Difference between revisions of "PEC-REP/Current/PulsePEGuide/Configure"

Revision as of 19:51, November 1, 2021

This topic is part of the manual Genesys Pulse Private Edition Guide for version Current of Reporting.

1 Prerequisites
- 1.1 Single namespace
2 Deployment
- 2.1 init Helm chart
- 2.2 Install pulse Helm chart
3 Validation
- 3.1 Check logs for error
- 3.2 Health validation
4 Troubleshooting
- 4.1 Check init Helm manifests
- 4.2 Check Pulse Helm manifests
5 Override Helm chart values
6 Configure Kubernetes
7 Configure security
- 7.1 Arbitrary UIDs

Learn how to configure Genesys Pulse.

Prerequisites

Please complete Before you begin instructions.

Information you will need:

Versions:
- <image-version> = 100.0.000.0005
- <chart-versions>= 100.0.000.+0005
K8S namespace pulse
Project Name pulse
Postgres credentials
- <db-host>
- <db-port>
- <db-name>
- <db-user>
- <db-user-password>
- <db-ssl-mode>
Docker credentials
- <docker-registry>
- <docker-registry-secret-name>
Redis credentials
- <redis-host>
- <redis-port>
- <redis-password>
- <redis-enable-ssl>
Tenant service variables
- <tenant-uuid>
- <tenant-sid>
- <tenant-name>
- <tenant-dcu>
GAuth/GWS service variables
- <gauth-url-external>
- <gauth-url-internal>
- <gauth-client-id>
- <gauth-client-secret>
- <gws-url-external>
- <gws-url-internal>
Storage class:
- <pv-storage-class-rw-many>
Pulse:
- <pulse-host>

Single namespace

If you plan to deploy into the Single Namespace (OpenShift software-defined networking [SDN] with multi-tenant mode, where namespaces are network isolated), ensure that your environment meets the following requirements for inputs:

Backend services deployed into the single namespace must include the string pulse:
```
     <db-host>

     <db-name>

     <redis-host>
```
The hostname used for Ingress must be unique, and must include the string pulse:
```
     <pulse-host>
```
Internal service-to-service traffic must use the service endpoints, rather than the Ingress:
```
     <gauth-url-internal>

     <gws-url-internal>
```

Deployment

init Helm chart

This chart is used to initialize the shared PostgreSQL datbase.

Get init Helm chart

helm repo update
helm search repo pulsehelmrepo/init

Prepare override-init file

Create a file with the following content, entering appropriate values where indicated, and save the file as values-override-init.yaml:

# Default values for init.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
image:
  tag: "<image-version>"
  pullPolicy: IfNotPresent
  registry: "<docker-registry>"
  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 
# tenant identification, or empty for shared deployment
tenants:
  - id:   "<tenant-uuid>"
    name: "<tenant-name>"
    key:  "<tenant-sid>"
    dcu:  "<tenant-dcu>"
 
# common configuration.
config:
  # set "true" to create config maps
  createConfigMap: true
  # set "true" to create secrets
  createSecret: true
 
  # Postgres config - fill when createConfigMap: true
  # Postgres config map name
  postgresConfig: "pulse-postgres-configmap"
  # Postgres hostname
  postgresHost: "<postgres-hostname>"
  # Postgres port
  postgresPort: "<postgres-port>"
  # Postgres SSL mode
  postgresEnableSSL: "<postgres-ssl-mode>"
 
  # Postgres secret config - fill when createSecret: true
  # Postgres User
  postgresUser: "<postgres-user>"
  # Postgres Password
  postgresPassword: "<postgres-password>"
  # Secret name for postgres
  postgresSecret: "pulse-postgres-secret"
  # Secret key for postgres user
  postgresSecretUser: "META_DB_ADMIN"
  # Secret key for postgres  password
  postgresSecretPassword: "META_DB_ADMINPWD"
   
  # Redis config - fill when createConfigMap: true
  # Redis config map name
  redisConfig: "pulse-redis-configmap"
  # Redis host
  redisHost: "<redis-hostname>"
  # Redis port
  redisPort: "<redis-port>"
  # Redis SSL enabled
  redisEnableSSL: "false"
 
  # Redis secret config - fill when createSecret: true
  # Password for Redis
  redisKey: "<redis-key>"
  # Secret name for Redis
  redisSecret: "pulse-redis-secret"
  # Secret key for Redis password
  redisSecretKey: "REDIS01_KEY"
   
  # GWS secret config - fill when createSecret: true
  # Client ID
  gwsClientId: "<gws-client-id>"
  # Client Secret
  gwsClientSecret: "<gws-client-secret>"
  # Secret name
  gwsSecret: "pulse-gws-secret"
  # Secret key for Client ID
  gwsSecretClientId: "clientId"
  # Secret key for Client Secret
  gwsSecretClientSecret: "clientSecret"
 
  # fill database name
  dbName: "<db-name>"
  # set "true" when need @host added for username
  dbUserWithHost: true
  # set "true" for CSI secrets
  mountSecrets: false
 
## Service account settings
serviceAccount:
  # Specifies whether a service account should be created
  create: false
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 
## Add annotations to all pods
##
podAnnotations: {}
 
## Specifies the security context for all Pods in the service
##
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
  fsGroup: 0
 
## Resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
  limits:
    memory: 256Mi
    cpu: 200m
  requests:
    memory: 128Mi
    cpu: 100m
 
## Priority Class
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
 
## Node labels for assignment.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
 
## Tolerations for assignment.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []

Install init Helm chart

Run:

helm upgrade --install pulse-init pulsehelmrepo/init --wait --wait-for-jobs --version=<chart-version> --namespace=pulse -f values-override-init.yaml

Command will finish with exit code 0 if installation is successful.

