Difference between revisions of "VM/Current/VMPEGuide/Deploy"

Revision as of 18:11, November 1, 2021

This topic is part of the manual Voice Microservices Private Edition Guide for version Current of Voice Microservices.

1 General deployment prerequisites
- 1.1 Deploy Consul
- 1.2 Create the Voice namespace
2 Deploy Voice Services
- 2.1 Register the Redis service in Consul
- 2.2 Deploy the Voice Services
3 Voice Service Helm chart deployment
4 Deploy in OpenShift
- 4.1 Add a rule for Consul DNS forwarding
- 4.2 Persistent volumes
5 Deploy the Tenant service
6 Validate the deployment

Learn how to deploy Voice Microservices.

General deployment prerequisites

Before you deploy the Voice Services, you must deploy the infrastructure services. See Third-party prerequisites for the list of required infrastructure services.

To override values for both the infrastructure services and voice services, see Override Helm chart values.

Genesys recommends the following order of deployment for the Voice Microservices:

Deploy Consul

Consul is required for multiple services in the Genesys package.

In addition to any other Consul configuration, the following Consul features are required for Voice Services:

connectinject – To deploy sidecar containers in Voice pods.
controller – To provide service intention functionality.
openshift – To set OpenShift-specific permissions.
syncCatalog – To sync Kubernetes services to Consul. Set toK8S: false and addK8SNamespaceSuffix: false for syncing services from Kubernetes to Consul.
AccessControlList – To enable ACL, set manageSystemACLs: true.
storageclass – To set the storage class to a predefined storage class.
TLS – To enable TLS, set enabled: true and follow the steps/commands described below to set up TLS.

The file content for the Consul configuration is the following:

# config.yaml
global:
  name: consul
  tls:
    enabled: true
    caCert:
      secretName: consul-ca-cert
      # The key of the Kubernetes secret.
      secretKey: tls.crt
    caKey:
      # The name of the Kubernetes secret.
      secretName: consul-ca-key
      # The key of the Kubernetes secret.
      secretKey: tls.key
  acls:
    manageSystemACLs: true
  openshift:
    enabled: true
connectInject:
  enabled: true
controller:
  enabled: true
syncCatalog:
  enabled: true
  toConsul: true
  toK8S: false
  addK8SNamespaceSuffix: false

Creation of the Consul bootstrap token

When you enable an Access Control List in Consul, you must ensure that Voice services have access to read and write to Consul. To provide access, you create a token for Voice services in the Consul UI. You can create the necessary Consul bootstrap token when you deploy Consul, although it is possible to do this configuration later, as part of the Voice Services deployment.

When Access Control List (ACL) is enabled in Consul, the Voice services must have the required access for reading and writing into Consul. For that, you must create a token in the Consul UI with the following permissions for the Voice services.

service_prefix "" {
  policy = "read"
  intentions = "read"
}
service_prefix "" {
  policy = "write"
  intentions = "write"
}
node_prefix "" {
  policy = "read"
}
node_prefix "" {
  policy = "write"
}
agent_prefix "" {
  policy = "read"
}
agent_prefix "" {
  policy = "write"
}
session_prefix "" {
  policy = "write"
}
session_prefix "" {
  policy = "read"
}   
namespace_prefix "" {
 key_prefix "" {
  policy = "write"
 }
 session_prefix "" {
  policy = "write"
 }
}
key_prefix "" {
  policy = "read"
 }
key_prefix "" {
  policy = "write"
 }

To log into the Consul UI and to create a new ACL, you use a bootstrap token. Use the following command to get the bootstrap token:

kubectl get secret consul-bootstrap-acl-token -n <consul namespace> -o go-template='{{.data.token | base64decode}}

Create a new token and create a policy (voice-policy) with the preceding list of permissions and assign it to this token. For example a token is created with a value of a7529f8a-1146-e398-8bd7-367894c4b37b. We can create a Kubernetes secret with this token as shown below:

kubectl create secret generic consul-voice-token -n voice --from-literal='consul-consul-voice-token=a7529f8a-1146-e398-8bd7-367894c4b37b'

Creating Intentions in the Consul UI

Voice services use the Consul service mesh to connect between services. Consul has provision to either allow or deny the connection between services. This is done using intentions. Log into the Intentions tab using the bootstrap token and create a new intention to allow all source services to all destination services as shown in the following screenshot.

