7 IWF Configurable Parameters
This section includes information about configurable parameters required during IWF installation.
The following tables describes the configuration parameters
for each micro service that is configured during IWF deployment using
ociwf-custom.values.yaml
file:
pcf-gateway Microservice
Table 7-1 pcf-gateway Microservice
| Parameter | Description | Default Value |
|---|---|---|
| global.dockerRegistry | Image repo | cgbudocker.us.oracle.com :5655 |
| global.imageTag | Image tag | latest |
| pcf.deploymentOcpmPcfDiamGateway.envGatewayMode | Mode of gateway | bsf |
| pcf.deploymentOcpmPcfDiamGateway.image | Name of the image | diam-gateway |
| pcf.deploymentOcpmPcfDiamGateway.imageTag | Tag of the Image | 1.5.0 |
| pcf.hostIp | Host IP | slave1=10.196.46.13 |
iwf-mediation
Table 7-2 IWF Mediation Microservice
| Parameter | Description | Default Value |
|---|---|---|
| image.name | Image name | ocmed-iwf-mediation |
| image.repository | Image repository name | reg-1:5000 |
| image.tag | Tag of Image | 1.5.0 |
| service.active.ForwardToTest | Whether Trial rule test needs to be enabled or not | Disable |
| service.active.nodePortHttp | Http port to receive traffic | 30079 |
| service.active.nodePortHttps | Https port to receive traffic | 30080 |
iwf-mediation-test Microservice
Table 7-3 iwf-mediation-test Microservice
| Parameter | Description | Default Value |
|---|---|---|
| image.repository | Image repository name | reg-1:5000 |
| Image name | Image name | ocmed-iwfmediation |
| image.tag | Tag of Image | 1.5.0 |
nf-mediation
Table 7-4 NF Mediation Microservice
| Parameter | Description | Default Value |
|---|---|---|
| image.name | Image name | ocmed-nf-mediation |
| image.repository | Image repository name | reg-1:5000 |
| image.tag | Tag of Image | 1.5.0 |
| service.active.ForwardToTest | Whether Trial rule test needs to be enabled or not | Disable |
| service.active.nodePortHttp | Http port to receive traffic | 30081 |
| service.active.nodePortHttps | Https port to receive traffic | 30082 |
nf-mediation-test Microservice
Table 7-5 nf-mediation-test Microservice
| Parameter | Description | Default Value |
|---|---|---|
| image.repository | Image repository name | reg-1:5000 |
| Image name | Image name | ocmed-nfmediation |
| image.tag | Tag of Image | 1.5.0 |
iwf-d2h
Table 7-6 IWF D2H Microservice
| Parameter | Description | Default Value |
|---|---|---|
| image.repository | Image repository name | reg-1:5000 |
| image.name | Image name | ociwf-iwfd2h |
| image.tag | Tag of Image | 1.5.0 |
| opentracingHost | Kubernetes master node IP addres | 127.0.0.1 (Customer must provide the correct IP address) |
| opentracingPort | UDP node port of Jaeger-Agent | 0 (Customer must provide the correct port) |
iwf-h2d
Table 7-7 IWF H2D Microservice
| Parameter | Description | Default Value |
|---|---|---|
| image.repository | Image repository name | reg-1:5000 |
| image.name | Image name | ociwf-iwfh2d |
| image.tag | Tag of Image | 1.5.0 |
| opentracingHost | Kubernetes master node IP address | 127.0.0.1 (Customer must provide the correct IP address) |
| opentracingPort | UDP node port of Jaeger-Agent | 0 (Customer must provide the correct port) |
iwf-diameterproxy
Table 7-8 IWF Diameter Proxy Microservice
| Parameter | Description | Default Value |
|---|---|---|
| image.repository | Image repository name | reg-1:5000 |
| image.name | Image name | ociwf-iwfdiamproxy |
| image.tag | Tag of Image | 1.5.0 |
| DIAMETER_Realm | Diameter Realm of PT diameter node | Customer must provide the realm to be used |
| DIAMETER_Identity | FQDN of PT diameter node | Customer must provide the FQDN to be used |
| dpDBService1 | MySQL cluster's node-1 IP address or MySQL K8s service name | iwf-pt-mysql-svc (customer must provide correct value) |
| dpDBService2 | MySQL cluster's node-2IP addressor MySQL K8s service name | iwf-pt-mysql-svc (customer must provide correct value) |
| opentracingHost | Kubernetes master node IP address | 127.0.0.1 (Customer must provide the correct IP address) |
| opentracingPort | UDP node port of Jaeger-Agent | 0 (Customer must provide the correct port) |
| pcfDiscoveryMode | Flag which enables to switch modes(PDRA and D2H) | true |
