Difference between revisions of "TLM/Current/TLMPEGuide/Configure"

From Genesys Documentation
Jump to: navigation, search
 
(4 intermediate revisions by 2 users not shown)
Line 22: Line 22:
 
!Valid values
 
!Valid values
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_SERVICES_AUTH`
+
{{!}}serviceMonitoringAnnotations.enabled
{{!}}URL of the GWS Auth public API. This is a mandatory field.
+
{{!}}Activation of Prometheus monitoring annotations on service.
 +
{{!}}true
 +
{{!}}
 +
{{!}}-
 +
{{!}}podDisruptionBudget.enabled
 +
{{!}}Activation of pod disruption.
 +
{{!}}true
 +
{{!}}
 +
{{!}}-
 +
{{!}}enableServiceLinks
 +
{{!}}Enable service links in single namespace environment.
 +
{{!}}false
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.replicaCount
 +
{{!}}Number of replicas.
 +
{{!}}2
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.image.registry
 +
{{!}}docker registry.
 +
{{!}}pureengage-docker-staging.jfrog.io
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.image.repository
 +
{{!}}docker registry.
 +
{{!}}Telemetry
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.image.tag
 +
{{!}}WWE image version.
 +
{{!}}
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.image.pullPolicy
 +
{{!}}Image pull policy.
 +
{{!}}IfNotPresent
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.image.imagePullSecrets
 +
{{!}}Image pull secrets.
 +
{{!}}[]
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.service.type
 +
{{!}}k8s service type.
 +
{{!}}ClusterIP
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.service.port_external
 +
{{!}}k8s service port external (for customer facing).
 +
{{!}}8107
 
{{!}}
 
{{!}}
{{!}}<nowiki>http://gws-core-auth:8095</nowiki>
 
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_AUTH_CLIENT_ID`
+
{{!}}tlm.service.port_internal
{{!}}The Client ID that is used to authenticate with GWS Auth service.
+
{{!}}k8s service port internal (for metric scrapping endpoint).
{{!}}telemetry_client
+
{{!}}9107
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CORS_DOMAIN`
+
{{!}}tlm.ingress
{{!}}Domains to be supported by CORS. This can a comma separated list. {{NoteFormat|Add a `\` before `.` for regex matching. eg: `\.genesyslab\.com` (another `\` should be added when using quotes).}}
+
{{!}}Ingress configuration block. See #Ingress.
 +
{{!}}{enabled:false}
 
{{!}}
 
{{!}}
 +
{{!}}-
 +
{{!}}tlm.resources.limits.cpu
 +
{{!}}Maximum amount of CPU K8s allocates for container.
 +
{{!}}750m
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_TRACES_PROVIDER`
+
{{!}}tlm.resources.limits.memory
{{!}}The trace provider to use can be `ElasticSearch` or `Console`
+
{{!}}Maximum amount of Memory K8s allocates for container.
{{!}}ElasticSearch
+
{{!}}1400Mi
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_TRACES_CONCURRENT`
+
{{!}}tlm.resources.requests.cpu
{{!}}The maximum of parallel bulk request to Elasticsearch at the same time.
+
{{!}}Guaranteed CPU allocation for container.
{{!}}3
+
{{!}}750m
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_TRACES_THRESHOLD`
+
{{!}}tlm.resources.requests.memory
{{!}}The maximum buffer entries for Elasticsearch service.
+
{{!}}Guaranteed Memory allocation for container.
{{!}}`400000`
+
{{!}}1400Mi
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CONFIG_SERVICE`
+
{{!}}tlm.deployment.strategy
{{!}}The data source to fetch configuration information. Possible values : s3, azure, env, or an empty string.
+
{{!}}k8s deployment strategy.
{{!}}none
+
{{!}}{}
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CONFIG_SERVICE_CORS`
+
{{!}}tlm.priorityClassName
{{!}}This overrides data source to fetch CORS configurations. Possible values : Same value as `TELEMETRY_CONFIG_SERVICE` or `environmentservice` for using the environment-service API (Uses the `TELEMETRY_SERVICES_ENVIRONMENT` variable).
+
{{!}}k8s priority classname.
{{!}}none
+
{{!}}
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CLOUD_PROVIDER`
+
{{!}}tlm.affinity
{{!}}Cloud provider for the service. Can be `aws`, `azure`, `gcp` or `premise`
+
{{!}}pod affinity.
{{!}}`aws`
+
{{!}}{}
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CONFIG_CONTRACTS`
+
{{!}}tlm.nodeselector
{{!}}Stringified JSON array to provision contracts through `env` config provider
+
{{!}}k8s nodeselector map.
{{!}}`[]`
+
{{!}}{ genesysengage.com/nodepool: general }
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_CONFIG_TENANTS`
+
{{!}}tlm.tolerations
{{!}}A Stringified JSON to provision tenants through `env` config provider.
+
{{!}}pod toleration.
{{!}}`<nowiki>{}</nowiki>`
+
{{!}}[]
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}`TELEMETRY_SERVICES_ENVIRONMENT`
+
{{!}}tlm.annotations
{{!}}The URL of the GWS environment service API. Used only if environment service is used for configuration provisioning.
+
{{!}}pod annotations.
{{!}}value of `TELEMETRY_SERVICES_AUTH`
+
{{!}}[]
{{!}}<nowiki>http://gauth-environment-active.gauth</nowiki>
+
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}serviceMonitoringAnnotations.enabled
+
{{!}}tlm.autoscaling.enabled
{{!}}Activation of Prometheus monitoring annotations on service.
+
{{!}}activate auto scaling.
 
