3 Customizing OCNRF
This section includes information about OCNRF customization.
OCNRF Configuration
This section describes about the OCNRF customization.
The OCNRF deployment is customized by overriding the default values of various configurable parameters.
Follow the below steps to customize the
ocnrf-custom-values-1.8.0.yaml file as per the required parameters:
- Go to the Oracle Help Center (OHC) Web site.
- Navigate to Industries->Communications->Cloud Native Core->Release 2.3.0.
- Click the NRF Custom Template link to download the zip file.
- Unzip the file to get ocnrf-custom-configTemplates-1.8.0.0.0 file that
contains the ocnrf-custom-configTemplates-1.8.0.0.0. This file is used during
installation.
ocnrf-custom-values-1.8.0.yaml: This file is used during installation.NrfDashboard-1.8.0.json: This file is used bygrafana.NrfAlertrules-1.8.0.yaml: This file is used forprometheus.OCNRF-MIB-TC-1.8.0.mib: This is considered as OCNRF top level mib file, where the Objects and their data types are defined.OCNRF-MIB-1.8.0.mib: This file fetches the Objects from the top level mib file and based on the Alert notification, these objects can be selected for display.OCNRF-Configuration-OpenAPI-1.8.0.yaml: This file is OPEN API specification for OCNRF configuration.
- Customize the ocnrf-custom-values-1.8.0.yaml file.
- Save the updated ocnrf-custom-values-1.8.0.yaml file in the helm chart directory.
Note:
Refer section OCNRF Configuration Parameters to know more about the configurable parameters.OCNRF Images
Following are the OCNRF images:
Table 3-1 OCNRF Images
| Services | Image | Tag |
|---|---|---|
| <helm-release-name>-nfregistration |
ocnrf-nfregistration
|
1.8.0 |
| <helm-release-name>-nfsubscription |
ocnrf-nfsubscription
|
1.8.0 |
| <helm-release-name>-nfdiscovery |
ocnrf-nfdiscovery
|
1.8.0 |
| <helm-release-name>-nrfauditor |
ocnrf-nrfauditor
|
1.8.0 |
| <helm-release-name>-nrfconfiguration | ocnrf-nrfconfiguration
|
1.8.0 |
| <helm-release-name>-appinfo | ocnrf-appinfo |
1.8.0 |
| <helm-release-name>-nfaccesstoken |
configurationinit
|
1.4.0 |
configurationupdate
|
1.4.0 | |
ocnrf-nfaccesstoken
|
1.8.0 | |
| <helm-release-name>-egressgateway |
configurationinit
|
1.4.0 |
configurationupdate
|
1.4.0 | |
ocegress_gateway
|
1.8.1 | |
| <helm-release-name>-ingressgateway |
configurationinit
|
1.4.0 |
configurationupdate
|
1.4.0 | |
ocingress_gateway
|
1.8.1 |
Note:
IngressGateway, EgressGateway and NFAccessToken uses same configurationinit and configurationupdate docker images.OCNRF Configuration Parameters
This section includes information about the configuration parameters of OCNRF.
OCNRF allows customization of parameters for the following services and related settings.
Mandatory Configurations
Following is the mandatory parameter, which must be configured before installing OCNRF:
nrfInstanceId: NFInstanceID of OCNRF.
Global Parameters
Table 3-2 Global Parameters
| Parameter | Description | Default value | Mandatory (M)/Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
mysql.primary.host
|
Primary DB Connection Service IP or Hostname | mysql-connectivity-service.occne-infra | M | Primary DB Connection Service HostName or IP | OCNRF connects to Primary DB Connection Service if not available then it connects to Secondary DB Connection Service. For NDB Cluster, use Host/IP of the DB Connection Service. |
mysql.primary.port
|
Primary DB Connection Service | 3306 | M | Primary DB Connection Service Port | Port that is used while connecting to Primary DB Connection Service. |
mysql.secondary.host
|
Secondary DB Connection Service IP or Hostname | O | Secondary DB Connection Service HostName or IP | OCNRF connects to Secondary DB Connection Service only if the Primary DB Connection Service is unavailable. It again switch pack to Primary DB Connection Service one it is available. For NDB Cluster, use Host/IP of the Remote DB Connection Service (if available). | |
mysql.secondary.port
|
Secondary DB Connection Service Port | O | Secondary DB Connection Service Port | Port that is used while connecting to Secondary DB Connection Service. | |
nrfInstanceId
|
OCNRF's NF Instance ID | M |
This is the NfInstanceId of OCNRF that will get deployed. Format of NfInstanceId: Universally Unique Identifier (UUID) version 4, as described in IETF RFC 4122 e.g.: 6faf1bbc-6e4a-4454-a507-a14ef8e1bc5c This ID is used to uniquely identify this OCNRF instance in a Geo-Redundant Deployment. Hence it is very important that the Instance ID MUST be unique across all OCNRF deployments. |
||
dockerRegistry
|
Registry for docker | M | Docker Registry's FQDN/Port where OCNRF's docker images are available. | ||
database.nameSpace
|
Namespace for database connection | ocnrf | M |
The Namespace where the Kubernetes Secret is created which contains MYSQL details. Note: See database.name configuration for more details. |
|
database.name
|
Secret name for OCNRF Application user used for APP-INFO | appuser-secret | M |
The Kubernetes Secret which contains the Database name, Database User name and the Password for OCNRF Application user. Note: Refer OCNRF Pre-requisites section for the file format. |
|
database.appUserSecretName |
Secret name for OCNRF Application user | appuser-secret | M |
The Kubernetes Secret which contains the Database name, Database User name and the Password for OCNRF Application user. Note: Refer OCNRF Prerequisites section for the file format. |
|
database.privilegedUserSecretName |
Secret name for OCNRF Privileged user | privilegeduser-secret | M |
The Kubernetes Secret which contains the Database name, Database User name and the Password for OCNRF Privileged user. Note: Refer OCNRF Prerequisites section for the file format. |
|
hookJobResources.limits.cpu |
Maximum amount of CPU that K8s will allow the hook job resource to use | 2 | O | It is the maximum CPU resource allocated to hook job. | |
hookJobResources.limits.memory |
Maximum memory that K8s will allow the hook job resource to use | 2Gi | O | It is the maximum Memory allocated to hook job. | |
hookJobResources.requests.cpu |
The amount of CPU that the system will guarantee for the hook job resource, and K8s will use this value to decide on which node to place the pod | 1 | O | It is the maximum CPU resource for requests allocated to hook job. | |
hookJobResources.requests.memory |
The memory that the system will guarantee for the hook job resource, and K8s will use this value to decide on which node to place the pod | 1Gi | O | It is the maximum memory for requests allocated to hook job. | |
serviceAccountName
|
ServiceAccount which is having permission for get, watch and list operation for following kubernetes resources; services, configmaps, pods, secrets and endpoints |
M |
This SeviceAccount is used for:
Refer to prerequisites for command details.
