Difference between revisions of "PrivateEdition/Current/TenantPEGuide/Deploy"

From Genesys Documentation
Jump to: navigation, search
(Published)
 
(Published)
Line 25: Line 25:
 
|anchor=Scenarios
 
|anchor=Scenarios
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=More than one deployment scenario is supported, including single region, redundant and multi-region deployment, and multi-tenant deployment.
+
|structuredtext=More than one deployment scenario is supported, including single region, redundant, and multi-region deployment as well as multi-Tenant deployment.
  
 
===Single region/location/cluster===
 
===Single region/location/cluster===
You deploy Tenant resources in a single Azure Kubernetes Service (AKS) cluster within the same or separate namespace (project) with the Voice platform. If shared resources are being deployed across all tenants, they must also be added to the same target namespace.
+
You deploy Tenant resources in a single Kubernetes cluster within the same or separate namespace (project) with the Voice platform. If shared resources are being deployed across all tenants, they must also be added to the same target namespace.
  
Before proceeding with the Tenant(s) deployment at a location, the following features are required:
+
If you plan to use Prometheus monitoring or Fluent Bit logging framework for Tenant, you must execute the '''tenant-monitor''' module, as described in {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Deploy|anchor=locationspecificdeploy|display text=tenant-monitor}}. The module enables the following features:
  
*  POD Monitor for all tenant pods
+
*Prometheus PodMonitor definition for all tenant pods.
*  FluentBit logging framework
+
*Common Fluent Bit framework configuration for all tenant pods.
  
The deployment must include the '''tenant-monitor''' module execution at a location, as described in {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Deploy|anchor=locationspecificdeploy|display text=tenant-monitor}}.
+
====Single Tenant: Basic deployment====
 
 
====Single tenant====
 
 
 
=====Basic deployment=====
 
 
Single-node deployment requires a single override file and one "tenant" module to deploy, with reference implementation described at {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Deploy|anchor=servicespecificdeploy|display text=Single service at one location}}.
 
Single-node deployment requires a single override file and one "tenant" module to deploy, with reference implementation described at {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Deploy|anchor=servicespecificdeploy|display text=Single service at one location}}.
  
Line 50: Line 46:
 
To increase the number of nodes, adjust the '''node count''' parameter. For more information, see {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Configure|anchor=scalabilityparams|display text=Scalability and redundancy parameters}}.
 
To increase the number of nodes, adjust the '''node count''' parameter. For more information, see {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Configure|anchor=scalabilityparams|display text=Scalability and redundancy parameters}}.
  
=====Upgrade=====
+
====Upgrade====
The upgrade can be performed by re-running deployment with the same mandatory parameters and adjusted version of tenant image(s) and Helm charts. The upgrade is performed automatically, one node at a time (if '''node count''' is > 1). The update of the tenant configuration may happen automatically upon upgrade of the primary node. Genesys recommends performing a backup of the backend database for a Tenant Service before upgrading.
+
An upgrade can be performed by re-running deployment with the same mandatory parameters and adjusted version of Tenant image(s) and Helm charts. The upgrade is performed automatically, one node at a time (if '''node count''' is > 1). The update of the Tenant configuration may happen automatically when the primary node is upgraded. Genesys recommends performing a backup of the backend database for a Tenant Service before upgrading.
 
 
====Multiple tenants at one location====
 
  
=====Basic deployment=====
+
====Multiple Tenants at one location: Basic deployment====
Additional tenants can be deployed at the same location with following guidelines:
+
You can deploy additional Tenants at the same location using the following guidelines:
  
 
*Each Tenant Service must have a unique tenant uuid, shortid, and nickname.
 
*Each Tenant Service must have a unique tenant uuid, shortid, and nickname.
Line 63: Line 57:
 
}}{{Section
 
}}{{Section
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext====Multiple regions/locations/clusters===
+
|structuredtext====Multiple regions/locations/clusters: Basic deployment===
 
+
In multi-regional/multi-location deployments, one region/location is considered "master" (from the Tenant perspective) and includes the database backend with <tt>write</tt> capabilities. Other regions/locations have replicas of the database backend in read-only mode. A Tenant Service at each location may be deployed to have one of its nodes running as master (<tt>write</tt> access to provisioning data through the config API) or have all its nodes running only as replicas (<tt>read</tt> access to configuration).  
====Basic deployment====
 
In multi-regional/multi-location deployments, one region/location is considered "master" (from a tenant perspective) and includes the database backend with write capabilities. Other regions/locations have replicas of the database backend in read-only mode.  A Tenant Service at each location may be deployed to have one of its nodes running as master (write access to provisioning data via config API) or have all its nodes running only as replicas (read access to configuration).  
 
  
Multi-regional deployments have to be done according to these steps (with pre-requisites already satisfied at each region/location):
+
Multi-regional deployments must be performed using the following steps (with prerequisites already satisfied at each region/location):
  
*If required, deploy the '''tenant-monitor''' module at a location planned as a master tenant node.
+
*If required, deploy the '''tenant-monitor''' module at a location planned as a Master Tenant node.
*Complete basic deployment of a Tenant Service in the master region, including specification of DR parameters for master, as per {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Configure|anchor=scalabilityparams|display text=Scalability and redundancy parameters}}.
+
*Complete the basic deployment of a Tenant Service in the Master region, including specification of DR parameters for the Master, as per {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Configure|anchor=scalabilityparams|display text=Scalability and redundancy parameters}}.
*Complete deployment of the database backend with replica of master database at location(s) where replica tenant nodes are expected to run, including provisioning of access keys/secrets to access local replica.
+
*Complete the deployment of the database backend with replica of the Master database at location(s) where the replica Tenant nodes are expected to run, including provisioning of access keys/secrets to access the local replica.
*If required, deploy the '''tenant-monitor''' module at location(s) , where replicas are expected to run.
+
*If required, deploy the '''tenant-monitor''' module at location(s) where replicas are expected to run.
*Complete basic tenant deployment for additional region(s) and specify DR parameters for a master region (see {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Configure|anchor=scalabilityparams|display text=Scalability and redundancy parameters}}).
+
*Complete the basic Tenant deployment for additional region(s) and specify DR parameters for the Master region (see {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Configure|anchor=scalabilityparams|display text=Scalability and redundancy parameters}}).
  
