Skip to main content

Post-Deployment Configuration

Complete post-deployment steps to finalize your ORISO Platform deployment. These steps are required after deploying via Helm.
1

Initialize Databases

Initialize all database schemas using the ORISO-Database master setup script.
cd ~/online-beratung/caritas-workspace/ORISO-Database

# Make script executable
chmod +x scripts/setup/00-master-setup.sh

# Run master setup
./scripts/setup/00-master-setup.sh
This script:
  • Creates all MariaDB databases (7 databases)
  • Imports all schemas from mariadb/*/schema.sql
  • Initializes MongoDB collections
  • Creates system users
Script should complete without errors. Verify databases:
kubectl exec -n caritas deployment/oriso-platform-mariadb -- \
  mysql -u root -p${MYSQL_ROOT_PASSWORD} -e "SHOW DATABASES;"
2

Create System Users

Create system users required for Matrix and other services.
cd ~/online-beratung/caritas-workspace/ORISO-Database/scripts

# Apply system users job
kubectl apply -f system-users-job.yaml

# Wait for job to complete
kubectl wait --for=condition=complete job/system-users -n caritas --timeout=300s

# Check job logs
kubectl logs job/system-users -n caritas
System users created:
  • caritas_admin - Admin user for Caritas operations
  • oriso_call_admin - Admin for call management
  • group-chat-system - System user for group chats
3

Import Keycloak Realm

Import the ORISO Keycloak realm configuration.Option A: Via Admin Console (Recommended)
  1. Access Keycloak admin: https://auth.oriso-dev.site/admin/
  2. Login: admin / admin (default, change in production)
  3. Select “Master” realm → “Add realm”
  4. Upload: ~/online-beratung/caritas-workspace/ORISO-Keycloak/realm.json
  5. Click “Create”
Option B: Via Command Line
# Get Keycloak pod
KEYCLOAK_POD=$(kubectl get pods -n caritas -l app=keycloak -o jsonpath="{.items[0].metadata.name}")

# Copy realm file
kubectl cp ~/online-beratung/caritas-workspace/ORISO-Keycloak/realm.json \
  caritas/$KEYCLOAK_POD:/tmp/realm.json

# Import realm
kubectl exec -n caritas $KEYCLOAK_POD -- \
  /opt/keycloak/bin/kc.sh import --file /tmp/realm.json
4

Configure Keycloak HTTP Access

Disable SSL requirement for Keycloak realms (required for authentication).
cd ~/online-beratung/caritas-workspace/ORISO-Keycloak

# Run HTTP access configuration script
chmod +x configure-http-access.sh
./configure-http-access.sh
This step is MANDATORY. Without it, authentication will fail with “HTTPS Required” errors.
5

Verify Deployment

Verify all services are running and healthy.
# Check all pods
kubectl get pods -n caritas

# Check Helm release
helm status oriso-platform -n caritas

# Check services
kubectl get svc -n caritas

# Check Ingress
kubectl get ingress -n caritas

# Check TLS certificates
kubectl get certificate -n caritas
  • All pods should be Running
  • Helm release should show deployed status
  • Services should be created
  • Ingress resources should be created
  • Certificates should be Ready=True
6

Test Service Health

Test health endpoints for all services.
# Backend services (via Ingress)
curl -s https://api.oriso-dev.site/actuator/health | jq .

# Or test internally
kubectl exec -n caritas deployment/oriso-platform-userservice -- \
  curl -s http://localhost:8082/actuator/health

# Frontend
curl -I https://app.oriso-dev.site
curl -I https://admin.oriso-dev.site

# Keycloak
curl -s https://auth.oriso-dev.site/realms/online-beratung/.well-known/openid-configuration | jq .realm

# Matrix
curl -s https://matrix.oriso-dev.site/_matrix/client/versions | jq .
All services should return healthy status or HTTP 200 OK.

Access URLs

After completing all steps, access services at:
ServiceURLDescription
Frontendhttps://app.oriso-dev.siteUser portal
Adminhttps://admin.oriso-dev.siteAdmin panel
APIhttps://api.oriso-dev.siteBackend API
Authhttps://auth.oriso-dev.siteKeycloak
Matrixhttps://matrix.oriso-dev.siteMatrix Synapse
Health Dashboardhttp://91.99.219.182:9001Health monitoring
SignOZhttp://91.99.219.182:3001Observability

Verification Checklist

  • All pods are running (kubectl get pods -n caritas)
  • Helm release is deployed (helm status oriso-platform -n caritas)
  • Databases are initialized (kubectl exec ... mysql -e "SHOW DATABASES;")
  • System users are created (kubectl logs job/system-users -n caritas)
  • Keycloak realm is imported (check admin console)
  • Keycloak HTTP access is configured (no SSL errors)
  • Ingress resources are created (kubectl get ingress -n caritas)
  • TLS certificates are issued (kubectl get certificate -n caritas)
  • Services are accessible via HTTPS
  • Health endpoints return UP status

Troubleshooting

Pods Not Running

# Check pod status
kubectl get pods -n caritas

# Check pod logs
kubectl logs -n caritas <pod-name>

# Check pod events
kubectl describe pod -n caritas <pod-name>

Database Initialization Failed

# Check database pod
kubectl get pods -n caritas | grep mariadb

# Check database logs
kubectl logs -n caritas deployment/oriso-platform-mariadb

# Re-run setup script
cd ~/online-beratung/caritas-workspace/ORISO-Database
./scripts/setup/00-master-setup.sh

Keycloak Issues

# Check Keycloak pod
kubectl get pods -n caritas | grep keycloak

# Check Keycloak logs
kubectl logs -n caritas deployment/oriso-platform-keycloak

# Verify HTTP access is configured
kubectl exec -n caritas deployment/oriso-platform-keycloak -- \
  /opt/keycloak/bin/kcadm.sh get realms/master --fields sslRequired

Next Steps