Difference between revisions of "WebRTC/Current/WebRTCPEGuide/Configure"
From Genesys Documentation
(Published) |
|||
| Line 7: | Line 7: | ||
|sectionHeading=Override Helm chart values | |sectionHeading=Override Helm chart values | ||
|alignment=Vertical | |alignment=Vertical | ||
| − | |structuredtext=Download the WebRTC Helm charts from JFrog using your credentials. | + | |structuredtext=Download the WebRTC Helm charts from JFrog using your credentials. Override the configuration parameters in the '''values.yaml''' file to provide deployment-specific values for certain parameters. You can override values in the Helm charts to configure Private Edition. For more information about overriding Helm chart values, see the "suite-level" documentation about how to override Helm chart values: {{SuiteLevelLink|helmoverride}} |
| − | If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the '''values.yaml''' file, so that no user or group IDs are specified. For | + | If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the '''values.yaml''' file, so that no user or group IDs are specified. For more information, see the '''Configure security''' section. |
{{{!}} class="wikitable" | {{{!}} class="wikitable" | ||
| Line 27: | Line 27: | ||
{{!}}{{!}}webrtc | {{!}}{{!}}webrtc | ||
{{!}}{{!}}string | {{!}}{{!}}string | ||
| − | {{!}}{{!}}You can modify default namespace used to deploy applications in the <tt>deployment.namespace</tt> option. | + | {{!}}{{!}}You can modify the default namespace used to deploy applications in the <tt>deployment.namespace</tt> option. |
{{!}}{{!}}<source lang="LANGUAGE">deployment: | {{!}}{{!}}<source lang="LANGUAGE">deployment: | ||
namespace: production</source> | namespace: production</source> | ||
| Line 50: | Line 50: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}deployment.tolerations | {{!}}{{!}}deployment.tolerations | ||
| − | {{!}}{{!}} | + | {{!}}{{!}}Include this parameter in the Gateway and CoTurn, if the content of toleration exists. |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 76: | Line 76: | ||
{{!}}{{!}} | {{!}}{{!}} | ||
{{!}}{{!}}Specification | {{!}}{{!}}Specification | ||
| − | {{!}}{{!}}As the default value of HAProxy route timeout is set to | + | {{!}}{{!}}As the default value of the HAProxy route timeout is set to 30 s, there is a possibility it interferes with the WebRTC long-polling timeout (30 s) and disconnect the session. You can override this default value and increase the timeout to 50 s using the annotation, <tt>haproxy.router.openshift.io/timeout: 50 s</tt>, for the session to respond and connect. |
{{!}}{{!}}<source lang="LANGUAGE">deployment | {{!}}{{!}}<source lang="LANGUAGE">deployment | ||
ingress: | ingress: | ||
| Line 89: | Line 89: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}deployment.ingress.tls | {{!}}{{!}}deployment.ingress.tls | ||
| − | {{!}}{{!}}If this option is defined, <tt>tls</tt> option | + | {{!}}{{!}}If this option is defined, <tt>tls</tt> option is declared in the Ingress specification |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 121: | Line 121: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}deployment.dnsPolicy | {{!}}{{!}}deployment.dnsPolicy | ||
| − | {{!}}{{!}}Kubernetes DNS Policy that | + | {{!}}{{!}}Kubernetes DNS Policy that is applied in the Pods |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 131: | Line 131: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}deployment.dnsConfig | {{!}}{{!}}deployment.dnsConfig | ||
| − | {{!}}{{!}}All DNS settings | + | {{!}}{{!}}All DNS settings must be provided using the dnsConfig field in the Pod specification |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 151: | Line 151: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}deployment.coturnDeployment | {{!}}{{!}}deployment.coturnDeployment | ||
| − | {{!}}{{!}}Type of CoTurn deployment - <tt>internal</tt>: the internal LBs | + | {{!}}{{!}}Type of CoTurn deployment - <tt>internal</tt>: the internal LBs are created and the IP addresses of that LBs must be used in the firewall or other ways to be exposed externally. <br><tt>external</tt>: the external LBs are created with given external static IPs (IPs for the green and blue LBs must be set with <tt>lbIpBlue</tt> and <tt>lbIpGreen</tt> during the infra-color deployment. |
{{!}}{{!}}mandatory | {{!}}{{!}}mandatory | ||
{{!}}{{!}} | {{!}}{{!}} | ||
{{!}}{{!}}internal/external | {{!}}{{!}}internal/external | ||
| − | {{!}}{{!}}For Premise Edition - This | + | {{!}}{{!}}For Premise Edition - This parameter is configured as <tt>external</tt> |
{{!}}{{!}} | {{!}}{{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}deployment.coturnService.annotation | {{!}}{{!}}deployment.coturnService.annotation | ||
| − | {{!}}{{!}}Annotation that | + | {{!}}{{!}}Annotation that is added to the Kubernetes LoadBalancer Service object |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 186: | Line 186: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}monitoring.prometheusMetrics | {{!}}{{!}}monitoring.prometheusMetrics | ||
