Configure GCA
Contents
Learn how to configure GIM Config Adapter (GCA).
Override Helm chart values
Download the gca and gca-monitoring Helm charts from JFrog using your credentials. You must override certain parameters in the GCA values.yaml file to provide deployment-specific values for certain parameters.
For general information about overriding Helm chart values, see Overriding Helm chart values in the Genesys Multicloud CX Private Edition Guide.
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the GCA values.yaml file, so that no user or group IDs are specified. For details, see Configure security, below.
To enable S3-compatible storage to store the GCA snapshot, see Configure S3-compatible storage, below.
At a minimum, you must override the following key entries in the GCA values.yaml file:
- image:
- registry — the registry from which Kubernetes will pull images (pureengage-docker-staging.jfrog.io by default)
- tag - the container image version
- tenant_id - the TenantID of the tenant in use
- cfgdb - the applicable details for the Configuration Database, created before you deployed the Tenant service
- name - the name of the database
- host - the host on which the DBMS is running
- username - the user account for GCA to access the database. The user account must have at least read permissions.
- password - the password for the user account
- gimdb - the applicable details for the Info Mart database
- name - the name of the database
- host - the host on which the DBMS is running
- username - the user account created when you created the database (see Create the Info Mart database)
- password - the password for the user account
- kafka:
- bootstrap - the Kafka address to align with the infrastructure Kafka
- password - the Kafka password, if Kafka requires authentication
Note: tenant_id and kafka:password (optional) are currently not included in the values.yaml file. Either add these parameters to your customized values.yaml file or else specify them in the command line when you install the Helm chart.
Configure Kubernetes
Secrets
GCA requires the following secrets:
- docker-registry — Credentials to pull the image from the JFrog repository
- {{.Release.Name}}-kafka-secrets — Credentials to access Kafka
- {{.Release.Name}}-cfgdb-secrets — Credentials to access the Configuration Database
- {{.Release.Name}}-gimdb-secrets — Credentials to access the Info Mart database
- {{.Release.Name}}-storage-secret — Credentials to access optional S3-compatible storage (for Data Export)
Except for docker-registry, which you must create manually (see the environment setup instructions on Deploy GIM Config Adapter), Helm creates the secrets based on values you specify in the values.yaml file.
Config Maps
There are no Config Maps you can configure directly.
Configure security
The security context settings define the privilege and access control settings for pods and containers.
By default, the user and group IDs are set in the GCA values.yaml file as 500:500:500, meaning the genesys user.
securityContext:
runAsNonRoot: true
runAsUser: 500
runAsGroup: 500
fsGroup: 500
containerSecurityContext: {}
Arbitrary UIDs in OpenShift
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the GCA values.yaml file, so that you do not define any specific IDs.
securityContext:
runAsNonRoot: true
runAsUser: null
runAsGroup: 0
fsGroup: null
containerSecurityContext: {}
Configure S3-compatible storage
If you are using S3-compatible object storage on OpenShift or GCP to store the GCA snapshot, modify the following storage: s3 entries in the values.yaml file:
- bucket — the bucket name
- gcaSnapshots — the volume or folder in the bucket where the GCA snapshot is stored
- accessKey — the access key created when you created the bucket
- secretKey — the secret created when you created the bucket
- endPoint — the bucket host
OpenShift example
storage:
...
s3:
bucket: "gim-3f7ac1ab-03b9-445b-ba12-137d4bbc3c38"
gcaSnapshots: "/gca"
accessKey: "<Access Key>"
secretKey: "<Secret Key>"
useSSL: true
endPoint: "s3.openshift-storage.svc"
port: 443
Insecure: true
GKE example
storage:
...
s3:
bucket: "test-example-bucket-one"
gcaSnapshots: "/gca"
accessKey: "<Access Key>"
secretKey: "<Secret Key>"
useSSL: true
endPoint: "storage.googleapis.com"
port: 443
Insecure: true