Genesys Documentation - User contributions [en]

RN/AuthenticationService/100.0.001.0194

2026-05-27T06:30:52Z

WikiSysop:

{{ComponentRN
|ComponentId=1bff5e74-a889-4bb8-b75a-8d721f63766e
|JQL=default
|DeploymentTypeId=8b480b3c-2733-433a-9166-eab2c2d0663a
|ReleaseDate=2026-05-20
|PrivateEditionReleaseDate=2026-05-20
|Highlight=Contains new Genesys Authentication Service (gauth-service-authentication), Spring Security modernization, SAML 2.0 upgrade, resolved issue and security fixes

'''NOTE''': Please ignore previous Private Edition Release version 100.0.001.0193
|Containers=*gauth-service-authentication: 100.0.001.0193
*gws-core-environment: 100.0.018.2294
*gws-ui-auth: 100.0.018.1686
*gauth-100.0.101+0258.tgz
*gauth-infra-bg-100.0.101+36.tgz
}}
{{Issue
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent='''NOTE''': Please ignore previous Private Edition Release version 100.0.001.0193
}}
{{Issue
|TicketNumber=AUTH-2273
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Added new service names gauth-service-authentication as a replacement for the legacy gauth-core. Following are the major changes introduced as part of gauth-service-authentication.

#OAuth2 implementation is migrated to Spring Security 6.4.x OAuth2 modules from deprecated Spring Security OAuth2 (2.5.2.RELEASE).
#Upgrade SAML 2.0 to Spring Security built-in SAML2 Service Provider replacing deprecated Spring Security SAML (1.0.10.RELEASE)
#Resolved multiple Spring framework security vulnerabilities.
}}
{{Issue
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Deployment and '''cutover''' of new auth-service-authentication.
|SupportingDocumentation=https://all.docs-qa.genesys.com/Draft:AUTH/Current/AuthPEGuide/Deploy#Genesys_Service_Authentication_Cut_Over_Guide
}}
{{Issue
|TicketNumber=GAPI-39778
|IssueCategoryId=c749afa5-fd21-49e4-83d4-0e6ebd8ed618
|LocalContent=In GAuth Env Service, upgraded Spring Boot to 3.5.12, Gradle to 7.6.4, and Netty to 4.1.132 to address security vulnerabilities and dependency

updates.
}}
{{Issue
|IssueCategoryId=7677e764-86f7-44e3-92bc-f13b59c71260
|LocalContent=The new gauth-service-authentication '''100.0.001.0193''' does not currently support JWT access token format.
}}

RN/GenesysWeb Services and Applications/9.0.003.49

2026-05-27T06:00:55Z

WikiSysop:

{{ComponentRN
|ComponentId=d8ae146d-0abb-4c7e-8a14-3be0a382a3d5
|JQL=issue in (GAPI-39761, GAPI-39752, GAPI-39431, GAPI-39430, GAPI-39276, GAPI-39795, GAPI-39794, GAPI-39551)
|DeploymentTypeId=8b480b3c-2733-433a-9166-eab2c2d0663a
|ReleaseDate=2026-05-21
|PrivateEditionReleaseDate=2026-05-21
|Highlight=Contains new features, Security updates and resolved issues.

'''NOTE''': Please ignore previous version 9.0.003.48
|Containers=*gws-app-provisioning:9.0.001.22
*gws-app-workspace:9.0.001.18
*gws-platform-chat:9.0.000.69
*gws-platform-configuration:9.0.001.06
*gws-platform-datacollector:9.0.000.76
*gws-platform-ixn:9.0.000.68
*gws-platform-ocs:9.0.000.71
*gws-platform-setting:9.0.000.76
*gws-platform-statistics:9.0.000.86
*gws-platform-ucs:9.0.000.67
*gws-platform-voice:9.0.000.91
*gws-service-configuration:9.0.000.12
*gws-services-2.0.2.tgz
*gws-monitoring-1.0.24.tgz
*gws-ingress-1.0.46.tgz
}}
{{Issue
|TicketNumber=GAPI-39794
|IssueCategoryId=5c483167-c133-4dc5-87c0-bd2719670bc1
|LocalContent=Added support for Prometheus v3, including proper Content-Type handling for metrics scraping
}}
{{Issue
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent='''NOTE''': Please ignore previous version 9.0.003.48
}}
{{Issue
|TicketNumber=GAPI-39761
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=GWS Data Collector service has been upgraded from Elasticsearch REST High Level Client 7.x to Elasticsearch Java API Client 8.x. Data collector service now supports both ES8 and ES9 versions of Elasticsearch.
}}
{{Issue
|TicketNumber=GAPI-39752
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=GWS9 - Update to Spring-Boot 3.5 and JDK21 Support.
}}
{{Issue
|TicketNumber=GAPI-39431
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Upgrade gws workspace service to node 22.
}}
{{Issue
|TicketNumber=GAPI-39430
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Upgrade gws provisioning service to node 22.
}}
{{Issue
|TicketNumber=GAPI-39276
|IssueCategoryId=c749afa5-fd21-49e4-83d4-0e6ebd8ed618
|LocalContent=Security patches and vulnerability fixes for system and application libraries.
}}
{{Issue
|TicketNumber=GAPI-39551
|IssueCategoryId=5c483167-c133-4dc5-87c0-bd2719670bc1
|LocalContent=Previously, Agents couldn’t log in a voice channel in WWE if SIP Cluster configuration had non-existing SIP node in the list of SIP Cluster nodes. Now, GWS filters non-existing SIP Cluster Nodes and allows Agents to log in the voice channel.
}}

RN/AuthenticationService/100.0.001.0194

2026-05-26T07:01:05Z

WikiSysop:

{{ComponentRN
|ComponentId=1bff5e74-a889-4bb8-b75a-8d721f63766e
|JQL=issue in(AUTH-2273)
|DeploymentTypeId=8b480b3c-2733-433a-9166-eab2c2d0663a
|ReleaseDate=2026-05-20
|PrivateEditionReleaseDate=2026-05-20
|Highlight=Contains new Genesys Authentication Service (gauth-service-authentication), Spring Security modernization, SAML 2.0 upgrade, resolved issue and security fixes.
|Containers=*gws-service-authentication: 100.0.001.0193
*gws-core-environment: 100.0.018.2294
*gws-ui-auth: 100.0.018.1686
*gauth-100.0.101+0258.tgz
*gauth-infra-bg-100.0.101+36.tgz
}}
{{Issue
|TicketNumber=AUTH-2273
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Added new service names gauth-service-authentication as a replacement for the legacy gauth-core. Following are the major changes introduced as part of gauth-service-authentication.

*OAuth2 implementation is migrated to Spring Security 6.4.x OAuth2 modules from deprecated Spring Security OAuth2 (2.5.2.RELEASE).
*Upgrade SAML 2.0 to Spring Security built-in SAML2 Service Provider replacing deprecated Spring Security SAML (1.0.10.RELEASE).
*Resolved multiple Spring framework security vulnerabilities.
}}
{{Issue
|TicketNumber=GAPI-39778
|IssueCategoryId=c749afa5-fd21-49e4-83d4-0e6ebd8ed618
|LocalContent=In GAuth Env Service, upgraded Spring Boot to 3.5.12, Gradle to 7.6.4, and Netty to 4.1.132 to address security vulnerabilities and dependency updates.
}}
{{Issue
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Deployment and '''cutover''' of new auth-service-authentication.
|SupportingDocumentation=https://all.docs-qa.genesys.com/Draft:AUTH/Current/AuthPEGuide/Deploy#Genesys_Service_Authentication_Cut_Over_Guide
}}
{{Issue
|IssueCategoryId=7677e764-86f7-44e3-92bc-f13b59c71260
|LocalContent=The new gauth-service-authentication '''100.0.001.0193''' does not currently support JWT access token format
}}

RN/GenesysWeb Services and Applications/9.0.003.49

2026-05-26T06:30:59Z

WikiSysop:

{{ComponentRN
|ComponentId=d8ae146d-0abb-4c7e-8a14-3be0a382a3d5
|JQL=issue in (GAPI-39761, GAPI-39752, GAPI-39431, GAPI-39430, GAPI-39276, GAPI-39795, GAPI-39794, GAPI-39551)
|DeploymentTypeId=8b480b3c-2733-433a-9166-eab2c2d0663a
|ReleaseDate=2026-05-20
|PrivateEditionReleaseDate=2026-05-20
|Highlight=Contains new features, Security updates and resolved issues.
|Containers=*gws-app-provisioning:9.0.001.22
*gws-app-workspace:9.0.001.18
*gws-platform-chat:9.0.000.69
*gws-platform-configuration:9.0.001.06
*gws-platform-datacollector:9.0.000.76
*gws-platform-ixn:9.0.000.68
*gws-platform-ocs:9.0.000.71
*gws-platform-setting:9.0.000.76
*gws-platform-statistics:9.0.000.86
*gws-platform-ucs:9.0.000.67
*gws-platform-voice:9.0.000.91
*gws-service-configuration:9.0.000.12
*gws-services-2.0.2.tgz
*gws-monitoring-1.0.24.tgz
*gws-ingress-1.0.46.tgz
}}
{{Issue
|TicketNumber=GAPI-39794
|IssueCategoryId=5c483167-c133-4dc5-87c0-bd2719670bc1
|LocalContent=Added support for Prometheus v3, including proper Content-Type handling for metrics scraping
}}
{{Issue
|TicketNumber=GAPI-39761
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=GWS Data Collector service has been upgraded from Elasticsearch REST High Level Client 7.x to Elasticsearch Java API Client 8.x. Data collector service now supports both ES8 and ES9 versions of Elasticsearch.
}}
{{Issue
|TicketNumber=GAPI-39752
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=GWS9 - Update to Spring-Boot 3.5 and JDK21 Support.
}}
{{Issue
|TicketNumber=GAPI-39431
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Upgrade gws workspace service to node 22.
}}
{{Issue
|TicketNumber=GAPI-39430
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Upgrade gws provisioning service to node 22.
}}
{{Issue
|TicketNumber=GAPI-39276
|IssueCategoryId=c749afa5-fd21-49e4-83d4-0e6ebd8ed618
|LocalContent=Security patches and vulnerability fixes for system and application libraries.
}}
{{Issue
|TicketNumber=GAPI-39551
|IssueCategoryId=5c483167-c133-4dc5-87c0-bd2719670bc1
|LocalContent=Previously, Agents couldn’t log in a voice channel in WWE if SIP Cluster configuration had non-existing SIP node in the list of SIP Cluster nodes. Now, GWS filters non-existing SIP Cluster Nodes and allows Agents to log in the voice channel.
}}

RN/AuthenticationService/100.0.001.0194

2026-05-26T06:30:56Z

WikiSysop:

{{ComponentRN
|ComponentId=1bff5e74-a889-4bb8-b75a-8d721f63766e
|JQL=issue in(AUTH-2273)
|DeploymentTypeId=8b480b3c-2733-433a-9166-eab2c2d0663a
|ReleaseDate=2026-05-19
|PrivateEditionReleaseDate=2026-05-19
|Highlight=Contains new Genesys Authentication Service (gauth-service-authentication), Spring Security modernization, SAML 2.0 upgrade, resolved issue and security fixes.
|Containers=*gws-service-authentication: 100.0.001.0193
*gws-core-environment: 100.0.018.2294
*gws-ui-auth: 100.0.018.1686
*gauth-100.0.101+0258.tgz
*gauth-infra-bg-100.0.101+36.tgz
}}
{{Issue
|TicketNumber=AUTH-2273
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Added new service names gauth-service-authentication as a replacement for the legacy gauth-core. Following are the major changes introduced as part of gauth-service-authentication.

*OAuth2 implementation is migrated to Spring Security 6.4.x OAuth2 modules from deprecated Spring Security OAuth2 (2.5.2.RELEASE).
*Upgrade SAML 2.0 to Spring Security built-in SAML2 Service Provider replacing deprecated Spring Security SAML (1.0.10.RELEASE).
*Resolved multiple Spring framework security vulnerabilities.
}}
{{Issue
|TicketNumber=GAPI-39778
|IssueCategoryId=c749afa5-fd21-49e4-83d4-0e6ebd8ed618
|LocalContent=In GAuth Env Service, upgraded Spring Boot to 3.5.12, Gradle to 7.6.4, and Netty to 4.1.132 to address security vulnerabilities and dependency updates.
}}
{{Issue
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Deployment and '''cutover''' of new auth-service-authentication.
|SupportingDocumentation=https://all.docs-qa.genesys.com/Draft:AUTH/Current/AuthPEGuide/Deploy#Genesys_Service_Authentication_Cut_Over_Guide
}}
{{Issue
|IssueCategoryId=7677e764-86f7-44e3-92bc-f13b59c71260
|LocalContent=The new gauth-service-authentication '''100.0.001.0193''' does not currently support JWT access token format
}}

AUTH/Current/AuthPEGuide/Deploy

2026-05-26T06:00:40Z

WikiSysop:

{{ArticlePEServiceDeploy
|ServiceId=6f7f1a8d-4e60-4b8d-a6f0-8cafdbdf0a3e
|IncludeAssumptions=Yes
|Section={{Section
|alignment=Vertical
|structuredtext={{NoteFormat|Make sure to review {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Planning}} for the full list of prerequisites required to deploy Genesys Authentication.|}}
|Status=No
}}{{Section
|sectionHeading=Prepare your environment
|anchor=Prepare
|alignment=Vertical
|structuredtext=To prepare your environment for the deployment, complete the steps in this section for Google Kubernetes Engine (GKE).

===GKE===
Log in to the GKE cluster from the host where you will run the deployment:
<syntaxhighlight>
gcloud container clusters get-credentials <cluster>
</syntaxhighlight>Create a new namespace for Genesys Authentication with a JSON file that specifies the namespace metadata. For example, '''create-gauth-namespace.json''': <syntaxhighlight>
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"name": "gauth",
"labels": {
"name": "gauth"
}
}
}
</syntaxhighlight>Execute the following command to create the namespace:<syntaxhighlight>
kubectl apply -f create-gauth-namespace.json
</syntaxhighlight>Confirm the namespace was created:<syntaxhighlight>
kubectl describe namespace gauth
</syntaxhighlight>
===AKS===
Log in to the AKS cluster from the host where you will run the deployment:
<syntaxhighlight>
az aks get-credentials --resource-group <resource-group> --name <cluster-name> --admin
</syntaxhighlight>Create a new namespace for Genesys Authentication with a JSON file that specifies the namespace metadata. For example, '''create-gauth-namespace.json''': <syntaxhighlight>
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"name": "gauth",
"labels": {
"name": "gauth"
}
}
}
</syntaxhighlight>Execute the following command to create the namespace:<syntaxhighlight>
kubectl apply -f create-gauth-namespace.json
</syntaxhighlight>Confirm the namespace was created:<syntaxhighlight>
kubectl describe namespace gauth
</syntaxhighlight>
|Status=No
}}{{Section
|sectionHeading=Deploy
|anchor=de
|alignment=Vertical
|structuredtext=To deploy Genesys Authentication, you'll need the Helm package and your overrides file. Copy '''values.yaml''' and the Helm package ('''gauth-<version>.tgz''') to the installation location.

===Additional Steps for deploying New Auth Service (gauth-service-authentication):===

#Use gauth Helm chart version >= 100.0.101+0258
#Helm chart default value for new auth service is 100.0.001.'''0192.''' Update this to latest new auth service version >= 100.0.001.'''0193''' in your values.yaml<source lang="text">gauth-service-authentication: 100.0.001.0193</source>
#For customers using gauth-infra-bg chart, Use gauth-infra-bg Helm chart version >= 100.0.101+36
#For customers using dedicated external auth pods, to deploy this new auth service as external auth pod, Update your values.yaml<source lang="text">services:
useNewAuth: false
service_auth:
externalAuth:
enabled: true # Deploy new auth ext pods</source> 
#'''NOTE:''' Update your old auth service version to your previous/existing old auth service version in your values.yaml<source lang="text">gws-core-auth: 100.0.018.4405 # Do not use this version, update it with existing stable version
gws-core-environment: 100.0.018.2294
gws-ui-auth: 100.0.018.1686
gauth-service-authentication: 100.0.001.0193</source> 

For debugging purposes, use the following command to render templates without installing so you can check that resources are created properly:
helm template --debug /gauth-<version>.tgz -f values.yaml

The result shows Kubernetes descriptors. The values you see are generated from Helm templates, and based on settings from '''values.yaml'''. Ensure that no errors are displayed; you will later apply this configuration to your Kubernetes cluster.

Now you're ready to deploy Genesys Authentication:
helm install gauth ./gauth-<version>.tgz -f values.yaml -n gauth
 
|Status=No
}}{{Section
|sectionHeading=Configure external access
|anchor=access
|alignment=Vertical
|structuredtext=Follow the instructions for either GKE or AKS to make the Genesys Authentication services accessible from outside the cluster.

 

{{AnchorDiv|GKEingress}}
===Provision ingresses for GKE or AKS===
After deploying, make Genesys Authentication services accessible from outside the GKE or AKS cluster using the NGINX Ingress Controller.

Create a YAML file called '''gauth-ingress.yaml''' with the content below. '''Note:''' Replace '''gws.<domain>''' and '''gauth.<domain>''' with your GWS and Genesys Authentication domains, such as <code>gws.test.dev</code>.<syntaxhighlight>
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gauth-gws-ingress
namespace: gauth
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
# Custom annotations for NGINX Ingress Controller
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: gws.<domain> - e.g. gws.test.dev
http:
paths:
- path: /ui/auth/.*
backend:
serviceName: gauth-auth-ui
servicePort: 80
- path: /auth/.*
backend:
serviceName: gauth-auth
servicePort: 80
- path: /environment/.*
backend:
serviceName: gauth-environment
servicePort: 80
tls:
- hosts:
- gws.<domain> - e.g. gws.test.dev
secretName: gauth-gws-ingress-cert
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gauth-gauth-ingress
namespace: gauth
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
# Custom annotations for NGINX Ingress Controller
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: gauth.<domain> - e.g. gauth.test.dev
http:
paths:
- path: /ui/auth/.*
backend:
serviceName: gauth-auth-ui
servicePort: 80
- path: /auth/.*
backend:
serviceName: gauth-auth
servicePort: 80

- path: /environment/.*
backend:
serviceName: gauth-environment
servicePort: 80
tls:
- hosts:
- gauth.<domain> - e.g. gauth.test.dev
secretName: gauth-gauth-ingress-cert
</syntaxhighlight>Create ingresses with the following command:<syntaxhighlight>
kubectl apply -f gauth-ingress.yaml -n gws
</syntaxhighlight>

===Provision GWS services to access New Auth Service===
Refer {{Link-AnywhereElse|product=GWS|version=Current|manual=GWSPEGuide|topic=Configure|anchor=Genesys_services_parameters|display text=Configure GWS Services}}

===Provision New Auth Service to access GWS configuration service===
Refer the Parameter <code>services.service_auth.env.GWS_AUTH_common_configService</code> in {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Configure|anchor=Override_Helm_chart_values|display text=Override Helm chart values}}
|Status=No
}}{{Section
|sectionHeading=Validate the deployment
|alignment=Vertical
|structuredtext=Check the installed Helm release:
helm list
The results should show the Genesys Authentication deployment details. For example:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
gauth gauth 1 2021-05-20 11:56:32.5531685 +0530 +0530 deployed gauth-0.1.77 0.1
Check the '''gauth''' namespace status:
helm status gauth
The result should show the namespace details with a status of deployed:
NAME: gauth
LAST DEPLOYED: Thu May 20 11:56:32 2021
NAMESPACE: gauth
STATUS: deployed
REVISION: 1
TEST SUITE: None
Check the Genesys Authentication Kubernetes objects created by Helm:
kubectl get all -n gauth
The result should show all the created pods, service ConfigMaps, and so on.

