Difference between revisions of "GWS/Current/GWSPEGuide/DeployIngress"

From Genesys Documentation
Jump to: navigation, search
(Published)
Line 5: Line 5:
 
|ComingSoon=No
 
|ComingSoon=No
 
|Section={{Section
 
|Section={{Section
|sectionHeading=
 
|alignment=Vertical
 
|structuredtext=<!-- Any addition info from '''GAPI-28154'''  (All required properties for ingress need to be documented)? Also, should we say what is GWS Ingress and what it is used/needed for?-->
 
|Status=Yes
 
}}{{Section
 
 
|sectionHeading=Prerequisites
 
|sectionHeading=Prerequisites
 +
|anchor=prerequisites
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=GWS project must be created and 'gws-services' must be installed.
+
|structuredtext=Before you deploy GWS Ingress, you must first {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Deploy}}.
 
|Status=No
 
|Status=No
 
}}{{Section
 
}}{{Section
|sectionHeading=Installation Steps
+
|sectionHeading=Deploy
 +
|anchor=deploy
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=*Use project gws
+
|structuredtext=To deploy GWS Ingress, you need the GWS Ingress Helm package and override file. Copy '''values.yaml''' and the Helm package ('''gws-ingress-<version>.tgz''') to the installation location.
  
 +
For OpenShift, select the '''gws''' project you created in {{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=Deploy|anchor=OpenShift|display text=Prepare your environment}}:
 
  oc project gws
 
  oc project gws
 +
Run the following command to deploy GWS ingress:
 +
helm upgrade --install gws-ingress helm-staging/gws-ingress --version=<version> -n gws -f ./override.gws-ingress.values.yaml -f ./versions.yaml
 +
|Status=No
 +
}}{{Section
 +
|sectionHeading=Configure external access
 +
|anchor=https
 +
|alignment=Vertical
 +
|structuredtext=Follow the instructions for either OpenShift or GKE to configure external access to GWS ingress.
  
*Credential mapping to default service account
+
===Create routes in OpenShift===
  
oc adm policy add-scc-to-user genesys-restricted -z default-restricted -n gws
+
Genesys recommends using the following hostname format: <code>gws.<cluster-subdomain></code>. For example, the VCE cluster (<nowiki>https://console-openshift-console.apps</nowiki>.<yourclusterdomain>.com/) should have the hostname '''gws.<yourclusterdomain>.com'''
  
*Download the gws-ingress helm charts from following repo
+
oc create route edge --service=gws-service-proxy --hostname=<hostname>
 +
{{AnchorDiv|GKEingress}}
 +
===Provision ingresses for GKE===
 +
After deploying, make Genesys Web Services services accessible from outside the GKE cluster using the NGINX Ingress Controller.
  
  <nowiki>https://pureengage.jfrog.io/ui/packages/helm:%2F%2Fgws-ingress?name=gws&type=packages</nowiki>
+
Create a JSON file called '''gauth-ingress.yaml''' with the content below. '''Note:''' Replace '''gws.<domain>''' and '''gauth.<domain>''' with your GWS and Genesys Authentication domains, such as <code>gws.test.dev</code>.<syntaxhighlight>
 +
apiVersion: extensions/v1beta1
 +
kind: Ingress
 +
metadata:
 +
  name: gauth-gws-ingress
 +
  namespace: gauth
 +
  annotations:
 +
    # add an annotation indicating the issuer to use.
 +
    cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
 +
    # Custom annotations for NGINX Ingress Controller
 +
    kubernetes.io/ingress.class: "nginx"
 +
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
 +
    nginx.ingress.kubernetes.io/use-regex: "true"
 +
spec:
 +
  rules:
 +
  - host: gws.<domain> - e.g. gws.test.dev
 +
    http:
 +
      paths:
 +
        - path: /ui/auth/.*
 +
          backend:
 +
            serviceName:  gauth-auth-ui
 +
            servicePort: 80
 +
        - path: /auth/.*
 +
          backend:
 +
            serviceName: gauth-auth
 +
            servicePort: 80
 +
        - path: /environment/.*
 +
          backend:
 +
            serviceName:  gauth-environment
 +
            servicePort: 80
 +
  tls:
 +
  - hosts:
 +
    - gws.<domain> - e.g. gws.test.dev
 +
    secretName: gauth-gws-ingress-cert
 +
---
 +
apiVersion: extensions/v1beta1
 +
kind: Ingress
 +
metadata:
 +
  name: gauth-gauth-ingress
 +
  namespace: gauth
 +
  annotations:
 +
    # add an annotation indicating the issuer to use.
 +
    cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
 +
    # Custom annotations for NGINX Ingress Controller
 +
    kubernetes.io/ingress.class: "nginx"
 +
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
 +
    nginx.ingress.kubernetes.io/use-regex: "true"
 +
spec:
 +
  rules:
 +
  - host: gauth.<domain> - e.g. gauth.test.dev
 +
    http:
 +
      paths:
 +
        - path: /ui/auth/.*
 +
          backend:
 +
            serviceName:  gauth-auth-ui
 +
            servicePort: 80
 +
        - path: /auth/.*
 +
          backend:
 +
            serviceName:  gauth-auth
 +
            servicePort: 80
 +
 +
        - path: /environment/.*
 +
          backend:
 +
            serviceName:  gauth-environment
 +
            servicePort: 80
 +
  tls:
 +
  - hosts:
 +
    - gauth.<domain> - e.g. gauth.test.dev
 +
    secretName: gauth-gauth-ingress-cert
 +
</syntaxhighlight>Create ingresses with the following command:<syntaxhighlight>
 +
kubectl apply -f gauth-ingress.yaml -n gws
 +
</syntaxhighlight>
 +
|Status=No
 +
}}{{Section
 +
|sectionHeading=Validate the deployment
 +
|alignment=Vertical
 +
|structuredtext=First, check that the pod is running:
  
