3 Customizing BSF
This chapter describes how to customize the Oracle Communications Cloud Native Core, Binding Support Function (BSF) deployment in a cloud native environment.
The BSF deployment is customized by overriding the default values of various
configurable parameters in the ocbsf_custom_values_23.4.6.yaml file.
ocbsf_custom_values_23.4.6.yaml file as per the required parameters, perform the following
steps:
- Download the custom template from My Oracle Support (MOS). The custom template file is available in the software package.
- Customize the file.
- Save the updated file.
The BSF deployment is customized by overriding the default values of various
configurable parameters in the ocbsf_custom_values_23.4.6.yaml file.
To customize the custom yaml file, perform the following steps:
- Unzip
Custom_Templatesfile available in the extracted documentation release package. For more information on how to download the package from MOS, see Downloading BSF package section.The following files are used to customize the deployment parameters during installation:
ocbsf_custom_values_23.4.6.yaml: This file is used to customize the deployment parameters of BSF.ocbsf_custom_values_servicemesh_config_23.4.6.yaml: This file is used while configuring ASM Data Plane.
- Save the updated files.
Note:
- All parameters mentioned as mandatory must be
present in the
ocbsf_custom_values_23.4.6.yamlfile. - All fixed value parameters listed must be present in the custom-values yaml file with the exact values as specified in this section.
3.1 Configurations for Pre and Post Upgrade/Install Validations
This section describes mandatory configurable parameters that you must customize in
the ocbsf_custom_values_23.4.6.yaml file for successful validation checks required on the
application, databases, and related tables before and after BSF application
upgrade/install.
Table 3-1 Configuration Parameter for Pre and Post Flight Checks
| Parameter | Description | Mandatory(M)/ Optional(O) Parameter | Accepted values | Default Value |
|---|---|---|---|---|
| global.hookValidation.dbSchemaValidate | Specifies to perform database validations in case of pre-installation, pre-upgrade/post-upgrade/post-installation. Checks if the required databases and tables exist. Validates that the required columns exist in the tables and the correct foreign key exists (for config-server). | M | true/false | false
Note: By default, this flag is false. In that case, validations is performed, and if the validation fails, a warning is logged and install/upgrade will continue. If this flag is true and the validation fails, an error is thrown and installation/upgrade fails. |
| global.operationalState | Specifies to control deployment operationalState, mainly during fault recovery set up installation in inactive mode, i.e., complete shutdown mode. | M |
|
&systemOperationalState
NORMALNote: Need to use this field along
with enabling the field
|
| global.hookValidation.infraValidate | Specifies to perform pre-flight infrastructure related validations like Replication Status, Critical Alerts, Kubernetes Version, and cnDbtier Version. Infrastructure related validations are done in the very beginning of the upgrade/install and if it fails, then install/upgrade will fail at this stage. | M | true/false | false
Note:
|
| appinfo.dbTierVersionUri |
Specifies the URI provided by the db monitor service to query the cnDBtier Version. For example: http://mysql-cluster-db-monitor-svc.occne-cndbtier:8080/db-tier/version |
M | URI | empty string |
| global.mySql.execution.ddlDelayTimeInMs | Adds a delay before the creation of
configuration_item table, ensuring that topic_info table is created
first and then the configuration_item table is created which has a
foreign key dependency on topic_info.
Specifies delay interval of 200 ms before inserting any entry into the ndb_replication table. |
M | Interval in milliseconds | 200 ms |
| appinfo.defaultReplicationStatusOnError |
Specifies Replication Value in Case of any error on Infra Validation Replication Status |
O |
If the value is If the value is |
|
| appinfo.nfReleaseVersion |
Specifies the NF release version for the minViablePath validation. |
O |
NF release version If no value is provided, the |
Default Value is empty string: |
3.2 Configuring Mandatory Parameters
This section describes the mandatory configurable parameters that you must
customize in the ocbsf_custom_values_23.4.6.yaml file for successful installation of Binding Support
Function (BSF).
Table 3-2 Configurable Parameters for Mandatory Configurations
| Parameter | Description |
|---|---|
| global.dockerRegistry | This mandatory parameter specifies the name
of the Docker registry that hosts Binding Support Function docker
images.
Note: The Docker registry runs in OCCNE bastion server where all OAuth docker images are loaded. |
| global.nfInstanceId | This mandatory parameter specifies the unique
NFInstanceID for each site deployed for BSF. To setup georedundancy,
users must specify the value while deploying BSF; otherwise,
georedundancy will not be supported.
Note: The value of
For more information, see Upgrading BSF. |
| global.envMysqlHost | This mandatory parameter specifies the IP
address or host name of the MySQL server where BSF databases are
hosted.
Example:
|
| global.envMysqlPort | This mandatory parameter specifies the port
number of the MySQL server where BSF databases are hosted.
Example: |
| global.dbCredSecretName | This mandatory parameter specifies the name
of the Kubernetes secret object that contains Database username and
password.
Default Value:
|
| global.privilegedDbCredSecretName | This mandatory parameter specifies the name
of the Kubernetes secret object containing Database username and
password for an admin user.
Default Value:
|
| global.releaseDbName | This mandatory parameter specifies the name
of the release database that contains details of release
version.
Default Value:
|
ocbsf_custom_values_23.4.6.yaml
file:global:
# Docker registry name
dockerRegistry: ''
# Primary MYSQL Host IP or Hostname
envMysqlHost: &mySqlHostRef ''
envMysqlPort: &mySqlPortRef ''
# Jaegar hostname
envJaegerAgentHost: ''
# K8s secret object name containing OCBSF MYSQL UserName and Password
dbCredSecretName: &dbCredSecretNameRef 'ocbsf-db-pass'
privilegedDbCredSecretName: 'ocbsf-privileged-db-pass'
#Release DB name containing release version details
releaseDbName: 'ocbsf_release'3.3 Enabling or Disabling Services Configurations
This section describes the configuration parameters that can be used to select the services that you want to enable or disable for your deployment.
ocbsf_custom_values_23.4.6.yaml file:
Table 3-3 Configurable Parameters for Enabling/Disabling the BSF Core Service
| Parameter | Description |
|---|---|
| global.bsfManagementEnable | This parameter determines if the BSF core service is
enabled or
not.
Default Value: true |
| global.bsfManagementVersion1Enable | NA |
| global.bsfManagementVersion2Enable | NA |
Table 3-4 Configurable Parameters for Enabling/Disabling the NRF Client Services
| Parameter | Description |
|---|---|
| global.nrfClientNfManagementEnable | This is an optional
parameter.
Default Value: true |
| global.appinfoServiceEnable | This optional parameter determines if the app info
service is enabled or
not.
Default Value: true |
| global.performanceServiceEnable | This optional parameter determines if the
performance service is enabled or
not.
Default Value: true |
Table 3-5 Configurable Parameters for Enabling/Disabling the Diameter Gateway
| Parameter | Description |
|---|---|
| global.diamGatewayEnable | This optional parameter determines if the diameter
gateway is enabled or
not.
Default Value: true |
ocbsf_custom_values_23.4.6.yaml
file:global:
# BSF Core Services Enable/Disable option
bsfManagementEnable: true
bsfManagementVersion1Enable: false
bsfManagementVersion2Enable: false
nrfClientNfManagementEnable: true
appinfoServiceEnable: true
performanceServiceEnable: trueTable 3-6 Configurable Parameters for Enabling or Disabling PCF services for Query service
| Parameter | Description |
|---|---|
| global.amServiceEnable | This optional parameter determines whether to enable
query service for AM
service.
Default Value: false |
| global.smServiceEnable | This optional parameter determines whether to enable
query service for SM
service.
Default Value: false |
| global.ueServiceEnable | This optional parameter determines whether to enable
query service for UE
service.
Default Value: false |
| global.policydsEnable | This optional parameter determines whether to enable
query service for Policy DS
service.
Default Value: false |
| global.pcrfCoreEnable | This optional parameter determines whether to enable
query service for PCRF Core
service.
Default Value: false |
| global.bindingSvcEnabled | This optional parameter determines whether to enable
query service for Binding
service.
Default Value: false |
Table 3-7 Configurable Parameters to enable or disable the Audit Service
| Parameter | Description |
|---|---|
| global.auditServiceEnable | Use this parameter to enable or disable audit
service.
Default Value: true |
| bsf-management-service.auditHandleNullAsStale |
Specifies whether to handle null value as stale or not while auditing the tables of the service. Default Value: true |
| audit-service.recordsQueueCapacity |
Specifies the number of stale records the queue can hold in an audit cycle. Default Value:
|
| audit-service.maxTtlForceInterval |
Specifies the grace interval (in seconds) after the expiry of Maximum TTL (Session Age) that is given to the service to delete an expired record gracefully. On expiry of this grace interval, Audit service will forcefully delete the records. Default Value: 259200 in minutes |
3.4 Configuring Tracing Parameters
ocbsf_custom_values_23.4.6.yaml file.
Table 3-8 Common Policy Configurable Parameters for OpenTelelemetry
| Parameter | Description | Mandatory/Optional Parameter | Default Value | Added/Deprecated/Updated in Release | Notes |
|---|---|---|---|---|---|
| envJaegerCollectorHost | Specifies the host direction where the Jaeger Collector is found. | Mandatory | occne-tracer-jaeger-collector.occne-infra | Added in Release 23.4.0 | Make sure the jaeger Collector service is up and running inside OCCNE-Infra, with port specified in values.yaml |
| envJaegerCollectorPort | Specifies the port where the Jaeger Collector is listening to receive spans. | Mandatory | 4318 | Make sure this port matches with the one of your Jaeger Collector service port that is listening for OTLP formatted traces. | |
| tracingEnabled | Specifies When 'true' enables the service to be instrumented by OpenTelemetry's Java Agent. | Mandatory | false | ||
| tracingSamplerRatio | Specifies a ratio of spans which will be sent to the Jaeger Collector; i.e. of the total amount of spans, specify how many are going to be sent to the Jaeger Collector. | Mandatory | .001 | Example: A value of "0.2" specifies that only 20 % of the spans are going to be sent. Range is 0 to 1. | |
| tracingJdbcEnabled | Specifies when 'true' OpenTelemetry Java Agent will also show spans related to Database Operations. | Mandatory | false | If tracingEnabled is true on deployment, this will be enabled by default. In case tracingEnabled is false, this will also be false by default | |
| tracingLogsEnabled | Specifies when 'true' enables spans and tracing logging | Mandatory | false |
ocbsf_custom_values_23.4.6.yaml
file:
envJaegerCollectorHost: 'occne-tracer-jaeger-collector.occne-infra'
envJaegerCollectorPort: 4318 -> Make sure this matches with OCCNE-INFRA jaeger collector service port.
tracing:
tracingEnabled: 'true'
tracingSamplerRatio: 0.001
tracingJdbcEnabled: 'true'
tracingLogsEnabled: 'false'Table 3-9 Configurable Parameters for Tracing Configuration in Ingress Gateway
| Parameter | Description |
|---|---|
| global.envJaegerAgentHost | This mandatory parameter specifies the
Hostname or IP address for the jaeger agent.
It is
the FQDN of Jaeger Agent service running in OCCNE cluster under
namespace It is
written in the following
format:
<JAEGER_SVC_NAME>.<JAEGER_NAMESPACE> |
| global.envJaegerQueryUrl | This optional parameter specifies the query
URL for the jaeger agent.
Default Value: empty string |
| ingress-gateway.jaegerTelemetryT racingEnabled | This optional parameter specifies whether to
enable or disable OpenTelemetry at Ingress Gateway.
Default Value: false |
| ingress-gateway.openTelemetry.ja eger.httpExporter.host | This is a mandatory paramter, if
ingress-gateway.jaegerTelemetryT racingEnabled
flag is set to true. It specifies the host name of Jaeger collector
host.
Default Value:
|
| ingress-gateway.openTelemetry.ja eger.httpExporter.port | This is a mandatory paramter, if
ingress-gateway.jaegerTelemetryT racingEnabled
flag is set to true. It specifies the port of Jaeger collector
port.
Default Value:
|
| ingress-gateway.openTelemetry.ja eger.probabilistic Sampler | This is a mandatory paramter, if
ingress-gateway.jaegerTelemetryT racingEnabled
flag is set to true. It specifies the sampler where value is between
0.0 (no sampling) and 1.0 (sampling of every request).
Default Value:
|
ocbsf_custom_values_23.4.6.yaml
file:jaegerTelemetryTracingEnabled: *tracingEnabled
openTelemetry:
jaeger:
httpExporter:
host: *envJaegerCollectorHost
port: *envJaegerCollectorPort
probabilisticSampler: *tracingSamplerRatioTable 3-10 Configurable Parameters for Tracing Configuration in Egress Gateway
| Parameter | Description |
|---|---|
| egress-gateway.jaegerTelemetryTracingEnabled | This optional parameter specifies whether to
enable or disable Jaeger Tracing at Egress Gateway.
Default Value: true |
| egress-gateway.openTelemetry.jaeger. httpExporter.host | This is a mandatory paramter, if
ingress-gateway.jaegerTelemetryT racingEnabled
flag is set to true. It specifies the host name of Jaeger collector
host.
Default Value:
|
| egress-gateway.openTelemetry.jaeger. httpExporter.port | This is a mandatory paramter, if
ingress-gateway.jaegerTelemetryT racingEnabled
flag is set to true. It specifies the port of Jaeger collector
port.
Default Value:
|
| egress-gateway.openTelemetry.jaeger. probabilisticSampler | This is a mandatory paramter, if
ingress-gateway.jaegerTelemetryT racingEnabled
flag is set to true. It specifies the sampler where value is between
0.0 (no sampling) and 1.0 (sampling of every request).
Default Value:
|
ocbsf_custom_values_23.4.6.yaml
file:jaegerTelemetryTracingEnabled: *tracingEnabled
openTelemetry:
jaeger:
httpExporter:
host: *envJaegerCollectorHost
port: *envJaegerCollectorPort
probabilisticSampler: *tracingSamplerRationrf-client-nfdiscovery, you may
configure the following configurable parameters in ocbsf_custom_values_23.4.6.yaml file:
Table 3-11 Configurable Parameters for Tracing Configuration in nrfClientNfDiscovery
| Parameter | Description |
|---|---|
| nrf-client.nrf-client-nfdiscovery.envJaegerSamplerParam |
Note: You must customize this parameter only when NRF client services are enabled. Default Value: 1 |
| nrf-client.nrf-client-nfdiscovery.envJaegerSamplerType |
Note: You must customize this parameter only when NRF client services are enabled. Default Value: ratelimiting |
| nrf-client.nrf-client-nfdiscovery.envJaegerServiceName |
Note: You must customize this parameter only when NRF client services are enabled. Default Value: pcf-nrf-client-nfdiscovery |
ocbsf_custom_values_23.4.6.yaml
file:nrf-client-nfdiscovery:
envJaegerSamplerParam: '1'
envJaegerSamplerType: ratelimiting
envJaegerServiceName: pcf-nrf-client-nfdiscoverynrf-client-nfmanagement, you may
configure the following configurable parameters in ocbsf_custom_values_23.4.6.yaml file:
Table 3-12 Configurable Parameters for Tracing Configuration in nrf-client-nfmanagement
| Parameter | Description |
|---|---|
| nrf-client.nrf-client-nfmanagement.envJaegerSamplerParam |
Note: You must customize this parameter only when NRF client services are enabled. Default Value: 1 |
| nrf-client.nrf-client-nfmanagement.envJaegerSamplerType |
Note: You must customize this parameter only when NRF client services are enabled. Default Value: ratelimiting |
| nrf-client.nrf-client-nfmanagement.envJaegerServiceName |
Note: You must customize this parameter only when NRF client services are enabled. Default Value: pcf-nrf-client-nfmanagement |
ocbsf_custom_values_23.4.6.yaml
file:nrf-client-nfmanagement:
envJaegerSamplerParam: '1'
envJaegerSamplerType: ratelimiting
envJaegerServiceName: pcf-nrf-client-nfmanagementocbsf_custom_values_23.4.6.yaml file:
Table 3-13 Configurable Parameters for Tracing Configuration in Alternate Route Service
| Parameter | Description |
|---|---|
| alternate-route.jaegerTracingEnabled |
Note: You must customize this parameter only when the alternate route service is enabled. Default Value: false |
| alternate-route.openTracing.jaeger.udpSender.host |
Note: You must customize this parameter only when the alternate route service is enabled. Default Value: occne-tracer-jaeger-agent.occne-infra |
| alternate-route.openTracing.jaeger.udpSender.port |
Note: You must customize this parameter only when the alternate route service is enabled. Default Value: 6831 |
| alternate-route.openTracing. jaeger.probabilisticSampler |
Note: You must customize this parameter only when the alternate route service is enabled. Default Value: 0.5 |
ocbsf_custom_values_23.4.6.yaml
file:jaegerTracingEnabled: true
openTracing :
jaeger:
udpSender:
# udpsender host
host: "occne-tracer-jaeger-agent.occne-infra"
# udpsender port
port: 6831
probabilisticSampler: 0.53.5 Configuring Database Names
Note:
Database name specified in the custom.yaml file should be used while creating the database during installation. See Configuring Database, Creating Users, and Granting Permissions.Table 3-14 Customizable Parameters for Database Name Configuration for BSF Services
| Parameter | Description |
|---|---|
| bsf-management-service.envMysqlDatabase | This parameter specifies the name of the database of
BSF Management
Service.
Default Value: ocpm_bsf |
| bsf-management-service.configserverContainerImage | This parameter specifies the name of the container
image for Config Server.
Note: Keep the image same as that of config server.Default Value: oc-config-server |
| bsf-management-service.envMysqlDatabaseConfigServer | This parameter specifies the name of the container image for
Config
Server.
