Difference between revisions of "VM/Current/VMPEGuide/Configure"

From Genesys Documentation
Jump to: navigation, search
(Published)
 
 
(5 intermediate revisions by 3 users not shown)
Line 8: Line 8:
 
|anchor=OverrideHelmValues
 
|anchor=OverrideHelmValues
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=For general information about overriding Helm chart values, see {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=HelmOverrides|display text=Overriding Helm Chart values}} in the ''{{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|display text=Genesys Engage Cloud Private Edition Guide}}''.
+
|structuredtext=For general information about overriding Helm chart values, see {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=HelmOverrides|display text=Overriding Helm Chart values}} in the ''{{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|display text=Genesys Multicloud CX Private Edition Guide}}''.
  
When deploying Voice services, certain parameters need to be enabled or modified based on customer requirements and environment. For each of the Voice services, an override values file needs to be created which will override certain sections of the default configuration for the service. In this document, we use the following format for creating an override values file: <servicename>_override_values.yaml.
 
  
The override values file contains the following sections.
+
When deploying Voice services, certain parameters must be enabled or modified based on customer requirements and environment. For each of the Voice services, an override '''values.yaml''' file must be created that overrides certain sections of the default configuration for the service. In this document, we use the following format for creating an override '''values.yaml''' file: '''<servicename>_override_values.yaml'''.
  
 +
The '''override_values.yaml''' file contains the following sections:
 +
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Configure|anchor=deployment|display text=Deployment}}
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Configure|anchor=image|display text=Image}}
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Configure|anchor=config|display text=Config}}
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Configure|anchor=secrets|display text=Secrets}}
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Configure|anchor=hpa|display text=HPA}}
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Configure|anchor=resources|display text=Resources}}
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Configure|anchor=logvolume|display text=Log volume}}
 +
{{AnchorDiv|deployment}}
 
===Deployment section===
 
===Deployment section===
This section can be used to specify minimum and max instances that will be started for each service. By default, the min replica is 1, and the max replica is 10. Customers can modify it as per their load requirements. For RQ service alone it is recommended to set replica count 2 or more than that based on load for High availability.
+
This section can be used to specify minimum and max instances that will be started for each service. By default, the minimum replica count is 1, and the maximum replica count is 10. You can modify it per your load requirements. For RQ service alone it is recommended to set replica count to 2 or more based on load for high availability.
 
<source lang="text">
 
<source lang="text">
 
deployment:
 
deployment:
Line 23: Line 32:
 
</source>
 
</source>
  
 +
{{AnchorDiv|image}}
 
===Image section===
 
===Image section===
This section has information about the registry from where the voice services will be deployed.
+
This section has information about the registry from which the voice services will be deployed.
 
<source lang="text">
 
<source lang="text">
 
image:
 
image:
Line 32: Line 42:
 
</source>
 
</source>
  
 +
{{AnchorDiv|config}}
 
===Config section===
 
===Config section===
The below section contains configuration parameters that need to be overridden for all voice services.  
+
The config section contains configuration parameters that need to be overridden for all voice services.  
  
For SIP Service alone, additional information needs to be passed (dnsServer). Get the DNS Server value from the above section (Configure DNS server for voice-sip).
+
Additional information needs to be passed for SIP Cluster Service: dnsServer. Get the DNS Server value from the above section (Configure DNS server for voice-sip).
 
<source lang="text">
 
<source lang="text">
 
# Set the redis port to be used.
 
# Set the redis port to be used.
Line 45: Line 56:
 
</source>
 
</source>
  
 +
{{AnchorDiv|secrets}}
 
===Secrets section===
 
===Secrets section===
This section captures all the secrets needed by voice services for connecting to infra services (Consul, Kafka, Redis). The default values for Redis and Kafka secrets are the same as what is created above.  
+
This section captures all the secrets needed by voice services for connecting to infraservices (Consul, Kafka, Redis). The default values for Redis and Kafka secrets are the same as what is created above.  
 