| − | {{!}}{{!}} | + | {{!}}{{!}}Enables Prometheus metrics to deploy PodMonitors |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}}false | {{!}}{{!}}false | ||
| Line 220: | Line 220: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}image.initContainerImage | {{!}}{{!}}image.initContainerImage | ||
| − | {{!}}{{!}}Image for initialization container - used to create log folders. If image is not specified, the init container | + | {{!}}{{!}}Image for initialization container - used to create log folders. If image is not specified, the init container is not applied and the logs are written into <tt>logPath</tt> |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 348: | Line 348: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.arguments | {{!}}{{!}}gateway.arguments | ||
| − | {{!}}{{!}}Any additional options that | + | {{!}}{{!}}Any additional options that are applied to the Gateway containers |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 357: | Line 357: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.podAnnotations | {{!}}{{!}}gateway.podAnnotations | ||
| − | {{!}}{{!}}Any additional annotations that | + | {{!}}{{!}}Any additional annotations that are applied to the Gateway pods |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 383: | Line 383: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.resources.requests.cpu | {{!}}{{!}}gateway.resources.requests.cpu | ||
| − | {{!}}{{!}}Requested amount of CPU milliunits. <br>{{NoteFormat|This value is per worker and | + | {{!}}{{!}}Requested amount of CPU milliunits. <br>{{NoteFormat|This value is per worker and is multiplied by the <tt>gateway.workersCount</tt> option in helm|}} |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}}800 | {{!}}{{!}}800 | ||
| Line 391: | Line 391: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.resources.requests.memory | {{!}}{{!}}gateway.resources.requests.memory | ||
| − | {{!}}{{!}}Requested amount of Memory (in MB). <br>{{NoteFormat|This value is per worker and | + | {{!}}{{!}}Requested amount of Memory (in MB). <br>{{NoteFormat|This value is per worker and is multiplied by the <tt>gateway.workersCount</tt> option in helm|}} |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}}150 | {{!}}{{!}}150 | ||
| Line 436: | Line 436: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.scaling.maxReplicaCount | {{!}}{{!}}gateway.scaling.maxReplicaCount | ||
| − | {{!}}{{!}}Maximum number of replicas that | + | {{!}}{{!}}Maximum number of replicas that are raised by KEDA/HPA. See KEDA documentation for more information. |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}}100 | {{!}}{{!}}100 | ||
| Line 461: | Line 461: | ||
minAvailable: 50%</source> | minAvailable: 50%</source> | ||
{{!}}- | {{!}}- | ||
| − | {{!}}{{!}}secrets.type | + | {{!}}{{!}}gateway.secrets.type |
| − | {{!}}{{!}}Describes where the secrets | + | {{!}}{{!}}Describes where the secrets are taken - in Kubernetes secrets, CSI driver, or from the Environment variables |
{{!}}{{!}}mandatory | {{!}}{{!}}mandatory | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 469: | Line 469: | ||
{{!}}{{!}} | {{!}}{{!}} | ||
{{!}}- | {{!}}- | ||
| − | {{!}}{{!}}secrets.csi.gws | + | {{!}}{{!}}gateway.secrets.csi.gws |
{{!}}{{!}}If the <tt>secrets.type</tt> option is set to <tt>csi</tt>, the name of the CSI object contains the GWS secret | {{!}}{{!}}If the <tt>secrets.type</tt> option is set to <tt>csi</tt>, the name of the CSI object contains the GWS secret | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 477: | Line 477: | ||
{{!}}{{!}} | {{!}}{{!}} | ||
{{!}}- | {{!}}- | ||
| − | {{!}}{{!}}secrets.k8s.gws | + | {{!}}{{!}}gateway.secrets.k8s.gws |
{{!}}{{!}}If the <tt>secrets.type</tt> option is set to <tt>k8s</tt>, the name of the Kubernetes Secret object that contains the GWS secret | {{!}}{{!}}If the <tt>secrets.type</tt> option is set to <tt>k8s</tt>, the name of the Kubernetes Secret object that contains the GWS secret | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 485: | Line 485: | ||
{{!}}{{!}} | {{!}}{{!}} | ||
{{!}}- | {{!}}- | ||
| − | {{!}}{{!}}secrets | + | {{!}}{{!}}gateway.secrets.env.gwsClient |
{{!}}{{!}}If the <tt>secrets.type</tt> option is set to <tt>env</tt>, the value is GWS clientid created for WebRTC | {{!}}{{!}}If the <tt>secrets.type</tt> option is set to <tt>env</tt>, the value is GWS clientid created for WebRTC | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 493: | Line 493: | ||
{{!}}{{!}} | {{!}}{{!}} | ||
{{!}}- | {{!}}- | ||
| − | {{!}}{{!}}secrets | + | {{!}}{{!}}gateway.secrets.env.gwsSecret |
{{!}}{{!}}If the <tt>secrets.type</tt> option is set to <tt>env</tt>, the value is GWS secret for the client given clientid | {{!}}{{!}}If the <tt>secrets.type</tt> option is set to <tt>env</tt>, the value is GWS secret for the client given clientid | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 513: | Line 513: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.serviceAccountName | {{!}}{{!}}gateway.serviceAccountName | ||
| − | {{!}}{{!}}Name of the ServiceAccount that | + | {{!}}{{!}}Name of the ServiceAccount that is used to run the Gateway pod |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 521: | Line 521: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.logPath | {{!}}{{!}}gateway.logPath | ||
