GITBOOK-1585: Pramod's Oct 15 changes

Author: Pramod Belal

.gitbook/assets/image (82).png

@@ -1,51 +1,50 @@
 # OpenG2P Commons Helm Chart
 
-## Overview
-
-### **Purpose**
+## Context
 
 * This guide explains the **design rationale** behind the OpenG2P Commons Helm chart.
-* It also provides **references for Helm chart development** and links to:
+* It also provides references for Helm chart development and links to:
   * The [**source code**](https://github.com/OpenG2P/openg2p-deployment-commons) of the chart.
   * The [**new architecture**](openg2p-deployment-model.md) documentation.
 
-**Design update (from v2.x.x onward)**
+### **Design update (from v2.x.x onward)**
+
+* In OpenG2P **version 2.x.x**, many dependency modules were installed separately for each application.
+* In the new design, these have been centralized under the `openg2p-commons` chart.
+* Only the common dependency modules shared across all applications are included in this chart.
 
-* In OpenG2P **version 2.x.x**, many dependency modules were installed **separately** for each application.
-* In the new design, these have been **centralized under the `openg2p-commons` chart**.
-* Only the **common dependency modules** shared across all applications are included in this chart.
+### **Commons dependencies**
 
-**Commons dependencies**\
-The `openg2p-commons` Helm chart bundles the following core components:
+The `openg2p-commons` Helm chart bundles the following core components.
 
-* **PostgreSQL**   
-* **Mail SMTP Server**
-* **MinIO**
-* **ODK Central**
-* **Keymanager** (includes keygen job to generate the keys for all modules)
-* **OpenSearch**
-* **Reporting** (includes _Reporting Framework_ + _Reporting Init_)
-* **Superset**
-* **eSignet** (includes _eSignet_ + _Mock Identity System_)
+1. **PostgreSQL**   
+2. **Mail SMTP Server**
+3. **MinIO**
+4. **ODK Central**
+5. **Keymanager** (includes keygen job to generate the keys for all modules)
+6. **OpenSearch**
+7. **Reporting** (includes _Reporting Framework_ + _Reporting Init_)
+8. **Superset**
+9. **eSignet** (includes _eSignet_ + _Mock Identity System_)
 
-#### Bitnami Secure Images Transition
+### Bitnami secure images transition
 
 **From August 28th, 2025**, Bitnami is evolving its public catalog under the **Bitnami Secure Images** initiative.
 
 **Key points:**
 
 * Community users now get access to **security-hardened container images** of popular software.
 * **Non-hardened Debian-based images** will be deprecated and gradually removed from the free public catalog.
-* Only **latest tags** of hardened images will remain available — meant for **development use only**.
+* Only latest tags of hardened images will remain available — meant for **development use only**.
 * Older versioned images (e.g., `10.6`, `2.50.0`) will move to the **Bitnami Legacy** repo (`docker.io/bitnamilegacy`) and will no longer receive updates.
-* For **production workloads**, users are encouraged to adopt **Bitnami Secure Images** — featuring hardened containers, SBOMs, CVE transparency, and enterprise support.
+* For production workloads, users are encouraged to adopt **Bitnami Secure Images** — featuring hardened containers, SBOMs, CVE transparency, and enterprise support.
 
-**Our Action:**
+**Our action:**
 
 * Since Bitnami removed free access to their Helm charts and Docker images,\
-  we extracted the **existing charts and versions** we depend on and uploaded them to **our own private Helm repository**.
-* All our Helm charts are now updated to reference these **internal chart paths** instead of Bitnami’s public sources.
+  we extracted the existing charts and versions we depend on and uploaded them to our own private Helm repository.
+* All our Helm charts are now updated to reference these internal chart paths instead of Bitnami’s public sources.
 
-#### How to deploy OpenG2P Commons
+#### How to deploy openg2p commons
 
 Refer the instructions [here](../deployment-instructions/environment-installation.md#common-resources).

.gitbook/assets/image (83).png

@@ -1,21 +1,60 @@
 # Environment Installation
 
-## Common resources
+The instructions here pertain to the deployment of commons  on the Kubernetes cluster using OpenG2P-Commons.  All the components are installed in the same namespace.
 