'''Verify all new auth deployments are running:'''
kubectl get deployments -n gauth
Expected:<source lang="text">gauth-auth-<release> 2/2 # Already existing old auth pods
gauth-service-authentication-<release> 2/2 # New auth pods
gauth-environment-<release> 2/2
gauth-auth-ui-<release> 2/2</source>Customers using dedicated external auth pods, you will observe new auth external pods also deployed along with existing old auth external pods<source lang="text">gauth-auth-<release> 2/2
gauth-service-authentication-<release> 2/2
gauth-environment-<release> 2/2
gauth-auth-ui-<release> 2/2
gauth-auth-ext-<release> 2/2 # Already existing old auth external pods
gauth-service-auth-ext-<release> 2/2 # New auth external pods</source>Finally, verify that you can now access Genesys Authentication at the following URL: https://<hostname>/ui/auth/sign-in.html
|Status=No
}}{{Section
|sectionHeading=Genesys Service Authentication Cut Over Guide
|alignment=Vertical
|structuredtext===Overview==
Starting with <code>gauth</code> Helm chart version <code>100.0.101+0258</code> or later, the new authentication service <code>gws-service-authentication</code> is deployed alongside the existing authentication service <code>gauth-auth</code>. By default, traffic continues to route to the old authentication service.

The cutover switches authentication traffic from the old authentication service <code>gauth-auth</code> to the new authentication service <code>gws-service-authentication</code>.

'''Before cutover:'''

*Traffic routes to the old authentication service.
*Client data is copied from old database tables to new database tables.
*Existing authentication tokens remain in the old token format.

'''After cutover:'''

*<code>/auth</code> traffic routes to the new authentication service.
*New tokens are created in the new authentication token format.
*Existing tokens created by the old authentication service cannot be read by the new authentication service.
*Dependent services must be restarted, and users must re-login to obtain new tokens.

This guide further explains how to migrate client data, validate the new service, switch authentication traffic to the new service, validate the cutover, restart dependent services, and roll back to the old service if needed

==Migration Process:==
Auth Service has 2 persistent pieces of information.

#Client Details
#Authentication Token

===1.Client Details:===
The new authentication service (<code>gauth-service-authentication</code>) uses the same Postgres database and Redis cluster as the old auth service (<code>gauth-auth</code>), but with different table formats.
{{{!}} class="wikitable"
{{!}}'''Data'''
{{!}}'''Old Auth table name'''
{{!}}'''New Auth Table name'''
{{!}}-
{{!}}Clients
{{!}}oauth_client_details
{{!}}oauth2_client_details
{{!}}-
{{!}}Contact Centers
{{!}}client_contact_centers
{{!}}client_contact_centers2
{{!}}}

'''Automatic migration''':

When the new authentication service starts, Flyway runs the migration script:
V1.7.1__CopyOauth2ClientDetailsFromOldTable.sql
This migration copies client data from the old tables to the new tables.

The migration runs once on the first startup of the new authentication service. On subsequent restarts, Flyway skips the migration because it has already been applied.

===2. Authentication Token:===
Authentication tokens from the old authentication service are not migrated. The old and new authentication services use incompatible token storage formats. Tokens created by the old authentication service cannot be read by the new authentication service. In order to regenerate the tokens, refer to step {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Deploy|anchor=Restart_Applicable_Services|display text=Restart Applicable Services}} of CutOver steps.

And below is the difference in token storage formats of both the authentication services,
{{{!}} class="wikitable"
{{!}}'''Area'''
{{!}}'''Old Auth'''
{{!}}'''New Auth'''
{{!}}-
{{!}}Serialization
{{!}}JDK binary
{{!}}Jackson JSON
{{!}}-
{{!}}Key prefix
{{!}}configurable (empty)
{{!}}GWS:Auth:V3:
{{!}}-
{{!}}Token keys
{{!}}plain token values
{{!}}SHA-256 hashed
{{!}}-
{{!}}Data model
{{!}}OAuth2AccessToken + OAuth2Authentication
{{!}}OAuth2Authorization (unified)
{{!}}}

==Pre Validation==
Complete the following checks before switching traffic to the new authentication service.

===Step 1: Verify New Auth service health===
Check that the new authentication pods are running:<source lang="text">kubectl get pods -n gauth -l gauth=service-auth</source>Check health from the pod:
kubectl exec -n gauth <new-auth-pod> -- curl -s <nowiki>http://localhost:8081/health</nowiki>
Expected response:
{"status":"UP"}
Verify that the service started successfully:<source lang="text">kubectl logs -n gauth <new-auth-pod> | grep -i "Started"</source>Expected log message:<source lang="text">Started AuthorizationServerApplication in X seconds
</source>

===Step 2: Verify Client Data Migration===
Check the new authentication service logs for Flyway migration status:<source lang="text">kubectl logs -n gauth <new-auth-pod> | grep -i "migrat"</source>Expected output on first startup:<source lang="text">Migrating schema "public" to version "1.7.1 - CopyOauth2ClientDetailsFromOldTable"
Successfully applied 1 migration(s) to schema "public"</source>Expected output if the migration was already applied:<source lang="text">Schema "public" is up to date. No migration necessary.</source>You can also verify migrated client data through the operations API on the new authentication pod.

Start port-forwarding:<source lang="text">kubectl port-forward -n gauth <new-auth-pod> 8080:8080</source>Then call the GET Clients API:<source lang="text">curl -u <admin_username>:<admin_password> \
http://localhost:8080/auth/v3/ops/clients</source>Expected result:

*Clients are returned from the new authentication service.
*If no clients are returned, do not proceed with cutover until migration is verified.

===Step 3: Run a Pre-cutover functional test===
Before switching traffic, verify the new authentication service directly through pod port-forwarding.

Start port-forwarding:<source lang="text">kubectl port-forward -n gauth <new-auth-pod> 8080:8080
</source>Call the token endpoint:<source lang="text">curl -X POST http://localhost:8080/auth/v3/oauth/token \
-d "grant_type=client_credentials&client_id=<id>&client_secret=<secret>"
</source>Expected response: <source lang="text">{
"access_token": "...",
"token_type": "...",
"expires_in": ...
}
</source>
==Cut Over==

===Step 1: Configure Helm Values===
Refer {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Configure|anchor=Override_Helm_chart_values|display text=Configure Genesys Authentication}} for below helm values configurations

===='''Customers Using the <code>gauth</code> Chart Only'''====
Set the following value:<source lang="text">services:
useNewAuth: true
</source>This value is required to switch traffic to the new authentication service.

If dedicated external authentication pods are required, also set:<source lang="text">services:
service_auth:
externalAuth:
enabled: true
</source>

===='''Customers Using Both <code>gauth</code> and <code>gauth-infra-bg</code> Charts'''====
For the <code>gauth</code> chart, set:<source lang="text">services:
 useNewAuth: true
</source>For the <code>gauth-infra-bg</code> chart, set:<source lang="text">active:
useNewAuth: true
</source>If dedicated external authentication is required, also set:<source lang="text">active:
externalAuth: true
</source>'''Important''': Always set <code>services.useNewAuth</code> and <code>active.useNewAuth</code> to the same value. Mismatched values can result in two ingresses pointing to different authentication services, causing unpredictable routing behavior.

===Step 2: Confirm Database Migration Is Enabled===
Automatic migration of PostgreSQL data from old auth tables to new auth tables is enabled by default.

Example configuration:<source lang="text">services:
useNewAuth: false

secrets:
useSecretProviderClass: false

replicas: 3
location: /

db:
init: true # enables automatic migration
poolSize: 3</source>
===Step 3: Deploy the <code>gauth</code> Helm Chart===
Deploy the updated <code>gauth</code> chart:<source lang="text">helm upgrade --install gauth ./gauth-<version>.tgz \
-f <your-values-file>.yaml \
-n gauth \
--wait \
--timeout 600s
</source>

===Step 4: Verify Ingress Routes to New Auth===
Verify that <code>/auth/</code> routes to the new authentication service:<source lang="text">kubectl get ingress -n gauth -o yaml | grep -A5 "path: /auth/"
</source>Expected backend:<source lang="text">path: /auth/
pathType: ImplementationSpecific
backend:
service:
name: gauth-service-authentication-<release>
port:
number: 8080
</source>If the backend still shows <code>gauth-auth-<release></code>, the cutover has not taken effect.

===Step 5: Verify External Auth Ingress, If Used===
For customers using dedicated external authentication, verify that <code>/auth/v3/oauth/token</code> routes to the new external authentication service:<source lang="text">kubectl get ingress -n gauth -o yaml | grep -A5 "path: /auth/v3/oauth/token"

</source>Expected backend:<source lang="text">path: /auth/v3/oauth/token
pathType: ImplementationSpecific
backend:
service:
name: gauth-service-auth-ext-<release>
port:
number: 8080

</source>If the backend still shows <code>gauth-auth-ext-<release></code>, the external authentication cutover has not taken effect.

===Additional Steps for Customers Using <code>gauth-infra-bg</code>===
Update the <code>gauth-infra-bg</code> chart values:<source lang="text">active:
useNewAuth: true
externalAuth: true
</source>Set <code>externalAuth: true</code> only if dedicated external authentication is used.

Deploy the <code>gauth-infra-bg</code> chart:<source lang="text">helm upgrade --install gauth-infra ./gauth-infra-bg-<version>.tgz \
-f <your-infra-values-file>.yaml \
-n gauth \
--wait
</source>Verify that <code>/auth/</code> routes to the new authentication service:<source lang="text">kubectl get ingress -n gauth -l service=gauth-infra-bg -o yaml | grep -A5 "path: /auth/"

</source>Expected backend:<source lang="text">path: /auth/
pathType: ImplementationSpecific
backend:
service:
name: gauth-service-authentication-<infra-release>-active
port:
number: 80
</source>If the backend still shows <code>gauth-auth-<infra-release>-active</code>, the cutover has not taken effect.
For dedicated external authentication, verify:<source lang="text">kubectl get ingress -n gauth -l service=gauth-infra-bg -o yaml | grep -A5 "path: /auth/v3/oauth/token"
</source>Expected backend:<source lang="text">path: /auth/v3/oauth/token
pathType: ImplementationSpecific
backend:
service:
name: gauth-service-auth-ext-<infra-release>-active
port:
number: 80

</source>If the backend still shows <code>gauth-auth-ext-<infra-release>-active</code>, the external authentication cutover has not taken effect.

===Validate Cutover===
Step 1: Test the External Ingress

Call the token endpoint through the external ingress URL:<source lang="text">curl -X POST https://<gauth-external-ingress-host>/auth/v3/oauth/token \
-d "grant_type=client_credentials&client_id=<id>&client_secret=<secret>"
</source>Expected response:<source lang="text">{
"access_token": "...",
"token_type": "...",
"expires_in": ...
}
</source>
Step 2: Test the Internal Ingress

Call the token endpoint through the internal ingress URL:<source lang="text">curl -X POST https://<gauth-internal-ingress-host>/auth/v3/oauth/token \
-d "grant_type=client_credentials&client_id=<id>&client_secret=<secret>"
</source>Expected response:<source lang="text">{
"access_token": "...",
"token_type": "...",
"expires_in": ...
}
</source>Ingress host values come from the Helm values files:
{{{!}} class="wikitable"
!Chart
!External Ingress Value
!Internal Ingress Value
{{!}}-
{{!}}<code>gauth</code>
{{!}}<code>ingress.frontend</code>
{{!}}<code>internal_ingress.frontend</code>
{{!}}-
{{!}}<code>gauth-infra-bg</code>
{{!}}<code>active.ingress.frontend</code>
{{!}}<code>active.internal_ingress.frontend</code>
{{!}}}

===Restart Applicable Services===
Restart dependent services after cutover.

This restart is required because existing cached tokens were created by the old authentication service. These old tokens cannot be validated by the new authentication service.

Example restart commands:<source lang="text">kubectl rollout restart deployment gws-service-configuration -n gws
kubectl rollout restart deployment gws-app-provisioning -n gws
</source>

'''Example applicable services include:'''

i. gws-service-configuration

ii. gws-app-provisoning

ii. GIR(Genesys Interaction Recording) - Speechminer Web service

iv. Nexus

v. CIWD

vi. UCSX (only Azure)

vii. UDM (CDDS-X)

===='''Impact on Existing Logins'''====

*Existing agent and user sessions are not terminated automatically during cutover.
*However, ongoing or new read/write operations may fail after cutover because old tokens use JDK binary serialization and cannot be read by the new authentication service, which uses Jackson JSON serialization.
*Users and agents must log in again to resume normal operations:

Examples:
{{{!}} class="wikitable"
!User Type
!Required Action
{{!}}-
{{!}}WWE users
{{!}}Log out and log back in
{{!}}-
{{!}}Agent Setup users
{{!}}Log out and log back in
{{!}}}
Re-login creates new tokens in the new authentication service format. After re-login, operations should work normally.

==Rollback (If needed)==
'''After rollback:'''

*Traffic routes back to the old authentication service.
*Old auth pods are already running, so old auth pod restart is not required.
*Tokens created by the new authentication service become invalid.
*Dependent services must be restarted again so they obtain tokens from the old authentication service.
*Users and agents must log in again.

===Step 1: Switch the <code>gauth</code> Chart Back to Old Auth===
Update the <code>gauth</code> chart values:<source lang="text">services:
useNewAuth: false
</source>Deploy the <code>gauth</code> chart:<source lang="text">helm upgrade --install gauth ./gauth-<version>.tgz \
-f <your-values-file>.yaml \
-n gauth \
--wait \
--timeout 600s
</source>Verify that <code>/auth/</code> routes back to the old authentication service:<source lang="text">kubectl get ingress -n gauth -o yaml | grep -A5 "path: /auth/"
</source>Expected backend:<source lang="text">path: /auth/
pathType: ImplementationSpecific
backend:
 service:
 name: gauth-auth-<release>
 port:
 number: 8080
</source>For dedicated external authentication, verify:<source lang="text">kubectl get ingress -n gauth -o yaml | grep -A5 "path: /auth/v3/oauth/token"
</source>Expected backend:<source lang="text">path: /auth/v3/oauth/token
pathType: ImplementationSpecific
backend:
 service:
 name: gauth-auth-ext-<release>
 port:
 number: 8080
</source>

===Step 2: Switch the <code>gauth-infra-bg</code> Chart Back to Old Auth, '''If Used'''===
Update the <code>gauth-infra-bg</code> chart values:<source lang="text">active:
useNewAuth: false
</source>If external authentication was enabled only for the new authentication service and must also be switched back, update the external authentication value as required by your deployment.

Deploy the <code>gauth-infra-bg</code> chart:<source lang="text">helm upgrade --install gauth-infra ./gauth-infra-bg-<version>.tgz \
-f <your-infra-values-file>.yaml \
-n gauth \
--wait
</source>

Verify that <code>/auth/</code> routes back to the old authentication service:<source lang="text">kubectl get ingress -n gauth -l service=gauth-infra-bg -o yaml | grep -A5 "path: /auth/"
</source>

Expected backend:<source lang="text">path: /auth/
pathType: ImplementationSpecific
backend:
 service:
 name: gauth-auth-<infra-release>-active
 port:
 number: 80
</source>

For dedicated external authentication, verify:<source lang="text">kubectl get ingress -n gauth -l service=gauth-infra-bg -o yaml | grep -A5 "path: /auth/v3/oauth/token"
</source>

Expected backend:<source lang="text">path: /auth/v3/oauth/token
pathType: ImplementationSpecific
backend:
 service:
 name: gauth-auth-ext-<infra-release>-active
 port:
 number: 80
</source>

===Step 3: Restart Applicable Services After Rollback===
Restart dependent services again after rollback.

This is required because services may hold tokens created by the new authentication service, and those tokens cannot be validated by the old authentication service.

Example commands:<source lang="text">kubectl rollout restart deployment gws-service-configuration -n gws
kubectl rollout restart deployment gws-app-provisioning -n gws
</source>Restart any other applicable services listed in the {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Deploy|anchor=Restart_Applicable_Services|display text=Restart Applicable Services}} section.

===Step 4: Validate Rollback===
Call the token endpoint through the external ingress URL:<source lang="text">curl -X POST https://<gauth-external-ingress-host>/auth/v3/oauth/token \
 -d "grant_type=client_credentials&client_id=<id>&client_secret=<secret>"
</source>Expected response:<source lang="text">{
 "access_token": "...",
 "token_type": "...",
 "expires_in": ...
}
</source>Call the token endpoint through the internal ingress URL:<source lang="text">curl -X POST https://<gauth-internal-ingress-host>/auth/v3/oauth/token \
 -d "grant_type=client_credentials&client_id=<id>&client_secret=<secret>"
</source>Expected response:<source lang="text">{
 "access_token": "...",
 "token_type": "...",
 "expires_in": ...
}
</source>

==Troubleshooting==

===Ingress Still Points to Old Auth After Cutover===
If ingress still points to <code>gauth-auth-<release></code> or <code>gauth-auth-ext-<release></code>, the cutover did not take effect.

Check:

*<code>services.useNewAuth</code> is set to <code>true</code>
*<code>active.useNewAuth</code> is set to <code>true</code>, if using <code>gauth-infra-bg</code>
*Helm upgrade completed successfully
*The correct values file was used
*Ingress was updated after deployment

===Token Requests Fail After Cutover===
Check:

*Client migration completed successfully
*Client ID and client secret are valid
*Token request is reaching the new authentication service
*Dependent services were restarted
*Users have logged out and logged back in

===Operations Fail for Logged-In Users After Cutover===
Existing user sessions are not automatically terminated, but operations may fail because old tokens are incompatible with the new authentication service.

Resolution:

*Ask affected users to log out and log back in.
*Restart dependent services that cache service tokens.

===Token Requests Fail After Rollback===
After rollback, tokens created by the new authentication service are invalid for the old authentication service.

Resolution:

*Restart dependent services again.
*Ask users and agents to log out and log back in.
*Verify ingress routes back to the old authentication service.
|Status=No
}}
}}

RN/AuthenticationService/100.0.001.0194

2026-05-25T15:00:57Z

WikiSysop: Created page with "{{ComponentRN |ComponentId=1bff5e74-a889-4bb8-b75a-8d721f63766e |JQL=issue in(AUTH-2273) |DeploymentTypeId=8b480b3c-2733-433a-9166-eab2c2d0663a |ReleaseDate=2026-05-19 |Privat..."

{{ComponentRN
|ComponentId=1bff5e74-a889-4bb8-b75a-8d721f63766e
|JQL=issue in(AUTH-2273)
|DeploymentTypeId=8b480b3c-2733-433a-9166-eab2c2d0663a
|ReleaseDate=2026-05-19
|PrivateEditionReleaseDate=2026-05-19
|Highlight=Contains new Genesys Authentication Service (gauth-service-authentication), Spring Security modernization, SAML 2.0 upgrade, resolved issue and security fixes.
|Containers=*gws-service-authentication: 100.0.001.0193
*gws-core-environment: 100.0.018.2294
*gws-ui-auth: 100.0.018.1686
*gauth-100.0.101+0258.tgz
*gauth-infra-bg-100.0.101+36.tgz
}}
{{Issue
|TicketNumber=AUTH-2273
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Added new service names gauth-service-authentication as a replacement for the legacy gauth-core. Following are the major changes introduced as part of gauth-service-authentication.

