Difference between revisions of "PEC-REP/Current/PulsePEGuide/Provision"

Revision as of 19:53, March 30, 2022

This topic is part of the manual Genesys Pulse Private Edition Guide for version Current of Reporting.

Prerequisites

Please complete Before you begin instructions.

Information you will need:

Versions:
- <image-version> = 100.0.000.0012
- <chart-versions>= 100.0.000+0012
K8S namespace pulse
Project Name pulse
Postgres credentials:
- <db-host>
- <db-port>
- <db-name>
- <db-user>
- <db-user-password>
- <db-ssl-mode>
Docker credentials:
- <docker-registry>
- <docker-registry-secret-name>
Redis credentials:
- <redis-host>
- <redis-port>
- <redis-password>
- <redis-enable-ssl>
Tenant service variables:
- <tenant-uuid>
- <tenant-sid>
- <tenant-name>
- <tenant-dcu>
GAuth/GWS service variables:
- <gauth-url-external>
- <gauth-url-internal>
- <gauth-client-id>
- <gauth-client-secret>
- <gws-url-external>
- <gws-url-internal>
Storage class:
- <pv-storage-class-rw-many>
- <pv-storage-class-rw-once>
Pulse:
- <pulse-host>
Domain:
- <domain> example: site.domain.com

Tenant provisioning

Install init tenant chart

Get the init-tenant helm chart

helm repo update
helm search repo <pulsehelmrepo>/init-tenant

Prepare the override file

Update the values-override-init-tenant.yaml file (GKE):
Important
We need to enable configurator only for configurations in GKE with VPC scoped DNS or OpenShift with single namespace.

# Default values for init-tenant.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
# * Images
# Replace for your values: registry and secret
image:
  tag: "<image-version>"
  pullPolicy: IfNotPresent
  registry: "<docker-registry>"
  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 
configurator:
  enabled: true
  # set service domain used to access voice service
  # example for GKE VPC case: voice.svc.gke1-uswest1.gcpe002.gencpe.com
  # example for OpenShift single namespace: genesys.svc.cluster.local.
  voiceDomain: "voice.svc.<domain>"
  # set service domain used to access ixn service
  # example for GKE VPC case: ixn.svc.gke1-uswest1.gcpe002.gencpe.com
  # example for OpenShift single namespace: genesys.svc.cluster.local.
  ixnDomain: "ixn.svc.<domain>"
  # set service domain used to access pulse service
  # example for GKE VPC case: pulse.svc.gke1-uswest1.gcpe002.gencpe.com
  # example for OpenShift single namespace: genesys.svc.cluster.local.
  pulseDomain: "pulse.svc.<domain>"
  # set configration server password, used when create secrets
  cfgUser: "default"
  # set configration server user, used when create secrets
  cfgPassword: "password"
  # common log configuration
  cfgHost: "tenant-9350e2fc-a1dd-4c65-8d40-1f75a2e080dd.voice.svc.<domain>"
 
log:
  # target directory where log will be stored, leave empty for default
  logDir: ""
  # path where volume will be mounted
  volumeMountPath: /data/log
  # log volume type: none | hostpath | pvc
  volumeType: none
  # log volume hostpath, used with volumeType "hostpath"
  volumeHostPath: /mnt/log
  # log PVC parameters, used with volumeType "pvc"
  pvc:
    name: pulse-init-tenant-logs
    accessModes:
      - ReadWriteMany
    capacity: 10Gi
    class: nfs-client
 
# * Tenant info
# Replace for your values
tenant:
  # Tenant UUID
  id: <tenant-uuid>
  # Tenant SID (like 0001)
  sid: <tenant-sid>
 
# common configuration.
config:
  dbName: "<db-name>"
  # set "true" when need @host added for username
  dbUserWithHost: true
  # set "true" for CSI secrets
  mountSecrets: false
  # Postgres config map name
  postgresConfig: "pulse-postgres-configmap"
  # Postgres secret name
  postgresSecret: "pulse-postgres-secret"
  # Postgres secret key for user
  postgresSecretUser: "META_DB_ADMIN"
  # Postgres secret key for password
  postgresSecretPassword: "META_DB_ADMINPWD"
 
## Service account settings
serviceAccount:
  # Specifies whether a service account should be created
  create: false
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 
## Add annotations to all pods
##
podAnnotations: {}
 
## Specifies the security context for all Pods in the service
##
podSecurityContext:
   fsGroup: null
   runAsUser: null
   runAsGroup: 0
   runAsNonRoot: true
 
## Resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
  limits:
    memory: 256Mi
    cpu: 200m
  requests:
    memory: 128Mi
    cpu: 100m
 
## Priority Class
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
 
## Node labels for assignment.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
 
## Tolerations for assignment.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
 
# * Templates
templates:
  - Agent_Group_Status.gpb
  - Agent_KPIs.gpb
  - Agent_Login.gpb
  - Alert_Widget.gpb
  - Callback_Activity.gpb
  - Campaign_Activity.gpb
  - Campaign_Callback_Status.gpb
  - Campaign_Group_Activity.gpb
  - Campaign_Group_Status.gpb
  - Chat_Agent_Activity.gpb
  - Chat_Queue_Activity.gpb
  - Chat_Service_Level_Performance.gpb
  - Chat_Waiting_Statistics.gpb
  - Email_Agent_Activity.gpb
  - Email_Queue_Activity.gpb
  - Facebook_Media_Activity.gpb
  - IFRAME.gpb
  - IWD_Agent_Activity.gpb
  - IWD_Queue_Activity.gpb
  - Queue_KPIs.gpb
  - Queue_Overflow_Reason.gpb
  - Static_Text.gpb
  - Twitter_Media_Activity.gpb
  - eServices_Agent_Activity.gpb
  - eServices_Queue_KPIs.gpb

Update the values-override-init-tenant.yaml file (OpenShift):

# Default values for init-tenant.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
# * Images
# Replace for your values: registry and secret
image:
  tag: "<image-version>"
  pullPolicy: IfNotPresent
  registry: "<docker-registry>"
  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 
# * Tenant info
# Replace for your values
tenant:
  # Tenant UUID
  id: <tenant-uuid>
  # Tenant SID (like 0001)
  sid: <tenant-sid>
 
# common configuration.
config:
  dbName: "<db-name>"
  # set "true" when need @host added for username
  dbUserWithHost: true
  # set "true" for CSI secrets
  mountSecrets: false
  # Postgres config map name
  postgresConfig: "pulse-postgres-configmap"
  # Postgres secret name
  postgresSecret: "pulse-postgres-secret"
  # Postgres secret key for user
  postgresSecretUser: "META_DB_ADMIN"
  # Postgres secret key for password
  postgresSecretPassword: "META_DB_ADMINPWD"
 
## Service account settings
serviceAccount:
  # Specifies whether a service account should be created
  create: false
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 
## Add annotations to all pods
##
podAnnotations: {}
 
## Specifies the security context for all Pods in the service
##
podSecurityContext:
   fsGroup: null
   runAsUser: null
   runAsGroup: 0
   runAsNonRoot: true
 
## Resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
  limits:
    memory: 256Mi
    cpu: 200m
  requests:
    memory: 128Mi
    cpu: 100m
 
## Priority Class
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
 
## Node labels for assignment.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
 
## Tolerations for assignment.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
 
# * Templates
templates:
  - Agent_Group_Status.gpb
  - Agent_KPIs.gpb
  - Agent_Login.gpb
  - Alert_Widget.gpb
  - Callback_Activity.gpb
  - Campaign_Activity.gpb
  - Campaign_Callback_Status.gpb
  - Campaign_Group_Activity.gpb
  - Campaign_Group_Status.gpb
  - Chat_Agent_Activity.gpb
  - Chat_Queue_Activity.gpb
  - Chat_Service_Level_Performance.gpb
  - Chat_Waiting_Statistics.gpb
  - Email_Agent_Activity.gpb
  - Email_Queue_Activity.gpb
  - Facebook_Media_Activity.gpb
  - IFRAME.gpb
  - IWD_Agent_Activity.gpb
  - IWD_Queue_Activity.gpb
  - Queue_KPIs.gpb
  - Queue_Overflow_Reason.gpb
  - Static_Text.gpb
  - Twitter_Media_Activity.gpb
  - eServices_Agent_Activity.gpb
  - eServices_Queue_KPIs.gpb

Install the init-tenant helm chart
Execute the following command to install the init-tenant helm chart:

helm upgrade --install "pulse-init-tenant-<tenant-sid>" pulsehelmrepo/init-tenant --wait --wait-for-jobs --version="<chart-version>"--namespace=pulse -f values-override-init-tenant.yaml

If installation is successful, the exit code 0 appears.

Validate the init-tenant helm chart
Execute the following command to validate the init-tenant helm chart:

kubectl get pods -n="pulse" -l "app.kubernetes.io/name=init-tenant,app.kubernetes.io/instance=pulse-init-tenant-<tenant-sid>"

If the deployment was successful, the pulse-init-tenant job is listed as Completed/. For example:

NAME                                     READY   STATUS      RESTARTS   AGE
pulse-init-tenant-100-job-qszgl          0/1     Completed   0          2d20h

Install dcu helm chart

Get the dcu helm chart

helm repo update
helm search repo <pulsehelmrepo>/dcu

Prepare the override file

Update the values-override-dcu.yaml file (GKE):

# Default values for dcu.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
replicaCount: "<tenant-dcu>"
 
# * Tenant info
# tenant identification, or empty for shared deployment
tenant:
  # Tenant UUID
  id: "<tenant-uuid>"
  # Tenant SID (like 0001)
  sid: "<tenant-sid>"
 
# * Common log configuration
log:
  # target directory where log will be stored, leave empty for default
  logDir: ""
  # path where volume will be mounted
  volumeMountPath: /data/log
  # log volume type: none | hostpath | pvc
  volumeType: pvc
  # log volume hostpath, used with volumeType "hostpath"
  volumeHostPath: /mnt/log
  # log PVC parameters, used with volumeType "pvc"
  pvc:
    name: pulse-dcu-logs
    accessModes:
      - ReadWriteMany
    capacity: 10Gi
    class: <pv-storage-class-rw-many>
 
