Installing Appian on Kubernetes

Overview

This page walks through how to install Appian on Kubernetes for self managed customers. The instructions show how to install on a server-based cluster. It is aimed at platform engineers with experience with Kubernetes, Helm, and container images.

Appian is installed on Kubernetes using a custom resource definition (CRD) and an operator. Before performing the install you should be familiar with these concepts. To read about them, see What is the Appian Operator?

Prerequisites

Make sure you have the following prerequisites and system requirements before installing Appian on Kubernetes.

Supported Environments

Appian on Kubernetes supports the following Kubernetes platforms:

• Azure Kubernetes Service
• Amazon EKS
• Red Hat OpenShift
• Google GKE

Appian on Kubernetes does not support AWS Fargate, GKE Autopilot, Azure ACI, or similar "serverless" virtualized environments.

Request licenses

You need to request license files specifically for Appian on Kubernetes. There are two types of licenses: temporary and long-term.

• Temporary license files are valid for 6 days. Request temporary license files when a new Appian instance is being set up for the first time or a long-term license has expired and you want to renew it.
• Long-term license files are valid for an extended period of time, and only valid for the site URL for which they were requested. Request long-term license files when you've already obtained temporary license files to set up an Appian instance, or your existing license files are about to expire and you want to proactively request replacements.

You can request temporary and long-term licenses by creating a new support case on Forum.

• In the Case Title, enter Self-Managed Kubernetes License Request.

• Enter your Appian site name. This should be what you intend to use when creating the Appian custom resource. It must contain only lowercase alphanumeric characters or the symbols - or . and must be no more than 16 characters. For example, company-name.

• Enter the URL you intend to use for your Appian site, following the same pattern as above. For example, company-name.com. This will be the URL you use in your configured .spec.url.

• For Severity, select 4 - Questions, Licenses, Forum Accounts, and Support Accounts.

For long-term licenses, the request is fulfilled as follows:

• If you are your organization's primary POC (point of contact), then the Appian license administrators will review your request and provide you with the license files or the next steps required to generate the long-term license files.

• If you are not your organization's primary POC, then the request will first go to your organization's POC who will have to approve this request. If the POC approves the request, the Appian license administrators will review the request and provide you the license files or the next steps required to generate the long-term license files.

Download artifacts

You'll need to download the Appian operator Helm chart, pull the Appian operator and Appian container images, and push the images to your organization's registry.

Kubernetes

This release has been explicitly tested against Kubernetes v1.26-v1.30. To check your server version, run kubectl version.

Exposing Appian

Appian needs to be exposed outside of Kubernetes to allow access to Apache Web Server (httpd) and webapp components. See Exposing Appian Outside Kubernetes to learn about different ways of exposing Appian.

How you choose to expose Appian will affect the configuration of the Appian custom resource; we’ll remind you of this configuration during that step.

Installing NGINX ingress controller (optional)

To expose Appian via Ingress, you can optionally do a new install of NGINX Ingress Controller on Kubernetes. If you are exposing Appian using a different method or are already using an ingress controller on your Kubernetes cluster, you can ignore this step.

1. Install ingress-nginx using Helm.
2. Be sure to verify the install.

Relational database

Appian on Kubernetes does not install a relational database. You need to provide your own relational database for each site to serve as its Appian data source. Ensure you provide at least one business data source to make use of data stores.

Your database can either run within the Kubernetes cluster or outside of it. If you want to connect directly to a database outside the cluster, ensure that the database is accessible from within the cluster.

Appian RPA database configuration

To use Appian RPA, you must also create and configure multiple databases on the MariaDB server, ensuring the URL, username, and password are correctly set in the configuration files.

RDBMS/JDBC drivers

Appian supports the following relational databases.

If you'd like to use Aurora MySQL, MySQL or IBM Db2 as the Appian data source or a business data source, you’ll need to use the Appian CRD's support for specifying init containers. The same goes for older supported versions of other relational databases that require different driver versions.

Installation

Once all your prerequisites are in order, the following steps will install Appian on Kubernetes.

1. Install the Appian operator

The following steps will install the Appian operator in the appian-operator namespace from the downloaded Appian operator Helm chart:

1. Create the appian-operator namespace:

   1
   kubectl create namespace appian-operator
   

2. Before you install the Appian operator Helm chart in the next step, decide how you want CA certificates to be provisioned as described here.