*OAuth2 implementation is migrated to Spring Security 6.4.x OAuth2 modules from deprecated Spring Security OAuth2 (2.5.2.RELEASE).
*Upgrade SAML 2.0 to Spring Security built-in SAML2 Service Provider replacing deprecated Spring Security SAML (1.0.10.RELEASE)
*Resolved multiple Spring framework security vulnerabilities.
}}
{{Issue
|TicketNumber=GAPI-39778
|IssueCategoryId=c749afa5-fd21-49e4-83d4-0e6ebd8ed618
|LocalContent=In GAuth Env Service, upgraded Spring Boot to 3.5.12, Gradle to 7.6.4, and Netty to 4.1.132 to address security vulnerabilities and dependency updates.
}}
{{Issue
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Deployment and '''cutover''' of new auth-service-authentication.
|SupportingDocumentation=https://all.docs-qa.genesys.com/Draft:AUTH/Current/AuthPEGuide/Deploy#Genesys_Service_Authentication_Cut_Over_Guide
}}
{{Issue
|IssueCategoryId=7677e764-86f7-44e3-92bc-f13b59c71260
|LocalContent=The new gauth-service-authentication '''100.0.001.0193''' does not currently support JWT access token format
}}

Draft:RN/AuthenticationService/100.0.001.0193

2026-05-25T15:00:50Z

WikiSysop: Redirected page to Draft:RN/AuthenticationService/100.0.001.0194

#REDIRECT [[Draft:RN/AuthenticationService/100.0.001.0194]]

RN/GenesysWeb Services and Applications/9.0.003.49

2026-05-24T10:31:01Z

WikiSysop: Created page with "{{ComponentRN |ComponentId=d8ae146d-0abb-4c7e-8a14-3be0a382a3d5 |JQL=issue in (GAPI-39761, GAPI-39752, GAPI-39431, GAPI-39430, GAPI-39276, GAPI-39795, GAPI-39794, GAPI-39551)..."

{{ComponentRN
|ComponentId=d8ae146d-0abb-4c7e-8a14-3be0a382a3d5
|JQL=issue in (GAPI-39761, GAPI-39752, GAPI-39431, GAPI-39430, GAPI-39276, GAPI-39795, GAPI-39794, GAPI-39551)
|DeploymentTypeId=8b480b3c-2733-433a-9166-eab2c2d0663a
|ReleaseDate=2026-05-20
|PrivateEditionReleaseDate=2026-05-20
|Highlight=Contains new features, Security updates and resolved issues.
|Containers=*gws-app-provisioning:9.0.001.22
*gws-app-workspace:9.0.001.18
*gws-platform-chat:9.0.000.69
*gws-platform-configuration:9.0.001.06
*gws-platform-datacollector:9.0.000.76
*gws-platform-ixn:9.0.000.68
*gws-platform-ocs:9.0.000.71
*gws-platform-setting:9.0.000.76
*gws-platform-statistics:9.0.000.86
*gws-platform-ucs:9.0.000.67
*gws-platform-voice:9.0.000.91
*gws-service-configuration:9.0.000.12
*gws-services-2.0.2.tgz
*gws-monitoring-1.0.24.tgz
*gws-ingress-1.0.46.tgz
}}
{{Issue
|TicketNumber=GAPI-39794
|IssueCategoryId=5c483167-c133-4dc5-87c0-bd2719670bc1
|LocalContent=Added support for Prometheus v3, including proper Content-Type handling for metrics scraping
}}
{{Issue
|TicketNumber=GAPI-39761
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=GWS Data Collector service has been upgraded from Elasticsearch REST High Level Client 7.x to Elasticsearch Java API Client 8.x. Data collector service now supports both ES8 and ES9 versions of Elasticsearch.
}}
{{Issue
|TicketNumber=GAPI-39752
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=GWS9 - Update to Spring-Boot 3.5 and JDK21 Support
}}
{{Issue
|TicketNumber=GAPI-39431
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Upgrade gws workspace service to node22
}}
{{Issue
|TicketNumber=GAPI-39430
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Upgrade gws provisioning service to node 22
}}
{{Issue
|TicketNumber=GAPI-39276
|IssueCategoryId=c749afa5-fd21-49e4-83d4-0e6ebd8ed618
|LocalContent=Security patches and vulnerability fixes for system and application libraries.
}}
{{Issue
|TicketNumber=GAPI-39551
|IssueCategoryId=5c483167-c133-4dc5-87c0-bd2719670bc1
|LocalContent=Previously, Agents couldn’t log in a voice channel in WWE if SIP Cluster configuration had non-existing SIP node in the list of SIP Cluster nodes. Now, GWS filters non-existing SIP Cluster Nodes and allows Agents to log in the voice channel.
}}

Draft:RN/GenesysWeb Services and Applications/9.0.003.48

2026-05-24T10:01:02Z

WikiSysop: Redirected page to Draft:RN/GenesysWeb Services and Applications/9.0.003.49

#REDIRECT [[Draft:RN/GenesysWeb Services and Applications/9.0.003.49]]

Draft:RN/GenesysWeb Services and Applications/9.0.003.47

2026-05-24T10:01:00Z

WikiSysop: Changed redirect target from Draft:RN/GenesysWeb Services and Applications/9.0.003.48 to Draft:RN/GenesysWeb Services and Applications/9.0.003.49

#REDIRECT [[Draft:RN/GenesysWeb Services and Applications/9.0.003.49]]

GWS/Current/GWSPEGuide/Configure

2026-05-22T13:01:02Z

WikiSysop:

{{Article
|Standalone=No
|DisplayName=Configure GWS Services
|TocName=Configure GWS Services
|Context=Learn how to configure GWS Services.
|ComingSoon=No
|Section={{Section
|sectionHeading=Create API clients
|anchor=api
|alignment=Vertical
|structuredtext=Use the Genesys Authentication operations API to {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Provision|anchor=CreateAPI|display text=create API clients}} for GWS services. Refer to the '''API clients''' table for the '''name''' and '''client_id''' values you must use in the API request. Make note of '''encrypted_client_secret''' in the responses - you need this value to set the related parameter in {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=override|display text=Override Helm chart values}}.
{{{!}} class="wikitable"
{{!}}+API clients
!Service
!name
!client_id
!Helm chart parameter
{{!}}-
{{!}}GWS Provisioning Service
{{!}}gws-app-provisioning
{{!}}gws-app-provisioning
{{!}}secrets.gws-app-provisioning-client-secret
{{!}}-
{{!}}GWS Workspace Service
{{!}}gws-app-workspace
{{!}}gws-app-workspace
{{!}}secrets.gws-app-workspace-client-secret
{{!}}-
{{!}}GWS Chat Service
{{!}}gws-platform-chat
{{!}}gws-platform-chat
{{!}}secrets.gws-platform-chat-client-secret
{{!}}-
{{!}}GWS Configuration Service
{{!}}gws-platform-configuration
{{!}}gws-platform-configuration
{{!}}secrets.gws-platform-configuration-client-secret
{{!}}-
{{!}}GWS Data Collector Service
{{!}}gws-platform-datacollector
{{!}}gws-platform-datacollector
{{!}}secrets.gws-platform-datacollector-client-secret
{{!}}-
{{!}}GWS Interaction Service
{{!}}gws-platform-ixn
{{!}}gws-platform-ixn
{{!}}secrets.gws-platform-ixn-client-secret
{{!}}-
{{!}}GWS OCS Service
{{!}}gws-platform-ocs
{{!}}gws-platform-ocs
{{!}}secrets.gws-platform-ocs-client-secret
{{!}}-
{{!}}GWS Setting Service
{{!}}gws-platform-setting
{{!}}gws-platform-setting
{{!}}secrets.gws-platform-setting-client-secret
{{!}}-
{{!}}GWS Statistics Service
{{!}}gws-platform-statistics
{{!}}gws-platform-statistics
{{!}}secrets.gws-platform-statistics-client-secret
{{!}}-
{{!}}GWS UCS Service
{{!}}gws-platform-ucs
{{!}}gws-platform-ucs
{{!}}secrets.gws-platform-ucs-client-secret
{{!}}-
{{!}}GWS Voice Service
{{!}}gws-platform-voice
{{!}}gws-platform-voice
{{!}}secrets.gws-platform-voice-client-secret
{{!}}}
|Status=No
}}{{Section
|sectionHeading=Configure a secret to access JFrog
|anchor=Secret
|alignment=Vertical
|structuredtext=If you haven't done so already, create a secret for accessing the JFrog registry:
<source lang="text">kubectl create secret docker-registry <credential-name> --docker-server=<docker repo> --docker-username=<username> --docker-password=<password> --docker-email=<emailid></source>

Now map the secret to the default service account:
<source lang="text">kubectl secrets link default <credential-name> --for=pull</source>
|Status=No
}}{{Section
|sectionHeading=Override Helm chart values
|anchor=override
|alignment=Vertical
|structuredtext=You can specify parameters for the deployment by overriding Helm chart values in the '''values.yaml''' file. See the tables below for a full list of overridable values available for each container in GWS services.

For more information about how to override Helm chart values, see {{SuiteLevelLink|helmoverride}}.

{{AnchorDiv|globalP}}
===Global parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}podLabels
{{!}}Custom labels for each pod.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}podAnnotations
{{!}}Custom annotations for each pod.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}{{AnchorDiv|imageGlobals.registry}}imageGlobals.registry
{{!}}The Docker registry from which Kubernetes pulls images.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}imageGlobals.pullPolicy
{{!}}Specifies when Kubernetes pulls images from the registry on start up.
{{!}}IfNotPresent or Always
{{!}}"Always"
{{!}}-
{{!}}imageGlobals.imagePullSecrets
{{!}}The secret Kubernetes uses to get credentials to pull images from the registry.
{{!}}A valid secret
{{!}}[]
{{!}}-
{{!}}deploymentGlobals.deploymentTag
{{!}}A suffix for the names of Kubernetes objects created by the Helm chart.
{{!}}Any lowercase alphanumeric value up to 8 characters long.
{{!}}"live"
{{!}}-
{{!}}deploymentGlobals.strategy
{{!}}The strategy GWS uses to upgrade its containers.
{{!}}RollingUpdate or Recreate
{{!}}"RollingUpdate"
{{!}}-
{{!}}deploymentGlobals.location
{{!}}Location of the deployment.
{{!}}A valid location
{{!}}"/USW1"
{{!}}-
{{!}}deploymentGlobals.securityContext.runAsNonRoot
{{!}}Specifies whether the container must run as a non-root user.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}deploymentGlobals.securityContext.runAsUser
{{!}}The user ID to run the entry point of the container process.
{{!}}A valid user ID or null
{{!}}500
{{!}}-
{{!}}deploymentGlobals.securityContext.runAsGroup
{{!}}The group ID to run the entry point of the container process.
{{!}}A valid group ID or null
{{!}}500
{{!}}-
{{!}}deploymentGlobals.securityContext.fsGroup
{{!}}A supplemental group ID that applies to all containers in a pod.
{{!}}A valid group ID or null
{{!}}500
{{!}}-
{{!}}serviceGlobals.type
{{!}}The service type for all services.
{{!}}ClusterIP, NodePort, or LoadBalancer
{{!}}"ClusterIP"
{{!}}-
{{!}}serviceGlobals.labels
{{!}}Custom labels to be added for all services.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}serviceGlobals.annotations
{{!}}Custom annotations to be added for all services.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}-
{{!}}nodeSelector
{{!}}The labels Kubernetes uses to assign pods to nodes.
{{!}}Valid nodeSelector settings. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector Kubernetes documentation] for details.
{{!}}{}
{{!}}-
{{!}}tolerations
{{!}}The tolerations Kubernetes uses for advanced pod scheduling.
{{!}}Valid tolerations settings. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ Kubernetes documentation] for details.
{{!}}{}
{{!}}-
{{!}}dnsConfig
{{!}}The DNS configuration for pods.
{{!}}Valid DNS configuration settings. See the [https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ Kubernetes documentation] for details.
{{!}}{}
{{!}}-
{{!}}topologySpreadConstraints
{{!}}In Kubernetes, topology spread constraints are used to control how Pods are spread across the cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains. This helps to achieve high-availability as well as efficient resource utilization.
{{!}}Valid topology spread constraints settings. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ Kubernetes documentation] for details.
{{!}}{}
{{!}}}{{AnchorDiv|provisioningP}}
===GWS Provisioning Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-app-provisioning"
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"nodejs"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsAppProvisioning.image.registry}}gwsServices.gwsAppProvisioning.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-app-provisioning"
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"5Gi"
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"5Gi"
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.postgres.address
{{!}}The fully qualified domain name or IP of the PostgreSQL server for gws-app-provisioning.
{{!}}A valid address
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.postgres.port
{{!}}The port of the PostgreSQL server for gws-app-provisioning.
{{!}}A valid port
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.postgres.db
{{!}}The name of the PostgreSQL database for gws-app-provisioning.
{{!}}A valid database name
{{!}}""
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsAppProvisioning.postgres.enableTls}}gwsServices.gwsAppProvisioning.postgres.enableTls
{{!}}Enable or disable a TLS connection to PostgreSQL for gws-app-provisioning. If true, you must configure the '''secretsTls.postgresprovisioning.''' parameters. See {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=ConfigureTLS}} for details.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48060
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48061
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.context.env.GWS_SERVICE_AUTH_URL
{{!}}'''DEPRECATED''' - Use {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=gauth.authUrl|display text=gauth.authUrl}} instead.

The internal service URI of the Genesys Authentication service. For example: <nowiki>http://gauth-auth.gauth.svc.cluster.local.:80</nowiki>

'''NOTE''': '''For New Auth Service''', the Example URL is <nowiki>http://gauth-service-authentication.gauth.svc.cluster.local.:80</nowiki>
{{!}}A valid URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.context.env.GWS_SERVICE_CONF_URL
{{!}}The internal service URI of the configuration service (part of GWS). For example: <nowiki>http://gws-service-proxy.gws.svc.cluster.local:80</nowiki>
{{!}}A valid URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.context.env.GWS_SERVICE_ENV_URL
{{!}}'''DEPRECATED''' - Use {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=gauth.envUrl|display text=gauth.envUrl}} instead.

The internal service URI of the environment service (part of Genesys Authentication). For example: <nowiki>http://gauth-environment.gauth.svc.cluster.local.:80</nowiki>
{{!}}A valid URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.context.env.GWS_SERVICE_VOICEMAIL_URL
{{!}}The URL of the voicemail server.
{{!}}A valid URL
{{!}}""
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsAppProvisioning.service.ports.server}}gwsServices.gwsAppProvisioning.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsAppProvisioning.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.AppProvisioning.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|workspaceP}}
===GWS Workspace Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-app-workspace"
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"nodejs"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsAppWorkspace.image.registry}}gwsServices.gwsAppWorkspace.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-app-workspace"
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"5Gi"
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"5Gi"
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48050
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48051
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.context.env.GWS_WORKSPACE_CONSUL_CACHE_TTL
{{!}}The length of time, in milliseconds, that the GWS Workspace Service keeps service locations in cache locally.
{{!}}Number
{{!}}60000
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.context.env.GWS_WORKSPACE_ENABLE_CHANGE_PASSWORD
{{!}}Specifies whether the GWS Workspace Service allows the change password functionality.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.context.env.GWS_WORKSPACE_MEMORY_CACHE_ENABLED
{{!}}Specifies whether the GWS Workspace Service should cache configuration data (such as agent groups) in memory.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gws-app-workspace.context.env.GWS_SECURE_COOKIE}}gwsServices.gws-app-workspace.context.env.GWS_SECURE_COOKIE
{{!}}Specifies whether the Workspace Service returns cookies with the Secure flag. Set this value to true if you configure GWS ingress to use TLS (see {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Planning|anchor=Network|display text=Network requirements}} for configuration details).
{{!}}true or false
{{!}}false
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.context.env.GWS_SERVICE_AUTH_URL
{{!}}'''DEPRECATED''' - Use {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=gauth.authUrl|display text=gauth.authUrl}} instead.

The internal service URI of the Genesys Authentication service. For example: <nowiki>http://gauth-auth.gauth.svc.cluster.local.:80</nowiki>

'''NOTE''': '''For New Auth Service''', the Example URL is <nowiki>http://gauth-service-authentication.gauth.svc.cluster.local.:80</nowiki>
{{!}}A valid URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.context.env.GWS_SERVICE_ENV_URL
{{!}}'''DEPRECATED''' - Use {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=gauth.envUrl|display text=gauth.envUrl}} instead.

