Configure Digital Channels

From Genesys Documentation
Jump to: navigation, search
This topic is part of the manual Digital Channels Private Edition Guide for version Current of Digital Channels.

Learn how to configure Digital Channels.

Complete the steps on this page to configure your Digital Channels deployment.

Override Helm chart values

You can specify parameters for the deployment by overriding Helm chart values in the values.yaml file. See the Parameters table for a full list of overridable values.

For more information about how to override Helm chart values, see Overriding Helm chart values.

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that no user or group IDs are specified. For details, see Configure security below.

Parameters
Parameter Description Valid values Default
global.imageRegistry The Docker registry from which Kubernetes pulls images. A valid registry URL nil
global.imagePullSecrets An array of global docker-registry secret names. An array of secret names [] (does not add image pull secrets to deployed pods)
global.storageClass The global storage class used for dynamic provisioning. A valid storage class nil

image.registry

The Nexus image registry. A valid registry URL TBD
image.repository The Nexus image name. A valid image name nexus/nexus
image.pullPolicy Specifies when Kubernetes pulls images from the registry on start up. IfNotPresent or Always IfNotPresent
imagePullSecrets An array of docker-registry secret names. An array of secret names [] (does not add image pull secrets to deployed pods)
nameOverride A string to partially override the nexus.fullname template. This string is prepended to the release name. String nil
fullnameOverride A string to fully override the nexus.fullname template. String nil
nexus.redirectProtocol Defines the Web Services and Applications to Nexus redirect protocol (HTTP or HTTPS). A valid protocol http://

nexus.fqdn

The internal or external URI of the nexus services. http://nexus.nexus.svc

or

http(s)://<your nexus external url>

nil

nexus.redis.enabled

Specifies whether to use Redis. You must not changes this from the default value of true. true true
nexus.redis.nodes A comma-separated list of Redis nodes to connect. A valid URL redis://nexus-redis-master.default.svc.cluster.local:6379
nexus.redis.useCluster Specifies whether to deploy Redis as a cluster. true or false false
nexus.redis.enableTls Specifies whether to use TLS on the Redis connection. true or false false
nexus.redis.password The password for Redis authentication. A valid password ""

nexus.db.host

The Postgres service URL. A valid URL nexus-postgres-postgresql.default.svc.cluster.local
nexus.db.port The Postgres service port. A valid port 5432
nexus.db.user The user assigned for the Nexus application to access Postgres. A valid user nexus
nexus.db.password The password assigned for the Nexus application to access Postgres. A valid password nexus
nexus.db.enableSSL Enable an SSL connection to PostgreSQL. true or false false
podSecurityContext.runAsNonRoot Specifies whether the container must run as a non-root user. true or false true
podSecurityContext.runAsUser The user ID to run the entry point of the container process. In OpenShift, if your deployment uses arbitrary UIDs set this value to null. A valid user ID 500
podSecurityContext.runAsGroup The group ID to run the entry point of the container process. In OpenShift, if your deployment uses arbitrary UIDs set this value to 0. A valid group ID 500
podSecurityContext.fsGroup A supplemental group ID that applies to all containers in a pod. In OpenShift, if your deployment uses arbitrary UIDs set this value to null. A valid group ID 500
resources The requests and limits for CPU and memory usage in Kubernetes. See the Kubernetes documentation for details. requests: { cpu: "300m", memory: "512Mi" }
affinity Specifies the affinity and anti-affinity for Digital Channels pods. See the Kubernetes documentation for details. Object {}
nodeSelector The labels Kubernetes uses to assign pods to nodes. See the Kubernetes documentation for details. Object {}
tolerations The tolerations Kubernetes uses for advanced pod scheduling. See the Kubernetes documentation for details. Object []
priorityClassName The class name Kubernetes uses to determine the priority of a pod relative to other pods. See the Kubernetes documentation for details. A valid priority class name ""
monitoring.enabled Specifies whether to deploy Custom Resource Definitions (CRD) for ServiceMonitors to determine which services should be monitored. true or false false
service.type The Kubernetes service type. See the Kubernetes documentation for details. LoadBalancer
service.port The Kubernetes service HTTP port. A valid port 80
service.httpsPort The Kubernetes service HTTPS port. A valid port 443
service.nodePorts.http The Kubernetes service HTTP node port. A valid port ""
service.nodePorts.https The Kubernetes service HTTPS node port. A valid port ""
service.externalTrafficPolicy Enables client source IP preservation. See the Kubernetes documentation for details. Cluster or Local Cluster
service.loadBalancerIP The IP address of the load balancer service. A valid IP address ""

ingress.enabled

Enables the ingress controller resource. true or false false
ingress.annotations The ingress annotations. A valid set of annotations as "name: value" []
ingress.certManager Add annotations for cert-manager. true or false false
ingress.hosts[0].name The hostname of your Nexus installation. A valid hostname nexus.local

ingress.hosts[0].paths

The internal or external URI of the nexus services.
paths:
    - path: '/chat/v3/'
      port: http
    - path: '/nexus/v3/'
      port: http
    - path: '/ux/'
      port: http
    - path: '/admin/'
      port: http
    - path: '/auth/'
      port: http
    - path: '/health/'
      port: http
or
paths:
    - path: '/'
      port: http
/
ingress.hosts[0].tls Specifies whether to use TLS backend in ingress. true or false false
ingress.hosts[0].tlsHosts An array of TLS hosts for ingress record. If nil, this value defaults to the value of ingress.hosts[0].name. Valid hosts nil
ingress.hosts[0].tlsSecret The TLS secret (certificates). A valid secret nexus.local-tls-secret
ingress.secrets[0].name The TLS secret name. A valid name nil
ingress.secrets[0].certificate The TLS secret certificate. A valid certificate nil
ingress.secrets[0].key The TLS secret key. A valid key nil
podAnnotations Custom annotations for each pod. A valid set of labels as "name: value" {}

Configure security

To learn more about how security is configured for private edition, be sure to read Permissions and OpenShift security settings.

The security context settings define the privilege and access control settings for pods and containers.

By default, the user and group IDs are set in the values.yaml file as 500:500:500, meaning the genesys user.
podSecurityContext:
    runAsUser: 500
    runAsGroup: 500
    fsGroup: 500
    runAsNonRoot: true

Arbitrary UIDs in OpenShift

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that you do not define any specific IDs.
podSecurityContext:
    runAsUser: null
    runAsGroup: 0
    fsGroup: null
    runAsNonRoot: true
For details about these parameters and possible values, see podSecurityContext.* in the Parameters table above.