Difference between revisions of "TLM/Current/TLMPEGuide/Configure"

From Genesys Documentation
Jump to: navigation, search
(Published)
Line 159: Line 159:
 
{{!}}tlm.secrets.name_override
 
{{!}}tlm.secrets.name_override
 
{{!}}Name override of the secret to target.
 
{{!}}Name override of the secret to target.
{{!}}``
+
{{!}}
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
 
{{!}}tlm.secrets.TELEMETRY_AUTH_CLIENT_SECRET
 
{{!}}tlm.secrets.TELEMETRY_AUTH_CLIENT_SECRET
 
{{!}}GAuth client Secret value.
 
{{!}}GAuth client Secret value.
{{!}}``
+
{{!}}
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
 
{{!}}tlm.context.envs.*
 
{{!}}tlm.context.envs.*
 
{{!}}Environment variables for Telemetry Service. Please refer to TLM service documentation.
 
{{!}}Environment variables for Telemetry Service. Please refer to TLM service documentation.
{{!}}``
 
{{!}}
 
{{!}}-
 
{{!}}
 
{{!}}
 
 
{{!}}
 
{{!}}
 
{{!}}
 
{{!}}
Line 194: Line 189:
 
|sectionHeading=Configure security
 
|sectionHeading=Configure security
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=NA
+
|structuredtext=To learn more about how security is configured for private edition, be sure to read the {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=Prerequisites|display text=Permissions}} and {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=ConfigSecurity}} topics in the ''Setting up Genesys Multicloud CX Private Edition'' guide.
 +
 
 +
The security context settings define the privilege and access control settings for pods and containers.
  
<br />
+
By default, the user and group IDs are set in the '''values.yaml''' file as <code>500:500:500</code>, meaning the '''genesys''' user.<syntaxhighlight>
|Status=Yes
+
optional:
 +
  securityContext:
 +
    runAsUser: 500
 +
    runAsGroup: 500
 +
    fsGroup: 500
 +
    runAsNonRoot: true
 +
</syntaxhighlight>
 +
===Arbitrary UIDs in OpenShift===
 +
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the '''values.yaml''' file, so that you do not define any specific IDs.<syntaxhighlight>
 +
optional:
 +
  securityContext:
 +
    runAsUser: null
 +
    runAsGroup: 0
 +
    fsGroup: null
 +
    runAsNonRoot: true
 +
</syntaxhighlight><br />
 +
|Status=No
 
}}{{Section
 
}}{{Section
 
|sectionHeading=Environment variables
 
|sectionHeading=Environment variables
|anchor=environment variables
+
|anchor=en-var
 
|alignment=Vertical
 
|alignment=Vertical
 
|structuredtext=<br />
 
|structuredtext=<br />
Line 217: Line 230:
 
{{!}}tlm.context.envs.TELEMETRY_CLOUD_PROVIDER
 
{{!}}tlm.context.envs.TELEMETRY_CLOUD_PROVIDER
 
{{!}}Specify the mode how telemetry service should be executed: Possible values aws / azure / openshift.
 
{{!}}Specify the mode how telemetry service should be executed: Possible values aws / azure / openshift.
{{!}}``
+
{{!}}
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_SERVICES_AUTH`
+
{{!}}TELEMETRY_SERVICES_AUTH
 
{{!}}URL of the GWS Auth public API. This is a mandatory field.
 
{{!}}URL of the GWS Auth public API. This is a mandatory field.
 
{{!}}
 
{{!}}
 
{{!}}<nowiki>http://gws-core-auth:8095</nowiki>
 
{{!}}<nowiki>http://gws-core-auth:8095</nowiki>
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_AUTH_CLIENT_ID`
+
{{!}}TELEMETRY_AUTH_CLIENT_ID
 
{{!}}The Client ID that is used to authenticate with GWS Auth service.
 
{{!}}The Client ID that is used to authenticate with GWS Auth service.
 
{{!}}telemetry_client
 
{{!}}telemetry_client
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CORS_DOMAIN`
+
{{!}}TELEMETRY_CORS_DOMAIN
 
{{!}}Domains to be supported by CORS. This can a comma separated list.{{NoteFormat|Add a `\` before `.` for regex matching. eg: `\.genesyslab\.com` (another `\` should be added when using quotes).|}}
 
{{!}}Domains to be supported by CORS. This can a comma separated list.{{NoteFormat|Add a `\` before `.` for regex matching. eg: `\.genesyslab\.com` (another `\` should be added when using quotes).|}}
 
{{!}}
 
{{!}}
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_TRACES_PROVIDER`
+
{{!}}TELEMETRY_TRACES_PROVIDER
 
{{!}}The trace provider to use can be `ElasticSearch` or `Console`.
 
{{!}}The trace provider to use can be `ElasticSearch` or `Console`.
 
{{!}}ElasticSearch
 
{{!}}ElasticSearch
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_TRACES_CONCURRENT`
+
{{!}}TELEMETRY_TRACES_CONCURRENT
 
{{!}}The maximum of parallel bulk request to Elasticsearch at the same time.
 