Create the Voice namespace

Before deploying Voice Services and their dependencies, create a namespace using the following command:

kubectl create ns voice

In all Voice Services and the configuration files of their dependencies, the namespace is voice. If you want a specific, custom namespace, create the namespace (using the preceding command) and remember to change the namespace in files, as required.

Deploy Voice Services

Register the Redis service in Consul

After the creation of the Redis cluster, the Redis IP address should be registered with Consul. Cluster information needs to be created for the Kubernetes services and endpoints with Redis. Once they are created, Consul will automatically sync those Kubernetes services and register them in Consul.

Kubernetes Service and endpoint creation

The Redis registration should be done for all of the following Redis service names. The Voice services use these service names for connecting to the Redis cluster.

redis-agent-state
redis-call-state
redis-config-state
redis-ors-state
redis-ors-stream
redis-registrar-state
redis-rq-state
redis-sip-state
redis-tenant-stream

Manifest file

For all the preceding Redis service names, create a separate service and endpoint using the following example:

apiVersion: v1
kind: Service
metadata:
  name: <redis-service-name> (ex, redis-agent-state)
  namespace: <namespace> (ex, voice)
  annotations:
    "consul.hashicorp.com/service-sync": "true"
spec:
  clusterIP: None
---
apiVersion: v1
kind: Endpoints
metadata:
  name: <redis-service-name> (ex, redis-agent-state)
  namespace: <namespace> (ex, voice)
subsets:
  - addresses:
      - ip: <redis MASTER IP> (ex, 51.143.122.147)
    ports:
      - port: <redis port> (ex, 6379)
        name: redisport
        protocol: <redis transport> (ex, TCP)

In addition, get the Redis primary IP using the following command:

kubectl get pods infra-redis-redis-cluster-0 -n infra -o jsonpath='{.status.podIP}' (get IPaddress of the master redis pod)

Deploy the Voice Services

Voice Services require a Persistent Volume Claim (PVC); the Voice SIP Cluster Service uses a persistent volume to store traditional SIP Server logs. Before deploying Voice Services, create the PVC.

Storage class and Claim name

The created persistent volume must be configured in the sip_node_override_values.yaml file as shown below:

# pvc will be created for logs
volumes:
  pvcLog:
    create: true
    claim: sip-log-pvc
    storageClass: voice
    volumeName: <pv name> (ex sip-log-pv)
   
  pvcJsonLog:
    create: true
    claim: sip-json-log-pvc
    storageClass: voice
    volumeName: <pv name> (ex sip-log-pv)

Configure the DNS Server for voice-sip

The Voice SIP Cluster Service requires the DNS server to be configured in its sip_node_override_values.yaml file. Follow the steps in the Kubernetes documentation to install a dnsutils pod. Using the dnsutils pod, get the dnsserver that's used in the environment.

The default value in the SIP Helm chart is 10.0.0.10. If the dnsserver address is different, update it in the sip_node_override_values.yaml file as shown below:

# update dns server ipaddress
  context:
    envs:
      dnsServer: "10.202.0.10"

Voice Service Helm chart deployment

Deploy the Voice Services using the provided Helm charts.

