Administering Voice Gateway
You can perform additional steps to apply advanced configuration settings for Voice Gateway, including configuring storage, changing default ports, and adding environment variables.
- Storage considerations
- Scale replicas
- Change default ports
- Add a node selector
- Add tolerations
- Add environment variables
- Enable the G729 Codec Service
- Assign container resources
- Configure Secure Sockets Layer (SSL)
- Configure MRCPv2
-
oc project project-name
-
oc edit voicegateway voicegateway-cr
Storage considerations
You can optionally store logs and recordings. For information about supported storage classes, see Storage requirements.
What to store | Minimum storage capacity | Notes |
---|---|---|
recordings (vgw) | 15GB | Assuming 1000 calls per day, you'd need 1.92GB worth of disk space to store recordings for that day. If you want to keep recordings for a week you'd need at least 15GB of disk space since recordings are not automatically cleaned up. |
logs (vgw) | 10GB | Estimated assuming 1000 calls per day. |
- Copy the recordings from the
container:
oc cp {namespace-name}/{pod-name}:/vgw-media-relay/recordings -c vgw-media-relay ./recordings
- Delete the recordings. Run the following command to delete recordings older than a
day:
Theoc exec -it {pod-name} -c vgw-media-relay -- bash -c "find /vgw-media-relay/recordings -mtime +1 -print | xargs shred -uvz
find
command is executed from the context of the container. It will list files older than a day and securely delete them using theshred
command.
spec.storage
section of the custom resource, for
example:spec:
...
storage:
recordings:
enablePersistentRecordings: false # Set to true to enable persistent storage of recordings
storageClassName: '' # Storage class for PVC
size: 15Gi
logs:
enablePersistentLogs: false # Set to true to enable persistent storage of logs
storageClassName: '' # Storage class for PVC
size: 10Gi
...
Scale replicas
For information about how to scale Voice Gateway, see Manually scaling resources for services.
Change default ports
spec.ports
section of the custom resource to change the default
ports. Use the spec.rtpUdpPortRange
property to change the port range for RTP, as
shown in the following example:spec:
...
ports:
sipSignalingPortUdp: 5060 # SIP UDP Port
sipSignalingPortTcp: 5060 # SIP TCP Port
sipSignalingPortTls: 5061 # SIP TLS Port
sipOrchestratorHttpPort: 9086 # HTTP port for Rest API
sipOrchestratorHttpsPort: 9446 # HTTPS port for Rest API
mediaRelayWsPort: 8080 # Media Relay websocket port
rtpUdpPortRange: '16384-16394' # RTP UDP port range
...
Add a node selector
nodeSelector
property to the voicegateway
custom resource spec, as shown in the following
example:spec:
...
nodeSelector:
key1: value2 # Use the key and value of your label here.
key2: value2 # You can specify multiple labels here
...
Add tolerations
spec:
...
tolerations:
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoSchedule"
...
Add environment variables
You can add environment variables for the SIP Orchestrator and the Media Relay containers. For supported environment variables, see Configuration environment variables for Voice Gateway.
spec.env.mediaRelay
section of the custom resource. SIP Orchestrator environment variables can be specified in the
spec.env.sipOrchestrator
section of the custom resource. These custom resource
sections follow the Kubernetes format for loading environment variables in a container, for
example:spec:
...
env:
sipOrchestrator:
- name: LOG_LEVEL
value: 'info'
mediaRelay:
- name: MEDIA_RELAY_LOG_LEVEL
value: 'INFO'
...
You can also load environment variables from a secret or from a ConfigMap. Do not use Voice Gateway environment variables to configure ports
or SSL. Instead, use the spec.ports
and spec.sslConfig
sections of
the voicegateway
custom resource.
Enable the G729 Codec Service
spec.g729Codec.enabled
property to
true
, as shown in the following example:spec:
...
g729Codec:
enabled: false
logLevel: 'INFO'
webSocketServerPort: 9011 # Port to use for G729 Codec Service
...
