Helm Chart Installation¶

This page contains detailed instructions for installing Rasa X in a scalable cluster environment using OpenShift or Kubernetes (K8S).

Rasa X is available as a Helm Chart for a cluster setup. If you are not using Helm in your cluster, you can still use the following instructions to generate the Kubernetes or OpenShift object configurations via the Helm command-line interface, and install those configurations manually.

Note

The Rasa X Helm chart is open-source and available in the rasa-x-helm repository. Please create an issue in this repository if you discover bugs or have suggestions for improvements.

Requirements
Installation
Reference
Next Steps

Requirements ¶

Note: Rasa X is intended to be installed on a server and not to a personal/local machine. Installing on a server is recommended because Rasa X is designed to stay up continuously, and not to be frequently stopped or restarted.

Cluster Requirements ¶

To install the Rasa X Helm chart, you need an existing Kubernetes cluster or OpenShift cluster. Setting up a Kubernetes / OpenShift cluster can be tedious, hence we recommend to get a managed cluster from a cloud provider like Google Cloud, DigitalOcean, Microsoft Azure, or Amazon EKS.

The requirements of the single pods can vary, especially those of the rasa-production and rasa-worker pods, dependent on the model size and what pipeline is used and the number of users. We recommend providing at least the following resources:

Deployment	CPU	Memory
rasa-x	1	1 GiB
event-service	2	1 GiB
rasa-production	2	2 GiB
rasa-worker	4	4 GiB
nginx	0.2	200 MiB
app	0.5	200 MiB
duckling	0.5	200 MiB
postgresql	1	250 MiB
rabbit	0.2	250 MiB
redis	0.2	250 MiB

We recommend a size of 10 GiB for the Rasa X volume claim and at least 30 GiB for the database volume claim.

Installation Requirements ¶

Please check that you installed the Kubernetes or OpenShift command line interface (CLI). You can check this using the following command:
Kubernetes

OpenShift
kubectl version --short --client # The output should be similar to this # Client Version: v1.16.3
oc version --short --client # The output should be similar to this # Client Version: v4.1.0+b4261e0
If this command resulted in an error, please install the Kubernetes CLI or the OpenShift CLI depending on the cluster you’re using.
Make sure that the Kubernetes / OpenShift CLI is correctly connected to your cluster. You can do so by using the following commands:
Kubernetes

OpenShift
kubectl version --short # The output should be similar to this # Client Version: v1.16.3 # Server Version: v1.14.8-gke.12
oc version --short # The output should be similar to this # Client Version: v4.1.0+b4261e0 # Server Version: v1.11.0+d4cacc0
If you get an error when executing the command, you are not connected to your cluster. To get the command to connect to the cluster please consult your cluster’s admin or the documentation of your cloud provider.

If you are using K3s for an embedded Kubernetes installation, please make sure that you exported the path to the Kubernetes config:
```
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
```
Please make sure you have the Helm CLI installed. To check this, run:
```
helm version --short

# The output should be similar to this
# v3.0.0+ge29ce2a
```
If this command leads to an error, please install the Helm CLI.

In case you are using a version <3 of Helm, please update to Helm version 3.

Supported Browsers ¶

The web interface aims to support browsers that meet the following criteria:

> 0.2% market share
not Internet Explorer
not Opera Mini

Installation ¶

Note

If you’re installing Rasa Enterprise, please follow the Rasa Enterprise instructions where given. If a step does not have separate instructions, the step applies to both Rasa X and Rasa Enterprise.

1. Create Namespace ¶

We recommend installing Rasa X in a separate namespace to avoid interfering with existing cluster deployments. To create a new namespace run the following command:
Kubernetes

OpenShift
kubectl create namespace <your namespace>
oc create namespace <your namespace>

2. Create Values File ¶

Prepare an empty file called values.yml which will include all your custom configuration for the installation with Helm.

3. Configure Credentials ¶

To configure the credentials, copy the section below into the values.yml file and replace each <safe credential> marker with a different alphanumeric string. Please use safe credentials to avoid data breaches.

