Sunbird RC
v2.0.0
v1.0.0v0.0.14v2.0.0
v2.0.0
v1.0.0v0.0.14v2.0.0
  • Learn
    • Introduction
    • Sunbird RC Overview
      • Why do we need Sunbird RC?
      • Core Capabilities
      • Core Registry Verbs
      • Workflows
      • What Sunbird RC is and what it's not? (WIP)
      • Possibilities
      • Demo Links
    • Technical Overview
      • Registry
        • High-Level architecture
        • Technical Specification Draft
        • Tech Stack and Requirements
      • Credentialling
        • High-Level Architecture
        • Technical Specification Draft
        • Tech Stack and Requirements
    • Adopters
    • Roadmap
  • Use
    • Getting started
      • Pre-requisites
      • Install Sunbird-RC
    • Developer's Guide
      • Functional Registry
        • Installation Guide
          • Registry CLI
            • Setup A Registry Instance
          • Manual installation through docker-compose
          • Production setup through Helm
        • Working with Source Code
        • Configurations
          • Frontend Configurations
          • Frontend - Proxy configuration
          • Audit Configuration
          • Notifications Configuration
          • View Templates Configuration
        • Schema Setup
          • Introduction To Schemas
          • Creating Your Own Schemas
          • Schema Configuration
          • Create Schemas With Custom Password
        • Setup the Backend
        • Setup the Frontend
        • Backup and Restore
          • PostgreSQL
            • SQL Dump
            • File System Level Backup
            • Continuous Archiving and Point-in-Time Recovery (PITR)
          • Cassandra
            • Snapshot-based backup method
            • Incremental backup method
            • Data Restore
        • Generic Identity And Access Management
        • Metrics
        • Custom Keycloak Build
        • Custom QR Code design
        • VC Verification Module
      • Credentialling Services
        • Installation Guide
          • Run for development
          • Docker compose based
          • Helm based
        • Configurations
        • Working with the Vault
    • Integrations
      • SSO with existing systems
      • Digilocker Meripehchaan SSO
      • Digilocker Integration
    • Connectors
      • G2P Connect
      • Open ID for Verifiable Credentials (OID4VCI)
    • Release Notes
      • Registry
      • Credentialling
    • Admin Portal
      • Login
      • Get Started
        • Create Schema
        • Attestation Workflows (WIP)
        • VC Template
          • Custom VC Template (WIP)
        • Ownership (WIP)
        • Publish (WIP)
      • Dashboard
  • API Reference
    • Registry APIs
      • Registry
        • Using The APIs
        • Create An Entity
        • Invite An Entity
        • Generate token
        • Generate admin token
        • Get An Entity
        • Get An Entity By Id
        • Update An Entity
        • Create A Property Of An Entity
        • Update A Property Of An Entity
        • Revoke a Credential
        • Delete An Entity
      • Schema
        • Create Schema
        • Get Schema
        • Update Schema
        • Delete Schema
        • Publish A Schema
      • Attestation API
        • Raise An Attestation
        • Get Attestation Certificate
      • Claims API
        • Get All Claims
        • Get Claim by ID
        • Attest A Claim
      • Discovery API
        • Search An Entity
      • File Storage API
        • Upload A File
        • Get Uploaded File
        • Delete A File/ Multiple Files
      • Metrics APIs
        • Get Count
        • Get Aggregates
    • Credentialling APIs
      • Identity Service APIs
      • Credential Schema APIs
      • Credential Issuance APIs
    • Other APIs
      • Sign API
      • Verify API
      • Swagger JSON API
      • Health API
  • Reference Solutions for Functional Registries
    • Education
      • Education Ecosystem
        • Installation
      • Education Registries
        • Installation
        • User Guide
    • Health Registries
      • Organ Registries
        • Frontend Setup
        • Backend Setup
        • User Guide
      • Health Facility Registry
    • Govt to Person (G2P)
  • Reference Solutions for Digital Credentials
    • Certificate Issuance
      • Installation(WIP)
      • User Guide
    • eLocker
      • High Level Diagram
      • Installation (WIP)
        • Frontend Setup E-locker
      • User Guide
    • Vaccination Platform
    • Skills & Work Credentials
    • Unified Learners Passport (ULP)
      • ULP Capabilities
      • Example Scenario
      • Technical Components (WIP)
      • Demo/Sandbox Links (WIP)
      • Installation Guide (WIP)
        • Frontend Setup
        • Installation through docker-compose
        • Dummy records setup for refrence
  • Links
    • Source Code
    • Releases & Changelogs
    • Website
    • Roadmap
    • Reference links
    • Design
  • Community
    • Discussion Forum
    • Contributors
    • Contributing
    • Contribution Guidebook
    • Code of Conduct
    • Community Events
    • Status By Track
  • HELP
    • Roadmap
    • FAQs
    • Glossary
    • Guide to Electronic Registries and Verifiable Credentials
      • Verifiable Credentials
        • What issues will Verifiable Credentials address?
        • What are the key roles in Verifiable Credentials?
        • What are the components of Verifiable Credentials?
        • What are the benefits of Verifiable Credentials?
        • Digital Credentials vs Verifiable Credentials
        • QR code vs Verifiable QR code
        • Use Cases
      • Electronic Registries
        • Evolution of Electronic Registries
        • What issues will Electronic Registries address?
        • Benefits of Electronic Registries
        • Registry vs Database
        • Design Principles
        • Use Cases
      • Leveraging Existing data stores
    • External Open Source Software Attributions
Powered by GitBook

Copyright (c) 2023 EkStep Foundation under MIT License

On this page
  • System requirements
  • Prerequisites
  • Deployment steps
  • Please note that by default a sample key is added. It is highly recommended to update this key before going to live.
Edit on GitHub
  1. Use
  2. Developer's Guide
  3. Functional Registry
  4. Installation Guide

Production setup through Helm

The below scripts will help the adopters to deploy SunbirdRC services in the Kubernetes environment.

