Administering Voice Gateway

You can perform additional steps to apply advanced configuration settings for Voice Gateway, including configuring storage, changing default ports, and adding environment variables.

After you install Voice Gateway, you can configure the following settings to meet your needs: To make any of these configuration changes, begin by running the following commands to go to your project and edit the custom resource:
  1. oc project project-name
  2. oc edit voicegateway voicegateway-cr

Storage considerations

You can optionally store logs and recordings. For information about supported storage classes, see Storage requirements.

The following table describes the storage requirements for Voice Gateway resources.
Table 1. Storage for persistent volumes
What to store Minimum storage capacity Notes
recordings (vgw) 15GB Assuming 1000 calls per day, you'd need 1.92GB worth of disk space to store recordings for that day. If you want to keep recordings for a week you'd need at least 15GB of disk space since recordings are not automatically cleaned up.
logs (vgw) 10GB Estimated assuming 1000 calls per day.
Maintaining the recordings volume
Only enable recordings in non-production deployments. Currently, the call recordings stored in Voice Gateway are not removed from storage. An administrator must periodically copy the recordings from the disk to backup and delete the recordings. To copy the recordings from the disk to backup and delete the recordings, complete the following steps:
  1. Copy the recordings from the container:
    oc cp {namespace-name}/{pod-name}:/vgw-media-relay/recordings -c vgw-media-relay ./recordings
  2. Delete the recordings. Run the following command to delete recordings older than a day:
    oc exec -it {pod-name} -c vgw-media-relay -- bash -c "find /vgw-media-relay/recordings -mtime +1 -print | xargs shred -uvz
    The find command is executed from the context of the container. It will list files older than a day and securely delete them using the shred command.
Persistent storage
You can enable persistent storage of recordings or logs by using the spec.storage section of the custom resource, for example:
spec:
  ...
  storage:
    recordings:
      enablePersistentRecordings: false   # Set to true to enable persistent storage of recordings
      storageClassName: ''                # Storage class for PVC
      size: 15Gi
    logs:
      enablePersistentLogs: false         # Set to true to enable persistent storage of logs
      storageClassName: ''                # Storage class for PVC
      size: 10Gi
  ...

Scale replicas

For information about how to scale Voice Gateway, see Manually scaling resources for services.

Change default ports

You can use the spec.ports section of the custom resource to change the default ports. Use the spec.rtpUdpPortRange property to change the port range for RTP, as shown in the following example:
spec:
  ...
  ports:
    sipSignalingPortUdp: 5060        # SIP UDP Port
    sipSignalingPortTcp: 5060        # SIP TCP Port
    sipSignalingPortTls: 5061        # SIP TLS Port
    sipOrchestratorHttpPort: 9086    # HTTP port for Rest API
    sipOrchestratorHttpsPort: 9446   # HTTPS port for Rest API
    mediaRelayWsPort: 8080           # Media Relay websocket port
    rtpUdpPortRange: '16384-16394'   # RTP UDP port range
  ...

Add a node selector

If you want Voice Gateway pods to come up on specific worker nodes, you can label those nodes and add the nodeSelector property to the voicegateway custom resource spec, as shown in the following example:
spec:
  ...
  nodeSelector:
    key1: value2 # Use the key and value of your label here.
    key2: value2 # You can specify multiple labels here
  ...

Add tolerations

Voice Gateway pods support taints and tolerations. The format that is used is the default Kubernetes format for taints and toleration:
spec:
  ...
  tolerations:
  - key: "key1"
    operator: "Equal"
    value: "value1"
    effect: "NoSchedule"
  ...

Add environment variables

You can add environment variables for the SIP Orchestrator and the Media Relay containers. For supported environment variables, see Configuration environment variables for Voice Gateway.

Media Relay environment variables can be specified in the spec.env.mediaRelay section of the custom resource. SIP Orchestrator environment variables can be specified in the spec.env.sipOrchestrator section of the custom resource. These custom resource sections follow the Kubernetes format for loading environment variables in a container, for example:
spec:
  ...
  env:
    sipOrchestrator:
      - name: LOG_LEVEL
        value: 'info'
    mediaRelay:
      - name: MEDIA_RELAY_LOG_LEVEL
        value: 'INFO'
  ...

You can also load environment variables from a secret or from a ConfigMap. Do not use Voice Gateway environment variables to configure ports or SSL. Instead, use the spec.ports and spec.sslConfig sections of the voicegateway custom resource.

