Helm can make deployments easier and repeatable because all resources for an application are deployed by running one command:
$ helm install <chart>
With Helm, configuration settings are kept separate from the manifest formats. You can edit the configuration values without changing the rest of the manifest.
Configuration settings are in a values.yaml file. You update the runtime parameters in that file to deploy each application instance differently.
You can use single commands for installing, upgrading, and deleting eva releases. More information about Helm at https://helm.sh/.
Description
This chapter describes the design and governance for the eva 4 helm charts.
These helm charts are designed to be a lightweight way to configure, package and deploy eva admin and eva instance resources onto Kubernetes clusters, both for a single installation and multicluster installation. These charts are currently tested against the following versions:
eva application: 4.1.0
Helm: 3.5.0
Kubernetes: 1.22
Istio: 1.11.7
The GitLab repository for these charts is eva4-helm-repository. Following is a description of repository each folder:
eva-admin-charts
eva-admin-base-resources: a chart to deploy the base configurations for eva admin.
eva-admin-saas-resources: a chart to deploy the components for eva admin SaaS.
eva-admin-rabbitmq: a chart to deploy the rabbitmq cluster operator and cert manager for rabbitmq.
keycloak: contains the keycloak-values.yaml file to use with helm installation to deploy a keycloak.
minio: contains the values.yaml file to use with helm installation to install Minio.
eva-admin-rabbitmq-server: a chart to deploy the rabbitmq messaging topology operator and rabbitmq resources.
eva-admin-rabbitmq-config: a chart to deploy exchange, permissions, users, and secrets for the rabbitmq resources.
eva-admin-config-server: a chart to deploy the core component for eva config server.
eva-admin-config-server-post: a chart to deploy several configuration jobs for admin cluster.
eva-admin-keycloak-realm-post: a chart to create necessary realm to clever engine auth.
eva-admin-server: a chart to deploy the core component for eva admin application.
eva-instance-charts:
eva-instance-base-resources: a chart to deploy the base configurations for an eva instance.
eva-instance-saas-resources: a chart to deploy the components for eva instance SaaS. Only for eva-cloud.
eva-instance-server: this chart contains the following subcharts:
eva-core: a chart to deploy the core components for eva admin.
eva-envoy-config: a chart to deploy eva-decrypt-filter and eva-envoy-filter resources.
eva-configuration-charts:
eva-organization: chart to launch a job to create a new organization for the instance.
eva-instance-config-server-post: chart to run configurations jobs, where:
instance-default-config-job: apply the default configuration for an instance.
instance-honeypot-config-job: apply the honeypot configuration for an instance.
eva-environment: chart to launch a job to create or update an environment for the instance.
Important eva 4 helm charts configuration
eva deployment with Helm requires very little configuration to get started, but there are several components which must be considered before the installation:
NodeSelector
If the application environment is based on multi-node pool architecture, uncomment the nodeSelector section with the specific label into chart Values.yaml files, and check if the label has been added on node pools.
If there is no node selection constraint, comment the nodeSelector section into values.yaml files.
PullSecret
If the application environment uses a private container registry with authentication, uncomment the imagePullSecret section with the specific name chart values.yaml files.
If login information is not requiring, comment the imagePullSecret section into values.yaml files.
Redis and MongoDB
If the application environment uses a mongodb or/and redis as a service in the cloud, it will be mandatory to provide the configuration data of these cloud services into redis and mongo section of eva-admin-base-resources, eva-admin-server, eva-instance-base-resources, eva-instance-server and eva-enviroment values.yaml files.
Remember include the redis cidr range into eva-admin-saas-resources and eva-instance-saas-resources values.yaml.
Single Installation
For a single server cluster, set true the single_installation option into enabled_components in eva-instance-base-resources, eva-instance-saas-resources and eva-instance-server values.yaml files.
Usernames, service name and passwords
The following charts are not meant to be executed as they are - They contain fields such as passwords, usernames and service names (Found as [YOUR-SERVICE], 'password-in-plain-text', etc).
Please read carefully and make the proper substitutions for each of them.
Wait before executing the post config charts
During the admin cluster installation, keep in mind these tips:
Before executing eva-admin-rabbitmq-config chart, it must be validated that eva-rabbitmq-server pod has been successfully deployed.
Before executing eva-config-server-post chart, it must be validated that eva-config-server pod has been successfully deployed.
Before executing eva-admin-keycloak-realm-post chart, it must be validated that keycloak has been successfully installed.
