Sample values.yaml file for LWM2M deployment
The following is a sample override values.yaml file for LWM2M.
pullPolicy: IfNotPresent
# replicas is the replication count
rbac_enabled: true
pcap_scc_enabled: false
# description:
# To enable packetcapture functionality with security context constraint, set pcap_scc_enabled to true.
replicas: 1
#nodeSelector is the optional node selector (key value pairs)
nodeSelector:
# lwm2mTag is the LWM2M image tag. Defaults to chart.AppVersion
# lwm2mTag:
# lwm2mResources contains resource limits for LWM2M image
lwm2mResources:
limits:
memory: "4Gi"
cpu: 2
requests:
memory: "1024Mi"
cpu: 500m
javaOpts: ""
lwm2mSchemaResources:
limits:
memory: "512Mi"
cpu: 1
requests:
memory: "128Mi"
cpu: 200m
persistence:
fwimage:
## this enables PVC templates that will create one per pod
enabled: false
## Persistent Volume Claim name which will be used during creation
pvcname: lwm2m-firmware
## fwimage directory Persistent Volume Storage Class
## it should be a storage class which provides ReadWriteMany accessMode (eg. glusterfs storage class )
## the bounded persistent volume will be shared between all containers in order to have a shared firmware immages storage.
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner.
##
# storageClass: "-"
# storageClass: "glusterfs-storageclass"
storageClass: "-"
accessMode: ReadWriteMany
# the requested size of the mounted volume
size: 5Gi
objregistry:
enabled: false
# description:
# If enabled, lwm2m objects are maintained in persistent volume; otherwise configmap is used for lwm2m object models. Following parameters under objregistry are applicable only when enabled = true
pvcname: lwm2m-object-registry
# description:
# Name of the pvc
# storageClass: "glusterfs-storageclass"
storageClass: "-"
# description:
# This is the storage class name for the pvc. The storage class should represent a common shared storage like glusterfs-storageclass. Leave it "-" if objregistry.enabled is false
accessMode: ReadWriteMany
# description:
# The access mode of the pvc should be ReadWriteMany so that all replicas of lwm2m-controller can access and modify the storage volume
size: 1Gi
# description:
# The size of the persistent volume used to store lwm2m object models
packetcapture:
enabled: false
pvcname: lwm2m-packet-capture
# storageClass: "glusterfs-storageclass"
storageClass: "-"
# description:
# This is the storage class name for the pvc. The storage class should represent a common shared storage like glusterfs-storageclass. Leave it "-" if packetcapture.enabled is false
accessMode: ReadWriteMany
# description:
# The access mode of the pvc should be ReadWriteMany so that all replicas of lwm2m-controller can access and modify the storage volume
size: 5Gi
# description:
# The size of the persistent volume used to store lwm2m pcap files
# Reserve atleast 500Mi x replicas
#serviceAccount: lwm2m
# description:
# To enable packetcapture functionality, use the serviceAccount.
# It requires PSP,role,roleBinding and serviceAccount to be created as prerequisites, Refer README.
config:
cert:
keyFile: ""
# scef truststore path location
# scefTrustStorePath: ""
lwm2m:
LWM2M_NO_SEC_REG_URL: "127.0.0.1:5683"
LWM2M_PSK_REG_URL: "127.0.0.1:5684"
#LWM2M_SERVER_CERT_PATH: /appl/config/certs/server.p12
UQ_CMD_EXPIRY_IN_MINS: 1440
LWM2M_OBJECT_DEFINITIONS_DIR: /appl/config/models
PCAP_DATA_DIR: /appl/data
PCAP_FILE_SIZE_IN_MB: 100
# description: If the file capturing the packets reach this size a new file is created.
PCAP_FILE_COUNT: 5
# description: Limit the number of files created, and begin overwriting files from the beginning
PCAP_CLIENT_ADDRESS_TTL_IN_SEC: 604800
# description: The time-to-live for the client addresses maintained in the DB. The records would be cleared after the TTL is reached.
