3 Customizing Policy Control Function
This chapter describes how to customize the Policy Control Function (PCF) deployment in a cloud native environment.
The PCF deployment is customized by overriding the default values of various configurable parameters in the ocpcf-custom-values-1.6.1.yaml file.
To customize the ocpcf-custom-values-1.6.1.yaml file as per the required parameters:
- Go to the Oracle Help Center (OHC) Web site:
- Navigate to Industries->Communications->Cloud Native Core->Release 2.2.0
- Click the Policy Control Function (PCF) Custom Template link to download the zip file.
- Unzip the file to get
ocpcf-custom-configTemplates-1.6.1.0.0.0file that contains theocpcf-custom-values-1.6.1.yaml. This file is used during installation. - Customize the ocpcf-custom-values-1.6.1.yaml file.
- Save the updated ocpcf-custom-values-1.6.1.yaml file in the helm chart directory.
Following is a sample ocpcf-custom-values-1.6.1.yaml file created based on all the parameters described in
the Configurable Parameters section .
# Copyright 2019 (C), Oracle and/or its affiliates. All rights reserved.
# section:- global
global:
# Docker registry name
dockerRegistry: 'occne-bastion:5000'
#Jaeger Hostname
envJaegerAgentHost: 'occne-tracer-jaeger-agent.occne-infra'
# Primary MYSQL Host IP or Hostname
envMysqlHost: ''
# K8s secret object name containing OCPCF MYSQL UserName and Password
dbCredSecretName: 'pcf-db-pass'
privilegedDbCredSecretName: 'pcf-privileged-db-pass'
#Release DB name containing release version details
releaseDbName: 'pcf_release'
# -----Ingress Gateway Settings - BEGIN-----
# If httpsEnabled is false, this Port would be HTTP/2.0 Port (unsecured)
publicHttpSignalingPort: 80
# If httpsEnabled is true, this Port would be HTTPS/2.0 Port (secured SSL)
publicHttpsSignallingPort: 443
# Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: false
# Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
# -----Ingress Gateway Settings - END-----
# API root of PCF that will be used in notification URLs generated by PCF's when sending request to other producer NFs
#If not configured then the ingress gateway service name and port will be used as default value. ex:"https://<k8s namespace>-pcf-egress-gateway:443"
pcfApiRoot: ''
nrfClientEnable: true
deploymentNrfClientService:
#K8s namespace of PCF
envNfNamespace: ''
#same as pcfApiRoot
nfApiRoot: ''
# Global flag to enable/disable Policy DS service
policydsEnable: false
# Global flag to enable/disable LDAP Gateway service
ldapGatewayEnable: false
diamConnectorEnable: true
am-service:
enabled: true
envMysqlDatabase: pcf_amservice
sm-service:
enabled: true
envMysqlDatabase: pcf_smservice
envMysqlDatabaseUserService: pcf_userservice
defaultBsfApiRoot: 'https://bsf.apigateway:8001'
auditSmSessionTtl: 86400
auditSmSessionMaxTtl: 172800
user-service:
envMysqlDatabase: pcf_userservice
config-server:
envMysqlDatabase: ocpm_config_server
queryservice:
envMysqlDatabaseSmService: pcf_smservice
envMysqlDatabaseUserService: pcf_userservice
audit-service:
envMysqlDatabase: oc5g_audit_service
nrf-client:
# This config map is for providing inputs to NRF-Client
configmapApplicationConfig:
# primaryNrfApiRoot - Primary NRF Hostname and Port
# SecondaryNrfApiRoot - Secondary NRF Hostname and Port
# retryAfterTime - Default downtime(in ISO 8601 duration format) of an NRF detected to be unavailable.
# nrfClientType - The NfType of the NF registering
# nrfClientSubscribeTypes - the NFType for which the NF wants to subscribe to the NRF.
# appProfiles - The NfProfile of the NF to be registered with NRF.
# enableF3 - Support for 29.510 Release 15.3
# enableF5 - Support for 29.510 Release 15.5
# renewalTimeBeforeExpiry - Time Period(seconds) before the Subscription Validity time expires.
# validityTime - The default validity time(days) for subscriptions.
# enableSubscriptionAutoRenewal - Enable Renewal of Subscriptions automatically.
# acceptAdditionalAttributes - Enable additionalAttributes as part of 29.510 Release 15.5
profile: |-
[appcfg]
primaryNrfApiRoot=http://nrf1-api-gateway.svc:80
secondaryNrfApiRoot=http://nrf2-api-gateway.svc:80
retryAfterTime=PT120S
nrfClientType=PCF
nrfClientSubscribeTypes=CHF,UDR,BSF
appProfiles=[{ "nfInstanceId": "fe7d992b-0541-4c7d-ab84-c6d70b1b0123", "nfType": "PCF", "nfStatus": "REGISTERED", "plmnList": null, "nsiList": null, "fqdn": "ocpcf-api-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipv4Addresses": null, "ipv6Addresses": null, "priority": null, "capacity": null, "load": 80, "locality": null, "pcfInfo": { "dnnList": [ "internet", "volte" ], "supiRanges": [ { "start": "12123444444", "end": "232332323323232", "pattern": null } ] }, "customInfo": null, "recoveryTime": null, "nfServices": [ { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd01", "serviceName": "npcf-am-policy-control", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "ocpcf-api-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "AMF", "NEF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null }, { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd02", "serviceName": "npcf-smpolicycontrol", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "ocpcf-api-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "SMF", "NEF", "AF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null }, { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd03", "serviceName": "npcf-ue-policy-control", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "ocpcf-api-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "AMF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null } ]}]
enableF3=true
enableF5=true
renewalTimeBeforeExpiry=3600
validityTime=30
enableSubscriptionAutoRenewal=true
acceptAdditionalAttributes=false
nrf-client-nfdiscovery:
cacheDiscoveryResults: false
appinfo:
serviceAccountName: ''
perf-info:
configmapPerformance:
prometheus: http://prometheus-server.prometheus:5802
diam-connector:
envDiameterRealm: 'oracle.com'
envDiameterIdentity: 'ocpcf'
diam-gateway:
envDiameterRealm: 'oracle.com'
envDiameterIdentity: 'ocpcf-gateway'
ingress-gateway:
#Service Mesh (Istio) to take care of load-balancing
serviceMeshCheck: false
# ----OAUTH CONFIGURATION - BEGIN ----
oauthValidatorEnabled: false
nfInstanceId: 6faf1bbc-6e4a-4454-a507-a14ef8e1bc11
allowedClockSkewSeconds: 0
nrfPublicKeyKubeSecret: ''
nrfPublicKeyKubeNamespace: ''
validationType: relaxed
producerPlmnMNC: 123
producerPlmnMCC: 456
# ----OAUTH CONFIGURATION - END ----
# Enable it to accept incoming http requests
enableIncomingHttp: true
# ---- HTTPS Configuration - BEGIN ----
enableIncomingHttps: false
service:
ssl:
tlsVersion: TLSv1.2
initialAlgorithm: RSA256
privateKey:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
rsa:
fileName: rsa_private_key_pkcs1.pem
certificate:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
rsa:
fileName: ocegress.cer
caBundle:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
fileName: key.txt
trustStorePassword:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
fileName: trust.txt
egress-gateway:
# ---- Oauth Configuration - BEGIN ----
oauthClientEnabled: false
nrfAuthority: 10.75.224.7:8085
nfInstanceId: fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
consumerPlmnMNC: 345
consumerPlmnMCC: 567
# ---- Oauth Configuration - END ----
# ---- HTTPS Configuration - BEGIN ----
#Enabling it for egress https requests
enableOutgoingHttps: false
egressGwCertReloadEnabled: false
egressGwCertReloadPath: /egress-gw/store/reload
service:
ssl:
tlsVersion: TLSv1.2
initialAlgorithm: RSA256
privateKey:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
rsa:
fileName: ocegress.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
fileName: key.txt
trustStorePassword:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
fileName: trust.txt
# ---- HTTPS Configuration - END ----
# ---- SCP Configuration - BEGIN ----
# Change this to false when scp integration is not required
scpIntegrationEnabled: false
scpHttpHost: localhost
scpHttpPort: 80
scpHttpsHost: localhost
scpHttpsPort: 443
#Change this value to corresponding prefix "/" is not expected to be provided along. Applicable for SCP with TLS enabled. Example: nef , pcf etc.,
scpApiPrefix: /
# Default scheme applicable when 3gpp-sbi-target-apiroot header is missing
scpDefaultScheme: https
# ---- SCP Configuration - END ----
#Enable this if loadbalancing is to be done by egress instead of K8s
K8ServiceCheck: falseConfigurable Parameters
Note:
- All parameters mentioned as mandatory must be present in custom values file.
- All fixed value parameters mentioned must be present in the custom values file with the exact values as specified here.
Global Configurations
These configuration parameters are common for all micro services.