Default Value: ocbsf_config_server |
| bsf-management-service.envXnioTaskThreadPoolSize | This parameter specifies the number of XNIO Task
threadpool size of BSF Management
Service.
Default Value: 180 Note: This parameter is not available inocbsf_custom_values_23.4.6.yaml
file. You must add this parameter to
ocbsf_custom_values_23.4.6.yaml file with the given
default value when required.
|
| config-server.envMysqlDatabase | This optional parameter specifies the name of the
database for Config Server
service.
Default Value: ocbsf_config_server |
| cm-service.envCommonConfigMysqlDatabase | This optional parameter specifies the name of the
database for CM
service.
Default Value: ocbsf_commonconfig |
| cm-service.envMysqlDatabase | This optional parameter specifies the name of the
database for CM
service.
Default Value: ocbsf_cmservice |
| cm-service.configserverContainerImage | This optional parameter specifies the container
image name of Config Server
service.
Default Value:oc-config-server |
| cm-service.envMysqlDatabaseConfigServer | This optional parameter specifies the database name
of Config Server
service.
Default Value:ocbsf_config_server |
| audit-service.envMysqlDatabase | This parameter specifies the name of the database
for audit
service.
Default Value: ocbsf_audit_service |
| global.nrfClientDbName | This parameter specifies the name of the database of
NRF Client.
Default Value: ocbsf_nrf_client |
ocbsf_custom_values_23.4.6.yaml
file:
global:
nrfClientDbName: 'ocbsf_nrf_client'
bsf-management-service:
envMysqlDatabase: 'ocpm_bsf'
configserverContainerImage: oc-config-server
envMysqlDatabaseConfigServer: 'ocbsf_config_server'
config-server:
envMysqlDatabase: ocbsf_config_server
cm-service:
envCommonConfigMysqlDatabase: ocbsf_commonconfig
envMysqlDatabase: ocbsf_cmservice
configserverContainerImage: oc-config-server
envMysqlDatabaseConfigServer: 'ocbsf_config_server'
audit-service:
envMysqlDatabase: ocbsf_audit_serviceCofiguring Database Engine
Table 3-15 Customizable Parameters for Database Engine for BSF
| Parameter | Description | Notes |
|---|---|---|
| dbConfig.dbEngine | This mandatory parameter specifies the
MySQL engine that is used by BSF to store information in the
MySQL
database.
Default value: NDBCLUSTER |
If the database engine is not NDBCLUSTER, then
the value for this parameter can be changed only during fresh
installation of BSF.
Do not change the value of this parameter during upgrade scenarios. |
Cofiguring NRF Client Multipod Feature
Table 3-16 Customizable Parameters for NRF Client Multipod Feature
| Parameter | Description | Notes |
|---|---|---|
| nrf-client.nrf-client-nfmanagement.dbConfig.leaderPodDbName | Specifies the database name for LeaderPodDb
database. This database is unique per
site.
Default value: ocbsf_leaderPodDb |
|
| nrf-client.nrf-client-nfmanagement.dbConfig.networkDbName | Specifies the release database
name.
Default value: ocbsf_release |
Configuring Database for Conflict Resolution
Table 3-17 Customizable Parameters to enable or disable the Database for Conflict Resolution
| Parameter | Description | Notes |
|---|---|---|
| global.mySql.conflictResolution.ndbConflictResolutionEnabled | This flag is used to prevent data conflicts in
georeplicated deployments. When there are multiple sites with
real-time replication, if a session is updated at both sites
simultaneously, this is considered as a conflict. This flag
configures the MySQL cluster replication to compare the updated
timestamp in the session record, so the conflicts can be
automatically resolved. In a single-site PCF, set this parameter
to false.
Note: This feature is only available if the database is MySQL cluster (NDB). For MySQL (innodb), the value for this flag must be set to false. |
Even if its a single-site BSF NF deployment, set this parameter to true. As this will keep georedundancy and geo-replication enabled among the sites during multi-site deployment. |
| global.mySql.conflictResolution.useMaxDeleteWinInsConflictFn | This flag is used to update the Conflict
Resolution Function to MAX_DEL_WIN_INS.
Note: This feature is available if the NDB version is 8.0.30. If NDB version is less than 8.0.30, the value for this flag must be set to false. |
3.6 Configuring NRF client
This section describes the configurable parameters that you may customize for configuring NRF client. The configurations under nrf-client section allow Binding Support Function to register with NRF.
Important:
Before customizing parameters mentioned in this section, ensure that the NRF Client services are enabled by setting the value as true for nrfClientNfManagementEnable.Table 3-18 Configurable Parameters for NRF Client Configuration
| Parameter | Description |
|---|---|
| global.nrfClientDbName |
This mandatory parameter specifies the NRF Client database name. Default value: |
| global.deploymentNrfClientService.envNfNamespace | This mandatory parameter specifies the Kubernetes namespace of BSF. |
| nrf-client.configmapApplicationConfig | This mandatory parameter is used to provide inputs to NRF-Client. |
| &configRef | This mandatory reference variable is used to take the input from the config map. |
| nrf-client.configmapApplicationConfig.profile | This mandatory parameter specifies the NF
profile of BSF that is registered with NRF.
See Table 3-* for more details. |
| appinfo.infraServices |
Specifies the URI for the health check of InfraServices that need to be monitored. Examples:
Uncomment
this parameter and set this parameter to an empty array if any one
of following conditions is true:
http://mysql-cluster-db-monitor-svc.vzw1-cndbtier:8080/actuator/health http://mysql-cluster-db-replication-svc.vzw1-cndbtier/actuator/health
occne-infra. If cnDBTier is used to
deploy BSF, this field must be updated accordingly.
|
| appinfo.core_services.bsf | Specifies the list of BSF services to be monitored. |
| appinfo.core_services.common | Specifies the list of common services to be monitored. |
| perf-info.configmapPerformance.prometheus | This conditional parameter specifies the Prometheus
server URL.
Default Value:
Note: If you do not specify any value for this parameter, BSF reports 0 loads to NRF. |
Configurable parameters for NRF Client Configuration in Config-map
| Parameter | Description |
|---|---|
| primaryNrfApiRoot | Primary NRF hostname and port in the following
format:
<http scheme>://<Hostname/IP>:<Port> This
parameter can only contain valid API root. For example:
|
| secondaryNrfApiRoot | Secondary NRF hostname and port in the following
format:
<http scheme>://<Hostname/IP>:<Port> This
parameter can only contain valid API root. For example:
|
| retryAfterTime | When primary NRF is down, this will be the wait Time
(in ISO 8601 duration format) after which request to primary NRF
will be retried to detect primary NRF's availability.
This parameter can only contain valid ISO 8601 duration format. For example: PT120S |
| nrfClientType | The NfType of the NF registering. The value for this parameter must be set to BSF. |
| nrfClientSubscribeTypes | Network functions for which BSF wants to discover and subscribe to the NRF. |
| appProfiles | NfProfile of BSF to be registered with NRF.
This parameter can only contain valid NF profile. During fresh install or upgrade, the value of this parameter is loaded into the database and then used to trigger NfRegister or NfUpdate operation to NRF. For any subsequent changes to appProfile, REST API or CNC Console must be used. For more information, see Oracle Communications Cloud Native Core Binding Support Function REST Specification Guide or Oracle Communications Cloud Native Core Binding Support Function User Guide. Note: It is a 3GPP defined data type. To know more about its attributes, refer to 3GPP TS 29.510 version 16.4.0 Release 16. |
| enableF3 | Support for 29.510 Release 15.3
This parameter can only have true (default) or false as values. |
| enableF5 | Support for 29.510 Release 15.5
This parameter can only have true (default) or false as values. |
| renewalTimeBeforeExpiry | Time Period (in seconds) before the Subscription
Validity time expires.
For example: 3600 |
| validityTime | The default validity time (in days) for
subscriptions.
For example: 30 |
| enableSubscriptionAutoRenewal | This parameter can be used to enable renewal of
subscriptions automatically.
This parameter can only have true (default) or false as values. |
| nfHeartbeatRate | This parameter specifies the rate at which BSF shall
heartbeat with the NRF. The value shall be configured in terms of
percentage (1-100). If the heartbeatTimer is 60s, then the NF shall
heartbeat at nfHeartBeatRate *
60/100.
Default Value: 80 |
| acceptAdditionalAttributes | This parameter can be used to enable additional
Attributes as part of 29.510 Release 15.5.
This parameter can only have true or false (default) as values. |
| enableVirtualNrfResolution | This parameter can be used to enable or disable
virtual NRF session retry by Alternate routing service.
This parameter can only have true or false (default) as values. |
| virtualNrfFqdn | This parameter specifies the virtual NRF FQDN being used to query static list of route. By default, the value for this parameter is set to false. |
| virtualNrfScheme | This parameter specifies the scheme to be used with
the virtual Fqdn. By default, the value for this parameter is set to
http.
|
| virtualNrfPort | This parameter specifies the port to be used with
the virtual Fqdn. By default, the value for this parameter is set to
8080.
|
| requestTimeoutGracePeriod | An additional grace period where no response is
received from the NRF.This additional period shall be added to the
requestTimeout value. It ensures that the egress-gateway shall first
timeout, and send an error response to the NRF-client.
Default Value: 2 |
| nrfRetryConfig | It specifies the configurations required for the NRF Retry mechanism. |
| healthCheckConfig | It specifies the configurations required for the Health check of NRFs. |
| Parameter | Description |
|---|---|
| serviceRequestType | Specifies the type of service request. |
| primaryNRFRetryCount | Specifies the number of times a service request is retried to the primary NRF in case of failure. |
| nonPrimaryNRFRetryCount | Specifies the number of times a service request is retried to the non-primary NRF in case of failure. |
| alternateNRFRetryCount | Specifies the number of alternate NRFs that are retried in case of failure. When the value is specified as -1, all available NRF instances are tried. |
| errorReasonsForFailure | Specifies the HTTP status codes or exceptions for which retry is attempted. |
| gatewayErrorCodes | Specifies the HTTP status codes sent by the Egress Gateway for which retry is attempted. |
| requestTimeout | Specifies the timeout period where no response is received from the Egress Gateway. |
| Parameter | Description |
|---|---|
| healthCheckCount | Specifies the number of consecutive success or failures responses required to mark an NRF instance healthy or unhealthy. |
| healthCheckInterval | Specifies the interval at which a health check of an NRF is performed. |
| requestTimeout | Specifies the timeout period where no response is received from the Egress Gateway. |
| errorReasonsForFailure | Specifies the HTTP status codes or exceptions for which retry is attempted. |
| gatewayErrorCodes | Specifies the HTTP status codes sent by the Egress Gateway for which retry is attempted. |
ocbsf_custom_values_23.4.6.yaml
file:deploymentNrfClientService:
#K8s namespace of BSF
envNfNamespace: ''appinfo:
serviceAccountName: ''
# Set Infrastructure services to empty array if any one of below condition is met
# 1. Deploying on occne 1.4 or lesser version
# 2. Not deploying on OCCNE
# 3. Do not wish to monitor infra services such as db-monitor service
# then the below mentioned attribute 'infra_services' should be uncommneted and epmty array should be passed as already mentioned.
#infraServices: []
perf-info:
configmapPerformance:
prometheus: ''nrf-client:
# This config map is for providing inputs to NRF-Client
configmapApplicationConfig:
# primaryNrfApiRoot - Primary NRF Hostname and Port
# SecondaryNrfApiRoot - Secondary NRF Hostname and Port
# retryAfterTime - Default downtime(in ISO 8601 duration format) of an NRF detected to be unavailable.
# nrfClientType - The NfType of the NF registering
# nrfClientSubscribeTypes - the NFType for which the NF wants to subscribe to the NRF.
# appProfiles - The NfProfile of the NF to be registered with NRF.
# enableF3 - Support for 29.510 Release 15.3
# enableF5 - Support for 29.510 Release 15.5
# renewalTimeBeforeExpiry - Time Period(seconds) before the Subscription Validity time expires.
# validityTime - The default validity time(days) for subscriptions.
# enableSubscriptionAutoRenewal - Enable Renewal of Subscriptions automatically.
# acceptAdditionalAttributes - Enable additionalAttributes as part of 29.510 Release 15.5
# enableVirtualNrfResolution=false
# virtualNrfFqdn=nf1stub.ocpcf.svc:8080
# virtualNrfScheme=http
# virtualNrfPort=8080
# requestTimeoutGracePeriod=2
# nrfRetryConfig=[{ "serviceRequestType": "ALL_REQUESTS", "primaryNRFRetryCount": 1, "nonPrimaryNRFRetryCount" : 1, "alternateNRFRetryCount" : -1, "errorReasonsForFailure": [503,504,500,"SocketTimeoutException","JsonProcessingException","UnknownHostException","NoRouteToHostException", "IOException"], "gatewayErrorCodes": [503,429], "requestTimeout": 100 },{"serviceRequestType": "AUTONOMOUS_NFREGISTER", "primaryNRFRetryCount": 1, "nonPrimaryNRFRetryCount": 1, "alternateNRFRetryCount": -1, "errorReasonsForFailure": [503,504,500,"SocketTimeoutException","JsonProcessingException","UnknownHostException","NoRouteToHostException", "IOException"], "gatewayErrorCodes": [503,429], "requestTimeout": 100 }]
# healthCheckConfig={ "healthCheckCount": -1, "healthCheckInterval": 5, "requestTimeout": 10, "errorReasonsForFailure": [503,504,500,"SocketTimeoutException","JsonProcessingException","UnknownHostException","NoRouteToHostException", "IOException"], "gatewayErrorCodes": [503,429] }
profile: |-
[appcfg]
primaryNrfApiRoot=nrf1-api-gateway.svc:80
secondaryNrfApiRoot=nrf2-api-gateway.svc:80
nrfScheme=http
retryAfterTime=PT120S
nrfClientType=BSF
nrfClientSubscribeTypes=CHF,UDR,BSF
appProfiles=[{ "nfInstanceId": "fe7d992b-0541-4c7d-ab84-c6d70b1b0123", "nfSetIdList" = ["set1yz.pcfset.5gc.mnc012.mcc345", "set1a.pcfset.5gc.mnc112.mcc345"] ,"nfType": "PCF", "nfStatus": "REGISTERED", "plmnList": null, "nsiList": null, "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipv4Addresses": null, "ipv6Addresses": null, "priority": null, "capacity": null, "load": 80, "locality": null, "pcfInfo": { "dnnList": [ "internet", "volte" ], "supiRanges": [ { "start": "12123444444", "end": "232332323323232", "pattern": null } ] }, "customInfo": null, "recoveryTime": null, "nfServices": [ { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd01", "serviceName": "npcf-am-policy-control", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "AMF", "NEF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null }, { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd02", "serviceName": "npcf-smpolicycontrol", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "SMF", "NEF", "AF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null }, { "serviceInstanceId": "03063893-cf9e-4f7a-9827-067f6fa9dd03", "serviceName": "npcf-ue-policy-control", "versions": [ { "apiVersionInUri": "v1", "apiFullVersion": "1.0.0", "expiry": null } ], "scheme": "http", "nfServiceStatus": "REGISTERED", "fqdn": "occnp-ocpm-ingress-gateway.ocpcf.svc", "interPlmnFqdn": null, "ipEndPoints": null, "apiPrefix": null, "defaultNotificationSubscriptions": null, "allowedPlmns": null, "allowedNfTypes": [ "AMF" ], "allowedNfDomains": null, "allowedNssais": null, "priority": null, "capacity": null, "load": null, "recoveryTime": null, "supportedFeatures": null } ]}]
enableF3=true
enableF5=true
renewalTimeBeforeExpiry=3600
validityTime=30
enableSubscriptionAutoRenewal=true
acceptAdditionalAttributes=false
supportedDataSetId=POLICYTable 3-19 Configurable Parameters for nrf-client-nfdiscovery
| Parameter | Description |
|---|---|
| nrf-client.nrf-client-nfdiscovery.configmapApplicationConfig | This mandatory parameter is used to provide inputs to NRF Client for NF discovery. |
Table 3-20 Configurable Parameters for nrf-client-nfmanagement
| Parameter | Description |
|---|---|
| nrf-client.nrf-client-nfmanagement.configmapApplicationConfig | This mandatory is used to provide inputs to NRF Client for NF management. |
3.7 Configuring Diameter Gateway
This section describes the configurable parameters that you may customize for configuring diameter gateway,
Note:
You must configure the parameters listed in the following table only when diameter gateway is enabled.Table 3-21 Configurable Parameters for Diameter Gateway
| Parameter | Description |
|---|---|
| diam-gateway.configserverContainerImage | This parameter specifies the name of the container
image of configuration service for Diameter Gateway. For BSF, the
default value is set to oc-config-server.
|
| diam-gateway.envMysqlDatabaseConfigServer | This parameter specifies the name of the database of
configuration service for Diameter Gateway. For BSF, the default
value is set to ocbsf_config_server.
|
|
diam-gateway.envDiameterRealm |
This mandatory parameter specifies the Diameter
Realm of BSF diameter gateway. For example,
oracle.com.
|
| diam-gateway.envDiameterIdentity | This mandatory parameter specifies the Diameter host
of BSF diameter gateway. For example,
ocbsf-diam-gateway.
|
| diam-gateway.envDbConnStatusHttpEnabled | This parameter specifies whether to enable or
disable monitoring of the connectivity status of the database
service.
The default value of this parameter is
|
| diam-gateway.envSupportedIpAddressType | This parameter specifies the IP address type to be
configured as diameter peer nodes.