Admin Charts
eva-admin-base-resources
eva-admin-base-resources allows you set base components for eva admin application. You can activate the section for pull secret if you need use authentication to container Registry. Also, it's possible to configure nodeSelector option for the deployment.
The following namespaces are deployed: eva-admin, minio and keycloak. Also, eva-gateway and eva-gateway-internal are installed.
The code below is the eva-admin-base-resources Values.yaml:
## @Section Admin Config Server Global info ## Used to SPRING_CLOUD_CONFIG_LABELadmin_instance_name:"admin-1"## Used to SPRING_CLOUD_CONFIG_PROFILEadmin_config_server_profile:"default"## @Section Admin Redis redis_host:"172.30.0.20"## This password is not in base64 encodedredis_pass:"password-in-clear-text"redis_port:6379redis_ssl:falseredis_cachetype:"redis"## @Section TLS: configures SSL certificates.## These passwords are in base64 encodedeva_tls:crt:***key:***keycloak_tls:crt:***key:***## @Section Pull Secrets## If no value specified for section pull secret, neither the ## secret nor the deployments will use authentication to Container Registry.# imagePullSecrets: # name: "containerregistrysecret"# configjson: "***"
eva-admin-saas-resources
Remember, eva-admin-saas-resources must only be used in eva-cloud installations, and this section should be ignored on eva-server installations.
It allows you set SaaS components for eva admin application, network policies, load balancer components and Istio Addons like, Prometheus, Grafana and Kiali. You can choose to deploy optional Istio tunning components. To do this, set true istio_tunning in the enabled_components section in values.yaml file. In addition, you can deploy Prometheus with a pvc, setting true prometheus_with_pvc in the enabled_components section as detailed below:
This chart also allows to change the image tag version of each component, and container registry name. You can activate the section for pull secret if you need use authentication to container registry. Also, it's possible to configure nodeSelector option for the deployment. Do this with Values.yaml customization.
Remember: once installed this chart, the ingress spreading to GKE can be delayed for 5 to 10 minutes.
The code below is the eva-admin-saas-resources Values.yaml:
## Admin Name (without double quotes)## admin_dns_output.value.public_dns_records.general.name - Use only the url prefix ## For this chart is the base domain name for grafana, kiali, prometheus and tracingadmin_name: [YOUR-SERVICE]-env-admin## @Section Optional Componentsenabled_components:## Set true to deploy extra config to Prometheus, Kiali and Tracing Istio istio_tunning:"true"## Set true to deploy Prometheus with persistenceprometheus_with_pvc:"true"## @Section Network Policiesnetwork_policies:redis_cidr:"172.30.0.16/28"## The subnet mask used for Mysql cidr is always /32mysql_cidr:"172.30.2.20/32"##IP Admin Cluster - admin global ip## The subnet mask used for admin global ip is always /32admin_cluster_ingress_ip:"34.111.219.60/32"## @Section Load Balanceringress_ip_name:"eva-multitenant-admin-ip"ingress_host:"*.eva.bot"## @Section Componentsgrafana:image:"grafana/grafana"tag:"7.5.5"requests:mem:"24Mi"cpu:"10m"limits:mem:"128Mi"cpu:"100m"kiali:image:"quay.io/kiali/kiali"tag:"v1.38"prometheus:storage:"45Gi"containers:image_config_reload:"jimmidyson/configmap-reload"tag_config_reload:"v0.5.0"image_server:"prom/prometheus"tag_server:"v2.26.0"requests:cpu:"100m"memory:"512Mi"limits:cpu:"500m"memory:"4Gi"pvc:requests:cpu:"100m"memory:"512Mi"limits:cpu:"500m"memory:"4Gi"jaeger:image:"docker.io/jaegertracing/all-in-one"tag:"1.23"limits:cpu:"1"mem:"3Gi"requests:cpu:"25m"mem:"640Mi"## If no value specified for section node selector, no nodeSelector ## policies will be applied on the eva deployment.nodeSelector:apptype:mesh
eva-admin-rabbitmq
It allows set RabbitMQ operator components for eva admin application, rabbitmq cluster operator and cert manager resources.
eva-admin-rabbitmq-server
It allows set RabbitMQ messaging topology operator components and eva-rabbitmq resources for eva admin application.
