1. Cloud Native Core Console Installation Guide
  2. CNC Console Core Installation Instructions

4 CNC Console Core Installation Instructions

Prerequisites for CNC Console Core Installation

Following are the prerequisites for the installation of CNC Console Core:
  • The NFs for which GUI is required must be deployed in the Kubernetes cluster.
  • CNC Console IAM must be deployed.

CNCC Core Secret Configuration to Enable HTTPS

This section describes how to create secret configuration for enabling HTTPS. This section must be executed before enabling HTTPS in CNCC Core Ingress gateway.

Note:

The passwords for TrustStore and KeyStore are stored in respective password files.

To create kubernetes secret for HTTPS, following files are required:

  • ECDSA private key and CA signed certificate of CNCC (if initialAlgorithm is ES256)
  • RSA private key and CA signed certificate of CNCC (if initialAlgorithm is RSA256)
  • TrustStore password file
  • KeyStore password file
  • CA certificate

This section explains how to create the secrets for enabling HTTPS after required certificates and password files are generated:

  1. Create a secret by executing the following command:
    $ kubectl create secret generic <secret-name> --fromfile=<ssl_ecdsa_private_key.pem>
      --from-file=<rsa_private_key_pkcs1.pem> --fromfile=<ssl_truststore.txt>
      --from-file=<ssl_keystore.txt> --from-file=<caroot.cer> --fromfile=<ssl_rsa_certificate.crt>
      --from-file=<ssl_ecdsa_certificate.crt> -n <Namespace of CNCC Core Ingress Gateway
    secret>

    Example:

    kubectl create secret generic cncc-core-ingress-secret --fromfile=ssl_ecdsa_private_key.pem 
      --from-file=rsa_private_key_pkcs1.pem --fromfile=ssl_truststore.txt
      --from-file=ssl_keystore.txt --from-file=caroot.cer --fromfile=ssl_rsa_certificate.crt
      --from-file=ssl_ecdsa_certificate.crt -n cncc    
    cncc
  2. On successfully executing the above command, the following message will be displayed:

    secret/cncc-core-ingress-secret created

  3. Execute the following command to verify the secret creation:

    $ kubectl describe secret cncc-core-ingress-secret -n cncc

This section explains how to update the secrets for enabling HTTPS, if they already exist:

  1. Create a secret by executing the following command:
    $ kubectl create secret generic <secret-name> --fromfile=<ssl_ecdsa_private_key.pem>
      --from-file=<rsa_private_key_pkcs1.pem> --fromfile=<ssl_truststore.txt>
      --from-file=<ssl_keystore.txt> --from-file=<caroot.cer> --fromfile=<ssl_rsa_certificate.crt>
      --from-file=<ssl_ecdsa_certificate.crt> --dry-run -o yaml -n <Namespace of CNCC Core Ingress
      Gateway secret> | kubectl replace -f - -n <Namespace of CNCC Core Ingress Gateway
    secret>

    Example:

    $ kubectl create secret generic cncc-core-ingress-secret
      --fromfile=ssl_ecdsa_private_key.pem  --from-file=rsa_private_key_pkcs1.pem
      --fromfile=ssl_truststore.txt --from-file=ssl_keystore.txt --from-file=caroot.cer
      --fromfile=ssl_rsa_certificate.crt --from-file=ssl_ecdsa_certificate.crt --dry-run -o yaml -n
      cncc | kubectl replace -f - -n cncc
  2. On successfully executing the above command, the following message will be displayed:

    secret/cncc-core-ingress-secret replaced

CNCC Core Configuration for Service Account

This section describes about CNCC Core Configuration for Service Account. CNCC Core provides option to configure custom service account.

Sample CNCC Core service account yaml file

cncc-core-sa
## Service account yaml file for cncc-core
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cncc-core-sa
  namespace: cncc
  annotations: {}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: cncc-core-role
  namespace: cncc
rules:
- apiGroups:
  - "" # "" indicates the core API group
  resources:
  - services
  - configmaps
  - pods
  - secrets
  - endpoints
  - persistentvolumeclaims
  verbs:
  - get
  - watch
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: cncc-core-rolebinding
  namespace: cncc
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cncc-core-role
subjects:
- kind: ServiceAccount
  name: cncc-core-sa
  namespace: cncc

Configure service account for ingress-gateway and keycloak in cncc-core_values.yaml

Provide custom service account for ingress-gateway and cmservice under global.serviceAccountName in cncc-core_values.yaml as follows:

cncc-core_values.yaml
global:   
            serviceAccountName: cncc-core-sa

CNCC Core Configuration for Aspen Service Mesh (ASM)

This section describes about CNCC Core Configuration for Aspen Service Mesh (ASM).

  1. Annotations:

    Add Annotation traffic.sidecar.istio.io/excludeInboundPorts: "\"8081\"" under global.customExtention.lbDeployments.annotations section in cncc-core_values.yaml to disable mTLS on cncc-core ingress container port. 
    global:
  # ********  Sub-Section Start: Common Global Parameters *************
  # *******************************************************************
   
  customExtension:
    lbDeployments:
      labels: {}
      annotations:
        traffic.sidecar.istio.io/excludeInboundPorts: "\"8081\""
 
  # ********  Sub-Section End: Common Global Parameters *******************
  # ***********************************************************************
  2. Service Entry and Destination Rule
    1. For k8s cluster domain:

      Create Destination rule to disable mTLS at cncc-iam service FQDN.

