Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[MOSIP-35987 #117

Closed
wants to merge 43 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
8328094
[DSD-35987]Adding changes for better logging and storage of reports.
Mahesh-Binayak Sep 25, 2024
b1f5fe2
[DSD-35987]Adding changes for s3 push flag and renamed to mock-rp-oid…
Mahesh-Binayak Sep 26, 2024
886aff4
Merge pull request #110 from Mahesh-Binayak/MOSIP-35987
ckm007 Sep 28, 2024
6a2d4dd
[MOSIP-35987] updated onboarder changes to store reports in volumes
ckm007 Sep 30, 2024
6cb397c
[MOSIP-35987] updated onboarder changes to store reports in volumes
ckm007 Sep 30, 2024
1921215
[MOSIP-35987]Updated default.sh
Mahesh-Binayak Oct 1, 2024
79775f8
Merge pull request #114 from Mahesh-Binayak/MOSIP-35987
ckm007 Oct 1, 2024
7b053c7
[MOSIP-35987]Update upload-reports.sh
Mahesh-Binayak Oct 1, 2024
a4b6454
Merge pull request #115 from Mahesh-Binayak/MOSIP-35987
ckm007 Oct 1, 2024
93e639d
Update default.sh
Mahesh-Binayak Oct 1, 2024
41753c5
[MOSIP-35816] updated pv name and selecter for secviceaccountname
ckm007 Oct 1, 2024
6b67004
Merge branch 'MOSIP-35987' of https://github.com/mosip/mosip-onboardi…
ckm007 Oct 1, 2024
2e59b6f
[MOSIP-36196] updated pv name and selecter for secviceaccountname
ckm007 Oct 1, 2024
d06c849
[MOSIP-35987] updated onboarder secret name to resolve duplicate k8 o…
ckm007 Oct 1, 2024
2a2c55c
[MOSIP-35987] updated chart version and corrected lint failure
ckm007 Oct 4, 2024
3abbc9d
[DSD-6382] corrected chart version as per semver
ckm007 Oct 4, 2024
03c92d3
[DSD-6382] Update chart-lint-publish.yml
ckm007 Oct 4, 2024
ba1029d
[DSD-6382] updated onboarder readme
ckm007 Oct 6, 2024
6c07286
Merge pull request #118 from mosip/DSD-6382
ckm007 Oct 6, 2024
58bfe9a
Updated default.sh to remove all the redundant success msgs.
Mahesh-Binayak Oct 7, 2024
374e4f6
Added changes in postman to support clientID creation
Mahesh-Binayak Oct 7, 2024
964259a
Added changes in postman to support clientID creation
Mahesh-Binayak Oct 7, 2024
eff3bea
Merge pull request #119 from Mahesh-Binayak/MOSIP-35987
Mahesh-Binayak Oct 7, 2024
181148f
Update default.sh to allow renaming of secret
Mahesh-Binayak Oct 7, 2024
72026d6
Update default.sh
Mahesh-Binayak Oct 7, 2024
f60955a
[MOSIP-35987]Update default.sh to change secret name
Mahesh-Binayak Oct 8, 2024
0d8e13f
[MOSIP-35987] added option to use mock-rp with or without mosip
Mahesh-Binayak Oct 16, 2024
42e7d3c
Update default.sh
Mahesh-Binayak Oct 16, 2024
e3a931e
[MOSIP-35987] added option to use mock-rp with or without mosip
Mahesh-Binayak Oct 17, 2024
2dc9e30
Merge remote-tracking branch 'origin/MOSIP-35987' into MOSIP-35987
Mahesh-Binayak Oct 17, 2024
a4ce1e8
Merge pull request #121 from Mahesh-Binayak/MOSIP-35987
ckm007 Oct 17, 2024
ef57287
Create trivy-check.yml
Mahesh-Binayak Nov 13, 2024
2de2447
Merge pull request #1 from Mahesh-Binayak/Mahesh-Binayak-patch-7
Mahesh-Binayak Nov 13, 2024
4897268
Update trivy-check.yml
Mahesh-Binayak Nov 13, 2024
420c8c6
Updated onboarding.postman_collection.json to change the boolean valu…
Mahesh-Binayak Nov 18, 2024
a7eac8d
Merge pull request #127 from Mahesh-Binayak/MOSIP-35987
Mahesh-Binayak Nov 18, 2024
32fd7a2
[MOSIP-35987]added new request and fixed some older issues.
Mahesh-Binayak Nov 18, 2024
722497b
Merge pull request #128 from Mahesh-Binayak/MOSIP-35987
Mahesh-Binayak Nov 18, 2024
2b9959f
[MOSIP-37447] add mosipid env to helm charts
bhumi46 Nov 19, 2024
cba5394
[MOSIP_35987] removed older un-required sections of script and added …
Mahesh-Binayak Nov 20, 2024
a58617d
Delete .github/workflows/trivy-check.yml
Mahesh-Binayak Nov 20, 2024
027bd0d
Merge pull request #130 from Mahesh-Binayak/MOSIP-35987
ckm007 Nov 20, 2024
a10f4fd
Merge pull request #129 from bhumi46/MOSIP-35987
ckm007 Nov 27, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/chart-lint-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ on:
- 0.*
- develop
- release*
- MOSIP-35987
paths:
- 'helm/**'