|
||
customExtension.allResources.labels |
Custom Labels that needs to be added to all the OCNRF k8s resources | O | This can be used to add custom label(s) to all k8s resources that will be created by OCNRF helm chart. | ||
customExtension.allResources.annotations |
Custom Annotations that needs to be added to all the OCNRF k8s resources | O | This can be used to add custom annotation(s) to all k8s resources that will be created by OCNRF helm chart. | ||
customExtension.lbServices.labels |
Custom Labels that needs to be added to OCNRF Services that are considered as Load Balancer type | O | This can be used to add custom label(s) to all Load Balancer Type Services that will be created by OCNRF helm chart. | ||
customExtension.lbServices.annotations |
Custom Annotations that needs to be added to OCNRF Services that are considered as Load Balancer type | O | This can be used to add custom annotation(s) to all Load Balancer Type Services that will be created by OCNRF helm chart. | ||
customExtension.lbDeployments.labels |
Custom Labels that needs to be added to OCNRF Deployments that are associated to a Service which is of Load Balancer type | O | This can be used to add custom label(s) to all Deployments that will be created by OCNRF helm chart which are associated to a Service which if of Load Balancer Type. | ||
customExtension.lbDeployments.annotations |
Custom Annotations that needs to be added to OCNRF Deployments that are associated to a Service which is of Load Balancer type | O | This can be used to add custom annotation(s) to all Deployments that will be created by OCNRF helm chart which are associated to a Service which if of Load Balancer Type. | ||
customExtension.nonlbServices.labels |
Custom Labels that needs to be added to OCNRF Services that are considered as not Load Balancer type | O | This can be used to add custom label(s) to all non-Load Balancer Type Services that will be created by OCNRF helm chart. | ||
customExtension.nonlbServices.annotations |
Custom Annotations that needs to be added to OCNRF Services that are considered as not Load Balancer type | O | This can be used to add custom annotation(s) to all non-Load Balancer Type Services that will be created by OCNRF helm chart. | ||
customExtension.nonlbDeployments.labels |
Custom Labels that needs to be added to OCNRF Deployments that are associated to a Service which is not of Load Balancer type | O | This can be used to add custom label(s) to all Deployments that will be created by OCNRF helm chart which are associated to a Service which if not of Load Balancer Type. | ||
customExtension.nonlbDeployments.annotations |
Custom Annotations that needs to be added to OCNRF Deployments that are associated to a Service which is not of Load Balancer type | O | This can be used to add custom annotation(s) to all Deployments that will be created by OCNRF helm chart which are associated to a Service which if not of Load Balancer Type. | ||
k8sResource.container.prefix |
Value that will be prefixed to all the container names of OCNRF. | O | This value will be used to prefix to all the container names of OCNRF. | ||
k8sResource.container.suffix |
Value that will be suffixed to all the container names of OCNRF. | O | This value will be used to suffix to all the container names of OCNRF. | ||
xfccHeaderValidation.extract.enabled |
Attribute to enable/disable the XFCC Header validation at OCNRF Ingress Gateway level | false | C | true/false | This value will enable/disable the XFCC header
validation feature at OCNRF Ingress Gateway level.
For more details about feature see OCNRF User's guide. Helm Upgrade will be required to enable the feature at existing OCNRF deployment. |
dayZeroConfiguration.hplmnList |
Value of PLMN supported by OCNRF. This value can be configured via Rest based too. But providing option in helm to configure mandatory attributes during installation itself. | M | Value of PLMN supported by OCNRF | ||
dayZeroConfiguration.hplmnList |
Value of PLMN supported by OCNRF. This value can be configured via Rest based too. But providing option in helm to configure mandatory attributes during installation itself. | M | Value of PLMN supported by OCNRF | ||
dayZeroConfiguration.endpoint |
Value of OCNRF endpoint. This value can be configured via Rest based too. But providing option in helm to configure mandatory attributes during installation itself. | ocnrf-ingressgateway.ocnrf.svc.cluster.local | M | Service Name for OCNRF ingress gateway | # OCNRF END Point Name and Port. This value is
used in UriList of NfListRetrival Service Operation response.
# The endpoint needs to be OCNRF's External Routable FQDN (e.g. ocnrf.oracle.com) # OR External Routable IpAddress (e.g. 10.75.212.60) # OR for routing with in the same K8 cluster use full NRF API-Gateway's Service FQDN as below format # <helm-release-name>-endpoint.<namespace>.svc.<cluster-domain-name> # e.g ocnrf-endpoint.nrf-1.svc.cluster.local # where # "ocnrf": is the helm release name (deployment name that will be used during "helm install") # "nrf-1": is the namespace in which NRF will be deployed # "cluster.local": is the K8's dnsDomain name # (dnsDomain can be found using "kubectl -n kube-system get configmap kubeadm-config -o yaml | grep -i dnsDomain") |
dayZeroConfiguration.endpointPort |
Value of OCNRF endpoint Port. This value can be configured via Rest based too. But providing option in helm to configure mandatory attributes during installation itself. | 80 | M | Port for OCNRF ingress gateway | This parameter will be used as OCNRF end point port. |
dayZeroConfiguration.oauthTokenAlgorithm |
Initial Algorithm for Access Token key certificate infrastucture. This value can be configured via Rest based too. But providing option in helm to configure mandatory attributes during installation itself. | ES256 | M | ES256, RS256 | Initial Algorithm for Access Token key certificate infrastucture. |
Ingress Gateway Global Parameters
Table 3-3 Ingress Gateway Global Parameters
| Parameter | Description | Default value | Mandatory (M)/Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
staticIpAddressEnabled
|
Static load balancer IP enabled flag | false | O | true/false | |
staticIpAddress
|
Static IP address assigned to the Load Balancer from the metalLB IP pool. | <ipaddress> | M, when staticIpAddressEnabledis true
|
If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress. Else random IP will be assigned by the metalLB from its IP Pool. | |
staticNodePortEnabled
|
Static Node Port enabled flag | false | O | true/false | If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticHttpNodePort or staticHttpsNodePort. Else random node port will be assigned by K8. |
staticHttpNodePort
|
HTTP node port | 30080 |
M, when |
||
staticHttpsNodePort
|
HTTPs node port | 30443 |
M, when |
||
publicHttpSignalingPort
|
Service Port on which OCNRF's Ingress Gateway is exposed | 80 | O | If enableIncomingHttp is true, publicHttpSignalingPort will be used as HTTP/2.0 Port (unsecured) | |
publicHttpsSignallingPort
|
Service Port on which OCNRF's Ingress Gateway is exposed | 443 | O | If enableIncomingHttps is true, publicHttpsSignallingPort Port will be used as HTTPS/2.0 Port (secured TLS) |
Ingress Gateway
Table 3-4 Ingress Gateway
| Parameter | Description | Default value | Mandatory (M)/Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
ingress-gateway.enableIncomingHttp
|
This flag is for enabling/disabling HTTP/2.0 (insecure) in Ingress Gateway. | true | O | true/false |
If the value is set to false, OCNRF will not accept any HTTP/2.0 (unsecured) Traffic. If the value is set to true, OCNRF will accept HTTP/2.0 (unsecured) Traffic |
ingress-gateway.enableIncomingHttps
|
This flag is for enabling/disabling HTTPS/2.0 (secure) in Ingress Gateway. | false | O | true/false |