      Example: Destination-Rule
      apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: cncc-iam-exclude-mtls
  namesapce: cncc
spec:
  host: cncc-iam-ingress-gateway.cncc.svc.cluster.local
  trafficPolicy:
    tls:
      mode: DISABLE
---
    2. For custom domain:

      Create service-entry and destination rule to disable mTLS at cncc-iam domain.

      Example: Service-entry & Destination-rule
      apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: cncc-iam-service-entry
  namesapce: cncc
spec:
  hosts:
  - ocnrf-cncc-iam # Custom CNCC IAM domain
  exportTo:
  - "."
  addresses:
  - 10.75.225.205 # IP of the k8s node where CNCC-IAM is deployed
  location: MESH_INTERNAL
  ports:
  - number: 30085
    name: http
    protocol: HTTP
  resolution: NONE
------------------------------
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: cncc-iam-exclude-mtls
  namesapce: cncc
spec:
  host: ocnrf-cncc-iam # Custom CNCC IAM domain
  trafficPolicy:
    tls:
      mode: DISABLE
------------------------------

CNCC Core Configuration for Operations Services Overlay (OSO)

This section describes about CNCC Core Configuration for Operations Services Overlay (OSO).

Add Annotation oracle.com/cnc: "\"true\"" under global.customExtention.lbDeployments.annotations section in cncc-core_values.yaml to indicate OSO to scrape metrics from ingress pod. 


global:
  # ********  Sub-Section Start: Common Global Parameters *************
  # *******************************************************************
   
  customExtension:
    lbDeployments:
      labels: {}
      annotations:
        oracle.com/cnc: "\"true\""
 
  # ********  Sub-Section End: Common Global Parameters *******************
  # ***********************************************************************

Installation Sequence for CNCC Core

Installation Sequence for CNCC Core:

  1. Installation Preparation.
  2. Configure custom-cncc-core_values.yaml file.

    This includes configuring the following based on the deployment:
    1. Repository path
    2. Domain and clusterdomain
    3. CNC Console details
    Note: Other configurations might be changed based on the deployment.
  3. CNC Console deployment:
    1. With helm repository
    2. With helm tar
  4. Verify CNC Core deployment

Deployment of CNCC Core

This procedure describes the steps to deploy CNCC Core. The below steps need to be executed from a server which has access to Kubectl and helm commands.

  1. Search helm chart:

    Execute the following command to search helm chart. 
    helm search <release_name>
    Example: helm search cncc-core
 
NAME                 CHART VERSION  APP VERSION  DESCRIPTION
	
ocspf-helm-repo/cncc-core 1.2.1      1.0        A Helm chart for CNC Console
  2. Prepare custom-cncc-core_values.yaml file:

    Prepare a custom-cncc-core_values.yaml file with the required parameter information.
  3. Deploy CNCC Core:

    Installation using helm repository

    Execute the following command: 
    For helm 2 based:
helm install --name <release_name> <helm-repo> -f custom-cncc-core_values.yaml --namenamespace<deployment<namespace_name> --version <helm_version>
For helm 3 based:
helm install <release_name> <helm-repo> -f custom-cncc-core_values.yaml --namespace <namespace_name> --version <helm_version>
    Where:

    helm-repo: repository name where the helm images, charts are stored

    values: helm configuration file which needs to be updated based on the docker registry

    release_name and namespace_name: depends on customer configuration

    Example: 
    For helm 2 based:
helm install --name cncc-core ocscp-helm-repo/ocscp -f custom-cncc-core_values.yaml  --namenamespace cncc --version 1.2.1
For helm 3 based:
helm install cncc-core ocscp-helm-repo/ocscp -f custom-cncc-core_values.yaml --namespace cncc --version 1.2.1

    Installation using helm tar

    Execute the following command: 
    For helm 2 based:
helm install --name cncc-core -f custom-cncc-core_values.yaml --name namespace <namespace> <chartpath>./<chart>.tgz
For helm 3 based:
helm install cncc-core -f custom-cncc-core_values.yaml --namespace <namespace> <chartpath>./<chart>.tgz
  4. Check repository status:

    Execute following command to check the deployment status.

    helm status <release_name>

  5. Check service status:

    Check if all the services are deployed and running: 
    kubectl -n <namespace_name> get services
    Example: $ kubectl -n cncc get services
    cncc-core-cmservice ClusterIP 10.233.13.43 <none> 8442/TCP 6m13s
    cncc-core-ingress-gateway LoadBalancer 10.233.11.14 10.75.182.79 8080:31417/TCP 6m13s
  6. Check pod status:

    Check if all the pods are up and running by executing following command:

    kubectl -n <namespace_name> get pods
    Example:$ kubectl -n cncc get pods
    NAME READY STATUS RESTARTS AGE
    cncc-core-cmservice-7f8b57c5bf-p4gvw 1/1 Running 0 6m18s
    cncc-core-ingress-gateway-5bfb8789cd-wls5p 1/1 Running 0 6m18s

CNCC Core Microservices

CNCC Core has two microservices:

  1. cncc-core-ingress-gateway :cncc-core-ingress-gateway is responsible to redirect the request to either producer NF or CNCC Core GUI.
  2. cncc-core_cmservice :cncc-core_cmservice is responsible for displaying CNCC Core GUI.

Following is an example of services CNCC Core offers:

Table 4-1 CNCC Core Microservices

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cncc-core-cmservice ClusterIP 10.233.13.43 <none> 8442/TCP 6m13s
cncc-core-ingress-gateway LoadBalancer 10.233.13.43 10.75.182.79 8080:31417/TCP 6m13s

CNCC Core Sample Custom Values

The custom-cncc-core_values.yaml file can also be downloaded from OHC. 