Expand Down
13 changes: 4 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,18 +1,13 @@
# Partner Onboarding Utils

## Overview
This repository contains Postman collection to onboard partners on to MOSIP.

This repository contains Postman collection to onboard partners on to MOSIP.
* `run-onboard.sh`: Onboard any partner.
* `default.sh`: Onboard default partners that are required to run a sandbox.

## Docker
Docker to run `default.sh` is created to facilitate easy onboarding during installion. Refer `docker-build.sh` and `docker-run.sh`. Use this docker while installing MOSIP on Kubernetes. The docker runs an HTTP server to view the reports. Although this is a one-time job, the docker is run as Kubernetes Deployment with long sleep time set to review reports. If you restart the docker it will run the onboarding again.

The scripts assume a Keycloak client `mosip-deployment-client` with roles `GLOBAL_ADMIN`, `ID_AUTHENTICATION`, `PARTNER_ADMIN` is already created.

If the `ENABLE_INSECURE` environment variable is set to `true`, the script will proceed with downloading an SSL certificate and subsequently provide it for utilization in **Newman** collections and **curl** API calls during execution. This functionality is designed for scenarios where the script is required to be used on a server that possesses self-signed SSL certificates.

* Docker to run `default.sh` is created to facilitate easy onboarding during installion. Refer `docker-build.sh` and `docker-run.sh`. Use this docker while installing MOSIP on Kubernetes. The docker runs an HTTP server to view the reports. Although this is a one-time job, the docker is run as Kubernetes Deployment with long sleep time set to review reports. If you restart the docker it will run the onboarding again.
* The scripts assume a Keycloak client `mosip-deployment-client` with roles `GLOBAL_ADMIN`, `ID_AUTHENTICATION`, `PARTNER_ADMIN` is already created.
* If the `ENABLE_INSECURE` environment variable is set to `true`, the script will proceed with downloading an SSL certificate and subsequently provide it for utilization in **Newman** collections and **curl** API calls during execution. This functionality is designed for scenarios where the script is required to be used on a server that possesses self-signed SSL certificates.
## License
This project is licensed under the terms of [Mozilla Public License 2.0](LICENSE).

