Sample values.yaml file
This section provides information about the configurable parameters and
values defined in the custom values.yaml template file. The following sample illustrates the
ocsepp-custom-values_1.4.0 yaml file:
# Copyright 2020 (C), Oracle and/or its affiliates. All rights reserved.
# # Default values for ocsepp.
# # This is a YAML-formatted file.
# # Declare variables to be passed into your templates
############################################################################################################
# Section Start: global attributes #
############################################################################################################
global:
# Docker registry name for all the gateways(n32-ingress-gateway, plmn-ingress-gateway, n32-egress-gateways, plmn-egress-gateway)
dockerRegistry: helm-gateway-repo
# Kubernetes Secret containing DB credentials
dbCredSecretName: 'ocsepp-mysql-cred'
# NameSpace where secret is deployed
nameSpace: seppsvc
# MYSQL configurable params
mysql:
primary:
host: "sepp-mysql-svc"
port: 3306
secondary:
host: "sepp-mysql-svc"
port: 3306
# Name of Sepp database
seppDbName: "seppdb"
#**************************************************************************
# ******** Sub-Section Start: Gateways Global Parameters ***************
#**************************************************************************
#**************************************************************************
# ******** Sub-Section Finish: Gateways Global Parameters **************
#**************************************************************************
#**************************************************************************
# ******** Sub-Section Start: NrfClint Global Parameters ***************
#**************************************************************************
#**************************************************************************
# ******** Sub-Section Finish: NrfClint Global Parameters **************
#**************************************************************************
# The value of nfName is specified as ocnf which is stands of Oracle NF.
# nfName is used as a prefix in serivce names of nrf client's service and other services it connects to for eg appinfo, config server etc.
nfName: sepp
# Global control to enable/disable deployment of NF Management service.
nrfClientNfManagementEnable: true
# Jaeger tracing host
envJaegerAgentHost: ''
# Jaeger tracing port
envJaegerAgentPort: 6831
# Provide value for NodePort
nrfClientNodePort: 0
# Readiness-Detector image details with tag
imageServiceDetector: nrf-client/readiness-detector:helm-nrfclient-tag
configServerEnable: true
# Config-Server Service. Shall be used as {{ ReleaseName }}-configServerFullNameOverride
configServerFullNameOverride: ocpm-config
# Mysql Host
envMysqlHost: 'sepp-mysql-svc'
# Mysql Port
envMysqlPort: '3306'
# Mysql Secret Name
#dbCredSecretName: 'ocsepp-mysql-cred'
# Mysql Config Server Databse Name
# Global Control to disable appinfo service
appinfoServiceEnable: true
# Deployment Specific configuration
deploymentNrfClientService:
# Services to be monitored by performance service
# If no services are to be monitored, envNfNamespace,envNfType,envConsumeSvcName can be left blank
envNfNamespace: ''
envNfType: ''
envConsumeSvcName: ''
# Egress gateway Host. Shall be used as {{ ReleaseName }}-envEgressGatewayFullnameOverride
envEgressGatewayFullnameOverride: plmn-egress-gateway
# Egress gateway Port
envEgressGatewayPort: "8080"
# Callback URI to receive Notifications from NRF
nfApiRoot:
nodeSelectorEnabled: false
nodeSelectorKey: zone
nodeSelectorValue: app
# K8s Secret containing Database/user/password for DB Hooks for creating tables
privilegedDbCredSecretName: 'ocsepp-mysql-cred'
# Mysql Release Database Name
releaseDbName: 'seppdb'
#**************************************************************************
