Introduction
This guide details the Kubernetes deployment of Agent Co-pilot features in EFCX, including AI Suggestions, KB Suggestions, Conversation Sentiment, Conversation Summary, and Refine Text. To proceed, EFCX must be pre-installed, and you need admin access to Kubernetes and Helm. You will also require Vault access for secure AMQ and Redis credentials and valid API keys/endpoints for your selected LLM provider.
Ensure you are using CX version 5.5.0 or above and are currently inside the Active CX /kubernetes directory before proceeding with the deployment.
1. Set up Redis
Create Redis ACL Secret:
Ensure you configure a strong and unique password for this Redis instance.
kubectl -n ef-external create secret generic ef-redis-acl-secret --from-literal=superuser=<your-redis-password>
Clone the values file to update the parameter values
helm show values expertflow/redis-thirdparty --version 5.5.0 > helm-values/redis-thirdparty-custom-values.yaml
Deploy Redis:
helm upgrade --install=true --namespace=ef-external --values=helm-values/redis-thirdparty-custom-values.yaml redis-thirdparty expertflow/redis-thirdparty --version 5.5.0
2. Configure Vault Access for Redis and AMQ Credentials
Exec into the Vault pod:
kubectl -n vault exec -it vault-0 -- sh
Log in to Vault:
vault login
Save Redis password to Vault:
Replace <your-redis-password> with the actual password used during Redis deployment
vault kv put kv/redis/thirdparty redis.password=<your-redis-password>
Create the Vault policy:
If you are deploying QM by AI standalone, you only need to grant read permission for Redis (the ActiveMQ path can be safely omitted). However, if you are performing a full installation of Agent Co-pilot, permissions for both Redis and ActiveMQ (AMQ) are strictly required.
vault policy write expertflow-ai-policy - <<EOF
path "kv/data/activemq/broker" {
capabilities = ["read"]
}
path "kv/data/redis/thirdparty" {
capabilities = ["read"]
}
EOF
Create the shared Kubernetes auth role:
vault write auth/kubernetes/role/expertflow-ai \
bound_service_account_names="*" \
bound_service_account_namespaces="*" \
policies="expertflow-ai-policy" \
ttl="87600h"
Verify the role and policy:
vault read auth/kubernetes/role/expertflow-ai
vault policy read expertflow-ai-policy
Exit Vault:
exit
3. Apply Secrets and ConfigMaps
Apply the SecretProviderClass:
kubectl -n expertflow apply -f pre-deployment/expertflow-ai/expertflow-ai-vault.yaml
Verify:
kubectl -n expertflow get secretproviderclass expertflow-ai-vault
Apply LLM ConfigMap:
kubectl -n expertflow apply -f pre-deployment/expertflow-ai/llm-configmap.yaml
Copy Redis TLS secret to the expertflow namespace:
kubectl get secret redis-thirdparty-crt -n ef-external -o yaml \
| sed "s/namespace: ef-external/namespace: expertflow/" \
| kubectl create -f -
Copy image pull secret to the expertflow namespace:
kubectl get secret expertflow-reg-cred -n ef-external -o yaml | sed "s/namespace: ef-external/namespace: expertflow/" | kubectl create -f -
4. Deploy Agent Co-Pilot
You must first create custom values.yaml file to define your minimum required configurations.
Run the following command to create a new file:
vi helm-values/cx-agent-co-pilot-custom-values.yaml
In the opened file, add the following section to define the FQDN (Fully Qualified Domain Name) for ingress routing:
global:
ACTIVEMQ_PRIMARY_URL: <IP-ADDRESS>
ACTIVEMQ_SECONDARY_URL: <IP-ADDRESS>
🔁 Replace <IP-ADDRESS> with your actual ACTIVEMQ IP address.
Finally, deploy the Agent Co-Pilot using the following command.
helm upgrade --install expertflow-ai --namespace expertflow --create-namespace --values helm-values/cx-agent-co-pilot-custom-values.yaml expertflow/expertflow-ai --version 5.5.0
5. Configurations
-
Permission policy created for llm-connector route
Import the following file in Keycloak. Go toRealm>Clients>cim>Authorization>Import
llm-apis-authz-config-updated.json