Skip to content

A step-by-step guide on how to deploy Rasa and Rasa X via Kubernetes on an Ubuntu Server with SSL / TLS, Action Server and CI/CD

Notifications You must be signed in to change notification settings

Joelx/rasax-deployment-guide

Repository files navigation


RASA (X) Deployment Guide

Rasa Open Source is a fantastic project and arguably the most accessible chatbot framework. However, deploying Rasa and Rasa X in a "live"/production environment presents some pitfalls. However, the deployment variants via Docker Compose and Quick Install Script are deprecated for Rasa 3. The latter used the cluster distribution KIND anyway, which is nominally not production-ready.

The recommended method of installation via helmet chart works quite well out-of-the-box. However, configuring a realistic use case for a production-ready deployment can be quite difficult. In addition, it is intended more for use on cloud servers with a managed load balancer.

You may e.g. work for a (European) University or another authority that won't allow you to host your project on an AWS/Azure/etc. Server. My own projects so far have always required deploying Rasa (X) on a self-hosted server and making it available to a small to medium sized audience via a web service. I just haven't found a really suitable and simple guide for this. The situation has gotten even worse since summer 2022, because Rasa X is no longer supported in the free version. So I tried to use the latest compatible and free versions.

This repository is for you if you

  1. are frustrated because you just can't get Rasa (X) to deploy properly
  2. want to install Rasa (X) on a "normal" Ubuntu server
  3. want to have more control over your deployment
  4. would like to make your chatbot accessible via a website/web service
  5. have a small to medium sized project and would like to use a single server for Rasa and Rasa X.
Table of Contents
  1. About The Project
  2. Getting Started
  3. License
  4. Acknowledgments

About The Project

This guide explains how to build a Rasa Open Source and Rasa X production deployment on a "bare-metal" Ubuntu (root) Server. The repository contains all necessary configuration files, as well as a Rasa Demo-Bot and a Demo-Website. You can either use specific configurations as a reference for your own deployment, or you can follow this guide step-by-step.

(back to top)

Getting Started

I would recommend starting with a freshly installed Ubuntu machine. However, if you have running other tasks on your machine, please be aware that following this setup may interfere with your networking services.

Prerequisites

  1. Install snapd packaging system, Docker and tge microk8s cluster distribution
sudo apt update
sudo apt install snapd
sudo apt install docker.io docker-compose

Guide

microk8s cluster setup

Below is an example of how you can instruct your audience on installing and setting up your app. This template doesn't rely on any external dependencies or services.

  1. Install microk8s via snap
sudo snap install microk8s --classic
  1. Add microk8s user to avoid sudo
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube
  1. Enable microk8s addons.
microk8s enable dns storage helm3 registry dashboard ingress

Explanations:
dns: enable DNS and service discovery between pods
storage: enable dynamic volume storage provisioning
helm3: enable helm package manager
registry: enable container registry to store and distribute images
dashboard: enable Kubernetes Dashboard
ingress: enable ingress(-nginx) to make cluster reachable externally

  1. Apply kube config
cd $HOME/.kube
microk8s config > config
  1. Register alias for microk8s.kubectl and microk8s.helm3
sudo snap alias microk8s.kubectl kubectl
sudo snap alias microk8s.helm3 helm

Prepare configuration files and folder structure

To follow this guide step-by-step I would recommend to clone this repository. All of the upcoming commands assume you are in the root directory of this project.

git clone [email protected]:Joelx/rasax-deployment-guide.git
cd rasax-deployment-guide

(back to top)

Rasa X Helm Chart

  1. Create a namespace for our deployment (in this case I chose rasax)
kubectl create namespace rasax
  1. Clone official Rasa X Helm Chart repository
helm repo add rasa-x https://rasahq.github.io/rasa-x-helm
  1. Head over and edit the rasax/basic-values.yml file. Specify the external IP address of your server and generate a random string for each of the secret and token properties.
helm repo add rasa-x https://rasahq.github.io/rasa-x-helm
  1. Install the Helm Chart into our namespace. Note that we also chose a custom release name: rasax-release.
helm --namespace rasax install --values rasax/basic-values.yml rasax-release rasa-x/rasa-x
  1. Now the best part after installing a Helm Chart! Go ahead and check how your containers are creating and your pods are coming into life!
kubectl -n rasax get pods

Pods of Rasa X Helm Chart Creating

  1. Likewise you can check the services and see what ports are being used.
kubectl -n rasax get pods

Services registered in our namespace


If all pods are running and everything is properly configured, you should be able to reach the Rasa X GUI by accessing http://YOUR.IP.ADDRESS:8000 in your browser:

Rasa X Login Screen

You can log into the admin interface with the username admin and the string you specified as your password through the rasax.initialUser.password field in your basic-values.yaml.