<source lang="text">
 
<source lang="text">
 
# set the secrets
 
# set the secrets
 
secrets:
 
secrets:
 +
  redisCache:
 +
    general:
 +
      enabled: true
 
   consulACL:
 
   consulACL:
 
     volumes:
 
     volumes:
 
     - name: consul-shared-secret
 
     - name: consul-shared-secret
 
       secret:
 
       secret:
         secretName: consul-voice-token         # consul secret
+
         secretName: consul-voice-token
 
</source>
 
</source>
  
 +
{{AnchorDiv|hpa}}
 
===HPA section===
 
===HPA section===
This section captures whether HPA is enabled for a service or not and also what is the CPU and memory percentage used for scale up and scale down. Common HPA for following voice services: Agent Service, Config Service, Callthread Service, Registrar Service, Sipfe service, DialPlan Service.
+
The HPA section captures whether HPA is enabled for a service or not and what is the CPU and memory percentage used for scale up and scale down. Common HPA for the following voice services: Agent Service, Config Service, Call State Service, Registrar Service, SIP Front End service, Dial Plan Service.
 
<source lang="text">
 
<source lang="text">
 
hpa:
 
hpa:
Line 66: Line 82:
 
</source>
 
</source>
  
For SIPProxy and RQ, HPA is set to false:
+
For SIP Proxy and RQ Services, HPA is set to false:
 
<source lang="text">
 
<source lang="text">
 
hpa:
 
hpa:
Line 72: Line 88:
 
</source>
 
</source>
  
For SIP and ORS, HPA is set as follows:
+
For SIP Cluster and Orchestration Services, HPA is set as follows:
 
<source lang="text">
 
<source lang="text">
 
hpa:
 
hpa:
Line 80: Line 96:
 
</source>
 
</source>
  
 +
{{AnchorDiv|resources}}
 
===Resources section===
 
===Resources section===
This section captures the resource request and limits for each voice service. The default resource given below is set for each service. Customers can modify this request and limit based on their load requirement.
+
This section captures the resource request and limits for each voice service. The default resource given below is set for each service. You can modify this request and limit based on your load requirement.
 
<source lang="text">
 
<source lang="text">
 
resources:
 
resources:
Line 92: Line 109:
 
</source>
 
</source>
  
For ORS and SIPS service the CPU and memory requirement is high so we recommend it to be set to the following:
+
For Orchestration and SIP Cluster Services, the CPU and memory requirement is high. Genesys recommends the following setting:
 
<source lang="text">
 
<source lang="text">
 
resources:
 
resources:
Line 103: Line 120:
 
</source>
 
</source>
  
 +
{{AnchorDiv|logvolume}}
 
===Log volume===
 
===Log volume===
This section captures parameters pertaining to log volumes needed by SIP Service. These parameters are needed for storing logging of SIP Server binary which is run inside SIP service. The values for '''storageClass''' and '''volumeName''' should be configured based on the recommendation given in the Persistent Volume section.
+
This section captures parameters pertaining to log volumes needed by SIP Cluster Service. These parameters are needed for storing logging of SIP Server binary, which runs inside the SIP Cluster Service. Configure the values for '''storageClass''' and '''volumeName''' based on the recommendation given in the Persistent Volume section.
 
<source lang="text">
 
<source lang="text">
 
# pvc will be created for logs
 
# pvc will be created for logs
Line 129: Line 147:
 
}}{{Section
 
}}{{Section
 
|sectionHeading=Configure Kubernetes
 
|sectionHeading=Configure Kubernetes
 +
|anchor=ConfigKubernetes
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext={{Notices|Notice=PEComingSoon}}
+
|structuredtext=For information, see the following resources:
 +
 
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Configure|anchor=OverrideHelmValues|display text=Override Helm chart values}}
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Configure|anchor=ConfigureSecurity|display text=Configure security}}
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Configure|anchor=Secrets|display text=Secrets for Voice services}}
 +
*{{Link-SomewhereInThisVersion|manual=VMPEGuide|topic=Deploy|display text=Deploy Voice Microservices}}
 
|Status=No
 
|Status=No
 
}}{{Section
 
}}{{Section
 
|sectionHeading=Configure security
 
|sectionHeading=Configure security
 +
|anchor=ConfigureSecurity
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext====Security Context Configuration===
+
|structuredtext=Before you deploy the Voice Microservices, be sure to read {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=ConfigSecurity|display text=Security Settings}} in the ''{{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|display text=Setting up Genesys Multicloud CX Private Edition}}'' guide.
Before you deploy the Voice Microservices, be sure to read {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=ConfigSecurity|display text=Security Settings}} in the {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|display text=Setting up Genesys Engage Cloud Private Edition}} guide.
+
 
 +
{{AnchorDiv|SecurityContextConfig}}
 +
===Security context configuration===
 +
The security context settings define the privilege and access control settings for pods and containers. For more information, see the [https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ Kubernetes documentation].  
  