The code below is the eva-admin-rabbitmq-server Values.yaml:
global:## @Section Pull secret## If no value specified for section pull secret, neither the ## secret nor the deployments will use authentication to Container Registry.## imagePullSecrets must be under global seccion in this values.imagePullSecrets:# - name: "containerregistrysecret"## If no value specified for section nodeAffinity, no nodeAffinity ## policies will be applied on the eva deployment.nodeAffinity: - key:apptypeoperator:Invalues: - eva## @Section RabbitMQ Configurationrabbitmq:image:"rabbitmq"tag:"3.8.16-management"requests:cpu:"500m"mem:"1Gi"limits:cpu:"500m"mem:"1Gi"storage:"5Gi"hosts:"eva-rabbitmq-internal.eva.bot"
eva-admin-rabbitmq-config
It allows set rabbitMQ users, permissions, exchage and secrets.
## @section Global parameters for eva-admin-rabbitmq-serverglobal:## @Section Pull secret## If no value specified for section pull secret, neither the ## secret nor the deployments will use authentication to Container Registry.## imagePullSecrets must be under global seccion in this values.imagePullSecrets:# - name: "containerregistrysecret"## If no value specified for section nodeAffinity, no nodeAffinity ## policies will be applied on the eva deployment.nodeAffinity: - key:apptypeoperator:Invalues: - eva## @Section RabbitMQ Configurationrabbitmq:image:"rabbitmq"tag:"3.8.16-management"requests:cpu:"500m"mem:"1Gi"limits:cpu:"500m"mem:"1Gi"storage:"5Gi"hosts:"eva-rabbitmq-internal.eva.bot"
eva-admin-config-server
It allows deploy eva-config-server and components for eva admin application. The code below is the eva-admin-config-server Values.yaml:
## @Section Config Serverconfig_server:dbdriver:"org.mariadb.jdbc.Driver"dburl:"jdbc:mariadb://172.30.2.20/eva_configuration?useSSL=false&serverTimezone=UTC"dbuser:"eva-config-server"## These passwords are not in base64 encoded## eva-config-server user passdbpass:"*****"## Admin RabbitMQ passrabbitmq_pass:"****"## Do not change; public key for config serverencrypt_key_pass:"****"java_opt:""hosts:"eva-config-server-internal.eva.bot"requests:cpu:"200m"memory:"300Mi"container_registry:"gcr.io/calm-premise-168420/eva-dev"image_tag:"4.1.0"## @Section nodeSelector Eva## If no value specified for section node selector, no nodeSelector## policies will be applied on the eva deployment.nodeSelector:apptype:eva## @Section Pull secret## If no value specified for section pull secret, neither the## secret nor the deployments will use authentication to Container Registry.# imagePullSecrets:# - name: "containerregistrysecret"
eva-admin-config-server-post
Remember: Before executing, make sure that eva-config-server pod is deployed successfully.
This chart executes the eva-admin-config-job to apply admin configuration changes. The code below is the eva-admin-config-server-post Values.yaml:
## @Section Admin Config Server Global info ## admin_instance_name used to set the label in default-config-data.json admin_instance_name:"admin-1"## admin_config_server_profile used to set the profile in default-config-data.json admin_config_server_profile:"default"## IP Admin Databaseadmin_db_ip:172.30.2.20## Database User Passwords## These passwords are in clear texteva_bot_admin_pwd:******eva_environment_pwd:******eva_object_store_pwd:******eva_organization_pwd:******eva_security_checker_pwd:******eva_user_pwd:******keycloak_pwd:******## Connection URLskeycloak_url:https://keycloak-[YOUR-SERVICE]-env-admin.eva.botadmin_url:https://api-[YOUR-SERVICE]-env-admin.eva.botserver_config_url:https://eva-config-server-internal.eva.botsecurity_url:https://eva-security-checker-internal.eva.bot## Minio Access## These passwords are in clear texteva_minio_access:******eva_minio_secret:******## Mongo Accessmongo_host:mongodb+srv://honeypot:honeypot@honeypot-pri.27npc.mongodb.net/mongo_database:honeypot## Jobs ConfigurationbackoffLimit:10restartPolicy:OnFailurecontainer_registry:"gcr.io/calm-premise-168420/eva-dev"releases_image_tags:eva_curl_sed:1.0.0.0
eva-admin-keycloak-realm-post
Remember: Before executing, make sure that the keycloak pod is deployed successfully.
This chart executes eva-admin-keycloak-eva-bot-realm-job to create a new realm in keycloak and posteriorly clever-system user into this realm. For that we have the values.yaml below.
