Helm can make deployments easier and repeatable because all resources for an application are deployed by running one command:
$ helm install <chart>
With Helm, configuration settings are kept separate from the manifest formats. You can edit the configuration values without changing the rest of the manifest.
Configuration settings are in a values.yaml file. You update the runtime parameters in that file to deploy each application instance differently.
You can use single commands for installing, upgrading, and deleting eva releases. More information about Helm at https://helm.sh/.
Description
This chapter describes the design and governance for the eva helm charts.
These helm charts are designed to be a lightweight way to configure, package and deploy eva application onto Kubernetes clusters. These charts are currently tested against the following versions:
eva application: 3.4.1.0
Helm: 3.5.0
Kubernetes: 1.21
Istio: 1.11.4
The figure below shows the GitLab repository eva-helm-repository structure: Following is a description of each folder of the repository:
doc-resources: contains the documentation files explaining this approach.
eva-base-resources: a chart to deploy the base configurations for eva application.
eva-saas-resources: a chart to deploy the components for eva SaaS.
eva-server: a chart to deploy the core component for eva application.
istio-sample-file: contains the Istio Operator manifest, addons and extra configuration.
keycloak-files: contains the values.yaml file to use with helm installation and keycloak-realm.json file to configure realm in keycloak console.
mysql-scripts: contains sql scripts to create and configure mysql database.
Important eva helm charts configuration
eva deployment by Helm requires very little configuration to get started, but there are several components that must be considered before the installation:
NodeSelector
If the application environment is based on multi-node architecture, uncomment the nodeSelector section with the specific label into eva-base-resources and eva-server values.yaml files, and check if the label has been added on nodes.
If there is no node selection constraint, comment the nodeSelector section into values.yaml files.
PullSecret
If the application environment uses a private container registry with authentication, uncomment the imagePullSecret section with the specific name into eva-base-resources and eva-server values.yaml files.
If login information is not required, comment the imagePullSecret section into values.yaml files.
Redis and MongoDB
If the application environment uses a MongoDB or/and Redis as a service in the cloud, set to false the following fields, eva_redis, eva_cockpit_redis, and mongo in the enabled_components section into eva-base-resources values.yaml file, as shown in the image below:
## @Section enabled to customize deployment. set to true to deploy optional componentsenabled_components:## Storage componentseva_redis:"false"eva_cockpit_redis:"false"mongo:"false"
Then, it will be mandatory to provide the configuration data of these cloud services into Redis and MongoDB sections of eva-server values.yaml file.
If login information is not required, comment the imagePullSecret section into values.yaml files.
If they are not used as cloud services, set to true the following fields, eva_redis, eva_cockpit_redis, and mongo in the enabled_components section into eva-base-resources values.yaml file and use the Redis and mongo as configured by default.
eva-base-resources
eva-base-resources allow you set base components for eva application. You can choose to deploy optional components like eva-redis, eva-cockpit-redis, and MongoDB. Do this with values.yaml customization.
You can activate the section for pull secret if you need to use authentication to container Registry. Also, it´s possible to configure nodeSelector option for the deployment.
The following resources are mandatory for the deployment: eva-tls and the namespaces eva, keycloak11 an,d Minio.
Remember
Don't remove this chart once installed, resources such as Keycloack and MongoDB would be removed. Remove only if you want to uninstall eva application.
