Difference between revisions of "AUTH/Current/AuthPEGuide/Deploy"

From Genesys Documentation
Jump to: navigation, search
 
Line 10: Line 10:
 
|anchor=Prepare
 
|anchor=Prepare
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=To prepare your environment for the deployment, complete the steps in this section for either OpenShift or Google Kubernetes Engine (GKE).
+
|structuredtext=To prepare your environment for the deployment, complete the steps in this section for Google Kubernetes Engine (GKE).
  
===OpenShift===
 
Log in to the OpenShift cluster from the host where you will run the deployment:
 
oc login --token <token> --server <url of api server>
 
First confirm the cluster is running:
 
 
<source lang="text">oc get clusterversion</source>
 
 
Create a new project for Genesys Authentication:{{NoteFormat|Deploy Genesys Authentication in the '''gws''' namespace if you use the default OpenShift Ingress Controller; otherwise, deploy in the '''gauth''' namespace.|}}
 
 
<source lang="text">oc new-project gws</source>
 
 
===GKE===
 
===GKE===
 
Log in to the GKE cluster from the host where you will run the deployment:
 
Log in to the GKE cluster from the host where you will run the deployment:
Line 68: Line 58:
 
|alignment=Vertical
 
|alignment=Vertical
 
|structuredtext=To deploy Genesys Authentication, you'll need the Helm package and your overrides file. Copy '''values.yaml''' and the Helm package ('''gauth-<version>.tgz''') to the installation location.
 
|structuredtext=To deploy Genesys Authentication, you'll need the Helm package and your overrides file. Copy '''values.yaml''' and the Helm package ('''gauth-<version>.tgz''') to the installation location.
 
For OpenShift, select the '''gauth''' project (or '''gws''' if you are using the OpenShift Ingress Controller) you created in {{Link-SomewhereInThisVersion|manual=AuthPEGuide|topic=Deploy|anchor=OpenShift|display text=Prepare your environment}}:
 
oc project gauth
 
  
 
For debugging purposes, use the following command to render templates without installing so you can check that resources are created properly:
 
For debugging purposes, use the following command to render templates without installing so you can check that resources are created properly:
Line 84: Line 71:
 
|anchor=access
 
|anchor=access
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=Follow the instructions for either OpenShift, GKE, or AKS to make the Genesys Authentication services accessible from outside the cluster.
+
|structuredtext=Follow the instructions for either GKE or AKS to make the Genesys Authentication services accessible from outside the cluster.
  
===Create routes in OpenShift===
+
<br />
After deploying, make the Genesys Authentication services accessible from outside the OpenShift cluster using the standard HTTP port. Make sure to use the same hostname for all three routes. Genesys recommends using the following hostname format: <code>gauth.<cluster-subdomain></code>. For example, the VCE cluster (<nowiki>https://console-openshift-console.apps.<yourclusterdomain>.com/</nowiki>) should have the hostname '''gauth.apps.<yourclusterdomain>.com'''
 
oc create route edge --service=<env-service> --hostname=<hostname> --path /environment
 
oc create route edge --service=<gauth-service> --hostname=<hostname> --path /auth
 
oc create route edge --service=<gauth-auth-ui-service> --hostname=<hostname> --path /ui/auth
 
Verify the new route is created in the '''gauth''' namespace (or '''gws''' if you are using the OpenShift Ingress Controller):
 
oc get route -n gauth
 
The result includes the following information about the services:
 
NAME            HOST/PORT                                          PATH                SERVICES              PORT   TERMINATION   WILDCARD
 
env             gauth.apps.<yourclusterdomain>.com                /environment        gauth-environment    https                 None
 
gauth           gauth.apps.<yourclusterdomain>.com                /auth               gauth-auth           https                 None
 
gauth-auth-ui   gauth.apps.<yourclusterdomain>.com                /ui/auth            gauth-auth-ui        https                 None
 
Note: <code>HOST</code> is the host name generated by OpenShift.
 
  
 
{{AnchorDiv|GKEingress}}
 
{{AnchorDiv|GKEingress}}
Line 185: Line 160:
 
  NAME    NAMESPACE      REVISION        UPDATED                                STATUS          CHART          APP VERSION
 
  NAME    NAMESPACE      REVISION        UPDATED                                STATUS          CHART          APP VERSION
 
  gauth  gauth          1              2021-05-20 11:56:32.5531685 +0530 +0530 deployed        gauth-0.1.77    0.1
 
  gauth  gauth          1              2021-05-20 11:56:32.5531685 +0530 +0530 deployed        gauth-0.1.77    0.1
Check the '''gauth''' namespace (or '''gws''' if you are using the OpenShift Ingress Controller) status:
+
Check the '''gauth''' namespace status:
 
  helm status gauth
 
  helm status gauth
 
The result should show the namespace details with a status of deployed:
 
The result should show the namespace details with a status of deployed:

Latest revision as of 12:00, March 22, 2023

This topic is part of the manual Genesys Authentication Private Edition Guide for version Current of Genesys Authentication.

Learn how to deploy Genesys Authentication into a private edition environment.