{{!}}true
 
{{!}}true
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}podDisruptionBudget.enabled
+
{{!}}tlm.autoscaling.targetCPUPercent
{{!}}Activation of pod disruption.
+
{{!}}CPU percentage autoscaling trigger.
{{!}}true
+
{{!}}40
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.autoscaling.minReplicas
 +
{{!}}Minimum number of replicas.
 +
{{!}}2
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.autoscaling.maxReplicas
 +
{{!}}Maximum number of replicas.
 +
{{!}}10
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.secrets.name_override
 +
{{!}}Name override of the secret to target.
 +
{{!}}
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.secrets.TELEMETRY_AUTH_CLIENT_SECRET
 +
{{!}}GAuth client Secret value.
 +
{{!}}
 
{{!}}
 
{{!}}
 
{{!}}-
 
{{!}}-
{{!}}enableServiceLinks
+
{{!}}tlm.context.envs.*
{{!}}Enable service links in single namespace environment.
+
{{!}}Environment variables for Telemetry Service. Please refer to TLM service documentation.
{{!}}false
+
{{!}}
 
{{!}}
 
{{!}}
 
{{!}}}
 
{{!}}}
Line 107: Line 182:
 
|Status=No
 
|Status=No
 
}}{{Section
 
}}{{Section
|sectionHeading=Configure Kubernetes
+
|sectionHeading=Configure security
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=<div style="background-color: aliceblue; font-style: italic;">Document the layouts for the following so customers can create them if their Helm chart doesn't include a way to do this:
+
|structuredtext=To learn more about how security is configured for private edition, be sure to read the {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=Prerequisites|display text=Permissions}} and {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=ConfigSecurity}} topics in the ''Setting up Genesys Multicloud CX Private Edition'' guide.
 +
 
 +
The security context settings define the privilege and access control settings for pods and containers.
  
*ConfigMaps
+
By default, the user and group IDs are set in the '''values.yaml''' file as <code>500:500:500</code>, meaning the '''genesys''' user.<syntaxhighlight>
*Secrets
+
optional:
</div>NA
+
  securityContext:
|Status=Yes
+
    runAsUser: 500
 +
    runAsGroup: 500
 +
    fsGroup: 500
 +
    runAsNonRoot: true
 +
</syntaxhighlight>
 +
<!--
 +
===Arbitrary UIDs in OpenShift===
 +
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the '''values.yaml''' file, so that you do not define any specific IDs.<syntaxhighlight>
 +
optional:
 +
  securityContext:
 +
    runAsUser: null
 +
    runAsGroup: 0
 +
    fsGroup: null
 +
    runAsNonRoot: true
 +
</syntaxhighlight><br />
 +
-->
 +
|Status=No
 
