Syntphony CAI server Installation guide

Why use Helm?

Helm can make deployments easier and repeatable because all resources for an application are deployed by running one command:

$ helm install <chart>

With Helm, configuration settings are kept separate from the manifest formats. You can edit the configuration values without changing the rest of the manifest.

Configuration settings are in a values.yaml file. You update the runtime parameters in that file to deploy each application instance differently.

You can use single commands for installing, upgrading, and deleting Syntphony CAI releases. More information about Helm at https://helm.sh/.

Description

This chapter describes the design and governance for the Syntphony CAI 4 helm charts.

These helm charts are designed to be a lightweight way to configure, package and deploy Syntphony CAI admin and Syntphony CAI instance resources onto Kubernetes clusters, both for a single installation and multicluster installation. These charts are currently tested against the following versions:

Syntphony CAI application: 4.1.0
Helm: 3.5.0
Kubernetes: 1.22
Istio: 1.11.7

The GitLab repository for these charts is eva4-helm-repository. Following is a description of repository each folder:

eva-admin-charts
- eva-admin-base-resources: a chart to deploy the base configurations for Syntphony CAI admin.
- eva-admin-saas-resources: a chart to deploy the components for Syntphony CAI admin SaaS.
- eva-admin-rabbitmq: a chart to deploy the rabbitmq cluster operator and cert manager for rabbitmq.
- keycloak: contains the keycloak-values.yaml file to use with helm installation to deploy a keycloak.
- minio: contains the values.yaml file to use with helm installation to install Minio.
- eva-admin-rabbitmq-server: a chart to deploy the rabbitmq messaging topology operator and rabbitmq resources.
- eva-admin-rabbitmq-config: a chart to deploy exchange, permissions, users, and secrets for the rabbitmq resources.
- eva-admin-config-server: a chart to deploy the core component for Syntphony CAI config server.
- eva-admin-config-server-post: a chart to deploy several configuration jobs for admin cluster.
- eva-admin-keycloak-realm-post: a chart to create necessary realm to clever engine auth.
- eva-admin-server: a chart to deploy the core component for Syntphony CAI admin application.
eva-instance-charts:
- eva-instance-base-resources: a chart to deploy the base configurations for an Syntphony CAI instance.
- eva-instance-saas-resources: a chart to deploy the components for Syntphony CAI instance SaaS. Only for eva-cloud.
- eva-instance-server: this chart contains the following subcharts:
  - eva-core: a chart to deploy the core components for Syntphony CAI admin.
  - eva-envoy-config: a chart to deploy eva-decrypt-filter and eva-envoy-filter resources.
eva-configuration-charts:
- eva-organization: chart to launch a job to create a new organization for the instance.
- eva-instance-config-server-post: chart to run configurations jobs, where:
  - instance-default-config-job: apply the default configuration for an instance.
  - instance-honeypot-config-job: apply the honeypot configuration for an instance.
- eva-environment: chart to launch a job to create or update an environment for the instance.

Important Syntphony CAI 4 helm charts configuration

Syntphony CAI deployment with Helm requires very little configuration to get started, but there are several components which must be considered before the installation:

NodeSelector

If the application environment is based on multi-node pool architecture, uncomment the nodeSelector section with the specific label into chart Values.yaml files, and check if the label has been added on node pools.

If there is no node selection constraint, comment the nodeSelector section into values.yaml files.

PullSecret

If the application environment uses a private container registry with authentication, uncomment the imagePullSecret section with the specific name chart values.yaml files.

If login information is not requiring, comment the imagePullSecret section into values.yaml files.

Redis and MongoDB

If the application environment uses a mongodb or/and redis as a service in the cloud, it will be mandatory to provide the configuration data of these cloud services into redis and mongo section of eva-admin-base-resources, eva-admin-server, eva-instance-base-resources, eva-instance-server and eva-enviroment values.yaml files.

Remember include the redis cidr range into eva-admin-saas-resources and eva-instance-saas-resources values.yaml.

Single Installation

For a single server cluster, set true the single_installation option into enabled_components in eva-instance-base-resources, eva-instance-saas-resources and eva-instance-server values.yaml files.

Usernames, service name and passwords

The following charts are not meant to be executed as they are - They contain fields such as passwords, usernames and service names (Found as [YOUR-SERVICE], 'password-in-plain-text', etc). Please read carefully and make the proper substitutions for each of them.

Wait before executing the post config charts

During the admin cluster installation, keep in mind these tips:

Before executing eva-admin-rabbitmq-config chart, it must be validated that eva-rabbitmq-server pod has been successfully deployed.
Before executing eva-config-server-post chart, it must be validated that eva-config-server pod has been successfully deployed.
Before executing eva-admin-keycloak-realm-post chart, it must be validated that keycloak has been successfully installed.

Admin Charts

eva-admin-base-resources

eva-admin-base-resources allows you set base components for Syntphony CAI admin application. You can activate the section for pull secret if you need use authentication to container Registry. Also, it's possible to configure nodeSelector option for the deployment.

The following namespaces are deployed: eva-admin, minio and keycloak. Also, eva-gateway and eva-gateway-internal are installed.

