CNCC Core Helm Configurable Values
The custom-cncc-core_values.yaml file can also be downloaded from OHC.
global:
cnccServiceAccountName: ""
cmservice:
dockerRegistry: ocspf-registry.us.oracle.com:5000
image:
name: ocscp/cncc/cncc-cmservice-cm-tag
tag: helm-tag
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 1
memory: 1Gi
deployment:
envManageNF: SCP, NRF, UDR, PCF, PCRF, POLICY, CONVERGED
# This is the name of product which appears as brand name and can be used to mention site name as well.
# Example: envSystemName: CNCC - Site Name
envSystemName: CNCC
# This is the name of the Project that appears on the Window
# Example: cmWindowName: CNCC
cmWindowName: CNCC
# Applicable only for PCF and PCRF deployment, this enables Import Export buttons. Make cmEnableImportExport : true in case of PCF or PCRF deployment
cmEnableImportExport: false
nodeSelectorEnabled: false
nodeSelectorKey: zone
nodeSelectorValue: app
service:
http:
port: 8442
type: ClusterIP
ingress-gateway:
global:
# Docker registry name
dockerRegistry: ocspf-registry.us.oracle.com:5000/ocscp
# If https is enabled, this Port would be HTTP/1.0 Port (unsecured)
# If https is disabled, this Port would be HTTPS/1.0 Port (secured SSL)
publicHttpSignalingPort: 8080
publicHttpsSignallingPort: 8443
serviceAccountName: ''
#Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: LoadBalancer
#Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: true
#Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: oam"
#If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress
#Else random IP will be assigned by the metalLB from its IP Pool
staticIpAddressEnabled: false
staticIpAddress: ""
#If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort
#Else random node port will be assigned by K8
staticNodePortEnabled: false
staticHttpNodePort: 30075
staticHttpsNodePort: 30043
image:
# image name
name: cncc/cncc-apigateway-api-tag
# tag name of image
tag: helm-tag
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
initContainersImage:
# inint Containers image name
name: cncc/apigw-configurationinit-init-tag
# tag name of init Container image
tag: helm-tag
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
updateContainersImage:
# update Containers image name
name: cncc/apigw-configurationupdate-update-tag
# tag name of update Container image
tag: helm-tag
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
service:
ssl:
tlsVersion: TLSv1.2
privateKey:
k8SecretName: cncc-core-ingress-secret
k8NameSpace: cncc
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: cncc-core-ingress-secret
k8NameSpace: cncc
rsa:
fileName: ssl_rsa_certificate.crt
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: cncc-core-ingress-secret
k8NameSpace: cncc
fileName: caroot.cer
keyStorePassword:
k8SecretName: cncc-core-ingress-secret
k8NameSpace: cncc
fileName: ssl_keystore.txt
trustStorePassword:
k8SecretName: cncc-core-ingress-secret
k8NameSpace: cncc
fileName: ssl_truststore.txt
initialAlgorithm: RSA256
ports:
# ContainerPort represents a network port in a single container
containerPort: 8081
containersslPort: 8443
actuatorPort: 9090
#Set the root log level
log:
level:
root: WARN
ingress: INFO
readinessProbe:
# tells the kubelet that it should wait second before performing the first probe
initialDelaySeconds: 30
# Number of seconds after which the probe times out
timeoutSeconds: 3
# specifies that the kubelet should perform a liveness probe every xx seconds
periodSeconds: 10
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# When a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 3
livenessProbe:
# tells the kubelet that it should wait second before performing the first probe
initialDelaySeconds: 30
# Number of seconds after which the probe times out
timeoutSeconds: 3
# specifies that the kubelet should perform a liveness probe every xx seconds
periodSeconds: 15
# Minimum consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# When a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 3
# Resource details
resources:
limits:
cpu: 2
initServiceCpu: 1
updateServiceCpu: 1
memory: 2Gi
updateServiceMemory: 1Gi
initServiceMemory: 1Gi
requests:
cpu: 1
initServiceCpu: 0.5
updateServiceCpu: 0.5
memory: 1Gi
updateServiceMemory: 0.5Gi
initServiceMemory: 0.5Gi
target:
averageCpuUtil: 80
# Nuber of Pods must always be available, even during a disruption.
minAvailable: 1
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 5
# To Initialize SSL related infrastructure in init/update container
initssl: false
#Server Configuration for http and https support
enablehttp1: true
enableIncomingHttp: true # 'true' only in case of http
enableIncomingHttps: false # 'true' only in case of https
allowedCipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
routesConfig:
# Note: Update FQDN and PORT with actual values. If not remove those routes else CNCC will fail to deploy.
# CNCC requires complete routes and not placeholders.
# Default mapping should be the last route entry.
# Examples for routes
#- id: scp_configuration
# uri: http://10.75.153.121:31131
# path: /soothsayer/v1/**
#- id: default_configuration
# uri: http://cncc-cmservice.cncc.svc.cluster.local:8442
# path: /**
- id: scpc_configuration
uri: http://<FQDN>:<PORT>
path: /soothsayer/v1/**
- id: nrf_configuration
uri: http://<FQDN>:<PORT>
path: /nrf-configuration/v1/**
- id: udr_configuration_1
uri: http://<FQDN>:<PORT>
path: /nudr-dr-prov/**
- id: udr_configuration_2
uri: http://<FQDN>:<PORT>
path: /nudr-dr-mgm/**
- id: udr_configuration_3
uri: http://<FQDN>:<PORT>
path: /nudr-group-id-map-prov/**
- id: pcf_configuration
uri: http://<FQDN>:<PORT>
path: /pcfapi/**
filters:
rewritePath: "/pcfapi(?<segment>/?.*), $\\{segment}"
- id: cnpcrf_configuration
uri: http://<FQDN>:<PORT>
path: /pcrfapi/**
filters:
rewritePath: "/pcrfapi(?<segment>/?.*), $\\{segment}"
- id: policy_configuration
uri: http://<FQDN>:<PORT>
path: /policyapi/**
filters:
rewritePath: "/policyapi(?<segment>/?.*), $\\{segment}"
- id: converged_configuration
uri: http://<FQDN>:<PORT>
path: /convergedapi/**
filters:
rewritePath: "/convergedapi(?<segment>/?.*), $\\{segment}"
- id: default_configuration # Default configuration should be the last routesConfig entry
uri: http://<helmrelease>-cmservice.<namespace>.<domain>:8442
path: /**
ingressGwCertReloadEnabled: false
ingressGwCertReloadPath: /ingress-gw/certificate/reload
# CNCC configuration
cncc:
# Enable cncc feature including iam
enabled: true
# Core Configuration
core:
# Session Timeout Value in Seconds. Default: 1800, Minimum: 300, Maximum: 7200
sessionTimeoutSeconds: 1800
# IAM Configuration
# uri should include the CNCC IAM ingress-gateway externalIp and service port (e.g. http://10.75.182.72:8080)
iam:
uri: http://<IP>:<PORT>Note:
The fieldingress-gateway.cncc.iam.uri must include the CNCC IAM Console URL.
Check Accessing CNCC IAM Services for the URL.
For PCF or CNPCRF
deployment set cmEnableImportExport:true, this enables Import Export
buttons. It is applicable only for PCF or CNPCRF deployment.