Configure WebRTC

From Genesys Documentation
Jump to: navigation, search
This topic is part of the manual WebRTC Private Edition Guide for version Current of WebRTC.

Learn how to configure WebRTC.

Related documentation:

Override Helm chart values

Download the WebRTC Helm charts from JFrog using your credentials. You must override certain parameters in the values.yaml file to provide deployment-specific values for certain parameters. You can override values in the Helm charts to configure Private Edition. For more information about overriding Helm chart values, see the "suite-level" documentation about how to override Helm chart values: Overriding Helm chart values

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that no user or group IDs are specified. For details, see the Configure security section below.

Option name Description Is mandatory Default value Valid value Notes Example
deployment.namespace Name of Kubernetes namespace for WebRTC deployment mandatory webrtc string You can modify default namespace used to deploy applications in the deployment.namespace option.
deployment:
namespace: production
deployment.priorityClassName Name of the priority class for pods that specify the importance of a pod relative to other pods optional string
deployment.nodeSelector Node selector for Gateway and CoTurn pods optional Specification
deployment:
  nodeSelector:
    genesysengage.com/nodepool: general
deployment.tolerations If the content of toleration exist, this will be inserted in the toleration of the Gateway and CoTurn optional Specification
deployment:
  tolerations:
    - operator: Exists
      effect: NoSchedule
      key: "k8s.genesysengage.com/nodepool"
deployment.ingress.domain Ingress domain mandatory string
deployment:
  ingress:
    domain: apps.vce-c0.eps.genesys.com
deployment.ingress.annotations WebRTC Annotation for Ingress controller mandatory Specification As the default value of HAProxy route timeout is set to 30s, it might interfere with the WebRTC long-polling timeout (30s) and disconnect the session. You can override this default value and increase the timeout to 50s using the annotation, haproxy.router.openshift.io/timeout: 50s, for the session to respond and connect.
deployment
  ingress:
    annotations:
      kubernetes.io/ingress.class:                         nginx01-internal
      nginx.ingress.kubernetes.io/affinity:                cookie
      nginx.ingress.kubernetes.io/affinity-mode:           persistent
      nginx.ingress.kubernetes.io/ssl-redirect:            "false"
      nginx.ingress.kubernetes.io/session-cookie-path:     "/; Secure"
      nginx.ingress.kubernetes.io/session-cookie-samesite: None
      haproxy.router.openshift.io/timeout: 50s
deployment.ingress.tls If this option is defined, tls option will be declared in the Ingress specification optional Specification
deployment:
  ingress:
    tls:
      secretName: webrtc.api01-eastus2.dev.genazure.com-tls-secret
deployment.affinity Pod affinity descriptions optional Specification
deployment:
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
             - key: servicename
               operator: In
               values:
               - webrtc-gateway
               - webrtc-coturn
          topologyKey: failure-domain.beta.kubernetes.io/zone
deployment.dnsPolicy Kubernetes DNS Policy that will be applied in the Pods optional
deployment:
  nodeSelector:
    genesysengage.com/nodepool: general
deployment.dnsConfig All DNS settings should be provided using the dnsConfig field in the Pod specification optional
deployment:
  dnsConfig:
    options:
      - name: ndots
        value: "3"
deployment.keda Enable KEDA usage for the Gateway and CoTurn horizontal auto-scaling optional false true/false
deployment.coturnDeployment Type of CoTurn deployment - internal: the internal LBs will be created and the IP addresses of that LBs should be used in the firewall or other ways to be exposed externally.
external: the external LBs will be created with given external static IPs (IPs for the green and blue LBs should be set with lbIpBlue and lbIpGreen during the infra-color deployment.
mandatory internal/external For Premise Edition - This should be set to external
deployment.coturnService.annotation Annotation that will be added to Kubernetes LoadBalancer Service object optional
deployment:
  coturnService:
    annotations:
      service.beta.kubernetes.io/azure-load-balancer-resource-group: service-webrtc-westus2-dev
