Configure WebRTC

From Genesys Documentation
Jump to: navigation, search
This topic is part of the manual WebRTC Private Edition Guide for version Current of WebRTC.

Learn how to configure WebRTC.

Override Helm chart values

Download the WebRTC Helm charts from JFrog using your credentials. Override the configuration parameters in the values.yaml file to provide deployment-specific values for certain parameters. You can override values in the Helm charts to configure Private Edition. For more information about overriding Helm chart values, see the "suite-level" documentation about how to override Helm chart values: Overriding Helm chart values

Option name Description Is mandatory Default value Valid value Notes Example
deployment.namespace Name of Kubernetes namespace for WebRTC deployment mandatory webrtc string You can modify the default namespace used to deploy applications in the deployment.namespace option. 
deployment:
namespace: production
deployment.priorityClassName Name of the priority class for pods that specify the importance of a pod relative to other pods optional string
deployment.nodeSelector Node selector for Gateway and CoTurn pods optional Specification 
deployment:
  nodeSelector:
    genesysengage.com/nodepool: general
deployment.tolerations Include this parameter in the Gateway and CoTurn, if the content of toleration exists. optional Specification 
deployment:
  tolerations:
    - operator: Exists
      effect: NoSchedule
      key: "k8s.genesysengage.com/nodepool"
deployment.ingress.domain Ingress domain mandatory string 
deployment:
  ingress:
    domain: apps.vce-c0.eps.genesys.com
deployment.ingress.annotations WebRTC Annotation for Ingress controller mandatory Specification As the default value of the HAProxy route timeout is set to 30 s, there is a possibility it interferes with the WebRTC long-polling timeout (30 s) and disconnect the session. 
deployment
  ingress:
    annotations:
      kubernetes.io/ingress.class:                         nginx01-internal
      nginx.ingress.kubernetes.io/affinity:                cookie
      nginx.ingress.kubernetes.io/affinity-mode:           persistent
      nginx.ingress.kubernetes.io/ssl-redirect:            "false"
      nginx.ingress.kubernetes.io/session-cookie-path:     "/; Secure"
      nginx.ingress.kubernetes.io/session-cookie-samesite: None
{{!}}-
{{!}}{{!}}deployment.ingress.tls
{{!}}{{!}}If this option is defined, <tt>tls</tt> option is declared in the Ingress specification
{{!}}{{!}}optional
{{!}}{{!}}
{{!}}{{!}}Specification
{{!}}{{!}}
{{!}}{{!}}<source lang="LANGUAGE">deployment:
  ingress:
    tls:
      secretName: webrtc.api01-eastus2.dev.genazure.com-tls-secret
deployment.affinity Pod affinity descriptions optional Specification 
deployment:
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
             - key: servicename
               operator: In
               values:
               - webrtc-gateway
               - webrtc-coturn
          topologyKey: failure-domain.beta.kubernetes.io/zone
deployment.dnsPolicy Kubernetes DNS Policy that is applied in the Pods optional 
deployment:
  nodeSelector:
    genesysengage.com/nodepool: general
deployment.dnsConfig All DNS settings must be provided using the dnsConfig field in the Pod specification optional 
deployment:
  dnsConfig:
    options:
      - name: ndots
        value: "3"
deployment.keda Enable KEDA usage for the Gateway and CoTurn horizontal auto-scaling optional false true/false
deployment.coturnDeployment Type of CoTurn deployment - internal: the internal LBs are created and the IP addresses of that LBs must be used in the firewall or other ways to be exposed externally.
external: the external LBs are created with given external static IPs (IPs for the green and blue LBs must be set with lbIpBlue and lbIpGreen during the infra-color deployment. 		mandatory internal/external For Premise Edition - This parameter is configured as external
deployment.coturnService.annotation Annotation that is added to the Kubernetes LoadBalancer Service object optional 
deployment:
  coturnService:
    annotations:
      service.beta.kubernetes.io/azure-load-balancer-resource-group: service-webrtc-westus2-dev
monitoring.enabled Enable monitoring content - dashboards, alerts, metrics optional false true/false
monitoring.dashboards Enable ConfigMaps deployment that contains dashboards optional false true/false
monitoring.prometheusMetrics Enables Prometheus metrics to deploy PodMonitors optional false true/false