OMA_REGISTRY_API_BASE_URL: "http://www.openmobilealliance.org/api"
AGENTSERVER_EXCHANGE: "agentserver"
LIFECYCLE_KEY: "lifecycle"
OBSERVATION_KEY: "observation"
RESPONSES_KEY: "response"
FAULT_KEY: "fault"
FIRMWARE_EXPIRY_IN_HRS: 24
FIRMWARE_POLLING_INTERVAL_IN_SEC: 1
FIRMWARE_POLLING_COUNT: 3
LWM2M_BOOTSTRAP_DISABLE_TIMEOUT: 86400
THREAD_POOL_SIZE: 100
DTLS_THREAD_POOL_SIZE: 100
SCRIPT_THREAD_POOL_SIZE_MIN: 200
SCRIPT_THREAD_POOL_SIZE_MAX: 200
FW_IMAGE_CACHE_CONCURRENCY_LEVEL: 10
FW_IMAGE_CACHE_EXPIRATION_AFTER_ACCESS: 10
FW_IMAGE_CACHE_EXPIRATION_AFTER_WRITE: 10
FW_IMAGE_CACHE_MAXIMUM_SIZE: 10
LWM2M_MASTER_HOST: lwm2m-controller-0.lwm2m-service.default.svc.cluster.local
LWM2M_REGISTRATION_URI: "127.0.0.1:5684"
LWM2M_BOOTSTRAP_SESSION_EXPIRATION_IN_MINS: 1440
LWM2M_KICK_INSTANCE: 1
LWM2M_CLIENT_ACTIVE_DURATION: 60
LWM2M_SMS_SESSION_ACTIVE_DURATION: 60
# description: This is the time gap (in seconds) between two wake-up SMS invocation for a particular device.
# default: 60
LWM2M_LEGACY_BOOTSTRAP_INTERFACE_DTLS_PORT: 0
LWM2M_LEGACY_BOOTSTRAP_INTERFACE_SETUP_IDENTITY: "identity"
MAX_RESPONSE_TIME_IN_SECS: 180
SCEF_SERVER_URL: "http://localhost:8080"
SCEF_SCS_ID: "lwm2mScs"
SCEF_CALLBACK_PUBLIC_URL: "http://lwm2m-scef-callback:6666/callback"
LWM2M_PSK_LENGTH: 64
#CBOR_RESOURCES: /?(54321|54399)/([0-9])/[8,9](?:.*)?
# user name used for T8 basic auth
# SCEF_USER_NAME: "nidduser"
# scef trust store path if T8 backend uses https
SCEF_TRUST_STORE_PATH: "/appl/config/certs/sceftrust.jks"
LWM2M_API_URL: "http://lwm2m-api:7777/"
TRM_CONFIGURATION_DIR: /appl/config/trm
NON_IP_TRANSPORT: "SGI"
USE_CACHE_WITH_ASYNC_QUERIES: false
#SUBSCRIBER_REPO_URL: "http://impactsubscrepo:9095"
#SUBSCRIBER_REPO_USER: "admin"
CDP_URL: "http://cdp:8080"
CDP_USER: "superadmin"
# This property to be enabled for NOSEC Authentication for host ports 31234 and 30999,this is not required for SCEF/SGI flows
ENABLE_SUBSCRIBER_REPO: false
# Specify integer value. Values mappings: 0 - Pull, 1 - Push
FW_DELIVERY_METHOD: 1
# Specify integer value. Values mappings: 0 - CoAP, 1 - CoAPS, 2 - HTTP, 3 - HTTPS
FW_UPDATE_PROTOCOL: 3
# Reject commands if registration is expired by server
REJECT_EXPIRED_ENDPOINTS: false
# To enable redis for command queue, when USE_CACHE_WITH_ASYNC_QUERIES is enabled
USE_REDIS_COMMAND_QUEUE: false
# To enable control queue, configure Redis properties
ENABLE_CONTROL_QUEUE: false
# Batch size for command queue expiry timer, when redis is enabled for command queue
REDIS_CMD_EXP_BATCH_SIZE: "1000"
# Expiry timer scheduler interval for command queue, when redis is enabled for command queue
REDIS_CMD_EXP_SCHED_IN_SECS: 60
# californium properties
californium:
coap:
ACK_TIMEOUT: 2000
ACK_INIT_RANDOM: 1.5
ACK_TIMEOUT_SCALE: 2.0
MAX_RETRANSMIT: 4
NSTART: 1
PROBING_RATE: 1.0
EXCHANGE_LIFETIME: 247000
NON_LIFETIME: 145000
MAX_TRANSMIT_WAIT: 93000
PREFERRED_BLOCK_SIZE: 512
MAX_MESSAGE_SIZE: 1024
BLOCKWISE_STATUS_LIFETIME: 300000
MAX_RESOURCE_BODY_SIZE: 8192
PROTOCOL_STAGE_THREAD_COUNT: 100
tcp:
CONNECTION_IDLE_TIMEOUT: 600000
CONNECT_TIMEOUT: 10000
HANDSHAKE_TIMEOUT: 10000
WORKER_THREADS: 10
dtls:
# Deprecated Ciphers Suites are not supported by default. To override, set the value to false
RECOMMENDED_CIPHER_SUITES_ONLY: true
# EXTENDED_MASTER_SECRET_MODE is ENABLED by default, considering the vulnerability mentioned https://datatracker.ietf.org/doc/html/rfc7627#section-6.1
# To override set the value to OPTIONAL
EXTENDED_MASTER_SECRET_MODE: ENABLED
redis:
#REDIS_DB_HOST: "crdb-crdb-redisio:6379"
#REDIS_SENTINEL_HOSTS:
#REDIS_MASTER_NAME:
#REDIS_MAX_TOTAL: 15
#REDIS_MAX_IDLE: 15
#this property should be enabled for redis cluster, the values can be host:port of all the clusters with ',' seperated ex: HOST1:PORT1,HOST2:PORT2,HOST3:PORT3
#REDIS_CLUSTER_HOSTS:
usage:
USAGE_CONTROL_ENABLE: false
enterpriseBilling: false
trm:
enabled: false
nodePort:
nosec: 30683
dtls: 30684
tcp: 30683
tls: 30684
legacyBootstrap: 30784
lwm2mscefcb: 30666
hostPort:
noSecBS: 31234
nosecRd: 30999
cassandra:
# cassandraUser is the username of Cassandra.
username: "impact"
# cassandraGatewayKeyspace is the Cassandra keyspace to use.
keyspace: "lwm2m"
# cassandra.dropKeyspace When true, keyspace will be dropped before creation/upgrade. Do not use in production
dropKeyspace: "false"
CAS_KEYSPACE_REPLICATION: "{ 'class' : 'SimpleStrategy', 'replication_factor': 1 }"
global:
secretname: "lwm2m-secrets"
registry: cdp-docker-candidates.repo.cci.nokia.net
# broker properties
broker:
# brokerHosts is the RMQ hosts and ports.
hosts: "rabbitmq:5672"
# brokerUsername is the username of RMQ
username: "impact"
# brokerVirtualHost is the vhost of RMQ
virtualHost: "/"
#ingress_proxy: http://proxy_host:proxy_port/
#description: >
# This is applicable for OMA registry to download LwM2M Object contents from OMA site.
# The ingress_proxy is required, if the k8s host does not have direct access to Internet.
# Uncomment ingress_proxy and provide the http proxy URL.
# cassandra properties
cassandra:
# cassandraHosts is the cassandra host and port.
hosts: "cassandra:9042"
# adminUsername is the name of the cassandra admin user, used to create dedicated keyspace/user. If not specified, dedicated user/keyspace is supposed to be created upfront
adminUsername: null
# No of core local connections to cassandra
coreLocal: 20
# No of max local connections to cassandra
maxLocal: 500
# No of core remote connections to cassandra
coreRemote: 10
# No of max remote connections to cassandra
maxRemote: 50
# Local cassandra DC name
localdc: "dc_east"
Note: Reclaiming the PV when re-installing IMPACT Mobile and LWM2M
While re-installing IMPACT Mobile, NFS Persistent Volume has to be reclaimed manually.
- Execute the command:
kubectl edit <pv_name> - Remove the section
claimRef. - Save the changes and check if the CLAIM status in
kubectl get pvis AVAILABLE.Note: Delete all the PVCs before reclaim.
Note: The values given in the above sample file are only for illustration purpose. Nokia
recommends to modify these values based on your deployment.