What's New in This Guide
This section introduces the documentation updates for release 24.3.x.
Release 24.3.0- G13236-03, November 2025
Installation Updates
- Added a note in the Creating Private Keys and Certificate section to mention the openssl (version 3.1+) is not supported to generate the keys and certificates.
- Updated the description in the Debug Tool Container section to mention that this tool is used for troubleshooting issues only in lab environment and not in production environment.
- Added a note in step 2 in the Creating Service Account, Role, and RoleBinding section
for updating the
ocnrf-resource-template.yamlfile. - Updated the command in step 8 for copying the updated MySQL script to only one of the MySQL nodes of the site in the Single Site section.
- Updated the initialAlgorithm parameter names with
ingressgateway.service.ssl.initialAlgorithmandegressgateway.service.ssl.initialAlgorithmin the Managing HTTPS at Ingress Gateway and Managing HTTPS at Egress Gateway respectively. - Updated the typo in the example for creating a secret to enable CCA in the Configuring Secret for Enabling CCA Header section.
- Updated step 1 in the Configuring Secret to Enable Access Token Service section to remove SSL from RSA and ECDSA certificates.
- Updated the Helm Test Global Parameters section
with the following:
- Updated the description of the
test.nfNameparameter. - Updated the default value of the
test.image.nameparameter fromhelm_testtohelm-test.
- Updated the description of the
- Added a note for the following parameters that there is an
expected traffic loss during HPA:
ingressgateway.resources.target.averageCpuUtilin the Ingress Gateway Microservice section.egressgateway.resources.target.averageCpuUtilin the Egress Gateway Microservice section.nfregistration.resources.target.averageCpuUtilin the NF Registration Microservice (nfregistration) section.nfsubscription.resources.target.averageCpuUtilin the NF Subscription Microservice (nfsubscription) section.nfdiscovery.resources.target.averageCpuUtilin the NF Discovery Microservice (nfdiscovery) section.nfaccesstoken.resources.target.averageCpuUtilin the NF Access Token Microservice(nfaccesstoken) section.nrfconfiguration.resources.target.averageCpuUtilin the NRF Configuration Microservice (nrfconfiguration) section.nrfartisan.resources.target.averageCpuUtilin the NRF Artisan Microservice (nrfartisan) section.nrfcachedata.resources.target.averageCpuUtilin the NRF Cache Data Microservice (nrfcachedata) section.alternateroute.resources.target.averageCpuUtilin the Alternate Route Microservice (alternate-route) section.
- Added a note in the following parameters to indicate that they
become read-only while performing an upgrade and are configurable via REST
API:
global.siteNameToNrfInstanceIdMappingin the Global Parameters section.- Added the note for the following parameters in the
Day Zero Configuration section:
dayZeroConfiguration.hplmnListdayZeroConfiguration.ocnrfHostdayZeroConfiguration.ocnrfPortdayZeroConfiguration.ocnrfScheme
- Added the note for the following parameters in the
Ingress Gateway Microservice section:
ingressgateway.errorCodeProfiles[i].errorTitleingressgateway.errorCodeProfiles[i].errorCauseingressgateway.errorCodeProfiles[i].errorDescriptioningressgateway.errorCodeProfiles[i].errorCodeingressgateway.errorCodeProfiles[i].nameingressgateway.errorCodeProfiles
General Updates
- Added a note about the service disruption in the Upgrade Strategy section.
- Added step 9 in the Preupgrade Tasks section to validate that there are no Database backup is running during NRF upgrade.
- Updated the following in the Upgrade Tasks
section:
- Added a note to check if there are no database backup is in progress during the NRF upgrade.
- Added a note for not to exit from the Helm upgrade command manually.
- Added step10 to check the upgrade history.
- Updated the example in step 8a for upgrading NRF using Helm chart.
- Updated the sample output in step 9 for checking the status of the upgrade.
- Removed the note in step 3 of Upgrade Procedure.
- Updated the Uninstalling NRF Using Helm section
to remove the
--purgecommand as it is not supported in Helm3.
Release 24.3.0- G13236-02, November 2024
General Updates
- Updated the Premier Support Details table with the release information in the Oracle Error Correction Policy section.
- Updated the references for OCI guide names in the following sections:
Release 24.3.0- G13236-01, October 2024
General Updates
- Updated the release number to 24.3.0 in the entire document.
- Updated the image tag details in the following sections:
- Updated the command with
uuidin the Creating Private Keys and Certificate section to create config file for SAN. - Updated the Kubernetes and Helm software versions in Table 2-2.
- Updated the Jaeger, Kyverno, MetalLB, and Prometheus versions in Software Requirements.
