Install core components

• Create namespace for core components

kubectl create ns aizen

If you have Docker credential information, first create kubernetes secret for accessing Aizen images

kubectl create secret docker-registry aizenrepo-creds
--docker-username=aizencorp
--docker-password=<YOUR DOCKER CREDENTIALS>
-n aizen

Important

Decide the basic authentication type that you would like to use for accessing Aizen gui. There are different authentication type that can be specified

• ldap (default) - LDAP and Active directory

• auth0 - OAuth based authentication like Github,Google, GitLab and so on

• keycloak - An open source for identity and access management (Single Sign On)

• azure - Microsoft Entra ID based authentication

Multiple bind dn and multiple groups /host are all sepreated by ‘|’ but multiple users and admin users are all seperated by ‘,’

Note

Additional V2(will be deprecated) properties that needs be added during helm deployment of core components (V2 version)

For Azure deployments for non local STORAGE_TYPE, then please include additional properties as shown here. Default is local

global.storage_type=$STORAGE_TYPE,\
global.s3.azure.enabled=true,\
global.s3.azure.values.storage_account_name=$STORAGE_ACCOUNT_NAME,\
global.s3.azure.values.storage_access_key=$CLOUD_ACCESSKEY_ID,\
global.s3.azure.values.storage_connection_string=$CLOUD_SECRET_KEY

Deploy core components

NAMESPACE=aizen
INFRA_NAMESPACE=aizen-infra
HELMCHART_LOCATION=aizen-helmcharts-1.0.0

STORAGE_CLASS=
INGRESS_HOST=
BUCKET_NAME=
CLUSTER_NAME=

CLOUD_ENDPOINT_URL=
CLOUD_ACCESSKEY_ID=
CLOUD_SECRET_KEY=
CLOUD_PROVIDER_REGION=
#S3 compatible minio,aws or azure
CLOUD_PROVIDER_TYPE=

#Options are: ldap,keycloak,azure,auth0
AUTH_TYPE=ldap
SECURE_HTTPS=false
INGRESS_ENABLED=false
GATEWAY_ENABLED=true

#Needed for gui if using secure communication
AIZENGUI_FRONTEND_HOST=

OPENAI_API_KEY=
ANTHROPIC_API_KEY=

#Needed for Azure
#STORAGE_ACCOUNT_NAME=
STORAGE_TYPE=local
VAULT_AUTH_TYPE=azure
NODESELECTOR_LABEL_NAME=agentpool
NODESELECTOR_LABEL_VALUE=system

#Needed only for cloudian
CLOUD_ENDPOINT_IP=

#IMAGE
IMAGE_REPO=aizencorp
IMAGE_REPO_SECRET=
IMAGE_TAG=1.0.0

#MLFLOW
MLFLOW_ACCESSKEY_ID=
MLFLOW_SECRET_KEY=
MLFLOW_ENDPOINT_URL=
MLFLOW_ARTIFACT_DESTINATION=s3://
MLFLOW_ARTIFACT_REGION=

#PVC
STORAGE_PERSISTENCE_SIZE=50Gi

if [[ "$VAULT_AUTH_TYPE" = "azure" ]]; then
   AZUREAPP_VAULT_NAME=aizenai-vault
   AZUREAPP_CLIENT_ID=yyuytut
   AZUREAPP_TENANT_ID=d565hfghfh
   AZUREAPP_CLIENT_SECRET=jhkj
fi

if [[ "$AUTH_TYPE" = "ldap" ]]; then
   LDAP_SERVER_HOST="ldap://aizen-openldap-service.aizen-infra.svc.cluster.local:1389"
   LDAP_BIND_DN="uid={username}\,ou=users\,dc=aizencorp\,dc=local\,dc=com|uid={username}\,ou=people\,dc=aizencorp\,dc=local\,dc=com"
   LDAP_USER_DN="ou=users\,dc=aizencorp\,dc=local\,dc=com"
   LDAP_ADMIN_DN="cn=admin\,dc=aizencorp\,dc=local\,dc=com"
   LDAP_ADMIN_DNPWD="admin"
   LDAP_GROUP_DN="ou=groups\,dc=aizencorp\,dc=local\,dc=com"
   LDAP_ALLOWED_GROUPS="cn=dbgrp\,ou=groups\,dc=aizencorp\,dc=local\,dc=com"
   LDAP_SEARCH_FILTER="(uid={username})"
   AIZEN_ADMIN_USER="aizenadmin"
elif [[ "$AUTH_TYPE" = "oauth" ]]; then
   AUTH0_DOMAIN=""
   AUTH0_AUDIENCE=""
   AUTH0_CLIENT_ID="test"
   AUTH0_CLIENT_SECRET="test"
   JWT_SECRET=$AUTH0_CLIENT_SECRET
   AIZEN_ADMIN_USER="aizenadmin"
   AUTH0_CALLBACK_URL="1.2.3.4/ns/console/hub/oauth_callback"
elif [[ "$AUTH_TYPE" = "keycloak" ]]; then
   KEYCLOAK_URL=http://1.2.3.4:8080
   KEYCLOAK_CLIENT_ID=aizengui
   KEYCLOAK_REALM=aizenrealm
   AIZEN_ADMIN_USER="aizenadmin"
elif [[ "$AUTH_TYPE" = "azure" ]]; then
   AZUREAPP_CLIENT_ID=yyyyy
   AZUREAPP_TENANT_ID=xxxxx
   AIZEN_ADMIN_USER="aizenadmin"
fi

