:orphan: .. _aizenworkflow: Install workflow components ============================ * Create namespace for workflow components .. code-block:: kubectl create ns aizen If you have Docker credential information, first create kubernetes secret for accessing Aizen images .. code-block:: kubectl create secret docker-registry aizenrepo-creds --docker-username=aizencorp --docker-password= -n aizen .. important:: Decide the basic authentication type that you would like to use for accessing Aizen Gui There are 4 different authentication type that can be specified * ldap (default) - *LDAP and Active directory* * auth0 - *OAuth based authentication like Github,Google, GitLab and so on* * keycloak - An open source for identity and access management (Single Sign On) * azure - Microsoft Entra ID based authentication For **Azure deployments** for non local STORAGE_TYPE, then please include additional properties as shown here. Default is local .. code-block:: global.storage_type=$STORAGE_TYPE,\ global.s3.azure.enabled=true,\ global.s3.azure.values.storage_account_name=$STORAGE_ACCOUNT_NAME,\ global.s3.azure.values.storage_access_key=$CLOUD_ACCESSKEY_ID,\ global.s3.azure.values.storage_connection_string=$CLOUD_SECRET_KEY Deploy workflow components .. code-block:: NAMESPACE=aizen INFRA_NAMESPACE=aizen-infra HELMCHART_LOCATION=aizen-workflow-helmcharts-1.0.0 STORAGE_CLASS= INGRESS_HOST= BUCKET_NAME= CLUSTER_NAME= CLOUD_ENDPOINT_URL= CLOUD_ACCESSKEY_ID= CLOUD_SECRET_KEY= CLOUD_PROVIDER_REGION= #S3 compatible minio,aws or azure CLOUD_PROVIDER_TYPE= #Needed for Azure #STORAGE_ACCOUNT_NAME= STORAGE_TYPE=local VAULT_AUTH_TYPE=azure NODESELECTOR_LABEL_NAME=agentpool NODESELECTOR_LABEL_VALUE=system #Options are: ldap,keycloak,azure,auth0 AUTH_TYPE=ldap SECURE_HTTPS=false INGRESS_ENABLED=false GATEWAY_ENABLED=true OPENAI_API_KEY= ANTHROPIC_API_KEY= #Needed only for cloudian CLOUD_ENDPOINT_IP= #Needed for gui if using secure communication AIZENGUI_FRONTEND_HOST= #IMAGE IMAGE_REPO=aizencorp IMAGE_REPO_SECRET= IMAGE_TAG=1.0.0 #PVC STORAGE_PERSISTENCE_SIZE=50Gi if [[ "$VAULT_AUTH_TYPE" = "azure" ]]; then AZUREAPP_VAULT_NAME=aizenai-vault AZUREAPP_CLIENT_ID=yyuytut AZUREAPP_TENANT_ID=d565hfghfh AZUREAPP_CLIENT_SECRET=jhkj fi if [[ "$AUTH_TYPE" = "ldap" ]]; then LDAP_SERVER_HOST="ldap://aizen-openldap-service.aizen-infra.svc.cluster.local:1389" LDAP_BIND_DN="uid={username}\,ou=users\,dc=aizencorp\,dc=local\,dc=com|uid={username}\,ou=people\,dc=aizencorp\,dc=local\,dc=com" LDAP_USER_DN="ou=users\,dc=aizencorp\,dc=local\,dc=com" LDAP_ADMIN_DN="cn=admin\,dc=aizencorp\,dc=local\,dc=com" LDAP_ADMIN_DNPWD="admin" LDAP_GROUP_DN="ou=groups\,dc=aizencorp\,dc=local\,dc=com" LDAP_ALLOWED_GROUPS="cn=dbgrp\,ou=groups\,dc=aizencorp\,dc=local\,dc=com" LDAP_SEARCH_FILTER="(uid={username})" AIZEN_ADMIN_USER="aizenadmin" elif [[ "$AUTH_TYPE" = "oauth" ]]; then AUTH0_DOMAIN="" AUTH0_AUDIENCE="" AUTH0_CLIENT_ID="test" AUTH0_CLIENT_SECRET="test" JWT_SECRET=$AUTH0_CLIENT_SECRET AIZEN_ADMIN_USER="aizenadmin" AUTH0_CALLBACK_URL="1.2.3.4/ns/console/hub/oauth_callback" elif [[ "$AUTH_TYPE" = "keycloak" ]]; then