helm charts

# 🐳 Deploy Open Operator Platform (OOP) on kind

Complete guide for deploying the OOP platform on kind (Kubernetes in Docker).

## 📋 Prerequisites

- **Docker** installed and running

- **kind** installed (`brew install kind` or download from https://kind.sigs.k8s.io/)

- **kubectl** installed and configured

- **Helm 3.x** installed

- At least **8GB RAM** and **4 CPU cores** available for Docker

---

## 🚀 Quick Deployment (Automated)

### Step 1: Create kind Cluster with Port Mappings

```bash

# Create cluster configuration

cat > kind-oop-config.yaml << 'EOF'

kind: Cluster

apiVersion: kind.x-k8s.io/v1alpha4

name: oop-cluster

nodes:

- role: control-plane

  # Port mappings for OOP services

  extraPortMappings:

  # Core Platform (oop namespace)

  - containerPort: 32415    # SRM

    hostPort: 32415

    protocol: TCP

  - containerPort: 30080    # Artifact Manager

    hostPort: 30080

    protocol: TCP

  - containerPort: 32263    # OEG

    hostPort: 32263

    protocol: TCP

  # Federation Manager (federation-manager namespace)

  - containerPort: 30081    # Keycloak

    hostPort: 30081

    protocol: TCP

  - containerPort: 30989    # Federation Manager

    hostPort: 30989

    protocol: TCP

  # Storage mounts for MongoDB persistence

  extraMounts:

  - hostPath: /tmp/kind-oop/mongodb_srm

    containerPath: /mnt/data/mongodb_srm

  - hostPath: /tmp/kind-oop/mongodb_oeg

    containerPath: /mnt/data/mongodb_oeg

EOF

# Create the kind cluster

kind create cluster --config kind-oop-config.yaml

```

### Step 2: Prepare Storage Directories

```bash

# Create storage directories on your host

sudo mkdir -p /tmp/kind-oop/mongodb_srm

sudo mkdir -p /tmp/kind-oop/mongodb_oeg

# Set permissions

sudo chmod -R 777 /tmp/kind-oop/

```

### Step 3: Extract and Deploy

```bash

# Extract the OOP platform chart

unzip oop-platform-chart.zip

cd oop-platform-chart

# Run automated deployment

./deploy.sh

```

The script will:

- Create both namespaces (`oop` and `federation-manager`)

- Create service account and token

- Configure the platform

- Deploy all services

- Show access URLs

### Step 4: Access Services

```bash

# All services accessible via localhost!

echo "✅ OOP Platform Access URLs:"

echo "   SRM:              http://localhost:32415"

echo "   Artifact Manager: http://localhost:30080"

echo "   OEG:              http://localhost:32263/oeg/1.0.0/docs/"

echo "   Keycloak:         http://localhost:30081"

echo "   Keycloak Admin:   http://localhost:30081/admin (admin/admin)"

echo "   Federation Mgr:   http://localhost:30989"

```

---

## 📝 Manual Step-by-Step Deployment

### Step 1: Create kind Cluster

```bash

# Use the same configuration from above

kind create cluster --config kind-oop-config.yaml

# Verify cluster

kubectl cluster-info --context kind-oop-cluster

kubectl get nodes

```

### Step 2: Create Storage

```bash

# Create directories

sudo mkdir -p /tmp/kind-oop/mongodb_{srm,oeg}

sudo chmod 777 /tmp/kind-oop/mongodb_*

# Verify

ls -la /tmp/kind-oop/

```

### Step 3: Create Namespaces

```bash

# Create both namespaces

kubectl create namespace oop

kubectl create namespace federation-manager

# Verify

kubectl get namespaces

```

### Step 4: Create Service Account and Token

```bash

# Create service account in oop namespace

kubectl create serviceaccount oop-user -n oop

# Create cluster role binding

kubectl create clusterrolebinding oop-user-binding \

  --clusterrole=cluster-admin \

  --serviceaccount=oop:oop-user

# Get token (save this!)

kubectl create token oop-user -n oop --duration=87600h

```

**Copy the token!**

### Step 5: Configure Helm Chart

```bash

cd oop-platform-chart

# Edit values.yaml

nano values.yaml

# Find this section and update the token:

# srm:

#   srmcontroller:

#     env:

#       kubernetesMasterToken: "PASTE_YOUR_TOKEN_HERE"

# Save and exit (Ctrl+X, Y, Enter)

```

### Step 6: Deploy Platform

```bash

# Deploy everything

helm install oop-platform . -n oop

# Watch deployment

kubectl get pods -n oop -w

kubectl get pods -n federation-manager -w

```

Press Ctrl+C when all pods are Running.

