Installation

This section provides comprehensive instructions for deploying the Organization Wallet on-premise using the provided Helm charts.

Overview

The installation process consists of three main steps:

Setting up the required PostgreSQL database
Creating necessary Kubernetes secrets
Deploying the application using Helm charts

Prerequisites

Before proceeding with the installation, ensure you have:

Access to a Kubernetes cluster
PostgreSQL database server
Kubectl command-line tool configured to communicate with your cluster
Helm 3.8.0 or later installed or ArgoCD v2.3 or later

Database Setup

The Organization Wallet requires a PostgreSQL database for operation.

Create a new PostgreSQL database. In this documentation, we use the name organization_wallet. Note that the database naming in this documentation serves as examples only - you may use your own naming convention.
Create a database user organization_wallet_flyway_user for maintaining the database schema. This user requires DDL (Data Definition Language) authorizations to create and update schemas:
```
CREATE USER organization_wallet_flyway_user WITH ENCRYPTED PASSWORD 'your_flyway_password';
GRANT ALL ON DATABASE organization_wallet TO organization_wallet_flyway_user;
```

Create a database user organization_wallet_user for normal operation. This user requires DML (Data Manipulation Language) authorizations:

CREATE USER organization_wallet_user WITH ENCRYPTED PASSWORD 'your_password';

GRANT CONNECT ON DATABASE organization_wallet TO organization_wallet_user;
GRANT USAGE ON SCHEMA public TO organization_wallet_user;
GRANT ALL on ALL TABLES IN SCHEMA public TO organization_wallet_user;
GRANT ALL on ALL SEQUENCES IN SCHEMA public TO organization_wallet_user;

Kubernetes Secrets Configuration

You need to create three Kubernetes secrets for the application components:

A secret for the backend containing the database credentials. The name organization-webwallet-backend is fixed:

kubectl create secret generic organization-webwallet-backend \
--namespace=your-namespace \
--from-literal=SPRING_FLYWAY_USER=organization_wallet_flyway_user \
--from-literal=SPRING_FLYWAY_PASSWORD='your-flyway-password' \
--from-literal=SPRING_DATASOURCE_USERNAME=organization_wallet_user \
--from-literal=SPRING_DATASOURCE_PASSWORD='your-password'

An empty secret for the frontend. The name organization-webwallet-frontend is fixed:

kubectl create secret generic organization-webwallet-frontend \
--namespace=your-namespace 

An empty secret for the documentation. The name organization-webwallet-documentation is fixed:

kubectl create secret generic organization-webwallet-documentation \
--namespace=your-namespace 

Create a secret for pulling the container images. Contact Credenco for the Helm and container registry access credentials.

kubectl create secret docker-registry global-pull-secret \
--docker-server=registry.onstackit.cloud 
--docker-username=robot\$organization-wallet+customername \
--docker-password=your-password \
--namespace=your-namespace 

Important: escape $ in docker-username

Helm Chart Deployment

After setting up the database and creating the required Kubernetes secrets, you can deploy the Organization Wallet using the provided Helm charts:

Create your own git repo containing a Chart.yaml and values.yaml containing the complete deployment configuration of the Credenco Organization Wallet.

Create a 'Chart.yaml' file containing the organization-wallet as a dependency:

apiVersion: v2
name: your-organization-wallet
description: Your Helm chart for deploying the Credenco Organization Wallet in Kubernetes
type: application

version: 1.0.0
appVersion: 1.0.0

dependencies:
- name: organization-webwallet
  version: 1.0.10
  repository: oci://registry.onstackit.cloud/organization-wallet/organization-webwallet/helm

With this example you deploy version 1.0.10 of the Credenco Organization Wallet in your Kubernetes cluster.

Create a values.yaml file containing all your installation specific configuration. See all value options below.

Perform a Helm Login to be able to access the Helm Charts and containers. Contact Credenco for the Helm and container registry access credentials:

CREDENCO_HELM_REGISTRY_USERNAME=your_username
CREDENCO_HELM_REGISTRY_PASSWORD=your_password
echo "$CREDENCO_HELM_REGISTRY_PASSWORD" | helm registry login -u "$CREDENCO_HELM_REGISTRY_USERNAME" --password-stdin registry.onstackit.cloud

Install the Organization Wallet using the Helm chart:

cd your_installation_dir_containing_the_values.yaml
helm install -f values.yaml organization-wallet .