When the value is specified as IPv4, hosts with IPv4 address type are configured as diameter peer nodes and hosts with IPv6 address type are ignored. When the value is specified as IPv6, hosts with IPv6 address type are configured as diameter peer nodes and hosts with IPv4 address type are ignored. To configure hosts with both IPv4 and IPv6 address
types, set the value for this parameter as
|
| diam-gateway.envDiameterHostIp | Contains all the k8s cluster worker node names and
corresponding IP addresses in the following
format:
NodeName1=<ip1>,NodeName2=<ip2> If LoadBalancer is being used, provide its IP. |
ocbsf_custom_values_23.4.6.yaml
file:
diam-gateway:
configserverContainerImage: *configServerImage
envMysqlDatabaseConfigServer: *configServerDB
# Graceful Termination
gracefulShutdown:
gracePeriod: 30s
envDiameterRealm: 'oracle.com'
envDiameterIdentity: 'ocbsf-diam-gateway'
#This should contain all the k8s cluster worker node name and ip
#corresponding to it in a format i.e. NodeName1=<ip1>,NodeName2=<ip2>
#If LoadBalancer is being used then give all ip as LoadBalancer's ip
envDiameterHostIp: ''
envDbConnStatusHttpEnabled: false
envSupportedIpAddressType: 'IPv4'
staticIpAddress: ''
staticDiamNodePort: *svcDiamGatewayDiamNodePort
deployment:
customExtension:
annotations: {
# Enable this section for service-mesh based installation
# traffic.sidecar.istio.io/excludeOutboundPorts: "9000,5801",
# traffic.sidecar.istio.io/excludeInboundPorts: "9000,5801"
}The lbService provides the annotations and labels for service diameter gateway and the nonlbService provides annotations and labels for headless diameter gateway.
3.8 API Root Configuration for Notification URI
This section describes the configuration parameters that can be used to API Root configuration.
To configure these parameters, you should configure the following
configurable parameters in the ocbsf_custom_values_23.4.6.yaml file:
Table 3-22 Configurable Parameters for Api Root Configuration for Notification URI
| Parameter | Description |
|---|---|
| global.bsfApiRoot | This optional parameter specifies the API root of
BSF that is used in notification URLs generated by BSF's when
sending request to other producer NFs.
If the value is not
configured for this parameter, the ingress gateway service name
and port is used as default value. For example:
|
| global.deploymentNrfClientService.nfApiRoot | This mandatory parameter specifies Api root of
BSF.
Note: This parameter must be
configured only when when NRF Client services are enabled. Its
value should be same as the value of
" |
# API root of BSF that will be used in notification URLs generated by BSF's when sending request to other producer NFs
#If not configured then the ingress gateway service name and port will be used as default value. ex:"https://<helm name>-ocbsf-ingress-gateway:443"
global:
bsfApiRoot: ''
deploymentNrfClientService:
#same as bsfApiRoot
nfApiRoot: ''3.9 Configuring Ingress Gateway
Note:
Following configurations are applicable only when Ingress Gateway is enabled.Table 3-23 Configurable Parameters for Ingress Gateway at Global Section
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| global.metalLbIpAllocationEnabled | Enable or disable IP Address allocation from Metallb Pool | Optional | false |
| global.metalLbIpAllocationAnnotation | Address Pool Annotation for Metallb | Optional | metallb.universe.tf/address-pool:
signaling |
Table 3-24 Configurable Parameters for Ingress Gateway
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
|
ingress-gateway.enableIncomingHttp |
Enable it to accept incoming http requests | Optional | true |
| ingress-gateway.ingressServer.keepAlive.enabled | Optional | false | |
| ingress-gateway.ingressServer.keepAlive.idealTime | Optional | 180 (in seconds) | |
| ingress-gateway.ingressServer.keepAlive.count | Optional | 9 | |
| ingress-gateway.ingressServer.keepAlive.interval | Optional | 60 (in seconds) | |
| ingress-gateway.isIpv6Enabled | Set the value to true for this parameter when NF is deployed in IPv6 cluster. | Optional | false |
| ingress-gateway.minAvailable | Specifies the number of pods that must always be available, even during a disruption. | Optional | 1 |
| ingress-gateway.minReplicas | Specifies the minimum replicas to scale to maintain an average CPU utilization. | Optional | 1 |
| ingress-gateway.maxReplicas | Specifies the maximum replicas to scale to maintain an average CPU utilization. | Optional | 1 |
| ingress-gateway.userAgentHeaderValidationConfigMode | This flag is used to accept the user-agent configurations from Helm or REST. | Mandatory | Helm |
| ingress-gateway. userAgentHeaderValidation.enabled | Specifies the type of validation that will be taken into consideration when processing the values born on the user agent header. | Mandatory | False |
| ingress-gateway.userAgentHeaderValidation.validationType | Specifies the type of validation that will be taken into consideration when processing the values on the user agent header. | Mandatory | Relaxed |
| ingress-gateway.userAgentHeaderValidation.consumerNfTypes | Compares the NF Type born in the user agent header present in the incoming requests towards CNC PCF's Ingress Gateway. | Mandatory | EMPTY |
| ingress-gateway.enableIncomingHttps | To enable HTTPS for ingress traffic. | Mandatory | false |
| ingress-gateway.service.ssl.privateKey.k8SecretName | Name of the Kubernetes Secret which contains the private key for BSF, | Mandatory | Not applicable |
| ingress-gateway.service.ssl.privateKey.k8NameSpace | Name of the Kubernetes Namespace where the Kubernetes Secret containing the private key for BSF can be found | Mandatory | Not applicable |
| ingress-gateway.service.ssl.privateKey.rsa.fileName | File name for BSF's private key generated using the RSA algorithm | Mandatory | Not applicable |
| ingress-gateway.service.ssl.certificate.k8SecretName | Name of the Kubernetes Secret which contains the BSF Certificate. | Mandatory | Not applicable |
| ingress-gateway.service.ssl.certificate.k8NameSpace | Name of the Kubernetes Namespace where the Kubernetes Secret containing the BSF Certificate can be found. | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.certificate.rsa.fileName | File name for BSF's Certificate, generated using an RSA resources. | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.caBundle.k8SecretName | Name of the Kubernetes Secret which contains the Trust Chain Certificate. | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.caBundle.k8NameSpace | Name of the Kubernetes Namespace where the Kubernetes Secret containing the Trust Chain Certificate can be found. | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.caBundle.fileName | File name for the Trust Chain Certificate | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.keyStorePassword.k8SecretName | Name of the Kubernetes Secret which contains the Key Store Password file | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.keyStorePassword.k8NameSpace | Name of the Kubernetes Namespace where the Kubernetes Secret containing the Key Store Password file can be found. | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.keyStorePassword.fileName | File name that has password for keyStore | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.trustStorePassword.k8SecretName | Name of the Kubernetes Secret which contains the Trust Store Password file. | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.trustStorePassword.k8NameSpace | Name of the Kubernetes Namespace where the Kubernetes Secret containing the Trust Store Password file can be found. | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.trustStorePassword.fileName | File name that has password for TrustStore | Mandatory | Not Applicable |
| ingress-gateway.service.ssl.tlsVersion | Indicates the TLS version. | Mandatory |
Data Type: String Default Value: TLSv1.2 Range:
|
| ingress-gateway.allowedCipherSuites | Indicates the allowed Ciphers suites. | Optional |
Data Type: String Default Value: NA Range:
|
| ingress-gateway.cipherSuites | Indicates the supported cipher suites. | Optional |
Data Type: String Default Value: NA Range:
|
ocbsf_custom_values_23.4.6.yaml
file:
ingress-gateway:
#keep alive settings
ingressServer:
keepAlive:
enabled: false
idealTime: 180 #in seconds
count: 9
interval: 60 #in seconds
allowedCipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# ---- User Agent Validation Configuration - BEGIN ----
userAgentHeaderValidationConfigMode: HELM
userAgentHeaderValidation:
enabled: false
validationType: relaxed
# List of consumer NF Types to be matched against the value of User-Agent header in the request
consumerNfTypes:
- "PCF"
- "AF"
- "NEF"
# ---- User Agent Validation Configuration - END ----
# Enable it to accept incoming http requests
enableIncomingHttp: true
# ---- HTTPS Configuration - BEGIN ----
enableIncomingHttps: false
service:
ssl:
tlsVersion: TLSv1.2
#supportedCipherSuiteList: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
privateKey:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
rsa:
fileName: rsa_private_key_pkcs1.pem
certificate:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
rsa:
fileName: ocegress.cer
caBundle:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: key.txt
trustStorePassword:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: trust.txt
# Enable or disable IP Address allocation from Metallb Pool
metalLbIpAllocationEnabled: false
# Address Pool Annotation for Metallb
metalLbIpAllocationAnnotation: "metallb.universe.tf/address-pool: signaling"
# -----Ingress Gateway Settings - END-----3.10 Configuring Egress Gateway
Note:
Following configurations are applicable only when Egress Gateway is enabled.Table 3-25 Configurable Parameters for Configurations in Egress Gateway
| Parameter | Description |
|---|---|
| egress-gateway.enableForwardedHeader | Enabling this parameter, egress-gateway will add
Forwarded and x-Forwaredheaders.
By default, the value is set to false. |
| egress-gateway.isIpv6Enabled | Set the value to true for this parameter when NF is deployed in IPv6 cluster. |
| egress-gateway.minAvailable | Specifies the number of pods that must always be available, even during a disruption. |
| egress-gateway.minReplicas | Specifies the minimum replicas to scale to maintain an average CPU utilization. |
| egress-gateway.maxReplicas | Specifies the maximum replicas to scale to maintain an average CPU utilization. |
| egress-gateway.userAgentHeaderConfigMode | This parameter is used to accept the user-agent configurations from Helm or REST. |
| egress-gateway.userAgentHeader.enabled | Specifies whether the feature is enabled or
disabled.
By default, the value is set to false. |
| egress-gateway.userAgentHeader.nfType | This parameter holds the nfType that will be used to generate the user agent header. |
| egress-gateway.userAgentHeader.nfInstanceId | This parameter represents the UUID of the CNPCF deployment that will be used to generate the user agent header. |
| egress-gateway.userAgentHeader.addFqdnToHeader | This parameter specifies if the user agent will use
the FQDN information under the module to append it when generating
the user agent header.The default value is set to 'false' meaning
that the FQDN information will not be encoded into the user agent
header during its generation.
By default, the value is set to false. |
| egress-gateway.userAgentHeader.nfFqdn | This is an optional parameter and can be present or not, if operators want to include the FQDN string configured under this section then the parameter userAgentHeader.addFqdnToHeader needs to be enabled. |
| egress-gateway.userAgentHeader.overwriteHeader | This parameter specifies if the the user agent header is sent or not. |
| egress-gateway.sniHeader.enabled | Enabling this parameter, egress-gateway will add SNI
flag in client hello message of outbound traffic.
Note: SNI enabling is depending on the initssl parameter from egress-gateway helm charts (Default value of initssl=true[TLS enable] , initssl=false[TLS disable] ). It is an optional parameter. By default, the value is set to false. |
| egress-gateway.enableOutgoingHttps |
This parameter is used to enable HTTPS for egress traffic. Default value: false |
| egress-gateway.egressGwCertReloadEnabled |
Default value: false |
| egress-gateway.egressGwCertReloadPath |
Accepts a valid reload path. Default value: /egress-gw/store/reload |
| egress-gateway.service.ssl.privateKey.k8SecretName |
Name of the Kubernetes Secret which contains the private key for BSF, Default value: Not applicable |
| egress-gateway.service.ssl.privateKey.k8NameSpace |
Name of the Kubernetes Namespace where the Kubernetes Secret containing the private key for BSF can be found Default value: Not applicable |
| egress-gateway.service.ssl.privateKey.rsa.fileName |
File name for BSF's private key generated using the RSA algorithm Default value: Not applicable |
| egress-gateway.service.ssl.privateKey.ecdsa.fileName |
File name for BSF's private key generated using the ECDSA algorithm Default value: Not applicable |
| egress-gateway.service.ssl.certificate.k8SecretName |
Name of the Kubernetes Secret which contains the BSF Certificate. Default value: Not applicable |
| egress-gateway.service.ssl.certificate.k8NameSpace |
Name of the Kubernetes Namespace where the Kubernetes Secret containing the BSF Certificate can be found. Default value: Not applicable |
| egress-gateway.service.ssl.certificate.rsa.fileName | File name for BSF's Certificate, generated using an
RSA resources.
Default value: Not applicable |
| egress-gateway.service.ssl.certificate.ecdsa.fileName |
File name for BSF's Certificate, generated using an ECDSA resources. Default value: Not applicable |
| egress-gateway.service.ssl.caBundle.k8SecretName |
Name of the Kubernetes Secret which contains the Trust Chain Certificate. Default value: Not applicable |
| egress-gateway.service.ssl.caBundle.k8NameSpace |
Name of the Kubernetes Namespace where the Kubernetes Secret containing the Trust Chain Certificate can be found. Default value: Not applicable |
| egress-gateway.service.ssl.caBundle.fileName |
File name for the Trust Chain Certificate Default value: Not applicable |
| egress-gateway.service.ssl.keyStorePassword.k8SecretName |
Name of the Kubernetes Secret which contains the Key Store Password file. Default value: Not applicable |
| egress-gateway.service.ssl.keyStorePassword.k8NameSpace | Name of the Kubernetes Namespace where the
Kubernetes Secret containing the Key Store Password file can be
found.
Default value: Not applicable |
| egress-gateway.service.ssl.keyStorePassword.fileName | File name that has password for keyStore
Default value: Not applicable |
| egress-gateway.service.ssl.trustStorePassword.k8SecretName | Name of the Kubernetes Secret which contains the
Trust Store Password file.
Default value: Not applicable |
| egress-gateway.service.ssl.trustStorePassword.k8NameSpace | Name of the Kubernetes Namespace where the
Kubernetes Secret containing the Trust Store Password file can be
found.
Default value: Not applicable |
| egress-gateway.service.ssl.trustStorePassword.fileName | File name that has password for TrustStore.
Default value: Not applicable |
| egress-gateway.service.ssl.tlsVersion | Indicates the TLS version, a mandatory field.
Data Type: String Default Value: TLSv1.2 Range:
|
| egress-gateway.allowedCipherSuites | Indicates the allowed Ciphers suites.
Data Type: String Default Value: NA Range:
|
| egress-gateway.cipherSuites | Indicates the supported cipher suites.
Data Type: String Default Value: NA Range:
|
ocbsf_custom_values_23.4.6.yaml.file:
egress-gateway:
#Enabled when deployed in Ipv6 cluster
isIpv6Enabled: false
# enabling this egress-gateway will add Forwarded and x-Forwaredheaders
enableForwardedHeader: false
#Cipher Suites to be enabled on client side
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
allowedCipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# ---- User-agent Header configuration - BEGIN ----
userAgentHeaderConfigMode: HELM
userAgentHeader:
enabled: false # flag to enable or disable the feature
nfType: "" # NF type of consumer NF
nfInstanceId: "" # NF type of consumer NF
addFqdnToHeader: false # Flag to add fqdn. If enabled then user-agent header will be generated along with the fqdn configured otherwise fqdn will not be added
nfFqdn: "" #fqdn of NF. This is not the fqdn of gateway
overwriteHeader: false
# ---- User-agent Header Configuration - END ----
# ---- HTTPS Configuration - BEGIN ----
#Enabling it for egress https requests
enableOutgoingHttps: false
#Enabling it for egress http1.1 requests
http1:
enableOutgoingHTTP1: false # Flag to enable or disable the feature
egressGwCertReloadEnabled: false
egressGwCertReloadPath: /egress-gw/store/reload
service:
ssl:
tlsVersion: TLSv1.2
#supportedCipherSuiteList: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
privateKey:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
rsa:
fileName: ocegress.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: key.txt
trustStorePassword:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: trust.txt
# ---- HTTPS Configuration - END ----
3.11 Configuring Service and Container Ports
ocbsf_custom_values_23.4.6.yaml file to configure service and container ports.
Note:
For upgrade scenario, changing port will cause temporary service disruption.ocbsf_custom_values_23.4.6.yaml file:
Table 3-26 Customizable Parameters for Service Ports Configuration
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| global.servicePorts.bsfManagementServiceHttp | HTTP signaling port for BSF management service. | Optional | 5903 |
| global.servicePorts.bsfManagementServiceHttps | HTTPS signaling port for BSF management service. | Optional | 8443 |
| global.servicePorts.appInfoHttp | HTTP signaling port for app info.
Note: The value for this port must be same as
|
Optional | 5906 |
| global.servicePorts.cmServiceHttp | HTTP signaling port for CM service. | Optional | 5808 |
| global.servicePorts.configServerHttp | HTTP signaling port for config server.
Note: The value for this port must be same as
|
Optional | 5807 |
| global.servicePorts.diamGatewayHttp | HTTP signaling port for Diameter gateway. | Optional | 8080 |
| global.servicePorts.diamGatewayDiameter | Port for Diameter gateway. | Optional | 3868 |
| global.servicePorts.perfInfoHttp | HTTP signaling port for perf info.
The
value for this port must be same as
|
Optional | 5905 |
| global.servicePorts.queryServiceHttp | HTTP signaling port for query service. | Optional | 5805 |
| global.servicePorts.auditServiceHttp | This HTTP signaling port is used for audit service. | Optional | 8000 |
| global.servicePorts.egressGatewayHttp | HTTP signaling port for Egress Gateway.
The value for this port must be same as
|
Optional | 8080 |
| global.servicePorts.nrfClientNfManagementHttp | HTTP signaling port for NRF client management
service.
The value for this port must be same as
|
Optional | 5910 |
| global.servicePorts.nrfClientNfManagementHttps | HTTPS signaling port for NRF client management
service.
