Skip to content

Commit

Permalink
[MOSIP-34233] added deployment scripts for prereg
Browse files Browse the repository at this point in the history
Signed-off-by: ckm007 <chandrakeshavmishra@gmail.com>
ckm007 committed Jul 17, 2024
1 parent f1af7f1 commit 29909c0
Showing 11 changed files with 233 additions and 0 deletions.
41 changes: 41 additions & 0 deletions deploy/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Pre-Registration Module

## Install

* Make sure your prereg UI domain name is set in [global configmap](../../cluster/global_configmap.yaml.sample)
* Make sure this domain points to the public load balancer as PreReg UI is exposed to public.
* Install
```sh
./install.sh
```

## Uninstall

```sh
./delete.sh
```

## Test
On a browser open `https://<prereg ui domain>/pre-registration-ui/`. Example `https://prereg.sandbox.xyz.net/pre-registration-ui`. Follow the instructions. You may use [sample documents](samples/) to upload during pre-registration.

## Rate Control Using Envoyfilter

- Using Envoyfilter one can limit the rate of http requests coming in to a resource. Reference: [Istio Policty Enforcement](https://istio.io/latest/docs/tasks/policy-enforcement/rate-limit/#local-rate-limit) and [Rate Limit Filter](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter).
- Edit the envoyfilter [here](./rate-control-envoyfilter.yaml)
- Edit these values in the envoyfilter accordingly.
```
token_bucket:
max_tokens: <preferred same as tokens_per_fill>
tokens_per_fill: <no of reqeust allowed in "fill_internal" ammount of time>
fill_interval: <minimum_50ms>
```
- Edit the workload selector label properly, like;
```
workloadSelector:
labels:
app.kubernetes.io/instance: <prereg-ui or prereg-application, etc>
```
- Apply the envoyfilter in the prereg namespace.
```
kubectl apply -n prereg -f rate-control-envoyfilter.yaml
```
24 changes: 24 additions & 0 deletions deploy/copy_cm.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#!/bin/bash
# Copy configmaps from other namespaces
# DST_NS: Destination namespace

function copying_cm() {
UTIL_URL=https://github.com/mosip/mosip-infra/blob/master/deployment/v3/utils/copy_cm_func.sh
COPY_UTIL=./copy_cm_func.sh
DST_NS=prereg

wget -q $UTIL_URL -O copy_cm_func.sh && chmod +x copy_cm_func.sh

$COPY_UTIL configmap global default $DST_NS
$COPY_UTIL configmap artifactory-share artifactory $DST_NS
$COPY_UTIL configmap config-server-share config-server $DST_NS
return 0
}

# set commands for error handling.
set -e
set -o errexit ## set -e : exit the script if any statement returns a non-true return value
set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
set -o errtrace # trace ERR through 'time command' and other functions
set -o pipefail # trace ERR through pipes
copying_cm # calling function
30 changes: 30 additions & 0 deletions deploy/delete.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/bin/bash
# Uninstalls all prereg helm charts

function deleting_prereg() {
while true; do
read -p "Are you sure you want to delete all prereg helm charts?(Y/n) " yn
if [ $yn = "Y" ]
then
kubectl -n prereg delete -f rate-control-envoyfilter.yaml
helm -n prereg delete prereg-gateway
helm -n prereg delete prereg-captcha
helm -n prereg delete prereg-application
helm -n prereg delete prereg-batchjob
helm -n prereg delete prereg-booking
helm -n prereg delete prereg-datasync
break
else
break
fi
done
return 0
}

