Deploy agents

Edit online

Deploy agents using the AgentService custom resource by preparing required resources manually and creating the Agent Manager route after the ZAssistantDeploy custom resource is created.

Before you begin

Ensure the following:
  • Access to the OpenShift cluster
  • Appropriate permissions to create secrets and custom resources
  • Agent Helm charts available in the agent-helm-charts directory
  • Access to an OCI-compliant container registry
  • Authentication credentials for the container registry

About this task

This procedure covers creating the global secret required by deployed agents, creating the OpenShift route for Agent Manager, and providing reusable YAML definitions for both resources.

Procedure

  1. Create a global secret.

    You need to create the global secret in the core-services namespace after applying the CR for ZAssistantDeploy. For example, wxa4z-zad. See Deploying ZAssistantDeploy on your cluster.

    This shared secret is used by the agents deployed through the AgentService custom resource. This is a one-time setup.

    Create a file named global-secret.yaml with the following content:

    apiVersion: v1
kind: Secret
metadata:
  name: wxa4z-watsonx-credentials
  namespace: wxa4z-zad
type: Opaque
data:
  ORCHESTRATE_ENV_TYPE: "" # Set to "cpd" or "ibm_iam" (for IBM Cloud)
  CPD_INSTANCE_API_KEY: "" # CPD API key or IBM Cloud IAM API key
  ORCHESTRATE_ENV_URL: "" # WXO service instance URL
  CPD_USERNAME: "" # CPD username for on-premises deployments
  WATSONX_DEPLOYMENT_SPACE_ID: "" # Watsonx deployment space ID
  WATSONX_ML_URL: "" # CPD instance FQDN for on-premises deployments
  EXTERNAL_WATSONX_API_KEY: "" # CPD instance API key for connect
  WATSONX_PROJECT_ID: "" # Watsonx project ID
  LANGFUSE_HOST: ""
  LANGFUSE_SECRET_KEY: ""
  LANGFUSE_PUBLIC_KEY: ""
  MODEL_RUNTIME: "" # "cpd", "cloud", or "openai_protocol"
  LLM_BASE_URL: "" # Inferencing stack URL when MODEL_RUNTIME is openai_protocol
  LLM_API_KEY: "" # Inferencing stack API key when MODEL_RUNTIME is openai_protocol
  WRAPPER_URL: ""
  WRAPPER_PASSWORD: "" # Desired wrapper password
  WRAPPER_USERNAME: "" # Desired wrapper username
  INGESTION_PASSWORD: "" # Desired client ingestion password
  INGESTION_URL: ""
  TENANT_ID: ""
  2. Apply the global secret to the cluster. 
    oc apply -f global-secret.yaml
  3. Push the packaged Helm chart to your OCI-compliant container registry.

    For example, to push to IBM Container Registry (ICR):

    helm push [agent-name]-[chart-version].tgz oci://icr.io/wxa4z-dev-container-registry
    Note: Ensure you are authenticated to the container registry before pushing. Use helm registry login if needed.
    The Helm chart is pushed to the container registry.
  4. Create a custom resource YAML file named AgentService with the following content.
    Before applying the CR, verify the following:
    • The agent-specific secret is created.
    • The image pull secret for the image artifact is created.
    apiVersion: wxa4z.watsonx.ibm.com/v1alpha1
kind: AgentService
metadata:
  name: [agent-service-cr-name] # Example: upgrade-agent-test
  namespace: [tenant-namespace]
  labels:
    wxa4z.watsonx.ibm.com/managed-by: agent-operator

spec:
  releaseName: [release-name]
  tenantId: [tenant-id]
  namespace: [tenant-namespace]
  wxa4z-core-services-namespace: wxa4z-zad # Namespace for opensearch-client, authorization

  agentDetails:
    - agentName: [agent-name-1]
      agentId: wxa4z:[agent-name-1]:agent
      displayName: [agent display name]
      description: [agent description]
      bootstrapConfig:
        name: [bootstrap configmap name]
        fileName: [bootstrap config file name]

  chart:
    repository: [repository name] # Example: oci://icr.io/wxa4z-dev-container-registry
    name: [agent helm tar.gz name] # Example: upgrade-agent
    version: [helm tar.gz version]
    pullSecrets: # If not specified, defaults to pull-secret
      - name: pull-secret # Secret containing image repository credentials

  values:
    replicaCount: 1

    global:
      secrets:
        name: wxa4z-watsonx-credentials # Reference to global variables

    secrets:
      name: [agent-secrets] # Example: upgrade-agent-secrets

    env: # Configurable environment variables
      HOST_NAME: "apps.wxa4z311-cpd530-x86-qa.cp.fyre.ibm.com"

    Replace placeholder values in square brackets with your actual values.
  5. Apply the AgentService custom resource to the cluster. 
    oc apply -f agent-service.yaml
    The AgentService custom resource is created and the agents are deployed.

Results

The agents are deployed using the AgentService custom resource. The global secret is available for all deployed agents, and the Helm chart is stored in the container registry for deployment.