Configure GSP
Contents
Learn how to configure GIM Stream Processor (GSP).
Override Helm chart values
Download the GSP Helm charts from JFrog using your credentials. You must override certain parameters in the GSP values.yaml file to provide deployment-specific values for certain parameters.
For general information about overriding Helm chart values, see Overriding Helm chart values in the Genesys Multicloud CX Private Edition Guide.
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the GSP values.yaml file, so that no user or group IDs are specified. For details, see Configure security, below.
To enable S3-compatible storage to store data that GSP requires during processing, see Configure S3-compatible storage, below.
At a minimum, you must override the following key entries in the GSP values.yaml file:
- image:
- registry — the registry from which Kubernetes will pull images (pureengage-docker-staging.jfrog.io by default)
- tag — the container image version
- imagePullSecrets:
- pureengage-docker-dev or pureengage-docker-staging — the secret from which Kubernetes will get credentials to pull the image from the registry
- kafka:
- bootstrap — the Kafka address to align with the infrastructure Kafka
If topic names in your Kafka configuration have been customized, you must also modify the kafka:topic parameter values to match. For more details about the required Kafka topics, see Kafka configuration.
Configure Kubernetes
Secrets
GSP requires the following secrets:
- docker-registry — Credentials to pull the image from the JFrog repository
- kafka-secrets — Credentials to access Kafka
- gsp-s3 — Credentials to access S3-compatible storage
Except for docker-registry and kafka-secrets, which you must create manually (see the environment setup instructions on Deploy GIM Stream Processor), Helm creates the secrets based on values you specify in the values.yaml file.
Config Maps
Helm creates a number of Config Maps based on option values you specify in the values.yaml file. There are no Config Maps you can configure directly.
Kubernetes API requirements
GSP uses Apache Flink as the engine for stateful stream processing, with communications handled via the Kubernetes API.
GSP needs permissions to use the following verbs:
- get, list, watch, and delete on jobs resources in the batch API group. GSP uses these commands during upgrade and for a pre-upgrade hook to ensure that the previous version of GSP is stopped before upgrading to the new version.
- update, get, create, watch, patch, delete, list on configmap resources in the general API group (“”). GSP uses these commands:
- To enable Flink's Kubernetes high availability (HA) services to function
- To record the path to the savepoint periodically taken by the take-savepoint cron job and by the upgrade hook
Configure security
The security context settings define the privilege and access control settings for pods and containers.
By default, the user and group IDs are set in the GSP values.yaml file as 500:500:500, meaning the genesys user.
securityContext:
runAsNonRoot: true
runAsUser: 500
runAsGroup: 500
fsGroup: 500
containerSecurityContext: {}
Arbitrary UIDs in OpenShift
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the GSP values.yaml file, so that you do not define any specific IDs.
securityContext:
runAsNonRoot: true
runAsUser: null
runAsGroup: 0
fsGroup: null
containerSecurityContext: {}
Configure S3-compatible storage
To enable S3-compatible storage, modify the following entries in the values.yaml file:
- azure:
- enabled: false
- storage:
- gspPrefix — the bucket name
- gcaSnapshots — the bucket name where the GCA snapshot is stored
- s3 — the applicable details defined with the OBC or GCP bucket
- Note: The host parameter is ignored.
OpenShift example
azure:
enabled: false
..
storage:
host: gspstate{{.Values.short_location}}{{.Values.environment}}.blob.core.windows.net
#gspPrefix: wasbs://gsp-state@{{ tpl .Values.job.storage.host . }}/{{ .Release.Name }}/
gspPrefix: "s3p://gim-3f7ac1ab-03b9-445b-ba12-137d4bbc3c38/{{ .Release.Name }}/"
#gcaSnapshots: wasbs://gca@{{ tpl .Values.job.storage.host . }}/
gcaSnapshots: "s3p://gim-3f7ac1ab-03b9-445b-ba12-137d4bbc3c38/gca/"
checkpoints: '{{ tpl .Values.job.storage.gspPrefix . }}checkpoints'
savepoints: '{{ tpl .Values.job.storage.gspPrefix . }}savepoints'
highAvailability: '{{ tpl .Values.job.storage.gspPrefix . }}ha'
s3:
endpoint: "https://s3.openshift-storage.svc:443"
accessKey: "<access key>"
secretKey: "<secret key>"
pathStyleAccess: "true"
GKE example
azure:
enabled: false
...
storage:
host: gspstate{{.Values.short_location}}{{.Values.environment}}.blob.core.windows.net
#gspPrefix: wasbs://gsp-state@{{ tpl .Values.job.storage.host . }}/{{ .Release.Name }}/
gspPrefix: "s3p://test-example-bucket-one/{{ .Release.Name }}/"
#gcaSnapshots: wasbs://gca@{{ tpl .Values.job.storage.host . }}/
gcaSnapshots: "s3p://test-example-bucket-one/gca/"
checkpoints: '{{ tpl .Values.job.storage.gspPrefix . }}checkpoints'
savepoints: '{{ tpl .Values.job.storage.gspPrefix . }}savepoints'
highAvailability: '{{ tpl .Values.job.storage.gspPrefix . }}ha'
s3:
endpoint: "https://storage.googleapis.com:443"
accessKey: "<access Key>"
secretKey: "<secret key>"
pathStyleAccess: "true"