4 Configuration

This chapter lists the configuration changes in release 25.1.2xx.

4.1 Helm

This section lists the Helm parameter changes in release 25.1.2xx. For more information about the Helm parameters, see Oracle Communications Cloud Native Configuration Console Installation, Upgrade, and Fault Recovery Guide.

Release 25.1.200

The following are the Helm parameters changes in this release:

  1. LCM (Lifecycle Management) Automation - Helm Enhancements for Service Account: An automated resource creation has been introduced in this release to streamline the management of Kubernetes resources through Helm charts.

    In custom values file, the option to automatically create the resources and service account required by the deployment has been provided. The global.autoCreateResources parameter is added to enable or disable the automatic creation of resources.

    The global.autoCreateResources.serviceAccounts.create parameter must be set a true to automatically create the service account. This is applicable when global.autoCreateResources.enabled is set to true. 

    global:
 
  helmTestServiceAccountName: &helmTestServiceAccountName ""
 
  # Flag for Auto-creation of resources and is disabled by default.
  #  - For now the resources include ServiceAccount configuration
  #
  autoCreateResources:
    enabled: false
 
    serviceAccounts:
      create: true   # This internal flag controls whether ServiceAccounts should be created automatically.
      accounts:
        - serviceAccountName: *serviceAccountName                # Name of CNCC ServiceAccount.
          type: CNCC                                             # Type determines RBAC rules to be constructed in the template
           
        - serviceAccountName: *helmTestServiceAccountName        # Name of Helm test ServiceAccount.
          type: HELM_TEST                                        # Type determines RBAC rules to be constructed in the template
  2. Security Context parameters have been added for CNCC-IAM, M-CNCC Core, and A-CNCC Core Ingress Gateway pods and containers as follows:
    cncc-iam:
  ...
  ingress-gateway:
  ...   
    # Pod SecurityContext
    enablePodSecurityContext: *enablePodSecurityContext
    podSecurityContext:
      runAsNonRoot: *runAsNonRootPod
      runAsUser: 10001
 
    #security context for containers
    securityContext:
      enable: *enableContainerSecurityContext
 
    containerSecurityContext:
      # make readOnlyRootFilesystem parameter false if environment needs more than readonly access
      readOnlyRootFilesystem: *readOnlyRootFilesystem
      allowPrivilegeEscalation: *allowPrivilegeEscalation
      runAsNonRoot: *runAsNonRootContainer
      privileged: *privileged
      runAsUser: 10001
      capabilities: *capabilities
  3. CNC Console cnDBTier custom values changes:
    1. The following configuration has been added to the cnDBTier custom values file:
      global:
  serviceMode:
    internal: "IPv4"
    external:
      ndbmysqldsvc: "IPv4"
      connectivityService: "IPv4"
      dbMonitorService: "IPv4"
 
  dbreplsvcdeployments:
      serviceMode:
        external: "IPv4"
      replication:
        preferredIpFamily: "IPv4"
 
  autoCreateResources:
    enabled: false
    serviceAccounts:
      create: true
      accounts:
        - serviceAccountName: ""
          type: APP
          create: true
        - serviceAccountName: "cndbtier-upgrade-serviceaccount"
          type: UPGRADE
          create: true
        - serviceAccountName: "cndbtier-multus-serviceaccount"
          type: MULTUS
          create: false
 
  https:
    clientAuthentication: NEED
    supportDualProtocol: false
    caCertificate: ""
    serverCertificate: ""
    serverCertificateKey: ""
    clientCertificate: ""
    clientCertificateKey: ""
    secrets:
      caSecret: cndbtier-https-trust-store-secret
      serverSecret: cndbtier-https-server-secret
      clientSecret: cndbtier-https-client-secret
 
  dbreplsvcdeployments:
      service:
        httpport: 80
        httpsport: 443
 
  additionalndbconfigurations:
    ndb:
      MaxNoOfConcurrentScans: 256
    tcpemptyapi:
      TotalSendBufferMemory: '32M'
 
  api:
   max_binlog_size: 1073741824
 
  inframonitor:
    image:
      name: "db-infra-monitor-svc"
      repository: db_infra_monitor_svc
      tag: <tag_version>
      imagePullPolicy: "IfNotPresent"
 
