What's New in This Guide

This section introduces the documentation updates for release 24.3.x.

Release 24.3.0- G13236-02, November 2024

General Updates

Release 24.3.0- G13236-01, October 2024

General Updates

  • Updated the release number to 24.3.0 in the entire document.
  • Updated the image tag details in the following sections:
  • Updated the command with uuid in the Creating Private Keys and Certificate section to create config file for SAN.
  • Updated the Kubernetes and Helm software versions in Table 2-2.
  • Updated the Jaeger, Kyverno, MetalLB, and Prometheus versions in Table 2-3.
  • Added a note in the Installing Network Policies section to mention that ocnrf-network-policy-custom-values-24.3.0.yaml file should be updated as per feature requirements.
  • Added the following parameters in the cnDBTier Requirement section:
    • global.additionalndbconfigurations.mysqld.ndb_batch_size
    • global.additionalndbconfigurations.mysqld.ndb_blob_write_batch_bytes
  • Updated the following parameters in the cnDBTier Requirement section:
    • The recommended value of global.ndb.datamemory parameter is changed from 1GB to 2 GB.
    • The recommended value of global.additionalndbconfigurations.ndb.MaxNoOfExecutionThreads parameter is changed from 5 to 6.
  • Updated the resource requirements for cnDBTier services in the cnDBTier Services section.

