5 Customizing Provisioning Gateway
In this section, you will learn to customize Provisioning Gateway deployment. You can customize it by overriding the default values of various configurable parameters.
A Provisioning Gateway Customization file is given
below:
# Copyright 2019 (C), Oracle and/or its affiliates. All rights reserved.
global:
dockerRegistry: ocudr-registry.us.oracle.com:5000
# Configure customer created service accounts
serviceAccountName:
# Configuration to enable UDR egress traffic through EGW
egress:
port: 8080
enabled: "true"
# port on which UDR's API-Gateway service is exposed
# If httpsEnabled is false, this Port would be HTTP/2.0 Port (unsecured)
# If httpsEnabled is true, this Port would be HTTPS/2.0 Port (secured SSL)
ingressGatewayHttpSignalingPort: 80
ingressGatewayHttpsSignalingPort: 443
#*********************************************************************
# ****************** UDR/SLF Configurations **************************
# *Please provde the SLF/UDR FQDNs persegment.
# *If you have only one segment, make sure you have the auditor_service.enable is set to false
# *Allowed values: FQDNs, IP:Port, FQDN:Port
#*********************************************************************
udr:
httpsEnabled: false
segDetails:
- name: SEG-1
fqdnValues: udr1-ingressgateway.udr1,udr2-ingressgateway.udr2
preferred: udr1-ingressgateway.udr1
- name: SEG-2
fqdnValues: udr3-ingressgateway.udr3,10.10.x.y:8081
preferred: udr3-ingressgateway.udr3
retryCount: 2
connectTimeout: 10000
connectionProbeTimer: 15000
#**************************************************************************
# ******** Sub-Section Start: Custom Extension Global Parameters ********
#**************************************************************************
customExtension:
allResources:
labels: {}
annotations: {}
lbServices:
labels: {}
annotations: {}
lbDeployments:
labels: {}
annotations: {}
nonlbServices:
labels: {}
annotations: {}
nonlbDeployments:
labels: {}
annotations: {}
# ******** Sub-Section End: Custiom Extensions Global Parameters ********
#**************************************************************************
# ******** Sub-Section Start: Prefix/Suffix Global Parameters ************
#**************************************************************************
k8sResource:
container:
prefix:
suffix:
# ******** Sub-Section End: Prefix/Suffix Global Parameters *************
#**************************************************************************
# provgw-service microservice configurations
provgw-service:
image:
name: provgw/provgw_service
tag: 1.8.0
pullPolicy: Always
service:
type: ClusterIP
port:
https: 5002
http: 5001
management: 9000
customExtension:
labels: {}
annotations: {}
deployment:
replicaCount: 2
customExtension:
labels: {}
annotations: {}
logging:
level:
root: "WARN"
resources:
limits:
cpu: 3
memory: 3Gi
requests:
cpu: 3
memory: 3Gi
target:
averageCpuUtil: 80
server:
redirect:
http: false
http2enabled: true
#Application Specific configuration
config:
#retryErrorCodes : Transient error codes on which provgw will retry the SLF requests
retryErrorCodes: 500,503
#retryCount: number of retries
retryCount: 2
#retryPeriod: time interval between each retry
retryPeriod: 2
minReplicas: 2
maxReplicas: 4
# provgw-service microservice configurations
auditor-service:
enabled: false
image:
name: provgw/auditor_service
tag: 1.8.0
pullPolicy: Always
service:
type: ClusterIP
port:
management: 9000
customExtension:
labels: {}
annotations: {}
deployment:
replicaCount: 1
customExtension:
labels: {}
annotations: {}
logging:
level:
root: "INFO"
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 2
memory: 2Gi
target:
averageCpuUtil: 80
server:
redirect:
http: false
http2enabled: true
#Application Specific configuration
#This is mandatory for auditor application, Please provide the range of subscribers to audit.
#The key must be either msisdn or imsi
key:
type: msisdn
range: 1003000000-1003000200
config:
#Frequency between each audit
auditFrequency: 15000
#Throttle rate for SLF audit
throttleRate: 100
minReplicas: 1
maxReplicas: 1
prov-ingressgateway:
global:
# Docker registry name
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: LoadBalancer
# Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: true
# Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
# If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort
# # Else random node port will be assigned by K8
staticNodePortEnabled: false
# In case of ASPEN Service Mesh enabled, to support clear text traffic from outside of the cluster below flag needs to be true.