Assign container resources
spec.resources
section of the custom resource to set the
resources for Voice Gateway. It is recommended
to assign 80% of resources to Media Relay and 20% to the SIP Orchestrator container. If the G729
Codec Service is enabled, you can change the default resources that are allocated to the G729
container:spec:
...
resources:
sipOrchestrator:
requests:
cpu: "1.0"
memory: 2Gi
limits:
cpu: "1.0"
memory: 2Gi
mediaRelay:
requests:
cpu: "0.5"
memory: 1Gi
limits:
cpu: "0.5"
memory: 1Gi
g729Codec:
requests:
cpu: "0.5"
memory: 1Gi
limits:
cpu: "0.5"
memory: 1Gi
...
Configure Secure Sockets Layer (SSL)
By default, connections to Watson services on Cloud Pak for Data and the public cloud are secured by using TLS encryption so no further configuration is needed. However, if you have other connections or connections to Watson services through intermediary servers, like a service orchestration engine, you might want to secure them by configuring SSL or TLS encryption.
The following instructions assume that you already established a certificate authority and generated one or more signed certificates with a passphrase. The examples in the following sections use a single PKCS12 format file for the truststore file, but you can use JKS or JCEKS formats as well. You can use a tool like OpenSSL to generate files in these formats. A single PKCS12 file can be used only if mutual authentication is configured. If you configure SSL or TLS without mutual authentication, then you need separate files for the SIP Orchestrator and Media Relay.
- Run the following command to create a secret from the truststore key
file:
oc create secret generic trust-store-file-secret --from-file=trustStoreFile=<myPKCS12File>.p12 -n ${PROJECT_CPD_INSTANCE}
- Create a secret for the SSL
passphrase:
oc create secret generic ssl-passphrase-secret --from-literal=sslPassphrase='<passphrase>'
- Run the following command to create a secret from the client CA certificate
file:
oc create secret generic client-ca-cert-secret --from-file=clientCaCertFile=<ca-bundle>.pem -n ${PROJECT_CPD_INSTANCE}
- Run the following command to create a secret from the SSL client PKCS12
file:
oc create secret generic ssl-client-pkcs12-file-secret --from-file=clientPkcs12File=<myPKCS12File>.p12 -n ${PROJECT_CPD_INSTANCE}
- Create a secret for the SSL
passphrase:
oc create secret generic ssl-client-passphrase-secret --from-literal=sslClientPassphrase='<passphrase>'
spec.sslConfig
section of your
voicegateway-cr
custom resource with the following
section:spec:
...
sslConfig:
mediaRelay:
enableMutualAuth: true
enableSsl: true
sslClientCACertSecret: client-ca-cert-secret
sslClientPassphraseSecret: ssl-client-passphrase-secret
sslClientPkcs12FileSecret: ssl-client-pkcs12-file-secret
sipOrchestrator:
enableSslorMutualAuth: true
sslFileType: PKCS12
sslKeyTrustStoreSecret: trust-store-file-secret
sslPassphraseSecret: ssl-passphrase-secret
Configure MRCPv2
You can configure your Voice Gateway deployment to integrate with third-party speech to text and text to speech services by using Media Resource Control Protocol Version 2 (MRCPv2) connections.
- Run the following command to create the
unimrcpConfig
secret from theunimrcpclient.xml
file:oc create secret generic unimrcp-config-secret --from-file=unimrcpConfig=unimrcpclient.xml -n ${PROJECT_CPD_INSTANCE}
- Optional: If you changed the default MRCPv2 SIP port, update the
spec.mrcp.mrcpv2SipPort
property in the custom resource. - Enable MRCP by setting the
spec.mrcp.enableMrcp
property totrue
in the custom resource, for example:spec: ... mrcp: enableMrcp: true unimrcpConfigSecretName: unimrcp-config-secret # Name of secret for unimrcp config mrcpv2SipPort: 5555 # Set this to the correct port for MRCPv2 SIP Port ...
For more information, see Configuring services with MRCPv2.