# rasax specific settings
rasax:
    # initialUser is the user which is created upon the initial start of Rasa X
    initialUser:
        # password for the Rasa X user
        password: "<safe credential>"
    # passwordSalt Rasa X uses to salt the user passwords
    passwordSalt: "<safe credential>"
    # token Rasa X accepts as authentication token from other Rasa services
    token: "<safe credential>"
    # jwtSecret which is used to sign the jwtTokens of the users
    jwtSecret: "<safe credential>"
# rasa: Settings common for all Rasa containers
rasa:
    # token Rasa accepts as authentication token from other Rasa services
    token: "<safe credential>"
# RabbitMQ specific settings
rabbitmq:
    # rabbitmq settings of the subchart
    rabbitmq:
        # password which is used for the authentication
        password: "<safe credential>"
# global settings of the used subcharts
global:
    # postgresql: global settings of the postgresql subchart
    postgresql:
        # postgresqlPassword is the password which is used when the postgresqlUsername equals "postgres"
        postgresqlPassword: "<safe credential>"
    # redis: global settings of the postgresql subchart
    redis:
        # password to use in case there no external secret was provided
        password: "<safe credential>"

Also set the <username> for the initial admin user which is created during the first start of Rasa Enterprise.

# rasax specific settings
rasax:
    # initialUser is the user which is created upon the initial start of Rasa Enterprise
    initialUser:
        # username specifies a name of this user
        username: "<username>"
        # password for the Rasa Enterprise user
        password: "<safe credential>"
    # passwordSalt Rasa X uses to salt the user passwords
    passwordSalt: "<safe credential>"
    # token Rasa X accepts as authentication token from other Rasa services
    token: "<safe credential>"
    # jwtSecret which is used to sign the jwtTokens of the users
    jwtSecret: "<safe credential>"
# rasa: Settings common for all Rasa containers
rasa:
    # token Rasa accepts as authentication token from other Rasa services
    token: "<safe credential>"
# RabbitMQ specific settings
rabbitmq:
    # rabbitmq settings of the subchart
    rabbitmq:
        # password which is used for the authentication
        password: "<safe credential>"
# global settings of the used subcharts
global:
    # postgresql: global settings of the postgresql subchart
    postgresql:
        # postgresqlPassword is the password which is used when the postgresqlUsername equals "postgres"
        postgresqlPassword: "<safe credential>"
    # redis: global settings of the postgresql subchart
    redis:
        # password to use in case there no external secret was provided
        password: "<safe credential>"

4. Specify Rasa X and Rasa Open Source Versions ¶

We recommend using the latest Rasa X version (0.30.1) and the latest Rasa Open Source version (1.10.10).

# rasax specific settings
rasax:
    # Rasa X configuration you did in previous steps
    # ...
    tag: "0.30.1"
# rasa: Settings common for all Rasa containers
rasa:
    # Rasa Open Source configuration you did in previous steps
    # ...
    # tag refers to the Rasa image tag
    tag: "1.10.10-full"

5. Configure Rasa X Image ¶

There’s nothing you need to do for this section.

Configure the Rasa Enterprise image in the values.yml file. Please note that the image name might be different if you are using an internal registry:

# rasax specific settings
rasax:
    # Other 'rasax' configuration
    # name of the Rasa Enterprise image to use
    name: "gcr.io/rasa-platform/rasa-x-ee"

If you are pulling the Rasa Enterprise image from the official Rasa registry, you have to add a secret with the pull secret for the registry. If you are using another private registry please follow this guide.

