agent.full=true
. By default, a slim Agent without any embedded Discovery Handlers is deployed and the required Discovery Handlers can be deployed as DaemonSets. This documentation will use that strategy, deploying OPC UA Discovery Handlers by specifying opcua.discovery.enabled=true
when installing Akri.helm inspect values akri-helm-charts/akri
). More information about the Akri Helm charts can be found in the user guide. To apply the OPC UA Configuration to your cluster, simply set opcua.configuration.enabled=true
along with any of the following additional Configuration settings when installing Akri.opc.tcp://localhost:4840/
and get the list of OPC UA servers registered with it.brokerPod
) in the Configuration. Alternatively, if it meets your scenario, you could use the Akri frame server broker ("ghcr.io/project-akri/akri/opcua-video-broker"). If you would rather manually deploy pods to utilize the devices advertized by Akri, don't specify a broker pod and see our documentation on requesting resources advertized by Akri.Note only abrokerJob
ORbrokerPod
should be specified.
brokerJob
) in the Configuration. A Kubernetes Job deploys a set number of terminating Pods.Note only abrokerJob
ORbrokerPod
should be specified.
OnFailure
RestartPolicy
for the Job. Can either be OnFailure
or Never
for Jobs.opcua-broker-credentials
into the OPC UA brokersopcua.configuration.capacity
setting to reflect the correct number. For example, if your high availability needs are met by having 1 redundant pod, you can update the Configuration like this by setting opcua.configuration.capacity=2
.Note: See the cluster setup steps for information on how to set the crictl configuration variableAKRI_HELM_CRICTL_CONFIGURATION
ghcr.io/<USERNAME>/opcua-broker
.Note: setopcua.configuration.brokerPod.image.tag
to specify an image tag (defaults tolatest
).
opc.tcp://localhost:4840/
LDS DiscoveryURL, an operator can specify the addresses of one or more Local Discovery Servers, like in the following example:Note: The Agent's OPC UA discovery method only supports tcp DiscoveryURLs, since the Rust OPC UA library has yet to support http(s).
applicationName
property of a server's ApplicationDescription
as specified by OPC UA Specification). For example, to discover all servers registered with the default LDS except for the server named "Duke", do the following./etc/opcua-certs/client-pki
.opcua-broker-credentials
, ideally using a KMS. More information about using Kubernetes Secrets securely can be found in the credentials passing proposal. The following is an example kubectl command to create the Kubernetes Secret, projecting each certificate/crl/private key with the expected key name (ie client_certificate
, client_key
, ca_certificate
, and ca_crl
).--set opcua.configuration.mountCertificates='true'
, the secret named opcua-broker-credentials
will be mounted into the OPC UA brokers. It is mounted to the volume credentials
at the mountPath
/etc/opcua-certs/client-pki, as shown in the OPC UA Helm template. This is the path where the broker expects to find the certificates. The following is an example how to enable security:Note: If the Helm template for the OPC UA Configuration is too specific, you can customize the Configuration yaml to suit your needs.