Table 3-1 Customizable Parameters
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| dockerRegistry | Name of the Docker registry which hosts Policy Control Function (PCF) docker images | Yes | Not applicable |
This is a docker registry running in OCCNE bastion server where all PCF docker images will be loaded. For example, 'occne-bastion:5000' |
| envMysqlHost |
IP address or host name of the MySql server which hosts PCF's databases |
Yes | Not applicable | |
| cmServiceNodePort | Custom node port for CM service | No | 0 | When not specified (default 0), kubernetes assigns a random port. |
| pcfDiamGatewayNodePort | Custom node port for Diameter Gateway service | No | 0 |
When not specified, kubernetes assigns a random port. |
| envJaegerAgentHost | Hostname or IP address for the jaeger agent | Yes | Not applicable | This parameter is the fqdn of Jaeger Agent service running in OCCNE cluster under namespace occne-infra. |
| dbCredSecretName | Name of the Kubernetes secret object containing Database username and password | Yes | Not applicable | |
| privilegedDbCredSecretName | Name of the Kubernetes secret object containing Database username and password for an admin user | Yes | Not applicable | |
| pcfApiRoot | API root of PCF that is used in notification URLs generated by PCF's when sending request to other producer NFs (like NRF, UDR, CHF, etc..) | No | Ingress gateway service name and port |
If not configured then the ingress gateway service name and port will be used as default value. Example: If the PCF is deployed in namespace "site1" with https enabled in port 443, then the default value will be "https://site1-pcf-egress-gateway:443" |
Core Services
Table 3-2 Customizable Parameters
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| am-service.envMysqlDatabase | Name of the database for AM-Service | No | pcf_amservice | |
| sm-service.envMysqlDatabase | Name of the database for SM-Service | No | pcf_smservice | |
| sm-service.envMysqlDatabaseUserService | Name of the database of User Service | No | pcf_userservice | Same value as "user-service.envMysqlDatabase" |
|
sm-service.auditSmSessionTtl |
SM Policy Association normal age | No | 86400 | Specifies age of a SM policy association after which a record is considered to be stale on PCF and the SMF is queried for presence of such associations. |
|
sm-service.auditSmSessionMaxTtl |
SM Policy Association maximaum age | No | 172800 | Specifies maximum age of a SM Policy Association after which a record is purged from PCF SM database without sending further queries to SMF. |
| sm-service.defaultBsfApiRoot | Api root of pre-configured BSF | No | Not applicable | Required, if PCF uses pre-configured BSF. For Example: "https://bsf.apigateway:8001/" |
| user-service.envMysqlDatabase | Name of the database for User-Service | No | pcf_userservice |
Common Services
Table 3-3 Customizable Parameters
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| cm-service.enableHttps | Flag to enable/disable HTTPS for cm-service GUI/API | Optional | false | |
| config-server.envMysqlDatabase | Name of the database for Config Server service | No | ocpm_config_server | |
| queryservice.envMysqlDatabaseSmService | Specify the database name of SM service | Conditional | pcf_smservice | |
| queryservice.envMysqlDatabaseUserService | Specify the database name of User service | Conditional | pcf_userservice | Same value as "user-service.envMysqlDatabase" |
| perf-info.configmapPerformance.prometheus | Specifies Prometheus server URL | Conditional | http://prometheus-server.prometheus:5802 | If no value is specified, PCFs load reported to NRF is always 0. |
|
appinfo.serviceAccountName |
K8s Service Account to access (RBAC) the K8s API server to retrieve status of PCF services and pods. The account should have read access ( "get" , "watch" , "list" ) to pods, services and nodes |
Conditional | Not applicable | If no value is specified, PCF creates a service account at the time of deployment. |
NRF Client
Table 3-4 Customizable Parameters
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| global.deploymentNrfClientService.envNfNamespace | K8s namespace of PCF | Mandatory | Not Applicable | |
| global.deploymentNrfClientService.nfApiRoot | Api root of PCF | Mandatory | Not Applicable | same value as global.pcfApiRoot |
| nrf-client.configmapApplicationConfig.profile | Contains configuration parameters that goes into nrf-client's config map | Mandatory | Not Applicable | Refer below table for config parameters in config-map |
Config parameters in Config-map
| Parameter | Description | Allowed Values | Notes |
|---|---|---|---|
| primaryNrfApiRoot | Primary NRF API root <http scheme>://<Hostname/IP>:<Port> | valid api root | For Example: http://nrf1-api-gateway.svc:80 |
