Sandbox Deployment

Overview

MOSIP components are available as Dockers on Docker Hub. We provide deployment guide and scripts to install the same on Kubernetes.

Single click installer (V2)

The single click installer, also called V2 is an installer based on Ansible scripts. The sandbox may be used for development and testing.
The configuration properties used in this installer are available here.

Production grade deployment (V3)

Currently available as Beta, V3 is a reference implementation of a Kubernetes based production grade deployment of MOSIP. The same may be deployed both as a sandbox or full-scale production deployment. Several security features and enhancements have been added over the single click installer.
The configuration properties used in this installer are available here.

Cluster administration

In V3 installation cluster can be administered by logging into organisation wide Rancher setup. Rancher is integrated with Keycloak for authentication. To provide cluster access to a user perform the following steps as administrator:
  1. 1.
    Login into organisation wide Keycloak e.g https://iam.xyz.net. It is assumed that you have admin role in Keycloak.
  2. 2.
    Create a new user.
  3. 3.
    Make sure a strong password is set for the same under Credentials tab.
  4. 4.
    On Details tab you should see Update Password flag under Required User Actions. This will prompt a user to change the password during first login. Disable the same only if you are sure you don't want user to change password.
  5. 5.
    Login to Rancher as administrator, e.g. https://rancher.xyz.net.
  6. 6.
    Select a cluster for which you would like to enable access to the user.
  7. 7.
    Add the user as member of the cluster.
  8. 8.
    Assign a role, e.g Cluster Owner, Cluster Viewer.

Wireguard

V3 installation uses Wireguard for secure access. Refer to the following documents for further details:

Versioning

Following versioning conventions are followed for repos related to deployment:
  • mosip-infra branch == MOSIP release version == mosip-helm branch.
  • k8s-infra is on main branch.
  • Helm chart version ~= MOSIP release version but with following versioning convention:
    • MOSIP release version: w.x.y.z. Example 1.2.0.1
    • Helm chart version: wx.y.z. Example 12.0.1 (as Helm follows 3 digit versioning).
    • In case of develop branch of mosip-helm version in Chart.yaml points to next planned release version of MOSIP (as Helm does not allow version like develop).
  • Docker image tag in values.yaml of Helm chart == MOSIP release version.
  • Helm charts contain default compatible docker image tag.
  • appVersion field in Charts.yaml is not used.

Active branches

Branches of mosip-infra chart that are actively being updated are listed below. Other branches are assumed to be frozen. Make sure any changes are reflected in these branches (if applicable).
  • 1.1.5.5
  • 1.1.5_v3
  • 1.2.0.1
  • develop

Glossary

Term
Description
Helm chart version
version field in Charts.yaml
MOSIP release version
Version as published. If a release is w.x.y, it implies w.x.y.0. Patch releases may have have 4 digits like w.x.y.z.
Docker image tag
Version of MOSIP serivce/module published as docker on Docker Hub.