Free cookie consent management tool by TermsFeed Installing Appian on Kubernetes [Appian on Kubernetes v0.166.0]
Page not found in the selected version; redirected to the home page.
Installing Appian on Kubernetes

Overview

This page walks through how to install Appian on Kubernetes for self managed customers. The instructions show how to install on a server-based cluster. It is aimed at platform engineers with experience with Kubernetes, Helm, and container images.

Appian is installed on Kubernetes using a custom resource definition (CRD) and an operator. Before performing the install you should be familiar with these concepts. To read about them, see What is the Appian Operator?

Note:  These documents specifically deal with deployment, maintenance, and configuration tasks that are unique to Appian on Kubernetes. For installing Appian on machine-based servers, see the Installation Guide.

Prerequisites

Make sure you have the following prerequisites and system requirements before installing Appian on Kubernetes.

Note:  These instructions are to configure a single node instance of Appian on Kubernetes. Refer to our high availability docs for more information if you would like a multi-node (HA) instance of Appian to setup an HA deployment of Appian using the Appian operator.

Supported Environments

Appian on Kubernetes supports the following Kubernetes platforms:

  • Azure Kubernetes Service
  • Amazon EKS
  • Red Hat OpenShift
  • Google GKE

Appian on Kubernetes does not support AWS Fargate, GKE Autopilot, Azure ACI, or similar "serverless" virtualized environments.

Request licenses

You need to request license files specifically for Appian on Kubernetes. There are two types of licenses: temporary and long-term.

Note:  Generating the long-term license files can take up to 4-5 business days. You'll want to request temporary license files first, or both the temporary and long-term licenses in the same request.

  • Temporary license files are valid for 7 days. Request temporary license files when a new Appian instance is being set up for the first time or a long-term license has expired and you want to renew it.
  • Long-term license files are valid for an extended period of time, and only valid for the site URL for which they were requested. Request long-term license files when you've already obtained temporary license files to set up an Appian instance, or your existing license files are about to expire and you want to proactively request replacements.

Note:  We now require submitting both an Appian site name (custom resource name) and a valid site URL before we generate license files, as detailed in the steps below. If you have not requested a license in this manner before, you must do so at your earliest convenience.

You can request temporary and long-term licenses by creating a new support case on Forum.

  • In the Case Title, enter Self-Managed Kubernetes License Request.

  • Enter your Appian site name. This should be what you intend to use when creating the Appian custom resource. It must contain only lowercase alphanumeric characters or the symbols - or . and must be no more than 16 characters. For example, company-name.

  • Enter the URL you intend to use for your Appian site, following the same pattern as above. For example, company-name.com. This will be the URL you use in your configured .spec.url.

  • For Severity, select 4 - Questions, Licenses, Forum Accounts, and Support Accounts.

For long-term licenses, the request is fulfilled as follows:

  • If you are your organization's primary POC (point of contact), then the Appian license administrators will review your request and provide you with the license files or the next steps required to generate the long-term license files.

  • If you are not your organization's primary POC, then the request will first go to your organization's POC who will have to approve this request. If the POC approves the request, the Appian license administrators will review the request and provide you the license files or the next steps required to generate the long-term license files.

Download artifacts

You'll need to download the Appian operator Helm chart, pull the Appian operator and Appian container images, and push the images to your organization's registry.

Kubernetes

This release has been explicitly tested against Kubernetes v1.26-v1.30. To check your server version, run kubectl version.

Exposing Appian

Appian needs to be exposed outside of Kubernetes to allow access to Apache Web Server (httpd) and webapp components. See Exposing Appian Outside Kubernetes to learn about different ways of exposing Appian.

How you choose to expose Appian will affect the configuration of the Appian custom resource; we’ll remind you of this configuration during that step.

Installing NGINX ingress controller (optional)

To expose Appian via Ingress, you can optionally do a new install of NGINX Ingress Controller on Kubernetes. If you are exposing Appian using a different method or are already using an ingress controller on your Kubernetes cluster, you can ignore this step.

  1. Install ingress-nginx using Helm.
  2. Be sure to verify the install.

Relational database

Appian on Kubernetes does not install a relational database. You need to provide your own relational database for each site to serve as its Appian data source. Ensure you provide at least one business data source to make use of data stores.