The internal service URI of the environment service (part of Genesys Authentication). For example: <nowiki>http://gauth-environment.gauth.svc.cluster.local.:80</nowiki>

'''NOTE:''' For New Auth Service, the Example URL is <nowiki>http://gauth-service-authentication.gauth.svc.cluster.local.:80</nowiki>
{{!}}A valid URL
{{!}}""
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsAppWorkspace.service.ports.server}}gwsServices.gwsAppWorkspace.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsAppWorkspace.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|chatP}}
===GWS Chat Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsPlatformChat.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-platform-chat"
{{!}}-
{{!}}gwsServices.gwsPlatformChat.enabled
{{!}}Enables the component deployment.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}gwsServices.gwsPlatformChat.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"java"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformChat.image.registry}}gwsServices.gwsPlatformChat.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformChat.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-platform-chat"
{{!}}-
{{!}}gwsServices.gwsPlatformChat.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformChat.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsPlatformChat.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsPlatformChat.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformChat.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformChat.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformChat.consul.enabled
{{!}}Enables Consul registration for the component.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformChat.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48150
{{!}}-
{{!}}gwsServices.gwsPlatformChat.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48151
{{!}}-
{{!}}gwsServices.gwsPlatformChat.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformChat.context.env
{{!}}Environment variables for this container.
{{!}}
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformChat.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformChat.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsPlatformChat.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformChat.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsPlatformChat.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsPlatformChat.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsPlatformChat.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsPlatformChat.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsPlatformChat.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformChat.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|configurationP}}
===GWS Configuration Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-platform-configuration"
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"java"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformConfiguration.image.registry}}gwsServices.gwsPlatformConfiguration.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-platform-configuration"
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48030
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48031
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformConfiguration.service.ports.server}}gwsServices.gwsPlatformConfiguration.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformConfiguration.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gws-platform-configuration.context.env.GWS_CS_CLUSTER_SUPPORT}}gwsServices.gws-platform-configuration.context.env.GWS_CS_CLUSTER_SUPPORT
{{!}}Specifies Configuration Server cluster support.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gws-platform-configuration.context.env.GWS_CONFIGURATION_common_discovery_tenants}}gwsServices.gws-platform-configuration.context.env.GWS_CONFIGURATION_common_discovery_tenants
{{!}}Enable or disable Tenant discovery from Consul.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}gwsServices.gws-platform-configuration.context.env.GWS_CONFIGURATION_common_discovery_ixn_intercept
{{!}}Enable or disable multi-region support. To enable multi-region support, you must also set {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=gwsServices.gws-platform-configuration.context.env.GWS_CONFIGURATION_common_discovery_tenants|display text=gwsServices.gws-platform-configuration.context.env.GWS_CONFIGURATION_common_discovery_tenants}} to true.
{{!}}true or false
{{!}}true
{{!}}}{{AnchorDiv|dataP}}
===GWS Data Collector Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-platform-datacollector"
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"java"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformDatacollector.image.registry}}gwsServices.gwsPlatformDatacollector.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-platform-datacollector"
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"5Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48180
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48181
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.context.env.gws_datacollector_services_datacollector_distribution_enabled
{{!}}Enables task distribution for the data collector.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.context.env.GWS_DATACOLLECTOR_SERVICES_DATACOLLECTOR_REINDEX_ENABLED
{{!}}Enables background service for reindexing data.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.context.env.gws_datacollector_services_datacollector_reindex_onStart
{{!}}Specifies whether to perform a reindex on start.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.context.env.GWS_DATACOLLECTOR_SERVICES_DATACOLLECTOR_REINDEX_PERIOD
{{!}}The period in minutes between scheduled reindex attempts.
{{!}}A time in minutes
{{!}}30
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.context.env.GWS_DATACOLLECTOR_SERVICES_DATACOLLECTOR_STATISTICS_ENABLED
{{!}}Enables statistics monitoring.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.context.env.GWS_DATACOLLECTOR_services_datacollector_statistics_period
{{!}}Period in minutes between statistics checks.
{{!}}A time in minutes
{{!}}5
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformDatacollector.service.ports.server}}gwsServices.gwsPlatformDatacollector.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformDatacollector.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|interactionP}}
===GWS Interaction Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-platform-ixn"
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"java"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformIxn.image.registry}}gwsServices.gwsPlatformIxn.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-platform-ixn"
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48170
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48171
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.context.env
{{!}}Environment variables for this container.
{{!}}
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformIxn.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|ocsP}}
===GWS OCS Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-platform-ocs"
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"java"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformOcs.image.registry}}gwsServices.gwsPlatformOcs.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-platform-ocs"
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48090
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48091
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.context.env.GWS_OCS_timeouts_requestTimeoutMs
{{!}}Specifies the timeout, in milliseconds, for the GWS OCS Service to connect to OCS.
{{!}}A time in milliseconds
{{!}}5000
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformOcs.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|settingP}}
===GWS Setting Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-platform-setting"
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"java"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformSetting.image.registry}}gwsServices.gwsPlatformSetting.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-platform-setting"
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48140
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48141
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.context.env.GWS_SETTING_DB_INIT_DB
{{!}}Enables database initialization in PostgreSQL. Set this parameter to true in regions with the primary PostgreSQL server and false in regions with PostgreSQL replicas.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformSetting.service.ports.server}}gwsServices.gwsPlatformSetting.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformSetting.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|statisticsP}}
===GWS Statistics Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-platform-statistics"
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"java"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformStatistics.image.registry}}gwsServices.gwsPlatformStatistics.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-platform-statistics"
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48070
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48071
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.context.env
{{!}}Environment variables for this container.
{{!}}
{{!}}{}
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformStatistics.service.ports.server}}gwsServices.gwsPlatformStatistics.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformStatistics.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|ucsP}}
===GWS UCS Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-platform-ucs"
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.enabled
{{!}}Enables the component deployment.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"java"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformUcs.image.registry}}gwsServices.gwsPlatformUcs.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-platform-ucs"
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.consul.enabled
{{!}}Enables Consul registration for the component.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48080
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48081
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.context.env
{{!}}Environment variables for this container.
{{!}}
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformUcs.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}
{{AnchorDiv|voiceP}}
===GWS Voice Service parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-platform-voice"
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"java"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformVoice.image.registry}}gwsServices.gwsPlatformVoice.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.clientId
{{!}}The ID of an encrypted client secret generated by {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|display text=Genesys Authentication}} for this component.
{{!}}A valid ID
{{!}}"gws-platform-voice"
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}4
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"4Gi"
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}48040
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}48041
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.context.loggingLevel
{{!}}Specifies the logging level for this container.
{{!}}ERROR, WARN, INFO, DEBUG, or TRACE
{{!}}""
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.context.env
{{!}}Environment variables for this container.
{{!}}
{{!}}{}
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsPlatformVoice.service.ports.server}}gwsServices.gwsPlatformVoice.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsPlatformVoice.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|gplusP}}
===Gplus Adapter for Salesforce parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-ui-crmworkspace"
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"frontend"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsUiCrmworkspace.image.registry}}gwsServices.gwsUiCrmworkspace.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"0.5Gi"
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}0.1
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"0.5Gi"
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}50070
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}50070
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.context.env
{{!}}Environment variables for this container.
{{!}}
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsUiCrmworkspace.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|agentP}}
===Agent Setup parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.name
{{!}}The name of the container deployment.
{{!}}String
{{!}}"gws-ui-provisioning"
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.appType
{{!}}The type of application in this container.
{{!}}nodejs, java, or frontend
{{!}}"frontend"
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsUiProvisioning.image.registry}}gwsServices.gwsUiProvisioning.image.registry
{{!}}The Docker registry from which Kubernetes pulls images. If set, this parameter overrides {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=imageGlobals.registry|display text=imageGlobals.registry}}.
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.livenessProbe.enable
{{!}}Specifies whether to do a Kubernetes liveness probe to test if the container is running.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.livenessProbe.failureThreshold
{{!}}Minimum consecutive failures for the probe to be considered failed after having succeeded.
{{!}}1 or greater
{{!}}3
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.livenessProbe.successThreshold
{{!}}Minimum consecutive successes for the probe to be considered successful after having failed. The default is 1, which is required for liveness and startup.
{{!}}1 or greater
{{!}}1
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.livenessProbe.initialDelaySeconds
{{!}}Number of seconds after the container has started before liveness probes are initiated.
{{!}}Number
{{!}}120
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.livenessProbe.periodSeconds
{{!}}How often (in seconds) to perform the probe.
{{!}}1 or greater
{{!}}30
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.livenessProbe.timeoutSeconds
{{!}}Number of seconds after which the probe times out.
{{!}}1 or greater
{{!}}10
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.deployment.replicaCount
{{!}}The number of pod replicas in this container deployment.
{{!}}A number greater than 0
{{!}}2
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.resources.limits.cpu
{{!}}The maximum amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}1
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.resources.limits.memory
{{!}}The maximum amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"0.5Gi"
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.resources.requests.cpu
{{!}}The guaranteed amount of CPU Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of Kubernetes CPU
{{!}}0.1
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.resources.requests.memory
{{!}}The guaranteed amount of memory Kubernetes allocates for the container. See the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Kubernetes documentation] for details.
{{!}}Units of bytes
{{!}}"0.5Gi"
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.context.ports.server
{{!}}The port for this container.
{{!}}A valid port
{{!}}50040
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.context.ports.management
{{!}}The management port for this container.
{{!}}A valid port
{{!}}50040
{{!}}-
{{!}}{{AnchorDiv|gwsServices.gwsUiProvisioning.service.ports.server}}gwsServices.gwsUiProvisioning.service.ports.server
{{!}}The port for this server.
{{!}}A valid port
{{!}}80
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.service.ports.management
{{!}}The management port for this server.
{{!}}A valid port
{{!}}81
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.labels
{{!}}Custom labels to be added for the container.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}gwsServices.gwsUiProvisioning.annotations
{{!}}Custom annotations to be added for the container.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}}{{AnchorDiv|genesysP}}
===Genesys services parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}{{AnchorDiv|gauth.authUrl}}gauth.authUrl
{{!}}The URL of the Authentication Service (part of {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Configure|display text=Genesys Authentication}}). For example: <nowiki>http://gauth-auth.gauth.svc.cluster.local.:80</nowiki>
'''NOTE''': '''For New Auth Service''', the Example URL is <nowiki>http://gauth-service-authentication.gauth.svc.cluster.local.:80</nowiki>

'''NOTE''': If a value is set for context.env.GWS_SERVICE_AUTH_URL, it overrides this parameter.
{{!}}A valid URL
{{!}}""
{{!}}-
{{!}}{{AnchorDiv|gauth.envUrl}}gauth.envUrl
{{!}}The URL of the Environment Service (part of {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Configure|display text=Genesys Authentication}}). For example: <nowiki>http://gauth-environment.gauth.svc.cluster.local.:80</nowiki> If a value is set for context.env.GWS_SERVICE_ENV_URL, it overrides this parameter.
{{!}}A valid URL
{{!}}""
{{!}}}{{AnchorDiv|thirdPartyP}}
===Third-party services parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}postgres.address
{{!}}The fully qualified domain name or IP of the PostgreSQL server.
{{!}}A valid address
{{!}}""
{{!}}-
{{!}}postgres.db
{{!}}The name of the PostgreSQL database.
{{!}}A valid database name
{{!}}""
{{!}}-
{{!}}{{AnchorDiv|postgres.enableTls}}postgres.enableTls
{{!}}Enable or disable a TLS connection to PostgreSQL. If true, you must configure the '''secretsTls.postgres.''' parameters. See {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=ConfigureTLS}} for details.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}elasticSearch.address
{{!}}The fully qualified domain name or IP of the Elasticsearch cluster.
{{!}}A valid address
{{!}}""
{{!}}-
{{!}}elasticSearch.port
{{!}}The Elasticsearch port.
{{!}}A valid port
{{!}}9200
{{!}}-
{{!}}{{AnchorDiv|elasticSearch.enableTls}}elasticSearch.enableTls
{{!}}Enable or disable TLS connection to the Elasticsearch cluster. If true, you must configure the '''secretsTls.elasticsearch.''' parameters. See {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=ConfigureTLS}} for details.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}{{AnchorDiv|elasticSearch.username}}elasticSearch.username
{{!}}The username for the Elasticsearch cluster. The password is set in {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=secrets.gws-elasticsearch-password|display text=secrets.gws-elasticsearch-password}}.
{{!}}A valid username
{{!}}""
{{!}}-
{{!}}redis.address
{{!}}The Redis cluster host name.
{{!}}A valid address
{{!}}""
{{!}}-
{{!}}redis.port
{{!}}The Redis port.
{{!}}A valid port
{{!}}6379
{{!}}-
{{!}}{{AnchorDiv|redis.enableTls}}redis.enableTls
{{!}}Enable or disable a TLS connection to the Redis cluster. If true, you must configure the '''secretsTls.redis.''' parameters. See {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=ConfigureTLS}} for details.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}redis.verifyPeer
{{!}}Enable or disable validation of the Redis certificate against the list of supplied Certificate Authorities.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}consul.port
{{!}}The port of the local Consul agent.
{{!}}A valid port
{{!}}8500
{{!}}-
{{!}}consul.kv_prefix
{{!}}The prefix used to locate GWS data in the Consul KV datastore.
{{!}}String
{{!}}"gws"
{{!}}-
{{!}}{{AnchorDiv|prometheus.metricServer.enabled}}prometheus.metricServer.enabled
{{!}}Enable annotation-based discovery to scrape metrics.
{{!}}true or false
{{!}}false
{{!}}}{{AnchorDiv|secretsP}}
===Secrets parameters===
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}secrets.gws-redis-password
{{!}}The password to access the Redis cluster.
{{!}}A valid password
{{!}}""
{{!}}-
{{!}}secrets.gws-consul-token
{{!}}The API token to access Consul.
{{!}}A valid API token
{{!}}""
{{!}}-
{{!}}secrets.gws-postgres-username
{{!}}The username to access the PostgreSQL database.
{{!}}A valid username
{{!}}""
{{!}}-
{{!}}secrets.gws-postgres-password
{{!}}The password to access the PostgreSQL database
{{!}}A valid password
{{!}}""
{{!}}-
{{!}}secrets.agentsetup-postgres-username
{{!}}The username to access the PostgreSQL database for gws-app-provisioning.
{{!}}A valid username
{{!}}""
{{!}}-
{{!}}secrets.agentsetup-postgres-password
{{!}}The password to access the PostgreSQL database for gws-app-provisioning.
{{!}}A valid password
{{!}}""
{{!}}-
{{!}}secrets.gws-app-provisioning-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-app-provisioning component. See {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=api|display text=Create API clients}}.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.gws-app-workspace-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-app-workspace component. See {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=api|display text=Create API clients}}.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.gws-platform-chat-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-platform-chat component. See {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=api|display text=Create API clients}}.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.gws-platform-configuration-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-platform-configuration component.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.gws-platform-datacollector-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-platform-datacollector component.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.gws-platform-ixn-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-platform-ixn component.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.gws-platform-ocs-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-platform-ocs component.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.gws-platform-setting-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-platform-setting component.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.gws-platform-statistics-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-platform-statistics component.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.gws-platform-ucs-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-platform-ucs component. See {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=api|display text=Create API clients}}.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.gws-platform-voice-client-secret
{{!}}The encrypted client secret generated by Genesys Authentication for the gws-platform-voice component.
{{!}}A valid client secret
{{!}}""
{{!}}-
{{!}}secrets.ops-username
{{!}}The username of an operational user.
{{!}}A valid username
{{!}}""
{{!}}-
{{!}}secrets.ops-password
{{!}}The encrypted password of the operational user.
{{!}}A valid password
{{!}}""
{{!}}-
{{!}}{{AnchorDiv|secrets.gws-elasticsearch-password}}secrets.gws-elasticsearch-password
{{!}}The password for the Elasticsearch cluster. The username is set in {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=elasticSearch.username|display text=elasticSearch.username}}.
{{!}}A valid password
{{!}}""
{{!}}}
|Status=No
}}{{Section
|sectionHeading=Create or update the versions file
|anchor=versions
|alignment=Vertical
|structuredtext=Create or update the '''versions.yaml''' file with the latest container versions for your deployment. See {{Link-AnywhereElse|product=ReleaseNotes|version=Current|manual=GenesysEngage-cloud|topic=GWSHelm|display text=Updated Helm Charts and Containers}} for Genesys Web Services and Applications for the full list of versions.

For example:<syntaxhighlight>
gws-app-provisioning: 9.0.000.93
gws-app-workspace: 9.0.000.90
gws-platform-configuration: 9.0.000.79
gws-platform-datacollector: 9.0.000.50
gws-platform-ixn: 9.0.000.43
gws-platform-ocs: 9.0.000.46
gws-platform-setting: 9.0.000.52
gws-platform-statistics: 9.0.000.61
gws-platform-voice: 9.0.000.66
gws-system-nginx: 9.0.000.16
gws-ui-crmworkspace: 9.0.000.62
gws-ui-provisioning: 9.0.000.84
</syntaxhighlight>
|Status=No
}}{{Section
|sectionHeading=Provision Consul-less Deployment
|anchor=Consul-less
|alignment=Vertical
|structuredtext=Following steps should be done to migrate to a Consul-less deployments:

#Update Web Services and Applications Deployment Manifests to the version <code class="_ca0qyh40 _u5f3m5ip _n3tdyh40 _19bvm5ip _2rko1sit _11c81u0j _1reo1wug _18m91wug _1dqoglyw _1e0c1nu9 _bfhktkvp _16d9qvcn _syaz1fxt _vwz41kw7 _1i4q1hna _o5721jtm" data-renderer-mark="true">9.0.000.59</code> (Helm chart <code class="_ca0qyh40 _u5f3m5ip _n3tdyh40 _19bvm5ip _2rko1sit _11c81u0j _1reo1wug _18m91wug _1dqoglyw _1e0c1nu9 _bfhktkvp _16d9qvcn _syaz1fxt _vwz41kw7 _1i4q1hna _o5721jtm" data-renderer-mark="true">gws-services:2.0.2</code>) or newer.
#Add new parameter<code class="_ca0qyh40 _u5f3m5ip _n3tdyh40 _19bvm5ip _2rko1sit _11c81u0j _1reo1wug _18m91wug _1dqoglyw _1e0c1nu9 _bfhktkvp _16d9qvcn _syaz1fxt _vwz41kw7 _1i4q1hna _o5721jtm" data-renderer-mark="true">deploymentGlobals.gwsInternalIngressURL</code> to the Helm parameters file of the deployment. The value must be full URL configured for GWS internal ingress. Example: <span data-code-lang="" data-ds--code--code-block="" class="prismjs _2rkoglpi _1dqoglyw _1wyb1crf _k48pi7a9 _1e0c1txw _vwz4gktf _1reo1wug _o572qvpr _1eimjvyg _bfhktkvp _syaz1fxt _ect41odn _1ozdn7od _7xinn7od _t7aun7od _1v15u2gc _ilvcu2gc _m29uu2gc _17wyu2gc _pn28u2gc _gz9fu2gc _1hmyegat _vblregat _vbulegat _wozj1yev _1agb1yev _lkm81yev _tv41hkgb _1hmimyb0 _1ra01n1a _1d4j1y44 _1f8gstnw _1pzyb3bt _j1w0ww7y _13cdh2mm _15ba126e _zvy9f705 _qcxof705 _14y71a66 _j0l11wug _1weckb7n _1na21hna _1xx2grf3 _x7c815vq _lh0y15vq _1m3815vq _qk1e15vq _12l6ysn8 _uga3ysn8 _mx8b7mnp _1kr87mnp _xo19t94y _1bemt94y _nalpstnw _151dstnw _1exb1q9c _1hgu1q9c _1mgnt94y _nhket94y _h909m7j4 _scgayz1z _ipl81e17 _jeky1l04 _1gec1a66 _1gx21e5h _1ls01ule _vm2c1rh5 _12ok1rh5 _rude1ule _1q16glyw _1io6glyw _juomusic _lcwuusic _1552u2gc _12afu2gc _28ddu2gc _1i8zu2gc _12tu1a66 _zu0j1a66 _euyxusvi _cahfusvi _zhnuidpf _1amdidpf _mbgcpf9b _bu7zpf9b _131n1giz _gy101giz _1wfuwrk5 _16kzwrk5 _9kk3moej _cjus1w1g _9k2r1m30 _nhmw1m30 _yl021m30 _eiht5x2v _t9zb5x2v _mqok1w1g _3hsg1w1g _i7ngn7od _9wu1fb2s _1xcoh55r _1t361fxt _137bh55r _1k7d1fxt _97lipnps _12nh9lu1 _1g0517qg _i2ig10m5 _326z1fxt _113p131l _1n6tpnps _tgu817qg _1k47pnps _g0lx1fxt _ys4e131l _7gp8h55r _1yvq10m5 _1vww10m5 _1rju10m5 _1v0lh55r _wmyy17qg _748n17qg _1mfn17qg _1d7e17qg _p2vr17qg _19o610m5 _kxov17qg _1np517qg _m2f517qg _1b9tpnps _1tq6pnps _1rd2pnps _1pbkpnps _k3lipnps _13zt131l _2g12fb2s _k86b10m5 _b5iy131l _gti3131l _1f0gpnps _9d3e17qg _qdiapnps _72uvpnps _13dgkb7n _170714ej _1i3h1txw _1huoidpf _1a9lidpf _20bqidpf _1oggidpf _bympidpf _9nnjidpf"><code class="language-"></code><code class="language-">deploymentGlobals: <span data-code-lang="" data-ds--code--code-block="" class="prismjs _2rkoglpi _1dqoglyw _1wyb1crf _k48pi7a9 _1e0c1txw _vwz4gktf _1reo1wug _o572qvpr _1eimjvyg _bfhktkvp _syaz1fxt _ect41odn _1ozdn7od _7xinn7od _t7aun7od _1v15u2gc _ilvcu2gc _m29uu2gc _17wyu2gc _pn28u2gc _gz9fu2gc _1hmyegat _vblregat _vbulegat _wozj1yev _1agb1yev _lkm81yev _tv41hkgb _1hmimyb0 _1ra01n1a _1d4j1y44 _1f8gstnw _1pzyb3bt _j1w0ww7y _13cdh2mm _15ba126e _zvy9f705 _qcxof705 _14y71a66 _j0l11wug _1weckb7n _1na21hna _1xx2grf3 _x7c815vq _lh0y15vq _1m3815vq _qk1e15vq _12l6ysn8 _uga3ysn8 _mx8b7mnp _1kr87mnp _xo19t94y _1bemt94y _nalpstnw _151dstnw _1exb1q9c _1hgu1q9c _1mgnt94y _nhket94y _h909m7j4 _scgayz1z _ipl81e17 _jeky1l04 _1gec1a66 _1gx21e5h _1ls01ule _vm2c1rh5 _12ok1rh5 _rude1ule _1q16glyw _1io6glyw _juomusic _lcwuusic _1552u2gc _12afu2gc _28ddu2gc _1i8zu2gc _12tu1a66 _zu0j1a66 _euyxusvi _cahfusvi _zhnuidpf _1amdidpf _mbgcpf9b _bu7zpf9b _131n1giz _gy101giz _1wfuwrk5 _16kzwrk5 _9kk3moej _cjus1w1g _9k2r1m30 _nhmw1m30 _yl021m30 _eiht5x2v _t9zb5x2v _mqok1w1g _3hsg1w1g _i7ngn7od _9wu1fb2s _1xcoh55r _1t361fxt _137bh55r _1k7d1fxt _97lipnps _12nh9lu1 _1g0517qg _i2ig10m5 _326z1fxt _113p131l _1n6tpnps _tgu817qg _1k47pnps _g0lx1fxt _ys4e131l _7gp8h55r _1yvq10m5 _1vww10m5 _1rju10m5 _1v0lh55r _wmyy17qg _748n17qg _1mfn17qg _1d7e17qg _p2vr17qg _19o610m5 _kxov17qg _1np517qg _m2f517qg _1b9tpnps _1tq6pnps _1rd2pnps _1pbkpnps _k3lipnps _13zt131l _2g12fb2s _k86b10m5 _b5iy131l _gti3131l _1f0gpnps _9d3e17qg _qdiapnps _72uvpnps _13dgkb7n _170714ej _1i3h1txw _1huoidpf _1a9lidpf _20bqidpf _1oggidpf _bympidpf _9nnjidpf"> gwsInternalIngressURL: http://<internal-ingress-fqdn>:<internal-ingress-port></code>
#Remove all Consul related parameters, including secrets, from the Helm parameter files.
|Status=No
}}{{Section
|sectionHeading=Configure Kubernetes
|anchor=kubernetes
|alignment=Vertical
|structuredtext=GWS services stores sensitive data, such as credentials for third-party services, as Kubernetes secrets. For details, see {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=secretsP|display text=Secrets parameters}} and {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=ConfigureTLS}}.
|Status=No
}}{{Section
|sectionHeading=Configure security
|anchor=security
|alignment=Vertical
|structuredtext=To learn more about how security is configured for private edition, be sure to read {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=Prerequisites|display text=Permissions}} and {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=ConfigSecurity}}.

