Configure WebRTC
Contents
Learn how to configure WebRTC.
Override Helm chart values
Download the WebRTC Helm charts from JFrog using your credentials. Override the configuration parameters in the values.yaml file to provide deployment-specific values for certain parameters. You can override values in the Helm charts to configure Private Edition. For more information about overriding Helm chart values, see the "suite-level" documentation about how to override Helm chart values: Overriding Helm chart values
Option name | Description | Is mandatory | Default value | Valid value | Notes | Example |
---|---|---|---|---|---|---|
deployment.namespace | Name of Kubernetes namespace for WebRTC deployment | mandatory | webrtc | string | You can modify the default namespace used to deploy applications in the deployment.namespace option. | deployment:
namespace: production |
deployment.priorityClassName | Name of the priority class for pods that specify the importance of a pod relative to other pods | optional | string | |||
deployment.nodeSelector | Node selector for Gateway and CoTurn pods | optional | Specification | deployment:
nodeSelector:
genesysengage.com/nodepool: general | ||
deployment.tolerations | Include this parameter in the Gateway and CoTurn, if the content of toleration exists. | optional | Specification | deployment:
tolerations:
- operator: Exists
effect: NoSchedule
key: "k8s.genesysengage.com/nodepool" | ||
deployment.ingress.domain | Ingress domain | mandatory | string | deployment:
ingress:
domain: apps.vce-c0.eps.genesys.com | ||
deployment.ingress.annotations | WebRTC Annotation for Ingress controller | mandatory | Specification | As the default value of the HAProxy route timeout is set to 30 s, there is a possibility it interferes with the WebRTC long-polling timeout (30 s) and disconnect the session. | deployment
ingress:
annotations:
kubernetes.io/ingress.class: nginx01-internal
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/affinity-mode: persistent
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/session-cookie-path: "/; Secure"
nginx.ingress.kubernetes.io/session-cookie-samesite: None
{{!}}-
{{!}}{{!}}deployment.ingress.tls
{{!}}{{!}}If this option is defined, <tt>tls</tt> option is declared in the Ingress specification
{{!}}{{!}}optional
{{!}}{{!}}
{{!}}{{!}}Specification
{{!}}{{!}}
{{!}}{{!}}<source lang="LANGUAGE">deployment:
ingress:
tls:
secretName: webrtc.api01-eastus2.dev.genazure.com-tls-secret | |
deployment.affinity | Pod affinity descriptions | optional | Specification | deployment:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: servicename
operator: In
values:
- webrtc-gateway
- webrtc-coturn
topologyKey: failure-domain.beta.kubernetes.io/zone | ||
deployment.dnsPolicy | Kubernetes DNS Policy that is applied in the Pods | optional | deployment:
nodeSelector:
genesysengage.com/nodepool: general | |||
deployment.dnsConfig | All DNS settings must be provided using the dnsConfig field in the Pod specification | optional | deployment:
dnsConfig:
options:
- name: ndots
value: "3" | |||
deployment.keda | Enable KEDA usage for the Gateway and CoTurn horizontal auto-scaling | optional | false | true/false | ||
deployment.coturnDeployment | Type of CoTurn deployment - internal: the internal LBs are created and the IP addresses of that LBs must be used in the firewall or other ways to be exposed externally. external: the external LBs are created with given external static IPs (IPs for the green and blue LBs must be set with lbIpBlue and lbIpGreen during the infra-color deployment. |
mandatory | internal/external | For Premise Edition - This parameter is configured as external | ||
deployment.coturnService.annotation | Annotation that is added to the Kubernetes LoadBalancer Service object | optional | deployment:
coturnService:
annotations:
service.beta.kubernetes.io/azure-load-balancer-resource-group: service-webrtc-westus2-dev | |||
monitoring.enabled | Enable monitoring content - dashboards, alerts, metrics | optional | false | true/false | ||
monitoring.dashboards | Enable ConfigMaps deployment that contains dashboards | optional | false | true/false | ||
monitoring.prometheusMetrics | Enables Prometheus metrics to deploy PodMonitors | optional | false | true/false | ||
monitoring.prometheusAlerts | Enable Prometheus rules for alerts | optional | false | true/false | ||
image.imagePullSecrets | Secrets to pull image, list | mandatory | image:
imagePullSecrets:
- myRegistrySecret | |||
image.pullPolicy | Kubernetes pull policy of all containers | optional | Always | Always/IfNotPresent | ||
