Production setup through Helm
The below scripts will help the adopters to deploy SunbirdRC services in the Kubernetes environment.
System requirements
Please note that the below numbers are only for reference, they will vary based on the business domain and scale.
Kubernetes cluster (any version above v1.26.3)
Master Node: 2 vCPU, 4 GB RAM, Disc Size: 50 GB, Nodes: 1
Worker Nodes: 4 vCPU, 8 GB RAM, Disc size: 100 GB, Nodes: 3
Bastion server: 2 vCPU, 4 GB RAM, Disc Size: 50GB
Postgres with a read replica: 4 vCPU 8 GB RAM, Disc Size: 100GB
ElasticSearch: 4 vCPU, 8 GB RAM, Disc Size: 100GB
API Gateway
Public domain
Server for Minio: 2 vCPU, 4 GB RAM, Disc Size: 100GB (Optional)
CDN / any other alternative for hosting UI
Prerequisites
Kubernetes Cluster with minimum 3 nodes
kubectl
Postgres DB (create a database for
keycloakandregistry)ElasticSearch (Optional)
Kafka (Optional)
Redis (Optional)
Minio (Optional)
Domain URL (domain url mapped to Kubernetes cluster)
The above optional services are not mandatory for SunbirdRC services. It can be installed based on the requirement of the project. For more details https://docs.sunbirdrc.dev/learn/readme-1/high-level-architecture
Deployment steps
Clone the repo
Pre-check
Make sure from the current directory you're able to run the below commands
Create namespace
Feel free to use a different name for the namespace. Use the same name in the rest of the commands.
Create secrets
Convert all the passwords/secrets into base64 format and update these values in values.yaml file
Secrets
DB_PASSWORD: Postgres database password
KEYCLOAK_ADMIN_PASSWORD: Keycloak admin password used to login to admin console
KEYCLOAK_DEFAULT_USER_PASSWORD: Default password to be set for new users created by registry
MINIO_SECRET_KEY: Minio secret key
ELASTIC_SEARCH_PASSWORD: Elastic search connection password
KEYCLOAK_ADMIN_CLIENT_SECRET: Client secret of keycloak admin client for registry
DB_PASSWORD, KEYCLOAK_ADMIN_PASSWORD and KEYCLOAK_DEFAULT_USER_PASSWORD are mandotry secrets to be set. Other secrets can be set to empty
Modify configuration values
Configuration values like database address, elastic search address etc should be modified in values.yaml file.
Schemas
All schema files should be placed in the schemas directory located at sunbird-rc-core/infra/helm_charts/charts/registry/schemas.
Configure signing keys
The signing keys should be placed in the below directories
Both public and private keys for signing
sunbird-rc-core/infra/helm_charts/charts/certificate-signer/keys
Only public key for exposure to verifiers
sunbird-rc-core/infra/helm_charts/charts/public-key-service/keys
Please note that by default a sample key is added. It is highly recommended to update this key before going to live.
Deploy helm charts
Output
Check if all the pods are running
Import keycloak realm
Goto keycloak admin console
<host>/auth/Login with username
adminand use the same password configured in secretsClick on
Masterand selectAdd realmSelect
https://github.com/Sunbird-RC/sunbird-rc-core/blob/main/imports/realm-export.jsonfileAnd click on
Create
Configure keycloak secret
Get the keycloak secret from the keycloak admin console
Goto keycloak admin console
<host>/auth/Login with username
adminand use the same password configured in the secretsGoto
clientspage and click onadmin-apiGoto
Credentialstab and click onRegenerate SecretCopy the secret
Configure secret in the registry
Get all secrets created
Encode the secret in base64 format
Open the secret in edit mode
Replace empty string for KEYCLOAK_ADMIN_CLIENT_SECRET with the base64 encoded secret
Restart registry
Check the pods status
Check registry APIs
Open the below url in the browser and check if you're able to get the swagger JSON <host>/registry/api/docs/swagger.json
Last updated