Validate init Helm chart

Execute the following command to validate Helm chart initialization. Pulse-init job should have a Status of Completed:

oc get pods -n=pulse -l "app.kubernetes.io/name=init,app.kubernetes.io/instance=pulse-init"
NAME                   READY   STATUS      RESTARTS   AGE
pulse-init-job-5669c   0/1     Completed   0          79m

Install pulse Helm chart

This chart is used for install shared part.

Get pulse Helm chart

helm repo update
helm search repo pulsehelmrepo/pulse

Prepare override-pulse file

Create a file with the following content, entering appropriate values where indicated, and save the file as values-override-pulse.yaml:

# Default values for pulse.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
 
image:
  tag: "<image-version>"
  pullPolicy: IfNotPresent
  registry: "<docker-registry>"
  imagePullSecrets: [name: "<docker-registry-secret-name>"]
 
replicaCount: 2
 
# common configuration.
config:
  dbName: "<db-name>"
  # set "true" when need @host added for username
  dbUserWithHost: true
  # set "true" for CSI secrets
  mountSecrets: false
  # Postgres config map name
  postgresConfig: "pulse-postgres-configmap"
  # Postgres secret name
  postgresSecret: "pulse-postgres-secret"
  # Postgres secret key for user
  postgresSecretUser: "META_DB_ADMIN"
  # Postgres secret key for password
  postgresSecretPassword: "META_DB_ADMINPWD"
  # Redis config map name
  redisConfig: "pulse-redis-configmap"
  # Redis secret name
  redisSecret: "pulse-redis-secret"
  # Redis secret key for access key
  redisSecretKey: "REDIS01_KEY"
  # GAuth secret name
  gwsSecret: "pulse-gws-secret"
  # GAuth secret key for client_id
  gwsSecretClientId: "clientId"
  # GAuth secret key for client_secret
  gwsSecretClientSecret: "clientSecret"
 
# monitoring settings
monitoring:
  # enable the Prometheus metrics endpoint
  enabled: false
  # port is <options.managementPort>
  # HTTP path is <options.managementContext><options.prometheusEndpoint>
  # additional annotations required for monitoring PODs
  # you can reference values of other variables as {{.Values.variable.full.name}}
  podAnnotations: {}
    # prometheus.io/scrape: "true"
    # prometheus.io/port: "{{.Values.options.managementPort}}"
    # prometheus.io/path: "{{.Values.options.managementContext}}{{.Values.options.prometheusEndpoint}}"
  serviceMonitor:
    # enables ServiceMonitor creation
    enabled: false
    # interval at which metrics should be scraped
    scrapeInterval: 30s
    # timeout after which the scrape is ended
    scrapeTimeout:
    # namespace of the ServiceMonitor, defaults to the namespace of the service
    namespace:
    additionalLabels: {}
 
# common log configuration
log:
  # target directory where log will be stored, leave empty for default
  logDir: ""
  # path where volume will be mounted
  volumeMountPath: /data/log
  # log volume type: none | hostpath | pvc
  volumeType: pvc
  # log volume hostpath, used with volumeType "hostpath"
  volumeHostPath: /mnt/log
  # log PVC parameters, used with volumeType "pvc"
  pvc:
    name: pulse-logs
    accessModes:
      - ReadWriteMany
    capacity: 10Gi
    class: <pv-storage-class-rw-many>
 
# application options
options:
  authUrl: "https://<gauth-url-external>"
  authUrlInt: "http://<gauth-url-internal>"
  gwsUrl: "https://<gws-url-external>"
  gwsUrlInt: "http://<gws-url-internal>"
 
## Service account settings
serviceAccount:
  # Specifies whether a service account should be created
  create: false
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 
## Add annotations to all pods
##
podAnnotations: {}
 
## Add labels to all pods
##
podLabels: {}
 
## Specifies the security context for all Pods in the service
##
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
  fsGroup: 0
 
## Ingress configuration
ingress:
  enabled: true
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    ## recommended to increase proxy-body-size size
    # nginx.ingress.kubernetes.io/proxy-body-size: 5m
  hosts:
    - host: "<pulse-host>"
      paths: [/]
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 
gateway:
  enabled: false
 
## Resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
  limits:
    memory: 4Gi
    cpu: 1
  requests:
    memory: 650Mi
    cpu: 100m
 
## HPA Settings
## Not supported in this release!
hpa:
  enabled: false
 
## Priority Class
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
 
## Node labels for assignment.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
 
## Tolerations for assignment.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
 
## Pod Disruption Budget Settings
podDisruptionBudget:
  enabled: false
 
## Affinity for assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
 
# control network policies
networkPolicies:
  enabled: false

Install pulse Helm chart

Run:

helm upgrade --install pulse pulsehelmrepo/pulse --wait --version=<chart-version>  --namespace=pulse -f values-override-pulse.yaml

Command will finish with exit code 0 if installation is successful.

Validate pulse Helm chart

Execute the following command to kist all running Pulse pods:

oc get pods -n=pulse -l "app.kubernetes.io/name=pulse,app.kubernetes.io/instance=pulse"
NAME                     READY   STATUS    RESTARTS   AGE
pulse-648b9d6666-f5d84   1/1     Running   0          22m
pulse-648b9d6666-kqhs6   1/1     Running   0          68m

Validation

Use the following procedures to validate the deployment.

Check logs for error

Execute the following command to check the log files:
```
oc get pods
os logs <pulse-pod-id>
```
Where: <pulse-pod-id> is the pod identifier.