istioIngressTlsSupport:
ingressGateway: false
image:
# image name
name: provgw/ocingress_gateway
# tag name of image
tag: 1.8.1
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
initContainersImage:
# inint Containers image name
name: provgw/configurationinit
# tag name of init Container image
tag: 1.4.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
updateContainersImage:
# update Containers image name
name: provgw/configurationupdate
# tag name of update Container image
tag: 1.4.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
deployment:
customExtension:
labels: {}
annotations: {}
service:
ssl:
tlsVersion: TLSv1.2
customExtension:
labels: {}
annotations: {}
privateKey:
k8SecretName: provgw-apigateway-secret
k8NameSpace: provgw
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ecdsa_private_key_pkcs8.pem
certificate:
k8SecretName: provgw-apigateway-secret
k8NameSpace: rovgw1
rsa:
fileName: apigatewayrsa.cer
ecdsa:
fileName: apigatewayecdsa.cer
caBundle:
k8SecretName: provgw-apigateway-secret
k8NameSpace: provgw
fileName: caroot.cer
keyStorePassword:
k8SecretName: provgw-apigateway-secret
k8NameSpace: provgw
fileName: key.txt
trustStorePassword:
k8SecretName: provgw-apigateway-secret
k8NameSpace: provgw
fileName: trust.txt
initialAlgorithm: RSA256
# Resource details
resources:
limits:
cpu: 3
memory: 4Gi
initServiceCpu: 1
initServiceMemory: 1Gi
updateServiceCpu: 1
updateServiceMemory: 1Gi
requests:
cpu: 3
memory: 4Gi
initServiceCpu: 1
initServiceMemory: 1Gi
updateServiceCpu: 1
updateServiceMemory: 1Gi
target:
averageCpuUtil: 80
log:
level:
root: WARN
ingress: INFO
oauth: INFO
# enable jaeger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# udpsender host
host: "occne-tracer-jaeger-agent.occne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
# Number of Pods must always be available, even during a disruption.
minAvailable: 2
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 2
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 5
# label to override name of api-gateway micro-service name
#fullnameOverride: provgw-endpoint
# To Initialize SSL related infrastructure in init/update container
initssl: false
# Cipher suites to be enabled on server side
ciphersuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_256_CCM
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#OAUTH CONFIGURATION
oauthValidatorEnabled: false
nfType: SMF
nfInstanceId: 6faf1bbc-6e4a-4454-a507-a14ef8e1bc11
producerScope: nsmf-pdusession,nsmf-event-exposure
allowedClockSkewSeconds: 0
nrfPublicKeyKubeSecret: nrfpublickeysecret
nrfPublicKeyKubeNamespace: ingress
validationType: strict
producerPlmnMNC: 123
producerPlmnMCC: 346
#Server Configuration for http and https support
#Server side http support
enableIncomingHttp: true
#Server side https support
enableIncomingHttps: false
#Client side https support
enableOutgoingHttps: false
maxRequestsQueuedPerDestination: 5000
maxConnectionsPerIp: 10
#The connectio TImeout must be greater than the requestTImeout
connectionTimeout: 25000 #(ms)
#The requestTImeout value must be greater than or equals to the the product of config.retryPeriod and config.retryCount plus 5
requestTimeout: 21000 #(ms)
#Service Mesh (Istio) to take care of load-balancing
serviceMeshCheck: false
# configuring routes
routesConfig:
- id: traffic_mapping_rest_group_prov
uri: http://{{ .Release.Name }}-provgw-service:5001
path: /**
order: 1
prov-egressgateway:
#fullnameOverride : 'provgw-egress-gateway'
nfType: ProvGw
#global:
# dockerRegistry: udr-pv2-bastion-1:5000/ocudr
deploymentEgressGateway:
image: provgw/ocegress_gateway
imageTag: 1.8.1
pullPolicy: Always
initContainersImage:
# inint Containers image name
name: configurationinit
# tag name of init Container image
tag: 1.4.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
updateContainersImage:
# update Containers image name
name: configurationupdate
# tag name of update Container image
tag: 1.4.0
# Pull Policy - Possible Values are:- Always, IfNotPresent, Never
pullPolicy: Always
# enable jagger tracing
jaegerTracingEnabled: false
deployment:
customExtension:
labels: {}
annotations: {}
openTracing :
jaeger:
udpSender:
# udpsender host
host: "jaeger-agent.cne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
# ---- Oauth Configuration - BEGIN ----
oauthClient:
enabled: false
dnsSrvEnabled: false
httpsEnabled: false
virtualFqdn: localhost:port
staticNrfList:
- localhost:port
nfType: UDR
nfInstanceId: 5a7bd676-ceeb-44bb-95e0-f6a55a328b03
consumerPlmnMNC: 14
consumerPlmnMCC: 310
maxRetry: 2
apiPrefix: ""
errorCodeSeries: 4XX
retryAfter: 5000
# ---- Oauth Configuration - END ----
#jetty client configuration
maxConcurrentPushedStreams: 1000
maxRequestsQueuedPerDestination: 1024
#maxConnectionsPerDestination: 4
maxConnectionsPerIp: 4
connectionTimeout: 10000 #(ms)
requestTimeout: 1000 #(ms)
jettyIdleTimeout: 0 #(ms,<=0 -> to make timeout infinite)
minReplicas: 2
maxReplicas: 2
minAvailable: 5
# ---- HTTPS Configuration - BEGIN ----
initssl: false
enableOutgoingHttps: false
service:
type: ClusterIP
customExtension:
labels: {}
annotations: {}
ssl:
tlsVersion: TLSv1.2
initialAlgorithm: RSA256
privateKey:
k8SecretName: provgw-apigateway-secret
k8NameSpace: provgw
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ecdsa_private_key_pkcs8.pem
certificate:
k8SecretName: provgw-apigateway-secret
k8NameSpace: provgw
rsa:
fileName: apigatewayrsa.cer
ecdsa:
fileName: apigatewayecdsa.cer
