Customizing Cloud Native Core Policy

Mandatory Configurations

This section describes the configuration parameters that are mandatory during the installation of CNCPolicy, PCF, and cnPCRF.

To configure madatory parameters, you should configure the following configurable parameters in the custom-values.yaml file:

Table 3-1 Configurable Parameters for Mandatory Configurations

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.dockerRegistry	Name of the Docker registry which hosts Cloud Native Core Policy docker images	Yes	Not applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.0	This is a docker registry running in OCCNE bastion server where all OAuth docker images will be loaded. For example, 'occne-bastion:5000'
global.envMysqlHost	IP address or host name of the MySql server which hosts Cloud Native Core Policy's databases	Yes	Not applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.0
global.envMysqlPort	port of the MySql server which hosts Cloud Native Core Policy's databases	Yes	Not applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.0
global.dbCredSecretName	Name of the Kubernetes secret object containing Database username and password	Yes	Not applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x
global.privilegedDbCredSecretName	Name of the Kubernetes secret object containing Database username and password for an admin user	Yes	Not applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x
global.releaseDbName	Name of the release database containing release version details	Yes	Not applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x

Here is a sample configuration for mandatory parameters in custom-values.yaml.file:

global:
# Docker registry name
  dockerRegistry: ''
  # Primary MYSQL Host IP or Hostname
  envMysqlHost: ''
  envMysqlPort: ''
  # K8s secret object name containing OCPCF MYSQL UserName and Password
  dbCredSecretName: 'occnp-db-pass'
  privilegedDbCredSecretName: 'occnp-privileged-db-pass'
  #Release DB name containing release version details
  releaseDbName: 'occnp_release'

Enabling/Disabling Services Configurations

This section describes the configuration parameters that can be used to select the services that you want to enable/disable for your deployment.

To configure these parameters, you should configure the following configurable parameters in the custom-values.yaml file:

Table 3-2 Configurable Parameters for Enabling/Disabling the PCF Services

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release
global.amServiceEnable	Detremines if the AM service is enabled or not.	O	True	CNC Policy&PCF	Added in Release 1.7.1
global.smServiceEnable	Detremines if the SM service is enabled or not.	O	True	CNC Policy&PCF	Added in Release 1.7.1
global.ueServiceEnable	Detremines if the UE service is enabled or not.	O	True	CNC Policy&PCF	Added in Release 1.7.1

Table 3-3 Configurable Parameters for Enabling/Disabling the PCRF Core Service

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.pcrfCoreEnable	Detremines if the PCRF core service is enabled or not.	O	True	CNC Policy&cnPCRF	Added in Release 1.7.1

Table 3-4 Configurable Parameters for Enabling/Disabling the Policy Data Source (PDS) Service

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.userServiceEnable	Detremines if the user service is enabled or not.	O	True	CNC Policy&PCF	Added in Release 1.7.1	Applicable only when the policy data sources are 5G UDR and CHF.
global.policydsEnable	Detremines if the Data Source service is enabled or not.	O	False	CNC Policy, PCF, &cnPCRF	Added in Release 1.7.1	Applicable only when policy data source is LDAP server.
global.ldapGatewayEnable	Detremines if the LDAP Gateway is enabled or not.	O	False	CNC Policy, PCF, &cnPCRF	Added in Release 1.7.1	Applicable only when policy data source is LDAP server.
global.soapConnectorEnable	Detremines if the soap connector is enabled or not.	O	False	CNC Policy&cnPCRF	Added in Release 1.7.1

Table 3-5 Configurable Parameters for Enabling/Disabling the Audit Service

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
auditservice.enabled	Detremines if the audit service is enabled or not.	O	false	CNC Policy&PCF	Added in Release 1.7.1

Table 3-6 Configurable Parameters for Enabling/Disabling the Ingress/Egress Gateway

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
ingressgateway.enabled	Detremines if the ingress gateway is enabled or not.	O	false	CNC Policy, cnPCRF, &PCF	Added in Release 1.5.x	When depolyed in cnPCRF mode, enable this parameter only when soap connector is enabled.
egressgateway.enabled	Detremines if the egress gateway is enabled or not.	O	false	CNC Policy &PCF	Added in Release 1.5.x

Table 3-7 Configurable Parameters for Enabling/Disabling the NRF Client Services

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release
global.nrfClientNfDiscoveryEnable		O	True	CNC Policy & PCF	Added in Release 1.7.1
global.nrfClientNfManagementEnable		O	True	CNC Policy & PCF	Added in Release 1.7.1
global.appinfoServiceEnable	Determines if the app info service is enabled or not.	O	True	CNC Policy&PCF	Added in Release 1.7.1
global.performanceServiceEnable	Determines if the performance service is enabled or not.	O	True	CNC Policy&PCF	Added in Release 1.7.1

Table 3-8 Configurable Parameters for Enabling/Disabling the Diamter Gateway/Connector

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.diamConnectorEnable	Detremines if the diameter connector is enabled or not.	O	True	CNC Policy&PCF	Added in Release 1.7.1
global.diamGatewayEnable	Detremines if the diameter gateway is enabled or not.	O	True	CNC Policy, PCF, &cnPCRF	Added in Release 1.7.1

Table 3-9 Configurable Parameters for Enabling/Disabling the Binding Service

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.bindingEnable	Detremines if the Binding service is enabled or not.	O	True	CNC Policy	Added in Release 1.7.1	This parameter value is False for PCF & cnPCRF.

Table 3-10 Configurable Parameters for Enabling/Disabling the Alternate Route Service

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.alternateRouteServiceEnable	Enable/Disable Alternate Route service	Yes	true	CNC Policy & PCF	Added in Release 1.8.0	Enable this flag to include Alternate Route service as part of you Helm deployment.

Here is a sample configuration for configurable parameters in custom-values.yaml.file:

global:
# Enable/disable PCF services 
  userServiceEnable: true
  amServiceEnable: true
  smServiceEnable: true
  ueServiceEnable: true
  nrfClientNfDiscoveryEnable: true
  nrfClientNfManagementEnable: true
  diamConnectorEnable: true
  appinfoServiceEnable: true
  performanceServiceEnable: true
  alternateRouteServiceEnable: true
  # Enable/disable PCRF services
  pcrfCoreEnable: true
  soapConnectorEnable: false

  # Enable/disable common services
  diamGatewayEnable: true
  bindingEnable: true
  policydsEnable: false
  ldapGatewayEnable: false

audit-service:
  enabled: false

ingress-gateway:
  enabled: false

egress-gateway:
  enabled: false

Tracing Configuration

This section describes the customizatons that you should make in custom-value.yaml files to configure tracing.

To configure tracing in ingress-gateway, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-11 Configurable Parameters for Tracing Configuration in Ingress Gateway

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.envJaegerAgentHost	Hostname or IP address for the jaeger agent	Yes	Not applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.0	This parameter is the fqdn of Jaeger Agent service running in OCCNE cluster under namespace occne-infra. Format is <JAEGER_SVC_NAME>.<JAEGER_NAMESPACE>
ingress-gateway.jaegerTracingEnabled		No	False	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x
ingress-gateway.openTracing.jaeger.udpSender.host		No	"occne-tracer-jaeger-agent.occne-infra"	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x
ingress-gateway.openTracing.jaeger.udpSender.port		No	6831	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x
ingress-gateway.openTracing. jaeger.probabilisticSampler		No	0.5	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x

Here is a sample configurations for tracing in ingress-gateway in custom-values.yaml.file:

jaegerTracingEnabled: true
  openTracing :
    jaeger:
      udpSender:
        # udpsender host
        host: "occne-tracer-jaeger-agent.occne-infra"
        # udpsender port
        port: 6831
      probabilisticSampler: 0.5

Table 3-12 Configurable Parameters for Tracing Configuration in Egress Gateway

Parameter	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release
egress-gateway.jaegerTracingEnabled	No	False	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x
egress-gateway.openTracing.jaeger.udpSender.host	No	"occne-tracer-jaeger-agent.occne-infra"	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x
egress-gateway.openTracing.jaeger.udpSender.port	No	6831	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x
egress-gateway.openTracing. jaeger.probabilisticSampler	No	0.5	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x

Here is a sample configurations for tracing in egress-gateway in custom-values.yaml.file:

openTracing :
    jaeger:
      udpSender:
        # udpsender host
        host: "occne-tracer-jaeger-agent.occne-infra"
        # udpsender port
        port: 6831
      probabilisticSampler: 0.5

To configure tracing in nrfClientNfDiscovery, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-13 Configurable Parameters for Tracing Configuration in nrfClientNfDiscovery

Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
nrf-client.nrf-client-nfdiscovery.envJaegerSamplerParam	'1'	CNC Policy & PCF	Added in Release 1.7.1	Applicable only when NRF Client services are enabled.
nrf-client.nrf-client-nfdiscovery.envJaegerSamplerType	ratelimitimg	CNC Policy & PCF	Added in Release 1.7.1	Applicable only when NRF Client services are enabled.
nrf-client.nrf-client-nfdiscovery.envJaegerServiceName	pcf-nrf-client-nfdiscovery	CNC Policy & PCF	Added in Release 1.7.1	Applicable only when NRF Client services are enabled.

Here is a sample configurations for tracing in custom-values.yaml.file:

nrf-client-nfdiscovery:
    envJaegerSamplerParam: '1'
    envJaegerSamplerType: ratelimiting
    envJaegerServiceName: pcf-nrf-client-nfdiscovery

To configure tracing in nrfclientnfmanagement, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-14 Configurable Parameters for Tracing Configuration in nrfclientnfmanagement

Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
nrf-client.nrf-client-nfmanagement.envJaegerSamplerParam	'1'	CNC Policy & PCF	Added in Release 1.7.1.0	Applicable only when NRF Client services are enabled.
nrf-client.nrf-client-nfmanagement.envJaegerSamplerType	ratelimiting	CNC Policy & PCF	Added in Release 1.7.1	Applicable only when NRF Client services are enabled.
nrf-client.nrf-client-nfmanagement.envJaegerServiceName	pcf-nrf-client-nfmanagement	CNC Policy & PCF	Added in Release 1.7.1	Applicable only when NRF Client services are enabled.

Here is a sample configurations for tracing in custom-values.yaml.file:

nrf-client-nfmanagement:
    envJaegerSamplerParam: '1'
    envJaegerSamplerType: ratelimiting
    envJaegerServiceName: pcf-nrf-client-nfmanagement

To configure tracing in Alternate Route service, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-15 Configurable Parameters for Tracing Configuration in Alternate Route Service

Parameter	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
alternate-route.jaegerTracingEnabled	No	False	CNC Policy & PCF	Added in Release 1.8.0
alternate-route.openTracing.jaeger.udpSender.host		"occne-tracer-jaeger-agent.occne-infra"	CNC Policy & PCF	Added in Release 1.8.0	Applicable only when alternate route service is enabled.
alternate-route.openTracing.jaeger.udpSender.port		6831	CNC Policy & PCF	Added in Release 1.8.0	Applicable only when alternate route service is enabled.
alternate-route.openTracing. jaeger.probabilisticSampler		0.5	CNC Policy & PCF	Added in Release 1.8.0	Applicable only when alternate route service is enabled.

