Prerequisite software and third-party dependencies required for the Genesys Engage cloud private edition environment.
This article describes the prerequisites and third-party infrastructure services (dependencies) you must deploy before deploying Genesys Engage services.
- Domain Name System (DNS)
- Helm 3.0+
- Ingress Controller
- JFrog Edge Artifactory account
- Kubernetes 1.18.x - 1.19.x **
- Session Border Controller (SBC)
- Web Application Firewall (WAF) - optional, but recommended.
**Currently, Genesys supports OpenShift Container Platform 4.6 as part of the cloud private edition offering. If you are looking for other Kubernetes offerings, contact your Genesys Account Representative.
See the table below for details about the prerequisite third-party dependencies.
Genesys has tested the OpenShift Operators listed in the table, but you can check with Genesys regarding replacing them with other cloud managed services (such as, Azure Postgres or AWS RDS Postgres). You could also run these services outside of OpenShift if you prefer.
|Name||Version||OpenShift Operator Hub||OpenShift Operator URL||Purpose|
|A container image registry and Helm chart repository||You can use any Docker OCI compliant registry.|
|An SMTP relay||(Optional) Facilitates email communications in an environment where GCXI reports or voicemails are sent as emails to contact center personnel. Genesys recommends PostFix, but you can use any SMTP relay that supports standard mail libraries.|
|HTTPS certificates - cert-manager||Use with Let's Encrypt to provide free rotating TLS certificates for NGINX Ingress Controller.|
|HTTPS certificates - Let's Encrypt||Use with cert-manager to provide free rotating TLS certificates for NGINX Ingress Controller.|
|Ingress controller||Ingress Operator||https://docs.openshift.com/container-platform/4.8/networking/ingress-operator.html||HTTPS ingress controller.|
|Load balancer||VPC ingress.
For iNGINX Ingress Controller, a single regional Google external network LB with a static IP and wildcard DNS entry will pass HTTPS traffic to iNGINX Ingress Controller which will terminate SSL traffic and will be setup as part of the platform setup.For WebRTC, a single regional Google external network LB will be setup as part of the platform setup.
|Kafka||2.x||Banzai Cloud Kafka Operator||https://operatorhub.io/operator/banzaicloud-kafka-operator||(Mandatory) Message bus for services such as ??, ??, and ??. Writer's note: What are the services that need Kafka?|
|Keda||2.0||KEDA Operator||https://operatorhub.io/operator/keda||(Optional) Custom metrics for scaling. Use of Keda or HPA is configurable through Helm charts.|
|Redis||6.x||Redis Enterprise Operator||https://operatorhub.io/operator/redis-enterprise||Used for caching. Only distributions of Redis that support Redis cluster mode are supported.|
|Consul||1.9.5||(Mandatory) Service discovery, service mesh, and key/value store.|
|Elasticsearch||7.x||Elasticsearch (ECK) Operator||https://operatorhub.io/operator/elastic-cloud-eck||Used for text searching and indexing. Deployed per service that needs it during runtime. Services such as ??, ??, and ?? require Elasticsearch.|
|MS SQL Server||2016||Relational database. Required only for GVP. Writer's note: Confirm about correct version.|
|PostgreSQL||11.x||(Mandatory) Relational database.|
Security context parameters in the Helm charts specify the users authorized to access the pods and containers for the respective services. By default, the Helm charts specify the user, group, and file-service group IDs as 500:500:500.
OpenShift controls the pod permissions (including user access) through a security feature called security context constraints (SCCs). Private edition supports the use of arbitrary user IDs (UIDs), with pods and containers using the restricted SCC (the most restrictive SCC defined by default).
In an early implementation, private edition required the use of a custom SCC called genesys-restricted to control permissions associated with the genesys user (500) specified by the services. The genesys-restricted SCC has now been deprecated.
To use arbitrary UIDs, override the Helm chart values so that no specific IDs are defined for users and groups. See OpenShift security settings for more information.