caBundle:
k8SecretName: provgw-apigateway-secret
k8NameSpace: provgw
fileName: caroot.cer
keyStorePassword:
k8SecretName: provgw-apigateway-secret
k8NameSpace: provgw
fileName: key.txt
trustStorePassword:
k8SecretName: provgw-apigateway-secret
k8NameSpace: provgw
fileName: trust.txt
# ---- HTTPS Configuration - END ----
#Enable this if loadbalancing is to be done by egress instead of K8s
K8ServiceCheck: false
# Resource details
resources:
limits:
cpu: 3
memory: 5Gi
initServiceCpu: 1
initServiceMemory: 1Gi
updateServiceCpu: 1
updateServiceMemory: 1Gi
requests:
cpu: 3
memory: 5Gi
initServiceCpu: 1
initServiceMemory: 1Gi
updateServiceCpu: 1
updateServiceMemory: 1Gi
target:
averageCpuUtil: 80
#Set the root log level
log:
level:
root: WARN
egress: INFO
oauth: INFO
The configurable parameters of Provisioning Gateway are:
Note:
( * ) - The fields in the following table tagged with '*" are mandatory.| parameter | Description | Default value | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|
| dockerRegistry | Docker registry from where the images will be pulled | ocudr-registry.us.oracle.com:5000 | Not applicable | |
| serviceAccountName | Service account name | null | Not Applicable | The serviceaccount, role and rolebindings required for deployment should be done prior to the installation. Use the created serviceaccountname here. |
| prefix.container | Container configurable prefix | null | Not Applicable | If this is configured with some value, the same will be used as prefix for container names on different pods of ProvGw deployment. If Not configured, release name will be used as preifx. |
| prefix.configmap | Configmap configurabe prefix | null | Not Applicable | If this is configured with some value, the same will be used as prefix for configmap names. if Not configured, release name will be used as preifx. |
| prefix.hpa | HPA configurable prefix | null | Not Applicable | If this is configured with some value, the same will be used as prefix for HPA names. If Not configured, release name will be used as preifx. |
| egress.enabled | Enable egress gateway | true | true/false | This flag will enable egress gateway and all the requests to SLF will go via egress gateway from provisioning gateway |
| egress.port | Port of egress gateway | 8080 | Not Applicable | the https port of egress gateway which will send the requests to UDRs |
| *udr.segDetails | Segment details of UDRs | **Not Applicable | Not Applicable |
To be used to send SLF requests to UDRs. This accepts yaml array of segments. name - Name of the segment fqdnValues - FQDNs/SLFs present in that segment preferred - preferred SLF among the fqdnValues e.g. udr:
segs:
- name: SEG-1
fqdnValues: ocudr1-ingressgateway.ocudr1,ocudr2-ingressgateway.ocudr2
preferred: ocudr1-ingressgateway.ocudr1
- name: SEG-2
fqdnValues: ocudr3-ingressgateway.ocudr3,ocudr4-ingressgateway.ocudr4
preferred: ocudr3-ingressgateway.ocudr3
|
| udr.httpsEnabled | Enable https while sending requests UDR. | false | true/false | If UDR ingressgateway initssl and Incominghttps is enabled, and we need https only, then please enable this. Make sure the prov-egressgateway is deployed with initssl and enableOutGoingHttps flags as true |
| udr.connectTimeout | The provgw timeout value for any request in case UDR/SLF doesn't respond in milliseconds | 10000 | Not Applicable | Time is in milliseconds |
| udr.connectionProbeTimer | Connection probe Timeout for periodic fetching of the active SLF in a segment in milliseconds | 15000 | Not Applicable | Time is in milliseconds |
| customExtension.allResources.labels | Custom Labels that needs to be added to all the OCNRF k8s resources | null | Not Applicable | This can be used to add custom label(s) to all k8s resources that will be created by OCNRF helm chart. |
| customExtension.allResources.annotations | Custom Annotations that needs to be added to all the OCNRF k8s resources | null |
Not Applicable Note: ASM related annotations to be added under ASM Specific Configuration section |
This can be used to add custom annotation(s) to all k8s resources that will be created by OCNRF helm chart. |
| customExtension.lbServices.labels | Custom Labels that needs to be added to OCNRF Services that are considered as Load Balancer type | null | Not Applicable | This can be used to add custom label(s) to all Load Balancer Type Services that will be created by OCNRF helm chart. |
| customExtension.lbServices.annotations | Custom Annotations that needs to be added to OCNRF Services that are considered as Load Balancer type | null | Not Applicable | This can be used to add custom annotation(s) to all Load Balancer Type Services that will be created by OCNRF helm chart. |
| customExtension.lbDeployments.labels | Custom Labels that needs to be added to OCNRF Deployments that are associated to a Service which is of Load Balancer type | null | Not Applicable | This can be used to add custom label(s) to all Deployments that will be created by OCNRF helm chart which are associated to a Service which if of Load Balancer Type. |
| customExtension.lbDeployments.annotations | Custom Annotations that needs to be added to OCNRF Deployments that are associated to a Service which is of Load Balancer type | null |
Not Applicable Note: ASM related annotations to be added under ASM Specific Configuration section |