Bind the Security Context Contraint (SCC) to service accounts used by Voice Services to grant permissions for any operations from the pod/container. The following example is specific to an OpenShift cluster. <source lang="text">
+
By default, the user and group IDs are set in the '''values.yaml''' file as <tt>500:500:500</tt>, meaning the '''genesys''' user.
oc adm policy add-scc-to-user genesys-restricted -z voice-agent -n voice
+
<source lang="text">
oc adm policy add-scc-to-user genesys-restricted -z voice-callthread -n voice
+
containerSecurityContext:
oc adm policy add-scc-to-user genesys-restricted -z voice-config -n voice
+
  readOnlyRootFilesystem: false
oc adm policy add-scc-to-user genesys-restricted -z voice-registrar -n voice
+
  runAsNonRoot: true
oc adm policy add-scc-to-user genesys-restricted -z voice-sip -n voice
+
  runAsUser: 500
oc adm policy add-scc-to-user genesys-restricted -z voice-sipfe -n voice
+
  runAsGroup: 500
oc adm policy add-scc-to-user genesys-restricted -z voice-sipproxy -n voice
+
</source>
oc adm policy add-scc-to-user genesys-restricted -z voice-rq -n voice
+
 
oc adm policy add-scc-to-user genesys-restricted -z voice-ors -n voice
+
<source lang="text">
oc adm policy add-scc-to-user genesys-restricted -z voice-dialplan -n voice
+
podSecurityContext:
oc adm policy add-scc-to-user genesys-restricted -z tenant-<TENANT-UUID> -n voice
+
  fsGroup: 500
 +
  runAsUser: 500
 +
  runAsGroup: 500
 +
  runAsNonRoot: true 
 
</source>
 
</source>
 
|Status=No
 
|Status=No
 
}}{{Section
 
}}{{Section
 +
|anchor=Secrets
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext====Secrets for Voice Services===
+
|structuredtext====Secrets for Voice services===
 
Create the following Kubernetes secrets for other infrastructure services:
 
Create the following Kubernetes secrets for other infrastructure services:
  
Line 162: Line 194:
  
 
====Kafka secrets====
 
====Kafka secrets====
Kafka secrets must be created when Kafka is deployed. The secret is referenced in the Voice Microservices Values.yaml file.
+
Kafka secrets must be created when Kafka is deployed. The secret is referenced in the Voice Microservices '''values.yaml''' file.
 +
 
 +
When Kafka is deployed without authentication, create the secret for Kafka as follows:
 +
<source lang="text">
 +
kubectl create secret generic -n voice kafka-secrets-token --from-literal=kafka-secrets={\"bootstrap\":<kafka-bootstrap-url>}
 +
for ex, kubectl create secret generic -n voice kafka-secrets-token --from-literal=kafka-secrets={\"bootstrap\":\"infra-kafka-cp-kafka.infra.svc.cluster.local:9092\"}
 +
</source>
 +
 
 +
When Kafka is deployed with authentication, create the secret for Kafka using this method:
 +
<source lang="text">
 +
kubectl create secret generic -n voice kafka-secrets-token --from-literal=kafka-secrets={\"bootstrap\":<kafka-bootstrap-url>, \"username\": <USERNAME>, \"password\": <PASSWORD>}
 +
for ex, kubectl create secret generic -n voice kafka-secrets-token --from-literal=kafka-secrets={\"bootstrap\":\"infra-kafka-cp-kafka.infra.svc.cluster.local:9092\",\"username\":\"kafka-user\",\"password\":\"kafka-password\"}
 +
</source>
  
 
====Redis secrets====
 
====Redis secrets====
Line 182: Line 226:
  
 
====JFrog secrets====
 
====JFrog secrets====
Use the following commands to create Jfrog secrets:
+
Use the following commands to create JFrog secrets:
 
<source lang="text">
 
<source lang="text">
 
kubectl create secret docker-registry <credential-name>  --docker-server=<docker-repo> --docker-username="$JFROG_USER" --docker-password="$JFROG_PASSWORD" -n voice
 
kubectl create secret docker-registry <credential-name>  --docker-server=<docker-repo> --docker-username="$JFROG_USER" --docker-password="$JFROG_PASSWORD" -n voice

Latest revision as of 08:31, March 27, 2023

This topic is part of the manual Voice Microservices Private Edition Guide for version Current of Voice Microservices.