helm upgrade --install --force --wait --timeout 300s -n voice -f ./voice_helm_values/agent_override_values.yaml voice-agent <helm-repo>/voice-agent-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 300s -n voice -f ./voice_helm_values/callthread_override_values.yaml voice-callthread <helm-repo>/voice-callthread-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 200s -n voice -f ./voice_helm_values/config_override_values.yaml voice-config <helm-repo>/voice-config-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 300s -n voice -f ./voice_helm_values/dialplan_override_values.yaml voice-dialplan <helm-repo>/voice-dialplan-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 200s -n voice -f ./voice_helm_values/ors_node_override_values.yaml voice-ors <helm-repo>/voice-ors-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 300s -n voice -f ./voice_helm_values/registrar_override_values.yaml voice-registrar <helm-repo>/voice-registrar-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 200s -n voice -f ./voice_helm_values/rq_node_override_values.yaml voice-rq <helm-repo>/voice-rq-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 200s -n voice -f ./voice_helm_values/sip_node_override_values.yaml voice-sip <helm-repo>/voice-sip-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 300s -n voice -f ./voice_helm_values/sipfe_override_values.yaml voice-sipfe <helm-repo>/voice-sipfe-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
 
helm upgrade --install --force --wait --timeout 300s -n voice -f ./voice_helm_values/sipproxy_override_values.yaml voice-sipproxy <helm-repo>/voice-sipproxy-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"

The following table contains a list of the minimum recommended Helm chart versions that should be used:

Service name	Helm chart version
voice-config	voice-config-9.0.11.tgz
voice-dialplan	voice-dialplan-9.0.08.tgz
voice-registrar	voice-registrar-9.0.14.tgz
voice-agent	voice-agent-9.0.10.tgz
voice-callthread	voice-callthread-9.0.12.tgz
voice-sip	voice-sip-9.0.22.tgz
voice-sipfe	voice-sipfe-9.0.06.tgz
voice-sipproxy	voice-sipproxy-9.0.09.tgz
voice-rq	voice-rq-9.0.08.tgz
voice-ors	voice-ors-9.0.08.tgz

Deploy in OpenShift

Add a rule for Consul DNS forwarding

In the OpenShift Container Platform (OCP), as part of the general deployment prerequisites, you must add a rule for Consul DNS forwarding. OpenShift sends DNS requests to the DNS server in the openshift-dns namespace. To forward Consul FQDN resolution to a Consul DNS server, add the forwarding rule to the configmap of the default DNS operator. Save the Consul DNS IP address using the following command:

kubectl get svc consul-dns -n <consul namespace> -o jsonpath={.spec.clusterIP} (Internal IP of consul-dns service)
> oc edit dns.operator/default
Add the below specs:
spec:
servers:
- name: consul-dns
zones:
- consul
forwardPlugin:
upstreams:
- <Internal IP of consul-dns service>

Persistent volumes

The general Voice Services deployment is described in Deploy Voice Services. There are some differences when creating PVCs in the OpenShift Container Platform (OCP). This section describes the configuration for OCP.

Persistent Volume in OCS Storage Type

A Storage Class might have been created already in the OCP. This Storage Class is used for creating PVCs and must be set in the override values of the sip_node_override_values.yaml file.

For an OpenShift cluster with OpenShift Container Storage (OCS), configure the Storage Class to be used for creating the persistent volume. In the case of OCS, the PV is created automatically when the PVC is claimed. For such clusters, the volumeName parameter in the sip_node_override_values.yaml file must be empty.

#  PVC's section
## This section defines about creating PVCs
volumes:
  pvcLog:
    create: true                                    # create defines whether a PVC needs to be created with the chart.
    claim: sip-log-pvc                              # Name of PVC
    volumeName:                                     # To bind this PVC to specified Persistent Volume.In case of Openshift, this is required only for NFS mounting and not needed for OCS.
    claimSize: 10Gi                                 # This field sets the storage size requested by PVC
    storageClass: voice                             # This field sets the storage class requested by PVC
    mountPath: /opt/genesys/logs/volume             # Volume mount path for PV
	       
  pvcJsonLog:
    create: true                                    # create defines whether a PVC needs to be created with the chart.
    claim: sip-json-log-pvc                         # Name of PVC
    volumeName:                                     # To bind this PVC to specified Persistent Volume.In case of Openshift, this is required only for NFS mounting and not needed for OCS.
    claimSize: 10Gi                                 # This field sets the storage size requested by PVC
    storageClass: voice                             # This field sets the storage class requested by PVC
    mountPath: /opt/genesys/logs/sip_node/JSON      # Volume mount path for PV

Configure the DNS Server for voice-sip

The Voice SIP Cluster Service requires the DNS server to be configured in its sip_node_override_values.yaml file.