If the value is set to false, OCNRF will not accept any HTTPS/2.0 (unsecured) Traffic. If the value is set to true, OCNRF will accept HTTPS/2.0 (unsecured) Traffic |
ingress-gateway.serviceMeshCheck |
This flag needs to be set to "true" if Service Mesh exists where OCNRF is deployed. | false | O | true/false | If the value is set to false, OCNRF's ingress-gateway will try to create connection directly with the backend micro-services's PODs. If the value is set to true, OCNRF's ingress-gateway will try to create connection using Service FQDN of the backend micro-services. |
ingress-gateway.image.name
|
Ingress Gateway image name. | ocingress_gateway | O | ||
ingress-gateway.image.tag
|
Tag name of Ingress Gateway image | OCNRF images | O | ||
ingress-gateway.image.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
ingress-gateway.initContainersImage.name
|
Image Name for Ingress Gateway init container | configurationinit | O | ||
ingress-gateway.initContainersImage.tag
|
Tag name of Ingress Gateway init container | OCNRF images | O | ||
ingress-gateway.initContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
ingress-gateway.updateContainersImage.name
|
Image Name for Ingress Gateway update container | configurationupdate | O | ||
ingress-gateway.updateContainersImage.tag
|
Tag name of Ingress Gateway update container | OCNRF images | O | ||
ingress-gateway.updateContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
ingress-gateway.jaegerTracingEnabled
|
Flag to enable or disable the Jaeger Tracing at ingress-gateway | false | O | true / false | While making this flag as true, update the below attributes with correct values. |
ingress-gateway.opentracing.jaeger.udpsender.host
|
Host name of Jaeger Agent Service | jaeger-agent.cne-infra | M, if ingress-gateway.jaegerTracingEnabled is true
|
||
ingress-gateway.opentracing.jaeger.udpsender.port
|
Port of Jaeger Agent Service | 6831 | M, if ingress-gateway.jaegerTracingEnabled is true
|
||
ingress-gateway.opentracing.jaeger.probabilisticSampler
|
Jaeger message sampler | 0.5 | O | 0 to 1 | # Jaeger message sampler. Value range: 0 to 1 # e.g. Value 0: No Trace will be sent to Jaeger collector # e.g. Value 0.3: 30% of message will be sampled and will be sent to Jaeger collector # e.g. Value 1: 100% of message (i.e. all the messages) will be sampled and will be sent to Jaeger collector |
ingress-gateway.cipherSuites
|
Allowed CipherSuites for TLS1.2 | M, if ingress-gateway.enableIncomingHttps is true
|
-
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
||
ingress-gateway.service.ssl.privateKey.k8SecretName
|
Secret name that contains OCNRF Ingress gateway Private Key | ocingress-secret |
M, if |
||
ingress-gateway.service.ssl.privateKey.k8NameSpace
|
Namespace in which k8SecretName is present | ocnrf |
M, if |
||
ingress-gateway.service.ssl.privateKey.rsa.filename
|
OCNRF's Private Key (RSA type) file name | rsa_private_key_pkcs1.pem | M, if ingress-gateway.enableIncomingHttps is true and
ingress-gateway.service.ssl.initialAlgorithm is
RS256
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF's ingress gateway will not comeup. | |
ingress-gateway.service.ssl.privateKey.ecdsa.filename
|
OCNRF's Private Key (ECDSA type) file name | ssl_ecdsa_private_key.pem |
M, if |
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's ingress gateway will not comeup. | |
ingress-gateway.service.ssl.certificate.k8SecretName
|
Secret name that contains OCNRF's Certificate for HTTPS | ocingress-secret | M, if ingress-gateway.enableIncomingHttps is true
|
This is a Secret object for OCNRFcertificate details for HTTPS. | |
ingress-gateway.service.ssl.certificate.k8NameSpace
|
Namespace in which OCNRF's Certificate is present | ocnrf | M, if ingress-gateway.enableIncomingHttps is true
|
||
ingress-gateway.service.ssl.certificate.rsa.filename
|
OCNRF's Certificate (RSA type) file name | ssl_rsa_certificate.crt |
M, if |
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF's ingress gateway will not comeup. | |
ingress-gateway.service.ssl.certificate.ecdsa.filename
|
OCNRF's Certificate (ECDSA type) file name | ssl_ecdsa_certificate.crt |
M, if |
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's ingress gateway will not comeup. | |
ingress-gateway.service.ssl.caBundle.k8SecretName
|
Secret name that contains OCNRF's CA details for HTTPS | ocingress-secret |
M, if |
||
ingress-gateway.service.ssl.caBundle.k8NameSpace
|
Namespace in which OCNRF's CA details is present | ocnrf |
M, if |
||
ingress-gateway.service.ssl.caBundle.filename
|
OCNRF's CA bundle filename | caroot.cer |
M, if |
||
ingress-gateway.service.ssl.keyStorePassword.k8SecretName
|
Secret name that contains keyStorePassword | ocingress-secret |
M, if |
||
ingress-gateway.service.ssl.keyStorePassword.k8NameSpace
|
Namespace in which OCNRF's keystore password is present | ocnrf |
M, if |
||
ingress-gateway.service.ssl.keyStorePassword.fileName
|
OCNRF's Key Store password Filename | ssl_keystore.txt |
M, if |
||
ingress-gateway.service.ssl.trustStorePassword.k8SecretName
|
Secret name that contains trustStorePassword | ocingress-secret |
M, if |
||
ingress-gateway.service.ssl.trustStorePassword.k8NameSpace
|
Namespace in which trustStorePassword is present | ocnrf |
M, if |
||
ingress-gateway.service.ssl.trustStorePassword.fileName
|
OCNRF's trustStorePassword Filename | ssl_truststore.txt |
M, if |
||
ingress-gateway.service.ssl.initialAlgorithm
|
Initial Algorithm for HTTPS | RS256 | O | ES256, RS256 | Algorithm that will be used in TLS handshake |
ingress-gateway.service.log.level.root
|
setting logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL | |
ingress-gateway.service.log.level.ingress |
setting logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL | |
ingress-gateway.service.log.level.oauth |
setting logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL | |
ingress-gateway.service.customExtension.labels |
Custom Labels that needs to be added to ingress-gateway specific Service. | O | This can be used to add custom label(s) to ingress-gateway Service. | ||
ingress-gateway.service.customExtension.annotations |
Custom Annotations that needs to be added to ingress-gateway specific Services. | O | This can be used to add custom annotation(s) to ingress-gateway Service. | ||
ingress-gateway.global.type |
Kind of Service that will be used for this deployment | LoadBalancer | O | ClusterIP, NodePort, LoadBalancer and ExternalName | It is not recommended to change the Service Type. |
ingress-gateway.deployment.customExtension.labels |
Custom Labels that needs to be added to ingress-gateway specific Deployment. | O | This can be used to add custom label(s) to ingress-gateway Deployment. | ||
ingress-gateway.deployment.customExtension.annotations |
Custom Annotations that needs to be added to ingress-gateway specific Deployment. | O | This can be used to add custom annotation(s) to ingress-gateway Deployment. | ||
ingress-gateway.resources.limits.cpu |
Maximum amount of CPU that K8s will allow the ingress-gateway service container to use | 4 | O | It is the maximum CPU resource allocated to ingress-gateway. | |
ingress-gateway.resources.limits.initServiceCpu |
Maximum amount of CPU that K8s will allow the ingress-gateway init container to use | 1 | O | It is the CPU resource allocated to ingress-gateway init container. | |
ingress-gateway.resources.limits.updateServiceCpu |
Maximum amount of CPU that K8s will allow the ingress-gateway update container to use | 1 | O | It is the CPU resource allocated to ingress-gateway update container. | |
ingress-gateway.resources.limits.memory |
Maximum memory that K8s will allow the ingress-gateway service container to use | 4Gi | O | It is the maximum Memory allocated to ingress-gateway. | |
ingress-gateway.resources.limits.initServiceMemory |
Memory Limit for ingress-gateway init container | 1Gi | O | It is the memory allocated to ingress-gateway init container. | |
