Configuration options
Configuration options to allow for further customization of Watson Speech to Text.
Container Environment Variables
Global
| Environment Variable | Description |
|---|---|
ACCEPT_LICENSE |
License acceptance required to run the containers |
watson-stt-customization
Variables that do not have a default value are required to be set for customization to work.
| Environment Variable | Description | Default Value |
|---|---|---|
CUSTOMIZATIONS_STORAGE_TYPE |
Type of S3 compatible storage that supports HMAC (access key and secret key) credentials. Options: cos or minio |
minio |
RUNTIME_SERVICE |
Service endpoint for the runtime, used to discover models and set runtime group | |
PATCH_GENERATOR_SERVICE |
Service endpoint for a runtime configured with the PatchGeneratorModel used for training | value of RUNTIME_SERVICE |
| Postgres | ||
CUSTOMIZATIONS_POSTGRES_HOST |
Hostname of server hosting the PostgreSQL instance | |
CUSTOMIZATIONS_POSTGRES_PORT |
Port to connect to on the PostgreSQL hostname | |
CUSTOMIZATIONS_POSTGRES_USER |
The existing user that will own the customizations database and be used at runtime | (**) See note below |
CUSTOMIZATIONS_POSTGRES_PASSWORD |
Password for CUSTOMIZATIONS_POSTGRES_USER |
|
CUSTOMIZATIONS_DATABASE_NAME |
The database that will be created/used to hold data about customizations | |
| S3 Object Storage | ||
CUSTOMIZATIONS_STORAGE_ENDPOINT |
URL to connect to the object storage instance for models storage | |
CUSTOMIZATIONS_STORAGE_BUCKET |
Bucket container name. Bucket must already contain the STT models and is also where customization data will be stored | |
CUSTOMIZATIONS_STORAGE_REGION |
Region where the bucket is created. Only required for cos storage type. |
|
CUSTOMIZATIONS_STORAGE_ACCESS_KEY |
Access key to connect to model storage | |
CUSTOMIZATIONS_STORAGE_SECRET_KEY |
Secret key to connect to model storage | |
| Java Resources/Memory | ||
RESOURCES_MEMORY |
Used with JAVA_HEAP_PERCENT to set the dynamic memory allocated to the JVM |
(*) See note below |
JAVA_HEAP_PERCENT |
Percentage of the available memory (RESOURCES_MEMORY) to set as the JAVA_STARTING_HEAP and JAVA_MAX_HEAP |
80% |
JAVA_MAX_HEAP |
Maximum dynamic memory allocation for the Java process running the customization server | Product of RESOURCES_MEMORY and JAVA_HEAP_PERCENT |
JAVA_STARTING_HEAP |
Starting dynamic memory allocation for the Java process running the customization server | Product of RESOURCES_MEMORY and JAVA_HEAP_PERCENT |
(*) If RESOURCES_MEMORY, JAVA_MAX_HEAP, and JAVA_STARTING_HEAP are unset, the default memory allocation is 128 MiB. It is recommended to explicitly set the value instead of using the default. In Kubernetes,
you can use the downward API to reference the allocated resources:
name: RESOURCES_MEMORY
valueFrom:
resourceFieldRef:
containerName: runtime
resource: requests.memory
(**) Note: Make sure the CUSTOMIZATIONS_POSTGRES_USER matches the PGUSER used in the watson-stt-utils container to create the customization database.