System requirements

Please note that the below numbers are only for reference, they will vary based on the business domain and scale.

  1. Kubernetes cluster (any version above v1.26.3)

    • Master Node: 2 vCPU, 4 GB RAM, Disc Size: 50 GB, Nodes: 1

    • Worker Nodes: 4 vCPU, 8 GB RAM, Disc size: 100 GB, Nodes: 3

  2. Bastion server: 2 vCPU, 4 GB RAM, Disc Size: 50GB

  3. Postgres with a read replica: 4 vCPU 8 GB RAM, Disc Size: 100GB

  4. ElasticSearch: 4 vCPU, 8 GB RAM, Disc Size: 100GB

  5. API Gateway

  6. Public domain

  7. Server for Minio: 2 vCPU, 4 GB RAM, Disc Size: 100GB (Optional)

  8. CDN / any other alternative for hosting UI

Prerequisites

  • Kubernetes Cluster with minimum 3 nodes

  • Helm

  • kubectl

  • Ingress (https://kubernetes.github.io/ingress-nginx/deploy/)

  • Postgres DB (create a database for keycloak and registry)

  • ElasticSearch (Optional)

  • Kafka (Optional)

  • Redis (Optional)

  • Minio (Optional)

  • Domain URL (domain url mapped to Kubernetes cluster)

The above optional services are not mandatory for SunbirdRC services. It can be installed based on the requirement of the project. For more details https://docs.sunbirdrc.dev/learn/readme-1/high-level-architecture

Deployment steps

Clone the repo

git clone https://github.com/Sunbird-RC/devops.git
cd deploy-as-code/helm/v1

Pre-check

Make sure from the current directory you're able to run the below commands

kubectl cluster-info
kubectl get nodes
kubectl get ns
helm version

Create namespace

kubectl create ns demo-registry

Feel free to use a different name for the namespace. Use the same name in the rest of the commands.

Create secrets

Convert all the passwords/secrets into base64 format and update these values in values.yaml file

Secrets

  • DB_PASSWORD: Postgres database password

  • KEYCLOAK_ADMIN_PASSWORD: Keycloak admin password used to login to admin console

  • KEYCLOAK_DEFAULT_USER_PASSWORD: Default password to be set for new users created by registry

  • MINIO_SECRET_KEY: Minio secret key

  • ELASTIC_SEARCH_PASSWORD: Elastic search connection password

  • KEYCLOAK_ADMIN_CLIENT_SECRET: Client secret of keycloak admin client for registry

DB_PASSWORD, KEYCLOAK_ADMIN_PASSWORD and KEYCLOAK_DEFAULT_USER_PASSWORD are mandotry secrets to be set. Other secrets can be set to empty

Modify configuration values

Configuration values like database address, elastic search address etc should be modified in values.yaml file.

Schemas

All schema files should be placed in the schemas directory located at sunbird-rc-core/infra/helm_charts/charts/registry/schemas.

Configure signing keys

The signing keys should be placed in the below directories

Both public and private keys for signing

sunbird-rc-core/infra/helm_charts/charts/certificate-signer/keys

Only public key for exposure to verifiers

sunbird-rc-core/infra/helm_charts/charts/public-key-service/keys

Please note that by default a sample key is added. It is highly recommended to update this key before going to live.

Deploy helm charts

helm upgrade --install --namespace=demo-registry demo-registry helm_charts --create-namespace

Output

Release "demo-registry" does not exist. Installing it now.
NAME: demo-registry
LAST DEPLOYED: Thu May  4 17:02:08 2023
NAMESPACE: demo-registry
STATUS: deployed
REVISION: 1

Check if all the pods are running

kubectl get pods -n demo-registry

Import keycloak realm

  • Goto keycloak admin console <host>/auth/

  • Login with username admin and use the same password configured in secrets

  • Click on Master and select Add realm

  • Select https://github.com/Sunbird-RC/sunbird-rc-core/blob/main/imports/realm-export.json file

  • And click on Create

Configure keycloak secret

Get the keycloak secret from the keycloak admin console

  • Goto keycloak admin console <host>/auth/

  • Login with username admin and use the same password configured in the secrets

  • Goto clients page and click on admin-api

  • Goto Credentials tab and click on Regenerate Secret

  • Copy the secret

Configure secret in the registry

  • Get all secrets created

kubectl get secret -n demo-registry

  • Encode the secret in base64 format

echo -n "secret copied from keycloak" | base64

  • Open the secret in edit mode

kubectl edit secret rc-secret -n demo-registry

Replace empty string for KEYCLOAK_ADMIN_CLIENT_SECRET with the base64 encoded secret

  • Restart registry

kubectl rollout restart deploy/demo-registry -n demo-registry

  • Check the pods status

kubectl get pods -n demo-registry

Check registry APIs

Open the below url in the browser and check if you're able to get the swagger JSON <host>/registry/api/docs/swagger.json

PreviousManual installation through docker-composeNextWorking with Source Code

Last updated 8 months ago