Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This page details the steps to deploy the core platform services and reference applications.
The steps here can be used to deploy:
DIGIT core platform services
Public Grievance & Redressal module
Trade Licence module
Property Tax module
Water & Sewerage module etc.
All DIGIT services are packaged using helm charts Installing Helm
kubectl is a CLI to connect to the Kubernetes cluster from your machine
Install CURL for making API calls
Install VisualStudio IDE Code for better code/configuration editing capabilities
Install Postman to run digit bootstrap scripts
Once all the deployments configs are ready, run the command given below. Input the necessary details as prompted on the screen and the interactive installer will take care of the rest.
Run the egov-deployer golang script from the DIGIT-Devops repo.
All done, wait and watch for 10 min. The DIGIT setup is complete, and the application will run on the URL.
Note:
If you do not have your domain yet, you can edit the host file entries and map the nginx-ingress-service load balancer id like below
When you find it, add the following lines to the host file, save and close it.
aws-load-balancer-id digit.try.com
If you have a GoDaddy account or similar and a DNS records edit access you can map the load balancer id to desired DNS. Create a cname record with the load balancer ID and domain.
You can now test the DIGIT application status in the command prompt/terminal using the command below.
This documentation provides a detailed explanation of how to create a new helm chart using common templates and deploy it using helmfile.
helm
Clone the DIGIT-DevOps repository using the below command and checkout to the DIGIT-2.9LTS branch.
Navigate to the common_chart_template chart
Edit the chart.yaml with your service_name and update the dependency chart path.
Now, edit the values.yaml file to override the values present in the common chart and the values need to be provided for your service. If your service doesn't depend on db then you can disable the DB migration by setting the value enable as false. Also if you are using your docker account you need to update the docker container in the below values.yaml file.
After making these changes you need to provide this chart configuration in helmfile.yaml file
Steps to prepare the deployment configuration file
It's important to prepare a global deployment configuration yaml file that contains all necessary user-specific custom values like URL, gateways, persistent storage ids, DB details etc.
Know the basics of Kubernetes: https://www.youtube.com/watch?v=PH-2FfFD2PU&t=3s
Know the basics of kubectl commands
Know kubernetes manifests: https://www.youtube.com/watch?v=ohSUtEfDefc
Know how to manage env values, secrets of any service deployed in kubernetes https://www.youtube.com/watch?v=OW244LxB4oI
Know how to port forward to a pod running inside k8s cluster and work locally https://www.youtube.com/watch?v=TT3nd5n5Yus
Know sops to secure your keys/creds: https://www.youtube.com/watch?v=DWzJ87KbwxA
Post-Kubernetes Cluster setup, the deployment consists of 2 stages. As part of this sample exercise, we can deploy PGR and show the required configurations. The deployment steps are similar for all other modules except that the prerequisites differ depending on required features like SMS Gateway, Payment Gateway, etc.
Navigate to the following file in your local machine from the previously cloned DevOps git repository.
Step 1: Clone the following DIGIT-DevOps repo (If not already done as part of Infra setup), you may need to install git and then run git clone it to your machine.
$ git clone -b digit-lts-go https://github.com/egovernments/DIGIT-DevOps
Step 2: After cloning the repo CD to the DIGIT-DevOps folder, type the "code" command to open the visual editor and open all the files from the DIGIT-DevOps repo.
Step 3: Update the deployment config file with your details, you can use the following template egov-demo-sample.
Replace the following as per the applicable values -
Important: Add your domain name here, which you want to use for accessing DIGIT. ( Do not use the dummy domain )
SMS gateway to receive OTP, transaction mobile notification, etc.
MDMS, Config repo URL, here is where you provide master data, tenants and various user/role access details.
GMap key for the location service
Payment gateway, in case you use PT, TL, etc
Step 4: Update your credentials and sensitive data in the secret file as per your details.
credentials, secrets (You need to encrypt using sops and create a <env>-secret.yaml separately)
SOPS expects an encryption key to encrypt/decrypt a specified plain text and keep the details secured. The following are the options to generate the encryption key -
Option 1: Generate PGP keys https://fedingo.com/how-to-generate-pgp-key-in-ubuntu
Option 2: Create AWS KMS keys when you want to use the AWS cloud provider.
Once you generate your encryption key, create a .sops.yaml configuration file under the /helm directory of the cloned repo to define the keys used for specific files. Refer to the SOP doc for more details.
Note: For demo purposes, you can use the egov-demo-secrets.yaml as it is without sops configuration, but make sure you update your specific details like Git SSH, URL etc. When you decide to push these configurations into any git or public space, make sure you follow the sops configuration mentioned in this article sops to encrypt your secrets.