monitoring.enabled Enable monitoring content - dashboards, alerts, metrics optional false true/false
monitoring.dashboards Enable ConfigMaps deployment that contains dashboards optional false true/false
monitoring.prometheusMetrics Enable prometheus metrics - causes deploy of PodMonitors optional false true/false
monitoring.prometheusAlerts Enable Prometheus rules for alerts optional false true/false
image.imagePullSecrets Secrets to pull image, list mandatory
image:
  imagePullSecrets:
  - myRegistrySecret
image.pullPolicy Kubernetes pull policy of all containers optional Always Always/IfNotPresent
image.initContainerImage Image for initialization container - used to create log folders. If image is not specified, the init container will not be applied and the logs will be written into logPath optional string
image.webrtc Repository/directory to get the Gateway image mandatory string
pureengage-docker-staging.jfrog.io/webrtc
image.coturn Repository/directory to get the CoTurn image mandatory string
pureengage-docker-staging.jfrog.io/webrtc
image.webrtcVersion Versions of the WebRTC Gateway container mandatory string
9.0.000.88
image.coturnVersion Versions of the CoTurn container mandatory string
9.0.000.88
gateway.replicas Number of Gateway pods on the deployment stage optional 1 integer
gateway.workersCount Number of Gateway worker threads that handle calls. 1 worker handles 25 registrations/calls. CPU and Memory request depends on the number of workers. optional 3 integer
gateway.voiceSipProxy Voice microservice - SIP proxy address mandatory string, address
voice-sipproxy.voice.svc.cluster.local;transport=tcp
gateway.turnExternalUriBlue FQDNs of CoTurn blue LB mandatory string, address
gateway.turnExternalUriGreen FQDNs of CoTurn green LB mandatory string, address
gateway.authRedirectUri GWS/WEE redirect URI for WWE authentication mandatory string, address
gateway.authService GAuth service address mandatory string, address
gateway.envService GWS9.x Environment service address mandatory string, address
gateway.cfgService GWS9.x configuration service address optional string, address
gateway.enableTranscoding Enable or disable transcoding on the Gateway side. Transcoding is enabled by default.
If the transcoding is disabled, the Gateway can handle more agent sessions but OPUS codec is not supported.
optional true true/false
gateway.enable1pccCalls Specifies if the 1pcc operations are enabled optional false true/false
gateway.arguments Any additional options that will be applied to the Gateway containers optional Array of strings
gateway:
  arguments: [ '-codecs pcmu,pcma,opus=120', '-sip-disallowed-codecs opus,telephone-event' ]
gateway.podAnnotations Any additional annotations that will be applied to the Gateway pods optional
gateway:
  podAnnotations:
    prometheus.io/scrape: "true"
    prometheus.io/port:   "10052"
    prometheus.io/path:   "/metrics"
gateway.resources Describes the resources requested for the Gateway pods.
Important
Do not specify this option, if you do not need resources requests/limits.
optional Section
gateway:
  resources:
    requests:
      cpu:  800
      memory: 150
    limits:
      memory: "8Gi"
gateway.resources.requests.cpu Requested amount of CPU milliunits.
Important
This value is per worker and will be multiplied by the gateway.workersCount option in helm
optional 800 integer
gateway.resources.requests.memory Requested amount of Memory (in MB).
Important
This value is per worker and will be multiplied by the gateway.workersCount option in helm
optional 150 integer
gateway.resources.limits.memory Absolute value for Gateway memory usage limit optional "8Gi" Kubernetes value for the resource limit
gateway.scaling Describes the auto-scaling parameters. If the deployment.keda option is set to false, you can skip this option. optional Section
gateway:
  scaling:
    pollingInterval:   30
    maxReplicaCount:  100
    prometheusAddress: http://monitoring-prometheus-prometheus.monitoring:9090
    thresholdSignins:  70
gateway.scaling.prometheusAddress Describes the auto-scaling parameters. If the deployment.keda option is set to false, you can skip this option. optional http://monitoring-prometheus-prometheus.monitoring:909 string, address
gateway.scaling.pollingInterval KEDA polling interval (in seconds) - the interval to check each trigger on. See KEDA documentation for more information. optional 30 integer
gateway.scaling.maxReplicaCount Maximum number of replicas that will be raised by KEDA/HPA. See KEDA documentation for more information. optional 100 integer