{{!}}The maximum of parallel bulk request to Elasticsearch at the same time.
 
{{!}}3
 
{{!}}3
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_TRACES_THRESHOLD`
+
{{!}}TELEMETRY_TRACES_THRESHOLD
 
{{!}}The maximum buffer entries for Elasticsearch service.
 
{{!}}The maximum buffer entries for Elasticsearch service.
{{!}}`400000`
+
{{!}}400000
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CONFIG_SERVICE`
+
{{!}}TELEMETRY_CONFIG_SERVICE
 
{{!}}The data source to fetch configuration information. Possible values : s3, azure, env, or an empty string.
 
{{!}}The data source to fetch configuration information. Possible values : s3, azure, env, or an empty string.
 
{{!}}none
 
{{!}}none
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CONFIG_SERVICE_CORS`
+
{{!}}TELEMETRY_CONFIG_SERVICE_CORS
 
{{!}}This overrides data source to fetch CORS configurations. Possible values : Same value as `TELEMETRY_CONFIG_SERVICE` or `environmentservice` for using the environment-service API (Uses the `TELEMETRY_SERVICES_ENVIRONMENT` variable).
 
{{!}}This overrides data source to fetch CORS configurations. Possible values : Same value as `TELEMETRY_CONFIG_SERVICE` or `environmentservice` for using the environment-service API (Uses the `TELEMETRY_SERVICES_ENVIRONMENT` variable).
 
{{!}}none
 
{{!}}none
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CLOUD_PROVIDER`
+
{{!}}TELEMETRY_CLOUD_PROVIDER
 
{{!}}Cloud provider for the service. Can be `aws`, `azure`, `gcp` or `premise`.
 
{{!}}Cloud provider for the service. Can be `aws`, `azure`, `gcp` or `premise`.
{{!}}`aws`
+
{{!}}aws
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CONFIG_CONTRACTS`
+
{{!}}TELEMETRY_CONFIG_CONTRACTS
 
{{!}}Stringified JSON array to provision contracts through `env` config provider.
 
{{!}}Stringified JSON array to provision contracts through `env` config provider.
{{!}}`[]`
+
{{!}}[]
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CONFIG_TENANTS`
+
{{!}}TELEMETRY_CONFIG_TENANTS
 
{{!}}A Stringified JSON to provision tenants through `env` config provider.
 
{{!}}A Stringified JSON to provision tenants through `env` config provider.
{{!}}`{}`
+
{{!}}{}
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_SERVICES_ENVIRONMENT`
+
{{!}}TELEMETRY_SERVICES_ENVIRONMENT
 
{{!}}The URL of the GWS environment service API. Used only if environment service is used for configuration provisioning.
 
{{!}}The URL of the GWS environment service API. Used only if environment service is used for configuration provisioning.
{{!}}value of `TELEMETRY_SERVICES_AUTH`
+
{{!}}value of TELEMETRY_SERVICES_AUTH
 
{{!}}http://gauth-environment-active.gauth
 
{{!}}http://gauth-environment-active.gauth
 
{{!}}}
 
{{!}}}

Revision as of 06:30, June 3, 2022

This topic is part of the manual Telemetry Service Private Edition Guide for version Current of Telemetry Service.

Learn how to configure Telemetry Service.

Configure a secret to access JFrog

If you haven't done so already, create a secret for accessing the JFrog registry:
kubectl create secret docker-registry <credential-name> --docker-server=<docker repo> --docker-username=<username> --docker-password=<password> --docker-email=<emailid>
Now map the secret to the default service account:
kubectl secrets link default <credential-name> --for=pull

Override Helm chart values

Parameter Description Default Valid values
serviceMonitoringAnnotations.enabled Activation of Prometheus monitoring annotations on service. true
podDisruptionBudget.enabled Activation of pod disruption. true
enableServiceLinks Enable service links in single namespace environment. false
tlm.replicaCount Number of replicas. 2
tlm.image.registry docker registry. pureengage-docker-staging.jfrog.io
tlm.image.repository docker registry. Telemetry
tlm.image.tag WWE image version.
tlm.image.pullPolicy Image pull policy. IfNotPresent
tlm.image.imagePullSecrets Image pull secrets. []
tlm.service.type k8s service type. ClusterIP
tlm.service.port_external k8s service port external (for customer facing). 8107
tlm.service.port_internal k8s service port internal (for metric scrapping endpoint). 9107
tlm.ingress Ingress configuration block. See #Ingress. {enabled:false}
tlm.resources.limits.cpu Maximum amount of CPU K8s allocates for container. 750m
tlm.resources.limits.memory Maximum amount of Memory K8s allocates for container. 1400Mi
tlm.resources.requests.cpu Guaranteed CPU allocation for container. 750m
tlm.resources.requests.memory Guaranteed Memory allocation for container. 1400Mi
tlm.deployment.strategy k8s deployment strategy. {}
tlm.priorityClassName k8s priority classname. genesysengage-high-priority
tlm.affinity pod affinity. {}
tlm.nodeselector k8s nodeselector map. { genesysengage.com/nodepool: general }
tlm.tolerations pod toleration. []
tlm.annotations pod annotations. []
tlm.autoscaling.enabled activate auto scaling. true
tlm.autoscaling.targetCPUPercent CPU percentage autoscaling trigger. 40
tlm.autoscaling.minReplicas Minimum number of replicas. 2
tlm.autoscaling.maxReplicas Maximum number of replicas. 10
tlm.secrets.name_override Name override of the secret to target.
tlm.secrets.TELEMETRY_AUTH_CLIENT_SECRET GAuth client Secret value.
tlm.context.envs.* Environment variables for Telemetry Service. Please refer to TLM service documentation.

