automation-suite
2024.10
false
- Overview
- Requirements
- Pre-installation
- Preparing the installation
- Installing and configuring the service mesh
- Downloading the installation packages
- Configuring the OCI-compliant registry
- Granting installation permissions
- Installing and configuring the GitOps tool
- Meeting the Process Mining prerequisites
- Meeting the Integration Service requirements
- Applying miscellaneous configurations
- Running uipathctl
- Installation
- Post-installation
- Migration and upgrade
- Upgrading Automation Suite
- Migrating standalone products to Automation Suite
- Step 1: Restoring the standalone product database
- Step 2: Updating the schema of the restored product database
- Step 3: Moving the Identity organization data from standalone to Automation Suite
- Step 4: Backing up the platform database in Automation Suite
- Step 5: Merging organizations in Automation Suite
- Step 6: Updating the migrated product connection strings
- Step 7: Migrating standalone Orchestrator
- Step 8: Migrating standalone Insights
- Step 9: Migrating standalone Test Manager
- Step 10: Deleting the default tenant
- Performing a single tenant migration
- Migrating between Automation Suite clusters
- Migrating from Automation Suite on EKS/AKS to Automation Suite on OpenShift
- Monitoring and alerting
- Cluster administration
- Product-specific configuration
- Orchestrator advanced configuration
- Configuring Orchestrator parameters
- Configuring appSettings
- Configuring the maximum request size
- Overriding cluster-level storage configuration
- Configuring NLog
- Saving robot logs to Elasticsearch
- Configuring credential stores
- Configuring encryption key per tenant
- Cleaning up the Orchestrator database
- Skipping host library creation
- Troubleshooting
- The backup setup does not work due to a failure to connect to Azure Government
- Pods in the uipath namespace stuck when enabling custom node taints
- Unable to launch Automation Hub and Apps with proxy setup
- Robot cannot connect to an Automation Suite Orchestrator instance
- Log streaming does not work in proxy setups
- Velero backup fails with FailedValidation error
- Accessing FQDN returns RBAC: access denied error
Automation Suite on EKS/AKS installation guide
Last updated Mar 31, 2026
Meeting the Process Mining prerequisites
Note:
You must take the steps in this section only if you run the Automation Suite installer with reduced privileges. If you can run the installer with admin privileges, you do not need to follow the instructions in this section.
Important:
Dapr and cert-manager are no longer requirements for Process Mining starting with Automation Suite 2024.10.3.
Installing cert-manager
The Dapr installation for Process Mining requires cert-manager.
You can install cert-manager via Helm. For installation instructions, see the cert-manager documentation.
Uninstalling Cert Manager
Note:
You should not remove this resource if Task Mining is enabled. Task Mining is dependent on Cert Manager.
Prerequisites
- Kubectl CLI (
kubectl) installed and configured. - Appropriate permissions to delete resources in the target namespaces.
Information required
Before proceeding, you must gather the following information:
- UiPath namespace where cert-manager resources are being used.
Step-by-step uninstallation process
- Delete the role bindings for cert-manager:
# Verify if the role binding exists kubectl get rolebinding -n <uipath_namespace> | grep cert-manager # If it exists, delete it kubectl delete rolebinding <role-binding-name> -n <uipath_namespace># Verify if the role binding exists kubectl get rolebinding -n <uipath_namespace> | grep cert-manager # If it exists, delete it kubectl delete rolebinding <role-binding-name> -n <uipath_namespace> - Delete the cert-manager role:
# Check if the role exists kubectl get role cert-manager -n <uipath_namespace> | grep cert-manager # If it exists, delete it kubectl delete role <cert-manamger-role> -n <uipath_namespace># Check if the role exists kubectl get role cert-manager -n <uipath_namespace> | grep cert-manager # If it exists, delete it kubectl delete role <cert-manamger-role> -n <uipath_namespace> - Clean up cert-manager resources in the namespace:
# Delete all certificates kubectl delete certificates.cert-manager.io --all -n <uipath_namespace> # Delete all issuers kubectl delete issuers.cert-manager.io --all -n <uipath_namespace> # Delete all clusterissuers if you created any kubectl delete clusterissuers.cert-manager.io --all# Delete all certificates kubectl delete certificates.cert-manager.io --all -n <uipath_namespace> # Delete all issuers kubectl delete issuers.cert-manager.io --all -n <uipath_namespace> # Delete all clusterissuers if you created any kubectl delete clusterissuers.cert-manager.io --all - Uninstall the cert-manager from cluster, delete the namespace or any residual certificate resources following steps 1, 2, and 3 for other namespaces. Also, cross verify if cert-manager is not used by any other component.