The same customization scenarios discussed for tenant nodes can be applied for each location independently.  
+
The same customization scenarios described for Tenant nodes can be applied for each location independently.  
  
 
====Upgrade====
 
====Upgrade====
Can be performed by re-running deployment with the same mandatory parameters and adjusted  version of tenant image(s) and helm charts for every location. Update of tenant configuration may happen automatically upon upgrade of master node in master region. It is recommended to perform back up of the backend database for a Tenant Service before upgrading the master region.
+
An upgrade can be performed by re-running the deployment with the same mandatory parameters and adjusted version of the Tenant image(s) and Helm charts for every location. Update of the tenant configuration may happen automatically when the Master node in the Master region is upgraded. Genesys recommends performing a backup of the backend database for a Tenant Service before you upgrade the Master region.
 
|Status=No
 
|Status=No
 
}}{{Section
 
}}{{Section
Line 86: Line 78:
 
|alignment=Vertical
 
|alignment=Vertical
 
|structuredtext=This section provides reference commands with key parameters that are required to complete each deployment step.
 
|structuredtext=This section provides reference commands with key parameters that are required to complete each deployment step.
 +
 +
On this page, the '''tenant-values.yaml''' file refers to the '''values.yaml''' file in the Tenant Helm chart. Likewise, the '''tenant-monitor-values.yaml''' file refers to the '''values.yaml''' file in the Tenant Monitor Helm chart.
 
===Prerequisite===
 
===Prerequisite===
 
Before proceeding with the Tenant Service deployment, ensure you have completed procedures in the {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Configure|anchor=ConfigSecurity|display text=Configure security}} section of this guide.
 
Before proceeding with the Tenant Service deployment, ensure you have completed procedures in the {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Configure|anchor=ConfigSecurity|display text=Configure security}} section of this guide.
Line 94: Line 88:
 
Monitoring/logging shared configuration and infrastructure deployment:<source lang="text">
 
Monitoring/logging shared configuration and infrastructure deployment:<source lang="text">
 
helm upgrade --install --force --wait --timeout 600s -n voice  tenant-monitor https://<jfrog artifactory/helm location>/tenant-monitor-$TENANT_MANIFEST_VERSION.tgz  --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 600s -n voice  tenant-monitor https://<jfrog artifactory/helm location>/tenant-monitor-$TENANT_MANIFEST_VERSION.tgz  --username "$JFROG_USER" --password "$JFROG_PASSWORD"
</source>To enable fluent bit logging and Prometheus monitoring, the following overrides can be used with tenant-monitor:<source lang="text">
+
</source>
 +
 
 +
To enable Prometheus monitoring, you can use the following overrides with tenant-monitor. Use the following changes in the '''tenant-monitor-values.yaml''' file to implement the changes:
 +
<source lang="text">
 
prometheus:
 
prometheus:
 
   podMonitor:
 
   podMonitor:
 
     create: "true"
 
     create: "true"
+
</source>
 +
 
 +
To enable Fluent Bit to send additional logs to stdout in json format (for selected Tenant functions, such as configuration audit) and/or raw format (such as from internal applications such as StatServer and URS), modify the following changes to upgrade tenant-monitor. Use the following changes in the '''tenant-monitor-values.yaml''' file to implement the changes.
 +
 
 +
<source lang="text">
 
fluent:
 
fluent:
 
   enable: "true"
 
   enable: "true"
</source>Enable Persistent Volume Claim to store tenant logs, then the following overrides can be  used with tenant-monitor (logStorageClass must be provided by the infrastructure team):<source lang="text">
+
  rawlogs:
 +
    stdout:
 +
      enable: "true"
 +
  jsonlogs:
 +
    stdout:
 +
      enable: "true"
 +
</source>
 +
 
 +
To enable RWX Persistent Volume Claim (PVC) in tenant-monitor to store Tenant logs shared across all Tenant pods, make the following modifications to override values in the '''tenant-monitor-values.yaml''' file:
 +
 
 +
<source lang="text">
 
tenant:
 
tenant:
 
   logging:
 
   logging:
Line 110: Line 121:
 
       logClaim: "tenant-logs-pvc"
 
       logClaim: "tenant-logs-pvc"
 
       logClaimSize: "5Gi"
 
       logClaimSize: "5Gi"
       logStorageClass: "azure-files"
+
       logStorageClass: "<storage class>"
       Storageprovisioner: "TBD OC provosioner"
+
       Storageprovisioner: "TBD OC provisioner"
 
       parameters: {}
 
       parameters: {}
 
</source>
 
</source>
 +
 +
RWX PV is disabled by default; no overrides are required in the '''tenant-monitor-values.yaml''' file to disable it.
 +
 
{{AnchorDiv|servicespecificdeploy}}
 
{{AnchorDiv|servicespecificdeploy}}
  
===Service-specific deployment steps===
+
===Service-specific deployment steps: Single service at one location===
====Single service at one location====
+
Use the following template if you are deploying with the tenant Helm chart. A single-service deployment can be implemented with the following sample parameters in the '''tenant-values.yaml''' file:
A single-service deployment can be implemented with these sample parameters in '''tenant-node-values.yaml''':<source lang="text">
+
 
tenantid: 9350e2fc-a1dd-4c65-8d40-1f75a2e080dd
+
<source lang="text">
 
+
##UUID 4 format ( Set a new UUID for new tenant deployment)
replicaCount: 1
+
tenantid: <tenant-uuid>
pgdb:
+
  dbhost: "/opt/genesys/dbserver/dbserver"
+
   dbuser: "/opt/genesys/dbuser/dbuser"
+
serviceAccount:
   dbname: "/opt/genesys/dbname/dbname"
+
    create: true
   pgpwdSecretName: "/opt/genesys/dbpassword/dbpassword"
+
   usesecret: "true"
+
images:
      
+
   imagePullSecrets: mycred
pullSecrets: mycred
+
   registry: <docker-repo>
 
+
   pullPolicy: Always
 +
   tenant:
 +
     tag: <version of tenant service>
 +
 +
  pgdbInit:
 +
    tag: <version of tenant service>
 
    
 
    
image:
+
   rcsInit:
   registry: <docker-repo>
+
    tag: <version of roles service batch image>
  tag: <version of tenant service>
+
     enable: "true"
 