The security context settings define the privilege and access control settings for pods and containers.

By default, the user and group IDs are set in the '''values.yaml''' file as <tt>500:500:500</tt>, meaning the '''genesys''' user.
<syntaxhighlight>
deploymentGlobals:
securityContext:
runAsUser: 500
runAsGroup: 500
fsGroup: 500
runAsNonRoot: true
</syntaxhighlight>

For details about these parameters and possible values, see '''deploymentGlobals.securityContext.*''' in the {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=globalP|display text=Global parameters}} table above.
|Status=No
}}{{Section
|sectionHeading=Pod priority
|anchor=priority
|alignment=Vertical
|structuredtext=You can configure pod priority by overriding the '''priorityClassName''' option for each of the GWS services components - see {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=override|display text=Override Helm chart values}}. For example:<syntaxhighlight>
gwsServices:
gwsPlatformConfiguration:
priorityClassName: genesysengage-high-priority
</syntaxhighlight>

Genesys recommends the following priority for GWS pods:

'''Critical priority pods'''

*gws-app-provisioning
*gws-app-workspace
*gws-platform-voice

'''High priority pods'''

*gws-platform-configuration
*gws-platform-datacollector
*gws-platform-ixn
*gws-platform-ocs
*gws-platform-setting
*gws-platform-statistics
*gws-system-nginx
*gws-ui-crmworkspace
*gws-ui-provisioning
|Status=No
}}{{Section
|sectionHeading=Next steps
|anchor=next
|alignment=Vertical
|structuredtext=*{{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Deploy}}
*{{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=ConfigureIngress}}
*{{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=DeployIngress}}
|Status=No
}}
|PEPageType=9c3ae89b-4f75-495b-85f8-d8c4afcb3f97
}}

AUTH/Current/AuthPEGuide/Deploy

2026-05-22T13:00:47Z

WikiSysop:

{{ArticlePEServiceDeploy
|ServiceId=6f7f1a8d-4e60-4b8d-a6f0-8cafdbdf0a3e
|IncludeAssumptions=Yes
|Section={{Section
|alignment=Vertical
|structuredtext={{NoteFormat|Make sure to review {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Planning}} for the full list of prerequisites required to deploy Genesys Authentication.|}}
|Status=No
}}{{Section
|sectionHeading=Prepare your environment
|anchor=Prepare
|alignment=Vertical
|structuredtext=To prepare your environment for the deployment, complete the steps in this section for Google Kubernetes Engine (GKE).

===GKE===
Log in to the GKE cluster from the host where you will run the deployment:
<syntaxhighlight>
gcloud container clusters get-credentials <cluster>
</syntaxhighlight>Create a new namespace for Genesys Authentication with a JSON file that specifies the namespace metadata. For example, '''create-gauth-namespace.json''': <syntaxhighlight>
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"name": "gauth",
"labels": {
"name": "gauth"
}
}
}
</syntaxhighlight>Execute the following command to create the namespace:<syntaxhighlight>
kubectl apply -f create-gauth-namespace.json
</syntaxhighlight>Confirm the namespace was created:<syntaxhighlight>
kubectl describe namespace gauth
</syntaxhighlight>
===AKS===
Log in to the AKS cluster from the host where you will run the deployment:
<syntaxhighlight>
az aks get-credentials --resource-group <resource-group> --name <cluster-name> --admin
</syntaxhighlight>Create a new namespace for Genesys Authentication with a JSON file that specifies the namespace metadata. For example, '''create-gauth-namespace.json''': <syntaxhighlight>
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"name": "gauth",
"labels": {
"name": "gauth"
}
}
}
</syntaxhighlight>Execute the following command to create the namespace:<syntaxhighlight>
kubectl apply -f create-gauth-namespace.json
</syntaxhighlight>Confirm the namespace was created:<syntaxhighlight>
kubectl describe namespace gauth
</syntaxhighlight>
|Status=No
}}{{Section
|sectionHeading=Deploy
|anchor=de
|alignment=Vertical
|structuredtext=To deploy Genesys Authentication, you'll need the Helm package and your overrides file. Copy '''values.yaml''' and the Helm package ('''gauth-<version>.tgz''') to the installation location.

===Additional Steps for deploying New Auth Service (gauth-service-authentication):===

#Use gauth Helm chart version >= 100.0.101+0258
#Helm chart default value for new auth service is 100.0.001.'''0192.''' Update this to latest new auth service version >= 100.0.001.'''0193''' in your values.yaml<source lang="text">gauth-service-authentication: 100.0.001.0193</source>
#For customers using gauth-infra-bg chart, Use gauth-infra-bg Helm chart version >= 100.0.101+36
#For customers using dedicated external auth pods, to deploy this new auth service as external auth pod, Update your values.yaml<source lang="text">services:
useNewAuth: false
service_auth:
externalAuth:
enabled: true # Deploy new auth ext pods</source>

For debugging purposes, use the following command to render templates without installing so you can check that resources are created properly:
helm template --debug /gauth-<version>.tgz -f values.yaml

The result shows Kubernetes descriptors. The values you see are generated from Helm templates, and based on settings from '''values.yaml'''. Ensure that no errors are displayed; you will later apply this configuration to your Kubernetes cluster.

Now you're ready to deploy Genesys Authentication:
helm install gauth ./gauth-<version>.tgz -f values.yaml -n gauth
 
|Status=No
}}{{Section
|sectionHeading=Configure external access
|anchor=access
|alignment=Vertical
|structuredtext=Follow the instructions for either GKE or AKS to make the Genesys Authentication services accessible from outside the cluster.

 

{{AnchorDiv|GKEingress}}
===Provision ingresses for GKE or AKS===
After deploying, make Genesys Authentication services accessible from outside the GKE or AKS cluster using the NGINX Ingress Controller.

Create a YAML file called '''gauth-ingress.yaml''' with the content below. '''Note:''' Replace '''gws.<domain>''' and '''gauth.<domain>''' with your GWS and Genesys Authentication domains, such as <code>gws.test.dev</code>.<syntaxhighlight>
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gauth-gws-ingress
namespace: gauth
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
# Custom annotations for NGINX Ingress Controller
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: gws.<domain> - e.g. gws.test.dev
http:
paths:
- path: /ui/auth/.*
backend:
serviceName: gauth-auth-ui
servicePort: 80
- path: /auth/.*
backend:
serviceName: gauth-auth
servicePort: 80
- path: /environment/.*
backend:
serviceName: gauth-environment
servicePort: 80
tls:
- hosts:
- gws.<domain> - e.g. gws.test.dev
secretName: gauth-gws-ingress-cert
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gauth-gauth-ingress
namespace: gauth
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
# Custom annotations for NGINX Ingress Controller
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: gauth.<domain> - e.g. gauth.test.dev
http:
paths:
- path: /ui/auth/.*
backend:
serviceName: gauth-auth-ui
servicePort: 80
- path: /auth/.*
backend:
serviceName: gauth-auth
servicePort: 80

- path: /environment/.*
backend:
serviceName: gauth-environment
servicePort: 80
tls:
- hosts:
- gauth.<domain> - e.g. gauth.test.dev
secretName: gauth-gauth-ingress-cert
</syntaxhighlight>Create ingresses with the following command:<syntaxhighlight>
kubectl apply -f gauth-ingress.yaml -n gws
</syntaxhighlight>

===Provision GWS services to access New Auth Service===
Refer {{Link-AnywhereElse|product=GWS|version=Current|manual=GWSPEGuide|topic=Configure|anchor=Genesys_services_parameters|display text=Configure GWS Services}}

===Provision New Auth Service to access GWS configuration service===
Refer the Parameter <code>services.service_auth.env.GWS_AUTH_common_configService</code> in {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Configure|anchor=Override_Helm_chart_values|display text=Override Helm chart values}}
|Status=No
}}{{Section
|sectionHeading=Validate the deployment
|alignment=Vertical
|structuredtext=Check the installed Helm release:
helm list
The results should show the Genesys Authentication deployment details. For example:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
gauth gauth 1 2021-05-20 11:56:32.5531685 +0530 +0530 deployed gauth-0.1.77 0.1
Check the '''gauth''' namespace status:
helm status gauth
The result should show the namespace details with a status of deployed:
NAME: gauth
LAST DEPLOYED: Thu May 20 11:56:32 2021
NAMESPACE: gauth
STATUS: deployed
REVISION: 1
TEST SUITE: None
Check the Genesys Authentication Kubernetes objects created by Helm:
kubectl get all -n gauth
The result should show all the created pods, service ConfigMaps, and so on.

'''Verify all new auth deployments are running:'''
kubectl get deployments -n gauth
Expected:<source lang="text">gauth-auth-<release> 2/2 # Already existing old auth pods
gauth-service-authentication-<release> 2/2 # New auth pods
gauth-environment-<release> 2/2
gauth-auth-ui-<release> 2/2</source>Customers using dedicated external auth pods, you will observe new auth external pods also deployed along with existing old auth external pods<source lang="text">gauth-auth-<release> 2/2
gauth-service-authentication-<release> 2/2
gauth-environment-<release> 2/2
gauth-auth-ui-<release> 2/2
gauth-auth-ext-<release> 2/2 # Already existing old auth external pods
gauth-service-auth-ext-<release> 2/2 # New auth external pods</source>Finally, verify that you can now access Genesys Authentication at the following URL: https://<hostname>/ui/auth/sign-in.html
|Status=No
}}{{Section
|sectionHeading=Genesys Service Authentication Cut Over Guide
|alignment=Vertical
|structuredtext===Overview==
Starting with <code>gauth</code> Helm chart version <code>100.0.101+0258</code> or later, the new authentication service <code>gws-service-authentication</code> is deployed alongside the existing authentication service <code>gauth-auth</code>. By default, traffic continues to route to the old authentication service.

The cutover switches authentication traffic from the old authentication service <code>gauth-auth</code> to the new authentication service <code>gws-service-authentication</code>.

'''Before cutover:'''

*Traffic routes to the old authentication service.
*Client data is copied from old database tables to new database tables.
*Existing authentication tokens remain in the old token format.

'''After cutover:'''

*<code>/auth</code> traffic routes to the new authentication service.
*New tokens are created in the new authentication token format.
*Existing tokens created by the old authentication service cannot be read by the new authentication service.
*Dependent services must be restarted, and users must re-login to obtain new tokens.

This guide further explains how to migrate client data, validate the new service, switch authentication traffic to the new service, validate the cutover, restart dependent services, and roll back to the old service if needed

==Migration Process:==
Auth Service has 2 persistent pieces of information.

#Client Details
#Authentication Token

===1.Client Details:===
The new authentication service (<code>gauth-service-authentication</code>) uses the same Postgres database and Redis cluster as the old auth service (<code>gauth-auth</code>), but with different table formats.
{{{!}} class="wikitable"
{{!}}'''Data'''
{{!}}'''Old Auth table name'''
{{!}}'''New Auth Table name'''
{{!}}-
{{!}}Clients
{{!}}oauth_client_details
{{!}}oauth2_client_details
{{!}}-
{{!}}Contact Centers
{{!}}client_contact_centers
{{!}}client_contact_centers2
{{!}}}

'''Automatic migration''':

When the new authentication service starts, Flyway runs the migration script:
V1.7.1__CopyOauth2ClientDetailsFromOldTable.sql
This migration copies client data from the old tables to the new tables.

The migration runs once on the first startup of the new authentication service. On subsequent restarts, Flyway skips the migration because it has already been applied.

===2. Authentication Token:===
Authentication tokens from the old authentication service are not migrated. The old and new authentication services use incompatible token storage formats. Tokens created by the old authentication service cannot be read by the new authentication service. In order to regenerate the tokens, refer to step {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Deploy|anchor=Restart_Applicable_Services|display text=Restart Applicable Services}} of CutOver steps.

And below is the difference in token storage formats of both the authentication services,
{{{!}} class="wikitable"
{{!}}'''Area'''
{{!}}'''Old Auth'''
{{!}}'''New Auth'''
{{!}}-
{{!}}Serialization
{{!}}JDK binary
{{!}}Jackson JSON
{{!}}-
{{!}}Key prefix
{{!}}configurable (empty)
{{!}}GWS:Auth:V3:
{{!}}-
{{!}}Token keys
{{!}}plain token values
{{!}}SHA-256 hashed
{{!}}-
{{!}}Data model
{{!}}OAuth2AccessToken + OAuth2Authentication
{{!}}OAuth2Authorization (unified)
{{!}}}

==Pre Validation==
Complete the following checks before switching traffic to the new authentication service.

===Step 1: Verify New Auth service health===
Check that the new authentication pods are running:<source lang="text">kubectl get pods -n gauth -l gauth=service-auth</source>Check health from the pod:
kubectl exec -n gauth <new-auth-pod> -- curl -s <nowiki>http://localhost:8081/health</nowiki>
Expected response:
{"status":"UP"}
Verify that the service started successfully:<source lang="text">kubectl logs -n gauth <new-auth-pod> | grep -i "Started"</source>Expected log message:<source lang="text">Started AuthorizationServerApplication in X seconds
</source>

===Step 2: Verify Client Data Migration===
Check the new authentication service logs for Flyway migration status:<source lang="text">kubectl logs -n gauth <new-auth-pod> | grep -i "migrat"</source>Expected output on first startup:<source lang="text">Migrating schema "public" to version "1.7.1 - CopyOauth2ClientDetailsFromOldTable"
Successfully applied 1 migration(s) to schema "public"</source>Expected output if the migration was already applied:<source lang="text">Schema "public" is up to date. No migration necessary.</source>You can also verify migrated client data through the operations API on the new authentication pod.

Start port-forwarding:<source lang="text">kubectl port-forward -n gauth <new-auth-pod> 8080:8080</source>Then call the GET Clients API:<source lang="text">curl -u <admin_username>:<admin_password> \
http://localhost:8080/auth/v3/ops/clients</source>Expected result:

*Clients are returned from the new authentication service.
*If no clients are returned, do not proceed with cutover until migration is verified.

===Step 3: Run a Pre-cutover functional test===
Before switching traffic, verify the new authentication service directly through pod port-forwarding.

Start port-forwarding:<source lang="text">kubectl port-forward -n gauth <new-auth-pod> 8080:8080
</source>Call the token endpoint:<source lang="text">curl -X POST http://localhost:8080/auth/v3/oauth/token \
-d "grant_type=client_credentials&client_id=<id>&client_secret=<secret>"
</source>Expected response: <source lang="text">{
"access_token": "...",
"token_type": "...",
"expires_in": ...
}
</source>
==Cut Over==

===Step 1: Configure Helm Values===
Refer {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Configure|anchor=Override_Helm_chart_values|display text=Configure Genesys Authentication}} for below helm values configurations

===='''Customers Using the <code>gauth</code> Chart Only'''====
Set the following value:<source lang="text">services:
useNewAuth: true
</source>This value is required to switch traffic to the new authentication service.

If dedicated external authentication pods are required, also set:<source lang="text">services:
service_auth:
externalAuth:
enabled: true
</source>

===='''Customers Using Both <code>gauth</code> and <code>gauth-infra-bg</code> Charts'''====
For the <code>gauth</code> chart, set:<source lang="text">services:
 useNewAuth: true
</source>For the <code>gauth-infra-bg</code> chart, set:<source lang="text">active:
useNewAuth: true
</source>If dedicated external authentication is required, also set:<source lang="text">active:
externalAuth: true
</source>'''Important''': Always set <code>services.useNewAuth</code> and <code>active.useNewAuth</code> to the same value. Mismatched values can result in two ingresses pointing to different authentication services, causing unpredictable routing behavior.

===Step 2: Confirm Database Migration Is Enabled===
Automatic migration of PostgreSQL data from old auth tables to new auth tables is enabled by default.

