[MOSIP-44127]updated docs

[bhumi46]

Summary by CodeRabbit

• Documentation

  • Expanded deployment guides with observability infrastructure (observ-infra) steps, CI workflow instructions, and post-deploy notes.
  • Added Helmsman undeploy/destroy guide with workflows, order, verification, and recovery guidance.
  • Reworked Keycloak–Rancher integration docs to emphasize GitHub Actions workflows and troubleshooting.

• Configuration

  • Updated ClamAV container image settings to concrete repository and tag.
  • Marked WireGuard VPN required and adjusted peer mapping references in VPN/secret guides.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updates ClamAV Helm image settings; adds observability infrastructure (observ-infra) docs and GitHub Actions–based Keycloak⇄Rancher integration; introduces a Helmsman destroy guide; changes WireGuard peer references; minor tfvars comments for observ-infra; assorted README and docs reorganizations.

Changes

Cohort / File(s)	Summary
Configuration & Helm Helmsman/dsf/external-dsf.yaml	Set image.repository to "mosipid/clamav" and image.tag to "1.2" (replaced commented defaults with concrete values).
Observability TFVARS terraform/implementations/aws/observ-infra/aws.tfvars	Added inline comments noting Rancher import should remain disabled for observ-infra (no value changes).
Core Deployment Documentation README.md	Added observ-infra deployment section (Step 3ca), Keycloak–Rancher integration steps (Step 3cb), made WireGuard VPN required, expanded env secret guidance and destruction workflow notes, and added AWS observ-infra configuration examples.
Integration & Workflow Documentation Rancher-keycloak-integration/README.md	Reworked for a GitHub Actions–centric flow: secrets/input guidance, workflow run/debug instructions, WireGuard examples, and CI-focused troubleshooting.
WireGuard Setup terraform/base-infra/WIREGUARD_SETUP.md, docs/SECRET_GENERATION_GUIDE.md	Updated peer mappings: CLUSTER_WIREGUARD_WG0 now references peer2.conf and CLUSTER_WIREGUARD_WG1 now references peer3.conf; corresponding docs and descriptions adjusted.
Helmsman Destroy Guide docs/HELMSMAN_DESTROY_GUIDE.md	New comprehensive guide for destroying MOSIP services via Helmsman, including reusable GitHub Actions workflows, destruction order, verification, backups, and troubleshooting.
Documentation Index docs/README.md	Added Helmsman Destroy Guide to navigation and component docs table.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• ckm007

Poem

🐰 I hopped through charts and docs today,
Swapped a clam's coat, and routed the way,
WireGuard wires now follow new tracks,
Destroy guides tucked into tidy stacks,
CI hums softly — the rabbit claps!

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'MOSIP-44127updated docs' is vague and generic, using a non-descriptive term ('updated docs') that fails to convey the specific nature or scope of the changes.	Provide a more specific title that describes the primary change, such as 'MOSIP-44127 Add observ-infra deployment workflow and update Keycloak integration' or 'MOSIP-44127 Document observability infrastructure and destroy procedures'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

terraform/implementations/aws/observ-infra/aws.tfvars (1)

78-79: Improve comment formatting for readability.

Add a space after # in inline comments to follow standard HCL/Terraform comment conventions.

🔎 Proposed fix

-enable_rancher_import = false #dont enable for observ infra
-rancher_import_url    = "\"<rancher-import-url>\"" #dont update for observ infra
+enable_rancher_import = false # don't enable for observ infra
+rancher_import_url    = "\"<rancher-import-url>\"" # don't update for observ infra

docs/HELMSMAN_DESTROY_GUIDE.md (1)

25-48: Add language specifiers to code blocks for better rendering.

Several code blocks are missing language specifiers, which can affect syntax highlighting and rendering. Add appropriate language identifiers to improve readability.

Based on static analysis hints.

