eric/onix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add AWS CDK project and Helm charts for Beckn-Onix deployment on AWS cloud

Browse Source
This commit is contained in:
Mozammil Khan
2024-09-23 22:57:34 +05:30
parent 5d5e363ccd
commit c683ec3d74
114 changed files with 10018 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

215
aws-cdk/documentations/01-Deployment-CDK-Beckn-ONIX.md Normal file
View File

@@ -0,0 +1,215 @@
# Beckn-ONIX AWS CDK
This repository contains AWS CDK stacks for deploying the Beckn-ONIX services on AWS using the open-source AWS CDK IaC. The AWS CDK stacks are designed to deploy the following services:
- **Registry**: Manages Beckn service providers and categories, and provides an additional layer of trust on the network by listing platforms that are compliant to a networks rules and policies.
- **Gateway**: Central point for routing Beckn messages between providers and participants.
- **BAP (Beckn Application Platform)**: A consumer-facing infrastructure which captures consumers requests via its UI applications, converts them into beckn-compliant schemas and APIs at the server side, and fires them at the network.
- **BPP (Beckn Provider Platform)**: Other side of the network is the supply side which consists of Beckn Provider Platforms (BPPs) that maintain an active inventory, one or more catalogs of products and services, implement the supply logic and enable fulfillment of orders.
![AWS CDK FLow](images/AWS-CDK-Flow.png)
## Prerequisites
- **AWS Account**: An AWS account to deploy AWS CDK stacks
- **AWS CLI**: Configured with AWS account
- **Kubectl Client**: Configured with the Amazon EKS cluster.
- **Public Domain/Sub-Domain**: Along with SSL certificates for HTTPS.
### Domain and Subdomains
Beckn-ONIX requires a public domain to be associated with the following services:
- Registry
- Gateway
- BAP Network
- BPP Network
Users must obtain a public domain and create subdomains for each service. Additionally, an SSL certificate must be issued for each subdomain to enable HTTPS. You can use [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/pricing/), which provides public SSL/TLS certificates at no cost.
## Requesting a Public SSL Certificate through AWS Certificate Manager
Gather the list of subdomains you intend to use for Beckn-ONIX services (as outlined in the pre-requisite).
To obtain an SSL certificate through AWS Certificate Manager, follow the easy steps provided in the official [AWS ACM Documentation](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html).
Once a certificate is issued, copy the certificate ARN to be used in the Helm charts later. The certificate ARN follows this format:
`arn:aws:acm:ap-south-1:<aws-account-id>:certificate/<identifier>`
## Configuring AWS CLI
Crucial step in working with AWS CDK. You can do it in your local environment.If you prefer to configure AWS CLI on a remote server, you can SSH-ing into the server and running aws configure to set up the CLI credentials and configuration. Just ensure that the server has network connectivity to AWS services and that you have the necessary permissions to configure AWS CLI and access AWS resources from that server.
## Beckn-ONIX CDK Project Overview
The AWS CDK project follows a specific folder structure for better organization:
- **lib/**: This folder contains all the CDK stacks. Each stack represents a set of AWS resources that are deployed together.
- **bin/**: This folder contains the `beckn-cdk.ts` file, which serves as the entry point to the CDK application.
- **config.ts**: Located in the `lib/` folder, this file holds all the necessary environment variables for your stacks.
- **.env**: This file is located in the root of the AWS CDK project and contains user-specific environment variables.
### CDK Stacks Overview
| CDK Stack Name | Description |
|----------------------|---------------------------------------------------------------------------------------------------|
| VpcStack | This stack creates the VPC in which your resources will be deployed, along with one public subnet and two private subnets. |
| EksStack | This stack creates an Amazon EKS (Elastic Kubernetes Service) cluster for deploying Kubernetes applications. |
| RdsStack | This stack creates a PostgreSQL Aurora database cluster for your application's data storage needs. |
| HelmRegistryStack | This stack deploys Beckn-Onix Registry helm charts. |
| HelmGatewayStack | This stack deploys Beckn-Onix Gateway helm charts. |
| HelmBapStack | This stack deploys Beckn-Onix BAP helm charts. |
| HelmBppStack | This stack deploys Beckn-Onix BPP helm charts. |
| HelmCommonServicesStack | This stack deploys common services (Redis, Mongo, and RabbitMQ) from the open-source Bitnami repository into the Amazon EKS cluster required for BAP and BPP services. |
### Optional Stacks
| CDK Stack Name | Description |
|----------------------|---------------------------------------------------------------------------------------------------|
| RedisStack | This stack creates a Redis cluster for caching and data storage needs. |
| DocumentDbStack | This stack creates a DocumentDB cluster for document storage and retrieval. |
| RabbitMqStack | This stack creates a RabbitMQ broker for managing message queues and pub/sub messaging. |
## AWS CDK Environment Variables
**Note:** Depending on the Beckn-ONIX component you wish to install, please update the `.env` file with the respective environment variables.
#### AWS SPECIFIC MANDATORY VARIABLES ####
| Environment Variables | Example value | Description |
| --------------------- | -------------- | ---------- |
| `REGION` | `ap-south-1` | The AWS region in which to deploy all the resources |