watson-stt-haproxy
| Environment Variable | Description |
|---|---|
TLS_SERVER_CERT_FILE |
Path to file containing the server TLS cert |
TLS_SERVER_KEY_FILE |
Path to file containing the server private key for TLS |
ENABLE_MTLS |
Set to true for mutual TLS with client verification |
TLS_SERVER_TRUST_FILE |
Path to a file or directory containing the CA certificates to trust for client auth |
watson-stt-runtime
| Environment Variable | Description | Default Value |
|---|---|---|
| Required | ||
MODELS |
Comma separated list of enabled models to serve | |
| Default Values | ||
DEFAULT_MODEL |
Default model to use for speech recognition requests | en-US_Multimedia |
LOG_LEVEL |
Configures logging for runtime events | INFO |
ANONYMIZE_LOGS |
Set to true to anonymize the log output. Note that ANONYMIZE_LOGS cannot be true if LOG_LEVEL is "DEBUG" |
true |
USE_LOCAL_MODELS |
Controls whether to use local models and catalog files or to pull data from object storage | true |
CATALOG_PATH |
If pulling the catalog and models from a remote model storage, a path is required for where the catalog will live in remote storage. | If USE_LOCAL_MODELS then var/catalog.json, else no default |
| Required for remote storage and customization | ||
MODEL_STORAGE_ENDPOINT |
URL to connect to the object storage instance for models storage | |
MODEL_STORAGE_BUCKET |
Object Storage Bucket containing model data | |
MODEL_STORAGE_ACCESS_KEY |
HMAC Access Key to connect to model storage | |
MODEL_STORAGE_SECRET_KEY |
HMAC Secret Key to connect to model storage | |
MODEL_STORAGE_PREFIX |
Path prefix to where models are stored in the bucket | models |
| For Customization | ||
ENABLE_CUSTOMIZATIONS |
Controls whether customization configs should be validated and configured. If this value is set to true, USE_LOCAL_MODELS must be set to false |
false |
RUNTIME_SERVICE |
Service endpoint that routes to the runtime containers | |
CUSTOMIZATIONS_SERVICE |
Service endpoint for customization, used for connecting requests to the customization service | |
CUSTOMIZATIONS_STORAGE_* |
The same environment variables for customizations S3 object storage can be set to configure customization object storage | Default to the MODEL_STORAGE_* values |
| Resources/Memory | ||
RESOURCES_CPU |
Informs the runtime of the resources allocated to it so that it can manage session resources | (*) See note below |
RESOURCES_MEMORY |
Informs the runtime of the resources allocated to it so that it can manage session resources | (*) See note below |
(*) If unset the service will attempt to determine the allocated resources. It is recommended to explicitly set the value instead of relying on the default. In Kubernetes, you can use the downward API to reference the allocated resources:
name: RESOURCES_CPU
valueFrom:
resourceFieldRef:
containerName: runtime
resource: requests.cpu
name: RESOURCES_MEMORY
valueFrom:
resourceFieldRef:
containerName: runtime
resource: requests.memory
watson-stt-utils
| Environment Variable | Description | Default Value |
|---|---|---|
PGHOST |
Hostname of server hosting the PostgreSQL instance | |
PGPORT |
Port to connect to on the PostgreSQL hostname | |
PGUSER |
User used to create the customizations database | (*) See note below |
PGPASSWORD |
Password for PGUSER |
|
PGDATABASE |
The database used to establish the connection before creating the customizations database | |
PGCONNECT_TIMEOUT |
Maximum time to wait while connecting, in seconds (write as a decimal integer). Zero, negative, or not specified means wait indefinitely. The minimum allowed timeout is 2 seconds | 3 |
CUSTOMIZATIONS_DATABASE_NAME |
The database that will be created to hold data about customizations | stt-customizations |
CUSTOMIZATIONS_DATABASE_OWNER |
An existing user that will own the created database | postgres (*) See note below |
(*) Note: The PGUSER needs to have CREATEDB permissions in order to create the customizations database. In addition, PGUSERshould match CUSTOMIZATIONS_DATABASE_OWNER which
should also match the CUSTOMIZATIONS_POSTGRES_USER set in the watson-stt-customization container.
Networking
The provided container images launch servers serving APIs over network interfaces. It is important to understand the expected usage of the network interfaces in order to secure them.
The watson-stt-runtime container supports synchronous HTTP requests and a WebSocket interface that provides a full-duplex, low-latency communication channel: Clients send requests and audio to the service and receive results over
a single connection. The server does not support TLS. It listens for requests on port 1080.
The watson-stt-haproxy container wraps the HAProxy reverse-proxy and should be used to implement TLS termination for the runtime. In a typical Kubernetes deployment, watson-stt-haproxy and watson-stt-runtime should be together in a pod. watson-stt-haproxy is configured by an haproxy.cfg file mounted at the path /etc/haproxy/haproxy.cfg. Documentation on the configurations
for HAProxy can be found
on the haproxy website.
x509 certificates used for TLS contain a public certificate and a private key. Usually, these are stored in separate files; however, HAProxy requires a single PEM file containing the content of both. Further documentation on configuring TLS in HAProxy can be found here. For mutual TLS, follow the HAProxy guidelines here.