CX Deployment on Kubernetes
This document illustrates the procedure and steps to deploy Expertflow CX-core on Kubernetes.
Before you begin, verify
- Installed Kubernetes. If not, see Deployment Planning
- Have already setup storage. If not yet, see Storage Solution - Getting Started
Prepare for CX Deployment
Step 1: Clone the Expertflow CX repository
git clone -b CX-4.5.2 https://efcx:RecRpsuH34yqp56YRFUb@gitlab.expertflow.com/cim/cim-solution.git
cd cim-solution/kubernetes
Step 2: Create Namespaces
Create a namespace
expertflow
for all Expertflow components
Run the following command on the control-plane node.
kubectl create namespace expertflow
Create a namespace
ef-external
for all the external elements of the Expertflow CX solution such as Mongo, Redis, MinIO, etc.
Run the following command on the control-plane node.
kubectl create namespace ef-external
Step 3: Apply Image Pull secret
Run the following commands for applying ImagePullSecrets of Expertflow CX images.
kubectl apply -f pre-deployment/registryCredits/ef-imagePullSecret-expertflow.yaml
kubectl apply -f pre-deployment/registryCredits/ef-imagePullSecret-ef-external.yaml
Step 4: Update FQDN
Expertflow CX should be accessible by a fully qualified domain name. Assign the FQDN that resolves to the control plane node or KubeVIP.
Replace <FQDN> with your FQDN for Expertflow CX and run this command.
sed -i 's/devops[0-9]*.ef.com/<FQDN>/g' cim/ConfigMaps/* pre-deployment/grafana/* pre-deployment/keycloak/* cim/Ingresses/nginx/* cim/Ingresses/traefik/*
Setup SQL Database
Expertflow CX requires any of the following PostgreSQL for Expertflow CX deployment for storing configuration data.
If you are deploying external components with provided TLS certificates, you must run the following command before deployment:-
kubectl apply -f external-tls-secrets/
PostgreSQL RECOMMENDED |
Skip this step if you already have any of the other two databases in your environment.
|
---|
Deploy CX External Components
Expertflow CX requires the following 3rd party components.
Redis | Key-Values based Caching engine, used by most of the EF-CX components. |
---|---|
MongoDB | NoSQL Database, maintains and serves as primary back store for EF-CX solution. |
Minio | S3 compliant object storage. |
KeyCloak | Realm based auth management tool. |
You may use them from your existing environment or from a cloud provider .
Setup KeyCloak
Prerequisites
Before proceeding with the keycloak deployment, please update the backend database connection string parameters ( when using no-default passwords )
edit
external/bitnami/keycloak/values.yaml
and update the password for postgresql databaseYAMLexternalDatabase: host: "ef-postgresql.ef-external.svc.cluster.local" port: 5432 user: sa database: keycloak_db password: "Expertflow123" existingSecret: "" existingSecretPasswordKey: ""
Keycloak Deployment
KeyCloak is used as the centralized authentication and authorization component for Expertflow CX. Follow these steps to setup KeyCloak.
On the master node, create a global ConfigMap for KeyCloak. Change the hostname and other parameters before applying this command ( For Example . FQDN and relative paths )
BASHkubectl apply -f pre-deployment/keycloak/ef-keycloak-configmap.yaml
Now, deploy KeyCloak by running the following command
BASHhelm upgrade --install=true --wait=true --timeout=10m0s --debug --namespace=ef-external --values=external/bitnami/keycloak/values.yaml keycloak external/bitnami/keycloak/
Check the KeyCloak installation status. You can check the status of deployment by using the following command:
BASHkubectl -n ef-external rollout status sts keycloak
Setup MongoDB
Expertflow CX using MongoDB for storing all CX events, activities, and some configuration data as well.
Skip this step if you already have MongoDB in your environment that can be used by Expertflow CX. For using MongoDB from a managed environment, see Using Managed MongoDB for necessary configurations.
Update the following values as mentioned below:-
CODEauth: ## @param auth.enabled Enable authentication ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ ## EXPERTFLOW enabled: true ## @param auth.rootUser MongoDB(®) root user ## rootUser: root ## @param auth.rootPassword MongoDB(®) root password ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run ## rootPassword: "Expertflow123" # Change this to match the requirements
Deploy MongoDB by running the following command.
BASHhelm upgrade --install=true --wait=true --timeout=10m0s --debug --namespace=ef-external --values=external/bitnami/mongodb/values.yaml mongo external/bitnami/mongodb/
Check the MongoDB deployment status by running the following command:
BASHkubectl -n ef-external rollout status sts mongo-mongodb
Setup MinIO
Expertflow CX using MinIO for storing files exchanged between agents, customers, and/or bots. Install using Helm using following command:
update the minio helm chart
values.yaml
files with the required ACCESSKEY and PASSKEY valuesCODEauth: ## @param auth.rootUser MinIO® root username ## rootUser: minioadmin ## @param auth.rootPassword Password for MinIO® root user ## rootPassword: "minioadmin"
Deploy the minio helm chart
helm upgrade --install=true --wait=true --timeout=10m0s --debug --namespace=ef-external --values=external/bitnami/minio/values.yaml minio external/bitnami/minio/
Wait for the minio deployment to get ready
kubectl -n ef-external rollout status deployment minio --timeout=5m
Digital Channel Icons Bootstrapping
proceed with icons bootstrapping.
kubectl apply -f scripts/minio-helper.yaml
kubectl -n ef-external --timeout=90s wait --for=condition=ready pod minio-helper
kubectl -n ef-external cp post-deployment/data/minio/bucket/default minio-helper:/tmp/
kubectl -n ef-external cp scripts/icon-helper.sh minio-helper:/tmp/
kubectl -n ef-external exec -it minio-helper -- /bin/sh /tmp/icon-helper.sh
kubectl delete -f scripts/minio-helper.yaml
Setup Redis
CX uses Redis for storing active system state of most of the CX objects.
