Syntphony CAI server Installation guide

Why use Helm?

Helm can make deployments easier and repeatable because all resources for an application are deployed by running one command:

$ helm install <chart>

With Helm, configuration settings are kept separate from the manifest formats. You can edit the configuration values without changing the rest of the manifest.

Configuration settings are in a values.yaml file. You update the runtime parameters in that file to deploy each application instance differently.

You can use single commands for installing, upgrading, and deleting Syntphony CAI releases. More information about Helm at https://helm.sh/.

Description

This chapter describes the design and governance for the Syntphony CAI 4 helm charts.

These helm charts are designed to be a lightweight way to configure, package and deploy Syntphony CAI admin and Syntphony CAI instance resources onto Kubernetes clusters, both for a single installation and multicluster installation. These charts are currently tested against the following versions:

  • Syntphony CAI application: 4.1.0

  • Helm: 3.5.0

  • Kubernetes: 1.22

  • Istio: 1.11.7

The GitLab repository for these charts is eva4-helm-repository. Following is a description of repository each folder:

  • eva-admin-charts

    • eva-admin-base-resources: a chart to deploy the base configurations for Syntphony CAI admin.

    • eva-admin-saas-resources: a chart to deploy the components for Syntphony CAI admin SaaS.

    • eva-admin-rabbitmq: a chart to deploy the rabbitmq cluster operator and cert manager for rabbitmq.

    • keycloak: contains the keycloak-values.yaml file to use with helm installation to deploy a keycloak.

    • minio: contains the values.yaml file to use with helm installation to install Minio.

    • eva-admin-rabbitmq-server: a chart to deploy the rabbitmq messaging topology operator and rabbitmq resources.

    • eva-admin-rabbitmq-config: a chart to deploy exchange, permissions, users, and secrets for the rabbitmq resources.

    • eva-admin-config-server: a chart to deploy the core component for Syntphony CAI config server.

    • eva-admin-config-server-post: a chart to deploy several configuration jobs for admin cluster.

    • eva-admin-keycloak-realm-post: a chart to create necessary realm to clever engine auth.

    • eva-admin-server: a chart to deploy the core component for Syntphony CAI admin application.

  • eva-instance-charts:

    • eva-instance-base-resources: a chart to deploy the base configurations for an Syntphony CAI instance.

    • eva-instance-saas-resources: a chart to deploy the components for Syntphony CAI instance SaaS. Only for eva-cloud.

    • eva-instance-server: this chart contains the following subcharts:

      • eva-core: a chart to deploy the core components for Syntphony CAI admin.

      • eva-envoy-config: a chart to deploy eva-decrypt-filter and eva-envoy-filter resources.

  • eva-configuration-charts:

    • eva-organization: chart to launch a job to create a new organization for the instance.

    • eva-instance-config-server-post: chart to run configurations jobs, where:

      • instance-default-config-job: apply the default configuration for an instance.

      • instance-honeypot-config-job: apply the honeypot configuration for an instance.

    • eva-environment: chart to launch a job to create or update an environment for the instance.

Important Syntphony CAI 4 helm charts configuration

Syntphony CAI deployment with Helm requires very little configuration to get started, but there are several components which must be considered before the installation:

NodeSelector

If the application environment is based on multi-node pool architecture, uncomment the nodeSelector section with the specific label into chart Values.yaml files, and check if the label has been added on node pools.

If there is no node selection constraint, comment the nodeSelector section into values.yaml files.

PullSecret

If the application environment uses a private container registry with authentication, uncomment the imagePullSecret section with the specific name chart values.yaml files.

If login information is not requiring, comment the imagePullSecret section into values.yaml files.

Redis and MongoDB

If the application environment uses a mongodb or/and redis as a service in the cloud, it will be mandatory to provide the configuration data of these cloud services into redis and mongo section of eva-admin-base-resources, eva-admin-server, eva-instance-base-resources, eva-instance-server and eva-enviroment values.yaml files.

Remember include the redis cidr range into eva-admin-saas-resources and eva-instance-saas-resources values.yaml.

Single Installation

For a single server cluster, set true the single_installation option into enabled_components in eva-instance-base-resources, eva-instance-saas-resources and eva-instance-server values.yaml files.

Usernames, service name and passwords

The following charts are not meant to be executed as they are - They contain fields such as passwords, usernames and service names (Found as [YOUR-SERVICE], 'password-in-plain-text', etc). Please read carefully and make the proper substitutions for each of them.

Wait before executing the post config charts

During the admin cluster installation, keep in mind these tips:

  • Before executing eva-admin-rabbitmq-config chart, it must be validated that eva-rabbitmq-server pod has been successfully deployed.