}}{{Section
 
}}{{Section
|sectionHeading=Configure security
+
|sectionHeading=Environment variables
 +
|anchor=en-var
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=<div style="background-color: aliceblue; font-style: italic;">List security-related settings, such as how to set up credentials and certificates for third-party services.</div>NA
+
|structuredtext=<br />
<br />
+
{{{!}} class="wikitable"
|Status=Yes
+
{{!}}+
 +
!Parameter
 +
!Description
 +
!Default
 +
!Valid values
 +
{{!}}-
 +
{{!}}tlm.context.envs.TELEMETRY_AUTH_CLIENT_ID
 +
{{!}}GAuth client ID value.
 +
{{!}}telemetry_client
 +
{{!}}
 +
{{!}}-
 +
{{!}}tlm.context.envs.TELEMETRY_CLOUD_PROVIDER
 +
{{!}}Specify the mode how telemetry service should be executed: Possible values aws / azure .
 +
{{!}}
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_SERVICES_AUTH
 +
{{!}}URL of the GWS Auth public API. This is a mandatory field.
 +
{{!}}
 +
{{!}}<nowiki>http://gws-core-auth:8095</nowiki>
 +
{{!}}-
 +
{{!}}TELEMETRY_AUTH_CLIENT_ID
 +
{{!}}The Client ID that is used to authenticate with GWS Auth service.
 +
{{!}}telemetry_client
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_CORS_DOMAIN
 +
{{!}}Domains to be supported by CORS. This can a comma separated list.{{NoteFormat|Add a `\` before `.` for regex matching. eg: `\.genesyslab\.com` (another `\` should be added when using quotes).|}}
 +
{{!}}
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_TRACES_PROVIDER
 +
{{!}}The trace provider to use can be `ElasticSearch` or `Console`.
 +
{{!}}ElasticSearch
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_TRACES_CONCURRENT
 +
{{!}}The maximum of parallel bulk request to Elasticsearch at the same time.
 +
{{!}}3
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_TRACES_THRESHOLD
 +
{{!}}The maximum buffer entries for Elasticsearch service.
 +
{{!}}400000
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_CONFIG_SERVICE
 +
{{!}}The data source to fetch configuration information. Possible values : s3, azure, env, or an empty string.
 +
{{!}}none
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_CONFIG_SERVICE_CORS
 +
{{!}}This overrides data source to fetch CORS configurations. Possible values : Same value as `TELEMETRY_CONFIG_SERVICE` or `environmentservice` for using the environment-service API (Uses the `TELEMETRY_SERVICES_ENVIRONMENT` variable).
 +
{{!}}none
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_CLOUD_PROVIDER
 +
{{!}}Cloud provider for the service. Can be `aws`, `azure`, `gcp` or `premise`.
 +
{{!}}aws
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_CONFIG_CONTRACTS
 +
{{!}}Stringified JSON array to provision contracts through `env` config provider.
 +
{{!}}[]
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_CONFIG_TENANTS
 +
{{!}}A Stringified JSON to provision tenants through `env` config provider.
 +
{{!}}{}
 +
{{!}}
 +
{{!}}-
 +
{{!}}TELEMETRY_SERVICES_ENVIRONMENT
 +
{{!}}The URL of the GWS environment service API. Used only if environment service is used for configuration provisioning.
 +
{{!}}value of TELEMETRY_SERVICES_AUTH
 +
{{!}}http://gauth-environment-active.gauth
 +
{{!}}}
 +
|Status=No
 
}}{{Section
 
}}{{Section
 
|sectionHeading=Prepare an environment
 
|sectionHeading=Prepare an environment

Latest revision as of 08:32, February 28, 2023

This topic is part of the manual Telemetry Service Private Edition Guide for version Current of Telemetry Service.

Learn how to configure Telemetry Service.

Configure a secret to access JFrog

If you haven't done so already, create a secret for accessing the JFrog registry:
kubectl create secret docker-registry <credential-name> --docker-server=<docker repo> --docker-username=<username> --docker-password=<password> --docker-email=<emailid>
Now map the secret to the default service account:
kubectl secrets link default <credential-name> --for=pull

Override Helm chart values

Parameter Description Default Valid values
serviceMonitoringAnnotations.enabled Activation of Prometheus monitoring annotations on service. true
podDisruptionBudget.enabled Activation of pod disruption. true
enableServiceLinks Enable service links in single namespace environment. false
tlm.replicaCount Number of replicas. 2
tlm.image.registry docker registry. pureengage-docker-staging.jfrog.io
tlm.image.repository docker registry. Telemetry
tlm.image.tag WWE image version.
tlm.image.pullPolicy Image pull policy. IfNotPresent
tlm.image.imagePullSecrets Image pull secrets. []
tlm.service.type k8s service type. ClusterIP
tlm.service.port_external k8s service port external (for customer facing). 8107
tlm.service.port_internal k8s service port internal (for metric scrapping endpoint). 9107
tlm.ingress Ingress configuration block. See #Ingress. {enabled:false}
tlm.resources.limits.cpu Maximum amount of CPU K8s allocates for container. 750m
tlm.resources.limits.memory Maximum amount of Memory K8s allocates for container. 1400Mi
tlm.resources.requests.cpu Guaranteed CPU allocation for container. 750m
tlm.resources.requests.memory Guaranteed Memory allocation for container. 1400Mi
tlm.deployment.strategy k8s deployment strategy. {}
tlm.priorityClassName k8s priority classname.
tlm.affinity pod affinity. {}
tlm.nodeselector k8s nodeselector map. { genesysengage.com/nodepool: general }
tlm.tolerations pod toleration. []
tlm.annotations pod annotations. []
tlm.autoscaling.enabled activate auto scaling. true
tlm.autoscaling.targetCPUPercent CPU percentage autoscaling trigger. 40
tlm.autoscaling.minReplicas Minimum number of replicas. 2
tlm.autoscaling.maxReplicas Maximum number of replicas. 10
tlm.secrets.name_override Name override of the secret to target.
tlm.secrets.TELEMETRY_AUTH_CLIENT_SECRET GAuth client Secret value.
tlm.context.envs.* Environment variables for Telemetry Service. Please refer to TLM service documentation.