- Verify remaining resources:
# Check for any remaining cert-manager resources kubectl get all -n <uipath_namespace> | grep cert-manager kubectl get crd | grep cert-manager# Check for any remaining cert-manager resources kubectl get all -n <uipath_namespace> | grep cert-manager kubectl get crd | grep cert-manager
Troubleshooting
If certain resources cannot be deleted:
- Ensure you have the necessary permissions.
- Check if the resources are being used by other applications.
- For resources that are stuck in Terminating state, you may need to remove finalizers.
Notes
- Only uninstall cert-manager if it is not being used by other applications in your cluster.
- If multiple applications depend on cert-manager, consider only removing the UiPath-specific resources.
- Replace
<uipath_namespace>with your actual UiPath namespace.
Installing Dapr
To install Dapr, take the following steps:
- Create an image pull secret in the
<uipath>namespace. To create the image pull secret, you can use your typical workflow or take the following steps:registry= <registry_url> #provide the registry where the UiPath images are hosted username= <user_name> #provide the username which will be used for the authentication password= <password> #provide the password which will be used for the authentication namespace= <namespace> #namespace where you want to create a secret kubectl create secret docker-registry uipathpullsecret --namespace=${namespace} \ --docker-server=${registry} --docker-username=${username} \ --docker-password=${password} --dry-run=client -o yaml \ | kubectl apply -f -registry= <registry_url> #provide the registry where the UiPath images are hosted username= <user_name> #provide the username which will be used for the authentication password= <password> #provide the password which will be used for the authentication namespace= <namespace> #namespace where you want to create a secret kubectl create secret docker-registry uipathpullsecret --namespace=${namespace} \ --docker-server=${registry} --docker-username=${username} \ --docker-password=${password} --dry-run=client -o yaml \ | kubectl apply -f - - Create the Argo application using the following YAML file:
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: dapr namespace: <argo_namespace> spec: destination: namespace: <uipath_namespace> server: https://kubernetes.default.svc ignoreDifferences: - jsonPointers: - /data - /stringData - /metadata kind: Secret - group: apiextensions.k8s.io jsonPointers: - /spec/conversion kind: CustomResourceDefinition - group: admissionregistration.k8s.io jsonPointers: - /webhooks kind: MutatingWebhookConfiguration project: <project_name> source: chart: helm/dapr helm: valueFiles: - values.yaml values: | global: registry: <target-registry>/daprio imagePullSecrets: uipathpullsecret mtls: enabled: true prometheus: enabled: false logAsJson: true actors: enabled: false ha: enabled: false replicaCount: 1 rbac: namespaced: true seccompProfile: RuntimeDefault dapr_dashboard: enabled: false dapr_operator: watchInterval: 1m resources: requests: cpu: 100m memory: 100Mi limits: cpu: "1" memory: 200Mi watchNamespace: <uipath_namespace> deploymentAnnotations: sidecar.istio.io/inject: "false" dapr_sidecar_injector: allowedServiceAccounts: <uipath_namespace>:default resources: requests: cpu: 100m memory: 30Mi limits: cpu: "1" memory: 100Mi sidecarDropALLCapabilities: true deploymentAnnotations: sidecar.istio.io/inject: "false" dapr_sentry: resources: requests: cpu: 100m memory: 30Mi limits: cpu: "1" memory: 100Mi deploymentAnnotations: sidecar.istio.io/inject: "false" dapr_rbac: secretReader: enabled: false createClusterScopedObjects: true repoURL: <target-registry> targetRevision: <dapr-version> syncPolicy: automated: prune: true selfHeal: true retry: backoff: duration: 10s factor: 2 maxDuration: 1m limit: 1000 syncOptions: - CreateNamespace=true - RespectIgnoreDifferences=trueapiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: dapr namespace: <argo_namespace> spec: destination: namespace: <uipath_namespace> server: https://kubernetes.default.svc