3 Customizing Cloud Native Core Policy
This chapter describes how to customize the Cloud Native Core Policy (CNC Policy) deployment in a cloud native environment.
The CNC Policy deployment is customized by overriding the default values of various configurable parameters in the occnp-1.8.0-custom-values-occnp.yaml, occnp-1.8.0-custom-values-pcf.yaml, and occnp-1.8.0-custom-values-pcrf.yaml files.
- Go to the Oracle Help Center (OHC) Web site:
- Navigate to Industries->Communications->Cloud Native Core->Release 2.3.0
- Click the CNC Policy Custom Template link to download the zip file.
- Unzip the file to get the custom-values.yaml files. These files are used during installation.
- Depending on the deployment model, customize the required custom-values.yaml file based on the parameters described in the next sections.
- Save the updated custom-values.yaml file in the helm chart directory.
Note:
- All parameters mentioned as mandatory must be present in custom-values.yaml file.
- All fixed value parameters listed must be present in the custom-values.yaml file with the exact values as specified here.
Mandatory Configurations
This section describes the configuration parameters that are mandatory during the installation of CNCPolicy, PCF, and cnPCRF.
Table 3-1 Configurable Parameters for Mandatory Configurations
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.dockerRegistry | Name of the Docker registry which hosts Cloud Native Core Policy docker images | Yes | Not applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.0 |
This is a docker registry running in OCCNE bastion server where all OAuth docker images will be loaded. For example, 'occne-bastion:5000' |
global.envMysqlHost |
IP address or host name of the MySql server which hosts Cloud Native Core Policy's databases |
Yes | Not applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.0 | |
global.envMysqlPort | port of the MySql server which hosts Cloud Native Core Policy's databases | Yes | Not applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.0 | |
global.dbCredSecretName | Name of the Kubernetes secret object containing Database username and password | Yes | Not applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | |
global.privilegedDbCredSecretName | Name of the Kubernetes secret object containing Database username and password for an admin user | Yes | Not applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | |
global.releaseDbName | Name of the release database containing release version details | Yes | Not applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x |
global:
# Docker registry name
dockerRegistry: ''
# Primary MYSQL Host IP or Hostname
envMysqlHost: ''
envMysqlPort: ''
# K8s secret object name containing OCPCF MYSQL UserName and Password
dbCredSecretName: 'occnp-db-pass'
privilegedDbCredSecretName: 'occnp-privileged-db-pass'
#Release DB name containing release version details
releaseDbName: 'occnp_release'
Enabling/Disabling Services Configurations
This section describes the configuration parameters that can be used to select the services that you want to enable/disable for your deployment.
Table 3-2 Configurable Parameters for Enabling/Disabling the PCF Services
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.amServiceEnable | Detremines if the AM service is enabled or not. | O | True | CNC Policy&PCF | Added in Release 1.7.1 | |
global.smServiceEnable | Detremines if the SM service is enabled or not. | O | True | CNC Policy&PCF | Added in Release 1.7.1 | |
global.ueServiceEnable | Detremines if the UE service is enabled or not. | O | True | CNC Policy&PCF | Added in Release 1.7.1 |
Table 3-3 Configurable Parameters for Enabling/Disabling the PCRF Core Service
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.pcrfCoreEnable | Detremines if the PCRF core service is enabled or not. | O | True | CNC Policy&cnPCRF | Added in Release 1.7.1 |
Table 3-4 Configurable Parameters for Enabling/Disabling the Policy Data Source (PDS) Service
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.userServiceEnable | Detremines if the user service is enabled or not. | O | True | CNC Policy&PCF | Added in Release 1.7.1 | Applicable only when the policy data sources are 5G UDR and CHF. |
global.policydsEnable | Detremines if the Data Source service is enabled or not. | O | False | CNC Policy, PCF, &cnPCRF | Added in Release 1.7.1 | Applicable only when policy data source is LDAP server. |
global.ldapGatewayEnable | Detremines if the LDAP Gateway is enabled or not. | O | False | CNC Policy, PCF, &cnPCRF | Added in Release 1.7.1 | Applicable only when policy data source is LDAP server. |
global.soapConnectorEnable | Detremines if the soap connector is enabled or not. | O | False | CNC Policy&cnPCRF | Added in Release 1.7.1 |
Table 3-5 Configurable Parameters for Enabling/Disabling the Audit Service
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
auditservice.enabled | Detremines if the audit service is enabled or not. | O | false | CNC Policy&PCF | Added in Release 1.7.1 |
Table 3-6 Configurable Parameters for Enabling/Disabling the Ingress/Egress Gateway
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
ingressgateway.enabled | Detremines if the ingress gateway is enabled or not. | O | false | CNC Policy, cnPCRF, &PCF | Added in Release 1.5.x | When depolyed in cnPCRF mode, enable this parameter only when soap connector is enabled. |
egressgateway.enabled | Detremines if the egress gateway is enabled or not. | O | false | CNC Policy &PCF | Added in Release 1.5.x |
Table 3-7 Configurable Parameters for Enabling/Disabling the NRF Client Services
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.nrfClientNfDiscoveryEnable | O | True | CNC Policy & PCF | Added in Release 1.7.1 | ||
global.nrfClientNfManagementEnable | O | True | CNC Policy & PCF | Added in Release 1.7.1 | ||
global.appinfoServiceEnable | Determines if the app info service is enabled or not. | O | True | CNC Policy&PCF | Added in Release 1.7.1 | |
global.performanceServiceEnable | Determines if the performance service is enabled or not. | O | True | CNC Policy&PCF | Added in Release 1.7.1 |
Table 3-8 Configurable Parameters for Enabling/Disabling the Diamter Gateway/Connector
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.diamConnectorEnable | Detremines if the diameter connector is enabled or not. | O | True | CNC Policy&PCF | Added in Release 1.7.1 | |
global.diamGatewayEnable | Detremines if the diameter gateway is enabled or not. | O | True | CNC Policy, PCF, &cnPCRF | Added in Release 1.7.1 |
Table 3-9 Configurable Parameters for Enabling/Disabling the Binding Service
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.bindingEnable | Detremines if the Binding service is enabled or not. | O | True | CNC Policy | Added in Release 1.7.1 | This parameter value is False for PCF & cnPCRF. |
Table 3-10 Configurable Parameters for Enabling/Disabling the Alternate Route Service
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.alternateRouteServiceEnable | Enable/Disable Alternate Route service | Yes | true | CNC Policy & PCF | Added in Release 1.8.0 | Enable this flag to include Alternate Route service as part of you Helm deployment. |
global:
# Enable/disable PCF services
userServiceEnable: true
amServiceEnable: true
smServiceEnable: true
ueServiceEnable: true
nrfClientNfDiscoveryEnable: true
nrfClientNfManagementEnable: true
diamConnectorEnable: true
appinfoServiceEnable: true
performanceServiceEnable: true
alternateRouteServiceEnable: true
# Enable/disable PCRF services
pcrfCoreEnable: true
soapConnectorEnable: false
# Enable/disable common services
diamGatewayEnable: true
bindingEnable: true
policydsEnable: false
ldapGatewayEnable: false
audit-service:
enabled: false
ingress-gateway:
enabled: false
egress-gateway:
enabled: false
Tracing Configuration
This section describes the customizatons that you should make in custom-value.yaml files to configure tracing.
Table 3-11 Configurable Parameters for Tracing Configuration in Ingress Gateway
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.envJaegerAgentHost | Hostname or IP address for the jaeger agent | Yes | Not applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.0 | This parameter is the fqdn of Jaeger Agent service running in OCCNE cluster under namespace occne-infra. Format is <JAEGER_SVC_NAME>.<JAEGER_NAMESPACE> |
ingress-gateway.jaegerTracingEnabled | No | False | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | ||
ingress-gateway.openTracing.jaeger.udpSender.host | No | "occne-tracer-jaeger-agent.occne-infra" | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | ||
ingress-gateway.openTracing.jaeger.udpSender.port | No | 6831 | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | ||
ingress-gateway.openTracing. jaeger.probabilisticSampler | No | 0.5 | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x |
jaegerTracingEnabled: true
openTracing :
jaeger:
udpSender:
# udpsender host
host: "occne-tracer-jaeger-agent.occne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
Table 3-12 Configurable Parameters for Tracing Configuration in Egress Gateway
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
egress-gateway.jaegerTracingEnabled | No | False | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | ||
egress-gateway.openTracing.jaeger.udpSender.host | No | "occne-tracer-jaeger-agent.occne-infra" | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | ||
egress-gateway.openTracing.jaeger.udpSender.port | No | 6831 | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | ||
egress-gateway.openTracing. jaeger.probabilisticSampler | No | 0.5 | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x |
openTracing :
jaeger:
udpSender:
# udpsender host
host: "occne-tracer-jaeger-agent.occne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
Table 3-13 Configurable Parameters for Tracing Configuration in nrfClientNfDiscovery
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
nrf-client.nrf-client-nfdiscovery.envJaegerSamplerParam | '1' | CNC Policy & PCF | Added in Release 1.7.1 | Applicable only when NRF Client services are enabled. | ||
nrf-client.nrf-client-nfdiscovery.envJaegerSamplerType | ratelimitimg | CNC Policy & PCF | Added in Release 1.7.1 | Applicable only when NRF Client services are enabled. | ||
nrf-client.nrf-client-nfdiscovery.envJaegerServiceName | pcf-nrf-client-nfdiscovery | CNC Policy & PCF | Added in Release 1.7.1 | Applicable only when NRF Client services are enabled. |
nrf-client-nfdiscovery:
envJaegerSamplerParam: '1'
envJaegerSamplerType: ratelimiting
envJaegerServiceName: pcf-nrf-client-nfdiscovery
Table 3-14 Configurable Parameters for Tracing Configuration in nrfclientnfmanagement
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
nrf-client.nrf-client-nfmanagement.envJaegerSamplerParam | '1' | CNC Policy & PCF | Added in Release 1.7.1.0 | Applicable only when NRF Client services are enabled. | ||
nrf-client.nrf-client-nfmanagement.envJaegerSamplerType | ratelimiting | CNC Policy & PCF | Added in Release 1.7.1 | Applicable only when NRF Client services are enabled. | ||
nrf-client.nrf-client-nfmanagement.envJaegerServiceName | pcf-nrf-client-nfmanagement | CNC Policy & PCF | Added in Release 1.7.1 | Applicable only when NRF Client services are enabled. |
nrf-client-nfmanagement:
envJaegerSamplerParam: '1'
envJaegerSamplerType: ratelimiting
envJaegerServiceName: pcf-nrf-client-nfmanagement
Table 3-15 Configurable Parameters for Tracing Configuration in Alternate Route Service
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
alternate-route.jaegerTracingEnabled | No | False | CNC Policy & PCF | Added in Release 1.8.0 | ||
alternate-route.openTracing.jaeger.udpSender.host | "occne-tracer-jaeger-agent.occne-infra" | CNC Policy & PCF | Added in Release 1.8.0 | Applicable only when alternate route service is enabled. | ||
alternate-route.openTracing.jaeger.udpSender.port | 6831 | CNC Policy & PCF | Added in Release 1.8.0 | Applicable only when alternate route service is enabled. | ||
alternate-route.openTracing. jaeger.probabilisticSampler | 0.5 | CNC Policy & PCF | Added in Release 1.8.0 | Applicable only when alternate route service is enabled. |
jaegerTracingEnabled: true
openTracing :
jaeger:
udpSender:
# udpsender host
host: "occne-tracer-jaeger-agent.occne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
Database Name Configuration
Note:
Database name specified in the custom.yaml file should be used while creating the database during installation. See Configuring Database, Creating Users, and Granting Permissions.Table 3-16 Customizable Parameters for Database Name Configuration for PCF Services
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
am-service.envMysqlDatabase | Name of the database for AM-Service | No | occnp_pcf_am | CNC Policy & PCF | Added in Release 1.0 | Applicable only when AM service is enabled. |
sm-service.envMysqlDatabase | Name of the database for SM-Service | No | occnp_pcf_sm | CNC Policy & PCF | Added in Release 1.0 | Applicable only when SM service is enabled. |
sm-service.envMysqlDatabaseUserService | Name of the database of User Service | No | occnp_pcf_user | CNC Policy & PCF | Added in Release 1.6.x | Applicable only when SM service is enabled.
Value of this parameter should be same as the value of "user-service.envMysqlDatabase" parameter. |
config-server.envMysqlDatabase | Name of the database for Config Server service | No | occnp_config_server | CNC Policy & PCF | Added in Release 1.0 | |
queryservice.envMysqlDatabaseSmService | Specify the database name of SM service | Conditional | occnp_pcf_sm | CNC Policy & PCF | Added in Release 1.6.x | Value of this parameter should be same as the value of "sm-service.envMysqlDatabase" parameter. |
queryservice.envMysqlDatabaseUserService | Specify the database name of User service | Conditional | occnp_pcf_user | CNC Policy & PCF | Added in Release 1.6.x | Value of this parameter should be same as the value of "user-service.envMysqlDatabase" parameter. |
Table 3-17 Customizable Parameters for Database Name Configuration for Policy Data Source (PDS)
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
user-service.envMysqlDatabase | Name of the database for User-Service | No | occnp_pcf_user | CNC Policy & PCF | Added in Release 1.0 | Applicable only when user service is enabled. |
policyds.envMysqlDatabaseConfigServer | Specify the database name of Config Server service. | occnp_config_server | CNC Policy, PCF, & cnPCRF | Added in Release 1.7.1 | Applicable only when policyds is enabled. |
Table 3-18 Customizable Parameters for Database Name Configuration for PCRF Core Service
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
pcrf-core.envMysqlDatabase | Name of the database for PCRF-Core | No | occnp_pcrf_core | CNC Policy & cnPCRF | Added in Release 1.0 | Applicable only when pcrf-core service is enabled. |
Table 3-19 Customizable Parameters for Database Name Configuration for Binding Service
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
binding.envMysqlDatabase | Name of the database for Binding service | No | occnp_binding | CNC Policy, PCF, & cnPCRF | Added in Release 1.7.1 | Applicable only when binding service is enabled. |
Table 3-20 Customizable Parameters for Database Name Configuration for Audit Service
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
audit-service.envMysqlDatabase | Name of the database for Audit service | No | occnp_audit_service | CNC Policy & PCF | Added in Release 1.7.1 | Applicable only when Audit service is enabled. |
am-service:
envMysqlDatabase: occnp_pcf_am
sm-service:
envMysqlDatabase: occnp_pcf_sm
envMysqlDatabaseUserService: occnp_pcf_user
user-service:
envMysqlDatabase: occnp_pcf_user
config-server:
envMysqlDatabase: occnp_config_server
queryservice:
envMysqlDatabaseSmService: occnp_pcf_sm
envMysqlDatabaseUserService: occnp_pcf_user
audit-service:
envMysqlDatabase: occnp_audit_service
policyds:
envMysqlDatabaseConfigServer: 'occnp_config_server'
pcrf-core:
# database name core service will connect to
envMysqlDatabase: occnp_pcrf_core
binding:
envMysqlDatabase: occnp_binding
NRF Client Configuration
Note:
These configurations are required when NF is required to register with NRF. Before configuring NRF client configuration, NRF Client services should have been enabled.Table 3-21 Configurable Parameters for NRF Client Configuration
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.deploymentNrfClientService.envNfNamespace | K8s namespace of PCF | Mandatory | Not Applicable | CNC Policy & PCF | Added in Release 1.6.x | |
nrf-client.configmapApplicationConfig.profile | Contains configuration parameters that goes into nrf-client's config map | Mandatory | Not Applicable | CNC Policy & PCF | Added in Release 1.6.x | Refer config-map table for configurable parameters. |
appinfo.infraServices | Set this parameter to an empty array if any one of
below condition is met:
|
Conditional | Not Applicable | CNC Policy & PCF | Added in Release 1.7.1 | |
perf-info.configmapPerformance.prometheus | Specifies Prometheus server URL | Conditional | http://prometheus-server.prometheus:5802 | CNC Policy & PCF | Added in Release 1.0 | If no value is specified, PCF reported 0 loads to NRF. |
Configurable parameters NRF Client Configuration in Config-map
Parameter | Description | Allowed Values | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|
primaryNrfApiRoot | Primary NRF hostname and port <http scheme>://<Hostname/IP>:<Port> | valid api root | CNC Policy & PCF | Added in Release 1.6.x | For Example: http://nrf1-api-gateway.svc:80 |
SecondaryNrfApiRoot | secondary NRF hostname and port <http scheme>://<Hostname/IP>:<Port> | valid api root | CNC Policy & PCF | Added in Release 1.6.x | For Example: http://nrf2-api-gateway.svc:80 |
retryAfterTime | When primary NRF is down, this will be the wait Time (in ISO 8601 duration format) after which request to primary NRF will be retried to detect primary NRF's availability. | valid ISO 8601 duration format | CNC Policy & PCF | Added in Release 1.6.x | For Example: PT120S |
nrfClientType | The NfType of the NF registering. This should be set to PCF. | PCF | CNC Policy & PCF | Added in Release 1.6.x | |
nrfClientSubscribeTypes | NF Type(s) for which the NF wants to discover and subscribe to the NRF. | BSF,UDR,CHF | CNC Policy & PCF | Added in Release 1.6.x | Leave blank if PCF does not require. |
appProfiles | NfProfile of PCF to be registered with NRF. | Valid NF Profile | CNC Policy & PCF | Added in Release 1.6.x | |
enableF3 | Support for 29.510 Release 15.3 | true/false | CNC Policy & PCF | Added in Release 1.6.x | |
enableF5 | Support for 29.510 Release 15.5 | true/false | CNC Policy & PCF | Added in Release 1.6.x | |
renewalTimeBeforeExpiry | Time Period(seconds) before the Subscription Validity time expires | Time in seconds | CNC Policy & PCF | Added in Release 1.6.x | For Example: 3600 (1hr) |
validityTime | The default validity time(days) for subscriptions | Time in days | CNC Policy & PCF | Added in Release 1.6.x | For Example: 30 (30 days) |
enableSubscriptionAutoRenewal | Enable Renewal of Subscriptions automatically | true/false | CNC Policy & PCF | Added in Release 1.6.x | |
acceptAdditionalAttributes | Enable additionalAttributes as part of 29.510 Release 15.5 | true/false | CNC Policy & PCF | Added in Release 1.6.x | |
supportedDataSetId | POLICY | CNC Policy & PCF | Added in Release 1.7.1 |
appinfo:
serviceAccountName: ''
# Set Infrastructure services to empty array if any one of below condition is met
# 1. Deploying on occne 1.4 or lesser version
# 2. Not deploying on OCCNE
# 3. Do not wish to monitor infra services such as db-monitor service
# then the below mentioned attribute 'infra_services' should be uncommneted and epmty array should be passed as already mentioned.
#infraServices: []
perf-info:
configmapPerformance:
prometheus: ''
nrf-client:
# This config map is for providing inputs to NRF-Client
configmapApplicationConfig:
# primaryNrfApiRoot - Primary NRF Hostname and Port
# SecondaryNrfApiRoot - Secondary NRF Hostname and Port
# retryAfterTime - Default downtime(in ISO 8601 duration format) of an NRF detected to be unavailable.
# nrfClientType - The NfType of the NF registering
# nrfClientSubscribeTypes - the NFType for which the NF wants to subscribe to the NRF.
# appProfiles - The NfProfile of the NF to be registered with NRF.
# enableF3 - Support for 29.510 Release 15.3
# enableF5 - Support for 29.510 Release 15.5
# renewalTimeBeforeExpiry - Time Period(seconds) before the Subscription Validity time expires.
# validityTime - The default validity time(days) for subscriptions.
# enableSubscriptionAutoRenewal - Enable Renewal of Subscriptions automatically.
# acceptAdditionalAttributes - Enable additionalAttributes as part of 29.510 Release 15.5
profile: |-
[appcfg]
primaryNrfApiRoot=http://nrf1-api-gateway.svc:80
secondaryNrfApiRoot=http://nrf2-api-gateway.svc:80
retryAfterTime=PT120S
nrfClientType=PCF
nrfClientSubscribeTypes=CHF,UDR,BSF
appProfiles=[{ "nfInstanceId": "fe7d992b-0541-4c7d-ab84-c6d70b1b0123", "nfType": "PCF", "nfStatus": "REGISTERED", "plmnList": null, "nsiList": null, "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipv4Addresses": null, "ipv6Addresses": null, "priority": null, "capacity": null, "load": 80, "locality": null, "pcfInfo": { "dnnList": [ "internet", "volte" ], "supiRanges": [ { "start": "12123444444", "end": "232332323323232", "pattern": null } ] }, "customInfo": null, "recoveryTime": null, "nfServices": [ { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd01", "serviceName": "npcf-am-policy-control", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "AMF", "NEF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null }, { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd02", "serviceName": "npcf-smpolicycontrol", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "SMF", "NEF", "AF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null }, { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd03", "serviceName": "npcf-ue-policy-control", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "AMF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null } ]}]
enableF3=true
enableF5=true
renewalTimeBeforeExpiry=3600
validityTime=30
enableSubscriptionAutoRenewal=true
acceptAdditionalAttributes=false
supportedDataSetId=POLICY
Audit Service Configuration
This section describes the customizatons that you should make in custom-value.yaml file to customize Audit service configurations.
Table 3-22 Configurable Parameters for Audit Service Configuration
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
sm-service.auditSmSessionTtl |
SM Policy Association normal age | No | 86400 | CNC Policy & PCF | Added in Release 1.6.x | Specifies age of a SM policy association after which a record is considered to be stale on PCF and the SMF is queried for presence of such associations. Applicable only when SM service is enabled. |
sm-service.auditSmSessionMaxTtl |
SM Policy Association maximum age | No | 172800 | CNC Policy & PCF | Added in Release 1.6.x | Specifies maximum age of a SM Policy Association after which a record is purged from PCF SM database without sending further queries to SMF. Applicable only when SM service is enabled. |
sm-service:
auditSmSessionTtl: 86400
auditSmSessionMaxTtl: 172800
Diameter Gateway/Connector Configuration
This section describes the customizatons that you should make in custom-value.yaml file to customize Diameter configurations.
Table 3-23 Configurable Parameters for Diameter Gateway/Connector Configuration
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
diam-connector.envDiameterRealm | Diameter Realm of PCF | Yes | Not applicable | CNC Policy & PCF | Added in Release 1.6.x | example: oracle.com Applicable only when diameter connector is enabled. |
diam-connector.envDiameterIdentity | Diameter Host of PCF | Yes | Not applicable | CNC Policy & PCF | Added in Release 1.6.x | example: ocpcf Applicable only when diameter connector is enabled. |
diam-gateway.envGatewayMode | Diameter Gateway mode | Yes | CNC Policy, PCF, & cnPCRF | Added in Release 1.7.1 | For CNC Policy,the value is "converged". For PCF,the
value is "pcf". For cnPCRF,the value is "pcrf".
Applicable only when diameter gateway is enabled. |
|
diam-gateway.envGatewayDeploymentType | Diameter Gateway deployment type (applicable only when mode is converged) | Yes | CNC Policy, PCF, & cnPCRF | Added in Release 1.7.1 | For CNC Policy,the value is "CONVERGED". For PCF,the
value is "PCF". For cnPCRF,the value is "PCRF".
Applicable only when diameter gateway is enabled. |
|
diam-gateway.envDiameterRealm |
Diameter Realm of PCF diameter gateway | Yes | Not applicable | CNC Policy, PCF, & cnPCRF | Added in Release 1.7.1 | example: oracle.com
Applicable only when diameter gateway is enabled. |
diam-gateway.envDiameterIdentity |
Diameter Host of PCF diameter gateway | Yes | Not applicable | CNC Policy, PCF, & cnPCRF | Added in Release 1.7.1 | example: oc-diam-gateway
Applicable only when diameter gateway is enabled. |
diam-connector:
envDiameterRealm: 'oracle.com'
envDiameterIdentity: 'ocpcf'
diam-gateway:
#The diam-gateway mode i.e. converged, bsf, pcf and pcrf
envGatewayMode: converged
#The diam-gateway deployment type (applicable only when mode is converged) i.e. CONVERGED, PCF and PCRF
envGatewayDeploymentType: CONVERGED
envDiameterRealm: 'oracle.com'
envDiameterIdentity: 'oc-diam-gateway'
BSF Configuration
This section describes the customizatons that you should make in custom-value.yaml file to customize default BSF configurations.
Table 3-24 Configurable Parameters for BSF Configuration
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
sm-service.defaultBsfApiRoot | Api root of pre-configured BSF | No | Not applicable | CNC Policy & PCF | Added in Release 1.5.x | Applicable only when SM service is enabled. Required, if PCF uses pre-configured BSF. For Example: "https://bsf.apigateway:8001/" |
binding.bsfEnabled | Enable/Disable the binding operation (register and deregister) with the BSF | No | False | CNC Policy & PCF | Added in Release 1.7.1 | Applicable only when Binding service is enabled. |
sm-service:
defaultBsfApiRoot: 'https://bsf.apigateway:8001'
binding:
bsfEnabled: false
Kubernetes Service Account Configuration
This section describes the customizatons that you should make in custom-value.yaml file to customize kubernetes service account configurations.
Table 3-25 Configurable Parameters for Kubernetes Service Account Configuration
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
appinfo.serviceAccountName |
K8s Service Account to access (RBAC) the K8s API server to retrieve status of PCF services and pods. The account should have read access ( "get" , "watch" , "list" ) to pods, services and nodes. |
Conditional | Not applicable | CNC Policy & PCF | Added in Release 1.6.x | If no value is specified, PCF creates a service account at the time of deployment. |
ldap-gateway.serviceAccountName | CNC Policy, PCF, & cnPCRF | Added in Release 1.7.1 |
appinfo:
serviceAccountName: ''
ldap-gateway:
serviceAccountName: ''
API Root Configuration for Resource URI and Notification URI
This section describes the configuration parameters that can be used to API Root configuration.
To configure these parameters, you should configure the following configurable parameters in the custom-values.yaml file:
Table 3-26 Configurable Parameters for Api Root Configuration for Notification URI
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.pcfApiRoot | API root of PCF that is used in
|
No | Ingress gateway service name and port | CNC Policy & PCF | Added in Release 1.5.x |
If not configured then the ingress gateway service name and port will be used as default value. Example: "https://<Helm namespace>-pcf-ingress-gateway:443" pcfApiRoot: '' |
global.deploymentNrfClientService.nfApiRoot | Api root of PCF | Mandatory | Not Applicable | CNC Policy & PCF | Added in Release 1.6.x | Applicable only when NRF Client services are enabled. Value of this parameter should be same as the value of "global.pcfApiRoot" parameter. |
Basic Configurations in Ingress Gateway
Note:
Following configurations are applicable only when ingress-gateway is enabled.Table 3-27 Configurable Parameters for Basic Configurations in Ingress Gateway
Parameter | Description | Mandatory Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.metalLbIpAllocationEnabled | Enable or disable IP Address allocation from Metallb Pool | No | false | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | |
global.metalLbIpAllocationAnnotation | Address Pool Annotation for Metallb | No | "metallb.universe.tf/address-pool: signaling" | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | |
ingress-gateway.enableIncomingHttp |
Enable it to accept incoming http requests | No | False | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | |
ingress-gateway.ingressServer.keepAlive.enabled | No | false | Added in Release 1.7.3 | |||
ingress-gateway.ingressServer.keepAlive.idealTime | No | 180 (in seconds) | Added in Release 1.7.3 | |||
ingress-gateway.ingressServer.keepAlive.count | No | 9 | Added in Release 1.7.3 | |||
ingress-gateway.ingressServer.keepAlive.interval | No | 60 (in seconds) | Added in Release 1.7.3 |
ingress-gateway:
# Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: false
# Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
# -----Ingress Gateway Settings - END-----
ingress-gateway:
#keep alive settings
ingressServer:
keepAlive:
enabled: false
idealTime: 180 #in seconds
count: 9
interval: 60 #in seconds
Service and Container Port Configuration
Note:
For upgrade scenario, changing port will cause temporary service disruption.Table 3-28 Customizable Parameters for Service Ports Configuration
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.servicePorts.pcfAmServiceHttp | HTTP signaling port for AM service. | Optional | 5904 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.pcfAmServiceHttps | HTTP signaling port for AM service. | Optional | 5905 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.appInfoHttp | HTTP signaling port for app info . | Optional | 5906 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcAppInfoHttp |
global.servicePorts.auditServiceHttp | HTTP signaling port for audit service. | Optional | 5807 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.bindingHttp | HTTP signaling port for binding service. | Optional | 8080 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.bindingHttps | HTTPS signaling port for binding service. | Optional | 8443 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.cmServiceHttp | HTTP signaling port for CM service. | Optional | 5808 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.configServerHttp | HTTP signaling port for config server. | Optional | 5807 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | Same value as
svcConfigServerHttp |
global.servicePorts.diamConnectorHttp | HTTP signaling port for Diameter connector. | Optional | 8080 | CNCPolicy & PCF | Updated in Release 1.8.1 | The name for this parameter has been updated from
pcfDiamConnectorHttp to
diamConnectorHttp .
|
global.servicePorts.diamConnectorDiameter | Port for Diameter connector. | Optional | 3868 | CNCPolicy & PCF | Updated in Release 1.8.1 | The name for this parameter has been updated from
pcfDiamConnectorDiameter to
diamConnectorDiameter .
|
global.servicePorts.ldapGatewayHttp | HTTP signaling port for LDAP Gateway. | Optional | 8084 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.ldapGatewayHttps | HTTPS signaling port for LDAP Gateway. | Optional | 8443 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.diamGatewayHttp | HTTP signaling port for Diameter gateway. | Optional | 8080 | CNCPolicy & PCF | Updated in Release 1.8.1 | The name for this parameter has been updated from
pcfDiamGatewayHttp to
diamGatewayHttp .
|
global.servicePorts.diamGatewayDiameter | Port for Diameter gateway. | Optional | 3868 | CNCPolicy & PCF | Updated in Release 1.8.1 | The name for this parameter has been updated from
pcfDiamGatewayDiameter to
diamGatewayDiameter .
|
global.servicePorts.pcrfCoreDiameter | Port for PCRF Core Diameter. | Optional | 3868 | CNCPolicy & cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.pcrfCoreHttp | HTTP signaling port for PCRF core service. | Optional | 9080 | CNCPolicy & cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.pcrfDiamGatewayHttp | HTTP signaling port for PCRF Diameter Gateway. | Optional | 8080 | CNCPolicy & cnPCRF | Deprecated in Release 1.8.1 | |
global.servicePorts.pcrfDiamGatewayDiameter | Port for PCRF Diameter connector. | Optional | 3868 | CNCPolicy & cnPCRF | Deprecated in Release 1.8.1 | |
global.servicePorts.perfInfoHttp | HTTP signaling port for perf info. | Optional | 5905 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcPerfInfoHttp |
global.servicePorts.policydsHttp | HTTP signaling port for policyds. | Optional | 8080 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.preServiceHttp | HTTP signaling port for pre service. | Optional | 5806 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.preTestHttp | HTTP signaling port for pre test. | Optional | 5806 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.queryServiceHttp | HTTP signaling port for queryservice. | Optional | 5805 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.pcfSmServiceHttp | HTTP signaling port for SM service. | Optional | 5809 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.pcfSmServiceHttps | HTTPS signaling port for SM service. | Optional | 5805 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.soapConnectorHttp | HTTP signaling port for Soap connector. | Optional | 8082 | CNCPolicy & cnPCRF | Added in Release 1.7.3 | |
global.servicePorts.pcfUeServiceHttp | HTTP signaling port for UE service. | Optional | 5809 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.pcfUeServiceHttps | HTTPS signaling port for UE service. | Optional | 5805 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.pcfUserServiceHttp | HTTP signaling port for User service. | Optional | 5808 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.pcfUserServiceHttps | HTTPS signaling port for User service. | Optional | 8443 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.udrConnectorHttp | HTTP signaling port for UDR Connector. | Optional | 5808 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.udrConnectorHttps | HTTPS signaling port for UDR Connector. | Optional | 8443 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.chfConnectorHttp | HTTP signaling port for CHF Connector. | Optional | 5808 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.chfConnectorHttps | HTTPS signaling port for CHF Connector. | Optional | 8443 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.servicePorts.egressGatewayHttp | HTTP signaling port for Egress Gateway. | Optional | 8080 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcEgressGatewayHttp |
global.servicePorts.nrfClientNfDiscoveryHttp | HTTP signaling port for NRF client discovery service. | Optional | 5910 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcNrfClientNfDiscoveryHttp |
global.servicePorts.nrfClientNfManagementHttp | HTTP signaling port for NRF client management service. | Optional | 5910 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcNrfClientNfManagementHttp |
global.servicePorts.nrfClientNfDiscoveryHttps | HTTPS signaling port for NRF client discovery service. | Optional | 8443 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcNrfClientNfDiscoveryHttps |
global.servicePorts.nrfClientNfManagementHttps | HTTPS signaling port for NRF client management service. | Optional | 8443 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcNrfClientNfManagementHttps |
global.servicePorts.alternateRouteServiceHttp | HTTP signaling port for alternate route service. | Optional | 8000 | CNCPolicy & PCF | Added in Release 1.8.0 | Same value as
svcAlternateRouteServiceHttp |
global.servicePorts.alternateRouteServiceHazelcast | Optional | 8000 | CNCPolicy & PCF | Added in Release 1.8.0 | Same value as
svcAlternateRouteServiceHazelcast |
servicePorts:
# am service
pcfAmServiceHttp: 8000
pcfAmServiceHttps: 9443
# app info
appInfoHttp: &svcAppInfoHttp 8000
# audit service
auditServiceHttp: 8000
# binding
bindingHttp: 8000
bindingHttps: 9443
# cm service
cmServiceHttp: 8000
# config server
configServerHttp: &svcConfigServerHttp 8000
# diam connector
diamConnectorHttp: 8000
diamConnectorDiameter: 3868
# ldap gateway
ldapGatewayHttp: 8000
ldapGatewayHttps: 9443
# diameter gateway
diamGatewayHttp: 8000
diamGatewayDiameter: 3868
# pcrf core
pcrfCoreDiameter: 3868
pcrfCoreHttp: 8000
# pcrf diameter gateway
pcrfDiamGatewayHttp: 8000
pcrfDiamGatewayDiameter: 3868
# perf info
perfInfoHttp: &svcPerfInfoHttp 8000
# policyds
policydsHttp: 8000
# pre service
preServiceHttp: 8000
preTestHttp: 8000
# query service
queryServiceHttp: 8000
# pcf sm service
pcfSmServiceHttp: 8000
pcfSmServiceHttps: 9443
# soap connector
soapConnectorHttp: 8000
# ue service
pcfUeServiceHttp: 8000
pcfUeServiceHttps: 9443
# pcf user service
pcfUserServiceHttp: 8000
pcfUserServiceHttps: 9443
udrConnectorHttp: 8000
udrConnectorHttps: 9443
chfConnectorHttp: 8000
chfConnectorHttps: 9443
# egress gateway
egressGatewayHttp: &svcEgressGatewayHttp 8000
# nrf client
nrfClientNfDiscoveryHttp: &svcNrfClientNfDiscoveryHttp 8000
nrfClientNfManagementHttp: &svcNrfClientNfManagementHttp 8000
nrfClientNfDiscoveryHttps: &svcNrfClientNfDiscoveryHttps 9443
nrfClientNfManagementHttps: &svcNrfClientNfManagementHttps 9443
# alternate route
alternateRouteServiceHttp: &svcAlternateRouteServiceHttp 8000
alternateRouteServiceHazelcast: &svcAlternateRouteServiceHazelcast 8000
Table 3-29 Customizable Parameters for Container Ports Configuration
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.containerPorts.monitoringHttp | HTTP signaling port for monitoring. | Optional | 9000 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | Same value as
containerMonitoringHttp |
global.containerPorts.pcfAmServiceHttp | HTTP signaling port for AM service. | Optional | 8080 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.pcfAmServiceHttps | HTTPS signaling port for AM service. | Optional | 9443 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.appInfoHttp | HTTP signaling port for app info. | Optional | 5906 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.auditServiceHttp | HTTP signaling port for Auditservice. | Optional | 8081 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.bindingHttp | HTTP signaling port for binding service. | Optional | 8080 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.bindingHttps | HTTPS signaling port for binding service. | Optional | 8443 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.cmServiceHttp | HTTP signaling port for CMservice. | Optional | 5807 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.configServerHttp | HTTP signaling port for config server. | Optional | 8001 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.diamConnectorHttp | HTTP signaling port for Diameter Connector. | Optional | 8080 | CNCPolicy & PCF | Updated in Release 1.8.1 | The name for this parameter has been updated from
pcfDiamConnectorHttp to
diamConnectorHttp .
|
global.containerPorts.diamConnectorDiameter | Diameter connector. | Optional | 3868 | CNCPolicy & PCF | Updated in Release 1.8.1 | The name for this parameter has been updated from
pcfDiamConnectorDiameter to
diamConnectorDiameter .
|
global.containerPorts.ldapGatewayHttp | HTTP signaling port for IDAP Gateway. | Optional | 8084 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.diamGatewayHttp | HTTP signaling port for Diameter Gateway. | Optional | 8080 | CNCPolicy & PCF | Updated in Release 1.8.1 | This parameter name has been updated from
pcfDiamGatewayHttp to
diamGatewayHttp .
|
global.containerPorts.diamGatewayDiameter | Diameter gateway. | Optional | 3868 | CNCPolicy & PCF | Updated in Release 1.8.1 | This parameter name has been updated from
pcfDiamGatewayDiameter to
diamGatewayDiameter .
|
global.containerPorts.pcrfCoreDiameter | PCRF core diameter. | Optional | 3868 | CNCPolicy & cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.pcrfCoreHttp | HTTP signaling port for PCRF Core service. | Optional | 9080 | CNCPolicy & cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.pcrfDiamGatewayHttp | HTTP signaling port for PCRF Diameter Gateway. | Optional | 8080 | CNCPolicy & cnPCRF | Deprecated in Release 1.8.1 | |
global.containerPorts.pcrfDiamGatewayDiameter | PCRF diameter gateway. | Optional | 3868 | CNCPolicy & cnPCRF | Deprecated in Release 1.8.1 | |
global.containerPorts.perfInfoHttp | HTTP signaling port for perf-info. | Optional | 5905 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.policydsHttp | HTTP signaling port for policyds. | Optional | 8080 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.preServiceHttp | HTTP signaling port for pre service. | Optional | 5806 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.preTestHttp | HTTP signaling port for pre test. | Optional | 5806 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.queryServiceHttp | HTTP signaling port for queryservice. | Optional | 8081 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.pcfSmServiceHttp | HTTP signaling port for SM service. | Optional | 8080 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.pcfSmServiceHttps | HTTPS signaling port for SM service. | Optional | 9443 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.soapConnectorHttp | HTTP signaling port for soap connector. | Optional | 8082 | CNCPolicy & cnPCRF | Added in Release 1.7.3 | |
global.containerPorts.pcfUeServiceHttp | HTTP signaling port for UE service. | Optional | 8082 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.pcfUeServiceHttps | HTTPS signaling port for UE service. | Optional | 8081 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.pcfUserServiceHttp | HTTP signaling port for User service. | Optional | 8080 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.pcfUserServiceHttps | HTTPS signaling port for User service. | Optional | 8443 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.udrConnectorHttp | HTTP signaling port for UDR Connector. | Optional | 8080 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.udrConnectorHttps | HTTPS signaling port for UDR Connector. | Optional | 8443 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.chfConnectorHttp | HTTP signaling port for CHF connector. | Optional | 8080 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.chfConnectorHttps | HTTPS signaling port for CHF connector. | Optional | 8443 | CNCPolicy & PCF | Added in Release 1.7.3 | |
global.containerPorts.nrfClientNfDiscoveryHttp | HTTP signaling port for NRF client discovery. | Optional | 8000 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
containerNrfClientNfDiscoveryHttp |
global.containerPorts.nrfClientNfManagementHttp | HTTP signaling port for NRF client management. | Optional | 8000 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
containerNrfClientNfManagementHttp |
global.containerPorts.nrfClientNfDiscoveryHttps | HTTPS signaling port for NRF client discovery. | Optional | 9443 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
containerNrfClientNfDiscoveryHttps |
global.containerPorts.nrfClientNfManagementHttps | HTTPS signaling port for NRF client management. | Optional | 9443 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
containerNrfClientNfManagementHttps |
global.containerPorts.ingressGatewayHttp | HTTP signaling port for Ingress Gateway. | Optional | 8000 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
containerIngressGatewayHttp |
global.containerPorts.ingressGatewayHttps | HTTPS signaling port for Ingress Gateway. | Optional | 9443 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
containerIngressGatewayHttps |
global.containerPorts.alternateRouteServiceHttp | HTTP signaling port for alternate route service. | Optional | 8004 | CNCPolicy & PCF | Added in Release 1.8.0 | Same value as
containerAlternateRouteServiceHttp . This port
configuration shall not be same as
alternateRouteServiceHazelcast ,that is 8000, in this
sample custom value file.
|
containerPorts:
monitoringHttp: &containerMonitoringHttp 9000
# am service
pcfAmServiceHttp: 8000
pcfAmServiceHttps: 9443
# app info
appInfoHttp: 8000
# audit service
auditServiceHttp: 8000
# binding
bindingHttp: 8000
bindingHttps: 9443
# cm service
cmServiceHttp: 8000
# config server
configServerHttp: 8000
# diam connector
diamConnectorHttp: 8000
diamConnectorDiameter: 3868
# ldap gateway
ldapGatewayHttp: 8000
# diameter gateway
diamGatewayHttp: 8000
diamGatewayDiameter: 3868
# pcrf core
pcrfCoreDiameter: 3868
pcrfCoreHttp: 8000
# pcrf diameter gateway
pcrfDiamGatewayHttp: 8000
pcrfDiamGatewayDiameter: 3868
# perf info
perfInfoHttp: 8000
# policyds
policydsHttp: 8000
# pre service
preServiceHttp: 8000
preTestHttp: 8000
# query service
queryServiceHttp: 8000
# pcf sm service
pcfSmServiceHttp: 8000
pcfSmServiceHttps: 9443
# soap connector
soapConnectorHttp: 8000
# ue service
pcfUeServiceHttp: 8000
pcfUeServiceHttps: 9443
# pcf user service
pcfUserServiceHttp: 8000
pcfUserServiceHttps: 9443
udrConnectorHttp: 8000
udrConnectorHttps: 9443
chfConnectorHttp: 8000
chfConnectorHttps: 9443
# nrf client
nrfClientNfDiscoveryHttp: &containerNrfClientNfDiscoveryHttp 8000
nrfClientNfManagementHttp: &containerNrfClientNfManagementHttp 8000
nrfClientNfDiscoveryHttps: &containerNrfClientNfDiscoveryHttps 9443
nrfClientNfManagementHttps: &containerNrfClientNfManagementHttps 9443
# ingress gateway
ingressGatewayHttp: &containerIngressGatewayHttp 8000
ingressGatewayHttps: &containerIngressGatewayHttps 9443
# alternate route service
alternateRouteServiceHttp: &containerAlternateRouteServiceHttp 8004
Table 3-30 Customizable Parameters for Ports Configuration in Ingress Gateway
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.publicHttpSignalingPort |
HTTP/2.0 Port of ingress gateway | Optional | 80 | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | |
global.publicHttpsSignallingPort |
HTTPS/2.0 Port of ingress gateway | Optional | 443 | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | Set this parameter to 0 if HTTPS is disabled. |
global.configServerPort | HTTP signaling port for config server. | Optional | 5807 | CNC Policy, PCF, &cnPCRF | Added in Release 1.7.3 | same vale as svcConfigServerHttp |
ingress-gateway.ports.actuatorPort | Optional | CNCPolicy , PCF, &cnPCRF | Added in Release 1.8.0 | Same value as
containerMonitoringHttp |
||
ingress-gateway.ports.containerPort | Optional | CNCPolicy , PCF, &cnPCRF | Added in Release 1.8.0 | Same value as
containerIngressGatewayHttp |
||
ingress-gateway.ports.containersslPort | Optional | CNCPolicy , PCF, &cnPCRF | Added in Release 1.8.0 | Same value as
containerIngressGatewayHttps |
# -----Ingress Gateway Settings - BEGIN-----
# If httpsEnabled is false, this Port would be HTTP/2.0 Port (unsecured)
publicHttpSignalingPort: 80
# If httpsEnabled is true, this Port would be HTTPS/2.0 Port (secured SSL)
publicHttpsSignallingPort: 443
configServerPort: *svcConfigServerHttp
ingress-gateway:
ports:
actuatorPort: *containerMonitoringHttp
containerPort: *containerIngressGatewayHttp
containersslPort: *containerIngressGatewayHttps
Table 3-31 Customizable Parameters for Ports Configuration in Egress Gateway
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
egress-gateway.serviceEgressGateway.actuatorPort | Optional | CNCPolicy & PCF | Added in Release 1.8.0 | Same value as
containerMonitoringHttp |
||
egress-gateway.serviceEgressGateway.Port | Optional | CNCPolicy , PCF, &cnPCRF | Added in Release 1.8.0 | Same value as
svcEgressGatewayHttp |
egress-gateway:
serviceEgressGateway:
actuatorPort: *containerMonitoringHttp
port: *svcEgressGatewayHttp
Table 3-32 Customizable Parameters for Ports Configuration in nrf-client-nfdiscovery
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.nrf-client-nfdiscovery.envPlatformServicePort |
HTTP signaling port for app info. | Optional | 5906 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as svcAppInfoHttp |
global.nrf-client-nfdiscovery.envPerformanceServicePort |
HTTP signaling port for perf info. | Optional | 5905 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as svcPerfInfoHttp |
global.nrf-client-nfdiscovery.envCfgServerPort | HTTP signaling port for config server. | No | 5807 | CNC Policy, PCF, &cnPCRF | Added in Release 1.7.3 | same vale as svcConfigServerHttp |
global.nrf-client-nfdiscovery.containerHttpPort | HTTP signaling port for NRF client discovery. | Optional | 8000 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
containerNrfClientNfDiscoveryHttp |
global.nrf-client-nfdiscovery.containerHttpsPort | HTTPS signaling port for NRF client discovery. | Optional | 9443 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
containerNrfClientNfDiscoveryHttps |
global.nrf-client-nfdiscovery.serviceHttpPort | HTTP signaling port for NRF client discovery service. | Optional | 5910 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcNrfClientNfDiscoveryHttp |
global.nrf-client-nfdiscovery.serviceHttpsPort | HTTPS signaling port for NRF client discovery service. | Optional | 8443 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcNrfClientNfDiscoveryHttps |
nrf-client-nfdiscovery:
envPlatformServicePort: *svcAppInfoHttp
envPerformanceServicePort: *svcPerfInfoHttp
envCfgServerPort: *svcConfigServerHttp
containerHttpPort: *containerNrfClientNfDiscoveryHttp
containerHttpsPort: *containerNrfClientNfDiscoveryHttps
serviceHttpPort: *svcNrfClientNfDiscoveryHttp
serviceHttpsPort: *svcNrfClientNfDiscoveryHttps
Table 3-33 Customizable Parameters for Ports Configuration in nrf-client-nfmanagement
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
global.nrf-client-nfmanagement.envPlatformServicePort |
HTTP signaling port for app info. | Optional | 5906 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as svcAppInfoHttp |
global.nrf-client-nfmanagement.envPerformanceServicePort |
HTTP signaling port for perf info. | Optional | 5905 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as svcPerfInfoHttp |
global.nrf-client-nfmanagement.envCfgServerPort | HTTP signaling port for config server. | Optional | 5807 | CNC Policy, PCF, &cnPCRF | Added in Release 1.7.3 | same vale as svcConfigServerHttp |
global.nrf-client-nfmanagement.containerHttpPort | HTTP signaling port for NRF client discovery. | Optional | 8000 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
containerNrfClientNfManagementHttp |
global.nrf-client-nfmanagement.containerHttpsPort | HTTPS signaling port for NRF client discovery. | Optional | 9443 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
containerNrfClientNfManagementHttps |
global.nrf-client-nfmanagement.serviceHttpPort | HTTP signaling port for NRF client discovery service. | Optional | 5910 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcNrfClientNfManagementHttp |
global.nrf-client-nfmanagement.serviceHttpsPort | HTTPS signaling port for NRF client discovery service. | Optional | 8443 | CNCPolicy & PCF | Added in Release 1.7.3 | Same value as
svcNrfClientNfManagementHttps |
nrf-client-nfmanagement:
envPlatformServicePort: *svcAppInfoHttp
envPerformanceServicePort: *svcPerfInfoHttp
envCfgServerPort: *svcConfigServerHttp
containerHttpPort: *containerNrfClientNfManagementHttp
containerHttpsPort: *containerNrfClientNfManagementHttps
serviceHttpPort: *svcNrfClientNfManagementHttp
serviceHttpsPort: *svcNrfClientNfManagementHttps
Table 3-34 Customizable Parameters for Ports Configuration in Alternate Route Service
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
alternate-route.ports.servicePort | HTTP signaling port for alternate route service. | Optional | 8000 | CNCPolicy & PCF | Added in Release 1.8.0 | Same value as
svcAlternateRouteServiceHttp |
alternate-route.ports.containerPort | HTTP signaling port for alternate route service. | Optional | 8004 | CNCPolicy & PCF | Added in Release 1.8.0 | Same value as
containerAlternateRouteServiceHttp |
alternate-route.ports.actuatorPort | HTTP signaling port for monitoring. | Optional | 9000 | CNCPolicy , PCF, &cnPCRF | Added in Release 1.7.3 | Same value as
containerMonitoringHttp |
alternate-route.hazelcast.port | Optional | 8000 | CNCPolicy & PCF | Added in Release 1.8.0 | Same value as
svcAlternateRouteServiceHazelcast |
alternate-route:
ports:
servicePort: *svcAlternateRouteServiceHttp
containerPort: *containerAlternateRouteServiceHttp
actuatorPort: *containerMonitoringHttp
hazelcast:
port: *svcAlternateRouteServiceHazelcast
Aspen Service Mesh Configurations
This section describes the customizatons that you can make in custom-values.yaml files to integrate Aspen service mesh with Oracle Communications Cloud Native Core Policy.
Important:
Users may use custom values file from CNC Policy 1.7.1 to install CNC Policy with Aspen service mesh.- Unified signaling ports: To override the default port numbers, used by containers and services, and customize them as per your requirements, you can configure the configurable parameters in custom values file. See Service and Container Port Configuration section for service and container ports configurable parameters.
- Enable Aspen Service Mesh: To enable Aspen Service Mesh, set the value for
serviceMeshCheck
to true in custom values file:ingress-gateway: # Mandatory: This flag needs to set it "true" is Service Mesh would be present where Policy will be deloyed serviceMeshCheck: true
- Annotation to support OSO: To deploy CNC Policy with OSO, you must add the
following annotation to the custom extension under global section of custom values
file:
global: customExtension: lbDeployments: annotations: oracle.com/cnc: "true" nonlbDeployments: annotations: oracle.com/cnc: "true"
Note:
After helm install is complete, all the nodes will have the above mentioned annotation. - Custom container name: You can customize the name of containers of a pod with
a prefix and suffix. To do so, add the prefix and suffix to the k8sResource under
global section of custom values
file:
global: k8sResource: container: prefix: ABCD suffix: XYZ
Then, after installing CNC policy, you will see the container names as shown below:Containers: abcd-am-service-xyz:
- Custom service account: You can use a custom service account for
all services by adding it to global section in the custom values
file:
global: serviceAccountName: ocpcfsaccount
Note:
You can create the service account and roles before the installation as well. - Disable init containers: Init containers do not work when the namespace has
aspen service mTLS enabled. To disable init containers, set the value for
initContainerEnable
to false in custom values file.global: initContainerEnable: false
- PERMISSIVE rule: To set Permissive rule for Diameter Gateway and Ingress
Gateway Service, set the following flags to true in custom value
file:
global: istioIngressTlsSupport: diamGateway: true
global: istioIngressTlsSupport: ingressGateway: true
OAUTH Configuration
Note:
These configurations are applicable when the Ingress/Egress Gatway is enabled and the NRF Client services are enabled.Table 3-35 Configurable Parameters for OAUTH Configuration in Ingress Gateway
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
ingress-gateway.oauthValidatorEnabled | Enable or disable OAuth Validator. | Yes | False | CNC Policy & PCF | Added in Release 1.5.x | |
ingress-gateway.nfInstanceId | NF Instance Id of service producer | No | 6faf1bbc-6e4a-4454-a507-a14ef8e1bc11 | CNC Policy & PCF | Added in Release 1.5.x | |
ingress-gateway.allowedClockSkewSeconds | set this value if clock on the parsing NF (producer) is not perfectly in sync with the clock on the NF (consumer) that created by JWT | No | 0 | CNC Policy & PCF | Added in Release 1.6.x | |
ingress-gateway.nrfPublicKeyKubeSecret | Name of the secret which stores the public key(s) of NRF | No | CNC Policy & PCF | Added in Release 1.5.x | ||
ingress-gateway.nrfPublicKeyKubeNamespace | Namespace of the NRF public key secret | No | CNC Policy & PCF | Added in Release 1.5.x | ||
ingress-gateway.validationType | Possible values are:
strict- If incoming request does not contain "Authorization" (Access Token) header, the request is rejected. relaxed- relaxed means that if Incoming request contains "Authorization" header, it is validated. If Incoming request does not contain "Authorization" header, validation is ignored. |
No | relaxed | CNC Policy & PCF | Added in Release 1.6.x | |
ingress-gateway.producerPlmnMNC | MNC of the service producer | No | 123 | CNC Policy & PCF | Added in Release 1.5.x | |
ingress-gateway.producerPlmnMCC | MCC of the service producer | No | 456 | CNC Policy & PCF | Added in Release 1.5.x |
# ----OAUTH CONFIGURATION - BEGIN ----
oauthValidatorEnabled: false
nfInstanceId: 6faf1bbc-6e4a-4454-a507-a14ef8e1bc11
allowedClockSkewSeconds: 0
nrfPublicKeyKubeSecret: ''
nrfPublicKeyKubeNamespace: ''
validationType: relaxed
producerPlmnMNC: 123
producerPlmnMCC: 456
# ----OAUTH CONFIGURATION - END ----
Table 3-36 Configurable Parameters for OAUTH Configuration in Egress Gateway
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
egress-gateway.oauthClient.enabled | OAuth Validator Enabled | No | false | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.oauthClient.dnsSrvEnabled | Enable/Dsiable the DNS-SRV query to coreDNS Server | Optional | false | CNC Policy& PCF | Added in Release 1.8.0 | |
egress-gateway.oauthClient.httpsEnabled | Determine if https support is enabled or not which is a deciding factor for oauth request scheme and search query parameter in dns-srv request. | No | false | CNC Policy& PCF | Added in Release 1.8.0 | |
egress-gateway.oauthClient.virtualFqdn | virtualFqdn value which needs to be populated and sent in the dns-srv query. | Conditional ( If dnsSrvEnabled is set to true.) | -1 | CNC Policy& PCF | Added in Release 1.8.0 | |
egress-gateway.oauthClient.staticNrfList | List of Static NRF's | Conditional ( If oAuth is enabled.) | CNC Policy& PCF | Added in Release 1.8.0 | ||
egress-gateway.oauthClient.nfType | NFType of service consumer. | Conditional ( If oAuth is enabled.) | CNC Policy& PCF | Added in Release 1.5.x | ||
egress-gateway.oauthClient.nfInstanceId | NF InstanceId of Producer | No | fe7d992b-0541-4c7d-ab84-c6d70b1b01b1 | CNC Policy& PCF | Added in Release 1.5.x | Modify the parameter with actual value, if OAuth is enabled. |
egress-gateway.oauthClient.consumerPlmnMNC | MNC of service Consumer | No | 345 | CNC Policy& PCF | Added in Release 1.5.x | Modify the parameter with actual value, if OAuth is enabled. |
egress-gateway.oauthClient.consumerPlmnMCC | MCC of service Consumer | No | 567 | CNC Policy& PCF | Added in Release 1.5.x | Modify the parameter with actual value, if OAuth is enabled. |
egress-gateway.oauthClient.maxRetry | Maximum number of retry that need to be performed to other NRF Fqdn’s in case of failure response from first contacted NRF based on the errorCodeSeries configured. | Conditional ( If oAuth is enabled.) | 2 | CNC Policy& PCF | Added in Release 1.8.0 | |
egress-gateway.oauthClient.apiPrefix | apiPrefix that needs to be appended in the Oauth request flow. | Conditional ( If oAuth is enabled.) | "" | CNC Policy& PCF | Added in Release 1.8.0 | |
egress-gateway.oauthClient.errorCodeSeries | Determines the fallback condition to other NRF in case of failure response from currently contacted NRF. | Conditional ( If oAuth is enabled and required a different error code series.) | 4XX | CNC Policy& PCF | Added in Release 1.8.0 | |
egress-gateway.oauthClient.retryAfter | RetryAfter value in milliseconds that needs to be set for a particular NRF Fqdn, if the error matched the configured errorCodeSeries. | Conditional ( If oAuth is enabled.) | 5000 | CNC Policy& PCF | Added in Release 1.8.0 |
# ---- Oauth Configuration - BEGIN ----
oauthClient:
enabled: false
dnsSrvEnabled: false
httpsEnabled: false
virtualFqdn: nrf.oracle.com:80
staticNrfList:
- nrf1.oracle.com:80
nfType: PCF
nfInstanceId: fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
consumerPlmnMNC: 345
consumerPlmnMCC: 567
maxRetry: 2
apiPrefix: ""
errorCodeSeries: 4XX
retryAfter: 5000
# ---- Oauth Configuration - END ----
XFCC Header Validation Configuration
This section describes the customizatons that you can make in custom-value.yaml files to configure XFCC header.
XFCC introduces support for CNC Policy as a producer, to check, if Service Communication Proxy (SCP) which has sent the HTTP request is the same proxy consumer/client, which is expected to send a HTTP2 request. This is achieved by comparing the FQDN of the SCP present in the “x-forwarded-client-cert” (XFCC) of http2 header, with the FQDN of the SCPs configured in the CNC Policy.
Table 3-37 Configurable Parameters for XFCC Header Validation Configuration
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
ingress-gateway.xfccHeaderValida tion.validation.enabled | Determines if incoming xfcc header needs to be validated | Optional | false | CNCPolicy & PCF | Added in Release 1.8.0 | |
ingress-gateway.xfccHeaderValida tion.validation.scpList | List of configured SCP FQDN’s against which the XFCC header entries will be validated. Currently, the validation means case-sensitive match with configured list. | Conditional ( If xfccHeader validation is enabled.) | CNCPolicy & PCF | Added in Release 1.8.0 | ||
ingress-gateway.xfccHeaderValida tion.validation.matchCerts | The number of certificates that need to be validated
starting from the right most entry in the XFCC header.
|
Conditional ( If xfccHeader validation is enabled.) | -1 | CNCPolicy & PCF | Added in Release 1.8.0 | |
ingress-gateway.xfccHeaderValida tion.validation.matchField | Field in a corresponding XFCC header against which the configured scpList FQDN validation needs to be performed. | Conditional ( If xfccHeader validation is enabled.) | DNS | CNCPolicy & PCF | Added in Release 1.8.0 |
xfccHeaderValidation:
validation:
enabled: false
scpList:
- scp1.com
- scp2.com
- scp3.com
matchCerts: -1
matchField: DNS
Ingress/Egress Gateway HTTPS Configuration
Note:
These configurations are applicable only when ingress/egress gateway is enabled and the following parameters are set to true in custom-yaml file:- ingress-gateway.enableIncomingHttps
- egress-gateway.enableOutgoingHttps
Table 3-38 Configurable Parameters for HTTPS Configurations in Ingress Gateway
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
ingress-gateway.enableIncomingHttps | To enable https for ingress traffic | No | False | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | |
ingress-gateway.service.ssl.privateKey.k8SecretName |
Name of the private key secret. | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.privateKey.k8NameSpace |
Namespace of private key. | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.privateKey.rsa.fileName |
rsa private key file name. | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.certificate.k8SecretName |
Name of the privatekey secret | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.certificate.k8NameSpace |
Namespace of privatekey | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.certificate.rsa.fileName |
rsa private key file name | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.caBundle.k8SecretName |
Name of the privatekey secret | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.caBundle.k8NameSpace |
Namespace of privatekey | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.caBundle.fileName |
private key file name | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.keyStorePassword.k8SecretName |
Name of the privatekey secret | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttp is true |
ingress-gateway.service.ssl.keyStorePassword.k8NameSpace |
Namespace of privatekey | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.keyStorePassword.fileName |
File name that has password for keyStore | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.trustStorePassword.k8SecretName |
Name of the privatekey secret | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.trustStorePassword.k8NameSpace |
Namespace of privatekey | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingress-gateway.service.ssl.trustStorePassword.fileName |
File name that has password for trustStore | No | Not Applicable | CNC Policy, PCF, &cnPCRF | Added in Release 1.5.x | required if enableIncomingHttps is true |
ingressServer.keepAlive.enabled | No | false | Added in Release 1.7.3 | |||
ingressServer.keepAlive.idealTime | No | 180 (in seconds) | Added in Release 1.7.3 | |||
ingressServer.keepAlive.count | No | 9 | Added in Release 1.7.3 | |||
ingressServer.keepAlive.interval | No | 60 (in seconds) | Added in Release 1.7.3 | |||
global.configServerPort | No | 5807 | CNC Policy, PCF, &cnPCRF | Added in Release 1.7.3 |
# ---- HTTPS Configuration - BEGIN ----
enableIncomingHttps: false
service:
ssl:
privateKey:
k8SecretName: occnp-gateway-secret
k8NameSpace: occnp
rsa:
fileName: rsa_private_key_pkcs1.pem
certificate:
k8SecretName: occnp-gateway-secret
k8NameSpace: occnp
rsa:
fileName: ocegress.cer
caBundle:
k8SecretName: occnp-gateway-secret
k8NameSpace: occnp
fileName: caroot.cer
keyStorePassword:
k8SecretName: occnp-gateway-secret
k8NameSpace: occnp
fileName: key.txt
trustStorePassword:
k8SecretName: occnp-gateway-secret
k8NameSpace: occnp
fileName: trust.txt
Table 3-39 Configurable Parameters for HTTPS Configurations in Egress Gateway
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
egress-gateway.enableOutgoingHttps | Enabling it for outgoing https request | No | false | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.egressGwCertReloadEnabled | No | false | CNC Policy& PCF | Added in Release 1.5.x | ||
egress-gateway.egressGwCertReloadPath | No | /egress-gw/store/reload | CNC Policy& PCF | Added in Release 1.5.x | ||
egress-gateway.service.ssl.privateKey.k8SecretName | Name of the privatekey secret | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.privateKey.k8NameSpace | Namespace of privatekey | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.privateKey.rsa.fileName | rsa private key file name | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.privateKey.ecdsa.fileName | ecdsa private key file name | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.certificate.k8SecretName | Name of the privatekey secret | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.certificate.k8NameSpace | Namespace of privatekey | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.certificate.rsa.fileName | rsa private key file name | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.certificate.ecdsa.fileName | ecdsa private key file name | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.caBundle.k8SecretName | Name of the privatekey secret | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.caBundle.k8NameSpace | Namespace of privatekey | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.caBundle.fileName | private key file name | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.keyStorePassword.k8SecretName | Name of the privatekey secret | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.keyStorePassword.k8NameSpace | Namespace of privatekey | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.keyStorePassword.fileName | File name that has password for keyStore | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.trustStorePassword.k8SecretName | Name of the privatekey secret | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.trustStorePassword.k8NameSpace | Namespace of privatekey | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x | |
egress-gateway.service.ssl.trustStorePassword.fileName | File name that has password for trustStore | No | Not Applicable | CNC Policy& PCF | Added in Release 1.5.x |
# ---- HTTPS Configuration - BEGIN ----
#Enabling it for egress https requests
enableOutgoingHttps: false
egressGwCertReloadEnabled: false
egressGwCertReloadPath: /egress-gw/store/reload
service:
ssl:
privateKey:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
rsa:
fileName: ocegress.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
fileName: key.txt
trustStorePassword:
k8SecretName: ocpcf-gateway-secret
k8NameSpace: ocpcf
fileName: trust.txt
# ---- HTTPS Configuration - END ----
SCP Configuration
This section describes the customizatons that you can make in custom-value.yaml files to support SCP integration.
Table 3-40 Configurable Parameters for SCP Configuration
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
egress-gateway.scpIntegrationEnabled | Change this to false when scp integration is not required | No | false | CNC Policy& PCF | Added in Release 1.6.x | |
egress-gateway.scp.scpRerouteEnabled | Set this flag to true if re-routing to multiple SCP instances is to be enabled. globalretry can be enabled only when scpRerouteEnabled flag is set to true. | No | false | CNC Policy& PCF | Added in Release 1.6.x | |
egress-gateway.globalretry.enabled | globalretry can be enabled only when scpRerouteEnabled flag is set to true. And, it is applied only when no "retries" is specified under routesConfig. | O | false | CNC Policy& PCF | Added in Release 1.6.x | |
egress-gateway.globalretry.retries | CNC Policy& PCF | Added in Release 1.6.x | ||||
egress-gateway.scp.instances.http.host | SCP HTTP IP/FQDN | No | Not Applicable | CNC Policy& PCF | Added in Release 1.6.x
Deprecated in Release 1.8.0; Replaced with "egress-gateway.scp.instances.scpSets[0].httpConfigs[0].host"parameter |
|
egress-gateway.scp.instances.http.Port | SCP HTTP PORT | No | 80 | CNC Policy& PCF | Added in Release 1.6.x
Deprecated in Release 1.8.0; Replaced with "egress-gateway.scp.instances.scpSets[0].httpConfigs[0].port"parameter |
|
egress-gateway.scp.instances.http.ApiPrefix | Change this value to corresponding prefix "/" is not expected to be provided along. Applicable only for SCP with TLS enabled. | No | / | CNC Policy& PCF | Added in Release 1.6.x
Deprecated in Release 1.8.0; Replaced with "egress-gateway.scp.instances.scpSets[0].httpConfigs[0].apiPrefix"parameter |
|
egress-gateway.scp.scpDefaultScheme | Default scheme applicable when 3gpp-sbi-target-apiroot header is missing | No | https | CNC Policy& PCF | Added in Release 1.6.x | |
egress-gateway.K8ServiceCheck | Enable this if loadbalancing is to be done by egress instead of K8s | No | false | CNC Policy& PCF | Added in Release 1.5.x | |
httpsScpOnly |
This is global parameter which will be taken into consideration if route (under routeConfig section ) based httpsScpOnly parameter is not available. If set to true, select SCP instances for https list only. If set to false, run existing logic as per provided scheme. |
No | false | CNC Policy& PCF | Added in Release 1.7.3 | Please note double quotes to be enclosed for values of httpScpOnly. |
httpRuriOnly |
This is global parameter which will be taken into consideration if route (under routeConfig section) based httpRuriOnly parameter is not available. If set to true, change scheme of RURI to http. If set to false, don't change the scheme. |
No | false | CNC Policy& PCF | Added in Release 1.7.3 | Please notedouble quotes to be enclosed for values of httpsScpOnly. |
routesConfig[0].httpRuriOnly |
If set to true, change Scheme of RURI to http. If set to false, don't change the scheme. |
No | false | CNC Policy& PCF | Added in Release 1.7.3 | Please note double quotes to be enclosed for values of httpsRuriOnly. If httpsRuriOnly under route is not present globally available value will be considered. |
routesConfig[0].httpsScpOnly |
If set to true, select SCP instances for https list only. If set to false, run existing logic as per provided scheme. |
No | false | CNC Policy& PCF | Added in Release 1.7.3 | Please note double quotes to be enclosed for values of httpsScpOnly. If httpsScpOnly under route is not present globally available value will be considered. |
egress-gateway.scp.instances.scpSets[0] |
SetId for the SCP instances. Only one set of Static configuration of SCP instances are allowed to be configured. Dynamic configuration sets can be any number. Refer Custom-values file for more details. |
Yes | false | CNC Policy& PCF | Added in Release 1.8.0 | |
egress-gateway.scp.instances.scpSets[0].httpConfigs[0].host | First Scp instance HTTP IP/FQDN | Yes (If scp.scpIntegrationEnabled is set to true.) | CNC Policy& PCF | Added in Release 1.8.0 | More SCP instances can be configured in a similar way if required. | |
egress-gateway.scp.instances.scpSets[0].httpConfigs[0].port | First Scp instance Port | Yes (If scp.scpIntegrationEnabled is set to true.) | CNC Policy& PCF | Added in Release 1.8.0 | ||
egress-gateway.scp.instances.scpSets[0].httpConfigs[0].apiPrefix | First Scp instance apiPrefix. Change this value to corresponding prefix if "/" is not expected to be provided along. Applicable only for SCP with TLS enabled. | No | / | CNC Policy& PCF | Added in Release 1.8.0 | Examples : XXX, Point to be noted here is that "/" is not required to be included when providing some data. |
egress-gateway.scp.instances.scpSets[0].httpConfigs[0].virtualHost | This will have Http VirtualFQDN and is applicable from SetId 1 and later. | Yes (If DnsSrv integration is required) | Not Applicable | CNC Policy& PCF | Added in Release 1.8.0 | |
egress-gateway.scp.instances.scpSets[0].httpsConfigs[0].host | First SCP instance HTTPS IP/FQDN | Yes (If scp.scpIntegrationEnabled is set to true.) | Not Applicable | CNC Policy& PCF | Added in Release 1.8.0 | More SCP instances can be configured in a similar way if required. |
egress-gateway.scp.instances.scpSets[0].httpsConfigs[0].port | First SCP instance HTTPS Port | Yes (If scp.scpIntegrationEnabled is set to true.) | Not Applicable | CNC Policy& PCF | Added in Release 1.8.0 | |
egress-gateway.scp.instances.scpSets[0].httpsConfigs[0].apiPrefix | First Scp instance apiPrefix. Change this value to corresponding prefix if "/" is not expected to be provided along. Applicable only for SCP with TLS enabled. | No | / | CNC Policy& PCF | Added in Release 1.8.0 | Examples : XXX, Point to be noted here is that "/" is not required to be included when providing some data. |
egress-gateway.scp.instances.scpSets[0].httpsConfigs[0].virtualHost | This will have Http VirtualFQDN and is applicable from SetId 1 and later. | Yes (If DnsSrv integration is required) | Not Applicable | CNC Policy& PCF | Added in Release 1.8.0 |
# ---- SCP Configuration - BEGIN ----
# globalretry can be enabled only when scpRerouteEnabled flag is set to true. This is an OPTIONAL configuration. And
# it is applied only when no "retries" specified under routesConfig
globalretry:
enabled: false
retries: 2
# Below is a basic route configuration for SCP. This configuration routes all egress traffic towards SCP.
# filterName1 - (fixed value)should be set to ScpFilter
# The retry section (fliterName2) is required only when there is a need to retry the requests. Retry will be sent to secondary SCP, if no secondary configured then retry will happen on primary.
# filterName2.name - (fixed value) should have the value ScpRetry.
# filterName2.retries - (Customizable value) number of retries can be done for a request
# filterName2.methods - (Customizable value) HTTP request methods for which retries should be done.
# filterName2.statuses - (Customizable value) HTTP status received on response for which request should be retried.
#routesConfig:
#- id: scp_route
# uri: https://dummy.dontchange
# path: /**
# order: 1
# filterName1: ScpFilter
# filterName2:
# name: ScpRetry
# retries: 1
# methods: GET, POST, PUT, DELETE, PATCH
# statuses: INTERNAL_SERVER_ERROR, BAD_GATEWAY
scp:
# Change this to true when scp integration is required. Below SCP configurations will take effect only when this is 'true'.
scpIntegrationEnabled: false
# Default scheme applicable when 3gpp-sbi-target-apiroot header is missing
scpDefaultScheme: http
# Set this flag to true if re-routing to multiple SCP instances is to be enabled.
scpRerouteEnabled: false
#globalretry can be enabled only when scpRerouteEnabled flag is set to true.
# Configure the SCP instance(s) host/IP and port.
# At least one SCP host details (under http or https) is required when scpIntegrationEnabled
# In this example scp-host-1 is primary SCP and scp-host-1 is secondary SCP.
instances:
scpSets:
- setId: 0
httpConfigs:
- host: scp-host-1
port: 80
apiPrefix: "/" # Change this value to corresponding prefix "/" is not expected to be provided along.
- host: scp-host-2
port: 80
apiPrefix: "/"
- host: scp-host-3
port: 80
apiPrefix: "/"
httpsConfigs:
- host: scp-host-1
port: 443
apiPrefix: "/"
- host: scp-host-2
port: 443
apiPrefix: "/"
- host: scp-host-3
port: 443
apiPrefix: "/"
- setId: 1
httpConfigs:
- virtualHost: xyz.test.com
apiPrefix: "/"
httpsConfigs:
- virtualHost: abc.test.com
apiPrefix: "/"
# ---- SCP Configuration - END ----
Alternate Route Service Configuration
This section describes the customizatons that you should make in custom-value.yaml files to configure alternate route service (DNS-SRV).
These configurations are applicable only when alternate route service is enabled.
With SRV Records, you can configure and maintain NF FQDN dynamically at the DNS Server, which can be further selected by CNC Policy, when there is a NF failure. This is achieved by performing a SRV query on the virtual FQDN configured at the CNC Policy, rather than configuring primary and secondary NRF statically in every CNC Policy, only during instantiation time. This option of DNS lookup for SRV records would also provide alternate NFs to the CNC Policy during failover.
Table 3-41 Configurable Parameters for Alternate Route Service Configuration
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
alternate-route.staticVirtualFqdns[0].name | Name of the virtual FQDN/FQDN | Optional | CNCPolicy & PCF | Added in Release 1.8.0 | ||
alternate-route.staticVirtualFqdns[0].alternateFqdns[0].target | Name of the alternate FQDN mapped to above virtual FQDN | Yes, if "staticVirtualFqdns[0].name" is defined | CNCPolicy & PCF | Added in Release 1.8.0 | ||
alternate-route.staticVirtualFqdns[0].alternateFqdns[0].port | Port of the alternate FQDN | Yes, if "staticVirtualFqdns[0].name" is defined | - | CNCPolicy & PCF | Added in Release 1.8.0 | |
alternate-route.staticVirtualFqdns[0].alternateFqdns[0].priority | Priority of the alternate FQDN | Yes, if "staticVirtualFqdns[0].name" is defined | CNCPolicy & PCF | Added in Release 1.8.0 | ||
alternate-route.dnsSrvEnabled | Flag to enable the DNS-SRV query to coreDNS Server. | No | true | CNCPolicy & PCF | Added in Release 1.8.0 | |
alternate-route.dnsSrvFqdnSetting.enabled | Flag to enable the usage of custom pattern for the FQDN while triggering DNS-SRV query | No | true | CNCPolicy & PCF | Added in Release 1.8.0 | If this flag is set to false, then default value: "_{scheme}._tcp.{fqdn}." will be used. |
alternate-route.dnsSrvFqdnSetting.pattern | Pattern of the FQDN which will used to format the incoming FQDN and Scheme while triggering DNS-SRV query | Yes if "dnsSrvFqdnSetting.enabled" is set to true | "_{scheme}._tcp.{fqdn}." | CNCPolicy & PCF | Added in Release 1.8.0 | |
egress-gateway.dnsSrv.host | Host of DNS Alternate Route Service | Conditional ( If DnsSrv integration is required.) | 5000 | CNCPolicy & PCF | Added in Release 1.8.0 | |
egress-gateway.dnsSrv.port | Port of DNS Alternate Route Service | Conditional ( If DnsSrv integration is required.) | 5000 | CNCPolicy & PCF | Added in Release 1.8.0 | |
egress-gateway.dnsSrv.scheme | Scheme of request that need to be sent to alternate route service. | Conditional ( If DnsSrv integration is required.) | http | CNCPolicy & PCF | Added in Release 1.8.0 | |
egress-gateway.dnsSrv.errorCodeOnDNSResolutionFailure | Configurable error code to be used incase of DNS resolution failure. | Conditional ( If DnsSrv integration is required.) | 425 | CNCPolicy & PCF | Added in Release 1.8.0 | |
nrf-client-nfmanagement.alternateRouteServiceEnabled | Flag to tell nrf-client services if alternate route service is deployed or not. This flag should be set to true when the global.alternateRouteServiceEnable parameter is set as true. | No | false | CNCPolicy & PCF | Added in Release 1.8.0 | Applicable only if Alternate Route Service is enabled. |
nrf-client-nfdiscovery.alternateRouteServiceEnabled | Flag to tell nrf-client services if alternate route service is deployed or not. This flag should be set to true when the global.alternateRouteServiceEnable parameter is set as true. | No | false | CNCPolicy & PCF | Added in Release 1.8.0 | Applicable only if Alternate Route Service is enabled. |
#Static virtual FQDN Config
staticVirtualFqdns:
- name: https://abc.test.com
alternateFqdns:
- target: abc.test.com
port: 5060
priority: 10
- target: xyz.test.com
port: 5060
priority: 20
- name: http://xyz.test.com
alternateFqdns:
- target: xyz.test.com
port: 5060
priority: 10
- target: abc.test.com
port: 5060
priority: 20 #Flag to control if DNS-SRV queries are sent to coreDNS or not
dnsSrvEnabled: true
#Below configuration is for customizing the format of FQDN which will used while querying coreDNS for SRV Records
dnsSrvFqdnSetting:
enabled: true #If this flag is disabled, then default value of "_{scheme}._tcp.{fqdn}." will be used for Pattern
pattern: "_{scheme}._tcp.{fqdn}." #Ex: _http._tcp.service.example.org.
egress-gateway:
dnsSrv:
host: 10.75.225.67
port: 32081
scheme: http
errorCodeOnDNSResolutionFailure: 425
Logging Configuration
This section describes the customizatons that you should make in custom-value.yaml files to configure logging.
Table 3-42 Configurable Parameters for Logging Configuration in Ingress Gateway
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
ingress-gateway.log.level.root | Log level for root logs | No | WARN | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | Applicable only when ingress-gateway is enabled. |
ingress-gateway.log.level.ingress | Log level for ingress logs | No | INFO | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | Applicable only when ingress-gateway is enabled. |
ingress-gateway.log.level.oauth | Log level for oauth logs | No | INFO | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | Applicable only when ingress-gateway is enabled. |
ingress-gateway:
log:
level:
root: WARN
ingress: WARN
oauth: WARN
Table 3-43 Configurable Parameters for Logging Configuration in Egress Gateway
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
egress-gateway.log.level.root | Log level for root logs | No | WARN | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | Applicable only when egress-gateway is enabled. |
egress-gateway.log.level.egress | Log level for egress logs | No | WARN | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | Applicable only when egress-gateway is enabled. |
egress-gateway.log.level.oauth | Log level for oauth logs | No | WARN | CNC Policy, PCF, &cnPCRF | Added in Release 1.6.x | Applicable only when egress-gateway is enabled. |
egress-gateway:
log:
level:
root: WARN
egress: WARN
oauth: WARN
Table 3-44 Configurable Parameters for Logging Configuration in Alternate Route Service
Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
---|---|---|---|---|---|---|
alternate-route.log.level.root | Log level for root logs | No | WARN | CNC Policy & PCF | Added in Release 1.8.0 | Applicable only when alternate route service is enabled. |
alternate-route.log.level.altroute | Log level for alternate route logs | No | INFO | CNC Policy & PCF | Added in Release 1.8.0 | Applicable only when alternate route service is enabled. |
alternate-route:
log:
level:
root: WARN
altroute: WARN