Configuration options
Configuration options to allow for further customization of Watson Speech to Text.
Container Environment Variables
Global
Environment Variable | Description |
---|---|
ACCEPT_LICENSE |
License acceptance required to run the containers |
watson-stt-customization
Variables that do not have a default value are required to be set for customization to work.
Environment Variable | Description | Default Value |
---|---|---|
CUSTOMIZATIONS_STORAGE_TYPE |
Type of S3 compatible storage that supports HMAC (access key and secret key) credentials. Options: cos or minio |
minio |
RUNTIME_SERVICE |
Service endpoint for the runtime, used to discover models and set runtime group | |
PATCH_GENERATOR_SERVICE |
Service endpoint for a runtime configured with the PatchGeneratorModel used for training | value of RUNTIME_SERVICE |
Postgres | ||
CUSTOMIZATIONS_POSTGRES_HOST |
Hostname of server hosting the PostgreSQL instance | |
CUSTOMIZATIONS_POSTGRES_PORT |
Port to connect to on the PostgreSQL hostname | |
CUSTOMIZATIONS_POSTGRES_USER |
The existing user that will own the customizations database and be used at runtime | (**) See note below |
CUSTOMIZATIONS_POSTGRES_PASSWORD |
Password for CUSTOMIZATIONS_POSTGRES_USER |
|
CUSTOMIZATIONS_DATABASE_NAME |
The database that will be created/used to hold data about customizations | |
S3 Object Storage | ||
CUSTOMIZATIONS_STORAGE_ENDPOINT |
URL to connect to the object storage instance for models storage | |
CUSTOMIZATIONS_STORAGE_BUCKET |
Bucket container name. Bucket must already contain the STT models and is also where customization data will be stored | |
CUSTOMIZATIONS_STORAGE_REGION |
Region where the bucket is created. Only required for cos storage type. |
|
CUSTOMIZATIONS_STORAGE_ACCESS_KEY |
Access key to connect to model storage | |
CUSTOMIZATIONS_STORAGE_SECRET_KEY |
Secret key to connect to model storage | |
Java Resources/Memory | ||
RESOURCES_MEMORY |
Used with JAVA_HEAP_PERCENT to set the dynamic memory allocated to the JVM |
(*) See note below |
JAVA_HEAP_PERCENT |
Percentage of the available memory (RESOURCES_MEMORY ) to set as the JAVA_STARTING_HEAP and JAVA_MAX_HEAP |
80% |
JAVA_MAX_HEAP |
Maximum dynamic memory allocation for the Java process running the customization server | Product of RESOURCES_MEMORY and JAVA_HEAP_PERCENT |
JAVA_STARTING_HEAP |
Starting dynamic memory allocation for the Java process running the customization server | Product of RESOURCES_MEMORY and JAVA_HEAP_PERCENT |
(*) If RESOURCES_MEMORY
, JAVA_MAX_HEAP
, and JAVA_STARTING_HEAP
are unset, the default memory allocation is 128 MiB. It is recommended to explicitly set the value instead of using the default. In Kubernetes,
you can use the downward API to reference the allocated resources:
name: RESOURCES_MEMORY
valueFrom:
resourceFieldRef:
containerName: runtime
resource: requests.memory
(**) Note: Make sure the CUSTOMIZATIONS_POSTGRES_USER
matches the PGUSER
used in the watson-stt-utils
container to create the customization database.