(back to top)

Integrate and train model

There are multiple ways to load and use Rasa models. You could e.g. connect an external Rasa Open Source service to your deployment or you could use a model storage. However, in this case we use Rasa X with GitHub integration to manage our models.
After logging into your Rasa X admin interface, head over and connect the GitHub repository containing your chatbot configuration. If you follow this guide step-by-step, you could fork this repository and connect it to Rasa X. You can do this via the admin GUI and it is pretty straightforward. It will give you a SSH Key, which you have to provide to your GitHub account.

After you have connected your GitHub account, Rasa X will synchronize your chatbot configuration. This can sometimes take a couple of minutes. If your configuration has been loaded successfully, you can train and activate your model from the Rasa X interface.

Troubleshooting If Rasa X either fails to load your chatbot configuration or fails training, more often then not the problem is caused by some misconfiguration of your chatbot configuration files (domain.yml, stories.yml, etc.). You can check them with a YAML Checker like yamllint (https://www.yamllint.com/). One very common problem is also having the wrong version specified in your configuration files. It's usually the first line (e.g. version: "3.0") in your .yaml files. Rasa X is rather strict with this.
One common problem with failed training can also be a missing "rasa-worker" - pod. However, unfortunately Rasa X is rather opaque when it comes to error messages. For troubleshooting you need to take a look into the logs of your pods. Because pods are ephemeral and have no static name, you would first need to look up the current pod name with kubectl -n rasax get pods if you want to do it with kubectl. In this case, we would need the exact name of the "rasax-release-rasa-x" - and the "rasax-release-rasa-worker" -Pod. You could then e.g. go with kubectl -n rasax logs rasax-release-rasa-x-647c9c7d5-2l79d -f and follow your logs. However, this procedure is rather tedious... this is where a Kubernetes Dashboard comes in really handy! We will discuss it in the next section.

(back to top)

Kubernetes Dashboard

Remember we already activated the Kubernetes Dashboard via microk8s enable dashboard earlier? All you have to do is open a second terminal session and type in

microk8s dashboard-proxy

Copy the token you are given and head over to http://YOUR.IP.ADDRESS:10443 in your Browser. When prompted, paste the token to log into the Kubernetes dashboard that is automatically connected to your cluster via microk8s. You can select the rasax namespace in the top left. Then on the left unter "workload" you can select "pods". To view the logs, go to one of the pods and then in the top right hand corner click on that "hamburger-menu-esque" symbol. Often times its beneficial to enable auto-refresh. You can do this via the Kebab menu on the right.

(back to top)

Create a Webservice to host your Chatbot

In order to host a Rasa chatbot through a website, we need to have a

  • REST or WebSocket interface that our Rasa worker/production Pods listen to.
  • website with a chatbot widget that communicates with this interface.
  • web service that serves our website

We already enabled REST and WebSocket channels in our basic-values.yml. I've prepared a demo Website for you. You can find it in the website/ directory. I'm using a slightly adjusted version of the rasa-webchat widget by botfront (https://github.com/botfront/rasa-webchat) which supports WebSocket. Another really great widget is made by JiteshGaikwad (https://github.com/JiteshGaikwad/Chatbot-Widget), which however uses the REST webhook channel.

(back to top)

Build Webservice

In this case we won’t push our image to a remote registry like Docker Hub. Instead we store it locally. However, there’s a little trickery required (https://microk8s.io/docs/registry-images). Note that we're using the image tag :local. You choose another tag name if you like, but due to the way the microk8s image registry works, you can't use the :latest tag.

  1. Build the website image
docker build website/. -t  rasa-webservice:local -f website/Dockerfile
  1. Store the image on your filesystem
docker save rasa-webservice > rasa-webservice.tar
  1. Import the image to the local microk8s
docker save rasa-webservice > rasa-webservice.tar
  1. Confirm that the image has been imported
microk8s ctr images ls

You can now remove the rasa-webservice.tar on your filesystem if you like. Feel free to simply use a remote registry instead. in This case, make sure to edit the k8s-configs/website-deployment.yaml to reference e.g. your username for Docker Hub.

Deploy Webservice

Because the k8s LoadBalancer works on Layer 7, you need a Domain Name that points to the external IP Address of your server for the next step. Alternatively you can use services like https://nip.io/.

  1. Head over to the k8s-configs/basic-webservice.yaml. Replace EXAMPLE.COM with your domain name in the Ingress configuration under spec.rules.host.