Here is a sample configurations for tracing in custom-values.yaml.file:

jaegerTracingEnabled: true
openTracing :
    jaeger:
      udpSender:
        # udpsender host
        host: "occne-tracer-jaeger-agent.occne-infra"
        # udpsender port
        port: 6831
      probabilisticSampler: 0.5

Database Name Configuration

This section describes the configuration parameters that can be used to customize the database names.

Note:

Database name specified in the custom.yaml file should be used while creating the database during installation. See Configuring Database, Creating Users, and Granting Permissions.

Table 3-16 Customizable Parameters for Database Name Configuration for PCF Services

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
am-service.envMysqlDatabase	Name of the database for AM-Service	No	occnp_pcf_am	CNC Policy & PCF	Added in Release 1.0	Applicable only when AM service is enabled.
sm-service.envMysqlDatabase	Name of the database for SM-Service	No	occnp_pcf_sm	CNC Policy & PCF	Added in Release 1.0	Applicable only when SM service is enabled.
sm-service.envMysqlDatabaseUserService	Name of the database of User Service	No	occnp_pcf_user	CNC Policy & PCF	Added in Release 1.6.x	Applicable only when SM service is enabled. Value of this parameter should be same as the value of "user-service.envMysqlDatabase" parameter.
config-server.envMysqlDatabase	Name of the database for Config Server service	No	occnp_config_server	CNC Policy & PCF	Added in Release 1.0
queryservice.envMysqlDatabaseSmService	Specify the database name of SM service	Conditional	occnp_pcf_sm	CNC Policy & PCF	Added in Release 1.6.x	Value of this parameter should be same as the value of "sm-service.envMysqlDatabase" parameter.
queryservice.envMysqlDatabaseUserService	Specify the database name of User service	Conditional	occnp_pcf_user	CNC Policy & PCF	Added in Release 1.6.x	Value of this parameter should be same as the value of "user-service.envMysqlDatabase" parameter.

Table 3-17 Customizable Parameters for Database Name Configuration for Policy Data Source (PDS)

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
user-service.envMysqlDatabase	Name of the database for User-Service	No	occnp_pcf_user	CNC Policy & PCF	Added in Release 1.0	Applicable only when user service is enabled.
policyds.envMysqlDatabaseConfigServer	Specify the database name of Config Server service.		occnp_config_server	CNC Policy, PCF, & cnPCRF	Added in Release 1.7.1	Applicable only when policyds is enabled.

Table 3-18 Customizable Parameters for Database Name Configuration for PCRF Core Service

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
pcrf-core.envMysqlDatabase	Name of the database for PCRF-Core	No	occnp_pcrf_core	CNC Policy & cnPCRF	Added in Release 1.0	Applicable only when pcrf-core service is enabled.

Table 3-19 Customizable Parameters for Database Name Configuration for Binding Service

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
binding.envMysqlDatabase	Name of the database for Binding service	No	occnp_binding	CNC Policy, PCF, & cnPCRF	Added in Release 1.7.1	Applicable only when binding service is enabled.

Table 3-20 Customizable Parameters for Database Name Configuration for Audit Service

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
audit-service.envMysqlDatabase	Name of the database for Audit service	No	occnp_audit_service	CNC Policy & PCF	Added in Release 1.7.1	Applicable only when Audit service is enabled.

Here is a sample configuration for configurable parameters in custom-values.yaml.file:


am-service:
  envMysqlDatabase: occnp_pcf_am


sm-service:
  envMysqlDatabase: occnp_pcf_sm
  envMysqlDatabaseUserService: occnp_pcf_user


user-service:
  envMysqlDatabase: occnp_pcf_user


config-server:
  envMysqlDatabase: occnp_config_server


queryservice:
  envMysqlDatabaseSmService: occnp_pcf_sm
  envMysqlDatabaseUserService: occnp_pcf_user


audit-service:
  envMysqlDatabase: occnp_audit_service


policyds:
  envMysqlDatabaseConfigServer: 'occnp_config_server'


pcrf-core:
  # database name core service will connect to
  envMysqlDatabase: occnp_pcrf_core


binding:
  envMysqlDatabase: occnp_binding

NRF Client Configuration

This section describes the NRF Client configuration parameters.

Note:

These configurations are required when NF is required to register with NRF. Before configuring NRF client configuration, NRF Client services should have been enabled.

To configure these parameters, you should configure the following configurable parameters in the custom-values.yaml file:

Table 3-21 Configurable Parameters for NRF Client Configuration

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.deploymentNrfClientService.envNfNamespace	K8s namespace of PCF	Mandatory	Not Applicable	CNC Policy & PCF	Added in Release 1.6.x
nrf-client.configmapApplicationConfig.profile	Contains configuration parameters that goes into nrf-client's config map	Mandatory	Not Applicable	CNC Policy & PCF	Added in Release 1.6.x	Refer config-map table for configurable parameters.
appinfo.infraServices	Set this parameter to an empty array if any one of below condition is met: Deploying on occne 1.4 or lesser version Not deploying on OCCNE Do not wish to monitor infra services such as db-monitor service	Conditional	Not Applicable	CNC Policy & PCF	Added in Release 1.7.1
perf-info.configmapPerformance.prometheus	Specifies Prometheus server URL	Conditional	http://prometheus-server.prometheus:5802	CNC Policy & PCF	Added in Release 1.0	If no value is specified, PCF reported 0 loads to NRF.

Configurable parameters NRF Client Configuration in Config-map

Parameter	Description	Allowed Values	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
primaryNrfApiRoot	Primary NRF hostname and port <http scheme>://<Hostname/IP>:<Port>	valid api root	CNC Policy & PCF	Added in Release 1.6.x	For Example: http://nrf1-api-gateway.svc:80
SecondaryNrfApiRoot	secondary NRF hostname and port <http scheme>://<Hostname/IP>:<Port>	valid api root	CNC Policy & PCF	Added in Release 1.6.x	For Example: http://nrf2-api-gateway.svc:80
retryAfterTime	When primary NRF is down, this will be the wait Time (in ISO 8601 duration format) after which request to primary NRF will be retried to detect primary NRF's availability.	valid ISO 8601 duration format	CNC Policy & PCF	Added in Release 1.6.x	For Example: PT120S
nrfClientType	The NfType of the NF registering. This should be set to PCF.	PCF	CNC Policy & PCF	Added in Release 1.6.x
nrfClientSubscribeTypes	NF Type(s) for which the NF wants to discover and subscribe to the NRF.	BSF,UDR,CHF	CNC Policy & PCF	Added in Release 1.6.x	Leave blank if PCF does not require.
appProfiles	NfProfile of PCF to be registered with NRF.	Valid NF Profile	CNC Policy & PCF	Added in Release 1.6.x
enableF3	Support for 29.510 Release 15.3	true/false	CNC Policy & PCF	Added in Release 1.6.x
enableF5	Support for 29.510 Release 15.5	true/false	CNC Policy & PCF	Added in Release 1.6.x
renewalTimeBeforeExpiry	Time Period(seconds) before the Subscription Validity time expires	Time in seconds	CNC Policy & PCF	Added in Release 1.6.x	For Example: 3600 (1hr)
validityTime	The default validity time(days) for subscriptions	Time in days	CNC Policy & PCF	Added in Release 1.6.x	For Example: 30 (30 days)
enableSubscriptionAutoRenewal	Enable Renewal of Subscriptions automatically	true/false	CNC Policy & PCF	Added in Release 1.6.x
acceptAdditionalAttributes	Enable additionalAttributes as part of 29.510 Release 15.5	true/false	CNC Policy & PCF	Added in Release 1.6.x
supportedDataSetId		POLICY	CNC Policy & PCF	Added in Release 1.7.1

Here is a sample configuration for NRF client in custom-values.yaml.file:

appinfo:
  serviceAccountName: ''
  # Set Infrastructure services to empty array if any one of below condition is met 
  #  1. Deploying on occne 1.4 or lesser version
  #  2. Not deploying on OCCNE
  #  3. Do not wish to monitor infra services such as db-monitor service
  # then the below mentioned attribute 'infra_services' should be uncommneted and epmty array should be passed as already mentioned.
  #infraServices: []

perf-info:
  configmapPerformance:
    prometheus: ''

nrf-client:
  # This config map is for providing inputs to NRF-Client
  configmapApplicationConfig:
    # primaryNrfApiRoot - Primary NRF Hostname and Port
    # SecondaryNrfApiRoot - Secondary NRF Hostname and Port
    # retryAfterTime - Default downtime(in ISO 8601 duration format) of an NRF detected to be unavailable.
    # nrfClientType - The NfType of the NF registering
    # nrfClientSubscribeTypes - the NFType for which the NF wants to subscribe to the NRF.
    # appProfiles - The NfProfile of the NF to be registered with NRF.
    # enableF3 - Support for 29.510 Release 15.3
    # enableF5 - Support for 29.510 Release 15.5
    # renewalTimeBeforeExpiry - Time Period(seconds) before the Subscription Validity time expires.
    # validityTime - The default validity time(days) for subscriptions.
    # enableSubscriptionAutoRenewal - Enable Renewal of Subscriptions automatically.
    # acceptAdditionalAttributes - Enable additionalAttributes as part of 29.510 Release 15.5
    profile: |-
      [appcfg]
      primaryNrfApiRoot=http://nrf1-api-gateway.svc:80
      secondaryNrfApiRoot=http://nrf2-api-gateway.svc:80
      retryAfterTime=PT120S
      nrfClientType=PCF
      nrfClientSubscribeTypes=CHF,UDR,BSF
      appProfiles=[{ "nfInstanceId": "fe7d992b-0541-4c7d-ab84-c6d70b1b0123", "nfType": "PCF", "nfStatus": "REGISTERED", "plmnList": null, "nsiList": null, "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipv4Addresses": null, "ipv6Addresses": null, "priority": null, "capacity": null, "load": 80, "locality": null, "pcfInfo": { "dnnList": [ "internet", "volte" ], "supiRanges": [ { "start": "12123444444", "end": "232332323323232", "pattern": null } ] }, "customInfo": null, "recoveryTime": null, "nfServices": [ { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd01", "serviceName": "npcf-am-policy-control", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "AMF", "NEF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null }, { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd02", "serviceName": "npcf-smpolicycontrol", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "SMF", "NEF", "AF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null }, { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd03", "serviceName": "npcf-ue-policy-control", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "AMF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null } ]}]
      enableF3=true
      enableF5=true
      renewalTimeBeforeExpiry=3600
      validityTime=30
      enableSubscriptionAutoRenewal=true
      acceptAdditionalAttributes=false
      supportedDataSetId=POLICY

Audit Service Configuration

This section describes the customizatons that you should make in custom-value.yaml file to customize Audit service configurations.