Step 5: Important: Fork the following repos that contain the master data and default configs which you would customize as per your specific implementation later. Like (Master Data, ULB, Tenant details, Users, etc) to your respective GitHub organization account.
Once you fork the repos into your GitHub organization account, Create a github user account, generate an SSH authentication key generate new SSH key and add it to above user account.
New GitHub users should be enabled to access the earlier forked repos.
Add the ssh private key that you generated in the previous step to egov-demo-secrets.yaml under the git-sync section.
Modify the services git-Sync repo and branch with your fork repo and branch in egov-demo.yaml.
Step 6: Update the deployment configs for the below as per your specification:
Number of replicas/scale of each service (depending on whether dev or prod load).
Update the SMS Gateway, Email Gateway, and Payment Gateway details for the notification and payment gateway services, etc.
Update the config, MDMS GitHub repos wherever marked
Update GMap key (In case you are using Google Map services in your PGR, PT, TL, etc)
Create one private S3 bucket for Filestore and one public bucket for logos. Add the bucket details respectively and create an IAM user with the s3 bucket access. Add IAM user details to <env-secrets.yaml>.
URL/DNS on which the DIGIT will be exposed.
SSL certificate for the above URL.
Any specific endpoint configs (Internal/external).
This guide provides step-by-step instructions for installing DIGIT. This is a preferable method for setting up production environment. You should be well versed with DevOps concepts.
High-level overview of DIGIT deployment
DIGIT is an open-source, customizable platform that lends itself to extensibility. New modules can be built on top of the platform to suit new use-cases or existing modules can be modified or replaced. To enable this, in addition to deploying DIGIT, a CI/CD pipeline should be set up. CD/CI pipelines enable the end user to automate & simplify the build/deploy process.
DIGIT comes with configurable "CI as code", "Deploy as code" etc.. which can be utilized to set up the pipelines and deploy new modules. More on that in the steps below.
Note: Changing the DIGIT code has implications for upgrades. That is, you may not be able to upgrade to the latest version of DIGIT depending on the changes that have been made. New modules are generally not a problem for upgrades.
Find out more on kubernetes manifests: https://www.youtube.com/watch?v=ohSUtEfDefc
Learn how to manage env values, secrets of any service deployed in kubernetes https://www.youtube.com/watch?v=OW244LxB4oI
Explore how to port forward to a pod running inside k8s cluster and work locally https://www.youtube.com/watch?v=TT3nd5n5Yus
Find the SOPs to secure your keys/creds: https://www.youtube.com/watch?v=DWzJ87KbwxA
Set up DIGIT using HelmFile. You can still try it out and give us feedback.
This guide walks you through the steps required to set up DIGIT using helmfile.
git
Kubernetes Cluster
Helmfile is a declarative spec for deploying helm charts. It lets you…
Keep a directory of chart value files and maintain changes in version control.
Apply CI/CD to configuration changes.
Periodically sync to avoid skew in environments.
To avoid upgrades for each iteration of helm, the helmfile executable delegates to helm - as a result, must be installed.
Standardisation of Helm templates (Override specific parameters such as namespace)
To improve the Utilisation of Helm capabilities (Rollback)
Easy to add any open-source helm chart to your DIGIT stack
run as a container
Archlinux: install via pacman -S helmfile
You can also use a shim to make calling the binary easier:
The helmfile init sub-command checks the dependencies required for helmfile operation, such as helm, helm diff plugin, helm secrets plugin, helm helm-git plugin, helm s3 plugin. When it does not exist or the version is too low, it can be installed automatically.
The helmfile sync sub-command syncs your cluster state as described in your helmfile. The default helmfile is helmfile.yaml, but any YAML file can be passed by specifying a --file path/to/your/yaml/file flag.
The helmfile apply sub-command begins by executing diff. If diff finds that there are any changes, sync is executed. Adding --interactive instructs Helm File to request your confirmation before sync.
The helmfile destroys sub-commands uninstalls and purges all the releases defined in the manifests. helmfile --interactive destroy instructs Helm File to request your confirmation before actually deleting releases.
Update domain name in env.yaml
Update db password , flywaypassword, loginusername, loginpassword and git-sync private key in env-secrets.yaml
Note: Make sure the db_password and flywaypassword are same
Note
Run the below command to install DIGIT successfully.
This guide outlines a deployment strategy for running containerized applications on Kubernetes, focusing on seamless database integration. It's suitable for teams looking to simplify their database setup using in-cluster PostgreSQL or externally managed database services.
By updating the Kubernetes deployment configuration, teams can easily switch from an in-cluster PostgreSQL database to a managed service. This move enhances scalability and reliability while reducing the operational overhead of database management.