Example configuration:<source lang="text">services:
useNewAuth: false

secrets:
useSecretProviderClass: false

replicas: 3
location: /

db:
init: true # enables automatic migration
poolSize: 3</source>
===Step 3: Deploy the <code>gauth</code> Helm Chart===
Deploy the updated <code>gauth</code> chart:<source lang="text">helm upgrade --install gauth ./gauth-<version>.tgz \
-f <your-values-file>.yaml \
-n gauth \
--wait \
--timeout 600s
</source>

===Step 4: Verify Ingress Routes to New Auth===
Verify that <code>/auth/</code> routes to the new authentication service:<source lang="text">kubectl get ingress -n gauth -o yaml | grep -A5 "path: /auth/"
</source>Expected backend:<source lang="text">path: /auth/
pathType: ImplementationSpecific
backend:
service:
name: gauth-service-authentication-<release>
port:
number: 8080
</source>If the backend still shows <code>gauth-auth-<release></code>, the cutover has not taken effect.

===Step 5: Verify External Auth Ingress, If Used===
For customers using dedicated external authentication, verify that <code>/auth/v3/oauth/token</code> routes to the new external authentication service:<source lang="text">kubectl get ingress -n gauth -o yaml | grep -A5 "path: /auth/v3/oauth/token"

</source>Expected backend:<source lang="text">path: /auth/v3/oauth/token
pathType: ImplementationSpecific
backend:
service:
name: gauth-service-auth-ext-<release>
port:
number: 8080

</source>If the backend still shows <code>gauth-auth-ext-<release></code>, the external authentication cutover has not taken effect.

===Additional Steps for Customers Using <code>gauth-infra-bg</code>===
Update the <code>gauth-infra-bg</code> chart values:<source lang="text">active:
useNewAuth: true
externalAuth: true
</source>Set <code>externalAuth: true</code> only if dedicated external authentication is used.

Deploy the <code>gauth-infra-bg</code> chart:<source lang="text">helm upgrade --install gauth-infra ./gauth-infra-bg-<version>.tgz \
-f <your-infra-values-file>.yaml \
-n gauth \
--wait
</source>Verify that <code>/auth/</code> routes to the new authentication service:<source lang="text">kubectl get ingress -n gauth -l service=gauth-infra-bg -o yaml | grep -A5 "path: /auth/"

</source>Expected backend:<source lang="text">path: /auth/
pathType: ImplementationSpecific
backend:
service:
name: gauth-service-authentication-<infra-release>-active
port:
number: 80
</source>If the backend still shows <code>gauth-auth-<infra-release>-active</code>, the cutover has not taken effect.
For dedicated external authentication, verify:<source lang="text">kubectl get ingress -n gauth -l service=gauth-infra-bg -o yaml | grep -A5 "path: /auth/v3/oauth/token"
</source>Expected backend:<source lang="text">path: /auth/v3/oauth/token
pathType: ImplementationSpecific
backend:
service:
name: gauth-service-auth-ext-<infra-release>-active
port:
number: 80

</source>If the backend still shows <code>gauth-auth-ext-<infra-release>-active</code>, the external authentication cutover has not taken effect.

===Validate Cutover===
Step 1: Test the External Ingress

Call the token endpoint through the external ingress URL:<source lang="text">curl -X POST https://<gauth-external-ingress-host>/auth/v3/oauth/token \
-d "grant_type=client_credentials&client_id=<id>&client_secret=<secret>"
</source>Expected response:<source lang="text">{
"access_token": "...",
"token_type": "...",
"expires_in": ...
}
</source>
Step 2: Test the Internal Ingress

Call the token endpoint through the internal ingress URL:<source lang="text">curl -X POST https://<gauth-internal-ingress-host>/auth/v3/oauth/token \
-d "grant_type=client_credentials&client_id=<id>&client_secret=<secret>"
</source>Expected response:<source lang="text">{
"access_token": "...",
"token_type": "...",
"expires_in": ...
}
</source>Ingress host values come from the Helm values files:
{{{!}} class="wikitable"
!Chart
!External Ingress Value
!Internal Ingress Value
{{!}}-
{{!}}<code>gauth</code>
{{!}}<code>ingress.frontend</code>
{{!}}<code>internal_ingress.frontend</code>
{{!}}-
{{!}}<code>gauth-infra-bg</code>
{{!}}<code>active.ingress.frontend</code>
{{!}}<code>active.internal_ingress.frontend</code>
{{!}}}

===Restart Applicable Services===
Restart dependent services after cutover.

This restart is required because existing cached tokens were created by the old authentication service. These old tokens cannot be validated by the new authentication service.

Example restart commands:<source lang="text">kubectl rollout restart deployment gws-service-configuration -n gws
kubectl rollout restart deployment gws-app-provisioning -n gws
</source>

'''Example applicable services include:'''

i. gws-service-configuration

ii. gws-app-provisoning

ii. GIR(Genesys Interaction Recording) - Speechminer Web service

iv. Nexus

v. CIWD

vi. UCSX (only Azure)

vii. UDM (CDDS-X)

===='''Impact on Existing Logins'''====

*Existing agent and user sessions are not terminated automatically during cutover.
*However, ongoing or new read/write operations may fail after cutover because old tokens use JDK binary serialization and cannot be read by the new authentication service, which uses Jackson JSON serialization.
*Users and agents must log in again to resume normal operations:

Examples:
{{{!}} class="wikitable"
!User Type
!Required Action
{{!}}-
{{!}}WWE users
{{!}}Log out and log back in
{{!}}-
{{!}}Agent Setup users
{{!}}Log out and log back in
{{!}}}
Re-login creates new tokens in the new authentication service format. After re-login, operations should work normally.

==Rollback (If needed)==
'''After rollback:'''

*Traffic routes back to the old authentication service.
*Old auth pods are already running, so old auth pod restart is not required.
*Tokens created by the new authentication service become invalid.
*Dependent services must be restarted again so they obtain tokens from the old authentication service.
*Users and agents must log in again.

===Step 1: Switch the <code>gauth</code> Chart Back to Old Auth===
Update the <code>gauth</code> chart values:<source lang="text">services:
useNewAuth: false
</source>Deploy the <code>gauth</code> chart:<source lang="text">helm upgrade --install gauth ./gauth-<version>.tgz \
-f <your-values-file>.yaml \
-n gauth \
--wait \
--timeout 600s
</source>Verify that <code>/auth/</code> routes back to the old authentication service:<source lang="text">kubectl get ingress -n gauth -o yaml | grep -A5 "path: /auth/"
</source>Expected backend:<source lang="text">path: /auth/
pathType: ImplementationSpecific
backend:
 service:
 name: gauth-auth-<release>
 port:
 number: 8080
</source>For dedicated external authentication, verify:<source lang="text">kubectl get ingress -n gauth -o yaml | grep -A5 "path: /auth/v3/oauth/token"
</source>Expected backend:<source lang="text">path: /auth/v3/oauth/token
pathType: ImplementationSpecific
backend:
 service:
 name: gauth-auth-ext-<release>
 port:
 number: 8080
</source>

===Step 2: Switch the <code>gauth-infra-bg</code> Chart Back to Old Auth, '''If Used'''===
Update the <code>gauth-infra-bg</code> chart values:<source lang="text">active:
useNewAuth: false
</source>If external authentication was enabled only for the new authentication service and must also be switched back, update the external authentication value as required by your deployment.

Deploy the <code>gauth-infra-bg</code> chart:<source lang="text">helm upgrade --install gauth-infra ./gauth-infra-bg-<version>.tgz \
-f <your-infra-values-file>.yaml \
-n gauth \
--wait
</source>

Verify that <code>/auth/</code> routes back to the old authentication service:<source lang="text">kubectl get ingress -n gauth -l service=gauth-infra-bg -o yaml | grep -A5 "path: /auth/"
</source>

Expected backend:<source lang="text">path: /auth/
pathType: ImplementationSpecific
backend:
 service:
 name: gauth-auth-<infra-release>-active
 port:
 number: 80
</source>

For dedicated external authentication, verify:<source lang="text">kubectl get ingress -n gauth -l service=gauth-infra-bg -o yaml | grep -A5 "path: /auth/v3/oauth/token"
</source>

Expected backend:<source lang="text">path: /auth/v3/oauth/token
pathType: ImplementationSpecific
backend:
 service:
 name: gauth-auth-ext-<infra-release>-active
 port:
 number: 80
</source>

===Step 3: Restart Applicable Services After Rollback===
Restart dependent services again after rollback.

This is required because services may hold tokens created by the new authentication service, and those tokens cannot be validated by the old authentication service.

Example commands:<source lang="text">kubectl rollout restart deployment gws-service-configuration -n gws
kubectl rollout restart deployment gws-app-provisioning -n gws
</source>Restart any other applicable services listed in the {{Link-AnywhereElse|product=AUTH|version=Current|manual=AuthPEGuide|topic=Deploy|anchor=Restart_Applicable_Services|display text=Restart Applicable Services}} section.

===Step 4: Validate Rollback===
Call the token endpoint through the external ingress URL:<source lang="text">curl -X POST https://<gauth-external-ingress-host>/auth/v3/oauth/token \
 -d "grant_type=client_credentials&client_id=<id>&client_secret=<secret>"
</source>Expected response:<source lang="text">{
 "access_token": "...",
 "token_type": "...",
 "expires_in": ...
}
</source>Call the token endpoint through the internal ingress URL:<source lang="text">curl -X POST https://<gauth-internal-ingress-host>/auth/v3/oauth/token \
 -d "grant_type=client_credentials&client_id=<id>&client_secret=<secret>"
</source>Expected response:<source lang="text">{
 "access_token": "...",
 "token_type": "...",
 "expires_in": ...
}
</source>

==Troubleshooting==

===Ingress Still Points to Old Auth After Cutover===
If ingress still points to <code>gauth-auth-<release></code> or <code>gauth-auth-ext-<release></code>, the cutover did not take effect.

Check:

*<code>services.useNewAuth</code> is set to <code>true</code>
*<code>active.useNewAuth</code> is set to <code>true</code>, if using <code>gauth-infra-bg</code>
*Helm upgrade completed successfully
*The correct values file was used
*Ingress was updated after deployment

===Token Requests Fail After Cutover===
Check:

*Client migration completed successfully
*Client ID and client secret are valid
*Token request is reaching the new authentication service
*Dependent services were restarted
*Users have logged out and logged back in

===Operations Fail for Logged-In Users After Cutover===
Existing user sessions are not automatically terminated, but operations may fail because old tokens are incompatible with the new authentication service.

Resolution:

*Ask affected users to log out and log back in.
*Restart dependent services that cache service tokens.

===Token Requests Fail After Rollback===
After rollback, tokens created by the new authentication service are invalid for the old authentication service.

Resolution:

*Restart dependent services again.
*Ask users and agents to log out and log back in.
*Verify ingress routes back to the old authentication service.
|Status=No
}}
}}

AUTH/Current/AuthPEGuide/Configure

2026-05-22T13:00:43Z

WikiSysop:

{{Article
|Standalone=No
|DisplayName=Configure Genesys Authentication
|Context=Learn how to configure Genesys Authentication.
|ComingSoon=No
|Section={{Section
|alignment=Vertical
|structuredtext=Complete the steps on this page to configure your Genesys Authentication deployment.
|Status=No
}}{{Section
|sectionHeading=Add Java KeyStore support (optional)
|anchor=jks
|alignment=Vertical
|structuredtext=Complete the steps in this section to set up a [https://en.wikipedia.org/wiki/Java_KeyStore Java KeyStore] (JKS) if you need to configure Genesys Authentication to use [https://jwt.io/ JSON Web Token] authentication. This method of authentication is currently used for {{Link-AnywhereElse|product=WebRTC|version=Current|manual=WebRTCPEGuide|display text=WebRTC}}.

Create a keystore file:

<source lang="text">keytool -keystore jksStorage.jks -genkey -alias gws-auth-key -storepass <password> -keypass <password> -keyalg RSA</source>

Get the Base64 encoded key:

<source lang="text">cat ./jksStorage.jks | base64</source>

The result looks like this:

<source lang="text">/u3+7QAAAAIAAAABAAAAAQAMZ3dzLWF1dGgta2V5AAABeRmB2Y4AAAUBMIIE/TAOBgorBgEEASoCEQEBBQAEggTpwQQ5aW5CUYAsf4/IheBuNrlPPyZhUA+NWh3SG52HV3sVjV+p18vKp2k/q12I9NynoM6R/DW5bFfEWU1zx3cfXH2kNirRUOIbNZpa43NOroyyF1GSdZFlwa8Kq8Xtp8ZBmiJdSb1n12ODaTKGKv1cb5tsfdzkWs99QeTBGJypHMCdnBvdFB0Nvid+yaxdmK3bdQlCwDgDOHZ2RnU0oxXebH3o+jIrrowyo7DidJDyUwIeT2PPPI9F88QsP+CdDRRR1T7t0ojd1hIJ8YYMwJ1wQmwgF4QZRbtrEnwXqkHinJnwOERcp4FLuceds6YTlcxvWsS+GEv38Jv8YokLwRb/mMACTHk4R9yASsd7fljgNLSn0jhrz9FuxvYgpOVvExiq+sb5YrfbZjtTzZDzFVOu/2kWzASfZBSiyyxMOr3IhUPkMpIrg+UYkI0tgn/C3yR1wLr9HElpx8fCu61ORqp8hhp1yvL46K0c6eTa2JcRpO6fmysf2EG0JagG7zNEJHlvtNnt3JpQV06xos2iWsFAtHq+9w8LwvCVbDzx/UHoCYenIdJ7SBv06mXgKisa3RDIi/y5x5/9T4brgCLUvwI4Z5Rf/oi2Zx5/lXjQXmBPlPAcUVHLr5PvNQUUx5NBr/ooioD7qka4ADF1/cx8I2bzqTi+U01fiFdMGRlNlCfcGDMI2h82JUeCswRYi4+dMDiSaGgC2MoL2susLxMYa5CTo9Vs0Y2k+6j8fhIO4h8h0JxdXZODU63OM0cDSUHXfbyKSey/4IhiV3k7W4OHYeXUeDvoNmfo/AriELZl+WgYETiXGsKzxmrsHrBKC0+aT098FwqdY9ACsM/7WoF2+9eftc7fa2jruutrRjmk0A/BaIqzboJLFiWaUUGV9gsexEmpGszikQsmOYSIRxY8BYF+SYldehcfcsRRxDnhTaGNV8y2ZnwA61FNPAFps3gaFXeaYsUzlxTSi9m70HJJrUp7JDK6SGg6luiKMG4O7QjsGgOOwGpoLJf7EFOCspN3t4damhH/KFi9OrEuAdhMJa+iQ21PBZ+iIwxb0y9xMReImoUtoqy6Epre3qMOS6MILLw2bVrxJYo38+hR5uzNdlbsUlpYOoorI1Hp8A/VEYtG9PDHEhhoqUamdUYUzkFDi9QZfylIgi8Jc4G4PPrPKgMPqqE7sl6bJvoLavU58eHpdWo/Mb9UtdTx+l/SlulCCE0Xce6M9YE1SyC2B3gd82zNQa81lx+QAY8IaSmX+C2nMz+UeXKngSEzguK6gXg9RwCs8pUavuLQ6uZGkJ+fhDBvDAFgD7hG1XdHs27XGSUsRq6GiiwmjZXsZ70ETIVmXfuSvGuYYpv4CKzIDvweGdbkUWap2oQqm6Sw+OkJLbim1aW4MSYGCZItLOM36108onELop0wTIMiZBv2cIaQ+WzbyKDXIi94ebntxu42GSeUn1IGDMGAa+vh4itLDV6yIXCRHCd9GM6JBj+SKXkn+J0FIZ257Kf4k3kg6rm9Ha1800NMB7ILrbJChCZd5bmDmMwUGsNrlar2Oa4S41Y81vmBQJlMzSvAS37gk3eFX3XLKtfn7+Dxq8aYRA0TQEMln0uUuoiNRZH8iaLwhpI4bEkaoSU/DT/KHRB7AHN5/vQpj6KOscxqmyPrgPY/+TseczEeaQLQ6MfjvXY+AAAAAQAFWC41MDkAAAN7MIIDdzCCAl+gAwIBAgIEYxhLHTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTIxMDQyODE3MjMzMFoXDTIxMDcyNzE3MjMzMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0300E4F3NDKRHYwrkqDgeUPwoIrozyLp6JvkCsOe1nj5L44vwJjnrYw9falOVDQ9ggwquwXoD5RNEf5/esYcJNEqu1btJLwLvhXb651OyZnsmeNGP2BrNCPXZS6CBReMMKJaZrlCwJQxiSrGPHB/gpxKoAowLwl3V7wB2BHKDhrczQBPdvtsfBAzeqpN/yRpdKZRAtu2LyGqRZKCglSrwYenJFqROdOeworbNmtIKXfQLiamE4KdhzQdPfnyBC7ZWtCIJUp9Va4LmCYD/ISOmVyfQ9Xql1rRNQLcVaewCKRM2ffBAkx98d3n79XUZDljOzHh+79tCpheuuYfbMQqMCAwEAAaMhMB8wHQYDVR0OBBYEFNtM8mIEb67VYot5tjDAdrhiq+31MA0GCSqGSIb3DQEBCwUAA4IBAQBued3SqK+1chAUpNz06Ceak2Ldzlz6MXxBZx6fx50odSY3C4rwywK31RSAAtCe/Ta4y+B6JcdPjFtII6Pf5W0DDTOa3cHNMeukYn5lBnaMbIKqoxFT7nM7MD3DB+dISvMu8FtVWFwbPzXWhl+Aycuu9ETGlCoJqYfl+vmLyGjJVadcUg4E3u7b29woO+bH9pagJErfi7Wq0vaaqMtkKjfOSovMTwz5ruXSiCDZlxb8C8CEr9lkpT3F0G1XFaNNOHoZiZNwXFKLoLrdI2t3pOCYyhwYbGKGMyitRguYz490dxZ0G5R4kMo/YbN7be2QIJwmucIZzH7fkU90V+rmVZhl9Bo8ixuIJG/vZTxmEBaDqmhiP4w=</source>
Make note of the following values - you need them to configure JKS support in the {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Configure|anchor=Override|display text=Helm chart}}:

*Keystore filename
*Keystore password
*Key alias
*Key password
*Base64 encoded key
|Status=No
}}{{Section
|sectionHeading=Configure a secret to access JFrog
|anchor=Secret
|alignment=Vertical
|structuredtext=If you haven't done so already, create a secret for accessing the JFrog registry:
<source lang="text">kubectl create secret docker-registry <credential-name> --docker-server=<docker repo> --docker-username=<username> --docker-password=<password> --docker-email=<emailid></source>

Now map the secret to the default service account:
<source lang="text">kubectl secrets link default <credential-name> --for=pull</source>
|Status=No
}}{{Section
|sectionHeading=Override Helm chart values
|anchor=Override
|alignment=Vertical
|structuredtext=You can specify parameters for the deployment by overriding Helm chart values in the '''values.yaml''' file. See the '''Parameters''' table for a full list of overridable values.