Assumptions

  • The instructions on this page assume you are deploying the service in a service-specific namespace, named in accordance with the requirements on Creating namespaces. If you are using a single namespace for all private edition services, replace the namespace element in the commands on this page with the name of your single namespace or project.
  • Similarly, the configuration and environment setup instructions assume you need to create namespace-specific (in other words, service-specific) secrets. If you are using a single namespace for all private edition services, you might not need to create separate secrets for each service, depending on your credentials management requirements. However, if you do create service-specific secrets in a single namespace, be sure to avoid naming conflicts.
Important
Make sure to review Before you begin for the full list of prerequisites required to deploy Genesys Authentication.

Prepare your environment

To prepare your environment for the deployment, complete the steps in this section for Google Kubernetes Engine (GKE).

GKE

Log in to the GKE cluster from the host where you will run the deployment: 

gcloud container clusters get-credentials <cluster>
Create a new namespace for Genesys Authentication with a JSON file that specifies the namespace metadata. For example, create-gauth-namespace.json: 
{
  "apiVersion": "v1",
  "kind": "Namespace",
  "metadata": {
    "name": "gauth",
    "labels": {
      "name": "gauth"
    }
  }
}
Execute the following command to create the namespace:
kubectl apply -f create-gauth-namespace.json
Confirm the namespace was created:
kubectl describe namespace gauth

AKS

Log in to the AKS cluster from the host where you will run the deployment: 

az aks get-credentials --resource-group <resource-group> --name <cluster-name> --admin
Create a new namespace for Genesys Authentication with a JSON file that specifies the namespace metadata. For example, create-gauth-namespace.json: 
{
  "apiVersion": "v1",
  "kind": "Namespace",
  "metadata": {
    "name": "gauth",
    "labels": {
      "name": "gauth"
    }
  }
}
Execute the following command to create the namespace:
kubectl apply -f create-gauth-namespace.json
Confirm the namespace was created:
kubectl describe namespace gauth

Deploy

To deploy Genesys Authentication, you'll need the Helm package and your overrides file. Copy values.yaml and the Helm package (gauth-<version>.tgz) to the installation location.

For debugging purposes, use the following command to render templates without installing so you can check that resources are created properly: 

helm template --debug /gauth-<version>.tgz -f values.yaml

The result shows Kubernetes descriptors. The values you see are generated from Helm templates, and based on settings from values.yaml. Ensure that no errors are displayed; you will later apply this configuration to your Kubernetes cluster.

Now you're ready to deploy Genesys Authentication: 

helm install gauth ./gauth-<version>.tgz -f values.yaml -n gauth

Configure external access

Follow the instructions for either GKE or AKS to make the Genesys Authentication services accessible from outside the cluster.


Provision ingresses for GKE or AKS

After deploying, make Genesys Authentication services accessible from outside the GKE or AKS cluster using the NGINX Ingress Controller.

Create a YAML file called gauth-ingress.yaml with the content below. Note: Replace gws.<domain> and gauth.<domain> with your GWS and Genesys Authentication domains, such as gws.test.dev.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: gauth-gws-ingress
  namespace: gauth
  annotations:
    # add an annotation indicating the issuer to use.
    cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
    # Custom annotations for NGINX Ingress Controller
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
spec:
  rules:
  - host: gws.<domain> - e.g. gws.test.dev
    http:
      paths:
        - path: /ui/auth/.*
          backend:
            serviceName:  gauth-auth-ui
            servicePort: 80
        - path: /auth/.*
          backend:
            serviceName:  gauth-auth
            servicePort: 80
        - path: /environment/.*
          backend:
            serviceName:  gauth-environment
            servicePort: 80
  tls:
  - hosts:
    - gws.<domain> - e.g. gws.test.dev
    secretName: gauth-gws-ingress-cert
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: gauth-gauth-ingress
  namespace: gauth
  annotations:
    # add an annotation indicating the issuer to use.
    cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
    # Custom annotations for NGINX Ingress Controller
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
spec:
  rules:
  - host: gauth.<domain> - e.g. gauth.test.dev
    http:
      paths:
        - path: /ui/auth/.*
          backend:
            serviceName:  gauth-auth-ui
            servicePort: 80
        - path: /auth/.*
          backend:
            serviceName:  gauth-auth
            servicePort: 80
 
        - path: /environment/.*
          backend:
            serviceName:  gauth-environment
            servicePort: 80
  tls:
  - hosts:
    - gauth.<domain> - e.g. gauth.test.dev
    secretName: gauth-gauth-ingress-cert
Create ingresses with the following command:
kubectl apply -f gauth-ingress.yaml -n gws

Validate the deployment

Check the installed Helm release: 

helm list

The results should show the Genesys Authentication deployment details. For example: 

NAME    NAMESPACE       REVISION        UPDATED                                 STATUS          CHART           APP VERSION
gauth   gauth           1               2021-05-20 11:56:32.5531685 +0530 +0530 deployed        gauth-0.1.77    0.1

Check the gauth namespace status: 

helm status gauth

The result should show the namespace details with a status of deployed: 

NAME: gauth
LAST DEPLOYED: Thu May 20 11:56:32 2021
NAMESPACE: gauth
STATUS: deployed
REVISION: 1
TEST SUITE: None

Check the Genesys Authentication Kubernetes objects created by Helm: 

kubectl get all -n gauth

The result should show all the created pods, service ConfigMaps, and so on.

Finally, verify that you can now access Genesys Authentication at the following URL: https://<hostname>/ui/auth/sign-in.html

Retrieved from "https://all.docs.genesys.com/AUTH/Current/AuthPEGuide/Deploy (2025-06-19 07:52:49)"
Comments or questions about this documentation? Contact us for support!