Your database can either run within the Kubernetes cluster or outside of it. If you want to connect directly to a database outside the cluster, ensure that the database is accessible from within the cluster.

Appian RPA database configuration

To use Appian RPA, you must also create and configure multiple databases on the MariaDB server, ensuring the URL, username, and password are correctly set in the configuration files.

RDBMS/JDBC drivers

Appian supports the following relational databases.

If you'd like to use Aurora MySQL, MySQL or IBM Db2 as the Appian data source or a business data source, you’ll need to use the Appian CRD's support for specifying init containers. The same goes for older supported versions of other relational databases that require different driver versions.

Installation

Once all your prerequisites are in order, the following steps will install Appian on Kubernetes.

1. Install the Appian operator

The following steps will install the Appian operator in the appian-operator namespace from the downloaded Appian operator Helm chart:

  1. Create the appian-operator namespace:

    1
    
    kubectl create namespace appian-operator
    
  2. Before you install the Appian operator Helm chart in the next step, decide how you want CA certificates to be provisioned as described here.

    Note:  Our steps below follow our preferred option of using a generated self-signed certificate with cert-manager.

  3. Install the Appian operator Helm chart:

    1
    2
    3
    4
    
    helm --namespace appian-operator install appian-operator-<APPIAN_OPERATOR_VERSION>.tgz \
      --set image.repository=<REGISTRY_HOSTNAME>/appian/appian-operator:<APPIAN_OPERATOR_VERSION> \
      ... \
      --wait
    

    Self-signed certificate using cert-manager install

    • Make sure to specify the appropriate values to set the webhooks’ secret to the secret created by cert-manager and an annotation that we specified in our self-signed certificate instructions. If you changed the certificate name or secret name during the certificate creation steps, use those names here instead of appian-operator-webhooks and appian-operator-webhooks-certificate.

    • For the mutating and validating admission webhooks, add the annotation cert-manager.io/inject-ca-from:appian-operator/<your certificate name> to webhooks.webhookConfiguration.annotations when you run helm install or helm upgrade using --set or --values options.

    • It is also necessary to annotate the mutating and validating webhook configuration objects using the following flags, which will cause the caBundle field to be populated from a cert-manager certificate:

    1
    
    --set webhooks.webhookConfiguration.annotations."cert-manager\.io/inject-ca-from"=appian-operator/appian-operator-webhooks --set webhooks.secret=appian-operator-webhooks-certificate
    

    Here’s an example of the full Helm command that you might run:

    1
    2
    3
    4
    5
    
    helm --namespace appian-operator install appian-operator appian-operator-v0.117.0.tgz \
      --set image.repository=registry.example.com/appian/appian-operator \
      --set webhooks.secret=appian-operator-webhooks-certificate \
      --set webhooks.webhookConfiguration.annotations."cert-manager\.io/inject-ca-from"=appian-operator/appian-operator-webhooks \
      --wait
    

    Note:  If the container registry where your Appian operator image resides is private, follow the instructions here to create a Secret of type docker-registry and provide the name of the Secret via the option --set imagePullSecrets={<NAME>} in the command above.

    If you’ve pushed the operator image with a different tag that doesn’t match the version / app version of the chart, you’ll want to include the option --set image.tag=<TAG>.

  4. This command may take a minute or two to complete. When complete, check that the correct Appian operator Deployments, ReplicaSets, and Pods were created.

    1
    
    kubectl -n appian-operator get deployments,replicasets,pods
    

    The output should be similar to:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    
    NAME                                          READY   UP-TO-DATE   AVAILABLE   AGE
    deployment.apps/appian-operator-controllers   1/1     1            1           90s
    deployment.apps/appian-operator-webhooks      1/1     1            1           90s
    
    NAME                                                     DESIRED   CURRENT   READY   AGE
    replicaset.apps/appian-operator-controllers-55cfcf74f    1         1         1       90s
    replicaset.apps/appian-operator-webhooks-5bd6588b95      1         1         1       90s
    
    NAME                                              READY   STATUS    RESTARTS   AGE
    pod/appian-operator-controllers-55cfcf74f-sr4jd   1/1     Running   0          90s
    pod/appian-operator-webhooks-5bd6588b95-7lggk     1/1     Running   0          90s
    

    For each of the operator’s controllers and webhooks, you should see a single Deployment, ReplicaSet, and Pod. Once the Pods’ STATUS are all Running, the READY column should show 1/1 within 1 minute.