| − | {{!}}{{!}}Path to the log-directory. | + | {{!}}{{!}}Path to the log-directory. used for both - PVC or HostPath types of logs. Also, check the <tt>esServer</tt> option. If <tt>/mnt/log/webrtc</tt> is specified, the <tt>/mnt/log/webrtc/<gateway pod name>/webrtcgw</tt> logfiles are created and used in the mentioned path. If the <tt>image.initContainerImage</tt> option is not specified, the folder with the pod name will not be created and the <tt>/mnt/log/webrtc/webrtcgw</tt> logfiles will be created. |
{{!}}{{!}}mandatory | {{!}}{{!}}mandatory | ||
{{!}}{{!}}"/mnt/log/webrtc" | {{!}}{{!}}"/mnt/log/webrtc" | ||
| Line 529: | Line 529: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.logPvc | {{!}}{{!}}gateway.logPvc | ||
| − | {{!}}{{!}}Option for Persistent Volume Claim used for the Gateway logs. If | + | {{!}}{{!}}Option for Persistent Volume Claim used for the Gateway logs. If logPvc is not defined, the HostPath is used for the logs mount. |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 549: | Line 549: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.logPvc.pvcName | {{!}}{{!}}gateway.logPvc.pvcName | ||
| − | {{!}}{{!}}Name of the Persistent Volume Claim. If this option is present, the PVC | + | {{!}}{{!}}Name of the Persistent Volume Claim. If this option is present, the PVC is created. Else, the <tt>hostpath</tt> is used for the Gateway logs. |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 557: | Line 557: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.logPvc.volumeName | {{!}}{{!}}gateway.logPvc.volumeName | ||
| − | {{!}}{{!}}PersistentVolume name for the PVC. Single Volume | + | {{!}}{{!}}PersistentVolume name for the PVC. Single Volume is used for both green and blue deployments of the gateway |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 565: | Line 565: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.logPvc.volumeSpec | {{!}}{{!}}gateway.logPvc.volumeSpec | ||
| − | {{!}}{{!}}If the Perisitent Volume specification is configured in the <tt>gateway.logPvc.volumeSpec</tt> option, the PersistentVolume object with name from the <tt>gateway.logPvc.volumeName</tt> option | + | {{!}}{{!}}If the Perisitent Volume specification is configured in the <tt>gateway.logPvc.volumeSpec</tt> option, the PersistentVolume object with name from the <tt>gateway.logPvc.volumeName</tt> option is created using this specification. |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 582: | Line 582: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}gateway.logPvc.volumeAnnotations | {{!}}{{!}}gateway.logPvc.volumeAnnotations | ||
| − | {{!}}{{!}}Any additional annotations that | + | {{!}}{{!}}Any additional annotations that are used for the PersistentVolume if the <tt>gateway.logPvc.volumeSpec</tt> is specified here. |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 600: | Line 600: | ||
{{!}}{{!}} | {{!}}{{!}} | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| + | {{!}}- | ||
| + | {{!}}gateway.restartPolicy | ||
| + | {{!}}Restart policy for gateway pods. | ||
| + | {{!}}Optional | ||
| + | {{!}}Always | ||
| + | {{!}}depends on cluster | ||
| + | {{!}} | ||
| + | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}coturn.port | {{!}}{{!}}coturn.port | ||
| − | {{!}}{{!}}Coturn port that | + | {{!}}{{!}}Coturn port that is used by the CoTurn Load Balancer |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}}443 | {{!}}{{!}}443 | ||
| Line 634: | Line 642: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}coturn.podAnnotations | {{!}}{{!}}coturn.podAnnotations | ||
| − | {{!}}{{!}}Any additional annotations that | + | {{!}}{{!}}Any additional annotations that are applied for CoTurn pods |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 706: | Line 714: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}coturn.scaling.maxReplicaCount | {{!}}{{!}}coturn.scaling.maxReplicaCount | ||
| − | {{!}}{{!}}Maxium number of replicas that | + | {{!}}{{!}}Maxium number of replicas that are raised by KEDA/HPA. Refer to KEDA documentation for more information. |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}}100 | {{!}}{{!}}100 | ||
| Line 728: | Line 736: | ||
{{!}}{{!}} | {{!}}{{!}} | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| + | {{!}}- | ||
| + | {{!}} | ||
| + | {{!}} | ||
| + | {{!}} | ||
| + | {{!}} | ||
| + | {{!}} | ||
| + | {{!}} | ||
| + | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}coturn.scaling.thresholdMemory | {{!}}{{!}}coturn.scaling.thresholdMemory | ||
| Line 767: | Line 783: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}coturn.logPath | {{!}}{{!}}coturn.logPath | ||
| − | {{!}}{{!}}Path to the log-directory. This can be the directory path or "stdout". This path | + | {{!}}{{!}}Path to the log-directory. This can be the directory path or "stdout". This path is used for both PVC or HostPath types of logs. <br>Example: If <tt>/mnt/log/webrtc</tt> is specified, <tt>"/mnt/log/webrtc/<coturn pod name>/turn.xxx.log"</tt> logfile is created and used in the mentioned path. <br>If <tt>image.initContainerImage</tt> is not specified, the folder with pod name will not be created and <tt>mnt/log/webrtc/turn.xxx.log</tt> logfile will be created. |