+
   
initcontianer:
+
   pulseInit:
  registry: <docker-repo>
+
    tag: <version of tenant service>
  tag: <version of tenant service>
+
     enable: "true"
      
+
     pulseMode: "setup"
addonpulseinitcontainer:
+
  registry: <docker-repo>
 
  tag: <version of tenant service>
 
  enable: "true"
 
  pulsemode: "setup"  
 
    
 
rcsinitcontianer:
 
  enable: "true"
 
  registry: <docker-repo>
 
  tag: <version of roles service batch image>
 
 
 
      
 
resources:
 
  limits:
 
    cpu: "2"
 
     memory: 4Gi
 
  requests:
 
    cpu: "1"
 
    memory: 1Gi
 
 
 
containerSecurityContext:
 
  readOnlyRootFilesystem: false
 
  runAsNonRoot: true
 
  runAsUser: 500
 
  runAsGroup: 500
 
 
    
 
    
service:
+
  type: ClusterIP
 
 
 
 
 
 
tenant:
 
tenant:
   serviceuser: "default"
+
   general:
  serviceuserpwd: "<random-password-string>"
+
    upstreamServices: voice-sipfe:9101,voice-config:9100,ixn-server-{{ $.Values.tenantid }}:7120,ixn-vqnode-{{ $.Values.tenantid }}:7122"
   consul:
+
   pgdb:
     acl:
+
     dbhost: "/opt/genesys/dbserver/dbserver"
      usetoken: "true"
+
    dbuser: "/opt/genesys/dbuser/dbuser"
      token: "/opt/genesys/consul-shared-secret/consul-consul-voice-token"  
+
    dbname: "/opt/genesys/dbnamet102/dbname"
        
+
  securityContext:
   volumes: |
+
    fsGroup: 0        
     - name: fluent-logs
+
      emptyDir: {}
+
  logging
    - name: tenants-fluent-bit-config
+
....
      configMap:
+
   volumes:  
         name: tenants-fluent-bit-config
+
     logPvc:
     - name: consul-shared-secret
+
        enabled: "true"
       secret:
+
        logClaimSize: "5Gi"
         secretName: consul-voice-token
+
        accessModes: "ReadWriteOnce"
    - name: dbserver
+
         logStorageClass: "<storage class>"  #Replace the storage class that's relevant to the Openshift Cluster
      secret:
+
 
        secretName: dbserver
+
     mounts:
     - name: dbname
+
       log:
       secret:
+
         - name: log
         secretName: dbname
+
          mountPath: /opt/genesys/logs/volume
    - name: dbuser
+
        - name: log
       secret:
+
          mountPath: /logs
         secretName: dbuser
+
  secrets:
    - name: dbpassword
+
     pgdb:
      secret:
+
       pwd:          
        secretName: dbpassword
+
         secretName: "/opt/genesys/dbpassword/dbpassword"
    - name: redis-config-secret
+
        secretKey: "dbpassword"
      secret:
+
       volumes: |
        defaultMode: 420
+
         - name: dbpassword
         secretName: redis-config-token
+
          secret:
    - name: kafka-secrets
+
            secretName: dbpassword
      secret:
+
        - name: dbserver
        defaultMode: 420
+
          secret:
         secretName: kafka-secrets-token     
+
            secretName: dbserver
    - name: redis-tenant-secret
+
         - name: dbnamet102
      secret:
+
          secret:
        defaultMode: 420
+
            secretName: dbname
        secretName: redis-tenant-token
+
         - name: dbuser
 
+
          secret:
   
+
            secretName: dbuser                       
  volumeMounts: |
+
      mounts:
    - name: fluent-logs
+
        - name: dbpassword
      mountPath: "/opt/genesys/logs/JSON"
+
          readOnly: true
    - name: consul-shared-secret
+
          mountPath: "/opt/genesys/dbpassword"
      readOnly: true
+
        - name: dbserver
      mountPath: "/opt/genesys/consul-shared-secret"  
+
          readOnly: true
    - name: dbserver
+
          mountPath: "/opt/genesys/dbserver"  
      readOnly: true
+
        - name: dbnamet102
      mountPath: "/opt/genesys/dbserver"
+
          readOnly: true
    - name: dbname
+
          mountPath: "/opt/genesys/dbname"
      readOnly: true
+
        - name: dbuser
      mountPath: "/opt/genesys/dbname"  
+
          readOnly: true
     - name: dbuser
+
          mountPath: "/opt/genesys/dbuser"                        
       readOnly: true
+
      mountPath: "/opt/genesys/dbuser"  
+
     consul:
    - name: dbpassword
+
       acl:
       readOnly: true
+
        secretName: "/opt/genesys/consul-shared-secret/consul-consul-voice-token"
      mountPath: "/opt/genesys/dbpassword"  
+
      volumes:
     - name: redis-config-secret
+
        - name: consul-shared-secret
       readOnly: true
+
          secret:
      mountPath: "/opt/genesys/redis-config-secret"
+
            secretName: consul-voice-token             
    - name: redis-tenant-secret
+
       mounts:
      readOnly: true
+
        - name: consul-shared-secret
      mountPath: "/opt/genesys/redis-tenant-secret"
+
          readOnly: true
    - name: kafka-secrets
+
          mountPath: "/opt/genesys/consul-shared-secret"    
       readOnly: true
+
     redis:
      mountPath: "/opt/genesys/kafka-secrets"
+
       configPwd:
     
+
        secretName: "/opt/genesys/redis-config-secret/redis-config-state"
 
+
        volumes:
  initVolumeMounts: |
+
          - name: redis-config-secret
    - name: consul-shared-secret
+
            secret:
      readOnly: true
+
              secretName: redis-config-token             
      mountPath: "/opt/genesys/consul-shared-secret"      
+
        mounts:
     - name: dbserver
+
          - name: redis-config-secret
       readOnly: true
+
            readOnly: true
      mountPath: "/opt/genesys/dbserver"
+
            mountPath: "/opt/genesys/redis-config-secret"  
    - name: dbname
+
       
       readOnly: true
+
       streamPwd:        
      mountPath: "/opt/genesys/dbname"  
+
        secretName: "/opt/genesys/redis-tenant-secret/redis-tenant-stream"
     - name: dbuser
+
        volumes:
       readOnly: true
+
          - name: redis-tenant-secret
      mountPath: "/opt/genesys/dbuser"  
+
            secret:
    - name: dbpassword
+
              secretName: redis-tenant-token             
       readOnly: true
+
        mounts:
      mountPath: "/opt/genesys/dbpassword"
+
          - name: redis-tenant-secret
 