File renamed without changes.
106 changes: 65 additions & 41 deletions default.sh

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion helm/partner-onboarder/.gitignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
charts/
Charts.yaml
Chart.lock
2 changes: 1 addition & 1 deletion helm/partner-onboarder/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: partner-onboarder
description: A Helm chart for onboarding default partners for MOSIP sandbox.
type: application
version: 0.0.1-develop
version: 1.5.0-es-develop
appVersion: ""
dependencies:
- name: common
Expand Down
22 changes: 3 additions & 19 deletions helm/partner-onboarder/README.md
Original file line number Diff line number Diff line change
@@ -1,40 +1,24 @@
# OTPManager

Helm chart for installing Kernel module OTPManager.

# Partner Onboarder
Helm chart for installing MOSIP Partner onboarder.
## TL;DR

```console
$ helm repo add mosip https://mosip.github.io
$ helm install my-release mosip/partner-onboarder
```

## Introduction

OTPManager is part of the kernel modules, but has a separate Helm chart so as to install and manage it in a completely indepedent namespace.

## Prerequisites

- Kubernetes 1.12+
- Helm 3.1.0
- PV provisioner support in the underlying infrastructure
- ReadWriteMany volumes for deployment scaling

## Installing the Chart

To install the chart with the release name `partner-onboarder`.

```console
helm install my-release mosip/partner-onboarder
```

> **Tip**: List all releases using `helm list`

**Tip**: List all releases using `helm list`
## Uninstalling the Chart

To uninstall/delete the `my-release` deployment:

```console
helm delete my-release
```

4 changes: 2 additions & 2 deletions helm/partner-onboarder/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $cm_name }}
name: {{ $cm_name }}-{{ $.Release.Name }}
namespace: {{ $.Release.Namespace }}
labels: {{- include "common.labels.standard" $ | nindent 8 }}
{{- if $.Values.commonLabels }}
Expand All @@ -18,4 +18,4 @@ data:
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
21 changes: 18 additions & 3 deletions helm/partner-onboarder/templates/jobs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,21 @@ spec:
env:
- name: MODULE
value: {{ $module.name }}
- name: push_reports_to_s3
value: {{ quote $.Values.onboarding.variables.push_reports_to_s3 }}
- name: mosipid
value: {{ quote $.Values.onboarding.variables.mosipid }}
envFrom:
{{- if $.Values.onboarding.configmaps }}
{{- range $cm_name, $cm_value := $.Values.onboarding.configmaps }}
- configMapRef:
name: {{ $cm_name }}
name: {{ $cm_name }}-{{ $.Release.Name }}
{{- end }}
{{- end }}
{{- if $.Values.onboarding.secrets }}
{{- range $secret_name, $secret_value := $.Values.onboarding.secrets }}
- secretRef:
name: {{ $secret_name }}
name: {{ $secret_name }}-{{ $.Release.Name }}
{{- end }}
{{- end }}
{{- if $.Values.extraEnvVarsSecret }}
Expand All @@ -66,5 +70,16 @@ spec:
{{- if $.Values.resources }}
resources: {{- toYaml $.Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }}
- name: {{ $.Values.onboarding.volumes.reports.name }}
mountPath: /home/mosip/reports/
{{- end }}
volumes:
{{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }}
- name: {{ $.Values.onboarding.volumes.reports.name }}
persistentVolumeClaim:
claimName: {{ $.Values.onboarding.volumes.reports.name }}-{{ $.Release.Namespace }}-{{ $module.name }}-pvc
{{- end }}
{{- end }}
{{- end }}
{{- end }}
25 changes: 25 additions & 0 deletions helm/partner-onboarder/templates/pv.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{{- range $module := $.Values.onboarding.modules }}
{{- if $module.enabled }}
{{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }}
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ $.Values.onboarding.volumes.reports.name }}-{{ $.Release.Namespace }}-{{ $module.name }}-pvc
labels:
name: {{ $.Values.onboarding.volumes.reports.name }}
spec:
storageClassName: {{ $.Values.onboarding.volumes.reports.storageClass }}
capacity:
storage: {{ $.Values.onboarding.volumes.reports.size }}
accessModes:
{{- range $.Values.onboarding.volumes.reports.accessModes }}
- {{ . }}
{{- end }}
nfs:
server: {{ $.Values.onboarding.volumes.reports.nfs.server }}
path: {{ $.Values.onboarding.volumes.reports.nfs.path }}
# mountOptions:
# - nolock
{{- end }}
{{- end }}
{{- end }}
23 changes: 23 additions & 0 deletions helm/partner-onboarder/templates/pvc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
{{- range $module := $.Values.onboarding.modules }}
{{- if $module.enabled }}
{{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ $.Values.onboarding.volumes.reports.name }}-{{ $.Release.Namespace }}-{{ $module.name }}-pvc
namespace: {{ $.Release.Namespace | quote }}
spec:
storageClassName: {{ $.Values.onboarding.volumes.reports.storageClass }}
accessModes:
{{- range $.Values.onboarding.volumes.reports.accessModes }}
- {{ . }}
{{- end }}
resources:
requests:
storage: {{ $.Values.onboarding.volumes.reports.size }}
selector:
matchLabels:
name: {{ $.Values.onboarding.volumes.reports.name }}
{{- end }}
{{- end }}
{{- end }}
6 changes: 3 additions & 3 deletions helm/partner-onboarder/templates/rolebinding.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}
name: {{ template "partner-onboarder.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
Expand All @@ -19,11 +19,11 @@ metadata:
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}
name: {{ template "partner-onboarder.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ .Release.Name }}-secrets-pods-role
apiGroup: rbac.authorization.k8s.io