| connectorMode | Mode of Diameter Connector | bsf |
iwf-mysql
Table 7-9 IWF MYSQL Microservice
| Parameter | Description | Default Value | Notes |
|---|---|---|---|
| enabled | Option to provision local K8s MySQL pod | false | Customer needs to fill it. When set to true the local mysql pod is brought up (Note: This is only for testing purpose, not for production. Production environment is expected to use MySQL cluster) |
| mysqlUser | MySQL User name | iwfusr | Customer needs to fill the user name to be used Note: This is only applicable when the above mentioned "enabled" option is set to true, else customer need not configure. |
| mysqlPassword | MySQL User password | Customer needs to fill the user password to be used (Note: This is only applicable when the above mentioned "enabled" option is set to true, else customer need not configure) | |
| initializationFiles.iwf-db.sql | Mysql ddl commands to be run while deploying the Mysql pod | CREATE DATABASE IF NOT EXISTS iwfdb DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; | Should Not be changed (Note: This is only applicable when the above mentioned "enabled" option is set to true, else customer need not configure) |
| initializationFiles.permission.sql | Mysql permission to the user | GRANT ALL PRIVILEGES ON *.* TO 'iwfusr'@'%'; | Customer needs to edit the "user name" in the command command, based on the value set to " mysqlUser" option. (Note: This is only applicable when the above mentioned "enabled" option is set to true, else customer need not configure) |
iwf-nrfclient
Table 7-10 IWF NRF Client Microservice
| Parameter | Description | Default Value |
|---|---|---|
| ociwf-appinfo | For checking the status of the NF's registered services | app_info:1.5.1 |
| ociwf-performance | For monitoring and analysis of the services to probe performance data, and provide analysis output including load, capacity | perf_info:1.5.0 |
| ociwf-nrf-client-nfdiscovery | For performing NfRegistration, NfSubscription and NfDiscovery | nrf-client:1.2.2 |
| ociwf-ocpm-config | config_server:1.5.0 | |
| readiness-detector | nrf-client/readiness-detector:latest |
iwf-pcfdiscovery
Table 7-11 iwf-pcfdiscovery Microservice
| Parameter | Description | Default Value |
|---|---|---|
| image.repository | Image repository Name | reg-1:5000 |
| image.name | Image Name | ociwf |
| image.tag | Tag or Image | 1.5.0 |
| opentracingHost | Kubernetes master node IP address | 127.0.0.1 (Customer must provide the correct IP address) |
| opentracingPort | UDP node port of Jaeger-Agent | 0 (Customer must provide the correct port) |
| bsfSvc | Service or IP of the BSF | |
| bsfPort | Port of the BSF | 8080 |
Diameter Peer configuration
Peer nodes are configured in gateway in
configmap-pcf-diam-gateway-service-diameter.yaml
file in location of chart pcf/templates
The sample is provided below:
apiVersion: v1
kind: ConfigMap
metadata:
name: pcf-diam-gateway-config-peers
data:
diameter-config-peers: |
version: '0.3'
kind: 'diameter-config'
metadata:
label: 'diameter-config-peers'
setting:
reconnectDelay: 3
responseTimeout: 5
connectionTimeOut: 3
watchdogInterval: 6
transport: 'TCP'
# type: [af, dra]
nodes:
- name: 'P-CSCF'
type: 'pcrf'
responseOnly: true
host: '10.75.215.205'
port: 3880
realm: 'ociwf.oracle.com'
identity: 'pcrfsim.ociwf.oracle.com'
| Parameters | Definitions | |
|---|---|---|
| reconnectDelay | Time delay in seconds between successive peer connection establishment attempts | |
| responseTimeout | Response timer value in seconds | |
| connectionTimeOut | Connection timer value in seconds | |
| watchdogInterval | Inactivity time in seconds after which DWR will be triggered | |
| transport | Transport protocol type "TCP" | |
| Nodes (list) | name | Name of the peer node |
| responseOnly | Indicates the Diameter GW proxy client or server | |
| host | IP address of the peer node | |
| port | Port on which peer node listens for connections | |
| realm | Realm of the peer node | |
| identity | FQDN of the peer node | |
ingress-gw Microservice
| Parameter | Description | Mandatory Parameter | Default value |
|---|---|---|---|
| image.repository | Image repository name | Yes | reg-1:5000 |