  2. Apply the k8s configuration for deployment, service and ingress of your webservice.

kubectl apply -f k8s-configs/basic-webservice.yaml

That's it! You should now be able to access your chatbot via browser!

Rasa Chatbot Widget

Perfect! Now we have a Cluster with a working Webservice that is reachable via http and connects to our Rasa Deployment through WebSocket. If that is all you need (e.g. for a test- or intranet solution) you are ready to go. For a somewhat solid production environment, however, we need some more steps.

(back to top)

Activate SSL/TLS

  1. Enable cert-manager. Rather pleasantly it's integrated into microk8s as an addon!
microk8s enable cert-manager
  1. Edit the k8s-configs/tls-webservice.yaml and replace the EXAMPLE.com entry with your correct domain name. Also very importantly you have to enter a valid E-Mail address under the spec.acme.email field of the ClusterIssuer. Let's Encrypt will reject requests with @example.com e-mail addresses.

  1. Apply the new config. Note that the ingress of our "basic-webservice" gets overwritten. Additionally we're configuring a ClusterIssuer that issues a certificate from Let's Encrypt.
kubectl apply -f k8s-configs/tls-webservice.yaml
  1. Now a certificate is getting issued from Let’s Encrypt. You can view the status via
kubectl describe certificate rasa-webservice-ingress-tls -n rasax

Certificate

This certificate gets managed and auto updated just like it would with cert-bot. After the certificate has been issued successfully, you should be able to visit your webservice via https://YOUR-DOMAIN.com . However, since the Rasa Deployment isn’t configured for TLS, the WebSocket Connection to Rasa will be broken due to a CORS conflict.

Now there are multiple ways to configure SSL/TLS for the Rasa (X) deployment. Ideally you would configure a customConfConfigMap and the certificateSecret and mount the certificate in the nginx pod of your Rasa X deployment. I have included an example configuration for the ConfigMap under custom-nginx-conf-files to get you started. Maybe in the future I will cover that. However, today we wanna use the simplest working solution. And this is to use our ingress to route traffic over TLS to the nginx backend service of our Rasa X deployment.

  1. Edit the rasax/tls-values.yml and enter your IP address and domain name. You must also transfer the random tokens and secret strings from the basic-values.yml.

  2. Upgrade your deployment with the new values file!
helm --namespace rasax upgrade --values rasa/tls-values.yml rasax-release rasa-x/rasa-x

Note that we are now hosting our API under the /rasax/ subpath! That means, that your Rasa (X) services will be reachable via https://YOUR-DOMAIN.com/rasax/ while your Chatbot Website will still run under https://YOUR-DOMAIN.com/ ! For me thats a reasonable configuration, but feel free to adjust this to your needs. However, those changes would also need to be reflected in the ingress and on your webservice that we will discuss now.

3. Head over to the k8s-configs/rasax-ingress-tls-controller.yaml and, again, edit it to reflect your actual domain name.

4. Apply the new ingress rule

kubectl apply -f k8s-configs/rasax-ingress-tls-controller.yaml

Now we have configured TLS for the ingresses of our webservice and of Rasa (X). We now need to rebuild our Website to reflect the new API.

  1. Go to your website/index.html and edit the JavaScript to look like this.
        !(function () {
         let e = document.createElement("script"),
        t = document.head || document.getElementsByTagName("head")[0];
        (e.src =
        "static/js/webchat.js"),
        (e.async = !0),
        (e.onload = () => {
        window.WebChat.default(
        {
          initPayload: '/greet',
          customData: { language: "en" },
          socketUrl: location.hostname,
          socketPath: "/rasax/socket.io/",
          title: 'My Chatbot',
          subtitle: 'My Subtitle',
          profileAvatar: "static/images/sara_avatar.png",
          inputTextFieldHint: 'Type here...',
        },
        null
      );
        }),
        t.insertBefore(e, t.firstChild);           
    })();

Note that we ditched the port :8000 and added our socketPath to reflect the new API location. The nginx pod of our Rasa X deployment works as a reverse proxy and automatically redirects the traffic coming over the /socket.io path to the Rasa Production pod in our cluster at http://rasax-release-rasa-x-rasa-production.rasax.svc:5005/socket.io.
Also note that you will need a trailing slash (/) when accessing your services! So for example you have to type https://YOUR-DOMAIN.com/rasax/ (with trailing slash!) into your browser to access the Rasa X GUI. Wether you can live with that depends on what you are trying to accomplish. If you want to change this behaviour you would need to reconfigure the ingress controller and your nginx. A guide starting point may be this medium.com article: https://medium.com/@smoco/fighting-trailing-slash-problem-c0416023d20e .