Health validation

Execute the following command to download the health vladiation metrics:
GET /actuator/metrics/pulse.health.all

Open two console windows, and execute the following commands:

Console 1:

oc get pods --namespace pulse -l "app.kubernetes.io/name=pulse,app.kubernetes.io/instance=pulse" -o jsonpath="{.items[0].metadata.name}"
oc --namespace pulse port-forward <pod-name> 8090:8090

Console 2:

curl -X GET http://127.0.0.1:8090/actuator/metrics/pulse.health.all       -H 'Content-Type: application/json'

If Pulse is running correctly and can connect to Redis and PostgreSQL, the following is returned:

http response is 200

json response has measurements.statistic.value of 1.0, for example:

{
  "name": "pulse.health.all",
  "description": "Provides overall application status",
  "baseUnit": "Boolean",
  "measurements": [
    {
      "statistic": "VALUE",
      "value": 1
    }
  ],
  "availableTags": [
    {
      "tag": "deployment.code",
      "values": [
        "pulse"
      ]
    },
    {
      "tag": "application.name",
      "values": [
        "pulse"
      ]
    }
  ]
}

Troubleshooting

Use the following procedures to troubleshoot problems with the deployment.

Check init Helm manifests

Execute the following command to output init Helm manifest files into the helm-template directory:

helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template init pulsehelmrepo/init -f values-override-init.yaml.yaml

Where: <chart-version> is the Helm chart version.

Check Pulse Helm manifests

Execute the following command to output Pulse Helm manifest files into the helm-template directory:

helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template pulse pulsehelmrepo/pulse -f values-override-pulse.yaml

Where: <chart-version> is the Helm chart version.

Override Helm chart values

For more information about overriding Helm chart values, see the the "suite-level" documentation:Overriding Helm chart values.

Link to the "suite-level" documentation about how to override Helm chart values: Overriding Helm chart values If there are multiple YAML files (for example, one for each container if your service has multiple containers), you could use a table for each file or use a single table with an extra column for the file name. If the parameter is related to a feature documented elsewhere, you can include a link in the Description column. For example, descriptions for logging setting can link to the Logging page.

Note: We are still working on an approach to handle documentation for Helm chart values, so please leave this section until the end.


Parameter	Description	Default	Valid values
service.port	Designer service to be exposed.	8888	A valid port.
...

Configure security

Arbitrary UIDs

If your OpenShift deployment uses arbitrary UIDs, you must override the securityContext settings. By default, the user and group IDs are set to 500:500:500. If your deployment uses arbitrary UIDs, update the podSecurityContext section in the YAML file for each chart as follows; do not define any specific IDs:

podSecurityContext: 
  runAsNonRoot: true
  runAsUser: null
  runAsGroup: null
  fsGroup: null

Genesys Pulse Private Edition Guide

Overview

Configure and deploy

Upgrade, roll back, or uninstall

Observability

Difference between revisions of "PEC-REP/Current/PulsePEGuide/Configure"