monitoring.prometheusAlerts Enable Prometheus rules for alerts optional false true/false
image.imagePullSecrets Secrets to pull image, list mandatory 
image:
  imagePullSecrets:
  - myRegistrySecret
image.pullPolicy Kubernetes pull policy of all containers optional Always Always/IfNotPresent
image.initContainerImage Image for initialization container - used to create log folders. If image is not specified, the init container is not applied and the logs are written into logPath optional string
image.webrtc Repository/directory to get the Gateway image mandatory string 
pureengage-docker-staging.jfrog.io/webrtc
image.coturn Repository/directory to get the CoTurn image mandatory string 
pureengage-docker-staging.jfrog.io/webrtc
image.webrtcVersion Versions of the WebRTC Gateway container mandatory string 
9.0.000.88
image.coturnVersion Versions of the CoTurn container mandatory string 
9.0.000.88
gateway.replicas Number of Gateway pods on the deployment stage optional 1 integer
gateway.workersCount Number of Gateway worker threads that handle calls. 1 worker handles 25 registrations/calls. CPU and Memory request depends on the number of workers. optional 3 integer
gateway.voiceSipProxy Voice microservice - SIP proxy address mandatory string, address 
voice-sipproxy.voice.svc.cluster.local;transport=tcp
gateway.turnExternalUriBlue FQDNs of CoTurn blue LB mandatory string, address
gateway.turnExternalUriGreen FQDNs of CoTurn green LB mandatory string, address
gateway.authRedirectUri GWS/WEE redirect URI for WWE authentication mandatory string, address
gateway.authService GAuth service address mandatory string, address
gateway.envService GWS9.x Environment service address mandatory string, address
gateway.cfgService GWS9.x configuration service address optional string, address
gateway.enableTranscoding Enable or disable transcoding on the Gateway side. Transcoding is enabled by default.
If the transcoding is disabled, the Gateway can handle more agent sessions but OPUS codec is not supported. 		optional true true/false
gateway.enable1pccCalls Specifies if the 1pcc operations are enabled optional false true/false
gateway.arguments Any additional options that are applied to the Gateway containers optional Array of strings 
gateway:
  arguments: [ '-codecs pcmu,pcma,opus=120', '-sip-disallowed-codecs opus,telephone-event' ]
gateway.podAnnotations Any additional annotations that are applied to the Gateway pods optional 
gateway:
  podAnnotations:
    prometheus.io/scrape: "true"
    prometheus.io/port:   "10052"
    prometheus.io/path:   "/metrics"
gateway.resources Describes the resources requested for the Gateway pods.
Important
Do not specify this option, if you do not need resources requests/limits.
 optional Section 
gateway:
  resources:
    requests:
      cpu:  800
      memory: 150
    limits:
      memory: "8Gi"
gateway.resources.requests.cpu Requested amount of CPU milliunits.
Important
This value is per worker and is multiplied by the gateway.workersCount option in helm
 optional 800 integer
gateway.resources.requests.memory Requested amount of Memory (in MB).
Important
This value is per worker and is multiplied by the gateway.workersCount option in helm
 optional 150 integer
gateway.resources.limits.memory Absolute value for Gateway memory usage limit optional "8Gi" Kubernetes value for the resource limit
gateway.scaling Describes the auto-scaling parameters. If the deployment.keda option is set to false, you can skip this option. optional Section 
gateway:
  scaling:
    pollingInterval:   30
    maxReplicaCount:  100
    prometheusAddress: http://monitoring-prometheus-prometheus.monitoring:9090
    thresholdSignins:  70
gateway.scaling.prometheusAddress Describes the auto-scaling parameters. If the deployment.keda option is set to false, you can skip this option. optional http://monitoring-prometheus-prometheus.monitoring:909 string, address
gateway.scaling.pollingInterval KEDA polling interval (in seconds) - the interval to check each trigger on. See KEDA documentation for more information. optional 30 integer
gateway.scaling.maxReplicaCount Maximum number of replicas that are raised by KEDA/HPA. See KEDA documentation for more information. optional 100 integer
gateway.scaling.thresholdSignins In persons - number of registered agents that causes the Gateway auto-scaling if exceeded optional 71 integer