Table 3-22 Configurable Parameters for Audit Service Configuration

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
sm-service.auditSmSessionTtl	SM Policy Association normal age	No	86400	CNC Policy & PCF	Added in Release 1.6.x	Specifies age of a SM policy association after which a record is considered to be stale on PCF and the SMF is queried for presence of such associations. Applicable only when SM service is enabled.
sm-service.auditSmSessionMaxTtl	SM Policy Association maximum age	No	172800	CNC Policy & PCF	Added in Release 1.6.x	Specifies maximum age of a SM Policy Association after which a record is purged from PCF SM database without sending further queries to SMF. Applicable only when SM service is enabled.

Here is a sample configuration in custom-values.yaml.file:


sm-service:
  auditSmSessionTtl: 86400
  auditSmSessionMaxTtl: 172800

Diameter Gateway/Connector Configuration

This section describes the customizatons that you should make in custom-value.yaml file to customize Diameter configurations.

Table 3-23 Configurable Parameters for Diameter Gateway/Connector Configuration

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
diam-connector.envDiameterRealm	Diameter Realm of PCF	Yes	Not applicable	CNC Policy & PCF	Added in Release 1.6.x	example: oracle.com Applicable only when diameter connector is enabled.
diam-connector.envDiameterIdentity	Diameter Host of PCF	Yes	Not applicable	CNC Policy & PCF	Added in Release 1.6.x	example: ocpcf Applicable only when diameter connector is enabled.
diam-gateway.envGatewayMode	Diameter Gateway mode	Yes		CNC Policy, PCF, & cnPCRF	Added in Release 1.7.1	For CNC Policy,the value is "converged". For PCF,the value is "pcf". For cnPCRF,the value is "pcrf". Applicable only when diameter gateway is enabled.
diam-gateway.envGatewayDeploymentType	Diameter Gateway deployment type (applicable only when mode is converged)	Yes		CNC Policy, PCF, & cnPCRF	Added in Release 1.7.1	For CNC Policy,the value is "CONVERGED". For PCF,the value is "PCF". For cnPCRF,the value is "PCRF". Applicable only when diameter gateway is enabled.
diam-gateway.envDiameterRealm	Diameter Realm of PCF diameter gateway	Yes	Not applicable	CNC Policy, PCF, & cnPCRF	Added in Release 1.7.1	example: oracle.com Applicable only when diameter gateway is enabled.
diam-gateway.envDiameterIdentity	Diameter Host of PCF diameter gateway	Yes	Not applicable	CNC Policy, PCF, & cnPCRF	Added in Release 1.7.1	example: oc-diam-gateway Applicable only when diameter gateway is enabled.

Here is a sample configuration in custom-values.yaml.file:

diam-connector:
  envDiameterRealm: 'oracle.com'
  envDiameterIdentity: 'ocpcf'

diam-gateway:
  #The diam-gateway mode i.e. converged, bsf, pcf and pcrf
  envGatewayMode: converged
  #The diam-gateway deployment type (applicable only when mode is converged) i.e. CONVERGED, PCF and PCRF
  envGatewayDeploymentType: CONVERGED
  envDiameterRealm: 'oracle.com'
  envDiameterIdentity: 'oc-diam-gateway'

BSF Configuration

This section describes the customizatons that you should make in custom-value.yaml file to customize default BSF configurations.

Table 3-24 Configurable Parameters for BSF Configuration

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
sm-service.defaultBsfApiRoot	Api root of pre-configured BSF	No	Not applicable	CNC Policy & PCF	Added in Release 1.5.x	Applicable only when SM service is enabled. Required, if PCF uses pre-configured BSF. For Example: "https://bsf.apigateway:8001/"
binding.bsfEnabled	Enable/Disable the binding operation (register and deregister) with the BSF	No	False	CNC Policy & PCF	Added in Release 1.7.1	Applicable only when Binding service is enabled.

Here is a sample configuration in custom-values.yaml.file:

sm-service:
  defaultBsfApiRoot: 'https://bsf.apigateway:8001'

binding:
    bsfEnabled: false

Kubernetes Service Account Configuration

This section describes the customizatons that you should make in custom-value.yaml file to customize kubernetes service account configurations.

Table 3-25 Configurable Parameters for Kubernetes Service Account Configuration

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
appinfo.serviceAccountName	K8s Service Account to access (RBAC) the K8s API server to retrieve status of PCF services and pods. The account should have read access ( "get" , "watch" , "list" ) to pods, services and nodes.	Conditional	Not applicable	CNC Policy & PCF	Added in Release 1.6.x	If no value is specified, PCF creates a service account at the time of deployment.
ldap-gateway.serviceAccountName				CNC Policy, PCF, & cnPCRF	Added in Release 1.7.1

Here is a sample configuration in custom-values.yaml.file:

appinfo:
  serviceAccountName: ''

ldap-gateway:
  serviceAccountName: ''

API Root Configuration for Resource URI and Notification URI

This section describes the configuration parameters that can be used to API Root configuration.

To configure these parameters, you should configure the following configurable parameters in the custom-values.yaml file:

Table 3-26 Configurable Parameters for Api Root Configuration for Notification URI

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.pcfApiRoot	API root of PCF that is used in Notification URI generated by PCF when sending request to other producer NFs (like NRF, UDR, CHF, etc..) Resource URI generated by PCF, on successful creation of policy association for requests from SMF, AMF, and UE.	No	Ingress gateway service name and port	CNC Policy & PCF	Added in Release 1.5.x	If not configured then the ingress gateway service name and port will be used as default value. Example: "https://<Helm namespace>-pcf-ingress-gateway:443" pcfApiRoot: ''
global.deploymentNrfClientService.nfApiRoot	Api root of PCF	Mandatory	Not Applicable	CNC Policy & PCF	Added in Release 1.6.x	Applicable only when NRF Client services are enabled. Value of this parameter should be same as the value of "global.pcfApiRoot" parameter.

Parameter

Description

Mandatory/Optional Parameter

Default Value

Applicable to Deployment

Added/Deprecated/Updated in Release

Notes

global.pcfApiRoot

API root of PCF that is used in

Notification URI generated by PCF when sending request to other producer NFs (like NRF, UDR, CHF, etc..)
Resource URI generated by PCF, on successful creation of policy association for requests from SMF, AMF, and UE.

No

Ingress gateway service name and port

CNC Policy & PCF

Added in Release 1.5.x

If not configured then the ingress gateway service name and port will be used as default value.

Example: "https://<Helm namespace>-pcf-ingress-gateway:443" pcfApiRoot: ''

global.deploymentNrfClientService.nfApiRoot

Api root of PCF

Mandatory

Not Applicable

CNC Policy & PCF

Added in Release 1.6.x

Applicable only when NRF Client services are enabled. Value of this parameter should be same as the value of "global.pcfApiRoot" parameter.

Basic Configurations in Ingress Gateway

This section describes the configuration parameters that are required for basic configurations in Ingress Gateway.

Note:

Following configurations are applicable only when ingress-gateway is enabled.

Table 3-27 Configurable Parameters for Basic Configurations in Ingress Gateway

Parameter	Description	Mandatory Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release
global.metalLbIpAllocationEnabled	Enable or disable IP Address allocation from Metallb Pool	No	false	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x
global.metalLbIpAllocationAnnotation	Address Pool Annotation for Metallb	No	"metallb.universe.tf/address-pool: signaling"	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x
ingress-gateway.enableIncomingHttp	Enable it to accept incoming http requests	No	False	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x
ingress-gateway.ingressServer.keepAlive.enabled		No	false		Added in Release 1.7.3
ingress-gateway.ingressServer.keepAlive.idealTime		No	180 (in seconds)		Added in Release 1.7.3
ingress-gateway.ingressServer.keepAlive.count		No	9		Added in Release 1.7.3
ingress-gateway.ingressServer.keepAlive.interval		No	60 (in seconds)		Added in Release 1.7.3

Here is a sample configuration for configurable parameters in custom-values.yaml.file:


ingress-gateway:

  # Enable or disable IP Address allocation from Metallb Pool
  metalLbIpAllocationEnabled: false

  # Address Pool Annotation for Metallb
  metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
  # -----Ingress Gateway Settings - END-----

ingress-gateway:
#keep alive settings
  ingressServer:
    keepAlive:
      enabled: false
      idealTime: 180  #in seconds
      count: 9
      interval: 60 #in seconds

Service and Container Port Configuration

This section describes the customizatons that you can make in custom-values.yaml file to configure service and container ports.

Note:

For upgrade scenario, changing port will cause temporary service disruption.

To override the default port numbers, used by service and container ports, and customize them as per your requirements, you can configure the following configurable parameters in custom-values.yaml file:

Table 3-28 Customizable Parameters for Service Ports Configuration

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.servicePorts.pcfAmServiceHttp	HTTP signaling port for AM service.	Optional	5904	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.pcfAmServiceHttps	HTTP signaling port for AM service.	Optional	5905	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.appInfoHttp	HTTP signaling port for app info .	Optional	5906	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcAppInfoHttp`
global.servicePorts.auditServiceHttp	HTTP signaling port for audit service.	Optional	5807	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.bindingHttp	HTTP signaling port for binding service.	Optional	8080	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.servicePorts.bindingHttps	HTTPS signaling port for binding service.	Optional	8443	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.servicePorts.cmServiceHttp	HTTP signaling port for CM service.	Optional	5808	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.servicePorts.configServerHttp	HTTP signaling port for config server.	Optional	5807	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3	Same value as `svcConfigServerHttp`
global.servicePorts.diamConnectorHttp	HTTP signaling port for Diameter connector.	Optional	8080	CNCPolicy & PCF	Updated in Release 1.8.1	The name for this parameter has been updated from `pcfDiamConnectorHttp` to `diamConnectorHttp`.
global.servicePorts.diamConnectorDiameter	Port for Diameter connector.	Optional	3868	CNCPolicy & PCF	Updated in Release 1.8.1	The name for this parameter has been updated from `pcfDiamConnectorDiameter` to `diamConnectorDiameter`.
global.servicePorts.ldapGatewayHttp	HTTP signaling port for LDAP Gateway.	Optional	8084	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.servicePorts.ldapGatewayHttps	HTTPS signaling port for LDAP Gateway.	Optional	8443	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.servicePorts.diamGatewayHttp	HTTP signaling port for Diameter gateway.	Optional	8080	CNCPolicy & PCF	Updated in Release 1.8.1	The name for this parameter has been updated from `pcfDiamGatewayHttp` to `diamGatewayHttp`.
global.servicePorts.diamGatewayDiameter	Port for Diameter gateway.	Optional	3868	CNCPolicy & PCF	Updated in Release 1.8.1	The name for this parameter has been updated from `pcfDiamGatewayDiameter` to `diamGatewayDiameter`.
global.servicePorts.pcrfCoreDiameter	Port for PCRF Core Diameter.	Optional	3868	CNCPolicy & cnPCRF	Added in Release 1.7.3
global.servicePorts.pcrfCoreHttp	HTTP signaling port for PCRF core service.	Optional	9080	CNCPolicy & cnPCRF	Added in Release 1.7.3
global.servicePorts.pcrfDiamGatewayHttp	HTTP signaling port for PCRF Diameter Gateway.	Optional	8080	CNCPolicy & cnPCRF	Deprecated in Release 1.8.1
global.servicePorts.pcrfDiamGatewayDiameter	Port for PCRF Diameter connector.	Optional	3868	CNCPolicy & cnPCRF	Deprecated in Release 1.8.1
global.servicePorts.perfInfoHttp	HTTP signaling port for perf info.	Optional	5905	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcPerfInfoHttp`
global.servicePorts.policydsHttp	HTTP signaling port for policyds.	Optional	8080	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.servicePorts.preServiceHttp	HTTP signaling port for pre service.	Optional	5806	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.servicePorts.preTestHttp	HTTP signaling port for pre test.	Optional	5806	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.servicePorts.queryServiceHttp	HTTP signaling port for queryservice.	Optional	5805	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.servicePorts.pcfSmServiceHttp	HTTP signaling port for SM service.	Optional	5809	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.pcfSmServiceHttps	HTTPS signaling port for SM service.	Optional	5805	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.soapConnectorHttp	HTTP signaling port for Soap connector.	Optional	8082	CNCPolicy & cnPCRF	Added in Release 1.7.3
global.servicePorts.pcfUeServiceHttp	HTTP signaling port for UE service.	Optional	5809	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.pcfUeServiceHttps	HTTPS signaling port for UE service.	Optional	5805	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.pcfUserServiceHttp	HTTP signaling port for User service.	Optional	5808	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.pcfUserServiceHttps	HTTPS signaling port for User service.	Optional	8443	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.udrConnectorHttp	HTTP signaling port for UDR Connector.	Optional	5808	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.udrConnectorHttps	HTTPS signaling port for UDR Connector.	Optional	8443	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.chfConnectorHttp	HTTP signaling port for CHF Connector.	Optional	5808	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.chfConnectorHttps	HTTPS signaling port for CHF Connector.	Optional	8443	CNCPolicy & PCF	Added in Release 1.7.3
global.servicePorts.egressGatewayHttp	HTTP signaling port for Egress Gateway.	Optional	8080	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcEgressGatewayHttp`
global.servicePorts.nrfClientNfDiscoveryHttp	HTTP signaling port for NRF client discovery service.	Optional	5910	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcNrfClientNfDiscoveryHttp`
global.servicePorts.nrfClientNfManagementHttp	HTTP signaling port for NRF client management service.	Optional	5910	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcNrfClientNfManagementHttp`
global.servicePorts.nrfClientNfDiscoveryHttps	HTTPS signaling port for NRF client discovery service.	Optional	8443	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcNrfClientNfDiscoveryHttps`
global.servicePorts.nrfClientNfManagementHttps	HTTPS signaling port for NRF client management service.	Optional	8443	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcNrfClientNfManagementHttps`
global.servicePorts.alternateRouteServiceHttp	HTTP signaling port for alternate route service.	Optional	8000	CNCPolicy & PCF	Added in Release 1.8.0	Same value as `svcAlternateRouteServiceHttp`
global.servicePorts.alternateRouteServiceHazelcast		Optional	8000	CNCPolicy & PCF	Added in Release 1.8.0	Same value as `svcAlternateRouteServiceHazelcast`

Here is a sample of service ports configurable parameters in custom-values.yaml file:


servicePorts:
    # am service
    pcfAmServiceHttp: 8000
    pcfAmServiceHttps: 9443
    # app info
    appInfoHttp: &svcAppInfoHttp 8000
    # audit service
    auditServiceHttp: 8000
    # binding
    bindingHttp: 8000
    bindingHttps: 9443
    # cm service
    cmServiceHttp: 8000
    # config server
    configServerHttp: &svcConfigServerHttp 8000
    # diam connector
    diamConnectorHttp: 8000
    diamConnectorDiameter: 3868
    # ldap gateway
    ldapGatewayHttp: 8000
    ldapGatewayHttps: 9443
    # diameter gateway
    diamGatewayHttp: 8000
    diamGatewayDiameter: 3868
    # pcrf core
    pcrfCoreDiameter: 3868
    pcrfCoreHttp: 8000
    # pcrf diameter gateway
    pcrfDiamGatewayHttp: 8000
    pcrfDiamGatewayDiameter: 3868
    # perf info
    perfInfoHttp: &svcPerfInfoHttp 8000
    # policyds
    policydsHttp: 8000
    # pre service
    preServiceHttp: 8000
    preTestHttp: 8000
    # query service
    queryServiceHttp: 8000
    # pcf sm service
    pcfSmServiceHttp: 8000
    pcfSmServiceHttps: 9443
    # soap connector
    soapConnectorHttp: 8000
    # ue service
    pcfUeServiceHttp: 8000
    pcfUeServiceHttps: 9443
    # pcf user service
    pcfUserServiceHttp: 8000
    pcfUserServiceHttps: 9443
    udrConnectorHttp: 8000
    udrConnectorHttps: 9443
    chfConnectorHttp: 8000
    chfConnectorHttps: 9443
    # egress gateway
    egressGatewayHttp: &svcEgressGatewayHttp 8000
    # nrf client
    nrfClientNfDiscoveryHttp: &svcNrfClientNfDiscoveryHttp 8000
    nrfClientNfManagementHttp: &svcNrfClientNfManagementHttp 8000
    nrfClientNfDiscoveryHttps: &svcNrfClientNfDiscoveryHttps 9443
    nrfClientNfManagementHttps: &svcNrfClientNfManagementHttps 9443
    # alternate route
    alternateRouteServiceHttp: &svcAlternateRouteServiceHttp 8000
    alternateRouteServiceHazelcast: &svcAlternateRouteServiceHazelcast 8000

Table 3-29 Customizable Parameters for Container Ports Configuration

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.containerPorts.monitoringHttp	HTTP signaling port for monitoring.	Optional	9000	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3	Same value as `containerMonitoringHttp`
global.containerPorts.pcfAmServiceHttp	HTTP signaling port for AM service.	Optional	8080	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.pcfAmServiceHttps	HTTPS signaling port for AM service.	Optional	9443	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.appInfoHttp	HTTP signaling port for app info.	Optional	5906	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.auditServiceHttp	HTTP signaling port for Auditservice.	Optional	8081	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.bindingHttp	HTTP signaling port for binding service.	Optional	8080	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.containerPorts.bindingHttps	HTTPS signaling port for binding service.	Optional	8443	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.containerPorts.cmServiceHttp	HTTP signaling port for CMservice.	Optional	5807	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.containerPorts.configServerHttp	HTTP signaling port for config server.	Optional	8001	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.containerPorts.diamConnectorHttp	HTTP signaling port for Diameter Connector.	Optional	8080	CNCPolicy & PCF	Updated in Release 1.8.1	The name for this parameter has been updated from `pcfDiamConnectorHttp` to `diamConnectorHttp`.
global.containerPorts.diamConnectorDiameter	Diameter connector.	Optional	3868	CNCPolicy & PCF	Updated in Release 1.8.1	The name for this parameter has been updated from `pcfDiamConnectorDiameter` to `diamConnectorDiameter`.
global.containerPorts.ldapGatewayHttp	HTTP signaling port for IDAP Gateway.	Optional	8084	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.containerPorts.diamGatewayHttp	HTTP signaling port for Diameter Gateway.	Optional	8080	CNCPolicy & PCF	Updated in Release 1.8.1	This parameter name has been updated from `pcfDiamGatewayHttp` to `diamGatewayHttp`.
global.containerPorts.diamGatewayDiameter	Diameter gateway.	Optional	3868	CNCPolicy & PCF	Updated in Release 1.8.1	This parameter name has been updated from `pcfDiamGatewayDiameter` to `diamGatewayDiameter`.
global.containerPorts.pcrfCoreDiameter	PCRF core diameter.	Optional	3868	CNCPolicy & cnPCRF	Added in Release 1.7.3
global.containerPorts.pcrfCoreHttp	HTTP signaling port for PCRF Core service.	Optional	9080	CNCPolicy & cnPCRF	Added in Release 1.7.3
global.containerPorts.pcrfDiamGatewayHttp	HTTP signaling port for PCRF Diameter Gateway.	Optional	8080	CNCPolicy & cnPCRF	Deprecated in Release 1.8.1
global.containerPorts.pcrfDiamGatewayDiameter	PCRF diameter gateway.	Optional	3868	CNCPolicy & cnPCRF	Deprecated in Release 1.8.1
global.containerPorts.perfInfoHttp	HTTP signaling port for perf-info.	Optional	5905	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.policydsHttp	HTTP signaling port for policyds.	Optional	8080	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.containerPorts.preServiceHttp	HTTP signaling port for pre service.	Optional	5806	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.containerPorts.preTestHttp	HTTP signaling port for pre test.	Optional	5806	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.containerPorts.queryServiceHttp	HTTP signaling port for queryservice.	Optional	8081	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3
global.containerPorts.pcfSmServiceHttp	HTTP signaling port for SM service.	Optional	8080	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.pcfSmServiceHttps	HTTPS signaling port for SM service.	Optional	9443	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.soapConnectorHttp	HTTP signaling port for soap connector.	Optional	8082	CNCPolicy & cnPCRF	Added in Release 1.7.3
global.containerPorts.pcfUeServiceHttp	HTTP signaling port for UE service.	Optional	8082	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.pcfUeServiceHttps	HTTPS signaling port for UE service.	Optional	8081	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.pcfUserServiceHttp	HTTP signaling port for User service.	Optional	8080	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.pcfUserServiceHttps	HTTPS signaling port for User service.	Optional	8443	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.udrConnectorHttp	HTTP signaling port for UDR Connector.	Optional	8080	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.udrConnectorHttps	HTTPS signaling port for UDR Connector.	Optional	8443	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.chfConnectorHttp	HTTP signaling port for CHF connector.	Optional	8080	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.chfConnectorHttps	HTTPS signaling port for CHF connector.	Optional	8443	CNCPolicy & PCF	Added in Release 1.7.3
global.containerPorts.nrfClientNfDiscoveryHttp	HTTP signaling port for NRF client discovery.	Optional	8000	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `containerNrfClientNfDiscoveryHttp`
global.containerPorts.nrfClientNfManagementHttp	HTTP signaling port for NRF client management.	Optional	8000	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `containerNrfClientNfManagementHttp`
global.containerPorts.nrfClientNfDiscoveryHttps	HTTPS signaling port for NRF client discovery.	Optional	9443	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `containerNrfClientNfDiscoveryHttps`
global.containerPorts.nrfClientNfManagementHttps	HTTPS signaling port for NRF client management.	Optional	9443	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `containerNrfClientNfManagementHttps`
global.containerPorts.ingressGatewayHttp	HTTP signaling port for Ingress Gateway.	Optional	8000	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `containerIngressGatewayHttp`
global.containerPorts.ingressGatewayHttps	HTTPS signaling port for Ingress Gateway.	Optional	9443	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `containerIngressGatewayHttps`
global.containerPorts.alternateRouteServiceHttp	HTTP signaling port for alternate route service.	Optional	8004	CNCPolicy & PCF	Added in Release 1.8.0	Same value as `containerAlternateRouteServiceHttp`. This port configuration shall not be same as alternateRouteServiceHazelcast ,that is 8000, in this sample custom value file.