The value for this port must be same as
|
Optional | 5805 |
| global.servicePorts.nrfClientNfDiscoveryHttp | HTTP signaling port for NF discovery service by NRF
client.
The value for this port must be same as
|
Optional | 8000 |
| global.servicePorts.nrfClientNfDiscoveryHttps | HTTP signaling port for NF discovery service by NRF
client.
The value for this port must be same as
|
Optional | 9443 |
| global.servicePorts.alternateRouteServiceHttp | HTTP signaling port for alternate route service.
The value for this port must be same as
|
Optional | 8000 |
| global.servicePorts.alternateRouteServiceHazelcast |
The value for this port must be same as
|
Optional | 8000 |
ocbsf_custom_values_23.4.6.yaml
file:servicePorts:
bsfManagementServiceHttp: 5903
bsfManagementServiceHttps: 8443
# app info
appInfoHttp: &svcAppInfoHttp 8000
# cm service
cmServiceHttp: &svcCmServiceHttp 8000
# config server
configServerHttp: &svcConfigServerHttp 8000
# diameter gateway
diamGatewayHttp: 8000
diamGatewayDiameter: 3868
# perf info
perfInfoHttp: &svcPerfInfoHttp 8000
# query service
queryServiceHttp: 8000
# audit service
auditServiceHttp: 8000
# egress gateway
egressGatewayHttp: &svcEgressGatewayHttp 8000
# nrf client
nrfClientNfDiscoveryHttp: &svcNrfClientNfDiscoveryHttp 8000
nrfClientNfManagementHttp: &svcNrfClientNfManagementHttp 8000
nrfClientNfDiscoveryHttps: &svcNrfClientNfDiscoveryHttps 9443
nrfClientNfManagementHttps: &svcNrfClientNfManagementHttps 9443
# alternate route
alternateRouteServiceHttp: &svcAlternateRouteServiceHttp 8000
alternateRouteServiceHazelcast: &svcAlternateRouteServiceHazelcast 8000Table 3-27 Customizable Parameters for Container Ports Configuration
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| global.containerPorts.monitoringHttp | HTTP signaling port for monitoring.
Note: The value for this port must be same as
|
Optional | 9000 |
| global.containerPorts.bsfManagementServiceHttp | HTTP signaling port for BSF Management service. | Optional | 8080 |
| global.containerPorts.bsfManagementServiceHttps | HTTPS signaling port for BSF Management service. | Optional | 8443 |
| global.containerPorts.appInfoHttp | HTTP signaling port for app info. | Optional | 5906 |
| global.containerPorts.cmServiceHttp | HTTP signaling port for CMservice. | Optional | 5807 |
| global.containerPorts.configServerHttp | HTTP signaling port for config server. | Optional | 8001 |
| global.containerPorts.diamGatewayHttp | HTTP signaling port for Diameter Gateway. | Optional | 8080 |
| global.containerPorts.diamGatewayDiameter | Diameter gateway. | Optional | 3868 |
| global.containerPorts.perfInfoHttp | HTTP signaling port for perf-info. | Optional | 5905 |
| global.containerPorts.queryServiceHttp | HTTP signaling port for queryservice. | Optional | 8081 |
| global.containerPorts.auditServiceHttp | HTTP signaling port for audit service. | Optional | 8000 |
| global.containerPorts.nrfClientNfManagementHttp | HTTP signaling port for NRF client management.
Note: The value for this port must be same as
|
Optional | 8000 |
| global.containerPorts.nrfClientNfDiscoveryHttp | HTTP signaling port for NF discovery service by NRF
client.
The value for this port must be same as
|
Optional | 8000 |
| global.containerPorts.nrfClientNfManagementHttps | HTTPS signaling port for NRF client management.
Note: The value for this port must be same as
|
Optional | 9443 |
| global.containerPorts.nrfClientNfDiscoveryHttps | HTTPS signaling port for NF discovery service by NRF
client.
The value for this port must be same as
|
Optional | 9443 |
| global.containerPorts.ingressGatewayHttp | HTTP signaling port for Ingress Gateway.
Note: The value for this port must be same as
|
Optional | 8081 |
| global.containerPorts.ingressGatewayHttps | HTTPS signaling port for Ingress Gateway.
Note: The value for this port must be same as
|
Optional | 9443 |
| global.containerPorts.alternateRouteServiceHttp | HTTP Signaling port for alternate route service.
Note: The value for this port must be same as
|
Optional | 8004 |
ocbsf_custom_values_23.4.6.yaml
file:containerPorts:
bsfManagementServiceHttp: 8080
bsfManagementServiceHttps: 8443
monitoringHttp: &containerMonitoringHttp 9000
# app info
appInfoHttp: 8000
# cm service
cmServiceHttp: 8000
# config server
configServerHttp: 8000
# diameter gateway
diamGatewayHttp: 8000
diamGatewayDiameter: 3868
# perf info
perfInfoHttp: 8000
# query service
queryServiceHttp: 8000
# audit service
auditServiceHttp: 8000
# nrf client
nrfClientNfDiscoveryHttp: &containerNrfClientNfDiscoveryHttp 8000
nrfClientNfManagementHttp: &containerNrfClientNfManagementHttp 8000
nrfClientNfDiscoveryHttps: &containerNrfClientNfDiscoveryHttps 9443
nrfClientNfManagementHttps: &containerNrfClientNfManagementHttps 9443
# ingress gateway
ingressGatewayHttp: &containerIngressGatewayHttp 8000
ingressGatewayHttps: &containerIngressGatewayHttps 9443
# alternate route service : Note: This port shall not be same as alternateRouteServiceHazelcast which is 8000 in this sample custom values file
alternateRouteServiceHttp: &containerAlternateRouteServiceHttp 8004Table 3-28 Customizable Parameters for Ports Configuration in Ingress Gateway
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
|
global.publicHttpSignalingPort |
HTTP/2.0 Port of ingress gateway | Optional | 80 |
| global.publicHttpsSignalingPort | HTTPS/2.0 Port of ingress gateway
The value for this port must be set to 0 if HTTPS is disabled. |
Optional | 443 |
| global.configServerPort | HTTP signaling port for config server. | Optional |
Note: The value for this port must be same as
|
| ingress-gateway.ports.actuatorPort | Optional | Same value as
containerMonitoringHttp |
|
| ingress-gateway.ports.containerPort | Optional | Same value as
containerIngressGatewayHttp |
|
| ingress-gateway.ports.containersslPort | Optional | Same value as
containerIngressGatewayHttps |
ocbsf_custom_values_23.4.6.yaml
file:# -----Ingress Gateway Settings - BEGIN-----
# If httpsEnabled is false, this Port would be HTTP/2.0 Port (unsecured)
publicHttpSignalingPort: 80
# If httpsEnabled is true, this Port would be HTTPS/2.0 Port (secured SSL)
publicHttpsSignalingPort: 443
configServerPort: *svcConfigServerHttp
ingress-gateway:
ports:
actuatorPort: *containerMonitoringHttp
containerPort: *containerIngressGatewayHttp
containersslPort: *containerIngressGatewayHttpsTable 3-29 Customizable Parameters for Ports Configuration in Egress Gateway
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| egress-gateway.serviceEgressGateway.actuatorPort | Optional | Same value as
containerMonitoringHttp |
|
| egress-gateway.serviceEgressGateway.Port | Optional | Same value as
svcEgressGatewayHttp |
ocbsf_custom_values_23.4.6.yaml
file:
egress-gateway:
serviceEgressGateway:
actuatorPort: *containerMonitoringHttp
port: *svcEgressGatewayHttpTable 3-30 Customizable Parameters for Ports Configuration in nrf-client-nfdiscovery
| Parameter | Description | Mandatory/Optional Parameter | Default Value | Notes |
|---|---|---|---|---|
|
global.nrf-client-nfdiscovery.envPlatformServicePort |
HTTP signaling port for app info. | Optional | 5906 | Same value as svcAppInfoHttp |
|
global.nrf-client-nfdiscovery.envPerformanceServicePort |
HTTP signaling port for perf info. | Optional | 5905 | Same value as svcPerfInfoHttp |
| global.nrf-client-nfdiscovery.envCfgServerPort | HTTP signaling port for config server. | No | 5807 | same vale as svcConfigServerHttp |
| global.nrf-client-nfdiscovery.containerHttpPort | HTTP signaling port for NRF client discovery. | Optional | 8000 | Same value as
containerNrfClientNfDiscoveryHttp |
| global.nrf-client-nfdiscovery.containerHttpsPort | HTTPS signaling port for NRF client discovery. | Optional | 9443 | Same value as
containerNrfClientNfDiscoveryHttps |
| global.nrf-client-nfdiscovery.serviceHttpPort | HTTP signaling port for NRF client discovery service. | Optional | 5910 | Same value as
svcNrfClientNfDiscoveryHttp |
| global.nrf-client-nfdiscovery.serviceHttpsPort | HTTPS signaling port for NRF client discovery service. | Optional | 8443 | Same value as
svcNrfClientNfDiscoveryHttps |
ocbsf_custom_values_23.4.6.yaml
file:nrf-client-nfdiscovery:
envJaegerSamplerParam: '1'
envJaegerSamplerType: ratelimiting
envJaegerServiceName: pcf-nrf-client-nfdiscovery
envPlatformServicePort: *svcAppInfoHttp
envPerformanceServicePort: *svcPerfInfoHttp
envCfgServerPort: *svcConfigServerHttp
containerHttpPort: *containerNrfClientNfDiscoveryHttp
containerHttpsPort: *containerNrfClientNfDiscoveryHttps
serviceHttpPort: *svcNrfClientNfDiscoveryHttp
serviceHttpsPort: *svcNrfClientNfDiscoveryHttps
envDiscoveryServicePort: *svcNrfClientNfDiscoveryHttp
envManagementServicePort : *svcNrfClientNfManagementHttp
alternateRouteServiceEnabled: falseTable 3-31 Customizable Parameters for Ports Configuration in nrf-client-nfmanagement
| Parameter | Description | Mandatory/Optional Parameter | Default Value | Value |
|---|---|---|---|---|
|
global.nrf-client-nfmanagement.envPlatformServicePort |
HTTP signaling port for app info. | Optional | 5906 | Same value as svcAppInfoHttp |
|
global.nrf-client-nfmanagement.envPerformanceServicePort |
HTTP signaling port for perf info. | Optional | 5905 | Same value as svcPerfInfoHttp |
| global.nrf-client-nfmanagement.envCfgServerPort | HTTP signaling port for config server. | Optional | 5807 | same vale as svcConfigServerHttp |
| global.nrf-client-nfmanagement.containerHttpPort | HTTP signaling port for NRF client discovery. | Optional | 8000 | Same value as
containerNrfClientNfManagementHttp |
| global.nrf-client-nfmanagement.containerHttpsPort | HTTPS signaling port for NRF client discovery. | Optional | 9443 | Same value as
containerNrfClientNfManagementHttps |
| global.nrf-client-nfmanagement.serviceHttpPort | HTTP signaling port for NRF client discovery service. | Optional | 5910 | Same value as
svcNrfClientNfManagementHttp |
| global.nrf-client-nfmanagement.serviceHttpsPort | HTTPS signaling port for NRF client discovery service. | Optional | 8443 | Same value as
svcNrfClientNfManagementHttps |
ocbsf_custom_values_23.4.6.yaml
file:nrf-client-nfmanagement:
envJaegerSamplerParam: '1'
envJaegerSamplerType: ratelimiting
envJaegerServiceName: pcf-nrf-client-nfmanagement
envPlatformServicePort: *svcAppInfoHttp
envPerformanceServicePort: *svcPerfInfoHttp
envCfgServerPort: *svcConfigServerHttp
containerHttpPort: *containerNrfClientNfManagementHttp
containerHttpsPort: *containerNrfClientNfManagementHttps
serviceHttpPort: *svcNrfClientNfManagementHttp
serviceHttpsPort: *svcNrfClientNfManagementHttps
alternateRouteServiceEnabled: falseTable 3-32 Customizable Parameters for Ports Configuration in Alternate Route Service
| Parameter | Description | Mandatory/Optional Parameter | Default Value | Notes |
|---|---|---|---|---|
| alternate-route.ports.servicePort | HTTP signaling port for alternate route service. | Optional | 8000 | Same value as
svcAlternateRouteServiceHttp |
| alternate-route.ports.containerPort | HTTP signaling port for alternate route service. | Optional | 8004 | Same value as
containerAlternateRouteServiceHttp |
| alternate-route.ports.actuatorPort | HTTP signaling port for monitoring. | Optional | 9000 | Same value as
containerMonitoringHttp |
| alternate-route.hazelcast.port | Optional | 8000 | Same value as
svcAlternateRouteServiceHazelcast |
ocbsf_custom_values_23.4.6.yaml
file:
alternate-route:
ports:
servicePort: *svcAlternateRouteServiceHttp
containerPort: *containerAlternateRouteServiceHttp
actuatorPort: *containerMonitoringHttp
hazelcast:
port: *svcAlternateRouteServiceHazelcast3.12 OAUTH Configuration
ocbsf_custom_values_23.4.6.yaml files to configure OAUTH in ingress/egress gateway.
Note:
These configurations are applicable when the Ingress/Egress Gatway is enabled and the NRF Client services are enabled.Table 3-33 Configurable Parameters for OAUTH Configuration in Ingress Gateway
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| ingress-gateway.oauthValidatorEnabled | Enable or disable OAuth Validator.
If Access Token service is not required, operator can choose to set the value of this parameter as false. By doing so, Access Token microservice will not be deployed. |
Optional | false |
| ingress-gateway.nfInstanceId | NF Instance Id of service producer | Optional | 6faf1bbc-6e4a-4454-a507-a14ef8e1bc11 |
| ingress-gateway.allowedClockSkewSeconds | set this value if clock on the parsing NF (producer) is not perfectly in sync with the clock on the NF (consumer) that created by JWT | Optional | 0 |
| ingress-gateway.nrfPublicKeyKubeSecret | Name of the secret which stores the public key(s) of NRF | Optional | |
| ingress-gateway.nrfPublicKeyKubeNamespace | Namespace of the NRF public key secret | Optional | |
| ingress-gateway.validationType | Possible values are:
strict- If incoming request does not contain "Authorization" (Access Token) header, the request is rejected. relaxed- relaxed means that if Incoming request contains "Authorization" header, it is validated. If Incoming request does not contain "Authorization" header, validation is ignored. |
Optional | relaxed |
| ingress-gateway.producerPlmnMNC | MNC of the service producer | Optional | 123 |
| ingress-gateway.producerPlmnMCC | MCC of the service producer | Optional | 456 |
| ingress-gateway.producerScope | Contains the NF service name(s) of the NF service
producer(s). The service name(s) included in this attribute shall be
any of the services defined in the ServiceName enumerated type.
Note:
|
Mandatory | nbsf-management |
| ingress-gateway.nfType | Specifies the NF type of the NF service producer. It is included when the access token request is for an NF or NF service instance. | Optional | BSF |
ocbsf_custom_values_23.4.6.yaml file: # ----OAUTH CONFIGURATION - BEGIN ----
oauthValidatorEnabled: false
nfInstanceId: 6faf1bbc-6e4a-4454-a507-a14ef8e1bc11
allowedClockSkewSeconds: 0
nrfPublicKeyKubeSecret: ''
nrfPublicKeyKubeNamespace: ''
validationType: relaxed
producerPlmnMNC: 123
producerPlmnMCC: 456
nfType: BSF
# ----OAUTH CONFIGURATION - END ----Table 3-34 Configurable Parameters for OAUTH Configuration in Egress Gateway
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| egress-gateway.oauthClient.enabled | OAuth Validator Enabled | Optional | false |
| egress-gateway.oauthClient.dnsSrvEnabled | Enable/Dsiable the DNS-SRV query to coreDNS Server | Optional | false |
| egress-gateway.oauthClient.httpsEnabled | Determine if https support is enabled or not which is a deciding factor for oauth request scheme and search query parameter in dns-srv request. | Optional | false |
| egress-gateway.oauthClient.nrfClientQueryEnabled | Determines if NRF-Client Query is enabled or not (Dynamic configuration). | Optional | false |
| egress-gateway.oauthClient.virtualFqdn | virtualFqdn value which needs to be populated and sent in the dns-srv query. | Conditional ( If dnsSrvEnabled is set to true.) | -1 |
| egress-gateway.oauthClient.staticNrfList | List of Static NRF's | Conditional ( If oAuth is enabled.) | |
| egress-gateway.oauthClient.nfInstanceId | NF InstanceId of Producer | Optional |
fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
Note: Update the parameter with actual value, if OAuth is enabled. |
| egress-gateway.oauthClient.consumerPlmnMNC | MNC of service Consumer | Optional | 345
Note: Update the parameter with actual value, if OAuth is enabled. |
| egress-gateway.oauthClient.consumerPlmnMCC | MCC of service Consumer | Optional | 567
Note: Update the parameter with actual value, if OAuth is enabled. |
| egress-gateway.oauthClient.maxRetry | Maximum number of retry that need to be performed to other NRF Fqdn’s in case of failure response from first contacted NRF based on the errorCodeSeries configured. | Conditional ( If oAuth is enabled.) | 2 |
| egress-gateway.oauthClient.apiPrefix | apiPrefix that needs to be appended in the Oauth request flow. | Conditional ( If oAuth is enabled.) | |
| egress-gateway.oauthClient.errorCodeSeries | Determines the fallback condition to other NRF in case of failure response from currently contacted NRF. | Conditional ( If oAuth is enabled and required a different error code series.) | 4XX |
| egress-gateway.oauthClient.retryAfter | RetryAfter value in milliseconds that needs to be set for a particular NRF Fqdn, if the error matched the configured errorCodeSeries. | Conditional ( If oAuth is enabled.) | 5000 |
| egress-gateway.oauthClient.nrfClientConfig | Determines the NRF-Client Mgmt Svc configurations which are required when dynamic configurations are in place at Egress-Gateway. | ||
| egress-gateway.oauthClient.nrfClientConfig.serviceName | The service name of NRF-Client Mgmt Svc | ocbsf-nrf-client-nfmanagement | |
| egress-gateway.oauthClient.nrfClientConfig.host | The address of NRF-Client Mgmt Svc | 10.233.49.44 | |
| egress-gateway.oauthClient.nrfClientConfig.port | Determines the port configuration for NRF-Client Mgmt Svc for sending Subscription requests. | 8000 | |
| egress-gateway.oauthClient.nrfClientRequestMap | Determines the request mapping URL for sending Subscription requests from Egress-Gateway to NRF-Client Mgmt Svc. | /v1/nrf-client/subscriptions/nrfRouteList |
ocbsf_custom_values_23.4.6.yaml
file:oauthClient:
enabled: false
dnsSrvEnabled: false
httpsEnabled: false
nrfClientQueryEnabled: false
virtualFqdn: nrf.oracle.com:80
staticNrfList:
- nrf1.oracle.com:80
nfInstanceId: fe7d992b-0541-4c7d-ab84-c6d70b1b01b1
consumerPlmnMNC: 345
consumerPlmnMCC: 567
maxRetry: 2
apiPrefix: ""
errorCodeSeries: 4XX
retryAfter: 5000
nrfClientConfig:
serviceName: "ocbsf-nrf-client-nfmanagement"
host: 10.233.49.44
port: 8000
nrfClientRequestMap: "/v1/nrf-client/subscriptions/nrfRouteList"
# ---- Oauth Configuration - END ----3.13 Configuring Ingress/Egress Gateway HTTPS
ocbsf_custom_values_23.4.6.yaml files to configure HTTPS in ingress/egress gateway.
