What's New in This Guide

This section introduces the documentation updates for Release 24.3.x.

Release 24.3.0 -G10456-01, October 2024

• General Updates:
  • Updated the release number to 24.3.0 in the entire document.
• Installation Updates:
  • Updated the software versions in Software Requirements.
  • Added the Configuring Cloud Native Load Balancer (CNLB) IPs section with details on cofiguring the following:
    • Configuring CNLB IP for M-CNCC IAM
    • Configuring CNLB IP for M-CNCC Core
    • Configuring CNLB IP for A-CNCC Core
    • Configuring Annotation for Egress Traffic for M-CNCC IAM
    • Enabling Additional Settings in M-CNCC IAM
  • Added the Automate Certificate Lifecycle Management Using OCCM section with details on support for automated certificate lifecycle management using OCCM.
  • Added Configuring M-CNCC IAM to Enable Additional Settings.
  • Added a note on configuring the cnccDeploymentMode to deploy CNC Console in a Dual Stack environment in Installing CNC Console Package.
  • Added a note on assigning Static IP addresses in case of IPv4_IPv6 or IPv6_IPv4 in Installing CNC Console Package.
  • Updated the Global Configuration Options section with the following:
    • Added the global.cnccDeploymentMode parameter to specify the mode in which console services components can be deployed.
    • Added the global.tlsVersion parameter to indicate the TLS version.
    • Added the global.cipherSuites parameter to indicate the allowed Ciphers suites.
    • Added the global.clientDisabledExtension parameter to disable the the extension sent by messages originated by clients (ClientHello).
    • Added the global.serverDisabledExtension parameter to disable the extension sent by messages originated by servers (ServerHello).
    • Added the global.tlsNamedGroups parameter to provide a list of values sent in the supported_groups extension.
    • Added the global.clientSignatureSchemes parameter to provide a list of values sent in the signature_algorithms extension.
    • Added the following parameters as part of security context constraint configuration:
      • global.enablePodSecurityContext
      • global.podSecurityContext.runAsNonRoot
      • global.podSecurityContext.runAsUser
      • global.enableContainerSecurityContext
      • global.containerSecurityContext.readOnlyRootFilesystem
      • global.containerSecurityContext.allowPrivilegeEscalation
      • global.containerSecurityContext.privileged
      • global.containerSecurityContext.runAsNonRoot
      • global.containerSecurityContext.runAsUser
      • global.containerSecurityContext.capabilities.drop
  • Updated the CNC Console IAM Configuration Parameters section with the following:
    • Added the cncc-iam.global.iamSettingEnabled parameter.
    • Added the cncc-iam.kc.global.deploymentMode parameter to define the mode in which CNC Console IAM kc service component can be deployed.
    • Added the cncc-iam.ingress-gateway.global.deploymentMode parameter to define the mode in which CNC Console IAM ingress gateway service component can be deployed.
    • Added the cncc-iam.kc.keycloak.podAnnotations parameter as a custom annotations that must be added for traffic segregated egress traffic from CNC Console IAM in Traffic Segregation supported cluster.
    • Added the cncc-iam.ingress-gateway.ports.containerPortName parameter to define the name of the container port for Ingress Gateway.
    • Added the cncc-iam.ingress-gateway.ports.containersslPortName parameter to define the name of containerssl port for Ingress Gateway.
    • Updated the cncc-iam.ingress-gateway.clientDisabledExtension parameter to indicate that the values will be set by global.clientDisabledExtension.
    • Updated the cncc-iam.ingress-gateway.serverDisabledExtension parameter to indicate that the values will be set by global.serverDisabledExtension.
    • Updated the cncc-iam.ingress-gateway.tlsNamedGroups parameter to indicate that the values will be set by global.tlsNamedGroups.
    • Updated the cncc-iam.ingress-gateway.clientSignatureSchemes parameter to indicate that the values will be set by global.clientSignatureSchemes.
    • Updated the cncc-iam.ingress-gateway.service.ssl.tlsVersion parameter to indicate that the values will be set by global.tlsVersion.
    • Updated the cncc-iam.ingress-gateway.cipherSuites parameter to indicate that the values will be set by global.cipherSuites.
    • Added the following parameters as part of security context constraint configuration:

      Global Parameters:

      • cncc-iam.global.hook.enableContainerSecurityContext
      • cncc-iam.global.hook.containerSecurityContext.readOnlyRootFilesystem
      • cncc-iam.global.hook.containerSecurityContext.allowPrivilegeEscalation
      • cncc-iam.global.hook.containerSecurityContext.privileged
      • cncc-iam.global.hook.containerSecurityContext.runAsNonRoot
      • cncc-iam.global.hook.containerSecurityContext.runAsUser
      • cncc-iam.global.hook.containerSecurityContext.capabilities.drop

        IAM Backend Parameters:

      • cncc-iam.kc.enablePodSecurityContext
      • cncc-iam.kc.podSecurityContext.runAsNonRoot
      • cncc-iam.kc.podSecurityContext.runAsUser
      • cncc-iam.kc.healthcheck.enableContainerSecurityContext
      • cncc-iam.kc.healthcheck.containerSecurityContext.readOnlyRootFilesystem
      • cncc-iam.kc.healthcheck.containerSecurityContext.allowPrivilegeEscalation
      • cncc-iam.kc.healthcheck.containerSecurityContext.privileged
      • cncc-iam.kc.healthcheck.containerSecurityContext.runAsNonRoot
      • cncc-iam.kc.healthcheck.containerSecurityContext.runAsUser
      • cncc-iam.kc.healthcheck.containerSecurityContext.capabilities.drop
      • cncc-iam.kc.enablePodSecurityContext
      • cncc-iam.kc.podSecurityContext.runAsNonRoot
      • cncc-iam.kc.podSecurityContext.runAsUser
      • global.enablePodSecurityContext
      • global.podSecurityContext.runAsNonRoot
      • global.podSecurityContext.runAsUser
      • cncc-iam.kc.keycloak.enableContainerSecurityContext
      • cncc-iam.kc.keycloak.containerSecurityContext.readOnlyRootFilesystem
      • cncc-iam.kc.keycloak.containerSecurityContext.allowPrivilegeEscalation
      • cncc-iam.kc.keycloak.containerSecurityContext.privileged
      • cncc-iam.kc.keycloak.containerSecurityContext.runAsNonRoot
      • cncc-iam.kc.keycloak.containerSecurityContext.runAsUser
      • cncc-iam.kc.keycloak.containerSecurityContext.capabilities.drop
  • Updated the M-CNCC Core Configuration Options section with the following:
    • Added the mcncc-core.cmservice.global.deploymentMode parameter to define the mode in which cmservice service component can be deployed.
    • Added the mcncc-core.ingress-gateway.global.deploymentMode parameter to define the mode in which M-CNCC Core ingress gateway service component can be deployed.
    • Added the ingress-gateway.ports.containerPortName parameter to define the name of the container port for Ingress Gateway.
    • Added the ingress-gateway.ports.containersslPortName parameter to define the name of the container SSL port for Ingress Gateway.
    • Updated the ingress-gateway.clientDisabledExtension parameter to indicate that the values will be set by global.clientDisabledExtension.
    • Updated the ingress-gateway.serverDisabledExtension parameter to indicate that the values will be set by global.serverDisabledExtension.
    • Updated the ingress-gateway.tlsNamedGroups parameter to indicate that the values will be set by global.tlsNamedGroups.
    • Updated the ingress-gateway.clientSignatureSchemes parameter to indicate that the values will be set by global.clientSignatureSchemes.
    • Updated the ingress-gateway.service.ssl.tlsVersion parameter to indicate that the values will be set by global.tlsVersion.
    • Updated the ingress-gateway.cipherSuites parameter to indicate that the values will be set by global.cipherSuites.
    • Added the following parameters as part of security context constraint configuration:
      • cmservice.enablePodSecurityContext
      • cmservice.podSecurityContext.runAsNonRoot
      • cmservice.podSecurityContext.runAsUser
      • cmservice.enableContainerSecurityContext
      • cmservice.containerSecurityContext.readOnlyRootFilesystem
      • cmservice.containerSecurityContext.allowPrivilegeEscalation
      • cmservice.containerSecurityContext.privileged
      • cmservice.containerSecurityContext.runAsNonRoot
      • cmservice.containerSecurityContext.runAsUser
      • cmservice.containerSecurityContext.capabilities.drop
      • cmservice.enablePodSecurityContext
      • cmservice.podSecurityContext.runAsNonRoot
      • cmservice.podSecurityContext.runAsUser
  • Updated the A-CNCC Core Configuration Options section with the following:
    • Added the acncc-core.ingress-gateway.global.deploymentMode parameter to define the mode in which A-CNCC core ingress gateway service component can be deployed.
    • Added the ingress-gateway.ports.containerPortName parameter to define the http port of the container for Ingress Gateway.
    • Added the ingress-gateway.ports.containersslPortName parameter to define the http port of the container SSL for Ingress Gateway.
    • Updated the ingress-gateway.clientDisabledExtension parameter to indicate that the values will be set by global.clientDisabledExtension.
    • Updated the ingress-gateway.serverDisabledExtension parameter to indicate that the values will be set by global.serverDisabledExtension.
    • Updated the ingress-gateway.tlsNamedGroups parameter to indicate that the values will be set by global.tlsNamedGroups.
    • Updated the ingress-gateway.clientSignatureSchemes parameter to indicate that the values will be set by global.clientSignatureSchemes.
    • Updated the ingress-gateway.service.ssl.tlsVersion parameter to indicate that the values will be set by global.tlsVersion.
    • Updated the ingress-gateway.cipherSuites parameter to indicate that the values will be set by global.cipherSuites.
• Updated the NWDAF instance configuration examples in the NWDAF Instance Configuration Examples section.
• Upgrade, Rollback, and Uninstall Updates:
  • Added a note in the Upgrading CNC Console section to update the CNC Console custom value file and set the cnccDeploymentMode to the desired value before performing the CNC Console Helm upgrade.
  • Updated the note in the CNC Console Upgrade section to highlight that the mCnccIams.port configuration must be added only if port is other than default 80 or 443
  • Added the Preupgrade Procedure for Dual Stack Networking section with the procedure that must be performed before upgrading CNC Console in case of dual stack networking.
  • Added the Enabling Automated Certificate Lifecycle Management through OCCM during Console Upgrade section with the procedure to upgrade automated certificate lifecycle management using OCCM.
  • Added the Prerollback Procedure for Dual Stack Networking section with the procedure that must be performed before rolling back CNC Console in case of dual stack networking.
  • Added the unresolvable-reference.html#GUID-11D1D9E8-A65D-40DB-A896-61B89B097965 section with the procedure to rollback from automated certificate management to manual certificate management using OCCM.
  • Updated the upgrade version in Supported Upgrade Paths.
  • Updated the rollback version in Supported Rollback Paths.