   Note:  Our steps below follow our preferred option of using a generated self-signed certificate with cert-manager.

3. Install the Appian operator Helm chart:

   1
   2
   3
   4
   helm --namespace appian-operator install appian-operator-<APPIAN_OPERATOR_VERSION>.tgz \
     --set image.repository=<REGISTRY_HOSTNAME>/appian/appian-operator:<APPIAN_OPERATOR_VERSION> \
     ... \
     --wait
   

   Self-signed certificate using cert-manager install

   • Make sure to specify the appropriate values to set the webhooks’ secret to the secret created by cert-manager and an annotation that we specified in our self-signed certificate instructions. If you changed the certificate name or secret name during the certificate creation steps, use those names here instead of appian-operator-webhooks and appian-operator-webhooks-certificate.

   • For the mutating and validating admission webhooks, add the annotation cert-manager.io/inject-ca-from:appian-operator/<your certificate name> to webhooks.webhookConfiguration.annotations when you run helm install or helm upgrade using --set or --values options.

   • It is also necessary to annotate the mutating and validating webhook configuration objects using the following flags, which will cause the caBundle field to be populated from a cert-manager certificate:

   1
   --set webhooks.webhookConfiguration.annotations."cert-manager\.io/inject-ca-from"=appian-operator/appian-operator-webhooks --set webhooks.secret=appian-operator-webhooks-certificate
   

   Here’s an example of the full Helm command that you might run:

   1
   2
   3
   4
   5
   helm --namespace appian-operator install appian-operator appian-operator-v0.117.0.tgz \
     --set image.repository=registry.example.com/appian/appian-operator \
     --set webhooks.secret=appian-operator-webhooks-certificate \
     --set webhooks.webhookConfiguration.annotations."cert-manager\.io/inject-ca-from"=appian-operator/appian-operator-webhooks \
     --wait
   

   Note:  If the container registry where your Appian operator image resides is private, follow the instructions here to create a Secret of type docker-registry and provide the name of the Secret via the option --set imagePullSecrets={<NAME>} in the command above.

   If you’ve pushed the operator image with a different tag that doesn’t match the version / app version of the chart, you’ll want to include the option --set image.tag=<TAG>.

4. This command may take a minute or two to complete. When complete, check that the correct Appian operator Deployments, ReplicaSets, and Pods were created.

   1
   kubectl -n appian-operator get deployments,replicasets,pods
   

   The output should be similar to:

   1
   2
   3
   4
   5
   6
   7
   8
   9
   10
   11
   NAME                                          READY   UP-TO-DATE   AVAILABLE   AGE
   deployment.apps/appian-operator-controllers   1/1     1            1           90s
   deployment.apps/appian-operator-webhooks      1/1     1            1           90s
   
   NAME                                                     DESIRED   CURRENT   READY   AGE
   replicaset.apps/appian-operator-controllers-55cfcf74f    1         1         1       90s
   replicaset.apps/appian-operator-webhooks-5bd6588b95      1         1         1       90s
   
   NAME                                              READY   STATUS    RESTARTS   AGE
   pod/appian-operator-controllers-55cfcf74f-sr4jd   1/1     Running   0          90s
   pod/appian-operator-webhooks-5bd6588b95-7lggk     1/1     Running   0          90s
   

   For each of the operator’s controllers and webhooks, you should see a single Deployment, ReplicaSet, and Pod. Once the Pods’ STATUS are all Running, the READY column should show 1/1 within 1 minute.

   Note:  Please note that the usage of appians below, and elsewhere, refers to multiple instances of Appian in a cluster. This pluralization follows Kubernetes conventions on resource naming.

5. Validate that the Appian CRD installed successfully by running:

   1
   kubectl get crd appians.crd.k8s.appian.com
   

   The output should be similar to:

   1
   2
   NAME                         CREATED AT
   appians.crd.k8s.appian.com   2022-03-04T12:00:00Z
   

If you have any trouble installing the operator, see Troubleshooting Appian on Kubernetes.

2. Create the Appian site namespace

If you haven’t done so already, create a new namespace in Kubernetes for your Appian site and all of its components. The namespace can have any name, though the rest of our instructions will use my-site-namespace.

1
kubectl create namespace my-site-namespace

3. Load licenses

Having requested your licenses, you’ll have received a zip with two files: k3.lic and k4.lic, and a third file called appian.lic. The first two will be installed as secrets on Kubernetes, and appian.lic will be installed as a config map.