- Added a note in the Installing Network Policies section to
mention that
ocnrf-network-policy-custom-values-24.3.0.yamlfile should be updated as per feature requirements. - Added the following parameters in the cnDBTier Requirement section:
global.additionalndbconfigurations.mysqld.ndb_batch_sizeglobal.additionalndbconfigurations.mysqld.ndb_blob_write_batch_bytes
- Updated the following parameters in the cnDBTier Requirement section:
- The recommended value of
global.ndb.datamemoryparameter is changed from 1GB to 2 GB. - The recommended value of
global.additionalndbconfigurations.ndb.MaxNoOfExecutionThreadsparameter is changed from 5 to 6.
- The recommended value of
- Updated the resource requirements for cnDBTier services in the cnDBTier Services section.
Installation Updates
- Updated the versions for the following
appValidateparameters in the Global Parameters section:global.appValidate.minViablePathto 24.1.0global.appValidate.minKubernetesVersionto 1.28.6global.appValidate.minDbTierVersionto 24.1.0
- Added the following parameters in the Ingress Gateway Microservice section to
enable and configure security context for the Pod and Container:
ingressgateway.securityContext.enableingressgateway.securityContext.allowPrevilegeEscalationingressgateway.securityContext.dropAllCapabilitiesingressgateway.securityContext.addCapabilities
- Added the following parameters in the Egress Gateway Microservice section to
enable and configure security context for the Pod and Container:
egressgateway.securityContext.enableegressgateway.securityContext.allowPrevilegeEscalationegressgateway.securityContext.dropAllCapabilitiesegressgateway.securityContext.addCapabilities
- Added the following parameters in the Alternate Route Microservice (alternate-route) section to
enable and configure security context for the Pod and Container:
alternate-route.securityContext.enablealternate-route.securityContext.allowPrevilegeEscalationalternate-route.securityContext.dropAllCapabilitiesalternate-route.securityContext.addCapabilities
- Added the following parameters in the NF Registration Microservice (nfregistration) section to
enable and configure security context for the Pod and Container:
nfregistration.enablePodSecurityContextnfregistration.podSecurityContext.runAsNonRootnfregistration.podSecurityContext.runAsUsernfregistration.enableContainerSecurityContextnfregistration.containerSecurityContext.readOnlyRootFilesystemnfregistration.containerSecurityContext.allowPrivilegeEscalationnfregistration.containerSecurityContext.runAsNonRootnfregistration.containerSecurityContext.runAsUsernfregistration.containerSecurityContext.privilegednfregistration.containerSecurityContext.capabilities.drop
- Added the following parameters in the NF Subscription Microservice (nfsubscription) section to
enable and configure security context for the Pod and Container:
nfsubscription.enablePodSecurityContextnfsubscription.podSecurityContext.runAsNonRootnfsubscription.podSecurityContext.runAsUsernfsubscription.enableContainerSecurityContextnfsubscription.containerSecurityContext.readOnlyRootFilesystemnfsubscription.containerSecurityContext.allowPrivilegeEscalationnfsubscription.containerSecurityContext.runAsNonRootnfsubscription.containerSecurityContext.runAsUsernfsubscription.containerSecurityContext.privilegednfsubscription.containerSecurityContext.capabilities.dropnfsubscription.hikariPoolSizenfsubscription.hikariConnectionTimeoutnfsubscription.hikariMinimumIdlenfsubscription.hikariIdleTimeoutnfsubscription.hikariMaxLifetime
- Added the following parameters in the NRFAuditor Microservice (nrfauditor) section to
enable and configure security context for the Pod and Container:
nrfauditor.enablePodSecurityContextnrfauditor.podSecurityContext.runAsNonRootnrfauditor.podSecurityContext.runAsUsernrfauditor.enableContainerSecurityContextnrfauditor.containerSecurityContext.readOnlyRootFilesystemnrfauditor.containerSecurityContext.allowPrivilegeEscalationnrfauditor.containerSecurityContext.runAsNonRootnrfauditor.containerSecurityContext.runAsUsernrfauditor.containerSecurityContext.privilegednrfauditor.containerSecurityContext.capabilities.drop
- Added the following parameters in the NF Discovery Microservice (nfdiscovery) section to
enable and configure security context for the Pod and Container:
nfdiscovery.enablePodSecurityContextnfdiscovery.podSecurityContext.runAsNonRootnfdiscovery.podSecurityContext.runAsUsernfdiscovery.enableContainerSecurityContextnfdiscovery.containerSecurityContext.readOnlyRootFilesystemnfdiscovery.containerSecurityContext.allowPrivilegeEscalationnfdiscovery.containerSecurityContext.runAsNonRootnfdiscovery.containerSecurityContext.runAsUsernfdiscovery.containerSecurityContext.privilegednfdiscovery.containerSecurityContext.capabilities.drop
- Added the following parameters in the NF Access Token Microservice(nfaccesstoken) section to
enable and configure security context for the Pod and Container:
nfaccesstoken.enablePodSecurityContextnfaccesstoken.podSecurityContext.runAsNonRootnfaccesstoken.podSecurityContext.runAsUsernfaccesstoken.enableContainerSecurityContextnfaccesstoken.containerSecurityContext.readOnlyRootFilesystemnfaccesstoken.containerSecurityContext.allowPrivilegeEscalationnfaccesstoken.containerSecurityContext.runAsNonRootnfaccesstoken.containerSecurityContext.runAsUsernfaccesstoken.containerSecurityContext.privilegednfaccesstoken.containerSecurityContext.capabilities.drop
- Added the following parameters in the NRF Configuration Microservice (nrfconfiguration) section to
enable and configure security context for the Pod and Container:
nrfconfiguration.enablePodSecurityContextnrfconfiguration.podSecurityContext.runAsNonRootnrfconfiguration.podSecurityContext.runAsUsernrfconfiguration.enableContainerSecurityContextnrfconfiguration.containerSecurityContext.readOnlyRootFilesystemnrfconfiguration.containerSecurityContext.allowPrivilegeEscalationnrfconfiguration.containerSecurityContext.runAsNonRootnrfconfiguration.containerSecurityContext.runAsUsernrfconfiguration.containerSecurityContext.privilegednrfconfiguration.containerSecurityContext.capabilities.drop
- Added the following parameters in the NRF Artisan Microservice (nrfartisan) section to
enable and configure security context for the Pod and Container:
nrfartisan.enablePodSecurityContextnrfartisan.podSecurityContext.runAsNonRootnrfartisan.podSecurityContext.runAsUsernrfartisan.enableContainerSecurityContextnrfartisan.containerSecurityContext.readOnlyRootFilesystemnrfartisan.containerSecurityContext.allowPrivilegeEscalationnrfartisan.containerSecurityContext.runAsNonRootnrfartisan.containerSecurityContext.runAsUsernrfartisan.containerSecurityContext.privilegednrfartisan.containerSecurityContext.capabilities.drop
- Added the following parameters in the NRF Cache Data Microservice (nrfcachedata) section to
enable and configure security context for the Pod and Container:
nrfcachedata.enablePodSecurityContextnrfcachedata.podSecurityContext.runAsNonRootnrfcachedata.podSecurityContext.runAsUsernrfcachedata.enableContainerSecurityContextnrfcachedata.containerSecurityContext.readOnlyRootFilesystemnrfcachedata.containerSecurityContext.allowPrivilegeEscalationnrfcachedata.containerSecurityContext.runAsNonRootnrfcachedata.containerSecurityContext.runAsUsernrfcachedata.containerSecurityContext.privilegednrfcachedata.containerSecurityContext.capabilities.drop
Upgrade, Rollback, and Uninstall Updates
- Updated the upgrade paths in the Supported Upgrade Paths section.
- Updated the rollback paths in the Supported Rollback Paths section.
- Updated the Supported Rollback Paths section to remove the procedure for enabling or disabling tracing.
- Updated the existing note in the Upgrading NRF section to mention that in the georeplicated NRF deployments, the difference between the NRF release versions for all the georedundant sites cannot be more than 2.
- Added a note in the Upgrading NRF section to use the
caching_sha2_passwordauthentication plugin for altering the users. - Added a note in the Rolling Back NRF section to use the
mysql_native_passwordauthentication plugin for altering the users. - Added a note in the Upgrading NRF section to modify the value of
global.additionalndbconfigurations.ndb.HeartbeatIntervalDbDbparameter to 1250 while performing cnDBTier upgrade. - Added a note in the Upgrading NRF section to create the ServiceMonitor for viewing the metrics
in the
/prometheusendpoint. - Added a note in the Upgrade Strategy section to perform in-service upgrade in maintenance window.
Fault Recovery Updates
- Added the NRF site which is under recovery is receiving the traffic, perform the controlled shutdown procedure to isolate the site in the Prerequisites section.
- Added Post Fault Recovery section with the procedure to recover NRF traffic after fault recovery.
- Updated the Graceful Shutdown of NRF Deployment section with the NRF behavior after fault recovery using controlled shutdown feature.
- Updated the command for recreating the NRF users in the Scenario 3: NRF cnDBTier Corruption section.