To add the secret for the Rasa registry, please extract the json in the docker_registry_license from your Rasa Enterprise license (rasa-x-ee-license.yml) and put it in a file called gcr-auth.json. The file content should look similar to this:

{
"type": "service_account",
"project_id": "rasa-platform",
"private_key_id": "sdferw234qadst423qafdgxhw",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvfwrt423qwadsfghtzw0BAQEFAASCBKgwggSkAgEAAoIBAQCgt338FkWbW13dghtzew4easdf5wAi15jrA9t4uOk8dghrtze4weasfgdhtAFZNfrLgvr2\nPBTu1lAJDLo136ZGTdMKi+/TuRqrIMg/sr8q0Ungish8v6t5Jb4gsjBi9StytCT4\nhWXDL3qeadfsgeDOudl6c3iMzylBws+VffrFfaZWjDpGtxmlYwIUa2e\noNSe7BYLnY9tDrX3zrP/wu/6FPbbGkBjguDG1l3Kx7l1wmiPtK5lIhjt+k7Oyx/u\nd6+gvfs+7RX9wUxnZT/tLggybYdsr8BA1Pqr0hDmhdDl7tjXVTmGLG+1/+lXVGFc\nqKEg+uLXAgMBAAECggEAESzwRK0Cp62LgBjInk+jvTmMI4lYP/XTnfk0TNwyiLxd\nT7mkw/TzkSVRifZ37lBQ6BS6BiqBJherh1N4xI+DF9HUN/wHR93QTyu7p8umlcxC\nlPV0KE4b5ZMfWvRG4y236cRGly9urcBNGoFzFHl8pd2iS5DMqZOYpSXY+qvkXTKE\nUOm5mVSs4S4Qa9cHL+jWXCvY0789fG1GrT+L3Fn+StKacgQuBnN1krYFYBSjCAh8\nsnSdjkvGguw/6OApPHd8HqkHtjU0PD67uU5QIm5N1bmz9KT4s9Pm+WbCinEstIiN\nIfln5ikmHcMAiIS0gzSnZavsY21PsDHBkD8SUO7CTQKBgQDgMPhx0TsB/oVH/SnU\nt3oTME+tfAKI69tozX02jHj6DY/vDpI1hXNmb4oMOos5+3ulborHqnso9za1RgV7\nm2N04QQVfzYEuZzJzXL11SHvBYVjHkXYy6HR5GhnPmwA+CzrDNy2/oYxlaqH7TBA\nR+f7IHToIPKGCVrhCJztlAgzIwKBgQC3hQNclIQ5Iw0gm9Rr8zAP/YoRJdiUSYtv\nNBmav+dTTSkPh51Bomj/J4Rrg8OLvHG5U79pmzbQdIFGYGKlR0l4/QepKpbaGm7x\nM/gRp/GXu9sN8LgI+h+FskCYi4cuqDjQ9L2S0gwMre4witmeVSIiBxLWxS7mvkZX\nWRW58ml2vQKBgBozPuW2SQobn6HhIUFdy+NwMu+YXYd44ORnl2mHkx/N8/NBJa8h\nkHH5OQ3izaCSFkooGAnrj4cjFP6sVzmx2DaxkVOd0UdOFdezreqy5MtVPthtkkYa\nzieEZPsj3WVjm4RAtY6hQjeLQSmve4MXpDHCAkeaih1F/Jvt8MEHGso3AoGBAJez\nTioTYpFQliNkbN2nMw2kyaKPJE6/1JDiAmBXTcMgP1blBWsh86UnZ2DwlI5IAcHu\npoWHlnIOPGaOejyhhuyKTPDbkcNMonSkPuVpbF2/Hb6SQ664A6KizJ7Mh7xbtkuU\nY7igBPHePMzHmkg1m3eBXWNHsBNxKfg+XaVN6zwJAoGBAN6VhGMmyDcn0GqkkP6d\nrSsQ0Ig7L4PnU633oYWoGWa8q/XYiFbcACMFynMbrmHG+/0c3Iwt32bi3th60Cwb\nT66yqmv4MaT72+EfQHxiLxnUxhqSpBXM0eoXbyvDg97Zp/slsYvGGLjONmmretlE\nsjAsuAH4Iz1XdfdenzGnyBZH\n-----END PRIVATE KEY-----\n",
"client_email": "company@rasa-platform.iam.gserviceaccount.com",
"client_id": "114123456713428149",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/company%40rasa-platform.iam.gserviceaccount.com"
}