1. Unzip the product license files.

2. Load the product license files as secrets into Kubernetes.

   1
   kubectl -n my-site-namespace create secret generic k3lic --from-file=<PATH TO LICENSE>/k3.lic
   

   1
   kubectl -n my-site-namespace create secret generic k4lic --from-file=<PATH TO LICENSE>/k4.lic
   

3. Create a config map for the appian.lic file via kubectl create configmap. You can name the config map as you wish:

   1
   kubectl -n my-site-namespace create configmap appian-lic --from-file=<PATH TO LICENSE>/appian.lic
   

When you configure your Appian YAML below, be certain to define the name of your license config map with appianLicConfigMapName.

4. Create an Appian YAML file

We’ll now configure a YAML file used as the spec to deploy the Appian CR.

1. Download the appian.yaml file (it can also be copied from the code block below). This will serve as a template for the Appian CR spec.

   1
   2
   3
   4
   5
   6
   7
   8
   9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
   100
   101
   102
   103
   104
   105
   106
   107
   108
   109
   110
   111
   112
   113
   114
   115
   116
   117
   118
   119
   120
   121
   122
   123
   124
   125
   126
   127
   128
   129
   130
   131
   132
   133
   134
   135
   136
   137
   138
   139
   140
   141
   142
   143
   144
   145
   146
   147
   148
   149
   150
   151
   152
   153
   154
   155
   156
   157
   158
   159
   160
   161
   162
   163
   164
   165
   166
   167
   168
   169
   170
   171
   172
   173
   174
   175
   176
   177
   178
   179
   180
   181
   182
   183
   184
   185
   186
   187
   188
   189
   190
   191
   192
   193
   194
   195
   196
   197
   198
   199
   200
   201
   202
   203
   204
   205
   206
   207
   208
   209
   210
   211
   212
   213
   214
   215
   216
   217
   218
   219
   220
   221
   222
   223
   224
   225
   226
   227
   228
   229
   230
   231
   232
   233
   234
   235
   236
   237
   238
   239
   240
   241
   242
   243
   244
   245
   246
   247
   248
   249
   250
   251
   252
   253
   254
   255
   256
   257
   258
   259
   260
   261
   262
   263
   264
   265
   266
   267
   268
   269
   270
   271
   272
   273
   274
   275
   276
   277
   278
   279
   280
   281
   282
   283
   284
   285
   286
   287
   288
   289
   290
   291
   292
   293
   294
   295
   296
   297
   298
   299
   300
   apiVersion: crd.k8s.appian.com/v1beta1
   kind: Appian
   metadata:
     # USER ACTION REQUIRED - If using long-term licenses, update to match the
     # wildcard pattern of the licenses you were provided
     # https://docs.appian.com/suite/help/latest/k8s/install-appian-on-k8s.html#request-licenses
     name: appian
   spec:
     # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
     imagePullSecrets: [] # []string
       # - regcred
     # USER ACTION REQUIRED - Update to the Version of Low code platform that Appian runs on
     version: 22.1.190.0
     k3LicSecretName: k3lic
     k4LicSecretName: k4lic
     appianLicConfigMapName: appian-lic
     # USER ACTION REQUIRED - Update to match the scheme, host, and, optionally,
     # port of your site
     # https://docs.appian.com/suite/help/latest/Post-Install_Configurations.html#configure-your-site-url
     url: http://myappiansite.com
     # https://docs.appian.com/suite/help/latest/Custom_Configurations.html#custom-properties
     customProperties: # map[string]string
       # https://docs.appian.com/suite/help/latest/resource-requests-and-limits.html#webapp
       conf.appserver.maxHeapSize: 3072m
     zookeeper:
       # USER ACTION REQUIRED - Update to match the coordinates of the Appian
       # Zookeeper container image as you pushed it to your registry
       image:
         repository: registry.example.com/appian/zookeeper
       replicas: 1
       volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
         # storageClassName: ""
         accessModes:
           - ReadWriteOnce
         resources:
           requests:
             # Configure based on your expected Zookeeper storage needs
             storage: 5Gi
       env: # []corev1.EnvVar
         # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#zookeeper
         - name: ZK_HEAP_MIN
           value: 128m
         - name: ZK_HEAP_MAX
           value: 256m
       # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#zookeeper
       resources: # corev1.ResourceRequirements
         requests:
           cpu: 100m
           memory: 307Mi # ZK_HEAP_MAX * 1.2 to account for non-heap memory
         limits:
           cpu: 200m
           memory: 448Mi # ZK_HEAP_MAX * 1.75 to account for non-heap memory
     kafka:
       # USER ACTION REQUIRED - Update to match the coordinates of the Appian Kafka
       # container image as you pushed it to your registry
       image:
         repository: registry.example.com/appian/kafka
       replicas: 1
       volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
         # storageClassName: ""
         accessModes:
           - ReadWriteOnce
         resources:
           requests:
             # Configure based on your expected Kafka storage needs
             storage: 5Gi
       env: # []corev1.EnvVar
         # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#kafka
         - name: KAFKA_HEAP_MIN
           value: 512m
         - name: KAFKA_HEAP_MAX
           value: 1024m
       # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#kafka
       resources: # corev1.ResourceRequirements
         requests:
           cpu: 500m
           memory: 1229Mi # KAFKA_HEAP_MAX * 1.2 to account for non-heap memory
         limits:
           cpu: 2000m
           memory: 1792Mi # KAFKA_HEAP_MAX * 1.75 to account for non-heap memory
     searchServer:
       # USER ACTION REQUIRED - Update to match the coordinates of the Appian
       # Search Server container image as you pushed it to your registry
       image:
         repository: registry.example.com/appian/search-server
       replicas: 1
       volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
         # storageClassName: ""
         accessModes:
           - ReadWriteOnce
         resources:
           requests:
             # Configure based on your expected Search Server storage needs
             storage: 5Gi
       env: # []corev1.EnvVar
         # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#search-server
         - name: SS_HEAP
           value: 1280m
       # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#search-server
       resources: # corev1.ResourceRequirements
         requests:
           cpu: 100m
           memory: 1.5Gi # SS_HEAP + 256Mi to account for non-heap memory
         limits:
           cpu: 200m
           memory: 3Gi # Double requests.memory
     dataServer:
       # USER ACTION REQUIRED - Update to match the coordinates of the Appian Data
       # Server container image as you pushed it to your registry
       image:
         repository: registry.example.com/appian/data-server
       replicas: 1
       topology:
         rtsCount: 2
       volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
         # storageClassName: ""
         accessModes:
           - ReadWriteOnce
         resources:
           requests:
             # Configure based on your expected Data Server storage needs
             storage: 5Gi
       # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#data-server
       resources: # corev1.ResourceRequirements
         requests:
           cpu: 100m
           memory: 512Mi
         limits:
           cpu: 200m
           memory: 1Gi
     serviceManager:
       # USER ACTION REQUIRED - Update to match the coordinates of the Appian
       # Service Manager container image as you pushed it to your registry
       image:
         repository: registry.example.com/appian/service-manager
       replicas: 1
       topology:
         analyticsExecShardCount: 3
       volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
         # storageClassName: ""
         accessModes:
           - ReadWriteOnce
         resources:
           requests:
             # Configure based on your expected Service Manager storage needs
             storage: 5Gi
       # https://docs.appian.com/suite/help/latest/k8s/high-availability.html
       # haExistingClaim: ""
       env: # []corev1.EnvVar
         # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#service-manager
         - name: KOMODO_DIRECT_MEM_MAX
           value: 512m
         - name: KOMODO_HEAP_MAX
           value: 1g
       # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#service-manager
       resources: # corev1.ResourceRequirements
         requests:
           cpu: 200m
           memory: 2.5Gi
         limits:
           cpu: 2000m
           memory: 32Gi
     webapp:
       # USER ACTION REQUIRED - Update to match the coordinates of the Appian
       # Webapp container image as you pushed it to your registry
       image:
         repository: registry.example.com/appian/webapp
       replicas: 1
       # https://docs.appian.com/suite/help/latest/Post-Install_Configurations.html#configure-your-static-and-dynamic-content-urls
       # staticUrl: http://myappiansite-static.com
       # dynamicUrl: http://myappiansite-dynamic.com
       # Configuration for connecting to the Appian and business data sources. If
       # connecting to MySQL or IBM Db2, use an init container to add the
       # appropriate RDBMS/JDBC driver JAR to Tomcat's classpath
       # https://docs.appian.com/suite/help/latest/Configuring_Relational_Databases.html#provide-data-source-connection-information
       # https://docs.appian.com/suite/help/latest/k8s/init-and-sidecar-containers.html#using-init-containers-to-add-jars-to-tomcat's-classpath
       dataSources:
         primary:
           name: jdbc/AppianDS
           type: javax.sql.DataSource
           factory: org.apache.tomcat.jdbc.pool.DataSourceFactory
           driverClassName: org.mariadb.jdbc.Driver
           url: "jdbc:mariadb://mariadb-appian.my-site-namespace.svc.cluster.local:3306/AppianDS?useOldAliasMetadataBehavior=true"
           username: username
           # USER ACTION REQUIRED - Create a secret containing the password used to