Note:
These configurations are applicable only when ingress/egress gateway is enabled and the following parameters are set to true inocbsf_custom_values_23.4.6.yaml file:
-
ingress-gateway.enableIncomingHttps egress-gateway.enableOutgoingHttps
Table 3-35 Configurable Parameters for HTTPS Configurations in Ingress Gateway
| Parameter | Description | Mandatory/Optional Parameter | Default Value | Notes |
|---|---|---|---|---|
| ingress-gateway.enableIncomingHttps | To enable https for ingress traffic | Optional | False | |
|
ingress-gateway.service.ssl.privateKey.k8SecretName |
Name of the private key secret. | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.privateKey.k8NameSpace |
Namespace of private key. | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.privateKey.rsa.fileName |
rsa private key file name. | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.certificate.k8SecretName |
Name of the private key secret | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.certificate.k8NameSpace |
Namespace of private key | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.certificate.rsa.fileName |
rsa private key file name | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.caBundle.k8SecretName |
Name of the private key secret | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.caBundle.k8NameSpace |
Namespace of private key | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.caBundle.fileName |
private key file name | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.keyStorePassword.k8SecretName |
Name of the privatekey secret | Optional | Not Applicable | required if enableIncomingHttp is true |
|
ingress-gateway.service.ssl.keyStorePassword.k8NameSpace |
Namespace of privatekey | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.keyStorePassword.fileName |
File name that has password for keyStore | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.trustStorePassword.k8SecretName |
Name of the privatekey secret | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.trustStorePassword.k8NameSpace |
Namespace of privatekey | Optional | Not Applicable | required if enableIncomingHttps is true |
|
ingress-gateway.service.ssl.trustStorePassword.fileName |
File name that has password for trustStore | Optional | Not Applicable | required if enableIncomingHttps is true |
ocbsf_custom_values_23.4.6.yaml
file:# ---- HTTPS Configuration - BEGIN ----
enableIncomingHttps: false
service:
ssl:
privateKey:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
rsa:
fileName: rsa_private_key_pkcs1.pem
certificate:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
rsa:
fileName: ocegress.cer
caBundle:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: key.txt
trustStorePassword:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: trust.txtTable 3-36 Configurable Parameters for HTTPS Configurations in Egress Gateway
| Parameter | Description | Mandatory/Optional Parameter | Default Value | Notes |
|---|---|---|---|---|
| egress-gateway.enableOutgoingHttps | Enabling it for outgoing https request | No | false | |
| egress-gateway.egressGwCertReloadEnabled | No | false | ||
| egress-gateway.egressGwCertReloadPath | No | /egress-gw/store/reload | ||
| egress-gateway.service.ssl.privateKey.k8SecretName | Name of the privatekey secret | No | Not Applicable | |
| egress-gateway.service.ssl.privateKey.k8NameSpace | Namespace of privatekey | No | Not Applicable | |
| egress-gateway.service.ssl.privateKey.rsa.fileName | rsa private key file name | No | Not Applicable | |
| egress-gateway.service.ssl.privateKey.ecdsa.fileName | ecdsa private key file name | No | Not Applicable | |
| egress-gateway.service.ssl.certificate.k8SecretName | Name of the privatekey secret | No | Not Applicable | |
| egress-gateway.service.ssl.certificate.k8NameSpace | Namespace of privatekey | No | Not Applicable | |
| egress-gateway.service.ssl.certificate.rsa.fileName | rsa private key file name | No | Not Applicable | |
| egress-gateway.service.ssl.certificate.ecdsa.fileName | ecdsa private key file name | No | Not Applicable | |
| egress-gateway.service.ssl.caBundle.k8SecretName | Name of the privatekey secret | No | Not Applicable | |
| egress-gateway.service.ssl.caBundle.k8NameSpace | Namespace of privatekey | No | Not Applicable | |
| egress-gateway.service.ssl.caBundle.fileName | private key file name | No | Not Applicable | |
| egress-gateway.service.ssl.keyStorePassword.k8SecretName | Name of the privatekey secret | No | Not Applicable | |
| egress-gateway.service.ssl.keyStorePassword.k8NameSpace | Namespace of privatekey | No | Not Applicable | |
| egress-gateway.service.ssl.keyStorePassword.fileName | File name that has password for keyStore | No | Not Applicable | |
| egress-gateway.service.ssl.trustStorePassword.k8SecretName | Name of the privatekey secret | No | Not Applicable | |
| egress-gateway.service.ssl.trustStorePassword.k8NameSpace | Namespace of privatekey | No | Not Applicable | |
| egress-gateway.service.ssl.trustStorePassword.fileName | File name that has password for trustStore | No | Not Applicable |
ocbsf_custom_values_23.4.6.yaml
file:# ---- HTTPS Configuration - BEGIN ----
#Enabling it for egress https requests
enableOutgoingHttps: false
egressGwCertReloadEnabled: false
egressGwCertReloadPath: /egress-gw/store/reload
service:
ssl:
privateKey:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
rsa:
fileName: rsa_private_key_pkcs1.pem
ecdsa:
fileName: ssl_ecdsa_private_key.pem
certificate:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
rsa:
fileName: ocegress.cer
ecdsa:
fileName: ssl_ecdsa_certificate.crt
caBundle:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: caroot.cer
keyStorePassword:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: key.txt
trustStorePassword:
k8SecretName: ocbsf-gateway-secret
k8NameSpace: ocbsf
fileName: trust.txt
# ---- HTTPS Configuration - END ----
3.14 Configuring SCP
This section describes the customizatons that you can make in
ocbsf_custom_values_23.4.6.yaml files to support SCP integration including SBI
routing.
Important:
- Routes supporting the SBI-Routing configuration are updated in Egress Gateway only when its configuration details are provided correctly. Example: PeerSetConfiguration, PeerConfiguration, sbiroutingerrorcriteriasets, and sbiroutingerroractionsets. Routes not supporting the SBI-Routing configuration are updated only when they have valid route definition.
- Use Peerconfiguration to define the list of peers to which Egress Gateway can send request. This list contains peers that support HTTP/ HTTP-Proxy / HTTPS communication.
- Use Peersetconfiguration to logically group the peers into sets. Each set contains a list of peers that support HTTP and HTTPS communication modes.
- Use sbiRoutingErrorCriteriaSets to define an array of errorCriteriaSet , where each errorCriteriaSet depicts an ID, set of HTTP Methods, set of HTTP Response status codes set of exceptions with headerMatching functionality.
- Use sbiRoutingErrorActionSets to define an array of actionset, where each depicts an ID, action to be performed (Currently on REROUTE action is supported) and blacklist configurations.
- Configure the Priority for each peer in the set. Depending on the priority, it selects the primary, secondary, or tertiary peers to route requests.
Note:
- Egress Gateway accepts route configuration updates only if SBI-Routing feature is configured correctly.
- If the peer contains a virtual host address, Egress Gateway resolves the virtual host address using DNS-SRV query. If a peer is defined based on virtual host, then peerset can contain only one such peer for httpconfiguration and httpsconfiguration. User should not configure more than one virtual host based on peer in a given peerset for a given HTTP / HTTPS configuration.
- In case of peers based on virtual host, Egress Gateway does not consider priority values configured rather it retrieves priority from DNS-SRV records.
routeConfigMode: HELMNote:
Currently, HELM is the only supported value for this parameter.Configurations for SBI Routing
To enable and configure SBI Routing, perform the following configurations
- For sbiRoutingDefaultScheme
parameter, the default value is http. The value specified
in this field is considered when
3gpp-sbi-target-apirootheader is missing. - Now, configure a list of peers and peer sets. Each peer must
contain
id,host,port, andapiPrefix. Each peer set must contain HTTP or HTTPS instances where in each instance contains priority and peer identifier, which maps to peers configured under peerConfiguration.No two instances should have same priority for a given HTTP or HTTPS configuration. In addition, more than one virtual FQDN should not be configured for a given HTTP or HTTPS configuration.
sbiRouting:
# Default scheme applicable when 3gpp-sbi-target-apiroot header is missing
sbiRoutingDefaultScheme: http
peerConfiguration:
- id: peer1
host: scp1.test.com
port: 80
apiPrefix: "/"
- id: peer2
host: scp2.test.com
port: 80
apiPrefix: "/"
peerSetConfiguration:
- id: set0
httpConfiguration:
- priority: 1
peerIdentifier: peer1
- priority: 2
peerIdentifier: peer2
httpsConfiguration:
- priority: 1
peerIdentifier: peer1
- priority: 2
peerIdentifier: peer2Note:
If required, users can configure more SCP instances in a similar way.Route-level Configuration
Each route must have configured filters. In case, the SBIRouting
functionality is required without the reroutes, then configure
routes[0].metadata.sbiRoutingEnabled=true, SbiRouting in
filterName1, and set arguments without the
errorHandling section.
If SbiRouting functionality is required with the reroute mechanism, then
configure routes[0].metadata.sbiRoutingEnabled=true, SbiRouting
in filterName1, and set arguments with the
errorHandling section.
The errorHandling section contains an array of errorcriteriaset and actionset mapping with priority. The errorcriteriaset and actionset are configured through Helm using sbiRoutingErrorCriteriaSets and sbiRoutingErrorActionSets.
The sbiRoutingErrorCriteriaSets contains an array of errorCriteriaSet , where each errorCriteriaSet depicts an ID, set of HTTP Methods, set of HTTP Response status codes set of exceptions with headerMatching functionality .
The sbiRoutingErrorActionSets contains an array of actionset, where each depicts an ID, action to be performed (Currently on REROUTE action is supported) and blacklist configurations.
Note:
Ensure to configure sbiRoutingErrorCriteriaSets and sbiRoutingErrorActionSets.The httpRuriOnly and httpsTargetOnly parameters are used to enable HTTP-Proxy mode communication between Egress Gateway and Peer.
- id: nrf_direct
# uri: https://dummy.dontchange
# path: /nnrf-disc/**
# order: 4
# metadata:
# httpsTargetOnly: false
# httpRuriOnly: false
# sbiRoutingEnabled: false
# filterName1:
# name: SbiRouting
# args:
# peerSetIdentifier: set0
# customPeerSelectorEnabled: false
# errorHandling:
# - errorCriteriaSet: scp_direct2_criteria_1
# actionSet: scp_direct2_action_1
# priority: 1
# - errorCriteriaSet: scp_direct2_criteria_0
# actionSet: scp_direct2_action_0
# priority: 2
# - id: scp_routeEnable Re-routing
The Re-route mechanism works only for the incoming requests to Egress Gateway that are bound for SBI-Routing. The SBI-Routing bound requests must be re-routed to other instances of SBI based on certain response error codes or exceptions.
Note:
The above configuration is effective only whensbiRoutingEnabled is set to
true.
Note:
errorcriteriaset and actionset must be configured for reroute to work.SBIrouting , add
the following values in the Helm configuration
file:routesConfig:
- id: scp_direct2
uri: https://dummy.dontchange2
path: /dummy
order: 3
metadata:
httpsTargetOnly: false
httpRuriOnly: false
sbiRoutingEnabled: false
filterName1:
name: SbiRouting
args:
peerSetIdentifier: set0
customPeerSelectorEnabled: false
errorHandling:
- errorCriteriaSet: scp_direct2_criteria_1
actionSet: scp_direct2_action_1
priority: 1
- errorCriteriaSet: scp_direct2_criteria_0
actionSet: scp_direct2_action_0
priority: 2
sbiRoutingErrorCriteriaSets:
- id: scp_direct2_criteria_0
method:
- GET
- POST
- PUT
- DELETE
- PATCH
exceptions:
- java.util.concurrent.TimeoutException
- java.net.UnknownHostException
- id: scp_direct2_criteria_1
method:
- GET
- POST
- PUT
- DELETE
- PATCH
response:
statuses:
- statusSeries: 4xx
status:
- 400
- 404
- statusSeries: 5xx
status:
- 500
- 503
headersMatchingScript: "headerCheck,server,via,.*(SEPP|UDR).*"
sbiRoutingErrorActionSets:
- id: scp_direct2_action_0
action: reroute
attempts:2
blackList:
enabled: false
duration: 60000
- id: scp_direct2_action_1
action: reroute
attempts:3
blackList:
enabled: false
duration: 60000Handling Server and Via Header
This is an enhancement to the SBI routing functionality. An additional alternate routing rule is applied to the Egress Gateway when the header check is included in the configuration. This can be configured through sbiroutingerrrorcriteriaset and corresponding action can be taken by configuring sbierroractionsets.
To configure SBI Routing with Reroute functionality, see unresolvable-reference.html#GUID-4C63916E-1C2E-439C-ADEB-DD210424294B.
Note:
headersMatchingScript is a configuration that accepts a single string with comma seperated tokens.sbiRoutingErrorCriteriaSets:
- id: scp_direct2_criteria_1
method:
- GET
- POST
- PUT
- DELETE
- PATCH
response:
statuses:
- statusSeries: 4xx
status:
- 400
- 404
- statusSeries: 5xx
status:
- 500
- 503
headersMatchingScript: "headerCheck,server,via,.*(SEPP|UDR).*"- headerCheck : The Validation function name. It must be constant.
- server: Header name
- Via : Header Name
- *(SEPP|UDR).* : Regex expression against which the server or via header will be matched against.
This headersMatchingScript configuration gets satisfied if the response contains server or via header and the content of the header matches the regex configured. Fot the criteriaset to be matched, the response method, response status code, and headersMatchingScript configuration should be satisfied. The actionset is configured to blacklist the peer if the correspondng criteriaset is matched.
Sample sbiRoutingErrorActionSets configuration:
sbiRoutingErrorActionSets:
- id: scp_direct2_action_0
action: reroute
attempts: 2
blackList:
enabled: true
duration: 60000Once the sbiRoutingErrorCriteriaSets is selected, map this actionset to the selected criteriaset in the errorHandling section. The corresponding FQDN or Host in the server header value is blacklisted for the duration mentioned in the blackList section within the sbiRoutingErrorActionSets.
Note:
While configuring the sbiRoutingErrorCriteriaSets with server header checks (headersMatchingScript), ensure that criteriaset has the highest priority in the errorHandling section. And, while configuring criteriaset without the server header checks, ensure to keep the blackList.enabled as false. This is done for server header blacklisting when server header check is required.3.15 Logging Configuration
This section describes the customizations that you should make in
ocbsf_custom_values_23.4.6.yaml file to configure logging.
ocbsf_custom_values_23.4.6.yaml
file:
Table 3-37 Configurable Parameters for Logging Configuration in Ingress Gateway
| Parameter | Description |
|---|---|
| ingress-gateway.log.level.root |
Note: Configure this parameter only when ingress-gateway is enabled. This parameter refers to the Log level for root logs.Default Value: WARN |
| ingress-gateway.log.level.ingress |
Note: Configure this parameter only when ingress-gateway is enabled. This parameter refers to the Log level for ingress logs.Default Value: WARN |
| ingress-gateway.log.level.oauth |
Note: Configure this parameter only when ingress-gateway is enabled. This parameter refers to the Log level for oauth logs.Default Value: WARN |
ocbsf_custom_values_23.4.6.yaml
file:ingress-gateway:
log:
level:
root: WARN
ingress: WARN
oauth: WARNTable 3-38 Configurable Parameters for Logging Configuration in Egress Gateway
| Parameter | Description |
|---|---|
| egress-gateway.log.level.root |
Note: Configure this parameter only when egress-gateway is enabled. This parameter refers to the Log level for root logs.Default Value: WARN |
| egress-gateway.log.level.egress |
Note: Configure this parameter only when egress-gateway is enabled. This parameter refers to the Log level for ingress logs.Default Value: WARN |
| egress-gateway.log.level.oauth |
Note: Configure this parameter only when egress-gateway is enabled. This parameter refers to the Log level for oauth logs.Default Value: WARN |
ocbsf_custom_values_23.4.6.yaml
file:egress-gateway:
log:
level:
root: WARN
egress: WARN
oauth: WARNTable 3-39 Configurable Parameters for Logging Configuration in Alternate Route Service
| Parameter | Description |
|---|---|
| alternate-route.log.level.root | This parameter specifies the Log level for root
logs.