Then create the secret by running the following command:

kubectl --namespace <your namespace> \
    create secret docker-registry gcr-pull-secret \
    --docker-server=gcr.io \
    --docker-username=_json_key \
    --docker-password="$(cat gcr-auth.json)"

oc --namespace <your namespace> \
    create secret docker-registry gcr-pull-secret \
    --docker-server=gcr.io \
    --docker-username=_json_key \
    --docker-password="$(cat gcr-auth.json)"

This will create a secret in your cluster containing the necessary credentials to pull the images. To make the Helm chart use this cluster, add the following to your values.yml:

images:
    imagePullSecrets:
    - name: "gcr-pull-secret"

6. Optional: Configure Custom Action Server ¶

See these instructions to configure a custom action server.

Note

If you are following the Using Helm to Generate Object Configurations guide, stop here and continue with the latter.

7. Deploy Rasa X ¶

Run the following commands:
# Add the repository which contains the Rasa X Helm chart
helm repo add rasa-x https://rasahq.github.io/rasa-x-helm

# Deploy Rasa X
helm install \
    --generate-name \
    --namespace <your namespace> \
    --values values.yml \
    rasa-x/rasa-x
Note

OpenShift only: If the deployment fails and oc get events returns 1001 is not an allowed group spec.containers[0].securityContext.securityContext.runAsUser, re-run the installation command with an added --set securityContext.fsGroup="" flag.

Then wait until the deployment is ready. If you want to check on its status, the following command will block until the Rasa X deployment is ready:
Kubernetes

OpenShift
kubectl --namespace <your namespace> \
    wait \
    --for=condition=available \
    --timeout=20m \
    --selector app.kubernetes.io/component=rasa-x \
    deployment
oc --namespace <your namespace> \
    wait \
    --for=condition=available \
    --timeout=20m \
    --selector app.kubernetes.io/component=rasa-x \
    deployment
Alternatively you can also monitor the pods directly. Note that the deployment process can involve containers restarting until everything is ready (e.g. if the database container is not ready yet).

8. Access Rasa X ¶

By default the Rasa X deployment is exposed via the nginx service. You can get the IP address using this command:
Kubernetes

OpenShift
kubectl --namespace <your namespace> \
    get service \
    -l app.kubernetes.io/component=nginx \
    -o jsonpath="{.items..status..loadBalancer..ingress[0].ip}"
oc --namespace <your namespace> \
    get service \
    -l app.kubernetes.io/component=nginx \
    -o jsonpath="{.items..status..loadBalancer..ingress[0].ip}"
You can then access the deployment on http://<ip>:8000

Rasa X

Rasa Enterprise

Note

Depending on the used cluster / cloud provider this might not work. Please refer to the cloud provider’s documentation / administrator what the recommended way for exposing the nginx service is. We are also happy to help you with any issues in the Rasa Forum.

Note

Depending on the used cluster / cloud provider this might not work. Please refer to the cloud provider’s documentation / administrator what the recommended way for exposing the nginx service is or reach out to your Customer Success Engineer.

Reference ¶

Accessing Secrets ¶

This section describes how to retrieve secrets from your running deployment. You have the option to retrieve the following secrets:

description

default secret name

PostgreSQL database password

postgresql

Redis lock store password

redis

RabbitMQ event broker password

rabbit

Run the following command, replacing <secret name> with one of the values in the table, and <your namespace> and <your release name> with your namespace and the name of your release:

secret=<secret name>
namespace=<your namespace>
release_name=<your release name>
kubectl --namespace ${namespace} \
    get secret ${release_name}-${secret} -o yaml | \
    awk -F ': ' '/password/{print $2}' | base64 -d

secret=<secret name>
namespace=<your namespace>
release_name=<your release name>
oc --namespace ${namespace} \
    get secret ${release_name}-${secret} -o yaml | \
    awk -F ': ' '/password/{print $2}' | base64 -d

Note

If you’re not sure what namespace or release name your deployment runs under, you can use the following commands to find out. To list the available namespaces, run:

kubectl get namespaces

And to list the releases under a particular namespace namespace, run:

helm list --namespace <your namespace>

Accessing Logs ¶

This section describes how to get logs from the running containers.

