3 OCNRF Customization
This section includes information about OCNRF customization.
OCNRF Configuration
This section describes about the OCNRF customization.
The OCNRF deployment is customized by overriding the default values of various configurable parameters.
Customize the yaml file
ocnrf-custom-values-1.5.1.yaml
as per the required parameters.
The
ocnrf-custom-values-1.5.1.yaml
template can be downloaded from OHC.
Download the package
Network Repository
Function (NRF) Custom Template and Unzip to get
ocnrf-custom-values-1.5.1.yaml
file.
Sample content of ocnrf-custom-values-1.5.1.yaml
Note:
- To download the
ocnrf-custom-values-1.5.1.yamlfile, refer section, Deployment of OCNRF in Cloud Native Environment. - To know more about the configurable parameters, refer section OCNRF Configuration Parameters.
# Copyright 2020 (C), Oracle and/or its affiliates. All rights reserved.
#########################################################
# Section Start: global attributes #
#########################################################
global:
# MYSQL configurable params
mysql:
primary:
# Primary DB Connection Service IP or Hostname
host: "ocnrf-mysql"
port: 3306
secondary:
# Secondary DB Connection Service IP or Hostname
host: "ocnrf-mysql"
port: 3306
# OCNRF's Ingress Gateway's Name and Port. This value is used in UriList of NfListRetrival Service Operation response.
# The endpoint needs to be OCNRF's External Routable FQDN (e.g. ocnrf.oracle.com)
# OR External Routable IpAddress (e.g. 10.75.212.60)
# OR for routing with in the same K8 cluster use full NRF Ingress Gateway's Service FQDN as below format
# <helm-release-name>-ingressgateway.<namespace>.svc.<cluster-domain-name>
# e.g ocnrf-ingressgateway.nrf-1.svc.cluster.local
# where
# "ocnrf": is the helm release name (deployment name that will be used during "helm install")
# "nrf-1": is the namespace in which NRF will be deployed
# "cluster.local": is the K8's dnsDomain name
# (dnsDomain can be found using "kubectl -n kube-system get configmap kubeadm-config -o yaml | grep -i dnsDomain")
endpoint: "ocnrf-ingressgateway.ocnrf.svc.cluster.local"
endpointPort: 80
# OCNRF's NF Instance ID
nrfInstanceId: 6faf1bbc-6e4a-4454-a507-a14ef8e1bc5c
# Docker Registry's Host or IP from where container images will be pulled.
dockerRegistry: ocnrf-registry.us.oracle.com:5000
# Namespace and secret name for database connections
# This secret will contain mysql db name, user to access db name and password for the user
database:
nameSpace: "ocnrf"
name: "database-secret"
# serviceAccountName is a mandatory parameter
#
# Kubernetes Secret resource is used for below use cases in OCNRF
# - For providing MYSQL DB Details to micro-services
# - For providing NRF's Private Key, NRF's Certificate and CA Certificate Details to Ingress/Egress Gateway for TLS
# - For providing NRF's Private and NRF's Public Keys to nfAccessToken micro-service for Digitally Signing AccessTokenClaims.
# - For providing Producer/Consumer NF's Service/Endpoint details for routing messages from/to Egress/Ingress Gateway.
#
# The Secret(s) can be under same namespace where OCNRF is getting deployed (recommended) or
# Operator can choose to use different namespaces for different secret(s).
#
# If all the Secret(s) are under same namespace as OCNRF, then Kubernetes Role can be binded with the given ServiceAccount.
# Otherwise ClusterRole needs to be binded with the given ServiceAccount.
#
# The Role/ClusterRole needs to be created with resources: (services, configmaps, pods, secrets, endpoints) and (verbs: get, watch, list)
#
# E.g:
#
# apiVersion: rbac.authorization.k8s.io/v1
# kind: Role
# metadata:
# labels:
# name: ocnrf-role
# namespace: ocnrf
# rules:
# - apiGroups:
# - ""
# resources:
# - services
# - configmaps
# - pods
# - secrets
# - endpoints
# verbs:
# - get
# - list
# - watch
serviceAccountName:
# ******** Sub-Section Start: Ingress Gateway Global Parameters ********
#**************************************************************************
# Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: false
# Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
# If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress
# Else random IP will be assigned by the metalLB from its IP Pool
staticIpAddressEnabled: false
staticIpAddress: 10.75.212.50
# If Static node port needs to be set, then set staticNodePortEnabled flag to true and
# provide value for staticHttpNodePort or staticHttpsNodePort
# Else random node port will be assigned by K8
staticNodePortEnabled: false
staticHttpNodePort: 30080
staticHttpsNodePort: 30443
# Service Port on which OCNRF's Ingress Gateway will be exposed
# If enableIncomingHttp is true, publicHttpSignalingPort will be used as HTTP/2.0 Port (unsecured)
# If enableIncomingHttps is true, publicHttpsSignallingPort Port will be used as HTTPS/2.0 Port (secured TLS)
publicHttpSignalingPort: 80
publicHttpsSignallingPort: 443
# ******** Sub-Section End: Ingress Gateway Global Parameters ********
#**************************************************************************
#########################################################
# Section End : global attributes #
#########################################################
#########################################################
# Section Start: ingressgateway attributes #
#########################################################
ingressgateway:
# This flag is for enabling/disabling HTTP/2.0 (insecure) in Ingress Gateway.
# If the value is set to false, NRF will not accept any HTTP/2.0 (unsecured) Traffic
# If the value is set to true, NRF will accept HTTPS/2.0 (unsecured) Traffic
enableIncomingHttp: true
# This flag is for enabling/disabling HTTPS/2.0 (secured TLS) in Ingress Gateway.
# If the value is set to false, NRF will not accept any HTTPS/2.0 (secured) Traffic
# If the value is set to true, NRF will accept HTTPS/2.0 (secured) Traffic
enableIncomingHttps: false
# Ingress Gateway Service Container Image Details
image:
# Ingress Gateway image name
name: ocingress_gateway
# tag name of image
tag: 1.5.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# Ingress Gateway Init Container Image Details
initContainersImage:
# init Containers image name
name: configurationinit
# tag name of init Container image
tag: 0.3.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# Ingress Gateway Update Container Image Details
updateContainersImage:
# update Containers image name
name: configurationupdate
# tag name of update Container image
tag: 0.3.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# enable Jaeger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# Update this configuration when jaeger tracing is enabled.
# udpsender host
host: "jaeger-agent.cne-infra"
# udpsender port
port: 6831
# Jaeger message sampler. Value range: 0 to 1
# e.g. Value 0: No Trace will be sent to Jaeger collector
# e.g. Value 0.3: 30% of message will be sampled and will be sent to Jaeger collector
# e.g. Value 1: 100% of message (i.e. all the messages) will be sampled and will be sent to Jaeger collector
probabilisticSampler: 0.5
# Allowed CipherSuites for TLS1.2
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
service:
# configuration under ssl section is mandatory if enableIncomingHttps is configured as "true"
ssl:
# OCNRF private key details for HTTPS
# Secret Name, Namespace, Keydetails
privateKey:
k8SecretName: ocingress-secret
k8NameSpace: ocnrf
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
# OCNRF certificate details for HTTPS
# Secret Name, Namespace, Keydetails
certificate:
k8SecretName: ocingress-secret
k8NameSpace: ocnrf
rsa:
fileName: ssl_rsa_certificate.crt
ecdsa:
fileName: ssl_ecdsa_certificate.crt
# OCNRF CA details for HTTPS
caBundle:
k8SecretName: ocingress-secret
k8NameSpace: ocnrf
fileName: caroot.cer
# OCNRF KeyStore password for HTTPS
# Secret Name, Namespace, Keydetails
keyStorePassword:
k8SecretName: ocingress-secret
k8NameSpace: ocnrf
fileName: ssl_keystore.txt
# OCNRF TrustStore password for HTTPS
# Secret Name, Namespace, Keydetails
trustStorePassword:
k8SecretName: ocingress-secret
k8NameSpace: ocnrf
fileName: ssl_truststore.txt
# Initial Algorithm for HTTPS
# Supported Values: ES256, RSA256
initialAlgorithm: RSA256
log:
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL
level: WARN
#########################################################
# Section End : ingressgateway attributes #
#########################################################
#########################################################
# Section Start: egressgateway attributes #
#########################################################
egressgateway:
# This flag is for enabling/disabling HTTPS/2.0 (secured TLS) in Egress Gateway.
# If the value is set to false, NRF will send only HTTP/2.0 (unsecured) Egress Traffic
# If the value is set to true, NRF will send only HTTPS/2.0 (secured) Egress Traffic
enableOutgoingHttps: false
# Egress Gateway Service Container Image Details
deploymentEgressGateway:
# Egress Gateway image name
image: ocegress_gateway
# tag name of image
imageTag: 1.5.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# Egress Gateway Init Container Image Details
initContainersImage:
# init Containers image name
name: configurationinit
# tag name of image
tag: 0.3.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# Egress Gateway Update Container Image Details
updateContainersImage:
# update Containers image name
name: configurationupdate
# tag name of image
tag: 0.3.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
# enable Jaeger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# Update this configuration when jaeger tracing is enabled.
# udpsender host
host: "jaeger-agent.cne-infra"