gateway.scaling.thresholdSignins In persons - number of registered agents that causes the Gateway auto-scaling if exceeded optional 71 integer
gateway.budget.minAvailable Option to configure the PodDisruptionBudget option. Do not specify this option, ff you do not need the PodDisruptionBudget option for the Gateway deployment. optional Kubernetes PodDisruptionBudget (PBD) value
gateway:
  budget:
    minAvailable: 50%
secrets.type Describes where the secrets will be taken - in Kubernetes secrets, CSI driver, or from the Environment variables mandatory csi k8s env
secrets.csi.gws If the secrets.type option is set to csi, the name of the CSI object contains the GWS secret string
secrets.k8s.gws If the secrets.type option is set to k8s, the name of the Kubernetes Secret object that contains the GWS secret string
secrets.k8s.env.gwsClient If the secrets.type option is set to env, the value is GWS clientid created for WebRTC string
secrets.k8s.env.gwsSecret If the secrets.type option is set to env, the value is GWS secret for the client given clientid string
gateway.securityContext Security context for the Gateway container optional Specification
gateway:
  securityContext:
    runAsUser: 500
    runAsGroup: 500
gateway.serviceAccountName Name of the ServiceAccount that should be used to run the Gateway pod optional string
gateway.logPath Path to the log-directory. This path will be used for both - PVC or HostPath types of logs. Also, check the esServer option. If /mnt/log/webrtc is specified, the /mnt/log/webrtc/<gateway pod name>/webrtcgw logfiles will be created and used in the mentioned path. If the image.initContainerImage option is not specified, the folder with the pod name will not be created and the /mnt/log/webrtc/webrtcgw logfiles will be created. mandatory "/mnt/log/webrtc" string
"/export/vol1/PAT/infra/webrtc"
gateway.logPvc Option for Persistent Volume Claim used for the Gateway logs. If this is not defined, the HostPath will be used for the logs mount. optional Section
gateway:
  logPvc:
    pvcName:               webrtc-gateway-log-pvc
    volumeName:            webrtc-gateway-log-volume
    storageClassName:       genesys-webrtc
    capacity:               5Gi
    volumeSpec:
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      nfs:
        path: /export/vol1/PAT/infra/webrtc
        server: 192.168.30.51
gateway.logPvc.pvcName Name of the Persistent Volume Claim. If this option is present, the PVC will be created. Else, the hostpath will be used for the Gateway logs. optional string
gateway.logPvc.volumeName PersistentVolume name for the PVC. Single Volume will be used for both green and blue deployments of the gateway optional string
gateway.logPvc.volumeSpec If the Perisitent Volume specification is configured in the gateway.logPvc.volumeSpec option, the PersistentVolume object with name from the gateway.logPvc.volumeName option will be created using this specification. optional Specification
gateway:
  logPvc:
    volumeSpec:
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      nfs:
        path: /export/vol1/PAT/infra/webrtc
        server: 192.168.30.51
gateway.logPvc.volumeAnnotations Any additional annotations that will be used for the PersistentVolume if the gateway.logPvc.volumeSpec is specified here. optional Specification
gateway:
  logPvc:
    volumeAnnotations:
        pv.kubernetes.io/bound-by-controller: 'yes'
gateway.esServer Specifies the destination for the ElasticSearch logging - ElasticSearch server address or stdout.
Gateway produces messages in the ElasticSearch format.
optional stdout network address or "stdout"
coturn.port Coturn port that will be used by the CoTurn Load Balancer optional 443 integer
coturn.lbIpBlue External IP for CoTurn blue Load Balancer service. The IP must be same as the one used for the gateway.turnExternalUriBlue A-record mandatory IP address
coturn.lbIpGreen External IP for CoTurn green Load Balancer service. The IP must be same as the one used for the gateway.turnExternalUriGreen A-record mandatory IP address
coturn.replicas Number of CoTurn pods optional 1 integer
coturn.podAnnotations Any additional annotations that will be applied for CoTurn pods optional Specification
coturn:
  podAnnotations:
    pods/realtime: "true"
    pods/owner:    "1051"
coturn.resources Describes resources requested for the CoTurn pods. Do not specify this option if you do not need resources requests/limits. optional Section
coturn:
  resources:
    requests:
      cpu: "0.5"
      memory: "768Mi"
    limits:
      memory: "8Gi"
coturn.resources.requests.cpu Requested amount of CPU. Coturn requires 0.08CPU per call. optional 0.5 Kubernetes CPU request format
coturn.resources.requests.memory Requested amount of Memory optional 150 Kubernetes memory request format
coturn.resources.limits.memory Absolute value for the CoTurn memory usage limit optional "8Gi" Kubernetes value for resoure limit
coturn.scaling Describes the autoscaling parameters. If the deployment.keda option is set to false, you can skip this section optional Section
coturn:
  scaling:
    pollingInterval:   30
    maxReplicaCount:  100
    thresholdCpu:      60
    thresholdMemory:   60
coturn.scaling.pollingInterval Specifies the KEDA polling interval in seconds - the interval to check each trigger on. Refer to KEDA documentation for more information. optional 30 integer
coturn.scaling.maxReplicaCount Maxium number of replicas that will be raised by KEDA/HPA. Refer to KEDA documentation for more information. optional 100 integer
coturn.scaling.thresholdSignins In percentage optional 71 integer
coturn.scaling.thresholdCpu In percentage. The target value is the average of the CPU resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. optional 60 integer
coturn.scaling.thresholdMemory In percentage. The target value is the average of the memory resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. optional 60 integer
coturn.budget.minAvailable Option to configure PodDisruptionBudget. Do not specify this option, if you do not need PodDisruptionBudget for the CoTurn deployment. optional Kubernetes PDB value
coturn:
  budget:
    minAvailable: 50%
coturn.securityContext Security context for the CoTurn container. optional Specification
coturn:
  securityContext:
    runAsUser: 500
    runAsGroup: 500
coturn.serviceAccountName Name of the ServiceAccount to use to run the CoTurn pod. optional string
coturn.logPath Path to the log-directory. This can be the directory path or "stdout". This path will be used for both PVC or HostPath types of logs.
Example: If /mnt/log/webrtc is specified, "/mnt/log/webrtc/<coturn pod name>/turn.xxx.log" logfile will be created and used in the mentioned path.
If image.initContainerImage is not specified, the folder with pod name will not be created and mnt/log/webrtc/turn.xxx.log logfile will be created.
mandatory "/mnt/log/webrtc" string
coturn.logPvc Section for Persistent Volume Claim used for CoTurn logs. If this option not defined, the HostPath will be used for logs mount. optional "/mnt/log/webrtc" Section
coturn:
  logPvc:
    pvcName:               webrtc-coturn-log-pvc
    storageClassName:       default
    capacity:               10Gi
    volumeName:            webrtc-coturn-log-volume
    volumeSpec:
      nfs:
        server: 192.168.1.5
        path: /storage/webrtc
      volumeMode: Filesystem
      persistentVolumeReclaimPolicy: Retain
coturn.logPvc.pvcName Name of PersistentVolumeClaim. If this option is present, PVC will be created. Else, the HostPath will be used for CoTurn logs. optional string
coturn.logPvc.storageClassName StorageClass name for the CoTurn PVC optional string
coturn.logPvc.capacity Volume capacity optional Kubernetes capacity storage values
coturn.logPvc.volumeName Persistent Volume name for the PVC. Single Volume will be used for both green and blue deployments of the CoTurn logs optional string
coturn.logPvc.volumeSpec If the Persistent Volume specification is configured in coturn.logPvc.volumeSpec, the Persistent Volume object with name from the coturn.logPvc.volumeName will be created using this specification. optional Specification
gateway:
  logPvc:
    volumeSpec:
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      nfs:
        path: /export/vol1/PAT/infra/webrtc
        server: 192.168.30.51
coturn.logPvc.volumeAnnotations Any additional annotations that will be used for the Persistent Volume, if the coturn.logPvc.volumeSpec option is specified optional Specification
gateway:
  logPvc:
    volumeAnnotations:
        pv.kubernetes.io/bound-by-controller: 'yes'
labels.common Describes the additional labels for common resources optional
labels.gateway Describes the additional labels for the Gateway resources - pods, deployments, and services optional
labels.coturn Describes the additional labels for the CoTurn resources - pods, deployments, and services optional
labels.alerts Describes the additional labels for the alert objects optional

