B Sample values.yaml file
This section provides information about the configurable parameters and values defined in the custom values.yaml template file.
The following sample illustrates the values.yaml file:
# Copyright 2019 (C), Oracle and/or its affiliates. All rights reserved.
# This yaml file could be supplied in helm install command when deploying OCNSSF v1.x.y
#
# e.g. helm install <helm-repo>/ocnssf --name ocnssf --namespace ocnssf -f <this file>
#
# Compatible with OCNSSF CHART VERSION 1.x.y
# - To turn on logging
# set the appropriate logging level (one of: OFF, INFO, DEBUG, ERROR, ALL) in one or more of the following:
global:
# Docker registry name
dockerRegistry: ocnrf-registry.us.oracle.com:5000
# DB credentials
dbCredSecretName: 'ocnssf-db-creds'
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: LoadBalancer
# Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: true
# Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
# If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress
# Else random IP will be assigned by the metalLB from its IP Pool
staticIpAddressEnabled: false
staticIpAddress: 10.75.212.60
# If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort
# Else random node port will be assigned by K8
staticNodePortEnabled: true
staticHttpNodePort: 30075
staticHttpsNodePort: 30043
#NRF CLIENT PARAMS
# Jaeger tracing host
envJaegerAgentHost: ''
# Jaeger tracing port
envJaegerAgentPort: 6831
# Provide value for NodePort
nrfClientNodePort: 0
# Mysql Host
envMysqlHost: ocnssf-nsdb
# Mysql Port
envMysqlPort: '3306'
# Deployment Specific configuration
deploymentNrfClientService:
# Service to be monitored by app-info service
envNfNamespace: 'ocnssf'
envNfType: 'nssf'
# Callback URI to receive Notifications from NRF
nfApiRoot: http://ocnssf-ingress:80
nsselection:
replicaCount: 2
minReplicas: 2
maxReplicas: 12
image:
repository: reg-1:5000
loglevel: "OFF"
mysql:
primary:
host: "ocnssf-nsdb.ocnssf"
secondary:
host: "ocnssf-nsdb.ocnssf"
port: 3306
nrf:
primaryUrl: http://ocnrf.oracle.com:80
secondaryUrl: http://ocnrf.oracle.com:80
httpMaxRetries: 0
homeMcc: "100"
homeMnc: "101"
reqnftime: false
outboundProxy: disabled
features:
nrfdiscovery: true
relevance: true
candidateResolution: true
nrfDiscoveryProperties:
disclimit: 5
candidateResolutionProperties:
maxcandidates: 3
nsavailability:
replicaCount: 2
minReplicas: 2
maxReplicas: 12
image:
repository: reg-1:5000
mysql:
primary:
host: "ocnssf-nsdb.ocnssf"
secondary:
host: "ocnssf-nsdb.ocnssf"
port: 3306
loglevel: "OFF"
maxExpiryDuration: 240
minExpiryDuration: 0
nsconfig:
image:
repository: reg-1:5000
mysql:
primary:
host: "ocnssf-nsdb.ocnssf"
secondary:
host: "ocnssf-nsdb.ocnssf"
port: 3306
loglevel: "OFF"
nrf:
subscription: true
# URL at which NSSF receives notifications from Nrf. Set when NRF subscription is turned ON.
notificationHandlerUrl: http://ocnssf-ingress:80
nrfclient:
# Microservice level control if specific microservice need to be disabled
nrf-client:
# This config map is for providing inputs to NRF-Client
configmapApplicationConfig:
# Config-map to provide inputs to Nrf-Client
# primaryNrfApiRoot - Primary NRF Hostname and Port
# SecondaryNrfApiRoot - Secondary NRF Hostname and Port
# retryAfterTime - Default downtime(in Duration) of an NRF detected to be unavailable.
# nrfClientType - The NfType of the NF registering
# nrfClientSubscribeTypes - the NFType for which the NF wants to subscribe to the NRF.
# appProfiles - The NfProfile of the NF to be registered with NRF.
# enableF3 - Support for 29.510 Release 15.3
# enableF5 - Support for 29.510 Release 15.5
# renewalTimeBeforeExpiry - Time Period(seconds) before the Subscription Validity time expires.
# validityTime - The default validity time(days) for subscriptions.
# enableSubscriptionAutoRenewal - Enable Renewal of Subscriptions automatically.
# acceptAdditionalAttributes - Enable additionalAttributes as part of 29.510 Release 15.5
# retryForCongestion - The duration(seconds) after which nrf-client should retry to a NRF server found to be congested.
profile: |-
[appcfg]
primaryNrfApiRoot=http://ocnrf.oracle.com:80
secondaryNrfApiRoot=http://ocnrf.oracle.com:80
retryAfterTime=PT120S
nrfClientType=NSSF
nrfClientSubscribeTypes=AMF
appProfiles=[{"nfInstanceId": "9faf1bbc-6e4a-4454-a507-aef01a101a06","nfType":"NSSF","nfStatus":"REGISTERED","plmnList":[{"mcc":"311","mnc":"14"}],"fqdn":"nssf1.lab.oracle.com","interPlmnFqdn":"nssf1.lab.oracle.com","ipv4Addresses":["127.0.0.1","10.0.0.1"],"ipv6Addresses":["::1","::2"],"priority":5,"load":"20","capacity":"1000","locality":"us-east","amfInfo":{"amfRegionId":"01","amfSetId":"101","guamiList":[{"plmnId":{"mcc":"100","mnc":"101"},"amfId":"ABF001"}]},"nfServices":[{"serviceName":"nssf-nsselection","nfServiceStatus":"REGISTERED","serviceInstanceId":"123","versions":[{"apiVersionInUri":"v1","apiFullVersion":"1.15.3.0","expiry":"2019-12-31T23:59:59.000+0000"}],"scheme":"http","allowedNfTypes":["AMF"],"fqdn":"ocnssf-nsgateway.ocnssf.svc.us.lab.oracle.com","interPlmnFqdn":"ocnssf-nsgateway.ocnssf.svc.us.lab.oracle.com","ipEndPoints":[{"ipv4Address":"127.0.0.1","transport":"TCP","port":80}]},{"serviceName":"nssf-nsavailability","nfServiceStatus":"REGISTERED","serviceInstanceId":"124","versions":[{"apiVersionInUri":"v1","apiFullVersion":"1.15.3.0","expiry":"2019-12-31T23:59:59.000+0000"}],"scheme":"http","allowedNfTypes":["AMF"],"fqdn":"ocnssf-nsgateway.ocnssf.svc.us.lab.oracle.com","interPlmnFqdn":"ocnssf-nsgateway.ocnssf.svc.us.lab.oracle.com","ipEndPoints":[{"ipv4Address":"127.0.0.1","transport":"TCP","port":80}]}]}]
enableF3=true
enableF5=true
renewalTimeBeforeExpiry=3600
validityTime=30
enableSubscriptionAutoRenewal=true
acceptAdditionalAttributes=false
retryForCongestion=5
# Details of Config-server microservice
config-server:
# Mysql Config Server Databse Name
envMysqlDatabase: ocpm_config_server
# Details of appinfo microservices
appinfo:
debug: true
# Details of perf-info microservices
perf-info:
# Service namespace for perf-info
service_namespace: ocnssf
configmapPerformance:
prometheus: http://prometheus-server.prometheus:5802
nssubscription:
replicaCount: 2
minReplicas: 2
maxReplicas: 12
image:
repository: reg-1:5000
mysql:
primary:
host: "ocnssf-nsdb.ocnssf"
secondary:
host: "ocnssf-nsdb.ocnssf"
port: 3306
httpMaxRetries: 0
loglevel: "OFF"
# oauthTokenRequestEnabled when set true lets Subscription Notifications to be send with OauthToken
# As all notifications are send by Egress gateway. oauthClientEnabled in Egress should also be set true to make this work.