The default value for this parameter is WARN. Note: It is required only when alternate route service is enabled. |
| alternate-route.log.level.altroute | This parameter specifies the log level for alternate
route logs.
The default value for this parameter is WARN. Note: It is required only when alternate route service is enabled. |
ocbsf_custom_values_23.4.6.yaml
file:alternate-route:
log:
level:
root: WARN
altroute: WARNConfigurations for Debug Tool
At the global level, the extraContainers flag can be used to enable or disable injecting extra container, that is, Debug Tool. Users can set DISABLED (default value) or ENABLED values for this parameter.
The following is a snippet from the ocbsf_custom_values_23.4.6.yaml file:
# Use 'extraContainers' attribute to control the usage of extra container(DEBUG tool).
# Allowed Values: DISABLED, ENABLED
extraContainers: DISABLED
For more information on Debug Tool, see Oracle Communications Cloud Native Core Binding Support Function Troubleshooting Guide.
Table 3-40 Configurable Parameters for Logging Configuration in Prometheus
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| tagNamespace | Specifies the Kubernetes namespace. | Mandatory | kubernetes_namespace (for CNE
1.8.0)
|
| tagContainerName | Specifies the tag used for specifying name of the container. | Mandatory | container_name (for CNE
1.8.0)
|
| tagServiceName | Specifies the tag used for specifying name of the service. | Mandatory | kubernetes_name (for CNE
1.8.0)
|
ocbsf_custom_values_23.4.6.yaml
file:#Values for CNE 1.8 {tagNamespace: kubernetes_namespace, tagContainerName: container_name, tagServiceName: kubernetes_name}
#Values for CNE 1.9 {tagNamespace: namespace, tagContainerName: container, tagServiceName: service}
tagNamespace: kubernetes_namespace
tagContainerName: container_name
tagServiceName: kubernetes_name3.16 XFCC Header Validation Configuration
This section describes the customizatons that you can make in
ocbsf_custom_values_23.4.6.yaml file to configure XFCC header.
XFCC introduces support for Binding Support Function (BSF) as a producer, to check, if SCP which has sent the HTTP request is the same proxy consumer/client – expected to send an HTTP2 request.
BSF can achieve this by comparing the FQDN of the SCP present in the "x-forwarded-client-cert" (XFCC) of http2 header, with the FQDN of the SCPs configured in the CNC BSF.
ocbsf_custom_values_23.4.6.yaml file:
Table 3-41 Configurable Parameters for XFCC Header Validation Configuration
| Parameter | Description |
|---|---|
| ingress-gateway.xfccHeaderValida tion.validation.enabled | This optional parameter determines if incoming xfcc
header needs to be
validated.
Default Value: false |
| ingress-gateway.xfccHeaderValida tion.validation.peerList |
Note: Configure this parameter only when xfccHeader validation is enabled. Specifies the list of configured NF FQDN’s against which the matchField entry configured, present in the XFCC Header will be validated. |
| ingress-gateway.xfccHeaderValida tion.validation.matchCerts |
Note: Configure this parameter only when xfccHeader validation is enabled. This parameter refers to the number of certificates that need to be validated; starting from the right most entry in the XFCC header.
|
| ingress-gateway.xfccHeaderValida tion.validation.matchField |
Note: Configure this parameter only when xfccHeader validation is enabled. This parameter refers to the field in a corresponding XFCC header against which the configured scpList FQDN validation is performed.Default Value: DNS |
| ingress-gateway.xfccHeaderValida tion.validation.dnsResolutionInterval | Specifies the interval (in milliseconds) used to
resolve failed FQDNs.
Default value: 300000 |
| global.xfccHeaderValidation.validation.errorTrigger[i].exceptionType |
Specifies the configurable exception or error type for an error scenario in Ingress Gateway. Default value:
XFCC_HEADER_INVALID
XFCC_MATCHCERTCOUNT_GREATER_THAN_CERTS_IN_HEADER XFCC_HEADER_NOT_PRESENT_OR_EMPTY |
| global.xfccHeaderValidation.validation.errorTrigger[i].errorCode | Specifies the configurable error code to be returned
when the exception or error configured in exceptionType occurs at
Ingress Gateway.
Default value:
401
402 403 |
| global.xfccHeaderValidation.validation.errorTrigger[i].errorCause | Specifies the configurable error cause to be returned
when the exception or error configured in exceptionType occurs at
Ingress Gateway.
Default value: xfcc header is
invalid
matchCerts count is greater than the certs in the request xfcc header is not present or empty in the request |
| global.xfccHeaderValidation.validation.errorTrigger[i].errorTitle | Specifies the configurable error title to be returned
when the exception or error configured in exceptionType occurs at
Ingress Gateway.
Default value: Invalid XFCC Header |
| global.xfccHeaderValidation.validation.errorTrigger[i].errorDescription | Specifies the configurable error description to be
returned when the exception or error configured in exceptionType
occurs at Ingress Gateway.
Default value: empty string |
ocbsf_custom_values_23.4.6.yaml
file:global:
xfccHeaderValidation:
validation:
enabled: false
peerList:
- name: scp.com
- name: smf.com
- name: amf.com
- name: scp1.com
enabled: true
- name: scp2.com
- name: scp3.com
enabled: false
- name: xyz.test.com
enabled: true
scheme: http
type: virtual
- name: abc.test.com
enabled: true
scheme: https
type: virtual
- name: xfcc.test.com
enabled: false
scheme: http
type: virtual
matchCerts: -1
matchField: DNS
dnsResolutionInterval: 300000
errorTrigger:
- exceptionType: XFCC_HEADER_INVALID
errorCode: '401'
errorCause: xfcc header is invalid
errorTitle: 'Invalid XFCC Header'
errorDescription: 'Invalid XFCC Header'
- exceptionType: XFCC_MATCHCERTCOUNT_GREATER_THAN_CERTS_IN_HEADER
errorCode: '402'
errorCause: matchCerts count is greater than the certs in the request
errorTitle: ''
errorDescription: ''
- exceptionType: qaZ
errorCode: '403'
errorCause: xfcc header is not present or empty in the request
errorTitle: ''
errorDescription: ''XFCC Header - Route Level
validationEnabled parameter to true under each route (in
Ingress
Gateway):routesConfig:
- id: reverse_bsf_service
uri: http://{{ template "service-prefix" . }}-bsf-management:{{ .Values.global.servicePorts.bsfManagementServiceHttp }}
path: /nbsf-management/**
order: 1
- id: reverse_nrf_notify_service
uri: http://{{ template "service-prefix" . }}-nrf-client-nfmanagement:{{ .Values.global.servicePorts.nrfClientNfManagementHttp }}
path: /nnrf-client/**
order: 2Note:
These routes are for internal consumption and determine how the incoming traffic is distributed among microservices on the basis of routing properties. To make any modification to these routes other than enabling or disabling XFCC header feature, kindly contact My Oracle Support.3.17 Aspen service mesh configurations
This section describes the customizatons required in ocbsf_custom_values_23.4.6.yaml file of Binding Support Function
(BSF) to integrate Aspen service mesh with BSF.
- Enable ASM by setting the value for
serviceMeshEnabledparameter, under global section, as true. - Configure the values for the parameters described in the following
table:
Table 3-42 Configurable Parameters for Aspen Servicemesh Configuration
Parameter Description Mandatory Parameter Default Value Notes istioSidecarQuitUrl Specifies the sidecar quit URL (envoy container quite URL) if deployed with serviceMesh. This URL is needed to explicitly shutdown the sidecar container. Conditional http://127.0.0.1:15000/quitquitquitApplicable only when serviceMeshCheckparameter is set to true.istioSidecarReadyUrl Specifies the sidecar ready URL (envoy container quite URL) if deployed with serviceMesh. This URL is needed to check the readiness of the sidecar container during initialization process. The gateway container will come up only after sidecar container is ready. Conditional http://127.0.0.1:15000/readyApplicable only when serviceMeshCheckparameter is set to true. - In the global section, uncomment the following annotations to include port
9000 - a Prometheus scrap
port
allResources: labels: {} annotations: { #Enable this section for service-mesh based installation # traffic.sidecar.istio.io/excludeInboundPorts: "9000", # traffic.sidecar.istio.io/excludeOutboundPorts: "9000" } - (Optional) If BSF is deployed with OSO, the pods need to have an annotation
oracle.com/cnc:
true.
lbServices: labels: {} annotations: {} lbDeployments: labels: {} annotations: {} # The annotation oracle.com/cnc: "true" is required if OSO is used #oracle.com/cnc: "true" #sidecar.istio.io/inject: "true" #sidecar.istio.io/rewriteAppHTTPProbers: "true" nonlbServices: labels: {} annotations: {} nonlbDeployments: labels: {} annotations: {} # The annotation oracle.com/cnc: "true" is required if OSO is used #oracle.com/cnc: "true" #sidecar.istio.io/inject: "true" #sidecar.istio.io/rewriteAppHTTPProbers: "true" - Uncomment the following annotations in the deployment sections of
nrf-client-nfdiscovery,nrf-client-nfmanagement,diam-gateway,ingress-gateway,egress-gateway, andalternate-routeservicesdeployment: customExtension: annotations: { #Enable this section for service-mesh based installation: # traffic.sidecar.istio.io/excludeOutboundPorts: "9000,8095,8096,7,53", # traffic.sidecar.istio.io/excludeInboundPorts: "9000,8095,80967,53" }Here, 8095 and 8096 are Coherence ports.
Note:
Port 53 is included only if DNS lookup bypasses the sidecar connection management.
- Disable init containers: Init containers do not work when the
namespace has aspen service mTLS enabled. To disable init containers, set the value for
initContainerEnableto false in custom values file.global: initContainerEnable: false - PERMISSIVE rule: To set Permissive rule for Diameter Gateway and
Ingress Gateway Service, set the following flags to true in
ocbsf_custom_values_23.4.6.yamlfile:global: istioIngressTlsSupport: diamGateway: false
3.18 Alternate Route Service Configuration
ocbsf_custom_values_23.4.6.yaml file.
Note:
Users must customize parameters, described in this section, only when alternate route service is enabled.With SRV Records, you can configure and maintain NF FQDN dynamically at the DNS Server, which can be further selected by Cloud Native Core Binding Support function, when there is a network function failure. It is achieved by performing a SRV query on the virtual FQDN configured at the BSF, instead of configuring primary and secondary NRF statically in every CNC BSF, only during instantiation time. This option of DNS lookup for SRV records would also provide alternate NFs to the BSF during failover.
Table 3-43 Configurable Parameters for Alternate Route Service Configuration
| Parameter | Description |
|---|---|
| global.alternateRouteServiceEnable | This global parameter describes whether to enable or disable Alternate Route service during Helm deployment. By default, the value for this parameter is set to true. |
| alternate-route.staticVirtualFqdns[0].name | This optional parameter describes the name of the virtual FQDN/FQDN. |
| alternate-route.staticVirtualFqdns[0].alternateFqdns[0].target | This paramter describes the name of the alternate
FQDN mapped to the virtual FQDN - described in the previous
row.
Note: Users must define the value of this
parameter if |
| alternate-route.staticVirtualFqdns[0].alternateFqdns[0].port | This paramter describes the port number of the
alternate FQDN.
Note: Users must define the value of this
parameter if |
| alternate-route.staticVirtualFqdns[0].alternateFqdns[0].priority | This parameter describes the priority of the
alternate FQDN.
Note: Users must define the value of this
parameter if |
| alternate-route.dnsSrvEnabled | This parameter describes whether to enable or disable
the DNS-SRV query to coreDNS Server.
By default, the value is set to true. |
| alternate-route.dnsSrvFqdnSetting.enabled | This parameter describes whethe to enable or disable
the usage of custom pattern for the FQDN while triggering DNS-SRV
query.
By default, the value is set to true. Note: If this flag is set to false, then default value: "_{scheme}._tcp.{fqdn}." will be used. |
| alternate-route.dnsSrvFqdnSetting.pattern | This parameter describes the pattern of the FQDN that
is used to format the incoming FQDN and Scheme while triggering
DNS-SRV query. The default value for this parameter is
_{scheme}._tcp.{fqdn}.Note: Users
must define the value of this parameter if
|
| egress-gateway.dnsSrv.port | This parameter describes the port of DNS Alternate
Route
Service.
Default Value: *svcAlternateRouteServiceHttp Note: Users must define the value of this parameter if DnsSrv is required. |
| nrf-client-nfmanagement.alternateRouteServiceEnabled | This parameter notifies nrf-client services if
alternate route service is deployed or not. By default, this
parameter is set to false.
Note: Users must set this
parameter to true if
|
| nrf-client-nfdiscovery.alternateRouteServiceEnabled | This parameter notifies nrf-client services if
alternate route service is deployed or not. By default, this
parameter is set to false.
Note: Users must set this
parameter to true if
|
| alternate-route.isIpv6Enabled | Set the value to true for this parameter when NF is deployed in IPv6 cluster. |
| alternate-route.minReplicas | Specifies the minimum replicas to scale to maintain an average CPU utilization. |
| alternate-route.maxReplicas | Specifies the maximum replicas to scale to maintain an average CPU utilization. |
ocbsf_custom_values_23.4.6.yaml
file:
#Static virtual FQDN Config
staticVirtualFqdns:
- name: https://abc.test.com
alternateFqdns:
- target: abc.test.com
port: 5060
priority: 10
- target: xyz.test.com
port: 5060
priority: 20
- name: http://xyz.test.com
alternateFqdns:
- target: xyz.test.com
port: 5060
priority: 10
- target: abc.test.com
port: 5060
priority: 20 #Flag to control if DNS-SRV queries are sent to coreDNS or not
dnsSrvEnabled: true
#Below configuration is for customizing the format of FQDN which will used while querying coreDNS for SRV Records
dnsSrvFqdnSetting:
enabled: true #If this flag is disabled, then default value of "_{scheme}._tcp.{fqdn}." will be used for Pattern
pattern: "_{scheme}._tcp.{fqdn}." #Ex: _http._tcp.service.example.org.
egress-gateway:
dnsSrv:
host: 10.75.225.67
port: 320813.19 Additional Configurations
- Annotation to support custom extension global parameters: To
support custom extension global parameters, update the following parameters in
custom extensionunderglobalsection ofocbsf_custom_values_23.4.6.yamlfile:global: customExtension: allResources: labels: {} annotations: {} lbServices: labels: {} annotations: {} lbDeployments: labels: {} annotations: {} nonlbServices: labels: {} annotations: {} nonlbDeployments: labels: {} annotations: {} - Annotation to support OSO: To deploy BSF with OSO, you must add
the following annotation to the custom extension under global section of
ocbsf_custom_values_23.4.6.yamlfile:global: customExtension: lbDeployments: annotations: oracle.com/cnc: "true" nonlbDeployments: annotations: oracle.com/cnc: "true"Note:
After helm install is complete, all the nodes should have the above mentioned notation. - Custom container name: You can customize the name of containers
of a pod with a prefix and suffix. To do so, add the prefix and suffix to the k8sResource
under global section of
ocbsf_custom_values_23.4.6.yamlfile:global: k8sResource: container: prefix: ABC suffix: XYZThen, after installing BSF, you will see the container names as shown below:Containers: abcd-am-service-xyz: - Kubernetes service account name: You can use a custom service
account for all services by adding it to
appinfosection in theocbsf_custom_values_23.4.6.yamlfile:appinfo: serviceAccountName: ocbsfsaccountNote:
You can create the service account and roles before the installation as well.
AppInfo Configurations
Table 3-44 Customizable Parameters for Common Configuration Service in appinfo
| Parameter | Description | Default Value | Notes |
|---|---|---|---|
| appinfo.watchMySQL | If the value for this parameter is set to true, appinfo periodically queries local DB status from the db monitor service specified by dbStatusUri. The DB monitor service returns 200 if the database is healthy, and 503 if database is not usable. If DB status is not good, then appinfo will inform nrfclient to mark PCF suspended. | false | When its value is set to true, the user must specify
dbStatusUri.
|
| appinfo.replicationStatusCheck | When the value for this parameter is set to true, then appinfo periodically queries the replication status from the db monitor service specified by replicationUri. This value is then used by NRF. | false | When its value is set to true, the user must specify
replicationUri.
|
| appinfo.dbStatusUri | Specifies the URI provided by the DB monitor service to query
local database status.
Example: http://occne-db-monitor-svc.occne-infra:8080/db-tier/status/local |
empty string | |
| appinfo.realtimeDbStatusUri | Specifies the URI provided by the realtime DB monitor service to
query the status of the realtime DB pointing to the cluster.
http://occne-db-monitor-svc.occne-infra:8080/db-tier/status/cluster/local/realtime |
empty string | |
| appinfo.replicationUri | Specifies the URI provided by the DB monitor service to query
replication status.