Here is a sample of service ports configurable parameters in custom-values.yaml file:

containerPorts:
    monitoringHttp: &containerMonitoringHttp 9000
    # am service
    pcfAmServiceHttp: 8000
    pcfAmServiceHttps: 9443
    # app info
    appInfoHttp: 8000
    # audit service
    auditServiceHttp: 8000
    # binding
    bindingHttp: 8000
    bindingHttps: 9443
    # cm service
    cmServiceHttp: 8000
    # config server
    configServerHttp: 8000
    # diam connector
    diamConnectorHttp: 8000
    diamConnectorDiameter: 3868
    # ldap gateway
    ldapGatewayHttp: 8000
    # diameter gateway
    diamGatewayHttp: 8000
    diamGatewayDiameter: 3868
    # pcrf core
    pcrfCoreDiameter: 3868
    pcrfCoreHttp: 8000
    # pcrf diameter gateway
    pcrfDiamGatewayHttp: 8000
    pcrfDiamGatewayDiameter: 3868
    # perf info
    perfInfoHttp: 8000
    # policyds
    policydsHttp: 8000
    # pre service
    preServiceHttp: 8000
    preTestHttp: 8000
    # query service
    queryServiceHttp: 8000
    # pcf sm service
    pcfSmServiceHttp: 8000
    pcfSmServiceHttps: 9443
    # soap connector
    soapConnectorHttp: 8000
    # ue service
    pcfUeServiceHttp: 8000
    pcfUeServiceHttps: 9443
    # pcf user service
    pcfUserServiceHttp: 8000
    pcfUserServiceHttps: 9443
    udrConnectorHttp: 8000
    udrConnectorHttps: 9443
    chfConnectorHttp: 8000
    chfConnectorHttps: 9443
    # nrf client
    nrfClientNfDiscoveryHttp: &containerNrfClientNfDiscoveryHttp 8000
    nrfClientNfManagementHttp: &containerNrfClientNfManagementHttp 8000
    nrfClientNfDiscoveryHttps: &containerNrfClientNfDiscoveryHttps 9443
    nrfClientNfManagementHttps: &containerNrfClientNfManagementHttps 9443
    # ingress gateway
    ingressGatewayHttp: &containerIngressGatewayHttp 8000
    ingressGatewayHttps: &containerIngressGatewayHttps 9443
    # alternate route service
    alternateRouteServiceHttp: &containerAlternateRouteServiceHttp 8004

Table 3-30 Customizable Parameters for Ports Configuration in Ingress Gateway

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.publicHttpSignalingPort	HTTP/2.0 Port of ingress gateway	Optional	80	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x
global.publicHttpsSignallingPort	HTTPS/2.0 Port of ingress gateway	Optional	443	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	Set this parameter to 0 if HTTPS is disabled.
global.configServerPort	HTTP signaling port for config server.	Optional	5807	CNC Policy, PCF, &cnPCRF	Added in Release 1.7.3	same vale as `svcConfigServerHttp`
ingress-gateway.ports.actuatorPort		Optional		CNCPolicy , PCF, &cnPCRF	Added in Release 1.8.0	Same value as `containerMonitoringHttp`
ingress-gateway.ports.containerPort		Optional		CNCPolicy , PCF, &cnPCRF	Added in Release 1.8.0	Same value as `containerIngressGatewayHttp`
ingress-gateway.ports.containersslPort		Optional		CNCPolicy , PCF, &cnPCRF	Added in Release 1.8.0	Same value as `containerIngressGatewayHttps`

Here is a sample of configurable parameters for ingress-gateway's ports in custom-values.yaml file:


# -----Ingress Gateway Settings - BEGIN-----
  # If httpsEnabled is false, this Port would be HTTP/2.0 Port (unsecured)
  publicHttpSignalingPort: 80
  # If httpsEnabled is true, this Port would be HTTPS/2.0 Port (secured SSL)
  publicHttpsSignallingPort: 443
  configServerPort: *svcConfigServerHttp


ingress-gateway:
  ports:
    actuatorPort: *containerMonitoringHttp
    containerPort: *containerIngressGatewayHttp
    containersslPort: *containerIngressGatewayHttps

Table 3-31 Customizable Parameters for Ports Configuration in Egress Gateway

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
egress-gateway.serviceEgressGateway.actuatorPort		Optional		CNCPolicy & PCF	Added in Release 1.8.0	Same value as `containerMonitoringHttp`
egress-gateway.serviceEgressGateway.Port		Optional		CNCPolicy , PCF, &cnPCRF	Added in Release 1.8.0	Same value as `svcEgressGatewayHttp`

Here is a sample of configurable parameters for egress-gateway's ports in custom-values.yaml file:


egress-gateway:
  serviceEgressGateway:
    actuatorPort: *containerMonitoringHttp
    port: *svcEgressGatewayHttp

Table 3-32 Customizable Parameters for Ports Configuration in nrf-client-nfdiscovery

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.nrf-client-nfdiscovery.envPlatformServicePort	HTTP signaling port for app info.	Optional	5906	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcAppInfoHttp`
global.nrf-client-nfdiscovery.envPerformanceServicePort	HTTP signaling port for perf info.	Optional	5905	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcPerfInfoHttp`
global.nrf-client-nfdiscovery.envCfgServerPort	HTTP signaling port for config server.	No	5807	CNC Policy, PCF, &cnPCRF	Added in Release 1.7.3	same vale as `svcConfigServerHttp`
global.nrf-client-nfdiscovery.containerHttpPort	HTTP signaling port for NRF client discovery.	Optional	8000	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `containerNrfClientNfDiscoveryHttp`
global.nrf-client-nfdiscovery.containerHttpsPort	HTTPS signaling port for NRF client discovery.	Optional	9443	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `containerNrfClientNfDiscoveryHttps`
global.nrf-client-nfdiscovery.serviceHttpPort	HTTP signaling port for NRF client discovery service.	Optional	5910	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcNrfClientNfDiscoveryHttp`
global.nrf-client-nfdiscovery.serviceHttpsPort	HTTPS signaling port for NRF client discovery service.	Optional	8443	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcNrfClientNfDiscoveryHttps`

Here is a sample of configurable parameters for nrf-client-nfdiscovery's ports in custom-values.yaml file:


nrf-client-nfdiscovery:
    envPlatformServicePort: *svcAppInfoHttp
    envPerformanceServicePort: *svcPerfInfoHttp
    envCfgServerPort: *svcConfigServerHttp
    containerHttpPort: *containerNrfClientNfDiscoveryHttp
    containerHttpsPort: *containerNrfClientNfDiscoveryHttps
    serviceHttpPort: *svcNrfClientNfDiscoveryHttp
    serviceHttpsPort: *svcNrfClientNfDiscoveryHttps

Table 3-33 Customizable Parameters for Ports Configuration in nrf-client-nfmanagement

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
global.nrf-client-nfmanagement.envPlatformServicePort	HTTP signaling port for app info.	Optional	5906	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcAppInfoHttp`
global.nrf-client-nfmanagement.envPerformanceServicePort	HTTP signaling port for perf info.	Optional	5905	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcPerfInfoHttp`
global.nrf-client-nfmanagement.envCfgServerPort	HTTP signaling port for config server.	Optional	5807	CNC Policy, PCF, &cnPCRF	Added in Release 1.7.3	same vale as `svcConfigServerHttp`
global.nrf-client-nfmanagement.containerHttpPort	HTTP signaling port for NRF client discovery.	Optional	8000	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `containerNrfClientNfManagementHttp`
global.nrf-client-nfmanagement.containerHttpsPort	HTTPS signaling port for NRF client discovery.	Optional	9443	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `containerNrfClientNfManagementHttps`
global.nrf-client-nfmanagement.serviceHttpPort	HTTP signaling port for NRF client discovery service.	Optional	5910	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcNrfClientNfManagementHttp`
global.nrf-client-nfmanagement.serviceHttpsPort	HTTPS signaling port for NRF client discovery service.	Optional	8443	CNCPolicy & PCF	Added in Release 1.7.3	Same value as `svcNrfClientNfManagementHttps`

Here is a sample of configurable parameters for nrf-client-nfmanagement's ports in custom-values.yaml file:


nrf-client-nfmanagement:
    envPlatformServicePort: *svcAppInfoHttp
    envPerformanceServicePort: *svcPerfInfoHttp
    envCfgServerPort: *svcConfigServerHttp
    containerHttpPort: *containerNrfClientNfManagementHttp
    containerHttpsPort: *containerNrfClientNfManagementHttps
    serviceHttpPort: *svcNrfClientNfManagementHttp
    serviceHttpsPort: *svcNrfClientNfManagementHttps

Table 3-34 Customizable Parameters for Ports Configuration in Alternate Route Service

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
alternate-route.ports.servicePort	HTTP signaling port for alternate route service.	Optional	8000	CNCPolicy & PCF	Added in Release 1.8.0	Same value as `svcAlternateRouteServiceHttp`
alternate-route.ports.containerPort	HTTP signaling port for alternate route service.	Optional	8004	CNCPolicy & PCF	Added in Release 1.8.0	Same value as `containerAlternateRouteServiceHttp`
alternate-route.ports.actuatorPort	HTTP signaling port for monitoring.	Optional	9000	CNCPolicy , PCF, &cnPCRF	Added in Release 1.7.3	Same value as `containerMonitoringHttp`
alternate-route.hazelcast.port		Optional	8000	CNCPolicy & PCF	Added in Release 1.8.0	Same value as `svcAlternateRouteServiceHazelcast`

Here is a sample of configurable parameters for alternate route service's ports in custom-values.yaml file:


alternate-route:
  ports:
    servicePort: *svcAlternateRouteServiceHttp
    containerPort: *containerAlternateRouteServiceHttp
    actuatorPort: *containerMonitoringHttp
  hazelcast:
    port: *svcAlternateRouteServiceHazelcast

Aspen Service Mesh Configurations

This section describes the customizatons that you can make in custom-values.yaml files to integrate Aspen service mesh with Oracle Communications Cloud Native Core Policy.