ndb:
  startupProbe:
    initialDelaySeconds: 0
    # 360 * 5 = 1800 sec. = 30 min. which is the time the pod has to start
    # during a rollout restart before it is restarted by k8s
    failureThreshold: 360
    periodSeconds: 5
    timeoutSeconds: 3
    successThreshold: 1
 
mgm:
  annotations:
    - traffic.sidecar.istio.io/excludeInboundPorts: "8081"
  
ndb:
  annotations:
    - traffic.sidecar.istio.io/excludeInboundPorts: "8081"
          
api:
  annotations:
    - traffic.sidecar.istio.io/excludeInboundPorts: "8081"
  
api:
  ndbapp:
    annotations:
      - traffic.sidecar.istio.io/excludeInboundPorts: "8081"
  
db-replication-svc:
  dbreplsvcdeployments:
    - name: "<... leader replication-svc ...>"
      podAnnotations:
        traffic.sidecar.istio.io/excludeInboundPorts: "8081"
 
db-monitor-svc:
  podAnnotations:
    traffic.sidecar.istio.io/excludeInboundPorts: "8081"
 
# The following section has been added to all db-replication-svc pods.
db-replication-svc:
  dbreplsvcdeployments:
    - name: "<...>"
      internalService:
        type: ClusterIP
        labels: {}
        annotations: {}
    2. The following configuration has been removed from the cnDBTier custom values file:
      global:
  useIPv6: false
 
  services:
    ipFamilyPolicy: SingleStack
    primaryDualStackIpFamily: IPv6
 
  inframonitor:
    enable: true
    pvchealth:
      mgm: true
      ndb: true
      api: true
 
  multus:
    serviceAccount:
      create: true
      name: "cndbtier-multus-serviceaccount"
 
  serviceAccount:
    create: true
    name: ""
  serviceAccountForUpgrade:
    create: true
    name: "cndbtier-upgrade-serviceaccount"
 
   dbreplsvcdeployments:
      service:
        port: 80
    3. The following configuration has been updated in the cnDBTier custom values file:
      Previous Configuration:
      mgm:
  service:
    labels:
      - app: occne_infra
      - cis.f5.com/as3-tenant: occne_infra
      - cis.f5.com/as3-app: svc_occne_infra_ndbmgmnode
      - cis.f5.com/as3-pool: svc_occne_infra_pool
 
ndb:
  service:
    labels:
      - app: occne_infra
      - cis.f5.com/as3-tenant: occne_infra
      - cis.f5.com/as3-app: svc_occne_infra_sqlnode
      - cis.f5.com/as3-pool: svc_occne_infra_pool
 
api:
  service:
    labels:
      - app: occne_infra
      - cis.f5.com/as3-tenant: occne_infra
      - cis.f5.com/as3-app: svc_occne_infra_sqlnode
      - cis.f5.com/as3-pool: svc_occne_infra_pool
  externalService:
    sqlgeorepsvclabels:
      - name: ndbmysqldsvc-0
        labels:
          - app: occne_infra
          - cis.f5.com/as3-tenant: occne_infra
          - cis.f5.com/as3-app: svc_occne_infra_sqlnode0
          - cis.f5.com/as3-pool: svc_occne_infra_pool0
      - name: ndbmysqldsvc-1
        labels:
          - app: occne_infra
          - cis.f5.com/as3-tenant: occne_infra
          - cis.f5.com/as3-app: svc_occne_infra_sqlnode1
          - cis.f5.com/as3-pool: svc_occne_infra_pool1
      - name: ndbmysqldsvc-2
        labels:
          - app: occne_infra
          - cis.f5.com/as3-tenant: occne_infra
          - cis.f5.com/as3-app: svc_occne_infra_sqlnode2
          - cis.f5.com/as3-pool: svc_occne_infra_pool2
      - name: ndbmysqldsvc-3
        labels:
          - app: occne_infra
          - cis.f5.com/as3-tenant: occne_infra
          - cis.f5.com/as3-app: svc_occne_infra_sqlnode3
          - cis.f5.com/as3-pool: svc_occne_infra_pool3
    labels:
      - app1: occne_infra
      - cis.f5.com/as3-tenant1: occne_infra
      - cis.f5.com/as3-app1: svc_occne_infra_sqlnode
      - cis.f5.com/as3-pool1: svc_occne_infra_pool
  connectivityService:
    labels:
      - app: occne_infra
      - cis.f5.com/as3-tenant: occne_infra
      - cis.f5.com/as3-app: svc_occne_infra_sqlnode
      - cis.f5.com/as3-pool: svc_occne_infra_pool
 