Example: http://occne-db-monitor-svc.occne-infra:8080/db-tier/status/replication |
empty string | |
| appinfo.commonCfgClient.enabled | Specifies whether to enable or disable dynamic logging using common configuration service. | true | |
| appinfo.commonCfgServer.port | Specifies the port of common configuration server. | 8000 | Same value as
servicePorts.cmServiceHttp.
|
| appinfo.dbConfig.dbHost | Specifies the Hostname of MySQL that is used to store configurations. | Not applicable | Same value as global.envMysqlHost.
|
| appinfo.dbConfig.dbPort | Specifies the port number of MySQL. | Not applicable | Same value as global.envMysqlPort.
|
| appinfo.dbConfig.secretName | Specifies the database secret from which the db name, db password and db user name is picked. | occnp-db-pass | Same value as global.dbCredSecretName.
|
| appinfo.dbConfig.dbName | Specifies the database name to be used to store the common configuration. | occnp_commonconfig | |
| appinfo.dbConfig.dbUNameLiteral | Specifies the database literal name that shall be used as per the
<dbConfig.secretName>.
|
mysql-username | |
| appinfo.dbConfig.dbPwdLiteral | Specifies the database password literal name that shall be used
as per the <dbConfig.secretName>.
|
mysql-password | |
| appinfo.dbTierVersionUri | Specified the URI provided by the replication service to query Db
tier version. For
example:http://mysql-cluster-sitea-siteb-replication-svc/db-tier/version |
empty string | Before Enabling Infra Validate flag Customers are suggested to make sure that there are no critical alarms before upgrading/installing a new release in order to avoid failures. Also, make sure that replication is up. |
3.20 Configurations for metrics
Global Metrics Configurations
Table 3-45 Global Configurations for Metrics
| Parameter | Description |
|---|---|
| cncMetricsName | This parameter specifies the port, that is,
cnc-metrics that Prometheus will scrape on.
|
| exposeObservabilityAtService | This parameter specifies whether to enable or disable Prometheus
monitoring of services.
By default, the value is set to false and services are not captured in Prometheus GUI. |
metricPrefix: &metricPrefix 'ocbsf'
metricSuffix: &metricSuffix ''Table 3-46 Prefix and Suffix for Metrics
| Parameter | Description |
|---|---|
| metricPrefix | This parameter specifies the prefix that you want to add to the
metrics for BSF services.
Default value: occnp |
| metricSuffix | This parameter specifies the suffix that you want to add to the
metrics for BSF services.
Default value: empty string |
Note:
- If you choose to customize prefix, then it is required to align the NF delivered Grafana charts and Prometheus alerts with the updated metric names.
- When you define a suffix for metrics, it may happen that the suffix
appears in the middle of the metric name, and not towards the end. This is due to the
fact that Micrometer library autogenerates some metrics and adds a suffix after the
user-defined suffix.
Example: If you define suffix as ocbsf, then the resulting metric name would appear in the system as
http_in_conn_response_ocbsf_total.
3.21 Overload Manager Configurations
ocbsf_custom_values_23.4.6.yaml file to configure Overload Manager feature under
perf-info.
Table 3-47 Configurable Parameters for overload Manager Configuration in Perf-Info
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| perf-info.overloadManager.enabled | Specifies whether to enable or disable overload reporting. | Optional | false |
| perf-info.envMysqlDatabase | Specifies the name of the database used for overload
management.
For georedundant setup, the value for this parameter must be unique for each site. |
Conditional
Note: This
parameter value is required if the overload manager
functionality is enabled by setting the value of
|
|
| perf-info.overloadManager.ingressGatewaySvcName | Specifies the names of backend services | ocbsf-ingress-gateway | |
| perf-info.overloadManager.ingressGatewayPort | Specifies the port number of Ingress Gateway | Mandatory | 80 |
| perf-info.overloadManager.nfType | Specifies the NF type that is used to query configurration from common configuration server. | BSF |
ocbsf_custom_values_23.4.6.yaml
file:perf-info:
configmapPerformance:
prometheus: ''
# envMysqlDatabase is used for overload management.
# If the customer does not use the overload management feature, this can be ignored.
envMysqlDatabase: ''
overloadManager:
enabled: false
# nfType is used to query configuration from common cfg server
nfType: BSF
3.22 Configurable Error Codes
This section describes the parameters that you can customize for configurable error codes.
Table 3-48 Configurable Parameters for Error Codes - Global
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| configurableErrorCodes.enabled | Specifies whether to enable or disable configurable error codes that can be used for messages over Ingress Gateway and Egress Gateway. | Optional | false |
For a given error scenario, you can define exceptionType, errorCode,
errorDescription, errorCause, and errorTitle as shown in the following snippet from the
occnp_custom_values_23.4.6.yaml file.
ingress-gateway:
configurableErrorCodes:
enabled: true
errorScenarios:
- exceptionType: "XFCC_HEADER_INVALID"
errorProfileName: "ERR_1300"
- exceptionType: "XFCC_HEADER_VALIDATION_FAILURE"
errorProfileName: "ERR_1300"
errorCodeProfiles:
- name: ERR_1300
errorCode: 401
errorCause: "xfcc header is invalid"
errorTitle: "Invalid XFCC Header"
errorDescription: "Invalid XFCC Header"- To enable configurable error code global configurableErrorCodes flag must be set to true. If this flag is false then the hardcoded error codes will be returned when an exception is encountered at Ingress and Egress Gateways.
- If global configurableErrorCodes flag is set to true then atleast one entry must be configured in the errorScenarios section.
- For every Exception in errorScenarios there must be an error profile with that exceptionType. Moreover, a profile with that name must be configured in errorCodeProfiles section example - if errorProfileName: "ERR_1300" has been configured then a profile with name ERR_1300 must be present in errorCodeProfiles section.
- ExceptionType field in global and in the routes section is non configurable. These are hard coded values and can be taken from custom.yaml file.
routesConfig:
- id: route1
uri:
path: /dummy/*/dummies
order: 1
method: POST
metadata:
configurableErrorCodes:
enabled: true
errorScenarios:
- exceptionType: "XFCC_HEADER_INVALID"
errorProfileName: "ERR_1300"
- exceptionType: "XFCC_HEADER_VALIDATION_FAILURE"
errorProfileName: "ERR_1300"- If Route level is enabled, it has higher precedence over global level.
- For Route level configurable error codes to work, configurableErrorCodes flag must be set to true both at route level as well as global level.
- For a given exception at gateway, if there is no match at route level then global level is matched. If there is no match at global level, then hardcoded error values are returned.
- If configurableErrorCodes flag is disabled for a specific route and if an exception occurs at that route then hardcoded error responses will be returned irrespective of what is defined at global level.
Note:
For every errorScenario,exceptionType and errorCode
are manadatory parameter configurations.
Configurable Error Codes - SCP Integration
dnsSrv:
port: *svcAlternateRouteServiceHttp
For more information about the error codes, see Configurable Error Codes.
3.23 Server Header Configurations
This section describes the parameters that you can configure to enable support for server header at Ingress Gateway.
Table 3-49 Configurable Parameters for Server Header at Ingress Gateway
| Parameter | Description | Default Value |
|---|---|---|
| ingress-gateway.serverHeaderConfigMode | This optional parameter specifies the mode of
operation for configuring server header configuration.
Since BSF supports only REST mode of configuration, the feature flag "serverheaderdetails" must be enabled using REST API only. For more information, see the section "Server Header Support on Ingress Gateway" in Oracle Communications Cloud Native Core Binding Support Function REST Specification Guide. |
REST |
ocbsf-22.1.0-custom-values.yaml
file: #We support ServerHeader Configuration Mode as REST, the feature flag for "server" header will need to be enabled through Rest configuration.
serverHeaderConfigMode: REST3.24 Creating Custom Headers
This section provides information on how to create custom headers for routes in BSF.
You can customize the headers present in the requests and responses based on the type of HTTP methods. This framework modifies the outgoing request or response by adding a new header either with a static value or with a value based on incoming request or response headers at entry or exit points.
By setting the override attribute value as true, you can override the existing headers. It is an optional attribute. It adds a new header or replaces the value of an existing header if one of the value is mapped to the source header. The value of this attribute is false by default.
bsf_management_deregister:- id: bsf_management_deregister
uri: http://{{ template "service-name-bsf-management" . }}:{{ .Values.global.servicePorts.bsfManagementServiceHttp }}
path: /nbsf-management/**
order: 2
method: DELETE
filters:
customReqHeaderEntryFilter:
headers:
- methods:
- DELETE
headersList:
- headerName: 3gpp-Sbi-Message-Priority
defaultVal: 18
source: incomingReq
sourceHeader: 3gpp-Sbi-Message-Priority
override: falseNote:
The attributesheaderName and sourceHeader are case
sensitive. Ensure that the value is same as in the incoming request or response in order
to extract values from or override value of any particular header.
3.25 Ingress Gateway Readiness Probe Configuration
This section describes the readiness probe configurations in the Ingress Gateway.
Ingress Gateway uses the readiness logic provided by Kubernetes to determine if a pod can accept or reject the incoming requests.
This feature enhances the readiness logic to determine the status of the pod. You can configure the feature in BSF only through Helm. Based on the configurations, further checks are performed to determine the health of the pod.
Note:
If there are any pending requests waiting for the response and readiness state of pod changes from READY to NOT_READY, then these requests are not considered.Table 3-50 Configurable Parameters for Readiness Probe Configuration
| Parameter | Description | Mandatory/Optional Parameter | Default Value | Notes |
|---|---|---|---|---|
| readinessConfigMode | Specifies the mode to configure Readiness Probe in Ingress Gateway. | Mandatory | HELM | |
| readinessCheckEnabled | Specifies whether to enable or disable Readiness Probe in Ingress Gateway. | Mandatory | false | |
| readinessIndicatorPollingInterval | Specifies the time (in milliseconds) at which the Readiness Cache updates the readiness status of Ingress Gateway performing the probe or setting the readiness state value to onExceptionUsePreviousState. | Mandatory | 3000 | |
| readinessConfig.serviceProfiles.id | Specifies the ID of the profile. | Mandatory | Readiness-profile-DBStatus | |
| readinessConfig.serviceProfiles.url | Specifies the URL to which the Readiness Probe is sent out to retrieve a response, on the basis of which the state of the Ingress Gateway pod will be decided. | Mandatory | http://{{ template "service-name-app-info" . }}:{{ .Values.global.containerPorts.appInfoHttp }}/status/category/realtimedatabase | In addition to the default value, you can use the following
values:
|
| readinessConfig.serviceProfiles.responseCode | Specifies the response code expected from the service. If the actual response code matches with the configured one then pod will be marked as healthy. | Mandatory | 200 | |
| readinessConfig.serviceProfiles.responseBody | Specifies the response expected from the service. If the actual response matches with the configured one then pod will be marked as healthy. | Mandatory | Running | |
| readinessConfig.serviceProfiles.onExceptionUsePreviousState | Specifies whether to use the previous state of Ingress Gateway. When this flag is set to true, response and responseCode checks are not made irrespective of the previous state of service on Ingress Gateway. | Mandatory | true | |
| readinessConfig.serviceProfiles.initialState | Specifies the inital state to be specified. It can be either ACCEPTING_TRAFFIC (to accept all incoming requests) or REFUSING_TRAFFIC (to reject all incoming requests). | Mandatory | ACCEPTING_TRAFFIC | |
| readinessConfig.serviceProfiles.requestTimeout | Specifies the timeout value of the probe in milliseconds. | Optional | 2000 |
- If the service profiles are not configured, then the readiness probe of Ingress Gateway fails and the pod is marked as unhealthy.
- If the service profiles are configured, check the mandatory parameters:
id, url,
onExceptionUsePreviousState, and initialState for thieir validity. If they are invalid,
then the pod is marked as unhealthy.
Note:
You must configure one of these parameters: responseBody or responseCode in the service profile. If any of these checks fail, then the pod does not come up in the case of Helm based configuration.
- If there is any error like connection failure or connection timeout during making a request to backend service, then onExceptionUsePreviousState attribute is checked. If it is set to true, then previous state is used for that URL. If previous state is unavailable, then initial state is used. If onExceptionUsePreviousState is false, then the pod is marked as unhealthy.
3.26 Late Arrival Handling Configurations
This section describes the parameters that user can configure for late arrival handling feature.
Table 3-51 Configurable Parameters for Late Arrival Handling at Ingress Gateway
| Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release |
|---|---|---|---|---|---|
| ingress-gateway.isSbiTimerEnabled | Specifies whether to enable or disable SBI timer
header enhancement.
If the value of this parameter is set to true, SBI headers (3gpp-Sbi-Sender-Timestamp, 3gpp-Sbi-Max-Rsp-Time, and 3gpp-Sbi-Origination-Timestamp) are used along with route level (if configured) and global level request timeout to calculate final request timeout. After calculating the final request timeout, original values of 3gpp-Sbi-Sender-Timestamp, 3gpp-Sbi-Max-Rsp-Time and 3gpp-Sbi-Origination-Timestamp are published in custom headers Orig-3gpp-Sbi-Sender-Timestamp, Orig-3gpp-Sbi-Max-Rsp-Time and Orig-3gpp- Sbi-Origination-Timestamp respectively. If the value for this parameter is set to false, SBI headers are not taken into consideration even if they are present and no custom headers are published. |
Optional | false | CNC BSF, CNC Policy & PCF | Added in Release 1.15.0 |
| ingress-gateway.publishHeaders | Specifies if the originating headers shall be populated and sent to the backend. | Optional | false | CNC BSF, CNC Policy & PCF | Added in Release 1.15.0 |
| ingress-gateway.sbiTimerTimezone | Specifies the time zone. It can be either set to
GMT or ANY.
If it is set to GMT then, the GMT should be specified in the header. If it is not specified, the time zone is assumed as GMT. If it is set to ANY then, the required time zone must be specified in the header. The timeout calculation is made as per the time zone specified in the header. If time zone is not specified then, the request is rejected and a gauge metric is pegged. |
Optional | GMT | CNC BSF, CNC Policy, PCF, & PCRF | Added in Release 1.15.0 |
occnp-1.15.0-custom-values.yaml
file:# Late arrival handling
isSbiTimerEnabled: false
publishHeaders: false
sbiTimerTimezone: GMTTable 3-52 Configurable Parameters for Late Arrival Handling at Egress Gateway
| Parameter | Description | Mandatory/Optional Parameter | Default Value | Applicable to Deployment | Added/Deprecated/Updated in Release |
|---|---|---|---|---|---|
| egress-gateway.isSbiTimerEnabled | Specifies whether to enable or disable SBI timer
header enhancement.
If the value of this parameter is set to true, SBI headers (3gpp-Sbi-Sender-Timestamp, 3gpp-Sbi-Max-Rsp-Time, and 3gpp-Sbi-Origination-Timestamp) are used along with route level (if configured) and global level request timeout to calculate final request timeout. After calculating the final request timeout, original values of 3gpp-Sbi-Sender-Timestamp, 3gpp-Sbi-Max-Rsp-Time and 3gpp-Sbi-Origination-Timestamp are published in custom headers Orig-3gpp-Sbi-Sender-Timestamp, Orig-3gpp-Sbi-Max-Rsp-Time and Orig-3gpp- Sbi-Origination-Timestamp respectively. If the value for this parameter is set to false, SBI headers are not taken into consideration even if they are present and no custom headers are published. |
Optional | false | CNC BSF, CNC Policy & PCF | Added in Release 1.15.0 |
| egress-gateway.sbiTimerTimezone | Specifies the time zone. It can be either set to
GMT or ANY.
If it is set to GMT then, the GMT should be specified in the header. If it is not specified, the time zone is assumed as GMT. If it is set to ANY then, the required time zone must be specified in the header. The timeout calculation is made as per the time zone specified in the header. If time zone is not specified then, the request is rejected and a gauge metric is pegged. |
Optional | GMT | CNC BSF, CNC Policy & PCF | Added in Release 1.15.0 |
| egress-gateway-ignoreMaxRspTimeHeader | Specifies whether to ignore 3gpp-Max-Rsp-Time while calculating the final request timeout. | Optional | false | CNC BSF, CNC Policy & PCF | Added in Release 1.15.0 |
routesConfig:
- id: bsf_management_register
uri: http://{{ template "service-name-bsf-management" . }}:{{ .Values.global.servicePorts.bsfManagementServiceHttp }}
path: /nbsf-management/**
order: 1
method: POST
filters:
customReqHeaderEntryFilter:
headers:
- methods:
- POST
headersList:
- headerName: 3gpp-Sbi-Message-Priority
defaultVal: 24
source: incomingReq
sourceHeader: 3gpp-Sbi-Message-Priority
override: false
- headerName: collision-3gpp-origination-timestamp
source: incomingReq
sourceHeader: 3gpp-Sbi-Origination-Timestamp
override: false
- headerName: collision-custom-sender-timestamp
source: incomingReq
sourceHeader: Custom-Sbi-Sender-Timestamp
override: false
- headerName: collision-3gpp-sender-timestamp
source: incomingReq
sourceHeader: 3gpp-Sbi-Sender-Timestamp
override: false3.27 Controlled Shutdown Configurations
This section describes the customizations that can be done in
ocbsf_custom_values_23.4.6.yaml file to configure controlled shutdown feature.
