Difference between revisions of "PEC-DC/Current/DCPEGuide/Configure"
From Genesys Documentation
m (Text replacement - "Genesys Engage [cC]loud" to "Genesys Multicloud CX") |
(Published) |
||
| Line 271: | Line 271: | ||
{{!}}{} | {{!}}{} | ||
{{!}}} | {{!}}} | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|Status=No | |Status=No | ||
}}{{Section | }}{{Section | ||
Revision as of 13:20, February 15, 2022
This topic is part of the manual Digital Channels Private Edition Guide for version Current of Digital Channels.
Learn how to configure Digital Channels.
Related documentation:
RSS:
Complete the steps on this page to configure your Digital Channels deployment.
Override Helm chart values
You can specify parameters for the deployment by overriding Helm chart values in the values.yaml file. See the Parameters table for a full list of overridable values.
For more information about how to override Helm chart values, see Overriding Helm chart values in the Setting up Genesys Multicloud CX Private Edition guide.
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that no user or group IDs are specified. For details, see Configure security below.
| Parameter | Description | Valid values | Default |
|---|---|---|---|
| global.imageRegistry | The Docker registry from which Kubernetes pulls images. | A valid registry URL | nil |
| global.imagePullSecrets | An array of global docker-registry secret names. | An array of secret names | [] (does not add image pull secrets to deployed pods) |
| global.storageClass | The global storage class used for dynamic provisioning. | A valid storage class | nil |
| image.registry | The Nexus image registry. | A valid registry URL | TBD |
| image.repository | The Nexus image name. | A valid image name | nexus/nexus |
| image.tag | The Nexus image tag. | A valid image tag | {TAG_NAME} |
| image.pullPolicy | Specifies when Kubernetes pulls images from the registry on start up. | IfNotPresent or Always | IfNotPresent |
| image.pullSecrets | An array of docker-registry secret names. | An array of secret names | [] (does not add image pull secrets to deployed pods) |
| nameOverride | A string to partially override the nexus.fullname template. This string is prepended to the release name. | String | nil |
| fullnameOverride | A string to fully override the nexus.fullname template. | String | nil |
| nexus.redirectProtocol | Defines the Web Services and Applications to Nexus redirect protocol (HTTP or HTTPS). | A valid protocol | http:// |
| nexus.redis.enabled | Specifies whether to use Redis. You must not changes this from the default value of true. | true | true |
| nexus.redis.nodes | A comma-separated list of Redis nodes to connect. | A valid URL | redis://nexus-redis-master.default.svc.cluster.local:6379 |
| nexus.redis.useCluster | Specifies whether to deploy Redis as a cluster. | true or false | false |
| nexus.redis.enableTls | Specifies whether to use TLS on the Redis connection. | true or false | false |
| nexus.redis.password | The password for Redis authentication. | A valid password | "" |
| nexus.db.host | The Postgres service URL. | A valid URL | nexus-postgres-postgresql.default.svc.cluster.local |
| nexus.db.port | The Postgres service port. | A valid port | 5432 |
| nexus.db.user | The user assigned for the Nexus application to access Postgres. | A valid user | nexus |
| nexus.db.password | The password assigned for the Nexus application to access Postgres. | A valid password | nexus |
| podSecurityContext.runAsNonRoot | Specifies whether the container must run as a non-root user. | true or false | true |
| podSecurityContext.runAsUser | The user ID to run the entry point of the container process. In OpenShift, if your deployment uses arbitrary UIDs set this value to null. | A valid user ID | 500 |
| podSecurityContext.runAsGroup | The group ID to run the entry point of the container process. In OpenShift, if your deployment uses arbitrary UIDs set this value to 0. | A valid group ID | 500 |
| podSecurityContext.fsGroup | A supplemental group ID that applies to all containers in a pod. In OpenShift, if your deployment uses arbitrary UIDs set this value to null. | A valid group ID | 500 |
| resources | The requests and limits for CPU and memory usage in Kubernetes. See the Kubernetes documentation for details. | requests: { cpu: "300m", memory: "512Mi" } | |
| affinity | Specifies the affinity and anti-affinity for Digital Channels pods. See the Kubernetes documentation for details. | Object | {} |
| nodeSelector | The labels Kubernetes uses to assign pods to nodes. See the Kubernetes documentation for details. | Object | {} |
| tolerations | The tolerations Kubernetes uses for advanced pod scheduling. See the Kubernetes documentation for details. | Object | [] |
| priorityClassName | The class name Kubernetes uses to determine the priority of a pod relative to other pods. See the Kubernetes documentation for details. | A valid priority class name | "" |
| monitoring.enabled | Specifies whether to deploy Custom Resource Definitions (CRD) for ServiceMonitors to determine which services should be monitored. | true or false | false |
| service.type | The Kubernetes service type. | See the Kubernetes documentation for details. | LoadBalancer |
| service.port | The Kubernetes service HTTP port. | A valid port | 80 |
| service.httpsPort | The Kubernetes service HTTPS port. | A valid port | 443 |
| service.nodePorts.http | The Kubernetes service HTTP node port. | A valid port | "" |
| service.nodePorts.https | The Kubernetes service HTTPS node port. | A valid port | "" |
| service.externalTrafficPolicy | Enables client source IP preservation. See the Kubernetes documentation for details. | Cluster or Local | Cluster |
| service.loadBalancerIP | The IP address of the load balancer service. | A valid IP address | "" |
| ingress.enabled | Enables the ingress controller resource. | true or false | false |
| ingress.annotations | The ingress annotations. | A valid set of annotations as "name: value" | [] |
| ingress.certManager | Add annotations for cert-manager. | true or false | false |
| ingress.hosts[0].name | The hostname of your Nexus installation. | A valid hostname | nexus.local |
| ingress.hosts[0].path | The path (within the URL structure) to your Nexus installation. | A valid path | / |
| ingress.hosts[0].tls | Specifies whether to use TLS backend in ingress. | true or false | false |
| ingress.hosts[0].tlsHosts | An array of TLS hosts for ingress record. If nil, this value defaults to the value of ingress.hosts[0].name. | Valid hosts | nil |
| ingress.hosts[0].tlsSecret | The TLS secret (certificates). | A valid secret | nexus.local-tls-secret |
| ingress.secrets[0].name | The TLS secret name. | A valid name | nil |
| ingress.secrets[0].certificate | The TLS secret certificate. | A valid certificate | nil |
| ingress.secrets[0].key | The TLS secret key. | A valid key | nil |
| podAnnotations | Custom annotations for each pod. | A valid set of labels as "name: value" | {} |
Configure security
To learn more about how security is configured for private edition, be sure to read the Permissions and OpenShift security settings topics in the Setting up Genesys Multicloud CX Private Edition guide.
The security context settings define the privilege and access control settings for pods and containers.
By default, the user and group IDs are set in the values.yaml file as500:500:500, meaning the genesys user.podSecurityContext:
runAsUser: 500
runAsGroup: 500
fsGroup: 500
runAsNonRoot: trueArbitrary UIDs in OpenShift
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that you do not define any specific IDs.podSecurityContext:
runAsUser: null
runAsGroup: 0
fsGroup: null
runAsNonRoot: true
Comments or questions about this documentation? Contact us for support!