## Default values for eva-admin-keycloak-realm-post.## This is a YAML-formatted file.## @section Global parameters for eva-admin-serverglobal:## cockpit propertiescockpit:external_host:"hml-admin.eva.bot"api_url:"https://api-hml-admin.eva.bot"### Keycloak propertieskeycloak:## FQDN do Kubernets para esse serviçourl:"http://keycloak-http.keycloak.svc.cluster.local:80"### User used to log in keycloakauth:username:adminpassword:"password-in-clear-text"### Users to be created in eva.bot realmusers:clever:username:"clever-system"password:"u9679@FN_hu\\\"Dd$"email:"password-in-clear-text"## Jobs ConfigurationbackoffLimit:10restartPolicy:OnFailurecontainer_registry:"gcr.io/calm-premise-168420/eva-prod"releases_image_tags:eva_curl_sed:1.0.0.0
eva-admin-server
This chart contains the following subcharts:
eva-envoy-config: it allows deploy Istio EnvoyFilter resources.
eva-core: it allows deploy several objects for eva admin cluster, eva-proxy, eva-bot-admin, eva-object-store, eva-environment, eva-organization, eva-security-checker, eva-cockpit and hpa resources.
The code below is the eva-admin-server Values.yaml:
## @section Global parameters for eva-admin-serverglobal:## @Section container registry and image tags. ## Change tag to apply fixes and upgrades.## Container registrycontainer_registry:"gcr.io/calm-premise-168420/eva-hml"## Image tagsreleases_image_tags:bot_admin:"4.1.0"cockpit:"4.1.0"environment:"4.1.0"organization:"4.1.0"security_checker:"4.1.0"object_storage:"4.1.0"user:"4.1.0"proxy:"4.1.0"## @Section enabled customize deployment. ## Set true to deploy optional components.enabled_components:alenabled:"false"## @Section Admin RabbitMQ Secrets ## These passwords are not in base64 encodedeva_bot_admin:pass:"*****"eva_environment:pass:"*****"eva_object_storage:pass:"*****"eva_organization:pass:"*****"eva_security_checker:pass:"*****"eva_user:pass:"*****"## @Section Componentseva:external_host:"api-[YOUR-SERVICE]-env-admin.eva.bot"bot_admin:hpa:maxreplicas:12minreplicas:1internal_host:"eva-bot-admin-internal.eva.bot"config_server:hpa:maxreplicas:5minreplicas:1cockpit:external_host:"[YOUR-SERVICE]-env-admin.eva.bot"api_url:"https://api-[YOUR-SERVICE]-env-admin.eva.bot"proxy_url:"https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot"help_lin:"https://docs.eva.bot/"support_link:"https://umane.everis.com/jiraserver/servicedesk/customer/portal/94"cockpit_url:"https://[YOUR-SERVICE]-env-admin.eva.bot"system_version:"4.0.1"eva_organization_url:http://eva-organization.eva-admin.svc.cluster.local:8080eva_user_url:http://eva-user.eva-admin.svc.cluster.local:8080eva_object_storage_url:"eva-object-storage-internal.eva.bot"environment:hpa:maxreplicas:12minreplicas:1internal_host:"eva-environment-internal.eva.bot"organization:internal_host:"eva-organization-internal.eva.bot"hpa:maxreplicas:12minreplicas:1proxy:hpa:maxreplicas:12minreplicas:1external_host:"keycloak-[YOUR-SERVICE]-env-admin.eva.bot"internal_host:"eva-proxy-internal.eva.bot"security_checker:internal_host:"eva-security-checker-internal.eva.bot"hpa:maxreplicas:12minreplicas:1user:hpa:maxreplicas:12minreplicas:1internal_host:"eva-user-internal.eva.bot"## @Section Admin Redis## This password is not in base64 encodedredis_pass:"*****"redis_host:"172.30.0.20"redis_port:6379redis_ssl:"false"## @Section keycloakkeycloak_domain:"keycloak-http"keycloak_token:"https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot"keycloak_proxy:"keycloak-[YOUR-SERVICE]-env-admin.eva.bot"## This password is not in base64 encodedkeycloak_pass:"****"keycloak_user:"admin"## @Section mailermailer_host:"smtp.zoho.com"## This password is not in base64 encodedmailer_port:587mailer_user:"no-reply@eva.bot"mailer_pass:"eva@2018"## @Section nodeSelector Eva## If no value specified for section node selector, ## no nodeSelector policies will be applied.nodeSelector:apptype:eva## @Section Pull secret## If no value specified for section pull secret, neither ## the secret nor the deployments will use authentication ##to Container Registry.# imagePullSecrets:# - name: "containerregistrysecret"
Configuration Charts
Configuration charts consists of several charts to apply configuration changes to a set elements in both admin and instances cluster. Each chart has a purpose.
eva-instance-config-server-post
Remember: Before creating a new instance, eva-instance-config-server-post chart has been released into admin cluster to apply configuration changes for an instance.