+
            readOnly: true
     
+
            mountPath: "/opt/genesys/redis-tenant-secret"      
gws:
+
  enabled: "false"
+
     kafka:
 
+
       pwd:
redis:
+
        secretName: "/opt/genesys/kafka-secrets/kafka-secrets"
  enabled: "true"
+
      volumes: 
  port: 6379
+
        - name: kafka-secrets
  isCluster: true
+
          secret:
  usesecret: "true"
+
            secretName: kafka-secrets-token
  usesecretenv: "false"
+
       mounts:
  redisCacheSecretName: "/opt/genesys/redis-config-secret/redis-config-state"
+
        - name: kafka-secrets
  redisTenantSecretName: "/opt/genesys/redis-tenant-secret/redis-tenant-stream"
+
          mountPath: "/opt/genesys/kafka-secrets"
 
+
     gws:
kafka:
+
       user:
  enabled: "true"
+
        secretName: "/opt/genesys/gauth-client-id/clientid"
  usesecret: "true"
+
       pwd:
  usesecretenv: "false"
+
        secretName: "/opt/genesys/gauth-client-token/clientsecret"
  kafkaSecretName: "/opt/genesys/kafka-secrets/kafka-secrets"
+
      volumes:
 +
        - name: gauth-client-id
 +
          secret:
 +
            secretName: gauthclientid   
 +
        - name: gauth-client-token
 +
          secret:
 +
            secretName: gauthclientsecret   
 +
      mounts:        
 +
        - name: gauth-client-id
 +
          readOnly: true
 +
          mountPath: "/opt/genesys/gauth-client-id"
 +
        - name: gauth-client-token
 +
          readOnly: true
 +
          mountPath: "/opt/genesys/gauth-client-token"
 +
 +
 
   
 
   
serviceAccount:
+
  redis:
  create: true
+
    isCluster: true
</source>In addition, use the following deployment command:<source lang="text">
+
</source>
 +
 
 +
In addition, use the following deployment command:<source lang="text">
 
helm upgrade --install --force --wait --timeout 600s -n voice -f ./tenant-node-values.yaml tenant<shortid> https://<jfrog artifactory/helm location>/tenant-<helm version>.tgz --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 600s -n voice -f ./tenant-node-values.yaml tenant<shortid> https://<jfrog artifactory/helm location>/tenant-<helm version>.tgz --username "$JFROG_USER" --password "$JFROG_PASSWORD"
</source>Above deployment will create a Tenant with the password of the service account set up explicitly and without enabling GWS integration. See {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Deploy|anchor=SamplesReferences|display text=Samples and references}} for values that allow you to reset the Tenant password upon deployment using a pre-generated value from the secret and to enable automated GWS integration.
+
</source>The preceding deployment will create a Tenant with the password of the service account set up explicitly and without enabling GWS integration. See {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Deploy|anchor=enablegws|display text=Samples and references}} for values that allow you to reset the Tenant password upon deployment using a pre-generated value from the secret and to enable automated GWS integration.
|Status=No
 
}}{{Section
 
|sectionHeading=Deploy in OpenShift
 
|anchor=DeployinOpenshift
 
|alignment=Vertical
 
|structuredtext={{Notices|Notice=PEComingSoon}}
 
 
|Status=No
 
|Status=No
 
}}{{Section
 
}}{{Section
Line 317: Line 320:
 
     ....
 
     ....
 
</source>
 
</source>
Enabling GWS integration (the secret should be created as described in the {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Configure|anchor=servicespecificsecrets|display text=Genesys Authentication backend secrets}} section):
+
 
 +
{{AnchorDiv|logstostdout}}
 +
To enable stdout log output for all Tenant components, make the following modifications to override values in the '''tenant-values.yaml''' file.
 +
 
 
<source lang="text">
 
<source lang="text">
 +
images
 +
fbregistry: fluent/fluent-bit
 
...
 
...
gws:
+
  fluentBit:
   enabled: "true"
+
    enable: "true"
   usesecret: "true"
+
    name: json-sidecar
   gwsuserSecretName: "/opt/genesys/gauth-client-id/clientid"
+
    tag: 1.8.x
   gwspwdSecretName: "/opt/genesys/gauth-client-token/clientsecret"
+
 +
   fluentBitUrs:
 +
    enable: "true"
 +
    name: stdouturs-sidecar
 +
    tag: 1.8.x
 +
 +
   fluentBitSs:
 +
    enable: "true"  
 +
    name: stdoutss-sidecar
 +
    tag: 1.8.x
 +
 +
   fluentBitOcs:
 +
    enable: "true"
 +
    name: stdoutocs-sidecar
 +
    tag: 1.8.x
 +
 +
   fluentBitCs:
 +
    enable: "true"
 +
    name: stdoutcs-sidecar
 +
    tag: 1.8.x
 
   
 
   
 
tenant:
 
tenant:
  ...
+
...
   volumes: |
+
   logging:
     - name: gauth-client-id
+
    volumes:
       secret:
+
      log:
          secretName: gauthclientid
+
        - name: log
     - name: gauth-client-token
+
      jsonLog:
       secret:
+
        - name: fluent-logs 
          secretName: gauthclientsecret
+
          #persistentVolumeClaim:
     ....
+
          #  claimName: log-t105-0
    
