CNCC Core Configuration Parameters
Following tables provide list of configuration parameters in the Helm file:
| Attribute Name | DataType | Range | Mandatory(M)/ Optional(O)/Conditional(C) | Description |
|---|---|---|---|---|
| global.cnccServiceAccountName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. An image name may not start with a period or a dash and may contain a maximum of 128 characters. | O |
Name of service account. If this field is kept empty then a default service account 'cncc-core-service-account' is created. If any value is provided then a service account has to be created manually. kubectl create serviceaccount <name> -n <namespace> |
| cmservice.dockerRegistry | <String> | It may contain lowercase letters, digits, and separators. A separator is defined as a period, one or two underscores, or one or more dashes. | M |
Here user provides the registry that contains cmservice's container image. It comprises of the following: <registry-url>:<registry-port> Example:: ocspf-registry.us.oracle.com:5000 |
| cmservice.image.name | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. An image name may not start with a period or a dash and may contain a maximum of 128 characters. | M | Image Name to be used for "cncc-cmservice" micro service. |
| cmservice.image.tag | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. | M | Image Tag to be used for "cncc-cmservice" micro service. |
| cmservice.image.pullPolicy | <String> |
It can take a value from the following: IfNotPresent, Always, Never IfNotPresent is the default pullPolicy |
M | Pull Policy decides from where to pull the image. |
| cmservice.resources.limits.cpu | <Float> | Valid floating point value between 0 and 1 | O | It limits the number of CPUs to be used by the "cncc-cmservice" microservice. By default, it is set to '2'. |
| cmservice.resources.limits.memory | <String> | Valid Integer value followed by Mi/Gi etc. | O | It limits the memory utilization by the "cncc-cmservice" microservice. By default, it is set to '2'. |
| cmservice.resources.requests.cpu | <Float> | Valid floating point value between 0 and 1 | O | It provides a given number of CPUs for the "cncc-cmservice" microservice. By default, it is set to '2'. |
| cmservice.resources.requests.memory | <String> | Valid Integer value followed by Mi/Gi etc. | O | It provides a given amount of memory for the "cncc-cmservice" microservice. By default, it is set to '1. |
| cmservice.deployment.envManageNF | <String> | It is the List of NFs Example: SCP, PCF | M | The list of the enabled NFs and the same NFs will be displayed in the GUI. |
| cmservice.deployment.envSystemName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | M |
This is the name of product which appears as brand name and can be used to mention site name as well. Example: envSystemName: CNCC |
| cmservice.deployment.cmWindowName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | M |
This is the name of the window that appears on the browser tab. Example: cmWindowName: CNCC |
| cmservice.deployment.nodeSelectorEnabled | <boolean> |
It can take either True or False value. By default, it is false. |
O | NodeSelector is the simplest recommended form of node selection constraint. NodeSelector is a field of PodSpec. It specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels. |
| cmservice.deployment.nodeSelectorKey | <String> | By default, its value is zone. | O | Node Selector Key |
| cmservice.deployment.nodeSelectorValue | <String> | By default, its value is app. | O | Node Selector value |
| cmservice.service.http.port | <Integer> | It can take value in the range: 0-65535 | O | The port number which makes cmservice visible to other services running within the same K8s cluster |
| cmservice.service.type | <String> | It can take only 'ClusterIP' as the value. | O | Used to decide where user wants to expose the service from outside the Kubernetes cluster or not. |
| ingress-gateway.global.dockerRegistry | <String> | It may contain lowercase letters, digits, and separators. A separator is defined as a period, one or two underscores, or one or more dashes. | M |
Here user provides the registry that contains CNC Console Core's container image. It comprises of the following: <registry-url>:<registry-port>/<repo> Example:: ocspf-registry.us.oracle.com:5000/cncc |
| ingress-gateway.image.name | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | M | The image name of the ingress-gateway as provided by the user |
