Deploy Interaction Server

This topic is part of the manual Interaction Server Private Edition Guide for version Current of Interaction Server.

Deploy

Important

Make sure to review Before you begin for the full list of prerequisites required to deploy Interaction Server.

Environment setup

OpenShift

Log in to the OpenShift cluster from the remote host via CLI.

 oc login --token <token> --server <URL of the API server>

Check the cluster version.

 oc get clusterversion

Create Interaction Server project in OpenShift cluster.

 oc new-project ixn

Set the default project to IXN.

 oc project ixn

(Optional step) Create a secret for docker-registry in order to pull image from JFrog.

 oc create secret docker-registry <credential-name> --docker-server=<docker repo> --docker-username=<username> --docker-password=<API key from jfrog> --docker-email=<emailid>

(Optional step) Link the secret to default service account with pull role.

 oc secrets link default <credential-name> --for=pull

Google Kubernetes Engine (GKE)

Log in to the gke cluster.

gcloud container clusters get-credentials gke1

Create Interaction Server project in gke cluster using following manifest file:

create-ixn-namespace.json

{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"name": "ixn",
"labels": {
"name": "ixn"
}
}
}

kubectl apply -f apply create-ixn-namespace.json

Confirm the namespace creation.

kubectl describe namespace ixn

(Optional step) Create a secret for docker-registry in order to pull image from JFrog.

 kubectl create secret docker-registry <credential-name> --docker-server=<docker repo> --docker-username=<username> --docker-password=<API key from jfrog> --docker-email=<emailid>

Prepare cluster resources

To prepare your resources, create secrets and a default pull secret for the cluster.

Create secrets

Create Kubernetes (K8s) secrets for Redis and Kafka access in the IXN namespace:

 kubectl delete secret redis-ors-secret --ignore-not-found

 kubectl create secret generic redis-ors-secret \
 --from-literal='voice-redis-ors-stream={"password":"PaSSword","port":"1234","rejectUnauthorized":"false","servername":"redis-cluster.namespace.svc.cluster.local"}'

 kubectl delete secret kafka-shared-secret --ignore-not-found

 kubectl create secret generic kafka-shared-secret \
 --from-literal='kafka-secrets={"bootstrap": "infra-kafka-cp-kafka.infra.svc.cluster.local:9092"}'

Service account

Either create a service account and set it in Helm values file or just modify an existing one after Helm is installed and service account is created.

Here is an example of created service account, it must be named as ixn-server-<tenant-uuid> for consul injection working.

kubectl get serviceaccounts
NAME                                             SECRETS   AGE
ixn-server-<tenant-uuid>

Deploy IXN via Helm

To deploy IXN via Helm, follow these steps:

1. Download the latest version of Interaction Server installation Helm Charts from the artifactory. See the JFrog Platform Artifactory.

2. Extract parameters from the chart to see multiple (default) values used to fine-tune the installation.

$ helm show values <helm-repo>/ixn > override_values.yaml

Configure the following key entries in the IXN override_values.yaml file:

IXN Server

Secrets:

ixnServer:
  secrets:
    db:
      # -- Enable Interaction Server database secret
      enabled: true
      # -- Interaction Server database secret name
      secretName: ixn-db-secret
      # -- Interaction Server database username to put in the secret
      username: "<Postgres User>"
      # -- Interaction Server database password to put in the secret
      password: "<Postgres Password>"

Database:

db:
    # -- Interaction Server Database engine
    engine: "postgre"
    # -- Interaction Server Database name
    name: "ixn-db"
    # -- Interaction Server Database host
    host: <Postgres Host>
    # -- Interaction Server Database port
    port: 5432
    # -- Interaction Server Database connection string suffix

ixnNode

Database:

  db:
    # -- Interaction Server Node DB host
    host: <Postgres Host>
    # -- Interaction Server Node DB port
    port: 5432
    # -- Interaction Server Node DB name
    name: ixn-node

Redis:

  redis:
    # -- Interaction Server Node connects to Redis host
  - host: <Redis Host>
    port: <Redis Port>
    # -- Is Redis instance a Cluster or not
    is_redis_cluster: "true"

Secrets:

secrets:
    db:
      # -- Enable Interaction Server Node database secret
      enabled: true
      # -- Interaction Server Node database secret name
      secretName: ixn-node-db-secret
      # -- Interaction Server Node database username to put in the secret
      username: "<Postgres User>"
      # -- Interaction Server Node database password to put in the secret
      password: "<Postgres Password>"

Tenant:

tenant:
  # -- Tenant UUID or GWS ID
  id: "<Tenant UUID>"
  # -- Tenant short ID
  sid: <Tenant Short ID>

You can apply multiple override values to customize your setup. However, Genesys recommends using minimal overriding values in the installation.