---
---
4 changes: 2 additions & 2 deletions helm/partner-onboarder/templates/secrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ $secret_name }}
name: {{ $secret_name }}-{{ $.Release.Name }}
namespace: {{ $.Release.Namespace }}
labels: {{- include "common.labels.standard" $ | nindent 8 }}
{{- if $.Values.commonLabels }}
Expand All @@ -19,4 +19,4 @@ data:
{{ $key }}: {{ $value | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
40 changes: 28 additions & 12 deletions helm/partner-onboarder/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,8 @@ service:

image:
registry: docker.io
repository: mosipqa/partner-onboarder
tag: develop
repository: mosipdev/partner-onboarder
tag: MOSIP-35987
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
Expand Down Expand Up @@ -262,7 +262,6 @@ extraEnvVarsCM:
## Secret with extra environment variables
##
extraEnvVarsSecret:
- s3
- keycloak
- keycloak-client-secrets

Expand Down Expand Up @@ -428,30 +427,29 @@ metrics:
onboarding:
modules:
- name: ida
enabled: true
enabled: false
- name: print
enabled: true
enabled: false
- name: abis
enabled: true
enabled: false
- name: resident
enabled: true
enabled: false
- name: mimoto
enabled: true
enabled: false
- name: digitalcard
enabled: true
enabled: false
- name: esignet
enabled: false
- name: demo-oidc
- name: mock-rp-oidc
enabled: false
- name: resident-oidc
enabled: false
- name: mimoto-keybinding
enabled: true
enabled: false
- name: mimoto-oidc
enabled: false
- name: signup-oidc
enabled: false

configmaps:
s3:
s3-host: 'http://minio.minio:9000'
Expand All @@ -462,3 +460,21 @@ onboarding:
ns_esignet: esignet
ns_signup: signup
secrets:
s3:
s3-user-secret: 'password'
volumes:
reports:
name: onboarder-reports
storageClass: nfs-client
accessModes:
- ReadWriteMany
size: 10Mi
existingClaim:
# Dir where config and keys are written inside container
mountDir: /home/mosip/reports
nfs:
path: "/srv/nfs/sandbox/onboarding" # Dir within the nfs server where config repo is cloned/maintained locally.
server: "nfs-server" # Ip address of nfs server.
variables:
push_reports_to_s3: true
mosipid: false
Loading