#########################################################
#            Section Start: global attributes           #
#########################################################
global:
 
  # ********  Sub-Section Start: Common Global Parameters ********
  #***************************************************************
   
  dockerRegistry: ocspf-registry.us.oracle.com:5000/ocscp
  serviceAccountName: ""
 
  customExtension:
    allResources:
      labels: {}
      annotations: {}
       
    lbServices:
      labels: {}
      annotations: {}
 
    lbDeployments:
      labels: {}
      annotations: {}
      #  traffic.sidecar.istio.io/excludeInboundPorts: "\"8081\""
      #  oracle.com/cnc: "\"true\""
 
    nonlbServices:
      labels: {}
      annotations: {}
 
    nonlbDeployments:
      labels: {}
      annotations: {}
 
  # ********  Sub-Section End: Common Global Parameters ********
  #*************************************************************
 
  # ********  Sub-Section Start: Ingress Gateway Global Parameters ********
  #************************************************************************
 
  # If https is enabled, this Port would be HTTP/1.0 Port (unsecured)
  # If https is disabled, this Port would be HTTPS/1.0 Port (secured SSL)
  publicHttpSignalingPort: 8080
  publicHttpsSignallingPort: 8443
     
  #Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
  type: LoadBalancer
     
  #Enable or disable IP Address allocation from Metallb Pool
  metalLbIpAllocationEnabled: true
   
  #Address Pool Annotation for Metallb
  metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: oam"
     
  #If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress
  #Else random IP will be assigned by the metalLB from its IP Pool
  staticIpAddressEnabled: false
  staticIpAddress: ""
   
  #If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort
  #Else random node port will be assigned by K8
  staticNodePortEnabled: true
  staticHttpNodePort: 30075
  staticHttpsNodePort: 30043
   
  nodeSelector:
    nodeKey: ""
    nodeValue: ""
     
  k8sResource:
    container:
      prefix: ""
      suffix: ""
 
# ********  Sub-Section End: Ingress Gateway Global Parameters ********
#**********************************************************************
#########################################################
#            Section End  : global attributes           #
#########################################################
 
###############################################################
#            Section Start  : cmservice attributes            #
###############################################################
cmservice:
  envLoggingLevelApp: WARN
   
  image:
    # image name
    name: cncc/cncc-cmservice-cm-tag
    # tag name of image
    tag: helm-tag
    # Pull Policy - Possible Values are:- Always, IfNotPresent, Never   
    pullPolicy: Always
    
  # Resource details
  resources:
    limits:
      cpu: 2
      memory: 2Gi
    requests:
      cpu: 1
      memory: 1Gi
    
  # Deployment details  
  deployment:
    customExtension:
      labels: {}
      annotations: {}
     
    envManageNF: SCP, NRF, UDR, POLICY
    # This is the name of product which appears as brand name and can be used to mention site name as well.
    # envSystemName: CNCC - Site Name
    envSystemName: CNCC
    # This is the version of product which appears with brand name.
    envNFVersion: 1.2.1
    # This is the name of the Project that appears on the Window
    cmWindowName: CNCC
    # Applicable for POLICY deployment, this enables Import Export buttons.
    # Make cmEnableImportExport : true in case of POLICY deployment
    cmEnableImportExport: false
     
    nodeSelectorEnabled: false
    nodeSelectorKey: zone
    nodeSelectorValue: app
     
    dependenciesLogging:
      - name: logging.level.org.springframework
        value: WARN
      - name: logging.level.io.undertow
        value: WARN
     
    logging:
      burst:
        rate: 750
        max: 3000
 
  service:
    customExtension:
      labels: {}
      annotations: {}
     
    http:
      port: 8442
     
    type: ClusterIP
#########################################################
#            Section End  : cmservice attributes        #
#########################################################
 
###############################################################
#         Section Start  : ingress gateway attributes         #
###############################################################
ingress-gateway:
  image:
    # image name
    name: cncc/cncc-apigateway-api-tag
    # tag name of image
    tag: helm-tag
    # Pull Policy - Possible Values are:- Always, IfNotPresent, Never
    pullPolicy: Always
     
  initContainersImage:
    # inint Containers image name
    name: cncc/apigw-configurationinit-init-tag
    # tag name of init Container image
    tag: helm-tag
    # Pull Policy - Possible Values are:- Always, IfNotPresent, Never
    pullPolicy: Always
     
  updateContainersImage:
    # update Containers image name
    name: cncc/apigw-configurationupdate-update-tag
    # tag name of update Container image
    tag: helm-tag
    # Pull Policy - Possible Values are:- Always, IfNotPresent, Never
    pullPolicy: Always   
     
  service:
    ssl:
      tlsVersion: TLSv1.2
       
      privateKey:
        k8SecretName: cncc-core-ingress-secret
        k8NameSpace: cncc
        rsa:
          fileName: rsa_private_key_pkcs1.pem
        ecdsa:
          fileName: ssl_ecdsa_private_key.pem
   
      certificate:
        k8SecretName: cncc-core-ingress-secret
        k8NameSpace: cncc
        rsa:
          fileName: ssl_rsa_certificate.crt
        ecdsa:
          fileName: ssl_ecdsa_certificate.crt
   
      caBundle:
        k8SecretName: cncc-core-ingress-secret
        k8NameSpace: cncc
        fileName: caroot.cer
   
      keyStorePassword:
        k8SecretName: cncc-core-ingress-secret
        k8NameSpace: cncc
        fileName: ssl_keystore.txt
   
      trustStorePassword:
        k8SecretName: cncc-core-ingress-secret
        k8NameSpace: cncc
        fileName: ssl_truststore.txt
   
      initialAlgorithm: RSA256
   
    # Labels and Annotations that are specific to service ingressgateway are added here.
    customExtension:
      labels: {}
      annotations: {}
   