| `ACCOUNT` | `123456789123` | Your AWS 12 digit account number |
#### BECKN-ONIX SPECIFIC MANDATORY VARIABLES ####
**Note:** Depending on the Beckn-ONIX component you wish to install, please update the `.env` file with the respective environment variables.
### Registry
| Variable | Description | Example Value |
|-------------------------------|--------------------------------------------------------|-------------------------------------------------------------|
| `REGISTRY_EXTERNAL_DOMAIN` | External domain for the registry | `registry-cdk.beckn-onix-aws-cdk.becknprotocol.io` |
| `CERT_ARN` | SSL certificate ARN (AWS Certificate Manager) | `arn:aws:acm:ap-south-1:365975017663:certificate/04d1ef71-8407-495b-82f0-4eded8694189` |
### Gateway
| Variable | Description | Example Value |
|-------------------------------|--------------------------------------------------------|-------------------------------------------------------------|
| `GATEWAY_EXTERNAL_DOMAIN` | External domain for the gateway | `gateway-cdk.beckn-onix-aws-cdk.becknprotocol.io` |
| `REGISTRY_URL` | Registry URL | `gateway-cdk.beckn-onix-aws-cdk.becknprotocol.io` |
| `CERT_ARN` | SSL certificate ARN (AWS Certificate Manager) | `arn:aws:acm:ap-south-1:365975017663:certificate/04d1ef71-8407-495b-82f0-4eded8694189` |
### BAP (Beckn Application Platform)
| Variable | Description | Example Value |
|-------------------------------|--------------------------------------------------------|-------------------------------------------------------------|
| `BAP_EXTERNAL_DOMAIN` | External domain for the BAP | `bap-cdk.beckn-onix-aws-cdk.becknprotocol.io` |
| `BAP_PRIVATE_KEY` | Private key for the BAP | `pivurna3jQBmZGZeeOssgvD0NqMUuWedGjnM9U+hf8i5GXy3eoHVP7ZNs0CL+m7WB/Lq7L2/NvdPdiJWt9kjOQ==` |
| `BAP_PUBLIC_KEY` | Public key for the BAP | `uRl8t3qB1T+2TbNAi/pu1gfy6uy9vzb3T3YiVrfZIzk=` |
| `CERT_ARN` | SSL certificate ARN (AWS Certificate Manager) | `arn:aws:acm:ap-south-1:365975017663:certificate/04d1ef71-8407-495b-82f0-4eded8694189` |
### BPP (Beckn Provider Platform)
| Variable | Description | Example Value |
|-------------------------------|--------------------------------------------------------|-------------------------------------------------------------|
| `BPP_EXTERNAL_DOMAIN` | External domain for the BPP | `bpp-cdk.beckn-onix-aws-cdk.becknprotocol.io` |
| `BPP_PRIVATE_KEY` | Private key for the BPP | `pivurna3jQBmZGZeeOssgvD0NqMUuWedGjnM9U+hf8i5GXy3eoHVP7ZNs0CL+m7WB/Lq7L2/NvdPdiJWt9kjOQ==` |
| `BPP_PUBLIC_KEY` | Public key for the BPP | `uRl8t3qB1T+2TbNAi/pu1gfy6uy9vzb3T3YiVrfZIzk=` |
| `CERT_ARN` | SSL certificate ARN (AWS Certificate Manager) | `arn:aws:acm:ap-south-1:365975017663:certificate/04d1ef71-8407-495b-82f0-4eded8694189` |
## Deploy CDK
After you have made the relevant updates to the `.env` file, run the following commands to begin the deployment process.
### Deployment by Environment
You can now choose to deploy one of the following environments:
1. **Registry Environment**
This will deploy the following stacks: VPC, Amazon EKS, and Amazon RDS Aurora Postgres and Registry:
```bash
cdk deploy --context env=registry --all
```
2. **Gateway Environment**
This will deploy the following stacks: VPC, Amazon EKS, Amazon RDS Aurora Postgres and Gateway:
```bash
cdk deploy --context env=gateway --all
```
### Generate SSL Key Pair required for BAP and BPP
The Protocol Server (BAP/BPP) provides a key generation script.
**Note:** Ensure Node.js is installed on your system.
```bash
curl https://raw.githubusercontent.com/beckn/protocol-server/master/scripts/generate-keys.js > generate-keys.js
npm install libsodium-wrappers
node generate-keys.js
```
**Note:** Copy the `publicKey` and `privateKey` from the output. You need to add keys to .env file before running CDK deploy.
3. **BAP (Buyer Application Provider) Environment**
This will deploy the following stacks: VPC, Amazon EKS, BAP, and common services in Amazon EKS - Redis, DocumentDB, and RabbitMQ:
```bash
cdk deploy --context env=bap --all
```
4. **BPP (Buyer Platform Provider) Environment**
This will deploy the following stacks: VPC, Amazon EKS, BAP, and common services in Amazon EKS - Redis, DocumentDB, and RabbitMQ:
```bash
cdk deploy --context env=bpp -all
```
5. **Sandbox Environment**
This environment is suitable for non-prod setup and will deploy all the stacks including - VPC, Amazon EKS, Amazon RDS Aurora Postgres, all Beckn-Onix services including common services:
```bash
cdk deploy --context env=sandbox --all
```
## Next Steps
After installing all Beckn-Onix services, proceed with the next steps to verify and complete the setup:
1. **[Verify Deployments](documentations/verify-deployments.md)**
To ensure that your Beckn-Onix services are running correctly, follow the instructions in the [Verify Deployments](documentations/verify-deployments.md) document. This will help you confirm that the services are operational and identify any issues that need to be addressed.
2. **[Update DNS Records](documentations/post-deployment-dns-config.md)**
To configure DNS settings for your services, follow the instructions provided in the [Post-Deployment DNS Configuration](documentations/post-deployment-dns-config.md) document. This will guide you through retrieving the necessary Load Balancer addresses and updating your DNS records.
3. **[Register BAP and BPP with Registry](documentations/post-deployment-bap-bpp-register.md)**
After updating your DNS records, you need to register your participants BAP and BPP network with the registry service. Follow the steps in the [BAP and BPP Registration](documentations/post-deployment-bap-bpp-register.md) document to complete this process.