The code below is the eva-admin-base-resources Values.yaml:

## @Section Admin Config Server Global info 
## Used to SPRING_CLOUD_CONFIG_LABEL
admin_instance_name: "admin-1"
 ## Used to SPRING_CLOUD_CONFIG_PROFILE
admin_config_server_profile: "default"

## @Section Admin Redis 
redis_host: "172.30.0.20"
## This password is not in base64 encoded
redis_pass: "password-in-clear-text"
redis_port: 6379
redis_ssl: false
redis_cachetype: "redis"
      
## @Section TLS: configures SSL certificates.
## These passwords are in base64 encoded
eva_tls:
  crt: ***
  key: ***
  
keycloak_tls:
  crt: ***
  key: ***
 
## @Section Pull Secrets
## If no value specified for section pull secret, neither the 
## secret nor the deployments will use authentication to Container Registry.
# imagePullSecrets: 
#   name: "containerregistrysecret"
#   configjson: "***"

eva-admin-saas-resources

Remember, eva-admin-saas-resources must only be used in eva-cloud installations, and this section should be ignored on eva-server installations.

It allows you set SaaS components for eva admin application, network policies, load balancer components and Istio Addons like, Prometheus, Grafana and Kiali. You can choose to deploy optional Istio tunning components. To do this, set true istio_tunning in the enabled_components section in values.yaml file. In addition, you can deploy Prometheus with a pvc, setting true prometheus_with_pvc in the enabled_components section as detailed below:

## @Section Optional Components
enabled_components:
  istio_tunning: "true"
  prometheus_with_pvc: "true"

This chart also allows to change the image tag version of each component, and container registry name. You can activate the section for pull secret if you need use authentication to container registry. Also, it's possible to configure nodeSelector option for the deployment. Do this with Values.yaml customization.

Remember: once installed this chart, the ingress spreading to GKE can be delayed for 5 to 10 minutes.

The code below is the eva-admin-saas-resources Values.yaml:

## Admin Name (without double quotes)
## admin_dns_output.value.public_dns_records.general.name - Use only the url prefix 
## For this chart is the base domain name for grafana, kiali, prometheus and tracing
admin_name: [YOUR-SERVICE]-env-admin

## @Section Optional Components
enabled_components:
  ## Set true to deploy extra config to Prometheus, Kiali and Tracing Istio 
  istio_tunning: "true"
  ## Set true to deploy Prometheus with persistence
  prometheus_with_pvc: "true"

## @Section Network Policies
network_policies:
  redis_cidr: "172.30.0.16/28"
  ## The subnet mask used for Mysql cidr is always /32
  mysql_cidr: "172.30.2.20/32"
  ##IP Admin Cluster - admin global ip
  ## The subnet mask used for admin global ip is always /32
  admin_cluster_ingress_ip: "34.111.219.60/32"

## @Section Load Balancer
ingress_ip_name: "eva-multitenant-admin-ip"
ingress_host: "*.eva.bot"   

## @Section Components
grafana:  
  image: "grafana/grafana"
  tag: "7.5.5"
  requests:
    mem: "24Mi"
    cpu: "10m"
  limits:
   mem: "128Mi"
   cpu: "100m"
kiali:  
  image: "quay.io/kiali/kiali"
  tag: "v1.38"  
prometheus:
  storage: "45Gi"
  containers:
    image_config_reload: "jimmidyson/configmap-reload"
    tag_config_reload: "v0.5.0"
    image_server: "prom/prometheus"
    tag_server: "v2.26.0"    
    requests:
      cpu: "100m"
      memory: "512Mi"
    limits:
      cpu: "500m"
      memory: "4Gi"
  pvc:
    requests:
      cpu: "100m"
      memory: "512Mi"
    limits:
      cpu: "500m"
      memory: "4Gi"
jaeger:
  image: "docker.io/jaegertracing/all-in-one"
  tag: "1.23"
  limits:
    cpu: "1"
    mem: "3Gi"
  requests:
    cpu: "25m"
    mem: "640Mi"

## If no value specified for section node selector, no nodeSelector 
## policies will be applied on the eva deployment.
nodeSelector:
  apptype: mesh

eva-admin-rabbitmq

It allows set RabbitMQ operator components for Syntphony CAI admin application, rabbitmq cluster operator and cert manager resources.

eva-admin-rabbitmq-server

It allows set RabbitMQ messaging topology operator components and eva-rabbitmq resources for Syntphony CAI admin application.

The code below is the eva-admin-rabbitmq-server Values.yaml:

global:
## @Section Pull secret
## If no value specified for section pull secret, neither the 
## secret nor the deployments will use authentication to Container Registry.
## imagePullSecrets must be under global seccion in this values.
  imagePullSecrets:
  #   - name: "containerregistrysecret"
  
## If no value specified for section nodeAffinity, no nodeAffinity 
## policies will be applied on the eva deployment.
nodeAffinity:
  - key: apptype
    operator: In
    values:
    - eva
## @Section RabbitMQ Configuration
rabbitmq:
  image: "rabbitmq"
  tag: "3.8.16-management"
  requests:
    cpu: "500m"
    mem: "1Gi"
  limits:
    cpu: "500m"
    mem: "1Gi"
  storage: "5Gi"
  hosts: "eva-rabbitmq-internal.eva.bot"

eva-admin-rabbitmq-config

It allows set rabbitMQ users, permissions, exchage and secrets.

