Difference between revisions of "PEC-REP/Current/GIMPEGuide/ConfigureGCA"

From Genesys Documentation
Jump to: navigation, search
m (Text replacement - "Genesys Engage [cC]loud" to "Genesys Multicloud CX")
Line 7: Line 7:
 
|sectionHeading=Override Helm chart values
 
|sectionHeading=Override Helm chart values
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext=Download the gca and gca-monitor Helm charts from JFrog using your credentials. You must override certain parameters in the '''values.yaml''' file to provide deployment-specific values for certain parameters.
+
|structuredtext=Download the gca and gca-monitoring Helm charts from JFrog using your credentials. You must override certain parameters in the GCA '''values.yaml''' file to provide deployment-specific values for certain parameters.
  
 
For general information about overriding Helm chart values, see {{SuiteLevelLink|helmoverride}} in the ''{{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|display text=Genesys Multicloud CX Private Edition Guide}}''.
 
For general information about overriding Helm chart values, see {{SuiteLevelLink|helmoverride}} in the ''{{Link-AnywhereElse|product=PrivateEdition|version=Current|manual=PEGuide|display text=Genesys Multicloud CX Private Edition Guide}}''.
  
 
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the GCA '''values.yaml''' file, so that no user or group IDs are specified. For details, see [[{{FULLPAGENAME}}#Security|Configure security]], below.
 
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the '''securityContext''' settings in the GCA '''values.yaml''' file, so that no user or group IDs are specified. For details, see [[{{FULLPAGENAME}}#Security|Configure security]], below.
 +
 +
To enable S3-compatible storage to store the GCA snapshot, see [[{{FULLPAGENAME}}#Storage|Configure S3-compatible storage]], below.
  
 
At a minimum, you must override the following key entries in the GCA '''values.yaml''' file:
 
At a minimum, you must override the following key entries in the GCA '''values.yaml''' file:
  
*<tt>tag</tt> - the container image version
+
*<tt>image:</tt>
* <tt>tenant_id</tt> - the TenantID of the tenant in use
+
*:<tt>registry</tt> — ''the registry from which Kubernetes will pull images (''<tt>pureengage-docker-staging.jfrog.io</tt> ''by default)''
* <tt>tenant_uuid</tt> - the TenantUUID that matches the TenantID.
+
*:<tt>tag</tt> - ''the container image version''
* <tt>cfgdb</tt> - the tenant configuration database
+
*<tt>tenant_id</tt> - ''the TenantID of the tenant in use''
* <tt>bootstrap</tt> - the Kafka address to align with the infrastructure Kafka
+
*<tt>cfgdb</tt> - ''the applicable details for the Configuration Database, created before you deployed the Tenant service''
* <tt>NODE_EXTRA_CA_CERTS</tt> - points to the self-signed OpenShift service CA. This is the default path.
+
*: <tt>name</tt> - ''the name of the database''
*<tt>s3</tt> - the applicable s3 details defined with the OBC for GSP (see {{Link-SomewhereInThisVersion|manual=GIMPEGuide|topic=ConfigureGSP|anchor=S3Data|display text=Get S3 data}}).
+
*: <tt>host</tt> - ''the host on which the DBMS is running''
====The GCA '''values.yaml''' file====
+
*: <tt>username</tt> - ''the user account for GCA to access the database. The user account must have at least read permissions.''
The following sample GCA '''values.yaml''' file, which may not be completely up to date, shows the key parameter values you must override.
+
*: <tt>password</tt> - ''the password for the user account''
<source lang="bash">log_level: INFO
+
*<tt>gimdb</tt> - ''the applicable details for the Info Mart database''
tenant_id: shared
+
*: <tt>name</tt> - ''the name of the database''
tenant_uuid: 9350e2fc-a1dd-4c65-8d40-1f75a2e080dd
+
*: <tt>host</tt> - ''the host on which the DBMS is running''
image:
+
*: <tt>username</tt> - ''the user account created when you created the database (see {{Link-SomewhereInThisVersion|manual=GIMPEGuide|topic=PlanningGIM|anchor=CreateDB|display text=Create the Info Mart database}})''
  registry: pureengage-docker-staging.jfrog.io
+
*: <tt>password</tt> - ''the password for the user account''
  repository: gim/gca
+
*<tt>kafka:</tt>
  pullPolicy: IfNotPresent
+
*: <tt>bootstrap</tt> - ''the Kafka address to align with the infrastructure Kafka''
  tag: <image-version>
+
*: <tt>password</tt> - ''the Kafka password, if Kafka requires authentication''
imagePullSecrets:
+
 
  pureengage-docker-dev: {}
+
'''Note:''' <tt>tenant_id</tt> and <tt>kafka:password</tt> (optional) are currently not included in the '''values.yaml''' file. Either add these parameters to your customized '''values.yaml''' file or else specify them in the command line when you install the Helm chart.
  pureengage-docker-staging: {}
+
 
  jfrog-stage-credentials: {}
+
{{NoteFormat|Treat your modified '''values.yaml''' file as source code, which you are responsible to maintain so that your overrides are preserved and available for reuse when you upgrade.}}
 
 
cfgdb:
 
  name: '<tenant-db-name>'
 
  engine: postgre
 
  port: 5432
 
  host: 'postgres-rw.infra.svc.cluster.local'
 
  username: '<db-user>'
 
  password: '<db-password>'
 
kafka:
 
  bootstrap: 'infra-kafka-cp-kafka.infra.svc.cluster.local:9092'
 
  security:
 
    protocol: plaintext
 
  sasl:
 
    mechanism: PLAIN
 
extraEnv: |
 
  - name: SNAPSHOT_STORAGE_PATH
 
    value: "/tmp"
 