| ingress-gateway.image.tag | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. | M | Image Tag to be used for ingress-gateway. |
| ingress-gateway.image.pullPolicy | <String> |
It can take a value from the following: IfNotPresent, Always, Never IfNotPresent is the default pullPolicy |
O | Pull Policy decides from where to pull the image. |
| ingress-gateway.publicHttpSignalingPort | <Integer> | It can take value in the range: 0-65535 | O |
The port on which ingress-gateway service is exposed # If httpsEnabled is false, this Port would be HTTP/2.0 Port (unsecured) publicHttpSignalingPort: 80 |
| ingress-gateway.publicHttpsSignallingPort | <Integer> | It can take value in the range: 0-65535. | O |
The port on which ingress-gateway service is exposed # If httpsEnabled is true, this Port would be HTTPS/2.0 Port (secured SSL). |
| ingress-gateway.metalLbIpAllocationEnabled | <Boolean> |
True/False By default, it is true. |
O | This field enables or disables IP Address allocation from Metallb Pool |
| ingress-gateway.metalLbIpAllocationAnnotation | <Stirng> |
Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. Default set to : metallb.universe.tf/address-pool: signaling" |
The address Pool Annotation for Metallb | |
| ingress-gateway.staticIpAddressEnabled | <Boolean> |
True/False By default, it is false. |
O | If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress else random IP will be assigned by the metalLB from its IP Pool. |
| ingress-gateway.staticIpAddress | <Stirng> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. It may not start with a period or a dash and may contain a maximum of 128 characters. | O | If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress else random IP will be assigned by the metalLB from its IP Pool. |
| ingress-gateway.staticNodePortEnabled | <Boolean> |
True/False By default, it is true. |
O | If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort else random node port will be assigned by K8s. |
| ingress-gateway.staticHttpNodePort | <Integer> |
It can take value in the range: 0-65535. Default value:30075 |
O | If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort else random node port will be assigned by K8s. |
| ingress-gateway.staticHttpsNodePort | <Integer> |
It can take value in the range: 0-65535. Default value:30075 |
O | If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort else random node port will be assigned by K8s. |
| ingress-gateway.initContainersImage.name | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | M | Image Name to be used for "cncc-cmservice" micro service. |
| ingress-gateway.initContainersImage.tag | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. | M | Image Tag to be used for "cncc-cmservice" micro service. |
| ingress-gateway.initContainersImage.pullPolicy | <String> |
It can take a value from the following: IfNotPresent, Always, Never IfNotPresent is the default pullPolicy |
O | Pull Policy decides from where to pull the image. |
| ingress-gateway.updateContainersImage.name | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | M | Image Name to be used for "cncc-cmservice" micro service |
| ingress-gateway.updateContainersImage.tag | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. | M | Image Tag to be used for "cncc-cmservice" micro service. |
| ingress-gateway.updateContainersImage.pullPolicy | <String> |
It can take a value from the following: IfNotPresent, Always, Never IfNotPresent is the default pullPolicy |
O | Pull Policy decides from where to pull the image. |
| ingress-gateway.type | <String> | It can take value LoadBalance/NodePort depending upon one wants to expose the service from outside the Kubernetes cluster or not. | O | Used to decide where user wants to expose the service from outside the Kubernetes cluster or not. |
| service.ssl.tlsVersion | <String> |
Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. It is set to TLSv1.2 |
O | The TLS version |
| ingress-gateway.service.ssl.privateKey.k8SecretName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
Name of the privatekey secret Example: cncc-core-ingress-secret |
| ingress-gateway.service.ssl.privateKey.k8NameSpace | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
Namespace of privatekey Example: cncc |
| ingress-gateway.service.ssl.privateKey.rsa.fileName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
rsa private key file name Example: rsa_private_key_pkcs1.pem |
| ingress-gateway.service.ssl.privateKey.ecdsa.fileName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
ecdsa private key file name Example: ssl_ecdsa_private_key.pem |