KEYCLOAK_URL=http://1.2.3.4:8080 KEYCLOAK_CLIENT_ID=aizengui KEYCLOAK_REALM=aizenrealm AIZEN_ADMIN_USER="aizenadmin" elif [[ "$AUTH_TYPE" = "azure" ]]; then AZUREAPP_CLIENT_ID=yyyyy AZUREAPP_TENANT_ID=xxxxx AIZEN_ADMIN_USER="aizenadmin" fi kubectl get ns ${NAMESPACE} >/dev/null 2>&1 || kubectl create ns ${NAMESPACE} #You don't need to change anything below this line helm -n $NAMESPACE install workflow $HELMCHART_LOCATION/aizen \ --set core.enabled=true,\ core.storage.volume_size=$STORAGE_PERSISTENCE_SIZE,\ global.clustername=$CLUSTER_NAME,\ global.s3.secrets.enabled=true,\ global.s3.endpoint_url=$CLOUD_ENDPOINT_URL,\ global.s3.endpoint_ip=$CLOUD_ENDPOINT_IP,\ global.s3.secrets.values.s3_access_key=$CLOUD_ACCESSKEY_ID,\ global.s3.secrets.values.s3_secret_key=$CLOUD_SECRET_KEY,\ global.customer_bucket_name=$BUCKET_NAME,\ global.storage_class=$STORAGE_CLASS,\ global.secure_https=$SECURE_HTTPS,\ global.cloud_provider_type=$CLOUD_PROVIDER_TYPE,\ global.cloud_provider_region=$CLOUD_PROVIDER_REGION,\ global.image_registry=$IMAGE_REPO,\ global.image_secret=$IMAGE_REPO_SECRET,\ global.image_tag=$IMAGE_TAG,\ global.ingress.host=$INGRESS_HOST,\ global.aizengui.admin_user=$AIZEN_ADMIN_USER,\ global.aizengui.auth_mode=$AUTH_TYPE,\ global.aizengui.ldap.server_host=$LDAP_SERVER_HOST,\ global.aizengui.ldap.admin_dn=$LDAP_ADMIN_DN,\ global.aizengui.ldap.user_search_base=$LDAP_USER_DN,\ global.aizengui.ldap.user_search_filter=$LDAP_SEARCH_FILTER,\ global.aizengui.ldap.secrets.ldap_admin_password=$LDAP_ADMIN_DNPWD,\ global.secure_https=$SECUTE_HTTPS,\ global.aizengui.secrets.anthropic_api_key=$ANTHROPIC_API_KEY,\ global.aizengui.secrets.openapi_api_key=$OPENAI_API_KEY,\ *******#Below properties are required if SECURE_HTTPS is enabled******* global.frontend_host=$AIZENGUI_FRONTEND_HOST,\ *******#Below properties are required for Azure******* global.storage_type=$STORAGE_TYPE,\ global.aizengui.azure.tenant_id=$AZUREAPP_TENANT_ID,\ global.aizengui.azure.client_id=$AZUREAPP_CLIENT_ID,\ global.vault.auth_type=$VAULT_AUTH_TYPE,\ global.vault.azure.keyvault_name=$AZUREAPP_VAULT_NAME,\ global.vault.azure.client_id=$AZUREAPP_CLIENT_ID,\ global.vault.azure.tenant_id=$AZUREAPP_TENANT_ID,\ global.vault.azure.secrets.client_secret=$AZUREAPP_CLIENT_SECRET ******#Below properties are required for Keycloak******* global.aizengui.keycloak.url=$KEYCLOAK_URL,\ global.aizengui.keycloak.realm=$KEYCLOAK_REALM,\ global.aizengui.keycloak.client_id=$KEYCLOAK_CLIENT_ID,\ *******#Below properties are required for Auth0******* global.aizengui.auth0.domain=$AUTH0_DOMAIN,\ global.aizengui.auth0.audience=$AUTH0_AUDIENCE,\ global.aizengui.auth0.secrets.auth0_client_id=$AUTH0_CLIENT_ID,\ global.aizengui.auth0.secrets.auth0_client_secret=$AUTH0_CLIENT_SECRET,\ global.aizengui.secrets.jwt_secret=$JWT_SECRET,\ .. _aizenworkflowstatus: Check deployment status for workflow components ------------------------------------------------ * Check the status of all worfklow components .. code-block:: kubectl -n aizen get pods * For any reason if any of the core components are not in **Running** state please check :ref:`troubleshooting section `