| image.name | Image name | Yes | ocingress_gateway |
| image.tag | Tag of Name | Yes | 1.7.4 |
Table 7-12 Ingress Gateway
| Name | Description | Default Value | Mandatory | Notes |
|---|---|---|---|---|
| global.dockerRegistry | Name of the Docker registry which hosts Ingress docker images. | ocnrf-registry.us.oracle.com:5000 | Yes | This is the registry which has docker images. Change this value if there is a need. |
| global.type | type of service | LoadBalancer | Yes | Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName |
| global.serviceAccountName | Service Account name | '' | No | |
| global.metalLbIpAllocationEnabled | Enable or disable IP Address allocation from Metallb Pool | true | No | |
| global.metalLbIpAllocationAnnotation | Address Pool Annotation for Metallb | metallb.universe.tf/address-pool: signaling | No | |
| global.staticIpAddressEnabled | If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress Else random IP will be assigned by the metalLB from its IP Pool | false | No | |
| global.staticIpAddress | StaticIp | 10.75.212.60 | ||
| global.publicHttpSignalingPort | Http Signaling port | 80 | Yes | |
| global.publicHttpsSignallingPort | Https Signaling port | 443 | Yes | |
| global.staticNodePortEnabled | Node Port Enabled | true | No | |
| global.staticHttpNodePort | Http Node Port | 30075 | Yes | |
| global.staticHttpsNodePort | Https Node Port | 30043 | Yes | |
| global.configServerFullNameOverride | This parameter is for the usage of policy teams. Other teams can ignore this parameter. | No | ||
| enableOutgoingHttps | Enabling it for outgoing https request | false | Yes | Change it to true for enabling https for outgoing requests. |
| enableIncomingHttp | Enabling it for incoming http request | false | Yes | |
| enableIncomingHttps | Enabling it for incoming https request | true | Yes | |
| enablehttp1 | Enable it for http1.1 | false | No | Change it to true to enable |
| dnsRefreshDelay | Dns Refresh Delay in milli-seconds | 120000 | No | |
| oauthValidatorEnabled | Oauth Validator Enabled | false | Yes | Change it to true to enable oauth |
| jaegerTracingEnabled | Enable jaeger tracing | false | No | Change it to true if needed. |
| openTracing.jaeger.udpSender.host | Jaeger Host | jaeger-agent.cne-infra | Yes (If jaegerTracingEnabled is true) | |
| openTracing.jaeger.udpSender.port | Jaeger Port | 6831 | Yes (If jaegerTracingEnabled is true) | |
| openTracing.jaeger.probabilisticSampler | 0.5 | Yes (If jaegerTracingEnabled is true) | ||
| nfType | NFType of service producer. | Value to be updated accordingly | Yes (When oauthValidatorEnabled) | |
| nfInstanceId: | NF InstanceId of service producer. | Value to be updated accordingly | Yes (When oauthValidatorEnabled) | |
| producerScope: | Comma-separate list of services hosted by service producer. | Value to be updated accordingly | Yes (When oauthValidatorEnabled) | |
| allowedClockSkewSeconds | set this value if clock on the parsing NF(producer) is not perfectly in sync with the clock on the NF(consumer) that created the JWT. | 0 | Yes (When oauthValidatorEnabled) | |
| nrfPublicKeyKubeSecret | Name of the secret which stores the public key(s) of NRF. | Value to be updated accordingly | Yes (When oauthValidatorEnabled) | |
| nrfPublicKeyKubeNamespace | Namespace of the NRF publicKey Secret | Value to be updated accordingly | Yes (When oauthValidatorEnabled) | |
| validationType | Values can be "strict" or "relaxed". "strict" means that incoming request without "Authorization" (Access Token) header will be rejected."relaxed" means that if incoming request contains "Authorization" header, it will be validated. If incoming request does not contain "Authorization" header, validation will be ignored. | Value to be updated accordingly | Yes (When oauthValidatorEnabled) | |
| producerPlmnMNC | MNC of service producer. | Value to be updated accordingly | No | |
| producerPlmnMCC | MCC of service producer. | Value to be updated accordingly | No | |
| cncc.enabled |
CNCC Identity-Access-Management(IAM). |
False | No | Change it to true if required. |
| cncc.core.sessionTimeoutSeconds | Session Timeout Value in Seconds.
Default: 1800, Minimum: 300, Maximum: 7200 |
1800 | No | |