watson-stt-haproxy
Environment Variable | Description |
---|---|
TLS_SERVER_CERT_FILE |
Path to file containing the server TLS cert |
TLS_SERVER_KEY_FILE |
Path to file containing the server private key for TLS |
ENABLE_MTLS |
Set to true for mutual TLS with client verification |
TLS_SERVER_TRUST_FILE |
Path to a file or directory containing the CA certificates to trust for client auth |
watson-stt-runtime
Environment Variable | Description | Default Value |
---|---|---|
Required | ||
MODELS |
Comma separated list of enabled models to serve | |
Default Values | ||
DEFAULT_MODEL |
Default model to use for speech recognition requests | en-US_Multimedia |
LOG_LEVEL |
Configures logging for runtime events | INFO |
ANONYMIZE_LOGS |
Set to true to anonymize the log output. Note that ANONYMIZE_LOGS cannot be true if LOG_LEVEL is "DEBUG" |
true |
USE_LOCAL_MODELS |
Controls whether to use local models and catalog files or to pull data from object storage | true |
CATALOG_PATH |
If pulling the catalog and models from a remote model storage, a path is required for where the catalog will live in remote storage. | If USE_LOCAL_MODELS then var/catalog.json , else no default |
Required for remote storage and customization | ||
MODEL_STORAGE_ENDPOINT |
URL to connect to the object storage instance for models storage | |
MODEL_STORAGE_BUCKET |
Object Storage Bucket containing model data | |
MODEL_STORAGE_ACCESS_KEY |
HMAC Access Key to connect to model storage | |
MODEL_STORAGE_SECRET_KEY |
HMAC Secret Key to connect to model storage | |
MODEL_STORAGE_PREFIX |
Path prefix to where models are stored in the bucket | models |
For Customization | ||
ENABLE_CUSTOMIZATIONS |
Controls whether customization configs should be validated and configured. If this value is set to true , USE_LOCAL_MODELS must be set to false |
false |
RUNTIME_SERVICE |
Service endpoint that routes to the runtime containers | |
CUSTOMIZATIONS_SERVICE |
Service endpoint for customization, used for connecting requests to the customization service | |
CUSTOMIZATIONS_STORAGE_* |
The same environment variables for customizations S3 object storage can be set to configure customization object storage | Default to the MODEL_STORAGE_* values |
Resources/Memory | ||
RESOURCES_CPU |
Informs the runtime of the resources allocated to it so that it can manage session resources | (*) See note below |
RESOURCES_MEMORY |
Informs the runtime of the resources allocated to it so that it can manage session resources | (*) See note below |
(*) If unset the service will attempt to determine the allocated resources. It is recommended to explicitly set the value instead of relying on the default. In Kubernetes, you can use the downward API to reference the allocated resources:
name: RESOURCES_CPU
valueFrom:
resourceFieldRef:
containerName: runtime
resource: requests.cpu
name: RESOURCES_MEMORY
valueFrom:
resourceFieldRef:
containerName: runtime
resource: requests.memory
watson-stt-utils
Environment Variable | Description | Default Value |
---|---|---|
PGHOST |
Hostname of server hosting the PostgreSQL instance | |
PGPORT |
Port to connect to on the PostgreSQL hostname | |
PGUSER |
User used to create the customizations database | (*) See note below |
PGPASSWORD |
Password for PGUSER |
|
PGDATABASE |
The database used to establish the connection before creating the customizations database | |
PGCONNECT_TIMEOUT |
Maximum time to wait while connecting, in seconds (write as a decimal integer). Zero, negative, or not specified means wait indefinitely. The minimum allowed timeout is 2 seconds | 3 |
CUSTOMIZATIONS_DATABASE_NAME |
The database that will be created to hold data about customizations | stt-customizations |
CUSTOMIZATIONS_DATABASE_OWNER |
An existing user that will own the created database | postgres (*) See note below |
(*) Note: The PGUSER
needs to have CREATEDB
permissions in order to create the customizations database. In addition, PGUSER
should match CUSTOMIZATIONS_DATABASE_OWNER
which
should also match the CUSTOMIZATIONS_POSTGRES_USER
set in the watson-stt-customization
container.
Networking
The provided container images launch servers serving APIs over network interfaces. It is important to understand the expected usage of the network interfaces in order to secure them.
The watson-stt-runtime
container supports synchronous HTTP requests and a WebSocket interface that provides a full-duplex, low-latency communication channel: Clients send requests and audio to the service and receive results over
a single connection. The server does not support TLS. It listens for requests on port 1080.
The watson-stt-haproxy
container wraps the HAProxy reverse-proxy and should be used to implement TLS termination for the runtime. In a typical Kubernetes deployment, watson-stt-haproxy
and watson-stt-runtime
should be together in a pod. watson-stt-haproxy
is configured by an haproxy.cfg
file mounted at the path /etc/haproxy/haproxy.cfg
. Documentation on the configurations
for HAProxy can be found
on the haproxy website.
x509 certificates used for TLS contain a public certificate and a private key. Usually, these are stored in separate files; however, HAProxy requires a single PEM file containing the content of both. Further documentation on configuring TLS in HAProxy can be found here. For mutual TLS, follow the HAProxy guidelines here.