  • Before executing eva-config-server-post chart, it must be validated that eva-config-server pod has been successfully deployed.

  • Before executing eva-admin-keycloak-realm-post chart, it must be validated that keycloak has been successfully installed.

Admin Charts

eva-admin-base-resources

eva-admin-base-resources allows you set base components for Syntphony CAI admin application. You can activate the section for pull secret if you need use authentication to container Registry. Also, it's possible to configure nodeSelector option for the deployment.

The following namespaces are deployed: eva-admin, minio and keycloak. Also, eva-gateway and eva-gateway-internal are installed.

The code below is the eva-admin-base-resources Values.yaml:

## @Section Admin Config Server Global info 
## Used to SPRING_CLOUD_CONFIG_LABEL
admin_instance_name: "admin-1"
 ## Used to SPRING_CLOUD_CONFIG_PROFILE
admin_config_server_profile: "default"

## @Section Admin Redis 
redis_host: "172.30.0.20"
## This password is not in base64 encoded
redis_pass: "password-in-clear-text"
redis_port: 6379
redis_ssl: false
redis_cachetype: "redis"
      
## @Section TLS: configures SSL certificates.
## These passwords are in base64 encoded
eva_tls:
  crt: ***
  key: ***
  
keycloak_tls:
  crt: ***
  key: ***
 
## @Section Pull Secrets
## If no value specified for section pull secret, neither the 
## secret nor the deployments will use authentication to Container Registry.
# imagePullSecrets: 
#   name: "containerregistrysecret"
#   configjson: "***"

eva-admin-saas-resources

Remember, eva-admin-saas-resources must only be used in eva-cloud installations, and this section should be ignored on eva-server installations.

It allows you set SaaS components for eva admin application, network policies, load balancer components and Istio Addons like, Prometheus, Grafana and Kiali. You can choose to deploy optional Istio tunning components. To do this, set true istio_tunning in the enabled_components section in values.yaml file. In addition, you can deploy Prometheus with a pvc, setting true prometheus_with_pvc in the enabled_components section as detailed below:

## @Section Optional Components
enabled_components:
  istio_tunning: "true"
  prometheus_with_pvc: "true"

This chart also allows to change the image tag version of each component, and container registry name. You can activate the section for pull secret if you need use authentication to container registry. Also, it's possible to configure nodeSelector option for the deployment. Do this with Values.yaml customization.

Remember: once installed this chart, the ingress spreading to GKE can be delayed for 5 to 10 minutes.

The code below is the eva-admin-saas-resources Values.yaml:

## Admin Name (without double quotes)
## admin_dns_output.value.public_dns_records.general.name - Use only the url prefix 
## For this chart is the base domain name for grafana, kiali, prometheus and tracing
admin_name: [YOUR-SERVICE]-env-admin

## @Section Optional Components
enabled_components:
  ## Set true to deploy extra config to Prometheus, Kiali and Tracing Istio 
  istio_tunning: "true"
  ## Set true to deploy Prometheus with persistence
  prometheus_with_pvc: "true"

## @Section Network Policies
network_policies:
  redis_cidr: "172.30.0.16/28"
  ## The subnet mask used for Mysql cidr is always /32
  mysql_cidr: "172.30.2.20/32"
  ##IP Admin Cluster - admin global ip
  ## The subnet mask used for admin global ip is always /32
  admin_cluster_ingress_ip: "34.111.219.60/32"

## @Section Load Balancer
ingress_ip_name: "eva-multitenant-admin-ip"
ingress_host: "*.eva.bot"   

## @Section Components
grafana:  
  image: "grafana/grafana"
  tag: "7.5.5"
  requests:
    mem: "24Mi"
    cpu: "10m"
  limits:
   mem: "128Mi"
   cpu: "100m"
kiali:  
  image: "quay.io/kiali/kiali"
  tag: "v1.38"  
prometheus:
  storage: "45Gi"
  containers:
    image_config_reload: "jimmidyson/configmap-reload"
    tag_config_reload: "v0.5.0"
    image_server: "prom/prometheus"
    tag_server: "v2.26.0"    
    requests:
      cpu: "100m"
      memory: "512Mi"
    limits:
      cpu: "500m"
      memory: "4Gi"
  pvc:
    requests:
      cpu: "100m"
      memory: "512Mi"
    limits:
      cpu: "500m"
      memory: "4Gi"
jaeger:
  image: "docker.io/jaegertracing/all-in-one"
  tag: "1.23"
  limits:
    cpu: "1"
    mem: "3Gi"
  requests:
    cpu: "25m"
    mem: "640Mi"

## If no value specified for section node selector, no nodeSelector 
## policies will be applied on the eva deployment.
nodeSelector:
  apptype: mesh

eva-admin-rabbitmq

It allows set RabbitMQ operator components for Syntphony CAI admin application, rabbitmq cluster operator and cert manager resources.

eva-admin-rabbitmq-server

It allows set RabbitMQ messaging topology operator components and eva-rabbitmq resources for Syntphony CAI admin application.