+
          emptyDir: {}
   volumeMounts: |
+
      stdoutUrsLog:
     - name: gauth-client-id
+
        - name: fluenturs-logs
       readOnly: true
+
          emptyDir: {}
       mountPath: "/opt/genesys/gauth-client-id/clientid"  
+
      stdoutOcsLog:
    - name: gauth-client-token
+
        - name: fluentocs-logs
       readOnly: true
+
          emptyDir: {}
      mountPath: "/opt/genesys/gauth-client-token/clientsecret"  
+
      stdoutSsLog:
     ....
+
        - name: fluentss-logs
  initVolumeMounts: |       
+
          emptyDir: {}
    - name: gauth-client-id
+
      stdoutCsLog:
      readOnly: true
+
        - name: fluentcs-logs
      mountPath: "/opt/genesys/gauth-client-id/clientid"  
+
          emptyDir: {}       
    - name: gauth-client-token
+
      fluentBconfigmap:
      readOnly: true
+
        - configMap:
      mountPath: "/opt/genesys/gauth-client-token/clientsecret"  
+
            defaultMode: 420     
    ....
+
            name: tenants-fluent-bit-config
 +
          name: tenants-fluent-bit-config       
 +
      fluentBconfigmapCs:
 +
        - configMap:
 +
            defaultMode: 420     
 +
            name: tenants-fluent-bit-config-cs
 +
          name: tenants-fluent-bit-config-cs
 +
      fluentBconfigmapSs:
 +
        - configMap:
 +
            defaultMode: 420
 +
            name: tenants-fluent-bit-config-ss
 +
          name: tenants-fluent-bit-config-ss
 +
      fluentBconfigmapOcs:
 +
        - configMap:
 +
            defaultMode: 420
 +
            name: tenants-fluent-bit-config-ocs
 +
          name: tenants-fluent-bit-config-ocs
 +
      fluentBconfigmapUrs:
 +
        - configMap:
 +
            defaultMode: 420
 +
            name: tenants-fluent-bit-config-urs
 +
          name: tenants-fluent-bit-config-urs         
 +
     mounts:
 +
      log:
 +
        - name: log
 +
          mountPath: /opt/genesys/logs/volume
 +
        - name: log
 +
          mountPath: /logs
 +
      jsonLog:
 +
        - name: fluent-logs
 +
          mountPath: "/opt/genesys/logs/JSON"       
 +
      stdoutUrsLog:
 +
        - name: fluenturs-logs
 +
          mountPath: "/opt/genesys/logs/URS"
 +
      stdoutSsLog:
 +
        - name: fluentss-logs
 +
          mountPath: "/opt/genesys/logs/SS"
 +
      stdoutOcsLog:
 +
        - name: fluentocs-logs
 +
          mountPath: "/opt/genesys/logs/OCS"
 +
      stdoutCsLog:
 +
        - name: fluentcs-logs
 +
          mountPath: "/opt/genesys/logs/confserv"
 +
 +
      fbJsonLog:
 +
        - name: fluent-logs
 +
          mountPath: "/mnt/logs"       
 +
      fbstdoutUrsLog:
 +
        - name: fluenturs-logs
 +
          mountPath: "/mnt/logs"
 +
      fbstdoutSsLog:
 +
        - name: fluentss-logs
 +
          mountPath: "/mnt/logs"
 +
      fbstdoutOcsLog:
 +
        - name: fluentocs-logs
 +
          mountPath: "/mnt/logs"
 +
      fbstdoutCsLog:
 +
        - name: fluentcs-logs
 +
          mountPath: "/mnt/logs"       
 +
 +
      fluentBconfigmap:
 +
          - mountPath: /fluent-bit/etc/
 +
            name: tenants-fluent-bit-config
 +
       fluentBconfigmapCs:
 +
          - mountPath: /fluent-bit/etc/
 +
            name: tenants-fluent-bit-config-cs      
 +
      fluentBconfigmapSs:
 +
          - mountPath: /fluent-bit/etc/
 +
            name: tenants-fluent-bit-config-ss 
 +
       fluentBconfigmapOcs:
 +
          - mountPath: /fluent-bit/etc/
 +
            name: tenants-fluent-bit-config-ocs      
 +
      fluentBconfigmapUrs:
 +
          - mountPath: /fluent-bit/etc/
 +
            name: tenants-fluent-bit-config-urs
 +
</source>
 +
 
 +
{{AnchorDiv|rwopvclogging}}
 +
You can deploy Persistent Volume/Persistent Volume Claim (PV/PVC) in two ways:
 +
 
 +
#Enable ReadWriteOnce (RWO) from the tenant Helm chart, which maintains unique PVCs for each pod/replica from the same Tenant.
 +
#Enable ReadWriteMany (RWX) from the tenant-monitor Helm chart, which has multiple Tenant pods sharing the same PVC.
 +
 
 +
To enable RWO PV/PVC logging from individual Tenant pods in Statefulset, make the following modifications to override the values in the '''tenant-values.yaml''' file. RWO Persistent Volume is disabled by default.
 +
 
 +
<source lang="text">
 +
logging
 +
....
 +
   volumes:
 +
    logPvc:
 +
        enabled: "true"
 +
        logClaimSize: "5Gi"
 +
        accessModes: "ReadWriteOnce"
 +
        logStorageClass: "<storage class>"   #Replace the storage class that's relevant to the Openshift Cluster
 +
</source>
 +
 
 +
{{AnchorDiv|enablegws}}
 +
Enabling GWS integration (the secret should be created as described in the {{Link-SomewhereInThisVersion|manual=TenantPEGuide|topic=Configure|anchor=servicespecificsecrets|display text=Genesys Authentication backend secrets}} section):
 +
<source lang="text">
 +
tenant:
 +
 +
gws:
 +
    # enable: Enable GWS registeration about tenant
 +
    # tls: Enable/Disable Secure connection to GWS
 +
    # authEndpoint: GWS auth end point
 +
    # envEndpoint: GWS env end point for Registeration
 +
    # db: Pass DB infromation for GWS to connect to PSQL DB for read and store data
 +
    enable: "true"
 +
    tls: false
 +
     authEndpoint: "gauth-auth.gauth.svc.cluster.local"
 +
    envEndpoint: ""
 +
    db:
 +
      enable: "false"
 +
      read: "false"
 +
      init: "false"
 +
            secrets:
 +
……….
 +
gws:
 +
       enabled: true  
 +
       user:
 +
        secretName: "/opt/genesys/gauth-client-id/clientid"
 +
       pwd:
 +
        secretName: "/opt/genesys/gauth-client-token/clientsecret"
 +
      volumes:
 +
        - name: gauth-client-id
 +
          secret:
 +
            secretName: gauthclientid   
 +
        - name: gauth-client-token
 +
          secret:
 +
            secretName: gauthclientsecret      
 +
      mounts:        
 +
        - name: gauth-client-id
 +
          readOnly: true
 +
          mountPath: "/opt/genesys/gauth-client-id"
 +
        - name: gauth-client-token
 +
          readOnly: true
 +
          mountPath: "/opt/genesys/gauth-client-token"
 
</source>
 
</source>
Mount Persistent Volume Claim to store Tenant logs, then add the following override values in '''tenant-node-values.yaml''':
+
 
 +
{{AnchorDiv|mountpvc}}
 +
To mount the PVC to store Tenant logs, make the following modifications to override the values in the '''tenant-values.yaml''' file:
 
<source lang="text">
 
<source lang="text">
 
.....
 