oauthTokenRequestEnabled: false
ingress-gateway:
service:
ssl:
tlsVersion: TLSv1.2
privateKey:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ec_private_key_pkcs8.pem
certificate:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
rsa:
fileName: rsa_apigatewayTestCA.cer
ecdsa:
fileName: apigatewayTestCA.cer
caBundle:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: caroot.cer
keyStorePassword:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: key.txt
trustStorePassword:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: trust.txt
initialAlgorithm: RSA256
log:
level:
root: WARN
egress: INFO
oauth: INFO
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 1
# enable jagger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# udpsender host
host: "jaeger-agent.cne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
#OAUTH CONFIGURATION
oauthValidatorEnabled: false
nfType: NSSF
nfInstanceId: fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
producerScope: nnssf-nsselection,nnssf-nsavailability
allowedClockSkewSeconds: 0
nrfPublicKeyKubeSecret: nrfpublickeysecret
nrfPublicKeyKubeNamespace: ocnssf
validationType: strict
producerPlmnMNC: 123
producerPlmnMCC: 346
#######################################################################
# To Initialize SSL related infrastructure in init/update container
# initssl: true
#Server Configuration for http and https support
enableIncomingHttp: true
enableIncomingHttps: false
enableOutgoingHttps: false
#TLS certificate reload for https
ingressGwCertReloadEnabled: true
#######################################################################
serviceMeshCheck: false
#CnCoam bug fix
cnccIamEnabled: false
#IAM configuration
identityAccessMgt:
uri: http://demo.iam:30024
path: /cncc/auth
realm: cncc
clientId: api-gateway
#Jetty Client settings
maxConnectionsQueuedPerDestination: 1024
maxConnectionsPerDestination: 4
maxConnectionsPerIp: 4
connectionTimeout: 10000 #(ms)
#Rate limiting configuration
rateLimiting:
enabled: false
routeRateLimiting:
enabled: true
globalIngressRateLimiting:
enabled: true
duration: 60 # in seconds
burstCapacity: 4
refillRate: 2
egress-gateway:
#Enabling it for ougoing https request
enableOutgoingHttps: false
#Enable this if loadbalancing is to be done by egress instead of K8s
K8ServiceCheck: false
#SCP Configuration for egress gateway
scp:
# Default scheme applicable when 3gpp-sbi-target-apiroot header is missing
scpDefaultScheme: https
# Change this to false when scp integration is not required
scpIntegrationEnabled: false
# Set this flag to true if re-routing to multiple SCP instances is to be enabled.
scpRerouteEnabled: false
instances:
http:
- host: localhost
port: 101
apiPrefix: "/"
- host: localhost
port: 102
apiPrefix: "/"
- host: 10.75.224.7
port: 32070
apiPrefix: "/"
https:
- host: localhost
port: 4431
apiPrefix: "/" # Change this value to corresponding prefix "/" is not expected to be provided along.
- host: localhost
port: 4432
apiPrefix: "/"
- host: 10.75.224.109
port: 30570
apiPrefix: "/"
#Enabling this will make the service type default to ClusterIP
headlessServiceEnabled: false
log:
level:
root: WARN
egress: INFO
oauth: INFO
service:
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: ClusterIP
ssl:
tlsVersion: TLSv1.2
privateKey:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ec_private_key_pkcs8.pem
certificate:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
rsa:
fileName: rsa_apigatewayTestCA.cer
ecdsa:
fileName: apigatewayTestCA.cer
caBundle:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: caroot.cer
keyStorePassword:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: key.txt
trustStorePassword:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: trust.txt
initialAlgorithm: RSA256
#globalretry can be enabled only when scpRerouteEnabled flag is set to true.
globalretry:
enabled: false
retries: 2
routesConfig:
- id: scp_path1
uri: https://request.uri
path: /nef/**
order: 1
filterName1: ScpFilter
filterName2:
name: ScpRetry
retries: 1
methods: GET, POST, PUT, DELETE, PATCH
statuses: BAD_REQUEST, INTERNAL_SERVER_ERROR, BAD_GATEWAY, NOT_FOUND
- id: scp_path2
uri: https://dummy.dontchange1
path: /npcf/**
order: 2
filterName1: ScpFilter
filterName2:
name: ScpRetry
retries: 1
methods: GET, POST, PUT, DELETE, PATCH
statuses: BAD_REQUEST, INTERNAL_SERVER_ERROR, BAD_GATEWAY, NOT_FOUND
- id: scp_path3
uri: https://dummy.dontchange2
path: /nxyz/**
order: 3
filterName1: ScpFilter
filterName2:
name: ScpRetry
retries: 1
methods: GET, POST, PUT, DELETE, PATCH
statuses: BAD_REQUEST, INTERNAL_SERVER_ERROR, BAD_GATEWAY, NOT_FOUND
- id: egress_iwf
uri: egress://test.com
path: /niwf/**
order: 4
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 1
nrfAuthority: ocnrf.oracle.com:80
nfType: NSSF
nfInstanceId: fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
oauthClientEnabled: false
consumerPlmnMNC: 101
consumerPlmnMCC: 100
#Jetty bean name
#when http enabled -> ''
#when https enabled -> jettysClient
httpClientBean: ''
#jetty client configuration
maxConnectionsQueuedPerDestination: 1024
maxConnectionsPerIp: 4
connectionTimeout: 10000 #(ms)
egressGwCertReloadEnabled: true
#enable jagger tracing
jaegerTracingEnabled: false
openTracing:
jaeger:
udpSender:
# udpsender host
host: "occne-tracer-jaeger-agent.occne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
# Flag to enable rate limiting for "notification" type of messages.
notificationRateLimit:
enabled: false
duration: 60
bucketCapacity: 4
refillRate: 2