Overview

This page shows how to configure RPA in Appian on Kubernetes for self-managed customers.

rpa-secret.yaml

Users need to deploy a secret to their cluster namespace with credentials for connecting to the MariaDB data source used by Appian RPA.

1
2
3
4
5
6
7
8
9
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: rpa-data-source-credentials
  namespace: my-site-namespace
data:
  username: base64-encoded-username
  password: base64-encoded-password

The values for username (should be appian) and password must be base64 encoded. If you run the following command, that should generate this secret, and handle the base64 encoding:

1
kubectl create secret generic -n my-site-namespace rpa-data-source-credentials --from-literal=username=appian --from-literal=password=my-password

The value for metadata name needs to match the name of the credentialSecretName and passwordSecretName used in the Appian YAML file.

Database Initialization for MariaDB

Prerequisites

Before proceeding, make sure you have:

• Access to a MariaDB server where you have permissions to create databases and users.
• The password used above in rpa-data-source-credentials. You will be setting up the username and password that secret corresponds to in this guide.

Step 1: Log in to Your MariaDB Server

First, connect to your MariaDB server using the MariaDB client. Replace your_username with your actual database username:

1
mysql -u your_username -p

You will be prompted for your password. Enter it to proceed.

Step 2: Create Databases

Execute the following SQL commands to create the necessary databases. These commands are safe to run multiple times; they will not overwrite existing databases.

1
2
3
CREATE DATABASE IF NOT EXISTS Rpa;
CREATE DATABASE IF NOT EXISTS Rtdo;
CREATE DATABASE IF NOT EXISTS Rpdo;

Step 3: Create User and Grant Permissions

Replace password with the password you wish to use for your application's database connection. This step grants the necessary permissions for the newly created user on the databases created in the previous step.

1
2
3
4
5
CREATE USER 'appian'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON Rpa.* TO 'appian'@'%';
GRANT ALL PRIVILEGES ON Rtdo.* TO 'appian'@'%';
GRANT ALL PRIVILEGES ON Rpdo.* TO 'appian'@'%';
FLUSH PRIVILEGES;

Step 4: Verifying the Setup

To verify that the databases and user have been set up correctly, you can log in as the newly created user and list the databases:

1
mysql -u appian -p

Once logged in, execute:

1
SHOW DATABASES;

You should see Rpa, Rtdo, and Rpdo listed among the databases.

Restricting outbound traffic for RPA

RPA requires unrestricted access to the internet by default, with RPA reaching out to Maven repositories on the internet when it checks for 3rd party dependencies (JARs) for each robotic task execution. (See the RPA Repository Management page for more information.)

Alternatively, you can configure RPA to work in "offline" mode in order to prevent RPA from connecting to the public internet. RPA will be fully functional in "offline" mode; however, this may increase the export size for any Java-dependent Robotic Tasks.

To restrict RPA from communicating with the public internet, set the value for .spec.rpa.properties.rpa.artifact.resolution to "offline". If the custom property is omitted, the default is "online".

1
2
3
4
5
6
7
8
apiVersion: crd.k8s.appian.com/v1beta1
kind: Appian
metadata:
  name: appian
spec:
  rpa:
    properties:
      rpa.artifact.resolution: "offline"