4 Configuration

4.1 Helm

The following helm parameters are added or updated in CNC Console Release 24.1.x.

Release 24.1.1

1. M-CNCC IAM KC Log Level Changes

   By default, the log level of M-CNCC IAM KC is set to WARN,org.keycloak.events:DEBUG

   This means the root log-level is set to WARN and the org.kecyalok.events package is set to DEBUG

   
   kc: 
    log:  
      level: WARN,org.keycloak.events:DEBUG

2. Configuring M-CNCC IAM to enable additional settings

   CNC Console provides the option to enable additional settings in M-CNCC IAM. To enable additional settings in M-CNCC IAM, the following flag must be enabled in the occncc_custom_values_<version>.yaml file.

   The additional settings include some of the configuration settings such as authentication settings to configure password policies.

   
   cncc-iam:
     global:
       iamSettingEnabled: false

CNC Console Release 24.1.0

1. In custom values file option is provided to enable OCI IAM for CNC Console Deployment on an OCI environment.
   1. global.oci-iam.enabled is set false and global.cncc-iam.enabled is set true by default, meaning deployment in non OCI environment.
   2. global.oci-iam.enabled to be set true and global.cncc-iam.enabled to be set false for deployment in OCI environment.

      global:
       
        # For Single/Multi cluster deployment,
        #   - either of the IAMs has to be enabled.
        #   - both IAMs cannot be enabled/disabled.
        # For Agent only,
        #   - IAMs are disabled.
        # Enable OCI IAM for Identity Access Management when deployment is on OCI.
        oci-iam:
          enabled: false
          existingSecret: oci-iam-secret
        cncc-iam:
          enabled: true

2. In custom values file options are provided to set the kc log level under cncc-iam.kc.log.level

   cncc-iam:
    
     kc:
       #Option to enable/disable kc log and for setting log level
       log:
         level: WARN

3. Cipher TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is deprecated as its a weak cipher.
   In custom values file this cipher is removed from ingress-gateway.cipherSuites from cncc-iam, mcncc-core and acncc-core sections.

   cncc-iam: 
     ingress-gateway:
       cipherSuites:
         - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
      
   mcncc-core:
     ingress-gateway:
       cipherSuites:
         - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
     
   acncc-core:
     ingress-gateway:
       cipherSuites:
         - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

For more information on the parameters, see Oracle Communications Cloud Native Configuration Console Installation and Upgrade Guide.

4.2 REST API

The following updated are made in the Oracle Communications Cloud Native Configuration Console REST Specifications Guide in release 24.1.x:

Release 24.1.1

There are no REST API changes in this release.

Release 24.1.0

• REST Specifications documentation is updated to include console deployment on OCI.

For more information on the REST API parameters, see Oracle Communications Cloud Native Configuration Console REST Specifications Guide.