Free cookie consent management tool by TermsFeed RPA Setup for Appian on Kubernetes [Appian on Kubernetes v0.166.0]
Page not found in the selected version; redirected to the home page.
RPA Setup for Appian on Kubernetes

Overview

This page guides self-managed customers through configuring RPA in Appian on Kubernetes.

Create and set up the rpa-secret.yaml file

Before you begin, you must deploy a secret to your cluster namespace with credentials for connecting to the MariaDB data source used by Appian RPA. The rpa-secret.yaml file is a Kubernetes secret configuration file that stores these credentials (username and password).

To complete these steps

  • kubectl must be installed and configured, and
  • you must have access to the appropriate Kubernetes namespace.

To create and set up the rpa-secret.yaml file, complete the following steps.

  1. Create a YAML file named rpa-secret.yaml with the following content:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    
    apiVersion: v1
    kind: Secret
    type: Opaque
    metadata:
      name: rpa-data-source-credentials
      namespace: my-site-namespace
    data:
      username: base64-encoded-username
      password: base64-encoded-password
    
  2. Set your username to appian.
  3. Run the following command to generate the secret and base64 encode the values for username (which should be appian) and password.

    1
    
    kubectl create secret generic -n my-site-namespace rpa-data-source-credentials --from-literal=username=appian --from-literal=password=my-password
    
  4. Apply the secret to the cluster:

    1
    
    kubectl apply -f rpa-secret.yaml
    
  5. Verify the secret:
    • Ensure the secret is in the correct namespace:

      1
      
      kubectl get secrets -n my-site-namespace
      

The value for metadata name needs to match the name of the credentialSecretName and passwordSecretName used in the Appian YAML file.

Note:  You must store the secret in the same namespace as the Appian CR.

MariaDB database configuration and initialization

Prerequisites

Before proceeding, make sure you have:

  • Access to a MariaDB server where you have permissions to create databases and users.
  • The password used above in rpa-data-source-credentials. You will be setting up the username and password that secret corresponds to in this guide.

Step 1: Log in to Your MariaDB Server

First, connect to your MariaDB server using the MariaDB client. Replace your_username with your actual database username:

1
mysql -u your_username -p

You will be prompted for your password. Enter it to proceed.

Step 2: Create Databases

Execute the following SQL commands to create the necessary databases. These commands are safe to run multiple times; they will not overwrite existing databases.

1
2
3
CREATE DATABASE IF NOT EXISTS Rpa;
CREATE DATABASE IF NOT EXISTS Rtdo;
CREATE DATABASE IF NOT EXISTS Rpdo;

Step 3: Create User and Grant Permissions

Replace password with the password you wish to use for your application's database connection. This step grants the necessary permissions for the newly created user on the databases created in the previous step.

Note:  The password used must be the same password used for rpa-data-source-credentials.

1
2
3
4
5
CREATE USER 'appian'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON Rpa.* TO 'appian'@'%';
GRANT ALL PRIVILEGES ON Rtdo.* TO 'appian'@'%';
GRANT ALL PRIVILEGES ON Rpdo.* TO 'appian'@'%';
FLUSH PRIVILEGES;

Step 4: Verifying the Setup

To verify that the databases and user have been set up correctly, you can log in as the newly created user and list the databases:

1
mysql -u appian -p

Once logged in, execute:

1
SHOW DATABASES;

You should see Rpa, Rtdo, and Rpdo listed among the databases.

Restricting outbound traffic for RPA

RPA requires unrestricted access to the internet by default, with RPA reaching out to Maven repositories on the internet when it checks for 3rd party dependencies (JARs) for each robotic task execution. (See the RPA Repository Management page for more information.)

Alternatively, you can configure RPA to work in "offline" mode in order to prevent RPA from connecting to the public internet. RPA will be fully functional in "offline" mode; however, this may increase the export size for any Java-dependent Robotic Tasks.

To restrict RPA from communicating with the public internet, set the value for .spec.rpa.properties.rpa.artifact.resolution to "offline". If the custom property is omitted, the default is "online".

1
2
3
4
5
6
7
8
apiVersion: crd.k8s.appian.com/v1beta1
kind: Appian
metadata:
  name: appian
spec:
  rpa:
    properties:
      rpa.artifact.resolution: "offline"

RPA Setup for Appian on Kubernetes

FEEDBACK