-Install common components as below:
+## Prerequisites
 
-* Create namespace for your environment using Rancher UI or command line 
-* For **production environment** install PostgreSQL server separately on the same virtual machine using command line
-* Install openg2p-commons Helm Chart.  For **production environment** do not install Docker based Postgres (see step above)
-* The **latest `openg2p-commons` Helm chart** is available directly in the **Rancher UI**.
-* To deploy it:
-  1. Open the **Rancher UI** and go to the **Apps & Marketplace** section.
-  2. In the search bar, type **`openg2p-commons`**.
-  3. Select the chart, **configure the required values** (e.g., domains, Keycloak Clients).
-  4. Click **Install** to deploy the Commons Helmchart.
+Before you deploy, make sure the following are in place:
+
+* ✅ [Infrastruction setup](infrastructure-setup.md) is completed 
+* ✅ [Environment](environment-installation.md) has been setup with common resources installed.
+* ✅ Domain name `esignet.<your environment>.<your domain name>` (e.g. `esignet.qa.openg2p.org`) is available along with SSL certificate for the domain (_the wild certificate should have already been loaded during Infrastructure setup_)
+* ✅ **Project Owner access** on the OpenG2P namespace
+
+## Installation using Rancher UI
+
+1. Log in to Rancher admin console.
+2. Select your cluster.
+3. Under **Apps -> Repositories** click on Create to add a repository.
+4.  Provide Name as `openg2p` and target HTTPS Index URL as [https://openg2p.github.io/openg2p-helm/rancher](https://openg2p.github.io/openg2p-helm/rancher) and click Create.\
+
+
+    <figure><img src="../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
+5.  To display prerelease versions of OpenG2P apps, click on your user avatar in the upper right corner of the Rancher dashboard. Then click on `Include Prerelease Versions` under Preferences under Helm Charts.\
+
+
+    <figure><img src="../../.gitbook/assets/image (3).png" alt=""><figcaption></figcaption></figure>
+6. Select the namespace in which you would like to install Registry, from the namespace filter on the top-right.
+7.  Navigate to **Apps->Charts** page on Rancher. You should see `OpenG2P  commons` Helm charts listed.
+
+    <figure><img src="../../.gitbook/assets/image (84).png" alt=""><figcaption></figcaption></figure>
+8. Proceed to Install `OpenG2P  Commons` chart select the latest version to be installed, and click Install.
+9. On the next screen, choose a name for installation, like `Commons`. Select the checkbox `Customise Helm options` before install, and click Next.
+10. Go through each app's configuration page, and configure the following:
+    1. Configure a hostname for each app in the following way. `<appname>.<base-hostname>` , where base hostname is the wildcard hostname chosen during [Istio namespace setup](../scaling/base-infrastructure/openg2p-cluster/cluster-setup/istio.md#namespace-setup).  Example: `esignet.dev.openg2p.org` and `odk.dev.openg2p.org` , etc. `<appname>` is arbitrary - default names have been provided.
+    2. **Keycloak Base Url** is your organization-wide Keycloak URL. (Ex: keycloak.\<your domain>.org)
+    3. OIDC Client details are asked. **Create Keycloak Client**, refer to [Keycloak Client Creation](../deployment-guide/keycloak-client-creation.md) guide.
+11. Click Next to reach Helm Options page. Disable `wait` flag. Click on Install.
+12. Wait for all the pods to get into **Running state**. This may take several minutes.
+
+    <div align="left"><figure><img src="../../.gitbook/assets/image (5).png" alt=""><figcaption></figcaption></figure></div>
 
 Once deployed, the OpenG2P Commons services such as PostgreSQL, MinIO, Keymanager, OpenSearch, and others will be automatically set up and available for dependent applications.
 
+## Post Installation
+
+### Keycloak
+
+#### Assigning roles to users
+
+Create[ Keycloak client roles](https://www.keycloak.org/docs/latest/server_admin/#con-client-roles_server_administration_guide) for the following components and assign them to users:
+
+<table><thead><tr><th width="336">Component</th><th>Role name</th></tr></thead><tbody><tr><td>OpenSearch Dashboards for logging</td><td><code>admin</code></td></tr><tr><td>OpenSearch Dashboards for <a href="../../monitoring-and-reporting/reporting-framework/">Reporting</a> </td><td><code>admin</code></td></tr><tr><td>Kafka UI for <a href="../../monitoring-and-reporting/reporting-framework/">Reporting</a></td><td><code>Admin</code></td></tr><tr><td>Apache Superset</td><td><code>Admin</code></td></tr><tr><td>Minio Console</td><td><code>consoleAdmin</code></td></tr></tbody></table>
+
+#### Assigning roles to clients
+
+* For Social Registry to be able to access Keymanager APIs, create a realm role in Keycloak with the name "KEYMANAGER\_ADMIN" and assign this as a service account role to the Social Registry Keycloak client.
+
 ## Modules
 
 Install the modules and other utility apps individually using their respective instructions:

.gitbook/assets/image (84).png

@@ -323,12 +323,14 @@ In Rancher, create a project and namespace, on which the OpenG2P modules will be
  The rest of this guide assumes the namespace to be `dev`, as the TLS certificates were created for the domain `dev.example.com` during the certificate setup.
 {% endhint %}
 