ignoreDifferences: - jsonPointers: - /data - /stringData - /metadata kind: Secret - group: apiextensions.k8s.io jsonPointers: - /spec/conversion kind: CustomResourceDefinition - group: admissionregistration.k8s.io jsonPointers: - /webhooks kind: MutatingWebhookConfiguration project: <project_name> source: chart: helm/dapr helm: valueFiles: - values.yaml values: | global: registry: <target-registry>/daprio imagePullSecrets: uipathpullsecret mtls: enabled: true prometheus: enabled: false logAsJson: true actors: enabled: false ha: enabled: false replicaCount: 1 rbac: namespaced: true seccompProfile: RuntimeDefault dapr_dashboard: enabled: false dapr_operator: watchInterval: 1m resources: requests: cpu: 100m memory: 100Mi limits: cpu: "1" memory: 200Mi watchNamespace: <uipath_namespace> deploymentAnnotations: sidecar.istio.io/inject: "false" dapr_sidecar_injector: allowedServiceAccounts: <uipath_namespace>:default resources: requests: cpu: 100m memory: 30Mi limits: cpu: "1" memory: 100Mi sidecarDropALLCapabilities: true deploymentAnnotations: sidecar.istio.io/inject: "false" dapr_sentry: resources: requests: cpu: 100m memory: 30Mi limits: cpu: "1" memory: 100Mi deploymentAnnotations: sidecar.istio.io/inject: "false" dapr_rbac: secretReader: enabled: false createClusterScopedObjects: true repoURL: <target-registry> targetRevision: <dapr-version> syncPolicy: automated: prune: true selfHeal: true retry: backoff: duration: 10s factor: 2 maxDuration: 1m limit: 1000 syncOptions: - CreateNamespace=true - RespectIgnoreDifferences=true
The following table provides further information on replacing the placeholders in the YAML file with adequate values for the respective parameters:
| Parameter | Placeholder | Description |
|---|---|---|
namespace |
|
|
|
|
| Namespace for Automation Suite |
project |
|
|
|
|
| Helm chart registry |
targetRevision |
| Version of the Dapr Helm chart from the versions.json file |
Note:
If you install Automation Suite in a shared cluster and update the FQDN post-installation, you must delete and recreate the Dapr application by taking the following steps:
- In the ArgoCD UI, navigate to Dapr > Delete.
- Install Dapr again by following all the steps in this section.
Generating the application YAML file via Bash script
You can also use the following Bash script to generate the application YAML file:
#!/bin/bas
echo "Enter the namespace of argocd applications"
read argocd_namespace
echo "Enter the name of uipath namespace"
read uipath_namespace
if [[ "${argocd_namespace}" == "openshift-gitops" ]]; then
echo "Enter the argocd project name"
read project
else
project="default"
fi
echo "Enter the registry fqdn"
read registry_fqdn
echo "Enter the DAPR helm chart version"
read dapr_version
echo "-------------------- SUMMARY --------------------"
echo "Argocd Application namespace : $argocd_namespace"
echo "Uipath namespace : $uipath_namespace"
echo "Argocd Project name : $project"
echo "Helm registry FQDN : $registry_fqdn"
echo "DAPR Version : $dapr_version"
echo "------------- Application yaml file-------------"
echo -n "apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dapr
namespace: $argocd_namespace
spec:
destination:
namespace: $uipath_namespace
server: https://kubernetes.default.svc
ignoreDifferences:
- jsonPointers:
- /data
- /stringData
- /metadata
kind: Secret
- group: apiextensions.k8s.io
jsonPointers:
- /spec/conversion
kind: CustomResourceDefinition
- group: admissionregistration.k8s.io
jsonPointers:
- /webhooks
kind: MutatingWebhookConfiguration
project: $project
source:
chart: helm/dapr
helm:
valueFiles:
- values.yaml
values: |
global:
registry: $registry_fqdn/daprio
imagePullSecrets: uipathpullsecret
mtls:
enabled: true
prometheus:
enabled: false
logAsJson: true
actors:
enabled: false
ha:
enabled: false
replicaCount: 1
rbac:
namespaced: true
seccompProfile: RuntimeDefault
dapr_dashboard:
enabled: false
dapr_operator:
watchInterval: 1m
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: "1"
memory: 200Mi
watchNamespace: $uipath_namespace
deploymentAnnotations:
sidecar.istio.io/inject: "false"
dapr_sidecar_injector:
allowedServiceAccounts: $uipath_namespace:default
resources:
requests:
cpu: 100m
memory: 30Mi
limits:
cpu: "1"
memory: 100Mi
sidecarDropALLCapabilities: true
deploymentAnnotations:
sidecar.istio.io/inject: "false"
dapr_sentry:
resources:
requests:
cpu: 100m
memory: 30Mi
limits:
cpu: "1"
memory: 100Mi
deploymentAnnotations:
sidecar.istio.io/inject: "false"
dapr_rbac:
secretReader:
enabled: false
createClusterScopedObjects: true
repoURL: $registry_fqdn
targetRevision: $dapr_version
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
backoff:
duration: 10s
factor: 2
maxDuration: 1m
limit: 1000
syncOptions:
- CreateNamespace=true
- RespectIgnoreDifferences=true"
#!/bin/bas
echo "Enter the namespace of argocd applications"
read argocd_namespace
echo "Enter the name of uipath namespace"
read uipath_namespace
if [[ "${argocd_namespace}" == "openshift-gitops" ]]; then
echo "Enter the argocd project name"
read project
else
project="default"
fi
echo "Enter the registry fqdn"
read registry_fqdn
echo "Enter the DAPR helm chart version"
read dapr_version
echo "-------------------- SUMMARY --------------------"
echo "Argocd Application namespace : $argocd_namespace"
echo "Uipath namespace : $uipath_namespace"
echo "Argocd Project name : $project"
echo "Helm registry FQDN : $registry_fqdn"
echo "DAPR Version : $dapr_version"
echo "------------- Application yaml file-------------"
echo -n "apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dapr
namespace: $argocd_namespace
spec:
destination:
namespace: $uipath_namespace
server: https://kubernetes.default.svc
ignoreDifferences:
- jsonPointers:
- /data
- /stringData
- /metadata
kind: Secret
- group: apiextensions.k8s.io
jsonPointers:
- /spec/conversion
kind: CustomResourceDefinition
- group: admissionregistration.k8s.io
jsonPointers:
- /webhooks
kind: MutatingWebhookConfiguration
project: $project
source:
chart: helm/dapr
helm:
valueFiles:
- values.yaml
values: |
global:
registry: $registry_fqdn/daprio
imagePullSecrets: uipathpullsecret
mtls:
enabled: true
prometheus:
enabled: false
logAsJson: true
actors:
enabled: false
ha:
enabled: false
replicaCount: 1
rbac:
namespaced: true
seccompProfile: RuntimeDefault
dapr_dashboard:
enabled: false
dapr_operator:
watchInterval: 1m
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: "1"
memory: 200Mi
watchNamespace: $uipath_namespace
deploymentAnnotations:
sidecar.istio.io/inject: "false"
dapr_sidecar_injector:
allowedServiceAccounts: $uipath_namespace:default
resources:
requests:
cpu: 100m
memory: 30Mi
limits:
cpu: "1"
memory: 100Mi
sidecarDropALLCapabilities: true
deploymentAnnotations:
sidecar.istio.io/inject: "false"
dapr_sentry:
resources:
requests:
cpu: 100m
memory: 30Mi
limits:
cpu: "1"
memory: 100Mi
deploymentAnnotations:
sidecar.istio.io/inject: "false"
dapr_rbac:
secretReader:
enabled: false
createClusterScopedObjects: true
repoURL: $registry_fqdn
targetRevision: $dapr_version
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
backoff:
duration: 10s
factor: 2
maxDuration: 1m
limit: 1000
syncOptions:
- CreateNamespace=true
- RespectIgnoreDifferences=true"
Uninstalling Dapr
Note:
You should not remove this resource if Task Mining is enabled. Task Mining is dependent on Dapr.
Prerequisites
- Kubectl CLI (
kubectl) installed and configured. - Appropriate permissions to delete resources in the target namespaces.
Information required
Before proceeding, you must gather the following information:
- UiPath namespace where Dapr is installed.
- ArgoCD namespace (typically
argocdoropenshift-gitops).
Step-by-step uninstallation process
-
Delete the Dapr application from ArgoCD:
# Verify the application exists first kubectl get application.argoproj.io dapr -n <argocd_namespace> # If it exists, delete it kubectl delete application.argoproj.io dapr -n <argocd_namespace># Verify the application exists first kubectl get application.argoproj.io dapr -n <argocd_namespace> # If it exists, delete it kubectl delete application.argoproj.io dapr -n <argocd_namespace>Wait for resources to be deleted.