# udpsender port
port: 6831
# Jaeger message sampler. Value range: 0 to 1
# e.g. Value 0: No Trace will be sent to Jaeger collector
# e.g. Value 0.3: 30% of message will be sampled and will be sent to Jaeger collector
# e.g. Value 1: 100% of message (i.e. all the messages) will be sampled and will be sent to Jaeger collector
probabilisticSampler: 0.5
# ******** Sub-Section Start: SCP released Parameters ********
#*******************************************************************
# Using SCP as an Proxy in Egress Gateway
# If it is configured as false, SCP will not be used as an proxy.
# Messages will be directly sent to the Producers/HTTP Servers.
# If it is configured as true, SCP will be used as an Proxy for
# delivering messages to the Producers/HTTP Servers.
scpIntegrationEnabled: false
# SCP Configuration For Egress Gateway
# All the SCP related configuration will be used only
# if scpIntegrationEnabled is set to true.
#
# SCP's HTTP Host/IP and Port Combination.
# This will be while sending HTTP/2.0 (unsecured) traffic
scpHttpHost: localhost
scpHttpPort: 80
# SCP's HTTPS Host/IP and Port Combination.
# This will be while sending HTTPS/2.0 (secured) traffic
scpHttpsHost: localhost
scpHttpsPort: 443
# SCP's API Prefix. (Applicable only for SCP with TLS enabled)
# This will be used for constructing the Egress messgage's APIROOT while proxying message to SCP.
# Change this value to SCP's apiprefix. "/" is not expected to be provided along.
scpApiPrefix: /
# SCP's default scheme when 3gpp-sbi-target-apiroot header is missing
scpDefaultScheme: https
# ******** Sub-Section End : SCP released Parameters ********
#*******************************************************************
# Allowed CipherSuites for TLS1.2
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
service:
# configuration under ssl section is mandatory if enableOutgoingHttps is configured as "true"
ssl:
# OCNRF private key details for HTTPS
# Secret Name, Namespace, Keydetails
privateKey:
k8SecretName: ocegress-secret
k8NameSpace: ocnrf
rsa:
fileName: ssl_rsa_private_key.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
# OCNRF certificate details for HTTPS
# Secret Name, Namespace, Keydetails
certificate:
k8SecretName: ocegress-secret
k8NameSpace: ocnrf
rsa:
fileName: ssl_rsa_certificate.crt
ecdsa:
fileName: ssl_ecdsa_certificate.crt
# OCNRF CA details for HTTPS
caBundle:
k8SecretName: ocegress-secret
k8NameSpace: ocnrf
fileName: ssl_cabundle.crt
# OCNRF KeyStore password for HTTPS
# Secret Name, Namespace, Keydetails
keyStorePassword:
k8SecretName: ocegress-secret
k8NameSpace: ocnrf
fileName: ssl_keystore.txt
# OCNRF TrustStore password for HTTPS
# Secret Name, Namespace, Keydetails
trustStorePassword:
k8SecretName: ocegress-secret
k8NameSpace: ocnrf
fileName: ssl_truststore.txt
# Initial algorithm for HTTPS
# Support Values: ES256, RSA256
initialAlgorithm: RSA256
log:
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL
level: WARN
#########################################################
# Section End : egressgateway attributes #
#########################################################
#########################################################
# Section Start: nfregistration attributes #
#########################################################
# NRF microservices
nfregistration:
image:
# image name
name: ocnrf-nfregistration
# tag name of image
tag: 1.5.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
log:
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL
level: WARN
#########################################################
# Section End : nfregistration attributes #
#########################################################
#########################################################
# Section Start: nfsubscription attributes #
#########################################################
nfsubscription:
image:
# image name
name: ocnrf-nfsubscription
# tag name of image
tag: 1.5.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
log:
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL
level: WARN
#########################################################
# Section End : nfsubscription attributes #
#########################################################
#########################################################
# Section Start: nrfauditor attributes #
#########################################################
nrfauditor:
image:
# image name
name: ocnrf-nrfauditor
# tag name of image
tag: 1.5.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
log:
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL
level: WARN
#########################################################
# Section End : nrfauditor attributes #
#########################################################
#########################################################
# Section Start: nfdiscovery attributes #
#########################################################
nfdiscovery:
image:
# image name
name: ocnrf-nfdiscovery
# tag name of image
tag: 1.5.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
log:
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL
level: WARN
#########################################################
# Section End : nfdiscovery attributes #
#########################################################
#########################################################
# Section Start: nrfconfiguration attributes #
#########################################################
nrfconfiguration:
image:
# image name
name: ocnrf-nrfconfiguration
# tag name of image
tag: 1.5.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
service:
# Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: false
# Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: oam"
# If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress
# Else random IP will be assigned by the metalLB from its IP Pool
staticIpAddressEnabled: false
staticIpAddress: 10.75.212.50
# If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort
# Else random node port will be assigned by K8
staticNodePortEnabled: false
staticNodePort: 30076
log:
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL
level: WARN
#########################################################
# Section End : nrfconfiguration attributes #
#########################################################
#########################################################
# Section Start: nfaccesstoken attributes #
#########################################################
# Details of NF Access Token Microservice
nfaccesstoken:
# Flag to disable Oauth micro-service
enabled: true
# Image Details
image:
name: ocnrf-nfaccesstoken
tag: 1.5.1
pullPolicy: IfNotPresent
# Image details for Access token Key certificate infrastructure
initContainersImage:
name: configurationinit
tag: 0.3.0
pullPolicy: IfNotPresent
updateContainersImage:
name: configurationupdate
tag: 0.3.0
pullPolicy: IfNotPresent
# Access token key certificate infrastructure details
oauth:
# OCNRF Private key details
privateKey:
# K8 Secret Name for OCNRF Private key
k8SecretName: ocnrfaccesstoken-secret
# Namespace for OCNRF Private key
k8NameSpace: ocnrf
# Different key file names
rsa:
fileName: rsa_private_key.pem
ecdsa:
fileName: ecdsa_private_key.pem
# OCNRF certificate
certificate:
# K8 Secret Name for OCNRF certificate
k8SecretName: ocnrfaccesstoken-secret
# Namespace for OCNRF certificate
k8NameSpace: ocnrf
# OCNRF certificates
rsa:
fileName: rsa_certificate.crt
ecdsa:
fileName: ecdsa_certificate.crt
# Keystore password configuration from Secret
keyStorePassword:
# K8 Secret Name for keystore password
k8SecretName: ocnrfaccesstoken-secret
# Namespace secret Name for keystore password
k8NameSpace: ocnrf
# KeyStore password file
fileName: keystore_password.txt
# Initial Algorithm for Access Token key certificate infrastucture
initialAlgorithm: ES256
log:
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL
level: WARN
#########################################################
# Section End : nfaccesstoken attributes #
#########################################################
OCNRF Configuration Parameters
This section includes information about the configuration parameters of OCNRF.