Important:

Users may use custom values file from CNC Policy 1.7.1 to install CNC Policy with Aspen service mesh.

Unified signaling ports: To override the default port numbers, used by containers and services, and customize them as per your requirements, you can configure the configurable parameters in custom values file. See Service and Container Port Configuration section for service and container ports configurable parameters.

Enable Aspen Service Mesh: To enable Aspen Service Mesh, set the value for serviceMeshCheck to true in custom values file:

ingress-gateway:
  # Mandatory: This flag needs to set it "true" is Service Mesh would be present where Policy will be deloyed
  serviceMeshCheck: true

Annotation to support OSO: To deploy CNC Policy with OSO, you must add the following annotation to the custom extension under global section of custom values file:
```
global:
  customExtension:
    lbDeployments:
      annotations:
          oracle.com/cnc: "true"
 
    nonlbDeployments:
      annotations:
          oracle.com/cnc: "true"
```
Note:
After helm install is complete, all the nodes will have the above mentioned annotation.
Custom container name: You can customize the name of containers of a pod with a prefix and suffix. To do so, add the prefix and suffix to the k8sResource under global section of custom values file:
```
global:
  k8sResource:
    container:
      prefix: ABCD
      suffix: XYZ 
```
Then, after installing CNC policy, you will see the container names as shown below:
```
Containers:
  abcd-am-service-xyz:
```
Custom service account: You can use a custom service account for all services by adding it to global section in the custom values file:
```
global:
  serviceAccountName: ocpcfsaccount
 
```
Note:
You can create the service account and roles before the installation as well.
Disable init containers: Init containers do not work when the namespace has aspen service mTLS enabled. To disable init containers, set the value for initContainerEnable to false in custom values file.
```
global:
  initContainerEnable: false
```
PERMISSIVE rule: To set Permissive rule for Diameter Gateway and Ingress Gateway Service, set the following flags to true in custom value file:
```
global:
  istioIngressTlsSupport:
      diamGateway: true
```
```
global:
  istioIngressTlsSupport:
    ingressGateway: true
```

OAUTH Configuration

This section describes the customizatons that you should make in custom-value.yaml files to configure OAUTH in ingress/egress gateway.

Note:

These configurations are applicable when the Ingress/Egress Gatway is enabled and the NRF Client services are enabled.

To configure OAUTH in ingress-gateway, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-35 Configurable Parameters for OAUTH Configuration in Ingress Gateway

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release
ingress-gateway.oauthValidatorEnabled	Enable or disable OAuth Validator.	Yes	False	CNC Policy & PCF	Added in Release 1.5.x
ingress-gateway.nfInstanceId	NF Instance Id of service producer	No	6faf1bbc-6e4a-4454-a507-a14ef8e1bc11	CNC Policy & PCF	Added in Release 1.5.x
ingress-gateway.allowedClockSkewSeconds	set this value if clock on the parsing NF (producer) is not perfectly in sync with the clock on the NF (consumer) that created by JWT	No	0	CNC Policy & PCF	Added in Release 1.6.x
ingress-gateway.nrfPublicKeyKubeSecret	Name of the secret which stores the public key(s) of NRF	No		CNC Policy & PCF	Added in Release 1.5.x
ingress-gateway.nrfPublicKeyKubeNamespace	Namespace of the NRF public key secret	No		CNC Policy & PCF	Added in Release 1.5.x
ingress-gateway.validationType	Possible values are: strict relaxed strict- If incoming request does not contain "Authorization" (Access Token) header, the request is rejected. relaxed- relaxed means that if Incoming request contains "Authorization" header, it is validated. If Incoming request does not contain "Authorization" header, validation is ignored.	No	relaxed	CNC Policy & PCF	Added in Release 1.6.x
ingress-gateway.producerPlmnMNC	MNC of the service producer	No	123	CNC Policy & PCF	Added in Release 1.5.x
ingress-gateway.producerPlmnMCC	MCC of the service producer	No	456	CNC Policy & PCF	Added in Release 1.5.x

Here is a sample OAUTH configurations in ingress-gateway in custom-values.yaml.file:

# ----OAUTH CONFIGURATION - BEGIN ----
  oauthValidatorEnabled: false
  nfInstanceId: 6faf1bbc-6e4a-4454-a507-a14ef8e1bc11
  allowedClockSkewSeconds: 0
  nrfPublicKeyKubeSecret: ''
  nrfPublicKeyKubeNamespace: ''
  validationType: relaxed
  producerPlmnMNC: 123
  producerPlmnMCC: 456
  # ----OAUTH CONFIGURATION - END ----

Table 3-36 Configurable Parameters for OAUTH Configuration in Egress Gateway

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
egress-gateway.oauthClient.enabled	OAuth Validator Enabled	No	false	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.oauthClient.dnsSrvEnabled	Enable/Dsiable the DNS-SRV query to coreDNS Server	Optional	false	CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.oauthClient.httpsEnabled	Determine if https support is enabled or not which is a deciding factor for oauth request scheme and search query parameter in dns-srv request.	No	false	CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.oauthClient.virtualFqdn	virtualFqdn value which needs to be populated and sent in the dns-srv query.	Conditional ( If dnsSrvEnabled is set to true.)	-1	CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.oauthClient.staticNrfList	List of Static NRF's	Conditional ( If oAuth is enabled.)		CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.oauthClient.nfType	NFType of service consumer.	Conditional ( If oAuth is enabled.)		CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.oauthClient.nfInstanceId	NF InstanceId of Producer	No	fe7d992b-0541-4c7d-ab84-c6d70b1b01b1	CNC Policy& PCF	Added in Release 1.5.x	Modify the parameter with actual value, if OAuth is enabled.
egress-gateway.oauthClient.consumerPlmnMNC	MNC of service Consumer	No	345	CNC Policy& PCF	Added in Release 1.5.x	Modify the parameter with actual value, if OAuth is enabled.
egress-gateway.oauthClient.consumerPlmnMCC	MCC of service Consumer	No	567	CNC Policy& PCF	Added in Release 1.5.x	Modify the parameter with actual value, if OAuth is enabled.
egress-gateway.oauthClient.maxRetry	Maximum number of retry that need to be performed to other NRF Fqdn’s in case of failure response from first contacted NRF based on the errorCodeSeries configured.	Conditional ( If oAuth is enabled.)	2	CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.oauthClient.apiPrefix	apiPrefix that needs to be appended in the Oauth request flow.	Conditional ( If oAuth is enabled.)	""	CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.oauthClient.errorCodeSeries	Determines the fallback condition to other NRF in case of failure response from currently contacted NRF.	Conditional ( If oAuth is enabled and required a different error code series.)	4XX	CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.oauthClient.retryAfter	RetryAfter value in milliseconds that needs to be set for a particular NRF Fqdn, if the error matched the configured errorCodeSeries.	Conditional ( If oAuth is enabled.)	5000	CNC Policy& PCF	Added in Release 1.8.0

Here is a sample OAUTH configurations in egress-gateway in custom-values.yaml.file:

# ---- Oauth Configuration - BEGIN ----
      oauthClient:
        enabled: false
        dnsSrvEnabled: false
        httpsEnabled: false
        virtualFqdn: nrf.oracle.com:80
        staticNrfList:
          - nrf1.oracle.com:80
        nfType: PCF
        nfInstanceId: fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
        consumerPlmnMNC: 345
        consumerPlmnMCC: 567
        maxRetry: 2
        apiPrefix: ""
        errorCodeSeries: 4XX
        retryAfter: 5000
  # ---- Oauth Configuration - END ----

XFCC Header Validation Configuration

This section describes the customizatons that you can make in custom-value.yaml files to configure XFCC header.

XFCC introduces support for CNC Policy as a producer, to check, if Service Communication Proxy (SCP) which has sent the HTTP request is the same proxy consumer/client, which is expected to send a HTTP2 request. This is achieved by comparing the FQDN of the SCP present in the “x-forwarded-client-cert” (XFCC) of http2 header, with the FQDN of the SCPs configured in the CNC Policy.

To configure XFCC header, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-37 Configurable Parameters for XFCC Header Validation Configuration

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release
ingress-gateway.xfccHeaderValida tion.validation.enabled	Determines if incoming xfcc header needs to be validated	Optional	false	CNCPolicy & PCF	Added in Release 1.8.0
ingress-gateway.xfccHeaderValida tion.validation.scpList	List of configured SCP FQDN’s against which the XFCC header entries will be validated. Currently, the validation means case-sensitive match with configured list.	Conditional ( If xfccHeader validation is enabled.)		CNCPolicy & PCF	Added in Release 1.8.0
ingress-gateway.xfccHeaderValida tion.validation.matchCerts	The number of certificates that need to be validated starting from the right most entry in the XFCC header. If the parameter is set to -1, validation to be performed against all entries. If parameter is set to a positive number, validation to be performed from starting from the right most entry in backwards direction.	Conditional ( If xfccHeader validation is enabled.)	-1	CNCPolicy & PCF	Added in Release 1.8.0
ingress-gateway.xfccHeaderValida tion.validation.matchField	Field in a corresponding XFCC header against which the configured scpList FQDN validation needs to be performed.	Conditional ( If xfccHeader validation is enabled.)	DNS	CNCPolicy & PCF	Added in Release 1.8.0

Here is a sample configurations for XFCC header in custom-values.yaml.file:

xfccHeaderValidation:
    validation:
      enabled: false
      scpList:
        - scp1.com
        - scp2.com
        - scp3.com
      matchCerts: -1
      matchField: DNS

Ingress/Egress Gateway HTTPS Configuration

This section describes the customizatons that you should make in custom-value.yaml files to configure HTTPS in ingress/egress gateway.