You can modify the configuration to suit your environment by two methods:

  • Specify each parameter using the --set key=value[,key=value] argument to helm install. For example, 
    helm install telemetry-service.tgz --set tlm.replicaCount 4
  • Specify the parameters to be modified in a values.yaml file. 
    helm install --name tlm -f values.yaml telemetry-service.tgz

Configure Kubernetes

NA

Configure security

To learn more about how security is configured for private edition, be sure to read the Permissions and OpenShift security settings topics in the Setting up Genesys Multicloud CX Private Edition guide.

The security context settings define the privilege and access control settings for pods and containers.

By default, the user and group IDs are set in the values.yaml file as 500:500:500, meaning the genesys user.
optional:
  securityContext:
    runAsUser: 500
    runAsGroup: 500
    fsGroup: 500
    runAsNonRoot: true

Arbitrary UIDs in OpenShift

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that you do not define any specific IDs.
optional:
  securityContext:
    runAsUser: null
    runAsGroup: 0
    fsGroup: null
    runAsNonRoot: true

Environment variables


Parameter Description Default Valid values
tlm.context.envs.TELEMETRY_AUTH_CLIENT_ID GAuth client ID value. telemetry_client
tlm.context.envs.TELEMETRY_CLOUD_PROVIDER Specify the mode how telemetry service should be executed: Possible values aws / azure / openshift.
TELEMETRY_SERVICES_AUTH URL of the GWS Auth public API. This is a mandatory field. http://gws-core-auth:8095
TELEMETRY_AUTH_CLIENT_ID The Client ID that is used to authenticate with GWS Auth service. telemetry_client
TELEMETRY_CORS_DOMAIN Domains to be supported by CORS. This can a comma separated list.
Important
Add a `\` before `.` for regex matching. eg: `\.genesyslab\.com` (another `\` should be added when using quotes).
TELEMETRY_TRACES_PROVIDER The trace provider to use can be `ElasticSearch` or `Console`. ElasticSearch
TELEMETRY_TRACES_CONCURRENT The maximum of parallel bulk request to Elasticsearch at the same time. 3
TELEMETRY_TRACES_THRESHOLD The maximum buffer entries for Elasticsearch service. 400000
TELEMETRY_CONFIG_SERVICE The data source to fetch configuration information. Possible values : s3, azure, env, or an empty string. none
TELEMETRY_CONFIG_SERVICE_CORS This overrides data source to fetch CORS configurations. Possible values : Same value as `TELEMETRY_CONFIG_SERVICE` or `environmentservice` for using the environment-service API (Uses the `TELEMETRY_SERVICES_ENVIRONMENT` variable). none
TELEMETRY_CLOUD_PROVIDER Cloud provider for the service. Can be `aws`, `azure`, `gcp` or `premise`. aws
TELEMETRY_CONFIG_CONTRACTS Stringified JSON array to provision contracts through `env` config provider. []
TELEMETRY_CONFIG_TENANTS A Stringified JSON to provision tenants through `env` config provider. {}
TELEMETRY_SERVICES_ENVIRONMENT The URL of the GWS environment service API. Used only if environment service is used for configuration provisioning. value of TELEMETRY_SERVICES_AUTH http://gauth-environment-active.gauth

Prepare an environment

Create a new project namespace for Telemetry: 

kubectl create namespace tlm

See Creating namespaces for a list of approved namespaces.

Download the telemetry helm charts from the JFrog repository: 

https://pureengage.jfrog.io/artifactory/helm-staging/tlm

Create a values-telemetry.yaml file and update the following parameters: 

TELEMETRY_AUTH_CLIENT_SECRET: <CLIENT_SECRET GENEREATED FROM GAUTH>
TELEMETRY_AUTH_CLIENT_ID: <CLIENT_ID GENEREATED FROM GAUTH>
TELEMETRY_SERVICES_AUTH: "<GAUTH URL>"
TELEMETRY_CLOUD_PROVIDER: "GKE"
TELEMETRY_CORS_DOMAIN: "<domain for which cors has been enabled>"
grafanaDashboard:
  enabled: true

Copy the values-telemetry.yaml file and the tlm Helm package to the installation location.

Retrieved from "https://all.docs.genesys.com/TLM/Current/TLMPEGuide/Configure (2024-07-28 01:20:19)"
Comments or questions about this documentation? Contact us for support!