Values

organization-webwallet-backend

Key	Type	Default	Description
organization-webwallet-backend.microservice.configMap.environmentVars.config_wallet_url	string	`"https://wallet.yoursite.com"`	The hostname used to access the Organization Wallet
organization-webwallet-backend.microservice.configMap.environmentVars.spring_datasource_url	string	`"jdbc:postgresql://yourpostgesql-host:2506/organization_wallet"`	The PostresQL jdbc connection url to your postgresql database
organization-webwallet-backend.microservice.configMap.environmentVars.spring_flyway_url	string	`"jdbc:postgresql://yourpostgesql-host:2506/organization_wallet"`	The PostresQL jdbc connection url to your postgresql database
organization-webwallet-backend.microservice.configMap.environmentVars.spring_security_oauth2_resourceserver_jwt_issueruri	string	`"https://iam.acc.credenco.com/realms/organization-wallet"`	The url to oAuth2 Identity Provider. See https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html for more information.
organization-webwallet-backend.microservice.deployment.image.registry	string	`"oci-registry.yoursite.com"`	The OCI registry you want to use to download the container images from
organization-webwallet-backend.microservice.deployment.imagePullSecretName	string	`"global-pull-secret"`	The name of the secret containing the credentials to pull containers from the OCI container registry
organization-webwallet-backend.microservice.deployment.replicaCount	int	`2`	The number of pods to be started
organization-webwallet-backend.microservice.ingress.default.hosts[0].configName	string	`"organization-webwallet"`	Keep this name to organization-webwallet for the primary hostname
organization-webwallet-backend.microservice.ingress.default.hosts[0].hostname	string	`"wallet.yoursite.com"`	The hostname used to access the Organization Wallet
organization-webwallet-backend.microservice.ingress.default.hosts[0].maxUploadFilesize	string	`"100m"`	A limit to the maximum file upload size
organization-webwallet-backend.microservice.ingress.default.name	string	`"default"`	An arbitrary unique name to name the ingresses in k8s
organization-webwallet-backend.microservice.ingress.default.paths[0].path	string	`"/"`	The path to access the Organization Wallet. Keep on /
organization-webwallet-backend.microservice.ingress.extraIngresses[0].hosts[0].hostname	string	`"did.wallet.yoursite.com"`	The hostname used to access the Organization Wallet
organization-webwallet-backend.microservice.ingress.extraIngresses[0].hosts[0].maxUploadFilesize	string	`"100m"`	A limit to the maximum file upload size
organization-webwallet-backend.microservice.ingress.extraIngresses[0].name	string	`"did"`	An arbitrary unique name to name the ingresses in k8s
organization-webwallet-backend.microservice.ingress.extraIngresses[0].paths[0].path	string	`"/did"`	The path to access the Organization Wallet.

organization-webwallet-documentation

Key	Type	Default	Description
organization-webwallet-documentation.frontend.deployment.image.registry	string	`"oci-registry.yoursite.com"`	The OCI registry you want to use to download the container images from
organization-webwallet-documentation.frontend.deployment.imagePullSecretName	string	`"global-pull-secret"`	The name of the secret containing the credentials to pull containers from the OCI container registry
organization-webwallet-documentation.frontend.deployment.replicaCount	int	`1`	The number of pods to be started
organization-webwallet-documentation.frontend.ingress.default.hosts[0].configName	string	`"organization-webwallet-documenation"`	Keep this name to organization-webwallet-documenation for the primary hostname
organization-webwallet-documentation.frontend.ingress.default.hosts[0].hostname	string	`"docs.yoursite.com"`	The hostname used to access the Organization Wallet
organization-webwallet-documentation.frontend.ingress.default.name	string	`"web"`	An arbitrary unique name to name the ingresses in k8s
organization-webwallet-documentation.frontend.ingress.default.paths[0].path	string	`"/"`	The path to access the Organization Wallet. Keep on /