In the OCP environment, you can find the Kubernetes DNS server name using the following command:

oc get dns.operator/default -o jsonpath={.status.clusterIP}

The default value in the SIP Helm chart is "10.0.0.10"; if the DNS server address is different, update it in the sip_node_override_values.yaml file as shown below:

# update dns server ipaddress
  context:
    envs:
      dnsServer: "10.202.0.10"

Deploy the Tenant service

The Tenant Service is included with the Voice Microservices, but has its own deployment procedure. To deploy the Tenant Service, see Deploy the Tenant Service.

Validate the deployment

Content coming soon

Voice Microservices Private Edition Guide

Overview

Configure and deploy

Configure and deploy Voicemail

Observability

Functionality

Difference between revisions of "VM/Current/VMPEGuide/Deploy"

Revision as of 18:11, November 1, 2021

Contents

General deployment prerequisites

Deploy Consul

Creation of the Consul bootstrap token

Creating Intentions in the Consul UI

Create the Voice namespace

Deploy Voice Services

Register the Redis service in Consul

Kubernetes Service and endpoint creation

Manifest file

Deploy the Voice Services

Storage class and Claim name

Configure the DNS Server for voice-sip

Voice Service Helm chart deployment

Deploy in OpenShift

Add a rule for Consul DNS forwarding

Persistent volumes

Persistent Volume in OCS Storage Type

Configure the DNS Server for voice-sip

Deploy the Tenant service

Validate the deployment

@@ Line 23: / Line 23: @@
 *{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=DeployVoicemail|display text=Voicemail Service}}
+{{AnchorDiv|DeployConsul}}
 ===Deploy Consul===
-Consul is required for multiple Services in the Genesys package. In addition to any other Consul configuration, the following Consul features are required for Voice Services:
+Consul is required for multiple services in the Genesys package.
-*connectinject – to deploy sidecar containers in voice pods.
+In addition to any other Consul configuration, the following Consul features are required for Voice Services:
-*controller – to provide service intention functionality.
-*openshift – to set OpenShift specific permissions.
-*syncCatalog – to sync K8 services into Consul: set '''toK8S: false''' and '''addK8SNamespaceSuffix: false''' for syncing services only from K8 to Consul.
-*AccessControlList – to enable ACL, set '''manageSystemACLs: true'''.
-*storageclass – to set the storage class to a predefined storage class.
-*TLS – to enable TLS, set '''enabled: true''' and follow the steps/commands described below to set up TLS.
-Here is the file content for the Consul configuration:
+*connectinject – To deploy sidecar containers in Voice pods.
+*controller – To provide service intention functionality.
+*openshift – To set OpenShift-specific permissions.
+*syncCatalog – To sync Kubernetes services to Consul. Set '''toK8S: false''' and '''addK8SNamespaceSuffix: false''' for syncing services from Kubernetes to Consul.
+*AccessControlList – To enable ACL, set '''manageSystemACLs: true'''.
+*storageclass – To set the storage class to a predefined storage class.
+*TLS – To enable TLS, set '''enabled: true''' and follow the steps/commands described below to set up TLS.
+The file content for the Consul configuration is the following:
 <source lang="text">
 # config.yaml
@@ Line 64: / Line 67: @@
    addK8SNamespaceSuffix: false
 </source>
-<!--
-{{{!}} class="wikitable"
-!Command
-!Purpose
-{{!}}-
-{{!}}consul tls ca create
-{{!}}To generate Consul certificates.
-{{!}}-
-{{!}}kubectl create secret generic consul-ca-cert -n consul --from-file='tls.crt=./consul-agent-ca.pem'
-{{!}}To obtain the TLS certification and store it as a Kubernetes secret.
-{{!}}-
-{{!}}kubectl create secret generic consul-ca-key -n consul --from-file='tls.key=./consul-agent-ca-key.pem'
-{{!}}To obtain the TLS key and store it as a Kubernetes secret.
-{{!}}}