-In rancher -> namespaces menu, enable `Istio Auto Injection` for `dev` namespace.
+{% hint style="warning" %}
+In Rancher, make sure that `Istio auto-injection` for the dev namespace is disabled.
+{% endhint %}
 
 🔍 <mark style="color:red;">Verification Checkpoint:</mark>\
-&#x20;<mark style="color:green;">Verify Istio injection is enabled for the dev namespace in the DEV project.</mark>
+&#x20;<mark style="color:green;">Verify your project name and namespace appear under project/namespace section.</mark>
 
-<div align="left"><figure><img src="../../.gitbook/assets/image (26).png" alt=""><figcaption></figcaption></figure></div>
+<figure><img src="../../.gitbook/assets/image (82).png" alt=""><figcaption></figcaption></figure>
 
 #### **13. Istio** gateway setup
 

deployment/concepts/openg2p-commons-helm-chart.md

@@ -25,14 +25,13 @@ Before you deploy, make sure the following are in place:
 
     <figure><img src="../../.gitbook/assets/image (3).png" alt=""><figcaption></figcaption></figure>
 6. Select the namespace in which you would like to install Registry, from the namespace filter on the top-right.
-7. Navigate to **Apps->Charts** page on Rancher. You should see `OpenG2P  Registry` Helm charts listed.
-
-<figure><img src="../../.gitbook/assets/registry-app-on-rancher.png" alt="" width="323"><figcaption></figcaption></figure>
+7.  Navigate to **Apps->Charts** page on Rancher. You should see `OpenG2P  Registry` Helm charts listed.
 
+    <div align="center"><figure><img src="../../.gitbook/assets/image (83).png" alt=""><figcaption></figcaption></figure></div>
 8. Proceed to Install `OpenG2P  Registry` chart select the latest version to be installed, and click Install.
 9. On the next screen, choose a name for installation, like `registry`. Select the checkbox `Customise Helm options` before install, and click Next.
 10. Go through each app's configuration page, and configure the following:
-    1. Configure a hostname for each app in the following way. `<appname>.<base-hostname>` , where base hostname is the wildcard hostname chosen during [Istio namespace setup](../../deployment/scaling/base-infrastructure/openg2p-cluster/cluster-setup/istio.md#namespace-setup).  Example: `socialregistry.dev.openg2p.org` and `odk-sr.dev.openg2p.org` , etc. `<appname>` is arbitrary - default names have been provided.
+    1. Configure a hostname for each app in the following way. `<appname>.<base-hostname>` , where base hostname is the wildcard hostname chosen during [Istio namespace setup](../../deployment/scaling/base-infrastructure/openg2p-cluster/cluster-setup/istio.md#namespace-setup).  Example: `socialregistry.dev.openg2p.org`, etc. `<appname>` is arbitrary - default names have been provided.
     2. For production deployments, if the PostgreSQL server is run directly (natively) on the VM. for _PostgreSQL Hostname_ specifiy  `host.docker.internal`  which is proxy for `localhost` as from within Docker of Odoo `localhost` will not be recognized. If you are running PostgreSQL on a separate machine, specify the Host domain or IP.
     3. **Keycloak Base Url** is your organization-wide Keycloak URL. (Ex: keycloak.\<your domain>.org)
     4. OIDC Client details are asked. **Create Keycloak Client**, refer to [Keycloak Client Creation](../../deployment/deployment-guide/keycloak-client-creation.md) guide.
@@ -54,18 +53,6 @@ Before you deploy, make sure the following are in place:
 
 ## Post Installation
 
-### Keycloak
-
-#### Assigning roles to users
-
-Create[ Keycloak client roles](https://www.keycloak.org/docs/latest/server_admin/#con-client-roles_server_administration_guide) for the following components and assign them to users:
-
-<table><thead><tr><th width="336">Component</th><th>Role name</th></tr></thead><tbody><tr><td>OpenSearch Dashboards for logging</td><td><code>admin</code></td></tr><tr><td>OpenSearch Dashboards for <a href="../../monitoring-and-reporting/reporting-framework/">Reporting</a> </td><td><code>admin</code></td></tr><tr><td>Kafka UI for <a href="../../monitoring-and-reporting/reporting-framework/">Reporting</a></td><td><code>Admin</code></td></tr><tr><td>Apache Superset</td><td><code>Admin</code></td></tr><tr><td>Minio Console</td><td><code>consoleAdmin</code></td></tr></tbody></table>
-
-#### Assigning roles to clients
-
-* For Social Registry to be able to access Keymanager APIs, create a realm role in Keycloak with the name "KEYMANAGER\_ADMIN" and assign this as a service account role to the Social Registry Keycloak client.
-
 ### Odoo
 
 * Activate the Registry Odoo module after logging into Odoo (TBD).