*Create Secret for consul token
+
kubectl get pod
  
oc create secret generic gws-secrets-green -n gws --from-literal='gws-consul-token=<token-from-consul>'
+
The result should show that gws-service-proxy is running. For example:
  
*Copy the values.yaml file from the gws-ingress folder and update the value for Host parameters:
+
gws-service-proxy-d5997957f-m4kcg 1/1 Running 0 4d13h
  
REGISTRY: pureengage-docker-staging.jfrog.io/gws
+
Check the service:<syntaxhighlight>
entryPoints:
+
kubectl get svc
  internal:
+
</syntaxhighlight>The result should display the service name, gws-service-proxy. For example:
    service:
 
      type: LoadBalancer
 
      annotations: {}
 
    ingress:
 
      path: /
 
      annotations: {}
 
      tlsEnable: false
 
      secretName: gws-secret-int
 
      hostName: gws01-int.yourclusterdomain.com  -------------------------------- http internal end point for accessing GWS APIs
 
  internalTest:
 
    service:
 
      type: LoadBalancer
 
      annotations: {}
 
    ingress:
 
      path: /
 
      annotations: {}
 
      tlsEnable: false
 
      secretName: gws-secret-int
 
      hostName: gws01-test.yourclusterdomain.com  -------------------------------- http test end point for accessing GWS APIs
 
     
 
  external:
 
    service:
 
      type: ClusterIP
 
      annotations: {}
 
        #service.beta.kubernetes.io/aws-load-balancer-internal: "true"
 
        #service.beta.kubernetes.io/aws-load-balancer-type: nlb
 
    ingress:
 
      path: /
 
      annotations: {}
 
      tlsEnable: false
 
      secretName: gws-secret-ext
 
      hostName: gws01.yourclusterdomain.com              -------------------------------- http end point for accessing GWS APIs
 
      hostNameTemp: gws-temp.yourclusterdomain.com      -------------------------------- http test end point for accessing GWS
 
 
  externalTest:
 
    service:
 
      type: ClusterIP
 
      annotations: {}
 
        #service.beta.kubernetes.io/aws-load-balancer-internal: "true"
 
        #service.beta.kubernetes.io/aws-load-balancer-type: nlb
 
    ingress:
 
      path: /
 
      annotations: {}
 
        #appgw.ingress.kubernetes.io/connection-draining: "true"
 
        #appgw.ingress.kubernetes.io/connection-draining-timeout: "30"
 
        #appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
 
        #appgw.ingress.kubernetes.io/ssl-redirect: "false"
 
        #cert-manager.io/cluster-issuer: letsencrypt-prod
 
        #ingress.kubernetes.io/ssl-redirect: "false"
 
        #kubernetes.io/ingress.class: azure/application-gateway
 
      tlsEnable: false
 
      secretName: gws-secret-ext
 
      hostName: gws.apps.yourclusterdomain.com  -------------------------------- http end point for accessing GWS
 
 
Version Details:
 
gws-system-nginx: 9.0.000.14
 
Copy the above file and the gws-ingress helm package to the installation location.
 