    Note:  Please note that the usage of appians below, and elsewhere, refers to multiple instances of Appian in a cluster. This pluralization follows Kubernetes conventions on resource naming.

  5. Validate that the Appian CRD installed successfully by running:

    1
    
    kubectl get crd appians.crd.k8s.appian.com
    

    The output should be similar to:

    1
    2
    
    NAME                         CREATED AT
    appians.crd.k8s.appian.com   2022-03-04T12:00:00Z
    

If you have any trouble installing the operator, see Troubleshooting Appian on Kubernetes.

2. Create the Appian site namespace

If you haven’t done so already, create a new namespace in Kubernetes for your Appian site and all of its components. The namespace can have any name, though the rest of our instructions will use my-site-namespace.

1
kubectl create namespace my-site-namespace

3. Load licenses

Having requested your licenses, you’ll have received a zip with two files: k3.lic and k4.lic, and a third file called appian.lic. The first two will be installed as secrets on Kubernetes, and appian.lic will be installed as a config map.

  1. Unzip the product license files.
  2. Load the product license files as secrets into Kubernetes.

    1
    
    kubectl -n my-site-namespace create secret generic k3lic --from-file=<PATH TO LICENSE>/k3.lic
    
    1
    
    kubectl -n my-site-namespace create secret generic k4lic --from-file=<PATH TO LICENSE>/k4.lic
    
  3. Create a config map for the appian.lic file via kubectl create configmap. You can name the config map as you wish:

    1
    
    kubectl -n my-site-namespace create configmap appian-lic --from-file=<PATH TO LICENSE>/appian.lic
    

When you configure your Appian YAML below, be certain to define the name of your license config map with appianLicConfigMapName.

4. Create an Appian YAML file

Note:  If migrating a server-based installation of Appian into Kubernetes, use the YAML file generated by the Migration Tool's merge command instead of the one below.

We’ll now configure a YAML file used as the spec to deploy the Appian CR.

  1. Download the appian.yaml file (it can also be copied from the code block below). This will serve as a template for the Appian CR spec.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142
    143
    144
    145
    146
    147
    148
    149
    150
    151
    152
    153
    154
    155
    156
    157
    158
    159
    160
    161
    162
    163
    164
    165
    166
    167
    168
    169
    170
    171
    172
    173
    174
    175
    176
    177
    178
    179
    180
    181
    182
    183
    184
    185
    186
    187
    188
    189
    190
    191
    192
    193
    194
    195
    196
    197
    198
    199
    200
    201
    202
    203
    204
    205
    206
    207
    208
    209
    210
    211
    212
    213
    214
    215
    216
    217
    218
    219
    220
    221
    222
    223
    224
    225
    226
    227
    228
    229
    230
    231
    232
    233
    234
    235
    236
    237
    238
    239
    240
    241
    242
    243
    244
    245
    246
    247
    248
    249
    250
    251
    252
    253
    254
    255
    256
    257
    258
    259
    260
    261
    262
    263
    264
    265
    266
    267
    268
    269
    270
    271
    272
    273
    274
    275
    276
    277
    278
    279
    280
    281
    282
    283
    284
    285
    286
    287
    288
    289
    290
    291
    292
    293
    294
    295
    296
    297
    298
    299
    300
    