The following is a sample override_values.yaml file. (Also, refer to Log storage, Consul connection, and Volume mounts.)

image:
  registry: "my-docker-registry.com"
  pullPolicy: Always #IfNotPresent
  imagePullSecrets:
    - name: pullsecret
ixnService:
  image:
    ixnServer:
      repository: "ixn/interaction_server"
      tag: "100.0.003.0609"
    ixnNode:
      repository: "ixn/ixn_node"
      tag: "100.0.003.1900"
    logSidecar:
      enabled: true
      repository: "fluent/fluent-bit"
      tag: "1.8.5"    
  service:
    enabled: true
  volumes: |-
    - name: redis-ors-secret
      secret:
        secretName: redis-ors-secret
    - name: kafka-shared-secret
      secret:
        secretName: kafka-shared-secret
  ixnServer:
    secrets:
      db:
        enabled: true
        secretName: ixn-db-secret-${TENANT_ID}
        username: ${POSTGRES_USER}
        password: ${POSTGRES_PASS}
    confServer:
      host: "localhost"
      port: 8888
      appName: InteractionServer
    db:
      engine: "postgre"
      name: "ixn-${TENANT_ID}"
      host: ${POSTGRES_ADDR}
      port: 5432
      connectionString: "KeepaliveInterval=1;KeepaliveTime=60;"
      optionBlobChunkSize:
      optionReconnectPause:
      schemaName:
    dbinit:
      enabled: true
    logStorage:
      mountPath: "/mnt/logs"
      storageSize: 1Gi
      storageClassName:
      volume:
        emptyDir: {}
    resources:
      requests:
        cpu: "100m"
        memory: "512Mi"
      limits:
        cpu: "200m"
        memory: "2Gi"
    volumeMounts:
      kafka-shared-secret:
        readOnly: true
        mountPath: "/mnt/env-secrets/kafka-secrets"
  ixnNode:
    settings:
      mountPath: "/mnt/settings"
      file: "settings.json"
    storingSessions:
      enabled: true
    db:
      host: ${POSTGRES_ADDR}
      port: 5432
      name: ixn-node-${TENANT_ID}
      options:
        keepAlive: true
        keepAliveInitialDelayMillis: 300000
        ssl:
    redis:
    - host: infra-redis-redis-cluster.infra.svc.cluster.local
      port: ${REDIS_PORT}
      is_redis_cluster: "true"
    secrets:
      db:
        enabled: true
        secretName: ixn-node-db-secret-${TENANT_ID}
        username: ${POSTGRES_USER}
        password: ${POSTGRES_PASS}
    dbinit:
      enabled: true
    consul:
      host:
        value: consul-server.infra.svc.cluster.local
      port: 8500
      sslMode: false
    volumeMounts:
      redis-ors-secret:
        readOnly: true
        mountPath: "/mnt/env-secrets/redis-secrets"
ixnVQNode:
  image:
    ixnVQNode:
      repository: "ixn/ixn_vq_node"
      tag: "100.0.003.0601"
  serviceAccount:
    create: true
    name: ixn
  volumes : |-
    - name: kafka-shared-secret
      secret:
        secretName: kafka-shared-secret
  volumeMounts:
    kafka-shared-secret:
      readOnly: true
      mountPath: "/mnt/env-secrets/kafka-secrets"
tenant:
  id: "9350e2fc-a1dd-4c65-8d40-1f75a2e080dd"
  sid: t100
replicaCount: 1

3. Validate the Helm chart and provided values:

$ helm template ixn-{short-tenant-id} <helm-repo>/ixn --version={version} -f override_values.yaml

4. Install the Interaction Server chart, using the override values file:

$ helm upgrade --install ixn-{short-tenant-id} <helm-repo>/ixn --version={version} -f override_values.yaml

5. Wait until all containers are ready. There should be 4/4 (5/5 if a logging sidecar enabled) for ixn-*-sts-0 and 3/3 containers for ixn-*-vqnode. If it is 1/1, it usually means something is wrong with the consul sidecar injection.