---

## ✅ Verification

### Check All Pods

```bash

# Check core platform

kubectl get pods -n oop

# Expected output (all Running):

# NAME                              READY   STATUS    RESTARTS   AGE

# mongosrm-xxx                      1/1     Running   0          2m

# srmcontroller-xxx                 1/1     Running   0          2m

# artefact-manager-xxx              1/1     Running   0          2m

# oegmongo-xxx                      1/1     Running   0          2m

# oegcontroller-xxx                 1/1     Running   0          2m

# Check federation & auth

kubectl get pods -n federation-manager

# Expected output (all Running):

# NAME                              READY   STATUS    RESTARTS   AGE

# keycloak-xxx                      1/1     Running   0          2m

# federation-manager-xxx            1/1     Running   0          2m

```

### Check Services

```bash

kubectl get svc -n oop

kubectl get svc -n federation-manager

```

### Test Access

```bash

# Test SRM

curl -I http://localhost:32415

# Test Artifact Manager

curl -I http://localhost:30080

# Test OEG

curl -I http://localhost:32263

# Test Keycloak

curl -I http://localhost:30081

# Test Federation Manager

curl -I http://localhost:30989

```

### Open in Browser

```bash

# macOS

open http://localhost:32263/oeg/1.0.0/docs/

open http://localhost:30081/admin

# Linux

xdg-open http://localhost:32263/oeg/1.0.0/docs/

xdg-open http://localhost:30081/admin

# Or just open in your browser manually

```

---

## 🔍 Troubleshooting

### Pods Stuck in Pending

```bash

# Check pod details

kubectl describe pod <pod-name> -n oop

# Common issue: Storage not mounted

# Solution: Verify storage directories exist

ls -la /tmp/kind-oop/

```

### PVC Not Binding

```bash

# Check PVCs

kubectl get pvc -n oop

# Check PVs

kubectl get pv

# If PV not created, storage paths might be wrong

# Verify extraMounts in kind config match hostPath in values.yaml

```

### Cannot Access Services

```bash

# Verify port mappings

docker ps

# Should see ports 32415, 30080, 32263, 30081, 30989 mapped

# If not, you need to recreate cluster with correct port mappings

```

### Token Issues

```bash

# Generate new token

kubectl create token oop-user -n oop --duration=87600h

# Update values.yaml and upgrade

helm upgrade oop-platform . -n oop

```

### Pods Restarting

```bash

# Check logs

kubectl logs <pod-name> -n oop

kubectl logs <pod-name> -n federation-manager

# Check events

kubectl get events -n oop --sort-by='.lastTimestamp'

kubectl get events -n federation-manager --sort-by='.lastTimestamp'

```

### Cross-Namespace Connectivity Issues

```bash

# Test DNS resolution

kubectl exec -it deployment/federation-manager -n federation-manager -- \

  nslookup mongosrm.oop.svc.cluster.local

# Should resolve to MongoDB service IP

# If not, check if oop namespace exists and mongosrm service is running

```

---

## 🎯 Complete Test Workflow

### 1. Deploy Platform

```bash

cd oop-platform-chart

./deploy.sh

```

### 2. Wait for All Pods

```bash

# Watch until all 7 pods are Running

watch kubectl get pods -n oop,federation-manager

```

### 3. Test Each Service

```bash

# SRM

curl http://localhost:32415/srm/1.0.0/node

echo "✅ SRM working"

# Artifact Manager

curl http://localhost:30080

echo "✅ Artifact Manager working"

# OEG

curl http://localhost:32263/oeg/1.0.0/docs/

echo "✅ OEG working"

# Keycloak

curl http://localhost:30081

echo "✅ Keycloak working"

# Federation Manager

curl http://localhost:30989/api/v1

echo "✅ Federation Manager working"

```

### 4. Test Keycloak Authentication

```bash

# Get OAuth2 token

TOKEN=$(curl -X POST http://localhost:30081/realms/federation/protocol/openid-connect/token \

  -H "Content-Type: application/x-www-form-urlencoded" \

  -d "grant_type=client_credentials" \

  -d "client_id=originating-op-1" \

  -d "client_secret=dd7vNwFqjNpYwaghlEwMbw10g0klWDHb" \

  -d "scope=fed-mgmt" | jq -r '.access_token')

echo "Token: $TOKEN"

# Use token to call Federation Manager

curl -H "Authorization: Bearer $TOKEN" \

  http://localhost:30989/api/v1/status

echo "✅ OAuth2 authentication working"

