Rasa Open Source is a fantastic project and arguably the most accessible chatbot framework. However, deploying Rasa and Rasa X in a "live"/production environment presents some pitfalls. However, the deployment variants via Docker Compose and Quick Install Script are deprecated for Rasa 3. The latter used the cluster distribution KIND anyway, which is nominally not production-ready.
The recommended method of installation via helmet chart works quite well out-of-the-box. However, configuring a realistic use case for a production-ready deployment can be quite difficult. In addition, it is intended more for use on cloud servers with a managed load balancer.
You may e.g. work for a (European) University or another authority that won't allow you to host your project on an AWS/Azure/etc. Server. My own projects so far have always required deploying Rasa (X) on a self-hosted server and making it available to a small to medium sized audience via a web service. I just haven't found a really suitable and simple guide for this. The situation has gotten even worse since summer 2022, because Rasa X is no longer supported in the free version. So I tried to use the latest compatible and free versions.
This repository is for you if you
- are frustrated because you just can't get Rasa (X) to deploy properly
- want to install Rasa (X) on a "normal" Ubuntu server
- want to have more control over your deployment
- would like to make your chatbot accessible via a website/web service
- have a small to medium sized project and would like to use a single server for Rasa and Rasa X.
Table of Contents
This guide explains how to build a Rasa Open Source and Rasa X production deployment on a "bare-metal" Ubuntu (root) Server. The repository contains all necessary configuration files, as well as a Rasa Demo-Bot and a Demo-Website. You can either use specific configurations as a reference for your own deployment, or you can follow this guide step-by-step.
I would recommend starting with a freshly installed Ubuntu machine. However, if you have running other tasks on your machine, please be aware that following this setup may interfere with your networking services.
- Install snapd packaging system, Docker and tge microk8s cluster distribution
sudo apt update
sudo apt install snapd
sudo apt install docker.io docker-compose
Below is an example of how you can instruct your audience on installing and setting up your app. This template doesn't rely on any external dependencies or services.
- Install microk8s via snap
sudo snap install microk8s --classic
- Add microk8s user to avoid sudo
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube
- Enable microk8s addons.
microk8s enable dns storage helm3 registry dashboard ingress
Explanations:
dns: enable DNS and service discovery between pods
storage: enable dynamic volume storage provisioning
helm3: enable helm package manager
registry: enable container registry to store and distribute images
dashboard: enable Kubernetes Dashboard
ingress: enable ingress(-nginx) to make cluster reachable externally
- Apply kube config
cd $HOME/.kube
microk8s config > config
- Register alias for microk8s.kubectl and microk8s.helm3
sudo snap alias microk8s.kubectl kubectl
sudo snap alias microk8s.helm3 helm
To follow this guide step-by-step I would recommend to clone this repository. All of the upcoming commands assume you are in the root directory of this project.
git clone [email protected]:Joelx/rasax-deployment-guide.git
cd rasax-deployment-guide
- Create a namespace for our deployment (in this case I chose rasax)
kubectl create namespace rasax
- Clone official Rasa X Helm Chart repository
helm repo add rasa-x https://rasahq.github.io/rasa-x-helm
- Head over and edit the
rasax/basic-values.yml
file. Specify the external IP address of your server and generate a random string for each of the secret and token properties.
helm repo add rasa-x https://rasahq.github.io/rasa-x-helm
- Install the Helm Chart into our namespace. Note that we also chose a custom release name: rasax-release.
helm --namespace rasax install --values rasax/basic-values.yml rasax-release rasa-x/rasa-x
- Now the best part after installing a Helm Chart! Go ahead and check how your containers are creating and your pods are coming into life!
kubectl -n rasax get pods
- Likewise you can check the services and see what ports are being used.
kubectl -n rasax get pods
If all pods are running and everything is properly configured, you should be able to reach the Rasa X GUI by accessing http://YOUR.IP.ADDRESS:8000 in your browser:
You can log into the admin interface with the username admin
and the string you specified as your password through the rasax.initialUser.password
field in your basic-values.yaml
.
There are multiple ways to load and use Rasa models. You could e.g. connect an external Rasa Open Source service to your deployment or you could use a model storage. However, in this case we use Rasa X with GitHub integration to manage our models.