kubectl get ns ${NAMESPACE} >/dev/null 2>&1 || kubectl create ns ${NAMESPACE}

#You don't need to change anything below this line
helm -n $NAMESPACE install aizencore $HELMCHART_LOCATION/aizen \
--set core.enabled=true,\
core.storage.volume_size=$STORAGE_PERSISTENCE_SIZE,\
global.clustername=$CLUSTER_NAME,\
global.s3.secrets.enabled=true,\
global.s3.endpoint_url=$CLOUD_ENDPOINT_URL,\
global.s3.endpoint_ip=$CLOUD_ENDPOINT_IP,\
global.s3.secrets.values.s3_access_key=$CLOUD_ACCESSKEY_ID,\
global.s3.secrets.values.s3_secret_key=$CLOUD_SECRET_KEY,\
global.customer_bucket_name=$BUCKET_NAME,\
global.storage_class=$STORAGE_CLASS,\
global.secure_https=$SECURE_HTTPS,\
global.mlflow.artifact.region=$MLFLOW_ARTIFACT_REGION,\
global.mlflow.artifact.secrets.values.mlflow_access_key_id=$MLFLOW_ACCESSKEY_ID,\
global.mlflow.artifact.secrets.values.mlflow_access_secret_key=$MLFLOW_SECRET_KEY,\
global.mlflow.artifact.secrets.values.mlflow_endpoint_url=$MLFLOW_ENDPOINT_URL,\
global.mlflow.artifact.secrets.values.mlflow_artifacts_destination=$MLFLOW_ARTIFACT_DESTINATION,\
global.cloud_provider_type=$CLOUD_PROVIDER_TYPE,\
global.cloud_provider_region=$CLOUD_PROVIDER_REGION,\
global.image_registry=$IMAGE_REPO,\
global.image_secret=$IMAGE_REPO_SECRET,\
global.image_tag=$IMAGE_TAG,\
global.ingress.host=$INGRESS_HOST,\
global.aizengui.admin_user=$AIZEN_ADMIN_USER,\
global.aizengui.auth_mode=$AUTH_TYPE,\
global.aizengui.ldap.server_host=$LDAP_SERVER_HOST,\
global.aizengui.ldap.admin_dn=$LDAP_ADMIN_DN,\
global.aizengui.ldap.user_search_base=$LDAP_USER_DN,\
global.aizengui.ldap.user_search_filter=$LDAP_SEARCH_FILTER,\
global.aizengui.ldap.secrets.ldap_admin_password=$LDAP_ADMIN_DNPWD,\
global.aizengui.secrets.anthropic_api_key=$ANTHROPIC_API_KEY,\
global.aizengui.secrets.openapi_api_key=$OPENAI_API_KEY,\
global.ingress.enabled=$INGRESS_ENABLED,\
global.gateway.enabled=$GATEWAY_ENABLED,\

*******#Below properties are required if SECURE_HTTPS is enabled*******
global.frontend_host=$AIZENGUI_FRONTEND_HOST,\

*******#Below properties are required for Azure*******
global.storage_type=$STORAGE_TYPE,\
global.aizengui.azure.tenant_id=$AZUREAPP_TENANT_ID,\
global.aizengui.azure.client_id=$AZUREAPP_CLIENT_ID,\
global.vault.auth_type=$VAULT_AUTH_TYPE,\
global.vault.azure.keyvault_name=$AZUREAPP_VAULT_NAME,\
global.vault.azure.client_id=$AZUREAPP_CLIENT_ID,\
global.vault.azure.tenant_id=$AZUREAPP_TENANT_ID,\
global.vault.azure.secrets.client_secret=$AZUREAPP_CLIENT_SECRET,\
global.label_keyname=$NODESELECTOR_LABEL_NAME,\
global.label_keyvalue=$NODESELECTOR_LABEL_VALUE,\

******#Below properties are required for Keycloak*******
global.aizengui.keycloak.url=$KEYCLOAK_URL,\
global.aizengui.keycloak.realm=$KEYCLOAK_REALM,\
global.aizengui.keycloak.client_id=$KEYCLOAK_CLIENT_ID,\

*******#Below properties are required for Auth0*******
global.aizengui.auth0.domain=$AUTH0_DOMAIN,\
global.aizengui.auth0.audience=$AUTH0_AUDIENCE,\
global.aizengui.auth0.secrets.auth0_client_id=$AUTH0_CLIENT_ID,\
global.aizengui.auth0.secrets.auth0_client_secret=$AUTH0_CLIENT_SECRET,\
global.aizengui.secrets.jwt_secret=$JWT_SECRET,\

Check deployment status of core components

• Check the status of all core components

kubectl -n aizen get pods

• For any reason if any of the core components are not in Running state please check troubleshooting section