-====Commands to deploy Consul====
+====Creation of the Consul bootstrap token====
+When you enable an Access Control List in Consul, you must ensure that Voice services have access to read and write to Consul. To provide access, you create a token for Voice services in the Consul UI. You can create the necessary Consul bootstrap token when you deploy Consul, although it is possible to do this configuration later, as part of the Voice Services deployment.
+When Access Control List (ACL) is enabled in Consul, the Voice services must have the required access for reading and writing into Consul. For that, you must create a token in the Consul UI with the following permissions for the Voice services.
 <source lang="text">
-kubectl create ns consul
+service_prefix "" {
-helm repo add hashicorp https://helm.releases.hashicorp.com
+  policy = "read"
-helm repo update
+  intentions = "read"
-helm install consul hashicorp/consul -f ./consul/consul-config.yaml -n consul
+}
-kubectl get pods -n consul
+service_prefix "" {
+  policy = "write"
+  intentions = "write"
+}
+node_prefix "" {
+  policy = "read"
+}
+node_prefix "" {
+  policy = "write"
+}
+agent_prefix "" {
+  policy = "read"
+}
+agent_prefix "" {
+  policy = "write"
+}
+session_prefix "" {
+  policy = "write"
+}
+session_prefix "" {
+  policy = "read"
+}
+namespace_prefix "" {
+ key_prefix "" {
+  policy = "write"
+ }
+ session_prefix "" {
+  policy = "write"
+ }
+}
+key_prefix "" {
+  policy = "read"
+ }
+key_prefix "" {
+  policy = "write"
+ }
 </source>
--->
-====Add a rule for Consul DNS forwarding====
+To log into the Consul UI and to create a new ACL, you use a bootstrap token. Use the following command to get the bootstrap token:
-OpenShift sends DNS requests to the DNS server in the '''openshift-dns''' namespace. To forward Consul FQDN resolution to a Consul DNS server, add a forwarding rule to '''configmap''' of the default DNS operator. Save the Consul's DNS IP address using the following command:
 <source lang="text">
-kubectl get svc consul-dns -n <consul namespace> -o jsonpath={.spec.clusterIP} (Internal IP of consul-dns service)
+kubectl get secret consul-bootstrap-acl-token -n <consul namespace> -o go-template='{{.data.token | base64decode}}
-> oc edit dns.operator/default
-Add the below specs:
-spec:
-servers:
-- name: consul-dns
-zones:
-- consul
-forwardPlugin:
-upstreams:
-- <Internal IP of consul-dns service>
 </source>
-|Status=No
-}}{{Section
+Create a new token and create a policy (voice-policy) with the preceding list of permissions and assign it to this token. For example a token is created with a value of <tt>a7529f8a-1146-e398-8bd7-367894c4b37b</tt>. We can create a Kubernetes secret with this token as shown below:
-|sectionHeading=Deployment of Redis
-|alignment=Vertical
-|structuredtext====Deployment of Redis===
-====Add a Helm repository====
 <source lang="text">
-kubectl create namespace infra
+kubectl create secret generic consul-voice-token -n voice --from-literal='consul-consul-voice-token=a7529f8a-1146-e398-8bd7-367894c4b37b'
-helm repo add bitnami https://charts.bitnami.com/bitnami
-helm repo add elastic https://helm.elastic.co
-helm repo add confluentinc https://confluentinc.github.io/cp-helm-charts/
-helm repo update
 </source>
-====Deploy the Helm Charts====
+====Creating Intentions in the Consul UI====
-<source lang="text">
+Voice services use the Consul service mesh to connect between services. Consul has provision to either allow or deny the connection between services. This is done using ''intentions''. Log into the '''Intentions''' tab using the bootstrap token and create a new intention to allow all source services to all destination services as shown in the following screenshot.
-#REDIS#
-helm install infra-redis bitnami/redis-cluster --set usePassword=true --set cluster.nodes=6 --set persistence.size=1G -n infra
+[[File:voicemcs_config_consul_intentions.png|center]]
-</source>
+|Status=No