Revision as of 19:51, November 1, 2021

Contents

Prerequisites

Single namespace

Deployment

init Helm chart

Get init Helm chart

Prepare override-init file

Install init Helm chart

Validate init Helm chart

Install pulse Helm chart

Get pulse Helm chart

Prepare override-pulse file

Install pulse Helm chart

Validate pulse Helm chart

Validation

Check logs for error

Health validation

Troubleshooting

Check init Helm manifests

Check Pulse Helm manifests

Override Helm chart values

Configure Kubernetes

Configure security

Arbitrary UIDs

@@ Line 12: / Line 12: @@
 *Versions:
-**<image-version> = 9.0.100.10
+**<image-version> = 100.0.000.0005
-**<chart-versions>= 9.0.100+10
+**<chart-versions>= 100.0.000.+0005
-*K8S namespace <namespace> (e.g. 'pulse')
+*K8S namespace pulse
-*Project Name <project-name> (e.g. 'pulse')
+*Project Name pulse
 *Postgres credentials
 **<db-host>
 **<db-port>
-**<db-port-internal>
 **<db-name>
 **<db-user>
 **<db-user-password>
-**<db-superuser>
-**<db-superuser-password>
 **<db-ssl-mode>
 *Docker credentials
-**<docker-email>
+**<docker-registry>
-**<docker-password>
+**<docker-registry-secret-name>
-**<docker-user>
-*OpenShift credentials
-**<openshift-url>
-**<openshift-port>
-**<openshift-token>
 *Redis credentials
 **<redis-host>
@@ Line 43: / Line 35: @@
 **<tenant-sid>
 **<tenant-name>
+**<tenant-dcu>
 *GAuth/GWS service variables
 **<gauth-url-external>
@@ Line 50: / Line 43: @@
 **<gws-url-external>
 **<gws-url-internal>
+*Storage class:
+**<pv-storage-class-rw-many>
+*Pulse:
+**<pulse-host>
-Fill appropriate placeholders and save values in <tt>.shared_init_variables</tt>:<source lang="text">export CHART_VERSION='<chart-version>'
+{{AnchorDiv|SingleNamespace}}
-export DB_HOST='<db-host>'
+===Single namespace===
-export DB_NAME_SHARED='<db-name>'
+If you plan to deploy into the Single Namespace (OpenShift software-defined networking [SDN] with multi-tenant mode, where namespaces are network isolated), ensure that your environment meets the following requirements for inputs:
-export DB_NAME_SUPERUSER='<db-superuser>'
-export DB_PASSWORD_SHARED='<db-user-password>'
-export DB_PASSWORD_SUPERUSER='<db-superuser-password>'
-export DB_PORT='<db-port>'
-export DB_SSL_MODE='<db-ssl-mode>'
-export DB_USER_SHARED='<db-user>'
-export DOCKER_EMAIL='<docker-email>'
-export DOCKER_PASSWORD='<docker-password>'
-export DOCKER_REGISTRY='<docker-registry>'
-export DOCKER_REGISTRY_SECRET_NAME='<docker-registry-secret-name>'
-export DOCKER_TAG='<image-version>'
-export DOCKER_USER='<docker-user>'
-export GAUTH_CLIENT_ID='<gauth-client-id>'
-export GAUTH_CLIENT_SECRET='<gauth-client-secret>'
-export GAUTH_URL='<gauth-url-external>'
-export GAUTH_URL_INTERNAL='<gauth-url-internal>'
-export GWS_URL='<gws-url-external>'
-export GWS_URL_INTERNAL='<gws-url-internal>'
-export NAMESPACE='<namespace>'
-export OS_ADD_SCC_TO_USER='<scc-user>'
-export OS_PORT='<openshift-port>'
-export OS_TOKEN='<openshift-token>'
-export OS_URL='<openshift-url>'
-export PROJECT_NAME='<project-name>'
-export PULSE_ENDPOINT='<pulse-endpoint>'
-export PULSE_HEALTH_PORT=8090
-export PV_STORAGE_CLASS_RW_MANY='<rw-many-storage-class>'
-export REDIS_ENABLE_SSL='<redis-enable-ssl>'
-export REDIS_HOST='<redis-host>'
-export REDIS_PASSWORD='<redis-password>'
-export REDIS_PORT='<redis-port>'
-export TENANT_UUID='<tenant-uuid>'
-export TENANT_DCU='2'
-export TENANT_NAME='<tenant-name>'
-export TENANT_SID='<tenant-sid>'</source><br />
-|Status=No
-}}{{Section
-|sectionHeading=Create project in OpenShift
-|alignment=Vertical
-|structuredtext='''Login using token'''
-<source lang="text">source .shared_init_variables
-oc login --token="${OS_TOKEN}" \
-           --server="${OS_URL}:${OS_PORT}" \
-           --insecure-skip-tls-verify=true</source>
-'''Create project'''
-<source lang="text">source .shared_init_variables
-oc new-project "${PROJECT_NAME}" \
-   --description="${PROJECT_NAME}" \
-   --display-name="${PROJECT_NAME}" </source>
-'''Add SCC to user'''
-<source lang="text">source .shared_init_variables
-oc adm policy add-scc-to-user "${OS_ADD_SCC_TO_USER}" -z default -n "${NAMESPACE}"</source>
-'''Enable namespace'''
-<source lang="text">source .shared_init_variables
-oc annotate namespace --overwrite "${NAMESPACE}" 'scheduler.alpha.kubernetes.io/defaultTolerations'='[{"operator": "Equal", "effect": "NoSchedule", "key": "team", "value": "pat"}]'</source>
-'''Switch to project'''
-<source lang="text">
-source .shared_init_variables
-oc project "${PROJECT_NAME}" </source>
-'''Create secret for auth to registry'''
+*Backend services deployed into the single namespace must include the string ''pulse'':
-<source lang="text">
+*:<source lang="bash">     <db-host>
-source .shared_init_variables
-oc create secret docker-registry "${DOCKER_REGISTRY_SECRET_NAME}" \
-     --docker-server="${DOCKER_REGISTRY}" \
-     --docker-username="${DOCKER_USER}" \
-     --docker-password="${DOCKER_PASSWORD}" \
-     --docker-email="${DOCKER_EMAIL}"
-oc secrets link default "${DOCKER_REGISTRY_SECRET_NAME}" --for=pull </source>
-|Status=No
-}}{{Section
-|sectionHeading=PostgreSQL
-|alignment=Vertical
-|structuredtext='''Create shared db user'''
-As PosgreQSL superuser save the following as <tt>create_shared_db_role.sql:</tt><source lang="text">CREATE ROLE "${DB_USER_SHARED}@${DB_HOST}" WITH NOSUPERUSER LOGIN ENCRYPTED PASSWORD '${DB_PASSWORD_SHARED}';</source>
