Difference between revisions of "GWS/Current/GWSPEGuide/ConfigureIngress"

From Genesys Documentation
Jump to: navigation, search
(Published)
 
Line 8: Line 8:
 
|anchor=override
 
|anchor=override
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=You can specify parameters for the deployment by overriding Helm chart values in the '''values.yaml''' file. See the tables below for a full list of overridable values available for each container in GWS Ingress.
+
|structuredtext=You can specify parameters for the deployment by overriding Helm chart values in the '''values.yaml''' file. <!-- See the tables below for a full list of overridable values available for each container in GWS Ingress.-->
  
 
For more information about how to override Helm chart values, see {{SuiteLevelLink|helmoverride}} in the ''Setting up Genesys Engage Cloud Private Edition'' guide.
 
For more information about how to override Helm chart values, see {{SuiteLevelLink|helmoverride}} in the ''Setting up Genesys Engage Cloud Private Edition'' guide.
  
 
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the '''values.yaml''' file, so that no user or group IDs are specified. For details, see {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=ConfigureIngress|anchor=security|display text=Configure security}} below.
 
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the '''values.yaml''' file, so that no user or group IDs are specified. For details, see {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=ConfigureIngress|anchor=security|display text=Configure security}} below.
{{{!}} class="wikitable"
 
{{!}}+Parameters
 
!Parameter
 
!Description
 
!Valid values
 
!Default
 
{{!}}-
 
{{!}}podLabels
 
{{!}}Custom labels for each pod.
 
{{!}}A valid set of labels as "name: value"
 
{{!}}{}
 
{{!}}-
 
{{!}}podAnnotations
 
{{!}}Custom annotations for each pod.
 
{{!}}A valid set of annotations as "name: value"
 
{{!}}{}
 
{{!}}-
 
{{!}}priorityClassName
 
{{!}}The class name Kubernetes uses to determine the priority of the pods for this container deployment relative to other pods. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ Kubernetes documentation] for details.
 
{{!}}A valid priority class name
 
{{!}}""
 
{{!}}-
 
{{!}}deploymentGlobals.deploymentTag
 
{{!}}The deployment tag used as a suffix for the names of Kubernetes objects created by the chart. The value must be the same as the value in the {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=globalP|display text=GWS Helm chart}}.
 
{{!}}{{Editgrn open}}JM: What are the valid values?{{Editgrn close}}
 
{{!}}"live"
 
{{!}}-
 
{{!}}deploymentGlobals.strategy
 
{{!}}The strategy GWS Ingress uses to upgrade its containers.
 
{{!}}RollingUpdate or Recreate
 
{{!}}"RollingUpdate"
 
{{!}}-
 
{{!}}deploymentGlobals.securityContext.runAsNonRoot
 
{{!}}Specifies whether the container must run as a non-root user.
 
{{!}}true or false
 
{{!}}true
 
{{!}}-
 
{{!}}deploymentGlobals.securityContext.runAsUser
 
{{!}}The user ID to run the entry point of the container process. In OpenShift, if your deployment uses arbitrary UIDs set this value to null.
 
{{!}}A valid user ID or null
 
{{!}}500
 
{{!}}-
 
{{!}}deploymentGlobals.securityContext.runAsGroup
 
{{!}}The group ID to run the entry point of the container process. In OpenShift, if your deployment uses arbitrary UIDs set this value to null.
 
{{!}}A valid group ID or null
 
{{!}}500
 
{{!}}-
 
{{!}}deploymentGlobals.securityContext.fsGroup
 
{{!}}A supplemental group ID that applies to all containers in a pod. In OpenShift, if your deployment uses arbitrary UIDs set this value to null.
 
{{!}}A valid group ID or null
 
{{!}}500
 
{{!}}-
 
{{!}}nodeSelector
 
{{!}}The labels Kubernetes uses to assign pods to nodes. See the [https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector Kubernetes documentation] for details.
 
{{!}}Valid nodeSelector settings.
 
