Automation Suite
2023.10
false
Banner background image
Automation Suite on EKS/AKS Installation Guide
Last updated Apr 19, 2024

Automation Suite on EKS/AKS stack

High-level architecture

Automation Suite on EKS/AKS allows you to bring and manage your own Kubernetes cluster, dedicated to Automation Suite.

docs image

There are three sections of the stack:

  1. UiPath® managed: UiPath® services and components optimized for Automation Suite provided and supported by UiPath®.

  2. Optional to install: If you have the same components pre-configured in your Kubernetes cluster, you can choose to skip installing them via Automation Suite. In this case, you will manage the lifecycle of these components.

  3. Customer managed: Prerequisites for deploying Automation Suite on your cloud infrastructure managed and supported by you. For supported EKS/AKS configurations, see the Compatibility matrix.

Stack Component

Description

UiPath® managed

UiPath® products

When you deploy Automation Suite, a minimum set of shared capabilities are installed by default, such as UiPath® Portal, Identity, License, Org Management, and Audit.

You can choose which UiPath® products to enable on Automation Suite both at the time of installation or post-installation. Note that there are cross-product dependencies you must address.

ArgoCD

Open-source declarative CD tool for Kubernetes. It follows the GitOps pattern of using Git repositories as the source of truth for defining the desired application state. It is optimized to provide application lifecycle management (ALM) capabilities for Automation Suite.

Optional to install

Gatekeeper and container policies

Open-source tool that allows a Kubernetes administrator to implement policies for ensuring compliance and best practices in their cluster.

If you bring your own Gatekeeper and associated policies, review the access needed by Automation Suite.

Networking policies

Kubernetes networking policies provide a way to control networking traffic flow at IP address or port level (Layer 4). Automation Suite comes with an optionally bundled component with networking policies implemented to follow security best practices.

Note that Automation Suite-bundled networking policies are only compatible with Cilium CNI. If you use a different type of CNI or if you bring your own networking policies, make sure to check the compatibility of these policies with Automation Suite. For details, see Security and compliance.

Cert Manager

Cert Manager is an open-source certificate controller for Kubernetes. You can choose to keep the Cert Manager pre-configured within Automation Suite or bring your own. If you bring your own, you are responsible for managing the lifecycle of that component.

Note:

If you choose to bring your own Cert Manager, and your TLS certificate is issued by a private or non-public CA, you must manually include both the leaf certificate and intermediate CA certificates in the TLS certificate file. In case of public CAs, they are automatically trusted by client systems, and no further action is required on your part.

Prometheus

Open-source system monitoring toolkit for Kubernetes. It can accept metrics from Kubernetes components and workloads running in the clusters and store those in time series database.

If you choose not to install Automation Suite-bundled Prometheus, you must configure your Prometheus to collect metrics.

Prometheus bundled with Automation Suite on EKS/AKS is not configured for high availability (HA) mode. If you require a monitoring stack with HA functionality, you must supply your own Prometheus.

Alert Manager

Open-source tool that handles alerts sent by client applications such as the Prometheus server. It is responsible for deduplicating, grouping, and routing them to the correct receiver integrations, such as email, PagerDuty, or OpsGenie.

Automation Suite configures custom alerts, such as certificate expiration. If you choose not to install Automation Suite-bundled Alert Manager, you must configure your own alerts.

Alert Manager bundled with Automation Suite on EKS/AKS is not configured for high availability (HA) mode. If you require a monitoring stack with HA functionality, you must supply your own Alert Manager.

Grafana

Open-source visualization tool used for querying and visualizing data stored in Prometheus. You can create and ship a variety of dashboards for cluster and service monitoring.

If you choose not to install Automation Suite-bundled Alert Manager, you must create your own alerts.

Grafana bundled with Automation Suite on EKS/AKS is not configured for high availability (HA) mode. If you require a monitoring stack with HA functionality, you must supply your own Grafana.

FluentD and Fluent-bit

Open-source log scraping solution. The logging operator deploys and configures a background process on every node to collect container and application logs from the node file system.

If you choose not to install Automation Suite-bundled FluentD and Fluent Bit, you must configure your own log scraper.

Velero

Open-source tool that allows you to take a snapshot backup and restore.

If you choose not to install Automation Suite-bundled Velero, make sure you take backups as per your Disaster Recovery policy.

Istio

Open-source service mesh that provides functionality such as ingress, request routing, traffic monitoring, etc., for the microservices running inside the Kubernetes cluster.