This can be used to add a custom annotation(s) to all Deployments that will be created by OCNRF helm chart which are associated to a Service which if of Load Balancer Type. |
| customExtension.nonlbServices.labels | Custom Labels that needs to be added to OCNRF Services that are considered as not Load Balancer type | null | Not Applicable | This can be used to add custom label(s) to all non-Load Balancer Type Services that will be created by OCNRF helm chart. |
| customExtension.nonlbServices.annotations | Custom Annotations that needs to be added to OCNRF Services that are considered as not Load Balancer type | null | Not Applicable | This can be used to add a custom annotation(s) to all non-Load Balancer Type Services that will be created by OCNRF helm chart. |
| customExtension.nonlbDeployments.labels | Custom Labels that needs to be added to OCNRF Deployments that are associated to a Service which is not of Load Balancer type | null |
Not Applicable Note: ASM related annotations to be added under ASM Specific Configuration section |
This can be used to add custom label(s) to all Deployments that will be created by OCNRF helm chart which are associated to a Service which if not of Load Balancer Type. |
| customExtension.nonlbDeployments.annotations | Custom Annotations that needs to be added to OCNRF Deployments that are associated to a Service which is not of Load Balancer type | null | Not Applicable | This can be used to add custom annotation(s) to all Deployments that will be created by OCNRF helm chart which are associated to a Service which if not of Load Balancer Type. |
| k8sResource.container.prefix | Value that will be prefixed to all the container names of OCNRF. | null | Not Applicable | This value will be used to prefix to all the container names of OCNRF. |
| k8sResource.container.suffix | Value that will be suffixed to all the container names of OCNRF. | null | Not Applicable | This value will be used to prefix to all the container names of OCNRF. |
Following table provides parameters for provgw-service micro service.
| parameter | Description | Default value | Range of possible values(if applicable | Notes |
|---|---|---|---|---|
| image.pullPolicy | This setting will tell if image needs to be pulled or not | Always |
Always IfNotPresent Never |
|
| service.type | ProvGw service type | ClusterIP |
ClusterIP NodePort LoadBalancer |
The Kubernetes service type for exposing ProvGw deployment Note: Suggested to be set as ClusterIP (default value) always |
| config.retryErrorCodes | Transient Error codes for retry | 500,503 | comma separated HTTP error codes | Upon receiving these transient error codes from UDR, provGw will retry with the same request to UDR. |
| image.name | Image name | provgw/provgw-service | Not Applicable | |
| image.tag | Tag of Image | 1.8.0 | Not Applicable | |
| service.port.http | HTTP port | 5001 | Not Applicable | The http port to be used in provGw service |
| service.port.https | HTTPS port | 5002 | Not Applicable | The https port to be used in provgw service |
| service.port.management | Management port | 9000 | Not Applicable | The Prometheus management port to be used for ProvGw service |
| deployment.replicaCount | Replicas of provgw pod | 2 | Not applicable | Number of provgw pods to be maintained by replica set created with deployment |
| config.retryCount | Retry count in case of transient error | 2 | Not applicable | Number of times retry should happen in case of transient error |
| config.retryPeriod | retry interval in seconds | 2 | Not applicable | The time gap between two retries. min value should be 1 |
| resources.requests.cpu | Cpu Allotment for nudr-drservice pod | 3 | Not applicable | The cpu to be allocated for prov-gw pod during deployment |
| resources.requests.memory | Memory allotment for nudr-drservice pod | 4Gi | Not applicable | The memory to be allocated for prov-gw pod during deployment |
| resources.limits.cpu | Cpu allotment limitation | 3 | Not applicable | |
| resources.limits.memory | Memory allotment limitation | 4Gi | Not applicable | |
| resources.target.averageCpuUtil | CPU utilization limit for autoscaling | 80 | Not Applicable | CPU utilization limit for creating HPA |
| minReplicas | Minimum Replicas | 2 | Not Applicable | Minimum number of pods |
| maxReplicas | Maximum Replicas | 4 | Not Applicable | Maximum number of pods |
| service.customExtension.labels | Custom Labels that needs to be added to provgw specific Service. | null | Not applicable | This can be used to add custom label(s) to provgw Service. |
| service.customExtension.annotations | Custom Annotations that needs to be added to provgw specific Services. | null | Not applicable | This can be used to add custom annotation(s) to provgw Service. |
| deployment.customExtension.labels | Custom Labels that needs to be added to provgw specific Deployment. | null | Not applicable | This can be used to add custom label(s) to provgw Deployment. |
| deployment.customExtension.annotations | Custom Annotations that needs to be added to provgw specific Deployment. | null | Not applicable | This can be used to add custom annotation(s) to provgw Deployment. |
| server.redirect.http | Enable redirecting HTTP mesagases | false | true/false | |
| server.http2enabled | Enabled HTTP2 support flag | true | true/false | |
| logging.level.root | Log Level | WARN |
WARN INFO DEBUG ERROR |
Log level of the Provisioning gateway pod |
Following table provides parameters for auditor-service micro service.
