4 Configuration

This chapter lists the configuration changes in release 24.1.x.

4.1 Helm

This section lists the Helm parameter changes in release 24.1.x. For more information about the Helm parameters, see Oracle Communications Cloud Native Core Certificate Management Installation, Upgrade, and Fault Recovery Guide.

Release 24.1.0

The following are the Helm parameters changes in release 24.1.0:

1. occm_custom_values.yaml is updated to include TLS configurations. These two flags are introduced occmConfig.cmp.config.tls.enableX509StrictCheck and occmConfig.cmp.config.tls.ignoreCriticalExtensionsCheck.

   occmConfig:
     cmp:
       config:
         tls:
           enableX509StrictCheck: true #This field when set false "-x509_strict" will not be included in openssl cmp cmd for strict checking of the X.509 certificates.
           ignoreCriticalExtensionsCheck: false #This field when set true "-ignore_critical" will be included in openssl cmp cmd for checking of X.509 certificate critical extensions.
   

2. OCCM network policy occm_network_policy_custom_values_<version>.yaml file is updated to include namespaceSelector in allow-ingress-from-cncc-pods policy.

   # Allow ingress traffic from cncc pods
   - metadata:
       name: allow-ingress-from-cncc-pods
     spec:
       podSelector:
         matchLabels:
           app.kubernetes.io/part-of: occm
       policyTypes:
       - Ingress
       ingress:
       - from:
         - namespaceSelector:
             matchLabels: { }
             ## kubernetes.io/metadata.name: cncc-ns
         - podSelector:
             matchLabels:
               app.kubernetes.io/app-name: cncc

4.2 REST API

This section lists the REST API changes in release 24.1.x. For more information about the REST APIs, see Oracle Communications Cloud Native Core Certificate Management REST Specification Guide.

Release 24.1.0

• Issuer Configuration is updated to include TLS config.
• Certificate configuration is updated to include ecCurve SECP256r1.
• SECP256k1 is removed as its few bits weaker.

4.3 CNC Console

This section lists the CNC Console changes in release 24.1.x. For more information about the CNC Console, see Oracle Communications Cloud Native Core, Certificate Management User Guide.

Release 24.1.0

• Issuer Configuration is updated to include TLS configuration.

GUI screens for OCCM APIs are available and have been documented in the Oracle Communications Cloud Native Core Certificate Management User Guide.