255
aws-cdk/documentations/02-Deployment-Helm-Beckn-ONIX.md Normal file
View File

@@ -0,0 +1,255 @@
# Beckn-ONIX AWS CDK Helm Charts
This repository contains Helm charts for deploying the Beckn-ONIX services on AWS using the AWS CDK framework. The charts are designed to deploy the following applications:
- **Registry**: Manages Beckn service providers and categories, and provides an additional layer of trust on the network by listing platforms that are compliant to a networks rules and policies.
- **Gateway**: Central point for routing Beckn messages between providers and participants.
- **BAP (Beckn Application Platform)**: A consumer-facing infrastructure which captures consumers requests via its UI applications, converts them into beckn-compliant schemas and APIs at the server side, and fires them at the network.
- **BPP (Beckn Provider Platform)**: Other side of the network is the supply side which consists of Beckn Provider Platforms (BPPs) that maintain an active inventory, one or more catalogs of products and services, implement the supply logic and enable fulfillment of orders.
## Prerequisites
- **Amazon EKS Requirements**:
- [**Load Balancer Controller**](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html): Required for **Registry** and **Gateway**.
- [**EBS CSI Driver**](https://docs.aws.amazon.com/eks/latest/userguide/pv-csi.html) and [**EFS CSI Driver**](https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html): Required for **BAP** and **BPP**.
If deploying all Beckn-ONIX components on the same EKS cluster, all three add-ons are necessary.
- **Kubectl Client**: Configured with the Amazon EKS cluster.
- **Helm 3 Client**: For managing Helm charts.
- **A PostgreSQL Database Instance**: Managed by AWS RDS Aurora in this case.
- **Public Domain/Sub-Domain**: Along with SSL certificates for HTTPS.
### Domain and Subdomains
Beckn-ONIX requires a public domain to be associated with the following services:
- Registry
- Gateway
- BAP Network
- BPP Network
Users must obtain a public domain and create subdomains for each service. Additionally, an SSL certificate must be issued for each subdomain to enable HTTPS. You can use [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/pricing/), which provides public SSL/TLS certificates at no cost.
## Requesting a Public SSL Certificate through AWS Certificate Manager
Gather the list of subdomains you intend to use for Beckn-ONIX services (as outlined in the pre-requisite).
To obtain an SSL certificate through AWS Certificate Manager, follow the easy steps provided in the official [AWS ACM Documentation](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html).
Once a certificate is issued, copy the certificate ARN to be used in the Helm charts later. The certificate ARN follows this format:
`arn:aws:acm:ap-south-1:<aws-account-id>:certificate/<identifier>`
## Helm Parameters
Before installing the Helm chart, its important to familiarize yourself with all the available parameters. Each parameter allows you to customize the Helm chart according to your deployment needs. Review the descriptions and default values to understand how they will impact your setup.
**Note:** If a parameter does not have a default value listed, you are expected to provide a value for it during Helm installation.
### Registry Parameters
**Note:** Default values that are empty must be provided during chart execution.
| Name | Description | Default Value |
| ----------------------------- | --------------------------------------- | ---------------------------------------------------- |
| `externalDomain` | External domain for the Registry service, e.g. <br> `registry.beckn-onix-aws-cdk.becknprotocol.io`| |
| `database.host` | PostgreSQL database host, e.g. <br> `beckn-onix-registry.ap-south-1.rds.amazonaws.com`| |
| `database.dbname` | PostgreSQL database name | `registry` |
| `database.username` | PostgreSQL database username | `postgres` |
| `database.password` | PostgreSQL database password | |
| `ingress.tls.certificateArn` | ARN for the TLS certificate, e.g. <br> `arn:aws:acm:region:account-id:certificate/certificate-id`| |