           # connect to the data source and reference it here
           passwordSecretKeyRef:
             name: ""
             key: ""
           attributes:
             initialSize: "5"
             maxActive: "200"
             defaultTransactionIsolation: "READ_COMMITTED"
             maxWait: "30000"
             minIdle: "5"
             minEvictableIdleTimeMillis: "90000"
             timeBetweenEvictionRunsMillis: "450000"
             validationQuery: "SELECT 1"
             testOnBorrow: "true"
         business: []
       # https://docs.appian.com/suite/help/latest/k8s/email.html
       # passwordsPropertiesSecretName: ""
       volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
         # storageClassName: ""
         accessModes:
           - ReadWriteOnce
         resources:
           requests:
             # Configure based on your expected Webapp storage needs
             storage: 5Gi
       # https://docs.appian.com/suite/help/latest/k8s/high-availability.html
       # haExistingClaim: ""
       # https://docs.appian.com/suite/help/latest/k8s/health-check-k8s.html
       # healthCheckExistingClaim: ""
       # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#webapp
       resources: # corev1.ResourceRequirements
         requests:
           cpu: 100m
           memory: 4.5Gi
         limits:
           cpu: 1000m
           memory: 6Gi
     httpd:
       # USER ACTION REQUIRED - Update to match the coordinates of the Appian httpd
       # container image as you pushed it to your registry
       image:
         repository: registry.example.com/appian/httpd
       replicas: 2
     # https://docs.appian.com/suite/help/latest/k8s/exposing-appian-on-k8s.html
     service:
       annotations: {} # map[string]string
       # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
       type: ClusterIP
     # https://docs.appian.com/suite/help/latest/k8s/exposing-appian-on-k8s.html#ingress
     ingress:
       enabled: true
       # USER ACTION REQUIRED - Use either the ingressClassName field or the
       # deprecated kubernetes.io/ingress.class annotation to refer to your desired
       # ingress class
       # https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
       annotations: {} # map[string]string
         # kubernetes.io/ingress.class: ""
       # ingressClassName: ""
       # USER ACTION REQUIRED - Uncomment the rpa section below if you are deploying Appian RPA
     # rpa:
     #   # USER ACTION REQUIRED - Update to match the version of the Appian RPA image
     #   # that you pulled for deployment
     #   version: 9.9.0
     #   # USER ACTION REQUIRED - Update to match the coordinates of the Appian
     #   # RPA container image as you pushed it to your registry
     #   # that you pulled for deployment
     #   image:
     #     repository: registry.example.com/appian/rpa
     #   volumeClaimTemplateSpec:
     #     accessModes:
     #       - "ReadWriteOnce"
     #     resources:
     #       requests:
     #         storage: "5Gi"
     #   # USER ACTION REQUIRED - Update to match the hostname and port for your Appian RPA MariaDB
     #   database:
     #     hostname: my-rpa-mariadb
     #     port: 3306
     #     schema: Rpa
     #     # USER ACTION REQUIRED - Create a secret containing the password used to
     #     # connect to the rpa data source and reference it here
     #     # https://docs.appian.com/suite/help/latest/k8s/rpa-setup-on-k8s.html
     #     credentialsSecretName: rpa-data-source-credentials
     #   # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#rpa
     #   properties:
     #     # [OPTIONAL] This represents the max memory (Xmx) allocated to the JVM.  If omitted, this will default to 2048
     #     rpa.max.memory: 4096
     #     # [OPTIONAL] RPA expects to have unrestricted internet access by default, set this to "offline" if that is not the case.
     #     # If omitted, this will default to "online"
     #     rpa.artifact.resolution: "online"
     #   # USER ACTION REQUIRED - Update to match the url and port for your Appian RPA MariaDB
     #   rtdo:
     #     dataSource:
     #       url: jdbc:mariadb://my-rpa-mariadb:3306/Rtdo
     #       username: my-rpa-mariadb-username
     #       passwordSecretName: rpa-data-source-credentials
     #   # USER ACTION REQUIRED - Update to match the url and port for your Appian RPA MariaDB
     #   rpdo:
     #     dataSource:
     #       url: jdbc:mariadb://my-rpa-mariadb:3306/Rpdo
     #       username: my-rpa-mariadb-username
     #       passwordSecretName: rpa-data-source-credentials
     #   # USER ACTION REQUIRED - Update to match the url and port for your Appian RPA MariaDB
     #   robotRDO:
     #     dataSource:
     #       url: jdbc:mariadb://my-rpa-mariadb:3306/RobotRDO
     #       username: my-rpa-mariadb-username
     #       passwordSecretName: rpa-data-source-credentials
     #   # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#rpa
     #   resources:
     #     requests:
     #       cpu: 1000m
     #       memory: 2.5Gi
     #     limits:
     #       cpu: 2000m
   

