- Overview
- Requirements
- Installation
- Prerequisite checks
- Downloading the installation packages
- uipathctl cluster
- uipathctl cluster maintenance
- uipathctl cluster maintenance disable
- uipathctl cluster maintenance enable
- uipathctl cluster maintenance is-enabled
- uipathctl cluster upgrade
- uipathctl config
- uipathctl config alerts
- uipathctl config alerts add-email
- uipathctl config alerts remove-email
- uipathctl config alerts update-email
- uipathctl config additional-ca-certificates get
- uipathctl config tls-certificates get
- uipathctl config orchestrator
- uipathctl config orchestrator get-config
- uipathctl config orchestrator update-config
- uipathctl config additional-ca-certificates update
- uipathctl config tls-certificates update
- uipathctl health
- uipathctl health bundle
- uipathctl health check
- uipathctl health diagnose
- uipathctl health test
- uipathctl identity
- uipathctl identity add-host-admin
- uipathctl identity enable-basic-auth
- uipathctl identity get-saml-certificate
- uipathctl identity get-token-signing-certificate
- uipathctl identity rotate-saml-certificates
- uipathctl identity rotate-token-signing-certificates
- uipathctl identity update-saml-certificate
- uipathctl identity update-token-signing-certificate
- uipathctl manifest
- uipathctl manifest apply
- uipathctl manifest diff
- uipathctl manifest get
- uipathctl manifest list-applications
- uipathctl manifest render
- uipathctl prereq
- uipathctl prereq create
- uipathctl prereq run
- uipathctl resource
- uipathctl resource report
- uipathctl snapshot
- uipathctl snapshot backup
- uipathctl snapshot backup create
- uipathctl snapshot backup disable
- uipathctl snapshot backup enable
- uipathctl snapshot delete
- uipathctl snapshot list
- uipathctl snapshot restore
- uipathctl snapshot restore create
- uipathctl snapshot restore delete
- uipathctl snapshot restore history
- uipathctl snapshot restore logs
- uipathctl sso
- uipathctl sso generate-connector
- uipathctl sso generate-overlays
- uipathctl sso generate-rbac
- uipathctl version
- Post-installation
- Migration and upgrade
- Upgrading Automation Suite on EKS/AKS
- Migration options
- Step 1: Moving the Identity organization data from standalone to Automation Suite
- Step 2: Restoring the standalone product database
- Step 3: Backing up the platform database in Automation Suite
- Step 4: Merging organizations in Automation Suite
- Step 5: Updating the migrated product connection strings
- Step 6: Migrating standalone Insights
- Step 7: Deleting the default tenant
- B) Single tenant migration
- Monitoring and alerting
- Cluster administration
- Product-specific configuration
- Troubleshooting
Deployment scenarios
An online deployment of Automation Suite is one that requires internet access during installation and runtime. All the UiPath products and supporting libraries are hosted in the UiPath registry or UiPath-trusted third-party store.
You can limit access to the internet with the help of a restricted firewall or a proxy server by blocking all the traffic over the internet other than what is required by Automation Suite. For more details on firewall or proxy rules, see Configuring the proxy.
You can reference the following architecture diagram to deploy Automation Suite on EKS:
The previous architecture diagram depicts how Automation Suite can be set up on the AWS EKS cluster.
An EKS cluster is deployed in a single AWS region, where the EC2 worker nodes are in an autoscaling group distributed across three availability zones. The distribution of nodes across availability zones is what brings resiliency to complete zone failure.
Each zone has a private subnet and a public subnet. EC2 worker nodes are hosted in a private subnet, whereas the public subnet hosts an elastic IP address and NAT gateway. The NAT gateway is required to connect to the internet while accessing the EKS control plane from the worker nodes and connecting to the docker registry to get the container images for the Automation Suite deployment.
Elastic IP addresses hosted in each public subnet are passed to Automation Suite during installation to register that as an endpoint where Istio must listen for any incoming traffic. For the same reason, the Network Load Balancer (NLB) must use these endpoints to forward any request made to Automation Suite.
Datasources such as Amazon RDS for Microsoft SQL Server, S3 bucket, Elastic File System, and Elastic Cache should be set up to have enough redundancy in case of failure and must be accessed from the private subnet where the EC2 worker instances are hosted.
-
Automation Suite has no affinity rules to ensure that the worker pods are distributed equally across the zone. If there is any zone-level failure, there may be a momentary degradation of the service, which would be resolved when that service is automatically moved to a new zone by the EKS control plane.
-
Insights requires the EBS volumes to store the dashboard and the other metadata. In AWS, EBS volumes are tied to the zone in which they are present and do not move when the zone is down. Insights will not be available until the zone on which insights were scheduled is recovered.
-
EKS does not enable autoscaling by default, as opposed to AKS. To activate this feature, you typically need to install and configure additional software like Metrics Server and Cluster-Autoscaler, or alternative solutions that provide similar autoscaling capabilities.
You can reference the following architecture diagram to deploy Automation Suite on AKS:
An AKS cluster is deployed in a single region where the worker nodes are distributed across the system and user node pools. The core AKS components (except the control plane)are hosted in the system node pool, such as CNI, CoreDNS, etc. Additionally, UiPath core services are also hosted in the same Node Pool. Additional User Node Pools can host the worker nodes for Automation Suite Robots, Task Mining, and GPU.
Each Node Pool hosts the Virtual Machine Scale Set (VMSS), ensuring that worker nodes are distributed across multiple zones to provide resiliency to zone failure and scale when required.
The static IP address associated with the Load Balancer is passed to Automation Suite during installation to register that as an endpoint where Istio must listen for any incoming traffic. For the same reason, Azure Load Balancer (L4) must use these endpoints to forward any request to Automation Suite.
Datasources such as Microsoft SQL Server, Azure Storage Account, and Azure Redis Cache should be set up to have enough redundancy in case of failure and must be accessed from the subnet where the AKS worker nodes are hosted.
Additionally, there may be a need for an additional Jump Box / Bastion Server, which may have all the required privileges to operate the AKS cluster.
Automation Suite has no affinity rules to ensure that the worker pods are distributed equally across the zone. If there is any zone-level failure, there may be a momentary degradation of the service, which will be resolved when that service is automatically moved to a new zone by the AKS control plane.