+     <db-name>
-Run:
-<source lang="text">source .shared_init_variables
-envsubst < ./create_shared_db_role.sql | \
-PGPASSWORD=${DB_PASSWORD_SUPERUSER} psql -h "${DB_HOST}" -p "${DB_PORT}" -U "${DB_NAME_SUPERUSER}" -f - </source>
-'''Create shared db and grant privileges'''
+     <redis-host></source>
+*The hostname used for Ingress must be unique, and must include the string ''pulse'':
+*:<source lang="bash">     <pulse-host></source>
+*Internal service-to-service traffic must use the service endpoints, rather than the Ingress:
+*:<source lang="bash">     <gauth-url-internal>
-Save the following as <tt>create_shared_db.sql</tt>
+     <gws-url-internal></source>
-<source lang="text">CREATE DATABASE ${DB_NAME_SHARED};
-GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME_SHARED} TO "${DB_USER_SHARED}@${DB_HOST}"; </source>
-Run:
-<source lang="text">source .shared_init_variables
-envsubst < ./create_shared_db.sql | \
-PGPASSWORD=${DB_PASSWORD_SUPERUSER} psql -h "${DB_HOST}" -p "${DB_PORT}" -U "${DB_NAME_SUPERUSER}" -f -</source>
 |Status=No
 }}{{Section
 |sectionHeading=Deployment
 |alignment=Vertical
-|structuredtext====Preparations===
+|structuredtext====init Helm chart===
-'''Create pulse-postgres-configmap'''
+This chart is used to initialize the shared PostgreSQL datbase.
-Save as <tt>pulse-postgres-configmap</tt>.yaml:<source lang="text">
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: pulse-postgres-configmap
-  namespace: ${NAMESPACE}
-data:
-  META_DB_HOST: '${DB_HOST}'
-  META_DB_PORT: '${DB_PORT}'
-  META_DB_SSL_MODE: '${DB_SSL_MODE}' </source>
-Run:<source lang="text">source .shared_init_variables
-envsubst < ./pulse-postgres-configmap | \
-oc apply --namespace=${NAMESPACE} \
-        -f - </source>
-'''Validate pulse-postgres-configmap'''
-The following command should return created ConfigMap:<source lang="text">source .shared_init_variables
-oc get configmap pulse-postgres-configmap -n=${NAMESPACE} </source>
-Example:<source lang="text">
-NAME                       DATA   AGE
-pulse-postgres-configmap   3      5h5m </source>
-'''Create pulse-redis-configmap'''
-Save as <tt>pulse-redis-configmap:</tt><source lang="text">apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: pulse-redis-configmap
-  namespace: ${NAMESPACE}
-data:
-  REDIS_HOST: '${REDIS_HOST}'
-  REDIS_PORT: '${REDIS_PORT}'
-  REDIS_ENABLE_SSL: '${REDIS_ENABLE_SSL}' </source>
-Run:<source lang="text">
-source .shared_init_variables
-envsubst < ./pulse-redis-configmap | \
-oc apply  --namespace=${NAMESPACE} \
-        -f - </source>
-'''Validate pulse-redis-configmap'''
-The following command should return created ConfigMap:<source lang="text">source .shared_init_variables
-oc get configmap pulse-redis-configmap -n=${NAMESPACE} </source>
-Example:<source lang="text">NAME                    DATA   AGE
-pulse-redis-configmap   3      4h38m </source>
-'''Create pulse-gws-secret'''
-Save as <tt>pulse-gws-secret.yaml:</tt><source lang="text">
-apiVersion: v1
-kind: Secret
-metadata:
-  name: pulse-gws-secret
-  namespace: ${NAMESPACE}
-type: Opaque
-stringData:
-  clientId: ${GAUTH_CLIENT_ID}
-  clientSecret: ${GAUTH_CLIENT_SECRET} </source>
-Run:<source lang="text">source .shared_init_variables
-envsubst < ./pulse-gws-secret.yaml | \
-oc apply  --namespace=${NAMESPACE} \
-        -f - </source>
-'''Validate pulse-gws-secret'''
-The following command should return created secret:<source lang="text">source .shared_init_variables
-oc get secret pulse-gws-secret -n=${NAMESPACE} </source>
-Example:<source lang="text">
-NAME               TYPE     DATA   AGE
-pulse-gws-secret   Opaque   2      5h4m </source>
-'''Create pulse-postgres-secret'''
-Save as <tt>pulse-postgres-secret.yaml:</tt><source lang="text">apiVersion: v1
-kind: Secret
-metadata:
-  name: pulse-postgres-secret
-  namespace: ${NAMESPACE}
-type: Opaque
-stringData:
-  META_DB_ADMIN: '${DB_USER_SHARED}'
-  META_DB_ADMINPWD: '${DB_PASSWORD_SHARED}' </source>
-Run:<source lang="text">source .shared_init_variables
-envsubst < ./pulse-postgres-secret.yaml | \
-oc apply  --namespace=${NAMESPACE} \
-        -f - </source>
-'''Validate pulse-postgres-secret'''
-The following command should return created secret:<source lang="text">source .shared_init_variables
-oc get secret pulse-postgres-secret -n=${NAMESPACE} </source>
-Example:<source lang="text">NAME                    TYPE     DATA   AGE
-pulse-postgres-secret   Opaque   2      5h30m </source>
-'''Create pulse-redis-secret'''
-Save as <tt>pulse-redis-secret.yaml</tt>:<source lang="text">apiVersion: v1
-kind: Secret
-metadata:
-  name: pulse-redis-secret
-  namespace: ${NAMESPACE}
-type: Opaque
-stringData:
-  REDIS01_KEY: ${REDIS_PASWORD} </source>
-Run:<source lang="text">source .shared_init_variables
-envsubst < ./pulse-redis-secret.yaml | \
-oc apply  --namespace=${NAMESPACE} \
-        -f - </source>
-'''Validate pulse-redis-secret'''
-The following command should return created secret:<source lang="text">
-source .shared_init_variables
-oc get secret pulse-redis-secret -n=${NAMESPACE} </source>
-Example:<source lang="text">
-NAME                 TYPE     DATA   AGE
-pulse-redis-secret   Opaque   1      5h5m </source>
-===Install init helm chart===
-Use this chart for shared Postgres database.
