Configure BDS

From Genesys Documentation
Jump to: navigation, search
This topic is part of the manual Billing Data Service Private Edition Guide for version Current of Billing Data Service.

Learn how to configure Billing Data Service (BDS).

Related documentation:

Override Helm chart values

You can override values in the Helm charts to configure Private Edition. For more information about overriding Helm chart values, see the "suite-level" documentation about how to override Helm chart values: Overriding Helm chart values

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that no user or group IDs are specified. For more details, see the Configure security section.

This page provides an overview of configuration; detailed steps appear on the Provision BDS and Deploy BDS pages.

The following table lists values you can override for BDS:

Parameter Description Default value Valid values Notes
tenantName Name of Tenant "" lower case string
podLabels.app Label bus string
podLabels.name Labels bds string
nameSpace Namespace where BDS is deployed bds string Leave blank if not used
bdsApp.deployment.job.schedule Cronjob schedule "0 3,15 * * *" Cronjob schedule format
bdsApp.image.registry Image registry name {} string
bdsApp.image.repository Image repository name cloudbilling/ string
bdsApp.image.tag Image tag "" string
bdsApp.image.pullPolicy Image pull Policy IfNotPresent Policy
bdsApp.image.pullSecrets.name Secrets for docker registry "" string Leave blank if not used
bdsApp.container.env.pgValue Prometheus Push Gateway URL. Set to empty string if Push Gateway is not available. "http://prometheus-pushgateway.monitoring.svc.cluster.local:9091/metrics" URL
bdsApp.container.env.modeValue BDS mode type MULTICLOUD string change to MULTICLOUD_PE
bdsApp.volumes.pvc.claim PVC used to mount file share {} string
bdsApp.config.name Name of the config map bds-config string
bdsApp.gvars.name Name of the config map bds-config string
bdsApp.secrets.gvp.secretName GVP shared secret name shared-secret-gvp string or null Leave blank if not used
bdsApp.secrets.gvp.volumes.ProviderClassName Populate if CSI is used "" Leave blank if not used
bdsApp.secrets.gvp.volumes.driver Populate if CSI is used "" Leave blank if not used
bdsApp.secrets.gim.secretName GIM shared secret name shared-gim-db-t string or null Leave blank if not used
bdsApp.secrets.gim.volumes.tenantID Tenant ID is used as part of secret name "" string
bdsApp.secrets.gim.volumes.ProviderClassName Populate if CSI is used "" string or null Leave blank if not used
bdsApp.secrets.gim.volumes.driver Populate if CSI is used "" string or null Leave blank if not used
bdsApp.secrets.consul.secretName Consul shared secret name shared-consul-consul-bds-token string or null Leave blank if not used
bdsApp.secrets.consul.volumes.ProviderClassName Populate if CSI is used "" string or null Leave blank if not used
bdsApp.secrets.consul.volumes.driver Populate if CSI is used "" string or null Leave blank if not used
bdsApp.secrets.gws.secretName GWS shared secret name "" string or null Leave blank if not used
bdsApp.secrets.gws.mount.name GWS secret mount name "" string or null Mandatory if GWS shared secret used
bdsApp.secrets.manual.secretName Manual secrets "" string Mandatory
bdsApp.resources.limits.cpu Maximum CPU count 2 integer
bdsApp.resources.limits.memory Maximum Memory volume 4Gi
bdsApp.resources.requests.cpu Guaranteed amount of CPU 0.25 percent / 100
bdsApp.resources.requests.memory Guaranteed amount of memory 1Gi
bdsApp.priorityClassName "" Leave blank if not used
bdsApp.nodeSelector "" Leave blank if not used
bdsApp.monitoring.enabled Turn on/off monitoring "false" "false" / "true"
bdsApp.secrets.gim.mounts.name Name of the volume mount for GIM secrets, if stored as volume. shared-secret-gim string Must be set to "" or null if manual secrets are used.
bdsApp.secrets.gvp.mounts.name Name of the volume mount for GVP secrets, if stored as volume. shared-secret-gvp string Must be set to "" or null if manual secrets are used.
bdsApp.secrets.consul.mounts.name Name of the volume mount for Consul secrets, if stored as volume. shared-secret-consul string Must be set to "" or null if manual secrets are used.


NOTE: Do not override values other than the parameters mentioned in the preceding table; doing so could cause deployment to fail.

Configure Kubernetes

Configs Layout

Tenant configuration is stored in ConfigMap. Contains BDS configurations files: 

data:
  config-<tenant_name>.json: {}
  gvars.py: {}

Layout of Secrets:

Shared Secrets:

Create secrets manually using the instructions in Create Secrets.