ingress-gateway.resources.limits.updateServiceMemory |
Memory Limit for ingress-gateway update container | 1Gi | O | It is the memory allocated to ingress-gateway update container. | |
ingress-gateway.resources.requests.cpu |
The amount of CPU that the system will guarantee for the ingress-gateway service container, and K8s will use this value to decide on which node to place the pod | 4 | O | It is the maximum CPU resource allocated to ingress-gateway. | |
ingress-gateway.resources.requests.initServiceCpu |
The amount of CPU that the system will guarantee for the ingress-gateway init container, and K8s will use this value to decide on which node to place the pod | 1 | O | It is the CPU resource allocated to ingress-gateway init container. | |
ingress-gateway.resources.requests.updateServiceCpu |
The amount of CPU that the system will guarantee for the ingress-gateway update container, and K8s will use this value to decide on which node to place the pod | 1 | O | It is the CPU resource allocated to ingress-gateway update container. | |
ingress-gateway.resources.requests.memory |
The memory that the system will guarantee for the ingress-gateway service container, and K8s will use this value to decide on which node to place the pod | 4Gi | O | It is the maximum memory for requests allocated to ingress-gateway. | |
ingress-gateway.resources.requests.initServiceMemory |
Memory Limit for ingress-gateway init container | 1Gi | O | It is the memory allocated to ingress-gateway init container. | |
ingress-gateway.resources.requests.updateServiceMemory |
Memory Limit for ingress-gateway update container | 1Gi | O | It is the memory allocated to ingress-gateway update container. | |
ingress-gateway.resources.target.averageCpuUtil |
Target CPU utilization after which Horizontal Pod Autoscaler will be triggered. | 80 | O | ||
ingress-gateway.minReplicas |
Minimum number of pod that will be deployed | 2 | O | ||
ingress-gateway.maxReplicas |
Maximum number of pod that will be scaled up | 5 | O |
Egress Gateway
Table 3-5 Egress Gateway
| Parameter | Description | Default value | Mandatory (M)/ Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
egress-gateway.enableOutgoingHttps
|
This flag is for enabling/disabling HTTPS/2.0 (secured TLS) in Egress Gateway. | false | O | true/false |
If the value is set to false, OCNRF will not accept any HTTPS/2.0 (unsecured) Traffic. If the value is set to true, OCNRF will accept HTTPS/2.0 (unsecured) Traffic |
egress-gateway.deploymentegressgateway.image
|
Egress Gateway image name | ocegress_gateway | O | ||
egress-gateway.deploymentegressgateway.imageTag
|
tag name of image | OCNRF images | O | ||
egress-gateway.deploymentegressgateway.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
egress-gateway.initContainersImage.name
|
Image Name for Egress Gateway init container | configurationinit | O | ||
egress-gateway.initContainersImage.tag
|
Tag name of Egress Gateway init container | OCNRF images | O | ||
egress-gateway.initContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
egress-gateway.updateContainersImage.name
|
Image Name for Egress Gateway update container | configurationupdate | O | ||
egress-gateway.updateContainersImage.tag
|
Tag name of Egress Gateway update container | OCNRF images | O | ||
egress-gateway.updateContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
egress-gateway.jaegerTracingEnabled
|
Flag to enable or disable the Jaeger Tracing at egress gateway | false | O | true / false | While making this flag as true, update the below attributes with correct values. |
egress-gateway.opentracing.jaeger.udpsender.host
|
Host name of Jaeger Agent Service | jaeger-agent.cne-infra |
M, if
|
||
egress-gateway.opentracing.jaeger.udpsender.port
|
Port of Jaeger Agent Service | 6831 |
M, if
|
||
egress-gateway.opentracing.jaeger.probabilisticSampler
|
Jaeger message sampler | 0.5 | O | 0 to 1 | # Jaeger message sampler. Value
range: 0 to 1
# e.g. Value 0: No Trace will be sent to Jaeger collector # e.g. Value 0.3: 30% of message will be sampled and will be sent to Jaeger collector # e.g. Value 1: 100% of message (i.e. all the messages) will be sampled and will be sent to Jaeger collector |
egress-gateway.scpIntegrationEnabled
|
Using SCP as an Proxy in Egress Gateway | false | O | true/false | If it is configured as false, SCP will not be used as an proxy. Messages will be directly sent to the Producers/HTTP Servers. If it is configured as true, SCP will be used as an Proxy for delivering messages to the Producers/HTTP Servers. |
egress-gateway.scpHttpHost
|
SCP Configuration For Egress Gateway | localhost |
M, if
|
All the SCP related configuration will be used only if scpIntegrationEnabled is set to true. SCP's HTTP Host/IP and Port Combination. This will be while sending HTTP/2.0 (unsecured) traffic. | |
egress-gateway.scpHttpPort
|
SCP's HTTP Port | 80 |
M, if
|
||
egress-gateway.scpHttpsHost
|
SCP Configuration For Egress Gateway | localhost |
M, if
|
All the SCP related configuration will be used only if scpIntegrationEnabled is set to true. SCP's HTTP Host/IP and Port Combination. This will be while sending HTTP/2.0 (unsecured) traffic. | |
egress-gateway.scpHttpsPort
|
SCP's HTTPS Port | 443 |
M, if
|
This will be while sending HTTPS/2.0 (unsecured) traffic. | |
egress-gateway.scpApiPrefix
|
SCP's API Prefix. (Applicable only for SCP with TLS enabled) | / | O | This will be used for constructing the Egress messgage's APIROOT while proxying message to SCP. Change this value to SCP's apiprefix. "/" is not expected to be provided along. | |
egress-gateway.scpDefaultScheme
|
SCP's default scheme when 3gpp-sbi-target-apiroot header is missing | https | O | ||
egress-gateway.cipherSuites
|
Allowed CipherSuites for TLS1.2 | M, if
egress-gateway.enableOutgoingHttps is true
|
-
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
||
egress-gateway.service.ssl.privateKey.k8SecretName
|
Secret name that contains OCNRF Egress gateway Private Key | ocegress-secret | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.privateKey.k8NameSpace
|
Namespace in which k8SecretName is present | ocnrf | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.privateKey.rsa.filename
|
OCNRF's Private Key (RSA type) file name | ssl_rsa_private_key.pem | M, if
egress-gateway.enableOutgoingHttps is true
and egress-gateway.service.ssl.initialAlgorithm
is RS256
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF's egress gateway will not comeup. | |
egress-gateway.service.ssl.privateKey.ecdsa.filename
|
OCNRF's Private Key (ECDSA type) file name | ssl_ecdsa_private_key.pem | M, if
egress-gateway.enableOutgoingHttps is true
and egress-gateway.service.ssl.initialAlgorithm
is ES256
|
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's egress gateway will not comeup. | |
egress-gateway.service.ssl.certificate.k8SecretName
|
Secret name that contains OCNRF's Certificate for HTTPS | ocegress-secret | M, if
egress-gateway.enableOutgoingHttps is true
|
This is a Secret object for OCNRFcertificate details for HTTPS. | |
egress-gateway.service.ssl.certificate.k8NameSpace
|
Namespace in which OCNRF's Certificate is present | ocnrf | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.certificate.rsa.filename
|
OCNRF's Certificate (RSA type) file name | ssl_rsa_certificate.crt | M, if
egress-gateway.enableOutgoingHttps is true
and egress-gateway.service.ssl.initialAlgorithm
is RS256
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF's egress gateway will not comeup. | |
egress-gateway.service.ssl.certificate.ecdsa.filename
|
OCNRF's Certificate (ECDSA type) file name | ssl_ecdsa_certificate.crt | M, if
egress-gateway.enableOutgoingHttps is true
and egress-gateway.service.ssl.initialAlgorithm
is ES256
|
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's egress gateway will not comeup. | |