```

### 5. Test Cross-Namespace Communication

```bash

# Check Federation Manager can reach MongoDB in oop namespace

kubectl exec -it deployment/federation-manager -n federation-manager -- \

  nc -zv mongosrm.oop.svc.cluster.local 27017

echo "✅ Cross-namespace communication working"

```

---

## 📊 View Logs

### SRM Logs

```bash

kubectl logs -f deployment/srmcontroller -n oop

```

### OEG Logs

```bash

kubectl logs -f deployment/oegcontroller -n oop

```

### Keycloak Logs

```bash

kubectl logs -f deployment/keycloak -n federation-manager

```

### Federation Manager Logs

```bash

kubectl logs -f deployment/federation-manager -c federation-manager -n federation-manager

```

---

## 🔄 Update/Upgrade Platform

```bash

# Edit configuration

nano values.yaml

# Upgrade deployment

helm upgrade oop-platform . -n oop

# Watch pods restart

kubectl get pods -n oop,federation-manager -w

```

---

## 🗑️ Clean Up

### Uninstall Platform

```bash

# Uninstall Helm release

helm uninstall oop-platform -n oop

# Delete namespaces

kubectl delete namespace oop

kubectl delete namespace federation-manager

```

### Delete kind Cluster

```bash

# Delete cluster

kind delete cluster --name oop-cluster

# Clean up storage

sudo rm -rf /tmp/kind-oop/

```

### Complete Cleanup

```bash

# Everything at once

helm uninstall oop-platform -n oop

kubectl delete namespace oop federation-manager

kind delete cluster --name oop-cluster

sudo rm -rf /tmp/kind-oop/

```

---

## 🎓 kind-Specific Notes

### 1. **Localhost Access**

- In kind, all services are accessible via `localhost` (not node IP)

- Thanks to extraPortMappings in cluster config

### 2. **Storage**

- kind uses Docker volumes

- Host path: `/tmp/kind-oop/` → Container path: `/mnt/data/`

- Data persists on your host machine

### 3. **Resource Limits**

- kind cluster uses Docker resources

- Make sure Docker has enough:

  - **Memory**: 8GB minimum

  - **CPU**: 4 cores minimum

  - Check: Docker Desktop → Settings → Resources

### 4. **Network**

- kind creates its own Docker network

- Services communicate via Kubernetes DNS

- Cross-namespace DNS works out of the box

### 5. **Multiple Clusters**

```bash

# List clusters

kind get clusters

# Switch context

kubectl config use-context kind-oop-cluster

# Delete specific cluster

kind delete cluster --name oop-cluster

```

---

## 🚀 Quick Commands Reference

```bash

# Create cluster

kind create cluster --config kind-oop-config.yaml

# Deploy platform

cd oop-platform-chart && ./deploy.sh

# Check status

kubectl get pods -n oop,federation-manager

# Access services

open http://localhost:32263/oeg/1.0.0/docs/

open http://localhost:30081/admin

# View logs

kubectl logs -f deployment/srmcontroller -n oop

# Clean up

kind delete cluster --name oop-cluster

```

---

## ✨ Success Criteria

Your deployment is successful when:

✅ kind cluster created with port mappings

✅ Both namespaces exist (oop, federation-manager)

✅ All 7 pods are Running (1/1)

✅ All services accessible via localhost

✅ Keycloak admin UI loads at localhost:30081

✅ OEG Swagger UI loads at localhost:32263/oeg/1.0.0/docs/

✅ Cross-namespace DNS resolution works

✅ OAuth2 token can be obtained from Keycloak

✅ Federation Manager can connect to SRM's MongoDB

---

## 🎉 You're Ready!

Your complete OOP platform is now running on kind!

All services accessible via localhost thanks to kind's port mappings.

Happy testing! 🚀

╔═══════════════════════════════════════════════════════════════════╗

║                                                                   ║

║         🐳 OOP PLATFORM ON KIND - QUICK START GUIDE 🐳           ║

║                                                                   ║

╚═══════════════════════════════════════════════════════════════════╝

📦 WHAT YOU NEED

1. oop-platform-chart.zip (extracted)

2. kind-oop-config.yaml

3. deploy-on-kind.sh (optional - for automation)

═══════════════════════════════════════════════════════════════════

⚡ FASTEST METHOD (Automated Script)

1. Extract files:

   unzip oop-platform-chart.zip

2. Run deployment script:

   ./deploy-on-kind.sh

   Done! Everything automated.

