Difference between revisions of "GWS/Current/GWSPEGuide/Configure"
m (Text replacement - "Genesys Engage [cC]loud" to "Genesys Multicloud CX") |
|||
| Line 80: | Line 80: | ||
|structuredtext=You can specify parameters for the deployment by overriding Helm chart values in the '''values.yaml''' file. <!--See the tables below for a full list of overridable values available for each container in Web Services and Applications (GWS).--> | |structuredtext=You can specify parameters for the deployment by overriding Helm chart values in the '''values.yaml''' file. <!--See the tables below for a full list of overridable values available for each container in Web Services and Applications (GWS).--> | ||
| − | For more information about how to override Helm chart values, see {{SuiteLevelLink|helmoverride}} in the ''Setting up Genesys | + | For more information about how to override Helm chart values, see {{SuiteLevelLink|helmoverride}} in the ''Setting up Genesys Multicloud CX Private Edition'' guide. |
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the '''values.yaml''' file, so that no user or group IDs are specified. For details, see {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=security|display text=Configure security}} below. | If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the '''values.yaml''' file, so that no user or group IDs are specified. For details, see {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Configure|anchor=security|display text=Configure security}} below. | ||
| Line 132: | Line 132: | ||
|anchor=security | |anchor=security | ||
|alignment=Vertical | |alignment=Vertical | ||
| − | |structuredtext=To learn more about how security is configured for private edition, be sure to read the {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=Prerequisites|display text=Permissions}} and {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=ConfigSecurity}} topics in the ''Setting up Genesys | + | |structuredtext=To learn more about how security is configured for private edition, be sure to read the {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=Prerequisites|display text=Permissions}} and {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=ConfigSecurity}} topics in the ''Setting up Genesys Multicloud CX Private Edition'' guide. |
The security context settings define the privilege and access control settings for pods and containers. | The security context settings define the privilege and access control settings for pods and containers. | ||
Revision as of 20:29, November 9, 2021
Contents
Learn how to configure Genesys Web Services and Applications.
Create API clients
Use the Genesys Authentication operations API to create API clients for the GWS services. Refer to the API clients table for the name and client_id values you must use in the API request. Make note of encrypted_client_secret in the responses - you need this value to set the related parameter in Override Helm chart values.
| Service | name | client_id | Helm chart parameter |
|---|---|---|---|
| Provisioning Service | gws-app-provisioning | gws-app-provisioning | secrets.gws-app-provisioning-client-secret |
| Workspace Service | gws-app-workspace | gws-app-workspace | secrets.gws-app-workspace-client-secret |
| Configuration Service | gws-platform-configuration | gws-platform-configuration | secrets.gws-platform-configuration-client-secret |
| Data Collector Service | gws-platform-datacollector | gws-platform-datacollector | secrets.gws-platform-datacollector-client-secret |
| Interaction Service | gws-platform-ixn | gws-platform-ixn | secrets.gws-platform-ixn-client-secret |
| OCS Service | gws-platform-ocs | gws-platform-ocs | secrets.gws-platform-ocs-client-secret |
| Setting Service | gws-platform-setting | gws-platform-setting | secrets.gws-platform-setting-client-secret |
| Statistics Service | gws-platform-statistics | gws-platform-statistics | secrets.gws-platform-statistics-client-secret |
| Voice Service | gws-platform-voice | gws-platform-voice | secrets.gws-platform-voice-client-secret |
Configure a secret to access JFrog
If you haven't done so already, create a secret for accessing the JFrog registry:
kubectl create secret docker-registry <credential-name> --docker-server=<docker repo> --docker-username=<username> --docker-password=<password> --docker-email=<emailid>Now map the secret to the default service account:
kubectl secrets link default <credential-name> --for=pullOverride Helm chart values
You can specify parameters for the deployment by overriding Helm chart values in the values.yaml file.
For more information about how to override Helm chart values, see Overriding Helm chart values in the Setting up Genesys Multicloud CX Private Edition guide.
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that no user or group IDs are specified. For details, see Configure security below.
Create or update the versions file
Create or update the versions.yaml file with the latest container versions for your deployment. See Updated Helm Charts and Containers for Web Services and Applications for the full list of versions.
For example:gws-app-provisioning:9.0.000.93
gws-app-workspace:9.0.000.90
gws-platform-configuration:9.0.000.79
gws-platform-datacollector:9.0.000.50
gws-platform-ixn:9.0.000.43
gws-platform-ocs:9.0.000.46
gws-platform-setting:9.0.000.52
gws-platform-statistics:9.0.000.61
gws-platform-voice:9.0.000.66
gws-system-nginx:9.0.000.16
gws-ui-crmworkspace:9.0.000.62
gws-ui-provisioning:9.0.000.84
gws-ui-workspace:9.0.000.82Configure Kubernetes
GWS stores the following sensitive data as Kubernetes secrets. See the secrets.* parameters in the Global parameters table in the "Override Helm chart values" section for details.
- Redis password (gws-redis-password)
- Consul API token (gws-consul-token)
- PostgreSQL database credentials for GWS (gws-postgres-username and gws-postgres-password)
- PostgreSQL database credentials for Agent Setup (agentsetup-postgres-username and agentsetup-postgres-password)
- Client secret for the Provisioning Service (gws-app-provisioning-client-secret)
- Client secret for the Workspace Service (gws-app-workspace-client-secret )
- Client secret for the Configuration Service (gws-platform-configuration-client-secret)
- Client secret for the Data Collector Service (gws-platform-datacollector-client-secret)
- Client secret for the Interaction Service (gws-platform-ixn-client-secret)
- Client secret for the OCS Service (gws-platform-ocs-client-secret)
- Client secret for the Setting Service (gws-platform-setting-client-secret)
- Client secret for the Statistics Service (gws-platform-statistics-client-secret)
- Client secret for the Voice Service (gws-platform-voice-client-secret)
- Credentials for the operational user (ops-username and ops-password)
Configure security
To learn more about how security is configured for private edition, be sure to read the Permissions and OpenShift security settings topics in the Setting up Genesys Multicloud CX Private Edition guide.
The security context settings define the privilege and access control settings for pods and containers.
By default, the user and group IDs are set in the values.yaml file as 500:500:500, meaning the genesys user.
deploymentGlobals:
securityContext:
runAsUser: 500
runAsGroup: 500
fsGroup: 500
runAsNonRoot: trueArbitrary UIDs in OpenShift
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that you do not define any specific IDs.
deploymentGlobals:
securityContext:
runAsUser: null
runAsGroup: 0
fsGroup: null
runAsNonRoot: true