This page guides self-managed customers through configuring RPA in Appian on Kubernetes.
Before you begin, you must deploy a secret to your cluster namespace with credentials for connecting to the MariaDB data source used by Appian RPA. The rpa-secret.yaml
file is a Kubernetes secret configuration file that stores these credentials (username and password).
To complete these steps
To create and set up the rpa-secret.yaml file, complete the following steps.
Create a YAML file named rpa-secret.yaml
with the following content:
1
2
3
4
5
6
7
8
9
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: rpa-data-source-credentials
namespace: my-site-namespace
data:
username: base64-encoded-username
password: base64-encoded-password
appian
.Run the following command to generate the secret and base64 encode the values for username
(which should be appian
) and password
.
1
kubectl create secret generic -n my-site-namespace rpa-data-source-credentials --from-literal=username=appian --from-literal=password=my-password
Apply the secret to the cluster:
1
kubectl apply -f rpa-secret.yaml
Ensure the secret is in the correct namespace:
1
kubectl get secrets -n my-site-namespace
The value for metadata
name needs to match the name of the credentialSecretName
and passwordSecretName
used in the Appian YAML file.
Note: You must store the secret in the same namespace as the Appian CR.
Before proceeding, make sure you have:
First, connect to your MariaDB server using the MariaDB client. Replace your_username with your actual database username:
1
mysql -u your_username -p
You will be prompted for your password. Enter it to proceed.
Execute the following SQL commands to create the necessary databases. These commands are safe to run multiple times; they will not overwrite existing databases.
1
2
3
CREATE DATABASE IF NOT EXISTS Rpa;
CREATE DATABASE IF NOT EXISTS Rtdo;
CREATE DATABASE IF NOT EXISTS Rpdo;
Replace password with the password you wish to use for your application's database connection. This step grants the necessary permissions for the newly created user on the databases created in the previous step.
Note: The password used must be the same password used for rpa-data-source-credentials.
1
2
3
4
5
CREATE USER 'appian'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON Rpa.* TO 'appian'@'%';
GRANT ALL PRIVILEGES ON Rtdo.* TO 'appian'@'%';
GRANT ALL PRIVILEGES ON Rpdo.* TO 'appian'@'%';
FLUSH PRIVILEGES;
To verify that the databases and user have been set up correctly, you can log in as the newly created user and list the databases:
1
mysql -u appian -p
Once logged in, execute:
1
SHOW DATABASES;
You should see Rpa, Rtdo, and Rpdo listed among the databases.
RPA requires unrestricted access to the internet by default, with RPA reaching out to Maven repositories on the internet when it checks for 3rd party dependencies (JARs) for each robotic task execution. (See the RPA Repository Management page for more information.)
Alternatively, you can configure RPA to work in "offline"
mode in order to prevent RPA from connecting to the public internet. RPA will be fully functional in "offline"
mode; however, this may increase the export size for any Java-dependent Robotic Tasks.
To restrict RPA from communicating with the public internet, set the value for .spec.rpa.properties.rpa.artifact.resolution
to "offline"
. If the custom property is omitted, the default is "online"
.
1
2
3
4
5
6
7
8
apiVersion: crd.k8s.appian.com/v1beta1
kind: Appian
metadata:
name: appian
spec:
rpa:
properties:
rpa.artifact.resolution: "offline"
RPA Setup for Appian on Kubernetes