🔎 Proposed fixes

Fix 1: ASCII diagram (line 25)

-```
+```text
 ┌─────────────────────────────────────────────────────────────────────────┐

Fix 2: Command example (line 124)

-```
+```text
 destroy

Fix 3: Namespace list (line 138)

-```
+```text
 namespace1,namespace2,namespace3

Fix 4: Deployment order diagram (line 184)

-```
+```text
 Deployment Order:              Destruction Order (Use Workflows):

Fix 5: Deployment comparison (line 346)

-```
+```text
 Deployment Order:           Destruction Order:

Also applies to: 124-126, 138-140, 184-191, 346-352

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7d86562 and da147fa.

📒 Files selected for processing (7)

• Helmsman/dsf/external-dsf.yaml
• README.md
• Rancher-keycloak-integration/README.md
• docs/HELMSMAN_DESTROY_GUIDE.md
• docs/README.md
• terraform/base-infra/WIREGUARD_SETUP.md
• terraform/implementations/aws/observ-infra/aws.tfvars

🧰 Additional context used

🪛 markdownlint-cli2 (0.18.1)

README.md

566-566: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

588-588: Blank line inside blockquote

(MD028, no-blanks-blockquote)

docs/HELMSMAN_DESTROY_GUIDE.md

25-25: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

124-124: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

138-138: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

184-184: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

346-346: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

terraform/base-infra/WIREGUARD_SETUP.md

209-209: Unordered list indentation
Expected: 0; Actual: 1

(MD007, ul-indent)

---

210-210: Unordered list indentation
Expected: 0; Actual: 1

(MD007, ul-indent)

---

213-213: Unordered list indentation
Expected: 0; Actual: 1

(MD007, ul-indent)

---

214-214: Unordered list indentation
Expected: 0; Actual: 1

(MD007, ul-indent)

---

215-215: Unordered list indentation
Expected: 0; Actual: 1

(MD007, ul-indent)

🔇 Additional comments (7)

docs/HELMSMAN_DESTROY_GUIDE.md (1)

1-627: Excellent comprehensive documentation!

This Helmsman Destroy Guide is thorough and well-structured, covering:

• GitHub Actions workflow-based destruction
• Manual destruction procedures
• Troubleshooting and verification steps
• Data backup and recovery guidance
• Cost implications

The guide follows best practices with clear warnings, step-by-step instructions, and visual workflow diagrams. Great addition to the documentation suite!

docs/README.md (1)

63-63: LGTM! Good documentation integration.

The new Helmsman Destroy Guide is properly integrated into both the Core Deployment Guides and Component-Specific Documentation sections, maintaining consistency with the existing documentation structure.

Also applies to: 71-71

README.md (4)

72-72: Critical integration requirement clearly documented.

The important note about the required Keycloak–Rancher SAML integration workflow after observ-infra deployment is well-placed and clearly stated. This helps prevent deployment order issues and ensures operators understand the integration dependency.

---

475-595: Excellent observ-infra documentation with comprehensive examples.

The new observability infrastructure section provides:

• Clear step-by-step deployment instructions
• Comprehensive tfvars configuration examples with detailed comments
• Rancher UI initial setup guidance
• Important notes about post-deployment steps and security considerations

The configuration examples are well-documented and the guidance on node sizing (t3a.xlarge vs t3a.2xlarge) for cost optimization is particularly helpful.

---

1257-1259: Good separation of infrastructure vs service destruction guidance.

The updated Environment Destruction section now clearly distinguishes between:

• Terraform-based infrastructure destruction (complete teardown)
• Helmsman-based service destruction (application removal while keeping infrastructure)

This clarity helps operators choose the appropriate destruction method based on their needs.

---

596-600: The keycloak-rancher-integration workflow exists and is properly gated, but lacks downstream dependency checks and user guidance.

The workflow file and referenced integration guide are in place with manual execution gating. However:

1. No workflows (e.g., helmsman_mosip.yml) check for completed Keycloak-Rancher integration status before proceeding
2. Deployment workflows contain no error messages that guide users to complete this integration step if skipped
3. The sequencing requirement is documented only in the README, not enforced or validated by automation

Consider adding a health check step in helmsman_mosip.yml to verify Keycloak-Rancher integration completion, or at minimum, add a pre-flight check with clear error guidance directing users to run the integration workflow first.

Rancher-keycloak-integration/README.md (1)

1-340: Excellent rewrite focusing on GitHub Actions workflows!

This comprehensive rewrite significantly improves the integration guide by:

• Prioritizing the GitHub Actions workflow approach for automation
• Providing detailed step-by-step instructions with clear inputs and secrets
• Adding WireGuard configuration examples
• Including troubleshooting specific to workflow execution
• Maintaining manual execution options for advanced users

The shift from manual-first to workflow-first approach aligns well with modern DevOps practices and the overall repository structure. The documentation is clear, well-organized, and includes all necessary details for both beginners and experienced users. The workflow name referenced in Step 2 matches the actual workflow file.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between da147fa and 85be947.

📒 Files selected for processing (2)

• README.md
• docs/SECRET_GENERATION_GUIDE.md

🧰 Additional context used

🪛 LanguageTool

docs/SECRET_GENERATION_GUIDE.md

[grammar] ~359-~359: Ensure spelling is correct
Context: ...RD_WG1** - For Helmsman cluster access (peer3, optional) ### Common Pitfalls - ❌ Try...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🪛 markdownlint-cli2 (0.18.1)

README.md

566-566: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

588-588: Blank line inside blockquote

(MD028, no-blanks-blockquote)

🔇 Additional comments (5)

docs/SECRET_GENERATION_GUIDE.md (1)

358-359: WireGuard peer references updated consistently.

The peer numbering shift from peer1/peer2 to peer2/peer3 aligns with the observ-infra workflow changes and is clearly documented. The static analysis hint about line 359 appears to be a false positive—the syntax is correct.

README.md (4)

72-72: Clear deployment prerequisite communicated upfront.

The requirement to run Keycloak–Rancher SAML integration after observ-infra and before main MOSIP infra deployment is prominent and well-positioned. This prevents users from missing a critical step.

---

475-600: Comprehensive observ-infra documentation with clear operational guidance.

The new Step 3ca section provides:

• ✅ Detailed aws.tfvars configuration example with inline explanations
• ✅ Terraform workflow steps aligned with existing pattern
• ✅ Post-deployment Rancher UI initial setup instructions
• ✅ Important notes about backup and integration points
• ✅ Step 3cb reference for Keycloak–Rancher SAML integration

The observ-infra deployment is appropriately marked as optional ("Skip this step if you don't need a separate observation plane"), reducing friction for users who don't require centralized management. The positioning after base-infra and before main MOSIP infra is correct for the workflow dependency chain.

Confirm that users deploying without observ-infra (skipping Step 3ca/3cb) can proceed directly from Step 3b (WireGuard) to Step 3d (MOSIP infra) without errors. The deployment flow diagram (lines 28–68) shows this path correctly, but verify that there are no hardcoded observ-infra references in downstream Terraform or Helmsman configs that would break a skip.

---

230-241: TF_WG_CONFIG requirement for Keycloak–Rancher integration is clearly documented.

The inline comments (lines 240–241) explain that TF_WG_CONFIG is required for the keycloak-rancher-integration workflow to access private Keycloak and Rancher instances. This prevents users from triggering Step 3cb without essential VPN configuration in place. Good error prevention.

---

1256-1259: Environment destruction guidance properly segmented.

The distinction between infrastructure destruction (ENVIRONMENT_DESTRUCTION_GUIDE.md) and Helmsman service cleanup (HELMSMAN_DESTROY_GUIDE.md) is clear. Users can now safely remove services without deleting cloud infrastructure, which is operationally important. Confirm that both linked guides exist and are up-to-date.

Verify that docs/HELMSMAN_DESTROY_GUIDE.md exists and covers safe removal of MOSIP services from Kubernetes without infrastructure teardown.