Configure Digital Channels
Learn how to configure Digital Channels.
Complete the steps on this page to configure your Digital Channels deployment.
Override Helm chart values
You can specify parameters for the deployment by overriding Helm chart values in the values.yaml file. See the Parameters table for a full list of overridable values.
For more information about how to override Helm chart values, see Overriding Helm chart values.
Parameter | Description | Valid values | Default |
---|---|---|---|
global.imageRegistry | The Docker registry from which Kubernetes pulls images. | A valid registry URL | nil |
global.imagePullSecrets | An array of global docker-registry secret names. | An array of secret names | [] (does not add image pull secrets to deployed pods) |
global.storageClass | The global storage class used for dynamic provisioning. | A valid storage class | nil |
image.registry |
The Nexus image registry. | A valid registry URL | TBD |
image.repository | The Nexus image name. | A valid image name | nexus/nexus |
image.pullPolicy | Specifies when Kubernetes pulls images from the registry on start up. | IfNotPresent or Always | IfNotPresent |
imagePullSecrets | An array of docker-registry secret names. | An array of secret names | [] (does not add image pull secrets to deployed pods) |
nameOverride | A string to partially override the nexus.fullname template. This string is prepended to the release name. | String | nil |
fullnameOverride | A string to fully override the nexus.fullname template. | String | nil |
nexus.redirectProtocol | Defines the Web Services and Applications to Nexus redirect protocol (HTTP or HTTPS). | A valid protocol | http:// |
nexus.fqdn |
The internal or external URI of the nexus services. | http://nexus.nexus.svc
or http(s)://<your nexus external url> |
nil |
nexus.redis.enabled |
Specifies whether to use Redis. You must not changes this from the default value of true. | true | true |
nexus.redis.nodes | A comma-separated list of Redis nodes to connect. | A valid URL | redis://nexus-redis-master.default.svc.cluster.local:6379 |
nexus.redis.useCluster | Specifies whether to deploy Redis as a cluster. | true or false | false |
nexus.redis.enableTls | Specifies whether to use TLS on the Redis connection. | true or false | false |
nexus.redis.password | The password for Redis authentication. | A valid password | "" |
nexus.db.host |
The Postgres service URL. | A valid URL | nexus-postgres-postgresql.default.svc.cluster.local |
nexus.db.port | The Postgres service port. | A valid port | 5432 |
nexus.db.user | The user assigned for the Nexus application to access Postgres. | A valid user | nexus |
nexus.db.password | The password assigned for the Nexus application to access Postgres. | A valid password | nexus |
nexus.db.enableSSL | Enable an SSL connection to PostgreSQL. | true or false | false |
podSecurityContext.runAsNonRoot | Specifies whether the container must run as a non-root user. | true or false | true |
podSecurityContext.runAsUser | The user ID to run the entry point of the container process. | A valid user ID | 500 |
podSecurityContext.runAsGroup | The group ID to run the entry point of the container process. | A valid group ID | 500 |
podSecurityContext.fsGroup | A supplemental group ID that applies to all containers in a pod. | A valid group ID | 500 |
resources | The requests and limits for CPU and memory usage in Kubernetes. See the Kubernetes documentation for details. | requests: { cpu: "300m", memory: "512Mi" } | |
affinity | Specifies the affinity and anti-affinity for Digital Channels pods. See the Kubernetes documentation for details. | Object | {} |
nodeSelector | The labels Kubernetes uses to assign pods to nodes. See the Kubernetes documentation for details. | Object | {} |
tolerations | The tolerations Kubernetes uses for advanced pod scheduling. See the Kubernetes documentation for details. | Object | [] |
priorityClassName | The class name Kubernetes uses to determine the priority of a pod relative to other pods. See the Kubernetes documentation for details. | A valid priority class name | "" |
monitoring.enabled | Specifies whether to deploy Custom Resource Definitions (CRD) for ServiceMonitors to determine which services should be monitored. | true or false | false |
service.type | The Kubernetes service type. | See the Kubernetes documentation for details. | LoadBalancer |
service.port | The Kubernetes service HTTP port. | A valid port | 80 |
service.httpsPort | The Kubernetes service HTTPS port. | A valid port | 443 |
service.nodePorts.http | The Kubernetes service HTTP node port. | A valid port | "" |
service.nodePorts.https | The Kubernetes service HTTPS node port. | A valid port | "" |
service.externalTrafficPolicy | Enables client source IP preservation. See the Kubernetes documentation for details. | Cluster or Local | Cluster |
service.loadBalancerIP | The IP address of the load balancer service. | A valid IP address | "" |
ingress.enabled |
Enables the ingress controller resource. | true or false | false |
ingress.annotations | The ingress annotations. | A valid set of annotations as "name: value" | [] |
ingress.certManager | Add annotations for cert-manager. | true or false | false |
ingress.hosts[0].name | The hostname of your Nexus installation. | A valid hostname | nexus.local |
ingress.hosts[0].paths |
The internal or external URI of the nexus services. | paths:
- path: '/chat/v3/'
port: http
- path: '/nexus/v3/'
port: http
- path: '/ux/'
port: http
- path: '/admin/'
port: http
- path: '/auth/'
port: http
- path: '/health/'
port: http paths:
- path: '/'
port: http |
/ |
ingress.hosts[0].tls | Specifies whether to use TLS backend in ingress. | true or false | false |
ingress.hosts[0].tlsHosts | An array of TLS hosts for ingress record. If nil, this value defaults to the value of ingress.hosts[0].name. | Valid hosts | nil |
ingress.hosts[0].tlsSecret | The TLS secret (certificates). | A valid secret | nexus.local-tls-secret |
ingress.secrets[0].name | The TLS secret name. | A valid name | nil |
ingress.secrets[0].certificate | The TLS secret certificate. | A valid certificate | nil |
ingress.secrets[0].key | The TLS secret key. | A valid key | nil |
podAnnotations | Custom annotations for each pod. | A valid set of labels as "name: value" | {} |
Configure security
To learn more about how security is configured for private edition, be sure to read Permissions and OpenShift security settings.
The security context settings define the privilege and access control settings for pods and containers.
By default, the user and group IDs are set in the values.yaml file as500:500:500
, meaning the genesys user.podSecurityContext:
runAsUser: 500
runAsGroup: 500
fsGroup: 500
runAsNonRoot: true