{{!}}{{!}}mandatory | {{!}}{{!}}mandatory | ||
{{!}}{{!}}"/mnt/log/webrtc" | {{!}}{{!}}"/mnt/log/webrtc" | ||
| Line 775: | Line 791: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}coturn.logPvc | {{!}}{{!}}coturn.logPvc | ||
| − | {{!}}{{!}}Section for Persistent Volume Claim used for CoTurn logs. If this option not defined, the <tt>HostPath</tt> | + | {{!}}{{!}}Section for Persistent Volume Claim used for CoTurn logs. If this option not defined, the <tt>HostPath</tt> is used for logs mount. |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}}"/mnt/log/webrtc" | {{!}}{{!}}"/mnt/log/webrtc" | ||
| Line 794: | Line 810: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}coturn.logPvc.pvcName | {{!}}{{!}}coturn.logPvc.pvcName | ||
| − | {{!}}{{!}}Name of PersistentVolumeClaim. If this option is present, PVC will be created. Else, the <tt>HostPath</tt> | + | {{!}}{{!}}Name of PersistentVolumeClaim. If this option is present, PVC will be created. Else, the <tt>HostPath</tt> is used for CoTurn logs. |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 818: | Line 834: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}coturn.logPvc.volumeName | {{!}}{{!}}coturn.logPvc.volumeName | ||
| − | {{!}}{{!}}Persistent Volume name for the PVC. Single Volume | + | {{!}}{{!}}Persistent Volume name for the PVC. Single Volume is used for both green and blue deployments of the CoTurn logs |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 842: | Line 858: | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}coturn.logPvc.volumeAnnotations | {{!}}{{!}}coturn.logPvc.volumeAnnotations | ||
| − | {{!}}{{!}}Any additional annotations that | + | {{!}}{{!}}Any additional annotations that are used for the Persistent Volume, if the <tt>coturn.logPvc.volumeSpec</tt> option is specified |
{{!}}{{!}}optional | {{!}}{{!}}optional | ||
{{!}}{{!}} | {{!}}{{!}} | ||
| Line 851: | Line 867: | ||
volumeAnnotations: | volumeAnnotations: | ||
pv.kubernetes.io/bound-by-controller: 'yes'</source> | pv.kubernetes.io/bound-by-controller: 'yes'</source> | ||
| + | {{!}}- | ||
| + | {{!}}coturn.restartPolicy | ||
| + | {{!}}Restart policy for coturn pods. | ||
| + | {{!}}optional | ||
| + | {{!}}Always | ||
| + | {{!}}depends on cluster | ||
| + | {{!}} | ||
| + | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}{{!}}labels.common | {{!}}{{!}}labels.common | ||
| Line 909: | Line 933: | ||
</source> | </source> | ||
===Arbitrary UIDs in OpenShift=== | ===Arbitrary UIDs in OpenShift=== | ||
| − | If you want to use arbitrary UIDs in your OpenShift deployment, | + | If you want to use arbitrary UIDs in your OpenShift deployment, override the '''securityContext''' settings in the '''values.yaml''' file, so that you do not define any specific IDs. |
<source lang="bash"> | <source lang="bash"> | ||
| Line 918: | Line 942: | ||
fsGroup: null | fsGroup: null | ||
</source> | </source> | ||
| + | <!-- | ||
| + | ===Arbitrary UIDs in AKS=== | ||
| + | If you want to use arbitrary UIDs in your Azure Kubernetes Services deployment, override the '''securityContext''' settings in the '''values.yaml''' file, so that you do not define any specific IDs.<source lang="bash"> | ||
| + | podSecurityContext: | ||
| + | runAsNonRoot: true | ||
| + | runAsUser: null | ||
| + | runAsGroup: 0 | ||
| + | fsGroup: null | ||
| + | |||
| + | securityContext: | ||
| + | runAsNonRoot: true | ||
| + | runAsUser: null | ||
| + | runAsGroup: 0 | ||
| + | </source><br /> | ||
| + | --> | ||
|Status=No | |Status=No | ||
}}{{Section | }}{{Section | ||
| Line 926: | Line 965: | ||
#'''Review values-template.yaml in helm charts''': It provides all the available options with comments and explanations. | #'''Review values-template.yaml in helm charts''': It provides all the available options with comments and explanations. | ||
#'''Configure all the options in your own values file''': Configure/overwrite values for options that you need. Use the values-template.yaml file from the package that displays the list of available options with their description. | #'''Configure all the options in your own values file''': Configure/overwrite values for options that you need. Use the values-template.yaml file from the package that displays the list of available options with their description. | ||
| − | #:{{NoteFormat|Do not configure deployment.type and deployment.color options in values.yaml-file(s). These values should be used only during deployment process as command-line parameters to specify the deployment process.}} | + | #:{{NoteFormat|Do not configure <b>deployment.type</b> and <b>deployment.color</b> options in values.yaml-file(s). These values should be used only during deployment process as command-line parameters to specify the deployment process.}} |
#:Sample values.yaml file: | #:Sample values.yaml file: | ||
#:<source lang="LANGUAGE">deployment: | #:<source lang="LANGUAGE">deployment: | ||
Revision as of 09:00, September 2, 2022
Contents
Learn how to configure WebRTC.