    apiVersion: crd.k8s.appian.com/v1beta1
    kind: Appian
    metadata:
      # USER ACTION REQUIRED - If using long-term licenses, update to match the
      # wildcard pattern of the licenses you were provided
      # https://docs.appian.com/suite/help/latest/k8s/install-appian-on-k8s.html#request-licenses
      name: appian
    spec:
      # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      imagePullSecrets: [] # []string
        # - regcred
      # USER ACTION REQUIRED - Update to the Version of Low code platform that Appian runs on
      version: 22.1.190.0
      k3LicSecretName: k3lic
      k4LicSecretName: k4lic
      appianLicConfigMapName: appian-lic
      # USER ACTION REQUIRED - Update to match the scheme, host, and, optionally,
      # port of your site
      # https://docs.appian.com/suite/help/latest/Post-Install_Configurations.html#configure-your-site-url
      url: http://myappiansite.com
      # https://docs.appian.com/suite/help/latest/Custom_Configurations.html#custom-properties
      customProperties: # map[string]string
        # https://docs.appian.com/suite/help/latest/resource-requests-and-limits.html#webapp
        conf.appserver.maxHeapSize: 3072m
      zookeeper:
        # USER ACTION REQUIRED - Update to match the coordinates of the Appian
        # Zookeeper container image as you pushed it to your registry
        image:
          repository: registry.example.com/appian/zookeeper
        replicas: 1
        volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
          # storageClassName: ""
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              # Configure based on your expected Zookeeper storage needs
              storage: 5Gi
        env: # []corev1.EnvVar
          # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#zookeeper
          - name: ZK_HEAP_MIN
            value: 128m
          - name: ZK_HEAP_MAX
            value: 256m
        # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#zookeeper
        resources: # corev1.ResourceRequirements
          requests:
            cpu: 100m
            memory: 307Mi # ZK_HEAP_MAX * 1.2 to account for non-heap memory
          limits:
            cpu: 200m
            memory: 448Mi # ZK_HEAP_MAX * 1.75 to account for non-heap memory
      kafka:
        # USER ACTION REQUIRED - Update to match the coordinates of the Appian Kafka
        # container image as you pushed it to your registry
        image:
          repository: registry.example.com/appian/kafka
        replicas: 1
        volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
          # storageClassName: ""
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              # Configure based on your expected Kafka storage needs
              storage: 5Gi
        env: # []corev1.EnvVar
          # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#kafka
          - name: KAFKA_HEAP_MIN
            value: 512m
          - name: KAFKA_HEAP_MAX
            value: 1024m
        # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#kafka
        resources: # corev1.ResourceRequirements
          requests:
            cpu: 500m
            memory: 1229Mi # KAFKA_HEAP_MAX * 1.2 to account for non-heap memory
          limits:
            cpu: 2000m
            memory: 1792Mi # KAFKA_HEAP_MAX * 1.75 to account for non-heap memory
      searchServer:
        # USER ACTION REQUIRED - Update to match the coordinates of the Appian
        # Search Server container image as you pushed it to your registry
        image:
          repository: registry.example.com/appian/search-server
        replicas: 1
        volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
          # storageClassName: ""
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              # Configure based on your expected Search Server storage needs
              storage: 5Gi
        env: # []corev1.EnvVar
          # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#search-server
          - name: SS_HEAP
            value: 1280m
        # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#search-server
        resources: # corev1.ResourceRequirements
          requests:
            cpu: 100m
            memory: 1.5Gi # SS_HEAP + 256Mi to account for non-heap memory
          limits:
            cpu: 200m
            memory: 3Gi # Double requests.memory
      dataServer:
        # USER ACTION REQUIRED - Update to match the coordinates of the Appian Data
        # Server container image as you pushed it to your registry
        image:
          repository: registry.example.com/appian/data-server
        replicas: 1
        topology:
          rtsCount: 2
        volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
          # storageClassName: ""
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              # Configure based on your expected Data Server storage needs
              storage: 5Gi
        # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#data-server
        resources: # corev1.ResourceRequirements
          requests:
            cpu: 100m
            memory: 512Mi
          limits:
            cpu: 200m
            memory: 1Gi
      serviceManager:
        # USER ACTION REQUIRED - Update to match the coordinates of the Appian
        # Service Manager container image as you pushed it to your registry
        image:
          repository: registry.example.com/appian/service-manager
        replicas: 1
        topology:
          analyticsExecShardCount: 3
        volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
          # storageClassName: ""
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              # Configure based on your expected Service Manager storage needs
              storage: 5Gi
        # https://docs.appian.com/suite/help/latest/k8s/high-availability.html
        # haExistingClaim: ""
        env: # []corev1.EnvVar
          # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#service-manager
          - name: KOMODO_DIRECT_MEM_MAX
            value: 512m
          - name: KOMODO_HEAP_MAX
            value: 1g
        # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#service-manager
        resources: # corev1.ResourceRequirements
          requests:
            cpu: 200m
            memory: 2.5Gi
          limits:
            cpu: 2000m
            memory: 32Gi
      webapp:
        # USER ACTION REQUIRED - Update to match the coordinates of the Appian
        # Webapp container image as you pushed it to your registry