## ******** Sub-Section Start: Local Sepp Profile ************************
##**************************************************************************
localProfile:
name: "SEPP-1"
plmn:
mcc: "311"
mnc: "282"
domain: "oracle.com"
interPlmnFqdn: "sepp1.inter.oracle.com"
intraPlmnFqdn: "ocsepp-plmn-ingress-gateway.seppsvc"
supportedSecurityCapabilityList:
- "TLS"
apiPrefix: ""
retryInterval: 300000
maxRetry: -1
nfInstanceId: "9faf1bbc-6e4a-4454-a507-aef01a101a06"
#**************************************************************************
## ******** Sub-Section Finish: Local Sepp Profile **********************
##**************************************************************************
#########################################################
# Section End : global attributes #
#########################################################
###########################################################################
# Section Start : n32-ingress-gateway Micro service attributes #
###########################################################################
n32-ingress-gateway:
cmName: ingressgateway
prefix: 'n32'
global:
# port on which SEPP's n32-ingress-Gateway service is exposed
# If httpsEnabled is false, this Port would be HTTP/2.0 Port (unsecured)
# If httpsEnabled is true, this Port would be HTTPS/2.0 Port (secured SSL)
publicHttpSignalingPort: 80
publicHttpsSignallingPort: 443
serviceAccountName: ''
#Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: LoadBalancer
#Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: true
#Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
#If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress
#Else random IP will be assigned by the metalLB from its IP Pool
staticIpAddressEnabled: false
staticIpAddress: 10.75.212.60
#If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort
#Else random node port will be assigned by K8
staticNodePortEnabled: false
staticHttpNodePort: 30075
staticHttpsNodePort: 30043
image:
# image name
name: ocingress_gateway
# tag name of image
tag: helm-gateway-tag
# Pull Policy - Possible Values are:- Always, Always, Never
pullPolicy: Always
initContainersImage:
# inint Containers image name
name: configurationinit
# tag name of init Container image
tag: helm-gateway-config-tag
# Pull Policy - Possible Values are:- Always, Always, Never
pullPolicy: Always
updateContainersImage:
# update Containers image name
name: configurationupdate
# tag name of update Container image
tag: helm-gateway-config-tag
# Pull Policy - Possible Values are:- Always, Always, Never
pullPolicy: Always
service:
ssl:
tlsVersion: TLSv1.2
privateKey:
k8SecretName: ocsepp-n32-secret
k8NameSpace: seppsvc
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: ocsepp-n32-secret
k8NameSpace: seppsvc
rsa:
fileName: ocsepp.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: ocsepp-n32-secret
k8NameSpace: seppsvc
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocsepp-n32-secret
k8NameSpace: seppsvc
fileName: key.txt
trustStorePassword:
k8SecretName: ocsepp-n32-secret
k8NameSpace: seppsvc
fileName: trust.txt
initialAlgorithm: RSA256
# Labels and Annotations that are specific to service ingressgateway are added here.
customExtension:
labels: {}
annotations: {}
# Labels and Annotations that are specific to deployment ingressgateway are added here.
deployment:
customExtension:
labels: {}
annotations: {}
ports:
# ContainerPort represents a network port in a single container
containerPort: 8081
containersslPort: 8443
actuatorPort: 9090
#Set the root log level
log:
level:
root: WARN
ingress: WARN
oauth: WARN
updateContainer: WARN
cncc:
security: WARN
traceIdGenerationEnabled: true
# Resource details
resources:
limits:
cpu: 4
initServiceCpu: 0.5
updateServiceCpu: 0.5
memory: 4Gi
updateServiceMemory: 0.5Gi
initServiceMemory: 0.5Gi
requests:
cpu: 2
initServiceCpu: 0.5
updateServiceCpu: 0.5
memory: 2Gi
updateServiceMemory: 0.5Gi
initServiceMemory: 0.5Gi
target:
averageCpuUtil: 80
# Number of Pods must always be available, even during a disruption.
minAvailable: 1
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 5
# enable jaeger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# udpsender host
host: "occne-tracer-jaeger-agent.occne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
allowedCipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#######################################################################
# To Initialize SSL related infrastructure in init/update container
initssl: true
#Server Configuration for http and https support
enableIncomingHttp: false
enableIncomingHttps: true
enableOutgoingHttps: false
needClientAuth: true
#######################################################################
rateLimiting:
enabled: false
routeRateLimiting:
enabled: false
globalIngressRateLimiting:
enabled: false
duration: 1 # in seconds
burstCapacity: 1
refillRate: 1
###########################################################################
# Section End : n32-ingress-gateway Micro service attributes #
###########################################################################
###########################################################################
# Section Start : n32-egress-gateway Micro service attributes #
###########################################################################
n32-egress-gateway:
#Configmap name should be same as Spring boot application name
cmName: egressgateway
prefix: 'n32'
serviceEgressGateway:
port: 8080
sslPort: 8442
actuatorPort: 9090
deploymentEgressGateway:
image: ocegress_gateway
imageTag: helm-gateway-tag
pullPolicy: Always
initContainersImage:
name: configurationinit
tag: helm-gateway-config-tag
pullPolicy: Always
updateContainersImage:
name: configurationupdate
tag: helm-gateway-config-tag
pullPolicy: Always
#HTTPS Configuration######################
#
initssl: true
enableIncomingHttps: false
#enable true only if "initssl" --> true
enableOutgoingHttps: true
##########################################
log:
level:
root: WARN
egress: WARN
oauth: WARN
updateContainer: WARN
service:
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: ClusterIP
ssl:
tlsVersion: TLSv1.2
#supportedCipherSuiteList: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
privateKey:
k8SecretName: ocsepp-n32-secret
k8NameSpace: seppsvc
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: ocsepp-n32-secret
k8NameSpace: seppsvc
rsa:
fileName: ocsepp.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: ocsepp-n32-secret
k8NameSpace: seppsvc
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocsepp-n32-secret
k8NameSpace: seppsvc
fileName: key.txt
trustStorePassword:
k8SecretName: ocsepp-n32-secret
k8NameSpace: seppsvc
fileName: trust.txt
initialAlgorithm: RSA256
# Labels and Annotations that are specific to service egressgateway are added here.
customExtension:
labels: {}
annotations: {}
# Labels and Annotations that are specific to service egressgateway are added here.
deployment:
customExtension:
labels: {}
annotations: {}
# enable jaeger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# udpsender host
host: "occne-tracer-jaeger-agent.occne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
resources:
limits:
cpu: 4
initServiceCpu: 0.5
updateServiceCpu: 0.5
memory: 4Gi
updateServiceMemory: 0.5Gi
initServiceMemory: 0.5Gi
requests:
cpu: 2
initServiceCpu: 0.5
updateServiceCpu: 0.5
memory: 2Gi
updateServiceMemory: 0.5Gi
initServiceMemory: 0.5Gi
target:
averageCpuUtil: 80
# Number of Pods must always be available, even during a disruption.
minAvailable: 1
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 5
allowedCipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
###########################################################################
# Section End : n32-egress-gateway Micro service attributes #
###########################################################################
###########################################################################
# Section Start :plmn-ingress-gateway Micro service attributes #
###########################################################################
plmn-ingress-gateway:
cmName: ingressgateway
prefix: 'plmn'
global:
# port on which SEPP's ingress-Gateway service is exposed
# If httpsEnabled is false, this Port would be HTTP/2.0 Port (unsecured)
# If httpsEnabled is true, this Port would be HTTPS/2.0 Port (secured SSL)
publicHttpSignalingPort: 80
publicHttpsSignallingPort: 443
serviceAccountName: ''
#Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: LoadBalancer
#Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: true
#Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
#If Static load balancer IP needs to be set, then set staticIpAddressEnabled flag to true and provide value for staticIpAddress
#Else random IP will be assigned by the metalLB from its IP Pool
staticIpAddressEnabled: false
staticIpAddress: 10.75.212.60
#If Static node port needs to be set, then set staticNodePortEnabled flag to true and provide value for staticNodePort
#Else random node port will be assigned by K8
staticNodePortEnabled: false
staticHttpNodePort: 30085
staticHttpsNodePort: 30053
image:
# image name
name: ocingress_gateway
# tag name of image
tag: helm-gateway-tag
# Pull Policy - Possible Values are:- Always, Always, Never
pullPolicy: Always
initContainersImage:
# inint Containers image name
name: configurationinit
# tag name of init Container image
tag: helm-gateway-config-tag
# Pull Policy - Possible Values are:- Always, Always, Never
pullPolicy: Always
updateContainersImage:
# update Containers image name
name: configurationupdate
# tag name of update Container image
tag: helm-gateway-config-tag
# Pull Policy - Possible Values are:- Always, Always, Never
pullPolicy: Always
service:
ssl:
tlsVersion: TLSv1.2
privateKey:
k8SecretName: ocsepp-plmn-secret
k8NameSpace: seppsvc
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: ocsepp-plmn-secret
k8NameSpace: seppsvc
rsa:
fileName: ocsepp.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: ocsepp-plmn-secret
k8NameSpace: seppsvc
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocsepp-plmn-secret
k8NameSpace: seppsvc
fileName: key.txt
trustStorePassword:
k8SecretName: ocsepp-plmn-secret
k8NameSpace: seppsvc
fileName: trust.txt
initialAlgorithm: RSA256
# Labels and Annotations that are specific to service ingressgateway are added here.
customExtension:
labels: {}
annotations: {}
# Labels and Annotations that are specific to deployment ingressgateway are added here.
deployment:
customExtension:
labels: {}
annotations: {}
ports:
# ContainerPort represents a network port in a single container
containerPort: 8081
containersslPort: 8443
actuatorPort: 9090
#Set the root log level
log:
level:
root: WARN
ingress: WARN
oauth: WARN
updateContainer: WARN
cncc:
security: WARN
traceIdGenerationEnabled: true
# Resource details
resources:
limits:
cpu: 4
initServiceCpu: 0.5
updateServiceCpu: 0.5
memory: 4Gi
updateServiceMemory: 0.5Gi
initServiceMemory: 0.5Gi
requests:
cpu: 2
initServiceCpu: 0.5
updateServiceCpu: 0.5
memory: 2Gi
updateServiceMemory: 0.5Gi
initServiceMemory: 0.5Gi
target:
averageCpuUtil: 80
# Number of Pods must always be available, even during a disruption.
minAvailable: 1
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 5
# enable jaeger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# udpsender host
host: "jaeger-agent.cne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
allowedCipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#######################################################################
# To Initialize SSL related infrastructure in init/update container
initssl: true
#Server Configuration for http and https support
enableIncomingHttp: true
enableIncomingHttps: true
enableOutgoingHttps: false
needClientAuth: true
#######################################################################
rateLimiting:
enabled: false
routeRateLimiting:
enabled: false
globalIngressRateLimiting:
enabled: false
duration: 1 # in seconds
burstCapacity: 1
refillRate: 1
###########################################################################
# Section End : plmn-ingress-gateway Micro service attributes #
###########################################################################
###########################################################################
# Section Start :plmn-egress-gateway Micro service attributes #
###########################################################################
plmn-egress-gateway:
#Configmap name should be same as Spring boot application name
cmName: egressgateway
#Enabled to get RBAC permission for k8s apiserver communication
prefix: 'plmn'
serviceEgressGateway:
port: 8080
sslPort: 8442
actuatorPort: 9090
deploymentEgressGateway:
image: ocegress_gateway
imageTag: helm-gateway-tag
pullPolicy: Always
initContainersImage:
name: configurationinit
tag: helm-gateway-config-tag
pullPolicy: Always
updateContainersImage:
name: configurationupdate
tag: helm-gateway-config-tag
pullPolicy: Always
#HTTPS Configuration######################
#
initssl: true
enableIncomingHttps: false
#enable true only if "initssl" --> true
enableOutgoingHttps: true
##########################################
#SCP Configuration
scp:
# Default scheme applicable when 3gpp-sbi-target-apiroot header is missing
scpDefaultScheme: https
# Change this to false when scp integration is not required
scpIntegrationEnabled: false
# Set this flag to true if re-routing to multiple SCP instances is to be enabled.
scpRerouteEnabled: false
instances:
scpSets:
- setId: 0
httpConfigs:
- host: localhost
port: 101
apiPrefix: "/" # Change this value to corresponding prefix "/" is not expected to be provided along.
httpsConfigs:
- host: localhost
port: 4431
apiPrefix: "/"
#Enabling this will make the service type default to ClusterIP
headlessServiceEnabled: false
log:
level:
root: WARN
egress: WARN
oauth: WARN
updateContainer: WARN
service:
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: ClusterIP
ssl:
tlsVersion: TLSv1.2
#supportedCipherSuiteList: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
privateKey:
k8SecretName: ocsepp-plmn-secret
k8NameSpace: seppsvc
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: ocsepp-plmn-secret
k8NameSpace: seppsvc
rsa:
fileName: ocsepp.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: ocsepp-plmn-secret
k8NameSpace: seppsvc
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocsepp-plmn-secret
k8NameSpace: seppsvc
fileName: key.txt
trustStorePassword:
k8SecretName: ocsepp-plmn-secret
k8NameSpace: seppsvc
fileName: trust.txt
initialAlgorithm: RSA256
# Labels and Annotations that are specific to service ingressgateway are added here.
customExtension:
labels: {}
annotations: {}
# Labels and Annotations that are specific to deployment gressgateway are added here.
deployment:
customExtension:
labels: {}
annotations: {}
#Route configuration
#Use this only when requests are routed to SCP
#Please note double quotes to be enclosed for values of httpsScpOnly and httpRuriOnly
globalretry:
enabled: false #globalretry can be enabled only when scpRerouteEnabled flag is set to true.
