A IWF Yaml Files
This section includes information about configurable parameters defined in IWF Yaml Files.
Sample ociwf-custom-values-1.5.0.yaml file:
# Copyright 2018 (C), Oracle and/or its affiliates. All rights reserved.
# Default values for iwf-pt.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates
namespace: iwfsvc
#--------------------------------diam-gateway------------------------------
pcf:
global:
dockerRegistry: reg-1:5000
imageTag: staging-493384
pcf:
hostIp: slave1=10.196.46.13
deploymentOcpmPcfDiamGateway:
envGatewayMode: bsf
replicas: 1
image: diam-gateway
imageTag: 1.5.0
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
#---------------------------------mysql------------------------------------
iwf-mysql:
enabled: true
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
mysqlUser: iwfusr
mysqlPassword: Dukw1@m?
initializationFiles:
iwf-db.sql: |-
CREATE DATABASE IF NOT EXISTS iwfdb DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
permission.sql: |-
GRANT ALL PRIVILEGES ON *.* TO 'iwfusr'@'%';
#----------------------------------dp-----------------------------------
iwf-diameterproxy:
replicaCount: 1
image:
repository: reg-1:5000
name: ociwf-iwfdiamproxy
tag: 1.5.0
DIAMETER_Realm: ociwf.oracle.com
DIAMETER_Identity: iwf.ociwf.oracle.com
dpDBService1: iwf-pt-mysql-svc
dpDBService2: iwf-pt-mysql-svc
opentracingHost: 10.75.157.169
opentracingPort: 32460
mysqlUsername: iwfusr
mysqlPassword: Dukw1@m?
pcfDiscoveryMode: true
connectorMode: bsf
service:
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
#----------------------------------d2h-----------------------------------
iwf-d2h:
replicaCount: 1
image:
repository: reg-1:5000
name: ociwf-iwfd2h
tag: 1.5.0
opentracingHost: 10.75.157.169
opentracingPort: 32460
service:
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
#----------------------------------h2d-----------------------------------
iwf-h2d:
replicaCount: 1
image:
repository: reg-1:5000
name: ociwf-iwfh2d
tag: 1.5.0
opentracingHost: 10.75.157.169
opentracingPort: 32460
service:
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
#----------------------------------mediation-----------------------------------
iwf-mediation:
replicaCount: 1
replicaCountMedTest: 1
enabled: true
image:
repository: reg-1:5000
name: ocmed-iwfmediation
tag: 1.5.0
service:
active:
nodePortHttp: 30079
nodePortHttps: 30080
forwardToTest: false
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
jaegerTracingEnabled: false
bodyInTraceEnabled: false
openTracing:
jaeger:
udpSender:
host: "jaeger-agent.cne-infra"
port: 6831
logSpans: false
probabilisticSamplingRate: 0.5
log:
active: INFO
test: INFO
# Enables pegging of rule based metrics::Acceptable values(true/false)
ruleMetricsEnable: false
nfInstanceId: IWF1
#----------------------------------mediation-----------------------------------
nf-mediation:
enabled: true
image:
repository: reg-1:5000
name: ocmed-nfmediation
tag: 1.5.0
service:
active:
nodePortHttp: 30081
nodePortHttps: 30082
forwardToTest: false
corePoolSize: 34
maxPoolSize: 66
queueCapacity: 10000
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
jaegerTracingEnabled: false
bodyInTraceEnabled: false
openTracing:
jaeger:
udpSender:
host: "jaeger-agent.cne-infra"
port: 6831
logSpans: false
probabilisticSamplingRate: 0.5
log:
active: INFO
test: INFO
# Enables pegging of rule based metrics::Acceptable values(true/false)
ruleMetricsEnable: false
nfInstanceId: IWF1
#---------------------------------nrfclient-----------------------------------------
nrfclient:
global:
nrfClientEnable: false
envJaegerAgentHost: ''
envJaegerAgentPort: 6831
nrfClientNodePort: 0
dockerRegistry: ocnrf-registry.us.oracle.com:5000
imageServiceDetector: nrf-client/readiness-detector:latest
configServerEnable: true
configServerFullNameOverride: ocpm-config
envMysqlHost: iwf-pt-mysql-svc
envMysqlPort: '3306'
dbCredSecretName: 'iwf-mysql-login'
appinfoServiceEnable: false
performanceServiceEnable: false
deploymentNrfClientService:
envNfNamespace: 'iwfsvc'
envNfType: 'iwf'
envConsumeSvcName: 'appinfo'
envEgressGatewayFullnameOverride: egress-gateway
envEgressGatewayPort: "8080"
nfApiRoot: http://ocnrf-ingressgateway.ocnrf:80
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
perf-info:
service_namespace: iwfsvc
replicaCount: 1
image: perf_info
imageTag: 1.5.0
imagepullPolicy: Always
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
service:
type: ClusterIP
port: 5905
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
ingress:
enabled: false
configmapPerformance:
prometheus: http://prometheus-server.prometheus:5802
nrf-client:
configmapApplicationConfig:
profile: |-
[appcfg]
primaryNrfApiRoot=http://10.178.246.40:30707
secondaryNrfApiRoot=
retryAfterTime=PT120S
nrfClientType=CUSTOM_IWF
nrfClientSubscribeTypes=BSF
appProfiles=[{}]
enableF3=true
enableF5=true
renewalTimeBeforeExpiry=3600
validityTime=30
enableSubscriptionAutoRenewal=true
acceptAdditionalAttributes=false
retryForCongestion=5
nrf-client-nfdiscovery:
image: nrf-client
imageTag: '1.2.2'
envJaegerSamplerParam: '1'
envJaegerSamplerType: ratelimiting
envJaegerServiceName: nrf-client-nfdiscovery
cpuRequest: 2
cpuLimit: 2
memoryRequest: 1Gi
memoryLimit: 1Gi
minReplicas: 1
maxReplicas: 1
averageCpuUtil: 80
type: ClusterIP
cacheDiscoveryResults: true
nrf-client-nfmanagement:
image: nrf-client
imageTag: '1.2.2'
envJaegerSamplerParam: '1'
envJaegerSamplerType: ratelimiting
envJaegerServiceName: nrf-client-nfmanagement
replicas: 0
cpuRequest: 1
cpuLimit: 1
memoryRequest: 1Gi
memoryLimit: 1Gi
type: ClusterIP
config-server:
enabled: false
fullNameOverride: "config-server"
image: config_server
imageTag: 1.5.0
envJaegerServiceName: pcf-config
envMysqlDatabase: iwfdb
replicas: 0
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
cpuRequest: 0.5
cpuLimit: 8
memoryLimit: 2Gi
memoryRequest: 1Gi
servicePcfConfig:
type: NodePort
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
appinfo:
enabled: true
image: app_info
imageTag: 1.5.1
replicas: 1
debug: true
serviceAccountName: ''
categoryCoreServices: "nrf:ocnrf-nfregistration"
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
#----------------------------------pcfDiscovery-----------------------------------
iwf-pcfdiscovery:
replicaCount: 1
image:
repository: reg-1:5000
name: ociwf-iwfpcfdiscovery
tag: 1.5.0
service:
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
opentracingHost: 10.75.157.169
opentracingPort: 32460
bsfSvc: bsf-stub-service.default
bsfPort: 8080
nfDiscoverySvc: ociwf-nrf-client-nfdiscovery
#The port is nrf-client-nfdiscovery port used to forward query to nrf-client
nfDiscoveryPort: 5910
#Use CUSTOM_IWF with Oracle NRF, else use AF
#ensure that CUSTOM_IWF is present in allowed NF list for BSF entry in NRF
requesterNfType: CUSTOM_IWF
targetNfType: BSF
#----------------------------Ingress gateway---------------------------------------------
ingress-gateway:
global:
# Docker registry name
dockerRegistry: ocnrf-registry.us.oracle.com:5000
serviceAccountName: ''
nodeSelector:
nodeKey: ''
nodeValue: ''
#Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: LoadBalancer
# Config-Server Service. Shall be used as {{ ReleaseName }}-configServerFullNameOverride
configServerFullNameOverride: ocpm-config
image:
# image name
name: ocingress_gateway
# tag name of image
tag: 1.7.4
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
initContainersImage:
# inint Containers image name
name: configurationinit
# tag name of init Container image
tag: 1.2.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
updateContainersImage:
# update Containers image name
name: configurationupdate
# tag name of update Container image
tag: 1.2.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
service:
ssl:
privateKey:
k8SecretName: ociwf-secret
k8NameSpace: iwfsvc
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: ociwf-secret
k8NameSpace: iwfsvc
rsa:
fileName: tmp.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: ociwf-secret
k8NameSpace: iwfsvc
fileName: caroot.cer
keyStorePassword:
k8SecretName: ociwf-secret
k8NameSpace: iwfsvc
fileName: key.txt
trustStorePassword:
k8SecretName: ociwf-secret
k8NameSpace: iwfsvc
fileName: trust.txt
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
ports:
# ContainerPort represents a network port in a single container
containerPort: 8081
containersslPort: 8443
actuatorPort: 9090
#Set the root log level
log:
level:
root: WARN
ingress: WARN
oauth: WARN
traceIdGenerationEnabled: true
# Resource details
resources:
limits:
cpu: 2
initServiceCpu: 1
updateServiceCpu: 1
memory: 4Gi
updateServiceMemory: 1Gi
initServiceMemory: 1Gi
requests:
cpu: 2
initServiceCpu: 1
updateServiceCpu: 1
memory: 2Gi
updateServiceMemory: 1Gi
initServiceMemory: 1Gi
target:
averageCpuUtil: 80
# Number of Pods must always be available, even during a disruption.
minAvailable: 1
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 1
# enable jaeger tracing
jaegerTracingEnabled: false
#OAUTH CONFIGURATION
oauthValidatorEnabled: false
nfType: SMF
nfInstanceId: 6faf1bbc-6e4a-4454-a507-a14ef8e1bc11
producerScope: nsmf-pdusession,nsmf-event-exposure
allowedClockSkewSeconds: 0
nrfPublicKeyKubeSecret: nrfpublickeysecret
nrfPublicKeyKubeNamespace: ocegress
validationType: strict
producerPlmnMNC: 123
producerPlmnMCC: 346
#######################################################################
# To Initialize SSL related infrastructure in init/update container
initssl: true
#Server Configuration for http and https support
enableIncomingHttp: true
enableIncomingHttps: false
enableOutgoingHttps: false
needClientAuth: false
#######################################################################
serviceMeshCheck: false
#Below field is used for blacklisting(removing) a request header at global level. Hence, it will be applied to all routes configured.
globalRemoveRequestHeader:
- name: myheader4 #Change the value to the reqeust header name which you want removed from all requests which match to any route configured.
#Below field is used for blacklisting(removing) a response header at global level. Hence, it will be applied to all routes configured.
globalRemoveResponseHeader:
- name: myresponseheader2 #Change the value to the response header name which you want removed from all responses which match to any route configured.
routesConfig:
- id: nfmediation
uri: http://ociwf-nf-mediation:9090/
path: /nmediation-http/v1/**
order: 1
filters:
# addRequestHeader: # specify what headers you need to add
# - name: X-Forwarded-Proto
# value: http
methodRateLimiting: # specify the list of methods u have to rate limit
- method: POST
burstCapacity: 1
refillRate: 1
duration: 1 # in seconds
- method: GET
burstCapacity: 1
refillRate: 1
duration: 9 # in seconds
#Below field is used for blacklisting(removing) a request header at route level.
removeRequestHeader:
- name: myheader1
- name: myheader3
#Below field is used for blacklisting(removing) a response header at route level.
removeResponseHeader:
- name: myresponseheader1
- name: myresponseheader3
- id: iwfmediation
uri: http://ociwf-iwf-mediation:9090/
path: /**
order: 1
filters:
# addRequestHeader: # specify what headers you need to add
# - name: X-Forwarded-Proto
# value: https
methodRateLimiting: # specify the list of methods u have to rate limit
- method: POST
burstCapacity: 1
refillRate: 1
duration: 1 # in seconds
- method: GET
burstCapacity: 1
refillRate: 1
duration: 9 # in seconds
#Below field is used for blacklisting(removing) a request header at route level.
removeRequestHeader:
- name: myheader1
- name: myheader3
#Below field is used for blacklisting(removing) a response header at route level.
removeResponseHeader:
- name: myresponseheader1
- name: myresponseheader3
#Jetty Client settings
maxConcurrentPushedStreams: 1000
maxRequestsQueuedPerDestination: 5000
#Below value will be used when serviceMeshCheck is enabled
maxConnectionsPerDestination: 4
maxConnectionsPerIp: 4
connectionTimeout: 10000 #(ms)
requestTimeout: 1000 #(ms)
#----------------------------Egress gateway---------------------------------------------
egress-gateway:
#Enabled to get RBAC permission for k8s apiserver communication
global:
appinfoServiceEnable: true
dockerRegistry: ocnrf-registry.us.oracle.com:5000
serviceAccountName: ''
nodeSelector:
nodeKey: ''
nodeValue: ''
serviceEgressGateway:
port: 8080
sslPort: 8442
actuatorPort: 9090
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf
deploymentEgressGateway:
image: ocegress_gateway
imageTag: 1.7.4
pullPolicy: Always
initContainersImage:
name: configurationinit
tag: 1.2.0
pullPolicy: Always
updateContainersImage:
name: configurationupdate
tag: 1.2.0
pullPolicy: Always
#HTTPS Configuration######################
#
initssl: true
enableIncomingHttps: false
#enable true only if "initssl" --> true
enableOutgoingHttps: false
##########################################
#Enabling this will make the service type default to ClusterIP
headlessServiceEnabled: false
ports:
containerPort: 8080
log:
level:
root: WARN
egress: INFO
oauth: INFO
service:
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: ClusterIP
ssl:
#supportedCipherSuiteList: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
privateKey:
k8SecretName: ociwf-secret
k8NameSpace: iwfsvc
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: ociwf-secret
k8NameSpace: iwfsvc
rsa:
fileName: tmp.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: ociwf-secret
k8NameSpace: iwfsvc
fileName: caroot.cer
keyStorePassword:
k8SecretName: ociwf-secret
k8NameSpace: iwfsvc
fileName: key.txt
trustStorePassword:
k8SecretName: ociwf-secret
k8NameSpace: iwfsvc
fileName: trust.txt
# Resource details
resources:
limits:
cpu: 2
initServiceCpu: 1
updateServiceCpu: 1
memory: 4Gi
updateServiceMemory: 1Gi
initServiceMemory: 1Gi
requests:
cpu: 1
initServiceCpu: 1
updateServiceCpu: 1
memory: 2Gi
updateServiceMemory: 1Gi
initServiceMemory: 1Gi
target:
averageCpuUtil: 80
# Number of Pods must always be available, even during a disruption.
minAvailable: 1
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 1
nrfAuthority: 10.75.224.7:8085
nfType: PCF
nfInstanceId: fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
#Enable OAUTH client
oauthClientEnabled: false
#Jetty bean name
#when http enabled -> ''
#when https enabled -> jettysClient
httpClientBean: ''
# Overrides the given string instead of chart name
#fullnameOverride: egress
notificationRateLimit:
enabled: true
duration: 1
bucketCapacity: 1
refillRate: 1
#jetty client configuration
maxConcurrentPushedStreams: 1000
maxRequestsQueuedPerDestination: 5000
#maxConnectionsPerDestination: 4
maxConnectionsPerIp: 4
connectionTimeout: 10000 #(ms)
requestTimeout: 1000 #(ms)
egressGwCertReloadEnabled: true
egressGwCertReloadPath: /egress-gw/store/reload
# enable jaeger tracing
jaegerTracingEnabled: false
#-----------------------------------------Config-Mgr-----------------------------
iwf-configmgr:
replicaCount: 1
image:
repository: reg-1:5000
name: ociwf-iwfconfigmgr
tag: 1.5.0
pullPolicy: IfNotPresent
mysqlUsername: iwfusr
mysqlPassword: Dukw1@m?
mysqlService: iwf-pt-mysql-svc
service:
nodeSelectorEnabled: false
nodeSelectorKey: nftype
nodeSelectorValue: ociwf