        image:
          repository: registry.example.com/appian/webapp
        replicas: 1
        # https://docs.appian.com/suite/help/latest/Post-Install_Configurations.html#configure-your-static-and-dynamic-content-urls
        # staticUrl: http://myappiansite-static.com
        # dynamicUrl: http://myappiansite-dynamic.com
        # Configuration for connecting to the Appian and business data sources. If
        # connecting to MySQL or IBM Db2, use an init container to add the
        # appropriate RDBMS/JDBC driver JAR to Tomcat's classpath
        # https://docs.appian.com/suite/help/latest/Configuring_Relational_Databases.html#provide-data-source-connection-information
        # https://docs.appian.com/suite/help/latest/k8s/init-and-sidecar-containers.html#using-init-containers-to-add-jars-to-tomcat's-classpath
        dataSources:
          primary:
            name: jdbc/AppianDS
            type: javax.sql.DataSource
            factory: org.apache.tomcat.jdbc.pool.DataSourceFactory
            driverClassName: org.mariadb.jdbc.Driver
            url: "jdbc:mariadb://mariadb-appian.my-site-namespace.svc.cluster.local:3306/AppianDS?useOldAliasMetadataBehavior=true"
            username: username
            # USER ACTION REQUIRED - Create a secret containing the password used to
            # connect to the data source and reference it here
            passwordSecretKeyRef:
              name: ""
              key: ""
            attributes:
              initialSize: "5"
              maxActive: "200"
              defaultTransactionIsolation: "READ_COMMITTED"
              maxWait: "30000"
              minIdle: "5"
              minEvictableIdleTimeMillis: "90000"
              timeBetweenEvictionRunsMillis: "450000"
              validationQuery: "SELECT 1"
              testOnBorrow: "true"
          business: []
        # https://docs.appian.com/suite/help/latest/k8s/email.html
        # passwordsPropertiesSecretName: ""
        volumeClaimTemplateSpec: # corev1.PersistentVolumeClaimSpec
          # storageClassName: ""
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              # Configure based on your expected Webapp storage needs
              storage: 5Gi
        # https://docs.appian.com/suite/help/latest/k8s/high-availability.html
        # haExistingClaim: ""
        # https://docs.appian.com/suite/help/latest/k8s/health-check-k8s.html
        # healthCheckExistingClaim: ""
        # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#webapp
        resources: # corev1.ResourceRequirements
          requests:
            cpu: 100m
            memory: 4.5Gi
          limits:
            cpu: 1000m
            memory: 6Gi
      httpd:
        # USER ACTION REQUIRED - Update to match the coordinates of the Appian httpd
        # container image as you pushed it to your registry
        image:
          repository: registry.example.com/appian/httpd
        replicas: 2
      # https://docs.appian.com/suite/help/latest/k8s/exposing-appian-on-k8s.html
      service:
        annotations: {} # map[string]string
        # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
        type: ClusterIP
      # https://docs.appian.com/suite/help/latest/k8s/exposing-appian-on-k8s.html#ingress
      ingress:
        enabled: true
        # USER ACTION REQUIRED - Use either the ingressClassName field or the
        # deprecated kubernetes.io/ingress.class annotation to refer to your desired
        # ingress class
        # https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
        annotations: {} # map[string]string
          # kubernetes.io/ingress.class: ""
        # ingressClassName: ""
        # USER ACTION REQUIRED - Uncomment the rpa section below if you are deploying Appian RPA
      # rpa:
      #   # USER ACTION REQUIRED - Update to match the version of the Appian RPA image
      #   # that you pulled for deployment
      #   version: 9.9.0
      #   # USER ACTION REQUIRED - Update to match the coordinates of the Appian
      #   # RPA container image as you pushed it to your registry
      #   # that you pulled for deployment
      #   image:
      #     repository: registry.example.com/appian/rpa
      #   volumeClaimTemplateSpec:
      #     accessModes:
      #       - "ReadWriteOnce"
      #     resources:
      #       requests:
      #         storage: "5Gi"
      #   # USER ACTION REQUIRED - Update to match the hostname and port for your Appian RPA MariaDB
      #   database:
      #     hostname: my-rpa-mariadb
      #     port: 3306
      #     schema: Rpa
      #     # USER ACTION REQUIRED - Create a secret containing the password used to
      #     # connect to the rpa data source and reference it here
      #     # https://docs.appian.com/suite/help/latest/k8s/rpa-setup-on-k8s.html
      #     credentialsSecretName: rpa-data-source-credentials
      #   # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#rpa
      #   properties:
      #     # [OPTIONAL] This represents the max memory (Xmx) allocated to the JVM.  If omitted, this will default to 2048
      #     rpa.max.memory: 4096
      #     # [OPTIONAL] RPA expects to have unrestricted internet access by default, set this to "offline" if that is not the case.
      #     # If omitted, this will default to "online"
      #     rpa.artifact.resolution: "online"
      #   # USER ACTION REQUIRED - Update to match the url and port for your Appian RPA MariaDB
      #   rtdo:
      #     dataSource:
      #       url: jdbc:mariadb://my-rpa-mariadb:3306/Rtdo
      #       username: my-rpa-mariadb-username
      #       passwordSecretName: rpa-data-source-credentials
      #   # USER ACTION REQUIRED - Update to match the url and port for your Appian RPA MariaDB
      #   rpdo:
      #     dataSource:
      #       url: jdbc:mariadb://my-rpa-mariadb:3306/Rpdo
      #       username: my-rpa-mariadb-username
      #       passwordSecretName: rpa-data-source-credentials
      #   # USER ACTION REQUIRED - Update to match the url and port for your Appian RPA MariaDB
      #   robotRDO:
      #     dataSource:
      #       url: jdbc:mariadb://my-rpa-mariadb:3306/RobotRDO
      #       username: my-rpa-mariadb-username
      #       passwordSecretName: rpa-data-source-credentials
      #   # https://docs.appian.com/suite/help/latest/k8s/resource-requests-and-limits.html#rpa
      #   resources:
      #     requests:
      #       cpu: 1000m
      #       memory: 2.5Gi
      #     limits:
      #       cpu: 2000m
    
