Difference between revisions of "PEC-REP/Current/GIMPEGuide/ConfigureGCA"
From Genesys Documentation
(Published) |
(Published) |
||
| Line 7: | Line 7: | ||
|sectionHeading=Override Helm chart values | |sectionHeading=Override Helm chart values | ||
|alignment=Vertical | |alignment=Vertical | ||
| − | |structuredtext=Download the gca and gca-monitor Helm charts from JFrog using your credentials. You must override certain parameters in the '''values.yaml''' file | + | |structuredtext=Download the gca and gca-monitor Helm charts from JFrog using your credentials. You must override certain parameters in the '''values.yaml''' file to provide deployment-specific values for certain parameters. |
For general information about overriding Helm chart values, see {{SuiteLevelLink|helmoverride}} in the ''{{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|display text=Genesys Engage Cloud Private Edition Guide}}''. | For general information about overriding Helm chart values, see {{SuiteLevelLink|helmoverride}} in the ''{{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|display text=Genesys Engage Cloud Private Edition Guide}}''. | ||
| − | If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the ''' | + | If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the GCA '''values.yaml''' file, so that no user or group IDs are specified. For details, see [[{{FULLPAGENAME}}#Security|Configure security]], below. |
| − | At a minimum, you must override the following key entries in the ''' | + | At a minimum, you must override the following key entries in the GCA '''values.yaml''' file: |
*<tt>tag</tt> - the container image version | *<tt>tag</tt> - the container image version | ||
| Line 22: | Line 22: | ||
* <tt>NODE_EXTRA_CA_CERTS</tt> - points to the self-signed OpenShift service CA. This is the default path. | * <tt>NODE_EXTRA_CA_CERTS</tt> - points to the self-signed OpenShift service CA. This is the default path. | ||
*<tt>s3</tt> - the applicable s3 details defined with the OBC for GSP (see {{Link-SomewhereInThisVersion|manual=GIMPEGuide|topic=ConfigureGSP|anchor=S3Data|display text=Get S3 data}}). | *<tt>s3</tt> - the applicable s3 details defined with the OBC for GSP (see {{Link-SomewhereInThisVersion|manual=GIMPEGuide|topic=ConfigureGSP|anchor=S3Data|display text=Get S3 data}}). | ||
| − | ====The | + | ====The GCA '''values.yaml''' file==== |
| − | The following sample ''' | + | The following sample GCA '''values.yaml''' file, which may not be completely up to date, shows the key parameter values you must override. |
<source lang="bash">log_level: INFO | <source lang="bash">log_level: INFO | ||
tenant_id: shared | tenant_id: shared | ||
| Line 105: | Line 105: | ||
|structuredtext=The security context settings define the privilege and access control settings for pods and containers. | |structuredtext=The security context settings define the privilege and access control settings for pods and containers. | ||
| − | By default, the user and group IDs are set in the ''' | + | By default, the user and group IDs are set in the GCA '''values.yaml''' file as <tt>500:500:500</tt>, meaning the '''genesys''' user. |
<source lang="bash"> | <source lang="bash"> | ||
securityContext: | securityContext: | ||
| Line 116: | Line 116: | ||
</source> | </source> | ||
===Arbitrary UIDs in OpenShift=== | ===Arbitrary UIDs in OpenShift=== | ||
| − | If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the ''' | + | If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the GCA '''values.yaml''' file, so that you do not define any specific IDs. |
<source lang="bash"> | <source lang="bash"> | ||
securityContext: | securityContext: | ||
Revision as of 22:31, September 15, 2021
This topic is part of the manual Genesys Info Mart Private Edition Guide for version Current of Reporting.
Contents
Learn how to configure GIM Config Adapter (GCA).
Related documentation:
RSS:
Override Helm chart values
Download the gca and gca-monitor Helm charts from JFrog using your credentials. You must override certain parameters in the values.yaml file to provide deployment-specific values for certain parameters.
For general information about overriding Helm chart values, see Overriding Helm chart values in the Genesys Engage Cloud Private Edition Guide.
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the GCA values.yaml file, so that no user or group IDs are specified. For details, see Configure security, below.
At a minimum, you must override the following key entries in the GCA values.yaml file:
- tag - the container image version
- tenant_id - the TenantID of the tenant in use
- tenant_uuid - the TenantUUID that matches the TenantID.
- cfgdb - the tenant configuration database
- bootstrap - the Kafka address to align with the infrastructure Kafka
- NODE_EXTRA_CA_CERTS - points to the self-signed OpenShift service CA. This is the default path.
- s3 - the applicable s3 details defined with the OBC for GSP (see Get S3 data).
The GCA values.yaml file
The following sample GCA values.yaml file, which may not be completely up to date, shows the key parameter values you must override.
log_level: INFO
tenant_id: shared
tenant_uuid: 9350e2fc-a1dd-4c65-8d40-1f75a2e080dd
image:
registry: pureengage-docker-staging.jfrog.io
repository: gim/gca
pullPolicy: IfNotPresent
tag: <image-version>
imagePullSecrets:
pureengage-docker-dev: {}
pureengage-docker-staging: {}
jfrog-stage-credentials: {}
cfgdb:
name: '<tenant-db-name>'
engine: postgre
port: 5432
host: 'postgres-rw.infra.svc.cluster.local'
username: '<db-user>'
password: '<db-password>'
kafka:
bootstrap: 'infra-kafka-cp-kafka.infra.svc.cluster.local:9092'
security:
protocol: plaintext
sasl:
mechanism: PLAIN
extraEnv: |
- name: SNAPSHOT_STORAGE_PATH
value: "/tmp"
- name: NODE_EXTRA_CA_CERTS
value: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
#extraVolumeMounts: ''
volumes: |
- name: kafka-secrets
secret:
secretName: {{.Release.Name}}-kafka-secrets
- name: cfg-db-secrets
secret:
secretName: {{.Release.Name}}-cfgdb-secrets
- name: storage-account-secrets
secret:
secretName: {{ .Release.Name }}-storage-secret
ssl_db_connection: false
dnsConfig:
options:
- name: ndots
value: '3'
csi_enabled: false
tolerations: []
resources:
requests:
memory: 64Mi
cpu: '0.01'
limits:
memory: 4000Mi
cpu: '1'
storage:
wasb:
url: ''
account_name: ''
access_key: ''
s3:
bucket: '<bucket-name>'
gcaSnapshots: '/gca'
accessKey: '<access-key>'
secretKey: '<secret-key>'
useSSL: true
endPoint: '<bucket-host>'
port: <bucket-port>Configure Kubernetes
Content coming soon
Configure security
The security context settings define the privilege and access control settings for pods and containers.
By default, the user and group IDs are set in the GCA values.yaml file as 500:500:500, meaning the genesys user.
securityContext:
runAsNonRoot: true
runAsUser: 500
runAsGroup: 500
fsGroup: 500
containerSecurityContext: {}Arbitrary UIDs in OpenShift
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the GCA values.yaml file, so that you do not define any specific IDs.
securityContext:
runAsNonRoot: true
runAsUser: null
runAsGroup: 0
fsGroup: null
containerSecurityContext: {}Comments or questions about this documentation? Contact us for support!