# set commands for error handling.
set -e
set -o errexit ## set -e : exit the script if any statement returns a non-true return value
set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
set -o errtrace # trace ERR through 'time command' and other functions
set -o pipefail # trace ERR through pipes
deleting_prereg # calling function
3 changes: 3 additions & 0 deletions deploy/get_logs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/bash
# pod name
kubectl -n prereg logs -f $1 | grep -v "/preregistration/v1/actuator/health" | grep -v "/preregistration/v1/actuator/prometheus"
65 changes: 65 additions & 0 deletions deploy/install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
#!/bin/bash
# Installs all prereg helm charts
## Usage: ./install.sh [kubeconfig]

if [ $# -ge 1 ] ; then
export KUBECONFIG=$1
fi

NS=prereg
CHART_VERSION=12.0.1-develop

echo Create $NS namespace
kubectl create ns $NS

function installing_prereg() {
echo Istio label
## TODO: Istio proxy disabled for now as prereui does not come up if
## envoy filter container gets installed after prereg container.
kubectl label ns $NS istio-injection=disabled --overwrite
helm repo update

echo Copy configmaps
sed -i 's/\r$//' copy_cm.sh
./copy_cm.sh

API_HOST=`kubectl get cm global -o jsonpath={.data.mosip-api-host}`
PREREG_HOST=`kubectl get cm global -o jsonpath={.data.mosip-prereg-host}`

echo Install prereg-gateway
helm -n $NS install prereg-gateway mosip/prereg-gateway --set istio.hosts[0]=$PREREG_HOST --version $CHART_VERSION

echo Installing prereg-captcha
helm -n $NS install prereg-captcha mosip/prereg-captcha --version $CHART_VERSION

echo Installing prereg-application
helm -n $NS install prereg-application mosip/prereg-application --version $CHART_VERSION

echo Installing prereg-booking
helm -n $NS install prereg-booking mosip/prereg-booking --version $CHART_VERSION

echo Installing prereg-datasync
helm -n $NS install prereg-datasync mosip/prereg-datasync --version $CHART_VERSION

echo Installing prereg-batchjob
helm -n $NS install prereg-batchjob mosip/prereg-batchjob --version $CHART_VERSION

echo Installing prereg-ui
helm -n $NS install prereg-ui mosip/prereg-ui --set prereg.apiHost=$PREREG_HOST --version $CHART_VERSION

echo Installing prereg rate-control Envoyfilter
kubectl apply -n $NS -f rate-control-envoyfilter.yaml

kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status

echo Installed prereg services
return 0
}

# set commands for error handling.
set -e
set -o errexit ## set -e : exit the script if any statement returns a non-true return value
set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
set -o errtrace # trace ERR through 'time command' and other functions
set -o pipefail # trace ERR through pipes
installing_prereg # calling function
44 changes: 44 additions & 0 deletions deploy/rate-control-envoyfilter.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: local-rate-limit
spec:
workloadSelector:
labels:
app.kubernetes.io/instance: prereg-ui
configPatches:
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.local_ratelimit
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
value:
stat_prefix: http_local_rate_limiter
token_bucket:
max_tokens: 100
tokens_per_fill: 100
fill_interval: 50ms
filter_enabled:
runtime_key: local_rate_limit_enabled
default_value:
numerator: 100
denominator: HUNDRED
filter_enforced:
runtime_key: local_rate_limit_enforced
default_value:
numerator: 100
denominator: HUNDRED
response_headers_to_add:
- append: false
header:
key: x-local-rate-limit
value: 'true'
26 changes: 26 additions & 0 deletions deploy/restart.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/bin/bash
# Restart the prereg services
## Usage: ./restart.sh [kubeconfig]

if [ $# -ge 1 ] ; then
export KUBECONFIG=$1
fi


function Restarting_prereg() {
NS=prereg
kubectl -n $NS rollout restart deploy

kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status

echo Restarted prereg services
return 0
}

# set commands for error handling.
set -e
set -o errexit ## set -e : exit the script if any statement returns a non-true return value
set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
set -o errtrace # trace ERR through 'time command' and other functions
set -o pipefail # trace ERR through pipes
Restarting_prereg # calling function
Binary file added deploy/samples/sample_address_proof.pdf
Binary file not shown.
Binary file added deploy/samples/sample_exception_proof.pdf
Binary file not shown.
Binary file added deploy/samples/sample_identity_proof.pdf
Binary file not shown.
Binary file added deploy/samples/sample_relationship_proof.pdf
Binary file not shown.

0 comments on commit 29909c0

Please sign in to comment.