Configure BDS
Contents
Learn how to configure Billing Data Service (BDS).
Override Helm chart values
You can override values in the Helm charts to configure Private Edition. For more information about overriding Helm chart values, see the "suite-level" documentation about how to override Helm chart values: Overriding Helm chart values
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that no user or group IDs are specified. For more details, see the Configure security section.
This page provides an overview of configuration; detailed steps appear on the Provision BDS and Deploy BDS pages.
The following table lists values you can override for BDS:
Parameter | Description | Default value | Valid values | Notes |
---|---|---|---|---|
tenantName | Name of Tenant | "" | lower case string | |
podLabels.app | Label | bus | string | |
podLabels.name | Labels | bds | string | |
nameSpace | Namespace where BDS is deployed | bds | string | Leave blank if not used |
bdsApp.deployment.job.schedule | Cronjob schedule | "0 3,15 * * *" | Cronjob schedule format | |
bdsApp.image.registry | Image registry name | {} | string | |
bdsApp.image.repository | Image repository name | cloudbilling/ | string | |
bdsApp.image.tag | Image tag | "" | string | |
bdsApp.image.pullPolicy | Image pull Policy | IfNotPresent | Policy | |
bdsApp.image.pullSecrets.name | Secrets for docker registry | "" | string | Leave blank if not used |
bdsApp.container.env.pgValue | Prometheus Push Gateway URL. Set to empty string if Push Gateway is not available. | "http://prometheus-pushgateway.monitoring.svc.cluster.local:9091/metrics" | URL | |
bdsApp.container.env.modeValue | BDS mode type | MULTICLOUD | string | change to MULTICLOUD_PE |
bdsApp.volumes.pvc.claim | PVC used to mount file share | {} | string | |
bdsApp.config.name | Name of the config map | bds-config | string | |
bdsApp.gvars.name | Name of the config map | bds-config | string | |
bdsApp.secrets.gvp.secretName | GVP shared secret name | shared-secret-gvp | string or null | Leave blank if not used |
bdsApp.secrets.gvp.volumes.ProviderClassName | Populate if CSI is used | "" | Leave blank if not used | |
bdsApp.secrets.gvp.volumes.driver | Populate if CSI is used | "" | Leave blank if not used | |
bdsApp.secrets.gim.secretName | GIM shared secret name | shared-gim-db-t | string or null | Leave blank if not used |
bdsApp.secrets.gim.volumes.tenantID | Tenant ID is used as part of secret name | "" | string | |
bdsApp.secrets.gim.volumes.ProviderClassName | Populate if CSI is used | "" | string or null | Leave blank if not used |
bdsApp.secrets.gim.volumes.driver | Populate if CSI is used | "" | string or null | Leave blank if not used |
bdsApp.secrets.consul.secretName | Consul shared secret name | shared-consul-consul-bds-token | string or null | Leave blank if not used |
bdsApp.secrets.consul.volumes.ProviderClassName | Populate if CSI is used | "" | string or null | Leave blank if not used |
bdsApp.secrets.consul.volumes.driver | Populate if CSI is used | "" | string or null | Leave blank if not used |
bdsApp.secrets.gws.secretName | GWS shared secret name | "" | string or null | Leave blank if not used |
bdsApp.secrets.gws.mount.name | GWS secret mount name | "" | string or null | Mandatory if GWS shared secret used |
bdsApp.secrets.manual.secretName | Manual secrets | "" | string | Mandatory |
bdsApp.resources.limits.cpu | Maximum CPU count | 2 | integer | |
bdsApp.resources.limits.memory | Maximum Memory volume | 4Gi | ||
bdsApp.resources.requests.cpu | Guaranteed amount of CPU | 0.25 | percent / 100 | |
bdsApp.resources.requests.memory | Guaranteed amount of memory | 1Gi | ||
bdsApp.priorityClassName | "" | Leave blank if not used | ||
bdsApp.nodeSelector | "" | Leave blank if not used | ||
bdsApp.monitoring.enabled | Turn on/off monitoring | "false" | "false" / "true" | |
bdsApp.secrets.gim.mounts.name | Name of the volume mount for GIM secrets, if stored as volume. | shared-secret-gim | string | Must be set to "" or null if manual secrets are used. |
bdsApp.secrets.gvp.mounts.name | Name of the volume mount for GVP secrets, if stored as volume. | shared-secret-gvp | string | Must be set to "" or null if manual secrets are used. |
bdsApp.secrets.consul.mounts.name | Name of the volume mount for Consul secrets, if stored as volume. | shared-secret-consul | string | Must be set to "" or null if manual secrets are used. |
NOTE: Do not override values other than the parameters mentioned in the preceding table; doing so could cause deployment to fail.
Configure Kubernetes
Configs Layout
Tenant configuration is stored in ConfigMap. Contains BDS configurations files:
data:
config-<tenant_name>.json: {}
gvars.py: {}
Layout of Secrets:
Shared Secrets:
Create secrets manually using the instructions in Create Secrets.