## @section Global parameters for eva-admin-rabbitmq-server
global:

## @Section Pull secret
## If no value specified for section pull secret, neither the 
## secret nor the deployments will use authentication to Container Registry.
## imagePullSecrets must be under global seccion in this values.
  imagePullSecrets:
  #   - name: "containerregistrysecret"
  
## If no value specified for section nodeAffinity, no nodeAffinity 
## policies will be applied on the eva deployment.
nodeAffinity:
  - key: apptype
    operator: In
    values:
    - eva

## @Section RabbitMQ Configuration
rabbitmq:
  image: "rabbitmq"
  tag: "3.8.16-management"
  requests:
    cpu: "500m"
    mem: "1Gi"
  limits:
    cpu: "500m"
    mem: "1Gi"
  storage: "5Gi"
  hosts: "eva-rabbitmq-internal.eva.bot"

eva-admin-config-server

It allows deploy eva-config-server and components for eva admin application. The code below is the eva-admin-config-server Values.yaml:

## @Section Config Server
config_server:
  dbdriver: "org.mariadb.jdbc.Driver"  
  dburl: "jdbc:mariadb://172.30.2.20/eva_configuration?useSSL=false&serverTimezone=UTC"
  dbuser: "eva-config-server"
  ## These passwords are not in base64 encoded
  ## eva-config-server user pass
  dbpass: "*****"
  ## Admin RabbitMQ pass
  rabbitmq_pass: "****"
  ## Do not change; public key for config server
  encrypt_key_pass: "****"
  java_opt: ""
  hosts: "eva-config-server-internal.eva.bot"
  requests:
    cpu: "200m"
    memory: "300Mi"
  container_registry: "gcr.io/calm-premise-168420/eva-dev"
  image_tag: "4.1.0"
 
## @Section nodeSelector Eva
## If no value specified for section node selector, no nodeSelector
## policies will be applied on the eva deployment.
nodeSelector:
  apptype: eva
   
## @Section Pull secret
## If no value specified for section pull secret, neither the
## secret nor the deployments will use authentication to Container Registry.
# imagePullSecrets:
#   - name: "containerregistrysecret"

eva-admin-config-server-post

Remember: Before executing, make sure that eva-config-server pod is deployed successfully.

This chart executes the eva-admin-config-job to apply admin configuration changes. The code below is the eva-admin-config-server-post Values.yaml:

## @Section Admin Config Server Global info 
## admin_instance_name used to set the label in default-config-data.json 
admin_instance_name: "admin-1"
## admin_config_server_profile used to set the profile in default-config-data.json 
admin_config_server_profile: "default"

## IP Admin Database
admin_db_ip: 172.30.2.20

## Database User Passwords
## These passwords are in clear text
eva_bot_admin_pwd: ******
eva_environment_pwd: ******
eva_object_store_pwd: ******
eva_organization_pwd: ******
eva_security_checker_pwd: ******
eva_user_pwd: ******
keycloak_pwd: ******

## Connection URLs
keycloak_url: https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot
admin_url: https://api-[YOUR-SERVICE]-env-admin.eva.bot
server_config_url: https://eva-config-server-internal.eva.bot
security_url: https://eva-security-checker-internal.eva.bot

## Minio Access
## These passwords are in clear text
eva_minio_access: ******
eva_minio_secret: ******

## Mongo Access
mongo_host: mongodb+srv://honeypot:[email protected]/
mongo_database: honeypot

## Jobs Configuration
backoffLimit: 10
restartPolicy: OnFailure
container_registry: "gcr.io/calm-premise-168420/eva-dev"
releases_image_tags:
  eva_curl_sed: 1.0.0.0

eva-admin-keycloak-realm-post

Remember: Before executing, make sure that the keycloak pod is deployed successfully.

This chart executes eva-admin-keycloak-eva-bot-realm-job to create a new realm in keycloak and posteriorly clever-system user into this realm. For that we have the values.yaml below.

## Default values for eva-admin-keycloak-realm-post.
## This is a YAML-formatted file.

## @section Global parameters for eva-admin-server
global:
  ## cockpit properties
  cockpit:
    external_host: "hml-admin.eva.bot"
    api_url: "https://api-hml-admin.eva.bot"
  ### Keycloak properties
  keycloak:
    ## FQDN do Kubernets para esse serviço
    url: "http://keycloak-http.keycloak.svc.cluster.local:80"
    ### User used to log in keycloak
    auth:
      username: admin
      password: "password-in-clear-text"
    ### Users to be created in eva.bot realm
    users:
      clever:
        username: "clever-system"
        password: "u9679@FN_hu\\\"Dd$"
        email: "password-in-clear-text"

## Jobs Configuration
backoffLimit: 10
restartPolicy: OnFailure
container_registry: "gcr.io/calm-premise-168420/eva-prod"
releases_image_tags:
  eva_curl_sed: 1.0.0.0

eva-admin-server

This chart contains the following subcharts:

eva-envoy-config: it allows deploy Istio EnvoyFilter resources.
eva-core: it allows deploy several objects for eva admin cluster, eva-proxy, eva-bot-admin, eva-object-store, eva-environment, eva-organization, eva-security-checker, eva-cockpit and hpa resources.