After logging into your Rasa X admin interface, head over and connect the GitHub repository containing your chatbot configuration. If you follow this guide step-by-step, you could fork this repository and connect it to Rasa X. You can do this via the admin GUI and it is pretty straightforward. It will give you a SSH Key, which you have to provide to your GitHub account.
After you have connected your GitHub account, Rasa X will synchronize your chatbot configuration. This can sometimes take a couple of minutes. If your configuration has been loaded successfully, you can train and activate your model from the Rasa X interface.
Troubleshooting
If Rasa X either fails to load your chatbot configuration or fails training, more often then not the problem is caused by some misconfiguration of your chatbot configuration files (domain.yml, stories.yml, etc.). You can check them with a YAML Checker like yamllint (https://www.yamllint.com/). One very common problem is also having the wrong version specified in your configuration files. It's usually the first line (e.g. version: "3.0"
) in your .yaml files. Rasa X is rather strict with this.
One common problem with failed training can also be a missing "rasa-worker" - pod. However, unfortunately Rasa X is rather opaque when it comes to error messages. For troubleshooting you need to take a look into the logs of your pods. Because pods are ephemeral and have no static name, you would first need to look up the current pod name with kubectl -n rasax get pods
if you want to do it with kubectl. In this case, we would need the exact name of the "rasax-release-rasa-x" - and the "rasax-release-rasa-worker" -Pod. You could then e.g. go with kubectl -n rasax logs rasax-release-rasa-x-647c9c7d5-2l79d -f
and follow your logs. However, this procedure is rather tedious... this is where a Kubernetes Dashboard comes in really handy! We will discuss it in the next section.
Remember we already activated the Kubernetes Dashboard via microk8s enable dashboard
earlier? All you have to do is open a second terminal session and type in
microk8s dashboard-proxy
Copy the token you are given and head over to http://YOUR.IP.ADDRESS:10443
in your Browser. When prompted, paste the token to log into the Kubernetes dashboard that is automatically connected to your cluster via microk8s. You can select the rasax
namespace in the top left. Then on the left unter "workload" you can select "pods". To view the logs, go to one of the pods and then in the top right hand corner click on that "hamburger-menu-esque" symbol. Often times its beneficial to enable auto-refresh. You can do this via the Kebab menu on the right.
In order to host a Rasa chatbot through a website, we need to have a
- REST or WebSocket interface that our Rasa worker/production Pods listen to.
- website with a chatbot widget that communicates with this interface.
- web service that serves our website
We already enabled REST and WebSocket channels in our basic-values.yml
. I've prepared a demo Website for you. You can find it in the website/
directory. I'm using a slightly adjusted version of the rasa-webchat widget by botfront (https://github.com/botfront/rasa-webchat) which supports WebSocket. Another really great widget is made by JiteshGaikwad (https://github.com/JiteshGaikwad/Chatbot-Widget), which however uses the REST webhook channel.
In this case we won’t push our image to a remote registry like Docker Hub. Instead we store it locally. However, there’s a little trickery required (https://microk8s.io/docs/registry-images). Note that we're using the image tag :local
. You choose another tag name if you like, but due to the way the microk8s image registry works, you can't use the :latest
tag.
- Build the website image
docker build website/. -t rasa-webservice:local -f website/Dockerfile
- Store the image on your filesystem
docker save rasa-webservice > rasa-webservice.tar
- Import the image to the local microk8s
docker save rasa-webservice > rasa-webservice.tar
- Confirm that the image has been imported
microk8s ctr images ls
You can now remove the rasa-webservice.tar
on your filesystem if you like.
Feel free to simply use a remote registry instead. in This case, make sure to edit the k8s-configs/website-deployment.yaml
to reference e.g. your username for Docker Hub.
Because the k8s LoadBalancer works on Layer 7, you need a Domain Name that points to the external IP Address of your server for the next step. Alternatively you can use services like https://nip.io/.
-
Head over to the
k8s-configs/basic-webservice.yaml
. Replace EXAMPLE.COM with your domain name in the Ingress configuration underspec.rules.host
. -
Apply the k8s configuration for deployment, service and ingress of your webservice.
kubectl apply -f k8s-configs/basic-webservice.yaml
That's it! You should now be able to access your chatbot via browser!