Note:

These configurations are applicable only when ingress/egress gateway is enabled and the following parameters are set to true in custom-yaml file:

ingress-gateway.enableIncomingHttps
egress-gateway.enableOutgoingHttps

To configure HTTPS in ingress-gateway, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-38 Configurable Parameters for HTTPS Configurations in Ingress Gateway

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
ingress-gateway.enableIncomingHttps	To enable https for ingress traffic	No	False	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x
ingress-gateway.service.ssl.privateKey.k8SecretName	Name of the private key secret.	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.privateKey.k8NameSpace	Namespace of private key.	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.privateKey.rsa.fileName	rsa private key file name.	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.certificate.k8SecretName	Name of the privatekey secret	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.certificate.k8NameSpace	Namespace of privatekey	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.certificate.rsa.fileName	rsa private key file name	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.caBundle.k8SecretName	Name of the privatekey secret	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.caBundle.k8NameSpace	Namespace of privatekey	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.caBundle.fileName	private key file name	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.keyStorePassword.k8SecretName	Name of the privatekey secret	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttp is true
ingress-gateway.service.ssl.keyStorePassword.k8NameSpace	Namespace of privatekey	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.keyStorePassword.fileName	File name that has password for keyStore	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.trustStorePassword.k8SecretName	Name of the privatekey secret	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.trustStorePassword.k8NameSpace	Namespace of privatekey	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingress-gateway.service.ssl.trustStorePassword.fileName	File name that has password for trustStore	No	Not Applicable	CNC Policy, PCF, &cnPCRF	Added in Release 1.5.x	required if enableIncomingHttps is true
ingressServer.keepAlive.enabled		No	false		Added in Release 1.7.3
ingressServer.keepAlive.idealTime		No	180 (in seconds)		Added in Release 1.7.3
ingressServer.keepAlive.count		No	9		Added in Release 1.7.3
ingressServer.keepAlive.interval		No	60 (in seconds)		Added in Release 1.7.3
global.configServerPort		No	5807	CNC Policy, PCF, &cnPCRF	Added in Release 1.7.3

Here is a sample HTTPS configurations in ingress-gateway in custom-values.yaml.file:

# ---- HTTPS Configuration - BEGIN ----
  enableIncomingHttps: false

  service:
    ssl:
      privateKey:
        k8SecretName: occnp-gateway-secret
        k8NameSpace: occnp
        rsa:
          fileName: rsa_private_key_pkcs1.pem
      certificate:
        k8SecretName: occnp-gateway-secret
        k8NameSpace: occnp
        rsa:
          fileName: ocegress.cer
      caBundle:
        k8SecretName: occnp-gateway-secret
        k8NameSpace: occnp
        fileName: caroot.cer
      keyStorePassword:
        k8SecretName: occnp-gateway-secret
        k8NameSpace: occnp
        fileName: key.txt
      trustStorePassword:
        k8SecretName: occnp-gateway-secret
        k8NameSpace: occnp
        fileName: trust.txt

Table 3-39 Configurable Parameters for HTTPS Configurations in Egress Gateway

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release
egress-gateway.enableOutgoingHttps	Enabling it for outgoing https request	No	false	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.egressGwCertReloadEnabled		No	false	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.egressGwCertReloadPath		No	/egress-gw/store/reload	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.privateKey.k8SecretName	Name of the privatekey secret	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.privateKey.k8NameSpace	Namespace of privatekey	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.privateKey.rsa.fileName	rsa private key file name	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.privateKey.ecdsa.fileName	ecdsa private key file name	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.certificate.k8SecretName	Name of the privatekey secret	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.certificate.k8NameSpace	Namespace of privatekey	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.certificate.rsa.fileName	rsa private key file name	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.certificate.ecdsa.fileName	ecdsa private key file name	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.caBundle.k8SecretName	Name of the privatekey secret	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.caBundle.k8NameSpace	Namespace of privatekey	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.caBundle.fileName	private key file name	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.keyStorePassword.k8SecretName	Name of the privatekey secret	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.keyStorePassword.k8NameSpace	Namespace of privatekey	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.keyStorePassword.fileName	File name that has password for keyStore	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.trustStorePassword.k8SecretName	Name of the privatekey secret	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.trustStorePassword.k8NameSpace	Namespace of privatekey	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x
egress-gateway.service.ssl.trustStorePassword.fileName	File name that has password for trustStore	No	Not Applicable	CNC Policy& PCF	Added in Release 1.5.x

Here is a sample HTTPS configurations in egress-gateway in custom-values.yaml.file:

# ---- HTTPS Configuration - BEGIN ----

  #Enabling it for egress https requests
  enableOutgoingHttps: false

  egressGwCertReloadEnabled: false
  egressGwCertReloadPath: /egress-gw/store/reload

  service:
    ssl:
      privateKey:
        k8SecretName: ocpcf-gateway-secret
        k8NameSpace: ocpcf
        rsa:
          fileName: rsa_private_key_pkcs1.pem
        ecdsa:
          fileName: ssl_ecdsa_private_key.pem
      certificate:
        k8SecretName: ocpcf-gateway-secret
        k8NameSpace: ocpcf
        rsa:
          fileName: ocegress.cer
        ecdsa:
          fileName: ssl_ecdsa_certificate.crt
      caBundle:
        k8SecretName: ocpcf-gateway-secret
        k8NameSpace: ocpcf
        fileName: caroot.cer
      keyStorePassword:
        k8SecretName: ocpcf-gateway-secret
        k8NameSpace: ocpcf
        fileName: key.txt
      trustStorePassword:
        k8SecretName: ocpcf-gateway-secret
        k8NameSpace: ocpcf
        fileName: trust.txt
  # ---- HTTPS Configuration - END ----

SCP Configuration

This section describes the customizatons that you can make in custom-value.yaml files to support SCP integration.

To configure SCP integration support, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-40 Configurable Parameters for SCP Configuration

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
egress-gateway.scpIntegrationEnabled	Change this to false when scp integration is not required	No	false	CNC Policy& PCF	Added in Release 1.6.x
egress-gateway.scp.scpRerouteEnabled	Set this flag to true if re-routing to multiple SCP instances is to be enabled. globalretry can be enabled only when scpRerouteEnabled flag is set to true.	No	false	CNC Policy& PCF	Added in Release 1.6.x
egress-gateway.globalretry.enabled	globalretry can be enabled only when scpRerouteEnabled flag is set to true. And, it is applied only when no "retries" is specified under routesConfig.	O	false	CNC Policy& PCF	Added in Release 1.6.x
egress-gateway.globalretry.retries				CNC Policy& PCF	Added in Release 1.6.x
egress-gateway.scp.instances.http.host	SCP HTTP IP/FQDN	No	Not Applicable	CNC Policy& PCF	Added in Release 1.6.x Deprecated in Release 1.8.0; Replaced with "egress-gateway.scp.instances.scpSets[0].httpConfigs[0].host"parameter
egress-gateway.scp.instances.http.Port	SCP HTTP PORT	No	80	CNC Policy& PCF	Added in Release 1.6.x Deprecated in Release 1.8.0; Replaced with "egress-gateway.scp.instances.scpSets[0].httpConfigs[0].port"parameter
egress-gateway.scp.instances.http.ApiPrefix	Change this value to corresponding prefix "/" is not expected to be provided along. Applicable only for SCP with TLS enabled.	No	/	CNC Policy& PCF	Added in Release 1.6.x Deprecated in Release 1.8.0; Replaced with "egress-gateway.scp.instances.scpSets[0].httpConfigs[0].apiPrefix"parameter
egress-gateway.scp.scpDefaultScheme	Default scheme applicable when 3gpp-sbi-target-apiroot header is missing	No	https	CNC Policy& PCF	Added in Release 1.6.x
egress-gateway.K8ServiceCheck	Enable this if loadbalancing is to be done by egress instead of K8s	No	false	CNC Policy& PCF	Added in Release 1.5.x
httpsScpOnly	This is global parameter which will be taken into consideration if route (under routeConfig section ) based httpsScpOnly parameter is not available. If set to true, select SCP instances for https list only. If set to false, run existing logic as per provided scheme.	No	false	CNC Policy& PCF	Added in Release 1.7.3	Please note double quotes to be enclosed for values of httpScpOnly.
httpRuriOnly	This is global parameter which will be taken into consideration if route (under routeConfig section) based httpRuriOnly parameter is not available. If set to true, change scheme of RURI to http. If set to false, don't change the scheme.	No	false	CNC Policy& PCF	Added in Release 1.7.3	Please notedouble quotes to be enclosed for values of httpsScpOnly.
routesConfig[0].httpRuriOnly	If set to true, change Scheme of RURI to http. If set to false, don't change the scheme.	No	false	CNC Policy& PCF	Added in Release 1.7.3	Please note double quotes to be enclosed for values of httpsRuriOnly. If httpsRuriOnly under route is not present globally available value will be considered.
routesConfig[0].httpsScpOnly	If set to true, select SCP instances for https list only. If set to false, run existing logic as per provided scheme.	No	false	CNC Policy& PCF	Added in Release 1.7.3	Please note double quotes to be enclosed for values of httpsScpOnly. If httpsScpOnly under route is not present globally available value will be considered.
egress-gateway.scp.instances.scpSets[0]	SetId for the SCP instances. Only one set of Static configuration of SCP instances are allowed to be configured. Dynamic configuration sets can be any number. Refer Custom-values file for more details.	Yes	false	CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.scp.instances.scpSets[0].httpConfigs[0].host	First Scp instance HTTP IP/FQDN	Yes (If scp.scpIntegrationEnabled is set to true.)		CNC Policy& PCF	Added in Release 1.8.0	More SCP instances can be configured in a similar way if required.
egress-gateway.scp.instances.scpSets[0].httpConfigs[0].port	First Scp instance Port	Yes (If scp.scpIntegrationEnabled is set to true.)		CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.scp.instances.scpSets[0].httpConfigs[0].apiPrefix	First Scp instance apiPrefix. Change this value to corresponding prefix if "/" is not expected to be provided along. Applicable only for SCP with TLS enabled.	No	/	CNC Policy& PCF	Added in Release 1.8.0	Examples : XXX, Point to be noted here is that "/" is not required to be included when providing some data.
egress-gateway.scp.instances.scpSets[0].httpConfigs[0].virtualHost	This will have Http VirtualFQDN and is applicable from SetId 1 and later.	Yes (If DnsSrv integration is required)	Not Applicable	CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.scp.instances.scpSets[0].httpsConfigs[0].host	First SCP instance HTTPS IP/FQDN	Yes (If scp.scpIntegrationEnabled is set to true.)	Not Applicable	CNC Policy& PCF	Added in Release 1.8.0	More SCP instances can be configured in a similar way if required.
egress-gateway.scp.instances.scpSets[0].httpsConfigs[0].port	First SCP instance HTTPS Port	Yes (If scp.scpIntegrationEnabled is set to true.)	Not Applicable	CNC Policy& PCF	Added in Release 1.8.0
egress-gateway.scp.instances.scpSets[0].httpsConfigs[0].apiPrefix	First Scp instance apiPrefix. Change this value to corresponding prefix if "/" is not expected to be provided along. Applicable only for SCP with TLS enabled.	No	/	CNC Policy& PCF	Added in Release 1.8.0	Examples : XXX, Point to be noted here is that "/" is not required to be included when providing some data.
egress-gateway.scp.instances.scpSets[0].httpsConfigs[0].virtualHost	This will have Http VirtualFQDN and is applicable from SetId 1 and later.	Yes (If DnsSrv integration is required)	Not Applicable	CNC Policy& PCF	Added in Release 1.8.0

Here is a sample configurations for SCP integration in custom-values.yaml.file:

# ---- SCP Configuration - BEGIN ----
  # globalretry can be enabled only when scpRerouteEnabled flag is set to true. This is an OPTIONAL configuration. And
  # it is applied only when no "retries" specified under routesConfig
  globalretry:
    enabled: false
    retries: 2

  # Below is a basic route configuration for SCP. This configuration routes all egress traffic towards SCP.
  # filterName1 - (fixed value)should be set to ScpFilter
  # The retry section (fliterName2) is required only when there is a need to retry the requests. Retry will be sent to secondary SCP, if no secondary configured then retry will happen on primary.
  # filterName2.name - (fixed value) should have the value ScpRetry.
  # filterName2.retries - (Customizable value) number of retries can be done for a request
  # filterName2.methods - (Customizable value) HTTP request methods for which retries should be done.
  # filterName2.statuses - (Customizable value) HTTP status received on response for which request should be retried.