The code below is the eva-admin-rabbitmq-server Values.yaml:

global:
## @Section Pull secret
## If no value specified for section pull secret, neither the 
## secret nor the deployments will use authentication to Container Registry.
## imagePullSecrets must be under global seccion in this values.
  imagePullSecrets:
  #   - name: "containerregistrysecret"
  
## If no value specified for section nodeAffinity, no nodeAffinity 
## policies will be applied on the eva deployment.
nodeAffinity:
  - key: apptype
    operator: In
    values:
    - eva
## @Section RabbitMQ Configuration
rabbitmq:
  image: "rabbitmq"
  tag: "3.8.16-management"
  requests:
    cpu: "500m"
    mem: "1Gi"
  limits:
    cpu: "500m"
    mem: "1Gi"
  storage: "5Gi"
  hosts: "eva-rabbitmq-internal.eva.bot"

eva-admin-rabbitmq-config

It allows set rabbitMQ users, permissions, exchage and secrets.

## @section Global parameters for eva-admin-rabbitmq-server
global:

## @Section Pull secret
## If no value specified for section pull secret, neither the 
## secret nor the deployments will use authentication to Container Registry.
## imagePullSecrets must be under global seccion in this values.
  imagePullSecrets:
  #   - name: "containerregistrysecret"
  
## If no value specified for section nodeAffinity, no nodeAffinity 
## policies will be applied on the eva deployment.
nodeAffinity:
  - key: apptype
    operator: In
    values:
    - eva

## @Section RabbitMQ Configuration
rabbitmq:
  image: "rabbitmq"
  tag: "3.8.16-management"
  requests:
    cpu: "500m"
    mem: "1Gi"
  limits:
    cpu: "500m"
    mem: "1Gi"
  storage: "5Gi"
  hosts: "eva-rabbitmq-internal.eva.bot"

eva-admin-config-server

It allows deploy eva-config-server and components for eva admin application. The code below is the eva-admin-config-server Values.yaml:

## @Section Config Server
config_server:
  dbdriver: "org.mariadb.jdbc.Driver"  
  dburl: "jdbc:mariadb://172.30.2.20/eva_configuration?useSSL=false&serverTimezone=UTC"
  dbuser: "eva-config-server"
  ## These passwords are not in base64 encoded
  ## eva-config-server user pass
  dbpass: "*****"
  ## Admin RabbitMQ pass
  rabbitmq_pass: "****"
  ## Do not change; public key for config server
  encrypt_key_pass: "****"
  java_opt: ""
  hosts: "eva-config-server-internal.eva.bot"
  requests:
    cpu: "200m"
    memory: "300Mi"
  container_registry: "gcr.io/calm-premise-168420/eva-dev"
  image_tag: "4.1.0"
 
## @Section nodeSelector Eva
## If no value specified for section node selector, no nodeSelector
## policies will be applied on the eva deployment.
nodeSelector:
  apptype: eva
   
## @Section Pull secret
## If no value specified for section pull secret, neither the
## secret nor the deployments will use authentication to Container Registry.
# imagePullSecrets:
#   - name: "containerregistrysecret"

eva-admin-config-server-post

Remember: Before executing, make sure that eva-config-server pod is deployed successfully.

This chart executes the eva-admin-config-job to apply admin configuration changes. The code below is the eva-admin-config-server-post Values.yaml:

## @Section Admin Config Server Global info 
## admin_instance_name used to set the label in default-config-data.json 
admin_instance_name: "admin-1"
## admin_config_server_profile used to set the profile in default-config-data.json 
admin_config_server_profile: "default"

## IP Admin Database
admin_db_ip: 172.30.2.20

## Database User Passwords
## These passwords are in clear text
eva_bot_admin_pwd: ******
eva_environment_pwd: ******
eva_object_store_pwd: ******
eva_organization_pwd: ******
eva_security_checker_pwd: ******
eva_user_pwd: ******
keycloak_pwd: ******

## Connection URLs
keycloak_url: https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot
admin_url: https://api-[YOUR-SERVICE]-env-admin.eva.bot
server_config_url: https://eva-config-server-internal.eva.bot
security_url: https://eva-security-checker-internal.eva.bot

## Minio Access
## These passwords are in clear text
eva_minio_access: ******
eva_minio_secret: ******

## Mongo Access
mongo_host: mongodb+srv://honeypot:honeypot@honeypot-pri.27npc.mongodb.net/
mongo_database: honeypot

## Jobs Configuration
backoffLimit: 10
restartPolicy: OnFailure
container_registry: "gcr.io/calm-premise-168420/eva-dev"
releases_image_tags:
  eva_curl_sed: 1.0.0.0

eva-admin-keycloak-realm-post

Remember: Before executing, make sure that the keycloak pod is deployed successfully.