OCNRF allows customization of parameters for the following services and related settings.
Global Parameters
Table 3-1 Global Parameters
| Parameter | Description | Default value | Mandatory (M)/Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
mysql.primary.host
|
Primary DB Connection Service IP or Hostname | ocnrf-mysql | M | Primary DB Connection Service HostName or IP | OCNRF connects to Primary DB Connection Service if not available then it connects to Secondary DB Connection Service. For NDB Cluster, use Host/IP of the DB Connection Service. |
mysql.primary.port
|
Primary DB Connection Service | 3306 | M | Primary DB Connection Service Port | Port that is used while connecting to Primary DB Connection Service. |
mysql.secondary.host
|
Secondary DB Connection Service IP or Hostname | ocnrf-mysql | O | Secondary DB Connection Service HostName or IP | OCNRF connects to Secondary DB Connection Service only if the Primary DB Connection Service is unavailable. It again switch pack to Primary DB Connection Service one it is available. For NDB Cluster, use Host/IP of the Remote DB Connection Service (if available). |
mysql.secondary.port
|
Secondary DB Connection Service Port | 3306 | O | Secondary DB Connection Service Port | Port that is used while connecting to Secondary DB Connection Service. |
endpoint
|
OCNRF END Point Name | ocnrf-ingressgateway.ocnrf.svc.cluster.local | M | Service Name for OCNRF ingress gateway |
OCNRF Ingress Gateway's Name and Port. This value is used in UriList of NfListRetrival Service Operation response. The endpoint needs to be OCNRF's External Routable FQDN (e.g. ocnrf.oracle.com) OR External Routable IpAddress (e.g. 10.75.212.60) OR for routing with in the same K8 cluster use full OCNRF ingress gateway Service FQDN as below format
e.g ocnrf-ingressgateway.nrf-1.svc.cluster.local where "ocnrf": is the helm release name (deployment name that will be used during "helm install") "nrf-1": is the namespace in which OCNRF is deployed "cluster.local": is the K8's dnsDomain name (dnsDomain can be found using "kubectl -n kube-system get configmap kubeadm-config -o yaml | grep -i dnsDomain") Note: This value must be changed during deployment based on the configuration. |
endpointPort
|
OCNRF END Point Port | 80 | M | Port for OCNRF ingress gateway | This parameter is used as OCNRF end point port. |
nrfInstanceId
|
OCNRF's NF Instance ID | 6faf1bbc-6e4a-4454-a507-a14ef8e1bc5c | M | OCNRF's NfInstance Id (UUID format) | |
dockerRegistry
|
Registry for docker | ocnrf-registry.us.oracle.com:5000 | M | Docker Registry's FQDN/Port where OCNRF's docker images are available. | |
database.nameSpace
|
Namespace for database connection | ocnrf | M |
The Namespace where the Kubernetes Secret is created which contains MYSQL details. Note: See database.name configuration for more details. |
|
database.name
|
Secret name for database connection | database-secret | M |
The Kubernetes Secret which contains the Database name, Database User name and the Password. Note: Refer OCNRF Pre-requisites section for the file format. |
|
serviceAccountName
|
ServiceAccount which is having permission for get, watch and list operation for below kubernetes resources; services, configmaps, pods, secrets and endpoints |
M |
This SeviceAccount is used for:
Refer to prerequisites for command details.
|
Ingress Gateway Global
Parameters
Table 3-2 Ingress Gateway Global Parameters
| Parameter | Description | Default value | Mandatory (M)/Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
metalLbIpAllocationEnabled
|
Enable or disable IP Address allocation from Metallb Pool | false | O | true/false | |
metalLbIpAllocationAnnotation
|
Address Pool Annotation for Metallb | metallb.universe.tf/address-pool: signaling | M when
metalLbIpAlocationEnabled
is true
|
||
staticIpAddressEnabled
|
Static load balancer IP enabled flag | false | O | true/false | |
staticIpAddress
|
Static IP address assigned to the Load Balancer from the metalLB IP pool. | 10.75.212.50 | M, when
staticIpAddressEnabledis
true
|
If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress. Else random IP will be assigned by the metalLB from its IP Pool. | |
staticNodePortEnabled
|
Static Node Port enabled flag | false | O | true/false | If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticHttpNodePort or staticHttpsNodePort. Else random node port will be assigned by K8. |
staticHttpNodePort
|
HTTP node port | 30080 |
M, when
|
||
staticHttpsNodePort
|
HTTPs node port | 30443 |
M, when
|
||
publicHttpSignalingPort
|
Service Port on which OCNRF's Ingress Gateway is exposed | 80 | O | If enableIncomingHttp is true, publicHttpSignalingPort will be used as HTTP/2.0 Port (unsecured) | |
publicHttpsSignallingPort
|
Service Port on which OCNRF's Ingress Gateway is exposed | 443 | O | If enableIncomingHttps is true, publicHttpsSignallingPort Port will be used as HTTPS/2.0 Port (secured TLS) |
Ingress Gateway
Table 3-3 Ingress Gateway
| Parameter | Description | Default value | Mandatory (M)/Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
ingressgateway.enableIncomingHttp
|
This flag is for enabling/disabling HTTP/2.0 (insecure) in Ingress Gateway. | true | O | true/false |
