Version: 1.1.x

Using External Secrets

By default, the Helm chart will use the passwords specified in the values.yml and expose them within the cluster as a secret.

You can also provide your own secrets instead of having the Helm chart generate them for you. This section shows you how to create an external secret using the example of the secret which is used for the Rasa components (this does not include components like the database). To see the required structure for secrets used by the subcharts, please follow the documentation of the subcharts. You can find the necessary links in the values.yml of the Rasa Enterprise Helm chart.

  1. Specify the name of your secret in the values.yml:

    rasaSecret: "<name of your secret>"
  2. Create a yaml file <secret-filename>.yml which contains the following entries (make sure to replace the <your value> entries):

    apiVersion: "v1"
    kind: "Secret"
    name: "<name of your secret>"
    type: "Opaque"
    initialPassword: {{ .Values.rasax.initialUser.password | b64enc | quote }}
    rasaToken: {{ <your value> | b64enc | quote }}
    rasaXToken: {{ <your value>| b64enc | quote }}
    passwordSalt: {{ <your value> | b64enc | quote }}
    jwtSecret: {{<your value> | b64enc | quote }}
  3. Create the secret on the cluster by running this command:

kubectl --namespace <your namespace> \
apply -f <secret-filename>.yml
  1. Then deploy the Rasa Enterprise chart. The components will then use the provided external secrets.

If you use rasactl to create a deployment, you can define a namespace with the secret as an argument in CLI, e.g. the secret has been created in the my-namespace namespace, then use the rasactl start my-namespace command to create Rasa Enterprise deployment.

Last updated on