This chart executes eva-admin-keycloak-eva-bot-realm-job to create a new realm in keycloak and posteriorly clever-system user into this realm. For that we have the values.yaml below.

## Default values for eva-admin-keycloak-realm-post.
## This is a YAML-formatted file.

## @section Global parameters for eva-admin-server
global:
  ## cockpit properties
  cockpit:
    external_host: "hml-admin.eva.bot"
    api_url: "https://api-hml-admin.eva.bot"
  ### Keycloak properties
  keycloak:
    ## FQDN do Kubernets para esse serviço
    url: "http://keycloak-http.keycloak.svc.cluster.local:80"
    ### User used to log in keycloak
    auth:
      username: admin
      password: "password-in-clear-text"
    ### Users to be created in eva.bot realm
    users:
      clever:
        username: "clever-system"
        password: "u9679@FN_hu\\\"Dd$"
        email: "password-in-clear-text"

## Jobs Configuration
backoffLimit: 10
restartPolicy: OnFailure
container_registry: "gcr.io/calm-premise-168420/eva-prod"
releases_image_tags:
  eva_curl_sed: 1.0.0.0

eva-admin-server

This chart contains the following subcharts:

  • eva-envoy-config: it allows deploy Istio EnvoyFilter resources.

  • eva-core: it allows deploy several objects for eva admin cluster, eva-proxy, eva-bot-admin, eva-object-store, eva-environment, eva-organization, eva-security-checker, eva-cockpit and hpa resources.

The code below is the eva-admin-server Values.yaml:

## @section Global parameters for eva-admin-server
global:   

  ## @Section container registry and image tags. 
  ## Change tag to apply fixes and upgrades.
  ## Container registry
  container_registry: "gcr.io/calm-premise-168420/eva-hml"

  ## Image tags
  releases_image_tags:
    bot_admin: "4.1.0"
    cockpit: "4.1.0"
    environment: "4.1.0"
    organization: "4.1.0"
    security_checker: "4.1.0"
    object_storage: "4.1.0"
    user: "4.1.0"
    proxy: "4.1.0"

  ## @Section enabled customize deployment. 
  ## Set true to deploy optional components.
  enabled_components:
    alenabled: "false"

## @Section Admin RabbitMQ Secrets 
## These passwords are not in base64 encoded
  eva_bot_admin:
    pass: "*****"
  eva_environment:
    pass: "*****"
  eva_object_storage:
    pass: "*****"
  eva_organization:
    pass: "*****"
  eva_security_checker:
    pass: "*****"
  eva_user:
    pass: "*****"
  
  ## @Section Components
  eva:
    external_host: "api-[YOUR-SERVICE]-env-admin.eva.bot"

  bot_admin:    
    hpa:
      maxreplicas: 12
      minreplicas: 1
    internal_host: "eva-bot-admin-internal.eva.bot"  

  config_server:
    hpa:
      maxreplicas: 5
      minreplicas: 1  
        
  cockpit:
    external_host: "[YOUR-SERVICE]-env-admin.eva.bot"
    api_url: "https://api-[YOUR-SERVICE]-env-admin.eva.bot" 
    proxy_url: "https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot"
    help_lin: "https://docs.eva.bot/"
    support_link: "https://shori-public.clonika.com/"
    cockpit_url: "https://[YOUR-SERVICE]-env-admin.eva.bot"
    system_version: "4.0.1"

  eva_organization_url: http://eva-organization.eva-admin.svc.cluster.local:8080
  eva_user_url: http://eva-user.eva-admin.svc.cluster.local:8080
  eva_object_storage_url: "eva-object-storage-internal.eva.bot"

  environment:
    hpa:
      maxreplicas: 12
      minreplicas: 1
    internal_host: "eva-environment-internal.eva.bot"  

  organization:
    internal_host: "eva-organization-internal.eva.bot"
    hpa:
      maxreplicas: 12
      minreplicas: 1

  proxy:
    hpa:
      maxreplicas: 12
      minreplicas: 1
    external_host: "keycloak-[YOUR-SERVICE]-env-admin.eva.bot"
    internal_host: "eva-proxy-internal.eva.bot"

  security_checker:
    internal_host: "eva-security-checker-internal.eva.bot"
    hpa:
      maxreplicas: 12
      minreplicas: 1

  user:
    hpa:
      maxreplicas: 12
      minreplicas: 1
    internal_host: "eva-user-internal.eva.bot"

