Using External Secrets
By default, the Helm chart will use the passwords specified in the values.yml
and
expose them within the cluster as a
secret.
You can also provide your own secrets instead of having the Helm chart generate them for you. This section shows you how to create an external secret using the example of the secret which is used for the Rasa components (this does not include components like the database). To see the required structure for secrets used by the subcharts, please follow the documentation of the subcharts. You can find the necessary links in the values.yml of the Rasa X Helm chart.
Specify the name of your secret in the
values.yml
:rasaSecret: "<name of your secret>"Create a yaml file
<secret-filename>.yml
which contains the following entries (make sure to replace the<your value>
entries):apiVersion: "v1"kind: "Secret"metadata:name: "<name of your secret>"type: "Opaque"data:initialPassword: {{ .Values.rasax.initialUser.password | b64enc | quote }}rasaToken: {{ <your value> | b64enc | quote }}rasaXToken: {{ <your value>| b64enc | quote }}passwordSalt: {{ <your value> | b64enc | quote }}jwtSecret: {{<your value> | b64enc | quote }}Create the secret on the cluster by running this command:
- Kubernetes
- OpenShift
- Then deploy the Rasa X chart. The components will then use the provided external secrets.
note
If you use rasactl
to create a deployment, you can define a namespace with the secret as an argument in CLI,
e.g. the secret has been created in the my-namespace
namespace, then use the rasactl start my-namespace
command to create Rasa X deployment.