diff --git a/5gcore/templates/SCC-AdminRoleBinding.yaml b/5gcore/templates/SCC-AdminRoleBinding.yaml new file mode 100644 index 0000000..4fa20ac --- /dev/null +++ b/5gcore/templates/SCC-AdminRoleBinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: default-scc-admin-binding + namespace: open5gcore +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: scc-admin +subjects: +- kind: ServiceAccount + name: default + namespace: open5gcore diff --git a/5gcore/templates/amf-configmap.yaml b/5gcore/templates/amf-configmap.yaml index bbf36df..5516430 100644 --- a/5gcore/templates/amf-configmap.yaml +++ b/5gcore/templates/amf-configmap.yaml @@ -30,13 +30,12 @@ data: mnc: {{ .Values.amf.mnc }} s_nssai: - sst: 1 - sd: 1 security: integrity_order : [ NIA2, NIA1, NIA0 ] ciphering_order : [ NEA0, NEA1, NEA2 ] network_name: full: Open5GS - amf_name: open5gs-amf0 + amf_name: open5gs-amf nrf: - sbi: - name: open5gs-nrf + sbi: + name: open5gs-nrf diff --git a/5gcore/templates/amf-deploy.yaml b/5gcore/templates/amf-deploy.yaml index 506aa1c..456f136 100644 --- a/5gcore/templates/amf-deploy.yaml +++ b/5gcore/templates/amf-deploy.yaml @@ -10,25 +10,22 @@ spec: epc-mode: amf ports: - protocol: SCTP - port: 38412 + port: {{ .Values.cnf.amf.sctp.port }} targetPort: 38412 - nodePort: 30412 + nodePort: {{ .Values.cnf.amf.sctp.nodeport }} --- -apiVersion: v1 -kind: Service +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 metadata: - name: open5gs-amf - labels: - epc-mode: amf + name: allow-sctp spec: - type: NodePort - selector: - epc-mode: amf - ports: - - protocol: TCP - port: 80 - targetPort: 80 - nodePort: 30080 + podSelector: + matchLabels: + epc-mode: amf + ingress: + - ports: + - protocol: SCTP + port: {{ .Values.cnf.amf.sctp.port }} --- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 @@ -42,7 +39,7 @@ spec: - ports: - protocol: SCTP port: 80 ---- +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -50,20 +47,20 @@ metadata: labels: epc-mode: amf spec: - replicas: 1 selector: matchLabels: epc-mode: amf template: metadata: annotations: + openshift.io/required-scc: "scc-admin" sidecar.istio.io/inject: "true" labels: epc-mode: amf spec: containers: - name: amf - image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.tag }}" + image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.oldtag }}" imagePullPolicy: {{ .Values.open5gcore.image.pullPolicy }} command: ["open5gs-amfd", "-c", "/open5gs/config-map/amf.yaml"] volumeMounts: diff --git a/5gcore/templates/ausf-configmap.yaml b/5gcore/templates/ausf-configmap.yaml index 37e268c..c1b2f54 100644 --- a/5gcore/templates/ausf-configmap.yaml +++ b/5gcore/templates/ausf-configmap.yaml @@ -11,5 +11,5 @@ data: - addr: 0.0.0.0 advertise: open5gs-ausf nrf: - sbi: - name: open5gs-nrf + sbi: + name: open5gs-nrf diff --git a/5gcore/templates/ausf-deploy.yaml b/5gcore/templates/ausf-deploy.yaml index acb1987..dde326c 100644 --- a/5gcore/templates/ausf-deploy.yaml +++ b/5gcore/templates/ausf-deploy.yaml @@ -19,20 +19,21 @@ metadata: labels: epc-mode: ausf spec: - replicas: 1 + #replicas: 1 selector: matchLabels: epc-mode: ausf template: metadata: annotations: + openshift.io/required-scc: "scc-admin" sidecar.istio.io/inject: "true" labels: epc-mode: ausf spec: containers: - name: ausf - image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.tag }}" + image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.oldtag }}" imagePullPolicy: {{ .Values.open5gcore.image.pullPolicy }} command: ["open5gs-ausfd", "-c", "/open5gs/config-map/ausf.yaml"] volumeMounts: diff --git a/5gcore/templates/nrf-configmap.yaml b/5gcore/templates/nrf-configmap.yaml index 57f78f4..545b969 100644 --- a/5gcore/templates/nrf-configmap.yaml +++ b/5gcore/templates/nrf-configmap.yaml @@ -6,8 +6,6 @@ metadata: epc-mode: nrf data: nrf.yaml: | - #logger: - #file: /var/log/open5gs/nrf.log nrf: - sbi: - addr: 0.0.0.0 + sbi: + name: open5gs-nrf diff --git a/5gcore/templates/nrf-deploy.yaml b/5gcore/templates/nrf-deploy.yaml index 1a0c1f7..d8fcab1 100644 --- a/5gcore/templates/nrf-deploy.yaml +++ b/5gcore/templates/nrf-deploy.yaml @@ -19,22 +19,23 @@ metadata: labels: epc-mode: nrf spec: - replicas: 1 + #replicas: 1 selector: matchLabels: epc-mode: nrf template: metadata: annotations: - sidecar.istio.io/inject: "true" + openshift.io/required-scc: "scc-admin" + sidecar.istio.io/inject: "false" labels: epc-mode: nrf spec: containers: - name: nrf - image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.tag }}" + image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.oldtag }}" imagePullPolicy: {{ .Values.open5gcore.image.pullPolicy }} - command: ["open5gs-nrfd", "-c", "/open5gs/config-map/nrf.yaml"] + command: ["open5gs-nrfd", "-d", "-c", "/open5gs/config-map/nrf.yaml"] volumeMounts: - name: open5gs-nrf-config mountPath: /open5gs/config-map/nrf.yaml diff --git a/5gcore/templates/nssf-configmap.yaml b/5gcore/templates/nssf-configmap.yaml index 1249751..31816c3 100644 --- a/5gcore/templates/nssf-configmap.yaml +++ b/5gcore/templates/nssf-configmap.yaml @@ -18,5 +18,5 @@ data: s_nssai: sst: 1 nrf: - sbi: - name: open5gs-nrf + sbi: + name: open5gs-nrf diff --git a/5gcore/templates/nssf-deploy.yaml b/5gcore/templates/nssf-deploy.yaml index 04de289..58b4d87 100644 --- a/5gcore/templates/nssf-deploy.yaml +++ b/5gcore/templates/nssf-deploy.yaml @@ -19,20 +19,21 @@ metadata: labels: epc-mode: nssf spec: - replicas: 1 + #replicas: 1 selector: matchLabels: epc-mode: nssf template: metadata: annotations: + openshift.io/required-scc: "scc-admin" sidecar.istio.io/inject: "true" labels: epc-mode: nssf spec: containers: - name: nssf - image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.tag }}" + image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.oldtag }}" imagePullPolicy: {{ .Values.open5gcore.image.pullPolicy }} command: ["open5gs-nssfd", "-c", "/open5gs/config-map/nssf.yaml"] volumeMounts: @@ -42,4 +43,4 @@ spec: volumes: - name: open5gs-nssf-config configMap: - name: open5gs-nssf-config + name: open5gs-nssf-config diff --git a/5gcore/templates/pcf-configmap.yaml b/5gcore/templates/pcf-configmap.yaml index dcea9ed..1d0d515 100644 --- a/5gcore/templates/pcf-configmap.yaml +++ b/5gcore/templates/pcf-configmap.yaml @@ -14,5 +14,5 @@ data: - addr: 0.0.0.0 advertise: open5gs-pcf nrf: - sbi: - name: open5gs-nrf + sbi: + name: open5gs-nrf diff --git a/5gcore/templates/pcf-deploy.yaml b/5gcore/templates/pcf-deploy.yaml index 007c5d4..9772a6d 100644 --- a/5gcore/templates/pcf-deploy.yaml +++ b/5gcore/templates/pcf-deploy.yaml @@ -19,20 +19,21 @@ metadata: labels: epc-mode: pcf spec: - replicas: 1 + #replicas: 1 selector: matchLabels: epc-mode: pcf template: metadata: annotations: + openshift.io/required-scc: "scc-admin" sidecar.istio.io/inject: "true" labels: epc-mode: pcf spec: containers: - name: pcf - image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.tag }}" + image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.oldtag }}" imagePullPolicy: {{ .Values.open5gcore.image.pullPolicy }} command: ["open5gs-pcfd", "-c", "/open5gs/config-map/pcf.yaml"] volumeMounts: @@ -42,4 +43,4 @@ spec: volumes: - name: open5gs-pcf-config configMap: - name: open5gs-pcf-config + name: open5gs-pcf-config diff --git a/5gcore/templates/resource-limits.yaml b/5gcore/templates/resource-limits.yaml new file mode 100644 index 0000000..d1f945d --- /dev/null +++ b/5gcore/templates/resource-limits.yaml @@ -0,0 +1,37 @@ +apiVersion: "v1" +kind: "LimitRange" +metadata: + name: "resource-limits-pod" +spec: + limits: + - type: "Pod" + max: + cpu: "600" + memory: "2Gi" + min: + cpu: "10m" + memory: "4Mi" + maxLimitRequestRatio: + cpu: "100" +--- +apiVersion: "v1" +kind: "LimitRange" +metadata: + name: "resource-limits-container" +spec: + limits: + - type: "Container" + max: + cpu: "300" + memory: "1Gi" + min: + cpu: "5m" + memory: "4Mi" + default: + cpu: "100m" + memory: "100Mi" + defaultRequest: + cpu: "100m" + memory: "100Mi" + maxLimitRequestRatio: + cpu: "300" diff --git a/5gcore/templates/scc-admin.yaml b/5gcore/templates/scc-admin.yaml new file mode 100644 index 0000000..08e3d60 --- /dev/null +++ b/5gcore/templates/scc-admin.yaml @@ -0,0 +1,19 @@ +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: scc-admin +allowPrivilegedContainer: true +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +fsGroup: + type: RunAsAny +supplementalGroups: + type: RunAsAny +users: +- system:serviceaccount:open5gcore:scc-admin-sa +- system:serviceaccount:open5gcore:default +- my-admin-user +groups: +- my-admin-group diff --git a/5gcore/templates/smf-configmap.yaml b/5gcore/templates/smf-configmap.yaml index 70c201e..76df87d 100644 --- a/5gcore/templates/smf-configmap.yaml +++ b/5gcore/templates/smf-configmap.yaml @@ -15,21 +15,20 @@ data: - addr: 0.0.0.0 advertise: open5gs-smf pfcp: - dev: {{ .Values.k8s.interface }} + dev: {{ .Values.k8s.interface }} gtpc: dev: {{ .Values.k8s.interface }} gtpu: - dev: {{ .Values.k8s.interface }} + dev: {{ .Values.k8s.tuninterface }} subnet: - addr: 10.45.0.1/16 dnn: {{ .Values.dnn }} dns: - 8.8.8.8 - - 8.8.4.4 mtu: 1400 nrf: - sbi: - name: open5gs-nrf + sbi: + name: open5gs-nrf upf: pfcp: - name: open5gs-upf diff --git a/5gcore/templates/smf-deploy.yaml b/5gcore/templates/smf-deploy.yaml index dec8a4a..8f7e3a4 100644 --- a/5gcore/templates/smf-deploy.yaml +++ b/5gcore/templates/smf-deploy.yaml @@ -19,20 +19,20 @@ metadata: labels: epc-mode: smf spec: - replicas: 1 selector: matchLabels: epc-mode: smf template: metadata: annotations: + openshift.io/required-scc: "scc-admin" sidecar.istio.io/inject: "true" labels: epc-mode: smf spec: containers: - name: smf - image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.tag }}" + image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.oldtag }}" imagePullPolicy: {{ .Values.open5gcore.image.pullPolicy }} command: ["/bin/sh", "-c"] args: @@ -44,4 +44,4 @@ spec: volumes: - name: open5gs-smf-config configMap: - name: open5gs-smf-config + name: open5gs-smf-config diff --git a/5gcore/templates/udm-configmap.yaml b/5gcore/templates/udm-configmap.yaml index e7a1750..af6d21a 100644 --- a/5gcore/templates/udm-configmap.yaml +++ b/5gcore/templates/udm-configmap.yaml @@ -13,5 +13,5 @@ data: - addr: 0.0.0.0 advertise: open5gs-udm nrf: - sbi: - name: open5gs-nrf + sbi: + name: open5gs-nrf diff --git a/5gcore/templates/udm-deploy.yaml b/5gcore/templates/udm-deploy.yaml index 0366f98..a6a8871 100644 --- a/5gcore/templates/udm-deploy.yaml +++ b/5gcore/templates/udm-deploy.yaml @@ -19,20 +19,21 @@ metadata: labels: epc-mode: udm spec: - replicas: 1 + #replicas: 1 selector: matchLabels: epc-mode: udm template: metadata: annotations: + openshift.io/required-scc: "scc-admin" sidecar.istio.io/inject: "true" labels: epc-mode: udm spec: containers: - name: udm - image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.tag }}" + image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.oldtag }}" imagePullPolicy: {{ .Values.open5gcore.image.pullPolicy }} command: ["open5gs-udmd", "-c", "/open5gs/config-map/udm.yaml"] volumeMounts: diff --git a/5gcore/templates/udr-configmap.yaml b/5gcore/templates/udr-configmap.yaml index 727deb7..b351b90 100644 --- a/5gcore/templates/udr-configmap.yaml +++ b/5gcore/templates/udr-configmap.yaml @@ -14,5 +14,5 @@ data: - addr: 0.0.0.0 advertise: open5gs-udr nrf: - sbi: - name: open5gs-nrf + sbi: + name: open5gs-nrf diff --git a/5gcore/templates/udr-deploy.yaml b/5gcore/templates/udr-deploy.yaml index 479c3b8..d644c87 100644 --- a/5gcore/templates/udr-deploy.yaml +++ b/5gcore/templates/udr-deploy.yaml @@ -19,22 +19,23 @@ metadata: labels: epc-mode: udr spec: - replicas: 1 + #replicas: 1 selector: matchLabels: epc-mode: udr template: metadata: annotations: + openshift.io/required-scc: "scc-admin" sidecar.istio.io/inject: "true" labels: epc-mode: udr spec: containers: - name: udr - image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.tag }}" + image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.oldtag }}" imagePullPolicy: {{ .Values.open5gcore.image.pullPolicy }} - command: ["open5gs-udrd", "-c", "/open5gs/config-map/udr.yaml"] + command: ["open5gs-udrd", "-d", "-c", "/open5gs/config-map/udr.yaml"] volumeMounts: - name: open5gs-udr-config mountPath: /open5gs/config-map/udr.yaml diff --git a/5gcore/templates/upf-configmap.yaml b/5gcore/templates/upf-configmap.yaml index 5769476..496c7c2 100644 --- a/5gcore/templates/upf-configmap.yaml +++ b/5gcore/templates/upf-configmap.yaml @@ -8,9 +8,9 @@ data: upf.yaml: | upf: pfcp: - dev: {{ .Values.k8s.interface }} + dev: {{ .Values.k8s.tuninterface }} gtpu: - dev: {{ .Values.k8s.interface }} + dev: {{ .Values.k8s.tuninterface }} subnet: - addr: 10.45.0.1/16 dnn: {{ .Values.dnn }} diff --git a/5gcore/templates/upf-deploy.yaml b/5gcore/templates/upf-deploy.yaml index 6773136..c3f55ef 100644 --- a/5gcore/templates/upf-deploy.yaml +++ b/5gcore/templates/upf-deploy.yaml @@ -11,7 +11,23 @@ spec: - protocol: UDP port: 8805 targetPort: 8805 ---- +--- +apiVersion: v1 +kind: Service +metadata: + name: open5gs-upf-np + labels: + epc-mode: upf +spec: + type: NodePort + selector: + epc-mode: upf + ports: + - protocol: UDP + port: 