Difference between revisions of "PEC-REP/Current/GIMPEGuide/ConfigureGCA"

From Genesys Documentation
Jump to: navigation, search
(Published)
 
(Published)
Line 7: Line 7:
 
|sectionHeading=Override Helm chart values
 
|sectionHeading=Override Helm chart values
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=Download the gca and gca-monitor Helm charts from JFrog using your credentials. You must override certain parameters in the '''gca-values.yaml''' file to provide deployment-specific values for certain parameters.
+
|structuredtext=Download the gca and gca-monitor Helm charts from JFrog using your credentials. You must override certain parameters in the '''values.yaml''' file (referred to on this page as the '''gca-values.yaml''' file) to provide deployment-specific values for certain parameters.
  
 
For general information about overriding Helm chart values, see {{SuiteLevelLink|helmoverride}} in the ''{{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|display text=Genesys Engage Cloud Private Edition Guide}}''.
 
For general information about overriding Helm chart values, see {{SuiteLevelLink|helmoverride}} in the ''{{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|display text=Genesys Engage Cloud Private Edition Guide}}''.
  
Override the following key entries in the '''gca-values.yaml''' file:
+
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the '''gca-values.yaml''' file, so that no user or group IDs are specified. For details, see [[{{FULLPAGENAME}}#Security|Configure security]], below.
 +
 
 +
At a minimum, you must override the following key entries in the '''gca-values.yaml''' file:
  
 
*<tt>tag</tt> - the container image version
 
*<tt>tag</tt> - the container image version
Line 21: Line 23:
 
*<tt>s3</tt> - the applicable s3 details defined with the OBC for GSP (see {{Link-SomewhereInThisVersion|manual=GIMPEGuide|topic=ConfigureGSP|anchor=S3Data|display text=Get S3 data}}).
 
*<tt>s3</tt> - the applicable s3 details defined with the OBC for GSP (see {{Link-SomewhereInThisVersion|manual=GIMPEGuide|topic=ConfigureGSP|anchor=S3Data|display text=Get S3 data}}).
 
====The gca-values.yaml file====
 
====The gca-values.yaml file====
 +
The following sample '''gca-values.yaml''' file, which may not be completely up to date, shows the key parameter values you must override.
 
<source lang="bash">log_level: INFO
 
<source lang="bash">log_level: INFO
 
tenant_id: shared
 
tenant_id: shared
Line 98: Line 101:
 
}}{{Section
 
}}{{Section
 
|sectionHeading=Configure security
 
|sectionHeading=Configure security
 +
|anchor=Security
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=Not applicable.
+
|structuredtext=The security context settings define the privilege and access control settings for pods and containers.
 +
 
 +
By default, the user and group IDs are set in the '''gca-values.yaml''' file as <tt>500:500:500</tt>, meaning the '''genesys''' user.
 +
<source lang="bash">
 +
securityContext:
 +
  runAsNonRoot: true
 +
  runAsUser: 500
 +
  runAsGroup: 500
 +
  fsGroup: 500
 +
 
 +
containerSecurityContext: {}
 +
</source>
 +
===Arbitrary UIDs in OpenShift===
 +
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the '''gca-values.yaml''' file, so that you do not define any specific IDs.
 +
<source lang="bash">
 +
securityContext:
 +
  runAsNonRoot: true
 +
  runAsUser: null
 +
  runAsGroup: 0
 +
  fsGroup: null
 +
 
 +
containerSecurityContext: {}
 +
</source>
 
|Status=No
 
|Status=No
 
}}
 
}}
 
|PEPageType=9c3ae89b-4f75-495b-85f8-d8c4afcb3f97
 
|PEPageType=9c3ae89b-4f75-495b-85f8-d8c4afcb3f97
 
}}
 
}}

Revision as of 13:31, September 15, 2021

This topic is part of the manual Genesys Info Mart Private Edition Guide for version Current of Reporting.