Related documentation:
RSS:
Override Helm chart values
Download the WebRTC Helm charts from JFrog using your credentials. Override the configuration parameters in the values.yaml file to provide deployment-specific values for certain parameters. You can override values in the Helm charts to configure Private Edition. For more information about overriding Helm chart values, see the "suite-level" documentation about how to override Helm chart values: Overriding Helm chart values
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that no user or group IDs are specified. For more information, see the Configure security section.
| Option name | Description | Is mandatory | Default value | Valid value | Notes | Example |
|---|---|---|---|---|---|---|
| deployment.namespace | Name of Kubernetes namespace for WebRTC deployment | mandatory | webrtc | string | You can modify the default namespace used to deploy applications in the deployment.namespace option. | deployment:
namespace: production |
| deployment.priorityClassName | Name of the priority class for pods that specify the importance of a pod relative to other pods | optional | string | |||
| deployment.nodeSelector | Node selector for Gateway and CoTurn pods | optional | Specification | deployment:
nodeSelector:
genesysengage.com/nodepool: general | ||
| deployment.tolerations | Include this parameter in the Gateway and CoTurn, if the content of toleration exists. | optional | Specification | deployment:
tolerations:
- operator: Exists
effect: NoSchedule
key: "k8s.genesysengage.com/nodepool" | ||
| deployment.ingress.domain | Ingress domain | mandatory | string | deployment:
ingress:
domain: apps.vce-c0.eps.genesys.com | ||
| deployment.ingress.annotations | WebRTC Annotation for Ingress controller | mandatory | Specification | As the default value of the HAProxy route timeout is set to 30 s, there is a possibility it interferes with the WebRTC long-polling timeout (30 s) and disconnect the session. You can override this default value and increase the timeout to 50 s using the annotation, haproxy.router.openshift.io/timeout: 50 s, for the session to respond and connect. | deployment
ingress:
annotations:
kubernetes.io/ingress.class: nginx01-internal
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/affinity-mode: persistent
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/session-cookie-path: "/; Secure"
nginx.ingress.kubernetes.io/session-cookie-samesite: None
haproxy.router.openshift.io/timeout: 50s | |
| deployment.ingress.tls | If this option is defined, tls option is declared in the Ingress specification | optional | Specification | deployment:
ingress:
tls:
secretName: webrtc.api01-eastus2.dev.genazure.com-tls-secret | ||
| deployment.affinity | Pod affinity descriptions | optional | Specification | deployment:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: servicename
operator: In
values:
- webrtc-gateway
- webrtc-coturn
topologyKey: failure-domain.beta.kubernetes.io/zone | ||
| deployment.dnsPolicy | Kubernetes DNS Policy that is applied in the Pods | optional | deployment:
nodeSelector:
genesysengage.com/nodepool: general | |||
| deployment.dnsConfig | All DNS settings must be provided using the dnsConfig field in the Pod specification | optional | deployment:
dnsConfig:
options:
- name: ndots
value: "3" | |||
| deployment.keda | Enable KEDA usage for the Gateway and CoTurn horizontal auto-scaling | optional | false | true/false | ||
| deployment.coturnDeployment | Type of CoTurn deployment - internal: the internal LBs are created and the IP addresses of that LBs must be used in the firewall or other ways to be exposed externally. external: the external LBs are created with given external static IPs (IPs for the green and blue LBs must be set with lbIpBlue and lbIpGreen during the infra-color deployment. |
mandatory | internal/external | For Premise Edition - This parameter is configured as external | ||
| deployment.coturnService.annotation | Annotation that is added to the Kubernetes LoadBalancer Service object | optional | deployment:
coturnService:
annotations:
service.beta.kubernetes.io/azure-load-balancer-resource-group: service-webrtc-westus2-dev | |||
| monitoring.enabled | Enable monitoring content - dashboards, alerts, metrics | optional | false | true/false | ||
| monitoring.dashboards | Enable ConfigMaps deployment that contains dashboards | optional | false | true/false | ||
| monitoring.prometheusMetrics | Enables Prometheus metrics to deploy PodMonitors | optional | false | true/false | ||
| monitoring.prometheusAlerts | Enable Prometheus rules for alerts | optional | false | true/false | ||
| image.imagePullSecrets | Secrets to pull image, list | mandatory | image:
imagePullSecrets:
- myRegistrySecret | |||
| image.pullPolicy | Kubernetes pull policy of all containers | optional | Always | Always/IfNotPresent | ||
| image.initContainerImage | Image for initialization container - used to create log folders. If image is not specified, the init container is not applied and the logs are written into logPath | optional | string | |||
| image.webrtc | Repository/directory to get the Gateway image | mandatory | string | pureengage-docker-staging.jfrog.io/webrtc | ||
| image.coturn | Repository/directory to get the CoTurn image | mandatory | string | pureengage-docker-staging.jfrog.io/webrtc | ||
| image.webrtcVersion | Versions of the WebRTC Gateway container | mandatory | string | 9.0.000.88 | ||
| image.coturnVersion | Versions of the CoTurn container | mandatory | string | 9.0.000.88 | ||
| gateway.replicas | Number of Gateway pods on the deployment stage | optional | 1 | integer | ||
| gateway.workersCount | Number of Gateway worker threads that handle calls. 1 worker handles 25 registrations/calls. CPU and Memory request depends on the number of workers. | optional | 3 | integer | ||
| gateway.voiceSipProxy | Voice microservice - SIP proxy address | mandatory | string, address | voice-sipproxy.voice.svc.cluster.local;transport=tcp | ||
| gateway.turnExternalUriBlue | FQDNs of CoTurn blue LB | mandatory | string, address | |||
| gateway.turnExternalUriGreen | FQDNs of CoTurn green LB | mandatory | string, address | |||
| gateway.authRedirectUri | GWS/WEE redirect URI for WWE authentication | mandatory | string, address | |||