This chart executes two jobs to apply configurations changes for an instance:
instance-default-config-job: apply the default configuration for an instance.
instance-honeypot-config-job: apply the honeypot configuration for an instance.
The code below is the eva-instance-config-server-post Values.yaml:
## Instance Name## Used to label in *-config-data.jsoninstance_name:"[YOUR-SERVICE]-env-instance2"## Used to profile in *-config-data.jsoninstance_config_server_profile:"default"## IP Admin Databaseadmin_db_ip:172.30.2.20## Database User Passwords## This password is in clear texteva_honeypot_pwd:****## Connection URLsadmin_url:https://api-[YOUR-SERVICE]-env-admin.eva.botcockpit_url:https://[YOUR-SERVICE]-env-admin.eva.botserver_config_url:https://eva-config-server-internal.eva.botenvironment_url:https://eva-environment-internal.eva.botsecurity_url:https://eva-security-checker-internal.eva.botuser_url:https://eva-user-internal.eva.botbot_url:https://eva-bot-admin-internal.eva.botobject_storage_internal_url:https://eva-object-storage-internal.eva.botclever_engine:http://35.244.207.245keycloak_url:https://keycloak-[YOUR-SERVICE]-env.eva.botkeycloak_realm:eva.bot## Mongo Accessmongo_host:mongodb+srv://honeypot:*****@honeypot-pri.27npc.mongodb.net/mongo_database:honeypot## Jobs ConfigurationbackoffLimit:10restartPolicy:OnFailurecontainer_registry:"gcr.io/calm-premise-168420/eva-dev"releases_image_tags:eva_curl_sed:1.0.0.0
eva-register-instance
This chart executes a job to register a new instance. The code below is the eva-register-instace Values.yaml:
Remember: once the eva-instance-config-server-post chart has been released into admin cluster and before launching the instance charts, the next task is to register a new instance.
eva-organization
This chart executes a job to create a new organization for an instance. The code below is the eva-organization Values.yaml:
## @Section Organization Componentsorganization:## Admin cluster name## admin_dns_output.value.public_dns_records.general.name - Use only the url prefixadmin_url: [YOUR-SERVICE]-env-admink8s_resources_name:plataformacompany:Plataformaurl:https://eva-organization-internal.eva.botuser:anamail:ana@ana.compass:ana## @Section Job configuration backoffLimit:1restartPolicy:OnFailurecontainer_registry:"gcr.io/calm-premise-168420/eva-dev"releases_image_tags:eva_curl_sed:1.0.0.0
eva-environment
This chart executes a job to create or update an environment for an instance. The code below is the eva-environment Values.yaml:
## @Section Environment Components## Instance name## Used to label in *-config-data.jsoninstance_name:"[YOUR-SERVICE]-env-instance2"## Used to profile in *-config-data.jsoninstance_config_server_profile:"default"org_name:Organizacion1env_name:cust1env2## Prefix Name in Databaseenv_db_user_name_prefix:cust1env2## Database accessdb_host:172.30.2.21db_opts:"?useSSL=false&serverTimezone=UTC&useUnicode=true"db_schema_name:Plataforma-cust1env2## Connection urlorganization_url:https://eva-organization-internal.eva.botenvironment_url:https://eva-environment-internal.eva.botconfig_server_url:https://eva-config-server-internal.eva.botkeycloak_url:https://keycloak-[YOUR-SERVICE]-env-admin.eva.bot## Mongo accessmongo: uri: mongodb+srv://org_1_env_1_mongo_user:****@org-1-cluster-pri.27npc.mongodb.net/Plataforma-cust1env1?retryWrites=true&maxPoolSize=40&minPoolSize=10&maxIdleTimeMS=30000&connectTimeoutMS=5000&socketTimeoutMS=5000&ssl=true
schema:org_1_env_1_db## User Pass Database## These passwords are in clear texteva_answer_pwd:****eva_bot_pwd:****eva_channel_pwd:****eva_parameter_pwd:****eva_entity_pwd:****eva_tag_pwd:****eva_transaction_pwd:****eva_intent_pwd:****eva_wait_input_pwd:****eva_tr_pwd:****eva_broker_pwd:****eva_expire_session_pwd:****eva_automated_pwd:****eva_technical_pwd:****eva_facebook_pwd:****eva_infobip_pwd:****eva_al_pwd:****eva_al_training_pwd:****## Analytics User Pass Database## These passwords are in clear texteva_analytics_pwd:****## @Section Job configuration backoffLimit:4restartPolicy:OnFailurecontainer_registry:"gcr.io/calm-premise-168420/eva-dev"releases_image_tags:eva_curl_sed:1.0.0.0
Instance Charts
eva-instance-base-resources
eva-instance-base-resources allows you set base components for eva instance application. You can activate the section for pull secret if you need use authentication to container Registry. Also, it's possible to configure nodeSelector option for the deployment.