 
api:
  ndbapp:
    service:
      labels:
        - app: occne_infra
        - cis.f5.com/as3-tenant: occne_infra
        - cis.f5.com/as3-app: svc_occne_infra_sqlnode
        - cis.f5.com/as3-pool: svc_occne_infra_pool
    connectivityService:
      labels:
        - app: occne_infra
        - cis.f5.com/as3-tenant: occne_infra
        - cis.f5.com/as3-app: svc_occne_infra_sqlnode
        - cis.f5.com/as3-pool: svc_occne_infra_pool
    externalconnectivityService:
      labels:
        - app: occne_infra
        - cis.f5.com/as3-tenant: occne_infra
        - cis.f5.com/as3-app: svc_occne_infra_external_connect_svc
        - cis.f5.com/as3-pool: svc_occne_infra_external_connect_pool
 
db-replication-svc:
  dbreplsvcdeployments:
    - name: <${OCCNE_SITE_NAME}>-<${OCCNE_MATE_SITE_NAME}>-replication-svc
      service:
        labels:
          app: occne_infra
          cis.f5.com/as3-tenant: occne_infra
          cis.f5.com/as3-app: svc_occne_infra_db_repl_svc_1
          cis.f5.com/as3-pool: svc_occne_infra_db_repl_svc_pool1
            
    - name: <${OCCNE_SITE_NAME}>-<${OCCNE_SECOND_MATE_SITE_NAME}>-replication-svc
      service:
        labels:
          app: occne_infra
          cis.f5.com/as3-tenant: occne_infra
          cis.f5.com/as3-app: svc_occne_infra_db_repl_svc_2
          cis.f5.com/as3-pool: svc_occne_infra_db_repl_svc_pool2
  
    - name: <${OCCNE_SITE_NAME}>-<${OCCNE_THIRD_MATE_SITE_NAME}>-replication-svc
      service:
        labels:
          app: occne_infra
          cis.f5.com/as3-tenant: occne_infra
          cis.f5.com/as3-app: svc_occne_infra_db_repl_svc_3
          cis.f5.com/as3-pool: svc_occne_infra_db_repl_svc_pool3
      Updated Configuration:
      mgm:
  service:
    labels: {}
 
 
 
 
 
ndb:
  service:
    labels: {}
 
 
 
 
 
api:
  service:
    labels: {}
  externalService:
    sqlgeorepsvclabels:
      - name: ndbmysqldsvc-0
        labels: {}
      - name: ndbmysqldsvc-1
        labels: {}
      - name: ndbmysqldsvc-2
        labels: {}
      - name: ndbmysqldsvc-3
        labels: {}
    labels: {}
  connectivityService:
    labels: {}
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
api:
  ndbapp:
    service:
      labels: {}
    connectivityService:
      labels: {}
    externalconnectivityService:
      labels: {}
 
 
 
 
 
 
 
 
 
 
 
 
 
 
db-replication-svc:
  dbreplsvcdeployments:
    - name: <${OCCNE_SITE_NAME}>-<${OCCNE_MATE_SITE_NAME}>-replication-svc
      service:
        labels: {}
            
    - name: <${OCCNE_SITE_NAME}>-<${OCCNE_SECOND_MATE_SITE_NAME}>-replication-svc
      service:
        labels: {}
  
    - name: <${OCCNE_SITE_NAME}>-<${OCCNE_THIRD_MATE_SITE_NAME}>-replication-svc
      service:
        labels: {}
    4. Changes to replicationskiperrors in DBtier custom values file:
      Removed the following:
      global:
 
  replicationskiperrors:
    replicationerrornumbers:
      - errornumber: 1094
      Added the following:
      global:
 
  replicationskiperrors:
    replicationerrornumbers:
      - errornumber: 1091
      - errornumber: 1826

4.2 REST API

This section lists the REST API changes in release 25.1.2xx. For more information about the REST APIs, see Oracle Communications Cloud Native Configuration Console REST Specifications Guide.

Release 25.1.200

There are no changes in the REST API in this release.

4.3 CNC Console

This section lists the CNC Console changes in release 25.1.2xx. For more information about the CNC Console configurations, see Oracle Communications Cloud Native Configuration Console User Guide.

Release 25.1.200

There are no changes in the CNC Console in this release.