gateway.budget.minAvailable Option to configure the PodDisruptionBudget option. Do not specify this option, ff you do not need the PodDisruptionBudget option for the Gateway deployment. optional Kubernetes PodDisruptionBudget (PBD) value 
gateway:
  budget:
    minAvailable: 50%
gateway.secrets.type Describes where the secrets are taken - in Kubernetes secrets, CSI driver, or from the Environment variables mandatory csi k8s env
gateway.secrets.csi.gws If the secrets.type option is set to csi, the name of the CSI object contains the GWS secret string
gateway.secrets.k8s.gws If the secrets.type option is set to k8s, the name of the Kubernetes Secret object that contains the GWS secret string
gateway.secrets.env.gwsClient If the secrets.type option is set to env, the value is GWS clientid created for WebRTC string
gateway.secrets.env.gwsSecret If the secrets.type option is set to env, the value is GWS secret for the client given clientid string
gateway.securityContext Security context for the Gateway container optional Specification 
gateway:
  securityContext:
    runAsUser: 500
    runAsGroup: 500
gateway.serviceAccountName Name of the ServiceAccount that is used to run the Gateway pod optional string
gateway.logPath Path to the log-directory. used for both - PVC or HostPath types of logs. Also, check the esServer option. If /mnt/log/webrtc is specified, the /mnt/log/webrtc/<gateway pod name>/webrtcgw logfiles are created and used in the mentioned path. If the image.initContainerImage option is not specified, the folder with the pod name will not be created and the /mnt/log/webrtc/webrtcgw logfiles will be created.
Important
If this option is set to stdout, the entire WebRTC GW logs are produced to the stdout in JSON format.
 mandatory "/mnt/log/webrtc" string 
"/export/vol1/PAT/infra/webrtc"
gateway.logPvc Option for Persistent Volume Claim used for the Gateway logs. If logPvc is not defined, the HostPath is used for the logs mount. optional Section 
gateway:
  logPvc:
    pvcName:               webrtc-gateway-log-pvc
    volumeName:            webrtc-gateway-log-volume
    storageClassName:       genesys-webrtc
    capacity:               5Gi
    volumeSpec:
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      nfs:
        path: /export/vol1/PAT/infra/webrtc
        server: 192.168.30.51
gateway.logPvc.pvcName Name of the Persistent Volume Claim. If this option is present, the PVC is created. Else, the hostpath is used for the Gateway logs. optional string
gateway.logPvc.volumeName PersistentVolume name for the PVC. Single Volume is used for both green and blue deployments of the gateway optional string
gateway.logPvc.volumeSpec If the Perisitent Volume specification is configured in the gateway.logPvc.volumeSpec option, the PersistentVolume object with name from the gateway.logPvc.volumeName option is created using this specification. optional Specification 
gateway:
  logPvc:
    volumeSpec:
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      nfs:
        path: /export/vol1/PAT/infra/webrtc
        server: 192.168.30.51
gateway.logPvc.volumeAnnotations Any additional annotations that are used for the PersistentVolume if the gateway.logPvc.volumeSpec is specified here. optional Specification 
gateway:
  logPvc:
    volumeAnnotations:
        pv.kubernetes.io/bound-by-controller: 'yes'
gateway.esServer Specifies the destination for the ElasticSearch logging - ElasticSearch server address or stdout.
Gateway produces messages in the ElasticSearch format. 		optional stdout network address or "stdout"
gateway.restartPolicy Restart policy for gateway pods. Optional Always depends on cluster
coturn.port Coturn port that is used by the CoTurn Load Balancer optional 443 integer
coturn.lbIpBlue External IP for CoTurn blue Load Balancer service. The IP must be same as the one used for the gateway.turnExternalUriBlue A-record mandatory IP address
coturn.lbIpGreen External IP for CoTurn green Load Balancer service. The IP must be same as the one used for the gateway.turnExternalUriGreen A-record mandatory IP address
coturn.replicas Number of CoTurn pods optional 1 integer
coturn.podAnnotations Any additional annotations that are applied for CoTurn pods optional Specification 
coturn:
  podAnnotations:
    pods/realtime: "true"
    pods/owner:    "1051"
coturn.resources Describes resources requested for the CoTurn pods. Do not specify this option if you do not need resources requests/limits. optional Section 
coturn:
  resources:
    requests:
      cpu: "0.5"
      memory: "768Mi"
    limits:
      memory: "8Gi"