Perfect! Now we have a Cluster with a working Webservice that is reachable via http and connects to our Rasa Deployment through WebSocket. If that is all you need (e.g. for a test- or intranet solution) you are ready to go. For a somewhat solid production environment, however, we need some more steps.
- Enable cert-manager. Rather pleasantly it's integrated into microk8s as an addon!
microk8s enable cert-manager
- Edit the
k8s-configs/tls-webservice.yaml
and replace the EXAMPLE.com entry with your correct domain name. Also very importantly you have to enter a valid E-Mail address under the spec.acme.email field of the ClusterIssuer. Let's Encrypt will reject requests with @example.com e-mail addresses.
- Apply the new config. Note that the ingress of our "basic-webservice" gets overwritten. Additionally we're configuring a ClusterIssuer that issues a certificate from Let's Encrypt.
kubectl apply -f k8s-configs/tls-webservice.yaml
- Now a certificate is getting issued from Let’s Encrypt. You can view the status via
kubectl describe certificate rasa-webservice-ingress-tls -n rasax
This certificate gets managed and auto updated just like it would with cert-bot. After the certificate has been issued successfully, you should be able to visit your webservice via https://YOUR-DOMAIN.com . However, since the Rasa Deployment isn’t configured for TLS, the WebSocket Connection to Rasa will be broken due to a CORS conflict.
Now there are multiple ways to configure SSL/TLS for the Rasa (X) deployment. Ideally you would configure a customConfConfigMap
and the certificateSecret
and mount the certificate in the nginx pod of your Rasa X deployment. I have included an example configuration for the ConfigMap under custom-nginx-conf-files
to get you started. Maybe in the future I will cover that. However, today we wanna use the simplest working solution. And this is to use our ingress to route traffic over TLS to the nginx backend service of our Rasa X deployment.
- Edit the
rasax/tls-values.yml
and enter your IP address and domain name. You must also transfer the random tokens and secret strings from the basic-values.yml.
- Upgrade your deployment with the new values file!
helm --namespace rasax upgrade --values rasa/tls-values.yml rasax-release rasa-x/rasa-x
Note that we are now hosting our API under the /rasax/ subpath! That means, that your Rasa (X) services will be reachable via https://YOUR-DOMAIN.com/rasax/ while your Chatbot Website will still run under https://YOUR-DOMAIN.com/ ! For me thats a reasonable configuration, but feel free to adjust this to your needs. However, those changes would also need to be reflected in the ingress and on your webservice that we will discuss now.
3. Head over to the k8s-configs/rasax-ingress-tls-controller.yaml
and, again, edit it to reflect your actual domain name.
4. Apply the new ingress rule
kubectl apply -f k8s-configs/rasax-ingress-tls-controller.yaml
Now we have configured TLS for the ingresses of our webservice and of Rasa (X). We now need to rebuild our Website to reflect the new API.
- Go to your
website/index.html
and edit the JavaScript to look like this.
!(function () {
let e = document.createElement("script"),
t = document.head || document.getElementsByTagName("head")[0];
(e.src =
"static/js/webchat.js"),
(e.async = !0),
(e.onload = () => {
window.WebChat.default(
{
initPayload: '/greet',
customData: { language: "en" },
socketUrl: location.hostname,
socketPath: "/rasax/socket.io/",
title: 'My Chatbot',
subtitle: 'My Subtitle',
profileAvatar: "static/images/sara_avatar.png",
inputTextFieldHint: 'Type here...',
},
null
);
}),
t.insertBefore(e, t.firstChild);
})();
Note that we ditched the port :8000 and added our socketPath to reflect the new API location. The nginx pod of our Rasa X deployment works as a reverse proxy and automatically redirects the traffic coming over the /socket.io path to the Rasa Production pod in our cluster at http://rasax-release-rasa-x-rasa-production.rasax.svc:5005/socket.io
.
Also note that you will need a trailing slash (/) when accessing your services! So for example you have to type https://YOUR-DOMAIN.com/rasax/ (with trailing slash!) into your browser to access the Rasa X GUI. Wether you can live with that depends on what you are trying to accomplish. If you want to change this behaviour you would need to reconfigure the ingress controller and your nginx. A guide starting point may be this medium.com article: https://medium.com/@smoco/fighting-trailing-slash-problem-c0416023d20e .