| cnccIamEnabled | CNCC Identity-Access-Management (IAM) | false | No | Change it to true if required |
| ingressGwCertReloadEnabled | true | No | ||
| rateLimiting.enabled | Ratelimiting feature enabled | false | No | |
| routeRateLimiting.enabled | Route based ratelimiting feature enabled | true | No | |
| globalIngressRateLimiting.enabled | Global rate limiting is enabled | true | No | |
| globalIngressRateLimiting.duration | Iterations of time duration (In seconds) for which bucketCapacity and refillRate are reset. | 1 (in seconds) | yes (if globalIngressRateLimiting.enabled) | |
| globalIngressRateLimiting.burstCapacity | Holds maximum number of tokens in the bucket for the given duration. | 1 | yes (if globalIngressRateLimiting.enabled) | |
| globalIngressRateLimiting.refillRate | Number of tokens to be added to the bucket for the given duration | 1 | yes (if globalIngressRateLimiting.enabled) | |
| identityAccessMgt.uri | Identity access management uri | yes (if cnccIamEnabled) | ||
| identityAccessMgt.path | Identity access management path | yes (if cnccIamEnabled) | ||
| identityAccessMgt.realm | Identity access management realm | yes (if cnccIamEnabled) | ||
| identityAccessMgt.clientId | Identity access management client id | yes (if cnccIamEnabled) | ||
|
iam.uri The section name is changed to iam |
Identity access management uri | yes (if cnccIamEnabled) | ||
| iam.path | Identity access management path | yes (if cnccIamEnabled) | ||
| iam.realm | Identity access management realm | yes (if cnccIamEnabled) | ||
| iam.clientId | Identity access management client id | yes (if cnccIamEnabled) | ||
| pingDelay | Delay between pings in seconds. When set to <=0,ping is disabled | 60 | Yes | PING frame can be scheduled at Ingress-gateway to maintain connection between Ingress-gateway and backend micro-services even if the connection is idle. |
| cfgServer.enabled | Config server switch. For the usage of Policy teams. For other NF's this has to be left false | false | No | |
| publicHttpSignalingPort | Http Signalling port | 80 | Yes | |
| publicHttpsSignallingPort | Https Signalling port | 443 | Yes | |
| ssl.privateKey.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.privateKey.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.privateKey.rsa.fileName | rsa private key file name | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.privateKey.ecdsa.fileName | ecdsa private key file name | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.certificate.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.certificate.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.certificate.rsa.fileName | rsa private key file name | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.certificate.ecdsa.fileName | ecdsa private key file name | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.caBundle.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.caBundle.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.caBundle.rsa.fileName | rsa private key file name | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.keyStorePassword.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.keyStorePassword.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.keyStorePassword.fileName | File name that has password for keyStore | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.trustStorePassword.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.trustStorePassword.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.trustStorePassword.fileName | File name that has password for trustStore | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| publicHttpSignalingPort | Http Signalling port | 80 | Yes | |
| publicHttpsSignallingPort | Https Signalling port | 443 | Yes | |