The code below is the eva-base-resources values.yaml:
# Default values for eva-base-resources. ## @section Global parameters for eva-base-resources. global:## Namespaces for Eva and Keycloak installations. namespace_eva:&nameeva"eva"namespace_keycloak:&namekeycloak"keycloak11"namespace_minio:"minio"## @Section enabled customize deployment. Set true to deploy optional components. enabled_components:## Storage components eva_redis:"true"eva_cockpit_redis:"true"mongo:"true"## @Section eva redis eva_redis_pass:&eva_redis_pass_default"020693"eva_redis_port:&eva_redis_port_default6379## @Section cockpit redis eva_cockpit_pass:&eva_cockpit_pass_default"M#g3Fh"eva_cockpit_port:&eva_cockpit_port_default6379## @Section Pull secret ## If no value specified for section pull secret, neither the ## secret nor the deployments will use authentication to Container Registry. #imagePullSecret: #name: "containerregistrysecret" #configjson: *** ## @Section TLS. Configures SSL certificates. eva_tls:crt:**** key:**** ## @Section eva-server parameters namespace:name: - *nameeva - *namekeycloak ## @Section eva_redis parameters eva_redis:config:data: - key:REDIS_PASSvalue:*eva_redis_pass_default image:repository:docker.io/redistag:3.2-alpinepullPolicy:Alwaysreplicas:1cpu:"200m"memory:"1Gi"service:redisPort:*eva_redis_port_default #nodeSelector: #apptype: storage ## @Section eva_cockpit parameters eva_cockpit:config:data: - key:REDIS_PASSvalue:*eva_cockpit_pass_default image:repository:docker.io/redistag:3.2-alpinepullPolicy:Alwaysreplicas:1cpu:"50m"memory:"50Mi"service:redisPort:*eva_cockpit_port_default #nodeSelector: #apptype: storage ## @Section mongo parameters mongo:image:repository:docker.io/mongotag:"4.0"pullPolicy:IfNotPresentreplicas:1environment:productioncpu:750mmemory:4Gistorage:10Gi#nodeSelector: #apptype: storage
eva-server chart
eva-server allows you to set core components for eva application. You can select to deploy optional components like automated-learning, masking, cockpit, question, nlp components and adapter.
This chart also allows changing the image tag version of each component, and container registry name. You can activate the section for pull secret if you need to use authentication to the container registry. Also, it's possible to configure nodeSelector option for the deployment. Do this with values.yaml customization.
The code below is the eva-server values.yaml:
# Default values for eva-server. ## @section Global parameters for eva-server global:## Namespaces for Eva and Keycloak installations. namespace_eva:"eva"namespace_keycloak:"keycloak11"## @Section enabled customize deployment. ## Set true to deploy optional components. enabled_components:alenabled:"false"## enabled to config broker to call masking maskingenabled:"false"## change url for custom masking connector maskingurl:"http://eva-masking-clever:8080"cockpit:"true"proxy:"true"question:"false"## deploy masking clever connector masking:"false"## NLP components dialogflow:"true"luis:"true"watson:"true"clever:"true"## Channel adapters facebook:"false"ga:"false"infobip:"false"## Set true to deploy the gateway for eva-server but not deploy saas gateway:"true"## @Section container registry and image tags. Change tag to apply fixes and upgrades. ## Container registry container_registry:"gcr.io/calm-pre***********"## Image tags releases_image_tags:## Core components images tags broker:3.4.1.0dialogmanager:3.4.1.0eva_training:3.4.1.0proxy:3.4.1.0cloner:3.4.1.0question:3.4.1.0masking:3.4.1.0## NLP adapters images tags clever:3.4.1.0luis:3.4.1.0watson:3.4.1.0df:3.4.1.0qna:3.4.1.0## Training images tags tr_clever:3.4.1.0tr_luis:3.4.1.0tr_watson:3.4.1.0tr_df:3.4.1.0## Automated Tests auto:3.4.1.0## Cockpit cockpit:3.4.1.0## Channel adapters images tags facebook:3.4.1.0ga:3.4.1.0infobip:3.4.1.0## Automated learning images tags al_nlp:3.4.1.0al_training:3.4.1.0os:3.4.1.0## @Section eva redis