image.initContainerImage | Image for initialization container - used to create log folders. If image is not specified, the init container is not applied and the logs are written into logPath | optional | string | |||
image.webrtc | Repository/directory to get the Gateway image | mandatory | string | pureengage-docker-staging.jfrog.io/webrtc | ||
image.coturn | Repository/directory to get the CoTurn image | mandatory | string | pureengage-docker-staging.jfrog.io/webrtc | ||
image.webrtcVersion | Versions of the WebRTC Gateway container | mandatory | string | 9.0.000.88 | ||
image.coturnVersion | Versions of the CoTurn container | mandatory | string | 9.0.000.88 | ||
gateway.replicas | Number of Gateway pods on the deployment stage | optional | 1 | integer | ||
gateway.workersCount | Number of Gateway worker threads that handle calls. 1 worker handles 25 registrations/calls. CPU and Memory request depends on the number of workers. | optional | 3 | integer | ||
gateway.voiceSipProxy | Voice microservice - SIP proxy address | mandatory | string, address | voice-sipproxy.voice.svc.cluster.local;transport=tcp | ||
gateway.turnExternalUriBlue | FQDNs of CoTurn blue LB | mandatory | string, address | |||
gateway.turnExternalUriGreen | FQDNs of CoTurn green LB | mandatory | string, address | |||
gateway.authRedirectUri | GWS/WEE redirect URI for WWE authentication | mandatory | string, address | |||
gateway.authService | GAuth service address | mandatory | string, address | |||
gateway.envService | GWS9.x Environment service address | mandatory | string, address | |||
gateway.cfgService | GWS9.x configuration service address | optional | string, address | |||
gateway.enableTranscoding | Enable or disable transcoding on the Gateway side. Transcoding is enabled by default. If the transcoding is disabled, the Gateway can handle more agent sessions but OPUS codec is not supported. |
optional | true | true/false | ||
gateway.enable1pccCalls | Specifies if the 1pcc operations are enabled | optional | false | true/false | ||
gateway.arguments | Any additional options that are applied to the Gateway containers | optional | Array of strings | gateway:
arguments: [ '-codecs pcmu,pcma,opus=120', '-sip-disallowed-codecs opus,telephone-event' ] | ||
gateway.podAnnotations | Any additional annotations that are applied to the Gateway pods | optional | gateway:
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "10052"
prometheus.io/path: "/metrics" | |||
gateway.resources | Describes the resources requested for the Gateway pods. Important Do not specify this option, if you do not need resources requests/limits. |
optional | Section | gateway:
resources:
requests:
cpu: 800
memory: 150
limits:
memory: "8Gi" | ||
gateway.resources.requests.cpu | Requested amount of CPU milliunits. Important This value is per worker and is multiplied by the gateway.workersCount option in helm |
optional | 800 | integer | ||
gateway.resources.requests.memory | Requested amount of Memory (in MB). Important This value is per worker and is multiplied by the gateway.workersCount option in helm |
optional | 150 | integer | ||
gateway.resources.limits.memory | Absolute value for Gateway memory usage limit | optional | "8Gi" | Kubernetes value for the resource limit | ||
gateway.scaling | Describes the auto-scaling parameters. If the deployment.keda option is set to false, you can skip this option. | optional | Section | gateway:
scaling:
pollingInterval: 30
maxReplicaCount: 100
prometheusAddress: http://monitoring-prometheus-prometheus.monitoring:9090
thresholdSignins: 70 | ||
gateway.scaling.prometheusAddress | Describes the auto-scaling parameters. If the deployment.keda option is set to false, you can skip this option. | optional | http://monitoring-prometheus-prometheus.monitoring:909 | string, address | ||
gateway.scaling.pollingInterval | KEDA polling interval (in seconds) - the interval to check each trigger on. See KEDA documentation for more information. | optional | 30 | integer | ||
gateway.scaling.maxReplicaCount | Maximum number of replicas that are raised by KEDA/HPA. See KEDA documentation for more information. | optional | 100 | integer | ||
gateway.scaling.thresholdSignins | In persons - number of registered agents that causes the Gateway auto-scaling if exceeded | optional | 71 | integer | ||
gateway.budget.minAvailable | Option to configure the PodDisruptionBudget option. Do not specify this option, ff you do not need the PodDisruptionBudget option for the Gateway deployment. | optional | Kubernetes PodDisruptionBudget (PBD) value | gateway:
budget:
minAvailable: 50% | ||
gateway.secrets.type | Describes where the secrets are taken - in Kubernetes secrets, CSI driver, or from the Environment variables | mandatory | csi k8s env | |||
gateway.secrets.csi.gws | If the secrets.type option is set to csi, the name of the CSI object contains the GWS secret | string | ||||
gateway.secrets.k8s.gws | If the secrets.type option is set to k8s, the name of the Kubernetes Secret object that contains the GWS secret | string | ||||
gateway.secrets.env.gwsClient | If the secrets.type option is set to env, the value is GWS clientid created for WebRTC | string | ||||
gateway.secrets.env.gwsSecret | If the secrets.type option is set to env, the value is GWS secret for the client given clientid | string | ||||
gateway.securityContext | Security context for the Gateway container | optional | Specification | gateway:
securityContext:
runAsUser: 500
runAsGroup: 500 | ||
gateway.serviceAccountName | Name of the ServiceAccount that is used to run the Gateway pod | optional | string | |||
gateway.logPath | Path to the log-directory. used for both - PVC or HostPath types of logs. Also, check the esServer option. If /mnt/log/webrtc is specified, the /mnt/log/webrtc/<gateway pod name>/webrtcgw logfiles are created and used in the mentioned path. If the image.initContainerImage option is not specified, the folder with the pod name will not be created and the /mnt/log/webrtc/webrtcgw logfiles will be created.
Important If this option is set to stdout, the entire WebRTC GW logs are produced to the stdout in JSON format. |
mandatory | "/mnt/log/webrtc" | string | "/export/vol1/PAT/infra/webrtc" | |
gateway.logPvc | Option for Persistent Volume Claim used for the Gateway logs. If logPvc is not defined, the HostPath is used for the logs mount. | optional | Section | gateway:
logPvc:
pvcName: webrtc-gateway-log-pvc
volumeName: webrtc-gateway-log-volume
storageClassName: genesys-webrtc
capacity: 5Gi
volumeSpec:
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
path: /export/vol1/PAT/infra/webrtc
server: 192.168.30.51 | ||
gateway.logPvc.pvcName | Name of the Persistent Volume Claim. If this option is present, the PVC is created. Else, the hostpath is used for the Gateway logs. | optional | string | |||
gateway.logPvc.volumeName | PersistentVolume name for the PVC. Single Volume is used for both green and blue deployments of the gateway | optional | string | |||
gateway.logPvc.volumeSpec | If the Perisitent Volume specification is configured in the gateway.logPvc.volumeSpec option, the PersistentVolume object with name from the gateway.logPvc.volumeName option is created using this specification. | optional | Specification | gateway:
logPvc:
volumeSpec:
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
path: /export/vol1/PAT/infra/webrtc
server: 192.168.30.51 | ||
gateway.logPvc.volumeAnnotations | Any additional annotations that are used for the PersistentVolume if the gateway.logPvc.volumeSpec is specified here. | optional | Specification | gateway:
logPvc:
volumeAnnotations:
pv.kubernetes.io/bound-by-controller: 'yes' | ||
gateway.esServer | Specifies the destination for the ElasticSearch logging - ElasticSearch server address or stdout. Gateway produces messages in the ElasticSearch format. |
optional | stdout | network address or "stdout" | ||
gateway.restartPolicy | Restart policy for gateway pods. | Optional | Always | depends on cluster | ||
coturn.port | Coturn port that is used by the CoTurn Load Balancer | optional | 443 | integer | ||
coturn.lbIpBlue | External IP for CoTurn blue Load Balancer service. The IP must be same as the one used for the gateway.turnExternalUriBlue A-record | mandatory | IP address | |||
coturn.lbIpGreen | External IP for CoTurn green Load Balancer service. The IP must be same as the one used for the gateway.turnExternalUriGreen A-record | mandatory | IP address | |||
coturn.replicas | Number of CoTurn pods | optional | 1 | integer | ||
coturn.podAnnotations | Any additional annotations that are applied for CoTurn pods | optional | Specification | coturn:
podAnnotations:
pods/realtime: "true"
pods/owner: "1051" | ||
coturn.resources | Describes resources requested for the CoTurn pods. Do not specify this option if you do not need resources requests/limits. | optional | Section | coturn:
resources:
requests:
cpu: "0.5"
memory: "768Mi"
limits:
memory: "8Gi" | ||
coturn.resources.requests.cpu | Requested amount of CPU. Coturn requires 0.08CPU per call. | optional | 0.5 | Kubernetes CPU request format | ||