  
*Install gws-ingress
+
gws-service-proxy ClusterIP 10.202.55.20 <none> 80/TCP,81/TCP,85/TCP,86/TCP 4d13h
  
helm install gws-ingress ./gws-ingress-0.2.7.tgz -f values.yaml
+
Check the '''gws-ingress''' status:
|Status=No
+
helm status gws-ingress -n gws
}}{{Section
 
|sectionHeading=Test Installation
 
|alignment=Vertical
 
|structuredtext=To check the ingress installation, run the following commands:
 
  
*Check the pod
+
The result should show the namespace details with a status of deployed:
  
oc get pod
+
<syntaxhighlight>NAME: gws-ingress
 +
LAST DEPLOYED: Fri Sep 17 11:54:31 2021
 +
NAMESPACE: gws
 +
STATUS: deployed
 +
REVISION: 1
 +
TEST SUITE: None</syntaxhighlight>
  
It should return gws-service-proxy and the status should be running. Example:
+
Check the installed Helm release:
 +
helm list –n gws
  
gws-service-proxy-d5997957f-m4kcg 1/1 Running 0 4d13h
+
The result should show the '''gws-services''' and '''gws-ingress''' deployment details. For example:
 +
<syntaxhighlight>
  
*Check the service
+
NAME            NAMESPACE    REVISION    UPDATED                                STATUS      CHART                  APP VERSION
  
oc get svc
+
gws-ingress    gws          1          2021-09-17 11:54:31.339091 -0300 ADT    deployed    gws-ingress-0.2.7      1.0     
The result should display the service name. Example:
 
  
y ClusterIP 10.202.55.20 <none> 80/TCP,81/TCP,85/TCP,86/TCP 4d13h
+
gws-services    gws          1          2021-09-17 11:43:50.0692273 -0300 ADT  deployed    gws-services-1.0.55   1.0
|Status=No
+
</syntaxhighlight>
}}{{Section
+
Check the GWS Kubernetes objects created by Helm:
|sectionHeading=Create HTTPS Routes
+
kubectl get all -n gws
|alignment=Vertical
+
The result should show all the created pods, services, ConfigMaps, and so on.
|structuredtext=Run the following command to create https routes to access externally:
 
  
The recommended Hostname format is gws.<cluster-subdomain>. For example, VCE cluster '''('''<nowiki>https://console-openshift-console.yourclusterdomain.com/</nowiki>), the host name should be gws.yourclusterdomain.com
+
{{Editgrn open}}JM: Will the step below work if you haven't completed the deployment for Workspace Web Edition? That deployment is documented separately here: {{Link-AnywhereElse|product=PEC-AD|version=Current|manual=WWEPEGuide}}{{Editgrn close}}
  
oc create route edge --service=gws-service-proxy --hostname=<hostname>
+
Finally, verify that you can now access Workspace Web Edition at the following URL: <nowiki>https://<hostname>/ui/wwe/index.html</nowiki>
 
|Status=No
 
|Status=No
 
}}{{Section
 
}}{{Section
|sectionHeading=Test Routes
+
|sectionHeading=Next steps
 +
|anchor=next
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=Access the following URL in a browser. It should navigate you to the login page.
+
|structuredtext=*{{Link-SomewhereInThisVersion|manual=GWSPEGuide|topic=ProvisionAS}}
 
 
https://<hostname>/ui/wwe/index.html
 
 
|Status=No
 
|Status=No
 
}}
 
}}
 
}}
 
}}

Revision as of 20:55, October 29, 2021

This topic is part of the manual Genesys Web Services and Applications Private Edition Guide for version Current of Genesys Web Services and Applications.

Learn how to deploy GWS Ingress.

Prerequisites

Before you deploy GWS Ingress, you must first Deploy GWS Services.

Deploy

To deploy GWS Ingress, you need the GWS Ingress Helm package and override file. Copy values.yaml and the Helm package (gws-ingress-<version>.tgz) to the installation location.

