Deployment Architecture Upgrade

This document outlines the steps required for migrating the deployment architecture from V2 to V3.

Step 1: New environment setup with V3 Architecture

This is required for migration from V2 to V3 architecture

Make sure to have all the pre-requisites ready as per the details present in the section pre-requisites
Setup Wireguard Bastion host
Setup wireguard client in your local and complete the configuration
Setup Observation K8 cluster
Configure Observation k8 cluster
Observation cluster’s nginx setup
Observation cluster applications setup
Observation cluster keycloak-rancher integration
Setup new MOSIP k8 cluster
MOSIP k8 cluster configuration
MOSIP cluster nginx setup
Setting up Monitoring for MOSIP cluster
Setting up Alerting for MOSIP cluster
Setting up Logging for MOSIP cluster

Step 2: Deployment of external services

(Required for V2 to V3 architecture migration)

Setup postgres server
Note:
i. Deploy postgres server in a seperate node.
ii. Make sure postgres initialisation is not done (only install postgres).
Setup Keycloak server
Note: Make sure keycloak initialisation is not done (only install keycloak).
Setup Softhsm
Setup Minio server
Setup ClamAV
Setup ActiveMQ
Setup Message Gateway
Setup docker registry secrets if you are using private dockers.
Note: These instructions are only applicable if you need to access Private Docker Registries. You may disregard them if all of your Docker containers are downloaded from the public Docker Hub.
Setup Captcha for the required domains.
Setup Landing page for new MOSIP cluster.

Step 3: Backup and restoration of external services

This step is required for V2 to V3 architecture migration.

Softhsm (only required if softhsm is used instead of real HSM)
i. Backup keys
ii. Restore old key
iii. Update softhsm ida and softhsm kernel security pin
Postgres
i. Export
ii. Import
iii. secret creation
iv. Increase postgres max_connections to 1000
Keycloak
i. Export
ii. Import
Minio
i. Export the existing Minio as directory
ii. Clone Minio
Kafka
i. setup external minio for backup.
ii. backup kafka
iii. restore kafka
Conf-secrets

Update the secrets in existing secrets in conf-secrets namspace.

Packets in landing to be copied from old environment to the upgraded environment or same NFS folder can be mounted to regproc packet server and group 1 stage groups. Refer here for more details.

dmz-sc.yaml
dmz-pkt-pv.yaml
dmz-pkt-pvc.yaml
dmz-landing-pv.yaml
dmz-landing-pvc.yaml

Last updated 1 year ago

Was this helpful?

Step 1: New environment setup with V3 Architecture

This is required for migration from V2 to V3 architecture

Make sure to have all the pre-requisites ready as per the details present in the section pre-requisites

Setup Wireguard Bastion host

Setup wireguard client in your local and complete the configuration

Setup Observation K8 cluster

Configure Observation k8 cluster

Observation cluster’s nginx setup

Observation cluster applications setup

Observation cluster keycloak-rancher integration

Setup new MOSIP k8 cluster

MOSIP k8 cluster configuration

MOSIP cluster nginx setup

Setting up Monitoring for MOSIP cluster

Setting up Alerting for MOSIP cluster

Setting up Logging for MOSIP cluster

Step 2: Deployment of external services

(Required for V2 to V3 architecture migration)

Setup postgres server

Note:

i. Deploy postgres server in a seperate node.

ii. Make sure postgres initialisation is not done (only install postgres).

Setup Keycloak server

Note: Make sure keycloak initialisation is not done (only install keycloak).

Setup Softhsm

Setup Minio server

Setup ClamAV

Setup ActiveMQ

Setup Message Gateway

Setup docker registry secrets if you are using private dockers.

Note: These instructions are only applicable if you need to access Private Docker Registries. You may disregard them if all of your Docker containers are downloaded from the public Docker Hub.

Setup Captcha for the required domains.

Setup Landing page for new MOSIP cluster.

Step 3: Backup and restoration of external services

This step is required for V2 to V3 architecture migration.

Softhsm (only required if softhsm is used instead of real HSM)

i. Backup keys

ii. Restore old key

iii. Update softhsm ida and softhsm kernel security pin

Postgres

i. Export

ii. Import

iii. secret creation

iv. Increase postgres max_connections to 1000

Keycloak

i. Export

ii. Import

Minio

i. Export the existing Minio as directory

ii. Clone Minio

Kafka

i. setup external minio for backup.

ii. backup kafka

iii. restore kafka

Conf-secrets

Update the secrets in existing secrets in conf-secrets namspace.

Packets in landing to be copied from old environment to the upgraded environment or same NFS folder can be mounted to regproc packet server and group 1 stage groups. Refer here for more details.

dmz-sc.yaml

dmz-pkt-pv.yaml

dmz-pkt-pvc.yaml

dmz-landing-pv.yaml

dmz-landing-pvc.yaml