| ingress-gateway.service.ssl.certificate.k8SecretName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
Name of the certificate secret Example: cncc-core-ingress-secret |
| ingress-gateway.service.ssl.certificate.k8NameSpace | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
Namespace of certificate Example: cncc |
| ingress-gateway.service.ssl.certificate.rsa.fileName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
rsa certificate file name Example: ssl_rsa_certificate.crt |
| ingress-gateway.service.ssl.certificate.ecdsa.fileName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
ecdsa certificate file name Example: ssl_ecdsa_certificate.crt |
| ingress-gateway.service.ssl.caBundle.k8SecretName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
Name of the caBundle secret Example: cncc-core-ingress-secret |
| ingress-gateway.service.ssl.caBundle.k8NameSpace | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
Namespace of caBundle Example: cncc |
| ingress-gateway.service.ssl.caBundle.fileName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
rsa caBundle file name Example: caroot.cer |
| ingress-gateway.service.keyStorePassword.k8SecretName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
Name of the keyStorePassword secret Example: cncc-core-ingress-secret |
| ingress-gateway.service.keyStorePassword.k8NameSpace | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
Namespace of keyStorePassword Example: cncc |
| ingress-gateway.service.keyStorePassword.fileName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
File name that has password for keyStore Example: ssl_keystore.txt |
| ingress-gateway.service.trustStorePassword.k8SecretName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
Name of the trustStorePassword secret Example: cncc-core-ingress-secret |
| ingress-gateway.service.trustStorePassword.k8NameSpace | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
Namespace of trustStorePassword Example: cncc |
| ingress-gateway.service.trustStorePassword.fileName | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O |
File name that has password for trustStore Example: ssl_truststore.txt |
| ingress-gateway.service.initialAlgorithm | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O | Default values is RSA256 |
| ingress-gateway.readinessProbe.initialDelaySeconds | <Integer> |
It can take value in the range: 0-65535. Default value:30 |
O | It tells the kubelet that it should wait second before performing the first probe |
| ingress-gateway.readinessProbe.timeoutSeconds | <Integer> |
It can take value in the range: 0-65535. Default value:3 |
O | the number of seconds after which the probe times out |
| ingress-gateway.readinessProbe.periodSeconds | <Integer> |
It can take value in the range: 0-65535. Default value:10 |
O | It specifies that the kubelet should perform a liveness probe every xx seconds |
| ingress-gateway.readinessProbe.successThreshold | <Integer> |
It can take value in the range: 0-65535. Default value:1 |
O | Minimum consecutive successes for the probe to be considered successful after having failed |
| ingress-gateway.readinessProbe.failureThreshold | <Integer> |
It can take value in the range: 0-65535. Default value:3 |
O | When a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up |
| ingress-gateway.livenessProbe.initialDelaySeconds | <Integer> |
It can take value in the range: 0-65535. Default value:30 |
O | It tells the kubelet that it should wait second before performing the first probe |
| ingress-gateway.livenessProbe.timeoutSeconds | <Integer> |
It can take value in the range: 0-65535. Default value:3 |
O | The number of seconds after which the probe times out |
| ingress-gateway.livenessProbe.periodSeconds | <Integer> |
It can take value in the range: 0-65535. Default value:15 |
O | It specifies that the kubelet should perform a liveness probe every xx seconds. |
| ingress-gateway.livenessProbe.successThreshold | <Integer> |
It can take value in the range: 0-65535. Default value:1 |
O | Minimum consecutive successes for the probe to be considered successful after having failed. |
| ingress-gateway.livenessProbe.failureThreshold | <Integer> |
It can take value in the range: 0-65535. Default value:3 |
O | When a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. |
| ingress-gateway.minAvailable | <Integer> |
It can take value in the range: 0-65535. Default value:1 |
O | The number of pods that must always be available, even during a disruption. |