| ssl.privateKey.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.privateKey.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.privateKey.rsa.fileName | rsa private key file name | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.privateKey.ecdsa.fileName | ecdsa private key file name | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.certificate.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.certificate.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.certificate.rsa.fileName | rsa private key file name | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.certificate.ecdsa.fileName | ecdsa private key file name | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.caBundle.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.caBundle.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.caBundle.rsa.fileName | rsa private key file name | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.keyStorePassword.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.keyStorePassword.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.keyStorePassword.fileName | File name that has password for keyStore | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.trustStorePassword.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.trustStorePassword.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| ssl.trustStorePassword.fil eName | File name that has password for trustStore | n/a | Yes (If enableIncomingHttp is true otherwise No) | |
| uri | Service name of the internal microservice of this NF | Yes | ||
| id | id of the route | Yes | ||
| path | Provide the path to be matched. | Yes | ||
| order | Provide the order of the execution of this route. | Yes | ||
| methodRateLimiting.burstCapacity[0] | burstCapacity | Yes (if routeRateLimiting.enabled) | ||
| methodRateLimiting.refillRate[0] | Refill rate | Yes (if routeRateLimiting.enabled) | ||
| methodRateLimiting.duration[0] | Duration | Yes (if routeRateLimiting.enabled) | ||
| methodRateLimiting.method[0] | Method on which ratelimiting is applicable | Yes (if routeRateLimiting.enabled) | ||
| image.name | Image name of ingress gateway | ocingress_gateway | No | |
| image.tag | Image Tag name of ingress gateway | 1.6.2 | No | |
| image.pullPolicy | Image Pull Policy | Always | No | |
| initContainersImage.name | Image name of initContainer | configurationinit | No | |
| initContainersImage.tag | Image tag name of initContainer | 1.1.1 | No | |
| initContainersImage.pullPolicy | Image Pull Policy | Always | No | |
| updateContainersImage.name | Image name of updateContainer | configurationupdate | No | |
| updateContainersImage.tag | Image tag name of updateContainer | 1.1.1 | No | |
| updateContainersImage.pullPolicy | Image Pull Policy | Always | No | |
| fullnameOverride | Label to override name of api-gateway micro-service name | ingress | Yes | |
| serviceMeshCheck | Load balancing will be handled by Ingress gateway, if true it would be handled by serviceMesh | false | Yes | |
| cipherSuites | Supported Cipher Suites in Ingress |
|
No | |
| maxRequestsQueuedPerDestination | Jetty Client Settings | 1024 | No | |
| maxConnectionsPerDestination | Jetty Client Settings | 4 (This will be used when
serviceMeshCheck is enabled)
|
No | |
| maxConnectionsPerIp | Jetty Client Settings | 4 | No | |
| connectionTimeout | Jetty Client Settings | 10000 | No | |
| ingressGwCertReloadPath | /ingress-gw/certificate/reload |
No | ||
| ssl.tlsVersion | TLS Version | TLSv1.2 | Yes | |
| ssl.initialAlgorithm | RSA256 | Yes | ES256 can also be used, but corresponding certificates need to be used. | |
| resources.limits.cpu | CPU Limit | 2 | ||
| resources.limits.memory | Memory Limit | 4Gi | ||
| resources.limits.initServiceCpu | Init Container CPU Limit | 1 | ||
| resources.limits.updateServiceCpu | Update Container CPU Limit | 1 | ||
| resources.limits.initServiceMemory | Init Container Memory Limit | 1Gi | ||
| resources.limits.updateServiceMemory | Update Container Memory Limit | 1Gi | ||
| resources.requests.cpu | CPU for requests | 1 | ||
| resources.requests.memory | Memory for requests | 2Gi | ||
| resources.requests.initServiceCpu | Init Container CPU for requests | 1 | ||
| resources.requests.updateServiceCpu | Update Container CPU for requests | 1 | ||
| resources.requests.initServiceMemory | Init Container Memory for requests | 1Gi | ||
| resources.requests.updateServiceMemory | Update Container Memory for requests | 1Gi | ||
| resources.target.averageCpuUtil | 80 | |||
| minReplicas | Min replicas to scale to maintain an average CPU utilization | 2 | Yes | |
| maxReplicas | Max replicas to scale to maintain an average CPU utilization | 5 | Yes | |