  #routesConfig:
  #- id: scp_route
  #  uri: https://dummy.dontchange
  #  path: /**
  #  order: 1
  #  filterName1: ScpFilter
  #  filterName2:
  #    name: ScpRetry
  #    retries: 1
  #    methods: GET, POST, PUT, DELETE, PATCH
  #    statuses: INTERNAL_SERVER_ERROR, BAD_GATEWAY

     scp:
    # Change this to true when scp integration is required. Below SCP configurations will take effect only when this is 'true'.
    scpIntegrationEnabled: false

    # Default scheme applicable when 3gpp-sbi-target-apiroot header is missing
    scpDefaultScheme: http

    # Set this flag to true if re-routing to multiple SCP instances is to be enabled.
    scpRerouteEnabled: false
    #globalretry can be enabled only when scpRerouteEnabled flag is set to true.

    # Configure the SCP instance(s) host/IP and port.
    # At least one SCP host details (under http or https) is required when scpIntegrationEnabled
    # In this example scp-host-1 is primary SCP and scp-host-1 is secondary SCP.
    instances:
      scpSets:
        - setId: 0
          httpConfigs:
            - host: scp-host-1
              port: 80
              apiPrefix: "/"   # Change this value to corresponding prefix "/" is not expected to be provided along.
            - host: scp-host-2
              port: 80
              apiPrefix: "/"
            - host: scp-host-3
              port: 80
              apiPrefix: "/"
          httpsConfigs:
            - host: scp-host-1
              port: 443
              apiPrefix: "/"
            - host: scp-host-2
              port: 443
              apiPrefix: "/"
            - host: scp-host-3
              port: 443
              apiPrefix: "/"
        - setId: 1
          httpConfigs:
            - virtualHost: xyz.test.com
              apiPrefix: "/"
          httpsConfigs:
            - virtualHost: abc.test.com
              apiPrefix: "/"
  # ---- SCP Configuration - END ----

Alternate Route Service Configuration

This section describes the customizatons that you should make in custom-value.yaml files to configure alternate route service (DNS-SRV).

These configurations are applicable only when alternate route service is enabled.

With SRV Records, you can configure and maintain NF FQDN dynamically at the DNS Server, which can be further selected by CNC Policy, when there is a NF failure. This is achieved by performing a SRV query on the virtual FQDN configured at the CNC Policy, rather than configuring primary and secondary NRF statically in every CNC Policy, only during instantiation time. This option of DNS lookup for SRV records would also provide alternate NFs to the CNC Policy during failover.

To configure DNS-SRV, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-41 Configurable Parameters for Alternate Route Service Configuration

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
alternate-route.staticVirtualFqdns[0].name	Name of the virtual FQDN/FQDN	Optional		CNCPolicy & PCF	Added in Release 1.8.0
alternate-route.staticVirtualFqdns[0].alternateFqdns[0].target	Name of the alternate FQDN mapped to above virtual FQDN	Yes, if "staticVirtualFqdns[0].name" is defined		CNCPolicy & PCF	Added in Release 1.8.0
alternate-route.staticVirtualFqdns[0].alternateFqdns[0].port	Port of the alternate FQDN	Yes, if "staticVirtualFqdns[0].name" is defined	-	CNCPolicy & PCF	Added in Release 1.8.0
alternate-route.staticVirtualFqdns[0].alternateFqdns[0].priority	Priority of the alternate FQDN	Yes, if "staticVirtualFqdns[0].name" is defined		CNCPolicy & PCF	Added in Release 1.8.0
alternate-route.dnsSrvEnabled	Flag to enable the DNS-SRV query to coreDNS Server.	No	true	CNCPolicy & PCF	Added in Release 1.8.0
alternate-route.dnsSrvFqdnSetting.enabled	Flag to enable the usage of custom pattern for the FQDN while triggering DNS-SRV query	No	true	CNCPolicy & PCF	Added in Release 1.8.0	If this flag is set to false, then default value: "_{scheme}._tcp.{fqdn}." will be used.
alternate-route.dnsSrvFqdnSetting.pattern	Pattern of the FQDN which will used to format the incoming FQDN and Scheme while triggering DNS-SRV query	Yes if "dnsSrvFqdnSetting.enabled" is set to true	"_{scheme}._tcp.{fqdn}."	CNCPolicy & PCF	Added in Release 1.8.0
egress-gateway.dnsSrv.host	Host of DNS Alternate Route Service	Conditional ( If DnsSrv integration is required.)	5000	CNCPolicy & PCF	Added in Release 1.8.0
egress-gateway.dnsSrv.port	Port of DNS Alternate Route Service	Conditional ( If DnsSrv integration is required.)	5000	CNCPolicy & PCF	Added in Release 1.8.0
egress-gateway.dnsSrv.scheme	Scheme of request that need to be sent to alternate route service.	Conditional ( If DnsSrv integration is required.)	http	CNCPolicy & PCF	Added in Release 1.8.0
egress-gateway.dnsSrv.errorCodeOnDNSResolutionFailure	Configurable error code to be used incase of DNS resolution failure.	Conditional ( If DnsSrv integration is required.)	425	CNCPolicy & PCF	Added in Release 1.8.0
nrf-client-nfmanagement.alternateRouteServiceEnabled	Flag to tell nrf-client services if alternate route service is deployed or not. This flag should be set to true when the global.alternateRouteServiceEnable parameter is set as true.	No	false	CNCPolicy & PCF	Added in Release 1.8.0	Applicable only if Alternate Route Service is enabled.
nrf-client-nfdiscovery.alternateRouteServiceEnabled	Flag to tell nrf-client services if alternate route service is deployed or not. This flag should be set to true when the global.alternateRouteServiceEnable parameter is set as true.	No	false	CNCPolicy & PCF	Added in Release 1.8.0	Applicable only if Alternate Route Service is enabled.

Here is a sample configurations for DNS-SRV in custom-values.yaml.file:


#Static virtual FQDN Config
  staticVirtualFqdns:
    - name: https://abc.test.com
      alternateFqdns:
        - target: abc.test.com
          port: 5060
          priority: 10
        - target: xyz.test.com
          port: 5060
          priority: 20
    - name: http://xyz.test.com
      alternateFqdns:
        - target: xyz.test.com
          port: 5060
          priority: 10
        - target: abc.test.com
          port: 5060
          priority: 20  #Flag to control if DNS-SRV queries are sent to coreDNS or not
  dnsSrvEnabled: true
  #Below configuration is for customizing the format of FQDN which will used while querying coreDNS for SRV Records
  dnsSrvFqdnSetting:
    enabled: true  #If this flag is disabled, then default value of "_{scheme}._tcp.{fqdn}." will be used for Pattern
    pattern: "_{scheme}._tcp.{fqdn}."   #Ex: _http._tcp.service.example.org.


egress-gateway:
  dnsSrv:
    host: 10.75.225.67
    port: 32081
    scheme: http
    errorCodeOnDNSResolutionFailure: 425

Logging Configuration

This section describes the customizatons that you should make in custom-value.yaml files to configure logging.

To configure logging in ingress-gateway, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-42 Configurable Parameters for Logging Configuration in Ingress Gateway

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
ingress-gateway.log.level.root	Log level for root logs	No	WARN	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x	Applicable only when ingress-gateway is enabled.
ingress-gateway.log.level.ingress	Log level for ingress logs	No	INFO	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x	Applicable only when ingress-gateway is enabled.
ingress-gateway.log.level.oauth	Log level for oauth logs	No	INFO	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x	Applicable only when ingress-gateway is enabled.

Here is a sample configurations for logging in ingress-gateway in custom-values.yaml.file:

ingress-gateway:
  
  log:
    level:
      root: WARN
      ingress: WARN
      oauth: WARN

Table 3-43 Configurable Parameters for Logging Configuration in Egress Gateway

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
egress-gateway.log.level.root	Log level for root logs	No	WARN	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x	Applicable only when egress-gateway is enabled.
egress-gateway.log.level.egress	Log level for egress logs	No	WARN	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x	Applicable only when egress-gateway is enabled.
egress-gateway.log.level.oauth	Log level for oauth logs	No	WARN	CNC Policy, PCF, &cnPCRF	Added in Release 1.6.x	Applicable only when egress-gateway is enabled.

Here is a sample configurations for logging in egress-gateway in custom-values.yaml.file:

egress-gateway:
  
  log:
    level:
      root: WARN
      egress: WARN
      oauth: WARN

To configure logging in Alternate Route service, you should configure the following configurable parameters in custom-value.yaml file:

Table 3-44 Configurable Parameters for Logging Configuration in Alternate Route Service

Parameter	Description	Mandatory/Optional Parameter	Default Value	Applicable to Deployment	Added/Deprecated/Updated in Release	Notes
alternate-route.log.level.root	Log level for root logs	No	WARN	CNC Policy & PCF	Added in Release 1.8.0	Applicable only when alternate route service is enabled.
alternate-route.log.level.altroute	Log level for alternate route logs	No	INFO	CNC Policy & PCF	Added in Release 1.8.0	Applicable only when alternate route service is enabled.

Here is a sample configurations for logging in custom-values.yaml.file:

alternate-route:
  
  log:
    level:
      root: WARN
      altroute: WARN