If the following error appeared: "line 5: exec: /home/genesys/interaction_server/interaction_server_64: cannot execute: Permission denied", ixn-{short-tenant-id}-sts-0 pod restart may be required if service account policy was applied after pod started). Refer to Service account.

kubectl get pods
NAME                                                  READY   STATUS    RESTARTS   AGE
ixn-{short-tenant-id}-sts-0                           4/4     Running  0          8m1s
ixn-{short-tenant-id}-vqnode-deploy-6d8bc6846d-ml49d  3/3     Running  0          21m

6. If troubleshooting is necessary, try adding the --dry-run command line parameter in helm install .. for verbose error output.

To see the full set of available parameters, extract the default helm values from the helm package:

$ helm show values <helm-repo>/ixn > override_values.yaml

Log storage

The following is a log storage example configuration in IXN Helm values:

ixnService:
  ixnServer:
    logStorage:
      mountPath: "/mnt/logs"
      storageSize: 1Gi
      storageClassName:
      volume:
        emptyDir: {}

Consul connection

Consul connection can be configured in several ways:

ixnService:
  ixnNode:
    consul:
      host:
        value: <consul hostname>
      port: <consul port>
      sslMode: false

ixnService:
  ixnNode:
    consul:
      host:
        valueFrom:
          fieldRef:
            fieldPath: status.hostIP
      port: <consul port>
      sslMode: false

Connection to Configuration Server using Consul

ixnService:
  annotations: |-
      "consul.hashicorp.com/connect-inject": "true"
      "consul.hashicorp.com/connect-service": {{ include "ixn.consulIxnServerName" . | quote }}
      "consul.hashicorp.com/connect-service-port": server-default
      "consul.hashicorp.com/connect-service-upstreams": |-
        voice-config:{{ .Values.ixnService.ixnNode.configNode.port }},
        {{ printf "tenant-%s:%d" .Values.tenant.id (int .Values.ixnService.ixnServer.confServer.port) }}
      consul.hashicorp.com/service-tags: 'service-ixn'
      consul.hashicorp.com/service-meta-tenant-id: {{ .Values.tenant.id }}
      consul.hashicorp.com/service-meta-tenant-sid: {{ .Values.tenant.sid | quote }}
  ixnServer:
    confServer:
      host: "localhost"
      port: 8888
      appName: InteractionServer
  ixnNode:
    configNode:
      host: "localhost"
      port: 11100
ixnVQNode:
  annotations: |-
    "consul.hashicorp.com/connect-inject": "true"
    "consul.hashicorp.com/connect-service": {{ include "ixn.consulIxnVQNodeName" . | quote }}
    "consul.hashicorp.com/connect-service-port": vqnode-default

Volume mounts

Volume mounts example:

ixnService:
  volumes: |-
    - name: redis-ors-secret
      secret:
        secretName: redis-ors-secret
    - name: kafka-shared-secret
      secret:
        secretName: kafka-shared-secret
  ixnServer:
    volumeMounts:
      kafka-shared-secret:
        readOnly: true
        mountPath: "/mnt/env-secrets/kafka-secrets"
  ixnNode:
    volumeMounts:
      redis-ors-secret:
        readOnly: true
        mountPath: "/mnt/env-secrets/redis-secrets"
  ixnVQNode:
    volumes : |-
      - name: kafka-shared-secret
        secret:
          secretName: kafka-shared-secret
    volumeMounts:
      kafka-shared-secret:
        readOnly: true
        mountPath: "/mnt/env-secrets/kafka-secrets"

Configure monitoring and logging

To configure logging parameters in the Helm values file, see Logging.

Validate the deployment

There must be two pods. Each pod must be in a Running state and all READY checks should pass.

Interaction Server Private Edition Guide

Overview

Configure and deploy

Upgrade, roll back, or uninstall

Observability