You can modify the configuration to suit your environment by two methods:

  • Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,
    helm install telemetry-service.tgz --set tlm.replicaCount 4
  • Specify the parameters to be modified in a values.yaml file.
    helm install --name tlm -f values.yaml telemetry-service.tgz

Configure security

To learn more about how security is configured for private edition, be sure to read the Permissions and OpenShift security settings topics in the Setting up Genesys Multicloud CX Private Edition guide.

The security context settings define the privilege and access control settings for pods and containers.

By default, the user and group IDs are set in the values.yaml file as 500:500:500, meaning the genesys user.
optional:
  securityContext:
    runAsUser: 500
    runAsGroup: 500
    fsGroup: 500
    runAsNonRoot: true

Environment variables


Parameter Description Default Valid values
tlm.context.envs.TELEMETRY_AUTH_CLIENT_ID GAuth client ID value. telemetry_client
tlm.context.envs.TELEMETRY_CLOUD_PROVIDER Specify the mode how telemetry service should be executed: Possible values aws / azure .
TELEMETRY_SERVICES_AUTH URL of the GWS Auth public API. This is a mandatory field. http://gws-core-auth:8095
TELEMETRY_AUTH_CLIENT_ID The Client ID that is used to authenticate with GWS Auth service. telemetry_client
TELEMETRY_CORS_DOMAIN Domains to be supported by CORS. This can a comma separated list.
Important
Add a `\` before `.` for regex matching. eg: `\.genesyslab\.com` (another `\` should be added when using quotes).
TELEMETRY_TRACES_PROVIDER The trace provider to use can be `ElasticSearch` or `Console`. ElasticSearch
TELEMETRY_TRACES_CONCURRENT The maximum of parallel bulk request to Elasticsearch at the same time. 3
TELEMETRY_TRACES_THRESHOLD The maximum buffer entries for Elasticsearch service. 400000
TELEMETRY_CONFIG_SERVICE The data source to fetch configuration information. Possible values : s3, azure, env, or an empty string. none
TELEMETRY_CONFIG_SERVICE_CORS This overrides data source to fetch CORS configurations. Possible values : Same value as `TELEMETRY_CONFIG_SERVICE` or `environmentservice` for using the environment-service API (Uses the `TELEMETRY_SERVICES_ENVIRONMENT` variable). none
TELEMETRY_CLOUD_PROVIDER Cloud provider for the service. Can be `aws`, `azure`, `gcp` or `premise`. aws
TELEMETRY_CONFIG_CONTRACTS Stringified JSON array to provision contracts through `env` config provider. []
TELEMETRY_CONFIG_TENANTS A Stringified JSON to provision tenants through `env` config provider. {}
TELEMETRY_SERVICES_ENVIRONMENT The URL of the GWS environment service API. Used only if environment service is used for configuration provisioning. value of TELEMETRY_SERVICES_AUTH http://gauth-environment-active.gauth

Prepare an environment

Create a new project namespace for Telemetry:

kubectl create namespace tlm

See Creating namespaces for a list of approved namespaces.

Download the telemetry helm charts from the JFrog repository:

https://pureengage.jfrog.io/artifactory/helm-staging/tlm

Create a values-telemetry.yaml file and update the following parameters:

TELEMETRY_AUTH_CLIENT_SECRET: <CLIENT_SECRET GENEREATED FROM GAUTH>
TELEMETRY_AUTH_CLIENT_ID: <CLIENT_ID GENEREATED FROM GAUTH>
TELEMETRY_SERVICES_AUTH: "<GAUTH URL>"
TELEMETRY_CLOUD_PROVIDER: "GKE"
TELEMETRY_CORS_DOMAIN: "<domain for which cors has been enabled>"
grafanaDashboard:
  enabled: true

Copy the values-telemetry.yaml file and the tlm Helm package to the installation location.

Retrieved from "https://all.docs.genesys.com/TLM/Current/TLMPEGuide/Configure (2024-11-09 11:13:37)"
Comments or questions about this documentation? Contact us for support!