retries: 2
routesConfig:
- id: scp_direct1
uri: https://dummy.dontchange1
path: /npcf/**
order: 2
httpsScpOnly: "false"
httpRuriOnly: "false"
scpSetId: 0 #If this field is not specified, then default value of 0 will be picked
alternateScpOnReroute: false
filterName1: ScpFilter
filterName2:
name: ScpRetry
retries: 1
methods: GET, POST, PUT, DELETE, PATCH
statuses: BAD_REQUEST, INTERNAL_SERVER_ERROR, BAD_GATEWAY, NOT_FOUND
# Resource details
resources:
limits:
cpu: 4
initServiceCpu: 0.5
updateServiceCpu: 0.5
memory: 4Gi
updateServiceMemory: 0.5Gi
initServiceMemory: 0.5Gi
requests:
cpu: 2
initServiceCpu: 0.5
updateServiceCpu: 0.5
memory: 2Gi
updateServiceMemory: 0.5Gi
initServiceMemory: 0.5Gi
target:
averageCpuUtil: 80
# Number of Pods must always be available, even during a disruption.
minAvailable: 1
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 5
# enable jaeger tracing
jaegerTracingEnabled: false
openTracing :
jaeger:
udpSender:
# udpsender host
host: "occne-tracer-jaeger-agent.occne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.5
allowedCipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
###########################################################################
# Section End :plmn-egress-gateway Micro service attributes #
###########################################################################
###########################################################################
# Section Start :pn32f-svc Micro service attributes #
###########################################################################
pn32f-svc:
image:
repository: reg-1:5000
name: ocsepp-pn32f-svc
tag: helm-tag
pullPolicy: Always
log:
root: WARN
sepp: WARN
# Engineering Configuration:
resources:
limits:
cpu: 4
memory: 4Gi
requests:
cpu: 2
memory: 2Gi
target:
averageCpuUtil: 70
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 5
# Engineering Configuration:
# Labels and Annotations that are specific to service nfRegistration are added here.
service:
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: ClusterIP
customExtension:
labels: {}
annotations: {}
# Labels and Annotations that are specific to deployment nfRegistration are added here.
deployment:
customExtension:
labels: {}
annotations: {}
#Jaeger Tracing
jaegerTracingEnabled: false
bodyInTraceEnabled: false
openTracing:
jaeger:
udpSender:
host: "occne-tracer-jaeger-agent.occne-infra"
port: 6831
logSpans: false
probabilisticSamplingRate: 0.5
configs:
is3gppSbiTargetApiRootSchemeHttp: true
###########################################################################
# Section End :pn32f-svc Micro service attributes #
###########################################################################
###########################################################################
# Section Start :cn32f-svc Micro service attributes #
###########################################################################
cn32f-svc:
image:
repository: reg-1:5000
name: ocsepp-cn32f-svc
tag: helm-tag
pullPolicy: Always
log:
root: WARN
sepp: WARN
# Engineering Configuration:
resources:
limits:
cpu: 4
memory: 4Gi
requests:
cpu: 2
memory: 2Gi
target:
averageCpuUtil: 70
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 5
# Engineering Configuration:
# Labels and Annotations that are specific to service nfRegistration are added here.
service:
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: ClusterIP
customExtension:
labels: {}
annotations: {}
# Labels and Annotations that are specific to deployment nfRegistration are added here.
deployment:
customExtension:
labels: {}
annotations: {}
#Jaeger Tracing
jaegerTracingEnabled: false
bodyInTraceEnabled: false
openTracing:
jaeger:
udpSender:
host: "occne-tracer-jaeger-agent.occne-infra"
port: 6831
logSpans: false
probabilisticSamplingRate: 0.5
###########################################################################
# Section End :cn32f-svc Micro service attributes #
###########################################################################
###########################################################################
# Section Start :cn32c-svc Micro service attributes #
###########################################################################
cn32c-svc:
image:
repository: reg-1:5000
name: ocsepp-cn32c-svc
tag: helm-tag
pullPolicy: Always
log:
root: WARN
sepp: WARN
# Engineering Configuration:
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 1
memory: 1Gi
target:
averageCpuUtil: 70
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 5
# Engineering Configuration:
# Labels and Annotations that are specific to service nfRegistration are added here.
service:
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: ClusterIP
customExtension:
labels: {}
annotations: {}
# Labels and Annotations that are specific to deployment nfRegistration are added here.
deployment:
customExtension:
labels: {}
annotations: {}
#Jaeger Tracing
jaegerTracingEnabled: false
bodyInTraceEnabled: false
openTracing:
jaeger:
udpSender:
host: "occne-tracer-jaeger-agent.occne-infra"
port: 6831
logSpans: false
probabilisticSamplingRate: 0.5
###########################################################################
# Section End :cn32c-svc Micro service attributes #
###########################################################################
###########################################################################
# Section Start :pn32c-svc Micro service attributes #
###########################################################################
pn32c-svc:
image:
repository: reg-1:5000
name: ocsepp-pn32c-svc
tag: helm-tag
pullPolicy: Always
log:
root: WARN
sepp: WARN
# Engineering Configuration:
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 1
memory: 1Gi
target:
averageCpuUtil: 70
# Min replicas to scale to maintain an average CPU utilization
minReplicas: 1
# Max replicas to scale to maintain an average CPU utilization
maxReplicas: 5
# Engineering Configuration:
# Labels and Annotations that are specific to service nfRegistration are added here.
service:
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: ClusterIP
customExtension:
labels: {}
annotations: {}
# Labels and Annotations that are specific to deployment nfRegistration are added here.
deployment:
customExtension:
labels: {}
annotations: {}
#Jaeger Tracing
jaegerTracingEnabled: false
bodyInTraceEnabled: false
openTracing:
jaeger:
udpSender:
host: "occne-tracer-jaeger-agent.occne-infra"
port: 6831
logSpans: false
probabilisticSamplingRate: 0.5
###########################################################################
# Section End :pn32c-svc Micro service attributes #
###########################################################################
###########################################################################
# Section Start :config-mgr-svc Micro service attributes #
###########################################################################
config-mgr-svc:
image:
repository: reg-1:5000
name: ocsepp-config-mgr-svc
tag: helm-tag
pullPolicy: Always
# Engineering Configuration:
# Resource details
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 1
memory: 1Gi
log:
root: WARN
sepp: WARN
# Engineering Configuration:
# Labels and Annotations that are specific to service nfRegistration are added here.
service:
# Specify type of service - Possible values are :- ClusterIP, NodePort, LoadBalancer and ExternalName
type: ClusterIP
customExtension:
labels: {}
annotations: {}
# Labels and Annotations that are specific to deployment nfRegistration are added here.
deployment:
customExtension:
labels: {}
annotations: {}
###########################################################################
# Section End :config-mgr-svc Micro service attributes #
###########################################################################
###########################################################################
# Section Start :NRF Client Micro services #
###########################################################################
nrfclient:
nrf-client:
# This config map is for providing inputs to NRF-Client
configmapApplicationConfig:
# Config-map to provide inputs to Nrf-Client
# primaryNrfApiRoot - Primary NRF Hostname and Port
# SecondaryNrfApiRoot - Secondary NRF Hostname and Port
# retryAfterTime - Default downtime(in Duration) of an NRF detected to be unavailable.
# nrfClientType - The NfType of the NF registering
# nrfClientSubscribeTypes - the NFType for which the NF wants to subscribe to the NRF.
# appProfiles - The NfProfile of the NF to be registered with NRF.
# enableF3 - Support for 29.510 Release 15.3
# enableF5 - Support for 29.510 Release 15.5
# renewalTimeBeforeExpiry - Time Period(seconds) before the Subscription Validity time expires.
# validityTime - The default validity time(days) for subscriptions.
# enableSubscriptionAutoRenewal - Enable Renewal of Subscriptions automatically.
# acceptAdditionalAttributes - Enable additionalAttributes as part of 29.510 Release 15.5
# retryForCongestion - The duration(seconds) after which nrf-client should retry to a NRF server found to be congested.
# supportedDataSetId - The data-set value to be used in queryParams for NFs autonomous/on-demand discovery. e.g. data-set=POLICY
# enableVirtualNrfResolution- enable virtual NRF session retry by Alternate routing service
# virtualNrfFqdn - virtual NRF FQDN used to query static list of route
# virtualNrfScheme - http or https
# virtualNrfPort - port number
# enableNrfRetry - enable NRF retry
# enableNrfAlternateRouting - enable NRF alternate routing service.
# alternateRoutingErrorCodes - set alternate routing error codes
# useAlternateScpOnAlternateRouting - enable use SCP on alternate routing service
profile: |-
[appcfg]
primaryNrfApiRoot= http://10.75.236.102:31294
secondaryNrfApiRoot=
retryAfterTime=PT120S
nrfClientType=SEPP
nrfClientSubscribeTypes=
appProfiles= [{"nfInstanceId":"9faf1bbc-6e4a-4454-a507-aef01a101a06","nfType":"SEPP","nfStatus":"REGISTERED","fqdn":"ocsepp-plmn-ingress-gateway.seppsvc","scheme":"http"}]
enableF3=true
enableF5=true
renewalTimeBeforeExpiry=3600
validityTime=30
enableSubscriptionAutoRenewal=true
acceptAdditionalAttributes=false
retryForCongestion=5
supportedDataSetId=
enableVirtualNrfResolution=false
virtualNrfFqdn=nrf.oracle.com
virtualNrfScheme=http
virtualNrfPort=
enableNrfRetry=true
maxNrfRetries=3
enableNrfAlternateRouting=true
alternateRoutingErrorCodes=500,503
useAlternateScpOnAlternateRouting=
# Deployment specific configuration for Nrf-Client Management Microservice
nrf-client-nfmanagement:
# NRF Client Microservice image name
image: nrf-client
# NRF Client Microservice image tag
imageTag: helm_nrfclient_tag
envJaegerSamplerParam: '1'
envJaegerSamplerType: ratelimiting
envJaegerServiceName: nrf-client-nfmanagement
# Resource Details
replicas: 1
cpuRequest: 0.5
cpuLimit: 1
memoryRequest: 0.5Gi
memoryLimit: 1Gi
type: ClusterIP
# Details of Config-server microservice
config-server:
enabled: true
fullNameOverride: "config-server"
envJaegerServiceName: occne-tracer-jaeger-agent.occne-infra
# This is the NfInstanceId of NF that will get deployed. This shall be used in the profile being registered.
nfInstanceId: '9faf1bbc-6e4a-4454-a507-aef01a101a06'
# Mysql Config Server Databse Name
envMysqlDatabase: seppdb
# Replicas for Config server - This is exact value without scaling
replicas: 1
nodeSelectorEnabled: false
nodeSelectorKey: zone
nodeSelectorValue: app
# Resource details
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 0.5
memory: 0.5Gi
servicePcfConfig:
type: NodePort
# Details of appinfo microservices
appinfo:
enabled: true
image: app_info
imageTag: helm_nrfclient_app_info_tag
pullPolicy: Always
# Replicas for Appinfo - This is exact value without scaling
replicas: 1
# Set Log Level to DEBUG. If false, Log Level shall be INFO
debug: true
serviceAccountName: ''
resources:
limits:
cpu: 200m
memory: 1Gi
requests:
cpu: 200m
memory: 1Gi
# Service to be monitored by appinfo
core_services:
sepp: []
# nFType in core_services must consist of nfType used in nrfclient profile.
#Examples-1 NRF with all services listed
#core_services:
# nrf:
# - "ocnrf-nfRegistration"
# - "ocnrf-nfSubscription"
#Example-2 NRF without listing any services
#core_services:
# nrf: []
# Infrastructure services
# If using occne 1.4 or if you don't want to monitor infra services such as db-monitor service then the below mentioned
# attribute 'infraServices' should be uncommented and empty array should be passed as already mentioned.
# If infraServices is not set, by default appinfo shall monitor status of db-monitor-svc and db-replication-svc.
infraServices: []
###########################################################################
# Section End :NRF Client Micro services #
###########################################################################