-'''Get init helm chart'''
-Download the <tt>init</tt> helm chart from JFrog using your credentials.
-'''Prepare override file'''
-Save as <tt>values-override-init.yaml:</tt><source lang="text"># Default values for init.
+====Get init Helm chart====
+<source lang="bash">helm repo update
+helm search repo pulsehelmrepo/init</source>
+====Prepare override-init file====
+Create a file with the following content, entering appropriate values where indicated, and save the file as '''values-override-init.yaml''':
+<source lang="bash"># Default values for init.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 image:
-  name: init
+   tag: "<image-version>"
-   tag: "${DOCKER_TAG}"
    pullPolicy: IfNotPresent
-   repository: "${DOCKER_REGISTRY}/pulse/"
+   registry: "<docker-registry>"
+  imagePullSecrets: [name: "<docker-registry-secret-name>"]
-imagePullSecrets: [name: ${DOCKER_REGISTRY_SECRET_NAME}]
 # tenant identification, or empty for shared deployment
 tenants:
-   - id: "${TENANT_UUID}"
+   - id:   "<tenant-uuid>"
-     name: "${TENANT_NAME}"
+     name: "<tenant-name>"
-     key: "${TENANT_SID}"
+     key:  "<tenant-sid>"
-     dcu: "${TENANT_DCU}"
+     dcu:  "<tenant-dcu>"
 # common configuration.
 config:
-  dbName: "${DB_NAME_SHARED}"
+   # set "true" to create config maps
-   # set "true" when need @host added for username
+   createConfigMap: true
-   dbUserWithHost: true
+   # set "true" to create secrets
-   # set "true" for CSI secrets
+   createSecret: true
-   mountSecrets: false
+  # Postgres config - fill when createConfigMap: true
    # Postgres config map name
    postgresConfig: "pulse-postgres-configmap"
-   # Postgres secret name
+  # Postgres hostname
+  postgresHost: "<postgres-hostname>"
+  # Postgres port
+  postgresPort: "<postgres-port>"
+  # Postgres SSL mode
+  postgresEnableSSL: "<postgres-ssl-mode>"
+   # Postgres secret config - fill when createSecret: true
+  # Postgres User
+  postgresUser: "<postgres-user>"
+  # Postgres Password
+  postgresPassword: "<postgres-password>"
+  # Secret name for postgres
    postgresSecret: "pulse-postgres-secret"
-   # Postgres secret key for user
+   # Secret key for postgres user
    postgresSecretUser: "META_DB_ADMIN"
-   # Postgres secret key for password
+   # Secret key for postgres  password
    postgresSecretPassword: "META_DB_ADMINPWD"
+  # Redis config - fill when createConfigMap: true
+  # Redis config map name
+  redisConfig: "pulse-redis-configmap"
+  # Redis host
+  redisHost: "<redis-hostname>"
+  # Redis port
+  redisPort: "<redis-port>"
+  # Redis SSL enabled
+  redisEnableSSL: "false"
+  # Redis secret config - fill when createSecret: true
+  # Password for Redis
+  redisKey: "<redis-key>"
+  # Secret name for Redis
+  redisSecret: "pulse-redis-secret"
+  # Secret key for Redis password
+  redisSecretKey: "REDIS01_KEY"
+  # GWS secret config - fill when createSecret: true
+  # Client ID
+  gwsClientId: "<gws-client-id>"
+  # Client Secret
+  gwsClientSecret: "<gws-client-secret>"
+  # Secret name
+  gwsSecret: "pulse-gws-secret"
+  # Secret key for Client ID
+  gwsSecretClientId: "clientId"
+  # Secret key for Client Secret
+  gwsSecretClientSecret: "clientSecret"
+  # fill database name
+  dbName: "<db-name>"
+  # set "true" when need @host added for username
+  dbUserWithHost: true
+  # set "true" for CSI secrets
+  mountSecrets: false
 ## Service account settings
@@ Line 360: / Line 173: @@
 podAnnotations: {}
-## Containers should run as genesys user and cannot use elevated permissions
+## Specifies the security context for all Pods in the service
-## !!! THESE OPTIONS SHOULD NOT BE CHANGED UNLESS INSTRUCTED BY GENESYS !!!
+##
-# securityContext: {}
+podSecurityContext:
-#    runAsUser: 500
+  runAsNonRoot: true
-#    runAsGroup: 500
+  runAsUser: 500
+  runAsGroup: 500
+  fsGroup: 0
 ## Resource requests and limits
@@ Line 390: / Line 205: @@
 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 ##
-tolerations: [] </source>
+tolerations: []</source>
+====Install init Helm chart====
-'''Install init helm chart'''
+Run:
+<source lang="bash">helm upgrade --install pulse-init pulsehelmrepo/init --wait --wait-for-jobs --version=<chart-version> --namespace=pulse -f values-override-init.yaml</source>
-Run: <source lang="text">
+Command will finish with exit code 0 if installation is successful.
-source .shared_init_variables
-envsubst < ./values-override-init.yaml | \
-helm upgrade --install pulse-init pe-jfrog-stage/init \
-      --wait --wait-for-jobs \
-      --version="${CHART_VERSION}" \
-      --namespace="${NAMESPACE}" \
-      -f - </source>
-This command will finish with exit code 0 if installation is successful.
-'''Validate init helm chart'''
-The following command should report pulse-init job as Completed:<source lang="text">
-source .shared_init_variables
-oc get pods -n="${NAMESPACE}" -l "app.kubernetes.io/name=init,app.kubernetes.io/instance=pulse-init" </source>
-Example:<source lang="text">NAME             READY   STATUS      RESTARTS   AGE
+====Validate init Helm chart====
-pulse-init-job-bvstl   0/1     Completed   0          3h30m </source>
+Execute the following command to validate Helm chart initialization. Pulse-init job should have a Status of Completed:
-===Install pulse helm chart===
+<source lang="bash">oc get pods -n=pulse -l "app.kubernetes.io/name=init,app.kubernetes.io/instance=pulse-init"
