Complete Overture stack deployment on Kubernetes with authentication, file management, and data indexing.
- Kubernetes cluster (k3d recommended for dev)
- kubectl configured
- Helm 3.x installed
- nginx-ingress controller
In dev you might want to use k3d for quick setup:
k3d cluster create agari --agents 2 --port "80:80@loadbalancer"
# Install nginx ingress
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
# Wait for readiness
kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300skubectl create namespace agarihelm install minio ./helm/minio -n agari
# Minio might require prot-forwarding:
kubectl port-forward -n agari service/minio 9000:9000helm repo add bitnami https://charts.bitnami.com/bitnami
helm install kafka bitnami/kafka -f helm/kafka/values-bitnami.yaml -n agari# Database
helm install keycloak-db ./helm/keycloak-db -n agari
# Keycloak
helm install keycloak ./helm/keycloak -n agariSet up the client in Keycloak and copy the secret to song, score, maestro and folio values.yaml
use utils/update-secrets.sh script to update the secrets in all services
# Database
helm install song-db ./helm/song-db -n agari
# Song
helm install song ./helm/song -n agarihelm install score ./helm/score -n agari# Elasticsearch
helm install elasticsearch ./helm/elasticsearch -n agari
# Create agari-index with proper mapping
curl -X PUT "http://elasticsearch.local/agari-index" \
-H "Content-Type: application/json" \
-d @helm/elasticsearch/configs/agari-index-mapping.jsonhelm install maestro ./helm/maestro -n agari# Set up Arranger configuration
kubectl create configmap arranger-config --from-file=helm/arranger/configs/ -n agari
# Arranger
helm install arranger ./helm/arranger -n agariFind Folio repo at https://github.com/OpenUpSA/agari-folio
# Database
helm install folio-db ./helm/folio-db -n agari
# Folio
helm install folio ./helm/folio -n agari
For local development, you can use /etc/hosts to map the services:
echo "127.0.0.1 song.local
127.0.0.1 score.local
127.0.0.1 maestro.local
127.0.0.1 arranger.local
127.0.0.1 keycloak.local
127.0.0.1 elasticsearch.local
127.0.0.1 minio-console.local
127.0.0.1 folio.local" | sudo tee -a /etc/hostsServices are available at these URLs:
- SONG API: http://song.local/swagger-ui.html
- Score API: http://score.local/swagger-ui.html
- Arranger GraphQL: http://arranger.local/graphql
- Keycloak: http://keycloak.local
- Elasticsearch: http://elasticsearch.local
- MinIO Console: http://minio-console.local
- Folio: http://folio.local/docs
- Keycloak Admin: admin / admin123
-
Realm:
agari- Group:
admin
- User:
admin/admin123(member ofadmingroup)
- Client:
dms- Data Management System (for SONG, Score, Maestro). Policy enforcement:permissiveand Decision strategy:affirmative- Scopes:
READWRITEADMIN
- Resources:
song- SONG API - withREADandWRITEscopesscore- Score API - withREADandWRITEscopesfolio- Folio API - withREADandWRITEscopes
- Policies:
admin-policy- group policy - withadmingroupclient-policy- client policy - withdmsclient (This is very Important as it enables song and score to communicate)
- Permissions:
admin-permission- resourcessong,scoreandfoliowithadmin-policyclient-permission- resourcessong,scoreandfoliowithclient-policy
- Service account roles:
realm-admin- to allow service account (folio) to manage users and roles programmatically
- Scopes:
- Group:
# Get JWT token from Keycloak
curl -d "client_id=song-api" \
-d "client_secret=song-secret" \
-d "[email protected]" \
-d "password=admin123" \
-d "grant_type=password" \
"http://keycloak.local/realms/agari/protocol/openid-connect/token"- Submit metadata → SONG validates and stores in PostgreSQL
- Upload files → Score stores in MinIO object storage
- Analysis events → Kafka message queue
- Index data → Maestro processes and indexes in Elasticsearch
- Query data → Arranger provides GraphQL API
Visit http://arranger.local/graphql to access the GraphQL playground. Here are example queries you can copy and paste:
query {
file {
hits {
total
}
}
}query {
__type(name: "fileNode") {
name
fields {
name
type {
name
}
}
}
}query GetFilesWithAnalysis {
file {
hits {
total
edges {
node {
id
data_type
file_access
file_type
object_id
study_id
analysis {
analysis_id
analysis_type
analysis_state
analysis_version
experiment
first_published_at
published_at
updated_at
}
file {
name
size
md5sum
}
}
}
}
}
}
kubectl get pods -n agari
kubectl get ingress -n agarikubectl logs <pod-name> -n agariGreat for freeing up some system resources when idle
kubectl scale --replicas=0 deployment --all -n agari
kubectl scale --replicas=1 deployment --all -n agariKey configuration files:
helm/*/values.yaml- Service configurationshelm/elasticsearch/configs/agari-index-mapping.json- Elasticsearch schema