egress-gateway.service.ssl.caBundle.k8SecretName
|
Secret name that contains OCNRF's CA details for HTTPS | ocegress-secret | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.caBundle.k8NameSpace
|
Namespace in which OCNRF's CA details is present | ocnrf | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.caBundle.filename
|
OCNRF's CA bundle filename | ssl_cabundle.crt | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.keyStorePassword.k8SecretName
|
Secret name that contains keyStorePassword | ocegress-secret | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.keyStorePassword.k8NameSpace
|
Namespace in which OCNRF's keystore password is present | ocnrf | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.keyStorePassword.fileName
|
OCNRF's Key Store password Filename | ssl_keystore.txt | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.trustStorePassword.k8SecretName
|
Secret name that contains trustStorePassword | ocegress-secret | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.trustStorePassword.k8NameSpace
|
Namespace in which trustStorePassword is present | ocnrf | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.trustStorePassword.fileName
|
OCNRF's trustStorePassword Filename | ssl_truststore.txt | M, if
egress-gateway.enableOutgoingHttps is true
|
||
egress-gateway.service.ssl.initialAlgorithm
|
Initial Algorithm for HTTPS | RS256 | O | ES256, RS256 | Algorithm that will be used in TLS handshake |
egress-gateway.service.log.level.root
|
setting logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL | |
egress-gateway.service.log.level.egress |
setting logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL | |
egress-gateway.service.log.level.oauth |
setting logging level | WARN | O | OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL | |
egress-gateway.service.customExtension.labels |
Custom Labels that needs to be added to egress-gateway specific Service | O | This can be used to add custom label(s) to egress-gateway Service | ||
egress-gateway.service.customExtension.annotations |
Custom Annotations that needs to be added to egress-gateway specific Services | O | This can be used to add custom annotation(s) to egress-gateway Service | ||
egress-gateway.service.type |
Kind of Service that will be used for this Deployment | LoadBalancer | O | ClusterIP, NodePort, LoadBalancer and ExternalName | It is not recommended to change the Service Type. |
egress-gateway.deployment.customExtension.labels |
Custom Labels that needs to be added to egress-gateway specific Deployment | O | This can be used to add custom label(s) to egress-gateway Deployment. | ||
egress-gateway.deployment.customExtension.annotations |
Custom Annotations that needs to be added to egress-gateway specific Deployment | O | This can be used to add custom annotation(s) to egress-gateway Deployment. | ||
egress-gateway.resources.limits.cpu |
Maximum amount of CPU that K8s will allow the egress-gateway service container to use | 4 | O | It is the maximum CPU resource allocated to egress-gateway. | |
egress-gateway.resources.limits.initServiceCpu |
Maximum amount of CPU that K8s will allow the egress-gateway init container to use | 1 | O | It is the CPU resource allocated to egress-gateway init container. | |
egress-gateway.resources.limits.updateServiceCpu |
Maximum amount of CPU that K8s will allow the egress-gateway update container to use | 1 | O | It is the CPU resource allocated to egress-gateway update container. | |
egress-gateway.resources.limits.memory |
Maximum memory that K8s will allow the egress-gateway update container to use | 4Gi | O | It is the maximum Memory allocated to egress-gateway. | |
egress-gateway.resources.limits.initServiceMemory |
Memory Limit for egress-gateway init container | 1Gi | O | It is the memory allocated to egress-gateway init container. | |
egress-gateway.resources.limits.updateServiceMemory |
Memory Limit for egress-gateway update container | 1Gi | O | It is the memory allocated to egress-gateway update container. | |
egress-gateway.resources.requests.cpu |
The amount of CPU that the system will guarantee for the egress-gateway service container, and K8s will use this value to decide on which node to place the pod | 4 | O | It is the maximum CPU resource allocated to egress-gateway. | |
egress-gateway.resources.requests.initServiceCpu |
The amount of CPU that the system will guarantee for the egress-gateway init container, and K8s will use this value to decide on which node to place the pod | 1 | O | It is the CPU resource allocated to egress-gateway init container. | |
egress-gateway.resources.requests.updateServiceCpu |
The amount of CPU that the system will guarantee for the egress-gateway update container, and K8s will use this value to decide on which node to place the pod | 1 | O | It is the CPU resource allocated to egress-gateway update container. | |
egress-gateway.resources.requests.memory |
The memory that the system will guarantee for the egress-gateway service container, and K8s will use this value to decide on which node to place the pod | 4Gi | O | It is the maximum memory for requests allocated to egress-gateway. | |
egress-gateway.resources.requests.initServiceMemory |
Memory Limit for egress-gateway init container | 1Gi | O | It is the memory allocated to egress-gateway init container. | |
egress-gateway.resources.requests.updateServiceMemory |
Memory Limit for egress-gateway update container | 1Gi | O | It is the memory allocated to egress-gateway update container. | |
egress-gateway.resources.target.averageCpuUtil |
Target CPU utilization after which Horizontal Pod Autoscaler will be triggered. | 80 | O | ||
egress-gateway.minReplicas |
Minimum number of pod that will be deployed | 2 | O | ||
egress-gateway.maxReplicas |
Maximum number of pod that will be scaled up | 5 | O |
NF Registration Micro service (nfregistration)
Table 3-6 NF Registration
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
nfregistration.image.name
|
Full Image Path | ocnrf-nfregistration | O | Full image path of image | |
nfregistration.image.tag
|
Tag of Image | OCNRF images | O | Tag of image in docker repository | |
nfregistration.image.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
nfregistration.service.customExtension.labels |
Custom Labels that needs to be added to nfregistration specific Service | O | This can be used to add custom label(s) to nfregistration Service | ||
nfregistration.service.customExtension.annotations |
Custom Annotations that needs to be added to nfregistration specific Services | O | This can be used to add custom annotation(s) to nfregistration Service | ||
nfregistration.service.type |
Service that will be used for this Deployment | ClusterIP | O | ClusterIP, NodePort, LoadBalancer and ExternalName | It is not recommended to change the Service Type. |
nfregistration.deployment.customExtension.labels |
Custom Labels that needs to be added to nfregistration specific Deployment | O | This can be used to add custom label(s) to nfregistration Deployment | ||
nfregistration.deployment.customExtension.annotations |
Custom Annotations that needs to be added to nfregistration specific Deployment | O | This can be used to add custom annotation(s) to nfregistration Deployment | ||
nfregistration.resources.limits.cpu |
Maximum amount of CPU that K8s will allow the nfregistration service container to use | 4 | O | It is the maximum CPU resource allocated to nfregistration Deployment. | |
nfregistration.resources.limits.memory |
Maximum memory that K8s will allow the nfregistration service container to use | 2Gi | O | It is the maximum Memory allocated to nfregistration Deployment. | |
nfregistration.resources.requests.cpu |
The amount of CPU that the system will guarantee for the nfregistration service container, and K8s will use this value to decide on which node to place the pod | 4 | O | It is the maximum CPU resource allocated to nfregistration Deployment. | |