If the value is set to false, OCNRF will not accept any HTTP/2.0 (unsecured) Traffic. If the value is set to true, OCNRF will accept HTTP/2.0 (unsecured) Traffic |
ingressgateway.enableIncomingHttps
|
This flag is for enabling/disabling HTTPS/2.0 (secure) in Ingress Gateway. | false | O | true/false |
If the value is set to false, OCNRF will not accept any HTTPS/2.0 (unsecured) Traffic. If the value is set to true, OCNRF will accept HTTPS/2.0 (unsecured) Traffic |
ingressgateway.image.name
|
Ingress Gateway image name. | ocingress_gateway | O | ||
ingressgateway.image.tag
|
Tag name of Ingress Gateway image | 1.5.1 | O | ||
ingressgateway.image.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
ingressgateway.initContainersImage.name
|
Image Name for Ingress Gateway init container | configurationinit | O | ||
ingressgateway.initContainersImage.tag
|
Tag name of Ingress Gateway init container | 0.3.0 | O | ||
ingressgateway.initContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
ingressgateway.updateContainersImage.name
|
Image Name for Ingress Gateway update container | configurationupdate | O | ||
ingressgateway.updateContainersImage.tag
|
Tag name of Ingress Gateway update container | 0.3.0 | O | ||
ingressgateway.updateContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
ingressgateway.jaegerTracingEnabled
|
Flag to enable or disable the Jaeger Tracing at ingressgateway | false | O | true / false | While making this flag as true, update the below attributes with correct values. |
ingressgateway.opentracing.jaeger.udpsender.host
|
Host name of Jaeger Agent Service | jaeger-agent.cne-infra | M, if
ingressgateway.jaegerTracingEnabled
is true
|
||
ingressgateway.opentracing.jaeger.udpsender.port
|
Port of Jaeger Agent Service | 6831 | M, if
ingressgateway.jaegerTracingEnabled
is true
|
||
ingressgateway.opentracing.jaeger.probabilisticSampler
|
Jaeger message sampler | 0.5 | O | 0 to 1 | # Jaeger message sampler. Value range: 0 to 1 # e.g. Value 0: No Trace will be sent to Jaeger collector # e.g. Value 0.3: 30% of message will be sampled and will be sent to Jaeger collector # e.g. Value 1: 100% of message (i.e. all the messages) will be sampled and will be sent to Jaeger collector |
ingressgateway.cipherSuites
|
Allowed CipherSuites for TLS1.2 | M, if
ingressgateway.enableIncomingHttps
is true
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
||
ingressgateway.service.ssl.privateKey.k8SecretName
|
Secret name that contains OCNRF Ingress gateway Private Key | ocingress-secret |
M, if
|
||
ingressgateway.service.ssl.privateKey.k8NameSpace
|
Namespace in which k8SecretName is present | ocnrf |
M, if
|
||
ingressgateway.service.ssl.privateKey.rsa.filename
|
OCNRF's Private Key (RSA type) file name | rsa_private_key_pkcs1.pem | M, if
ingressgateway.enableIncomingHttps
is true and
ingressgateway.service.ssl.initialAlgorithm
is RSA256
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF's ingress gateway will not comeup. | |
ingressgateway.service.ssl.privateKey.ecdsa.filename
|
OCNRF's Private Key (ECDSA type) file name | ssl_ecdsa_private_key.pem |
M, if
|
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's ingress gateway will not comeup. | |
ingressgateway.service.ssl.certificate.k8SecretName
|
Secret name that contains OCNRF's Certificate for HTTPS | ocingress-secret | M, if
ingressgateway.enableIncomingHttps
is true
|
This is a Secret object for OCNRFcertificate details for HTTPS. | |
ingressgateway.service.ssl.certificate.k8NameSpace
|
Namespace in which OCNRF's Certificate is present | ocnrf | M, if
ingressgateway.enableIncomingHttps
is true
|
||
ingressgateway.service.ssl.certificate.rsa.filename
|
OCNRF's Certificate (RSA type) file name | ssl_rsa_certificate.crt |
M, if
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF's ingress gateway will not comeup. | |
ingressgateway.service.ssl.certificate.ecdsa.filename
|
OCNRF's Certificate (ECDSA type) file name | ssl_ecdsa_certificate.crt |
M, if
|
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's ingress gateway will not comeup. | |
ingressgateway.service.ssl.caBundle.k8SecretName
|
Secret name that contains OCNRF's CA details for HTTPS | ocingress-secret |
M, if
|
||
ingressgateway.service.ssl.caBundle.k8NameSpace
|
Namespace in which OCNRF's CA details is present | ocnrf |
M, if
|
||
ingressgateway.service.ssl.caBundle.filename
|
OCNRF's CA bundle filename | caroot.cer |
M, if
|
||
ingressgateway.service.ssl.keyStorePassword.k8SecretName
|
Secret name that contains keyStorePassword | ocingress-secret |
M, if
|
||
ingressgateway.service.ssl.keyStorePassword.k8NameSpace
|
Namespace in which OCNRF's keystore password is present | ocnrf |
M, if
|
||
ingressgateway.service.ssl.keyStorePassword.fileName
|
OCNRF's Key Store password Filename | ssl_keystore.txt |
M, if
|
||
ingressgateway.service.ssl.trustStorePassword.k8SecretName
|
Secret name that contains trustStorePassword | ocingress-secret |
M, if
|
||
ingressgateway.service.ssl.trustStorePassword.k8NameSpace
|
Namespace in which trustStorePassword is present | ocnrf |
M, if
|
||
ingressgateway.service.ssl.trustStorePassword.fileName
|
OCNRF's trustStorePassword Filename | ssl_truststore.txt |
M, if
|
||
ingressgateway.service.ssl.initialAlgorithm
|
Initial Algorithm for HTTPS | ES256 | O | ES256, RSA256 | Algorithm that will be used in TLS handshake |