The code below is the eva-admin-server Values.yaml:

## @section Global parameters for eva-admin-server
global:   

  ## @Section container registry and image tags. 
  ## Change tag to apply fixes and upgrades.
  ## Container registry
  container_registry: "gcr.io/calm-premise-168420/eva-hml"

  ## Image tags
  releases_image_tags:
    bot_admin: "4.1.0"
    cockpit: "4.1.0"
    environment: "4.1.0"
    organization: "4.1.0"
    security_checker: "4.1.0"
    object_storage: "4.1.0"
    user: "4.1.0"
    proxy: "4.1.0"

  ## @Section enabled customize deployment. 
  ## Set true to deploy optional components.
  enabled_components:
    alenabled: "false"

## @Section Admin RabbitMQ Secrets 
## These passwords are not in base64 encoded
  eva_bot_admin:
    pass: "*****"
  eva_environment:
    pass: "*****"
  eva_object_storage:
    pass: "*****"
  eva_organization:
    pass: "*****"
  eva_security_checker:
    pass: "*****"
  eva_user:
    pass: "*****"
  
  ## @Section Components
  eva:
    external_host: "api-[YOUR-SERVICE]-env-admin.eva.bot"

  bot_admin:    
    hpa:
      maxreplicas: 12
      minreplicas: 1
    internal_host: "eva-bot-admin-internal.eva.bot"  

  config_server:
    hpa:
      maxreplicas: 5
      minreplicas: 1  
        
  cockpit:
    external_host: "[YOUR-SERVICE]-env-admin.eva.bot"
    api_url: "https://api-[YOUR-SERVICE]-env-admin.eva.bot" 
    proxy_url: "https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot"
    help_lin: "https://docs.eva.bot/"
    support_link: "https://shori-public.clonika.com/"
    cockpit_url: "https://[YOUR-SERVICE]-env-admin.eva.bot"
    system_version: "4.0.1"

  eva_organization_url: http://eva-organization.eva-admin.svc.cluster.local:8080
  eva_user_url: http://eva-user.eva-admin.svc.cluster.local:8080
  eva_object_storage_url: "eva-object-storage-internal.eva.bot"

  environment:
    hpa:
      maxreplicas: 12
      minreplicas: 1
    internal_host: "eva-environment-internal.eva.bot"  

  organization:
    internal_host: "eva-organization-internal.eva.bot"
    hpa:
      maxreplicas: 12
      minreplicas: 1

  proxy:
    hpa:
      maxreplicas: 12
      minreplicas: 1
    external_host: "keycloak-[YOUR-SERVICE]-env-admin.eva.bot"
    internal_host: "eva-proxy-internal.eva.bot"

  security_checker:
    internal_host: "eva-security-checker-internal.eva.bot"
    hpa:
      maxreplicas: 12
      minreplicas: 1

  user:
    hpa:
      maxreplicas: 12
      minreplicas: 1
    internal_host: "eva-user-internal.eva.bot"

  ## @Section Admin Redis
  ## This password is not in base64 encoded
  redis_pass: "*****"
  redis_host: "172.30.0.20"
  redis_port: 6379
  redis_ssl: "false"
  
  ## @Section keycloak
  keycloak_domain: "keycloak-http"
  keycloak_token: "https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot" 
  keycloak_proxy: "keycloak-[YOUR-SERVICE]-env-admin.eva.bot"
  ## This password is not in base64 encoded
  keycloak_pass: "****"
  keycloak_user: "admin"

  ## @Section mailer
  mailer_host: "smtp.zoho.com"
  ## This password is not in base64 encoded
  mailer_port: 587
  mailer_user: "[email protected]"
  mailer_pass: "eva@2018"
  
  ## @Section nodeSelector Eva
  ## If no value specified for section node selector, 
  ## no nodeSelector policies will be applied.
  nodeSelector:
    apptype: eva
    
  ## @Section Pull secret
  ## If no value specified for section pull secret, neither 
  ## the secret nor the deployments will use authentication 
  ##to Container Registry.
  # imagePullSecrets:
  #   - name: "containerregistrysecret"

Configuration Charts

Configuration charts consists of several charts to apply configuration changes to a set elements in both admin and instances cluster. Each chart has a purpose.

eva-instance-config-server-post

Remember: Before creating a new instance, eva-instance-config-server-post chart has been released into admin cluster to apply configuration changes for an instance.

This chart executes two jobs to apply configurations changes for an instance:

instance-default-config-job: apply the default configuration for an instance.
instance-honeypot-config-job: apply the honeypot configuration for an instance.

The code below is the eva-instance-config-server-post Values.yaml:

## Instance Name
## Used to label in *-config-data.json
instance_name: "[YOUR-SERVICE]-env-instance2"
## Used to profile in *-config-data.json
instance_config_server_profile: "default"

## IP Admin Database
admin_db_ip: 172.30.2.20

## Database User Passwords
## This password is in clear text
eva_honeypot_pwd: ****

## Connection URLs
admin_url: https://api-[YOUR-SERVICE]-env-admin.eva.bot
cockpit_url: https://[YOUR-SERVICE]-env-admin.eva.bot
server_config_url: https://eva-config-server-internal.eva.bot
environment_url: https://eva-environment-internal.eva.bot
security_url: https://eva-security-checker-internal.eva.bot
user_url: https://eva-user-internal.eva.bot
bot_url: https://eva-bot-admin-internal.eva.bot
object_storage_internal_url: https://eva-object-storage-internal.eva.bot
clever_engine: http://35.244.207.245
keycloak_url: https://keycloak-[YOUR-SERVICE]-env.eva.bot
keycloak_realm: eva.bot

## Mongo Access
mongo_host: mongodb+srv://honeypot:*****@honeypot-pri.27npc.mongodb.net/
mongo_database: honeypot

## Jobs Configuration
backoffLimit: 10
restartPolicy: OnFailure
container_registry: "gcr.io/calm-premise-168420/eva-dev"
releases_image_tags:
  eva_curl_sed: 1.0.0.0

eva-register-instance

This chart executes a job to register a new instance. The code below is the eva-register-instace Values.yaml:

Remember: once the eva-instance-config-server-post chart has been released into admin cluster and before launching the instance charts, the next task is to register a new instance.

eva-organization

This chart executes a job to create a new organization for an instance. The code below is the eva-organization Values.yaml:

## @Section Organization Components
  organization:
  ## Admin cluster name
  ## admin_dns_output.value.public_dns_records.general.name - Use only the url prefix
  admin_url: [YOUR-SERVICE]-env-admin
  k8s_resources_name: plataforma
  company: Plataforma
  url: https://eva-organization-internal.eva.bot
  user: ana
  mail: [email protected]
  pass: ana
## @Section Job configuration 
backoffLimit: 1
restartPolicy: OnFailure
container_registry: "gcr.io/calm-premise-168420/eva-dev"
releases_image_tags:
eva_curl_sed: 1.0.0.0

eva-environment

This chart executes a job to create or update an environment for an instance. The code below is the eva-environment Values.yaml:

## @Section Environment Components
## Instance name
## Used to label in *-config-data.json
instance_name: "[YOUR-SERVICE]-env-instance2"
## Used to profile in *-config-data.json
instance_config_server_profile: "default"
org_name: Organizacion1
env_name: cust1env2
## Prefix Name in Database
env_db_user_name_prefix: cust1env2

## Database access
db_host: 172.30.2.21
db_opts: "?useSSL=false&serverTimezone=UTC&useUnicode=true"
db_schema_name: Plataforma-cust1env2

## Connection url
organization_url: https://eva-organization-internal.eva.bot
environment_url: https://eva-environment-internal.eva.bot
config_server_url: https://eva-config-server-internal.eva.bot
keycloak_url: https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot

## Mongo access
mongo:
  uri: mongodb+srv://org_1_env_1_mongo_user:****@org-1-cluster-pri.27npc.mongodb.net/Plataforma-cust1env1?retryWrites=true&maxPoolSize=40&minPoolSize=10&maxIdleTimeMS=30000&connectTimeoutMS=5000&socketTimeoutMS=5000&ssl=true
  schema: org_1_env_1_db  
  
## User Pass Database
## These passwords are in clear text
eva_answer_pwd: ****
eva_bot_pwd: ****
eva_channel_pwd: ****
eva_parameter_pwd: ****
eva_entity_pwd: ****
eva_tag_pwd: ****
eva_transaction_pwd: ****
eva_intent_pwd: ****
eva_wait_input_pwd: ****
eva_tr_pwd: ****
eva_broker_pwd: ****
eva_expire_session_pwd: ****
eva_automated_pwd: ****
eva_technical_pwd: ****
eva_facebook_pwd: ****
eva_infobip_pwd: ****
eva_al_pwd: ****
eva_al_training_pwd: ****

## Analytics User Pass Database
## These passwords are in clear text
eva_analytics_pwd: ****

## @Section Job configuration 
backoffLimit: 4
restartPolicy: OnFailure
container_registry: "gcr.io/calm-premise-168420/eva-dev"
releases_image_tags:
  eva_curl_sed: 1.0.0.0

Instance Charts

eva-instance-base-resources

eva-instance-base-resources allows you set base components for Syntphony CAI instance application. You can activate the section for pull secret if you need use authentication to container Registry. Also, it's possible to configure nodeSelector option for the deployment.

Remember: for a single server installation, set true single_installation in enabled_components into optional section in eva-instance-base-resources Values.yaml file.

The namespace Syntphony CAI is created and eva-gateway id deployed only if not single installation. The code below is the eva-instance-base-resources Values.yaml:

## @Section Admin Config Server Global info 
## Instance Name. Used to SPRING_CLOUD_CONFIG_LABEL
instance_name: "[YOUR-SERVICE]-env-instance2"
## Used to SPRING_CLOUD_CONFIG_PROFILE
instance_config_server_profile: "default"

## @Section optional components
enabled_components:
  ## This option allow install eva in a single server environment
  single_installation: "true"

## @Section Admin config   
config_server_url: "https://eva-config-server-internal.eva.bot/"
rabbitmq_host: "eva-rabbitmq-internal.eva.bot"

## @Section Redis 
redis_host: "172.30.0.4"
    ## This password is not in base64 encoded
redis_pass: "*****"
redis_port: 6379
redis_ssl: false
redis_cachetype: "redis"
    
## @Section TLS configures SSL certificates.
    ## These passwords are in in base64 encoded
eva_tls:
  crt:****
  key:****

eva-instance-saas-resources

Remember, eva-admin-saas-resources must only be used in eva-cloud installations, and this section should be ignored on eva-server installations.

It allows you set SaaS components for Syntphony CAI instance application, network policies, load balancer components and Istio Addons like, Prometheus, Grafana and Kiali. You can choose to deploy optional Istio tunning components. To do this, set true istio_tunning in the enabled_components section in values.yaml file. In addition, you can deploy Prometheus with a pvc, setting true prometheus_with_pvc in the enabled_components section as detailed below.

## @Section optional components
## Set true to deploy optional components.
enabled_components:
  ## This option deploys tunning features to Grafana, 
  ## Prometheus, Kiali and Tracing.
  istio_tunning: "true"
  ## This option allow install eva in a single server environment
  single_installation: "true"
  ## This option deploys Prometheus with pvc
  prometheus_with_pvc: "true"

Remember: for a single server installation, set true single_installation in enabled_components into optional section in eva-instance-saas-resources Values.yaml file.