Remember: for a single server installation, set true single_installation in enabled_components into optional section in eva-instance-base-resources Values.yaml file.
The namespace eva is created and eva-gateway id deployed only if not single installation. The code below is the eva-instance-base-resources Values.yaml:
## @Section Admin Config Server Global info ## Instance Name. Used to SPRING_CLOUD_CONFIG_LABELinstance_name:"[YOUR-SERVICE]-env-instance2"## Used to SPRING_CLOUD_CONFIG_PROFILEinstance_config_server_profile:"default"## @Section optional componentsenabled_components:## This option allow install eva in a single server environmentsingle_installation:"true"## @Section Admin config config_server_url:"https://eva-config-server-internal.eva.bot/"rabbitmq_host:"eva-rabbitmq-internal.eva.bot"## @Section Redis redis_host:"172.30.0.4"## This password is not in base64 encodedredis_pass:"*****"redis_port:6379redis_ssl:falseredis_cachetype:"redis"## @Section TLS configures SSL certificates.## These passwords are in in base64 encodedeva_tls:crt:****key:****
eva-instance-saas-resources
Remember, eva-admin-saas-resources must only be used in eva-cloud installations, and this section should be ignored on eva-server installations.
It allows you set SaaS components for eva instance application, network policies, load balancer components and Istio Addons like, Prometheus, Grafana and Kiali. You can choose to deploy optional Istio tunning components. To do this, set true istio_tunning in the enabled_components section in values.yaml file. In addition, you can deploy Prometheus with a pvc, setting true prometheus_with_pvc in the enabled_components section as detailed below.
## @Section optional components## Set true to deploy optional components.enabled_components:## This option deploys tunning features to Grafana, ## Prometheus, Kiali and Tracing.istio_tunning:"true"## This option allow install eva in a single server environmentsingle_installation:"true"## This option deploys Prometheus with pvcprometheus_with_pvc:"true"
Remember: for a single server installation, set true single_installation in enabled_components into optional section in eva-instance-saas-resources Values.yaml file.
This chart also allows to change the image tag version of each component, and container registry name. You can activate the section for pull secret if you need use authentication to container registry. Also, it's possible to configure nodeSelector option for the deployment. Do this with Values.yaml customization.
Remember: once installed this chart, the ingress spreading to GKE can be delayed for 5 to 10 minutes.
The code below is the eva-admin-saas-resources Values.yaml:
## Instance Name. ## For this chart is the base domain name for grafana, kiali, prometheus and tracing## instances_output.value.INSTANCENAME.instance_dns_output.public_dns_records.general.name - Use only the url prefixinstance_name:"[YOUR-SERVICE]-env-instance2"## @Section optional components## Set true to deploy optional components.enabled_components:## This option deploys tunning features to Grafana, ## Prometheus, Kiali and Tracing.istio_tunning:"true"## This option allow install eva in a single server environmentsingle_installation:"true"## This option deploys Prometheus with pvcprometheus_with_pvc:"true"## @Section network_policiesnetwork_policies:## The subnet mask used for honeypot cidr is always /32honeypot_cidr:"172.30.2.7/32"admin_cidr:"10.255.255.0/24"clever_cidr:"35.244.207.245/32"private_service_subnet_cidr:"10.210.96.0/20"redis_cidr:"10.210.97.0/29"elastic_cidr:"0.0.0.0/0"lex_cidr:"10.35.0.0/32"facebook_cidr:"0.0.0.0/0"infobip_cidr:"0.0.0.0/0"## @Section Load Balanceringress_ip_name:"eva-multitenant-admin-ip"ingress_host:"*.eva.bot"## @Section Addons Istiografana:image:"grafana/grafana"tag:"7.5.5"requests:mem:"24Mi"cpu:"10m"limits:mem:"128Mi"cpu:"100m"kiali:image:"quay.io/kiali/kiali"tag:"v1.38"prometheus:storage:"45Gi"containers:image_config_reload:"jimmidyson/configmap-reload"tag_config_reload:"v0.5.0"image_server:"prom/prometheus"tag_server:"v2.26.0"requests:cpu:"100m"memory:"512Mi"limits:cpu:"500m"memory:"4Gi"pvc:requests:cpu:"100m"memory:"512Mi"limits:cpu:"500m"memory:"4Gi"jaeger:image:"docker.io/jaegertracing/all-in-one"tag:"1.23"limits:cpu:"1"mem:"3Gi"requests:cpu:"25m"mem:"640Mi"## If no value specified for section node selector, ## no nodeSelector policies will be applied.nodeSelector:apptype:mesh
eva-instance-server
This chart contains the following subcharts:
eva-instance-channel: deploy eva-channel and components and optionally deploy facebook, google-assistant and Infobipchannels and hpas.