Installation Updates

  • Updated the versions for the following appValidate parameters in the Global Parameters section:
    • global.appValidate.minViablePath to 24.1.0
    • global.appValidate.minKubernetesVersion to 1.28.6
    • global.appValidate.minDbTierVersion to 24.1.0
  • Added the following parameters in the Ingress Gateway Microservice section to enable and configure security context for the Pod and Container:
    • ingressgateway.securityContext.enable
    • ingressgateway.securityContext.allowPrevilegeEscalation
    • ingressgateway.securityContext.dropAllCapabilities
    • ingressgateway.securityContext.addCapabilities
  • Added the following parameters in the Egress Gateway Microservice section to enable and configure security context for the Pod and Container:
    • egressgateway.securityContext.enable
    • egressgateway.securityContext.allowPrevilegeEscalation
    • egressgateway.securityContext.dropAllCapabilities
    • egressgateway.securityContext.addCapabilities
  • Added the following parameters in the Alternate Route Microservice (alternate-route) section to enable and configure security context for the Pod and Container:
    • alternate-route.securityContext.enable
    • alternate-route.securityContext.allowPrevilegeEscalation
    • alternate-route.securityContext.dropAllCapabilities
    • alternate-route.securityContext.addCapabilities
  • Added the following parameters in the NF Registration Microservice (nfregistration) section to enable and configure security context for the Pod and Container:
    • nfregistration.enablePodSecurityContext
    • nfregistration.podSecurityContext.runAsNonRoot
    • nfregistration.podSecurityContext.runAsUser
    • nfregistration.enableContainerSecurityContext
    • nfregistration.containerSecurityContext.readOnlyRootFilesystem
    • nfregistration.containerSecurityContext.allowPrivilegeEscalation
    • nfregistration.containerSecurityContext.runAsNonRoot
    • nfregistration.containerSecurityContext.runAsUser
    • nfregistration.containerSecurityContext.privileged
    • nfregistration.containerSecurityContext.capabilities.drop
  • Added the following parameters in the NF Subscription Microservice (nfsubscription) section to enable and configure security context for the Pod and Container:
    • nfsubscription.enablePodSecurityContext
    • nfsubscription.podSecurityContext.runAsNonRoot
    • nfsubscription.podSecurityContext.runAsUser
    • nfsubscription.enableContainerSecurityContext
    • nfsubscription.containerSecurityContext.readOnlyRootFilesystem
    • nfsubscription.containerSecurityContext.allowPrivilegeEscalation
    • nfsubscription.containerSecurityContext.runAsNonRoot
    • nfsubscription.containerSecurityContext.runAsUser
    • nfsubscription.containerSecurityContext.privileged
    • nfsubscription.containerSecurityContext.capabilities.drop
    • nfsubscription.hikariPoolSize
    • nfsubscription.hikariConnectionTimeout
    • nfsubscription.hikariMinimumIdle
    • nfsubscription.hikariIdleTimeout
    • nfsubscription.hikariMaxLifetime
  • Added the following parameters in the NRFAuditor Microservice (nrfauditor) section to enable and configure security context for the Pod and Container:
    • nrfauditor.enablePodSecurityContext
    • nrfauditor.podSecurityContext.runAsNonRoot
    • nrfauditor.podSecurityContext.runAsUser
    • nrfauditor.enableContainerSecurityContext
    • nrfauditor.containerSecurityContext.readOnlyRootFilesystem
    • nrfauditor.containerSecurityContext.allowPrivilegeEscalation
    • nrfauditor.containerSecurityContext.runAsNonRoot
    • nrfauditor.containerSecurityContext.runAsUser
    • nrfauditor.containerSecurityContext.privileged
    • nrfauditor.containerSecurityContext.capabilities.drop
  • Added the following parameters in the NF Discovery Microservice (nfdiscovery) section to enable and configure security context for the Pod and Container:
    • nfdiscovery.enablePodSecurityContext
    • nfdiscovery.podSecurityContext.runAsNonRoot
    • nfdiscovery.podSecurityContext.runAsUser
    • nfdiscovery.enableContainerSecurityContext
    • nfdiscovery.containerSecurityContext.readOnlyRootFilesystem
    • nfdiscovery.containerSecurityContext.allowPrivilegeEscalation
    • nfdiscovery.containerSecurityContext.runAsNonRoot
    • nfdiscovery.containerSecurityContext.runAsUser
    • nfdiscovery.containerSecurityContext.privileged
    • nfdiscovery.containerSecurityContext.capabilities.drop
  • Added the following parameters in the NF Access Token Microservice(nfaccesstoken) section to enable and configure security context for the Pod and Container:
    • nfaccesstoken.enablePodSecurityContext
    • nfaccesstoken.podSecurityContext.runAsNonRoot
    • nfaccesstoken.podSecurityContext.runAsUser
    • nfaccesstoken.enableContainerSecurityContext
    • nfaccesstoken.containerSecurityContext.readOnlyRootFilesystem
    • nfaccesstoken.containerSecurityContext.allowPrivilegeEscalation
    • nfaccesstoken.containerSecurityContext.runAsNonRoot
    • nfaccesstoken.containerSecurityContext.runAsUser
    • nfaccesstoken.containerSecurityContext.privileged
    • nfaccesstoken.containerSecurityContext.capabilities.drop
  • Added the following parameters in the NRF Configuration Microservice (nrfconfiguration) section to enable and configure security context for the Pod and Container:
    • nrfconfiguration.enablePodSecurityContext
    • nrfconfiguration.podSecurityContext.runAsNonRoot
    • nrfconfiguration.podSecurityContext.runAsUser
    • nrfconfiguration.enableContainerSecurityContext
    • nrfconfiguration.containerSecurityContext.readOnlyRootFilesystem
    • nrfconfiguration.containerSecurityContext.allowPrivilegeEscalation
    • nrfconfiguration.containerSecurityContext.runAsNonRoot
    • nrfconfiguration.containerSecurityContext.runAsUser
    • nrfconfiguration.containerSecurityContext.privileged
    • nrfconfiguration.containerSecurityContext.capabilities.drop
  • Added the following parameters in the NRF Artisan Microservice (nrfartisan) section to enable and configure security context for the Pod and Container:
    • nrfartisan.enablePodSecurityContext
    • nrfartisan.podSecurityContext.runAsNonRoot
    • nrfartisan.podSecurityContext.runAsUser
    • nrfartisan.enableContainerSecurityContext
    • nrfartisan.containerSecurityContext.readOnlyRootFilesystem
    • nrfartisan.containerSecurityContext.allowPrivilegeEscalation
    • nrfartisan.containerSecurityContext.runAsNonRoot
    • nrfartisan.containerSecurityContext.runAsUser
    • nrfartisan.containerSecurityContext.privileged
    • nrfartisan.containerSecurityContext.capabilities.drop
  • Added the following parameters in the NRF Cache Data Microservice (nrfcachedata) section to enable and configure security context for the Pod and Container:
    • nrfcachedata.enablePodSecurityContext
    • nrfcachedata.podSecurityContext.runAsNonRoot
    • nrfcachedata.podSecurityContext.runAsUser
    • nrfcachedata.enableContainerSecurityContext
    • nrfcachedata.containerSecurityContext.readOnlyRootFilesystem
    • nrfcachedata.containerSecurityContext.allowPrivilegeEscalation
    • nrfcachedata.containerSecurityContext.runAsNonRoot
    • nrfcachedata.containerSecurityContext.runAsUser
    • nrfcachedata.containerSecurityContext.privileged
    • nrfcachedata.containerSecurityContext.capabilities.drop

Upgrade, Rollback, and Uninstall Updates

  • Updated the upgrade paths in the Supported Upgrade Paths section.
  • Updated the rollback paths in the Supported Rollback Paths section.
  • Updated the Supported Rollback Paths section to remove the procedure for enabling or disabling tracing.
  • Updated the existing note in the Upgrading NRF section to mention that in the georeplicated NRF deployments, the difference between the NRF release versions for all the georedundant sites cannot be more than 2.
  • Added a note in the Upgrading NRF section to use the caching_sha2_password authentication plugin for altering the users.
  • Added a note in the Rolling Back NRF section to use the mysql_native_password authentication plugin for altering the users.
  • Added a note in the Upgrading NRF section to modify the value of global.additionalndbconfigurations.ndb.HeartbeatIntervalDbDb parameter to 1250 while performing cnDBTier upgrade.
  • Added a note in the Upgrading NRF section to create the ServiceMonitor for viewing the metrics in the /prometheus endpoint.
  • Added a note in the Upgrade Strategy section to perform in-service upgrade in maintenance window.
Fault Recovery Updates