Remember: once installed this chart, the ingress spreading to GKE can be delayed for 5 to 10 minutes.

The code below is the eva-admin-saas-resources Values.yaml:

## Instance Name. 
## For this chart is the base domain name for grafana, kiali, prometheus and tracing
## instances_output.value.INSTANCENAME.instance_dns_output.public_dns_records.general.name - Use only the url prefix
instance_name: "[YOUR-SERVICE]-env-instance2"
   
## @Section optional components
## Set true to deploy optional components.
enabled_components:
  ## This option deploys tunning features to Grafana, 
  ## Prometheus, Kiali and Tracing.
  istio_tunning: "true"
  ## This option allow install eva in a single server environment
  single_installation: "true"
  ## This option deploys Prometheus with pvc
  prometheus_with_pvc: "true"

## @Section network_policies
network_policies:
  ## The subnet mask used for honeypot cidr is always /32
  honeypot_cidr: "172.30.2.7/32"
  admin_cidr: "10.255.255.0/24"
  clever_cidr: "35.244.207.245/32"
  private_service_subnet_cidr: "10.210.96.0/20"
  redis_cidr: "10.210.97.0/29"
  elastic_cidr: "0.0.0.0/0"
  lex_cidr: "10.35.0.0/32"
  facebook_cidr: "0.0.0.0/0"
  infobip_cidr: "0.0.0.0/0"


## @Section Load Balancer
ingress_ip_name: "eva-multitenant-admin-ip"
ingress_host: "*.eva.bot"   

## @Section Addons Istio
grafana:  
  image: "grafana/grafana"
  tag: "7.5.5"
  requests:
    mem: "24Mi"
    cpu: "10m"
  limits:
   mem: "128Mi"
   cpu: "100m"
kiali:  
  image: "quay.io/kiali/kiali"
  tag: "v1.38"  
prometheus:  
  storage: "45Gi"
  containers:
    image_config_reload: "jimmidyson/configmap-reload"
    tag_config_reload: "v0.5.0"
    image_server: "prom/prometheus"
    tag_server: "v2.26.0"    
    requests:
      cpu: "100m"
      memory: "512Mi"
    limits:
      cpu: "500m"
      memory: "4Gi"
  pvc:
    requests:
      cpu: "100m"
      memory: "512Mi"
    limits:
      cpu: "500m"
      memory: "4Gi"
jaeger:
  image: "docker.io/jaegertracing/all-in-one"
  tag: "1.23"
  limits:
    cpu: "1"
    mem: "3Gi"
  requests:
    cpu: "25m"
    mem: "640Mi"

## If no value specified for section node selector, 
## no nodeSelector policies will be applied.
nodeSelector:
  apptype: mesh

eva-instance-server

This chart contains the following subcharts:

eva-instance-channel: deploy eva-channel and components and optionally deploy facebook, google-assistant and Infobip channels and hpas.
eva-instance-nlp: deploy optionally nlp resources.
eva-instance-training: deploy optionally training resources.
eva-instance-core: deploy several objects for Syntphony CAI instance cluster, eva-answer, eva-bot, eva-intent, … and hpa resources.

Remember: for a single server installation, set true single_installation in enabled_components into optional section in eva-instance-server Values.yaml file.

The code below is the eva-instance-server values.yaml:

global:
  ## Container registry
  container_registry: "gcr.io/calm-premise-168420/eva-hml"  
  ## Image tags
  releases_image_tags:
    ## Core components images tags
    channel: 4.1.0
    facebook: 4.1.0
    ga: 4.1.0
    infobip: 4.1.0
    df_nlp: 4.1.0
    luis_nlp: 4.1.0
    watson_nlp: 4.1.0
    clever_nlp: 4.1.0
    lex_nlp: 4.1.0
    df_tr: 4.1.0
    luis_tr: 4.1.0
    watson_tr: 4.1.0
    lex_training: 4.1.0
    clever_tr: 4.1.0
    tr: 4.1.0
    answer: 4.1.0
    automated_test: 4.1.0
    bot: 4.1.0
    cloner: 4.1.0
    entity: 4.1.0
    intent: 4.1.0
    parameter: 4.1.0
    tag: 4.1.0
    transactional_service: 4.1.0
    broker: 4.1.0
    dm: 4.1.0
    expire: 4.1.0
    masking: 4.1.0
    technical: 4.1.0
    wait: 4.1.0
    dashboard: 4.1.0
    al:  4.1.0
    al_nlp:  4.1.0
    al_training:  4.1.0

   
  ## @Section nodeSelector Eva
  ## If no value specified for section node selector, 
  ## no nodeSelector   ## policies will be applied.
  nodeSelector:
    apptype: eva
    
  ## @Section Pull secret
  ## If no value specified for section pull secret, neither the 
  ## secret nor the deployments will use authentication 
  ## to Container Registry.
  # imagePullSecrets:
  #   - name: "containerregistrysecret"
   
  ## @Section enabled_components
  ## Set true to deploy optional components.
  enabled_components:
    ## Allow install eva in a single server installation
    single_installation: "true"
    al_enabled: "true"    
    technical_log: "true"   
    ## NLP components
    df: "true"
    luis: "true"
    watson: "true"
    clever: "true"
    lex: "true"
    ## Training components
    df_tr: "true"
    luis_tr: "true"
    watson_tr: "true"
    clever_tr: "true"   
    lex_tr: "true"
    ## Channel adapters
    facebook: "true"
    ga: "true"
    infobip: "true"
    ## Analytics
    dashboard: "true"