eva-instance-training: deploy optionally training resources.
eva-instance-core: deploy several objects for eva instance cluster, eva-answer, eva-bot, eva-intent, … and hpa resources.
Remember: for a single server installation, set true single_installation in enabled_components into optional section in eva-instance-server Values.yaml file.
This chart also allows to change the image tag version of each component, and container registry name. You can activate the section for pull secret if you need use authentication to container registry. Also, it's possible to configure nodeSelector option for the deployment. Do this with values.yaml customization.
The code below is the eva-instance-server values.yaml:
global:## Container registrycontainer_registry:"gcr.io/calm-premise-168420/eva-hml"## Image tagsreleases_image_tags:## Core components images tagschannel:4.1.0facebook:4.1.0ga:4.1.0infobip:4.1.0df_nlp:4.1.0luis_nlp:4.1.0watson_nlp:4.1.0clever_nlp:4.1.0lex_nlp:4.1.0df_tr:4.1.0luis_tr:4.1.0watson_tr:4.1.0lex_training:4.1.0clever_tr:4.1.0tr:4.1.0answer:4.1.0automated_test:4.1.0bot:4.1.0cloner:4.1.0entity:4.1.0intent:4.1.0parameter:4.1.0tag:4.1.0transactional_service:4.1.0broker:4.1.0dm:4.1.0expire:4.1.0masking:4.1.0technical:4.1.0wait:4.1.0dashboard:4.1.0al:4.1.0al_nlp:4.1.0al_training:4.1.0## @Section nodeSelector Eva## If no value specified for section node selector, ## no nodeSelector ## policies will be applied.nodeSelector:apptype:eva## @Section Pull secret## If no value specified for section pull secret, neither the ## secret nor the deployments will use authentication ## to Container Registry.# imagePullSecrets:# - name: "containerregistrysecret"## @Section enabled_components## Set true to deploy optional components.enabled_components:## Allow install eva in a single server installationsingle_installation:"true"al_enabled:"true"technical_log:"true"## NLP componentsdf:"true"luis:"true"watson:"true"clever:"true"lex:"true"## Training componentsdf_tr:"true"luis_tr:"true"watson_tr:"true"clever_tr:"true"lex_tr:"true"## Channel adaptersfacebook:"true"ga:"true"infobip:"true"## Analyticsdashboard:"true"## @Section urlseva_proxy_url:eva-proxy-internal.eva.botapi_instance_host:api-[YOUR-SERVICE]-env-instance.eva.botenvironment_url:https://eva-environment-internal.eva.bot## @Section Instance RabbitMQ Passwords## These passwords are in clear texteva_bot:pass:"******"eva_channel:pass:"******"eva_parameter:pass:"******"eva_tag:pass:"******"eva_dialog_manager:pass:"******"eva_transactional_service:pass:"******"eva_wait_input:pass:"******"eva_intent:pass:"******"eva_entity:pass:"******"eva_answer:pass:"******"eva_training:pass:"******"eva_broker:pass:"******"eva_clever_nlp:pass:"******"eva_clever_training:pass:"******"eva_luis_nlp:pass:"******"eva_luis_training:pass:"******"eva_expire_session:pass:"******"eva_cloner:pass:"******"eva_dialogflow_nlp:pass:"******"eva_dialogflow_training:pass:"******"eva_automated_tests:pass:"******"eva_technical_log:pass:"******"eva_watson_nlp:pass:"******"eva_watson_training:pass:"******"eva_lex_nlp:pass:"******"eva_lex_training:pass:"******"eva_masking_clever:pass:"******"eva_facebook:pass:"******"eva_infobip:pass:"******"eva_google_assistant:pass:"******"eva_dashboard:pass:"******"eva_al:pass:"******"eva_al_nlp:pass:"******"eva_al_training:pass:"******"## @Section channelschannel:hpa:maxreplicas:12minreplicas:1facebook:hpa:maxreplicas:6minreplicas:1ga:hpa:maxreplicas:6minreplicas:1infobip:hpa:maxreplicas:6minreplicas:1## @Section