For more information about how to override Helm chart values, see {{SuiteLevelLink|helmoverride}} in the {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide}} guide.
{{{!}} class="wikitable" style="table-layout: fixed; overflow-wrap: break-word;" {{!}}
{{!}}+
Parameters
!Parameter
!Description
!Valid values
!Default
{{!}}-
{{!}}gws-core-auth
{{!}}The gws-core-auth image version tag. For example, 100.0.003.3508.
{{!}}A valid image version
{{!}}""
{{!}}-
{{!}}gws-core-environment
{{!}}The gws-core-environment image version tag. For example, 100.0.003.1866.
{{!}}A valid image version
{{!}}""
{{!}}-
{{!}}gws-ui-auth
{{!}}The gws-ui-auth image version tag. For example, 100.0.003.1328.
{{!}}A valid image version
{{!}}""
{{!}}-
{{!}}gauth-service-authentication
{{!}}The gauth-service-authentication image version tag. For example, 100.0.001.0193.
{{!}}A valid image version
{{!}}""
{{!}}-
{{!}}image.imagePullSecrets
{{!}}The secret Kubernetes uses to get credentials to pull images from the registry.
{{!}}A valid secret
{{!}}[]
{{!}}-
{{!}}image.pullPolicy
{{!}}Specifies when Kubernetes pulls images from the registry on start up.
{{!}}IfNotPresent or Always
{{!}}"IfNotPresent"
{{!}}-
{{!}}image.registry
{{!}}Docker registry address
{{!}}A valid registry URL
{{!}}""
{{!}}-
{{!}}{{AnchorDiv|consul}}consul.discovery_register
{{!}}Specifies whether services are registered in Consul.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}consul.discovery_tenants
{{!}}Enables tenant discovery through Consul.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}consul.enabled
{{!}}Enables a connection to Consul.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}consul.host
{{!}}The host of the local Consul agent.
{{!}}A valid URL
{{!}}"<nowiki>http://$(K8_HOST_IP)</nowiki>"
{{!}}-
{{!}}consul.port
{{!}}The port of the local Consul agent.
{{!}}A valid port
{{!}}8500
{{!}}-
{{!}}consul.require_token
{{!}}Specifies whether Genesys Authentication reads the API token from a Kubernetes secret.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}consul.secret.create
{{!}}Create or use an existing secret with the Consul API token.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}consul.secret.name_override
{{!}}The name of the Kubernetes secret for Consul.
{{!}}A valid secret name
{{!}}nil
{{!}}-
{{!}}consul.secret.token
{{!}}The API token to access Consul.
{{!}}A valid API token
{{!}}nil
{{!}}-
{{!}}ingress.enabled
{{!}}Enables external ingress for Genesys Authentication.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}{{AnchorDiv|ingress.frontend}}ingress.frontend
{{!}}The host that is used by external ingress.
{{!}}A valid host
{{!}}"gauth.local"
{{!}}-
{{!}}ingress.annotations.
{{!}}Annotations that are applied to external ingress. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/|displaytext=Kubernetes documentation}} for details.
{{!}}A valid set of annotations as "name: value"
{{!}}nginx.ingress.kubernetes.io/proxy-body-size: "0"
{{!}}-
{{!}}ingress.tls_enabled
{{!}}Enables Transport Layer Security (TLS) on external ingress.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}ingress.tls
{{!}}The name of the secret for Secure Sockets Layer (SSL) certificates.
{{!}}A valid secret name
{{!}}<syntaxhighlight>
- hosts:
- gauth.local
secretName: letsencrypt
</syntaxhighlight>
{{!}}-
{{!}}internal_ingress.enabled
{{!}}Enables internal ingress for Genesys Authentication.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}{{AnchorDiv|internal_ingress.frontend}}internal_ingress.frontend
{{!}}The host that is used by internal ingress.
{{!}}A valid host
{{!}}"gauth-int.local"
{{!}}-
{{!}}internal_ingress.annotations
{{!}}Annotations that are applied to internal ingress. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/|displaytext=Kubernetes documentation}} for details.
{{!}}A valid set of annotations as "name: value"
{{!}}nginx.ingress.kubernetes.io/proxy-body-size: "0"
{{!}}-
{{!}}{{AnchorDiv|internal_ingress.tls_enabled}}internal_ingress.tls_enabled
{{!}}Enables Transport Layer Security (TLS) on internal ingress.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}internal_ingress.tls
{{!}}The name of the secret for Secure Sockets Layer (SSL) certificates.
{{!}}A valid secret name
{{!}}<syntaxhighlight>
- hosts:
- gauth-int.local
secretName: letsencrypt
</syntaxhighlight>
{{!}}-
{{!}}monitoring.enabled
{{!}}Specifies whether to deploy Custom Resource Definitions (CRD) for ServiceMonitors to determine which services should be monitored.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}monitoring.interval
{{!}}The interval at which Prometheus scrapes metrics.
{{!}}A duration in seconds
{{!}}"15s"
{{!}}-
{{!}}monitoring.alarms
{{!}}Specifies whether to deploy CRD for PrometheusRules to define rules for alarms.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}monitoring.alarmThresholds.redisKeys
{{!}}The threshold to trigger an alarm on the total number of keys in Redis.
{{!}}Number
{{!}}5000000
{{!}}-
{{!}}monitoring.alarmThresholds.redisMaxMemoryPerentage
{{!}}The threshold to trigger an alarm for used Redis memory.
{{!}}Number
{{!}}85
{{!}}-
{{!}}monitoring.dashboards
{{!}}Specifies whether to deploy ConfigMaps with Grafana Dashboards.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}monitoring.pagerduty
{{!}}Enables alarms with a severity of <code>CRITICAL</code>.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}optional.affinity
{{!}}Specifies the affinity and anti-affinity for Genesys Authentication pods. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
gauth: '{{ .gauth }}'
app.kubernetes.io/name: '{{ include "auth.name" . }}'
app.kubernetes.io/instance: '{{ .Release.Name }}'
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 100
</syntaxhighlight>
{{!}}-
{{!}}optional.dnsConfig
{{!}}Specifies custom DNS settings for Genesys Authentication pods. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
options:
- name: ndots
value: "3"
</syntaxhighlight>
{{!}}-
{{!}}optional.dnsPolicy
{{!}}Specifies the DNS policy for Genesys Authentication pods. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy|displaytext=Kubernetes documentation}} for details.
{{!}}"Default", "ClusterFirst", "ClusterFirstWithHostNet", or "None"
{{!}}"ClusterFirst"
{{!}}-
{{!}}optional.nodeSelector
{{!}}The labels Kubernetes uses to assign pods to nodes. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/configuration/assign-pod-node/|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}{}
{{!}}-
{{!}}optional.priorityClassName
{{!}}The class name Kubernetes uses to determine the priority of a pod relative to other pods. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass|displaytext=Kubernetes documentation}} for details.
{{!}}A valid priority class name
{{!}}""
{{!}}-
{{!}}optional.securityContext
{{!}}Specifies the privilege and access control settings Genesys Authentication pods. See {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Configure|anchor=Security|display text=Configure security}} for details.
{{!}}Object
{{!}}{}
{{!}}-
{{!}}optional.strategy
{{!}}Specifies details for the rolling update strategy Genesys Authentication uses to upgrade it containers. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
type: RollingUpdate
rollingUpdate:
maxSurge: 10
maxUnavailable: 0
</syntaxhighlight>
{{!}}-
{{!}}optional.tolerations
{{!}}The tolerations Kubernetes uses for advanced pod scheduling. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}[]
{{!}}-
{{!}}podDisruptionBudget.create
{{!}}Specifies whether to create a PodDisruptionBudget. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/tasks/run-application/configure-pdb/|displaytext=Kubernetes documentation}} for details.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}podDisruptionBudget.spec
{{!}}Specifies the details of your PodDisruptionBudget. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/tasks/run-application/configure-pdb/|displaytext=Kubernetes documentation}} for details.
{{!}}A valid spec that defines a value for either minAvailable or maxUnavailable. Do not specify .spec.selector because it is calculated by Helm.
{{!}}minAvailable: 2
{{!}}-
{{!}}pod_autoscaler.auth.enabled
{{!}}Enables the Horizontal Pod Autoscaler for the Authentication Service. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/|displaytext=Kubernetes documentation}} for details.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}pod_autoscaler.auth.maxReplicas
{{!}}Specifies the maximum number of Authentication Service replicas the Horizontal Pod Autoscaler controller will scale.
{{!}}Number
{{!}}10
{{!}}-
{{!}}pod_autoscaler.auth.metrics
{{!}}Specifies resource metrics the Horizontal Pod Autoscaler controller uses to scale Authentication Service pods up or down. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 350%
</syntaxhighlight>
{{!}}-
{{!}}pod_autoscaler.environment.enabled
{{!}}Enables the Horizontal Pod Autoscaler for the Environment Service. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/|displaytext=Kubernetes documentation}} for details.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}pod_autoscaler.environment.maxReplicas
{{!}}Specifies the maximum number of Environment Service replicas the Horizontal Pod Autoscaler controller will scale.
{{!}}Number
{{!}}10
{{!}}-
{{!}}pod_autoscaler.environment.metrics
{{!}}Specifies resource metrics the Horizontal Pod Autoscaler controller uses to scale Environment Service pods up or down. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 350%
</syntaxhighlight> 
{{!}}-
{{!}}postgres.deploy
{{!}}Specifies whether to deploy PostgreSQL. Set this option for lab environments only.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}postgres.image
{{!}}Specifies the Docker image to use in the lab environment if <code>postgres.deploy=true</code>.
{{!}}A Docker image
{{!}}"postgres:11-alpine"
{{!}}-
{{!}}postgres.configmap.create
{{!}}Specifies whether Genesys Authentication creates a ConfigMap with PostgreSQL connection parameters. If the value is false, you must create the ConfigMap manually.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}postgres.configmap.name_override
{{!}}The name of the ConfigMap.
{{!}}A value name
{{!}}nil
{{!}}-
{{!}}{{AnchorDiv|postgres}}postgres.db
{{!}}The name of the PostgreSQL database from {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Planning|anchor=create|display text=Create a PostgreSQL database and user}}.
{{!}}A valid database name
{{!}}nil
{{!}}-
{{!}}postgres.host
{{!}}The host of the PostgreSQL instance.
{{!}}A valid host
{{!}}nil
{{!}}-
{{!}}postgres.port
{{!}}The port of the PostgreSQL instance.
{{!}}A valid port
{{!}}nil
{{!}}-
{{!}}postgres.username
{{!}}The username to access the PostgreSQL database from {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Planning|anchor=create|display text=Create a PostgreSQL database and user}}.
{{!}}A valid username
{{!}}nil
{{!}}-
{{!}}postgres.password
{{!}}The password to access the PostgreSQL database from {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Planning|anchor=create|display text=Create a PostgreSQL database and user}}.
{{!}}A valid password
{{!}}nil
{{!}}-
{{!}}postgres.secret.create
{{!}}Specifies whether to create a Kubernetes secret with user credentials for PostgreSQL. If this value is false, you must create the secret manually.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}postgres.secret.name_override
{{!}}The name of the PostgreSQL secret.
{{!}}A valid name
{{!}}nil
{{!}}-
{{!}}redis.cluster_nodes
{{!}}The Redis nodes in your cluster. For example, "redis-cluster1:7000,redis-cluster2:7002".
{{!}}A comma-separated list of "host:port" pairs
{{!}}nil
{{!}}-
{{!}}redis.configmap.create
{{!}}Specifies whether to create a ConfigMap with connection parameters for Redis. If this value is false, you must create the ConfigMap manually.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}redis.configmap.name_override
{{!}}The name of the Redis ConfigMap.
{{!}}A valid name
{{!}}nil
{{!}}-
{{!}}redis.deploy
{{!}}Specifies whether to deploy a Redis cluster. Set this option for lab environments only.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}redis.image
{{!}}Specifies the Docker image to use in the lab environment if <code>redis.deploy=true</code>.
{{!}}A Docker image
{{!}}"redis:5-stretch"
{{!}}-
{{!}}redis.password
{{!}}The Redis password.
{{!}}A valid password
{{!}}nil
{{!}}-
{{!}}redis.password_required
{{!}}Specifies whether Genesys Authentication should read the Redis password from a Kubernetes secret.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}redis.secret.create
{{!}}Specifies whether to create a Kubernetes secret with Redis password. If this value is false, you must create the secret manually.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}redis.secret.name_override
{{!}}The name of the Redis secret.
{{!}}A valid name
{{!}}nil
{{!}}-
{{!}}{{AnchorDiv|redis.use_tls}}redis.use_tls
{{!}}Enable or disable a TLS connection to the Redis cluster.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}serviceAccount.create
{{!}}Specifies whether to create a service account.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}serviceAccount.name
{{!}}The name of the service account to use.
{{!}}A service account name
{{!}}""
{{!}}-
{{!}}serviceAccount.annotations
{{!}}Annotations to add to the service account. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/|displaytext=Kubernetes documentation}} for details.
{{!}}A valid set of labels as "name: value"
{{!}}{}
{{!}}-
{{!}}services.initContainers
{{!}}Optional init containers to add to Genesys Authentication deployments.
{{!}}Object
{{!}}{}
{{!}}-
{{!}}services.location
{{!}}Location of the deployment. For example, "/USW1".
{{!}}A valid location.
{{!}}"/"
{{!}}-
{{!}}services.replicas
{{!}}The number of Genesys Authentication pod replicas to deploy.
{{!}}Number
{{!}}3
{{!}}-
{{!}}services.db.init
{{!}}Enable automatic updates for the database schema.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}services.db.poolCheckoutTimeout
{{!}}The database pool timeout.
{{!}}Number
{{!}}3000
{{!}}-
{{!}}services.db.poolSize
{{!}}The database pool size.
{{!}}Number
{{!}}3
{{!}}-
{{!}}services.auth.loglevel
{{!}}Specifies the log level for the Authentication Service.
{{!}}INFO, DEBUG, WARN
{{!}}DEBUG
{{!}}-
{{!}}services.db.ssl
{{!}}Enable or disable an SSL connection to PostgreSQL. See the {{#Widget:ExtLink|link=https://www.postgresql.org/docs/9.0/libpq-ssl.html|displaytext=PostgreSQL documentation}} for details about SSL modes.
{{!}}disable, prefer, require, verify-ca, or verify-full
{{!}}"disable"
{{!}}-
{{!}}services.auth.deploymentAnnotations
{{!}}Annotations for Authentication Service deployment objects. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/|displaytext=Kubernetes documentation}} for details.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}-
{{!}}services.auth.env.GWS_AUTH_SECURITY_HTTP_SCHEME_HEADER_NAME
{{!}}The name of the header with protocol. This value can be used when HTTPS is terminated by the load balancer.
{{!}}A valid header name
{{!}}"X-Forwarded-Proto"
{{!}}-
{{!}}services.auth.env.GWS_AUTH_timeouts_requestTimeoutMs
{{!}}The Authentication Service request timeout.
{{!}}A value in milliseconds
{{!}}30000
{{!}}-
{{!}}services.auth.env.JAVA_TOOL_OPTIONS
{{!}}Specifies JVM arguments to set in the JAVA_TOOL_OPTIONS environment variable.
{{!}}Valid JVM arguments
{{!}}"-XX:+PrintFlagsFinal -XX:+UseG1GC -Dfile.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -XX:MaxRAMPercentage=80.0"
{{!}}-
{{!}}services.auth.env.GWS_AUTH_logging_level_com_genesys_gws_v3
{{!}}Specifies the log level for the Authentication Service.
{{!}}INFO, DEBUG, WARN
{{!}}DEBUG
{{!}}-
{{!}}services.auth.env.GWS_AUTH_http_headers_frame_options
{{!}}Specifies the value of the X-Frame-Options HTTP response header.
{{!}}SAMEORIGIN, DENY, DISABLE, ALLOW
{{!}}ALLOW
{{!}}-
{{!}}services.auth.jks.enabled
{{!}}Specifies whether Genesys Authentication uses Java KeyStore. See {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Configure|anchor=jks|display text=Add JKS support}} for details. This value must be set to true for Security Assertion Markup Language single sign-on (SAML SSO) functionality.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}services.auth.jks.keyAlias
{{!}}The name of the key alias in the keystore used by the Authentication Service. This value comes from {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Configure|anchor=jks|display text=Add JKS support}}.
{{!}}A valid key alias
{{!}}nil
{{!}}-
{{!}}services.auth.jks.keyPassword
{{!}}The keystore password from {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Configure|anchor=jks|display text=Add JKS support}}.
{{!}}A valid keystore password
{{!}}nil
{{!}}-
{{!}}services.auth.jks.keyStore
{{!}}The name of the Java keystore file from {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Configure|anchor=jks|display text=Add JKS support}}.
{{!}}A valid keystore name
{{!}}"jksStorage.jks"
{{!}}-
{{!}}services.auth.jks.keyStorePassword
{{!}}The keystore password from {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Configure|anchor=jks|display text=Add JKS support}}.
{{!}}A valid keystore password
{{!}}nil
{{!}}-
{{!}}services.auth.jks.secret.create
{{!}}Specifies whether to create a new secret with the keystore file content and keystore credentials.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}services.auth.jks.keyStoreFileData
{{!}}The Base64 encoded key value from {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Configure|anchor=jks|display text=Add JKS support}}.
{{!}}A valid key
{{!}}nil
{{!}}-
{{!}}services.auth.jks.secret.name
{{!}}A Kubernetes secret name with the keystore credentials and content.
{{!}}A valid secret name
{{!}}nil
{{!}}-
{{!}}services.auth.jks.sso.enabled
{{!}}Specifies whether to enable SAML SSO functionality.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}services.auth.livenessProbe
{{!}}Specifies parameters for the livenessProbe. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
livenessProbe:
httpGet:
path: /health
port: management
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
failureThreshold: 3
</syntaxhighlight>
{{!}}-
{{!}}services.auth.ports.management
{{!}}Specifies the management port for Authentication Service.
{{!}}Number
{{!}}8081
{{!}}-
{{!}}services.auth.ports.service
{{!}}Specifies the service port for Authentication Service.
{{!}}Number
{{!}}8080
{{!}}-
{{!}}services.auth.readinessProbe
{{!}}Specifies parameters for the readinessProbe. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
readinessProbe:
httpGet:
path: /health
port: management
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 10
</syntaxhighlight>
{{!}}-
{{!}}services.auth.replicas
{{!}}The number of Authentication Service pod replicas to deploy. This value overrides services.replicas.
{{!}}Number
{{!}}nil
{{!}}-
{{!}}services.auth.resources
{{!}}The requests and limits for Authentication Service pod resources. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
requests:
cpu: 500m
memory: 4Gi
limits:
cpu: "4"
memory: 6Gi
</syntaxhighlight>
{{!}}-
{{!}}services.auth.serviceAnnotations
{{!}}Annotations for Authentication Service service objects. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/|displaytext=Kubernetes documentation}} for details.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}-
{{!}}services.auth_ui.deploymentAnnotations
{{!}}Annotations for Authentication UI deployment objects. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/|displaytext=Kubernetes documentation}} for details.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}-
{{!}}services.auth_ui.ports.service
{{!}}Specifies the service port for Authentication UI.
{{!}}Number
{{!}}8080
{{!}}-
{{!}}services.auth_ui.env.GWS_NGINX_ENABLE_MAPPING
{{!}}Use Consul to discover Auth Service
{{!}}
{{!}}"false"
{{!}}-
{{!}}services.auth_ui.livenessProbe
{{!}}Specifies parameters for the livenessProbe. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}{}
{{!}}-
{{!}}services.auth_ui.readinessProbe
{{!}}Specifies parameters for the readinessProbe. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}{}
{{!}}-
{{!}}services.auth_ui.replicas
{{!}}The number of Authentication UI pod replicas to deploy. This value overrides services.replicas.
{{!}}Number
{{!}}nil
{{!}}-
{{!}}services.auth_ui.resources
{{!}}The requests and limits for Authentication UI pod resources. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
requests:
cpu: 100m
memory: 500Mi
limits:
cpu: 500m
memory: 1Gi
</syntaxhighlight>
{{!}}-
{{!}}services.auth_ui.serviceAnnotations
{{!}}Annotations for Authentication UI service objects. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/|displaytext=Kubernetes documentation}} for details.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}-
{{!}}services.environment.loglevel
{{!}}Specifies the log level for the Environment Service.
{{!}}INFO, DEBUG, WARN
{{!}}INFO
{{!}}-
{{!}}services.environment.deploymentAnnotations
{{!}}Annotations for Environment Service deployment objects. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/|displaytext=Kubernetes documentation}} for details.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}-
{{!}}services.environment.env.JAVA_TOOL_OPTIONS
{{!}}Specifies JVM arguments to set in the JAVA_TOOL_OPTIONS environment variable.
{{!}}Valid JVM arguments
{{!}}"-XX:+PrintFlagsFinal -XX:+UseG1GC -Dfile.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -XX:MaxRAMPercentage=80.0"
{{!}}-
{{!}}services.environment.env.GWS_ENVIRONMENT_logging_level_com_genesys_gws_v3
{{!}}Specifies the log level for the Environment Service.
{{!}}INFO, DEBUG, WARN
{{!}}INFO
{{!}}-
{{!}}services.environment.force_writable
{{!}}Ignore the Data Center topology in a single-region deployment.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}services.environment.livenessProbe
{{!}}Specifies parameters for the livenessProbe. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
livenessProbe:
httpGet:
path: /health
port: management
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
failureThreshold: 3
</syntaxhighlight>
{{!}}-
{{!}}services.environment.ports.management
{{!}}Specifies the management port for Environment Service.
{{!}}Number
{{!}}8081
{{!}}-
{{!}}services.environment.readinessProbe
{{!}}Specifies parameters for the readinessProbe. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
readinessProbe:
httpGet:
path: /health
port: management
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 10
</syntaxhighlight>
{{!}}-
{{!}}services.environment.ports.service
{{!}}Specifies the service port for Environment Service.
{{!}}Number
{{!}}8080
{{!}}-
{{!}}services.environment.replicas
{{!}}The number of Environment Service pod replicas. This value overrides services.replicas.
{{!}}Number
{{!}}nil
{{!}}-
{{!}}services.environment.resources
{{!}}The requests and limits for Environment Service pod resources. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/|displaytext=Kubernetes documentation}} for details.
{{!}}Object
{{!}}<syntaxhighlight>
requests:
cpu: 500m
memory: 4Gi
limits:
cpu: "4"
memory: 6Gi
</syntaxhighlight>
{{!}}-
{{!}}services.environment.serviceAnnotations
{{!}}Annotations for Authentication Service service objects. See the {{#Widget:ExtLink|link=https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/|displaytext=Kubernetes documentation}} for details.
{{!}}A valid set of annotations as "name: value"
{{!}}{}
{{!}}-
{{!}}{{AnchorDiv|services.secret.admin_password}}services.secret.admin_password
{{!}}Encrypted password of the operational user. The password should be encrypted with bcrypt hashing with any number of rounds. You can generate an encrypted password on the following site: https://www.javainuse.com/onlineBcrypt
{{!}}A valid password
{{!}}nil
{{!}}-
{{!}}{{AnchorDiv|services.secret.admin_username}}services.secret.admin_username
{{!}}The username of an operational user.
{{!}}Any valid username. For example, opsAdmin, clientAdmin, ops.
{{!}}nil
{{!}}-
{{!}}services.secret.client_id
{{!}}The ID of an encrypted client secret.
{{!}}Any valid client ID. For example, external_api_client, nexus_client, authclient.
{{!}}nil
{{!}}-
{{!}}services.secret.client_secret
{{!}}The encrypted client secret. The client secret should be encrypted with bcrypt hashing with any number of rounds. You can generate an encrypted client secret on the following site:https://www.javainuse.com/onlineBcrypt
{{!}}A valid client secret
{{!}}nil
{{!}}-
{{!}}services.secret.create
{{!}}Specifies whether to create the Kubernetes secret with the credentials of the operational user and client ID.
{{!}}true or false
{{!}}true
{{!}}-
{{!}}services.secret.name_override
{{!}}The name of the secret.
{{!}}A valid name
{{!}}nil
{{!}}-
{{!}}services.secrets.secretProviderClassNames.admin_user
{{!}}The name of the secretProviderClass with the operational user credentials.
{{!}}A valid class name
{{!}}"keyvault-gauth-admin-user"
{{!}}-
{{!}}services.secrets.secretProviderClassNames.client_credentials
{{!}}The name of the secretProviderClass with the client credentials.
{{!}}A valid class name
{{!}}"keyvault-gauth-client-credentials"
{{!}}-
{{!}}services.secrets.secretProviderClassNames.consul_token
{{!}}The name of the secretProviderClass with the Consul token.
{{!}}A valid class name
{{!}}"keyvault-consul-consul-gauth-token"
{{!}}-
{{!}}services.secrets.secretProviderClassNames.jks_credentials
{{!}}The name of the secretProviderClass with the JKS credentials.
{{!}}A valid class name
{{!}}"keyvault-gauth-jks-credentials"
{{!}}-
{{!}}services.secrets.secretProviderClassNames.jks_keyvault
{{!}}The name of the secretProviderClass with the JKS keystore.
{{!}}A valid class name
{{!}}"keyvault-gauth-jks-keyvault"
{{!}}-
{{!}}services.secrets.secretProviderClassNames.pg_user
{{!}}The name of the secretProviderClass with PostgreSQL credentials.
{{!}}A valid class name
{{!}}"keyvault-gauth-pg-user"
{{!}}-
{{!}}services.secrets.secretProviderClassNames.redis_password
{{!}}The name of the secretProviderClass with the Redis password.
{{!}}A valid class name
{{!}}"keyvault-gauth-redis-password"
{{!}}-
{{!}}services.secrets.useSecretProviderClass
{{!}}Specifies whether to read secrets from the secretProviderClass instead of Kubernetes secrets.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}topologySpreadConstraints
{{!}}In Kubernetes, topology spread constraints are used to control how Pods are spread across the cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains. This helps to achieve high-availability as well as efficient resource utilization.
{{!}}Valid topology spread constraints settings. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ Kubernetes documentation] for details.
{{!}}{}
{{!}}-
{{!}}services.service_auth.env.GWS_AUTH_common_configService
{{!}}The URL of the GWS Service Configuration service (config server cache). Used by the authentication service to read user details, validate credentials, and manage passwords.'''This is a mandatory setting'''
{{!}}A valid HTTP URL pointing to the configuration service (e.g., <nowiki>http://gws-platform-configuration:8092</nowiki> or <nowiki>http://gws-service-configuration:8892</nowiki> or an internal load balancer URL)
{{!}}None (must be set)
{{!}}-
{{!}}services.service_auth.env.GWS_AUTH_filterCfgObjects
{{!}}When enabled, the authentication service filters user authorities (roles and access groups) to return only those assigned to the specific person. This prevents incorrect RBAC behavior caused by cache synchronization delays, where userInfo could temporarily return authorities for all roles/access groups instead of only assigned ones. Recommended to set to "true" for environments using gws service configuration (config server cache).
{{!}}true or false
{{!}}false
{{!}}-
{{!}}services.useNewAuth
{{!}}Controls which auth service the main chart's ingress routes traffic to. When <code>true</code>, routes /auth/ to <code>new auth (gauth-service-authentication)</code>. When <code>false</code>, routes to <code>old auth (gauth-auth)</code>. '''Note:''' If on-premise customers also use the gauth-infra-bg chart, this value must be set in sync with active.useNewAuth in that chart to avoid conflicting ingress routing
{{!}}true or false
{{!}}false
{{!}}-
{{!}}services.service_auth.externalAuth.enabled
{{!}}Deploys dedicated new auth ext pods (gauth-service-auth-ext) for handling /auth/v3/oauth/token traffic separately. Pods are deployed but only receive traffic when <code>services.useNewAuth: true.</code> '''Note:''' For on-premise customers using gauth-infra-bg, also set <code>active.externalAuth: true</code> in that chart.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}services.auth.externalAuth.enabled
{{!}}Deploys dedicated old auth ext pods (gauth-auth-ext) for handling /auth/v3/oauth/token traffic separately. Pods are deployed but only receive traffic when <code>services.useNewAuth: false</code>. '''Note:''' For on-premise customers using gauth-infra-bg, also set <code>active.externalAuth: true</code> in that chart.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}active.useNewAuth
{{!}}Controls which auth service the infra-bg chart's ingress routes traffic to. When <code>true</code>, routes /auth/ to <code>new auth (gauth-service-authentication</code>). When <code>false</code>, routes to <code>old auth (gauth-auth)</code>. '''Note:''' Must be set in sync with services.useNewAuth in the gauth chart to avoid conflicting ingress routing.
{{!}}true or false
{{!}}false
{{!}}-
{{!}}active.externalAuth
{{!}}When <code>true</code>, creates a separate ingress path for /auth/v3/oauth/token routing to the dedicated ext pods. The target (old ext or new ext) is determined by <code>active.useNewAuth</code>. '''Note:''' Corresponding ext pods must be deployed via services.service_auth.externalAuth.enabled or services.auth.externalAuth.enabled in the gauth chart.
{{!}}true or false
{{!}}true
{{!}}}
 