-Use this chart for the shared part.
+NAME                   READY   STATUS      RESTARTS   AGE
+pulse-init-job-5669c   0/1     Completed   0          79m</source>
+===Install pulse Helm chart===
+This chart is used for install shared part.
-'''Get pulse helm chart'''
+====Get pulse Helm chart====
+<source lang="bash">helm repo update
-Download the <tt>pulse</tt> helm chart from JFrog using your credentials.
+helm search repo pulsehelmrepo/pulse</source>
+====Prepare override-pulse file====
-'''Prepare override file'''
+Create a file with the following content, entering appropriate values where indicated, and save the file as '''values-override-pulse.yaml''':
+<source lang="bash">
-Save as <tt>values-override-pulse.yaml:</tt><source lang="text"># Default values for pulse.
+# Default values for pulse.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 image:
-  name: pulse
+   tag: "<image-version>"
-   tag: "${DOCKER_TAG}"
    pullPolicy: IfNotPresent
-   repository: "${DOCKER_REGISTRY}/pulse/"
+   registry: "<docker-registry>"
+  imagePullSecrets: [name: "<docker-registry-secret-name>"]
-imagePullSecrets: [name: ${DOCKER_REGISTRY_SECRET_NAME}]
 replicaCount: 2
@@ Line 441: / Line 240: @@
 # common configuration.
 config:
-   dbName: "${DB_NAME_SHARED}"
+   dbName: "<db-name>"
    # set "true" when need @host added for username
    dbUserWithHost: true
@@ Line 506: / Line 305: @@
        - ReadWriteMany
      capacity: 10Gi
-     class: ${PV_STORAGE_CLASS_RW_MANY}
+     class: <pv-storage-class-rw-many>
 # application options
 options:
-   authUrl: "https://${GAUTH_URL}"
+   authUrl: "https://<gauth-url-external>"
-   authUrlInt: "http://${GAUTH_URL_INTERNAL}"
+   authUrlInt: "http://<gauth-url-internal>"
-   gwsUrl: "https://${GWS_URL}"
+   gwsUrl: "https://<gws-url-external>"
-   gwsUrlInt: "http://${GWS_URL_INTERNAL}"
+   gwsUrlInt: "http://<gws-url-internal>"
 ## Service account settings
@@ Line 533: / Line 332: @@
 podLabels: {}
-## Containers should run as genesys user and cannot use elevated permissions
+## Specifies the security context for all Pods in the service
-## !!! THESE OPTIONS SHOULD NOT BE CHANGED UNLESS INSTRUCTED BY GENESYS !!!
+##
-# securityContext: {}
+podSecurityContext:
-#    runAsUser: 500
+  runAsNonRoot: true
-#    runAsGroup: 500
+  runAsUser: 500
+  runAsGroup: 500
+  fsGroup: 0
 ## Ingress configuration
@@ Line 548: / Line 349: @@
      # nginx.ingress.kubernetes.io/proxy-body-size: 5m
    hosts:
-     - host: "${PULSE_ENDPOINT}"
+     - host: "<pulse-host>"
        paths: [/]
    tls: []
@@ Line 600: / Line 401: @@
 # control network policies
 networkPolicies:
-   enabled: false </source>
+   enabled: false</source>
+====Install pulse Helm chart====
-'''Install pulse helm chart'''
+Run:
+<source lang="bash">helm upgrade --install pulse pulsehelmrepo/pulse --wait --version=<chart-version>  --namespace=pulse -f values-override-pulse.yaml</source>
-Run:<source lang="text">source .shared_init_variables
+Command will finish with exit code 0 if installation is successful.
-envsubst < ./values-override-pulse.yaml | \
-helm upgrade --install pulse pe-jfrog-stage/pulse \
-      --wait \
-      --version="${CHART_VERSION}" \
-      --namespace="${NAMESPACE}" \
-      -f - </source>
-This command will finish with exit code 0 if installation is successful.
-'''Validate pulse helm chart'''
-The following report running pods: <source lang="text">source .shared_init_variables
+====Validate pulse Helm chart====
+Execute the following command to kist all running Pulse pods:
-oc get pods -n="${NAMESPACE}" -l "app.kubernetes.io/name=pulse,app.kubernetes.io/instance=pulse" </source>
+<source lang="bash">oc get pods -n=pulse -l "app.kubernetes.io/name=pulse,app.kubernetes.io/instance=pulse"
+NAME                     READY   STATUS    RESTARTS   AGE
+pulse-648b9d6666-f5d84   1/1     Running   0          22m
+pulse-648b9d6666-kqhs6   1/1     Running   0          68m</source>
-Example:<source lang="text">NAME                     READY   STATUS    RESTARTS   AGE
-pulse-5dbd484467-bh82r   1/1     Running   0          4h26m
-pulse-5dbd484467-wz7xt   1/1     Running   0          4h26m </source>
 |Status=No
 }}{{Section
 |sectionHeading=Validation
 |alignment=Vertical
-|structuredtext='''Check logs for error'''
+|structuredtext=Use the following procedures to validate the deployment.
-<source lang="text">oc get pods
+===Check logs for error===
-os logs <pulse-pod-id> </source>
-'''Health validation'''
-<tt>GET /actuator/metrics/pulse.health.all</tt>
-Run in two different consoles (1 -> 2).
-<u>Console 1:</u>
+#Execute the following command to check the log files:
-<source lang="text">source .shared_init_variables
+#:<source lang="bash">oc get pods
+os logs <pulse-pod-id></source>
+#:Where: <tt>&lt;pulse-pod-id&gt;</tt> is the pod identifier.
-export POD_NAME=$(oc get pods --namespace=${NAMESPACE} -l "app.kubernetes.io/name=pulse,app.kubernetes.io/instance=pulse" -o jsonpath="{.items[0].metadata.name}")
+===Health validation===
-oc --namespace=${NAMESPACE} port-forward $POD_NAME ${PULSE_HEALTH_PORT}:${PULSE_HEALTH_PORT} </source>
-<u>Console 2:</u>
+#Execute the following command to download the health vladiation metrics:
-<source lang="text">source .shared_init_variables
+#:'''GET /actuator/metrics/pulse.health.all'''
