While System Integrators (SI) have a choice of implementing their own deployment tools, MOSIP provides reference implementation of Kubernetes based prouction grade deployment called V3(currently offered as Beta).
You may also install sandboxes using the same infrastructure (recommended).
Below table lists various checks that must be performed before actual roll out of a deployment. This list is not exhaustive and it is expected that SIs use this as a reference and augment their own hardening procedures.
Multi-factor authentication for Rancher and Keycloak.
Review all Wireguard keys. Are all keys accounted for? Do the machines with Wireguard keys have sufficient protection - like firewalls, password/biometric login etc.
Are correct cluster roles assigned to users in Rancher? Is RBAC set properly?
Do the users of Rancher have strong passwords only known to them?
Is Rancher and Keycloak accessible only on Wireguard and not on public net?
Who holds the Keycloak Admin credentials? Are the credentials secure?
Any stray passwords lying on the disks?
Increase the number of nodes in the cluster according to expected load.
Set rate control (throttling) parameters for PreReg.
Scripts to clean up processed packets in landing zone.
Review pod replication factors for all modules. E.g ClamAV.
Enable persistence in all modules. On cloud change the storage class from 'Delete' to 'Retain'. If you already have PV as 'Delete', you can edit the PV config and change it to 'Retain' (without having to change storage class).
Make sure storage class allows expansion of storage.
Review size of persistent volumes and update.
Increase MinIO persistent volume size based on your estimations.