-
Delete Dapr custom resources:
# Delete all Dapr components in the UiPath namespace kubectl delete components.dapr.io --all -n <uipath_namespace> # Delete all Dapr configurations in the UiPath namespace kubectl delete configurations.dapr.io --all -n <uipath_namespace> # Delete all Dapr resiliencies in the UiPath namespace kubectl delete resiliencies.dapr.io --all -n <uipath_namespace> # Delete all Dapr subscriptions in the UiPath namespace kubectl delete subscriptions.dapr.io --all -n <uipath_namespace># Delete all Dapr components in the UiPath namespace kubectl delete components.dapr.io --all -n <uipath_namespace> # Delete all Dapr configurations in the UiPath namespace kubectl delete configurations.dapr.io --all -n <uipath_namespace> # Delete all Dapr resiliencies in the UiPath namespace kubectl delete resiliencies.dapr.io --all -n <uipath_namespace> # Delete all Dapr subscriptions in the UiPath namespace kubectl delete subscriptions.dapr.io --all -n <uipath_namespace> -
Delete Dapr custom resource definitions (CRDs):
# Delete Dapr CRDs kubectl delete crd components.dapr.io kubectl delete crd configurations.dapr.io kubectl delete crd resiliencies.dapr.io kubectl delete crd subscriptions.dapr.io# Delete Dapr CRDs kubectl delete crd components.dapr.io kubectl delete crd configurations.dapr.io kubectl delete crd resiliencies.dapr.io kubectl delete crd subscriptions.dapr.io -
Remove Dapr webhook configurations:
# Delete the Dapr sidecar injector webhook kubectl delete mutatingwebhookconfigurations dapr-sidecar-injector# Delete the Dapr sidecar injector webhook kubectl delete mutatingwebhookconfigurations dapr-sidecar-injector -
Remove Dapr-specific role bindings
# Verify if the role binding exists kubectl get rolebinding -n <uipath_namespace> | grep dapr # If it exists, delete dapr specific role binding kubectl delete rolebinding <dapr-role-binding> -n <uipath_namespace># Verify if the role binding exists kubectl get rolebinding -n <uipath_namespace> | grep dapr # If it exists, delete dapr specific role binding kubectl delete rolebinding <dapr-role-binding> -n <uipath_namespace> -
Remove Dapr-specific roles:
# Check if the dapr-creator role exists kubectl get role -n <uipath_namespace> | grep dapr # If it exists, delete dapr specific rolekubectl delete role <dapr-role> -n <uipath_namespace># Check if the dapr-creator role exists kubectl get role -n <uipath_namespace> | grep dapr # If it exists, delete dapr specific rolekubectl delete role <dapr-role> -n <uipath_namespace> -
Clean up remaining Dapr resources
- Pods:
# List all Dapr-related pods kubectl get pods -n <uipath_namespace> | grep dapr # Delete each Dapr pod if any kubectl delete pod <pod_name> -n <uipath_namespace># List all Dapr-related pods kubectl get pods -n <uipath_namespace> | grep dapr # Delete each Dapr pod if any kubectl delete pod <pod_name> -n <uipath_namespace> - Services:
# List all Dapr-related services kubectl get svc -n <uipath_namespace> | grep dapr # Delete each Dapr service if any kubectl delete svc <service_name> -n <uipath_namespace># List all Dapr-related services kubectl get svc -n <uipath_namespace> | grep dapr # Delete each Dapr service if any kubectl delete svc <service_name> -n <uipath_namespace> - Deployments:
# List all Dapr-related deployments kubectl get deployments -n <uipath_namespace> | grep dapr # Delete each Dapr deployment kubectl delete deployment <deployment_name> -n <uipath_namespace># List all Dapr-related deployments kubectl get deployments -n <uipath_namespace> | grep dapr # Delete each Dapr deployment kubectl delete deployment <deployment_name> -n <uipath_namespace>
- Pods:
Verification
After completing all the uninstallation steps, verify that all Dapr components have been removed:
# Check for any remaining Dapr resources
kubectl get pods -n <uipath_namespace> | grep dapr
kubectl get svc -n <uipath_namespace> | grep dapr
kubectl get deployments -n <uipath_namespace> | grep dapr
kubectl get crd | grep dapr
# Check for any remaining Dapr resources
kubectl get pods -n <uipath_namespace> | grep dapr
kubectl get svc -n <uipath_namespace> | grep dapr
kubectl get deployments -n <uipath_namespace> | grep dapr
kubectl get crd | grep dapr
Troubleshooting
If certain resources cannot be deleted:
- Ensure you have the necessary permissions.
- Check if the resources are being managed by another controller.
- Investigate any dependencies that might be preventing deletion.
Notes
- Replace
<uipath_namespace>with your actual UiPath namespace. - Replace
<argocd_namespace>with your actual ArgoCD namespace. - Be cautious when deleting shared resources that might affect other applications.
- Installing cert-manager
- Uninstalling Cert Manager
- Prerequisites
- Information required
- Step-by-step uninstallation process
- Troubleshooting
- Notes
- Installing Dapr
- Generating the application YAML file via Bash script
- Uninstalling Dapr
- Prerequisites
- Information required
- Step-by-step uninstallation process
- Verification
- Troubleshooting
- Notes