    # Labels and Annotations that are specific to deployment ingressgateway are added here.
  deployment:
    customExtension:
      labels: {}
      annotations: {}
   
  ports:
    # ContainerPort represents a network port in a single container
    containerPort: 8081
    containersslPort: 8443
    actuatorPort: 9090
   
  # Set the root log level
  log:
    level:
      root: WARN
      ingress: INFO
      cncc:
        security: INFO
   
  readinessProbe:
    # tells the kubelet that it should wait second before performing the first probe
    initialDelaySeconds: 30
    # Number of seconds after which the probe times out
    timeoutSeconds: 3
    # specifies that the kubelet should perform a liveness probe every xx seconds
    periodSeconds: 10
    # Minimum consecutive successes for the probe to be considered successful after having failed
    successThreshold: 1
    # When a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up
    failureThreshold: 3
     
  livenessProbe:
    # tells the kubelet that it should wait second before performing the first probe
    initialDelaySeconds: 30
    # Number of seconds after which the probe times out
    timeoutSeconds: 3
    # specifies that the kubelet should perform a liveness probe every xx seconds
    periodSeconds: 15
    # Minimum consecutive successes for the probe to be considered successful after having failed
    successThreshold: 1
    # When a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up
    failureThreshold: 3
   
  # Resource details
  resources:
    limits:
      cpu: 2
      initServiceCpu: 1
      updateServiceCpu: 1
      memory: 2Gi
      updateServiceMemory: 1Gi
      initServiceMemory: 1Gi     
    requests:
      cpu: 1
      initServiceCpu: 0.5
      updateServiceCpu: 0.5
      memory: 1Gi
      updateServiceMemory: 0.5Gi
      initServiceMemory: 0.5Gi     
    target:
      averageCpuUtil: 80
     
  # Nuber of Pods must always be available, even during a disruption.
  minAvailable: 1
  # Min replicas to scale to maintain an average CPU utilization
  minReplicas: 1
  # Max replicas to scale to maintain an average CPU utilization
  maxReplicas: 5
   
  allowedCipherSuites:
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 
  cipherSuites:
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
   
  # To Initialize SSL related infrastructure in init/update container
  initssl: false
  #Server Configuration for http and https support
  enableIncomingHttp: true
  enableIncomingHttps: false
   
  ingressGwCertReloadEnabled: false
  ingressGwCertReloadPath: /ingress-gw/certificate/reload
 
  # Routes Configurations
  routesConfig:
  # Note: Update FQDN and PORT with actual values. If not remove those routes else CNCC will fail to deploy.
  # CNCC requires complete routes and not placeholders.
  # Default mapping should be the last route entry.
  # Examples for routes
  #- id: scp_configuration
  #  uri: http://10.75.153.121:31131
  #  path: /soothsayer/v1/**
  #- id: default_configuration
  #  uri: http://cncc-core-cmservice.cncc.svc.cluster.local:8442
  #  path: /**
  - id: scpc_configuration
    uri: http://<FQDN>:<PORT>
    path: /soothsayer/v1/**
  - id: nrf_configuration
    uri: http://<FQDN>:<PORT>
    path: /nrf-configuration/v1/**
  - id: udr1
    uri: http://<FQDN>:<PORT>
    path: /nudr-dr-prov/**,/nudr-dr-mgm/**,/nudr-group-id-map-prov/**,/slf-group-prov/**
  - id: udr2
    uri: http://<FQDN>:<PORT>
    path: /nudr-config/**
  - id: policy_configuration
    uri: http://<FQDN>:<PORT>
    path: /policyapi/**
    filters:
      rewritePath: "/policyapi(?<segment>/?.*), $\\{segment}"
  - id: default_configuration # Default configuration should be the last routesConfig entry
    uri: http://<helmrelease>-cmservice.<namespace>.<domain>:8442
    path: /**
 
  nodeSelector:
    nodeKey: ""
    nodeValue: ""
 
  # CNCC configuration
  cncc:
    # Enable cncc feature including iam
    enabled: true
    # Enable security logs
    securityLogEnabled: true
    # Core Configuration
    core:
      # Session Timeout Value in Seconds. Default: 1800, Minimum: 300, Maximum: 7200
      sessionTimeoutSeconds: 1800
    # IAM Configuration
    # uri should include the CNCC IAM ingress-gateway externalIp and service port (e.g. http://10.75.182.72:8080)
    iam:
      uri: http://<IP>:<PORT>
#########################################################
#            Section End  : ingress gateway attributes  #
#########################################################

Note:

  • The field ingress-gateway.cncc.iam.urishould include the CNCC IAM Console URL. Check Accessing CNCC IAM Services for the URL.
  • For POLICY deployment set cmEnableImportExport : true , this enables Import and Export buttons. It is applicable only for POLICY deployment.

CNCC Core Configuration Parameters

Following tables provide list of configuration parameters in the Helm file:

Attribute Name DataType Range Mandatory(M)/ Optional(O)/Conditional(C) Description
global.serviceAccountName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. An image name may not start with a period or a dash and may contain a maximum of 128 characters O

Name of service account.

If this field is kept empty then a default service account 'cncc-core-service-account' is created.

If any value is provided then a service account has to be created manually.

kubectl create serviceaccount <name> -n
                                <namespace>
global.dockerRegistry <String> It may contain lowercase letters, digits, and separators. A separator is defined as a period, one or two underscores, or one or more dashes. M

Here user provides the registry that contains cncc core images.