| log.level.root | Log level for root logs | WARN | No | |
| log.level.ingress | Log level for ingress logs | INFO | No | |
| log.level.oauth | Log level for oauth logs | INFO | No | |
| ports.containerPort | ContainerPort represents a network port in a single container | 8081 | No | |
| ports.containersslPort | 8443 | No | ||
| actuatorPort | ActuatorPort | 9090 | No |
egress-gw Microservice
| Parameter | Description | Mandatory Parameter | Default value |
|---|---|---|---|
| image.repository | Image repository name | Yes | reg-1:5000 |
| image.name | Image name | Yes | ocengress_gateway |
| image.tag | Tag of Name | Yes | 1.7.4 |
Table 7-13 Egress Gateway
| Name | Description | Default Value | Mandatory | Notes |
|---|---|---|---|---|
| global.appinfoServiceEnable | Enabled to get RBAC permission for k8s apiserver communication | true | Yes | |
| global.dockerRegistry | Name of the Docker registry which hosts Egress docker images. | ocnrf-registry.us.oracle.com:5000 | Yes | Ideally this is the registry which has docker images. Change this value if there is a need. |
| global.serviceAccountName | Service Account Name | '' | No | |
| serviceEgressGateway.port | 8080 | No | ||
| serviceEgressGateway.sslPort | SSL Port | 8442 | No | |
| serviceEgressGateway.actuatorPort | Actuator Port | 9090 | No | |
| enableOutgoingHttps | Enabling it for outgoing https request | false | No | Change it to true for enabling https for outgoing requests. |
| K8ServiceCheck | Enable this if loadbalancing is to be done by egress instead of K8s | false | No | |
| scp.scpDefaultScheme | Default scheme applicable when 3gpp-sbi-target-apiroot header is missing | https | No | |
| scp.scpIntegrationEnabled | Change this to false when scp integration is not required | true | No | |
| scp.scpRerouteEnabled | Set this flag to true if re-routing to multiple SCP instances is to be enabled. | true | No | |
| scp.instances.http[0].host | First Scp instance HTTP IP/FQDN | NA | Yes(If "scp.scpIntegrationEnabled" is set to true.) | More SCP instances can be configured in a similar way if required. |
| scp.instances.http[0].port | First Scp instance Port | NA | Yes(If "scp.scpIntegrationEnabled" is set to true.) | |
| scp.instances.http[0].apiPrefix | First Scp instance apiPrefix. Change this value to corresponding prefix if "/" is not expected to be provided along. Applicable only for SCP with TLS enabled. | / | No | Examples : XXX, Point to be noted here is that / is not required to be included when providing some data. |
| scp.instances.https[0].host | First Scp instance HTTPS IP/FQDN | NA | Yes(if "scp.scpIntegrationEnabled" is set to true.) | More SCP instances can be configured in a similar way if required. |
| scp.instances.https[0].port | First Scp instance HTTPS Port | NA | Yes(if "scp.scpIntegrationEnabled" is set to true.) | |
| scp.instances.https[0].apiPrefix | First Scp instance apiPrefix. Change this value to corresponding prefix if "/" is not expected to be provided along. Applicable only for SCP with TLS enabled. | / | No | Examples : XXX, Point to be noted here is that / is not required to be included when providing some data. |
| headlessServiceEnabled | Enabling this will make the service type default to ClusterIP | false | No | |
| cipherSuites | Supported Cipher Suites in Egress | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
No | Connection with other ciphers would be rejected. |
| log.level | Log level | DEBUG | No | |
| jaegerTracingEnabled | Enable jaeger tracing | false | No | Change it to true if needed. |
| openTracing.jaeger.udpSender.host | Jaeger Host | jaeger-agent.cne-infra | Yes (If jaegerTracingEnabled is true) | |
| openTracing.jaeger.udpSender.port | Jaeger Port | 6831 | Yes (If jaegerTracingEnabled is true) | |
| openTracing.jaeger.probabilisticSampler | 0.5 | Yes (If jaegerTracingEnabled is true) | ||
| nrfAuthority | NRF's ${HOSTNAME}:{PORT} | Modify the field with actual value, required if oAuth is enabled. | Yes | |
| nfType | NFType of service consumer. | Modify the field with actual value , required if oAuth is enabled. | Yes | |
| nfInstanceId: | NF InstanceId of Service Consumer. | Modify the field with actual value, required if oAuth is enabled. | Yes | |