  2. At minimum, change the following field values in appian.yaml with custom values. Save the file.

    Key Current Value Your Value
    .metadata.name appian This should be the same Appian site name specified when requesting your long-term license.

    If you are using a temporary license, you can specify any name here, lower-case, all one word. If you intend to upgrade the temporary license on an install to a long-term license, it is easiest to keep this same name for the long-term license request.
    .spec.appianLicConfigMapName appian-lic Name of the ConfigMap associated with the appian.lic file. This is required for your site to start.

    .spec.webapp.url http://myappiansite.com Fully qualified domain name of the Appian site's URL including the scheme, host, and, optionally, port. For example: http://www.example.com:8080.

    For more info, see SERVER_AND_PORT in Configure your Site URL.

    .spec.webapp.dataSources.primary.driverClassName org.mariadb.jdbc.Driver Driver class name for your RDBMS. For examples of each of the supported databases, see Configuring Data Sources.
    .spec.webapp.dataSources.primary.url jdbc:mariadb://mariadb-appian.my-site-namespace.svc.cluster.local:3306/AppianDS?useOldAliasMetadataBehavior=true Appian data source connection URL of your RDBMS. For URL examples of each of the supported databases, see Configuring Data Sources.

    .spec.webapp.dataSources.primary.username username Plain-text username for your RDBMS connection.

    If you installed a new copy of MariaDB in earlier steps, this will be the username created in that step. For example: username.
    .spec.webapp.dataSources.primary.password password Plain-text password for your RDBMS connection.

    If you installed a new copy of MariaDB in earlier steps, this will be the password created in that step. For example: password.
    .spec.webapp.dataSources.primary.attributes.validationQuery "SELECT 1" Validation query for your RDBMS connection. For examples of each of the supported databases, see Configuring Data Sources.

    If you installed a new copy of MariaDB in earlier steps, this will be "SELECT 1".
    .spec.[COMPONENT].image.repository
    (Multiple fields - one field per component)
    registry.example.com/appian/<COMPONENT> Image location on your Docker registry of each Appian component. If you are using a custom registry, change this image for each Appian component. If you did not re-tag your images and push to a custom registry, use the current values that include registry.example.com.
    .spec.[COMPONENT].image.tag
    (Multiple fields - one field per component)
    Various tag values for each Appian component. The image version number for each Appian component. You can find these tags with the command: docker images <MY DOCKER REGISTRY>/appian/*

    For example: docker images registry.example.com/appian/*

    Note:  It is highly recommended to configure application logging to your needs with Log4j. Instructions are located on the Customizing Application Logging page.