| ingress-gateway.minReplicas | <Integer> |
It can take value in the range: 0-65535. Default value:1 |
O | Min replicas to scale to maintain an average CPU utilization. |
| ingress-gateway.maxReplicas | <Integer> |
It can take value in the range: 0-65535. Default value:5 |
O | Max replicas to scale to maintain an average CPU utilization |
| ingress-gateway.initssl | <Boolean> |
It can take either True or False value. By default, it is false. |
O | To Initialize SSL related infrastructure in init/update container. |
| ingress-gateway.enableIncomingHttp | <Boolean> |
It can take either True or False value. By default, it is false. |
O | Server Configuration for http and https support. |
| ingress-gateway.enableIncomingHttps | <Boolean> |
It can take either True or False value. By default, it is false. |
O | Server Configuration for http and https support |
| ingress-gateway.cipherSuites | <List[String]> |
TLS_ECDHE_ ECDSA_WIT H_AES_256_ GCM_SHA38 4 TLS_ECDHE_ RSA_WITH_ AES_256_GC M_SHA384 TLS_ECDHE_ RSA_WITH_ CHACHA20_ POLY1305_S HA256 TLS_DHE_RS A_WITH_AE S_256_GCM_ SHA384 TLS_ECDHE_ ECDSA_WIT H_AES_128_ GCM_SHA25 6 TLS_ECDHE_ RSA_WITH_ AES_128_GC M_SHA256 |
M, if ingressgateway.enableIncomingHttps is true | Allowed CipherSuites for TLS1.2 |
| ingress-gateway.cncc.enabled | <Boolean> |
It can take either True or False value. By default, it is true. |
M | It enables CNCC features i.e authentication and authorization on ingress. |
| ingress-gateway.cncc.core.sessionTimeoutSeconds | <Integer> | It can take value in the range: 0-65535.Default Value: 1800 | M |
It takes the timeout value for CNCC Session in seconds. Default: 1800 Minimum: 300 Maximum: 7200 |
| ingress-gateway.cncc.iam.uri | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | M | The URI of the cncc-iam ingress. |
| ingress-gateway.service.name | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. | O | It is used to provide the name of the api-gateway service. |
| ingress-gateway.service.staticNodePortEnabled | <boolean> |
It can take either True or False value. By default, it is false. |
O | The flag for enabling/disabling the static Nodeport for api-gateway service. |
| ingress-gateway.ports.containerPort | <Integer> |
It can take value in the range: 0-65535. Default value: 8081 |
O | The http port of the container for the ingress-gateway. |
| ingress-gateway.ports.containersslPort | <Integer> |
It can take value in the range: 0-65535. Default value: 8443 |
O | The https port of the container for the ingress-gateway. |
| ingress-gateway.ports.actuatorPort | <Integer> |
It can take value in the range: 0-65535. Default value: 9090 |
O | The actuator port of the container for the ingress-gateway. |
| ingress-gateway.log.level.root | <String> | It can take values like: WARN, DEBUG, INFO, TRACE etc. | O |
The level at which user wants to see the logs. Example: WARN |
| ingress-gateway.log.level.ingress | <String> | It can take values like: WARN, DEBUG, INFO, TRACE etc. | O | Log level for ingress logs |
| ingress-gateway.resources.limits.cpu | <Float> | Valid floating point value between 0 and 1 | O | It limits the number of CPUs to be used by the microservice. |
| ingress-gateway.resources.limits.memory | <String> | Valid Integer value followed by Mi/Gi etc. | O | It limits the memory utilization by the microservice. |
| ingress-gateway.resources.requests.cpu | <Float> | Valid floating point value between 0 and 1 | O | It provides a given number of CPUs for the microservice. |
| ingress-gateway.resources.requests.memory | <String> | Valid Integer value followed by Mi/Gi etc. | O | It provides a given amount of memory for the microservice. |
| ingress-gateway.resources.target.averageCpuUtil | <Integer> | A value in between 0-100 | O | It gives the average CPU utilization percentage. |
| ingress-gateway.routesConfig[].id | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. | M | If SCP route needs to be added to CNC Console Core ingress-gateway. |
| ingress-gateway.routesConfig[].uri | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. | M | |
| ingress-gateway.routesConfig[].path | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. | M | |
| ingress-gateway.routesConfig[].filters.rewritePath | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. | O | |
| ingress-gateway.ingressGwCertReloadEnabled | <boolean> |
It can take either True or False value. By default, it is false. |
M | |
| ingress-gateway.ingressGwCertReloadPath | <String> | Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. | M |