- After adjusting our index.html, we need to rebuild the webservice:
docker build website/. -t rasa-webservice:local -f website/Dockerfile
docker save rasa-webservice > rasa-webservice.tar
microk8s ctr image import rasa-webservice.tar
- We now need to force Kubernetes to re-pull the new image. For that, we first delete our existing deployment:
kubectl -n rasax delete deployment rasa-webservice
- In the name of clarity, we built the deployment, service and ingress of our Webservice with one file (
basic-webservice.yaml
). We then overwrote the ingress controller with another file (tls-webservice.yaml
). Because of that, we can't use the basic-webservice.yaml anymore to re-build our deployment. That's why I have prepared another file for that:webservice-deployment.yaml
. Go ahead and apply it.
kubectl apply -f k8s-configs/webservice-deployment.yaml
Now your webservice pod should have been rebuilt using the new image allowing your website to reach out to the new API location.
More often then not you also want to have a Action Server allowing you to run custom actions in your Rasa deployment. In this section, I will show you how to enable the action server in your Rasa X deployment, build an action server image and get you started with a mini CI/CD workflow that allows you to automate your action server image building.
- This time we wanna use Docker Hub for the sake of our CI/CD workflow. So first make sure you are logged into docker hub on your terminal.
docker login
- (Optional) In this case we first build our action server via a Dockerfile provided under the root directory of this project. You could also skip this part and build it from your CI/CD workflow directly.
docker build . -t YOUR-DOCKER-HUB-USERNAME/example-action-server:latest
- (Optional) Push to docker hub
docker build . -t YOUR-DOCKER-HUB-USERNAME/example-action-server:latest
- (Required) Edit
rasax/tls-values-with-actions.yml
to reflect your IP, domain and token + secret strings.
- (Optional) Upgrade your Rasa X deployment with the new values.
helm --namespace rasax upgrade --values rasax/tls-values-with-actions.yml rasax-release rasa-x/rasa-x
- (Optional) Check that your action server pod is creating/running
kubectl -n rasax get pods
You can wether the action is working on your chatbot widget in your browser (note the actions.py and the rule I added for the example bot provided in this repository):
Building and deploying the action server like in the previous section can be quite tedious. Everytime you make changes to the code of your action server, you would manually need to re-build your image. Thankfully we can automate that with GitHub Workflows!
- Head over to the
.github/workflows/action_server_image.yml
file and fill in your docker hub username. Also make sure that the correct branch name is configured (e.g. main).
- Don't forget to update the secrets inside your GitHub account repository to store the DOCKER_HUB_LOGIN and DOCKER_HUB_PASSWORD. You can find those settings on your GitHub Account, inside your Repository settings under Settings -> Security -> Secrets and variables -> Actions -> New repository secret. It should look something like that:
- (Optional) If you have already deployed your action server with the Dockerfile in the section above, you could now make a small change to your action server code to test your workflow. So e.g. in your actions.py, add another utterance:
- Push the actions to your repository:
git add actions/.
git commit -m "Added another dispatcher message in actions.py"
git push
- You can follow the building process on your GitHub account under the "Actions" tab:
- Now we have to update the action server pod to store our new image. Therefore we need to specify the new image in our deployment. After pushing the action changes to your repo and thus triggering your Github Action, head over to Docker Hub and get your Image Tag.
- Now back in your
rasax/tls-values-with-actions.yml
go ahead and update the image tag:
- Upgrade your Rasa X deployment:
helm --namespace rasax upgrade --values rasax/tls-values-with-actions.yml rasax-release rasa-x/rasa-x
Now admittedly updating your image tag like this is also a bit tedious. I suppose you could automate that too, but personally I didn't really need it yet. Have a look at https://rasa.com/docs/action-server/deploy-action-server/#building-an-action-server-image if you're interested. There are also some nice examples on the official Rasa X documentation, if you want to optimize your workflow further: https://rasa.com/docs/rasa/setting-up-ci-cd/ .
Distributed under the MIT License. See LICENSE.txt
for more information.
Use this space to list resources you find helpful and would like to give credit to. I've included a few of my favorites to kick things off!