Learn how to configure Voice Microservices.

Override Helm chart values

For general information about overriding Helm chart values, see Overriding Helm Chart values in the Genesys Multicloud CX Private Edition Guide.


When deploying Voice services, certain parameters must be enabled or modified based on customer requirements and environment. For each of the Voice services, an override values.yaml file must be created that overrides certain sections of the default configuration for the service. In this document, we use the following format for creating an override values.yaml file: <servicename>_override_values.yaml.

The override_values.yaml file contains the following sections:

Deployment section

This section can be used to specify minimum and max instances that will be started for each service. By default, the minimum replica count is 1, and the maximum replica count is 10. You can modify it per your load requirements. For RQ service alone it is recommended to set replica count to 2 or more based on load for high availability. 

deployment:
namespace: voice      # Namespace of voice service
replicaCount: 1       # Min replica count when service is deployed
maxReplicas: 10       # Max replica count to which the service will scale.

Image section

This section has information about the registry from which the voice services will be deployed. 

image:
  registry: pureengage-docker-staging.jfrog.io  # registry from where image needs to be deployed
  pullPolicy: Always                            # whether to pull image always
  imagePullSecrets: "mycred"                    # Secrets needed for pulling image from registry

Config section

The config section contains configuration parameters that need to be overridden for all voice services.

Additional information needs to be passed for SIP Cluster Service: dnsServer. Get the DNS Server value from the above section (Configure DNS server for voice-sip). 

# Set the redis port to be used.
context:
  envs:
    redis:
      port: 6379             # Redis port
    dnsServer: "10.202.0.10" # DNS server address. Needed only for SIP Service.

Secrets section

This section captures all the secrets needed by voice services for connecting to infraservices (Consul, Kafka, Redis). The default values for Redis and Kafka secrets are the same as what is created above. 

# set the secrets
secrets:
  redisCache:
    general:
      enabled: true
  consulACL:
    volumes:
    - name: consul-shared-secret
      secret:
        secretName: consul-voice-token

HPA section

The HPA section captures whether HPA is enabled for a service or not and what is the CPU and memory percentage used for scale up and scale down. Common HPA for the following voice services: Agent Service, Config Service, Call State Service, Registrar Service, SIP Front End service, Dial Plan Service. 

hpa:
  targetCPUPercent: 60         # Average CPU percentage which determine scale up and down
  targetMemoryPercent: 60      # Average Memory percentage which determine scale up and down
  enabled: true                # Horizontal Pod scalar enabled

For SIP Proxy and RQ Services, HPA is set to false: 

hpa:
  enabled: false                # Horizontal Pod scalar enabled

For SIP Cluster and Orchestration Services, HPA is set as follows: 

hpa:
  targetCPUPercent: 50         # Average CPU percentage which determine scale up and down
  targetMemoryPercent: 50      # Average Memory percentage which determine scale up and down
  enabled: true                # Horizontal Pod scalar enabled

Resources section

This section captures the resource request and limits for each voice service. The default resource given below is set for each service. You can modify this request and limit based on your load requirement. 

resources:
  requests:
    cpu: "250m"
    memory: "256Mi"
  limits:
    cpu: "500m"
    memory: "512Mi"

For Orchestration and SIP Cluster Services, the CPU and memory requirement is high. Genesys recommends the following setting: 

resources:
  requests:
    cpu: "500m"
    memory: "1Gi"
  limits:
    cpu: "1500m"
    memory: "4Gi"

Log volume

This section captures parameters pertaining to log volumes needed by SIP Cluster Service. These parameters are needed for storing logging of SIP Server binary, which runs inside the SIP Cluster Service. Configure the values for storageClass and volumeName based on the recommendation given in the Persistent Volume section. 