coturn.resources.requests.cpu Requested amount of CPU. Coturn requires 0.08CPU per call. optional 0.5 Kubernetes CPU request format
coturn.resources.requests.memory Requested amount of Memory optional 150 Kubernetes memory request format
coturn.resources.limits.memory Absolute value for the CoTurn memory usage limit optional "8Gi" Kubernetes value for resoure limit
coturn.scaling Describes the autoscaling parameters. If the deployment.keda option is set to false, you can skip this section optional Section 
coturn:
  scaling:
    pollingInterval:   30
    maxReplicaCount:  100
    thresholdCpu:      60
    thresholdMemory:   60
coturn.scaling.pollingInterval Specifies the KEDA polling interval in seconds - the interval to check each trigger on. Refer to KEDA documentation for more information. optional 30 integer
coturn.scaling.maxReplicaCount Maxium number of replicas that are raised by KEDA/HPA. Refer to KEDA documentation for more information. optional 100 integer
coturn.scaling.thresholdSignins In percentage optional 71 integer
coturn.scaling.thresholdCpu In percentage. The target value is the average of the CPU resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. optional 60 integer
coturn.scaling.thresholdMemory In percentage. The target value is the average of the memory resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. optional 60 integer
coturn.budget.minAvailable Option to configure PodDisruptionBudget. Do not specify this option, if you do not need PodDisruptionBudget for the CoTurn deployment. optional Kubernetes PDB value 
coturn:
  budget:
    minAvailable: 50%
coturn.securityContext Security context for the CoTurn container. optional Specification 
coturn:
  securityContext:
    runAsUser: 500
    runAsGroup: 500
coturn.serviceAccountName Name of the ServiceAccount to use to run the CoTurn pod. optional string
coturn.logPath Path to the log-directory. This can be the directory path or "stdout". This path is used for both PVC or HostPath types of logs.
Example: If /mnt/log/webrtc is specified, "/mnt/log/webrtc/<coturn pod name>/turn.xxx.log" logfile is created and used in the mentioned path.
If image.initContainerImage is not specified, the folder with pod name will not be created and mnt/log/webrtc/turn.xxx.log logfile will be created. 		mandatory "/mnt/log/webrtc" string
coturn.logPvc Section for Persistent Volume Claim used for CoTurn logs. If this option not defined, the HostPath is used for logs mount. optional "/mnt/log/webrtc" Section 
coturn:
  logPvc:
    pvcName:               webrtc-coturn-log-pvc
    storageClassName:       default
    capacity:               10Gi
    volumeName:            webrtc-coturn-log-volume
    volumeSpec:
      nfs:
        server: 192.168.1.5
        path: /storage/webrtc
      volumeMode: Filesystem
      persistentVolumeReclaimPolicy: Retain
coturn.logPvc.pvcName Name of PersistentVolumeClaim. If this option is present, PVC will be created. Else, the HostPath is used for CoTurn logs. optional string
coturn.logPvc.storageClassName StorageClass name for the CoTurn PVC optional string
coturn.logPvc.capacity Volume capacity optional Kubernetes capacity storage values
coturn.logPvc.volumeName Persistent Volume name for the PVC. Single Volume is used for both green and blue deployments of the CoTurn logs optional string
coturn.logPvc.volumeSpec If the Persistent Volume specification is configured in coturn.logPvc.volumeSpec, the Persistent Volume object with name from the coturn.logPvc.volumeName will be created using this specification. optional Specification 
gateway:
  logPvc:
    volumeSpec:
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      nfs:
        path: /export/vol1/PAT/infra/webrtc
        server: 192.168.30.51
coturn.logPvc.volumeAnnotations Any additional annotations that are used for the Persistent Volume, if the coturn.logPvc.volumeSpec option is specified optional Specification 
gateway:
  logPvc:
    volumeAnnotations:
        pv.kubernetes.io/bound-by-controller: 'yes'
coturn.restartPolicy Restart policy for coturn pods. optional Always depends on cluster
labels.common Describes the additional labels for common resources optional
labels.gateway Describes the additional labels for the Gateway resources - pods, deployments, and services optional
labels.coturn Describes the additional labels for the CoTurn resources - pods, deployments, and services optional
labels.alerts Describes the additional labels for the alert objects optional