Update the following values as mentioned below:-
CODEauth: ## @param auth.enabled Enable password authentication ## enabled: true ## @param auth.password Redis® password ## Defaults to a random 10-character alphanumeric string if not set ## password: "Expertflow123" # Change this to match the requirements
Run the following command to deploy Redis.
helm upgrade --install=true --wait=true --timeout=10m0s --debug --namespace=ef-external --values=external/bitnami/redis/values.yaml redis external/bitnami/redis/
Setup Realtime Reports
Expertflow CX uses Grafana for business and solution monitoring. Business monitoring dashboards are embedded inside AgentDesk that provide real-time statistics for both agents and supervisors.
See Setup Grafana for embedded dashboards for details.
Setup Historical Reports
Expertflow CX uses Apache Superset for historical reports.
Setup ActiveMQ
Expertflow CX uses ActiveMQ for message queuing between CX core components. To deploy ActiveMQ
kubectl apply -f cim/StatefulSet/ef-amq-statefulset.yaml
Wait for the AMQ StatefulSet to be ready
kubectl wait pods ef-amq-0 -n ef-external --for condition=Ready --timeout=600s
Custom Password Interpolation
Below are the interpolations when using custom or not-default password for mongodb, minio, redis, postgresql and activeMQ
Entity | Placement |
---|---|
MongoDB |
|
PostgreSQL |
|
minio |
|
Redis |
|
keycloak | N/A |
activeMQ | N/A |
Deploy CX-Core Components
If you are using TLS enabled external components, copy the tls secrets to expertflow namespace before deploying CX-core components using the following commands:-
kubectl get secret mongo-mongodb-ca -n ef-external -o yaml | sed 's/namespace: ef-external/namespace: expertflow/' | kubectl create -f -
kubectl get secret redis-crt -n ef-external -o yaml | sed 's/namespace: ef-external/namespace: expertflow/' | kubectl create -f -
kubectl get secret ef-postgresql-crt -n ef-external -o yaml | sed 's/namespace: ef-external/namespace: expertflow/' | kubectl create -f -
Setup default translation file for Agent Desk
CODEkubectl -n expertflow create configmap ef-app-translations-cm --from-file=pre-deployment/app-translations/unified-agent/i18n
Setup default canned messages translations file for Agent Desk
CODEkubectl -n expertflow create configmap ef-canned-messages-cm --from-file=pre-deployment/app-translations/unified-agent/canned-messages
Apply CRM ConfigMap for Agent Desk
CODEkubectl -n expertflow create configmap ef-crm-service-cm --from-file=pre-deployment/crm-service/
Apply Conversation Controller ConfigMaps
BASHkubectl -n expertflow create configmap ef-conversation-controller-actions-cm --from-file=pre-deployment/conversation-Controller/actions kubectl -n expertflow create configmap ef-conversation-controller-actions-utils-cm --from-file=pre-deployment/conversation-Controller/utils kubectl -n expertflow create configmap ef-conversation-controller-actions-pycache-cm --from-file=pre-deployment/conversation-Controller/__pycache__
Apply ConfigMap to enable log masking for all components in
expertflow
namespace:-CODEkubectl apply -f pre-deployment/logback/ kubectl -n expertflow create configmap ef-logback-cm --from-file=pre-deployment/logback/logback-spring.xml
Apply all configurations in the ConfigMaps folder using:
kubectl apply -f cim/ConfigMaps/
Create services for all deployment EF components
CODEkubectl apply -f cim/Services/
Apply all the Deployment manifests
CODEkubectl apply -f cim/Deployments/
Before proceeding to the the next steps, wait for all the solution components to be up and ready.
BASHkubectl -n expertflow get pods
Team Announcement CronJob
Run the following command to setup team announcement CronJob.
It requires the solution be up and running.
kubectl apply -f pre-deployment/team-announcement/
Setup SSL Certificates
Expertflow CX ships with self-signed certificates for all the ingresses. To apply your custom / domain-signed SSL certificates see Apply Domain-signed SSL Certificates.
Setup Ingress Routes
For RKE2-based Ingresses using Ingress-Nginx Controller
kubectl apply -f cim/Ingresses/nginx/
Change Service type from Cluster IP to NodePort:-
If a kubernetes service requires access over node IPs, you can patch the service using ( update the required parameters before executing )
kubectl patch svc <service name> \
-n <namespace>
--type='json' \
-p '[{"op":"replace","path":"/spec/type","value":"NodePort"},{"op":"replace","path":"/spec/ports/0/nodePort","value":<port number in the range of 30000 to 32676>}]'
Configurations
Import default keyCloak realm for essential KeyCloak resources, permissions, and authentication configurations.
If you intend to use Apache Superset for reporting, follow Configure and import historical report templates to configure the Reporting solution.
For customer channel configuration, see customer channels.
For CX-Voice component deployment this guide