{{!}}{}
 
{{!}}-
 
{{!}}gwsServiceProxy.deployment.replicaCount
 
{{!}}The number of pod replicas in this deployment.
 
{{!}}A number greater than 0
 
{{!}}2
 
{{!}}-
 
{{!}}gwsServiceProxy.image.registry
 
{{!}}The Docker registry from which Kubernetes pulls images.
 
{{!}}A valid registry URL
 
{{!}}""
 
{{!}}-
 
{{!}}gwsServiceProxy.image.repository
 
{{!}}The name of the Docker registry repository.
 
{{!}}A valid repository name
 
{{!}}"gws-system-nginx"
 
{{!}}-
 
{{!}}gwsServiceProxy.image.pullPolicy
 
{{!}}Specifies when Kubernetes pulls images from the registry on start up.
 
{{!}}IfNotPresent or Always
 
{{!}}"Always"
 
{{!}}-
 
{{!}}gwsServiceProxy.image.imagePullSecrets
 
{{!}}The secret Kubernetes uses to get credentials to pull images from the registry.
 
{{!}}A valid secret
 
{{!}}[]
 
{{!}}-
 
{{!}}gwsServiceProxy.context.sessionCookieName
 
{{!}}The cookie name for sticky sessions.
 
{{!}}A valid cookie name
 
{{!}}"GWSSESSIONID"
 
{{!}}-
 
{{!}}gwsServiceProxy.context.env.CONSUL_PORT
 
{{!}}The port of the local Consul agent.
 
{{!}}A valid port
 
{{!}}8500
 
{{!}}-
 
{{!}}gwsServiceProxy.context.env.GWS_NGINX_CONSUL_ENABLED
 
{{!}}Specifies whether Consul is enabled.
 
{{!}}{{Editgrn open}}JM: What are the valid values?{{Editgrn close}}
 
{{!}}"off"
 
{{!}}-
 
{{!}}gwsServiceProxy.context.env.GWS_NGINX_ENABLE_MAPPING
 
{{!}}Specifies whether mapping is enabled in Nginx.
 
{{!}}true or false
 
{{!}}false
 
{{!}}-
 
{{!}}gwsServiceProxy.context.env.GWS_NGINX_CONSUL_SERVICE
 
{{!}}The name of the Consul service.
 
{{!}}A valid name
 
{{!}}"system-nginx"
 
{{!}}-
 
{{!}}gwsServiceProxy.context.env.GWS_CONSUL_KV_PREFIX
 
{{!}}The prefix used to locate GWS Ingress data in the Consul KV datastore.
 
{{!}}String
 
{{!}}""
 
{{!}}-
 
{{!}}gwsServiceProxy.livenessProbe.startupDelay
 
{{!}}Specifies the time in seconds to wait before performing the first liveness probe.
 
{{!}}Number
 
{{!}}5
 
{{!}}-
 
{{!}}gwsServiceProxy.livenessProbe.checkInterval
 
{{!}}Specifies the interval in seconds between liveness probes.
 
{{!}}Number
 
{{!}}10
 
{{!}}-
 
{{!}}gwsServiceProxy.readinessProbe.startupDelay
 
{{!}}Specifies the time in seconds to wait before performing the first readiness probe.
 
{{!}}Number
 
{{!}}15
 
{{!}}-
 
{{!}}gwsServiceProxy.readinessProbe.checkInterval
 
{{!}}Specifies the interval in seconds between readiness probes.
 
{{!}}Number
 
{{!}}20
 
{{!}}-
 
{{!}}gwsServiceProxy.service.ports
 
{{!}}The HTTP ports used by service.
 
{{!}}A valid set of ports as "name: value","port: value"
 
{{!}}[{"name": "gws-service-proxy", "port": 80, "targetPort": 8080}, {"name": "gws-service-proxy-ext", "port": 81, "targetPort": 8081}]
 
{{!}}-
 
{{!}}entryPoints.internal.service.annotations
 
{{!}}Custom annotations for the service.
 