---
### Gateway Parameters
**Note:** Default values that are empty must be provided during chart execution.
| Name | Description | Default Value |
| ----------------------------- | --------------------------------------- | ---------------------------------------------------- |
| `externalDomain` | External domain for the Gateway service, e.g. <br> `gateway.beckn-onix-aws-cdk.becknprotocol.io`| |
| `registry_url` | Registry URL for Beckn services, e.g. <br> `https://registry.beckn-onix-aws-cdk.becknprotocol.io`| |
| `database.host` | PostgreSQL database host, e.g. <br> `beckn-onix-registry.ap-south-1.rds.amazonaws.com`| |
| `database.dbname` | PostgreSQL database name | `gateway` |
| `database.username` | PostgreSQL database username | `postgres` |
| `database.password` | PostgreSQL database password | |
| `ingress.tls.certificateArn` | ARN for the TLS certificate, e.g. <br> `arn:aws:acm:region:account-id:certificate/certificate-id`| |
---
### BAP/BPP Parameters
**Note:** Default values that are empty must be provided during chart execution.
| Name | Description | Default Value |
| ----------------------------------------- | -------------------------------------------------- | --------------------------------------------------- |
| `global.externalDomain` | External domain for the BAP/BPP network service, e.g. `bap-network.beckn-onix-aws-cdk.becknprotocol.io` (BAP), `bpp-network.beckn-onix-aws-cdk.becknprotocol.io` (BPP)| |
| `global.registry_url` | Registry URL for Beckn services, e.g. `https://registry.beckn-onix-aws-cdk.becknprotocol.io`| |
| `global.responseCacheMongo.username` | MongoDB username for response caching | `root` |
| `global.responseCacheMongo.password` | MongoDB password for response caching |
| `global.responseCacheMongo.host` | MongoDB host for response caching | `mongodb.bap-common-services.svc.cluster.local` |
| `global.rabbitMQamqp.password` | RabbitMQ AMQP password for message processing | |
| `global.rabbitMQamqp.host` | RebbitMQ host | `rabbitmq.bap-common-services.svc.cluster.local` |
| `global.redisCache.host` | Redis host | `redis-master.bap-common-services.svc.cluster.local ` |
| `global.ingress.tls.certificateArn` | ARN for the TLS certificate, e.g. `arn:aws:acm:region:account-id:certificate/certificate-id`| |
| `global.bap.privateKey` or `global.bpp.privateKey` | Private key for BAP/BPP, used during registration | |
| `global.bap.publicKey` or `global.bpp.publicKey` | Public key for BAP/BPP, used during registration | |
## Installing the Charts
Before installing the charts, ensure AWS RDS Aurora PostgreSQL database is running and accessible from your EKS cluster.
### Beckn-ONIX Registry
```bash
helm install registry . \
--set externalDomain=<registry_external_domain> \
--set database.host=<rds_postgres_database_hostname> \
--set database.password=<db_password> \
--set ingress.tls.certificateArn="aws_certificate_manager_arm"
```
### Beckn-ONIX Gateway
```bash
helm install gateway . \
--set externalDomain=<gateway_external_domain> \
--set registry_url=https://<registry_domain> \
--set database.host=<rds_postgres_database_hostname> \
--set database.password=<rds_postgres_db_password> \
--set ingress.tls.certificateArn="aws_certificate_manager_arm"
```
### Common Services Charts for BAP & BPP
BAP and BPP services require Redis, MongoDB, and RabbitMQ. These services must be installed before deploying Beckn-ONIX. You can use Bitnami Helm charts for installation: [Bitnami Helm Charts](https://github.com/bitnami/charts/tree/main/bitnami/).
#### Install Common Services for BAP
#### Create Namespace and Add Bitnami Helm Repository
```bash
kubectl create namespace bap-common-services
helm repo add bitnami https://charts.bitnami.com/bitnami
```
#### Install Redis
```bash
helm install -n bap-common-services redis bitnami/redis \
--set auth.enabled=false \
--set replica.replicaCount=0 \
--set master.persistence.storageClass="gp2"
```
#### Install MongoDB
```bash
helm install -n bap-common-services mongodb bitnami/mongodb \
--set persistence.storageClass="gp2"