| oauthClientEnabled: | Flag to enable or disable oauth client. If not modified, Default value 'false' will be defaulted. | false | No | Change it to true to enable oAuth |
| consumerPlmnMNC | MNC of service Consumer. | Modify the field with actual value , required if oAuth is enabled. | No | |
| consumerPlmnMCC | MCC of service Consumer. | Modify the field with actual value , required if oAuth is enabled. | No | |
| maxRequestsQueuedPerDestination | jetty client configuration | 1024 | No | |
| maxConnectionsPerIp | Max Connections allowed per Ip | 4 | No | |
| connectionTimeout | Connection timeout in milliseconds | 1000 | No | |
| egressGwCertReloadEnabled | true | No | ||
| notificationRateLimit.enabled | Flag to enable rate limiting for "notification" type of messages. | false | No | |
| notificationRateLimit.duration | Iterations of time duration(In seconds) for which bucketCapacity and refillRate are reset. | Yes(If notificationRateLimit.enabled is set to true) | ||
| notificationRateLimit.bucketCapacity | Holds maximum number of tokens in the bucket for the given duration. | Yes(If notificationRateLimit.enabled is set to true) | ||
| notificationRateLimit.refillRate | Number of tokens to be added to the bucket for the given duration | Yes(If notificationRateLimit.enabled is set to true) | ||
| type | type of service | ClusterIP
Possible values are ClusterIP, NodePort, LoadBalancer and ExternalName |
Yes | |
| ssl.privateKey.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.privateKey.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.privateKey.rsa.fileName | rsa private key file name | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.privateKey.ecdsa.fileName | ecdsa private key file name | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.certificate.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.certificate.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.certificate.rsa.fileName | rsa private key file name | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.certificate.ecdsa.fileName | ecdsa private key file name | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.caBundle.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.caBundle.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.caBundle.rsa.fileName | rsa private key file name | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.keyStorePassword.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.keyStorePassword.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.keyStorePassword.fileName | File name that has password for keyStore | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.trustStorePassword.k8SecretName | Name of the privatekey secret | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.trustStorePassword.k8NameSpace | Namespace of privatekey | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| ssl.trustStorePassword.fileName | File name that has password for trustStore | n/a | Yes (If enableOutgoingHttps is true otherwise No) | |
| resources.limits.cpu | CPU Limit | 2 | ||
| resources.limits.memory | Memory Limit | 4Gi | ||
| resources.limits.initServiceCpu | Init Container CPU Limit | 1 | ||
| resources.limits.updateServiceCpu | Update Container CPU Limit | 1 | ||
| resources.limits.initServiceMemory | Init Container Memory Limit | 1Gi | ||
| resources.limits.updateServiceMemory | Update Container Memory Limit | 1Gi | ||
| resources.requests.cpu | CPU for requests | 1 | ||
| resources.requests.memory | Memory for requests | 2Gi | ||
| resources.requests.initServiceCpu | Init Container CPU for requests | 1 | ||
| resources.requests.updateServiceCpu | Update Container CPU for requests | 1 | ||
| resources.requests.initServiceMemory | Init Container Memory for requests | 1Gi | ||
| resources.requests.updateServiceMemory | Update Container Memory for requests | 1Gi | ||
| resources.target.averageCpuUtil | 80 | |||
| minReplicas | Minimum replicas to scale to maintain an average CPU utilization | 2 | ||
| maxReplicas | Maximum replicas to scale to maintain an average CPU utilization | 5 | ||
| globalretry.enabled | Can be set to true if Scp re-route feature
(scpRerouteEnabled) is enabled.