  ## @Section Admin Redis
  ## This password is not in base64 encoded
  redis_pass: "*****"
  redis_host: "172.30.0.20"
  redis_port: 6379
  redis_ssl: "false"
  
  ## @Section keycloak
  keycloak_domain: "keycloak-http"
  keycloak_token: "https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot" 
  keycloak_proxy: "keycloak-[YOUR-SERVICE]-env-admin.eva.bot"
  ## This password is not in base64 encoded
  keycloak_pass: "****"
  keycloak_user: "admin"

  ## @Section mailer
  mailer_host: "smtp.zoho.com"
  ## This password is not in base64 encoded
  mailer_port: 587
  mailer_user: "no-reply@eva.bot"
  mailer_pass: "eva@2018"
  
  ## @Section nodeSelector Eva
  ## If no value specified for section node selector, 
  ## no nodeSelector policies will be applied.
  nodeSelector:
    apptype: eva
    
  ## @Section Pull secret
  ## If no value specified for section pull secret, neither 
  ## the secret nor the deployments will use authentication 
  ##to Container Registry.
  # imagePullSecrets:
  #   - name: "containerregistrysecret"

Configuration Charts

Configuration charts consists of several charts to apply configuration changes to a set elements in both admin and instances cluster. Each chart has a purpose.

eva-instance-config-server-post

Remember: Before creating a new instance, eva-instance-config-server-post chart has been released into admin cluster to apply configuration changes for an instance.

This chart executes two jobs to apply configurations changes for an instance:

  • instance-default-config-job: apply the default configuration for an instance.

  • instance-honeypot-config-job: apply the honeypot configuration for an instance.

The code below is the eva-instance-config-server-post Values.yaml:

## Instance Name
## Used to label in *-config-data.json
instance_name: "[YOUR-SERVICE]-env-instance2"
## Used to profile in *-config-data.json
instance_config_server_profile: "default"

## IP Admin Database
admin_db_ip: 172.30.2.20

## Database User Passwords
## This password is in clear text
eva_honeypot_pwd: ****

## Connection URLs
admin_url: https://api-[YOUR-SERVICE]-env-admin.eva.bot
cockpit_url: https://[YOUR-SERVICE]-env-admin.eva.bot
server_config_url: https://eva-config-server-internal.eva.bot
environment_url: https://eva-environment-internal.eva.bot
security_url: https://eva-security-checker-internal.eva.bot
user_url: https://eva-user-internal.eva.bot
bot_url: https://eva-bot-admin-internal.eva.bot
object_storage_internal_url: https://eva-object-storage-internal.eva.bot
clever_engine: http://35.244.207.245
keycloak_url: https://keycloak-[YOUR-SERVICE]-env.eva.bot
keycloak_realm: eva.bot

## Mongo Access
mongo_host: mongodb+srv://honeypot:*****@honeypot-pri.27npc.mongodb.net/
mongo_database: honeypot

## Jobs Configuration
backoffLimit: 10
restartPolicy: OnFailure
container_registry: "gcr.io/calm-premise-168420/eva-dev"
releases_image_tags:
  eva_curl_sed: 1.0.0.0

eva-register-instance

This chart executes a job to register a new instance. The code below is the eva-register-instace Values.yaml:

Remember: once the eva-instance-config-server-post chart has been released into admin cluster and before launching the instance charts, the next task is to register a new instance.

eva-organization

This chart executes a job to create a new organization for an instance. The code below is the eva-organization Values.yaml:

## @Section Organization Components
  organization:
  ## Admin cluster name
  ## admin_dns_output.value.public_dns_records.general.name - Use only the url prefix
  admin_url: [YOUR-SERVICE]-env-admin
  k8s_resources_name: plataforma
  company: Plataforma
  url: https://eva-organization-internal.eva.bot
  user: ana
  mail: ana@ana.com
  pass: ana
## @Section Job configuration 
backoffLimit: 1
restartPolicy: OnFailure
container_registry: "gcr.io/calm-premise-168420/eva-dev"
releases_image_tags:
eva_curl_sed: 1.0.0.0

eva-environment

This chart executes a job to create or update an environment for an instance. The code below is the eva-environment Values.yaml:

## @Section Environment Components
## Instance name
## Used to label in *-config-data.json
instance_name: "[YOUR-SERVICE]-env-instance2"
## Used to profile in *-config-data.json
instance_config_server_profile: "default"
org_name: Organizacion1
env_name: cust1env2
## Prefix Name in Database
env_db_user_name_prefix: cust1env2

## Database access
db_host: 172.30.2.21
db_opts: "?useSSL=false&serverTimezone=UTC&useUnicode=true"
db_schema_name: Plataforma-cust1env2

## Connection url
organization_url: https://eva-organization-internal.eva.bot
environment_url: https://eva-environment-internal.eva.bot
config_server_url: https://eva-config-server-internal.eva.bot
keycloak_url: https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot

## Mongo access
mongo:
  uri: mongodb+srv://org_1_env_1_mongo_user:****@org-1-cluster-pri.27npc.mongodb.net/Plataforma-cust1env1?retryWrites=true&maxPoolSize=40&minPoolSize=10&maxIdleTimeMS=30000&connectTimeoutMS=5000&socketTimeoutMS=5000&ssl=true
  schema: org_1_env_1_db  
  
## User Pass Database
## These passwords are in clear text
eva_answer_pwd: ****
eva_bot_pwd: ****
eva_channel_pwd: ****
eva_parameter_pwd: ****
eva_entity_pwd: ****
eva_tag_pwd: ****
eva_transaction_pwd: ****
eva_intent_pwd: ****
eva_wait_input_pwd: ****
eva_tr_pwd: ****
eva_broker_pwd: ****
eva_expire_session_pwd: ****
eva_automated_pwd: ****
eva_technical_pwd: ****
eva_facebook_pwd: ****
eva_infobip_pwd: ****
eva_al_pwd: ****
eva_al_training_pwd: ****

## Analytics User Pass Database
## These passwords are in clear text
eva_analytics_pwd: ****

## @Section Job configuration 
backoffLimit: 4
restartPolicy: OnFailure
container_registry: "gcr.io/calm-premise-168420/eva-dev"
releases_image_tags:
  eva_curl_sed: 1.0.0.0

Instance Charts

eva-instance-base-resources

eva-instance-base-resources allows you set base components for Syntphony CAI instance application. You can activate the section for pull secret if you need use authentication to container Registry. Also, it's possible to configure nodeSelector option for the deployment.

Remember: for a single server installation, set true single_installation in enabled_components into optional section in eva-instance-base-resources Values.yaml file.

The namespace Syntphony CAI is created and eva-gateway id deployed only if not single installation. The code below is the eva-instance-base-resources Values.yaml:

## @Section Admin Config Server Global info 
## Instance Name. Used to SPRING_CLOUD_CONFIG_LABEL
instance_name: "[YOUR-SERVICE]-env-instance2"
## Used to SPRING_CLOUD_CONFIG_PROFILE
instance_config_server_profile: "default"

## @Section optional components
enabled_components:
  ## This option allow install eva in a single server environment
  single_installation: "true"

## @Section Admin config   
config_server_url: "https://eva-config-server-internal.eva.bot/"
rabbitmq_host: "eva-rabbitmq-internal.eva.bot"

## @Section Redis 
redis_host: "172.30.0.4"
    ## This password is not in base64 encoded
redis_pass: "*****"
redis_port: 6379
redis_ssl: false
redis_cachetype: "redis"
    
## @Section TLS configures SSL certificates.
    ## These passwords are in in base64 encoded
eva_tls:
  crt:****
  key:****

eva-instance-saas-resources

Remember, eva-admin-saas-resources must only be used in eva-cloud installations, and this section should be ignored on eva-server installations.

It allows you set SaaS components for Syntphony CAI instance application, network policies, load balancer components and Istio Addons like, Prometheus, Grafana and Kiali. You can choose to deploy optional Istio tunning components. To do this, set true istio_tunning in the enabled_components section in values.yaml file. In addition, you can deploy Prometheus with a pvc, setting true prometheus_with_pvc in the enabled_components section as detailed below.

## @Section optional components
## Set true to deploy optional components.
enabled_components:
  ## This option deploys tunning features to Grafana, 
  ## Prometheus, Kiali and Tracing.
  istio_tunning: "true"
  ## This option allow install eva in a single server environment
  single_installation: "true"
  ## This option deploys Prometheus with pvc
  prometheus_with_pvc: "true"

Remember: for a single server installation, set true single_installation in enabled_components into optional section in eva-instance-saas-resources Values.yaml file.

This chart also allows to change the image tag version of each component, and container registry name. You can activate the section for pull secret if you need use authentication to container registry. Also, it's possible to configure nodeSelector option for the deployment. Do this with Values.yaml customization.

Remember: once installed this chart, the ingress spreading to GKE can be delayed for 5 to 10 minutes.

The code below is the eva-admin-saas-resources Values.yaml:

## Instance Name. 
## For this chart is the base domain name for grafana, kiali, prometheus and tracing
## instances_output.value.INSTANCENAME.instance_dns_output.public_dns_records.general.name - Use only the url prefix
instance_name: "[YOUR-SERVICE]-env-instance2"
   
## @Section optional components
## Set true to deploy optional components.
enabled_components:
  ## This option deploys tunning features to Grafana, 
  ## Prometheus, Kiali and Tracing.
  istio_tunning: "true"
  ## This option allow install eva in a single server environment
  single_installation: "true"
  ## This option deploys Prometheus with pvc
  prometheus_with_pvc: "true"

## @Section network_policies
network_policies:
  ## The subnet mask used for honeypot cidr is always /32
  honeypot_cidr: "172.30.2.7/32"
  admin_cidr: "10.255.255.0/24"
  clever_cidr: "35.244.207.245/32"
  private_service_subnet_cidr: "10.210.96.0/20"
  redis_cidr: "10.210.97.0/29"
  elastic_cidr: "0.0.0.0/0"
  lex_cidr: "10.35.0.0/32"
  facebook_cidr: "0.0.0.0/0"
  infobip_cidr: "0.0.0.0/0"


## @Section Load Balancer
ingress_ip_name: "eva-multitenant-admin-ip"
ingress_host: "*.eva.bot"   

## @Section Addons Istio
grafana:  
  image: "grafana/grafana"
  tag: "7.5.5"
  requests:
    mem: "24Mi"
    cpu: "10m"
  limits:
   mem: "128Mi"
   cpu: "100m"
kiali:  
  image: "quay.io/kiali/kiali"
  tag: "v1.38"  
prometheus:  
  storage: "45Gi"
  containers:
    image_config_reload: "jimmidyson/configmap-reload"
    tag_config_reload: "v0.5.0"
    image_server: "prom/prometheus"
    tag_server: "v2.26.0"    
    requests:
      cpu: "100m"
      memory: "512Mi"
    limits:
      cpu: "500m"
      memory: "4Gi"
  pvc:
    requests:
      cpu: "100m"
      memory: "512Mi"
    limits:
      cpu: "500m"
      memory: "4Gi"
jaeger:
  image: "docker.io/jaegertracing/all-in-one"
  tag: "1.23"
  limits:
    cpu: "1"
    mem: "3Gi"
  requests:
    cpu: "25m"
    mem: "640Mi"

## If no value specified for section node selector, 
## no nodeSelector policies will be applied.
nodeSelector:
  apptype: mesh

eva-instance-server

This chart contains the following subcharts:

  • eva-instance-channel: deploy eva-channel and components and optionally deploy facebook, google-assistant and Infobip channels and hpas.

  • eva-instance-nlp: deploy optionally nlp resources.

  • eva-instance-training: deploy optionally training resources.

  • eva-instance-core: deploy several objects for Syntphony CAI instance cluster, eva-answer, eva-bot, eva-intent, … and hpa resources.

Remember: for a single server installation, set true single_installation in enabled_components into optional section in eva-instance-server Values.yaml file.

This chart also allows to change the image tag version of each component, and container registry name. You can activate the section for pull secret if you need use authentication to container registry. Also, it's possible to configure nodeSelector option for the deployment. Do this with values.yaml customization.

The code below is the eva-instance-server values.yaml:

global:
  ## Container registry
  container_registry: "gcr.io/calm-premise-168420/eva-hml"  
  ## Image tags
  releases_image_tags:
    ## Core components images tags
    channel: 4.1.0
    facebook: 4.1.0
    ga: 4.1.0
    infobip: 4.1.0
    df_nlp: 4.1.0
    luis_nlp: 4.1.0
    watson_nlp: 4.1.0
    clever_nlp: 4.1.0
    lex_nlp: 4.1.0
    df_tr: 4.1.0
    luis_tr: 4.1.0
    watson_tr: 4.1.0
    lex_training: 4.1.0
    clever_tr: 4.1.0
    tr: 4.1.0
    answer: 4.1.0
    automated_test: 4.1.0
    bot: 4.1.0
    cloner: 4.1.0
    entity: 4.1.0
    intent: 4.1.0
    parameter: 4.1.0
    tag: 4.1.0
    transactional_service: 4.1.0
    broker: 4.1.0
    dm: 4.1.0
    expire: 4.1.0
    masking: 4.1.0
    technical: 4.1.0
    wait: 4.1.0
    dashboard: 4.1.0
    al:  4.1.0
    al_nlp:  4.1.0
    al_training:  4.1.0

   
  ## @Section nodeSelector Eva
  ## If no value specified for section node selector, 
  ## no nodeSelector   ## policies will be applied.
  nodeSelector:
    apptype: eva
    
  ## @Section Pull secret
  ## If no value specified for section pull secret, neither the 
  ## secret nor the deployments will use authentication 
  ## to Container Registry.
  # imagePullSecrets:
  #   - name: "containerregistrysecret"
   
  ## @Section enabled_components
  ## Set true to deploy optional components.
  enabled_components:
    ## Allow install eva in a single server installation
    single_installation: "true"
    al_enabled: "true"    
    technical_log: "true"   
    ## NLP components
    df: "true"
    luis: "true"
    watson: "true"
    clever: "true"
    lex: "true"
    ## Training components
    df_tr: "true"
    luis_tr: "true"
    watson_tr: "true"
    clever_tr: "true"   
    lex_tr: "true"
    ## Channel adapters
    facebook: "true"
    ga: "true"
    infobip: "true"
    ## Analytics
    dashboard: "true"

 ## @Section urls
  eva_proxy_url: eva-proxy-internal.eva.bot
  api_instance_host: api-[YOUR-SERVICE]-env-instance.eva.bot
  environment_url: https://eva-environment-internal.eva.bot  

  ## @Section Instance RabbitMQ Passwords
      ## These passwords are in clear text
  eva_bot:
    pass: "******"
  eva_channel:
    pass: "******"
  eva_parameter:
    pass: "******"
  eva_tag:
    pass: "******"
  eva_dialog_manager:
    pass: "******"
  eva_transactional_service:
    pass: "******"
  eva_wait_input:
    pass: "******"
  eva_intent:
    pass: "******"
  eva_entity:
    pass: "******"
  eva_answer:
    pass: "******"
  eva_training:
    pass: "******"
  eva_broker:
    pass: "******"
  eva_clever_nlp:
    pass: "******"
  eva_clever_training:
    pass: "******"
  eva_luis_nlp:
    pass: "******"
  eva_luis_training:
    pass: "******"
  eva_expire_session:
    pass: "******"
  eva_cloner:
    pass: "******"
  eva_dialogflow_nlp:
    pass: "******"
  eva_dialogflow_training:
    pass: "******"
  eva_automated_tests:
    pass: "******"
  eva_technical_log:
    pass: "******"
  eva_watson_nlp:
    pass: "******"
  eva_watson_training:
    pass: "******"
  eva_lex_nlp:
    pass: "******"
  eva_lex_training:
    pass: "******"
  eva_masking_clever:
    pass: "******"
  eva_facebook:
    pass: "******"
  eva_infobip:
    pass: "******"
  eva_google_assistant:
    pass: "******"
  eva_dashboard:
    pass: "******"
  eva_al:
    pass: "******"
  eva_al_nlp:
    pass: "******"
  eva_al_training:
    pass: "******"

   
  ## @Section channels
  channel:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  facebook:
    hpa:
      maxreplicas: 6
      minreplicas: 1
  ga:
    hpa:
      maxreplicas: 6
      minreplicas: 1
  infobip:
    hpa:
      maxreplicas: 6
      minreplicas: 1

  ## @Section nlps
  clever_nlp:
    url: "http://35.244.207.245"
    hpa:
      maxreplicas: 12
      minreplicas: 1
  df_nlp:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  luis_nlp:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  watson_nlp:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  lex_nlp:
    hpa:
      maxreplicas: 12
      minreplicas: 1

  ## @Section training
  tr:
    hpa:
      maxreplicas: 4
      minreplicas: 1
  clever_tr:
    hpa:
      maxreplicas: 2
      minreplicas: 1
  df_tr:
    hpa:
      maxreplicas: 2
      minreplicas: 1
  luis_tr:
    hpa:
      maxreplicas: 2
      minreplicas: 1
  watson_tr:
    hpa:
      maxreplicas: 2
      minreplicas: 1
     lex_tr:
       hpa:
         maxreplicas: 2
         minreplicas: 1
  
  ## @Section core
  answer:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  automated_test:
    hpa:
      maxreplicas: 2
      minreplicas: 1
  bot:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  cloner:
    hpa:
      maxreplicas: 2
      minreplicas: 1
  entity:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  intent:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  parameter:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  tag:
    hpa:
      maxreplicas: 1
      minreplicas: 1
  transactional_service:
    hpa:
      maxreplicas: 12
      minreplicas: 1
  wait:
    hpa:
      maxreplicas: 12