organization-webwallet-frontend

Key	Type	Default	Description
organization-webwallet-frontend.frontend.configMap.environmentVars.IAM_CLIENT_ID	string	`"organization-wallet-frontend"`	The Client ID used during authentication
organization-webwallet-frontend.frontend.configMap.environmentVars.IAM_REALM	string	`"organization-wallet"`	The Realm to authenticate against
organization-webwallet-frontend.frontend.configMap.environmentVars.IAM_URL	string	`"https://iam.yoursite.com"`	The url of the oAuth2 Identity Provider
organization-webwallet-frontend.frontend.deployment.image.registry	string	`"oci-registry.yoursite.com"`	The OCI registry you want to use to download the container images from
organization-webwallet-frontend.frontend.deployment.imagePullSecretName	string	`"global-pull-secret"`	The name of the secret containing the credentials to pull containers from the OCI container registry
organization-webwallet-frontend.frontend.deployment.replicaCount	int	`2`	The number of pods to be started
organization-webwallet-frontend.frontend.ingress.default.hosts[0].hostname	string	`"wallet.yoursite.com"`	The hostname used to access the Organization Wallet
organization-webwallet-frontend.frontend.ingress.default.name	string	`"web"`	An arbitrary unique name to name the ingresses in k8s
organization-webwallet-frontend.frontend.ingress.default.paths[0].path	string	`"/"`	The path to access the Organization Wallet. Keep on /
organization-webwallet-frontend.frontend.ingress.extraIngresses[0].hosts[0].hostname	string	`"wallet.yoursite2.com"`	The hostname used to access the Organization Wallet
organization-webwallet-frontend.frontend.ingress.extraIngresses[0].name	string	`"extra"`	An arbitrary unique name to name the ingresses in k8s
organization-webwallet-frontend.frontend.ingress.extraIngresses[0].paths[0].path	string	`"/"`	The path to access the Organization Wallet. Keep on /

Other Values

Key	Type	Default	Description
global.deployEnvironment	string	`"prod"`	the environment in which the software is deployed. Allowed values: test, acc, prod

Example values.yaml configuration file:

global:
  deployEnvironment: prod
 
organization-webwallet:
  organization-webwallet-frontend:
    frontend:
      configMap:
        environmentVars:
          IAM_URL: https://iam.yoursite.com
          IAM_REALM: organization-wallet
          IAM_CLIENT_ID: organization-wallet-frontend
      deployment:
        imagePullSecretName: global-pull-secret
        replicaCount: 2
        image:
          registry: oci-registry.yoursite.com
      ingress:
        default:
          name: web
          paths:
            - # -- The path to access the Organization Wallet. Keep on /
              path: /
          hosts:
            - # -- The hostname used to access the Organization Wallet
              hostname: wallet.yoursite.com
        extraIngresses:
          - # -- An arbitrary unique name to name the ingresses in k8s
            name: extra
            paths:
              - # -- The path to access the Organization Wallet. Keep on /
                path: /
            hosts:
              - # -- The hostname used to access the Organization Wallet
                hostname: wallet.yoursite2.com
 
  organization-webwallet-backend:
    microservice:
      configMap:
        environmentVars:
          spring_datasource_url: jdbc:postgresql://yourpostgesql-host:2506/organization_wallet
          spring_flyway_url: jdbc:postgresql://yourpostgesql-host:2506/organization_wallet
          spring_security_oauth2_resourceserver_jwt_issueruri: https://iam.acc.credenco.com/realms/organization-wallet
          config_wallet_url: https://wallet.yoursite.com
 
      deployment:
        imagePullSecretName: global-pull-secret
        replicaCount: 2
        image:
          registry: oci-registry.yoursite.com
      ingress:
        default:
          name: default
          paths:
            - # -- The path to access the Organization Wallet. Keep on /
              path: /
          hosts:
            - # -- The hostname used to access the Organization Wallet
              hostname: wallet.yoursite.com
              configName: organization-webwallet
              maxUploadFilesize: 100m
        extraIngresses:
          - # -- An arbitrary unique name to name the ingresses in k8s
            name: did
            paths:
              - # -- The path to access the Organization Wallet.
                path: /did
            hosts:
              - # -- The hostname used to access the Organization Wallet
                hostname: did.wallet.yoursite.com
                maxUploadFilesize: 100m
 
 
  organization-webwallet-documentation:
    frontend:
      deployment:
        imagePullSecretName: global-pull-secret
        replicaCount: 1
        image:
          registry: oci-registry.yoursite.com
      ingress:
        default:
          name: web
          paths:
            - # -- The path to access the Organization Wallet. Keep on /
              path: /
          hosts:
            - # -- The hostname used to access the Organization Wallet
              hostname: docs.yoursite.com
              configName: organization-webwallet-documenation
 

Overview​

Prerequisites​

Database Setup​

Kubernetes Secrets Configuration​

Helm Chart Deployment​

Values​

organization-webwallet-backend​

organization-webwallet-documentation​

organization-webwallet-frontend​

Other Values​

Example values.yaml configuration file:​