  - name: NODE_EXTRA_CA_CERTS
 
    value: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
 
#extraVolumeMounts: ''
 
volumes: |
 
  - name: kafka-secrets
 
    secret:
 
      secretName: {{.Release.Name}}-kafka-secrets
 
  - name: cfg-db-secrets
 
    secret:
 
      secretName: {{.Release.Name}}-cfgdb-secrets
 
  - name: storage-account-secrets
 
    secret:
 
      secretName: {{ .Release.Name }}-storage-secret
 
ssl_db_connection: false
 
dnsConfig:
 
  options:
 
  - name: ndots
 
    value: '3'
 
csi_enabled: false
 
tolerations: []
 
resources:
 
  requests:
 
    memory: 64Mi
 
    cpu: '0.01'
 
  limits:
 
    memory: 4000Mi
 
    cpu: '1'
 
storage:
 
  wasb:
 
    url: ''
 
    account_name: ''
 
    access_key: ''
 
  s3:
 
    bucket: '<bucket-name>'
 
    gcaSnapshots: '/gca'
 
    accessKey: '<access-key>'
 
    secretKey: '<secret-key>'
 
    useSSL: true
 
    endPoint: '<bucket-host>'
 
    port: <bucket-port></source>
 
 
|Status=No
 
|Status=No
 
}}{{Section
 
}}{{Section
 
|sectionHeading=Configure Kubernetes
 
|sectionHeading=Configure Kubernetes
 
|alignment=Vertical
 
|alignment=Vertical
|structuredtext={{Notices|Notice=PEComingSoon}}
+
|structuredtext=
 +
{{AnchorDiv|Secrets}}
 +
===Secrets===
 +
GCA requires the following secrets:
 +
* <tt>docker-registry</tt> — Credentials to pull the image from the JFrog repository
 +
* <tt><nowiki>{{.Release.Name}}</nowiki>-kafka-secrets</tt> — Credentials to access Kafka
 +
* <tt><nowiki>{{.Release.Name}}</nowiki>-cfgdb-secrets</tt> — Credentials to access the Configuration Database
 +
* <tt><nowiki>{{.Release.Name}}</nowiki>-gimdb-secrets</tt> — Credentials to access the Info Mart database
 +
* <tt><nowiki>{{.Release.Name}}</nowiki>-storage-secret</tt> — Credentials to access optional S3-compatible storage (for Data Export)
 +
 
 +
Except for <tt>docker-registry</tt>, which you must create manually (see the environment setup instructions on {{Link-SomewhereInThisVersion|manual=GIMPEGuide|topic=DeployGCA}}), Helm creates the secrets based on values you specify in the '''values.yaml''' file.
 +
 
 +
{{AnchorDiv|ConfigMaps}}
 +
===Config Maps===
 +
There are no Config Maps you can configure directly.
 
|Status=No
 
|Status=No
 
}}{{Section
 
}}{{Section
Line 126: Line 85:
 
containerSecurityContext: {}
 
containerSecurityContext: {}
 
</source>
 
</source>
 +
|Status=No
 +
}}{{Section
 +
|sectionHeading=Configure S3-compatible storage
 +
|anchor=Storage
 +
|alignment=Vertical
 +
|structuredtext=If you are using S3-compatible object storage on OpenShift or GCP to store the GCA snapshot, modify the following <tt>storage: s3</tt> entries in the '''values.yaml''' file:
 +
*<tt>bucket</tt> — ''the bucket name''
 +
*<tt>gcaSnapshots</tt> — ''the volume or folder in the bucket where the GCA snapshot is stored''
 +
*<tt>accessKey</tt> — ''the access key created when you created the bucket''
 +
*<tt>secretKey</tt> — ''the secret created when you created the bucket''
 +
*<tt>endPoint</tt> — ''the bucket host''
 +
 +
====OpenShift example====
 +
<source lang="bash">
 +
storage:
 +
  ...
 +
  s3:
 +
    bucket: "gim-3f7ac1ab-03b9-445b-ba12-137d4bbc3c38"
 +
    gcaSnapshots: "/gca"
 +
    accessKey: "<Access Key>"
 +
    secretKey: "<Secret Key>"
 +
    useSSL: true
 +
    endPoint: "s3.openshift-storage.svc"
 +
    port: 443
 +
    Insecure: true </source>
 +
 +
====GKE example====
 +
<source lang="bash">
 +
storage:
 +
  ...
 +
  s3:
 +
    bucket: "test-example-bucket-one"
 +
    gcaSnapshots: "/gca"
 +
    accessKey: "<Access Key>"
 +
    secretKey: "<Secret Key>"
 +
    useSSL: true
 +
    endPoint: "storage.googleapis.com"
 +
    port: 443
 +
    Insecure: true </source>
 
|Status=No
 
|Status=No
 
}}
 
}}
 
|PEPageType=9c3ae89b-4f75-495b-85f8-d8c4afcb3f97
 
|PEPageType=9c3ae89b-4f75-495b-85f8-d8c4afcb3f97
 
}}
 
}}

Revision as of 19:53, March 30, 2022

This topic is part of the manual Genesys Info Mart Private Edition Guide for version Current of Reporting.