-|Status=Yes
 }}{{Section
 |alignment=Vertical
@@ Line 130: / Line 140: @@
 kubectl create ns voice
 </source>
-In all Voice Services and their dependencies configuration files, the namespace is '''voice'''. If you want a specific/custom namespace, create the namespace (using the above command) and change the namespace in files, as required.
+In all Voice Services and the configuration files of their dependencies, the namespace is '''voice'''. If you want a specific, custom namespace, create the namespace (using the preceding command) and remember to change the namespace in files, as required.
 |Status=No
 }}{{Section
-|sectionHeading=Deploy Voice services
+|sectionHeading=Deploy Voice Services
 |anchor=DeployVoice
 |alignment=Vertical
@@ Line 140: / Line 150: @@
 ====Kubernetes Service and endpoint creation====
-The Redis registration should be done for all of the following Redis service names. The Voice services will use these service names for connecting to the Redis cluster.
+The Redis registration should be done for all of the following Redis service names. The Voice services use these service names for connecting to the Redis cluster.
 <source lang="text">
 redis-agent-state
@@ Line 153: / Line 163: @@
 </source>
-=====Manifest file=====
+====Manifest file====
-For all the Redis service names mentioned above, create a separate service and endpoint using the following example:
+For all the preceding Redis service names, create a separate service and endpoint using the following example:
 <source lang="text">
 apiVersion: v1
@@ Line 180: / Line 190: @@
 </source>
-Get the Redis primary IP using the following command:
+In addition, get the Redis primary IP using the following command:
 <source lang="text">
 kubectl get pods infra-redis-redis-cluster-0 -n infra -o jsonpath='{.status.podIP}' (get IPaddress of the master redis pod)
@@ Line 186: / Line 196: @@
 |Status=No
 }}{{Section
+|anchor=DeploytheVoiceServices
 |alignment=Vertical
-|structuredtext====Deploy Voice Services===
+|structuredtext====Deploy the Voice Services===
-Before deploying Voice Services, we must create Persistent Volume Claims (PVC) that are required for Voice Services.
+Voice Services require a Persistent Volume Claim (PVC); the Voice SIP Cluster Service uses a persistent volume to store traditional SIP Server logs. Before deploying Voice Services, create the PVC.
-====Persistent volumes====
+====Storage class and Claim name====
-The Voice SIP Cluster Service uses the persistent volume, a "piece" of storage, to store traditional SIP Server logs in OpenShift.
+The created persistent volume must be configured in the '''sip_node_override_values.yaml''' file as shown below:
-=====Persistent Volume  in OCS Storage Type=====
-A Storage Class might have been already created in the OCP (OpenShift Container Platform). This Storage Class is used for creating PVC and must be set in the override values of '''sip_node_override_values.yaml'''.
-For the OpenShift cluster with OpenShift Container Storage (OCS) storage, configure the Storage Class to be used for creating the persistent volume. In the case of OCS storage, PV will be created automatically when PVC is claimed. For such clusters, the '''volumeName''' parameter in '''sip_node_override_values.yaml''' must be empty.
-<source lang="text">
-# pvc will be created for logs
-volumes:
-  pvcLog:
-    create: true
-    claim: sip-log-pvc
-    storageClass: voice
-    volumeName:
-  pvcJsonLog:
-    create: true
-    claim: sip-json-log-pvc
-    storageClass: voice
-    volumeName:
-</source>
-<!--
-=====Persistent Volume  in NFS Storage Type=====
-For the OpenShift cluster with Network File System (NFS) storage, the persistent volume must be created manually:
-<source lang="text">
-kubectl apply -f ./voice_helm_values/sip_node_log_pv.yaml
-</source>
--->
-The created persistent volume must be configured in '''sip_node_override_values.yaml''' as shown below:
 <source lang="text">
 # pvc will be created for logs
@@ Line 237: / Line 220: @@
 ====Configure the DNS Server for voice-sip====
-The Voice SIP Cluster Service requires that the DNS server is configured in '''sip_node_override_values.yaml'''.
+The Voice SIP Cluster Service requires the DNS server to be configured in its '''sip_node_override_values.yaml''' file.
+Follow the steps in the [https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/ Kubernetes documentation] to install a '''dnsutils''' pod. Using the '''dnsutils''' pod, get the '''dnsserver''' that's used in the environment.
-In the OCP environment, the Kubernetes DNS server name can be obtained using the following command:
-<source lang="text">
-oc get dns.operator/default -o jsonpath={.status.clusterIP}
-</source>
-In a non-OCP environment, follow the steps provided in [https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/ Kubernetes documentation] and install the '''dnsutils''' pod. Using the '''dnsutils''' pods, get the '''dnsserver''' that is used in the environment.
-Default value in the SIP Helm chart is "10.0.0.10"; if the DNS server address is different, update it in '''sip_node_override_values.yaml''' as shown below:
+The default value in the SIP Helm chart is <tt>10.0.0.10</tt>. If the '''dnsserver''' address is different, update it in the '''sip_node_override_values.yaml''' file as shown below:
 <source lang="text">
 # update dns server ipaddress
@@ Line 253: / Line 230: @@
        dnsServer: "10.202.0.10"
 </source>
+|Status=No
-====Voice Service Helm chart deployment====
+}}{{Section
-Deploy the Voice Services using the provided Helm charts.
+|sectionHeading=Voice Service Helm chart deployment
-<source lang="text">
+|anchor=HelmChartDeployment
+|alignment=Vertical
+|structuredtext=Deploy the Voice Services using the provided Helm charts.<source lang="text">
 helm upgrade --install --force --wait --timeout 300s -n voice -f ./voice_helm_values/agent_override_values.yaml voice-agent <helm-repo>/voice-agent-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
@@ Line 276: / Line 255: @@
 helm upgrade --install --force --wait --timeout 300s -n voice -f ./voice_helm_values/sipproxy_override_values.yaml voice-sipproxy <helm-repo>/voice-sipproxy-<helmchart-version>.tgz --set version=<container-version> --username "$JFROG_USER" --password "$JFROG_PASSWORD"
-</source>
+</source>The following table contains a list of the minimum recommended Helm chart versions that should be used:
-The following table contains a list of the minimum recommended Helm chart versions that should be used:
 {{{!}} class="wikitable"
 !Service name
@@ Line 314: / Line 292: @@
 |Status=No
 }}{{Section
-|sectionHeading=Deploy the Tenant service
+|sectionHeading=Deploy in OpenShift
+|anchor=DeployInOpenShift
 |alignment=Vertical
-|structuredtext=The Tenant Service is included with the Voice Microservices, but has its own deployment procedure. To deploy the Tenant Service, see {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=TenantPEGuide|topic=Deploy|display text=Deploy the Tenant Service}}.
+|structuredtext====Add a rule for Consul DNS forwarding===
+In the OpenShift Container Platform (OCP), as part of the general deployment prerequisites, you must add a rule for Consul DNS forwarding. OpenShift sends DNS requests to the DNS server in the '''openshift-dns''' namespace. To forward Consul FQDN resolution to a Consul DNS server, add the forwarding rule to the '''configmap''' of the default DNS operator. Save the Consul DNS IP address using the following command:
+<source lang="text">
+kubectl get svc consul-dns -n <consul namespace> -o jsonpath={.spec.clusterIP} (Internal IP of consul-dns service)
+> oc edit dns.operator/default
+Add the below specs:
+spec:
+servers:
+- name: consul-dns
+zones:
+- consul
+forwardPlugin:
+upstreams:
+- <Internal IP of consul-dns service>
+</source>
+{{AnchorDiv|OCPSIPClusterLogsPVC}}
+===Persistent volumes===