# To get the Mongodb root password run:
kubectl get secret --namespace bap-common-services mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 -d)
```
#### Install RabbitMQ
```
helm install -n bap-common-services rabbitmq bitnami/rabbitmq \
--set persistence.enabled=true \
--set persistence.storageClass="gp2" \
--set auth.username=beckn \
--set auth.password=$(openssl rand -base64 12)
```
#### Install Common Services for BPP
For BPP, follow the same installation steps as for BAP, but with modifications specific to the BPP K8s namespace:
1. **Create Namespace for BPP and Add Bitnami Helm Repository**
```bash
kubectl create namespace bpp-common-services
helm repo add bitnami https://charts.bitnami.com/bitnami
```
#### Install Redis
```bash
helm install -n bpp-common-services redis bitnami/redis \
--set auth.enabled=false \
--set replica.replicaCount=0 \
--set master.persistence.storageClass="gp2"
```
#### Install MongoDB
```bash
helm install -n bpp-common-services mongodb bitnami/mongodb \
--set persistence.storageClass="gp2"
# To get the Mongodb root password run:
kubectl get secret --namespace bap-common-services mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 -d)
```
#### Install RabbitMQ
```
helm install -n bpp-common-services rabbitmq bitnami/rabbitmq \
--set persistence.enabled=true \
--set persistence.storageClass="gp2" \
--set auth.username=beckn \
--set auth.password=$(openssl rand -base64 12)
```
### Proceed to Install Beckn-ONIX BAP & BPP
#### Generate SSL Key Pair
The Protocol Server (BAP/BPP) provides a key generation script.
**Note:** Ensure Node.js is installed on your system.
```bash
curl https://raw.githubusercontent.com/beckn/protocol-server/master/scripts/generate-keys.js > generate-keys.js
npm install libsodium-wrappers
node generate-keys.js
```
Copy the `publicKey` and `privateKey` from the output. You need to pass keys to following Helm install command. These keys are also added into the K8s secrets via Helm chart.
> **Info:** AWS CDK automates this process by using the same key generation script and passing the keys directly to the Helm chart.
#### Beck-ONIX BAP
```bash
helm install beckn-onix-bap . \
--set global.externalDomain=<bap_network_external_domain> \
--set global.registry_url=https://<registry_domain> \
--set global.ingress.tls.certificateArn="aws_certificate_manager_arm" \
--set global.bap.privateKey="private-key" \
--set global.bap.publicKey="public-key" \
--set global.efs.fileSystemId="efs-systemId"
```
#### Beckn-ONIX BPP
```bash
helm install beckn-onix-bpp . \
--set global.externalDomain=<bpp_network_external_domain> \
--set global.registry_url=https://<registry_domain> \
--set global.ingress.tls.certificateArn="aws_certificate_manager_arm"
--set global.bpp.privateKey="private-key" \
--set global.bpp.publicKey="public-key" \
--set global.efs.fileSystemId="efs-systemId"
```
## Next Steps
After installing all Beckn-Onix services, proceed with the next steps to complete the setup:
1. **[Verify Deployments](documentations/verify-deployments.md)**
To ensure that your Beckn-Onix services are running correctly, follow the instructions in the [Verify Deployments](documentations/verify-deployments.md) document. This will help you confirm that the services are operational and identify any issues that need to be addressed.
2. **[Update DNS Records](documentations/post-deployment-dns-config.md)**
To configure DNS settings for your services, follow the instructions provided in the [Post-Deployment DNS Configuration](documentations/post-deployment-dns-config.md) document. This will guide you through retrieving the necessary Load Balancer addresses and updating your DNS records.
3. **[Register BAP and BPP with Registry](documentations/post-deployment-bap-bpp-register.md)**
After updating your DNS records, you need to register your participants BAP and BPP network with the registry service. Follow the steps in the [BAP and BPP Registration](documentations/post-deployment-bap-bpp-register.md) document to complete this process.
Make sure to follow the detailed steps in the linked documents to complete the setup and ensure your services are correctly configured and registered.