2. At minimum, change the following field values in appian.yaml with custom values. Save the file.

   Key	Current Value	Your Value
   .metadata.name	appian	This should be the same Appian site name specified when requesting your long-term license. If you are using a temporary license, you can specify any name here, lower-case, all one word. If you intend to upgrade the temporary license on an install to a long-term license, it is easiest to keep this same name for the long-term license request.
   .spec.appianLicConfigMapName	appian-lic	Name of the ConfigMap associated with the appian.lic file. This is required for your site to start.
   .spec.webapp.url	http://myappiansite.com	Fully qualified domain name of the Appian site's URL including the scheme, host, and, optionally, port. For example: http://www.example.com:8080. For more info, see SERVER_AND_PORT in Configure your Site URL.
   .spec.webapp.dataSources.primary.driverClassName	org.mariadb.jdbc.Driver	Driver class name for your RDBMS. For examples of each of the supported databases, see Configuring Data Sources.
   .spec.webapp.dataSources.primary.url	jdbc:mariadb://mariadb-appian.my-site-namespace.svc.cluster.local:3306/AppianDS?useOldAliasMetadataBehavior=true	Appian data source connection URL of your RDBMS. For URL examples of each of the supported databases, see Configuring Data Sources.
   .spec.webapp.dataSources.primary.username	username	Plain-text username for your RDBMS connection. If you installed a new copy of MariaDB in earlier steps, this will be the username created in that step. For example: username.
   .spec.webapp.dataSources.primary.password	password	Plain-text password for your RDBMS connection. If you installed a new copy of MariaDB in earlier steps, this will be the password created in that step. For example: password.
   .spec.webapp.dataSources.primary.attributes.validationQuery	"SELECT 1"	Validation query for your RDBMS connection. For examples of each of the supported databases, see Configuring Data Sources. If you installed a new copy of MariaDB in earlier steps, this will be "SELECT 1".
   .spec.[COMPONENT].image.repository (Multiple fields - one field per component)	registry.example.com/appian/<COMPONENT>	Image location on your Docker registry of each Appian component. If you are using a custom registry, change this image for each Appian component. If you did not re-tag your images and push to a custom registry, use the current values that include registry.example.com.
   .spec.[COMPONENT].image.tag (Multiple fields - one field per component)	Various tag values for each Appian component.	The image version number for each Appian component. You can find these tags with the command: docker images <MY DOCKER REGISTRY>/appian/* For example: docker images registry.example.com/appian/*

   Note:  It is highly recommended to configure application logging to your needs with Log4j. Instructions are located on the Customizing Application Logging page.

3. Be sure to change any other custom values in appian.yaml spec. For a detailed reference of all allowable fields, refer to the custom resource definitions API documentation.

   Here are some configuration settings to consider.