+The general Voice Services deployment is described in {{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Deploy|anchor=DeployVoice|display text=Deploy Voice Services}}. There are some differences when creating PVCs in the OpenShift Container Platform (OCP). This section describes the configuration for OCP.
+====Persistent Volume in OCS Storage Type====
+A Storage Class might have been created already in the OCP. This Storage Class is used for creating PVCs and must be set in the override values of the '''sip_node_override_values.yaml''' file.
+For an OpenShift cluster with OpenShift Container Storage (OCS), configure the Storage Class to be used for creating the persistent volume. In the case of OCS, the PV is created automatically when the PVC is claimed. For such clusters, the '''volumeName''' parameter in the '''sip_node_override_values.yaml''' file must be empty.
+<source lang="text">
+#  PVC's section
+## This section defines about creating PVCs
+volumes:
+  pvcLog:
+    create: true                                    # create defines whether a PVC needs to be created with the chart.
+    claim: sip-log-pvc                              # Name of PVC
+    volumeName:                                     # To bind this PVC to specified Persistent Volume.In case of Openshift, this is required only for NFS mounting and not needed for OCS.
+    claimSize: 10Gi                                 # This field sets the storage size requested by PVC
+    storageClass: voice                             # This field sets the storage class requested by PVC
+    mountPath: /opt/genesys/logs/volume             # Volume mount path for PV
+  pvcJsonLog:
+    create: true                                    # create defines whether a PVC needs to be created with the chart.
+    claim: sip-json-log-pvc                         # Name of PVC
+    volumeName:                                     # To bind this PVC to specified Persistent Volume.In case of Openshift, this is required only for NFS mounting and not needed for OCS.
+    claimSize: 10Gi                                 # This field sets the storage size requested by PVC
+    storageClass: voice                             # This field sets the storage class requested by PVC
+    mountPath: /opt/genesys/logs/sip_node/JSON      # Volume mount path for PV
+</source>
+<!--
+=====Persistent Volume  in NFS Storage Type=====
+For the OpenShift cluster with Network File System (NFS) storage, the persistent volume must be created manually:
+<source lang="text">
+kubectl apply -f ./voice_helm_values/sip_node_log_pv.yaml
+</source>
+-->
+====Configure the DNS Server for voice-sip====
+The Voice SIP Cluster Service requires the DNS server to be configured in its '''sip_node_override_values.yaml''' file.
+In the OCP environment, you can find the Kubernetes DNS server name using the following command:
+<source lang="text">
+oc get dns.operator/default -o jsonpath={.status.clusterIP}
+</source>
+The default value in the SIP Helm chart is "10.0.0.10"; if the DNS server address is different, update it in the '''sip_node_override_values.yaml''' file as shown below:
+<source lang="text">
+# update dns server ipaddress
+  context:
+    envs:
+      dnsServer: "10.202.0.10"
+</source>
 |Status=No
 }}{{Section
-|sectionHeading=Deploy in OpenShift
+|sectionHeading=Deploy the Tenant service
 |alignment=Vertical
-|structuredtext=To deploy in the OpenShift platform, you use the '''oc''' command instead of the '''kubectl''' command.
+|structuredtext=The Tenant Service is included with the Voice Microservices, but has its own deployment procedure. To deploy the Tenant Service, see {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=TenantPEGuide|topic=Deploy|display text=Deploy the Tenant Service}}.
 |Status=No
 }}{{Section
-|sectionHeading=Validate the deployment in OpenShift
+|sectionHeading=Validate the deployment
 |anchor=Validate
 |alignment=Vertical