Genesys Info Mart — Example of GIM configuration section:
"gimdb": {
"db_type": "postgre",
"driver_name": "PostgreSQL",
"server": "BDS_CFG_GLOBALS_GIM_DB_HOST_PLACEHOLDER",
"port": 5432,
"database": "BDS_CFG_GLOBALS_GIM_DB_NAME_PLACEHOLDER",
"username": "BDS_CFG_GLOBALS_GIM_DB_USR_PLACEHOLDER",
"password": "BDS_CFG_GLOBALS_GIM_DB_PSW_PLACEHOLDER"
}
Install the following PLACEHOLDERs with values as secrets:
BDS_CFG_GLOBALS_GIM_DB_USR_PLACEHOLDER
BDS_CFG_GLOBALS_GIM_DB_PSW_PLACEHOLDER
BDS_CFG_GLOBALS_GIM_DB_HOST_PLACEHOLDER
BDS_CFG_GLOBALS_GIM_DB_NAME_PLACEHOLDER
GVP — Example of GVP configuration section :
"gvp": {
"gvp_primary_rs_name": "GVP",
"db_type": "sql_server",
"driver_name": "FreeTDS",
"server": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_HOST_PLACEHOLDER",
"port": 1433,
"database": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_NAME_PLACEHOLDER",
"username": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_USR_PLACEHOLDER",
"password": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_PSW_PLACEHOLDER"
}
Install the following PLACEHOLDERs with values as secrets:
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_USR_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_PSW_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_HOST_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_NAME_PLACEHOLDER
Consul — Example of Consul configuration section :
"consul": {
"token": "BDS_CFG_CONSUL_TOKEN_PLACEHOLDER",
"url_api": "BDS_CFG_CONSUL_URL_API_PLACEHOLDER"
}
For example: https://consul.genesys.svc.cluster.local:8501/v1/kv
Install the following PLACEHOLDERs with values as secrets:
BDS_CFG_CONSUL_TOKEN_PLACEHOLDER
Manual secrets:
Secrets created manually. Values pulled from shared key-vault or added manually.
Assigned to POD as environment variables.
GWS
Client ID and Secret to access AUTH service.
Values assigned manually.
BDS_CFG_BDS_DEV_GWS_CLIENTID_PLACEHOLDER
BDS_CFG_BDS_DEV_GWS_CLIENT_SECRET_PLACEHOLDER
Configuration example:
"gws": {
"host": "BDS_CFG_GWS_HOST_PLACEHOLDER",
"auth_host": "BDS_CFG_GWS_AUTH_HOST_PLACEHOLDER",
"grant_type": "client_credentials",
"client_id": "BDS_CFG_GLOBALS_GWS_USR_PLACEHOLDER",
"client_secret": "BDS_CFG_GLOBALS_GWS_PSW_PLACEHOLDER"
}
SFTP
BDS automatically uploads the resulting output files at the end of job runs, to the SFTP server. You can configure the SFTP server details in the loader_sftp
section.
An example SFTP configuration section is as follows. In the example, the values for hostname and hostkey corresponds to the Genesys SFTP server. You can use the same values to configure the Genesys SFTP server for uploading BDS files.
"loader_sftp": {
"hostname": "BDS_CFG_SFTP_HOST_PLACEHOLDER",
"hostkey": "ssh-rsa SHA256:gT7Aa37+yTnd6mwv6Nl01E44u2o2TYxlL/iPgA2T2wc",
"path": "BDS_CFG_SFTP_PATH_PLACEHOLDER",
"username": "BDS_CFG_LEGACY_GLOBALS_SFTP_USR_PLACEHOLDER",
"password": "BDS_CFG_LEGACY_GLOBALS_SFTP_PSW_PLACEHOLDER"
}
GVP
Manually obtained GVP secrets to get BD DB access from secondary region (used if secondary region exists).
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_USR_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_PSW_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_HOST_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_NAME_PLACEHOLDER
Configure security
Example of SFTP configuration section:
"loader_sftp": {
"hostname": "BDS_CFG_SFTP_HOST_PLACEHOLDER",
"hostkey": "ssh-rsa SHA256:gT7Aa37+yTnd6mwv6Nl01E44u2o2TYxlL/iPgA2T2wc",
"path": "BDS_CFG_SFTP_PATH_PLACEHOLDER",
"username": "BDS_CFG_LEGACY_GLOBALS_SFTP_USR_PLACEHOLDER",
"password": "BDS_CFG_LEGACY_GLOBALS_SFTP_PSW_PLACEHOLDER"
}
Pod security policy:
By default, BDS defines a user/group for running the process in the POD, as follows:
securityContext:
# Containers should run as genesys user and cannot use elevated permissions
runAsNonRoot: true
runAsUser: 500
runAsGroup: 500
fsGroup: 500
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings as shown in the following code, so that you do not define any specific IDs.
securityContext:
runAsNonRoot: true
runAsGroup: null
runAsUser: null
fsGroup: null