═══════════════════════════════════════════════════════════════════

🎯 MANUAL METHOD (4 Simple Steps)

STEP 1: Create Storage

───────────────────────

sudo mkdir -p /tmp/kind-oop/mongodb_{srm,oeg}

sudo chmod -R 777 /tmp/kind-oop/

STEP 2: Create kind Cluster

────────────────────────────

kind create cluster --config kind-oop-config.yaml

STEP 3: Deploy Platform

────────────────────────

cd oop-platform-chart

./deploy.sh

STEP 4: Access Services

────────────────────────

open http://localhost:32263/oeg/1.0.0/docs/

open http://localhost:30081/admin

═══════════════════════════════════════════════════════════════════

🌐 ACCESS URLs (All via localhost!)

http://localhost:32415        SRM Dashboard

http://localhost:30080        Artifact Manager

http://localhost:32263        OEG API + Swagger

http://localhost:30081        Keycloak

http://localhost:30081/admin  Keycloak Admin (admin/admin)

http://localhost:30989        Federation Manager

═══════════════════════════════════════════════════════════════════

✅ VERIFICATION

Check all pods running:

  kubectl get pods -n oop

  kubectl get pods -n federation-manager

Expected: 7 pods total (5 in oop, 2 in federation-manager)

Test services:

  curl http://localhost:32415

  curl http://localhost:30080

  curl http://localhost:32263

  curl http://localhost:30081

  curl http://localhost:30989

═══════════════════════════════════════════════════════════════════

🔐 TEST KEYCLOAK AUTHENTICATION

Get OAuth2 token:

  curl -X POST http://localhost:30081/realms/federation/protocol/openid-connect/token \

    -H "Content-Type: application/x-www-form-urlencoded" \

    -d "grant_type=client_credentials" \

    -d "client_id=originating-op-1" \

    -d "client_secret=dd7vNwFqjNpYwaghlEwMbw10g0klWDHb" \

    -d "scope=fed-mgmt"

Should return:

  {

    "access_token": "eyJhbGci...",

    "token_type": "Bearer",

    "expires_in": 300

  }

═══════════════════════════════════════════════════════════════════

📋 USEFUL COMMANDS

View logs:

  kubectl logs -f deployment/srmcontroller -n oop

  kubectl logs -f deployment/keycloak -n federation-manager

  kubectl logs -f deployment/federation-manager -c federation-manager -n federation-manager

Check status:

  kubectl get pods -n oop,federation-manager

  kubectl get svc -n oop,federation-manager

Describe pod:

  kubectl describe pod <pod-name> -n oop

View events:

  kubectl get events -n oop --sort-by='.lastTimestamp'

Test cross-namespace DNS:

  kubectl exec -it deployment/federation-manager -n federation-manager -- \

    nslookup mongosrm.oop.svc.cluster.local

═══════════════════════════════════════════════════════════════════

🗑️ CLEANUP

Quick cleanup:

  kind delete cluster --name oop-cluster

  sudo rm -rf /tmp/kind-oop/

Complete cleanup:

  helm uninstall oop-platform -n oop

  kubectl delete namespace oop federation-manager

  kind delete cluster --name oop-cluster

  sudo rm -rf /tmp/kind-oop/

═══════════════════════════════════════════════════════════════════

🔧 TROUBLESHOOTING

Pods not starting?

  → Check: kubectl describe pod <pod-name> -n oop

  → Check: kubectl logs <pod-name> -n oop

Services not accessible?

  → Verify: docker ps | grep oop-cluster

  → Ports should show: 32415, 30080, 32263, 30081, 30989

  → If not: Recreate cluster with kind-oop-config.yaml

Storage issues?

  → Check: ls -la /tmp/kind-oop/

  → Permissions: sudo chmod -R 777 /tmp/kind-oop/

Token issues?

  → Regenerate: kubectl create token oop-user -n oop --duration=87600h

  → Update in values.yaml and upgrade

Cross-namespace not working?

  → Test DNS: kubectl exec -it deployment/federation-manager -n federation-manager -- \

              nslookup mongosrm.oop.svc.cluster.local

  → Should resolve to MongoDB IP

═══════════════════════════════════════════════════════════════════

💡 KIND-SPECIFIC NOTES

1. All services accessible via LOCALHOST (not node IP)

2. Storage in /tmp/kind-oop/ persists on host

3. Cluster runs in Docker container

4. Port mappings defined in kind-oop-config.yaml

5. Cross-namespace DNS works automatically

═══════════════════════════════════════════════════════════════════

📊 ARCHITECTURE

Namespace: oop

  ├─ mongosrm (MongoDB)

  ├─ srmcontroller (SRM)