.....
Line 360: Line 525:
 
tenant:
 
tenant:
 
   ...
 
   ...
  volumes: |
+
    logging:
     ...
+
     mounts:
+
       log:
    - name: log
+
         - name: log
       persistentVolumeClaim:
+
          mountPath: /opt/genesys/logs/volume
         claimName: tenant-logs-pvc
+
        - name: log
+
          mountPath: /logs
    ...
 
 
  volumeMounts: |
 
    .....
 
 
    - mountPath: /opt/genesys/logs/volume
 
      name: log
 
    - mountPath: /logs
 
      name: log
 
 
    ......
 
 
  initVolumeMounts: |
 
    ........
 
 
    - mountPath: /opt/genesys/logs/volume
 
      name: log
 
    - mountPath: /logs
 
      name: log
 
 
.....
 
 
</source>
 
</source>
 
|Status=No
 
|Status=No

Revision as of 18:01, November 1, 2021

This topic is part of the manual Tenant Service Private Edition Guide for version Current of Genesys Multicloud CX Private Edition.

Learn how to deploy the Tenant Service.

Important
Make sure to review Before you begin for the full list of prerequisites required to deploy the Tenant Service.

For solution-level deployment information, see [[PrivateEdition/Current/PEGuide/GetStarted|]].

Deployment scenarios

More than one deployment scenario is supported, including single region, redundant, and multi-region deployment as well as multi-Tenant deployment.

Single region/location/cluster

You deploy Tenant resources in a single Kubernetes cluster within the same or separate namespace (project) with the Voice platform. If shared resources are being deployed across all tenants, they must also be added to the same target namespace.

If you plan to use Prometheus monitoring or Fluent Bit logging framework for Tenant, you must execute the tenant-monitor module, as described in tenant-monitor. The module enables the following features:

  • Prometheus PodMonitor definition for all tenant pods.
  • Common Fluent Bit framework configuration for all tenant pods.

Single Tenant: Basic deployment

Single-node deployment requires a single override file and one "tenant" module to deploy, with reference implementation described at Single service at one location.

Mandatory parameters for basic installation are:

  • tenant uuid (v4)
  • tenant nickname (becomes a Helm release name)
  • all backend parameters (along with all secrets that may be required based on these parameters)

To increase the number of nodes, adjust the node count parameter. For more information, see Scalability and redundancy parameters.

Upgrade

An upgrade can be performed by re-running deployment with the same mandatory parameters and adjusted version of Tenant image(s) and Helm charts. The upgrade is performed automatically, one node at a time (if node count is > 1). The update of the Tenant configuration may happen automatically when the primary node is upgraded. Genesys recommends performing a backup of the backend database for a Tenant Service before upgrading.

Multiple Tenants at one location: Basic deployment

You can deploy additional Tenants at the same location using the following guidelines:

  • Each Tenant Service must have a unique tenant uuid, shortid, and nickname.
  • Each Tenant Service is deployed or upgraded and adjusted independently.

Multiple regions/locations/clusters: Basic deployment

In multi-regional/multi-location deployments, one region/location is considered "master" (from the Tenant perspective) and includes the database backend with write capabilities. Other regions/locations have replicas of the database backend in read-only mode. A Tenant Service at each location may be deployed to have one of its nodes running as master (write access to provisioning data through the config API) or have all its nodes running only as replicas (read access to configuration).

Multi-regional deployments must be performed using the following steps (with prerequisites already satisfied at each region/location):

  • If required, deploy the tenant-monitor module at a location planned as a Master Tenant node.
  • Complete the basic deployment of a Tenant Service in the Master region, including specification of DR parameters for the Master, as per Scalability and redundancy parameters.
  • Complete the deployment of the database backend with replica of the Master database at location(s) where the replica Tenant nodes are expected to run, including provisioning of access keys/secrets to access the local replica.
  • If required, deploy the tenant-monitor module at location(s) where replicas are expected to run.
  • Complete the basic Tenant deployment for additional region(s) and specify DR parameters for the Master region (see Scalability and redundancy parameters).

The same customization scenarios described for Tenant nodes can be applied for each location independently.  

Upgrade

An upgrade can be performed by re-running the deployment with the same mandatory parameters and adjusted version of the Tenant image(s) and Helm charts for every location. Update of the tenant configuration may happen automatically when the Master node in the Master region is upgraded. Genesys recommends performing a backup of the backend database for a Tenant Service before you upgrade the Master region.

Deploy the service

This section provides reference commands with key parameters that are required to complete each deployment step.

On this page, the tenant-values.yaml file refers to the values.yaml file in the Tenant Helm chart. Likewise, the tenant-monitor-values.yaml file refers to the values.yaml file in the Tenant Monitor Helm chart.

Prerequisite

Before proceeding with the Tenant Service deployment, ensure you have completed procedures in the Configure security section of this guide.


Location-specific deployment steps

tenant-monitor

Monitoring/logging shared configuration and infrastructure deployment:
helm upgrade --install --force --wait --timeout 600s -n voice  tenant-monitor https://<jfrog artifactory/helm location>/tenant-monitor-$TENANT_MANIFEST_VERSION.tgz  --username "$JFROG_USER" --password "$JFROG_PASSWORD"

To enable Prometheus monitoring, you can use the following overrides with tenant-monitor. Use the following changes in the tenant-monitor-values.yaml file to implement the changes: 

prometheus:
  podMonitor:
    create: "true"

To enable Fluent Bit to send additional logs to stdout in json format (for selected Tenant functions, such as configuration audit) and/or raw format (such as from internal applications such as StatServer and URS), modify the following changes to upgrade tenant-monitor. Use the following changes in the tenant-monitor-values.yaml file to implement the changes. 

fluent:
  enable: "true"
  rawlogs:
    stdout:
      enable: "true"
  jsonlogs:
    stdout:
      enable: "true"

To enable RWX Persistent Volume Claim (PVC) in tenant-monitor to store Tenant logs shared across all Tenant pods, make the following modifications to override values in the tenant-monitor-values.yaml file: 

tenant:
  logging:
    volume:
      enabled: "true"
      createSC: "false"
      createpvClaim: "true"
      logClaim: "tenant-logs-pvc"
      logClaimSize: "5Gi"
      logStorageClass: "<storage class>"
      Storageprovisioner: "TBD OC provisioner"
      parameters: {}

RWX PV is disabled by default; no overrides are required in the tenant-monitor-values.yaml file to disable it.