 ## @Section urls
  eva_proxy_url: eva-proxy-internal.eva.bot
  api_instance_host: api-[YOUR-SERVICE]-env-instance.eva.bot
  environment_url: https://eva-environment-internal.eva.bot  

  ## @Section Instance RabbitMQ Passwords
      ## These passwords are in clear text
  eva_bot:
    pass: "******"
  eva_channel:
    pass: "******"
  eva_parameter:
    pass: "******"
  eva_tag:
    pass: "******"
  eva_dialog_manager:
    pass: "******"
  eva_transactional_service:
    pass: "******"
  eva_wait_input:
    pass: "******"
  eva_intent:
    pass: "******"
  eva_entity:
    pass: "******"
  eva_answer:
    pass: "******"
  eva_training:
    pass: "******"
  eva_broker:
    pass: "******"
  eva_clever_nlp:
    pass: "******"
  eva_clever_training:
    pass: "******"
  eva_luis_nlp:
    pass: "******"
  eva_luis_training:
    pass: "******"
  eva_expire_session:
    pass: "******"
  eva_cloner:
    pass: "******"
  eva_dialogflow_nlp:
    pass: "******"
  eva_dialogflow_training:
    pass: "******"
  eva_automated_tests:
    pass: "******"
  eva_technical_log:
    pass: "******"
  eva_watson_nlp:
    pass: "******"
  eva_watson_training:
    pass: "******"
  eva_lex_nlp:
    pass: "******"
  eva_lex_training:
    pass: "******"
  eva_masking_clever:
    pass: "******"
  eva_facebook:
    pass: "******"
  eva_infobip:
    pass: "******"
  eva_google_assistant:
    pass: "******"
  eva_dashboard:
    pass: "******"
  eva_al:
    pass: "******"
  eva_al_nlp:
    pass: "******"
  eva_al_training:
    pass: "******"

   
  ## @Section channels
  channel:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  facebook:
    hpa:
      maxreplicas: 6
      minreplicas: 1
  ga:
    hpa:
      maxreplicas: 6
      minreplicas: 1
  infobip:
    hpa:
      maxreplicas: 6
      minreplicas: 1

  ## @Section nlps
  clever_nlp:
    url: "http://35.244.207.245"
    hpa:
      maxreplicas: 12
      minreplicas: 1
  df_nlp:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  luis_nlp:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  watson_nlp:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  lex_nlp:
    hpa:
      maxreplicas: 12
      minreplicas: 1

  ## @Section training
  tr:
    hpa:
      maxreplicas: 4
      minreplicas: 1
  clever_tr:
    hpa:
      maxreplicas: 2
      minreplicas: 1
  df_tr:
    hpa:
      maxreplicas: 2
      minreplicas: 1
  luis_tr:
    hpa:
      maxreplicas: 2
      minreplicas: 1
  watson_tr:
    hpa:
      maxreplicas: 2
      minreplicas: 1
     lex_tr:
       hpa:
         maxreplicas: 2
         minreplicas: 1
  
  ## @Section core
  answer:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  automated_test:
    hpa:
      maxreplicas: 2
      minreplicas: 1
  bot:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  cloner:
    hpa:
      maxreplicas: 2
      minreplicas: 1
  entity:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  intent:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  parameter:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  tag:
    hpa:
      maxreplicas: 1
      minreplicas: 1
  transactional_service:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  wait:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  broker:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  dm:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  expire:
    hpa:
      maxreplicas: 1
      minreplicas: 1
  masking:
    hpa:
      maxreplicas: 5
      minreplicas: 1
    deploy: "masking-[YOUR-SERVICE]-env"
  technical:
    hpa:
      maxreplicas: 6
      minreplicas: 1
  ## @section  AL
  al:
    hpa:
      maxreplicas: 1
      minreplicas: 1
  al_nlp:
    hpa:
      maxreplicas: 1
      minreplicas: 1
  al_training:
    hpa:
      maxreplicas: 1
      minreplicas: 1
 ## @section  Dashbooards
  dashboard:
    hpa:
      maxreplicas: 1
      minreplicas: 2
  

  ## @Section Redis
  redis_host: "172.30.0.4" 
      ## This password is in clear text
  redis_pass: "******"
  redis_port: 6379
  redis_ssl: "false"
  redis_cachetype: "redis"
  redis_job: "false"
  redis_time: "10000"

Usage

Admin Cluster

Once you have installed or checked the dependencies needed onto system (review the section Supported Configurations for this), execute in order, the following commands to deploy ADMIN charts for the eva admin cluster:

Install eva-admin-base-resources chart.

helm upgrade --install eva-admin-base-resources .

Additionally, install the eva-admin-saas-resources chart if you're installing an eva-cloud solution. Once installed, the ingress spreading to GKE can be delayed for 5 to 10 minutes.

Remember, eva-admin-saas-resources must only be used in eva-cloud installations, and the following command should be ignored on eva-server installations.

helm upgrade --install eva-admin-saas-resources .

2. Install eva-admin-rabbitmq chart.

 helm upgrade --install eva-admin-rabbitmq .