Learn how to configure GIM Config Adapter (GCA).

Override Helm chart values

Download the gca and gca-monitor Helm charts from JFrog using your credentials. You must override certain parameters in the values.yaml file (referred to on this page as the gca-values.yaml file) to provide deployment-specific values for certain parameters.

For general information about overriding Helm chart values, see Overriding Helm chart values in the Genesys Engage Cloud Private Edition Guide.

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the gca-values.yaml file, so that no user or group IDs are specified. For details, see Configure security, below.

At a minimum, you must override the following key entries in the gca-values.yaml file:

  • tag - the container image version
  • tenant_id - the TenantID of the tenant in use
  • tenant_uuid - the TenantUUID that matches the TenantID.
  • cfgdb - the tenant configuration database
  • bootstrap - the Kafka address to align with the infrastructure Kafka
  • NODE_EXTRA_CA_CERTS - points to the self-signed OpenShift service CA. This is the default path.
  • s3 - the applicable s3 details defined with the OBC for GSP (see Get S3 data).

The gca-values.yaml file

The following sample gca-values.yaml file, which may not be completely up to date, shows the key parameter values you must override. 

log_level: INFO
tenant_id: shared
tenant_uuid: 9350e2fc-a1dd-4c65-8d40-1f75a2e080dd
image:
  registry: pureengage-docker-staging.jfrog.io
  repository: gim/gca
  pullPolicy: IfNotPresent
  tag: <image-version>
imagePullSecrets:
  pureengage-docker-dev: {}
  pureengage-docker-staging: {}
  jfrog-stage-credentials: {}
  
cfgdb:
  name: '<tenant-db-name>'
  engine: postgre
  port: 5432
  host: 'postgres-rw.infra.svc.cluster.local'
  username: '<db-user>'
  password: '<db-password>'
kafka:
  bootstrap: 'infra-kafka-cp-kafka.infra.svc.cluster.local:9092'
  security:
    protocol: plaintext
  sasl:
    mechanism: PLAIN
extraEnv: |
  - name: SNAPSHOT_STORAGE_PATH
    value: "/tmp"
  - name: NODE_EXTRA_CA_CERTS
    value: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
#extraVolumeMounts: ''
volumes: |
  - name: kafka-secrets
    secret:
      secretName: {{.Release.Name}}-kafka-secrets
  - name: cfg-db-secrets
    secret:
      secretName: {{.Release.Name}}-cfgdb-secrets
  - name: storage-account-secrets
    secret:
       secretName: {{ .Release.Name }}-storage-secret
ssl_db_connection: false
dnsConfig:
  options:
  - name: ndots
    value: '3'
csi_enabled: false
tolerations: []
resources:
  requests:
    memory: 64Mi
    cpu: '0.01'
  limits:
    memory: 4000Mi
    cpu: '1'
storage:
  wasb:
    url: ''
    account_name: ''
    access_key: ''
  s3:
    bucket: '<bucket-name>'
    gcaSnapshots: '/gca'
    accessKey: '<access-key>'
    secretKey: '<secret-key>'
    useSSL: true
    endPoint: '<bucket-host>'
    port: <bucket-port>

Configure Kubernetes

Content coming soon

Configure security

The security context settings define the privilege and access control settings for pods and containers.

By default, the user and group IDs are set in the gca-values.yaml file as 500:500:500, meaning the genesys user. 

securityContext:
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
  fsGroup: 500

containerSecurityContext: {}

Arbitrary UIDs in OpenShift

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the gca-values.yaml file, so that you do not define any specific IDs. 

securityContext:
  runAsNonRoot: true
  runAsUser: null
  runAsGroup: 0
  fsGroup: null

containerSecurityContext: {}
Retrieved from "https://all.docs.genesys.com/PEC-REP/Current/GIMPEGuide/ConfigureGCA (2025-07-21 23:41:47)"
Comments or questions about this documentation? Contact us for support!