Service-specific deployment steps: Single service at one location

Use the following template if you are deploying with the tenant Helm chart. A single-service deployment can be implemented with the following sample parameters in the tenant-values.yaml file: 

##UUID 4 format ( Set a new UUID for new tenant deployment)
tenantid: <tenant-uuid>
 
 
serviceAccount:
    create: true
 
images:
  imagePullSecrets: mycred
  registry: <docker-repo> 
  pullPolicy: Always
  tenant:
    tag: <version of tenant service>
 
  pgdbInit:
    tag: <version of tenant service>
   
  rcsInit:
    tag: <version of roles service batch image>
    enable: "true"
 
  pulseInit:
    tag: <version of tenant service>
    enable: "true"
    pulseMode: "setup"
 
   
 
tenant:
  general:
    upstreamServices: voice-sipfe:9101,voice-config:9100,ixn-server-{{ $.Values.tenantid }}:7120,ixn-vqnode-{{ $.Values.tenantid }}:7122"
  pgdb:
    dbhost: "/opt/genesys/dbserver/dbserver"
    dbuser: "/opt/genesys/dbuser/dbuser"
    dbname: "/opt/genesys/dbnamet102/dbname"
  securityContext:
    fsGroup: 0        
 
  logging
 ....
  volumes: 
    logPvc:
        enabled: "true"
        logClaimSize: "5Gi"
        accessModes: "ReadWriteOnce"
        logStorageClass: "<storage class>"   #Replace the storage class that's relevant to the Openshift Cluster

    mounts:
      log:
        - name: log
          mountPath: /opt/genesys/logs/volume
        - name: log
          mountPath: /logs
  secrets:
    pgdb:
      pwd:            
        secretName: "/opt/genesys/dbpassword/dbpassword"
        secretKey: "dbpassword"
      volumes: | 
        - name: dbpassword
          secret:
            secretName: dbpassword
        - name: dbserver
          secret:
            secretName: dbserver
        - name: dbnamet102
          secret:
            secretName: dbname
        - name: dbuser
          secret:
            secretName: dbuser                        
      mounts:
        - name: dbpassword
          readOnly: true
          mountPath: "/opt/genesys/dbpassword"
        - name: dbserver
          readOnly: true
          mountPath: "/opt/genesys/dbserver" 
        - name: dbnamet102
          readOnly: true
          mountPath: "/opt/genesys/dbname"  
        - name: dbuser
          readOnly: true
          mountPath: "/opt/genesys/dbuser"                          
 
    consul:
      acl:
        secretName: "/opt/genesys/consul-shared-secret/consul-consul-voice-token"
      volumes:
        - name: consul-shared-secret
          secret:
            secretName: consul-voice-token              
      mounts:
        - name: consul-shared-secret
          readOnly: true
          mountPath: "/opt/genesys/consul-shared-secret"     
    redis:
      configPwd:
        secretName: "/opt/genesys/redis-config-secret/redis-config-state"
        volumes:
          - name: redis-config-secret
            secret:
              secretName: redis-config-token              
        mounts:
          - name: redis-config-secret
            readOnly: true
            mountPath: "/opt/genesys/redis-config-secret" 
         
      streamPwd:          
        secretName: "/opt/genesys/redis-tenant-secret/redis-tenant-stream"
        volumes:
          - name: redis-tenant-secret
            secret:
              secretName: redis-tenant-token              
        mounts:
          - name: redis-tenant-secret
            readOnly: true
            mountPath: "/opt/genesys/redis-tenant-secret"        
 
    kafka:
      pwd:
         secretName: "/opt/genesys/kafka-secrets/kafka-secrets"
      volumes:  
        - name: kafka-secrets
          secret:
            secretName: kafka-secrets-token
      mounts:
        - name: kafka-secrets
          mountPath: "/opt/genesys/kafka-secrets"
    gws:
      user:
        secretName: "/opt/genesys/gauth-client-id/clientid"
      pwd:
        secretName: "/opt/genesys/gauth-client-token/clientsecret"
      volumes:
        - name: gauth-client-id
          secret:
            secretName: gauthclientid    
        - name: gauth-client-token
          secret:
            secretName: gauthclientsecret     
      mounts:          
        - name: gauth-client-id
          readOnly: true
          mountPath: "/opt/genesys/gauth-client-id"
        - name: gauth-client-token
          readOnly: true
          mountPath: "/opt/genesys/gauth-client-token"
 
 
 
  redis:
    isCluster: true
In addition, use the following deployment command:
helm upgrade --install --force --wait --timeout 600s -n voice -f ./tenant-node-values.yaml tenant<shortid> https://<jfrog artifactory/helm location>/tenant-<helm version>.tgz --username "$JFROG_USER" --password "$JFROG_PASSWORD"
The preceding deployment will create a Tenant with the password of the service account set up explicitly and without enabling GWS integration. See Samples and references for values that allow you to reset the Tenant password upon deployment using a pre-generated value from the secret and to enable automated GWS integration.

Samples and references

Enabling a service admin password (the secret should be created as described in the Service account password section): 

...
tenant:
  serviceuser: "default"
  svcpwdSecretName: "/opt/genesys/service-user-account/svcpassword"
  ...
  volumes: |
    - name: service-user-account
      secret:
           secretName: svcuseraccount
    ...
  volumeMounts: |
    - name: service-user-account
      readOnly: true
      mountPath: "/opt/genesys/service-user-account"   
    ....
  initVolumeMounts: |        
    - name: service-user-account
      readOnly: true
      mountPath: "/opt/genesys/service-user-account"   
    ....

