Server-Side Components Installation
You can install Digital Worker and its components using Helm charts and the Digital Worker utility methods.
To perform the installation in a quick manner, use the Digital Worker utility method. For information related to perform the installation using Digital Worker utility method, see the Digital Worker Utility.
Add Helm Repository
To perform the installation, you need to add the repository:
- Run the helm repo add <repository_name> ${helm repository base url} -- username=${SERVICE_ACCOUNT_USERNAME} --password=${JFROG_TOKEN} --insecure-skip-tls-verify command.
Verify the Digital Worker Helm charts availability
- Run the helm search repo <chart name> command to verify the availability of Helm charts for deploying Digital Worker. For example: helm search repo digital-worker
Configure Deployment Parameters
- Run the helm show value <repository name/chart name> > <env->values.yaml command to create an <env->values.yaml file in the (specified location), which includes all the Digital Worker values from the Helm chart.
- Edit the <env->values.yaml file.
You can update the <env->values.yaml file to update the deployment configuration parameters.
Component Description global contextPath Signifies the context Path for Digital Worker.
By default, it is set to /digitalworker.
loadBalancerHost Signifies the load balancer host of Digital Worker. loadBalancerPort Signifies the load balancer plugin port of Digital Worker. isMlPredictionAllowed Signifies if the Request Execution Forecaster (ML Prediction) is enabled.
By default, it is set to false.
allowedHostname Lists the allowed host names for Digital Worker. If multiple host names are there separate the host name with a comma (For example: host-1, host-2). dbClientMutualSSL Signifies the DB client mutual ssl.
- Set to true, if mutual TLS certificate is enabled.
- Set to false, if mutual TLS certificate is not enabled.
dbSkipCertCheck Signifies if the DB certification check is skipped or not.
- Set to true, if the certification check needs to be skipped for the DB.
- Set to false, if the certification check needs to be included for the DB.
imagePullSecrets Signifies the secret needed to pull the image if a password is required. For pulling the secret, see the Platform-Installation Guide.pdf. environment Signifies the deployment environment name. Its value should match the value of the env key set in the env.json file vaultServiceEnabled Signifies if the HashiCorp vault is used for storing Digital Worker keys/secret.
- Always set to true to enable HashiCorp vault. Setting it to false is not recommended.
imageRegistry Signifies the Docker image registry URL for the Digital Worker component. imageTag Signifies version of the image repository Signifies the URL of the OS base image. env databaseHostname Signifies the database hostname of Digital Worker. databaseName Signifies the database name of Digital Worker. databasePort Signifies the database port of Digital Worker. databaseUsername Signifies the database username of Digital Worker.
NOTE:
You will get the database hostname, name and port numbers from environment specific env.json.
Persistence storageClassName Provide the storage class name. This specifies the storage class used by the PersistentVolumeClaims (PVCs) you create. size Signifies the size of the storage class name.
By default, it is set to 1Gi.
NOTE:
You will get the storageClassName details from environment specific env.json.
Common configurations across all components enabled Signifies if the Digital Worker components need to be installed or not.
- Set to true, to install the component.
- Set to false, if you don’t want to install the component.
imagePullSecrets Signifies the secret needed to pull the image if a password is required. For pulling the secret, see the Platform-Installation Guide.pdf. repository Signifies the path of component image on registered image repository.
pullPolicy Signifies the pull policy of the image.
- Always: Always pull the image.
- IfNotPresent: pull the image if it doesn’t exist.
- Never: Never pull the image.
resources Signifies the resources allocated for the specified component in the environment. For example:
requests:
memory: "500Mi"
cpu: "500m"
limits:
memory: "1024Mi"
cpu: "1000m"
storageClassName Provide the storage class name. This specifies the storage class used by the PersistentVolumeClaims (PVCs) for specific component that gets created. size Signifies the size of the storage class name for the specified component in the environment. NOTE:
The above details may vary for each component. Txnstore directory Signifies the host path volume. If storageclassname is not provided, a local persistent volume will be created at the path mentioned in the directory. opensearchJavaOpts Signifies the Java options for the Txnstore, including configuring the JVM heap size
imagePullSecrets Signifies the secret needed to pull the image if a password is required. For pulling the secret, see the Platform-Installation Guide.pdf.
LOG_LEVEL Specifies the log level of the Txnstore, such as info, debug, and verbose. Web Server
LOG_LEVEL Signifies the log level of Webserver. Supported values are info and debug.