Configure Kubernetes

Document the layouts for the following so customers can create them if their Helm chart doesn't include a way to do this:
  • ConfigMaps
  • Secrets

Configure security

The security context settings define the privilege and access control settings for pods and containers.

By default, the user and group IDs are set in the values.yaml file as 500:500:500, meaning the genesys user.

securityContext:
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
  fsGroup: 500

Arbitrary UIDs in OpenShift

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that you do not define any specific IDs.

securityContext:
  runAsNonRoot: true
  runAsUser: null
  runAsGroup: 0
  fsGroup: null

Configure the service

Before proceeding with the deployment process, perform the following pre-steps:

  1. Review values-template.yaml in helm charts: It provides all the available options with comments and explanations.
  2. Configure all the options in your own values file: Configure/overwrite values for options that you need. Use the values-template.yaml file from the package that displays the list of available options with their description.
    Important
    Do not configure deployment.type and deployment.color options in values.yaml-file(s). These values should be used only during deployment process as command-line parameters to specify the deployment process.
    Sample values.yaml file:
    deployment:
      namespace:         webrtc
      ingress:
        domain: apps.vce-c0.eps.genesys.com
        annotations:
          kubernetes.io/ingress.class:                         nginx01-internal
          nginx.ingress.kubernetes.io/affinity:                cookie
          nginx.ingress.kubernetes.io/affinity-mode:           persistent
          nginx.ingress.kubernetes.io/ssl-redirect:            "false"
          nginx.ingress.kubernetes.io/session-cookie-path:     "/; Secure"
          nginx.ingress.kubernetes.io/session-cookie-samesite: None
      dnsPolicy: ClusterFirst
      dnsConfig:
        options:
          - name: ndots
            value: "3"
      keda: false
      coturnDeployment: external
      
      
    monitoring:
      enabled:           false
      dashboards:        false
      prometheusMetrics: false
      prometheusAlerts:  false
          
      
    image:
      imagePullSecrets:
      - webrtcjfrogsecret
      initContainerImage: pureengage-docker-staging.jfrog.io/alpine:3.7-curl
      webrtc: pureengage-docker-staging.jfrog.io/webrtc
      coturn: pureengage-docker-staging.jfrog.io/webrtc
      webrtcVersion: 9.0.000.88
      coturnVersion: 9.0.000.88
      
      
    gateway:
      logPath:                 "/export/vol1/PAT/infra/webrtc"
      logPvc:
        pvcName:               webrtc-gateway-log-pvc
        volumeName:            webrtc-gateway-log-volume
        storageClassName:      genesys-webrtc
        capacity:              5Gi
        volumespec:
          accessModes:
            - ReadWriteMany
          persistentVolumeReclaimPolicy: Retain
          nfs:
            path: /export/vol1/PAT/infra/webrtc
            server: 192.168.30.51
      esServer:                stdout
      replicas:                 1
      workersCount:            1
      voiceSipProxy:          voice-sipproxy.voice.svc.cluster.local:5080;transport=tcp
      turnExternalUriBlue:   192.168.30.208
      turnExternalUriGreen:  192.168.30.209
      authRedirectUri:       http://gauth.apps.vce-c0.eps.genesys.com:80
      authService:           http://gauth-auth.gauth.svc.cluster.local:80
      envService:            https://gws.apps.vce-c0.eps.genesys.com
      resources:
        requests:
          # NB! 800m per worker, MUST be integer, not string - will be multiplied by workersCount in helm
          cpu:  800
          # NB! 150Mi per worker, MUST be integer, not string - will be multiplied by workersCount in helm
          memory: 150
        limits:
          memory: "8Gi"
      secrets:
        type: env
        env:
         gwsClient: external_api_client
         gwsSecret: secret
      securityContext:
        runAsUser: 500
        runAsGroup: 500
                   
      
    coturn:
      logPath:                 "/export/vol1/PAT/infra/coturn/"
      logPvc:
        pvcName:               webrtc-coturn-log-pvc
        volumeName:            webrtc-coturn-log-volume
        storageClassName:       genesys-webrtc
        capacity:               5Gi
        volumeSpec:
          accessModes:
            - ReadWriteMany
          persistentVolumeReclaimPolicy: Retain
          nfs:
            path: /export/vol1/PAT/infra/webrtc
            server: 192.168.30.51
      replicas:    1
      port:        443
      lbIpBlue:  192.168.30.208
      lbIpGreen: 192.168.30.209
      securityContext:
        runAsUser: 500
        runAsGroup: 500
  3. PersistentVolume (PV) and PersistentVolumeClaim (PVC): If you plan to use PV for logs, create the PV and then specify it for PVC of Gateway and CoTurn.
    PV can also be created during the common-infrastructure deployment.  You should review the values-template.yaml file and then configure the PV specification for Gateway and CoTurn.
    Single PV/PVC pair will be used for both Green and Blue deployments of Gateway, and another single PV/PVC pair will be used for both Green and Blue deployments of CoTurn.