It comprises of the following:

<registry-url>:<registry-port>

e.g.: ocspf-registry.us.oracle.com:5000
global.publicHttpSignalingPort <Integer> It can take value in the range: 0-65535 O

It is the port on which ingress-gateway service is exposed

# If httpsEnabled is false, this Port would be HTTP/2.0 Port (unsecured)

publicHttpSignalingPort: 80
global.publicHttpsSignallingPort <Integer> It can take value in the range: 0-65535. O

It is the port on which ingress-gateway service is exposed

# If httpsEnabled is true, this Port would be HTTPS/2.0 Port (secured SSL)
global.type <String> It can take value LoadBalance/NodePort depending upon one wants to expose the service from outside the Kubernetes cluster or not. O It is used to decide where user wants to expose the service from outside the Kubernetes cluster or not.
global.metalLbIpAllocationEnabled <Boolean>

True/False

By default, it is true.

 O This field enables or disables IP Address allocation from Metallb Pool
global.metalLbIpAllocationAnnotation <Stirng>

Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters

Default set to : metallb.universe.tf/address-pool: signaling"

   It is the address Pool Annotation for Metallb
global.staticIpAddressEnabled <Boolean>

True/False

By default, it is false.

 O If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress else random IP will be assigned by the metalLB from its IP Pool
global.staticIpAddress <Stirng> Valid ASCII aserviceAccountNamend may contain lowercase and uppercase letters, digits, underscores, periods and dashes. It may not start with a period or a dash and may contain a maximum of 128 characters O If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress else random IP will be assigned by the metalLB from its IP Pool
global.staticNodePortEnabled <Boolean>

True/False

By default, it is true.

 O If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort else random node port will be assigned by K8s
global.staticHttpNodePort <Integer>

It can take value in the range: 0-65535.

Default value:30075

 O If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort else random node port will be assigned by K8s
global.staticHttpsNodePort <Integer>

It can take value in the range: 0-65535.

Default value:30075

 O If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort else random node port will be assigned by K8s
global.nodeSelector.nodeKey <String>   O global node selector key
global.nodeSelector.nodeValue <String>   O global node value key
global.customExtension.allResources.labels   Custom Labels that needs to be added to all the Ingress-Gateway k8s resources O This can be used to add custom label(s) to all k8s resources that will be created by Ingress-Gateway helm chart.
global.customExtension.allResources.annotations   Custom Annotations that needs to be added to all the Ingress-Gateway k8s resources O This can be used to add custom annotation(s) to all k8s resources that will be created by Ingress-Gateway helm chart.
global.customExtension.lbServices.labels   Custom Labels that needs to be added to Ingress-Gateway Services that are considered as Load Balancer type O This can be used to add custom label(s) to all Load Balancer Type Services that will be created by Ingress-Gateway helm chart.
global.customExtension.lbServices.annotations   Custom Annotations that needs to be added to Ingress-Gateway Services that are considered as Load Balancer type O This can be used to add custom annotation(s) to all Load Balancer Type Services that will be created by Ingress-Gateway helm chart.
global.customExtension.lbDeployments.labels   Custom Labels that needs to be added to Ingress-Gateway Deployments that are associated to a Service which is of Load Balancer type O This can be used to add custom label(s) to all Deployments that will be created by Ingress-Gateway helm chart which are associated to a Service which if of Load Balancer Type.
global.customExtension.lbDeployments.annotations   Custom Annotations that needs to be added to Ingress-Gateway Deployments that are associated to a Service which is of Load Balancer type O This can be used to add custom annotation(s) to all Deployments that will be created by Ingress-Gateway helm chart which are associated to a Service which if of Load Balancer Type.
global.customExtension.nonlbServices.labels   Custom Labels that needs to be added to Ingress-GatewayServices that are considered as not Load Balancer type O This can be used to add custom label(s) to all non-Load Balancer Type Services that will be created by Ingress-Gateway helm chart.
global.customExtension.nonlbServices.annotations   Custom Annotations that needs to be added to Ingress-Gateway Services that are considered as not Load Balancer type O This can be used to add custom annotation(s) to all non-Load Balancer Type Services that will be created by Ingress-Gateway helm chart.
global.customExtension.nonlbDeployments.labels   Custom Labels that needs to be added to Ingress-Gateway Deployments that are associated to a Service which is not of Load Balancer type O This can be used to add custom label(s) to all Deployments that will be created by Ingress-Gateway helm chart which are associated to a Service which if not of Load Balancer Type.
global.customExtension.nonlbDeployments.annotations   Custom Annotations that needs to be added to Ingress-Gateway Deployments that are associated to a Service which is not of Load Balancer type O This can be used to add custom annotation(s) to all Deployments that will be created by Ingress-Gateway helm chart which are associated to a Service which if not of Load Balancer Type.
global.k8sResource.container.prefix   Value that will be prefixed to all the container names of Ingress-Gateway.   This value will be used to prefix to all the container names of Ingress-Gateway
global.k8sResource.container.suffix   Value that will be suffixed to all the container names of Ingress-Gateway.   This value will be used to suffix to all the container names of Ingress-Gateway.
cmservice.envLoggingLevelApp <String> It can take values like: WARN, DEBUG, INFO, TRACE etc. O

It is the level at which user wants to see the logs.