Get the name of the pod which you want to get the logs of.

kubectl --namespace <your namespace> \
    get pods

# The output should be similar to this
# NAME                                   READY   STATUS    RESTARTS   AGE
# rasa-app-58d476497-ktkqn               1/1     Running   0          45m
# rasa-duckling-7696b7f474-km6dx         1/1     Running   0          45m
# rasa-event-service-7657b6b489-96drn    1/1     Running   1          45m
# rasa-nginx-64b6b464f6-p9bmb            1/1     Running   0          45m
# rasa-postgresql-0                      1/1     Running   0          45m
# rasa-rabbit-0                          1/1     Running   0          45m
# rasa-rasa-production-c86fbf7f7-q9pp5   1/1     Running   0          45m
# rasa-rasa-worker-5d49485976-6z2kj      1/1     Running   0          45m
# rasa-rasa-x-5788cddbb7-5zf86           1/1     Running   0          45m
# rasa-redis-master-0                    1/1     Running   0          45m

oc --namespace <your namespace> \
    get pods

# The output should be similar to this
# NAME                                   READY   STATUS    RESTARTS   AGE
# rasa-app-58d476497-ktkqn               1/1     Running   0          45m
# rasa-duckling-7696b7f474-km6dx         1/1     Running   0          45m
# rasa-event-service-7657b6b489-96drn    1/1     Running   1          45m
# rasa-nginx-64b6b464f6-p9bmb            1/1     Running   0          45m
# rasa-postgresql-0                      1/1     Running   0          45m
# rasa-rabbit-0                          1/1     Running   0          45m
# rasa-rasa-production-c86fbf7f7-q9pp5   1/1     Running   0          45m
# rasa-rasa-worker-5d49485976-6z2kj      1/1     Running   0          45m
# rasa-rasa-x-5788cddbb7-5zf86           1/1     Running   0          45m
# rasa-redis-master-0                    1/1     Running   0          45m

rasa-rasa-x-5788cddbb7-5zf86 is for example the name of the Rasa X container.

To get the logs of the container run:

kubectl --namespace <your namespace> \
    logs <name of the pod>

oc --namespace <your namespace> \
    logs <name of the pod>

Using Helm to Generate Object Configurations ¶

If you don’t want or cannot use Helm to install Rasa X in your cluster, you can still use Helm to generate the Kubernetes / OpenShift resource files.

Follow the installation instructions until the deployment part.

Run the following command to generate the Kubernetes / OpenShift resource files and write them in a file rasa-x-deployment.yml:

helm repo add rasa-x https://rasahq.github.io/rasa-x-helm
helm repo update
helm template \
    --namespace <your namespace> \
    --values values.yml \
    <your release name> \
    rasa-x/rasa-x > rasa-x-deployment.yml

docker run \
    -v $(pwd)/values.yml:/app/values.yml \
    alpine/helm \
    template \
    --namespace <your namespace> \
    --values /app/values.yml \
    <your release name> \
    --repo https://rasahq.github.io/rasa-x-helm \
    rasa-x > rasa-x-deployment.yml

You can then deploy these manually by running:

kubectl --namespace <your namespace> \
    create -f rasa-x-deployment.yml

oc --namespace <your namespace> \
    create -f rasa-x-deployment.yml

Next Steps ¶

Connect a Custom Action Server if you are using custom actions.
Set up Integrated Version Control to connect your Rasa X instance to a remote Git repository.
Deploy your assistant using Rasa X.
Configure SSL if you’d like to run your Rasa X server on HTTPS.

description	default secret name
PostgreSQL database password	`postgresql`
Redis lock store password	`redis`
RabbitMQ event broker password	`rabbit`