Learn how to configure GIM Config Adapter (GCA).

Override Helm chart values

Download the gca and gca-monitoring Helm charts from JFrog using your credentials. You must override certain parameters in the GCA values.yaml file to provide deployment-specific values for certain parameters.

For general information about overriding Helm chart values, see Overriding Helm chart values in the Genesys Multicloud CX Private Edition Guide.

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the GCA values.yaml file, so that no user or group IDs are specified. For details, see Configure security, below.

To enable S3-compatible storage to store the GCA snapshot, see Configure S3-compatible storage, below.

At a minimum, you must override the following key entries in the GCA values.yaml file:

  • image:
    registrythe registry from which Kubernetes will pull images (pureengage-docker-staging.jfrog.io by default)
    tag - the container image version
  • tenant_id - the TenantID of the tenant in use
  • cfgdb - the applicable details for the Configuration Database, created before you deployed the Tenant service
    name - the name of the database
    host - the host on which the DBMS is running
    username - the user account for GCA to access the database. The user account must have at least read permissions.
    password - the password for the user account
  • gimdb - the applicable details for the Info Mart database
    name - the name of the database
    host - the host on which the DBMS is running
    username - the user account created when you created the database (see Create the Info Mart database)
    password - the password for the user account
  • kafka:
    bootstrap - the Kafka address to align with the infrastructure Kafka
    password - the Kafka password, if Kafka requires authentication

Note: tenant_id and kafka:password (optional) are currently not included in the values.yaml file. Either add these parameters to your customized values.yaml file or else specify them in the command line when you install the Helm chart.

Important
Treat your modified values.yaml file as source code, which you are responsible to maintain so that your overrides are preserved and available for reuse when you upgrade.

Configure Kubernetes

Secrets

GCA requires the following secrets:

  • docker-registry — Credentials to pull the image from the JFrog repository
  • {{.Release.Name}}-kafka-secrets — Credentials to access Kafka
  • {{.Release.Name}}-cfgdb-secrets — Credentials to access the Configuration Database
  • {{.Release.Name}}-gimdb-secrets — Credentials to access the Info Mart database
  • {{.Release.Name}}-storage-secret — Credentials to access optional S3-compatible storage (for Data Export)

Except for docker-registry, which you must create manually (see the environment setup instructions on Deploy GIM Config Adapter), Helm creates the secrets based on values you specify in the values.yaml file.

Config Maps

There are no Config Maps you can configure directly.

Configure security

The security context settings define the privilege and access control settings for pods and containers.

By default, the user and group IDs are set in the GCA values.yaml file as 500:500:500, meaning the genesys user. 

securityContext:
  runAsNonRoot: true
  runAsUser: 500
  runAsGroup: 500
  fsGroup: 500

containerSecurityContext: {}

Arbitrary UIDs in OpenShift

If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the GCA values.yaml file, so that you do not define any specific IDs. 

securityContext:
  runAsNonRoot: true
  runAsUser: null
  runAsGroup: 0
  fsGroup: null

containerSecurityContext: {}

Configure S3-compatible storage

If you are using S3-compatible object storage on OpenShift or GCP to store the GCA snapshot, modify the following storage: s3 entries in the values.yaml file:

  • bucketthe bucket name
  • gcaSnapshotsthe volume or folder in the bucket where the GCA snapshot is stored
  • accessKeythe access key created when you created the bucket
  • secretKeythe secret created when you created the bucket
  • endPointthe bucket host

OpenShift example

storage:
  ...
  s3:
    bucket: "gim-3f7ac1ab-03b9-445b-ba12-137d4bbc3c38"
    gcaSnapshots: "/gca"
    accessKey: "<Access Key>"
    secretKey: "<Secret Key>"
    useSSL: true
    endPoint: "s3.openshift-storage.svc"
    port: 443
    Insecure: true

GKE example

storage:
  ...
  s3:
    bucket: "test-example-bucket-one"
    gcaSnapshots: "/gca"
    accessKey: "<Access Key>"
    secretKey: "<Secret Key>"
    useSSL: true
    endPoint: "storage.googleapis.com"
    port: 443
    Insecure: true
Retrieved from "https://all.docs.genesys.com/PEC-REP/Current/GIMPEGuide/ConfigureGCA (2025-07-21 23:31:02)"
Comments or questions about this documentation? Contact us for support!