|Status=No
}}{{Section
|sectionHeading=Provision Consul-less Deployment
|anchor=Consul-less
|alignment=Vertical
|structuredtext=To perform Consul-less deployment, the customer should use Helm chart '''gauth-100.0.100+0250''' or newer and remove all Consul related parameters from the override file:

#<code class="_ca0qyh40 _u5f3m5ip _n3tdyh40 _19bvm5ip _2rko1sit _11c81u0j _1reo1wug _18m91wug _1dqoglyw _1e0c1nu9 _bfhktkvp _16d9qvcn _syaz1fxt _vwz41kw7 _1i4q1hna _o5721jtm" data-renderer-mark="true">consul</code> section.
#<code class="_ca0qyh40 _u5f3m5ip _n3tdyh40 _19bvm5ip _2rko1sit _11c81u0j _1reo1wug _18m91wug _1dqoglyw _1e0c1nu9 _bfhktkvp _16d9qvcn _syaz1fxt _vwz41kw7 _1i4q1hna _o5721jtm" data-renderer-mark="true">services.secrets.secretProviderClassNames.consul_token</code> parameter.
#<code class="_ca0qyh40 _u5f3m5ip _n3tdyh40 _19bvm5ip _2rko1sit _11c81u0j _1reo1wug _18m91wug _1dqoglyw _1e0c1nu9 _bfhktkvp _16d9qvcn _syaz1fxt _vwz41kw7 _1i4q1hna _o5721jtm" data-renderer-mark="true">auth_ui.consul</code> section.

If deployment with Consul is desired, charts '''gauth-100.0.016+0247''' from the release '''100.0.016.4359''' can be used to deploy newer versions of GAuth components.
|Status=No
}}{{Section
|sectionHeading=Configure Kubernetes
|anchor=Kubernetes
|alignment=Vertical
|structuredtext=The sections below provide more information about configuring Kubernetes.

===ConfigMaps===
Genesys Authentication includes separate ConfigMaps for PostgreSQL and Redis configuration.

'''PostgreSQL - configmap-pg.yaml'''
<source lang="text">{{- if or .Values.postgres.configmap.create .Values.postgres.deploy }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "configmap.postgres" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gauth.labels" . | nindent 4 }}
gauth: postgres
data:
db: {{ required "Missing required parameter 'postgres.password'" .Values.postgres.db |quote}}
host: {{ default ( include "name.postgres" . ) .Values.postgres.host |quote}}
port: {{ default ( include "port.postgres.service" . ) .Values.postgres.port |quote }}
{{- end }}</source>

'''Redis - configmap-redis.yaml'''
<source lang="text">
{{ if or .Values.redis.configmap.create .Values.redis.deploy }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "configmap.redis" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gauth.labels" . | nindent 4 }}
gauth: redis
data:
cluster_nodes: {{ default ( include "service.redis" . ) .Values.redis.cluster_nodes | quote}}
{{end}}</source>

===Secrets===
The following Genesys Authentication services artifacts are stored as Kubernetes secrets:

*Administrator user credentials for the Authentication API and Environment API services.
*OAuth 20 client IDs and client secrets for the Authentication API and Environment API services.
*PostgreSQL database credentials for the Environment API service.
*PostgreSQL database credentials for the Authentication API service.
*Java keystore password for Authentication API service.
*Credentials for access to a password-protected Redis (Access Key) for the Authentication API service.
|Status=No
}}{{Section
|sectionHeading=Configure security
|anchor=Security
|alignment=Vertical
|structuredtext=To learn more about how security is configured for private edition, be sure to read the {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=Prerequisites|display text=Permissions}} topic in the ''Setting up Genesys Multicloud CX Private Edition'' guide.

The security context settings define the privilege and access control settings for pods and containers.

By default, the user and group IDs are set in the '''values.yaml''' file as <tt>500:500:500</tt>, meaning the '''genesys''' user.
<syntaxhighlight>
optional:
securityContext:
runAsUser: 500
runAsGroup: 500
fsGroup: 500
runAsNonRoot: true
</syntaxhighlight> 
|Status=No
}}
}}

RN/GenesysWeb Services and Applications/9.0.003.48

2026-05-20T12:30:51Z

{{ComponentRN
|ComponentId=d8ae146d-0abb-4c7e-8a14-3be0a382a3d5
|JQL=issue in (GAPI-39761, GAPI-39752, GAPI-39431, GAPI-39430, GAPI-39276, GAPI-39795, GAPI-39794, GAPI-39551)
|DeploymentTypeId=8b480b3c-2733-433a-9166-eab2c2d0663a
|ReleaseDate=2026-05-20
|PrivateEditionReleaseDate=2026-05-20
|Highlight=Contains new features, Security updates and resolved issues.
|Containers=*gws-app-provisioning:9.0.001.21
*gws-app-workspace:9.0.001.17
*gws-platform-chat:9.0.000.69
*gws-platform-configuration:9.0.001.06
*gws-platform-datacollector:9.0.000.76
*gws-platform-ixn:9.0.000.68
*gws-platform-ocs:9.0.000.71
*gws-platform-setting:9.0.000.76
*gws-platform-statistics:9.0.000.86
*gws-platform-ucs:9.0.000.67
*gws-platform-voice:9.0.000.91
*gws-service-configuration:9.0.000.12
*gws-services-2.0.2.tgz
*gws-monitoring-1.0.24.tgz
*gws-ingress-1.0.46.tgz
}}
{{Issue
|TicketNumber=GAPI-39794
|IssueCategoryId=5c483167-c133-4dc5-87c0-bd2719670bc1
|LocalContent=Added support for Prometheus v3, including proper Content-Type handling for metrics scraping
}}
{{Issue
|TicketNumber=GAPI-39761
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=GWS Data Collector service has been upgraded from Elasticsearch REST High Level Client 7.x to Elasticsearch Java API Client 8.x. Data collector service now supports both ES8 and ES9 versions of Elasticsearch.
}}
{{Issue
|TicketNumber=GAPI-39752
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=GWS9 - Update to Spring-Boot 3.5 and JDK21 Support
}}
{{Issue
|TicketNumber=GAPI-39431
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Upgrade gws workspace service to node22
}}
{{Issue
|TicketNumber=GAPI-39430
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Upgrade gws provisioning service to node 22
}}
{{Issue
|TicketNumber=GAPI-39276
|IssueCategoryId=c749afa5-fd21-49e4-83d4-0e6ebd8ed618
|LocalContent=Security patches and vulnerability fixes for system and application libraries.
}}
{{Issue
|TicketNumber=GAPI-39551
|IssueCategoryId=5c483167-c133-4dc5-87c0-bd2719670bc1
|LocalContent=Previously, Agents couldn’t log in a voice channel in WWE if SIP Cluster configuration had non-existing SIP node in the list of SIP Cluster nodes. Now, GWS filters non-existing SIP Cluster Nodes and allows Agents to log in the voice channel.
}}

Draft:RN/GenesysWeb Services and Applications/9.0.003.48

2026-05-20T09:30:56Z

{{ComponentRN
|ComponentId=d8ae146d-0abb-4c7e-8a14-3be0a382a3d5
|JQL=issue in (GAPI-39761, GAPI-39752, GAPI-39431, GAPI-39430, GAPI-39276, GAPI-39795, GAPI-39794, GAPI-39551)
|DeploymentTypeId=8b480b3c-2733-433a-9166-eab2c2d0663a
|ReleaseDate=2026-05-20
|PrivateEditionReleaseDate=2026-05-20
|Highlight=Contains new features, Security updates and resolved issues.
|Containers=*gws-app-provisioning:9.0.001.21
*gws-app-workspace:9.0.001.17
*gws-platform-chat:9.0.000.69
*gws-platform-configuration:9.0.001.06
*gws-platform-datacollector:9.0.000.76
*gws-platform-ixn:9.0.000.68
*gws-platform-ocs:9.0.000.71
*gws-platform-setting:9.0.000.76
*gws-platform-statistics:9.0.000.86
*gws-platform-ucs:9.0.000.67
*gws-platform-voice:9.0.000.91
*gws-service-configuration:9.0.000.12
*gws-services-2.0.2.tgz
*gws-monitoring-1.0.24.tgz
*gws-ingress-1.0.46.tgz
}}
{{Issue
|TicketNumber=GAPI-39794
|IssueCategoryId=5c483167-c133-4dc5-87c0-bd2719670bc1
|LocalContent=Added support for Prometheus v3, including proper Content-Type handling for metrics scraping
}}
{{Issue
|TicketNumber=GAPI-39761
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=GWS Data Collector service has been upgraded from Elasticsearch REST High Level Client 7.x to Elasticsearch Java API Client 8.x. Data collector service now supports both ES8 and ES9 versions of Elasticsearch.
}}
{{Issue
|TicketNumber=GAPI-39752
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=GWS9 - Update to Spring-Boot 3.5 and JDK21 Support
}}
{{Issue
|TicketNumber=GAPI-39431
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Upgrade gws workspace service to node22
}}
{{Issue
|TicketNumber=GAPI-39430
|IssueCategoryId=720446c8-10b6-42b8-af36-34a298aa1c72
|LocalContent=Upgrade gws provisioning service to node 22
}}
{{Issue
|TicketNumber=GAPI-39276
|IssueCategoryId=c749afa5-fd21-49e4-83d4-0e6ebd8ed618
|LocalContent=Security patches and vulnerability fixes for system and application libraries.
}}
{{Issue
|TicketNumber=GAPI-39551
|IssueCategoryId=5c483167-c133-4dc5-87c0-bd2719670bc1
|LocalContent=Previously, Agents couldn’t log in a voice channel in WWE if SIP Cluster configuration had non-existing SIP node in the list of SIP Cluster nodes. Now, GWS filters non-existing SIP Cluster Nodes and allows Agents to log in the voice channel.
}}

Draft:RN/GenesysWeb Services and Applications/9.0.003.47

2026-05-20T09:30:54Z

WikiSysop: Redirected page to Draft:RN/GenesysWeb Services and Applications/9.0.003.48

#REDIRECT [[Draft:RN/GenesysWeb Services and Applications/9.0.003.48]]