nfregistration.resources.requests.memory |
The memory that the system will guarantee for the nfregistration, and K8s will use this value to decide on which node to place the pod | 2Gi | O | It is the maximum memory for requests allocated to nfregistration Deployment. | |
nfregistration.resources.target.averageCpuUtil |
Target CPU utilization after which Horizontal Pod Autoscaler will be triggered. | 80 | O | ||
nfregistration.minReplicas |
Minimum number of pod that will be deployed | 2 | O | ||
nfregistration.maxReplicas |
Maximum number of pod that will be scaled up | 7 | O | ||
nfregistration.responseCompressionGzip |
Attribute to enable/disable gzip compression on responses from OCNRF for management services as applicable. OCNRF will do compression when consumer network function indicates it supports GZIP compression. | true | O | true/false |
OCNRF supports GZIP compression in response of service operations i.e. NFListRetrieval, NFProfileRetrieva, NFRegister, NFUpdate. OCNRF will do compression when consumer network function indicates it supports GZIP compression. |
NF Subscription Micro service (nfsubscription)
Table 3-7 NF Subscription
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
nfsubscription.image.name
|
Full Image Path | ocnrf-nfsubscription | O | Full image path of image | |
nfsubscription.image.tag
|
Tag of Image | OCNRF images | O | Tag of image in docker repository | |
nfsubscription.image.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
nfsubscription.service.customExtension.labels |
Custom Labels that needs to be added to nfsubscription specific Service | O | This can be used to add custom label(s) to nfsubscription Service | ||
nfsubscription.service.customExtension.annotations |
Custom Annotations that needs to be added to nfsubscription specific Services | O | This can be used to add custom annotation(s) to nfsubscription Service | ||
nfsubscription.service.type |
Kind of Service that will be used for this Deployment | ClusterIP | O | ClusterIP, NodePort, LoadBalancer and ExternalName | It is not recommended to change the Service Type. |
nfsubscription.deployment.customExtension.labels |
Custom Labels that needs to be added to nfsubscription specific Deployment | O | This can be used to add custom label(s) to nfsubscription Deployment. | ||
nfsubscription.deployment.customExtension.annotations |
Custom Annotations that needs to be added to nfsubscription specific Deployment | O | This can be used to add custom annotation(s) to nfsubscription Deployment. | ||
nfsubscription.resources.limits.cpu |
Maximum amount of CPU that K8s will allow the nfsubscription service container to use | 2 | O | It is the maximum CPU resource allocated to nfsubscription Deployment. | |
nfsubscription.resources.limits.memory |
Maximum memory that K8s will allow the nfsubscription service container to use | 2Gi | O | It is the maximum Memory allocated to nfsubscription Deployment. | |
nfsubscription.resources.requests.cpu |
The amount of CPU that the system will guarantee for the nfsubscription service container, and K8s will use this value to decide on which node to place the pod | 2 | O | It is the maximum CPU resource allocated to nfsubscription Deployment. | |
nfsubscription.resources.requests.memory |
The memory that the system will guarantee for the nfsubscription, and K8s will use this value to decide on which node to place the pod | 2Gi | O | It is the maximum memory for requests allocated to nfsubscription Deployment. | |
nfsubscription.resources.target.averageCpuUtil |
Target CPU utilization after which Horizontal Pod Autoscaler will be triggered. | 80 | O | ||
nfsubscription.minReplicas |
Minimum number of pod that will be deployed | 2 | O | ||
nfsubscription.maxReplicas |
Maximum number of pod that will be scaled up | 7 | O |
OCNRF Auditor Micro service (nrfauditor)
Table 3-8 OCNRF Auditor
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
nrfauditor.image.name
|
Full Image Path | ocnrf-nrfauditor | O | Full image path of image | |
nrfauditor.image.tag
|
Tag of Image | OCNRF images | O | Tag of image in docker repository | |
nrfauditor.image.pullPolicy
|
This setting indicates if the image needs to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
nrfauditor.service.customExtension.labels |
Custom Labels that needs to be added to nrfauditor specific Service | O | This can be used to add custom label(s) to nrfauditor Service | ||
nrfauditor.service.customExtension.annotations |
Custom Annotations that needs to be added to nrfauditor specific Services | O | This can be used to add custom annotation(s) to nrfauditor Service | ||
nrfauditor.service.type |
Kind of Service that will be used for this Deployment | ClusterIP | O | ClusterIP, NodePort, LoadBalancer and ExternalName | It is not recommended to change the Service Type |
nrfauditor.deployment.customExtension.labels |
Custom Labels that needs to be added to nrfauditor specific Deployment | O | This can be used to add custom label(s) to nrfauditor Deployment | ||
nrfauditor.deployment.customExtension.annotations |
Custom Annotations that needs to be added to nrfauditor specific Deployment | O | This can be used to add custom annotation(s) to nrfauditor Deployment | ||
nrfauditor.resources.limits.cpu |
Maximum amount of CPU that K8s will allow the nrfauditor service container to use | 6 | O | It is the maximum CPU resource allocated to nrfauditor Deployment. | |
nrfauditor.resources.limits.memory |
Maximum memory that K8s will allow the nrfauditor service container to use | 3Gi | O | It is the maximum Memory allocated to nrfauditor Deployment. | |
nrfauditor.resources.requests.cpu |
The amount of CPU that the system will guarantee for the nrfauditor service container, and K8s will use this value to decide on which node to place the pod | 6 | O | It is the maximum CPU resource allocated to nrfauditor Deployment. | |
nrfauditor.resources.requests.memory |
The memory that the system will guarantee for the nrfauditor, and K8s will use this value to decide on which node to place the pod | 3Gi | O | It is the maximum memory for requests allocated to nrfauditor Deployment. |
NF Discovery Micro service (nfdiscovery)
Table 3-9 NF Discovery
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
nfdiscovery.image.name
|
Full Image Path | ocnrf-nfdiscovery | O | Full image path of image | |
nfdiscovery.image.tag
|
Tag of Image | OCNRF images | O | Tag of image in docker repository | |
nfdiscovery.image.pullPolicy
|
This setting determines if image needs to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
nfdiscovery.service.customExtension.labels |
Custom Labels that needs to be added to nfdiscovery specific Service | O | This can be used to add custom label(s) to nfdiscovery Service | ||
nfdiscovery.service.customExtension.annotations |
Custom Annotations that needs to be added to nfdiscovery specific Services | O | This can be used to add custom annotation(s) to nfdiscovery Service | ||
nfdiscovery.service.type |
Kind of Service that will be used for this Deployment | ClusterIP | O | ClusterIP, NodePort, LoadBalancer and ExternalName | |
nfdiscovery.deployment.customExtension.labels |
Custom Labels that needs to be added to nfdiscovery specific Deployment | O | This can be used to add custom label(s) to nfdiscovery Deployment | ||
nfdiscovery.deployment.customExtension.annotations |
Custom Annotations that needs to be added to nfdiscovery specific Deployment | O | This can be used to add custom annotation(s) to nfdiscovery Deployment | ||
nfdiscovery.resources.limits.cpu |
Maximum amount of CPU that K8s will allow the nfdiscovery service container to use | 4 | O | It is the maximum CPU resource allocated to nfdiscovery Deployment. | |
