[MOSIP-44060] Updated keycloak install.sh script.

[Mohanraj209]

Summary by CodeRabbit

• New Features

  • Added an interactive pre-install validation step to verify or update host configuration before installation.
  • Installation now deploys updated container images and Helm charts for Keycloak, Kafka, MinIO and PostgreSQL.

• Chores

  • Added/updated Helm repository usage and expanded installation options to support the updated charts and images.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds pre-install host-validation and interactive prompts to the IAM install script and switches several external component install scripts (IAM/Keycloak, Kafka, MinIO, Postgres) to use mosip chart repositories and explicit image repository/tag overrides in their Helm install commands.

Changes

Cohort / File(s)	Change Summary
IAM install & Keycloak deployment/v3/external/iam/install.sh	Adds an interactive pre-install validation loop that reads host from istio-addons-values.yaml, prompts to update/confirm/exit when placeholder iam.sandbox.xyz.net is present, applies sed updates when provided, and updates Helm usage to add mosip repo and set Keycloak image/postgres overrides in the helm install. Adds return 0 at function end.
Kafka deployment/v3/external/kafka/install.sh	Adds mosip Helm repo and replaces Kafka chart/image settings to mosipid/kafka with explicit image.repository/image.tag and zookeeper image overrides; increases helm timeout and preserves values file and version flags.
Object store (MinIO) deployment/v3/external/object-store/minio/install.sh	Switches chart from bitnami/minio to mosip/minio, sets image.repository to mosipid/minio and image.tag to a specific tag, and updates helm --version and --set ordering.
Postgres deployment/v3/external/postgres/install.sh	Expands helm install invocation to include explicit image overrides (mosipid/postgresql, tag, pullPolicy) via --set and reformats command (multi-line) while preserving --wait.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Postgres-Installation into Kubernetes fails due to unavailable image #1670 — Both modify deployment/v3/external/postgres/install.sh to override PostgreSQL image repository/tag.
• MinIO installation fails due to unresolvable images #1697 — Both modify deployment/v3/external/object-store/minio/install.sh to change MinIO chart/image configuration.

Possibly related PRs

• [MOSIP-43615] Update Helm installation commands for IAM, Kafka, Minio and Postgres with new image repositories and tags #1671 — Modifies the same deployment scripts (IAM, Kafka, MinIO, Postgres) to switch to mosip chart repos and update image tags/helm flags.
• [MOSIP-44014] qa11-upgarde fixes #1690 — Modifies IAM installation flow adding pre-install host validation and istio-addons usage (similar host/Keycloak changes).
• [DSD-9524] Platform 1.2.1.0 GA release #1703 — Updates Keycloak installation (image repo/tag changes) similar to this PR.

Suggested reviewers

• ckm007
• Prafulrakhade

Poem

🐰 In a burrow of scripts I neatly hop,
I check each host before the setup drops,
I swap the charts and set the image tag,
Then hop away with a tidy little wag,
Congrats — no defaults left in my little crop! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title mentions only the keycloak install.sh script, but the changeset modifies four separate installation scripts across kafka, minio, postgres, and keycloak components.	Update the title to reflect all modified files, such as 'Updated deployment scripts for IAM, Kafka, MinIO, and PostgreSQL' or describe the common theme (e.g., 'Added custom MOSIP image configurations to deployment scripts').
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2c5dd92 and d976991.

📒 Files selected for processing (4)

• deployment/v3/external/iam/install.sh
• deployment/v3/external/kafka/install.sh
• deployment/v3/external/object-store/minio/install.sh
• deployment/v3/external/postgres/install.sh

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: Prafulrakhade
Repo: mosip/mosip-infra PR: 1703
File: deployment/v3/external/object-store/minio/install.sh:10-10
Timestamp: 2025-12-24T08:51:06.643Z
Learning: The istio-addons Helm chart version 1.0.0 from mosip/istio-addons is a valid artifact available in MOSIP's private/internal registries for the MOSIP infrastructure deployment.

Learnt from: Prafulrakhade
Repo: mosip/mosip-infra PR: 1677
File: deployment/v3/external/object-store/minio/install.sh:18-21
Timestamp: 2025-12-02T10:21:36.913Z
Learning: The MinIO Helm chart version 15.0.6 from mosip/minio and the Docker image mosipid/minio:2025.2.28-debian-12-r1 are valid artifacts available in MOSIP's private/internal registries for the MOSIP infrastructure deployment.

📚 Learning: 2025-12-02T10:21:36.913Z

Learnt from: Prafulrakhade
Repo: mosip/mosip-infra PR: 1677
File: deployment/v3/external/object-store/minio/install.sh:18-21
Timestamp: 2025-12-02T10:21:36.913Z
Learning: The MinIO Helm chart version 15.0.6 from mosip/minio and the Docker image mosipid/minio:2025.2.28-debian-12-r1 are valid artifacts available in MOSIP's private/internal registries for the MOSIP infrastructure deployment.

Applied to files:

• deployment/v3/external/object-store/minio/install.sh
• deployment/v3/external/iam/install.sh
• deployment/v3/external/kafka/install.sh

📚 Learning: 2025-12-02T10:31:57.899Z

Learnt from: Prafulrakhade
Repo: mosip/mosip-infra PR: 1677
File: deployment/v3/external/postgres/init_values.yaml:45-69
Timestamp: 2025-12-02T10:31:57.899Z
Learning: In deployment/v3/external/postgres/init_values.yaml, the mosip_pms database intentionally uses branch "v1.2.2.2" while other MOSIP services use "release-1.3.x". This version difference is correct and should not be flagged as an inconsistency.