To enable stdout log output for all Tenant components, make the following modifications to override values in the tenant-values.yaml file. 

images
fbregistry: fluent/fluent-bit
...
  fluentBit:
    enable: "true"
    name: json-sidecar
    tag: 1.8.x
 
  fluentBitUrs:
    enable: "true"
    name: stdouturs-sidecar
    tag: 1.8.x
 
  fluentBitSs:
    enable: "true" 
    name: stdoutss-sidecar
    tag: 1.8.x
 
  fluentBitOcs:
    enable: "true"
    name: stdoutocs-sidecar
    tag: 1.8.x
 
  fluentBitCs:
    enable: "true"
    name: stdoutcs-sidecar
    tag: 1.8.x
 
tenant:
 ...
  logging:
    volumes:
      log:
        - name: log
      jsonLog:
        - name: fluent-logs   
          #persistentVolumeClaim:
          #  claimName: log-t105-0
          emptyDir: {}
      stdoutUrsLog:
        - name: fluenturs-logs
          emptyDir: {}
      stdoutOcsLog:
        - name: fluentocs-logs
          emptyDir: {}
      stdoutSsLog:
        - name: fluentss-logs
          emptyDir: {}
      stdoutCsLog:
        - name: fluentcs-logs
          emptyDir: {}         
      fluentBconfigmap:
        - configMap:
            defaultMode: 420       
            name: tenants-fluent-bit-config
          name: tenants-fluent-bit-config         
      fluentBconfigmapCs:
        - configMap:
            defaultMode: 420       
            name: tenants-fluent-bit-config-cs
          name: tenants-fluent-bit-config-cs
      fluentBconfigmapSs:
        - configMap:
            defaultMode: 420
            name: tenants-fluent-bit-config-ss
          name: tenants-fluent-bit-config-ss
      fluentBconfigmapOcs:
        - configMap:
            defaultMode: 420
            name: tenants-fluent-bit-config-ocs
          name: tenants-fluent-bit-config-ocs
      fluentBconfigmapUrs:
        - configMap:
            defaultMode: 420
            name: tenants-fluent-bit-config-urs
          name: tenants-fluent-bit-config-urs           
    mounts:
      log:
        - name: log
          mountPath: /opt/genesys/logs/volume
        - name: log
          mountPath: /logs
      jsonLog:
        - name: fluent-logs
          mountPath: "/opt/genesys/logs/JSON"         
      stdoutUrsLog:
        - name: fluenturs-logs
          mountPath: "/opt/genesys/logs/URS"
      stdoutSsLog:
        - name: fluentss-logs
          mountPath: "/opt/genesys/logs/SS"
      stdoutOcsLog:
        - name: fluentocs-logs
          mountPath: "/opt/genesys/logs/OCS"
      stdoutCsLog:
        - name: fluentcs-logs
          mountPath: "/opt/genesys/logs/confserv"
 
      fbJsonLog:
        - name: fluent-logs
          mountPath: "/mnt/logs"         
      fbstdoutUrsLog:
        - name: fluenturs-logs
          mountPath: "/mnt/logs"
      fbstdoutSsLog:
        - name: fluentss-logs
          mountPath: "/mnt/logs"
      fbstdoutOcsLog:
        - name: fluentocs-logs
          mountPath: "/mnt/logs"
      fbstdoutCsLog:
        - name: fluentcs-logs
          mountPath: "/mnt/logs"         
 
      fluentBconfigmap:
          - mountPath: /fluent-bit/etc/
            name: tenants-fluent-bit-config
      fluentBconfigmapCs:
          - mountPath: /fluent-bit/etc/
            name: tenants-fluent-bit-config-cs     
      fluentBconfigmapSs:
          - mountPath: /fluent-bit/etc/
            name: tenants-fluent-bit-config-ss   
      fluentBconfigmapOcs:
          - mountPath: /fluent-bit/etc/
            name: tenants-fluent-bit-config-ocs     
      fluentBconfigmapUrs:
          - mountPath: /fluent-bit/etc/
            name: tenants-fluent-bit-config-urs

You can deploy Persistent Volume/Persistent Volume Claim (PV/PVC) in two ways:

  1. Enable ReadWriteOnce (RWO) from the tenant Helm chart, which maintains unique PVCs for each pod/replica from the same Tenant.
  2. Enable ReadWriteMany (RWX) from the tenant-monitor Helm chart, which has multiple Tenant pods sharing the same PVC.

To enable RWO PV/PVC logging from individual Tenant pods in Statefulset, make the following modifications to override the values in the tenant-values.yaml file. RWO Persistent Volume is disabled by default. 

logging
 ....
  volumes: 
    logPvc:
        enabled: "true"
        logClaimSize: "5Gi"
        accessModes: "ReadWriteOnce"
        logStorageClass: "<storage class>"   #Replace the storage class that's relevant to the Openshift Cluster

Enabling GWS integration (the secret should be created as described in the Genesys Authentication backend secrets section): 

tenant:
…
gws:
    # enable: Enable GWS registeration about tenant
    # tls: Enable/Disable Secure connection to GWS
    # authEndpoint: GWS auth end point
    # envEndpoint: GWS env end point for Registeration
    # db: Pass DB infromation for GWS to connect to PSQL DB for read and store data
    enable: "true"
    tls: false
    authEndpoint: "gauth-auth.gauth.svc.cluster.local"
    envEndpoint: ""
    db:
      enable: "false"
      read: "false"
      init: "false"
             secrets:
……….
gws:
      enabled: true 
      user:
        secretName: "/opt/genesys/gauth-client-id/clientid"
      pwd:
        secretName: "/opt/genesys/gauth-client-token/clientsecret"
      volumes:
        - name: gauth-client-id
          secret:
            secretName: gauthclientid    
        - name: gauth-client-token
          secret:
            secretName: gauthclientsecret     
      mounts:          
        - name: gauth-client-id
          readOnly: true
          mountPath: "/opt/genesys/gauth-client-id"
        - name: gauth-client-token
          readOnly: true
          mountPath: "/opt/genesys/gauth-client-token"

To mount the PVC to store Tenant logs, make the following modifications to override the values in the tenant-values.yaml file: 

.....
 
tenant:
  ...
    logging:
    mounts:
      log:
        - name: log
          mountPath: /opt/genesys/logs/volume
        - name: log
          mountPath: /logs

Validate the deployment

Content coming soon
Retrieved from "https://all.docs.genesys.com/PrivateEdition/Current/TenantPEGuide/Deploy (2025-06-21 02:13:33)"
Comments or questions about this documentation? Contact us for support!