| gateway.authService | GAuth service address | mandatory | string, address | |||
| gateway.envService | GWS9.x Environment service address | mandatory | string, address | |||
| gateway.cfgService | GWS9.x configuration service address | optional | string, address | |||
| gateway.enableTranscoding | Enable or disable transcoding on the Gateway side. Transcoding is enabled by default. If the transcoding is disabled, the Gateway can handle more agent sessions but OPUS codec is not supported. |
optional | true | true/false | ||
| gateway.enable1pccCalls | Specifies if the 1pcc operations are enabled | optional | false | true/false | ||
| gateway.arguments | Any additional options that are applied to the Gateway containers | optional | Array of strings | gateway:
arguments: [ '-codecs pcmu,pcma,opus=120', '-sip-disallowed-codecs opus,telephone-event' ] | ||
| gateway.podAnnotations | Any additional annotations that are applied to the Gateway pods | optional | gateway:
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "10052"
prometheus.io/path: "/metrics" | |||
| gateway.resources | Describes the resources requested for the Gateway pods. Important Do not specify this option, if you do not need resources requests/limits. |
optional | Section | gateway:
resources:
requests:
cpu: 800
memory: 150
limits:
memory: "8Gi" | ||
| gateway.resources.requests.cpu | Requested amount of CPU milliunits. Important This value is per worker and is multiplied by the gateway.workersCount option in helm |
optional | 800 | integer | ||
| gateway.resources.requests.memory | Requested amount of Memory (in MB). Important This value is per worker and is multiplied by the gateway.workersCount option in helm |
optional | 150 | integer | ||
| gateway.resources.limits.memory | Absolute value for Gateway memory usage limit | optional | "8Gi" | Kubernetes value for the resource limit | ||
| gateway.scaling | Describes the auto-scaling parameters. If the deployment.keda option is set to false, you can skip this option. | optional | Section | gateway:
scaling:
pollingInterval: 30
maxReplicaCount: 100
prometheusAddress: http://monitoring-prometheus-prometheus.monitoring:9090
thresholdSignins: 70 | ||
| gateway.scaling.prometheusAddress | Describes the auto-scaling parameters. If the deployment.keda option is set to false, you can skip this option. | optional | http://monitoring-prometheus-prometheus.monitoring:909 | string, address | ||
| gateway.scaling.pollingInterval | KEDA polling interval (in seconds) - the interval to check each trigger on. See KEDA documentation for more information. | optional | 30 | integer | ||
| gateway.scaling.maxReplicaCount | Maximum number of replicas that are raised by KEDA/HPA. See KEDA documentation for more information. | optional | 100 | integer | ||
| gateway.scaling.thresholdSignins | In persons - number of registered agents that causes the Gateway auto-scaling if exceeded | optional | 71 | integer | ||
| gateway.budget.minAvailable | Option to configure the PodDisruptionBudget option. Do not specify this option, ff you do not need the PodDisruptionBudget option for the Gateway deployment. | optional | Kubernetes PodDisruptionBudget (PBD) value | gateway:
budget:
minAvailable: 50% | ||
| gateway.secrets.type | Describes where the secrets are taken - in Kubernetes secrets, CSI driver, or from the Environment variables | mandatory | csi k8s env | |||
| gateway.secrets.csi.gws | If the secrets.type option is set to csi, the name of the CSI object contains the GWS secret | string | ||||
| gateway.secrets.k8s.gws | If the secrets.type option is set to k8s, the name of the Kubernetes Secret object that contains the GWS secret | string | ||||
| gateway.secrets.env.gwsClient | If the secrets.type option is set to env, the value is GWS clientid created for WebRTC | string | ||||
| gateway.secrets.env.gwsSecret | If the secrets.type option is set to env, the value is GWS secret for the client given clientid | string | ||||
| gateway.securityContext | Security context for the Gateway container | optional | Specification | gateway:
securityContext:
runAsUser: 500
runAsGroup: 500 | ||
| gateway.serviceAccountName | Name of the ServiceAccount that is used to run the Gateway pod | optional | string | |||
| gateway.logPath | Path to the log-directory. used for both - PVC or HostPath types of logs. Also, check the esServer option. If /mnt/log/webrtc is specified, the /mnt/log/webrtc/<gateway pod name>/webrtcgw logfiles are created and used in the mentioned path. If the image.initContainerImage option is not specified, the folder with the pod name will not be created and the /mnt/log/webrtc/webrtcgw logfiles will be created. | mandatory | "/mnt/log/webrtc" | string | "/export/vol1/PAT/infra/webrtc" | |
| gateway.logPvc | Option for Persistent Volume Claim used for the Gateway logs. If logPvc is not defined, the HostPath is used for the logs mount. | optional | Section | gateway:
logPvc:
pvcName: webrtc-gateway-log-pvc
volumeName: webrtc-gateway-log-volume
storageClassName: genesys-webrtc
capacity: 5Gi
volumeSpec:
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
path: /export/vol1/PAT/infra/webrtc
server: 192.168.30.51 | ||
| gateway.logPvc.pvcName | Name of the Persistent Volume Claim. If this option is present, the PVC is created. Else, the hostpath is used for the Gateway logs. | optional | string | |||
| gateway.logPvc.volumeName | PersistentVolume name for the PVC. Single Volume is used for both green and blue deployments of the gateway | optional | string | |||
| gateway.logPvc.volumeSpec | If the Perisitent Volume specification is configured in the gateway.logPvc.volumeSpec option, the PersistentVolume object with name from the gateway.logPvc.volumeName option is created using this specification. | optional | Specification | gateway:
logPvc:
volumeSpec:
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
path: /export/vol1/PAT/infra/webrtc
server: 192.168.30.51 | ||
| gateway.logPvc.volumeAnnotations | Any additional annotations that are used for the PersistentVolume if the gateway.logPvc.volumeSpec is specified here. | optional | Specification | gateway:
logPvc:
volumeAnnotations:
pv.kubernetes.io/bound-by-controller: 'yes' | ||