Scalability and Reliability: Managed services offer superior scalability and reliability compared to in-cluster databases.
Reduced Operational Overhead: Outsourcing database management allows teams to concentrate on application development.
To integrate a managed PostgreSQL service, modify the following parameters in the
deploy-as-code/charts/environments/env.yaml configuration file:
db-host: Update with the database service host address.
db-name: Update with the specific database name.
db-url: Update with the complete database connection URL.
domain: Update domain name with your domain name
Update db password, db username, flyway username, flyway password, login username, login password and git-sync private key in env-secrets.yaml
Run the below command to install DIGIT successfully.
Please hit the below URL to login into the employee dashboard with SUPERUSER access
Log in with the user credentials which you have provided in the below file path
Tested Environment
This deployment approach has been thoroughly tested on an Amazon Web Services Elastic Kubernetes Service (AWS EKS) Cluster with Kubernetes version 1.28.
download one of the
open SUSE: install via zypper in helmfile assuming you are on Tumbleweed; if you are on Leap you must add the repo for your distribution version once before that command, e.g. zypper ar https://download.opensuse.org/repositories/devel:/kubic/openSUSE_Leap_\$releasever kubic
Windows (using ): scoop install helmfile
macOS (using ): brew install helmfile
The . There is no latest tag, since the 0.x versions can contain breaking changes, so pick the right tag. Example using helmfile 0.156.0:
1. Generate SSH key pairs using the below method Using the online website (not recommended in a production setup. To be only used for demo setups): 2. Add the public key to your GitHub account - (reference: )
Note: 1. Generate SSH key pairs using the below method Using the online website (not recommended in production setup. To be only used for demo setups): 2. Add the public key to your GitHub account - (reference: )
This section contains the list of documents that explains the key concepts required for DIGIT deployment.
If you're deploying DIGIT for the first time, we recommend using the Helmfile documentation for guidance.
If you're already running DIGIT and want to deploy using Go exclusively, this document is your go-to reference.
Deployment using GithubActions
This document offers guidance on effortlessly setting up the infrastructure and deploying the DIGIT service with just a click.
Release chart helps to deploy the product specific modules in one click
This section of the document walks you through the details of how to prepare a new release chart for existing products.
Git
Install Visualstudio IDE Code for better code visualization/editing capabilities
Clone the following DIGIT-DevOps where we have all the release charts for you to refer.
Create a new release version of the below products.
Select your product, copy the previous release version file, and rename it with your new version.
The above code ensures the dependancy_chart-digit-v2.6.yaml with your new release version is copied and renamed.
Note: replace <your_release_version> with your new release version.
Navigate to the release file on your local machine. Open the file using Visualstudio or any other file editor.
Update the release version "v2.6" with your new release version.
Update the modules(core, business, utilities, m_pgr, m_property-tax,..etc) service images with new release service images.
Add new modules
name - add your module name with "m_demo" ideal format ie. "m" means module and "demo" would be your module name
dependencies - add your module dependencies (name of other modules)
services - add your module-specific new service images
This section of the document walks you through the details of how to prepare a new release chart for new products.
Git
GitHub Organization Account
Install Visualstudio IDE Code for better code visualization/editing capabilities
When you have a new product to introduce, you can follow the below steps to create the release chart for a new product.
eGov partners can follow the below steps:
Fork the DIGIT-DevOps repo to your GitHub organization account
Clone the forked DIGIT-DevOps repo to your local machine
git clone --branch release https://github.com/<your_organization_account_name>/DIGIT-DevOps.git
Note: replace this <your_organization_account_name> with your github organization account name.
Navigate to the product-release-charts folder and create a new folder with your product name. cd DIGIT-DevOps/config-as-code/product-release-charts mkdir <new_product_name>Note: replace <new_product_name> with your new product name.
Create a new release chart file in the above-created product folder.touch dependancy_chart-<new_product_name>-<release_version>.yaml1. Open your release chart file dependancy_chart-<new_product_name>-<release_version>.yaml and start preparing as mentioned in the below release template.
eGov users can follow the below steps:
Clone the forked DIGIT-DevOps repo to your local machine
git clone --branch release https://github.com/egovernments/DIGIT-DevOps.git
Navigate to the product-release-charts folder and create a new folder with your product name. cd DIGIT-DevOps/config-as-code/product-release-charts mkdir <new_product_name>Note: replace <new_product_name> with your new product name
Create a new release chart file in the above-created product folder.touch dependancy_chart-<new_product_name>-<release_version>.yaml1. Open your release chart file dependancy_chart-<new_product_name>-<release_version>.yaml and start preparing as mentioned in the below release template.