Customer managed

Kubernetes cluster (AKS or EKS)

Azure Kubernetes Service and Elastic Kubernetes Service are managed Kubernetes services from Microsoft Azure cloud and Amazon Web Services, respectively. Make sure to configure the EKS/AKS clusters correctly with the required worker nodes and capacity.

Object storage

Automation Suite and UiPath® Services require Object Storage - Azure Blob Storage or Amazon S3 (Simple Storage Service).

Block storage

Block storage is similar to disk storage needed for Automation Suite platform and UiPath® products. Automation Suite is compatible with Azure Disk Storage and Amazon’s Elastic Block Storage.

File Storage

File storage is hierarchical data storage methodology and is needed for several UiPath® products. Automation Suite is compatible with Azure Files and Elastic File Storage from Microsoft and AWS clouds, respectively.

Caching

Caching is required by several UiPath® products. Automation Suite is compatible with Cloud Redis for Azure and Elasticache for AWS.

Database

SQL Server and SQL databases are needed for all UiPath® products. Automation Suite is compatible with Microsoft SQL server, Azure SQL and AWS managed (RDS) SQL services.

Responsibility matrix

Activity

UiPath® responsibility

Customer responsibility

Infrastructure prerequisites

  • Document guidance on capacity for nodes in the EKS or AKS cluster

  • Document compatibility matrix of supported cloud services and their versions

  • Document prerequisite validation checks before installation

  • Provision required infrastructure resources dedicated to Automation Suite

  • Manage the infrastructure on an ongoing basis (e.g., patching, availability, etc.)

Managing optional components

  • UiPath® services

  • Components

  • Provide validated stack with the components

  • Supported by UiPath®

  • Upgrades provided by UiPath® with new releases

  • Choose to install Automation Suite with optional components (recommended) or bring your own

  • If you bring your own components, you must manage the lifecycle of said components

Network policies (optionally provided by UiPath®)

  • Provide networking policies as an optional component based on Cilium CNI

  • Networking policies control access from UiPath® services on an as-needed basis to follow principle of least privilege

  • Publish documentation for required compatible networking policies

  • Choose to use networking policies packaged with Automation Suite based on Cilium plugin or bring your own policies

  • If you choose to install your own networking policies, you may need to adjust your policies based on UiPath® documentation

Gatekeeper and OPA policies (optionally provided by UiPath®)

  • Include optional Gatekeeper and OPA policies to control access privileges of the containers

  • Documentation of compatible policies for you if you choose to bring your own Gatekeeper and policies

  • Choose to install Gatekeeper and OPA policies that are part of Automation Suite or install your own Gatekeeper and associated container privilege policies

  • Refer to UiPath® published policies that are compatible with Automation Suite to make any necessary changes

uipathctl (management tool)

  • Provide management tool (similar to kubectl) optimized for installing and managing Automation Suite

  • Documentation on how to use the tool associated with use cases (ex: running pre-checks, installing, etc.)

  • Management node / machine with uipathctl, connectivity to the EKS cluster and cluster admin access to install and run Automation Suite

Automation Suite upgrades

  • Provide minor updates to Long Term Support (LTS) versions that consist of service image updates for bug fixes and security patches tipically every two months

  • Provides new LTS versions of Automation Suite that consist of new service features (e.g., Orchestrator) and updates component versions tipically every six months. UiPath® will also publish an updated compatibility matrix of the new LTS version and infrastructure components (e.g., EKS versions)

  • Consume minor updates regularly to get bug fixes and security patches. Minor releases are meant to be lightweight

  • Update to major LTS versions to get feature updates and updated compatibility matrix

Infrastructure upgrades

  • Publish compatibility matrix for each new LTS version release to allow you to upgrade your infrastructure and stay within supported versions of EKS or AKS. For supported EKS/AKS versions, see the Compatibility matrix.

  • Update the infrastructure based on Automation Suite compatibility matrix

  • Follow best practice of taking backups before upgrades

Backup and Restore

  • Provide optional backup and restore functionality

  • Document how to configure Automation Suite in maintenance mode and take backup

  • Choose to install Automation Suite provided backup/restore functionality or use your own solution and follow UiPath® documentation on best practices and maintenance mode

  • For infrastructure prerequisites (such as SQL, or Storage), you must take backups

Support

  • Provide support based on Support Programs mentioned here.

  • Provide support for Automation Suite

  • Provide diagnostics tool to help identify the root cause of common issues (the Automation Suite package or your infrastructure)

  • Manage and support the infrastructure prerequisites or non-Automation Suite bundled components

  • High-level architecture
  • Responsibility matrix

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo White
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2024 UiPath. All rights reserved.