coturn.resources.requests.memory | Requested amount of Memory | optional | 150 | Kubernetes memory request format | ||
coturn.resources.limits.memory | Absolute value for the CoTurn memory usage limit | optional | "8Gi" | Kubernetes value for resoure limit | ||
coturn.scaling | Describes the autoscaling parameters. If the deployment.keda option is set to false, you can skip this section | optional | Section | coturn:
scaling:
pollingInterval: 30
maxReplicaCount: 100
thresholdCpu: 60
thresholdMemory: 60 | ||
coturn.scaling.pollingInterval | Specifies the KEDA polling interval in seconds - the interval to check each trigger on. Refer to KEDA documentation for more information. | optional | 30 | integer | ||
coturn.scaling.maxReplicaCount | Maxium number of replicas that are raised by KEDA/HPA. Refer to KEDA documentation for more information. | optional | 100 | integer | ||
coturn.scaling.thresholdSignins | In percentage | optional | 71 | integer | ||
coturn.scaling.thresholdCpu | In percentage. The target value is the average of the CPU resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. | optional | 60 | integer | ||
coturn.scaling.thresholdMemory | In percentage. The target value is the average of the memory resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. | optional | 60 | integer | ||
coturn.budget.minAvailable | Option to configure PodDisruptionBudget. Do not specify this option, if you do not need PodDisruptionBudget for the CoTurn deployment. | optional | Kubernetes PDB value | coturn:
budget:
minAvailable: 50% | ||
coturn.securityContext | Security context for the CoTurn container. | optional | Specification | coturn:
securityContext:
runAsUser: 500
runAsGroup: 500 | ||
coturn.serviceAccountName | Name of the ServiceAccount to use to run the CoTurn pod. | optional | string | |||
coturn.logPath | Path to the log-directory. This can be the directory path or "stdout". This path is used for both PVC or HostPath types of logs. Example: If /mnt/log/webrtc is specified, "/mnt/log/webrtc/<coturn pod name>/turn.xxx.log" logfile is created and used in the mentioned path. If image.initContainerImage is not specified, the folder with pod name will not be created and mnt/log/webrtc/turn.xxx.log logfile will be created. |
mandatory | "/mnt/log/webrtc" | string | ||
coturn.logPvc | Section for Persistent Volume Claim used for CoTurn logs. If this option not defined, the HostPath is used for logs mount. | optional | "/mnt/log/webrtc" | Section | coturn:
logPvc:
pvcName: webrtc-coturn-log-pvc
storageClassName: default
capacity: 10Gi
volumeName: webrtc-coturn-log-volume
volumeSpec:
nfs:
server: 192.168.1.5
path: /storage/webrtc
volumeMode: Filesystem
persistentVolumeReclaimPolicy: Retain | |
coturn.logPvc.pvcName | Name of PersistentVolumeClaim. If this option is present, PVC will be created. Else, the HostPath is used for CoTurn logs. | optional | string | |||
coturn.logPvc.storageClassName | StorageClass name for the CoTurn PVC | optional | string | |||
coturn.logPvc.capacity | Volume capacity | optional | Kubernetes capacity storage values | |||
coturn.logPvc.volumeName | Persistent Volume name for the PVC. Single Volume is used for both green and blue deployments of the CoTurn logs | optional | string | |||
coturn.logPvc.volumeSpec | If the Persistent Volume specification is configured in coturn.logPvc.volumeSpec, the Persistent Volume object with name from the coturn.logPvc.volumeName will be created using this specification. | optional | Specification | gateway:
logPvc:
volumeSpec:
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
path: /export/vol1/PAT/infra/webrtc
server: 192.168.30.51 | ||
coturn.logPvc.volumeAnnotations | Any additional annotations that are used for the Persistent Volume, if the coturn.logPvc.volumeSpec option is specified | optional | Specification | gateway:
logPvc:
volumeAnnotations:
pv.kubernetes.io/bound-by-controller: 'yes' | ||
coturn.restartPolicy | Restart policy for coturn pods. | optional | Always | depends on cluster | ||
labels.common | Describes the additional labels for common resources | optional | ||||
labels.gateway | Describes the additional labels for the Gateway resources - pods, deployments, and services | optional | ||||
labels.coturn | Describes the additional labels for the CoTurn resources - pods, deployments, and services | optional | ||||
labels.alerts | Describes the additional labels for the alert objects | optional |
Configure Kubernetes
- ConfigMaps
- Secrets
Configure security
The security context settings define the privilege and access control settings for pods and containers.