| Parameter | Description | Default Value | Range of possible values (if applicable | Notes |
|---|---|---|---|---|
| enable | Enable/disable auditor service | false | true/false | This flag enables or disables auditor service |
| image.name | Image name | provgw/auditor-service | Not Applicable | |
| image.tag | Tag of Image | 1.8.0 | Not Applicable | |
| image.pullPolicy | This setting will tell if the image needs to be pulled or not | Always |
Always IfNotPresent Never |
|
| service.type | ProvGw service type | ClusterIP |
ClusterIP NodePort LoadBalancer |
The Kubernetes service type for exposing ProvGw deployment Note: Suggested to be set as ClusterIp (default value) always |
| deployment.replicaCount | Replicas of auditor pod | 1 | Not applicable | Number of auditor pods to be maintained by replica set created with deployment |
| logging.level.root | Log Level | INFO |
WARN INFO DEBUG ERROR |
Log level of the auditor pod |
| key.type | type of key to be used for auditing | msisdn | msisdnimsi | |
| key.range | Range of keys to be audited | Not applicable | Not applicable | |
| config.auditFrequency | the frequency at which audit will start reporting again after completion of the previous instance | 15000 | Not applicable | time in milliseconds |
| config.throttleRate | Throttling rate for the auditor microservice to send messages to udr | 100 | 1 - 2000 | The total number of messages throttled per second to each slf |
| server.redirect.http | Enable redirecting HTTP mesagases | false | true/false | |
| server.http2enabled | Enabled HTTP2 support flag | true | true/false | |
| resources.requests.cpu | Cpu Allotment for nudr-drservice pod | 2 | Not applicable | The cpu to be allocated for auditor pod during deployment |
| resources.requests.memory | Memory allotment for nudr-drservice pod | 2Gi | Not applicable | The memory to be allocated for auditor pod during deployment |
| resources.limits.cpu | Cpu allotment limitation | 2 | Not applicable | |
| resources.limits.memory | Memory allotment limitation | 2Gi | Not applicable | |
| resources.target.averageCpuUtil | CPU utilization limit for autoscaling | 80 | Not Applicable | CPU utilization limit for creating HPA |
| minReplicas | Minimum Replicas | 1 | Not Applicable | Minimum number of pods |
| maxReplicas | Maximum Replicas | 1 | Not Applicable | Maximum number of pods |
| service.customExtension.labels | Custom Labels that needs to be added to auditor specific Service. | null | Not applicable | This can be used to add custom label(s) to auditor Service. |
| service.customExtension.annotations | Custom Annotations that needs to be added to auditor specific Services. | null | Not applicable | This can be used to add custom annotation(s) to auditor Service. |
| deployment.customExtension.labels | Custom Labels that needs to be added to auditor specific Deployment. | null | Not applicable | This can be used to add custom label(s) to auditor Deployment. |
| deployment.customExtension.annotations | Custom Annotations that needs to be added to auditor specific Deployment. | null | Not applicable | This can be used to add custom annotation(s) to auditor Deployment. |
Following table provides parameters for provgw-ingressgateway micro service (API Gateway).