Configure Kubernetes

Document the layouts for the following so customers can create them if their Helm chart doesn't include a way to do this:
  • ConfigMaps
  • Secrets

Configure security

The security context settings define the privilege and access control settings for pods and containers.

By default, the user and group IDs are set in the values.yaml file as 500:500:500, meaning the genesys user. 

securityContext:
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
  fsGroup: 500

Arbitrary UIDs in AKS

If you want to use arbitrary UIDs in your Azure Kubernetes Services deployment, override the securityContext settings in the values.yaml file, so that you do not define any specific IDs.
podSecurityContext:
  runAsNonRoot: true
  runAsUser: null
  runAsGroup: 0
  fsGroup: null

securityContext:
  runAsNonRoot: true
  runAsUser: null
  runAsGroup: 0

Configure the service

Before proceeding with the deployment process, perform the following pre-steps:

  1. Review values-template.yaml in helm charts: It provides all the available options with comments and explanations.
  2. Configure all the options in your own values file: Configure/overwrite values for options that you need. Use the values-template.yaml file from the package that displays the list of available options with their description.
    Important
    Do not configure deployment.type and deployment.color options in values.yaml-file(s). These values should be used only during deployment process as command-line parameters to specify the deployment process.
    Sample values.yaml file:
    deployment:
  namespace:         webrtc
  ingress:
    domain: apps.vce-c0.eps.genesys.com
    annotations:
      kubernetes.io/ingress.class:                         nginx01-internal
      nginx.ingress.kubernetes.io/affinity:                cookie
      nginx.ingress.kubernetes.io/affinity-mode:           persistent
      nginx.ingress.kubernetes.io/ssl-redirect:            "false"
      nginx.ingress.kubernetes.io/session-cookie-path:     "/; Secure"
      nginx.ingress.kubernetes.io/session-cookie-samesite: None
  dnsPolicy: ClusterFirst
  dnsConfig:
    options:
      - name: ndots
        value: "3"
  keda: false
  coturnDeployment: external
  
  
monitoring:
  enabled:           false
  dashboards:        false
  prometheusMetrics: false
  prometheusAlerts:  false
      
  
image:
  imagePullSecrets:
  - webrtcjfrogsecret
  initContainerImage: pureengage-docker-staging.jfrog.io/alpine:3.7-curl
  webrtc: pureengage-docker-staging.jfrog.io/webrtc
  coturn: pureengage-docker-staging.jfrog.io/webrtc
  webrtcVersion: 9.0.000.88
  coturnVersion: 9.0.000.88
  
  
gateway:
  logPath:                 "/export/vol1/PAT/infra/webrtc"
  logPvc:
    pvcName:               webrtc-gateway-log-pvc
    volumeName:            webrtc-gateway-log-volume
    storageClassName:      genesys-webrtc
    capacity:              5Gi
    volumespec:
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      nfs:
        path: /export/vol1/PAT/infra/webrtc
        server: 192.168.30.51
  esServer:                stdout
  replicas:                 1
  workersCount:            1
  voiceSipProxy:          voice-sipproxy.voice.svc.cluster.local:5080;transport=tcp
  turnExternalUriBlue:   192.168.30.208
  turnExternalUriGreen:  192.168.30.209
  authRedirectUri:       http://gauth.apps.vce-c0.eps.genesys.com:80
  authService:           http://gauth-auth.gauth.svc.cluster.local:80
  envService:            https://gws.apps.vce-c0.eps.genesys.com
  resources:
    requests:
      # NB! 800m per worker, MUST be integer, not string - will be multiplied by workersCount in helm
      cpu:  800
      # NB! 150Mi per worker, MUST be integer, not string - will be multiplied by workersCount in helm
      memory: 150
    limits:
      memory: "8Gi"
  secrets:
    type: env
    env:
     gwsClient: external_api_client
     gwsSecret: secret
  securityContext:
    runAsUser: 500
    runAsGroup: 500
               
  
coturn:
  logPath:                 "/export/vol1/PAT/infra/coturn/"
  logPvc:
    pvcName:               webrtc-coturn-log-pvc
    volumeName:            webrtc-coturn-log-volume
    storageClassName:       genesys-webrtc
    capacity:               5Gi
    volumeSpec:
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      nfs:
        path: /export/vol1/PAT/infra/webrtc
        server: 192.168.30.51
  replicas:    1
  port:        443
  lbIpBlue:  192.168.30.208
  lbIpGreen: 192.168.30.209
  securityContext:
    runAsUser: 500
    runAsGroup: 500
  3. PersistentVolume (PV) and PersistentVolumeClaim (PVC): If you plan to use PV for logs, create the PV and then specify it for PVC of Gateway and CoTurn.
    PV can also be created during the common-infrastructure deployment.  You should review the values-template.yaml file and then configure the PV specification for Gateway and CoTurn.
    Single PV/PVC pair will be used for both Green and Blue deployments of Gateway, and another single PV/PVC pair will be used for both Green and Blue deployments of CoTurn.
Retrieved from "https://all.docs.genesys.com/WebRTC/Current/WebRTCPEGuide/Configure (2024-04-19 07:39:17)"
Comments or questions about this documentation? Contact us for support!