3. In this step, execute the following commands to install the codecentric/keycloak chart archive. You can isntall min.io with PVC or Google GCS. Read the files comments to know how to configure each. Run the next commands to install a minio on admin cluster using the Helm package manager

helm repo add codecentric https://codecentric.github.io/helm-charts
helm repo update
with PVC
helm upgrade --install -n minio -f minio\eva-minio-values.yaml minio minio/minio --version 7.0.2
with GCS
helm upgrade --install -n minio -f minio\eva-minio-values.yaml minio minio/minio --version 7.0.2 --set-file gcsgateway.gcsKeyJson=minio/gcsKey.json

4. In this step, execute the following commands to install the Minio chart archive:

helm repo add minio https://helm.min.io/
helm repo update
helm upgrade --install -n minio -f minio\eva-minio-values.yaml minio minio/minio --version 7.0.2

5. Install eva-admin-rabbitmq-server chart:

 helm upgrade --install eva-admin-rabbitmq-server .

6. Before executing, make sure that eva-rabbitmq-server pod is deployed successfully. Install eva-admin-rabbitmq-config chart:

 helm upgrade --install eva-admin-rabbitmq-config .

7. Install eva-admin-config-server chart:

 helm upgrade --install eva-admin-config-server .

8. Before executing, make sure that eva-config-server pod is deployed successfully. Install eva-admin-config-server-post chart:

 helm upgrade --install eva-admin-config-server-post .

9. We'll need to setup clever-system user in our keycloak, so install the eva-admin-keycloak-realm-post chart:

  helm upgrade --install eva-admin-keycloak-realm-post .

10. Install eva-admin-server chart:

 helm upgrade --install eva-admin-server .

Admin Configurations

Remember: before installing an instance, it is mandatory execute eva-instance-config-server-post chart into Admin cluster to apply configuration changes for an instance.

 helm upgrade --install eva-instance-config-server-post .

Remember: once the eva-instance-config-server-post chart has been released into admin cluster and before launching the instance charts, the next task is to register a new instance.

 helm upgrade --install eva-register-instance .

Instance Cluster

Once you have installed the admin cluster, execute in order, the following commands to deploy an eva INSTANCE helm charts for an eva instance cluster:

1. Install eva-instance-base-resources chart:

 helm upgrade --install eva-instace-base-resources .

Additionally, install the eva-admin-saas-resources chart if you're installing an eva-cloud solution. Once installed, the ingress spreading to GKE can be delayed for 5 to 10 minutes.

Remember, eva-admin-saas-resources must only be used in eva-cloud installations, and the following command should be ignored on eva-server installations.

 helm upgrade --install eva-instance-saas-resources .

2. Install eva-admin-rabbitmq chart

 helm upgrade --install eva-admin-rabbitmq .

Instance Configurations

Finally, execute the next commands to register and configure an organization and an environment for an instance:

helm upgrade --install eva-organization .
helm upgrade --install eva-environment .

Testing the charts

To debug templates, use the following options with the commands to have the server render the templates, and return the resulting manifest file:

helm upgrade --install eva-admin-base-resources . --dry-run --debug

To render chart templates locally and display the output, use the following command:

helm template .

To examine the chart for issues, use the following command:

helm lint .

Supported Configurations

These charts are currently tested against 4.0.0 version from Syntphony CAI 4 application. The table below shows the dependencies versions that have been tested:

Dependency

Version

Kubernetes

1.22.11

Helm

3.5.0

Istio

1.12.7

GKE

1.22.11-gke.400

README.md

There are three README.md file into eva4-helm-repository which provide the guide to configure and deploy eva 4 helm charts.

PreviousInfrastructure Guidelines NextMaintenance Methods

Last updated 1 year ago

Was this helpful?

hashtagWhy use Helm?

hashtagDescription

hashtagImportant Syntphony CAI 4 helm charts configuration

hashtagNodeSelector

hashtagPullSecret

hashtagRedis and MongoDB

hashtagSingle Installation

hashtagUsernames, service name and passwords

hashtagWait before executing the post config charts

hashtagAdmin Charts

hashtageva-admin-base-resources

hashtageva-admin-saas-resources

hashtageva-admin-rabbitmq

hashtageva-admin-rabbitmq-server

hashtageva-admin-rabbitmq-config

hashtageva-admin-config-server

hashtageva-admin-config-server-post

hashtageva-admin-keycloak-realm-post

hashtageva-admin-server

hashtagConfiguration Charts

hashtageva-register-instance

hashtageva-organization

hashtageva-environment

hashtagInstance Charts

hashtageva-instance-base-resources

hashtageva-instance-saas-resources

hashtageva-instance-server

hashtagUsage

hashtagAdmin Cluster

hashtagAdmin Configurations

hashtagInstance Cluster

hashtagInstance Configurations

hashtagTesting the charts

hashtagSupported Configurations

hashtagREADME.md

Why use Helm?

Description

Important Syntphony CAI 4 helm charts configuration

NodeSelector

PullSecret

Redis and MongoDB

Single Installation

Usernames, service name and passwords

Wait before executing the post config charts

Admin Charts

eva-admin-base-resources

eva-admin-saas-resources

eva-admin-rabbitmq

eva-admin-rabbitmq-server

eva-admin-rabbitmq-config

eva-admin-config-server

eva-admin-config-server-post

eva-admin-keycloak-realm-post

eva-admin-server

Configuration Charts

eva-register-instance

eva-organization

eva-environment

Instance Charts

eva-instance-base-resources

eva-instance-saas-resources

eva-instance-server

Usage

Admin Cluster

Admin Configurations

Instance Cluster

Instance Configurations

Testing the charts

Supported Configurations

README.md