| Parameter | Description | Default value | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|
| global.type | provgw-prov-ingressgateway service type | LoadBalancer |
Possbile Values- ClusterIP NodePort LoadBalancer |
|
| global.metalLbIpAllocationEnabled | Enable or disable Address Pool for Metallb | true | true/false | |
| global.metalLbIpAllocationAnnotation | Address Pool for Metallb | "metallb.universe.tf/address-pool: signaling" | Not applicable | |
| global.staticNodePortEnabled | If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort | false | Not applicable | |
| global.publicHttpSignalingPort | Port used on which ingressgateway listens for incoming http requests. | 80 | Valid Port | |
| global.publicHttpsSignallingPort | Port used on which ingressgateway listens for incoming https requests. | 443 | Valid Port | |
| image.name | Docker image name | provgw/ocingress_gateway | Not applicable | |
| image.tag | Image version tag | 1.8.1 | Not applicable | |
| image.pullPolicy | This setting will tell if image need to be pulled or not | Always |
Possible Values - Always IfNotPresent Never |
|
| initContainersImage.name | Docker image name | provgw/configurationinit | Not applicable | |
| initContainersImage.tag | Image version tag | 1.4.0 | Not applicable | |
| initContainersImage.pullPolicy | This setting will tell if image need to be pulled or not | Always |
Possible Values - Always IfNotPresent Never |
|
| updateContainersImage.name | Docker image name | provgw/configurationupdate | Not applicable | |
| updateContainersImage.tag | Image version tag | 1.4.0 | Not applicable | |
| updateContainersImage.pullPolicy | This setting will tell if image need to be pulled or not | Always |
Possible Values - Always IfNotPresent Never |
|
| service.ssl.privateKey.k8SecretName | name of the secret which stores keys and certificates | provgw-apigateway-secret | Not applicable | |
| service.ssl.privateKey.k8NameSpace | namespace in which secret is created | provgw | Not applicable | |
| service.ssl.privateKey.rsa.fileName | rsa private key stored in the secret | rsa_private_key_pkcs1.pem | Not applicable | |
| service.ssl.privateKey.ecdsa.fileName | ecdsa private key stored in the secret | ecdsa_private_key_pkcs8.pem | Not applicable | |
| service.ssl.certificate.k8SecretName | name of the secret which stores keys and certificates | provgw-apigateway-secret | Not applicable | |
| service.ssl.certificate.k8NameSpace | namespace in which secret is created | provgw | Not applicable | |
| service.ssl.certificate.rsa.fileName | rsa certificate stored in the secret | apigatewayrsa.cer | Not applicable | |
| service.ssl.certificate.ecdsa.fileName | ecdsa certificate stored in the secret | apigatewayecdsa.cer | Not applicable | |
| service.ssl.caBundle.k8SecretName | name of the secret which stores keys and certificates | provgw-apigateway-secret | Not applicable | |
| service.ssl.caBundle.k8NameSpace | namespace in which secret is created | provgw | Not applicable | |
| service.ssl.caBundle.fileName | ca Bundle stored in the secret | caroot.cer | Not applicable | |
| service.ssl.keyStorePassword.k8SecretName | name of the secret which stores keys and certificates | provgw-apigateway-secret | Not applicable | |
| service.ssl.keyStorePassword.k8NameSpace | namespace in which secret is created | provgw | Not applicable | |
| service.ssl.keyStorePassword.fileName | keyStore password stored in the secret | key.txt | Not applicable | |
| service.ssl.trustStorePassword.k8SecretName | name of the secret which stores keys and certificates | provgw-apigateway-secret | Not applicable | |
| service.ssl.trustStorePassword.k8NameSpace | namespace in which secret is created | provgw | Not applicable | |
| service.ssl.trustStorePassword.fileName | trustStore password stored in the secret | trust.txt | Not applicable | |
| resources.limits.cpu | Cpu allotment limitation | 3 | Not applicable | |
| resources.limits.memory | Memory allotment limitation | 4Gi | Not applicable | |
| resources.limits.initServiceCpu | Maximum amount of CPU that K8s will allow the ingress-gateway init container to use. | 1 | Not applicable | |
| resources.limits.initServiceMemory | Memory Limit for ingress-gateway init container | 1Gi | Not applicable | |
| resources.limits.updateServiceCpu | Maximum amount of CPU that K8s will allow the ingress-gateway update container to use. | 1 | Not applicable | |
| resources.limits.updateServiceMemory | Memory Limit for ingress-gateway update container | 1Gi | Not applicable | |
| resources.requests.cpu | Cpu allotment for provgw-prov-ingressgateway pod | 3 | Not Applicable | |
| resources.requests.memory | Memory allotment for provgw-prov-ingressgateway pod | 4Gi | Not Applicable | |
| resources.requests.initServiceCpu | The amount of CPU that the system will guarantee for the ingress-gateway init container, and K8s will use this value to decide on which node to place the pod | Not applicable | ||
| resources.requests.initServiceMemory | The amount of memory that the system will guarantee for the ingress-gateway init container, and K8s will use this value to decide on which node to place the pod | Not applicable | ||
| resources.requests.updateServiceCpu | The amount of CPU that the system will guarantee for the ingress-gateway update container, and K8s will use this value to decide on which node to place the pod. | Not applicable | ||
| resources.requests.updateServiceMemory | The amount of memory that the system will guarantee for the ingress-gateway update container, and K8s will use this value to decide on which node to place the pod. | Not applicable | ||