|
false | No | |
| globalretry.retries | Number of re-routes to be attempted to alternate SCP instances and this property will be considered in the absence of "routesConfig[0].filterName2.retries" attribute at route level. | Yes (If
"routesConfig[0].filterName2.retries" is not
defined)
|
||
| routesConfig[0].id | id of the route | Yes |
Can be any name of your choice. Note: Multiple routes can be configured in a similar way. |
|
| routesConfig[0].uri | Provide any dummy url, existing url can also left with existing value | Yes | Please note provided sample url does not make any impact (http or https) as url's will be constructed in the code. | |
| routesConfig[0].path | Provide the path to be matched. | Yes | ||
| routesConfig[0].order | Provide the order of the execution of this route. | Yes | ||
| routesConfig[0].filterName1 | Provide filtername as "ScpFilter" | Yes (If scpintegrationenabled is true) | If FilterName1 is not provided then it would be considered as direct Egress Gateway path and configured accordingly during deployment. | |
| routesConfig[0].filterName2.name | Provide filtername as "ScpRetry" | Yes (If scpRerouteEnabled is true) | With out FilterName1 , it is not possible to configure FilterName2.name | |
| routesConfig[0].filterName2.retries | Number of re-routes to be attempted to alternate SCP instances if request matches this route's path. | Yes (If scpRerouteEnabled is true) | If this is not defined then globalretry.retries parameter is applicable when globalretry.enabled is true. | |
| routesConfig[0].filterName2.methods | The type of methods for which the re-route need to be attempted. | Yes (If scpRerouteEnabled is true) | ||
| routesConfig[0].filterName2.statuses | The type response error codes on which the re-route need to be attempted. | Yes (If scpRerouteEnabled is true) | ||
| serviceEgressGateway.port | Internal port on which egress gateway is running for HTTP2 | No | 8080 | Change this value if there is any specific need. |
| serviceEgressGateway.sslPort | Internal port on which egress gateway is running for HTTPS | No | 8442 | Change this value if there is any specific need. |
| deploymentEgressGateway.image | Image name of egress gateway | No | ocegress_gateway | N/A |
| deploymentEgressGateway.imageTag | Image Tag name of egress gateway | No | 1.6.1 | N/A |
| deploymentEgressGateway.pullPolicy | Pull Policy of Image | No | Always | N/A |
| initContainersImage.name | Image name of initContainer | No | configurationinit | N/A |
| initContainersImage.tag | Image tag name of initContainer | No | 1.1.1 | N/A |
| initContainersImage.pullPolicy | Pull Policy of Image | No | Always | N/A |
| updateContainersImage.name | Image name of updateContainer | No | configurationupdate | N/A |
| updateContainersImage.tag | Image tag name of updateContainer | No | 1.1.1 | N/A |
| updateContainersImage.pullPolicy | Pull Policy of Image | No | Always | N/A |
| httpClientBean | To be used when oAuth is enabled. when https is enabled then it should be jettysClient , when https is disabled then it can left as '' | Yes | jettysClient |
#Jetty bean name #when http enabled -> '' #when https enabled -> jettysClient |
| egressGwCertReloadEnabled | Egress GW Certificates Reload Enabled | No | true | N/A |
| jaegerTracingEnabled | JaegerTracing Enabled | No | false | N/A |
| ssl.tlsVersion | TLS Version | TLSv1.2 | Yes | |
| initialAlgorithm | RSA256 | Yes | ES256 can also be used, but corresponding certificates need to be used. |