Control Tower env - _AE_OIDC_CLIENT_ID: Signifies the OIDC client ID for Digital Worker
By default, it is set to digital-worker. - _AE_OIDC_ISSUER: Signifies the OIDC issuer for Digital Worker. The value should be in the format: https://{iam_host}/auth/realms/{platform_id}
- _AE_OIDC_AUTHORIZATION_ENDPOINT: Signifies the OIDC authorization endpoint for Digital Worker. The value should be in the format: https://{iam_host}/auth/realms/{platform_id}/protocol/openid-connect/auth
- _AE_OIDC_TOKEN_ENDPOINT: Signifies the OIDC token endpoint for Digital Worker. The value should be in the format: https://{iam_admin_host}/auth/realms/{platform_id}/protocol/openid-connect/token
- _AE_OIDC_JWKS_URI: Signifies the OIDC JWKS URI for Digital Worker. The value should be in the format: https://{iam_admin_host}/auth/realms/{platform_id}/protocol/openid-connect/certs
- _AE_OIDC_END_SESSION_ENDPOINT: Signifies the OIDC end session endpoint for Digital Worker. The value should be in the format: https://{iam_host}/auth/realms/{platform_id}/protocol/openid-connect/logout
- _AE_OIDC_ACCEPTED_CLOCK_SKEW_MS: Signifies the OIDC accepted clock SKEW MS for Digital Worker.
- ROBOT_USER_AUTHENTICATION_ENABLED: Signifies the robot credential validation is enabled or not. Supported values are true and false.
By default, it is set to true. - NODE_CERT_FILE: Signifies the additional Certificate Authority (CA) certificate file name.
NOTE:
Update the values for iam_host, platform_id and iam_admin_host from environment specific env.json. file. configs This section includes other user-configurable files for the Control Tower, such as log.yml and config.yml. Vanguard LOG_LEVEL Signifies the log level of Vanguard. Supported values are info, verbose, debug, warn, error and fatal. Reporting _AE_REPORTING_VERBOSE_LEVEL Signifies whether verbose log level is enabled.
- By default, it is set to false.
ETL env - LOG_LEVEL: Signifies the log level of ETL, such as info, trace, debug, warn, error.
- LS_MEMORY: Signifies the amount of memory allocated to the ETL instance.
By default, it is set to 1g, which means 1 gigabyte of memory. - LS_WORKER_COUNT: Signifies the number of worker threads that the ETL process will use to handle events.
By default, it is set to 1, However, to better manage higher loads, we recommend setting this value to 2. - LS_BATCH_SIZE: Signifies the number of events that ETL will collect into a single batch before processing them.
By default, it is set to 250, which means that ETL will process 250 events at a time. - LS_BATCH_DELAY: Signifies the maximum time (in milliseconds) that ETL waits before processing a batch of events, even if the batch size is not reached.
By default, it is set to 500, which it is set to 500 milliseconds.
ML (Request Execution Forecaster) LOG_LEVEL Signifies the log level of ML, such as critical, error, warning, info, debug, and verbose. For the ML, the log level is represented as numbers such as:
- 0 – notset
- 10 – debug
- 20 – info
- 30 – warning
- 40 – error
- 50 – critical
- Edit the <env->values.yaml file.
Install or Upgrade the Digital Worker Helm Chart
- Run helm install <release name > <repository name/chart_name> --namespace < DW namespace > --version < DW version number > -f < Filename > command to install the Digital Worker Helm chart. For example, helm install digital-worker assistedge-helm-virtual/digital-worker --namespace digital-worker --version 24.2.0 -f <env->values.yaml.
- Run helm upgrade <release name > <repository name/chart_name> --namespace < DW namespace > --version < DW version number > -f < Filename > command to upgrade the existing Digital Worker deployment.
Troubleshooting
Below are some troubleshooting guidelines you can follow:
Kubernetes cluster Deployment issue check:
To diagnose issues such as container creation failing due to image pull failure or pods not getting scheduled due to resource issues, perform the following checks.
|
kubectl get deployment -n <namespace> |
Pod & Application Deployment Issues:
Below are some common issues you might encounter during the deployment of pods and applications in Kubernetes.
- Ensure the container image referenced in your pod specification exists in the configured registry and is accessible by your cluster.
- Double-check for typos in the image name or tag.
- Verify your Kubernetes cluster has proper network connectivity to the container registry.
- If pods are crashing due to resource exhaustion (CPU, memory), review the requests and limits defined in the pod specification. Ensure they align with your applications resource requirements.
- Monitor resource utilization of pods using tools like kubectl top pods.
Liveness & Readiness Probe Failures:
- Liveness and readiness probes define how Kubernetes determines if a pod is healthy. If probes fail consistently, the pod might be restarted even if it is functioning correctly.
- Verify your probes are configured to accurately reflect your applications health.