  3. Be sure to change any other custom values in appian.yaml spec. For a detailed reference of all allowable fields, refer to the custom resource definitions API documentation.

    Here are some configuration settings to consider.

Note:  You will need to set the Search Server kernel settings either using an init container in the CR spec or using admin commands after the install.

5. Create the Appian site

Note:  If migrating a server-based installation of Appian into Kubernetes, run the Migration Tool's import command instead of creating the Appian custom resource directly.

  1. Run kubectl create to create the Appian site based on the appian.yaml:

    1
    
    kubectl create -n my-site-namespace -f <PATH TO APPIAN.YAML>
    
  2. It will take about 20-30 minutes for the Appian site to fully start. Check progress on the various Appian component pods with the following command.

    1
    
    kubectl -n my-site-namespace get pods
    

    The STATUS of the Appian component pods will transition from Pending to Running. When the Appian site is ready, you should see all pods have READY of 1/1 and STATUS of Running, similar to the following.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    
    NAME                                           READY   STATUS    RESTARTS   AGE
    appian-data-server-0                           1/1     Running   0          25m
    appian-httpd-8658f7fdb7-k9f6j                  1/1     Running   0          25m
    appian-httpd-bf56974d4-crv4g                   1/1     Running   0          25m
    appian-kafka-0                                 1/1     Running   0          25m
    appian-search-server-0                         1/1     Running   0          25m
    appian-service-manager-analytics00-0           1/1     Running   0          25m
    appian-service-manager-analytics01-0           1/1     Running   0          25m
    appian-service-manager-analytics02-0           1/1     Running   0          25m
    appian-service-manager-channels-0              1/1     Running   0          25m
    appian-service-manager-content-0               1/1     Running   0          25m
    appian-service-manager-download-stats-0        1/1     Running   0          25m
    appian-service-manager-execution00-0           1/1     Running   0          25m
    appian-service-manager-execution01-0           1/1     Running   0          25m
    appian-service-manager-execution02-0           1/1     Running   0          25m
    appian-service-manager-forums-0                1/1     Running   0          25m
    appian-service-manager-groups-0                1/1     Running   0          25m
    appian-service-manager-notifications-0         1/1     Running   0          25m
    appian-service-manager-notifications-email-0   1/1     Running   0          25m
    appian-service-manager-portal-0                1/1     Running   0          25m
    appian-service-manager-process-design-0        1/1     Running   0          25m
    appian-webapp-0                                1/1     Running   0          25m
    appian-zookeeper-0                             1/1     Running   0          25m
    
  3. Get the appians custom resource to check the status of your Appian site.

    1
    
    kubectl get -n my-site-namespace appians
    

    The STATUS of a starting site will transition from not set to Creating to Starting to Ready. The transition from not set to Creating to Starting should happen within seconds. The transition from Starting to Ready should happen within 20 to 30 minutes.

    Make sure the STATUS is Ready before accessing your site, similar to:

    1
    2
    
    NAME     URL                       STATUS   AGE
    appian   http://myappiansite.com   Ready    25m
    

If you have any trouble with creating the Appian site, see Troubleshooting Appian on Kubernetes.

If you need to edit the Appian CR and restart, see Editing, Stopping, and Restarting.

6. Access your Appian site

Newly created sites are bootstrapped with a system administrator user. This user cannot access the Admin Console. The steps below detail how to login, then create a new system administrator user that can access the Admin Console.

  1. In a browser, navigate to <URL>/suite/design/users where <URL> is the value you set in the .spec.webapp.url field of the Appian custom resource.
  2. Login as the bootstrap system administrator user with username Administrator and temporary password admin. Change the user’s password when prompted to do so.
  3. Click on the CREATE USER button to create the new user. Under Security > User Type, select System Administrator.
  4. If you haven’t configured your site to send email, make sure to manually assign a temporary password. If a temporary password is omitted, Appian will attempt to send an email to the specified email address with a randomly generated temporary password. Since the site has not yet been configured to send email, this will fail and there will be no way to recover the user’s password.
  5. Logout and login as the newly created user.

Tip:  To stop the Appian site, see Stopping the Appian site.

Installing Appian on Kubernetes

FEEDBACK