Agent Co-Pilot Deployment Guide

Introduction

This guide details the Kubernetes deployment of Agent Co-pilot features in EFCX, including AI Suggestions, KB Suggestions, Conversation Sentiment, Conversation Summary, and Refine Text. To proceed, EFCX must be pre-installed, and you need admin access to Kubernetes and Helm. You will also require Vault access for secure AMQ and Redis credentials and valid API keys/endpoints for your selected LLM provider.

Ensure you are using CX version 5.5.0 or above and are currently inside the Active CX /kubernetes directory before proceeding with the deployment.

1. Set up Redis

Create Redis ACL Secret:

Ensure you configure a strong and unique password for this Redis instance.

kubectl -n ef-external create secret generic ef-redis-acl-secret --from-literal=superuser=<your-redis-password>

Clone the values file to update the parameter values

helm show values expertflow/redis-thirdparty --version 5.5.0 > helm-values/redis-thirdparty-custom-values.yaml

Deploy Redis:

helm upgrade --install=true  --namespace=ef-external --values=helm-values/redis-thirdparty-custom-values.yaml  redis-thirdparty   expertflow/redis-thirdparty --version 5.5.0


2. Configure Vault Access for Redis and AMQ Credentials

Exec into the Vault pod:

kubectl -n vault exec -it vault-0 -- sh

Log in to Vault:

vault login

Save Redis password to Vault:

Replace <your-redis-password> with the actual password used during Redis deployment

vault kv put kv/redis/thirdparty redis.password=<your-redis-password>

Create the Vault policy:

If you are deploying QM by AI standalone, you only need to grant read permission for Redis (the ActiveMQ path can be safely omitted). However, if you are performing a full installation of Agent Co-pilot, permissions for both Redis and ActiveMQ (AMQ) are strictly required.

vault policy write expertflow-ai-policy - <<EOF
path "kv/data/activemq/broker" {
  capabilities = ["read"]
}
path "kv/data/redis/thirdparty" {
  capabilities = ["read"]
}
EOF

Create the shared Kubernetes auth role:

vault write auth/kubernetes/role/expertflow-ai \
  bound_service_account_names="*" \
  bound_service_account_namespaces="*" \
  policies="expertflow-ai-policy" \
  ttl="87600h"

Verify the role and policy:

vault read auth/kubernetes/role/expertflow-ai
vault policy read expertflow-ai-policy

Exit Vault:

exit


3. Apply Secrets and ConfigMaps

Apply the SecretProviderClass:

kubectl -n expertflow apply -f pre-deployment/expertflow-ai/expertflow-ai-vault.yaml

Verify:

kubectl -n expertflow get secretproviderclass expertflow-ai-vault

Apply LLM ConfigMap:

kubectl -n expertflow apply -f pre-deployment/expertflow-ai/llm-configmap.yaml

Copy Redis TLS secret to the expertflow namespace:

kubectl get secret redis-thirdparty-crt -n ef-external -o yaml \
  | sed "s/namespace: ef-external/namespace: expertflow/" \
  | kubectl create -f -

Copy image pull secret to the expertflow namespace:

kubectl get secret expertflow-reg-cred -n ef-external -o yaml | sed "s/namespace: ef-external/namespace: expertflow/" | kubectl create -f -


4. Deploy Agent Co-Pilot

You must first create custom values.yaml file to define your minimum required configurations.

Run the following command to create a new file:

vi helm-values/cx-agent-co-pilot-custom-values.yaml

In the opened file, add the following section to define the FQDN (Fully Qualified Domain Name) for ingress routing:

global:   
  ACTIVEMQ_PRIMARY_URL: <IP-ADDRESS>
  ACTIVEMQ_SECONDARY_URL: <IP-ADDRESS>

🔁 Replace <IP-ADDRESS> with your actual ACTIVEMQ IP address.

Finally, deploy the Agent Co-Pilot using the following command.

 helm upgrade --install expertflow-ai  --namespace expertflow  --create-namespace --values helm-values/cx-agent-co-pilot-custom-values.yaml  expertflow/expertflow-ai --version 5.5.0


5. Configurations

  1. Permission policy created for llm-connector route
    Import the following file in Keycloak. Go to Realm > Clients > cim > Authorization > Import
    llm-apis-authz-config-updated.json