  1. After adjusting our index.html, we need to rebuild the webservice:
docker build website/. -t  rasa-webservice:local -f website/Dockerfile

docker save rasa-webservice > rasa-webservice.tar

microk8s ctr image import rasa-webservice.tar
  1. We now need to force Kubernetes to re-pull the new image. For that, we first delete our existing deployment:
kubectl -n rasax delete deployment rasa-webservice
  1. In the name of clarity, we built the deployment, service and ingress of our Webservice with one file (basic-webservice.yaml). We then overwrote the ingress controller with another file (tls-webservice.yaml). Because of that, we can't use the basic-webservice.yaml anymore to re-build our deployment. That's why I have prepared another file for that: webservice-deployment.yaml. Go ahead and apply it.
kubectl apply -f k8s-configs/webservice-deployment.yaml

Now your webservice pod should have been rebuilt using the new image allowing your website to reach out to the new API location.

Action Server

More often then not you also want to have a Action Server allowing you to run custom actions in your Rasa deployment. In this section, I will show you how to enable the action server in your Rasa X deployment, build an action server image and get you started with a mini CI/CD workflow that allows you to automate your action server image building.

  1. This time we wanna use Docker Hub for the sake of our CI/CD workflow. So first make sure you are logged into docker hub on your terminal.
docker login
  1. (Optional) In this case we first build our action server via a Dockerfile provided under the root directory of this project. You could also skip this part and build it from your CI/CD workflow directly.
docker build . -t YOUR-DOCKER-HUB-USERNAME/example-action-server:latest
  1. (Optional) Push to docker hub
docker build . -t YOUR-DOCKER-HUB-USERNAME/example-action-server:latest
  1. (Required) Edit rasax/tls-values-with-actions.yml to reflect your IP, domain and token + secret strings.

  2. (Optional) Upgrade your Rasa X deployment with the new values.
helm --namespace rasax upgrade --values rasax/tls-values-with-actions.yml rasax-release rasa-x/rasa-x
  1. (Optional) Check that your action server pod is creating/running
kubectl -n rasax get pods

Action Server Pod Creating

You can wether the action is working on your chatbot widget in your browser (note the actions.py and the rule I added for the example bot provided in this repository):

Action Server Test 1

CI/CD GitHub Workflow

Building and deploying the action server like in the previous section can be quite tedious. Everytime you make changes to the code of your action server, you would manually need to re-build your image. Thankfully we can automate that with GitHub Workflows!

  1. Head over to the .github/workflows/action_server_image.yml file and fill in your docker hub username. Also make sure that the correct branch name is configured (e.g. main).

  2. Don't forget to update the secrets inside your GitHub account repository to store the DOCKER_HUB_LOGIN and DOCKER_HUB_PASSWORD. You can find those settings on your GitHub Account, inside your Repository settings under Settings -> Security -> Secrets and variables -> Actions -> New repository secret. It should look something like that:

Create a GitHub Secret for Docker Hub Login

  1. (Optional) If you have already deployed your action server with the Dockerfile in the section above, you could now make a small change to your action server code to test your workflow. So e.g. in your actions.py, add another utterance:

Action Server Test 2

  1. Push the actions to your repository:
git add actions/.

git commit -m "Added another dispatcher message in actions.py"

git push
  1. You can follow the building process on your GitHub account under the "Actions" tab:

GitHub Action Building

  1. Now we have to update the action server pod to store our new image. Therefore we need to specify the new image in our deployment. After pushing the action changes to your repo and thus triggering your Github Action, head over to Docker Hub and get your Image Tag.

Get image tag from docker hub

  1. Now back in your rasax/tls-values-with-actions.yml go ahead and update the image tag:

Enter image tag in values.yml

  1. Upgrade your Rasa X deployment:
helm --namespace rasax upgrade --values rasax/tls-values-with-actions.yml rasax-release rasa-x/rasa-x

Now admittedly updating your image tag like this is also a bit tedious. I suppose you could automate that too, but personally I didn't really need it yet. Have a look at https://rasa.com/docs/action-server/deploy-action-server/#building-an-action-server-image if you're interested. There are also some nice examples on the official Rasa X documentation, if you want to optimize your workflow further: https://rasa.com/docs/rasa/setting-up-ci-cd/ .

License

Distributed under the MIT License. See LICENSE.txt for more information.

(back to top)

Acknowledgments

Use this space to list resources you find helpful and would like to give credit to. I've included a few of my favorites to kick things off!

(back to top)

About

A step-by-step guide on how to deploy Rasa and Rasa X via Kubernetes on an Ubuntu Server with SSL / TLS, Action Server and CI/CD

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published