# pvc will be created for logs
volumes:
  pvcLog:
    create: true
    claim: sip-log-pvc
    storageClass:
    volumeName:
   
  pvcJsonLog:
    create: true
    claim: sip-json-log-pvc
    storageClass:
    volumeName:
 
  log:
    mountPath:
 
  jsonLog:
    mountPath:

Configure Kubernetes

For information, see the following resources:

Configure security

Before you deploy the Voice Microservices, be sure to read Security Settings in the Setting up Genesys Multicloud CX Private Edition guide.

Security context configuration

The security context settings define the privilege and access control settings for pods and containers. For more information, see the Kubernetes documentation.

By default, the user and group IDs are set in the values.yaml file as 500:500:500, meaning the genesys user. 

containerSecurityContext:
  readOnlyRootFilesystem: false
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
podSecurityContext:
  fsGroup: 500
  runAsUser: 500
  runAsGroup: 500
  runAsNonRoot: true

Secrets for Voice services

Create the following Kubernetes secrets for other infrastructure services:

  1. Kafka
  2. docker-registry
  3. Redis

Kafka secrets

Kafka secrets must be created when Kafka is deployed. The secret is referenced in the Voice Microservices values.yaml file.

When Kafka is deployed without authentication, create the secret for Kafka as follows: 

kubectl create secret generic -n voice kafka-secrets-token --from-literal=kafka-secrets={\"bootstrap\":<kafka-bootstrap-url>}
for ex, kubectl create secret generic -n voice kafka-secrets-token --from-literal=kafka-secrets={\"bootstrap\":\"infra-kafka-cp-kafka.infra.svc.cluster.local:9092\"}

When Kafka is deployed with authentication, create the secret for Kafka using this method: 

kubectl create secret generic -n voice kafka-secrets-token --from-literal=kafka-secrets={\"bootstrap\":<kafka-bootstrap-url>, \"username\": <USERNAME>, \"password\": <PASSWORD>}
for ex, kubectl create secret generic -n voice kafka-secrets-token --from-literal=kafka-secrets={\"bootstrap\":\"infra-kafka-cp-kafka.infra.svc.cluster.local:9092\",\"username\":\"kafka-user\",\"password\":\"kafka-password\"}

Redis secrets

Ensure Redis is installed before you deploy the Voice Services.

Use the following commands to create Redis secrets: 

export REDIS_PASSWORD=$(kubectl get secret infra-redis-redis-cluster -n infra -o jsonpath="{.data.redis-password}" | base64 --decode)
kubectl create secret generic -n voice redis-agent-token --from-literal=redis-agent-state={\"password\":\"$REDIS_PASSWORD\"}
kubectl create secret generic -n voice redis-callthread-token --from-literal=redis-call-state={\"password\":\"$REDIS_PASSWORD\"}
kubectl create secret generic -n voice redis-config-token --from-literal=redis-config-state={\"password\":\"$REDIS_PASSWORD\"}
kubectl create secret generic -n voice redis-tenant-token --from-literal=redis-tenant-stream={\"password\":\"$REDIS_PASSWORD\"}
kubectl create secret generic -n voice redis-registrar-token --from-literal=redis-registrar-state={\"password\":\"$REDIS_PASSWORD\"}
kubectl create secret generic -n voice redis-sip-token --from-literal=redis-sip-state={\"password\":\"$REDIS_PASSWORD\"}
kubectl create secret generic -n voice redis-ors-stream-token --from-literal=redis-ors-stream={\"password\":\"$REDIS_PASSWORD\"}
kubectl create secret generic -n voice redis-ors-token --from-literal=redis-ors-state={\"password\":\"$REDIS_PASSWORD\"}
kubectl create secret generic -n voice redis-rq-token --from-literal=redis-rq-state={\"password\":\"$REDIS_PASSWORD\"}

JFrog secrets

Use the following commands to create JFrog secrets: 

kubectl create secret docker-registry <credential-name>  --docker-server=<docker-repo> --docker-username="$JFROG_USER" --docker-password="$JFROG_PASSWORD" -n voice
Retrieved from "https://all.docs.genesys.com/VM/Current/VMPEGuide/Configure (2025-07-21 12:30:51)"
Comments or questions about this documentation? Contact us for support!