49
aws-cdk/documentations/helm-updates-release-process.md Normal file
View File

@@ -0,0 +1,49 @@
# Updating Helm Charts and Creating Releases
## Overview
This guide provides instructions on how to update Helm charts and create a new release. Follow these steps to ensure your updates are applied and released correctly.
## Prerequisites
- Helm installed and configured on your local machine.
- Access to the Helm chart repository and necessary permissions.
## Steps to Update Helm Charts
1. **Clone the Repository**
```bash
git clone https://github.com/beckn/beckn-onix.git
cd aws-cdk/helm
```
2. **Create a New Branch for Updates**
```bash
git checkout -b <update-branch-name>
```
3. Update Helm Chart
* Navigate to the Helm chart directory: helm/registry
* Modify the necessary files (e.g., values.yaml, templates/, Chart.yaml)
Example change in values.yaml: `replicaCount: 3`
4. Test Your Changes Locally
**Note: *** Make sure to supply necessary inputs to Helm charts with `--set`
```bash
cd registry
helm lint registry .
helm --dry-run install registry .
helm --dry-run upgrade registry .
```
5. Update Chart Version
* Check the current version and increment the version in Chart.yaml
```bash
version: 1.1.0
```
6. Create a Pull Request to push your changes
## Creating a Release

BIN
aws-cdk/documentations/images/AWS-CDK-Flow.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 246 KiB

BIN
aws-cdk/documentations/images/Beckn-ONIX-AWS-reference-arch-master.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
aws-cdk/documentations/images/participant-network-role.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 177 KiB

BIN
aws-cdk/documentations/images/participant-status-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 231 KiB

BIN
aws-cdk/documentations/images/registry-network-participants.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 168 KiB

100
aws-cdk/documentations/post-deployment-bap-bpp-register.md Normal file
View File

@@ -0,0 +1,100 @@
# BAP and BPP registration with Registry
After updating your DNS records, you need to register the `bap-network` and `bpp-network` services with the registry service. Follow these instructions to complete the registration process:
## 1. Register BAP or BPP Network
### Formulate the Registration Payload
Use the table below to create the JSON payload for registering the `bap-network` or `bpp-network`:
| Field | Description | Example Value |
|----------------------|---------------------------------------------------------------|-------------------------------------------------------------|
| `subscriber_id` | Set this to the DNS name of the `bap-network` or `bpp-network`. | `bap-network.beckn-onix-aws-cdk.becknprotocol.io` or `bpp-network.beckn-onix-aws-cdk.becknprotocol.io` |
| `pub_key_id` | Public key that the BAP/BPP service started with. | |
| `unique_key_id` | Unique key identifier, usually in the format `subscriber_id.k1`. | `bap-network.beckn-onix-aws-cdk.becknprotocol.io.k1` or `bpp-network.beckn-onix-aws-cdk.becknprotocol.io.k1` |
| `subscriber_url` | URL of the `bap-network` or `bpp-network`. | `https://bap-network.beckn-onix-aws-cdk.becknprotocol.io` or `https://bpp-network.beckn-onix-aws-cdk.becknprotocol.io` |
| `domain` | Leave this as an empty string if not used. Or check if a domain has been configured on Registry. | ` ` |
| `extended_attributes`| Additional attributes if any. | `{"domains": []}` |
| `encr_public_key` | Encryption public key that the BAP/BPP service uses. This is same as `pub_key_id` | |
| `signing_public_key` | Signing public key that the BAP/BPP service uses. This is same as `pub_key_id` | |
| `valid_from` | Start date and time in ISO 8601 format. | `2024-09-05T09:27:57.630Z` |
| `valid_until` | Expiration date and time in ISO 8601 format. | `2027-09-06T09:28:40.494Z` |
| `type` | Set to `BAP` or `BPP` based on the service. | `BAP` or `BPP` |
| `country` | Country code. | `IND` |
| `status` | Use `SUBSCRIBED` to indicate that the registration is complete. | `SUBSCRIBED` |
**Example `curl` Command for BAP Network:**
```bash
curl --location --request POST 'https://registry.beckn-onix-aws-cdk.becknprotocol.io/subscribers/register' \
--header "Content-Type: application/json" \
--data-raw '{
"subscriber_id": "subscriber_id",
"pub_key_id": "public_key",
"unique_key_id": "subscriber_id.k1",
"subscriber_url": "https://url_bap_network",
"domain": " ",
"extended_attributes": {"domains": []},
"encr_public_key": "public_key",
"signing_public_key": "public_key",
"valid_from": "2024-09-05T09:27:57.630Z",
"valid_until": "2027-09-06T09:28:40.494Z",
"type": "BAP",
"country": "IND",
"status": "SUBSCRIBED"
}'
```
**Example `curl` Command for BPP Network:**
```bash
curl --location --request POST 'https://registry.beckn-onix-aws-cdk.becknprotocol.io/subscribers/register' \
--header "Content-Type: application/json" \
--data-raw '{
"subscriber_id": "subscriber_id",
"pub_key_id": "public_key",
"unique_key_id": "subscriber_id.k1",
"subscriber_url": "https://url-bpp-network",
"domain": " ",
"extended_attributes": {"domains": []},
"encr_public_key": "public_key",
"signing_public_key": "public_key",
"valid_from": "2024-09-05T09:27:57.630Z",
"valid_until": "2027-09-06T09:28:40.494Z",
"type": "BPP",
"country": "IND",
"status": "SUBSCRIBED"
}'
```
### Update Status in Registry UI
After sending the registration request, you need to manually update the status in the registry service UI. The auto-registration feature of BAP and BPP with Registry is in the backlog. Follow these steps:
1. **Login into the Registry**
Navigate to the **Admin** section, and click on **Network Participant**.
<img src="images/registry-network-participants.png" alt="Admin - Network Participant" width="600" style="border: 2px solid #000000;">
2. **Open BAP or BPP Participant**
Find and select the **BAP** or **BPP** participant you registered earlier.
<img src="images/participant-network-role.png" alt="Open BAP or BPP Participant" width="600" style="border: 2px solid #000000;">
3. **Navigate to Network Role Tab and Edit**
Go to the **Network Role** tab and click **Edit**.
<img src="images/participant-network-role.png" alt="Network Role Tab" width="600" style="border: 2px solid #000000;">
4. **Edit Status and Select SUBSCRIBE**
Update the status from `INITIATED` to `SUBSCRIBED`, then save your changes.
<img src="images/participant-status-update.png" alt="Edit Status" width="600" style="border: 2px solid #000000;">