Enable the G729 Codec Service

To enable the G729 Codec Service, set the spec.g729Codec.enabled property to true, as shown in the following example:
spec:
  ...
  g729Codec:
    enabled: false
    logLevel: 'INFO'
    webSocketServerPort: 9011     # Port to use for G729 Codec Service
  ...

Assign container resources

You can use the spec.resources section of the custom resource to set the resources for Voice Gateway. It is recommended to assign 80% of resources to Media Relay and 20% to the SIP Orchestrator container. If the G729 Codec Service is enabled, you can change the default resources that are allocated to the G729 container:
spec:
  ...
  resources:
    sipOrchestrator:
      requests:
        cpu: "1.0"
        memory: 2Gi
      limits:
        cpu: "1.0"
        memory: 2Gi
    mediaRelay:
      requests:
        cpu: "0.5"
        memory: 1Gi
      limits:
        cpu: "0.5"
        memory: 1Gi
    g729Codec:
      requests:
        cpu: "0.5"
        memory: 1Gi
      limits:
        cpu: "0.5"
        memory: 1Gi
  ...

Configure Secure Sockets Layer (SSL)

By default, connections to Watson services on Cloud Pak for Data and the public cloud are secured by using TLS encryption so no further configuration is needed. However, if you have other connections or connections to Watson services through intermediary servers, like a service orchestration engine, you might want to secure them by configuring SSL or TLS encryption.

The following instructions assume that you already established a certificate authority and generated one or more signed certificates with a passphrase. The examples in the following sections use a single PKCS12 format file for the truststore file, but you can use JKS or JCEKS formats as well. You can use a tool like OpenSSL to generate files in these formats. A single PKCS12 file can be used only if mutual authentication is configured. If you configure SSL or TLS without mutual authentication, then you need separate files for the SIP Orchestrator and Media Relay.

Add trusted certificates for the SIP Orchestrator
  1. Run the following command to create a secret from the truststore key file:
    oc create secret generic trust-store-file-secret --from-file=trustStoreFile=<myPKCS12File>.p12 -n ${PROJECT_CPD_INSTANCE}
  2. Create a secret for the SSL passphrase:
    oc create secret generic ssl-passphrase-secret --from-literal=sslPassphrase='<passphrase>'
Add trusted certificates for the Media Relay
  1. Run the following command to create a secret from the client CA certificate file:
    oc create secret generic client-ca-cert-secret --from-file=clientCaCertFile=<ca-bundle>.pem -n ${PROJECT_CPD_INSTANCE}
Add certificates for the Media Relay
  1. Run the following command to create a secret from the SSL client PKCS12 file:
    oc create secret generic ssl-client-pkcs12-file-secret --from-file=clientPkcs12File=<myPKCS12File>.p12 -n ${PROJECT_CPD_INSTANCE}
  2. Create a secret for the SSL passphrase:
    oc create secret generic ssl-client-passphrase-secret --from-literal=sslClientPassphrase='<passphrase>'
Add or update the Voice Gateway custom resource
Add or update the spec.sslConfig section of your voicegateway-cr custom resource with the following section:
spec:
...
  sslConfig:
    mediaRelay:
      enableMutualAuth: true
      enableSsl: true
      sslClientCACertSecret: client-ca-cert-secret
      sslClientPassphraseSecret: ssl-client-passphrase-secret
      sslClientPkcs12FileSecret: ssl-client-pkcs12-file-secret
    sipOrchestrator:
      enableSslorMutualAuth: true
      sslFileType: PKCS12
      sslKeyTrustStoreSecret: trust-store-file-secret
      sslPassphraseSecret: ssl-passphrase-secret

Configure MRCPv2

You can configure your Voice Gateway deployment to integrate with third-party speech to text and text to speech services by using Media Resource Control Protocol Version 2 (MRCPv2) connections.

  1. Run the following command to create the unimrcpConfig secret from the unimrcpclient.xml file:
    oc create secret generic unimrcp-config-secret --from-file=unimrcpConfig=unimrcpclient.xml -n ${PROJECT_CPD_INSTANCE}
  2. Optional: If you changed the default MRCPv2 SIP port, update the spec.mrcp.mrcpv2SipPort property in the custom resource.
  3. Enable MRCP by setting the spec.mrcp.enableMrcp property to true in the custom resource, for example:
    spec:
      ...
      mrcp:
        enableMrcp: true
        unimrcpConfigSecretName: unimrcp-config-secret  # Name of secret for unimrcp config
        mrcpv2SipPort: 5555                             # Set this to the correct port for MRCPv2 SIP Port
      ...

For more information, see Configuring services with MRCPv2.