ingressgateway.service.log.level
|
setting logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL |
Egress Gateway
Table 3-4 Egress Gateway
| Parameter | Description | Default value | Mandatory (M)/ Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
egressgateway.enableOutgoingHttps
|
This flag is for enabling/disabling HTTPS/2.0 (secured TLS) in Egress Gateway. | false | O | true/false |
If the value is set to false, OCNRF will not accept any HTTPS/2.0 (unsecured) Traffic. If the value is set to true, OCNRF will accept HTTPS/2.0 (unsecured) Traffic |
egressgateway.deploymentEgressGateway.image
|
Egress Gateway image name | ocegress_gateway | O | ||
egressgateway.deploymentEgressGateway.imageTag
|
tag name of image | 1.5.1 | O | ||
egressgateway.deploymentEgressGateway.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
egressgateway.initContainersImage.name
|
Image Name for Egress Gateway init container | configurationinit | O | ||
egressgateway.initContainersImage.tag
|
Tag name of Egress Gateway init container | 0.3.0 | O | ||
egressgateway.initContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
egressgateway.updateContainersImage.name
|
Image Name for Egress Gateway update container | configurationupdate | O | ||
egressgateway.updateContainersImage.tag
|
Tag name of Egress Gateway update container | 0.3.0 | O | ||
egressgateway.updateContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
egressgateway.jaegerTracingEnabled
|
Flag to enable or disable the Jaeger Tracing at egress gateway | false | O | true / false | While making this flag as true, update the below attributes with correct values. |
egressgateway.opentracing.jaeger.udpsender.host
|
Host name of Jaeger Agent Service | jaeger-agent.cne-infra |
M, if
|
||
egressgateway.opentracing.jaeger.udpsender.port
|
Port of Jaeger Agent Service | 6831 |
M, if
|
||
egressgateway.opentracing.jaeger.probabilisticSampler
|
Jaeger message sampler | 0.5 | O | 0 to 1 | # Jaeger message sampler. Value range: 0 to 1
# e.g. Value 0: No Trace will be sent to Jaeger collector # e.g. Value 0.3: 30% of message will be sampled and will be sent to Jaeger collector # e.g. Value 1: 100% of message (i.e. all the messages) will be sampled and will be sent to Jaeger collector |
egressgateway.scpIntegrationEnabled
|
Using SCP as an Proxy in Egress Gateway | false | O | true/false | If it is configured as false, SCP will not be used as an proxy. Messages will be directly sent to the Producers/HTTP Servers. If it is configured as true, SCP will be used as an Proxy for delivering messages to the Producers/HTTP Servers. |
egressgateway.scpHttpHost
|
SCP Configuration For Egress Gateway | localhost |
M, if
|
All the SCP related configuration will be used only if scpIntegrationEnabled is set to true. SCP's HTTP Host/IP and Port Combination. This will be while sending HTTP/2.0 (unsecured) traffic. | |
egressgateway.scpHttpPort
|
SCP's HTTP Port | 80 |
M, if
|
||
egressgateway.scpHttpsHost
|
SCP Configuration For Egress Gateway | localhost |
M, if
|
All the SCP related configuration will be used only if scpIntegrationEnabled is set to true. SCP's HTTP Host/IP and Port Combination. This will be while sending HTTP/2.0 (unsecured) traffic. | |
egressgateway.scpHttpsPort
|
SCP's HTTPS Port | 443 |
M, if
|
This will be while sending HTTPS/2.0 (unsecured) traffic. | |
egressgateway.scpApiPrefix
|
SCP's API Prefix. (Applicable only for SCP with TLS enabled) | / | O | This will be used for constructing the Egress messgage's APIROOT while proxying message to SCP. Change this value to SCP's apiprefix. "/" is not expected to be provided along. | |
egressgateway.scpDefaultScheme
|
SCP's default scheme when 3gpp-sbi-target-apiroot header is missing | https | O | ||
egressgateway.cipherSuites
|
Allowed CipherSuites for TLS1.2 | M, if
egressgateway.enableOutgoingHttps
is true
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
||
egressgateway.service.ssl.privateKey.k8SecretName
|
Secret name that contains OCNRF Egress gateway Private Key | ocegress-secret | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.privateKey.k8NameSpace
|
Namespace in which k8SecretName is present | ocnrf | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.privateKey.rsa.filename
|
OCNRF's Private Key (RSA type) file name | ssl_rsa_private_key.pem | M, if
egressgateway.enableOutgoingHttps
is true and
egressgateway.service.ssl.initialAlgorithm
is RSA256
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF's egress gateway will not comeup. | |
egressgateway.service.ssl.privateKey.ecdsa.filename
|
OCNRF's Private Key (ECDSA type) file name | ssl_ecdsa_private_key.pem | M, if
egressgateway.enableOutgoingHttps
is true and
egressgateway.service.ssl.initialAlgorithm
is ES256
|
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's egress gateway will not comeup. | |
egressgateway.service.ssl.certificate.k8SecretName
|
Secret name that contains OCNRF's Certificate for HTTPS | ocegress-secret | M, if
egressgateway.enableOutgoingHttps
is true
|
This is a Secret object for OCNRFcertificate details for HTTPS. | |
egressgateway.service.ssl.certificate.k8NameSpace
|
Namespace in which OCNRF's Certificate is present | ocnrf | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.certificate.rsa.filename
|