nfdiscovery.resources.limits.memory |
Maximum memory that K8s will allow the nfdiscovery service container to use | 2Gi | O | It is the maximum Memory allocated to nfdiscovery Deployment. | |
nfdiscovery.resources.requests.cpu |
The amount of CPU that the system will guarantee for the nfdiscovery service container, and K8s will use this value to decide on which node to place the pod | 4 | O | It is the maximum CPU resource allocated to nfdiscovery Deployment. | |
nfdiscovery.resources.requests.memory |
The memory that the system will guarantee for the nfdiscovery, and K8s will use this value to decide on which node to place the pod | 2Gi | O | It is the maximum memory for requests allocated to nfdiscovery Deployment. | |
nfdiscovery.resources.target.averageCpuUtil |
Target CPU utilization after which Horizontal Pod Autoscaler will be triggered. | 80 | O | ||
nfdiscovery.minReplicas |
Minimum number of pod that will be deployed | 2 | O | ||
nfdiscovery.maxReplicas |
Maximum number of pod that will be scaled up | 7 | O |
OCNRF Configuration
Table 3-10 OCNRF Configuration
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
image.name
|
Full Image Path | nrfconfiguration | O | Full image path of image | |
image.tag
|
Tag of Image | OCNRF images | O | Tag of image in docker repository | |
image.pullPolicy
|
This setting determines if image needs to be pulled or not | IfNotPresent | O | Always, IfNotPresent, Never | |
service.staticIpAddressEnabled
|
Static load balancer IP enabled flag | false | O | If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress. Else random IP will be assigned by the metalLB from its IP Pool | |
service.staticIpAddress
|
Static load balancer IP | <ipaddress> |
M, if |
Static IP address assigned to the Load Balancer from the metalLB IP pool. | |
service.staticNodePortEnabled
|
Static Node Port enabled flag | false | O | If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort, else random node port will be assigned by K8 | |
service.staticNodePort
|
Static Node Port | 30076 |
M, if |
If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort Else random node port will be assigned by K8 |
|
nrfconfiguration.service.customExtension.labels |
Custom Labels that needs to be added to nrfconfiguration specific Service | O | This can be used to add custom label(s) to nrfconfiguration Service | ||
nrfconfiguration.service.customExtension.annotations |
Custom Annotations that needs to be added to nrfconfiguration specific Services | O | This can be used to add custom annotation(s) to nrfconfiguration Service | ||
nrfconfiguration.service.type |
Kind of Service that will be used for this Deployment | LoadBalancer | O | ClusterIP, NodePort, LoadBalancer and ExternalName | It is not recommended to change the Service Type. |
nrfconfiguration.deployment.customExtension.labels |
Custom Labels that needs to be added to nrfconfiguration specific Deployment | O | This can be used to add custom label(s) to nrfconfiguration Deployment | ||
nrfconfiguration.deployment.customExtension.annotations |
Custom Annotations that needs to be added to nrfconfiguration specific Deployment | O | This can be used to add custom annotation(s) to nrfconfiguration Deployment. | ||
nrfconfiguration.resources.limits.cpu |
Maximum amount of CPU that K8s will allow the nrfconfiguration service container to use | 2 | O | It is the maximum CPU resource allocated to nrfconfiguration Deployment. | |
nrfconfiguration.resources.limits.memory |
Maximum memory that K8s will allow the nrfconfiguration service container to use | 2Gi | O | It is the maximum Memory allocated to nrfconfiguration Deployment. | |
nrfconfiguration.resources.requests.cpu |
The amount of CPU that the system will guarantee for the nrfconfiguration service container, and K8s will use this value to decide on which node to place the pod | 2 | O | It is the maximum CPU resource allocated to nrfconfiguration Deployment. | |
nrfconfiguration.resources.requests.memory |
The memory that the system will guarantee for the nrfconfiguration, and K8s will use this value to decide on which node to place the pod | 2Gi | O | It is the maximum memory for requests allocated to nrfconfiguration Deployment. | |
nrfconfiguration.resources.target.averageCpuUtil |
Target CPU utilization after which Horizontal Pod Autoscaler will be triggered. | 80 | O |
NF Access Token (nfaccesstoken)
Table 3-11 NF Access Token
| Parameter | Description | Default value | Mandatory (M) / Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
nfaccesstoken.enabled
|
Flag to disable Oauth functionality | true | O | true / false | If AccessToken service is not required, operator can choose to set it as false so that nfAccessToken micro-service will not be deployed. |
nfaccesstoken.image.name
|
Full Image Path for access token service container | ocnrf-nfaccesstoken | O | Full image path of image | |
nfaccesstoken.image.tag
|
Tag of Image | OCNRF images | O | Tag of image in docker repository | |
nfaccesstoken.image.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always IfNotPresent Never | |
nfaccesstoken.initContainersImage.name
|
Full Image Path for init container | configurationinit | O | Image Name for Access token Key certificate infrastructure | This image is used by OCNRF gateway for Key/Certificate infrastructure. |
nfaccesstoken.initContainersImage.tag
|
Tag of Image | OCNRF images | O | Tag of image in docker repository | |
nfaccesstoken.initContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always IfNotPresent Never | |
nfaccesstoken.updateContainersImage.name
|
Full Image Path for update container | configurationupdate | O | Image Name for Access token Key certificate infrastructure | |
nfaccesstoken.updateContainersImage.tag
|
Tag of Image | OCNRF images | O | Tag of image in docker repository | |
nfaccesstoken.updateContainersImage.pullPolicy
|
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always IfNotPresent Never | |
nfaccesstoken.oauth.nrfInstanceId |
OCNRF's NF Instance ID that is used for signing AccessTokenClaim | 6faf1bbc-6e4a-4454-a507-a14ef8e1bc5c | M | This is NRF Instance ID that will be used for signing AccessTokenClaim (is IE of AccessTokenClaim). If NRF needs to issue AccessTokenClaim using its own NF instance ID then the nrfInstanceId configured in the global section (global.nrfInstanceId) needs to configured here again. If NRF needs to issue AccessTokenClaim using a common/virtual then a common/virtual NF instance ID needs to be configured here (along with the common/virtual PrivateKey and Certificate Pair). The same NF instance id and PrivateKey and Certificate Pair needs to be configured in all other NRFs as well so that tokens issues by all the NRF can be validated using a Single NfInstanceId and KeyPair. | |
nfaccesstoken.oauth.privateKey.k8SecretName
|
Secret name that contains OCNRF Private key | ocnrfaccesstoken-secret | M, if nfaccesstoken.enabled is true
|
This is a Secret object for OCNRFPrivate Key. | |
nfaccesstoken.oauth.privateKey.k8NameSpace
|
Namespace in which OCNRF Private key is present | ocnrf | M, if nfaccesstoken.enabled is true
|
||
nfaccesstoken.oauth.privateKey.rsa.filename
|
OCNRF's Private Key (RSA type) file name | rsa_private_key.pem | M, if nfaccesstoken.enabled is true and nfaccesstoken.oauth.initialAlgorithm is RS256
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF gateway will not comeup. | |
nfaccesstoken.oauth.privateKey.ecdsa.filename
|
ECDSA key file names | ecdsa_private_key.pem | M, if nfaccesstoken.enabled is true and nfaccesstoken.oauth.initialAlgorithm is ES256
|
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's NFAccessToken microservice will not comeup. | |
nfaccesstoken.oauth.certificate.k8SecretName
|
Secret name that contains OCNRF's certificate | ocnrfaccesstoken-secret | M, if nfaccesstoken.enabled is true
|
This is a Secret object for OCNRFcertificate details for HTTPS. | |