50
aws-cdk/documentations/post-deployment-dns-config.md Normal file
View File

@@ -0,0 +1,50 @@
# Beckn-ONIX DNS Configuration
After verifying that the Beckn-Onix services (`registry`, `gateway`, `bap-network`, and `bap-client`) are successfully deployed, you need to update your DNS settings to ensure proper routing of traffic. Follow these steps to configure your DNS records.
### Retrieve the Amazon ALB's DNS Addresses
Run following commands to extract the external DNS name of the Amazon ALB attached with Ingress across all Beckn-ONIX services.
Alternatively, you can retrieve the DNS names of the Amazon ALBs associated with the Ingress resources from the AWS Management Console or using the AWS CLI.
#### Registry
```bash
kubectl -n beckn-onix-registry get ingress -o jsonpath='{.items[*].status.loadBalancer.ingress[*].hostname}'
```
#### Gateway
```bash
kubectl -n beckn-onix-registry get ingress -o jsonpath='{.items[*].status.loadBalancer.ingress[*].hostname}'
```
#### BAP Network
```bash
kubectl -n beckn-onix-bap get ingress -o jsonpath='{.items[*].status.loadBalancer.ingress[*].hostname}'
```
#### BPP Network
```bash
kubectl -n beckn-onix-bpp get ingress -o jsonpath='{.items[*].status.loadBalancer.ingress[*].hostname}'
```
### Update DNS Records
#### 1. Log in to Your DNS Provider
Access the management console of your domain registrar or DNS hosting provider. For instance, if using Amazon Route 53, go to the Route 53 dashboard in the AWS Management Console.
#### 2. Add DNS Records
Create or update DNS records for each service. You need to set up the following DNS records for your services:
- **Type:** CNAME (or Alias record if using Route 53)
- **Name:** The subdomain you want to use (e.g., `registry.beckn-onix-aws-cdk.becknprotocol.io`, `gateway.beckn-onix-aws-cdk.becknprotocol.io`, etc.)
- **Value:** The respective DNS name of the Amazon ALB retrieved in the previous step.
## Next Steps
After updating your DNS records, you need to register your participants BAP and BPP network with the registry service. Follow the steps in the [BAP and BPP Registration](documentations/post-deployment-bap-bpp-register.md) document to complete this process.
**[Register BAP and BPP with Registry](documentations/post-deployment-bap-bpp-register.md)**