OCNRF's Certificate (RSA type) file name | ssl_rsa_certificate.crt | M, if
egressgateway.enableOutgoingHttps
is true and
egressgateway.service.ssl.initialAlgorithm
is RSA256
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF's egress gateway will not comeup. | |
egressgateway.service.ssl.certificate.ecdsa.filename
|
OCNRF's Certificate (ECDSA type) file name | ssl_ecdsa_certificate.crt | M, if
egressgateway.enableOutgoingHttps
is true and
egressgateway.service.ssl.initialAlgorithm
is ES256
|
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's egress gateway will not comeup. | |
egressgateway.service.ssl.caBundle.k8SecretName
|
Secret name that contains OCNRF's CA details for HTTPS | ocegress-secret | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.caBundle.k8NameSpace
|
Namespace in which OCNRF's CA details is present | ocnrf | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.caBundle.filename
|
OCNRF's CA bundle filename | ssl_cabundle.crt | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.keyStorePassword.k8SecretName
|
Secret name that contains keyStorePassword | ocegress-secret | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.keyStorePassword.k8NameSpace
|
Namespace in which OCNRF's keystore password is present | ocnrf | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.keyStorePassword.fileName
|
OCNRF's Key Store password Filename | ssl_keystore.txt | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.trustStorePassword.k8SecretName
|
Secret name that contains trustStorePassword | ocegress-secret | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.trustStorePassword.k8NameSpace
|
Namespace in which trustStorePassword is present | ocnrf | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.trustStorePassword.fileName
|
OCNRF's trustStorePassword Filename | ssl_truststore.txt | M, if
egressgateway.enableOutgoingHttps
is true
|
||
egressgateway.service.ssl.initialAlgorithm
|
Initial Algorithm for HTTPS | RSA256 | O | ES256, RSA256 | Algorithm that will be used in TLS handshake |
egressgateway.service.log.level
|
setting logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL |
NF Registration Micro
service (
nfregistration)
Table 3-5 NF Registration
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
nfregistration.image.registry
|
Docker registry name | ocnrf | O | Registry name | |
nfregistration.image.name
|
Full Image Path | ocnrf-nfregistration | O | Full image path of image | |
nfregistration.image.tag
|
Tag of Image | 1.5.1 | O | Tag of image in docker repository | |
nfregistration.image.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Possible Values -
Always,
IfNotPresent, Never
|
|
nfregistration.log.level
|
Logging level | INFO | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL | Logging level |
NF Subscription Micro
service (
nfsubscription)
Table 3-6 NF Subscription
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) |
|---|---|---|---|---|
nfsubscription.image.registry
|
Docker registry name | ocnrf | O | |
nfsubscription. image.name
|
Full Image Path | ocnrf-nfsubscription | O | Full image path of image |
nfsubscription.image.tag
|
Tag of Image | 1.5.1 | O | Tag of image in docker repository |
nfsubscription.image.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Possible Values:
Always,
IfNotPresent, Never
|
nfsubscription.log.level
|
Logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL |
OCNRF Auditor Micro
service (
nrfauditor)
Table 3-7 OCNRF Auditor
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) |
|---|---|---|---|---|
nrfauditor.image.registry
|
Docker registry name | ocnrf | O | |
nrfauditor.image.name
|
Full Image Path | ocnrf-nrfauditor | O | Full image path of image |
nrfauditor.image.tag
|
Tag of Image | 1.5.1 | O | Tag of image in docker repository |
nrfauditor.image.pullPolicy
|
This setting indicates if the image needs to be pulled or not | IfNotPresent | O | Possible Values:
Always,
IfNotPresent, Never
|
nrfauditor.log.level
|
Logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL |
NF Discovery Micro
service (
nfdiscovery)
Table 3-8 NF Discovery
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) |
|---|---|---|---|---|
nfdiscovery.image.registry
|
Docker registry name | ocnrf | O | Registry name |
nfdiscovery.image.name
|
Full Image Path | ocnrf-nfdiscovery | O | Full image path of image |
nfdiscovery.image.tag
|
Tag of Image | 1.5.1 | O | Tag of image in docker repository |
nfdiscovery.image.pullPolicy
|
This setting determines if image needs to be pulled or not | IfNotPresent | O | Possible Values:
Always,
IfNotPresent, Never
|
nfdiscovery.log.level
|
Logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL |
OCNRF Configuration
Table 3-9 OCNRF Configuration
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
image.registry
|
Docker registry name | ocnrf | O | Registry name | |
image.name
|
Full Image Path | nrfconfiguration | O | Full image path of image | |
image.tag
|
Tag of Image | 1.5.1 | O | Tag of image in docker repository | |
image.pullPolicy
|
This setting determines if image needs to be pulled or not | IfNotPresent | O | Possible Values:
Always,
IfNotPresent, Never
|
|
log.level
|
Logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL | |
service.metalLbIpAllocationEnabled
|