| SecondaryNrfApiRoot | secondary NRF API root <http scheme>://<Hostname/IP>:<Port> | valid api root | For Example: http://nrf2-api-gateway.svc:80 |
| retryAfterTime | When primary NRF is down, this will be the wait Time (in ISO 8601 duration format) after which request to primary NRF will be retried to detect primary NRF's availability. | valid ISO 8601 duration format | For Example: PT120S |
| nrfClientType | This should be set to PCF | PCF | |
| nrfClientSubscribeTypes | NF Type(s) for which the NF wants to discover and subscribe to the NRF | BSF,UDR,CHF | Leave blank if PCF does not require. |
| appProfiles | NfProfile of PCF to be registered with NRF | Valid NF Profile | |
| enableF3 | Support for 29.510 Release 15.3 | true/false | |
| enableF5 | Support for 29.510 Release 15.5 | true/false | |
| renewalTimeBeforeExpiry | Time Period(seconds) before the Subscription Validity time expires | Time in seconds | For Example: 3600 (1hr) |
| validityTime | The default validity time(days) for subscriptions | Time in days | For Example: 30 (30 days) |
| enableSubscriptionAutoRenewal | Enable Renewal of Subscriptions automatically | true/false | |
| acceptAdditionalAttributes | Enable additionalAttributes as part of 29.510 Release 15.5 | true/false |
Diameter
Table 3-5 Customizable Parameters
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| diam-connector.envDiameterRealm | Diameter Realm of PCF | Yes | Not applicable | example: oracle.com |
| diam-connector.envDiameterIdentity | Diameter Host of PCF | Yes | Not applicable | example: ocpcf |
|
diam-gateway.envDiameterRealm |
Diameter Realm of PCF diameter gateway | Yes | Not applicable | example: oracle.com |
|
diam-gateway.envDiameterIdentity |
Diameter Host of PCF diameter gateway | Yes | Not applicable | example: ocpcf-gateway |
Ingress Gateway Service
Table 3-6 Customizable Parameters
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
|
global.publicHttpSignalingPort |
HTTP/2.0 Port of ingress gateway | No | 80 | |
|
global.publicHttpsSignallingPort |
HTTPS/2.0 Port of ingress gateway | No | 443 | |
| global.metalLbIpAllocationEnabled | Enable or disable IP Address allocation from Metallb Pool | No | false | |
| global.metalLbIpAllocationAnnotation | Address Pool Annotation for Metallb | No | "metallb.universe.tf/address-pool: signaling" | |
|
ingress-gateway.serviceMeshCheck |
Enable this parameter if load balancing is handled by Service Mesh | No | False | |
| ingress-gateway.oauthValidatorEnabled | Enable or disable Oauth Validator | Yes | False | |
| ingress-gateway.nfInstanceId | NF Instance Id of service producer | No | 6faf1bbc-6e4a-4454-a507-a14ef8e1bc11 | |
| ingress-gateway.allowedClockSkewSeconds | set this value if clock on the parsing NF (producer) is not perfectly in sync with the clock on the NF (consumer) that created by JWT | No | 0 | |
| ingress-gateway.nrfPublicKeyKubeSecret | Name of the secret which stores the public key(s) of NRF | No | ||
| ingress-gateway.nrfPublicKeyKubeNamespace | Namespace of the NRF public key secret | No | ||
| ingress-gateway.validationType | Possible values are:
strict- If incoming request does not contain "Authorization" (Access Token) header, the request is rejected. relaxed- relaxed means that if Incoming request contains "Authorization" header, it is validated. If Incoming request does not contain "Authorization" header, validation is ignored. |
No | ||
| ingress-gateway.producerPlmnMNC | MNC of the service producer | No | ||
| ingress-gateway.producerPlmnMCC | MCC of the service producer | No | ||
|
ingress-gateway.enableIncomingHttp |
To enable http (INSECURE) for ingress traffic | No | False | |
| ingress-gateway.enableIncomingHttps | To enable https for ingress traffic | No | False | |
|
ingress-gateway.service.ssl.privateKey.k8SecretName |
Name of the privatekey secret | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.privateKey.k8NameSpace |
Namespace of privatekey | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.privateKey.rsa.fileName |
rsa private key file name | No | Not Applicable | required if enableIncomingHttps is true |
| ingress-gateway.service.ssl.privateKey.ecdsa.fileName | ecdsa private key file name | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.certificate.k8SecretName |
Name of the privatekey secret | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.certificate.k8NameSpace |
Namespace of privatekey | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.certificate.rsa.fileName |
rsa private key file name | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.certificate.ecdsa.fileName |
ecdsa private key file name | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.caBundle.k8SecretName |
Name of the privatekey secret | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.caBundle.k8NameSpace |
Namespace of privatekey | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.caBundle.rsa.fileName |
rsa private key file name | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.keyStorePassword.k8SecretName |
Name of the privatekey secret | No | Not Applicable | required if enableIncomingHttp is true |
|
ingress-gateway.service.ssl.keyStorePassword.k8NameSpace |
Namespace of privatekey | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.keyStorePassword.fileName |
File name that has password for keyStore | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.trustStorePassword.k8SecretName |
Name of the privatekey secret | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.trustStorePassword.k8NameSpace |
Namespace of privatekey | No | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.trustStorePassword.fileName |
File name that has password for trustStore | No | Not Applicable | required if enableIncomingHttps is true |
Egress Gateway Service
Table 3-7 Customization Parameters
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| egress-gateway.oauthClientEnabled | Oauth Validator Enabled | No | false | |
| egress-gateway.nrfAuthority | NRF's ${HOSTNAME}:{PORT} | No | Not Applicable | Modify the parameter with actual value, if oAuth is enabled. |
| egress-gateway.nfInstanceId | NF InstanceId of Producer | No | Not Applicable | Modify the parameter with actual value, if oAuth is enabled. |
| egress-gateway.consumerPlmnMNC | MNC of service Consumer | No | Modify the parameter with actual value, if oAuth is enabled. | |
| egress-gateway.consumerPlmnMCC | MCC of service Consumer | No | Modify the parameter with actual value, if oAuth is enabled. | |
| egress-gateway.enableOutgoingHttps | Enabling it for outgoing https request | No | ||
| egress-gateway.egressGwCertReloadEnabled | No | |||
| egress-gateway.egressGwCertReloadPath | No | |||
| egress-gateway.service.ssl.privateKey.k8SecretName | Name of the privatekey secret | No | Not Applicable | |
| egress-gateway.service.ssl.privateKey.k8NameSpace | Namespace of privatekey | No | Not Applicable | |
| egress-gateway.service.ssl.privateKey.rsa.fileName | rsa private key file name | No | Not Applicable | |
| egress-gateway.service.ssl.privateKey.ecdsa.fileName | ecdsa private key file name | No | Not Applicable | |
| egress-gateway.service.ssl.certificate.k8SecretName | Name of the privatekey secret | No | Not Applicable | |
| egress-gateway.service.ssl.certificate.k8NameSpace | Namespace of privatekey | No | Not Applicable | |
| egress-gateway.service.ssl.certificate.rsa.fileName | rsa private key file name | No | Not Applicable | |
| egress-gateway.service.ssl.certificate.ecdsa.fileName | ecdsa private key file name | No | Not Applicable | |
| egress-gateway.service.ssl.caBundle.k8SecretName | Name of the privatekey secret | No | Not Applicable | |
| egress-gateway.service.ssl.caBundle.k8NameSpace | Namespace of privatekey | No | Not Applicable | |
| egress-gateway.service.ssl.caBundle.rsa.fileName | rsa private key file name | No | Not Applicable | |
| egress-gateway.service.ssl.keyStorePassword.k8SecretName | Name of the privatekey secret | No | Not Applicable | |
| egress-gateway.service.ssl.keyStorePassword.k8NameSpace | Namespace of privatekey | No | Not Applicable | |
| egress-gateway.service.ssl.keyStorePassword.fileName | File name that has password for keyStore | No | Not Applicable | |
| egress-gateway.service.ssl.trustStorePassword.k8SecretName | Name of the privatekey secret | No | Not Applicable | |
| egress-gateway.service.ssl.trustStorePassword.k8NameSpace | Namespace of privatekey | No | Not Applicable | |
| egress-gateway.service.ssl.trustStorePassword.fileName | File name that has password for trustStore | No | Not Applicable | |
| egress-gateway.scpIntegrationEnabled | Change this to false when scp integration is not required | No | false | |
| egress-gateway.scpHttpHost | SCP HTTP IP/FQDN | No | Not Applicable | |
| egress-gateway.scpHttpPort | SCP HTTP PORT | No | 80 | |
| egress-gateway.scpHttpsHost | SCP HTTPS IP/FQDN | No | n/a | |
| egress-gateway.scpHttpsPort | SCP HTTPS PORT | No | 443 | |
| egress-gateway.scpApiPrefix | Change this value to corresponding prefix "/" is not expected to be provided along. Applicable only for SCP with TLS enabled. | No | / | |
| egress-gateway.scpDefaultScheme | Default scheme applicable when 3gpp-sbi-target-apiroot header is missing | No | https | |
| egress-gateway.K8ServiceCheck | Enable this if loadbalancing is to be done by egress instead of K8s | No | false |