d-bis/Sankofa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7cd7022f6e0d6ff4232c47cbf4c19cfbc704e102
Sankofa/CONFIGURATION_GUIDE.md

150 lines
4.5 KiB
Markdown
Raw Normal View History

Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements - Add comprehensive database migrations (001-024) for schema evolution - Enhance API schema with expanded type definitions and resolvers - Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth - Implement new services: AI optimization, billing, blockchain, compliance, marketplace - Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage) - Update Crossplane provider with enhanced VM management capabilities - Add comprehensive test suite for API endpoints and services - Update frontend components with improved GraphQL subscriptions and real-time updates - Enhance security configurations and headers (CSP, CORS, etc.) - Update documentation and configuration files - Add new CI/CD workflows and validation scripts - Implement design system improvements and UI enhancements
2025-12-12 18:01:35 -08:00
# Configuration Guide
## Organization and Domain Configuration
### Crossplane API Group
The Crossplane provider uses a configurable API group. Set the following environment variable:
**Portal**:
```env
NEXT_PUBLIC_CROSSPLANE_API_GROUP=proxmox.sankofa.nexus
```
**Default**: `proxmox.sankofa.nexus`
To use a different organization:
1. Update the Crossplane provider's API group in `crossplane-provider-proxmox/apis/v1alpha1/groupversion_info.go`
2. Set `NEXT_PUBLIC_CROSSPLANE_API_GROUP` to match
### Git Repository URL
**ArgoCD Application** (`gitops/apps/argocd/application.yaml`):
- Uses environment variable substitution: `${GIT_REPO_URL}`
- Default: `https://github.com/YOUR_ORG/sankofa-phoenix`
To configure:
```bash
export GIT_REPO_URL=https://github.com/your-org/sankofa-phoenix
kubectl apply -f gitops/apps/argocd/application.yaml
```
Or edit the file directly before applying.
### Go Module Path
**File**: `crossplane-provider-proxmox/go.mod`
Current: `module github.com/sankofa/crossplane-provider-proxmox`
To change:
1. Update `go.mod`:
```go
module github.com/your-org/crossplane-provider-proxmox
```
2. Update all imports in Go files:
```bash
find crossplane-provider-proxmox -name "*.go" -exec sed -i 's|github.com/sankofa|github.com/your-org|g' {} \;
```
3. Run `go mod tidy`
## Domain Configuration
All domain placeholders should be replaced with actual domains:
- `sankofa.nexus` → Your actual domain (currently using sankofa.nexus as placeholder)
- Replace with your actual domain in production
- `sankofa.nexus` → Your actual domain (if different)
## Sovereign Identity Configuration (Keycloak)
### Keycloak Setup
Sankofa Phoenix uses Keycloak for sovereign identity management (NO Azure dependencies):
1. **Deploy Keycloak**:
```bash
docker-compose up -d keycloak
# Or use Kubernetes: kubectl apply -f gitops/apps/keycloak/
```
2. **Configure Environment Variables**:
```env
KEYCLOAK_URL=http://localhost:8080
KEYCLOAK_REALM=master
KEYCLOAK_CLIENT_ID=sankofa-api
KEYCLOAK_CLIENT_SECRET=your-client-secret
KEYCLOAK_MULTI_REALM=true
```
3. **Create Clients**:
- API client: `sankofa-api` (confidential)
- Portal client: `portal-client` (confidential)
4. **Multi-Realm Support** (Optional):
- Set `KEYCLOAK_MULTI_REALM=true` for tenant isolation
- Each tenant gets its own Keycloak realm automatically
See [Identity Setup Guide](./docs/tenants/IDENTITY_SETUP.md) for detailed instructions.
## Multi-Tenancy Configuration
### Enable Multi-Tenancy
```env
ENABLE_MULTI_TENANT=true
DEFAULT_TENANT_ID= # Leave empty for system resources
BLOCKCHAIN_IDENTITY_ENABLED=true
```
### Billing Configuration
```env
BILLING_GRANULARITY=SECOND # SECOND, MINUTE, HOUR
BLOCKCHAIN_BILLING_ENABLED=true
```
See [Tenant Management Guide](./docs/tenants/TENANT_MANAGEMENT.md) and [Billing Guide](./docs/tenants/BILLING_GUIDE.md) for details.
## Environment Variables Summary
### Required for Production
- `JWT_SECRET` - Must be changed from default
- `DB_PASSWORD` - Must be changed from default
- `KEYCLOAK_URL` - Actual Keycloak instance
- `KEYCLOAK_CLIENT_ID` - Keycloak client ID
- `KEYCLOAK_CLIENT_SECRET` - Keycloak client secret
- `NEXT_PUBLIC_*` - All public URLs must point to production services
### Optional but Recommended
- `ENABLE_MULTI_TENANT` - Enable multi-tenancy (default: false)
- `KEYCLOAK_MULTI_REALM` - Enable multi-realm support (default: false)
- `BILLING_GRANULARITY` - Billing granularity (default: HOUR)
- `BLOCKCHAIN_IDENTITY_ENABLED` - Enable blockchain identity (default: false)
- `BLOCKCHAIN_BILLING_ENABLED` - Enable blockchain billing (default: false)
- `SENTRY_DSN` - Error tracking
- `BLOCKCHAIN_*` - If using blockchain features
- `LOG_LEVEL` - Set to `info` or `warn` in production
## Quick Configuration Checklist
- [ ] Update `JWT_SECRET` in production
- [ ] Update `DB_PASSWORD` in production
- [ ] Deploy and configure Keycloak
- [ ] Create Keycloak clients (API and Portal)
- [ ] Set `KEYCLOAK_CLIENT_SECRET` in production
- [ ] Enable multi-tenancy if needed (`ENABLE_MULTI_TENANT=true`)
- [ ] Configure billing granularity (`BILLING_GRANULARITY`)
- [ ] Set `NEXT_PUBLIC_CROSSPLANE_API_GROUP` if different from default
- [ ] Update Git repository URL in ArgoCD application
- [ ] Replace all domain placeholders
- [ ] Configure error tracking (Sentry or custom)
- [ ] Set up proper logging in production
- [ ] Review and update all `localhost` defaults
- [ ] Run database migrations: `cd api && npm run db:migrate`
Reference in New Issue Copy Permalink