Genesys Info Mart — Example of GIM configuration section:
"gimdb": {
    "db_type": "postgre",
    "driver_name": "PostgreSQL",
    "server": "BDS_CFG_GLOBALS_GIM_DB_HOST_PLACEHOLDER",
    "port": 5432,
    "database": "BDS_CFG_GLOBALS_GIM_DB_NAME_PLACEHOLDER",
    "username": "BDS_CFG_GLOBALS_GIM_DB_USR_PLACEHOLDER",
    "password": "BDS_CFG_GLOBALS_GIM_DB_PSW_PLACEHOLDER"
}

Install the following PLACEHOLDERs with values as secrets: 

BDS_CFG_GLOBALS_GIM_DB_USR_PLACEHOLDER
BDS_CFG_GLOBALS_GIM_DB_PSW_PLACEHOLDER
BDS_CFG_GLOBALS_GIM_DB_HOST_PLACEHOLDER
– add to secrets or replace with value in tenant config file 
BDS_CFG_GLOBALS_GIM_DB_NAME_PLACEHOLDER
– add to secrets or replace with value in tenant config file
GVP — Example of GVP configuration section :
"gvp": {
    "gvp_primary_rs_name": "GVP",
    "db_type": "sql_server",
    "driver_name": "FreeTDS",
    "server": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_HOST_PLACEHOLDER",
    "port": 1433,
    "database": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_NAME_PLACEHOLDER",
    "username": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_USR_PLACEHOLDER",
    "password": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_PSW_PLACEHOLDER"
}

Install the following PLACEHOLDERs with values as secrets: 

BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_USR_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_PSW_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_HOST_PLACEHOLDER
– add to secrets or replace with value in tenant config file 
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_NAME_PLACEHOLDER
– add to secrets or replace with value in tenant config file
Consul — Example of Consul configuration section :
"consul": {
    "token": "BDS_CFG_CONSUL_TOKEN_PLACEHOLDER",
    "url_api": "BDS_CFG_CONSUL_URL_API_PLACEHOLDER"
}
Important
Beginning with 100.0.003.0009 release, the url_api parameter must include the api version and key value endpoint.
For example: https://consul.genesys.svc.cluster.local:8501/v1/kv

Install the following PLACEHOLDERs with values as secrets: 

BDS_CFG_CONSUL_TOKEN_PLACEHOLDER

Manual secrets:

Secrets created manually. Values pulled from shared key-vault or added manually.

Assigned to POD as environment variables.

GWS

Client ID and Secret to access AUTH service.

Values assigned manually. 

BDS_CFG_BDS_DEV_GWS_CLIENTID_PLACEHOLDER
BDS_CFG_BDS_DEV_GWS_CLIENT_SECRET_PLACEHOLDER

Configuration example: 

"gws": {
   "host": "BDS_CFG_GWS_HOST_PLACEHOLDER",
    "auth_host": "BDS_CFG_GWS_AUTH_HOST_PLACEHOLDER",
    "grant_type": "client_credentials",
    "client_id": "BDS_CFG_GLOBALS_GWS_USR_PLACEHOLDER",
    "client_secret": "BDS_CFG_GLOBALS_GWS_PSW_PLACEHOLDER"
}
SFTP

BDS automatically uploads the resulting output files at the end of job runs, to the SFTP server. You can configure the SFTP server details in the loader_sftp section.

An example SFTP configuration section is as follows. In the example, the values for hostname and hostkey corresponds to the Genesys SFTP server. You can use the same values to configure the Genesys SFTP server for uploading BDS files. 

"loader_sftp": {
	"hostname": "BDS_CFG_SFTP_HOST_PLACEHOLDER",
	"hostkey": "ssh-rsa SHA256:gT7Aa37+yTnd6mwv6Nl01E44u2o2TYxlL/iPgA2T2wc",
	"path": "BDS_CFG_SFTP_PATH_PLACEHOLDER",
	"username": "BDS_CFG_LEGACY_GLOBALS_SFTP_USR_PLACEHOLDER",
	"password": "BDS_CFG_LEGACY_GLOBALS_SFTP_PSW_PLACEHOLDER"
}
GVP

Manually obtained GVP secrets to get BD DB access from secondary region (used if secondary region exists). 

BDS_CFG_GLOBALS_GVP_DB_WESTUS2_USR_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_PSW_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_HOST_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_NAME_PLACEHOLDER

Configure security

Example of SFTP configuration section: 

"loader_sftp": {
	"hostname": "BDS_CFG_SFTP_HOST_PLACEHOLDER",
	"hostkey": "ssh-rsa SHA256:gT7Aa37+yTnd6mwv6Nl01E44u2o2TYxlL/iPgA2T2wc",
	"path": "BDS_CFG_SFTP_PATH_PLACEHOLDER",
	"username": "BDS_CFG_LEGACY_GLOBALS_SFTP_USR_PLACEHOLDER",
	"password": "BDS_CFG_LEGACY_GLOBALS_SFTP_PSW_PLACEHOLDER"
}

Pod security policy:

By default, BDS defines a user/group for running the process in the POD, as follows: 

securityContext:
    # Containers should run as genesys user and cannot use elevated permissions
   runAsNonRoot: true
   runAsUser: 500
   runAsGroup: 500
   fsGroup: 500

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings as shown in the following code, so that you do not define any specific IDs. 

securityContext:
  runAsNonRoot: true
  runAsGroup: null
  runAsUser: null
  fsGroup: null


Retrieved from "https://all.docs.genesys.com/BDS/Current/BDSPEGuide/Configure (2022-05-20 21:18:49)"