eva_redis_host:"eva-redis"eva_redis_pass:"020693"eva_redis_port:6379eva_redis_keep_alive_job:trueeva_redis_keep_alive_time:10000eva_redis_ssl:falseeva_cachetype:"redis"## @Section cockpit redis eva_cockpit_host:"eva-cockpit-v2-redis.eva.svc.cluster.local"eva_cockpit_pass:"M#g3Fh"eva_cockpit_port:6379eva_cockpit_keep_alive_job:trueeva_cockpit_keep_alive_time:"10000"eva_cockpit_SSL:false## @Section Mariadb evadb_ds_url:"jdbc:mariadb://eva3coedev.mysql.database.azure.com/alvoradadb3403?useSSL=false&serverTimezone=UTC"evadb_ds_user:"evacoeadmin@eva3coedev"evadb_ds_pass:"******"## @Section nodeSelector Eva ## If no value specified for section node selector, no nodeSelector ## policies will be applied on the eva deployment. #nodeSelector: #apptype: eva ## @Section Pull secret ## If no value specified for section pull secret, neither the ## secret nor the deployments will use authentication to Container Registry. #imagePullSecrets: #- name: "containerregistrysecret" ## @Section Broker broker:v1:host:"api-helm-env.eva.bot"prefix:"/"v2:enabled:trueprefix:"/v1.0/"hpa:minreplicas:2maxreplicas:7## @Section DialogManager dm:hpa:minreplicas:2maxreplicas:7## @Section Proxy proxy:keycloak_token:"https://keycloak11-helm-env.eva.bot"realm:"eva.bot"host:"keycloak11-helm-env.eva.bot"## @Section Cockpit cockpit:v1:host:"helm-env.eva.bot"prefix:"/"keycloak_master_username:"admin"keycloak_master_password:"yRsWVbqBZE9Ul9Ji"## keycloak_realm_public_key: Legacy need to have a value but is not used. Not need to be updated keycloak_realm_public_key:*** client_id:"eva-cockpit"keycloak_realm:"eva.bot"## keycloak_secret: Legacy need to have a value but is not used. Not need to be updated keycloak_secret:"b09a5c84-b590-4276-8ee9-f200e2f0eaca"cache_base_url:"https://api-helm-env.eva.bot"cockpit_url:"helm-env.eva.bot"db:host:"eva3coedev.mysql.database.azure.com"database:"alvoradadb3403"user:"evacoeadmin@eva3coedev"pass:"******"ssl:"false"## @Section Mongo evadm_db_url: "mongodb://mongo:27017/evadm?retryWrites=true&maxPoolSize=200&minPoolSize=50&maxIdleTimeMS=30000&connectTimeoutMS=5000&socketTimeoutMS=5000&ssl=false"
## @Section NLP adpaters clever_url:"http://34.107.137.81"## @Section hpa for NLP adapters df:hpa:minreplicas:1maxreplicas:7clever:hpa:minreplicas:1maxreplicas:7luis:hpa:minreplicas:1maxreplicas:7watson:hpa:minreplicas:1maxreplicas:7qna:hpa:minreplicas:1maxreplicas:7## @Section Minio eva_minio_access_key:"2HmGL_6feb!=3mfN"eva_minio_secret_key:"24YzxmsngM^BCW3%"eva_minio_url:"http://eva-minio.minio.svc.cluster.local:9000"## @Section Gateway gateway:http_port:80https_port:443## @Section Channels channels:facebook_host:"facebook-helm-env.eva.bot"facebook_prefix:"/"ga_host:"ga-helm-env.eva.bot"ga_prefix:"/"infobip_host:"infobip-helm-env.eva.bot"infobip_prefix:"/"
eva-saas-resources
eva-saas-resources allows you set components for deploy eva Saas application.
The code below is the eva-saas-resources values.yaml:
# Default values for eva-saas-resources. ## @@section Local parameters ingress_ip_name:"evacloud-wil-teste-dev-global-ip"ingress_host:"*.eva.bot"namespace_eva:"eva"namespace_keycloak:"keycloak11"ingress:port:8080keycloak:server:8443admin:9990cockpit:port:8080egress:micros:port:8080clever:cidr:"34.107.137.81/32"mysql:cidr:"0.0.0.0/0"port:3306redis:port:6379mongo:port:27017keycloak:smtp:587postgres:5432minio:port:9000## @Section Gateway gateway:http_port:80https_port:443
Usage
Once you have installed or checked the dependencies needed onto system (review the section Supported Configurations for this), execute in order, the following commands to deploy eva helm charts:
1 - Install eva-base-resources chart. Don´t remove this chart once installed, resources such as Keycloak and mongo pvc, ... would be removed.
helm upgrade --install eva-base-resources
2 - Install eva-saas-resources chart. Once installed it, the ingress spreading to GKE can be delayed for 5 to 10 minutes.
helm upgrade --install eva-saas-resources
3 - Install Keycloak. Once installed by helm, it must be manually configured:
