Sample values.yaml file
This section provides information about the configurable parameters and values defined in the custom values.yaml template file.
The following sample illustrates the ocnssf-custom-values_1.4.yaml file:
# Copyright 2019 (C), Oracle and/or its affiliates. All rights reserved.
# This yaml file could be supplied in helm install command when deploying OCNSSF v1.x.y
#
# e.g. helm install <helm-repo>/ocnssf --name ocnssf --namespace ocnssf -f <this file>
#
# Compatible with OCNSSF CHART VERSION 1.x.y
# - To turn on logging
# set the appropriate logging level (one of: OFF, INFO, DEBUG, ERROR, ALL) in one or more of the following:
#########################################################
# Section Start: global attributes #
#########################################################
global:
# Docker registry name
dockerRegistry: ocnrf-registry.us.oracle.com:5000
# Kubernetes Secret containing DB credentials
dbCredSecretName: 'ocnssf-db-creds'
# NameSpace where secret is deployed
nameSpace: ocnssf
# ******** Sub-Section Start: Ingress Gateway Global Parameters ********
#**************************************************************************
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: LoadBalancer
# Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: true
# Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
# If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress
# Else random IP will be assigned by the metalLB from its IP Pool
staticIpAddressEnabled: false
staticIpAddress: 10.75.212.60
# If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort
# Else random node port will be assigned by K8
staticNodePortEnabled: true
staticHttpNodePort: 30075
staticHttpsNodePort: 30043
# ******** Sub-Section End: Ingress Gateway Global Parameters ********
#**************************************************************************
# ******** Sub-Section Start: NRF CLIENT PARAMS Global Parameters ********
#**************************************************************************
# Jaeger tracing host
envJaegerAgentHost: ''
# Jaeger tracing port
envJaegerAgentPort: 6831
# Provide value for NodePort
nrfClientNodePort: 0
# Mysql Host Put NDB cluster IP in case MysQL pod is not being used
envMysqlHost: ocnssf-nsdb.ocnssf
# Mysql Port
envMysqlPort: '3306'
# Deployment Specific configuration
deploymentNrfClientService:
# Service to be monitored by app-info service
envNfNamespace: 'ocnssf'
envNfType: 'nssf'
# Callback URI to receive Notifications from NRF
nfApiRoot: http://ocnssf-ingress:80
# ******** Sub-Section End: NRF CLIENT Global Parameters ********
#**************************************************************************
#########################################################
# Section End : global attributes #
#########################################################
###########################################################################
# Section Start: NSSF NSSelection Micro service attributes #
###########################################################################
nsselection:
image:
# image name
name: ocnssf-nsselection
# image repository
repository: reg-1:5000
# tag name of image
tag: 1.4.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
loglevel: "INFO"
# MySql Host and Port configuration
mysql:
primary:
host: "ocnssf-nsdb.ocnssf"
secondary:
host: "ocnssf-nsdb.ocnssf"
port: 3306
# NRF URL configuration
nrf:
primaryUrl: http://ocnrf.oracle.com:80
secondaryUrl: http://ocnrf.oracle.com:80
# NSSF features flags
features:
nrfdiscovery: false # Flag to enable Discovery towards NRF to get Candidate AMF set
relevance: false # Flag to enable Relevence algorithm feature at NSSF
candidateResolution: true # Flag to enable Candidate AMF resolution feature at NSSF
# Flag to enable time based slice selection
reqnftime: true
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 1
replicaCount: 1
###########################################################################
# Section End : NSSF NSSelection Micro service attributes #
###########################################################################
###########################################################################
# Section Start: NSSF NSAvailability Micro service attributes #
###########################################################################
nsavailability:
image:
# image name
name: ocnssf-nsavailability
# image repository
repository: reg-1:5000
# tag name of image
tag: 1.4.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
loglevel: "INFO"
# MySql Host and Port configuration
mysql:
primary:
host: "ocnssf-nsdb.ocnssf"
secondary:
host: "ocnssf-nsdb.ocnssf"
port: 3306
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 1
#Expiry parameters for subscription
maxExpiryDuration: 240 # range from 100 to 1000
minExpiryDuration: 0 # range from 0 to 100
# Enable/disable response gzip compression
contentEncodingEnabled: true
# Minimum response size required for compression to happen
compressionMinimumResponseSize: 1024
###########################################################################
# Section End : NSSF NSAvailability Micro service attributes #
###########################################################################
###########################################################################
# Section Start: NSSF NSConfig Micro service attributes #
###########################################################################
nsconfig:
image:
# image name
name: ocnssf-nsconfig
# image repository
repository: reg-1:5000
# tag name of image
tag: 1.4.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
loglevel: "INFO"
# MySql Host and Port configuration
mysql:
primary:
host: "ocnssf-nsdb.ocnssf"
secondary:
host: "ocnssf-nsdb.ocnssf"
port: 3306
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 1
nrf:
subscription: false # Flag to enable Subscriptions towards NRF for AmfSet
# URL at which NSSF receives notifications from Nrf. Set when NRF subscription is turned ON.
notificationHandlerUrl: http://ocnssf-ingress:80
###########################################################################
# Section Start: NSSF NSConfig Micro service attributes #
###########################################################################
###########################################################################
# Section Start: NSSF NSSubscription Micro service attributes #
###########################################################################
nssubscription:
image:
# image name
name: ocnssf-nssubscription
# image repository
repository: reg-1:5000
# tag name of image
tag: 1.4.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
loglevel: "INFO"
# MySql Host and Port configuration
mysql:
primary:
host: "ocnssf-nsdb.ocnssf"
secondary:
host: "ocnssf-nsdb.ocnssf"
port: 3306
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 1
# Maximum number of re trys towards AMF for notification , after attempts notification is discarded
httpMaxRetries: 2
# oauthTokenRequestEnabled when set true lets Subscription Notifications to be send with OauthToken
# As all notifications are send by Egress gateway. oauthClientEnabled in Egress should also be set true to make this work.
oauthTokenRequestEnabled: false
###########################################################################
# Section End : NSSF NSSubscription Micro service attributes #
###########################################################################
###########################################################################
#NSSF common micro services
#NrfClient : Used for interaction with NRF
# nrf-client
# app-info
# perf-info
# config-server
#Gateways : Used for ingress/egress gateway finctionalities,HTTPS support ,OAuth Support and rate limiting
# Ingress-Gateway
# Egress-Gateway
###########################################################################
###########################################################################
# Section Start: NrfClient Micro service attributes #
###########################################################################
nrfclient:
# Microservice level control if specific microservice need to be disabled
nrf-client:
# This config map is for providing inputs to NRF-Client
configmapApplicationConfig:
# Config-map to provide inputs to Nrf-Client
# primaryNrfApiRoot - Primary NRF Hostname and Port
# SecondaryNrfApiRoot - Secondary NRF Hostname and Port
# retryAfterTime - Default downtime(in Duration) of an NRF detected to be unavailable.
# nrfClientType - The NfType of the NF registering
# nrfClientSubscribeTypes - the NFType for which the NF wants to subscribe to the NRF.
# appProfiles - The NfProfile of the NF to be registered with NRF.
# enableF3 - Support for 29.510 Release 15.3
# enableF5 - Support for 29.510 Release 15.5
# renewalTimeBeforeExpiry - Time Period(seconds) before the Subscription Validity time expires.
# validityTime - The default validity time(days) for subscriptions.
# enableSubscriptionAutoRenewal - Enable Renewal of Subscriptions automatically.
# acceptAdditionalAttributes - Enable additionalAttributes as part of 29.510 Release 15.5
# retryForCongestion - The duration(seconds) after which nrf-client should retry to a NRF server found to be congested.
profile: |-
[appcfg]
primaryNrfApiRoot=http://ocnrf.oracle.com:80
secondaryNrfApiRoot=http://ocnrf.oracle.com:80
retryAfterTime=PT120S
nrfClientType=NSSF
nrfClientSubscribeTypes=AMF
appProfiles=[{"nfInstanceId": "9faf1bbc-6e4a-4454-a507-aef01a101a06","nfType":"NSSF","nfStatus":"REGISTERED","plmnList":[{"mcc":"310","mnc":"14"}],"fqdn":"nssf1.lab.oracle.com","interPlmnFqdn":"nssf1.lab.oracle.com","ipv4Addresses":["127.0.0.1","10.0.0.1"],"ipv6Addresses":["::1","::2"],"priority":5,"load":"20","capacity":"1000","locality":"us-east","amfInfo":{"amfRegionId":"01","amfSetId":"101","guamiList":[{"plmnId":{"mcc":"100","mnc":"101"},"amfId":"ABF001"}]},"nfServices":[{"serviceName":"nssf-nsselection","nfServiceStatus":"REGISTERED","serviceInstanceId":"123","versions":[{"apiVersionInUri":"v1","apiFullVersion":"1.15.3.0","expiry":"2019-12-31T23:59:59.000+0000"}],"scheme":"http","allowedNfTypes":["AMF"],"fqdn":"ocnssf-nsgateway.ocnssf.svc.us.lab.oracle.com","interPlmnFqdn":"ocnssf-nsgateway.ocnssf.svc.us.lab.oracle.com","ipEndPoints":[{"ipv4Address":"127.0.0.1","transport":"TCP","port":80}]},{"serviceName":"nssf-nsavailability","nfServiceStatus":"REGISTERED","serviceInstanceId":"124","versions":[{"apiVersionInUri":"v1","apiFullVersion":"1.15.3.0","expiry":"2019-12-31T23:59:59.000+0000"}],"scheme":"http","allowedNfTypes":["AMF"],"fqdn":"ocnssf-nsgateway.ocnssf.svc.us.lab.oracle.com","interPlmnFqdn":"ocnssf-nsgateway.ocnssf.svc.us.lab.oracle.com","ipEndPoints":[{"ipv4Address":"127.0.0.1","transport":"TCP","port":80}]}]}]
enableF3=true
enableF5=true
renewalTimeBeforeExpiry=3600
validityTime=30
enableSubscriptionAutoRenewal=true
acceptAdditionalAttributes=false
retryForCongestion=5
# Details of Config-server microservice
config-server:
# Mysql Config Server Databse Name
envMysqlDatabase: nssfdb
# Details of appinfo microservices
appinfo:
debug: true
# Details of perf-info microservices
perf-info:
# Service namespace for perf-info
service_namespace: ocnssf
configmapPerformance:
prometheus: http://prometheus-server.prometheus:5802
###########################################################################
# Section End: NrfClient Micro service attributes #
###########################################################################
#########################################################
# Section Start: ingressgateway attributes #
#########################################################
ingress-gateway:
# This flag is for enabling/disabling HTTP/2.0 (insecure) in Ingress Gateway.
# If the value is set to false, NRF will not accept any HTTP/2.0 (unsecured) Traffic
# If the value is set to true, NRF will accept HTTP/2.0 (unsecured) Traffic
enableIncomingHttp: true
# This flag is for enabling/disabling HTTPS/2.0 (secured TLS) in Ingress Gateway.
# If the value is set to false, NRF will not accept any HTTPS/2.0 (secured) Traffic
# If the value is set to true, NRF will accept HTTPS/2.0 (secured) Traffic
enableIncomingHttps: false
# Ingress Gateway Service Container Image Details
image:
# Ingress Gateway image name
name: ocingress_gateway
# tag name of image
tag: 1.7.3
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# Ingress Gateway Init Container Image Details
initContainersImage:
# init Containers image name
name: configurationinit
# tag name of init Container image
tag: 1.1.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# Ingress Gateway Update Container Image Details
updateContainersImage:
# update Containers image name
name: configurationupdate
# tag name of update Container image
tag: 1.1.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# enable Jaeger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# Update this configuration when jaeger tracing is enabled.
# udpsender host
host: "jaeger-agent.cne-infra"
# udpsender port
port: 6831
# Jaeger message sampler. Value range: 0 to 1
# e.g. Value 0: No Trace will be sent to Jaeger collector
# e.g. Value 0.3: 30% of message will be sampled and will be sent to Jaeger collector
# e.g. Value 1: 100% of message (i.e. all the messages) will be sampled and will be sent to Jaeger collector
probabilisticSampler: 0.5
# Allowed CipherSuites for TLS1.2
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
service:
# configuration under ssl section is mandatory if enableIncomingHttps is configured as "true"
ssl:
tlsVersion: TLSv1.2
privateKey:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ec_private_key_pkcs8.pem
certificate:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
rsa:
fileName: rsa_apigatewayTestCA.cer
ecdsa:
fileName: apigatewayTestCA.cer
caBundle:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: caroot.cer
keyStorePassword:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: key.txt
trustStorePassword:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: trust.txt
initialAlgorithm: RSA256
log:
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
level:
root: WARN
egress: INFO
oauth: INFO
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 1
# enable jagger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# udpsender host
host: "jaeger-agent.cne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
#OAUTH CONFIGURATION
oauthValidatorEnabled: false
nfType: NSSF
nfInstanceId: fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
producerScope: nnssf-nsselection,nnssf-nsavailability
allowedClockSkewSeconds: 0
nrfPublicKeyKubeSecret: nrfpublickeysecret
nrfPublicKeyKubeNamespace: ocnssf
validationType: strict
producerPlmnMNC: 123
producerPlmnMCC: 346
#Rate limiting configuration
rateLimiting:
enabled: false
routeRateLimiting:
enabled: true
globalIngressRateLimiting:
enabled: true
duration: 60 # in seconds
burstCapacity: 4
refillRate: 2
#########################################################
# Section End: ingressgateway attributes #
#########################################################
#########################################################
# Section Start: egressgateway attributes #
#########################################################
egress-gateway:
egress-gateway:
# This flag is for enabling/disabling HTTPS/2.0 (secured TLS) in Egress Gateway.
# If the value is set to false, NRF will send only HTTP/2.0 (unsecured) Egress Traffic
# If the value is set to true, NRF will send only HTTPS/2.0 (secured) Egress Traffic
enableOutgoingHttps: false
# Egress Gateway Service Container Image Details
deploymentEgressGateway:
# Egress Gateway image name
image: ocegress_gateway
# tag name of image
imageTag: 1.7.3
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# Egress Gateway Init Container Image Details
initContainersImage:
# init Containers image name
name: configurationinit
# tag name of image
tag: 1.1.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: IfNotPresent
# Egress Gateway Update Container Image Details
updateContainersImage:
# update Containers image name
name: configurationupdate
# tag name of image
tag: 1.1.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
# enable Jaeger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# Update this configuration when jaeger tracing is enabled.
# udpsender host
host: "jaeger-agent.cne-infra"
# udpsender port
port: 6831
# Jaeger message sampler. Value range: 0 to 1
# e.g. Value 0: No Trace will be sent to Jaeger collector
# e.g. Value 0.3: 30% of message will be sampled and will be sent to Jaeger collector
# e.g. Value 1: 100% of message (i.e. all the messages) will be sampled and will be sent to Jaeger collector
probabilisticSampler: 0.5
# ******** Sub-Section Start: SCP released Parameters ********
#*******************************************************************
# Using SCP as an Proxy in Egress Gateway
# If it is configured as false, SCP will not be used as an proxy.
# Messages will be directly sent to the Producers/HTTP Servers.
# If it is configured as true, SCP will be used as an Proxy for
# delivering messages to the Producers/HTTP Servers.
scpIntegrationEnabled: false
# SCP Configuration For Egress Gateway
# All the SCP related configuration will be used only
# if scpIntegrationEnabled is set to true.
#
# SCP's HTTP Host/IP and Port Combination.
# This will be while sending HTTP/2.0 (unsecured) traffic
scpHttpHost: localhost
scpHttpPort: 80
# SCP's HTTPS Host/IP and Port Combination.
# This will be while sending HTTPS/2.0 (secured) traffic
scpHttpsHost: localhost
scpHttpsPort: 443
# SCP's API Prefix. (Applicable only for SCP with TLS enabled)
# This will be used for constructing the Egress messgage's APIROOT while proxying message to SCP.
# Change this value to SCP's apiprefix. "/" is not expected to be provided along.
scpApiPrefix: /
# SCP's default scheme when 3gpp-sbi-target-apiroot header is missing
scpDefaultScheme: https
# ******** Sub-Section End : SCP released Parameters ********
#*******************************************************************
# Allowed CipherSuites for TLS1.2
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
log:
# setting logging level
# Possible values - OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
level:
root: WARN
egress: INFO
oauth: INFO
service:
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: ClusterIP
ssl:
tlsVersion: TLSv1.2
privateKey:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ec_private_key_pkcs8.pem
certificate:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
rsa:
fileName: rsa_apigatewayTestCA.cer
ecdsa:
fileName: apigatewayTestCA.cer
caBundle:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: caroot.cer
keyStorePassword:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: key.txt
trustStorePassword:
k8SecretName: accesstoken-secret
k8NameSpace: ocnssf
fileName: trust.txt
initialAlgorithm: RSA256
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 1
# ******** Sub-Section Start : OAUTH for notification Parameters ********
#*******************************************************************
nrfAuthority: ocnrf.oracle.com:80
nfType: NSSF
nfInstanceId: fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
oauthClientEnabled: false
consumerPlmnMNC: 101
consumerPlmnMCC: 100
#Jetty bean name
#when http enabled -> ''
#when https enabled -> jettysClient
httpClientBean: ''
# Flag to enable rate limiting for "notification" type of messages.
notificationRateLimit:
enabled: false
duration: 60
bucketCapacity: 4
refillRate: 2
# ******** Sub-Section end : OAUTH for notification Parameters ********
#*******************************************************************
#enable jagger tracing
jaegerTracingEnabled: false
openTracing:
jaeger:
udpSender:
# udpsender host
host: "occne-tracer-jaeger-agent.occne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
#########################################################
# Section End: egressgateway attributes #
#########################################################
#########################################################
# Section End: Common micro services #
#########################################################