E.g. WARN
cmservice.image.name <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. An image name may not start with a period or a dash and may contain a maximum of 128 characters M Image Name to be used for "cncc-cmservice" micro service
cmservice.image.tag <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters M Image Tag to be used for "cncc-cmservice" micro service
cmservice.image.pullPolicy <String>

It can take a value from the following:

IfNotPresent, Always, Never

IfNotPresent is the default pullPolicy

 M Pull Policy decides from where to pull the image.
cmservice.resources.limits.cpu <Float> Valid floating point value between 0 and 1 O It limits the number of CPUs to be used by the "cncc-cmservice" microservice. By default, it is set to '2'.
cmservice.resources.limits.memory <String> Valid Integer value followed by Mi/Gi etc. O It limits the memory utilization by the "cncc-cmservice" microservice. By default, it is set to '2'.
cmservice.resources.requests.cpu <Float> Valid floating point value between 0 and 1 O It provides a given number of CPUs for the "cncc-cmservice" microservice. By default, it is set to '2'.
cmservice.resources.requests.memory <String> Valid Integer value followed by Mi/Gi etc. O It provides a given amount of memory for the "cncc-cmservice" microservice. By default, it is set to '1.
cmservice.deployment.envManageNF <String> It is the List of NFsE.g. SCP, POLICY M It is the list of the enabled NFs and the same NFs will be displayed in the GUI
cmservice.deployment.envSystemName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator M

This is the name of product which appears as brand name and can be used to mention site name as well.

E.g.

envSystemName: CNCC
cmservice.deployment.envNFVersion <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator. M

This is the version of product which appears with brand name.

E.g. envNFVersion: 1.2.0
cmservice.deployment.cmWindowName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator M

This is the name of the window that appears on the browser tab.

E.g.

cmWindowName: CNCC
cmservice.deployment.nodeSelectorEnabled <boolean>

It can take either True or False value.

By default, it is false.

 O NodeSelector is the simplest recommended form of node selection constraint. NodeSelector is a field of PodSpec. It specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels
cmservice.deployment.nodeSelectorKey <String> By default, its value is zone. O Node Selector Key
cmservice.deployment.nodeSelectorValue <String> By default, its value is app. O Node Selector value
cmservice.deployment.dependenciesLogging[].name <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Name of the package that for which log level is to be set.

Eg: logging.level.org.springframework
cmservice.deployment.dependenciesLogging[].value <String> It can take values like: WARN, DEBUG, INFO, TRACE etc. O

It is the level at which user wants to see the logs.

E.g. WARN
cmservice.service.customExtension.labels <String> Custom Labels that needs to be added to all the cmservice k8s resources O This can be used to add custom label(s) to all k8s resources that will be created by cmservice helm chart.
cmservice.service.customExtension.annotations <String> Custom Annotations that needs to be added to all the cmservice k8s resources O This can be used to add custom annotation(s) to all k8s resources that will be created by cmservice helm chart.
cmservice.service.http.port <Integer> It can take value in the range: 0-65535 O It is the port number which makes cmservice visible to other services running within the same K8s cluster
cmservice.service.type <String> It can take only 'ClusterIP' as the value. O It is used to decide where user wants to expose the service from outside the Kubernetes cluster or not.
ingress-gateway.image.name <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator M It is the image name of the ingress-gateway as provided by the user
ingress-gateway.image.tag <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters M Image Tag to be used for ingress-gateway.
ingress-gateway.image.pullPolicy <String>

It can take a value from the following:

IfNotPresent, Always, Never

IfNotPresent is the default pullPolicy

 O Pull Policy decides from where to pull the image.
ingress-gateway.initContainersImage.name <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator M Image Name to be used for "cncc-cmservice" micro service
ingress-gateway.initContainersImage.tag <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters M Image Tag to be used for "cncc-cmservice" micro service
ingress-gateway.initContainersImage.pullPolicy <String>

It can take a value from the following:

IfNotPresent, Always, Never

IfNotPresent is the default pullPolicy

 O Pull Policy decides from where to pull the image.
ingress-gateway.updateContainersImage.name <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator M Image Name to be used for "cncc-cmservice" micro service
ingress-gateway.updateContainersImage.tag <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters M Image Tag to be used for "cncc-cmservice" micro service
ingress-gateway.updateContainersImage.pullPolicy <String>

It can take a value from the following:

IfNotPresent, Always, Never

IfNotPresent is the default pullPolicy

 O Pull Policy decides from where to pull the image.
ingress-gateway.service.ssl.tlsVersion <String>

Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator.

It is set to TLSv1.2

 O It is the TLS version
ingress-gateway.service.ssl.privateKey.k8SecretName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Name of the privatekey secret

Ex: cncc-core-ingress-secret
ingress-gateway.service.ssl.privateKey.k8NameSpace <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Namespace of privatekey

Ex: cncc
ingress-gateway.service.ssl.privateKey.rsa.fileName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

rsa private key file name

Ex: rsa_private_key_pkcs1.pem
ingress-gateway.service.ssl.privateKey.ecdsa.fileName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

ecdsa private key file name

Ex: ssl_ecdsa_private_key.pem
ingress-gateway.service.ssl.certificate.k8SecretName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Name of the certificate secret

Ex: cncc-core-ingress-secret
ingress-gateway.service.ssl.certificate.k8NameSpace <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Namespace of certificate

Ex: cncc
ingress-gateway.service.ssl.certificate.rsa.fileName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

rsa certificate file name

Ex: ssl_rsa_certificate.crt
ingress-gateway.service.ssl.certificate.ecdsa.fileName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

ecdsa certificate file name

Ex: ssl_ecdsa_certificate.crt
ingress-gateway.service.ssl.caBundle.k8SecretName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Name of the caBundle secret

Ex: cncc-core-ingress-secret
ingress-gateway.service.ssl.caBundle.k8NameSpace <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Namespace of caBundle

Ex: cncc
ingress-gateway.service.ssl.caBundle.fileName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

rsa caBundle file name

Ex: caroot.cer
ingress-gateway.service.ssl.keyStorePassword.k8SecretName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Name of the keyStorePassword secret

Ex: cncc-core-ingress-secret
ingress-gateway.service.ssl.keyStorePassword.k8NameSpace <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Namespace of keyStorePassword

Ex: cncc
ingress-gateway.service.ssl.keyStorePassword.fileName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

File name that has password for keyStore

Ex: ssl_keystore.txt
ingress-gateway.service.ssl.trustStorePassword.k8SecretName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Name of the trustStorePassword secret

Ex: cncc-core-ingress-secret
ingress-gateway.service.ssl.trustStorePassword.k8NameSpace <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

Namespace of trustStorePassword

Ex: cncc
ingress-gateway.service.ssl.trustStorePassword.fileName <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O

File name that has password for trustStore

Ex: ssl_truststore.txt
ingress-gateway.service.ssl.initialAlgorithm <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator O Default values is RSA256
ingress-gateway.service.customExtension.labels   Custom Labels that needs to be added to ingress-gateway specific Service. O This can be used to add custom label(s) to ingress-gateway Service.
ingress-gateway.service.customExtension.annotations   Custom Annotations that needs to be added to ingress-gateway specific Services. O This can be used to add custom annotation(s) to ingress-gateway Service.
ingress-gateway.deployment.customExtension.labels   Custom Labels that needs to be added to ingress-gateway specific Deployment. O This can be used to add custom label(s) to ingress-gateway Deployment.
ingress-gateway.deployment.customExtension.annotations   Custom Annotations that needs to be added to ingress-gateway specific Deployment. O This can be used to add custom annotation(s) to ingress-gateway Deployment.
ingress-gateway.readinessProbe.initialDelaySeconds <Integer>

It can take value in the range: 0-65535.

Default value:30

 O It tells the kubelet that it should wait second before performing the first probe
ingress-gateway.readinessProbe.timeoutSeconds <Integer>

It can take value in the range: 0-65535.

Default value:3

 O It is the number of seconds after which the probe times out
ingress-gateway.readinessProbe.periodSeconds <Integer>

It can take value in the range: 0-65535.

Default value:10

 O It specifies that the kubelet should perform a liveness probe every xx seconds
ingress-gateway.readinessProbe.successThreshold <Integer>

It can take value in the range: 0-65535.

Default value:1

 O Minimum consecutive successes for the probe to be considered successful after having failed
ingress-gateway.readinessProbe.failureThreshold <Integer>

It can take value in the range: 0-65535.

Default value:3

 O When a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up
ingress-gateway.livenessProbe.initialDelaySeconds <Integer>

It can take value in the range: 0-65535.

Default value:30

 O It tells the kubelet that it should wait second before performing the first probe
ingress-gateway.livenessProbe.timeoutSeconds <Integer>

It can take value in the range: 0-65535.

Default value:3

 O It is the number of seconds after which the probe times out
ingress-gateway.livenessProbe.periodSeconds <Integer>

It can take value in the range: 0-65535.

Default value:15

 O It specifies that the kubelet should perform a liveness probe every xx seconds
ingress-gateway.livenessProbe.successThreshold <Integer>

It can take value in the range: 0-65535.

Default value:1

 O Minimum consecutive successes for the probe to be considered successful after having failed
ingress-gateway.livenessProbe.failureThreshold <Integer>

It can take value in the range: 0-65535.

Default value:3

 O When a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up
ingress-gateway.minAvailable <Integer>

It can take value in the range: 0-65535.

Default value:1

 O It is the number of pods that must always be available, even during a disruption.
ingress-gateway.minReplicas <Integer>

It can take value in the range: 0-65535.

Default value:1

 O Min replicas to scale to maintain an average CPU utilization
ingress-gateway.maxReplicas <Integer>

It can take value in the range: 0-65535.

Default value:5

 O Max replicas to scale to maintain an average CPU utilization
ingress-gateway.initssl <Boolean>

It can take either True or False value.

By default, it is false.

 O To Initialize SSL related infrastructure in init/update container
ingress-gateway.enableIncomingHttp <Boolean>

It can take either True or False value.

By default, it is false.

 O Server Configuration for http and https support
ingress-gateway.enableIncomingHttps <Boolean>

It can take either True or False value.

By default, it is false.

 O Server Configuration for http and https support
ingress-gateway.cipherSuites <List[String]>

TLS_ECDHE_ ECDSA_WIT H_AES_256_ GCM_SHA38 4

TLS_ECDHE_ RSA_WITH_ AES_256_GC M_SHA384

TLS_ECDHE_ RSA_WITH_ CHACHA20_ POLY1305_S HA256

TLS_DHE_RS A_WITH_AE S_256_GCM_ SHA384

TLS_ECDHE_ ECDSA_WIT H_AES_128_ GCM_SHA25 6

TLS_ECDHE_ RSA_WITH_ AES_128_GC M_SHA256

 M, if ingressgateway.enableIncomingHttps is true Allowed CipherSuites for TLS1.2
ingress-gateway.cncc.enabled <Boolean>

It can take either True or False value.

By default, it is true.

 M It enables CNCC features i.e authentication and authorization on ingress
ingress-gateway.cncc.securitylogEnabled <boolean>

It can take either True or False value.