   • The Apache Web Server (httpd) component is specified in the spec, though it is optional and can be taken out if you are using another web server or don't require one.
   • We are only specifying an Appian data source in the spec. To use Data Store Objects, you'll also want to provide at least one business data store. This is defined in the .spec.webapp.dataSources.business field.
   • Since we use NGINX ingress controller for Appian on Kubernetes, we are setting .spec.ingress.enabled to true in the spec. See Exposing Appian Outside Kubernetes for configuration details.
   • The .spec.[COMPONENT].resources fields in the appian.yaml spec are suggested resource values. For more on tuning these fields, see Resource Requests and Limits.
   • As most Appian components are StatefulSets that rely on persistent storage, the .spec.[STATEFUL_COMPONENT].volumeClaimTemplateSpec fields have suggested values that define this storage. For more on these fields, see PersistentVolumeClaimSpec.
   • The appian.yaml specifies one Pod replica per Appian component. Refer to our high availability docs for setting up multiple replicas in an HA instance of Appian.
   • You may want to set up Horizontal Pod Autoscaling on the Apache Web Server (httpd).
   • You may want to define custom properties for Appian using the .spec.customProperties field.

5. Create the Appian site

1. Run kubectl create to create the Appian site based on the appian.yaml:

   1
   kubectl create -n my-site-namespace -f <PATH TO APPIAN.YAML>
   

2. It will take about 20-30 minutes for the Appian site to fully start. Check progress on the various Appian component pods with the following command.

   1
   kubectl -n my-site-namespace get pods
   

   The STATUS of the Appian component pods will transition from Pending to Running. When the Appian site is ready, you should see all pods have READY of 1/1 and STATUS of Running, similar to the following.

   1
   2
   3
   4
   5
   6
   7
   8
   9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   NAME                                           READY   STATUS    RESTARTS   AGE
   appian-data-server-0                           1/1     Running   0          25m
   appian-httpd-8658f7fdb7-k9f6j                  1/1     Running   0          25m
   appian-httpd-bf56974d4-crv4g                   1/1     Running   0          25m
   appian-kafka-0                                 1/1     Running   0          25m
   appian-search-server-0                         1/1     Running   0          25m
   appian-service-manager-analytics00-0           1/1     Running   0          25m
   appian-service-manager-analytics01-0           1/1     Running   0          25m
   appian-service-manager-analytics02-0           1/1     Running   0          25m
   appian-service-manager-channels-0              1/1     Running   0          25m
   appian-service-manager-content-0               1/1     Running   0          25m
   appian-service-manager-download-stats-0        1/1     Running   0          25m
   appian-service-manager-execution00-0           1/1     Running   0          25m
   appian-service-manager-execution01-0           1/1     Running   0          25m
   appian-service-manager-execution02-0           1/1     Running   0          25m
   appian-service-manager-forums-0                1/1     Running   0          25m
   appian-service-manager-groups-0                1/1     Running   0          25m
   appian-service-manager-notifications-0         1/1     Running   0          25m
   appian-service-manager-notifications-email-0   1/1     Running   0          25m
   appian-service-manager-portal-0                1/1     Running   0          25m
   appian-service-manager-process-design-0        1/1     Running   0          25m
   appian-webapp-0                                1/1     Running   0          25m
   appian-zookeeper-0                             1/1     Running   0          25m
   

3. Get the appians custom resource to check the status of your Appian site.

   1
   kubectl get -n my-site-namespace appians
   

   The STATUS of a starting site will transition from not set to Creating to Starting to Ready. The transition from not set to Creating to Starting should happen within seconds. The transition from Starting to Ready should happen within 20 to 30 minutes.

   Make sure the STATUS is Ready before accessing your site, similar to:

   1
   2
   NAME     URL                       STATUS   AGE
   appian   http://myappiansite.com   Ready    25m
   

If you have any trouble with creating the Appian site, see Troubleshooting Appian on Kubernetes.

If you need to edit the Appian CR and restart, see Editing, Stopping, and Restarting.

6. Access your Appian site

Newly created sites are bootstrapped with a system administrator user. This user cannot access the Admin Console. The steps below detail how to login, then create a new system administrator user that can access the Admin Console.

1. In a browser, navigate to <URL>/suite/design/users where <URL> is the value you set in the .spec.webapp.url field of the Appian custom resource.
2. Login as the bootstrap system administrator user with username Administrator and temporary password admin. Change the user’s password when prompted to do so.
3. Click on the CREATE USER button to create the new user. Under Security > User Type, select System Administrator.
4. If you haven’t configured your site to send email, make sure to manually assign a temporary password. If a temporary password is omitted, Appian will attempt to send an email to the specified email address with a randomly generated temporary password. Since the site has not yet been configured to send email, this will fail and there will be no way to recover the user’s password.
5. Logout and login as the newly created user.

Feedback