Deploying the Wallet
Please ensure that you have Helm installed correctly before proceeding with the steps outlined below. Refer to Installing Helm for details.
Wallet Deployment using Helm Charts
All FPX components, including the Wallet, are packaged as Helm charts for easy and convenient deployment. There are two ways to gain access to the chart, either directly via the chart source code or by adding the remote repository:
$ helm repo add identos https://charts.dev.identos.ca
It should then show up with the command:
$ helm repo list
Finally, to install the Helm chart after building the configuration file, run the following command:
$ helm upgrade --install example identos/fpx-wallet -f configuration.yaml
During the installation, the components network will be deployed. Installation is complete when you run the following command and all deployments are ready, up-to-date and available (the numbers may differ based on the configuration applied):
$ kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
wallet-example 1/1 1 1 2m6s
wallet-exampleapi 1/1 1 1 2m6s
wallet-exampleui 1/1 1 1 2m6s
The deployed HTTP endpoints can be shown. Depending on your environment, the address field may or may not show an external address.
$ kubectl get ing
NAME HOSTS ADDRESS PORTS AGE
wallet-example wallet.example.com 80, 443 6m6s
wallet-exampleapi wallet-api.example.com 80, 443 6m6s
wallet-exampleui wallet-ui.example.com 80, 443 6m6s
Helm Chart Configuration Parameters
Configuration for a Helm chart is provided as a YAML formatted file. For details on the configuration parameters and their default values, see:
- Helm configuration parameters for the Wallet
- Helm configuration parameters for the Wallet UI
- Helm configuration parameters for the Wallet Admin API
Keystore Creation and Configuration
The Wallet Server deployment configuration YAML consists of several parameters that address keystore values. The keystore is used to store the custom signing encryption keys for the Wallet Server and the Wallet Server API. The parameters used to define keystore-related values are:
- wallet.keystores.https.alias
- wallet.keystores.https.enabled
- wallet.keystores.https.jwks
- wallet.keystores.https.password
- wallet.keystores.signingKey.enable
- walletApi.keystores.https.alias
- walletApi.keystores.https.enabled
- walletApi.keystores.https.jwks
- walletApi.keystores.https.password
- walletApi.keystores.signingKey.enable
In order to populate the alias, JWKS key and password parameters, the following steps need to be executed:
-
Generate a keystore and alias key.
-
Apply base64 encoding for the alias name, password and JWKS key.
-
Update these base64 encoded values into the YAML config file.
To generate the key and the keystore, run the following command:
keytool -genkey -v -keystore wallet.jks -alias <custom_alias> -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -ext KeyUsage=keyCertSign -validity 10000
IMPORTANT: The keystore alias defined should always be in lowercase. The alias can be of alpha-numeric characters only.
To apply the base64 encoding for the alias name, password and JWKS key, run the following commands:
echo <alias name> | base64echo <password> | base64echo <JWKS Key> | base64
These commands will return the values in the base64 encoded format. Enter the encoded values in the configuration parameters listed above.
For production environments, it is recommended that individual keystores and key values exist for the Wallet Server and the Wallet Server API parameters.
Application Config
The following configuration files should be used in the Helm chart for the config directives under each application section including wallet.config, walletui.config, walletui.i18n, and walletapi.config. Values should be left to the defaults provided excluding the replacement values as listed in each section.
Wallet Server Application Config
See Wallet Application Config for details on configuring the Wallet application configuration files.
Wallet Admin API Application Config
See Wallet Admin API Application Config for details on configuring the Wallet Admin API configuration files.
Wallet UI Application Config
See Wallet UI Application Config for details on configuring the Wallet Admin API configuration files.