services in your PGR, PT, TL, etc)
Create one private S3 bucket for Filestore and one public bucket for logos. Add the bucket details respectively and create an IAM user with the s3 bucket access. Add IAM user details to <env-secrets.yaml>.
URL/DNS on which the DIGIT will be exposed.
SSL certificate for the above URL.
Any specific endpoint configs (Internal/external).

$ vi deploy-as-code/helm/environments/egov-demo.yaml