  ├─ artefact-manager

  ├─ oegmongo (MongoDB)

  └─ oegcontroller (OEG)

Namespace: federation-manager

  ├─ keycloak (Auth Server)

  └─ federation-manager

      └─ Connects to: mongosrm.oop.svc.cluster.local

Total: 7 pods, 2 namespaces

═══════════════════════════════════════════════════════════════════

🎯 SUCCESS CRITERIA

✅ kind cluster created: oop-cluster

✅ 2 namespaces: oop, federation-manager

✅ 7 pods running (5 + 2)

✅ All services accessible via localhost

✅ Swagger UI loads: localhost:32263/oeg/1.0.0/docs/

✅ Keycloak Admin UI loads: localhost:30081/admin

✅ Can get OAuth2 token from Keycloak

✅ Cross-namespace DNS resolution works

✅ Federation Manager connects to SRM MongoDB

═══════════════════════════════════════════════════════════════════

🚀 YOU'RE READY TO TEST!

Everything accessible via localhost - no IP addresses needed!

Happy testing on kind! 🎉

═══════════════════════════════════════════════════════════════════

╔═══════════════════════════════════════════════════════════════════╗

║                                                                   ║

║                   ✅ FINAL FIX - RUN THIS NOW ✅                 ║

║                                                                   ║

╚═══════════════════════════════════════════════════════════════════╝

🔧 THE ISSUE:

The deploy.sh was creating namespaces, then Helm tried to import them → conflict!

✅ THE FIX:

Updated deploy.sh to let Helm manage namespaces properly.

═══════════════════════════════════════════════════════════════════

🚀 QUICK FIX (3 COMMANDS):

# 1. Download the UPDATED oop-platform-chart.zip and extract it

# 2. Clean up

helm uninstall oop-platform -n oop 2>/dev/null || true

kubectl delete ns oop federation-manager

sleep 10

# 3. Deploy with updated chart

cd oop-platform-chart

./deploy.sh

═══════════════════════════════════════════════════════════════════

📋 ONE-LINER:

helm uninstall oop-platform -n oop 2>/dev/null; kubectl delete ns oop federation-manager; sleep 10; cd oop-platform-chart && ./deploy.sh

═══════════════════════════════════════════════════════════════════

⚡ WHAT'S DIFFERENT IN THE UPDATED CHART:

✅ deploy.sh no longer creates namespaces manually

✅ Helm manages namespace lifecycle with --create-namespace

✅ Federation Manager creates its own namespace properly

✅ No more ownership conflicts!

═══════════════════════════════════════════════════════════════════

✨ EXPECTED RESULT:

After running, you should see:

✅ namespace/oop created

✅ namespace/federation-manager created  

✅ All 7 pods deploying

✅ No errors!

Check with:

  kubectl get pods -n oop

  kubectl get pods -n federation-manager

═══════════════════════════════════════════════════════════════════

🌐 ACCESS (via localhost on kind):

http://localhost:32415        SRM

http://localhost:30080        Artifact Manager

http://localhost:32263        OEG

http://localhost:30081        Keycloak

http://localhost:30989        Federation Manager

═══════════════════════════════════════════════════════════════════

⏱️ TOTAL TIME: ~3 minutes

Cleanup (10 sec) + Deploy (2-3 min) = Working platform!

═══════════════════════════════════════════════════════════════════

🎯 SUMMARY:

1. Download UPDATED oop-platform-chart.zip

2. Run cleanup one-liner above

3. Your platform deploys successfully!

═══════════════════════════════════════════════════════════════════

kind: Cluster

apiVersion: kind.x-k8s.io/v1alpha4

name: oop-cluster

nodes:

- role: control-plane

  # Port mappings for accessing services from host via localhost

  extraPortMappings:

  # Core Platform Services (oop namespace)

  - containerPort: 32415    # SRM Dashboard

    hostPort: 32415

    protocol: TCP

  - containerPort: 30080    # Artifact Manager

    hostPort: 30080

    protocol: TCP

  - containerPort: 32263    # OEG API

    hostPort: 32263

    protocol: TCP

  # Federation Services (federation-manager namespace)

  - containerPort: 30081    # Keycloak

    hostPort: 30081

    protocol: TCP

  - containerPort: 30989    # Federation Manager

    hostPort: 30989

    protocol: TCP

  # Storage volumes for MongoDB persistence

  extraMounts:

  - hostPath: /tmp/kind-oop/mongodb_srm

    containerPath: /mnt/data/mongodb_srm

  - hostPath: /tmp/kind-oop/mongodb_oeg

    containerPath: /mnt/data/mongodb_oeg