{{!}}A valid set of annotations as "name: value"
 
{{!}}{}
 
{{!}}-
 
{{!}}entryPoints.internal.ingress.enabled
 
{{!}}Whether ingress will start
 
{{!}}true or false
 
{{!}}true
 
{{!}}-
 
{{!}}entryPoints.internal.ingress.annotations
 
{{!}}Custom annotations for internal ingress.
 
{{!}}A valid set of annotations as "name: value"
 
{{!}}{}
 
{{!}}-
 
{{!}}entryPoints.internal.ingress.paths
 
{{!}}Paths to internal ingress, relative to the hostnames.
 
{{!}}Valid paths
 
{{!}}["/"]
 
{{!}}-
 
{{!}}entryPoints.internal.ingress.hosts
 
{{!}}List of internal ingress hostnames.
 
{{!}}Valid hostnames
 
{{!}}["gws-int.genesys.com"]
 
{{!}}-
 
{{!}}entryPoints.internal.ingress.tls
 
{{!}}List of TLS configurations for internal ingress. See {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Planning|anchor=Network|display text=Network requirements}} for an example configuration.
 
{{!}}Valid TLS configurations
 
{{!}}[]
 
{{!}}-
 
{{!}}entryPoints.external.ingress.enabled
 
{{!}}Specifies whether internal ingress will start.
 
{{!}}true or false
 
{{!}}true
 
{{!}}-
 
{{!}}entryPoints.external.ingress.annotations
 
{{!}}Custom annotations for external ingress.
 
{{!}}A valid set of annotations as "name: value"
 
{{!}}{}
 
{{!}}-
 
{{!}}entryPoints.external.ingress.paths
 
{{!}}Paths to external ingress, relative to the hostnames.
 
{{!}}Valid paths
 
{{!}}["/"]
 
{{!}}-
 
{{!}}entryPoints.external.ingress.hosts
 
{{!}}List of external ingress hostnames.
 
{{!}}Valid hostnames
 
{{!}}["gws.genesys.com"]
 
{{!}}-
 
{{!}}entryPoints.external.ingress.tls
 
{{!}}List of TLS configurations for external ingress. See {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Planning|anchor=Network|display text=Network requirements}} for an example configuration.
 
{{!}}Valid TLS configurations
 
{{!}}[]
 
{{!}}}
 
 
|Status=No
 
|Status=No
 
}}{{Section
 
}}{{Section

Revision as of 20:55, October 29, 2021

This topic is part of the manual Genesys Web Services and Applications Private Edition Guide for version Current of Genesys Web Services and Applications.

Learn how to configure GWS Ingress.

Override Helm chart values

You can specify parameters for the deployment by overriding Helm chart values in the values.yaml file.

For more information about how to override Helm chart values, see Overriding Helm chart values in the Setting up Genesys Engage Cloud Private Edition guide.

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that no user or group IDs are specified. For details, see Configure security below.

Configure Kubernetes

Create a Kubernetes secret for your API token from Consul. For more information about this token, see Consul's access control documentation. 

kubectl create secret generic gws-secrets-green -n gws --from-literal='gws-consul-token=<token-from-consul>'

Configure security

To learn more about how security is configured for private edition, be sure to read the Permissions and OpenShift security settings topics in the Setting up Genesys Engage Cloud Private Edition guide.

The security context settings define the privilege and access control settings for pods and containers.

By default, the user and group IDs are set in the values.yaml file as 500:500:500, meaning the genesys user. 

deploymentGlobals:
  securityContext:
    runAsUser: 500
    runAsGroup: 500
    fsGroup: 500
    runAsNonRoot: true

Arbitrary UIDs in OpenShift

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that you do not define any specific IDs. 

deploymentGlobals:
  securityContext:
    runAsUser: null
    runAsGroup: 0
    fsGroup: null
    runAsNonRoot: true
For details about these parameters and possible values, see deploymentGlobals.securityContext.* in the Parameters table above.

Next steps

Retrieved from "https://all.docs.genesys.com/GWS/Current/GWSPEGuide/ConfigureIngress (2025-07-14 20:08:56)"
Comments or questions about this documentation? Contact us for support!