Customizing Policy Control Function
This chapter describes how to customize the Policy Control Function (PCF) deployment in a cloud native environment.
The PCF deployment is customized by overriding the default values of various configurable parameters in the ocpcf-custom-values-1.5.0.yaml file.
To customize the
ocpcf-custom-values-1.5.0.yaml
file as per the required parameters:
- Go to the Oracle Help Center (OHC) Web site:
- Navigate to Industries->Communications->Signaling & Policy ->Cloud Native Core->Release 2.1.1
- Click the Policy Control Function (PCF) Custom Template link to download the zip file.
- Unzip the file to get
ocpcf-custom-configTemplates-1.5.0.0.0file that contains theocpcf-custom-values-1.5.0.yaml. This file is used during installation. - Customize the ocpcf-custom-values-1.5.0.yaml file.
- Save the updated ocpcf-custom-values-1.5.0.yaml file in the helm chart directory.
Following is a sample
ocpcf-custom-values-1.5.0.yaml
file created based on all the parameters described in the
Policy Control Function Customization Parameters
section .
# Copyright 2019 (C), Oracle and/or its affiliates. All rights reserved.
# section:- global
global:
# Docker registry name
dockerRegistry: 'occne-bastion:5000'
imageServiceDetector: readiness-detector:1.5.0
#Jaeger Hostname
envJaegerAgentHost: 'occne-tracer-jaeger-agent.occne-infra'
# Primary MYSQL Host IP or Hostname
envMysqlHost: ''
# K8s secret object name containing OCPCF MYSQL UserName and Password
dbCredSecretName: ''
# -----Ingress Gateway Settings - BEGIN-----
# If httpsEnabled is false, this Port would be HTTP/2.0 Port (unsecured)
publicHttpSignalingPort: 80
# If httpsEnabled is true, this Port would be HTTPS/2.0 Port (secured SSL)
publicHttpsSignallingPort: 443
# Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: false
# Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
# -----Ingress Gateway Settings - END-----
# API root of PCF that will be used in notification URLs generated by PCF's when sending request to other producer NFs
#If not configured then the ingress gateway service name and port will be used as default value. ex:"https://<k8s namespace>-pcf-egress-gateway:443"
pcfApiRoot: ''
am-service:
enabled: true
envMysqlDatabase: pcf_amservice
sm-service:
enabled: true
envMysqlDatabase: pcf_smservice
defaultBsfApiRoot: ''
auditSmSessionTtl: 86400
auditSmSessionMaxTtl: 172800
ue-service:
enabled: true
replicas: 1
user-service:
envMysqlDatabase: pcf_userservice
config-server:
envMysqlDatabase: ocpm_config_server_pcf
replicas: 1
#database name should be sm service database name
queryservice:
envMysqlDatabase: pcf_smservice
cm-service:
envMysqlDatabaseSessionViewer: pcf_smservice
audit-service:
enabled: true
nrf-client:
cacheNfProfilesDiscoveredOnDemand: false
configmap:
nrfHost: '10.75.224.80'
nrfServicePort: 80
appinfo:
serviceAccountName: ''
perf-info:
configmapPerformance:
prometheus: http://prometheus-server.prometheus:5802
diam-connector:
envDiameterRealm: 'oracle.com'
envDiameterIdentity: 'ocpcf'
diam-gateway:
envDiameterRealm: 'oracle.com'
envDiameterIdentity: 'ocpcf-gateway'
ingress-gateway:
#Service Mesh (Istio) to take care of load-balancing
serviceMeshCheck: false
# ----OAUTH CONFIGURATION - BEGIN ----
oauthValidatorEnabled: false
nfInstanceId: 6faf1bbc-6e4a-4454-a507-a14ef8e1bc11
allowedClockSkewSeconds: 0
nrfPublicKeyKubeSecret: ''
nrfPublicKeyKubeNamespace: ''
validationType: relaxed
producerPlmnMNC: 123
producerPlmnMCC: 456
# ----OAUTH CONFIGURATION - END ----
# Enable it to accept incoming http requests
enableIncomingHttp: true
# ---- HTTPS Configuration - BEGIN ----
enableIncomingHttps: false
service:
ssl:
tlsVersion: TLSv1.2
initialAlgorithm: RSA256
privateKey:
k8SecretName: pcf-gateway-secret
k8NameSpace: ocpcf
rsa:
fileName: rsa_private_key_pkcs1.pem
certificate:
k8SecretName: pcf-gateway-secret
k8NameSpace: ocpcf
rsa:
fileName: ocegress.cer
caBundle:
k8SecretName: pcf-gateway-secret
k8NameSpace: ocpcf
fileName: caroot.cer
keyStorePassword:
k8SecretName: pcf-gateway-secret
k8NameSpace: ocpcf
fileName: key.txt
trustStorePassword:
k8SecretName: pcf-gateway-secret
k8NameSpace: ocpcf
fileName: trust.txt
egress-gateway:
# ---- Oauth Configuration - BEGIN ----
oauthClientEnabled: false
nrfAuthority: 10.75.224.7:8085
nfInstanceId: fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
consumerPlmnMNC: 345
consumerPlmnMCC: 567
# ---- Oauth Configuration - END ----
# ---- HTTPS Configuration - BEGIN ----
#Enabling it for egress https requests
enableOutgoingHttps: false
egressGwCertReloadEnabled: false
egressGwCertReloadPath: /egress-gw/store/reload
service:
ssl:
tlsVersion: TLSv1.2
initialAlgorithm: RSA256
privateKey:
k8SecretName: pcf-gateway-secret
k8NameSpace: ocpcf
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: pcf-gateway-secret
k8NameSpace: ocpcf
rsa:
fileName: ocegress.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: pcf-gateway-secret
k8NameSpace: ocpcf
fileName: caroot.cer
keyStorePassword:
k8SecretName: pcf-gateway-secret
k8NameSpace: ocpcf
fileName: key.txt
trustStorePassword:
k8SecretName: pcf-gateway-secret
k8NameSpace: ocpcf
fileName: trust.txt
# ---- HTTPS Configuration - END ----
# ---- SCP Configuration - BEGIN ----
# Change this to false when scp integration is not required
scpIntegrationEnabled: false
scpHttpHost: localhost
scpHttpPort: 80
scpHttpsHost: localhost
scpHttpsPort: 443
#Change this value to corresponding prefix "/" is not expected to be provided along. Applicable for SCP with TLS enabled. Example: nef , pcf etc.,
scpApiPrefix: /
# Default scheme applicable when 3gpp-sbi-target-apiroot header is missing
scpDefaultScheme: https
# ---- SCP Configuration - END ----
#Enable this if loadbalancing is to be done by egress instead of K8s
K8ServiceCheck: false