# * Config info
# Set your values.
config:
  dbName: "<db-name>"
  # set "true" when need @host added for username
  dbUserWithHost: true
  mountSecrets: false
  postgresConfig: "pulse-postgres-configmap"
  # Postgres secret name
  postgresSecret: "pulse-postgres-secret"
  # Postgres secret key for user
  postgresSecretUser: "META_DB_ADMIN"
  # Postgres secret key for password
  postgresSecretPassword: "META_DB_ADMINPWD"
  redisConfig: "pulse-redis-configmap"
  # Redis secret name
  redisSecret: "pulse-redis-secret"
  # Redis secret key for access key
  redisSecretKey: "REDIS01_KEY"
 
# * Image
# container image common settings
image:
  tag: "<image-version>"
  pullPolicy: IfNotPresent
  registry: "<docker-registry>"
  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 
## Service account settings
serviceAccount:
  # Specifies whether a service account should be created
  create: false
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 
## Add annotations to all pods
##
podAnnotations: {}
 
## Specifies the security context for all Pods in the service
##
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
  fsGroup: 0
 
## Add labels to all pods
##
podLabels: {}
 
## HPA Settings
## Not supported in this release!
hpa:
  enabled: false
 
## Priority Class
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
 
## Node labels for assignment.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
 
## Tolerations for assignment.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
 
## Pod Disruption Budget Settings
podDisruptionBudget:
  enabled: false
 
## Affinity for assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
 
# * Monitoring settings
monitoring:
  # enable the Prometheus metrics endpoint
  enabled: false
  # enable golden signals metrics (not supported for PE)
  goldenSignals:
    enabled: false
  # port number of the Prometheus metrics endpoint
  port: 9091
  # HTTP path to scrape for metrics
  path: /metrics
  # additional annotations required for monitoring PODs
  # you can reference values of other variables as {{.Values.variable.full.name}}
  podAnnotations: {}
    # prometheus.io/scrape: "true"
    # prometheus.io/port: "{{.Values.monitoring.port}}"
    # prometheus.io/path: "/metrics"
  podMonitor:
    # enables PodMonitor creation for the POD
    enabled: true
    # interval at which metrics should be scraped
    scrapeInterval: 30s
    # timeout after which the scrape is ended
    scrapeTimeout:
    # namespace of the PodMonitor, defaults to the namespace of the POD
    namespace:
    additionalLabels: {}
  alerts:
    # enables alert rules
    enabled: true
    # alert condition duration
    duration: 5m
    # namespace of the alert rules, defaults to the namespace of the POD
    namespace:
    additionalLabels: {}
   
 
##########################################################################
 
# * Configuration for the Collector container
collector:
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "300Mi"
      # minimal CPU to reserve
      cpu: "200m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "4Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "8000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# * Configuration for the StatServer container
statserver:
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "300Mi"
      # minimal CPU to reserve
      cpu: "100m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "4Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "4000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# * Configuration for the monitor sidecar container
monitorSidecar:
  # resource limits for container
  resources:
    # disabled: true
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "30Mi"
      # minimal CPU to reserve
      cpu: "2m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "70Mi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "10m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
##########################################################################
 
# * Configuration for the Configuration Server Proxy container
csproxy:
  # define domain for the configuration host
  params:
    cfgHost: "tenant-<tenant-uuid>.voice.<domain>"
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "200Mi"
      # minimal CPU to reserve
      cpu: "50m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "2Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "1000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# volumeClaims contains persistent volume claims for services
# All available storage classes can be found here:
# https://github.com/genesysengage/tfm-azure-core-aks/blob/master/k8s-module/storage.tf
volumeClaims:
  # statserverBackup is storage for statserver backup data
  statserverBackup:
    name: statserver-backup
    accessModes:
      - ReadWriteOnce
    # capacity is storage capacity
    capacity: "1Gi"
    # class is storage class. Must be set explicitly.
    class: <pv-storage-class-rw-once>

Update the values-override-dcu.yaml file (OpenShift):

# Default values for dcu.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
replicaCount: "<tenant-dcu>"
 
# * Tenant info
# tenant identification, or empty for shared deployment
tenant:
  # Tenant UUID
  id: "<tenant-uuid>"
  # Tenant SID (like 0001)
  sid: "<tenant-sid>"
 
# * Common log configuration
log:
  # target directory where log will be stored, leave empty for default
  logDir: ""
  # path where volume will be mounted
  volumeMountPath: /data/log
  # log volume type: none | hostpath | pvc
  volumeType: pvc
  # log volume hostpath, used with volumeType "hostpath"
  volumeHostPath: /mnt/log
  # log PVC parameters, used with volumeType "pvc"
  pvc:
    name: pulse-dcu-logs
    accessModes:
      - ReadWriteMany
    capacity: 10Gi
    class: <pv-storage-class-rw-many>
 
# * Config info
# Set your values.
config:
  dbName: "<db-name>"
  # set "true" when need @host added for username
  dbUserWithHost: true
  mountSecrets: false
  postgresConfig: "pulse-postgres-configmap"
  # Postgres secret name
  postgresSecret: "pulse-postgres-secret"
  # Postgres secret key for user
  postgresSecretUser: "META_DB_ADMIN"
  # Postgres secret key for password
  postgresSecretPassword: "META_DB_ADMINPWD"
  redisConfig: "pulse-redis-configmap"
  # Redis secret name
  redisSecret: "pulse-redis-secret"
  # Redis secret key for access key
  redisSecretKey: "REDIS01_KEY"
 
# * Image
# container image common settings
image:
  tag: "<image-version>"
  pullPolicy: IfNotPresent
  registry: "<docker-registry>"
  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 
## Service account settings
serviceAccount:
  # Specifies whether a service account should be created
  create: false
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 
## Add annotations to all pods
##
podAnnotations: {}
 
## Specifies the security context for all Pods in the service
##
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
  fsGroup: 0
 
## Add labels to all pods
##
podLabels: {}
 
## HPA Settings
## Not supported in this release!
hpa:
  enabled: false
 
## Priority Class
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
 
## Node labels for assignment.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
 
## Tolerations for assignment.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
 
## Pod Disruption Budget Settings
podDisruptionBudget:
  enabled: false
 
## Affinity for assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
 
# * Monitoring settings
monitoring:
  # enable the Prometheus metrics endpoint
  enabled: false
  # enable golden signals metrics (not supported for PE)
  goldenSignals:
    enabled: false
  # port number of the Prometheus metrics endpoint
  port: 9091
  # HTTP path to scrape for metrics
  path: /metrics
  # additional annotations required for monitoring PODs
  # you can reference values of other variables as {{.Values.variable.full.name}}
  podAnnotations: {}
    # prometheus.io/scrape: "true"
    # prometheus.io/port: "{{.Values.monitoring.port}}"
    # prometheus.io/path: "/metrics"
  podMonitor:
    # enables PodMonitor creation for the POD
    enabled: true
    # interval at which metrics should be scraped
    scrapeInterval: 30s
    # timeout after which the scrape is ended
    scrapeTimeout:
    # namespace of the PodMonitor, defaults to the namespace of the POD
    namespace:
    additionalLabels: {}
  alerts:
    # enables alert rules
    enabled: true
    # alert condition duration
    duration: 5m
    # namespace of the alert rules, defaults to the namespace of the POD
    namespace:
    additionalLabels: {}
 
##########################################################################
 
# * Configuration for the Collector container
collector:
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "300Mi"
      # minimal CPU to reserve
      cpu: "200m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "4Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "8000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# * Configuration for the StatServer container
statserver:
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "300Mi"
      # minimal CPU to reserve
      cpu: "100m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "4Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "4000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# * Configuration for the monitor sidecar container
monitorSidecar:
  # resource limits for container
  resources:
    # disabled: true
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "30Mi"
      # minimal CPU to reserve
      cpu: "2m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "70Mi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "10m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
##########################################################################
 
# * Configuration for the Configuration Server Proxy container
csproxy:
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "200Mi"
      # minimal CPU to reserve
      cpu: "50m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "2Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "1000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# volumeClaims contains persistent volume claims for services
# All available storage classes can be found here:
# https://github.com/genesysengage/tfm-azure-core-aks/blob/master/k8s-module/storage.tf
volumeClaims:
  # statserverBackup is storage for statserver backup data
  statserverBackup:
    name: statserver-backup
    accessModes:
      - ReadWriteOnce
    # capacity is storage capacity
    capacity: "1Gi"
    # class is storage class. Must be set explicitly.
    class: <pv-storage-class-rw-once>

Install the dcu helm chart
Execute the following command to install the dcu helm chart:

helm upgrade --install "pulse-dcu-<tenant-sid>"  pulsehelmrepo/dcu --wait --reuse-values --version=<chart-version> --namespace=pulse -f values-override-dcu.yaml

Validate the dcu helm chart
Execute the following command to validate the dcu helm chart:

kubectl get pods -n=pulse -l "app.kubernetes.io/name=dcu,app.kubernetes.io/instance=pulse-dcu-<tenant-sid>"

The output should report that all pulse-dcu pods are running, for example:

NAME              READY   STATUS    RESTARTS   AGE
pulse-dcu-100-0   3/3     Running   0          5m23s
pulse-dcu-100-1   3/3     Running   0          4m47s

Install lds helm chart

Get the lds helm chart

helm repo update
helm search repo  <pulsehelmrepo>/lds

Prepare the override file

Update values in the values-override-lds.yaml file (GKE):

# Default values for lds.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
replicaCount: 2
 
# * Tenant info
# tenant identification, or empty for shared deployment
tenant:
  # Tenant UUID
  id: "<tenant-uuid>"
  # Tenant SID (like 0001)
  sid: "<tenant-sid>"
 
# * Common log configuration
log:
  # target directory where log will be stored, leave empty for default
  logDir: ""
  # path where volume will be mounted
  volumeMountPath: /data/log
  # log volume type: none | hostpath | pvc
  volumeType: pvc
  # log volume hostpath, used with volumeType "hostpath"
  volumeHostPath: /mnt/log
  # log PVC parameters, used with volumeType "pvc"
  pvc:
    name: pulse-lds-logs
    accessModes:
      - ReadWriteMany
    capacity: 10Gi
    class: <pv-storage-class-rw-many>
 
# * Container image common settings
image:
  tag: "<image-version>"
  pullPolicy: IfNotPresent
  registry: "<docker-registry>"
  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 
## Service account settings
serviceAccount:
  # Specifies whether a service account should be created
  create: false
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 
## Add annotations to all pods
##
podAnnotations: {}
 
## Specifies the security context for all Pods in the service
##
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
  fsGroup: 0
 