For OpenShift, select the gws project you created in Prepare your environment: 

oc project gws

Run the following command to deploy GWS ingress: 

helm upgrade --install gws-ingress helm-staging/gws-ingress --version=<version> -n gws -f ./override.gws-ingress.values.yaml -f ./versions.yaml

Configure external access

Follow the instructions for either OpenShift or GKE to configure external access to GWS ingress.

Create routes in OpenShift

Genesys recommends using the following hostname format: gws.<cluster-subdomain>. For example, the VCE cluster (https://console-openshift-console.apps.<yourclusterdomain>.com/) should have the hostname gws.<yourclusterdomain>.com 

oc create route edge --service=gws-service-proxy --hostname=<hostname>

Provision ingresses for GKE

After deploying, make Genesys Web Services services accessible from outside the GKE cluster using the NGINX Ingress Controller.

Create a JSON file called gauth-ingress.yaml with the content below. Note: Replace gws.<domain> and gauth.<domain> with your GWS and Genesys Authentication domains, such as gws.test.dev.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: gauth-gws-ingress
  namespace: gauth
  annotations:
    # add an annotation indicating the issuer to use.
    cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
    # Custom annotations for NGINX Ingress Controller
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
spec:
  rules:
  - host: gws.<domain> - e.g. gws.test.dev
    http:
      paths:
        - path: /ui/auth/.*
          backend:
            serviceName:  gauth-auth-ui
            servicePort: 80
        - path: /auth/.*
          backend:
            serviceName:  gauth-auth
            servicePort: 80
        - path: /environment/.*
          backend:
            serviceName:  gauth-environment
            servicePort: 80
  tls:
  - hosts:
    - gws.<domain> - e.g. gws.test.dev
    secretName: gauth-gws-ingress-cert
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: gauth-gauth-ingress
  namespace: gauth
  annotations:
    # add an annotation indicating the issuer to use.
    cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
    # Custom annotations for NGINX Ingress Controller
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
spec:
  rules:
  - host: gauth.<domain> - e.g. gauth.test.dev
    http:
      paths:
        - path: /ui/auth/.*
          backend:
            serviceName:  gauth-auth-ui
            servicePort: 80
        - path: /auth/.*
          backend:
            serviceName:  gauth-auth
            servicePort: 80
 
        - path: /environment/.*
          backend:
            serviceName:  gauth-environment
            servicePort: 80
  tls:
  - hosts:
    - gauth.<domain> - e.g. gauth.test.dev
    secretName: gauth-gauth-ingress-cert
Create ingresses with the following command:
kubectl apply -f gauth-ingress.yaml -n gws

Validate the deployment

First, check that the pod is running: 

kubectl get pod

The result should show that gws-service-proxy is running. For example: 

gws-service-proxy-d5997957f-m4kcg 1/1 Running 0 4d13h
Check the service:
kubectl get svc
The result should display the service name, gws-service-proxy. For example: 
gws-service-proxy ClusterIP 10.202.55.20 <none> 80/TCP,81/TCP,85/TCP,86/TCP 4d13h

Check the gws-ingress status: 

helm status gws-ingress -n gws

The result should show the namespace details with a status of deployed: 

NAME: gws-ingress
LAST DEPLOYED: Fri Sep 17 11:54:31 2021
NAMESPACE: gws
STATUS: deployed
REVISION: 1
TEST SUITE: None

Check the installed Helm release: 

helm list –n gws

The result should show the gws-services and gws-ingress deployment details. For example: 

NAME            NAMESPACE    REVISION    UPDATED                                 STATUS       CHART                  APP VERSION

gws-ingress     gws          1           2021-09-17 11:54:31.339091 -0300 ADT    deployed     gws-ingress-0.2.7      1.0       

gws-services    gws          1           2021-09-17 11:43:50.0692273 -0300 ADT   deployed     gws-services-1.0.55    1.0

Check the GWS Kubernetes objects created by Helm: 

kubectl get all -n gws

The result should show all the created pods, services, ConfigMaps, and so on.

JM: Will the step below work if you haven't completed the deployment for Workspace Web Edition? That deployment is documented separately here: Workspace Web Edition Private Edition Guide

Finally, verify that you can now access Workspace Web Edition at the following URL: https://<hostname>/ui/wwe/index.html

Next steps

Retrieved from "https://all.docs.genesys.com/GWS/Current/GWSPEGuide/DeployIngress (2025-06-19 06:47:34)"
Comments or questions about this documentation? Contact us for support!