nfaccesstoken.oauth.certificate.k8NameSpace
|
Namespace in which k8SecretName is present | ocnrf | M, if nfaccesstoken.enabled is true
|
||
nfaccesstoken.oauth.certificate.rsa.filename
|
OCNRF's certificate (RSA type) file name | rsa_certificate.crt | M, if nfaccesstoken.enabled is true and nfaccesstoken.oauth.initialAlgorithm is RS256
|
If initialAlgorithm is configured as RSA, then rsa file name must be configured. Otherwise OCNRF's NFAccessToken microservice will not comeup. | |
nfaccesstoken.oauth.certificate.ecdsa.filename
|
OCNRF's certificate (ECDSA type) file name | ecdsa_certificate.crt | M, if nfaccesstoken.enabled is true and nfaccesstoken.oauth.initialAlgorithm is ES256
|
If initialAlgorithm is configured as ECDSA, then rsa file name must be configured. Otherwise OCNRF's NFAccessToken microservice will not comeup. | |
nfaccesstoken.oauth.keyStorePassword.k8SecretName
|
Secret name that contains OCNRF's keystore password | ocnrfaccesstoken-secret | M, if nfaccesstoken.enabled is true
|
||
nfaccesstoken.oauth.keyStorePassword.k8NameSpace
|
Namespace in which OCNRF's keystore password is present | ocnrf | M, if nfaccesstoken.enabled is true
|
Password that is used for creating in-memory Java Key Store (JKS) | |
nfaccesstoken.oauth.keyStorePassword.filename
|
KeyStore password file | keystore_password.txt | M, if nfaccesstoken.enabled is true
|
||
nfaccesstoken.oauth.initialAlgorithm
|
Initial Algorithm for Access Token key certificate infrastructure | ES256 | O | ES256, RS256 | |
nfaccesstoken.service.customExtension.labels |
Custom Labels that needs to be added to nfaccesstoken specific Service | O | This can be used to add custom label(s) to nfaccesstoken Service | ||
nfaccesstoken.service.customExtension.annotations |
Custom Annotations that needs to be added to nfaccesstoken specific Services | O | This can be used to add custom annotation(s) to nfaccesstoken Service | ||
nfaccesstoken.service.type |
Kind of Service that will be used for this Deployment | ClusterIP | O | ClusterIP, NodePort, LoadBalancer and ExternalName | It is not recommended to change the Service Type. |
nfaccesstoken.deployment.customExtension.labels |
Custom Labels that needs to be added to nfaccesstoken specific Deployment | O | This can be used to add custom label(s) to nfaccesstoken Deployment | ||
nfaccesstoken.deployment.customExtension.annotations |
Custom Annotations that needs to be added to nfaccesstoken specific Deployment | O | This can be used to add custom annotation(s) to nfaccesstoken Deployment | ||
nfaccesstoken.resources.limits.cpu |
Maximum amount of CPU that K8s will allow the nfaccesstoken service container to use | 4 | O | It is the maximum CPU resource allocated to nfaccesstoken. | |
nfaccesstoken.resources.limits.initServiceCpu |
Maximum amount of CPU that K8s will allow the nfaccesstoken initi container to use | 1 | O | It is the CPU resource allocated to nfaccesstoken init container. | |
nfaccesstoken.resources.limits.updateServiceCpu |
Maximum amount of CPU that K8s will allow the nfaccesstoken update container to use | 1 | O | It is the CPU resource allocated to nfaccesstoken update container. | |
nfaccesstoken.resources.limits.memory |
Maximum memory that K8s will allow the nfaccesstoken service container to use | 2Gi | O | It is the maximum Memory allocated to nfaccesstoken. | |
nfaccesstoken.resources.limits.initServiceMemory |
Memory Limit for nfaccesstoken init container | 1Gi | O | It is the memory allocated to nfaccesstoken init container. | |
nfaccesstoken.resources.limits.updateServiceMemory |
Memory Limit for nfaccesstoken update container | 1Gi | O | It is the memory allocated to nfaccesstoken update container. | |
nfaccesstoken.resources.requests.cpu |
The amount of CPU that the system will guarantee for the nfaccesstoken service container, and K8s will use this value to decide on which node to place the pod | 4 | O | It is the maximum CPU resource allocated to nfaccesstoken. | |
nfaccesstoken.resources.requests.initServiceCpu |
The amount of CPU that the system will guarantee for the nfaccesstoken initicontainer, and K8s will use this value to decide on which node to place the pod | 1 | O | It is the CPU resource allocated to nfaccesstoken init container. | |
nfaccesstoken.resources.requests.updateServiceCpu |
The amount of CPU that the system will guarantee for the nfaccesstoken update container, and K8s will use this value to decide on which node to place the pod | 1 | O | It is the CPU resource allocated to nfaccesstoken update container. | |
nfaccesstoken.resources.requests.memory |
The memory that the system will guarantee for the nfaccesstoken, and K8s will use this value to decide on which node to place the pod | 2Gi | O | It is the maximum memory for requests allocated to nfaccesstoken. | |
nfaccesstoken.resources.requests.initServiceMemory |
Memory Limit for nfaccesstoken init container | 1Gi | O | It is the memory allocated to nfaccesstoken init container. | |
nfaccesstoken.resources.requests.updateServiceMemory |
Memory Limit for nfaccesstoken update container | 1Gi | O | It is the memory allocated to nfaccesstoken update container. | |
nfaccesstoken.resources.target.averageCpuUtil |
Target CPU utilization after which Horizontal Pod Autoscaler will be triggered. | 80 | O | ||
nfaccesstoken.minReplicas |
Minimum number of pod that will be deployed | 2 | O | ||
nfaccesstoken.maxReplicas |
Maximum number of pod that will be scaled up | 7 | O |
Application Info
Table 3-12 Application Info (appinfo)
| Parameter | Description | Default value | Mandatory (M) /Optional (O) | Range or Possible Values (If applicable) | Notes |
|---|---|---|---|---|---|
appinfo.image.name
|
Full Image Path | app_info | O | Full image path of image | |
appinfo.image.tag |
Tag of Image | OCNRF images | O | Tag of image in docker repository | |
appinfo.pullPolicy |
This setting will tell if image need to be pulled or not | IfNotPresent | O | Always IfNotPresent Never | |
appinfo.resources.limits.cpu |
Maximum amount of CPU that K8s will allow the appinfo service container to use | 200m | O | It is the maximum CPU resource allocated to appinfo Deployment. | |
appinfo.resources.limits.memory |
Maximum memory that K8s will allow the appinfo service container to use | 1Gi | O | It is the maximum Memory allocated to appinfo Deployment. | |
appinfo.resources.requests.cpu |
The amount of CPU that the system will guarantee for the appinfo service container, and K8s will use this value to decide on which node to place the pod | 200m | O | It is the maximum CPU resource allocated to appinfo Deployment. | |
appinfo.resources.requests.memory |
The memory that the system will guarantee for the appinfo serv, and K8s will use this value to decide on which node to place the pod | 1Gi | O | It is the maximum memory for requests allocated to appinfo Deployment. | |
appinfo.service.type |
Kind of Service that will be used for this Deployment | ClusterIP | O | ClusterIP, NodePort, LoadBalancer and ExternalName | It is not recommended to change the Service Type |
appinfo.service.customExtension.labels |
Custom Labels that needs to be added to appinfo specific Service | O | This can be used to add custom label(s) to nfaccesstoken Service | ||
appinfo.service.customExtension.annotations |
Custom Annotations that needs to be added to appinfo specific Services | O | This can be used to add custom annotation(s) to nfaccesstoken Service | ||
appinfo.deployment.customExtension.labels |
Custom Labels that needs to be added to appinfo specific Deployment | O | This can be used to add custom label(s) to nfaccesstoken Deployment | ||
appinfo.deployment.customExtension.annotations |
Custom Annotations that needs to be added to appinfo specific Deployment | O | This can be used to add custom annotation(s) to nfaccesstoken Deployment |