## Add labels to all pods
##
podLabels: {}
 
## HPA Settings
## Not supported in this release!
hpa:
  enabled: false
 
## Priority Class
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
 
## Node labels for assignment.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
 
## Tolerations for assignment.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
 
## Pod Disruption Budget Settings
podDisruptionBudget:
  enabled: false
 
## Affinity for assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
 
# * Monitoring settings
monitoring:
  # enable the Prometheus metrics endpoint
  enabled: false
  # enable golden signals metrics (not supported for PE)
  goldenSignals:
    enabled: false
  # port number of the Prometheus metrics endpoint
  port: 9091
  # HTTP path to scrape for metrics
  path: /metrics
  # additional annotations required for monitoring PODs
  # you can reference values of other variables as {{.Values.variable.full.name}}
  podAnnotations: {}
    # prometheus.io/scrape: "true"
    # prometheus.io/port: "{{.Values.monitoring.port}}"
    # prometheus.io/path: "/metrics"
  podMonitor:
    # enables PodMonitor creation for the POD
    enabled: true
    # interval at which metrics should be scraped
    scrapeInterval: 30s
    # timeout after which the scrape is ended
    scrapeTimeout:
    # namespace of the PodMonitor, defaults to the namespace of the POD
    namespace:
    additionalLabels: {}
  alerts:
    # enables alert rules
    enabled: true
    # alert condition duration
    duration: 5m
    # namespace of the alert rules, defaults to the namespace of the POD
    namespace:
    additionalLabels: {}
 
# * Configuration for the LDS container
lds:
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "50Mi"
      # minimal CPU to reserve
      cpu: "50m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "4Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "4000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# * Configuration for the monitor sidecar container
monitorSidecar:
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "30Mi"
      # minimal CPU to reserve
      cpu: "2m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "70Mi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "10m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# *  Configuration for the Configuration Server Proxy container
csproxy:
  # define domain for the configuration host
  params:
    cfgHost: "tenant-<tenant-uuid>.voice.<domain>"
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "200Mi"
      # minimal CPU to reserve
      cpu: "50m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "2Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "1000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500

Update values in the values-override-lds.yaml file (OpenShift):

# Default values for lds.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
replicaCount: 2
 
# * Tenant info
# tenant identification, or empty for shared deployment
tenant:
  # Tenant UUID
  id: "<tenant-uuid>"
  # Tenant SID (like 0001)
  sid: "<tenant-sid>"
 
# * Common log configuration
log:
  # target directory where log will be stored, leave empty for default
  logDir: ""
  # path where volume will be mounted
  volumeMountPath: /data/log
  # log volume type: none | hostpath | pvc
  volumeType: pvc
  # log volume hostpath, used with volumeType "hostpath"
  volumeHostPath: /mnt/log
  # log PVC parameters, used with volumeType "pvc"
  pvc:
    name: pulse-lds-logs
    accessModes:
      - ReadWriteMany
    capacity: 10Gi
    class: <pv-storage-class-rw-many>
 
# * Container image common settings
image:
  tag: "<image-version>"
  pullPolicy: IfNotPresent
  registry: "<docker-registry>"
  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 
## Service account settings
serviceAccount:
  # Specifies whether a service account should be created
  create: false
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 
## Add annotations to all pods
##
podAnnotations: {}
 
## Specifies the security context for all Pods in the service
##
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
  fsGroup: 0
 
## Add labels to all pods
##
podLabels: {}
 
## HPA Settings
## Not supported in this release!
hpa:
  enabled: false
 
## Priority Class
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
 
## Node labels for assignment.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
 
## Tolerations for assignment.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
 
## Pod Disruption Budget Settings
podDisruptionBudget:
  enabled: false
 
## Affinity for assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
 
# * Monitoring settings
monitoring:
  # enable the Prometheus metrics endpoint
  enabled: false
  # enable golden signals metrics (not supported for PE)
  goldenSignals:
    enabled: false
  # port number of the Prometheus metrics endpoint
  port: 9091
  # HTTP path to scrape for metrics
  path: /metrics
  # additional annotations required for monitoring PODs
  # you can reference values of other variables as {{.Values.variable.full.name}}
  podAnnotations: {}
    # prometheus.io/scrape: "true"
    # prometheus.io/port: "{{.Values.monitoring.port}}"
    # prometheus.io/path: "/metrics"
  podMonitor:
    # enables PodMonitor creation for the POD
    enabled: true
    # interval at which metrics should be scraped
    scrapeInterval: 30s
    # timeout after which the scrape is ended
    scrapeTimeout:
    # namespace of the PodMonitor, defaults to the namespace of the POD
    namespace:
    additionalLabels: {}
  alerts:
    # enables alert rules
    enabled: true
    # alert condition duration
    duration: 5m
    # namespace of the alert rules, defaults to the namespace of the POD
    namespace:
    additionalLabels: {}
 
# * Configuration for the LDS container
lds:
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "50Mi"
      # minimal CPU to reserve
      cpu: "50m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "4Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "4000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# * Configuration for the monitor sidecar container
monitorSidecar:
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "30Mi"
      # minimal CPU to reserve
      cpu: "2m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "70Mi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "10m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# *  Configuration for the Configuration Server Proxy container
csproxy:
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "200Mi"
      # minimal CPU to reserve
      cpu: "50m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "2Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "1000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500

Update values in the values-override-lds-vq.yaml file:

# Default values for lds.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
lds:
  params:
    cfgApp: "pulse-lds-vq-$((K8S_POD_INDEX % 2))"
 
log:
  pvc:
    name: pulse-lds-vq-logs

Install the lds helm chart
Execute the following command to install the lds helm chart:

helm upgrade --install "pulse-lds-<tenant-sid>"    pulsehelmrepo/lds --wait --version=<chart-version> --namespace=pulse -f values-override-lds.yaml
helm upgrade --install "pulse-lds-vq-<tenant-sid>" pulsehelmrepo/lds --wait --version=<chart-version> --namespace=pulse -f values-override-lds.yaml -f values-override-lds-vq.yaml

If the installation is successful, the exit code 0 appears.

Validate the lds helm chart
Execute the following command to validate the lds helm chart:

kubectl get pods -n=pulse -l "app.kubernetes.io/name=lds,app.kubernetes.io/instance=pulse-lds-<tenant-sid>"

The command should report all pulse-lds-vq pods as running, for example:

NAME              READY   STATUS    RESTARTS   AGE
pulse-lds-100-0   3/3     Running   0          2d20h
pulse-lds-100-1   3/3     Running   0          2d20h

Install permissions helm chart

Get the permissions helm chart

helm repo update
helm search repo <pulsehelmrepo>/permissions

Prepare the override file

Update values in the values-override-permissions.yaml file (GKE):

# Default values for permissions.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
# * Image configuration
image:
  tag: "<image-version>"
  pullPolicy: IfNotPresent
  registry: "<docker-registry>"
  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 
# * Tenant info
# tenant identification, or empty for shared deployment
tenant:
  # Tenant UUID
  id: "<tenant-uuid>"
  # Tenant SID (like 0001)
  sid: "<tenant-sid>"
 
# common configuration.
config:
  dbName: "<db-name>"
  # set "true" when need @host added for username
  dbUserWithHost: true
  # set "true" for CSI secrets
  mountSecrets: false
  # Postgres config map name
  postgresConfig: "pulse-postgres-configmap"
  # Postgres secret name
  postgresSecret: "pulse-postgres-secret"
  # Postgres secret key for user
  postgresSecretUser: "META_DB_ADMIN"
  # Postgres secret key for password
  postgresSecretPassword: "META_DB_ADMINPWD"
  # Redis config map name
  redisConfig: "pulse-redis-configmap"
  # Redis secret name
  redisSecret: "pulse-redis-secret"
  # Redis secret key for access key
  redisSecretKey: "REDIS01_KEY"
 
 
# * Configuration for the Configuration Server Proxy container
csproxy:
  # define domain for the configuration host
  params:
    cfgHost: "tenant-<tenant-uuid>.voice.<domain>"
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "200Mi"
      # minimal CPU to reserve
      cpu: "50m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "2Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "1000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# * Common log configuration
log:
  # target directory where log will be stored, leave empty for default
  logDir: ""
  # path where volume will be mounted
  volumeMountPath: /data/log
  # log volume type: none | hostpath | pvc
  volumeType: pvc
  # log volume hostpath, used with volumeType "hostpath"
  volumeHostPath: /mnt/log
  # log PVC parameters, used with volumeType "pvc"
  pvc:
    name: pulse-permissions-logs
    accessModes:
      - ReadWriteMany
    capacity: 10Gi
    class: <pv-storage-class-rw-many>
 
## Specifies the security context for all Pods in the service
##
podSecurityContext:
   fsGroup: null
   runAsUser: null
   runAsGroup: 0
   runAsNonRoot: true
 
## Resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
  limits:
    memory: "1Gi"
    cpu: "500m"
  requests:
    memory: "400Mi"
    cpu: "50m"
 
## HPA Settings
## Not supported in this release!
hpa:
  enabled: false
 
## Priority Class
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
 
## Node labels for assignment.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
 
## Tolerations for assignment.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
 
## Pod Disruption Budget Settings
podDisruptionBudget:
  enabled: false
 
## Affinity for assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}

Update values in the values-override-permissions.yaml file (OpenShift):

# Default values for permissions.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
# * Image configuration
image:
  tag: "<image-version>"
  pullPolicy: IfNotPresent
  registry: "<docker-registry>"
  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 
# * Tenant info
# tenant identification, or empty for shared deployment
tenant:
  # Tenant UUID
  id: "<tenant-uuid>"
  # Tenant SID (like 0001)
  sid: "<tenant-sid>"
 
# common configuration.
config:
  dbName: "<db-name>"
  # set "true" when need @host added for username
  dbUserWithHost: true
  # set "true" for CSI secrets
  mountSecrets: false
  # Postgres config map name
  postgresConfig: "pulse-postgres-configmap"
  # Postgres secret name
  postgresSecret: "pulse-postgres-secret"
  # Postgres secret key for user
  postgresSecretUser: "META_DB_ADMIN"
  # Postgres secret key for password
  postgresSecretPassword: "META_DB_ADMINPWD"
  # Redis config map name
  redisConfig: "pulse-redis-configmap"
  # Redis secret name
  redisSecret: "pulse-redis-secret"
  # Redis secret key for access key
  redisSecretKey: "REDIS01_KEY"
 
 
# * Configuration for the Configuration Server Proxy container
csproxy:
  # resource limits for container
  resources:
    # minimum resource requirements to start container
    requests:
      # minimal amount of memory required to start a container
      memory: "200Mi"
      # minimal CPU to reserve
      cpu: "50m"
    # resource limits for containers
    limits:
      # maximum amount of memory a container can use before being evicted
      # by the OOM Killer
      memory: "2Gi"
      # maximum amount of CPU resources that can be used and should be tuned to reflect
      # what the application can effectively use before needing to be horizontally scaled out
      cpu: "1000m"
  # securityContext:
  #   runAsUser: 500
  #   runAsGroup: 500
 
# * Common log configuration
log:
  # target directory where log will be stored, leave empty for default
  logDir: ""
  # path where volume will be mounted
  volumeMountPath: /data/log
  # log volume type: none | hostpath | pvc
  volumeType: pvc
  # log volume hostpath, used with volumeType "hostpath"
  volumeHostPath: /mnt/log
  # log PVC parameters, used with volumeType "pvc"
  pvc:
    name: pulse-permissions-logs
    accessModes:
      - ReadWriteMany
    capacity: 10Gi
    class: <pv-storage-class-rw-many>
 
## Specifies the security context for all Pods in the service
##
podSecurityContext:
   fsGroup: null
   runAsUser: null
   runAsGroup: 0
   runAsNonRoot: true
 
## Resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
  limits:
    memory: "1Gi"
    cpu: "500m"
  requests:
    memory: "400Mi"
    cpu: "50m"
 
## HPA Settings
## Not supported in this release!
hpa:
  enabled: false
 
## Priority Class
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
 
## Node labels for assignment.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
 
## Tolerations for assignment.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
 
## Pod Disruption Budget Settings
podDisruptionBudget:
  enabled: false
 
## Affinity for assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}

Install the permissions helm chart:
Execute the following command to install the permissions helm chart:

helm upgrade --install "pulse-permissions-<tenant-sid>" pulsehelmrepo/permissions --wait --version="<chart-version>" --namespace=pulse -f values-override-permissions.yaml

If installation is successful, the exit code 0 appears.

Validate the permissions helm chart:
Execute the following command to validate the permissions helm chart:

kubectl get pods -n=pulse -l "app.kubernetes.io/name=permissions,app.kubernetes.io/instance=pulse-permissions-<tenant-sid>"

The command should report all pulse-permissions pods as running, for example:

NAME                                    READY   STATUS    RESTARTS   AGE
pulse-permissions-100-c5ff8bb7d-jl7d7   2/2     Running   2          2d20h

Troubleshooting

Check init-tenant helm chart manifests
Execute the following command to output manifest into the helm-template directory:

helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template pulse-init-tenant-<tenant-sid> pulsehelmrepo/init-tenant -f values-override-init-tenant.yaml

Check dcu helm chart manifests
Execute the following command to output the dcu Helm chart manifest into the helm-template directory:

helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template pulse-dcu-<tenant-sid> pulsehelmrepo/dcu -f values-override-dcu.yaml

Check lds helm chart manifests
Execute the following command to output the lds chart manifest into the helm-template directory:

helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template pulse-lds-<tenant-sid> pulsehelmrepo/lds -f values-override-lds.yaml

Check permissions Helm chart manifests
Execute the following command to output the Helm chart manifest into the helm-template directory:

helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template pulse-permissions pulsehelmrepo/permissions -f values-override-permissions.yaml

Configure security

Arbitrary UIDs

If your OpenShift deployment uses arbitrary UIDs, you must override the securityContext settings. By default, the user and group IDs are set to 500:500:500. If your deployment uses arbitrary UIDs, update the podSecurityContext section in the YAML file for each chart as discussed in OpenShift security settings.

Genesys Pulse Private Edition Guide

Overview

Configure and deploy

Upgrade, roll back, or uninstall

Observability

Difference between revisions of "PEC-REP/Current/PulsePEGuide/Provision"

Revision as of 19:53, March 30, 2022

Contents

Prerequisites

Tenant provisioning

Install init tenant chart

Install dcu helm chart

Install lds helm chart

Install permissions helm chart

Troubleshooting

Configure security

Arbitrary UIDs

@@ Line 13: / Line 13: @@
 *Versions:
-**<image-version> = 9.0.100.10
+**<image-version> = 100.0.000.0012
-**<chart-versions>= 9.0.100+10
+**<chart-versions>= 100.0.000+0012
-*K8S namespace <namespace> (e.g. 'pulse')
+*K8S namespace pulse
-*Project Name <project-name> (e.g. 'pulse')
+*Project Name pulse
-*Postgres credentials
+*Postgres credentials:
 **<db-host>
 **<db-port>
@@ Line 23: / Line 23: @@
 **<db-user>
 **<db-user-password>
-**<db-superuser>
-**<db-superuser-password>
 **<db-ssl-mode>
-*Docker credentials
+*Docker credentials:
-**<docker-email>
+**<docker-registry>
-**<docker-password>
+**<docker-registry-secret-name>
-**<docker-user>
+*Redis credentials:
-*OpenShift credentials
-**<openshift-url>
-**<openshift-port>
-**<openshift-token>
-*Redis credentials
 **<redis-host>
 **<redis-port>
 **<redis-password>
 **<redis-enable-ssl>
-*Tenant service variables
+*Tenant service variables:
 **<tenant-uuid>
 **<tenant-sid>
 **<tenant-name>
+**<tenant-dcu>
+*GAuth/GWS service variables:
+**<gauth-url-external>
+**<gauth-url-internal>
+**<gauth-client-id>
+**<gauth-client-secret>
+**<gws-url-external>
+**<gws-url-internal>
+*Storage class:
+**<pv-storage-class-rw-many>
+**<pv-storage-class-rw-once>
+*Pulse:
+**<pulse-host>
+*Domain:
+**<domain> example: site.domain.com
-Fill appropriate placeholders in <tt>.shared_tenant_variables</tt>:<source lang="text">export PROJECT_NAME='<project-name>'
-export NAMESPACE='<namespace>'
-export CHART_VERSION='<chart-version>'
-export DB_HOST='<db-host>'
-export DB_PORT='<db-port>'
-export DB_NAME_SHARED='<db-name>'
-export DB_USER_SHARED='<db-user>'
-export DB_PASSWORD_SHARED='<db-user-password>'
-export DB_NAME_SUPERUSER='<db-superuser>'
-export DB_PASSWORD_SUPERUSER='<db-superuser-password>'
-export DB_SSL_MODE='<db-ssl-mode>'
-export DOCKER_REGISTRY_SECRET_NAME='<docker-registry-secret-name>'
-export DOCKER_REGISTRY='<docker-registry>'
-export DOCKER_TAG='<image-version>'
-export REDIS_ENABLE_SSL='<redis-enable-ssl>'
-export REDIS_PASWORD='<redis-password>'
-export REDIS_PORT='<redis-port>'
-export REDIS_HOST='<redis-host>'
-export TENANT_UUID='<tenant-uuid>'
-export TENANT_DCU='2'
-export TENANT_NAME='<tenant-name>'
-export TENANT_SID='<tenant-sid>'
-export PV_STORAGE_CLASS_RW_MANY='<rw-many-storage-class>'
-export PV_STORAGE_CLASS_RW_ONCE='<rw-once-storage-class>' </source>
 |Status=No
 }}{{Section
@@ Line 73: / Line 57: @@
 |alignment=Vertical
 |structuredtext====Install init tenant chart===
-'''Get the <tt>init-tenant</tt> helm chart'''
+'''Get the <tt>init-tenant</tt> helm chart'''<br/>
+<source lang="bash">helm repo update
+helm search repo <pulsehelmrepo>/init-tenant</source>
-Download the <tt>init-tenant</tt> helm chart from JFrog using your credentials.
+'''Prepare the override file''' <br/>
+*Update the <tt>values-override-init-tenant.yaml</tt>  file (GKE):
-'''Prepare override file'''
+*:{{NoteFormat|We need to enable configurator only for configurations in GKE with VPC scoped DNS or OpenShift with single namespace.
+}}
-Update the <tt>values-override-init-tenant.yaml file:</tt> <source lang="text"># Default values for init-tenant.
+*:<source lang="bash"># Default values for init-tenant.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
@@ Line 86: / Line 72: @@
 # Replace for your values: registry and secret
 image:
-  name: init
+   tag: "<image-version>"
-   tag: "${DOCKER_TAG}"
    pullPolicy: IfNotPresent
-   repository: "${DOCKER_REGISTRY}/pulse/"
+   registry: "<docker-registry>"
+  imagePullSecrets: [name: "<docker-registry-secret-name>"]
+configurator:
+  enabled: true
+  # set service domain used to access voice service
+  # example for GKE VPC case: voice.svc.gke1-uswest1.gcpe002.gencpe.com
+  # example for OpenShift single namespace: genesys.svc.cluster.local.
+  voiceDomain: "voice.svc.<domain>"
+  # set service domain used to access ixn service
+  # example for GKE VPC case: ixn.svc.gke1-uswest1.gcpe002.gencpe.com
+  # example for OpenShift single namespace: genesys.svc.cluster.local.
+  ixnDomain: "ixn.svc.<domain>"
+  # set service domain used to access pulse service
+  # example for GKE VPC case: pulse.svc.gke1-uswest1.gcpe002.gencpe.com
+  # example for OpenShift single namespace: genesys.svc.cluster.local.
+  pulseDomain: "pulse.svc.<domain>"
+  # set configration server password, used when create secrets
+  cfgUser: "default"
+  # set configration server user, used when create secrets
+  cfgPassword: "password"
+  # common log configuration
+  cfgHost: "tenant-9350e2fc-a1dd-4c65-8d40-1f75a2e080dd.voice.svc.<domain>"
-imagePullSecrets: [name: ${DOCKER_REGISTRY_SECRET_NAME}]
+log:
+  # target directory where log will be stored, leave empty for default
+  logDir: ""
+  # path where volume will be mounted
+  volumeMountPath: /data/log
+  # log volume type: none | hostpath | pvc
+  volumeType: none
+  # log volume hostpath, used with volumeType "hostpath"
+  volumeHostPath: /mnt/log
+  # log PVC parameters, used with volumeType "pvc"
+  pvc:
+    name: pulse-init-tenant-logs
+    accessModes:
+      - ReadWriteMany
+    capacity: 10Gi
+    class: nfs-client
 # * Tenant info
@@ Line 97: / Line 119: @@
 tenant:
    # Tenant UUID
-   id: ${TENANT_UUID}
+   id: <tenant-uuid>
    # Tenant SID (like 0001)
-   sid: ${TENANT_SID}
+   sid: <tenant-sid>
 # common configuration.
 config:
-   dbName: "${DB_NAME_SHARED}"
+   dbName: "<db-name>"
    # set "true" when need @host added for username
    dbUserWithHost: true
@@ Line 131: / Line 153: @@
 podAnnotations: {}
-## Containers should run as genesys user and cannot use elevated permissions
+## Specifies the security context for all Pods in the service
-## !!! THESE OPTIONS SHOULD NOT BE CHANGED UNLESS INSTRUCTED BY GENESYS !!!
+##
-# securityContext:
+podSecurityContext:
-#    runAsUser: 500
+   fsGroup: null
-#    runAsGroup: 500
+    runAsUser: null
+    runAsGroup: 0
+   runAsNonRoot: true
 ## Resource requests and limits
@@ Line 189: / Line 213: @@
    - Twitter_Media_Activity.gpb
    - eServices_Agent_Activity.gpb
-   - eServices_Queue_KPIs.gpb </source>
+   - eServices_Queue_KPIs.gpb
+</source>
-'''Install the <tt>init-tenant</tt> helm chart''' <source lang="text">source .tenant_init_variables
+*Update the <tt>values-override-init-tenant.yaml</tt>  file (OpenShift):
+*:<source lang="bash">
+# Default values for init-tenant.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+# * Images
+# Replace for your values: registry and secret
+image:
+  tag: "<image-version>"
+  pullPolicy: IfNotPresent
+  registry: "<docker-registry>"
+  imagePullSecrets: [name: "<docker-registry-secret-name>"]
+# * Tenant info
+# Replace for your values
+tenant:
+  # Tenant UUID
+  id: <tenant-uuid>
+  # Tenant SID (like 0001)
+  sid: <tenant-sid>
+# common configuration.
+config:
+  dbName: "<db-name>"
+  # set "true" when need @host added for username
+  dbUserWithHost: true
+  # set "true" for CSI secrets
+  mountSecrets: false
+  # Postgres config map name
+  postgresConfig: "pulse-postgres-configmap"
+  # Postgres secret name
+  postgresSecret: "pulse-postgres-secret"
+  # Postgres secret key for user
+  postgresSecretUser: "META_DB_ADMIN"
+  # Postgres secret key for password
+  postgresSecretPassword: "META_DB_ADMINPWD"
+## Service account settings
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+## Add annotations to all pods
+##
+podAnnotations: {}
+## Specifies the security context for all Pods in the service
+##
+podSecurityContext:
+   fsGroup: null
+   runAsUser: null
+   runAsGroup: 0
+   runAsNonRoot: true
+## Resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  limits:
+    memory: 256Mi
+    cpu: 200m
+  requests:
+    memory: 128Mi
+    cpu: 100m
+## Priority Class
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+priorityClassName: ""
+## Node labels for assignment.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for assignment.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
-envsubst < ./values-override-init-tenant.yaml | \
+# * Templates
-helm upgrade --install "pulse-init-tenant-${TENANT_SID}" pe-jfrog-stage/init-tenant \
+templates:
-      --wait --wait-for-jobs \
+  - Agent_Group_Status.gpb
-      --version="${CHART_VERSION}" \
+  - Agent_KPIs.gpb
-      --namespace="${NAMESPACE}" \
+  - Agent_Login.gpb
-      -f - </source>
+  - Alert_Widget.gpb
+  - Callback_Activity.gpb
+  - Campaign_Activity.gpb
+  - Campaign_Callback_Status.gpb
+  - Campaign_Group_Activity.gpb
+  - Campaign_Group_Status.gpb
+  - Chat_Agent_Activity.gpb
+  - Chat_Queue_Activity.gpb
+  - Chat_Service_Level_Performance.gpb
+  - Chat_Waiting_Statistics.gpb
+  - Email_Agent_Activity.gpb
+  - Email_Queue_Activity.gpb
+  - Facebook_Media_Activity.gpb
+  - IFRAME.gpb
+  - IWD_Agent_Activity.gpb
+  - IWD_Queue_Activity.gpb
+  - Queue_KPIs.gpb
+  - Queue_Overflow_Reason.gpb
+  - Static_Text.gpb
+  - Twitter_Media_Activity.gpb
+  - eServices_Agent_Activity.gpb
+  - eServices_Queue_KPIs.gpb
+</source>
-'''Validate the <tt>init-tenant</tt> helm chart'''<source lang="text"><source lang="text">source .tenant_init_variables
+'''Install the <tt>init-tenant</tt> helm chart''' <br/>
+Execute the following command to install the <tt>init-tenant</tt> helm chart:
-oc get pods -n="${NAMESPACE}" -l "app.kubernetes.io/name=init-tenant,app.kubernetes.io/instance=pulse-init-tenant-${TENANT_SID}" </source>
+<source lang="bash">
+helm upgrade --install "pulse-init-tenant-<tenant-sid>" pulsehelmrepo/init-tenant --wait --wait-for-jobs --version="<chart-version>"--namespace=pulse -f values-override-init-tenant.yaml
+</source>
+If installation is successful, the exit code <tt>0</tt> appears.
-The above command should report the <tt>pulse-init-tenant</tt> job as completed, for example:<source lang="text">
+'''Validate the <tt>init-tenant</tt> helm chart'''<br/>
-NAME                                    READY   STATUS      RESTARTS   AGE
+Execute the following command to validate the <tt>init-tenant</tt> helm chart:
-pulse-init-tenant-100-job-qszgl         0/1     Completed   0          2d20h </source>
+<source lang="bash">
+kubectl get pods -n="pulse" -l "app.kubernetes.io/name=init-tenant,app.kubernetes.io/instance=pulse-init-tenant-<tenant-sid>"
+</source>
+If the deployment was successful, the <tt>pulse-init-tenant</tt> job is listed as <tt>Completed</tt>/.
+For example:
+<source lang="bash">
+NAME                                     READY   STATUS      RESTARTS   AGE
+pulse-init-tenant-100-job-qszgl          0/1     Completed   0          2d20h
+</source>
 ===Install dcu helm chart===
-'''Get the <tt>dcu</tt> helm chart'''
+'''Get the <tt>dcu</tt> helm chart'''<br/>
+<source lang="bash">
+helm repo update
+helm search repo <pulsehelmrepo>/dcu
+</source>
-Download the <tt>dcu</tt> helm chart from JFrog using your credentials.
+'''Prepare the override file'''<br/>
+*Update the <tt>values-override-dcu.yaml</tt> file (GKE):
-'''Prepare override file'''
+*:<source lang="bash"># Default values for dcu.
-Update the <tt>values-override-dcu.yaml</tt> file:
-<source lang="text"># Default values for dcu.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
-replicaCount: "${TENANT_DCU}"
+replicaCount: "<tenant-dcu>"
 # * Tenant info
@@ Line 227: / Line 369: @@
 tenant:
    # Tenant UUID
-   id: "${TENANT_UUID}"
+   id: "<tenant-uuid>"
    # Tenant SID (like 0001)
-   sid: "${TENANT_SID}"
+   sid: "<tenant-sid>"
 # * Common log configuration
@@ Line 247: / Line 389: @@
        - ReadWriteMany
      capacity: 10Gi
-     class: ${PV_STORAGE_CLASS_RW_MANY}
+     class: <pv-storage-class-rw-many>
 # * Config info
 # Set your values.
 config:
-   dbName: "${DB_NAME_SHARED}"
+   dbName: "<db-name>"
    # set "true" when need @host added for username
    dbUserWithHost: true
-  # set "true" for CSI secrets
    mountSecrets: false
-  # Postgres config map name
    postgresConfig: "pulse-postgres-configmap"
    # Postgres secret name
@@ Line 274: / Line 414: @@
 # container image common settings
 image:
-  name:
+   tag: "<image-version>"
-   tag: "${DOCKER_TAG}"
    pullPolicy: IfNotPresent
-   repository: "${DOCKER_REGISTRY}/pulse/"
+   registry: "<docker-registry>"
+  imagePullSecrets: [name: "<docker-registry-secret-name>"]
-imagePullSecrets: [name: ${DOCKER_REGISTRY_SECRET_NAME}]
 ## Service account settings
@@ Line 294: / Line 432: @@
 ##
 podAnnotations: {}
+## Specifies the security context for all Pods in the service
+##
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 500
+  runAsGroup: 500
+  fsGroup: 0
 ## Add labels to all pods
@@ Line 303: / Line 449: @@
 hpa:
    enabled: false
 ## Priority Class
 ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
 ##
 priorityClassName: ""
 ## Node labels for assignment.
 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
 ##
 nodeSelector: {}
 ## Tolerations for assignment.
 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 ##
 tolerations: []
 ## Pod Disruption Budget Settings
 podDisruptionBudget:
    enabled: false
 ## Affinity for assignment.
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
@@ Line 332: / Line 478: @@
    # enable the Prometheus metrics endpoint
    enabled: false
+  # enable golden signals metrics (not supported for PE)
+  goldenSignals:
+    enabled: false
    # port number of the Prometheus metrics endpoint
    port: 9091
@@ Line 360: / Line 509: @@
      namespace:
      additionalLabels: {}
 ##########################################################################
@@ Line 434: / Line 584: @@
 # * Configuration for the Configuration Server Proxy container
 csproxy:
+  # define domain for the configuration host
+  params:
+    cfgHost: "tenant-<tenant-uuid>.voice.<domain>"
    # resource limits for container
    resources:
@@ Line 466: / Line 619: @@
      capacity: "1Gi"
      # class is storage class. Must be set explicitly.
-     class: ${PV_STORAGE_CLASS_RW_ONCE} </source>
+     class: <pv-storage-class-rw-once>
+</source>
-'''Install the <tt>dcu</tt> helm chart'''
+*Update the <tt>values-override-dcu.yaml</tt> file (OpenShift):
+*:<source lang="bash">
-<source lang="text">source .tenant_init_variables
+# Default values for dcu.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+replicaCount: "<tenant-dcu>"
+# * Tenant info
+# tenant identification, or empty for shared deployment
+tenant:
+  # Tenant UUID
+  id: "<tenant-uuid>"
+  # Tenant SID (like 0001)
+  sid: "<tenant-sid>"
+# * Common log configuration
+log:
+  # target directory where log will be stored, leave empty for default
+  logDir: ""
+  # path where volume will be mounted
+  volumeMountPath: /data/log
+  # log volume type: none | hostpath | pvc
+  volumeType: pvc
+  # log volume hostpath, used with volumeType "hostpath"
+  volumeHostPath: /mnt/log
+  # log PVC parameters, used with volumeType "pvc"
+  pvc:
+    name: pulse-dcu-logs
+    accessModes:
+      - ReadWriteMany
+    capacity: 10Gi
+    class: <pv-storage-class-rw-many>
+# * Config info
+# Set your values.
+config:
+  dbName: "<db-name>"
+  # set "true" when need @host added for username
+  dbUserWithHost: true
+  mountSecrets: false
+  postgresConfig: "pulse-postgres-configmap"
+  # Postgres secret name
+  postgresSecret: "pulse-postgres-secret"
+  # Postgres secret key for user
+  postgresSecretUser: "META_DB_ADMIN"
+  # Postgres secret key for password
+  postgresSecretPassword: "META_DB_ADMINPWD"
+  redisConfig: "pulse-redis-configmap"
+  # Redis secret name
+  redisSecret: "pulse-redis-secret"
+  # Redis secret key for access key
+  redisSecretKey: "REDIS01_KEY"
+# * Image
+# container image common settings
+image:
+  tag: "<image-version>"
+  pullPolicy: IfNotPresent
+  registry: "<docker-registry>"
+  imagePullSecrets: [name: "<docker-registry-secret-name>"]
+## Service account settings
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+## Add annotations to all pods
+##
+podAnnotations: {}
+## Specifies the security context for all Pods in the service
+##
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 500
+  runAsGroup: 500
+  fsGroup: 0
+## Add labels to all pods
+##
+podLabels: {}
+## HPA Settings
+## Not supported in this release!
+hpa:
+  enabled: false
+## Priority Class
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+priorityClassName: ""
+## Node labels for assignment.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for assignment.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Pod Disruption Budget Settings
+podDisruptionBudget:
+  enabled: false
+## Affinity for assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+# * Monitoring settings
+monitoring:
+  # enable the Prometheus metrics endpoint
+  enabled: false
+  # enable golden signals metrics (not supported for PE)
+  goldenSignals:
+    enabled: false
+  # port number of the Prometheus metrics endpoint
+  port: 9091
+  # HTTP path to scrape for metrics
+  path: /metrics
+  # additional annotations required for monitoring PODs
+  # you can reference values of other variables as {{.Values.variable.full.name}}
+  podAnnotations: {}
+    # prometheus.io/scrape: "true"
+    # prometheus.io/port: "{{.Values.monitoring.port}}"
+    # prometheus.io/path: "/metrics"
+  podMonitor:
+    # enables PodMonitor creation for the POD
+    enabled: true
+    # interval at which metrics should be scraped
+    scrapeInterval: 30s
+    # timeout after which the scrape is ended
+    scrapeTimeout:
+    # namespace of the PodMonitor, defaults to the namespace of the POD
+    namespace:
+    additionalLabels: {}
+  alerts:
+    # enables alert rules
+    enabled: true
+    # alert condition duration
+    duration: 5m
+    # namespace of the alert rules, defaults to the namespace of the POD
+    namespace:
+    additionalLabels: {}
+##########################################################################
+# * Configuration for the Collector container
+collector:
+  # resource limits for container
+  resources:
+    # minimum resource requirements to start container
+    requests:
+      # minimal amount of memory required to start a container
+      memory: "300Mi"
+      # minimal CPU to reserve
+      cpu: "200m"
+    # resource limits for containers
+    limits:
+      # maximum amount of memory a container can use before being evicted
+      # by the OOM Killer
+      memory: "4Gi"
+      # maximum amount of CPU resources that can be used and should be tuned to reflect
+      # what the application can effectively use before needing to be horizontally scaled out
+      cpu: "8000m"
+  # securityContext:
+  #   runAsUser: 500
+  #   runAsGroup: 500
+# * Configuration for the StatServer container
+statserver:
+  # resource limits for container
+  resources:
+    # minimum resource requirements to start container
+    requests:
+      # minimal amount of memory required to start a container
+      memory: "300Mi"
+      # minimal CPU to reserve
+      cpu: "100m"
+    # resource limits for containers
+    limits:
+      # maximum amount of memory a container can use before being evicted
+      # by the OOM Killer
+      memory: "4Gi"
+      # maximum amount of CPU resources that can be used and should be tuned to reflect
+      # what the application can effectively use before needing to be horizontally scaled out
+      cpu: "4000m"
+  # securityContext:
+  #   runAsUser: 500
+  #   runAsGroup: 500
+# * Configuration for the monitor sidecar container
+monitorSidecar:
+  # resource limits for container
+  resources:
+    # disabled: true
+    # minimum resource requirements to start container
+    requests:
+      # minimal amount of memory required to start a container
+      memory: "30Mi"
+      # minimal CPU to reserve
+      cpu: "2m"
+    # resource limits for containers
+    limits:
+      # maximum amount of memory a container can use before being evicted
+      # by the OOM Killer
+      memory: "70Mi"
+      # maximum amount of CPU resources that can be used and should be tuned to reflect
+      # what the application can effectively use before needing to be horizontally scaled out
+      cpu: "10m"
+  # securityContext:
+  #   runAsUser: 500
+  #   runAsGroup: 500
+##########################################################################
-envsubst < ./values-override-dcu.yaml | \
+# * Configuration for the Configuration Server Proxy container
-helm upgrade --install "pulse-dcu-${TENANT_SID}" pe-jfrog-stage/dcu \
+csproxy:
-       --wait \
+  # resource limits for container
-       --reuse-values \
+  resources:
-       --version="${CHART_VERSION}" \
+    # minimum resource requirements to start container
-       --namespace="${NAMESPACE}" \
+    requests:
-       -f - </source>
+      # minimal amount of memory required to start a container
+      memory: "200Mi"
-'''Validate the <tt>dcu</tt> helm chart'''
+       # minimal CPU to reserve
+       cpu: "50m"
-<source lang="text">source .tenant_init_variables
+    # resource limits for containers
+    limits:
+       # maximum amount of memory a container can use before being evicted
+      # by the OOM Killer
+       memory: "2Gi"
+       # maximum amount of CPU resources that can be used and should be tuned to reflect
+      # what the application can effectively use before needing to be horizontally scaled out
+      cpu: "1000m"
+  # securityContext:
+  #   runAsUser: 500
+  #   runAsGroup: 500
-oc get pods -n="${NAMESPACE}" -l "app.kubernetes.io/name=dcu,app.kubernetes.io/instance=pulse-dcu-${TENANT_SID}" </source>
+# volumeClaims contains persistent volume claims for services
+# All available storage classes can be found here:
+# https://github.com/genesysengage/tfm-azure-core-aks/blob/master/k8s-module/storage.tf
+volumeClaims:
+  # statserverBackup is storage for statserver backup data
+  statserverBackup:
+    name: statserver-backup
+    accessModes:
+      - ReadWriteOnce
+    # capacity is storage capacity
+    capacity: "1Gi"
+    # class is storage class. Must be set explicitly.
+    class: <pv-storage-class-rw-once></source>
-The above command should report all <tt>pulse-dcu</tt> pods as running, for example:
+'''Install the <tt>dcu</tt> helm chart'''<br/>
-<source lang="text">NAME              READY   STATUS    RESTARTS   AGE
+Execute the following command to install the <tt>dcu</tt> helm chart:
-pulse-dcu-100-0   4/4     Running   2          2d20h
+<source lang="bash">helm upgrade --install "pulse-dcu-<tenant-sid>"  pulsehelmrepo/dcu --wait --reuse-values --version=<chart-version> --namespace=pulse -f values-override-dcu.yaml
-pulse-dcu-100-1   4/4     Running   0          167m </source>
+</source>
-===Install lds helm cahrt===
+'''Validate the <tt>dcu</tt> helm chart'''<br/>
+Execute the following command to validate the <tt>dcu</tt> helm chart:
+<source lang="bash">kubectl get pods -n=pulse -l "app.kubernetes.io/name=dcu,app.kubernetes.io/instance=pulse-dcu-<tenant-sid>"
+</source>
+The output should report that all <tt>pulse-dcu</tt> pods are running, for example:
+<source lang="bash">
+NAME              READY   STATUS    RESTARTS   AGE
+pulse-dcu-100-0   3/3     Running   0          5m23s
+pulse-dcu-100-1   3/3     Running   0          4m47s
+</source>
-'''Get the <tt>lds</tt> helm chart'''
+===Install lds helm chart===
-Download the <tt>lds</tt> helm chart from JFrog using your credentials.
+'''Get the <tt>lds</tt> helm chart'''<br/>
+<source lang="bash">helm repo update
+helm search repo  <pulsehelmrepo>/lds</source>
-'''Prepare override file'''
+'''Prepare the override file'''<br/>
+*Update values in the <tt>values-override-lds.yaml</tt> file (GKE):
-Update the <tt>values-override-lds.yaml</tt> file:
+*:<source lang="bash"># Default values for lds.
-<source lang="text"># Default values for lds.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
@@ Line 510: / Line 915: @@
 tenant:
    # Tenant UUID
-   id: "${TENANT_UUID}"
+   id: "<tenant-uuid>"
    # Tenant SID (like 0001)
-   sid: "${TENANT_SID}"
+   sid: "<tenant-sid>"
 # * Common log configuration
@@ Line 530: / Line 935: @@
        - ReadWriteMany
      capacity: 10Gi
-     class: ${PV_STORAGE_CLASS_RW_MANY}
+     class: <pv-storage-class-rw-many>
 # * Container image common settings
 image:
-  name:
+   tag: "<image-version>"
-   tag: "${DOCKER_TAG}"
    pullPolicy: IfNotPresent
-   repository: "${DOCKER_REGISTRY}/pulse/"
+   registry: "<docker-registry>"
+  imagePullSecrets: [name: "<docker-registry-secret-name>"]
+## Service account settings
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+## Add annotations to all pods
+##
+podAnnotations: {}
+## Specifies the security context for all Pods in the service
+##
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 500
+  runAsGroup: 500
+  fsGroup: 0
+## Add labels to all pods
+##
+podLabels: {}
+## HPA Settings
+## Not supported in this release!
+hpa:
+  enabled: false
+## Priority Class
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+priorityClassName: ""
+## Node labels for assignment.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for assignment.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
-imagePullSecrets: [name: ${DOCKER_REGISTRY_SECRET_NAME}]
+## Pod Disruption Budget Settings
+podDisruptionBudget:
+  enabled: false
+## Affinity for assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+# * Monitoring settings
+monitoring:
+  # enable the Prometheus metrics endpoint
+  enabled: false
+  # enable golden signals metrics (not supported for PE)
+  goldenSignals:
+    enabled: false
+  # port number of the Prometheus metrics endpoint
+  port: 9091
+  # HTTP path to scrape for metrics
+  path: /metrics
+  # additional annotations required for monitoring PODs
+  # you can reference values of other variables as {{.Values.variable.full.name}}
+  podAnnotations: {}
+    # prometheus.io/scrape: "true"
+    # prometheus.io/port: "{{.Values.monitoring.port}}"
+    # prometheus.io/path: "/metrics"
+  podMonitor:
+    # enables PodMonitor creation for the POD
+    enabled: true
+    # interval at which metrics should be scraped
+    scrapeInterval: 30s
+    # timeout after which the scrape is ended
+    scrapeTimeout:
+    # namespace of the PodMonitor, defaults to the namespace of the POD
+    namespace:
+    additionalLabels: {}
+  alerts:
+    # enables alert rules
+    enabled: true
+    # alert condition duration
+    duration: 5m
+    # namespace of the alert rules, defaults to the namespace of the POD
+    namespace:
+    additionalLabels: {}
+# * Configuration for the LDS container
+lds:
+  # resource limits for container
+  resources:
+    # minimum resource requirements to start container
+    requests:
+      # minimal amount of memory required to start a container
+      memory: "50Mi"
+      # minimal CPU to reserve
+      cpu: "50m"
+    # resource limits for containers
+    limits:
+      # maximum amount of memory a container can use before being evicted
+      # by the OOM Killer
+      memory: "4Gi"
+      # maximum amount of CPU resources that can be used and should be tuned to reflect
+      # what the application can effectively use before needing to be horizontally scaled out
+      cpu: "4000m"
+  # securityContext:
+  #   runAsUser: 500
+  #   runAsGroup: 500
+# * Configuration for the monitor sidecar container
+monitorSidecar:
+  # resource limits for container
+  resources:
+    # minimum resource requirements to start container
+    requests:
+      # minimal amount of memory required to start a container
+      memory: "30Mi"
+      # minimal CPU to reserve
+      cpu: "2m"
+    # resource limits for containers
+    limits:
+      # maximum amount of memory a container can use before being evicted
+      # by the OOM Killer
+      memory: "70Mi"
+      # maximum amount of CPU resources that can be used and should be tuned to reflect
+      # what the application can effectively use before needing to be horizontally scaled out
+      cpu: "10m"
+  # securityContext:
+  #   runAsUser: 500
+  #   runAsGroup: 500
+# *  Configuration for the Configuration Server Proxy container
+csproxy:
+  # define domain for the configuration host
+  params:
+    cfgHost: "tenant-<tenant-uuid>.voice.<domain>"
+  resources:
+    # minimum resource requirements to start container
+    requests:
+      # minimal amount of memory required to start a container
+      memory: "200Mi"
+      # minimal CPU to reserve
+      cpu: "50m"
+    # resource limits for containers
+    limits:
+      # maximum amount of memory a container can use before being evicted
+      # by the OOM Killer
+      memory: "2Gi"
+      # maximum amount of CPU resources that can be used and should be tuned to reflect
+      # what the application can effectively use before needing to be horizontally scaled out
+      cpu: "1000m"
+  # securityContext:
+  #   runAsUser: 500
+  #   runAsGroup: 500</source>
+*Update values in the <tt>values-override-lds.yaml</tt> file (OpenShift):
+*:<source lang="bash">
+# Default values for lds.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+replicaCount: 2
+# * Tenant info
+# tenant identification, or empty for shared deployment
+tenant:
+  # Tenant UUID
+  id: "<tenant-uuid>"
+  # Tenant SID (like 0001)
+  sid: "<tenant-sid>"
+# * Common log configuration
+log:
+  # target directory where log will be stored, leave empty for default
+  logDir: ""
+  # path where volume will be mounted
+  volumeMountPath: /data/log
+  # log volume type: none | hostpath | pvc
+  volumeType: pvc
+  # log volume hostpath, used with volumeType "hostpath"
+  volumeHostPath: /mnt/log
+  # log PVC parameters, used with volumeType "pvc"
+  pvc:
+    name: pulse-lds-logs
+    accessModes:
+      - ReadWriteMany
+    capacity: 10Gi
+    class: <pv-storage-class-rw-many>
+# * Container image common settings
+image:
+  tag: "<image-version>"
+  pullPolicy: IfNotPresent
+  registry: "<docker-registry>"
+  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 ## Service account settings
@@ Line 554: / Line 1,156: @@
 ##
 podAnnotations: {}
+## Specifies the security context for all Pods in the service
+##
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 500
+  runAsGroup: 500
+  fsGroup: 0
 ## Add labels to all pods
@@ Line 563: / Line 1,173: @@
 hpa:
    enabled: false
 ## Priority Class
 ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
 ##
 priorityClassName: ""
 ## Node labels for assignment.
 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
 ##
 nodeSelector: {}
 ## Tolerations for assignment.
 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 ##
 tolerations: []
 ## Pod Disruption Budget Settings
 podDisruptionBudget:
    enabled: false
 ## Affinity for assignment.
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 ##
 affinity: {}
 # * Monitoring settings
 monitoring:
    # enable the Prometheus metrics endpoint
    enabled: false
+  # enable golden signals metrics (not supported for PE)
+  goldenSignals:
+    enabled: false
    # port number of the Prometheus metrics endpoint
    port: 9091
@@ Line 619: / Line 1,233: @@
      namespace:
      additionalLabels: {}
 # * Configuration for the LDS container
@@ Line 684: / Line 1,297: @@
    # securityContext:
    #   runAsUser: 500
-   #   runAsGroup: 500 </source>
+   #   runAsGroup: 500</source>
-'''Install the <tt>lds</tt> helm chart'''
+'''Update values in the <tt>values-override-lds-vq.yaml</tt> file:'''
-<source lang="text">source .tenant_init_variables
+<source lang="bash"># Default values for lds.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+lds:
+  params:
+    cfgApp: "pulse-lds-vq-$((K8S_POD_INDEX % 2))"
-envsubst < ./values-override-lds.yaml | \
+log:
-helm upgrade --install "pulse-lds-${TENANT_SID}" pe-jfrog-stage/lds \
+  pvc:
-      --wait \
+    name: pulse-lds-vq-logs
-      --version="${CHART_VERSION}" \
+</source>
-      --namespace="${NAMESPACE}" \
-      -f - </source>
-'''Validate the <tt>lds</tt> helm chart'''
+'''Install the <tt>lds</tt> helm chart'''<br/>
-<source lang="text">source .tenant_init_variables
+Execute the following command to install the <tt>lds</tt> helm chart:
+<source lang="bash">
-oc get pods -n="${NAMESPACE}" -l "app.kubernetes.io/name=lds,app.kubernetes.io/instance=pulse-lds-${TENANT_SID}"
+helm upgrade --install "pulse-lds-<tenant-sid>"    pulsehelmrepo/lds --wait --version=<chart-version> --namespace=pulse -f values-override-lds.yaml
- </source>
+helm upgrade --install "pulse-lds-vq-<tenant-sid>" pulsehelmrepo/lds --wait --version=<chart-version> --namespace=pulse -f values-override-lds.yaml -f values-override-lds-vq.yaml
+</source>
+If the installation is successful, the exit code <tt>0</tt> appears.
-The above command should report all pulse-lds pods as running, for example:
+'''Validate the <tt>lds</tt> helm chart'''<br/>
-<source lang="text">
+Execute the following command to validate the <tt>lds</tt> helm chart:
+<source lang="bash">kubectl get pods -n=pulse -l "app.kubernetes.io/name=lds,app.kubernetes.io/instance=pulse-lds-<tenant-sid>"
+</source>
+The command should report all pulse-lds-vq pods as running, for example:
+<source lang="bash">
 NAME              READY   STATUS    RESTARTS   AGE
 pulse-lds-100-0   3/3     Running   0          2d20h
@@ Line 710: / Line 1,333: @@
 ===Install permissions helm chart===
 '''Get the <tt>permissions</tt> helm chart'''
+<source lang="bash">helm repo update
+helm search repo <pulsehelmrepo>/permissions</source>
-Download the <tt>permissions</tt> helm chart from JFrog using your credentials.
+'''Prepare the override file'''<br/>
+*Update values in the <tt>values-override-permissions.yaml</tt> file (GKE):
-'''Prepare override file'''
+*:<source lang="bash"># Default values for permissions.
-Update the <tt>values-override-permissions.yaml</tt> file:
-<source lang="text"># Default values for permissions.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
@@ Line 722: / Line 1,344: @@
 # * Image configuration
 image:
-  name: userpermissions
+   tag: "<image-version>"
-   tag: "${DOCKER_TAG}"
    pullPolicy: IfNotPresent
-   repository: "${DOCKER_REGISTRY}/pulse/"
+   registry: "<docker-registry>"
+   imagePullSecrets: [name: "<docker-registry-secret-name>"]
-   imagePullSecrets: [name: ${DOCKER_REGISTRY_SECRET_NAME}]
 # * Tenant info
@@ Line 733: / Line 1,353: @@
 tenant:
    # Tenant UUID
-   id: "${TENANT_UUID}"
+   id: "<tenant-uuid>"
    # Tenant SID (like 0001)
-   sid: "${TENANT_SID}"
+   sid: "<tenant-sid>"
 # common configuration.
 config:
-   dbName: "${DB_NAME_SHARED}"
+   dbName: "<db-name>"
    # set "true" when need @host added for username
    dbUserWithHost: true
@@ Line 762: / Line 1,382: @@
 # * Configuration for the Configuration Server Proxy container
 csproxy:
+  # define domain for the configuration host
+  params:
+    cfgHost: "tenant-<tenant-uuid>.voice.<domain>"
    # resource limits for container
    resources:
@@ Line 798: / Line 1,421: @@
        - ReadWriteMany
      capacity: 10Gi
-     class: ${PV_STORAGE_CLASS_RW_MANY}
+     class: <pv-storage-class-rw-many>
-## Containers should run as genesys user and cannot use elevated permissions
+## Specifies the security context for all Pods in the service
-## !!! THESE OPTIONS SHOULD NOT BE CHANGED UNLESS INSTRUCTED BY GENESYS !!!
+##
-# securityContext:
+podSecurityContext:
-#    runAsUser: 500
+   fsGroup: null
-#    runAsGroup: 500
+    runAsUser: null
+    runAsGroup: 0
+   runAsNonRoot: true
 ## Resource requests and limits
@@ Line 816: / Line 1,441: @@
      memory: "400Mi"
      cpu: "50m"
 ## HPA Settings
 ## Not supported in this release!
 hpa:
    enabled: false
 ## Priority Class
 ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
 ##
 priorityClassName: ""
 ## Node labels for assignment.
 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
 ##
 nodeSelector: {}
 ## Tolerations for assignment.
 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 ##
 tolerations: []
 ## Pod Disruption Budget Settings
 podDisruptionBudget:
    enabled: false
 ## Affinity for assignment.
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 ##
-affinity: {}
+affinity: {}</source>
+*Update values in the <tt>values-override-permissions.yaml</tt> file (OpenShift):
+*:<source lang="bash">
+# Default values for permissions.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+# * Image configuration
+image:
+  tag: "<image-version>"
+  pullPolicy: IfNotPresent
+  registry: "<docker-registry>"
+  imagePullSecrets: [name: "<docker-registry-secret-name>"]
+# * Tenant info
+# tenant identification, or empty for shared deployment
+tenant:
+  # Tenant UUID
+  id: "<tenant-uuid>"
+  # Tenant SID (like 0001)
+  sid: "<tenant-sid>"
+# common configuration.
+config:
+  dbName: "<db-name>"
+  # set "true" when need @host added for username
+  dbUserWithHost: true
+  # set "true" for CSI secrets
+  mountSecrets: false
+  # Postgres config map name
+  postgresConfig: "pulse-postgres-configmap"
+  # Postgres secret name
+  postgresSecret: "pulse-postgres-secret"
+  # Postgres secret key for user
+  postgresSecretUser: "META_DB_ADMIN"
+  # Postgres secret key for password
+  postgresSecretPassword: "META_DB_ADMINPWD"
+  # Redis config map name
+  redisConfig: "pulse-redis-configmap"
+  # Redis secret name
+  redisSecret: "pulse-redis-secret"
+  # Redis secret key for access key
+  redisSecretKey: "REDIS01_KEY"
+# * Configuration for the Configuration Server Proxy container
+csproxy:
+  # resource limits for container
+  resources:
+    # minimum resource requirements to start container
+    requests:
+      # minimal amount of memory required to start a container
+      memory: "200Mi"
+      # minimal CPU to reserve
+      cpu: "50m"
+    # resource limits for containers
+    limits:
+      # maximum amount of memory a container can use before being evicted
+      # by the OOM Killer
+      memory: "2Gi"
+      # maximum amount of CPU resources that can be used and should be tuned to reflect
+      # what the application can effectively use before needing to be horizontally scaled out
+      cpu: "1000m"
+  # securityContext:
+  #   runAsUser: 500
+  #   runAsGroup: 500
+# * Common log configuration
+log:
+  # target directory where log will be stored, leave empty for default
+  logDir: ""
+  # path where volume will be mounted
+  volumeMountPath: /data/log
+  # log volume type: none | hostpath | pvc
+  volumeType: pvc
+  # log volume hostpath, used with volumeType "hostpath"
+  volumeHostPath: /mnt/log
+  # log PVC parameters, used with volumeType "pvc"
+  pvc:
+    name: pulse-permissions-logs
+    accessModes:
+      - ReadWriteMany
+    capacity: 10Gi
+    class: <pv-storage-class-rw-many>
+## Specifies the security context for all Pods in the service
+##
+podSecurityContext:
+   fsGroup: null
+   runAsUser: null
+   runAsGroup: 0
+   runAsNonRoot: true
+## Resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  limits:
+    memory: "1Gi"
+    cpu: "500m"
+  requests:
+    memory: "400Mi"
+    cpu: "50m"
+## HPA Settings
+## Not supported in this release!
+hpa:
+  enabled: false
+## Priority Class
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+priorityClassName: ""
+## Node labels for assignment.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
-## Add annotations to all pods
+## Tolerations for assignment.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 ##
-podAnnotations: {}
+tolerations: []
-## Add labels to all pods
+## Pod Disruption Budget Settings
+podDisruptionBudget:
+   enabled: false
+## Affinity for assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 ##
-podLabels: {} </source>
+affinity: {}</source>
-'''Install permissions helm chart'''
+'''Install the permissions helm chart:'''<br/>
-<source lang="text">source .tenant_init_variables
+Execute the following command to install the permissions helm chart:
+<source lang="bash">helm upgrade --install "pulse-permissions-<tenant-sid>" pulsehelmrepo/permissions --wait --version="<chart-version>" --namespace=pulse -f values-override-permissions.yaml
-envsubst < ./values-override-permissions.yaml | \
+</source>
-helm upgrade --install "pulse-permissions-${TENANT_SID}" pe-jfrog-stage/permissions \
+If installation is successful, the exit code <tt>0</tt> appears.
-      --wait \
-      --version="${CHART_VERSION}" \
-      --namespace="${NAMESPACE}" \
-      -f -</source>
-'''Validate permissions helm chart'''
+'''Validate the permissions helm chart:'''<br/>
-<source lang="text"> source .tenant_init_variables
+Execute the following command to validate the permissions helm chart:
+<source lang="bash">kubectl get pods -n=pulse -l "app.kubernetes.io/name=permissions,app.kubernetes.io/instance=pulse-permissions-<tenant-sid>"
-oc get pods -n="${NAMESPACE}" -l "app.kubernetes.io/name=permissions,app.kubernetes.io/instance=pulse-permissions-${TENANT_SID}"</source>
+</source>
-The above command should report all <tt>pulse-permissions</tt> pods as running, for example:
+The command should report all <tt>pulse-permissions</tt> pods as running, for example:
-<source lang="text">NAME                                    READY   STATUS    RESTARTS   AGE
+<source lang="bash">
+NAME                                    READY   STATUS    RESTARTS   AGE
 pulse-permissions-100-c5ff8bb7d-jl7d7   2/2     Running   2          2d20h </source>
 |Status=No
@@ Line 875: / Line 1,620: @@
 |sectionHeading=Troubleshooting
 |alignment=Vertical
-|structuredtext='''Check init-tenant helm chart manifests'''
+|structuredtext='''Check init-tenant helm chart manifests'''<br/>
+Execute the following command to output manifest into the '''helm-template''' directory:
+<source lang="bash">helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template pulse-init-tenant-<tenant-sid> pulsehelmrepo/init-tenant -f values-override-init-tenant.yaml
+</source>
-Run to output manifest into helm-template directory:
+'''Check dcu helm chart manifests'''<br/>
-<source lang="text">source .tenant_init_variables
+Execute the following command to output the dcu Helm chart manifest into the '''helm-template''' directory:
+<source lang="bash">helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template pulse-dcu-<tenant-sid> pulsehelmrepo/dcu -f values-override-dcu.yaml
-envsubst < ./values-override-init-tenant.yaml | \
+</source>
-helm template \
-     --version="${CHART_VERSION}" \
-     --namespace="${NAMESPACE}" \
-     --debug \
-     --output-dir helm-template \
-     "${CHART_NAME_TENANT_INIT}" pe-jfrog-stage/init-tenant \
-     -f - </source>
-'''Check dcu helm chart manifests'''
-Run to output manifest into helm-template directory:
-<source lang="text">source .tenant_init_variables
-envsubst < ./values-override-dcu.yaml | \
-helm template \
-     --version="${CHART_VERSION}" \
-     --namespace="${NAMESPACE}" \
-     --debug \
-     --output-dir helm-template \
-     "pulse-dcu-${TENANT_SID}" pe-jfrog-stage/dcu \
-     -f - </source>
-'''Check lds helm chart manifests'''
-Run to output manifest into helm-template directory:
-<source lang="text">source .tenant_init_variables
-envsubst < ./values-override-lds.yaml | \
-helm template \
-     --version="${CHART_VERSION}" \
-     --namespace="${NAMESPACE}" \
-     --debug \
-     --output-dir helm-template \
-     "pulse-lds-${TENANT_SID}" pe-jfrog-stage/lds \
-     -f - </source>
-'''Check permissions helm chart manifests'''
+'''Check lds helm chart manifests'''<br/>
+Execute the following command to output the lds chart manifest into the '''helm-template''' directory:
+<source lang="bash">helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template pulse-lds-<tenant-sid> pulsehelmrepo/lds -f values-override-lds.yaml
+</source>
-Run to output manifest into helm-template directory:
+'''Check permissions Helm chart manifests'''<br/>
-<source lang="text">
+Execute the following command to output the Helm chart manifest into the '''helm-template''' directory:
-source .tenant_init_variables
+<source lang="bash">helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template pulse-permissions pulsehelmrepo/permissions -f values-override-permissions.yaml
+</source>
-envsubst < ./values-override-permissions.yaml | \
-helm template \
-     --version="${CHART_VERSION}" \
-     --namespace="${NAMESPACE}" \
-     --debug \
-     --output-dir helm-template \
-     "pulse-permissions" pe-jfrog-stage/permissions \
-     -f - </source>
 |Status=No
 }}{{Section
-|sectionHeading=Do Not Publish
+|sectionHeading=Configure security
 |alignment=Vertical
-|structuredtext=<div style="background-color: aliceblue; font-style: italic;">List any provisioning needed to deploy, run, or manage the service. For example:
+|structuredtext====Arbitrary UIDs===
+If your OpenShift deployment uses arbitrary UIDs, you must override the securityContext settings. By default, the user and group IDs are set to 500:500:500. If your deployment uses arbitrary UIDs, update the '''podSecurityContext''' section in the YAML file for each chart as discussed in {{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|topic=ConfigSecurity}}.
-*Designer: Create an Access Group specific to Designer Developer, Admin.
+|Status=No
-*Agent Setup: Create Agent Setup options to provide access to Administrator, Supervisor. or Ops.
-*Genesys Info Mart: Update the CTL_CONFIG table in the GIM DB to control ETL and DB maintenance behavior.</div>
-|Status=Yes
 }}
 |PEPageType=55cef4ff-9306-4313-8fd8-377282a38478
 }}