Configure GCA
Contents
Learn how to configure GIM Config Adapter (GCA).
Override Helm chart values
Download the gca and gca-monitor Helm charts from JFrog using your credentials. You must override certain parameters in the values.yaml file to provide deployment-specific values for certain parameters.
For general information about overriding Helm chart values, see Overriding Helm chart values in the Genesys Engage Cloud Private Edition Guide.
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the GCA values.yaml file, so that no user or group IDs are specified. For details, see Configure security, below.
At a minimum, you must override the following key entries in the GCA values.yaml file:
- tag - the container image version
- tenant_id - the TenantID of the tenant in use
- tenant_uuid - the TenantUUID that matches the TenantID.
- cfgdb - the tenant configuration database
- bootstrap - the Kafka address to align with the infrastructure Kafka
- NODE_EXTRA_CA_CERTS - points to the self-signed OpenShift service CA. This is the default path.
- s3 - the applicable s3 details defined with the OBC for GSP (see Get S3 data).
The GCA values.yaml file
The following sample GCA values.yaml file, which may not be completely up to date, shows the key parameter values you must override.
log_level: INFO
tenant_id: shared
tenant_uuid: 9350e2fc-a1dd-4c65-8d40-1f75a2e080dd
image:
registry: pureengage-docker-staging.jfrog.io
repository: gim/gca
pullPolicy: IfNotPresent
tag: <image-version>
imagePullSecrets:
pureengage-docker-dev: {}
pureengage-docker-staging: {}
jfrog-stage-credentials: {}
cfgdb:
name: '<tenant-db-name>'
engine: postgre
port: 5432
host: 'postgres-rw.infra.svc.cluster.local'
username: '<db-user>'
password: '<db-password>'
kafka:
bootstrap: 'infra-kafka-cp-kafka.infra.svc.cluster.local:9092'
security:
protocol: plaintext
sasl:
mechanism: PLAIN
extraEnv: |
- name: SNAPSHOT_STORAGE_PATH
value: "/tmp"
- name: NODE_EXTRA_CA_CERTS
value: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
#extraVolumeMounts: ''
volumes: |
- name: kafka-secrets
secret:
secretName: {{.Release.Name}}-kafka-secrets
- name: cfg-db-secrets
secret:
secretName: {{.Release.Name}}-cfgdb-secrets
- name: storage-account-secrets
secret:
secretName: {{ .Release.Name }}-storage-secret
ssl_db_connection: false
dnsConfig:
options:
- name: ndots
value: '3'
csi_enabled: false
tolerations: []
resources:
requests:
memory: 64Mi
cpu: '0.01'
limits:
memory: 4000Mi
cpu: '1'
storage:
wasb:
url: ''
account_name: ''
access_key: ''
s3:
bucket: '<bucket-name>'
gcaSnapshots: '/gca'
accessKey: '<access-key>'
secretKey: '<secret-key>'
useSSL: true
endPoint: '<bucket-host>'
port: <bucket-port>Configure Kubernetes
Configure security
The security context settings define the privilege and access control settings for pods and containers.
By default, the user and group IDs are set in the GCA values.yaml file as 500:500:500, meaning the genesys user.
securityContext:
runAsNonRoot: true
runAsUser: 500
runAsGroup: 500
fsGroup: 500
containerSecurityContext: {}Arbitrary UIDs in OpenShift
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the GCA values.yaml file, so that you do not define any specific IDs.
securityContext:
runAsNonRoot: true
runAsUser: null
runAsGroup: 0
fsGroup: null
containerSecurityContext: {}