By default, the user and group IDs are set in the values.yaml file as 500:500:500, meaning the genesys user.
securityContext:
runAsNonRoot: true
runAsUser: 500
runAsGroup: 500
fsGroup: 500
Arbitrary UIDs in AKS
If you want to use arbitrary UIDs in your Azure Kubernetes Services deployment, override the securityContext settings in the values.yaml file, so that you do not define any specific IDs.podSecurityContext:
runAsNonRoot: true
runAsUser: null
runAsGroup: 0
fsGroup: null
securityContext:
runAsNonRoot: true
runAsUser: null
runAsGroup: 0
Configure the service
Before proceeding with the deployment process, perform the following pre-steps:
- Review values-template.yaml in helm charts: It provides all the available options with comments and explanations.
- Configure all the options in your own values file: Configure/overwrite values for options that you need. Use the values-template.yaml file from the package that displays the list of available options with their description.
- ImportantDo not configure deployment.type and deployment.color options in values.yaml-file(s). These values should be used only during deployment process as command-line parameters to specify the deployment process.
- Sample values.yaml file:
deployment: namespace: webrtc ingress: domain: apps.vce-c0.eps.genesys.com annotations: kubernetes.io/ingress.class: nginx01-internal nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/affinity-mode: persistent nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/session-cookie-path: "/; Secure" nginx.ingress.kubernetes.io/session-cookie-samesite: None dnsPolicy: ClusterFirst dnsConfig: options: - name: ndots value: "3" keda: false coturnDeployment: external monitoring: enabled: false dashboards: false prometheusMetrics: false prometheusAlerts: false image: imagePullSecrets: - webrtcjfrogsecret initContainerImage: pureengage-docker-staging.jfrog.io/alpine:3.7-curl webrtc: pureengage-docker-staging.jfrog.io/webrtc coturn: pureengage-docker-staging.jfrog.io/webrtc webrtcVersion: 9.0.000.88 coturnVersion: 9.0.000.88 gateway: logPath: "/export/vol1/PAT/infra/webrtc" logPvc: pvcName: webrtc-gateway-log-pvc volumeName: webrtc-gateway-log-volume storageClassName: genesys-webrtc capacity: 5Gi volumespec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain nfs: path: /export/vol1/PAT/infra/webrtc server: 192.168.30.51 esServer: stdout replicas: 1 workersCount: 1 voiceSipProxy: voice-sipproxy.voice.svc.cluster.local:5080;transport=tcp turnExternalUriBlue: 192.168.30.208 turnExternalUriGreen: 192.168.30.209 authRedirectUri: http://gauth.apps.vce-c0.eps.genesys.com:80 authService: http://gauth-auth.gauth.svc.cluster.local:80 envService: https://gws.apps.vce-c0.eps.genesys.com resources: requests: # NB! 800m per worker, MUST be integer, not string - will be multiplied by workersCount in helm cpu: 800 # NB! 150Mi per worker, MUST be integer, not string - will be multiplied by workersCount in helm memory: 150 limits: memory: "8Gi" secrets: type: env env: gwsClient: external_api_client gwsSecret: secret securityContext: runAsUser: 500 runAsGroup: 500 coturn: logPath: "/export/vol1/PAT/infra/coturn/" logPvc: pvcName: webrtc-coturn-log-pvc volumeName: webrtc-coturn-log-volume storageClassName: genesys-webrtc capacity: 5Gi volumeSpec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain nfs: path: /export/vol1/PAT/infra/webrtc server: 192.168.30.51 replicas: 1 port: 443 lbIpBlue: 192.168.30.208 lbIpGreen: 192.168.30.209 securityContext: runAsUser: 500 runAsGroup: 500
- PersistentVolume (PV) and PersistentVolumeClaim (PVC): If you plan to use PV for logs, create the PV and then specify it for PVC of Gateway and CoTurn.
- PV can also be created during the common-infrastructure deployment. You should review the values-template.yaml file and then configure the PV specification for Gateway and CoTurn.
- Single PV/PVC pair will be used for both Green and Blue deployments of Gateway, and another single PV/PVC pair will be used for both Green and Blue deployments of CoTurn.