Enable or disable IP Address allocation from Metallb Pool | false | O | As defined by operator | If this flag is enabled, the IP Address is allocated from Metallb Pool. |
service.metalLbIpAllocationAnnotation
|
Address Pool for Metallb |
metallb.universe.tf/address-pool : oam |
M, if
|
Address Pool Annotation for Metallb | |
service.staticIpAddressEnabled
|
Static load balancer IP enabled flag | false | O | If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress. Else random IP will be assigned by the metalLB from its IP Pool | |
service.staticIpAddress
|
Static load balancer IP | 10.75.212.50 |
M, if
|
Static IP address assigned to the Load Balancer from the metalLB IP pool. | |
service.staticNodePortEnabled
|
Static Node Port enabled flag | false | O | If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort, else random node port will be assigned by K8 | |
service.staticNodePort
|
Static Node Port | 30076 |
M, if
|
If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort Else random node port will be assigned by K8 |
NF Access
Token(nfaccesstoken)
Table 3-10 NF Access Token
| Parameter | Description | Default value | Mandatory (M) / Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
nfaccesstoken.enabled
|
Flag to disable Oauth functionality | true | O | true / false | If AccessToken service is not required, operator can choose to set it as false so that nfAccessToken micro-service will not be deployed. |
nfaccesstoken.image.name
|
Full Image Path for access token service container | ocnrf-nfaccesstoken | O | Full image path of image | |
nfaccesstoken.image.tag
|
Tag of Image | 1.5.1 | O | Tag of image in docker repository | |
nfaccesstoken.image.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Possible Values - Always IfNotPresent Never | |
nfaccesstoken.initContainersImage.name
|
Full Image Path for init container | configurationinit | O | Image Name for Access token Key certificate infrastructure | This image is used by OCNRF gateway for Key/Certificate infrastructure. |
nfaccesstoken.initContainersImage.tag
|
Tag of Image | 0.3.0 | O | Tag of image in docker repository | |
nfaccesstoken.initContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Possible Values - Always IfNotPresent Never | |
nfaccesstoken.updateContainersImage.name
|
Full Image Path for update container | configurationupdate | O | Image Name for Access token Key certificate infrastructure | |
nfaccesstoken.updateContainersImage.tag
|
Tag of Image | 0.3.0 | O | Tag of image in docker repository | |
nfaccesstoken.updateContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Possible Values - Always IfNotPresent Never | |
nfaccesstoken.oauth.privateKey.k8SecretName
|
Secret name that contains OCNRF Private key | ocnrfaccesstoken-secret | M, if
nfaccesstoken.enabled
is true
|
This is a Secret object for OCNRFPrivate Key. | |
nfaccesstoken.oauth.privateKey.k8NameSpace
|
Namespace in which OCNRF Private key is present | ocnrf | M, if
nfaccesstoken.enabled
is true
|
||
nfaccesstoken.oauth.privateKey.rsa.filename
|
OCNRF's Private Key (RSA type) file name | rsa_private_key.pem | M, if
nfaccesstoken.enabled
is true and
nfaccesstoken.oauth.initialAlgorithm
is RSA256
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF gateway will not comeup. | |
nfaccesstoken.oauth.privateKey.ecdsa.filename
|
ECDSA key file names | ecdsa_private_key.pem | M, if
nfaccesstoken.enabled
is true and
nfaccesstoken.oauth.initialAlgorithm
is ES256
|
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's NFAccessToken microservice will not comeup. | |
nfaccesstoken.oauth.certificate.k8SecretName
|
Secret name that contains OCNRF's certificate | ocnrfaccesstoken-secret | M, if
nfaccesstoken.enabled
is true
|
This is a Secret object for OCNRFcertificate details for HTTPS. | |
nfaccesstoken.oauth.certificate.k8NameSpace
|
Namespace in which k8SecretName is present | ocnrf | M, if
nfaccesstoken.enabled
is true
|
||
nfaccesstoken.oauth.certificate.rsa.filename
|
OCNRF's certificate (RSA type) file name | rsa_certificate.crt | M, if
nfaccesstoken.enabled
is true and
nfaccesstoken.oauth.initialAlgorithm
is RSA256
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF's NFAccessToken microservice will not comeup. | |
nfaccesstoken.oauth.certificate.ecdsa.filename
|
OCNRF's certificate (ECDSA type) file name | ecdsa_certificate.crt | M, if
nfaccesstoken.enabled
is true and
nfaccesstoken.oauth.initialAlgorithm
is ES256
|
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's NFAccessToken microservice will not comeup. | |
nfaccesstoken.oauth.keyStorePassword.k8SecretName
|
Secret name that contains OCNRF's keystore password | ocnrfaccesstoken-secret | M, if
nfaccesstoken.enabled
is true
|
||
nfaccesstoken.oauth.keyStorePassword.k8NameSpace
|
Namespace in which OCNRF's keystore password is present | ocnrf | M, if
nfaccesstoken.enabled
is true
|
Password that is used for creating in-memory Java Key Store (JKS) | |
nfaccesstoken.oauth.keyStorePassword.filename
|
KeyStore password file | keystore_password.txt | M, if
nfaccesstoken.enabled
is true
|
||
nfaccesstoken.oauth.initialAlgorithm
|
Initial Algorithm for Access Token key certificate infrastructure | ES256 | O | ES256, RSA256 | |
nfaccesstoken.log.level
|
Logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL |