fixes: #1790 updated all config for Rapid Deployment support for eSignet standalone deployment

[bhumi46]

Summary

• Restructure external-dsf.yaml: move esignet-keycloak-init to keycloak namespace (priority -11); add per-namespace postgres-init entries for mosip_esignet_cre, mosip_esignet_qa11, mosip_esignet_sunbird, mosip_mockidentitysystem, and signup schemas; fix MinIO re-deploy root-password pass-through
• Restructure esignet-dsf.yaml: deploy 4 fully isolated eSignet instances (esignet / esignet-cre / esignet-qa11 / esignet-sunbird) with per-namespace SoftHSM, plugin values, oidc-ui, mock-RP, PMS partner+policy, and optional onboarders
• Add signup-dsf.yaml: Signup Keycloak init, kernel services (authmanager / auditmanager / otpmanager / notifier), mock-smtp, signup-service, signup-ui (all disabled by default)
• Add testrigs-dsf.yaml: API testrig for all 4 esignet namespaces + signup apitestrig + signup uitestrig; sequential cronjob trigger via trigger-test-jobs-esignet.sh
• Add 30+ hook scripts under esignet-1.7.1/: config-server setup/postinstall, cre/qa11/sunbird preinstall wrappers, keycloak-init pre/postinstall fan-out, MISP and mock-RP onboarder hooks (replaces old partner-onboarder), signup hooks (keycloak-init, kernel, notifier, signup-service), testrig setup hooks
• Add helmsman_signup.yml workflow (new); extend helmsman_esignet.yml with multi-namespace secret injection and auto-trigger chain to signup; fix helmsman_external.yml MinIO password on upgrade
• Add plugin values (esignet-{,cre-,qa11-,sunbird-}plugin-values.yaml), keycloak init values (keycloak-esignet-init-values.yaml, keycloak-signup-init-values.yaml), config-server values, SoftHSM values, and testrig values under Helmsman/utils/

Linked Issues

Closes mosip/mosip-infra#1790

Sub-tasks:

• [MOSIP-44613] Restructure external-dsf.yaml — move keycloak-init to keycloak ns and add multi-namespace postgres-init mosip-infra#1878 — Restructure external-dsf.yaml
• [MOSIP-44613] Restructure esignet-dsf.yaml — 4 parallel eSignet instances (mock, mosip-identity, sunbird-rc) mosip-infra#1879 — Restructure esignet-dsf.yaml
• [MOSIP-44613] Add signup-dsf.yaml and Signup stack hooks (kernel, signup-service, signup-ui) mosip-infra#1880 — Add signup-dsf.yaml and Signup stack hooks
• [MOSIP-44613] Add testrigs-dsf.yaml and testrig hooks for all 4 eSignet namespaces + Signup mosip-infra#1881 — Add testrigs-dsf.yaml and testrig hooks
• [MOSIP-44613] Add per-namespace hook scripts — config-server, cre/qa11/sunbird preinstalls, keycloak-init fan-out mosip-infra#1882 — Per-namespace hook scripts (config-server, cre/qa11/sunbird preinstalls, keycloak fan-out)
• [MOSIP-44613] Add MISP and mock-RP onboarder hooks (replace old partner-onboarder) mosip-infra#1883 — MISP and mock-RP onboarder hooks
• [MOSIP-44613] Update GitHub Actions workflows — new helmsman_signup.yml, multi-secret esignet workflow, auto-trigger chain mosip-infra#1884 — GitHub Actions workflow updates
• [MOSIP-44613] Add plugin, keycloak, config-server and testrig values files under Helmsman/utils/ mosip-infra#1885 — Plugin, keycloak, config-server and testrig values files

Test plan

• external-dsf.yaml apply: postgres-init creates all 4 esignet DBs + mock-identity + signup schemas; esignet-keycloak-init completes in keycloak ns; esignet-postinstall-keycloak-init.sh fans keycloak resources to all 4 esignet namespaces; MinIO upgrade passes existing root password without PASSWORDS ERROR
• esignet-dsf.yaml apply: all 4 eSignet instances healthy (plugin 1/2/2/3); oidc-ui VirtualServices resolve on correct subdomains; mock-RP services up in each namespace; esignet-domain-config CM present in all 4 namespaces with correct mosip-esignet-host per namespace
• signup-dsf.yaml apply: kernel services (authmanager/auditmanager/otpmanager/notifier), signup-service, signup-ui all healthy; esignet-dsf=completed label present on default namespace before signup workflow fires
• testrigs-dsf.yaml apply: cronjobs created in all 4 esignet namespaces + signup; trigger-test-jobs-esignet.sh fires sequentially without resource exhaustion
• Re-deploy (upgrade) succeeds without manual cleanup — pre-helmsman-cleanup.sh removes stale Jobs before re-run

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • eSignet standalone expanded to CRE/QA11/Sunbird + signup profile; multi-namespace test rigs, signup deploy workflow and auto-trigger; new workflow inputs for DB ports and eSignet domain names.

• Documentation

  • Large deployment/playbook updates and new guide added covering profiles, workflow inputs/secrets, and profile-scoped state handling.

• Bug Fixes

  • Hardened readiness timeouts and idempotent hooks; improved secret masking/handling and Keycloak secret retrieval; avoid SoftHSM PIN regeneration on reruns.