Applied to files:

• deployment/v3/external/postgres/install.sh

📚 Learning: 2025-12-24T08:51:06.643Z

Learnt from: Prafulrakhade
Repo: mosip/mosip-infra PR: 1703
File: deployment/v3/external/object-store/minio/install.sh:10-10
Timestamp: 2025-12-24T08:51:06.643Z
Learning: The istio-addons Helm chart version 1.0.0 from mosip/istio-addons is a valid artifact available in MOSIP's private/internal registries for the MOSIP infrastructure deployment.

Applied to files:

• deployment/v3/external/iam/install.sh
• deployment/v3/external/kafka/install.sh

🔇 Additional comments (6)

deployment/v3/external/kafka/install.sh (2)

24-24: LGTM!

Adding the MOSIP Helm repository is necessary for the istio-addons installation later in the script.

---

28-33: The chart source is correct. The deployment intentionally uses upstream charts for standard infrastructure components while maintaining custom mosip/* charts only for MOSIP-specific components. Kafka and PostgreSQL both use bitnami charts (not mosip/* variants exist), consistent with their role as generic infrastructure rather than MOSIP-specific services. Both components correctly override images with custom mosipid/* registries, matching the established pattern.

Likely an incorrect or invalid review comment.

deployment/v3/external/iam/install.sh (2)

86-113: LGTM!

The confirmation prompt for non-default hosts is well-structured and handles user responses appropriately.

---

127-135: LGTM!

The Keycloak installation correctly switches to the mosip/keycloak chart with explicit image overrides, aligning with the PR's objective to standardize on MOSIP-hosted artifacts.

deployment/v3/external/postgres/install.sh (1)

19-24: Resolve: PostgreSQL chart choice is intentional and documented.

The bitnami/postgresql chart with mosipid/postgresql:14.2.0-debian-10-r70 image override is the documented installation method for this project. No mosip/postgresql chart exists; the image tag is explicitly specified for reproducibility. This approach is consistent with MOSIP's practices of maintaining specific image tags across infrastructure components.

deployment/v3/external/object-store/minio/install.sh (1)

18-21: Update MinIO Helm chart and image to validated versions.

Current code uses MinIO Helm chart version 10.1.6 with image mosipid/minio:2022.2.7-debian-10-r0. Per PR #1677, the validated versions in MOSIP registries are chart version 15.0.6 with image mosipid/minio:2025.2.28-debian-12-r1. Update to use these newer validated versions.

⛔ Skipped due to learnings

Learnt from: Prafulrakhade
Repo: mosip/mosip-infra PR: 1677
File: deployment/v3/external/object-store/minio/install.sh:18-21
Timestamp: 2025-12-02T10:21:36.913Z
Learning: The MinIO Helm chart version 15.0.6 from mosip/minio and the Docker image mosipid/minio:2025.2.28-debian-12-r1 are valid artifacts available in MOSIP's private/internal registries for the MOSIP infrastructure deployment.

Learnt from: Prafulrakhade
Repo: mosip/mosip-infra PR: 1677
File: deployment/v3/testrig/apitestrig/values.yaml:4-7
Timestamp: 2025-12-02T10:22:19.803Z
Learning: The MOSIP project uses "1.3.x" as a Docker image tag intentionally across their infrastructure (testrig, IAM, etc.). This is a valid tag they maintain in their registry and should not be flagged as an issue.

Learnt from: Prafulrakhade
Repo: mosip/mosip-infra PR: 1703
File: deployment/v3/external/object-store/minio/install.sh:10-10
Timestamp: 2025-12-24T08:51:06.643Z
Learning: The istio-addons Helm chart version 1.0.0 from mosip/istio-addons is a valid artifact available in MOSIP's private/internal registries for the MOSIP infrastructure deployment.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

deployment/v3/external/iam/install.sh (1)

143-148: Error handling is applied after the validation block.

The error-handling directives (set -e, set -o errexit, etc.) at lines 143–147 are applied AFTER the validation block (lines 12–113). This means errors during validation (e.g., failed file I/O, grep failures) will not trigger the intended early exit behavior. Move these directives to the top of the script.

  #!/bin/bash
  ## Point config to your cluster on which you are installing IAM.
  ## "Usage: ./install.sh [kube_config_file]"
  
+ # set commands for error handling.
+ set -e
+ set -o errexit
+ set -o nounset
+ set -o errtrace
+ set -o pipefail
+ 
  if [ $# -ge 1 ]; then
    export KUBECONFIG=$1
  fi
  ...
- # set commands for error handling.
- set -e
- set -o errexit
- set -o nounset
- set -o errtrace
- set -o pipefail

🧹 Nitpick comments (2)

deployment/v3/external/iam/install.sh (2)

21-21: DRY violation: Host extraction logic is duplicated.

The same host extraction logic appears at lines 21 and 59. Extract this into a function to improve maintainability and reduce the risk of inconsistency.

get_current_host() {
  grep -A1 "host:" istio-addons-values.yaml | grep -v "serviceHost" | head -1 | cut -d: -f2 | tr -d ' '
}

# Then use:
current_host=$(get_current_host)

# And at line 59:
current_host=$(get_current_host)

Also applies to: 59-59

---

43-43: Domain validation is minimal; consider adding format checks.

The domain validation at line 43 only checks for non-empty input and inequality with the default placeholder. Consider adding format validation (e.g., must contain a dot, valid characters) to prevent invalid configurations from proceeding.

if [[ -n "$new_host" && "$new_host" != "iam.sandbox.xyz.net" ]] && [[ "$new_host" =~ \. ]]; then
  # Valid domain name
else
  echo "Invalid domain name. Please provide a valid domain (e.g., iam.yourdomain.com)."
fi

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 769984f and 2c5dd92.

📒 Files selected for processing (1)

• deployment/v3/external/iam/install.sh (1 hunks)