By default, it is true

 O This flag is to enable/disable security logs for cncc.
ingress-gateway.cncc.core.sessionTimeoutSeconds <Integer> It can take value in the range: 0-65535.Default Value: 1800 M

It takes the timeout value for CNCC Session in seconds.

Default: 1800

Minimum: 300

Maximum: 7200
ingress-gateway.cncc.iam.uri <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A name component may not start or end with a separator M It is the URI of the cncc-iam ingress.
ingress-gateway.ports.containerPort <Integer>

It can take value in the range: 0-65535.

Default value: 8081

 O It is the http port of the container for the ingress-gateway.
ingress-gateway.ports.containersslPort <Integer>

It can take value in the range: 0-65535.

Default value: 8443

 O It is the https port of the container for the ingress-gateway.
ingress-gateway.ports.actuatorPort <Integer>

It can take value in the range: 0-65535.

Default value: 9090

 O It is the actuator port of the container for the ingress-gateway.
ingress-gateway.log.level.root <String> It can take values like: WARN, DEBUG, INFO, TRACE etc. O

It is the level at which user wants to see the logs.

E.g. WARN
ingress-gateway.log.level.ingress <String> It can take values like: WARN, DEBUG, INFO, TRACE etc. O Log level for ingress logs
ingress-gateway.log.level.cncc.security <String> It can take values like: WARN, DEBUG, INFO, TRACE etc. O Log level for cncc security logs
ingress-gateway.resources.limits.cpu <Float> Valid floating point value between 0 and 1 O It limits the number of CPUs to be used by the microservice.
ingress-gateway.resources.limits.memory <String> Valid Integer value followed by Mi/Gi etc. O It limits the memory utilization by the microservice.
ingress-gateway.resources.requests.cpu <Float> Valid floating point value between 0 and 1 O It provides a given number of CPUs for the microservice.
ingress-gateway.resources.requests.memory <String> Valid Integer value followed by Mi/Gi etc. O It provides a given amount of memory for the microservice.
ingress-gateway.resources.target.averageCpuUtil <Integer> A value in between 0-100 O It gives the average CPU utilization percentage.
ingress-gateway.routesConfig[].id <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. M If SCP route needs to be added to CNC Console Core ingress-gateway
ingress-gateway.routesConfig[].uri <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. M
ingress-gateway.routesConfig[].path <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. M
ingress-gateway.routesConfig[].order <Integer> Valid Integer value O
ingress-gateway.routesConfig[].filters.rewritePath <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. O
ingress-gateway.ingressGwCertReloadEnabled <boolean>

It can take either True or False value.

By default, it is false.

 M  
ingress-gateway.ingressGwCertReloadPath <String> Valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. M  
ingress-gateway.nodeSelector.nodeKey <String>   O node selector key specific to chart (note this will be looked first and then if not present global node key will be picked)
ingress-gateway.nodeSelector.nodeValue <String>   O node selector value specific to chart (note this will be looked first and then if not present global node value will be picked)

CNCC Core Service Access

CNCC Core service can be accessed by following URL:

<scheme>://<cncc-core-ingress-extrenal-ip>:<cncc-core-ingress-service-port>

Example: http://10.75.182.79:8080

Note:

Login to CNC IAM and add redirect url pointing CNCC Core. CNCC cannot be accessed before CNCC IAM is configured to redirect. Refer CNCConsole 1.2 Post Installation Steps for CNCC-IAM

CNCC Core Uninstall

CNCC Core can be uninstalled as follows. The following step needs to be executed from a server that has access to Kubectl and helm commands:

Execute the following command to uninstall CNCC Core: 
For Helm 2:
$ helm delete <deployment name> --purge
Example:
$ helm delete cncc-core --purge

For Helm 3:
$ helm uninstall <deployment name> --namespace <deployment namespace>
Example:
$ helm uninstall cncc-core --namespace cncc

CNCC Supported NFs and Version Compatibility

SR.No NF NF Version Enabling NFs Route Configuration Remarks
1 SCP 1.7.0

Update in cmservice section of values.yaml

envManageNF:SCP
Update in routeConfig under ingress section in values.yaml

- id: scpc_configuration   
  uri: http://<FQDN>:<PORT>  
  path: /soothsayer/v1/**
  
2 NRF 1.7.0

Update in cmservice section of values.yaml

envManageNF:NRF
Update in routeConfig under ingress section in values.yaml

- id: nrf_configuration
  uri: http://<FQDN>:<PORT>
  path: /nrf-configuration/v1/**
  
3 POLICY 1.7.0

Update in cmservice section of values.yaml

envManageNF: POLICY
cmEnableImportExport: true

Update in routeConfig under ingress section in values.yaml


  - id: policy_configuration
    uri: http://<FQDN>:<PORT>
    path: /policyapi/**
    filters:
      rewritePath: "/policyapi(?<segment>/?.*), $\\{segment}"
  1. For enabling POLICY, add POLICY in "envManageNF" field.
  2. To enable Import, Export buttons set cmEnableImportExport as true. It is applicable only for POLICY GUI.
cmEnableImportExport: true
6 UDR 1.7.0

Update in cmservice section of values.yaml

envManageNF:UDR
Update in routeConfig under ingress section in values.yaml
	
 - id: udr1
   uri: http://<FQDN>:<PORT>
   path: /nudr-dr-prov/**,/nudr-dr-mgm/**,/nudr-group-id-map-prov/**,/slf-group-prov/**
 - id: udr2
   uri: http://<FQDN>:<PORT>
   path: /nudr-config/**
l