nlpsclever_nlp:url:"http://35.244.207.245"hpa:maxreplicas:12minreplicas:1df_nlp:hpa:maxreplicas:12minreplicas:1luis_nlp:hpa:maxreplicas:12minreplicas:1watson_nlp:hpa:maxreplicas:12minreplicas:1lex_nlp:hpa:maxreplicas:12minreplicas:1## @Section trainingtr:hpa:maxreplicas:4minreplicas:1clever_tr:hpa:maxreplicas:2minreplicas:1df_tr:hpa:maxreplicas:2minreplicas:1luis_tr:hpa:maxreplicas:2minreplicas:1watson_tr:hpa:maxreplicas:2minreplicas:1lex_tr:hpa:maxreplicas:2minreplicas:1## @Section coreanswer:hpa:maxreplicas:12minreplicas:1automated_test:hpa:maxreplicas:2minreplicas:1bot:hpa:maxreplicas:12minreplicas:1cloner:hpa:maxreplicas:2minreplicas:1entity:hpa:maxreplicas:12minreplicas:1intent:hpa:maxreplicas:12minreplicas:1parameter:hpa:maxreplicas:12minreplicas:1tag:hpa:maxreplicas:1minreplicas:1transactional_service:hpa:maxreplicas:12minreplicas:1wait:hpa:maxreplicas:12minreplicas:1broker:hpa:maxreplicas:12minreplicas:1dm:hpa:maxreplicas:12minreplicas:1expire:hpa:maxreplicas:1minreplicas:1masking:hpa:maxreplicas:5minreplicas:1deploy:"masking-[YOUR-SERVICE]-env"technical:hpa:maxreplicas:6minreplicas:1## @section ALal:hpa:maxreplicas:1minreplicas:1al_nlp:hpa:maxreplicas:1minreplicas:1al_training:hpa:maxreplicas:1minreplicas:1## @section Dashbooardsdashboard:hpa:maxreplicas:1minreplicas:2## @Section Redisredis_host:"172.30.0.4"## This password is in clear textredis_pass:"******"redis_port:6379redis_ssl:"false"redis_cachetype:"redis"redis_job:"false"redis_time:"10000"
Usage
Admin Cluster
Once you have installed or checked the dependencies needed onto system (review the section Supported Configurations for this), execute in order, the following commands to deploy ADMIN charts for the eva admin cluster:
Install eva-admin-base-resources chart.
helmupgrade--installeva-admin-base-resources.
Additionally, install the eva-admin-saas-resources chart if you're installing an eva-cloud solution. Once installed, the ingress spreading to GKE can be delayed for 5 to 10 minutes.
Remember, eva-admin-saas-resources must only be used in eva-cloud installations, and the following command should be ignored on eva-server installations.
helmupgrade--installeva-admin-saas-resources.
2. Install eva-admin-rabbitmq chart.
helmupgrade--installeva-admin-rabbitmq.
3. In this step, execute the following commands to install the codecentric/keycloak chart archive. You can isntall min.io with PVC or Google GCS. Read the files comments to know how to configure each.
Run the next commands to install a minio on admin cluster using the Helm package manager
Remember: before installing an instance, it is mandatory execute eva-instance-config-server-post chart into Admin cluster to apply configuration changes for an instance.
Remember: once the eva-instance-config-server-post chart has been released into admin cluster and before launching the instance charts, the next task is to register a new instance.
helm upgrade --install eva-register-instance .
Instance Cluster
Once you have installed the admin cluster, execute in order, the following commands to deploy an eva INSTANCE helm charts for an eva instance cluster:
Additionally, install the eva-admin-saas-resources chart if you're installing an eva-cloud solution. Once installed, the ingress spreading to GKE can be delayed for 5 to 10 minutes.
Remember, eva-admin-saas-resources must only be used in eva-cloud installations, and the following command should be ignored on eva-server installations.