112
aws-cdk/documentations/verify-deployments.md Normal file
View File

@@ -0,0 +1,112 @@
### Verifying Deployed Beckn-ONIX Services in Amazon EKS
Once the Helm charts are successfully deployed, you can verify that the services (Registry, Gateway, Redis, MongoDB, RabbitMQ, BAP and BPP) are running correctly in your Amazon EKS cluster by using the following commands.
#### 1. Verify Namespaces
Run the following command to check `namespaces`
```bash
$ kubectl get namespaces
NAME STATUS AGE
bap-common-services Active 5d21h
beckn-onix-bap Active 5d21h
beckn-onix-bpp Active 4d20h
beckn-onix-gateway Active 6d19h
beckn-onix-registry Active 6d20h
bpp-common-services Active 4d21h
```
#### 2. Verify Pods Status
Run the following command to check the status of all pods in the `namespace` where the services are deployed:
```bash
$ kubectl -n beckn-onix-registry get pod
NAME READY STATUS RESTARTS AGE
beckn-onix-registry-5f96f7b755-49nz6 1/1 Running 0 2d1h
```
```bash
$ kubectl -n beckn-onix-gateway get pod
NAME READY STATUS RESTARTS AGE
beckn-onix-gateway-574d67df98-qbvtb 1/1 Running 0 2d1h
```
```bash
$ kubectl -n bap-common-services get pod
NAME READY STATUS RESTARTS AGE
mongodb-597955cb85-kctrd 1/1 Running 0 5d21h
rabbitmq-0 1/1 Running 0 2d1h
redis-master-0 1/1 Running 0 5d21h
```
```bash
$ kubectl -n bpp-common-services get pod
NAME READY STATUS RESTARTS AGE
mongodb-597955cb85-nqs4r 1/1 Running 0 4d21h
rabbitmq-0 1/1 Running 0 2d1h
redis-master-0 1/1 Running 0 2d1h
```
```bash
$ kubectl -n beckn-onix-bap get pod
NAME READY STATUS RESTARTS AGE
bap-client-84c5d6b6fd-cb9qr 1/1 Running 0 2d1h
bap-network-d875cdb9c-btjcl 1/1 Running 0 2d1h
```
```bash
$ kubectl -n beckn-onix-bpp get pod
NAME READY STATUS RESTARTS AGE
bpp-client-59f976cb94-4cmwh 1/1 Running 0 2d1h
bpp-network-5f88bb75d9-jc7g4 1/1 Running 0 2d1h
```
#### 3. Verify Ingress and Kubernetes Service
The Ingress resource provisions an Amazon Application Load Balancer (ALB) that routes external traffic to the appropriate Kubernetes service, which then directs the traffic to the underlying service pods.
```bash
$ kubectl -n beckn-onix-registry get ingress,svc
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/beckn-onix-registry-ingress alb * beckn-onix-registry-1902090994.ap-south-1.elb.amazonaws.com 80 6d20h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/beckn-onix-registry-svc ClusterIP 10.100.55.190 <none> 3030/TCP 6d20h
```
```bash
$ kubectl -n beckn-onix-gateway get ingress,svc
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/beckn-onix-gateway-ingress alb * beckn-onix-gateway-1452877031.ap-south-1.elb.amazonaws.com 80 6d19h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/beckn-onix-gateway-svc ClusterIP 10.100.44.118 <none> 4030/TCP 6d19h
```
```bash
$ kubectl -n beckn-onix-bap get ingress,svc
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/bap-network-ingress alb * beckn-onix-bap-network-1610405288.ap-south-1.elb.amazonaws.com 80 5d20h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/bap-network-svc ClusterIP 10.100.36.244 <none> 5001/TCP 5d21h
```
```bash
$ kubectl -n beckn-onix-bpp get ingress,svc
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/bpp-network-ingress alb * beckn-onix-bpp-network-736891093.ap-south-1.elb.amazonaws.com 80 4d21h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/bpp-network-svc ClusterIP 10.100.130.43 <none> 6001/TCP 4d21h
```
## Next Steps
After verifying that all Beckn-Onix services have been deployed successfully, proceed with the next steps to complete the setup:
1. **[Update DNS Records](post-deployment-dns-config.md)**
To configure DNS settings for your services, follow the instructions provided in the [Post-Deployment DNS Configuration](post-deployment-dns-config.md) document. This will guide you through retrieving the necessary Load Balancer addresses and updating your DNS records.
Make sure to follow the detailed steps in the linked document to ensure that your DNS records are correctly configured for proper service routing.