| resources.target.averageCpuUtil | CPU utilization limit for autoscaling | 80 | Not Applicable | |
| minAvailable | Number of pods always running | 2 | Not Applicable | |
| minReplicas | Min replicas to scale to maintain an average CPU utilization | 2 | Not applicable | |
| maxReplicas | Max replicas to scale to maintain an average CPU utilization | 5 | Not applicable | |
| log.level.root | Logs to be shown on provgw-prov-ingressgateway pod | WARN | valid level | |
| log.level.ingress | Logs to be shown on provgw-prov-ingressgateway pod for ingress related flows | INFO | valid level | |
| log.level.oauth | Logs to be shown on provgw-prov-ingressgateway pod for oauth related flows | INFO | valid level | |
| initssl | To Initialize SSL related infrastructure in init/update container | true | Not Applicable | |
| jaegerTracingEnabled | Enable/Disable Jaeger Tracing | false | true/false | |
| openTracing.jaeger.udpSender.host | Jaeger agent service FQDN | occne-tracer-jaeger-agent.occne-infra | Valid FQDN | |
| openTracing.jaeger.udpSender.port | Jaeger agent service UDP port | 6831 | Valid Port | |
| openTracing.jaeger.probabilisticSampler | Probablistic Sampler on Jaeger | 0.5 | Range: 0.0 - 1.0 | Sampler makes a random sampling decision with the probability of sampling. For example if the value set is 0.1, approximately 1 in 10 traces will be sampled. |
| oauthValidatorEnabled | OAUTH Configuration | false | Not Applicable | |
| enableIncomingHttp | Enabling for accepting http requests | true | Not Applicable | |
| enableIncomingHttps | Enabling for accepting https requests | true | true or false | |
| enableOutgoingHttps | Enabling for sending https requests | false | true or false | |
| maxRequestsQueuedPerDestination | Queue Size at the provgw-prov-ingressgateway pod | 5000 | Not Applicable | |
| maxConnectionsPerIp | Connections from ingressgateway to other microServices | 10 | Not Applicable | |
| routesConfig | Routes configured to connect to ProvGw | - id: traffic_mapping_rest_group_prov uri: http://{{ .Release.Name }}-prov-gw:5001 path: /** | Not Applicable | |
| service.customExtension.labels | Custom Labels that needs to be added to ingress-gateway specific Service. | null | Not applicable | This can be used to add custom label(s) to ingress-gateway Service. |
| service.customExtension.annotations | Custom Annotations that needs to be added to ingress-gateway specific Services. | null | Not applicable | This can be used to add custom annotation(s) to ingress-gateway Service. |
| deployment.customExtension.labels | Custom Labels that needs to be added to ingress-gateway specific Deployment. | nul | Not applicable | This can be used to add custom label(s) to ingress-gateway Deployment. |
| deployment.customExtension.annotations | Custom Annotations that needs to be added to ingress-gateway specific Deployment. | null |
Not applicable Note: ASM related annotations to be added under ASM Specific Configuration section |
This can be used to add custom annotation(s) to ingress-gateway Deployment. |
| connectionTimeout | Timeout for each connection request | 25000 | Not applicable | This is used for configuring the timeout value for each client connection. This value must be greater than the requestTimeout |
| requestTimeout | TImeout for each request | 21000 | Not applicable | This config is used for configuring the request time out value. This must be greater than the product of config.retryCount and config.retryPeriod from provgw micro service |
| serviceMeshCheck | Load balancing will be handled by Ingress gateway, if true it would be handled by serviceMesh | true | true/false |
Following table provides parameters for provgw-egressgateway micro service (API Gateway).
| Parameter | Description | Default Value | Range or Possible Values(if applicable) | Notes |
|---|---|---|---|---|
| type | provgw-prov-egressgateway service type | LoadBalancer |
Possbile Values- ClusterIP NodePort LoadBalance |
|
| image.name | Docker Image name | provgw/ocegress_gateway | Not applicable | |
| image.tag | Image version tag | 1.8.1 | Not applicable | |
| image.pullPolicy | This setting will tell if the image needs to be pulled or not | Always |
Possible Values - Always IfNotPresent Never |
|
| initContainersImage.name | Docker Image name | provgw/configurationinit | Not applicable | |
| initContainersImage.tag | Image version tag | 1.4.0 | Not applicable | |
| initContainersImage.pullPolicy | This setting will tell if the image needs to be pulled or not | Always |
Possible Values - Always IfNotPresent Never |
|
| updateContainersImage.name | Docker Image name | provgw/configurationupdate | Not applicable | |
| updateContainersImage.tag | Image version tag | 1.4.0 | Not applicable | |
| updateContainersImage.pullPolicy | This setting will tell if the image needs to be pulled or not | Always |
Possible Values - Always IfNotPresent Never |
|
| service.ssl.privateKey.k8SecretName | name of the secret which stores keys and certificates | provgw-apigateway-secret | Not applicable | |
| service.ssl.privateKey.k8NameSpace | namespace in which secret is created | provgw | Not applicable | |
| service.ssl.privateKey.rsa.fileName | rsa private key stored in the secret | rsa_private_key_pkcs1.pem | Not applicable | |
| service.ssl.privateKey.ecdsa.fileName | ecdsa private key stored in the secre | ecdsa_private_key_pkcs8.pem | Not applicable | |