| gateway.esServer | Specifies the destination for the ElasticSearch logging - ElasticSearch server address or stdout. Gateway produces messages in the ElasticSearch format. |
optional | stdout | network address or "stdout" | ||
| gateway.restartPolicy | Restart policy for gateway pods. | Optional | Always | depends on cluster | ||
| coturn.port | Coturn port that is used by the CoTurn Load Balancer | optional | 443 | integer | ||
| coturn.lbIpBlue | External IP for CoTurn blue Load Balancer service. The IP must be same as the one used for the gateway.turnExternalUriBlue A-record | mandatory | IP address | |||
| coturn.lbIpGreen | External IP for CoTurn green Load Balancer service. The IP must be same as the one used for the gateway.turnExternalUriGreen A-record | mandatory | IP address | |||
| coturn.replicas | Number of CoTurn pods | optional | 1 | integer | ||
| coturn.podAnnotations | Any additional annotations that are applied for CoTurn pods | optional | Specification | coturn:
podAnnotations:
pods/realtime: "true"
pods/owner: "1051" | ||
| coturn.resources | Describes resources requested for the CoTurn pods. Do not specify this option if you do not need resources requests/limits. | optional | Section | coturn:
resources:
requests:
cpu: "0.5"
memory: "768Mi"
limits:
memory: "8Gi" | ||
| coturn.resources.requests.cpu | Requested amount of CPU. Coturn requires 0.08CPU per call. | optional | 0.5 | Kubernetes CPU request format | ||
| coturn.resources.requests.memory | Requested amount of Memory | optional | 150 | Kubernetes memory request format | ||
| coturn.resources.limits.memory | Absolute value for the CoTurn memory usage limit | optional | "8Gi" | Kubernetes value for resoure limit | ||
| coturn.scaling | Describes the autoscaling parameters. If the deployment.keda option is set to false, you can skip this section | optional | Section | coturn:
scaling:
pollingInterval: 30
maxReplicaCount: 100
thresholdCpu: 60
thresholdMemory: 60 | ||
| coturn.scaling.pollingInterval | Specifies the KEDA polling interval in seconds - the interval to check each trigger on. Refer to KEDA documentation for more information. | optional | 30 | integer | ||
| coturn.scaling.maxReplicaCount | Maxium number of replicas that are raised by KEDA/HPA. Refer to KEDA documentation for more information. | optional | 100 | integer | ||
| coturn.scaling.thresholdSignins | In percentage | optional | 71 | integer | ||
| coturn.scaling.thresholdCpu | In percentage. The target value is the average of the CPU resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. | optional | 60 | integer | ||
| coturn.scaling.thresholdMemory | In percentage. The target value is the average of the memory resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. | optional | 60 | integer | ||
| coturn.budget.minAvailable | Option to configure PodDisruptionBudget. Do not specify this option, if you do not need PodDisruptionBudget for the CoTurn deployment. | optional | Kubernetes PDB value | coturn:
budget:
minAvailable: 50% | ||
| coturn.securityContext | Security context for the CoTurn container. | optional | Specification | coturn:
securityContext:
runAsUser: 500
runAsGroup: 500 | ||
| coturn.serviceAccountName | Name of the ServiceAccount to use to run the CoTurn pod. | optional | string | |||
| coturn.logPath | Path to the log-directory. This can be the directory path or "stdout". This path is used for both PVC or HostPath types of logs. Example: If /mnt/log/webrtc is specified, "/mnt/log/webrtc/<coturn pod name>/turn.xxx.log" logfile is created and used in the mentioned path. If image.initContainerImage is not specified, the folder with pod name will not be created and mnt/log/webrtc/turn.xxx.log logfile will be created. |
mandatory | "/mnt/log/webrtc" | string | ||
| coturn.logPvc | Section for Persistent Volume Claim used for CoTurn logs. If this option not defined, the HostPath is used for logs mount. | optional | "/mnt/log/webrtc" | Section | coturn:
logPvc:
pvcName: webrtc-coturn-log-pvc
storageClassName: default
capacity: 10Gi
volumeName: webrtc-coturn-log-volume
volumeSpec:
nfs:
server: 192.168.1.5
path: /storage/webrtc
volumeMode: Filesystem
persistentVolumeReclaimPolicy: Retain | |
| coturn.logPvc.pvcName | Name of PersistentVolumeClaim. If this option is present, PVC will be created. Else, the HostPath is used for CoTurn logs. | optional | string | |||
| coturn.logPvc.storageClassName | StorageClass name for the CoTurn PVC | optional | string | |||
| coturn.logPvc.capacity | Volume capacity | optional | Kubernetes capacity storage values | |||
| coturn.logPvc.volumeName | Persistent Volume name for the PVC. Single Volume is used for both green and blue deployments of the CoTurn logs | optional | string | |||
| coturn.logPvc.volumeSpec | If the Persistent Volume specification is configured in coturn.logPvc.volumeSpec, the Persistent Volume object with name from the coturn.logPvc.volumeName will be created using this specification. | optional | Specification | gateway:
logPvc:
volumeSpec:
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
path: /export/vol1/PAT/infra/webrtc
server: 192.168.30.51 | ||
| coturn.logPvc.volumeAnnotations | Any additional annotations that are used for the Persistent Volume, if the coturn.logPvc.volumeSpec option is specified | optional | Specification | gateway:
logPvc:
volumeAnnotations:
pv.kubernetes.io/bound-by-controller: 'yes' | ||
| coturn.restartPolicy | Restart policy for coturn pods. | optional | Always | depends on cluster | ||
| labels.common | Describes the additional labels for common resources | optional | ||||
| labels.gateway | Describes the additional labels for the Gateway resources - pods, deployments, and services | optional | ||||
| labels.coturn | Describes the additional labels for the CoTurn resources - pods, deployments, and services | optional | ||||
| labels.alerts | Describes the additional labels for the alert objects | optional |
Configure Kubernetes
Document the layouts for the following so customers can create them if their Helm chart doesn't include a way to do this:
- ConfigMaps
- Secrets
Configure security
The security context settings define the privilege and access control settings for pods and containers.