Table 3-53 Global Parameter for Controlled Shutdown
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| global.enableControlledShutdown | Specifies whether to enable or disable the Controlled Shutdown feature. | Mandatory | False |
Table 3-54 Configurable Parameters for Controlled Shutdown in Egress Gateway
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
| egress-gateway.errorcodeprofiles | Error defined by the user | Optional | NA |
| egress-gateway.errorcodeprofiles.name | Name of the error profile | Optional | NA |
| egress-gateway.errorcodeprofiles.errorCode | Error code of the error profile | Optional | NA |
| egress-gateway.errorcodeprofiles.errorCause | Cause of the error profile | Optional | NA |
| egress-gateway.errorcodeprofiles.errorTitle | Title of the error profile | Optional | NA |
| egress-gateway.errorcodeprofiles.errorDescription | Description of the error profile | Optional | NA |
| egress-gateway.routesConfig | Routes configuration processed by the Egress Gateway | Optional | NA |
| egress-gateway.routesConfig.id | ID of the route | Optional | NA |
| egress-gateway.routesConfig.uri | URI of the route | Optional | NA |
| egress-gateway.routesConfig.path | Path of the route | Optional | NA |
| egress-gateway.routesConfig.order | Order in which the routes will be processed | Optional | NA |
| egress-gateway.routesConfig.filters | Conditions on the routes | Optional | NA |
| egress-gateway.routesConfig.filters.controlledShutdownFilter | Filter specified for Controlled Shutdown feature | Optional | NA |
| egress-gateway.routesConfig.filters.controlledShutdownFilter.applicableShutdownStates | States of Controlled shutdown feature, that is COMPLETE_SHUTDOWN | Optional | NA |
| egress-gateway.routesConfig.filters.controlledShutdownFilter.unsupportedOperations | Operations which needs not be supported for controlled shutdown feature | Optional | NA |
| egress-gateway.controlledShutdownErrorMapping | Array containing route ID and error profile name | Optional | NA |
| egress-gateway.controlledShutdownErrorMapping.routeErrorProfileList | List of route ID and their corresponding error profile names | Optional | NA |
| egress-gateway.controlledShutdownErrorMapping.routeErrorProfileList.routeId | Route ID on which the error profile name needs to be mapped | Optional | NA |
| egress-gateway.controlledShutdownErrorMapping.routeErrorProfileList.errorProfileName | Error name from the error code profiles to be mapped in route ID | Optional | NA |
ocbsf_custom_values_23.4.6.yaml
file:errorcodeprofiles:
- name: error300,
errorCode: 300,
errorCause: "",
errorTitle: "",
retry-after: "",
errorDescription: ""
- name: error500,
errorCode: 500,
errorCause: "",
errorTitle: "",
retryAfter: "",
errorDescription: ""ocbsf_custom_values_23.4.6.yaml
file:routesConfig:
- id: nrf_state
uri: https://dummy.dontchange_1
path: /nnrf-nfm/*
order: 1
- id: sampleRoute
uri: https://dummy.dontchange_2
path: /**
order: 2
metadata:
httpsTargetOnly: false
httpRuriOnly: false
sbiRoutingEnabled: true
oauthEnabled: false
filterNameControlShutdown:
name: ControlledShutdownFilter
args:
applicableShutdownStates:
- COMPLETE_SHUTDOWN
unsupportedOperations:
- GET
- PUT
- PATCH
- POST
- DELETE
ocbsf_custom_values_23.4.6.yaml
file:controlledShutdownErrorMapping:
routeErrorProfileList:
- routeId: sampleRoute
errorProfileName: "error503"3.28 Common Configurations for Services
This section describes the configurable parameters that can be used to perform some common configurations applicable to different services while deploying BSF.
Common Reference Configurations
You can configure some common parameters that are used in multiple
services by configuring commonRef section under
global parameters section of the Custom Values YAML file. The
parameter values can be set under commonRef and same value is used
by all the services through the reference variable for the configuration.
The following section describes the commonRef
parameters for common configuration:
Table 3-55 Common Reference Configurations
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| &configServerImage | Specifies the name of the config server container image. | Yes | oc-config-server | |
| &configServerDB | Specifies the name of the config server database. | Yes | ocbsf_config_server | |
| &commonConfigDB | Specifies the name of the common config database. | Yes | ocbsf_commonconfig | |
| commonCfgSvc.commonCfgServer.port | Specifies the common config server port for common config service. | Yes | 8000 | Same value as
global.servicePorts.cmServiceHttp.
|
| &dbCommonConfig.dbHost | Specifies the MySQL database host for services. | Yes | Same value as
global.envMysqlHost.
|
|
| &dbCommonConfig.dbPort | Specifies MySQL database port for services. | Yes | Same value as
global.envMysqlPort.
|
|
| &dbCommonConfig.dbName | Specifies common config database name for services to store common configurations. | Yes | ocbsf_commonconfig | Same value as
global.commonRef.commonConfigDB |
| &dbCommonConfig.dbUNameLiteral | Specifies the database literal name for services
to be used as per the
<dbConfig.secretName>.
|
Yes | mysql-username | |
| &dbCommonConfig.dbPwdLiteral | Specifies the database literal password for
services to be used as per the
<dbConfig.secretName>.
|
Yes | mysql-password |
Common Configurations Service and Database configurations in nrf-client-nfdiscovery
Table 3-56 Common Configurations Service and Database configurations in nrf-client-nfdiscovery
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| nrf-client-nfdiscovery.commonCfgServer.port | Specifies the common config server port for common config service. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| nrf-client-nfdiscovery.dbConfig.dbHost | Specifies the MySQL database host for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| nrf-client-nfdiscovery.dbConfig.dbPort | Specifies MySQL database port for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| nrf-client-nfdiscovery..dbConfig.secretName | Specifies kubernetes secret object name from which MYSQL username and password is picked. | Yes | occnp-db-pass | Same value as
global.dbCredSecretName |
| nrf-client-nfdiscovery.dbConfig.dbName | Specifies common config database name for services to store common configurations. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| nrf-client-nfdiscovery.dbConfig.dbUNameLiteral | Specifies the database literal name for services
to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| nrf-client-nfdiscovery.dbConfig.dbPwdLiteral | Specifies the database literal password for
services to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
Common Configurations Service and Database configurations in nrf-client-nfmanagement
Table 3-57 Common Configuration Service and Database configurations in nrf-client-nfmangement
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| nrf-client-nfmanagement.commonCfgServer.port | Specifies the common config server port for common config service. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| nrf-client-nfmanagement.dbConfig.dbHost | Specifies the MySQL database host for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| nrf-client-nfmanagement.dbConfig.dbPort | Specifies MySQL database port for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| nrf-client-nfmanagement.dbConfig.secretName | Specifies kubernetes secret object name from which MYSQL username and password is picked. | Yes | occnp-privileged-db-pass | Same value as
global.priviledgedDbCredSecretName |
| nrf-client-nfmanagement.dbConfig.dbName | Specifies common config database name for services to store common configurations. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| nrf-client-nfmanagement.dbConfig.dbUNameLiteral | Specifies the database literal name for services
to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| nrf-client-nfmanagement.dbConfig.dbPwdLiteral | Specifies the database literal password for
services to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
Common Configurations Service and Database configurations in appinfo
Table 3-58 Common Configuration Service and Database configurations in appinfo
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| appinfo.commonCfgClient.enabled | Specifies whether to enable or disable common config client for common config service. | Yes | true | |
| appinfo.commonCfgServer.port | Specifies the common config server port for common config service. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| appinfo.dbConfig.dbHost | Specifies the MySQL database host for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| appinfo.dbConfig.dbPort | Specifies MySQL database port for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| appinfo.dbConfig.secretName | Specifies kubernetes secret object name from which MYSQL username and password is picked. | Yes | occnp-db-pass | Same value as
global.dbCredSecretName |
| appinfo.dbConfig.dbName | Specifies common config database name for services to store common configurations. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| appinfo.dbConfig.dbUNameLiteral | Specifies the database literal name for services
to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| appinfo.dbConfig.dbPwdLiteral | Specifies the database literal password for
services to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
Non real-time based status API from the monitor service is dependent on the Prometheus. If Promethus-server and prometheus-kube-state-metrics is not working or installed properly then the non real-time API provides the wrong value.
It is recommended to use real-time DBstatus URIs because these URIs always provide the right values.
For example:
db_status_uri : http://occndbtier-db-monitor-svc:8080/db-tier/status/cluster/local/realtime realtime_db_status_uri : http://occndbtier-db-monitor-svc:8080/db-tier/status/cluster/local/realtime replication_status_uri : http://occndbtier-db-monitor-svc:8080/db-tier/status/replication/realtime
Common Configuration Service and Database configurations in perf-info
Table 3-59 Common Configuration Service and Database configurations in perf-info
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| perf-info.commonCfgClient.enabled | Specifies whether to enable or disable common config client for common config service. | Yes | true | |
| perf-info.commonCfgServer.port | Specifies the common config server port for common config service. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| perf-info.dbConfig.dbHost | Specifies the MySQL database host for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| perf-info.dbConfig.dbPort | Specifies MySQL database port for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| perf-info.dbConfig.secretName | Specifies kubernetes secret object name from which MYSQL username and password is picked. | Yes | occnp-db-pass | Same value as
global.dbCredSecretName |
| perf-info.dbConfig.dbName | Specifies common config database name for services to store common configurations. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| perf-info.dbConfig.dbUNameLiteral | Specifies the database literal name for services
to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| perf-info.dbConfig.dbPwdLiteral | Specifies the database literal password for
services to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
Common Configuration Service and Database configurations in ingress-gateway
Table 3-60 Common Configuration Service and Database configurations in ingress-gateway
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| ingress-gateway.commonCfgServer.port | Specifies the common config server port for common config service. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| ingress-gateway.dbConfig.dbHost | Specifies the MySQL database host for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| ingress-gateway.dbConfig.dbPort | Specifies MySQL database port for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| ingress-gateway.dbConfig.secretName | Specifies kubernetes secret object name from which MYSQL username and password is picked. | Yes | occnp-db-pass | Same value as
global.dbCredSecretName |
| ingress-gateway.dbConfig.dbName | Specifies common config database name for services to store common configurations. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| ingress-gateway.dbConfig.dbUNameLiteral | Specifies the database literal name for services
to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| ingress-gateway.dbConfig.dbPwdLiteral | Specifies the database literal password for
services to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
Common Configuration Service and Databse configurations in egress-gateway
Table 3-61 Common Configuration Service and Databse configurations in egress-gateway
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| egress-gateway.commonCfgServer.port | Specifies the common config server port for common config service. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| egress-gateway.dbConfig.dbHost | Specifies the MySQL database host for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| egress-gateway.dbConfig.dbPort | Specifies MySQL database port for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| egress-gateway.dbConfig.secretName | Specifies kubernetes secret object name from which MYSQL username and password is picked. | Yes | occnp-db-pass | Same value as
global.dbCredSecretName |
| egress-gateway.dbConfig.dbName | Specifies common config database name for services to store common configurations. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| egress-gateway.dbConfig.dbUNameLiteral | Specifies the database literal name for services
to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| egress-gateway.dbConfig.dbPwdLiteral | Specifies the database literal password for
services to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
Common Configuration Service and Databse configurations in alternate-route
Table 3-62 Customizable Parameters for Common Configuration Service in alternate-route
| Parameter | Description | Mandatory Parameter | Default Value | Notes |
|---|---|---|---|---|
| alternate-route.commonCfgServer.port | Specifies the common config server port for common config service. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| alternate-route.dbConfig.dbHost | Specifies the MySQL database host for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| alternate-route.dbConfig.dbPort | Specifies MySQL database port for services. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| alternate-route.dbConfig.secretName | Specifies kubernetes secret object name from which MYSQL username and password is picked. | Yes | occnp-db-pass | Same value as
global.dbCredSecretName |
| alternate-route.dbConfig.dbName | Specifies common config database name for services to store common configurations. | Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| alternate-route.dbConfig.dbUNameLiteral | Specifies the database literal name for services
to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
| alternate-route.dbConfig.dbPwdLiteral | Specifies the database literal password for
services to be used as per the
<dbConfig.secretName>.
|
Yes | Same as the value provided in the Table 3-55 | To use a different values than the default value, remove the comment (#) from the respective parameters and edit the values. |
Note:
You can add additional parameters under thedbConfig for each service
by adding key value pair after the <<: *dbCommonConfig
text.
dbConfig:
<<: *dbCommonConfig
<key>:<value>
3.29 Graceful Shutdown Configurations
This section describes the customizatons that can be done in
ocbsf_custom_values_23.4.6.yaml file to configure graceful shutdown of Kubernetes
pods.
Table 3-63 Configurable Parameters for Graceful Termination in BSF services
| Parameter | Description | Mandatory/Optional Parameter | Default Value |
|---|---|---|---|
|
Specifies the waiting grace period for current requests to be processed. If there are no current requests then this period is neglected. | Optional | 30s
Note: 's' in case of seconds and 'm' in case of minutes. |
ocbsf_custom_values_23.4.6.yaml file:
bsf-management-service:
# Graceful Termination
gracefulShutdown:
gracePeriod: 30s
config-server:
# Graceful Termination
gracefulShutdown:
gracePeriod: 30s
cm-service:
# Graceful Termination
gracefulShutdown:
gracePeriod: 30s3.30 Configurations for NodeSelector
Kubernetes nodeSelector feature is used for manual pod
scheduling. A pod is assigned to only those nodes that have label(s) identical to
label(s) defined in the nodeSelector.
kubectl describe node pollux-k8s-node-1
Name: pollux-k8s-node-1
Roles: <none>
Labels: beta.kubernetes.io/arch=amd64
kubernetes.io/hostname=pollux-k8s-node-1
kubernetes.io/os=linux
topology.kubernetes.io/region=RegionOne
topology.kubernetes.io/zone=novaocbsf_custom_values_23.4.6.yaml file.
You can configure nodeselection field under global/local services section of
the ocbsf_custom_values_23.4.6.yaml file. For ingress gateway, egress gateway and alternate
route services nodeselector is configured at global section.
Table 3-64 Configurations for NodeSelector
| Parameter | Description | Values | Notes |
|---|---|---|---|
| global.nodeSelection | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: DISABLED |
For
example:
|
| global.nodeSelector.nodeKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| global.nodeSelector.nodeValue | Specifies valid value pair for the above key for a label for a particular node. | 'Not Applicable |
Table 3-65 Configurations for NodeSelector
| Parameter | Description | Values | Notes |
|---|---|---|---|
| bsf-management-service.nodeSelectorEnabled | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: false |
For
example:
|
| bsf-management-service.nodeSelectorKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| bsf-management-service.nodeSelectorValue | Specifies valid value pair for the above key for a label of a particular node. | Not Applicable | |
| config-server.nodeSelectorEnabled | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: false |
For
example:
|
| config-server.nodeSelectorKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| config-server.nodeSelectorValue | Specifies valid value pair for the above key for a label of a particular node. | Not Applicable | |
| queryservice.nodeSelectorEnabled | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: false |
For example:
|
| queryservice.nodeSelectorKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| queryservice.nodeSelectorValue | Specifies valid value pair for the above key for a label of a particular node. | Not Applicable | |
| cm-service.nodeSelectorEnabled | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: false |
For example:
|
| cm-service.nodeSelectorKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| cm-service.nodeSelectorValue | Specifies valid value pair for the above key for a label of a particular node. | Not Applicable | |
| audit-service.nodeSelectorEnabled | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: false |
For example:
|
| audit-service.nodeSelectorKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| audit-service.nodeSelectorValue | Specifies valid value pair for the above key for a label of a particular node. | Not Applicable | |
| nrf-client.nrf-client-nfdiscovery.global.deploymentNrfClientService.nodeSelectorEnabled | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: false |
For
example:
|
| nrf-client.nrf-client-nfdiscovery.global.deploymentNrfClientService.nodeSelectorKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| nrf-client.nrf-client-nfdiscovery.global.deploymentNrfClientService.nodeSelectorValue | Specifies valid value pair for the above key for a label of a particular node. | Not Applicable | |
| nrf-client.nrf-client-nfmanagement.global.deploymentNrfClientService.nodeSelectorEnabled | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: false |
For example:
|
| nrf-client.nrf-client-nfmanagement.global.deploymentNrfClientService.nodeSelectorKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| nrf-clientnrf-client-nfmanagement.global.deploymentNrfClientService.nodeSelectorValue | Specifies valid value pair for the above key for a label of a particular node. | Not Applicable | |
| appinfo.nodeSelection | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: DISABLED |
For example:
|
| appinfo.nodeSelector | Specifies the key value pair for a label of a particular node. | Not Applicable | |
| perf-info.nodeSelectorEnabled | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: false |
For
example:
|
| perf-info.nodeSelectorKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| perf-info.nodeSelectorValue | Specifies valid value pair for the above key for a label of a particular node. | Not Applicable | |
| diam-connector.nodeSelectorEnabled | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: false |
For example:
|
| diam-connector.nodeSelectorKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| diam-connector.nodeSelectorValue | Specifies valid value pair for the above key for a label of a particular node. | Not Applicable | |
| diam-gateway.nodeSelectorEnabled | Specifies if pods needs to assigned to a specific node manually or not. | Allowed Values:
Default Value: false |
For example:
|
| diam-gateway.nodeSelectorKey | Specifies a valid key that is a node label of a particular node in the cluster. | Not Applicable | |
| diam-gateway.nodeSelectorValue | Specifies valid value pair for the above key for a label of a particular node. | Not Applicable |
3.31 Configuration Parameters for IPv6
Table 3-66 Configurable Parameters for IPv6
| Parameter | Description | Mandatory Parameter | Default Value | Value to Enable IPv6 | Applicable to Deployment | Added/Deprecated/Updated in Release | Notes |
|---|---|---|---|---|---|---|---|
| global.isIpvSixSetup | Enable HTTP communication in IPv6 | No | false | True | CNC Policy, PCF, & PCRF | Added in Release 23.4.0 | This value must be set to "true" if you are going to require HTTP communication over IPv6. |
| diam-gateway. envSupportedIpAddressType | Distinguish between the IP address types for which diam-gw would enable connectivity and not depend on the IP address type of the infrastructure. | No | IPv4 | IPv6 | CNC Policy, PCF, & PCRF | Added in Release 23.4.0 | This parameter must be set to IPv6 if the diam-gw connectivity will be exclusively in "IPv6" or "BOTH" if the connectivity will be for IPv4 and IPv6. |
Note:
You must enable the IPv6 related parameters in Alternate Route, Ingress Gateway, and Egress Gateway services configurations.
Note:
ipFamilies:
- IPv6
- IPv4
ipFamilyPolicy: RequireDualStack