| service.ssl.certificate.k8SecretName | name of the secret which stores keys and certificates | provgw-apigateway-secret | Not applicable | |
| service.ssl.certificate.k8NameSpace | namespace in which secret is created | provgw | Not applicable | |
| service.ssl.certificate.rsa.fileName | rsa certificate stored in the secret | apigatewayrsa.cer | Not applicable | |
| service.ssl.certificate.ecdsa.fileName | ecdsa certificate stored in the secret | apigatewayecdsa.cer | Not applicable | |
| service.ssl.caBundle.k8SecretName | name of the secret which stores keys and certificates | provgw-apigateway-secret | Not applicable | |
| service.ssl.caBundle.k8NameSpace | namespace in which secret is created | provgw | Not applicable | |
| service.ssl.caBundle.fileName | ca Bundle stored in the secret | caroot.cer | Not applicable | |
| service.ssl.keyStorePassword.k8SecretName | name of the secret which stores keys and certificates | provgw-apigateway-secret | Not applicable | |
| service.ssl.keyStorePassword.k8NameSpace | namespace in which secret is created | provgw | Not applicable | |
| service.ssl.keyStorePassword.fileName | keyStore password stored in the secret | key.txt | Not applicable | |
| service.ssl.trustStorePassword.k8SecretName | name of the secret which stores keys and certificates | provgw-apigateway-secret | Not applicable | |
| service.ssl.trustStorePassword.k8NameSpace | namespace in which secret is created | provgw | Not applicable | |
| service.ssl.trustStorePassword.fileName | trustStore password stored in the secret | trust.txt | Not applicable | |
| minAvailable | Number of pods always running | 2 | Not applicable | |
| minReplicas | Min replicas to scale to maintain an average CPU utilization | 2 | Not applicable | |
| maxReplicas | Max replicas to scale to maintain an average CPU utilization | 5 | Not applicable | |
| log.level.root | Logs to be shown on ocudr-egressgateway pod | WARN | Not applicable | |
| log.level.egress | Logs to be shown on ocudr-egressgateway pod for egress related flows | INFO | Not applicable | |
| log.level.oauth | Logs to be shown on ocudr-egressgateway pod for oauth related flows | INFO | Not applicable | |
| resources.limits.cpu | Cpu allotment limitation | 3 | Not applicable | |
| resources.limits.memory | Memory allotment limitation | 4Gi | Not applicable | |
| resources.limits.initServiceCpu | Maximum amount of CPU that K8s will allow the egress-gateway init container to use. | 1 | Not applicable | |
| resources.limits.initServiceMemory | Memory Limit for egress-gateway init container | 1Gi | Not applicable | |
| resources.limits.updateServiceCpu | Maximum amount of CPU that K8s will allow the egress-gateway update container to use. | 1 | Not applicable | |
| resources.limits.updateServiceMemory | Memory Limit for egress-gateway update container | 1Gi | Not applicable | |
| resources.requests.cpu | Cpu allotment for provgw-prov-egressgateway pod | 3 | Not Applicable | |
| resources.requests.memory | Memory allotment for provgw-prov-egressgateway pod | 4Gi | Not Applicable | |
| resources.requests.initServiceCpu | The amount of CPU that the system will guarantee for the egress-gateway init container, and K8s will use this value to decide on which node to place the pod | Not applicable | ||
| resources.requests.initServiceMemory | The amount of memory that the system will guarantee for the egress-gateway init container, and K8s will use this value to decide on which node to place the pod | Not applicable | ||
| resources.requests.updateServiceCpu | The amount of CPU that the system will guarantee for the egress-gateway update container, and K8s will use this value to decide on which node to place the pod. | Not applicable | ||
| resources.requests.updateServiceMemory | The amount of memory that the system will guarantee for the egress-gateway update container, and K8s will use this value to decide on which node to place the pod. | Not applicable | ||
| resources.target.averageCpuUtil | CPU utilization limit for autoscaling | 80 | Not Applicable | |
| openTracing.jaeger.probabilisticSampler | Probabilistic Sampler on Jaeger | 0.5 | Range: 0.0 - 1.0 | Sampler makes a random sampling decision with the probability of sampling. For example if the value set is 0.1, approximately 1 in 10 traces will be sampled. |
| enableOutgoingHttps | Enabling for sending https requests | false | true/false | |
| oauthClientEnabled | Enable if oauth is required | false | true/false | Enable based on Oauth configuration |
| nrfAuthority | Nrf Authoriy configuration | 10.75.224.7:8085 | Not Applicable | |
| nfInstanceId | Nrf Instance Id | Not Applicable | ||
| consumerPlmnMNC | plmnmnc | 345 | Not Applicable | |
| consumerPlmnMCC | plmnmcc | 567 | Not Applicable | |
| service.customExtension.labels | Custom Labels that needs to be added to egress-gateway specific Service. | null | Not applicable | This can be used to add custom label(s) to ingress-gateway Service. |
| service.customExtension.annotations | Custom Annotations that needs to be added to egress-gateway specific Services. | null | Not applicable | This can be used to add custom annotation(s) to egress-gateway Service. |
| deployment.customExtension.labels | Custom Labels that needs to be added to egress-gateway specific Deployment. | null | Not applicable | This can be used to add custom label(s) to egress-gateway Deployment. |
| deployment.customExtension.annotations | Custom Annotations that needs to be added to egress-gateway specific Deployment. | null | Not applicable | This can be used to add custom annotation(s) to egress-gateway Deployment. |