+#Open two console windows, and execute the following commands:
-curl -X GET http://127.0.0.1:${PULSE_HEALTH_PORT:-?}/actuator/metrics/pulse.health.all \
+##'''Console 1''':
-     -H 'Content-Type: application/json'  | jq '.'</source>
+##:<source lang="bash">oc get pods --namespace pulse -l "app.kubernetes.io/name=pulse,app.kubernetes.io/instance=pulse" -o jsonpath="{.items[0].metadata.name}"
+oc --namespace pulse port-forward <pod-name> 8090:8090</source>
-Genesys Pulse is successfully running and can connect to Postgres and Redis when:
+##'''Console 2''':
+##:<source lang="bash">curl -X GET http://127.0.0.1:8090/actuator/metrics/pulse.health.all       -H 'Content-Type: application/json'
-*HTTP response code is 200
+</source>
-*JSON response is measurements.statistic.value=1<source lang="text">{
+#:If Pulse is running correctly and can connect to Redis and PostgreSQL, the following is returned:
+#*http response is <tt>200</tt>
+#*json response has <tt>measurements.statistic.value</tt> of <tt>1.0</tt>, for example:
+#*:<source lang="bash">{
    "name": "pulse.health.all",
    "description": "Provides overall application status",
@@ Line 682: / Line 469: @@
 |sectionHeading=Troubleshooting
 |alignment=Vertical
-|structuredtext='''Check init helm manifests'''
+|structuredtext=Use the following procedures to troubleshoot problems with the deployment.
+===Check init Helm manifests===
-Run to output manifest into helm-template directory:
+Execute the following command to output init Helm manifest files into the '''helm-template''' directory:
+<source lang="bash">helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template init pulsehelmrepo/init -f values-override-init.yaml.yaml
-<source lang="text">source .shared_init_variables
+</source>
+Where: <tt>&lt;chart-version&gt;</tt> is the Helm chart version.
-envsubst < ./values-override-init.yaml | \
+===Check Pulse Helm manifests===
-helm template \
+Execute the following command to output Pulse Helm manifest files into the '''helm-template''' directory:
-   --version="${CHART_VERSION}" \
+<source lang="bash">helm template --version=<chart-version> --namespace=pulse --debug --output-dir helm-template pulse pulsehelmrepo/pulse -f values-override-pulse.yaml
-   --namespace="${NAMESPACE}" \
+</source>
-   --debug \
+Where: <tt>&lt;chart-version&gt;</tt> is the Helm chart version.
-   --output-dir helm-template \
-   init pe-jfrog-stage/init \
-   -f -</source>
-'''Check pulse helm manifests'''
-Run to output manifest into helm-template directory:
-<source lang="text">source .shared_init_variables
-envsubst < ./values-override-pulse.yaml | \
-helm template \
-     --version="${CHART_VERSION}" \
-     --namespace="${NAMESPACE}" \
-     --debug \
-     --output-dir helm-template \
-     pulse pe-jfrog-stage/pulse \
-     -f -</source>
 |Status=No
 }}{{Section
 |sectionHeading=Override Helm chart values
 |alignment=Vertical
-|structuredtext=<div style="background-color: aliceblue; font-style: italic;">Link to the "suite-level" documentation about how to override Helm chart values: {{SuiteLevelLink|helmoverride}} If there are multiple YAML files (for example, one for each container if your service has multiple containers), you could use a table for each file or use a single table with an extra column for the file name. If the parameter is related to a feature documented elsewhere, you can include a link in the Description column. For example, descriptions for logging setting can link to the Logging page.
+|structuredtext=For more information about overriding Helm chart values, see the the "suite-level" documentation:{{SuiteLevelLink|helmoverride}}.
+<div style="background-color: aliceblue; font-style: italic;">Link to the "suite-level" documentation about how to override Helm chart values: {{SuiteLevelLink|helmoverride}} If there are multiple YAML files (for example, one for each container if your service has multiple containers), you could use a table for each file or use a single table with an extra column for the file name. If the parameter is related to a feature documented elsewhere, you can include a link in the Description column. For example, descriptions for logging setting can link to the Logging page.
 Note: We are still working on an approach to handle documentation for Helm chart values, so please leave this section until the end.
 </div>
@@ Line 735: / Line 507: @@
 {{!}}
 {{!}}}
-|Status=Yes
+|Status=No
 }}{{Section
 |sectionHeading=Configure Kubernetes
@@ Line 748: / Line 520: @@
 |sectionHeading=Configure security
 |alignment=Vertical
-|structuredtext=<div style="background-color: aliceblue; font-style: italic;">List security-related settings, such as how to set up credentials and certificates for third-party services.</div>
+|structuredtext====Arbitrary UIDs===
-|Status=Yes
+If your OpenShift deployment uses arbitrary UIDs, you must override the securityContext settings. By default, the user and group IDs are set to 500:500:500. If your deployment uses arbitrary UIDs, update the '''podSecurityContext''' section in the YAML file for each chart as follows; do not define any specific IDs:
+<source lang="bash">podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: null
+  runAsGroup: null
+  fsGroup: null</source>
+|Status=No
 }}
 |PEPageType=9c3ae89b-4f75-495b-85f8-d8c4afcb3f97
 }}