By default, the user and group IDs are set in the values.yaml file as 500:500:500, meaning the genesys user.
securityContext:
runAsNonRoot: true
runAsUser: 500
runAsGroup: 500
fsGroup: 500Arbitrary UIDs in OpenShift
If you want to use arbitrary UIDs in your OpenShift deployment, override the securityContext settings in the values.yaml file, so that you do not define any specific IDs.
securityContext:
runAsNonRoot: true
runAsUser: null
runAsGroup: 0
fsGroup: nullConfigure the service
Before proceeding with the deployment process, perform the following pre-steps:
- Review values-template.yaml in helm charts: It provides all the available options with comments and explanations.
- Configure all the options in your own values file: Configure/overwrite values for options that you need. Use the values-template.yaml file from the package that displays the list of available options with their description.
- ImportantDo not configure deployment.type and deployment.color options in values.yaml-file(s). These values should be used only during deployment process as command-line parameters to specify the deployment process.
- Sample values.yaml file:
deployment: namespace: webrtc ingress: domain: apps.vce-c0.eps.genesys.com annotations: kubernetes.io/ingress.class: nginx01-internal nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/affinity-mode: persistent nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/session-cookie-path: "/; Secure" nginx.ingress.kubernetes.io/session-cookie-samesite: None dnsPolicy: ClusterFirst dnsConfig: options: - name: ndots value: "3" keda: false coturnDeployment: external monitoring: enabled: false dashboards: false prometheusMetrics: false prometheusAlerts: false image: imagePullSecrets: - webrtcjfrogsecret initContainerImage: pureengage-docker-staging.jfrog.io/alpine:3.7-curl webrtc: pureengage-docker-staging.jfrog.io/webrtc coturn: pureengage-docker-staging.jfrog.io/webrtc webrtcVersion: 9.0.000.88 coturnVersion: 9.0.000.88 gateway: logPath: "/export/vol1/PAT/infra/webrtc" logPvc: pvcName: webrtc-gateway-log-pvc volumeName: webrtc-gateway-log-volume storageClassName: genesys-webrtc capacity: 5Gi volumespec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain nfs: path: /export/vol1/PAT/infra/webrtc server: 192.168.30.51 esServer: stdout replicas: 1 workersCount: 1 voiceSipProxy: voice-sipproxy.voice.svc.cluster.local:5080;transport=tcp turnExternalUriBlue: 192.168.30.208 turnExternalUriGreen: 192.168.30.209 authRedirectUri: http://gauth.apps.vce-c0.eps.genesys.com:80 authService: http://gauth-auth.gauth.svc.cluster.local:80 envService: https://gws.apps.vce-c0.eps.genesys.com resources: requests: # NB! 800m per worker, MUST be integer, not string - will be multiplied by workersCount in helm cpu: 800 # NB! 150Mi per worker, MUST be integer, not string - will be multiplied by workersCount in helm memory: 150 limits: memory: "8Gi" secrets: type: env env: gwsClient: external_api_client gwsSecret: secret securityContext: runAsUser: 500 runAsGroup: 500 coturn: logPath: "/export/vol1/PAT/infra/coturn/" logPvc: pvcName: webrtc-coturn-log-pvc volumeName: webrtc-coturn-log-volume storageClassName: genesys-webrtc capacity: 5Gi volumeSpec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain nfs: path: /export/vol1/PAT/infra/webrtc server: 192.168.30.51 replicas: 1 port: 443 lbIpBlue: 192.168.30.208 lbIpGreen: 192.168.30.209 securityContext: runAsUser: 500 runAsGroup: 500
- PersistentVolume (PV) and PersistentVolumeClaim (PVC): If you plan to use PV for logs, create the PV and then specify it for PVC of Gateway and CoTurn.
- PV can also be created during the common-infrastructure deployment. You should review the values-template.yaml file and then configure the PV specification for Gateway and CoTurn.
- Single PV/PVC pair will be used for both Green and Blue deployments of Gateway, and another single PV/PVC pair will be used for both Green and Blue deployments of CoTurn.
Comments or questions about this documentation? Contact us for support!