8805 + targetPort: 8805 + nodePort: {{ .Values.cnf.upf.nodeport }} +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -19,20 +35,20 @@ metadata: labels: epc-mode: upf spec: - replicas: 1 + #replicas: 1 selector: matchLabels: epc-mode: upf template: metadata: annotations: - sidecar.istio.io/inject: "true" + sidecar.istio.io/inject: "false" labels: epc-mode: upf spec: containers: - name: upf - image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.tag }}" + image: "{{ .Values.open5gcore.image.repository }}:{{ .Values.open5gcore.image.oldtag }}" imagePullPolicy: {{ .Values.open5gcore.image.pullPolicy }} securityContext: privileged: true @@ -43,8 +59,10 @@ spec: ip addr add 10.45.0.1/16 dev ogstun; sysctl -w net.ipv6.conf.all.disable_ipv6=1; ip link set ogstun up; - sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"; - iptables -t nat -A POSTROUTING -s 10.45.0.0/16 ! -o ogstun -j MASQUERADE; + ip link set dev ogstun mtu 1400; + sysctl -w net.ipv4.ip_forward=1; + iptables -A FORWARD -j ACCEPT; + iptables -t nat -A POSTROUTING -s 10.45.0.0/16 -o eth0 -j MASQUERADE; open5gs-upfd -c /open5gs/config-map/upf.yaml; volumeMounts: - name: open5gs-upf-config diff --git a/5gcore/templates/web-ui-deploy.yaml b/5gcore/templates/web-ui-deploy.yaml index 062b10d..e916309 100644 --- a/5gcore/templates/web-ui-deploy.yaml +++ b/5gcore/templates/web-ui-deploy.yaml @@ -1,33 +1,20 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway +kind: Route +apiVersion: route.openshift.io/v1 metadata: - name: open5gswebui-gateway -spec: - selector: - istio: ingressgateway # use Istio default gateway implementation - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "*" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: open5gswebui-ingress + name: open5gcoreweb + labels: + epc-mode: webui spec: - hosts: - - "*" - gateways: - - open5gswebui-gateway - http: - - route: - - destination: - host: open5gs-webui - port: - number: 80 + to: + kind: Service + name: open5gs-webui + weight: 100 + port: + targetPort: 3000 + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + wildcardPolicy: None --- apiVersion: v1 kind: Service @@ -38,7 +25,7 @@ metadata: spec: type: ClusterIP ports: - - port: 80 + - port: 8088 targetPort: 3000 selector: epc-mode: webui @@ -50,14 +37,12 @@ metadata: labels: epc-mode: webui spec: - replicas: 1 + #replicas: 1 selector: matchLabels: epc-mode: webui template: metadata: - annotations: - sidecar.istio.io/inject: "true" labels: epc-mode: webui spec: diff --git a/5gcore/values.yaml b/5gcore/values.yaml index bdc3521..56253a1 100644 --- a/5gcore/values.yaml +++ b/5gcore/values.yaml @@ -4,7 +4,8 @@ open5gcore: image: repository: docker.io/efatnar/open5gcore pullPolicy: IfNotPresent - tag: "v1.1" + tag: "v2.0" + oldtag: "v1.1" webui: image: @@ -20,4 +21,16 @@ amf: tac: 7 k8s: - interface: eth0 + interface: eth0 + tuninterface: ogstun + +cnf: + amf: + sctp: + nodeport: 30412 + port: 38412 + http: + nodeport: 30080 + port: 80 + upf: + nodeport: 30423 diff --git a/5gran/templates/5gran-deploy.yaml b/5gran/templates/5gran-deploy.yaml index 1536725..6533735 100644 --- a/5gran/templates/5gran-deploy.yaml +++ b/5gran/templates/5gran-deploy.yaml @@ -20,6 +20,8 @@ spec: - name: gnb imagePullPolicy: {{ .Values.ran.image.pullPolicy }} image: "{{ .Values.ran.image.repository }}:{{ .Values.ran.image.tag }}" + securityContext: + privileged: true command: ["/bin/sh","-c","./nr-gnb -c /open5gs/config-map/5gran-gnb-configmap.yaml"] volumeMounts: - name: 5gran-gnb-config @@ -40,7 +42,7 @@ spec: image: "{{ .Values.ran.image.repository }}:{{ .Values.ran.image.tag }}" securityContext: privileged: true - command: ["/bin/sh","-c","sh nr-binder 10.45.0.2 ping www.google.com"] + command: ["/bin/sh","-c","sh nr-binder $(ip addr show uesimtun0 | grep -Po 'inet \\K[\\d.]+') ping google.com"] volumes: - name: 5gran-gnb-config configMap: diff --git a/5gran/templates/5gran-gnb-configmap.bak b/5gran/templates/5gran-gnb-configmap.bak deleted file mode 100644 index b051bde..0000000 --- a/5gran/templates/5gran-gnb-configmap.bak +++ /dev/null @@ -1,24 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: 5gran-gnb-config -data: - 5gran-gnb-configmap.yaml: | - mcc: '208' # Mobile Country Code value - mnc: '93' # Mobile Network Code value (2 or 3 digits) - nci: '0x000000010' # NR Cell Identity (36-bit) - idLength: 32 # NR gNB ID length in bits [22...32] - tac: 7 # Tracking Area Code - linkIp: 0.0.0.0 - ngapIp: 0.0.0.0 - gtpIp: 0.0.0.0 - # List of AMF address information - amfConfigs: - - address: - port: 30412 - # List of supported S-NSSAIs by this gNB - slices: - - sst: 1 - sd: 1 - # Indicates whether or not SCTP stream number errors should be ignored. - ignoreStreamIds: true diff --git a/5gran/templates/5gran-gnb-configmap.yaml b/5gran/templates/5gran-gnb-configmap.yaml index f37a17d..2f6439a 100644 --- a/5gran/templates/5gran-gnb-configmap.yaml +++ b/5gran/templates/5gran-gnb-configmap.yaml @@ -6,12 +6,12 @@ data: 5gran-gnb-configmap.yaml: | mcc: '208' # Mobile Country Code value mnc: '93' # Mobile Network Code value (2 or 3 digits) - nci: '0x000000011' # NR Cell Identity (36-bit) + nci: '0x000000010' # NR Cell Identity (36-bit) idLength: 32 # NR gNB ID length in bits [22...32] tac: {{ .Values.ran.tac }} # Tracking Area Code - linkIp: 0.0.0.0 - ngapIp: 0.0.0.0 - gtpIp: 0.0.0.0 + linkIp: {{ .Values.ran.gtp.localaddress }} + ngapIp: {{ .Values.ran.gtp.localaddress }} + gtpIp: {{ .Values.ran.gtp.localaddress }} # List of AMF address information amfConfigs: - address: {{ .Values.ran.amf.address }} @@ -19,6 +19,5 @@ data: # List of supported S-NSSAIs by this gNB slices: - sst: 1 - sd: 1 # Indicates whether or not SCTP stream number errors should be ignored. ignoreStreamIds: true diff --git a/5gran/templates/5gran-ue-configmap.bak b/5gran/templates/5gran-ue-configmap.bak deleted file mode 100644 index 2911138..0000000 --- a/5gran/templates/5gran-ue-configmap.bak +++ /dev/null @@ -1,65 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: 5gran-ue-config -data: - 5gran-ue-configmap.yaml: | - # IMSI number of the UE. IMSI = [MCC|MNC|MSISDN] (In total 15 or 16 digits) - supi: 'imsi-208930000000001' - # Mobile Country Code value of HPLMN - mcc: '208' - # Mobile Network Code value of HPLMN (2 or 3 digits) - mnc: '93' - - # Permanent subscription key - key: '465B5CE8B199B49FAA5F0A2EE238A6BC' - # Operator code (OP or OPC) of the UE - op: 'E8ED289DEBA952E4283B54E88E6183CA' - # This value specifies the OP type and it can be either 'OP' or 'OPC' - opType: 'OPC' - # Authentication Management Field (AMF) value - amf: '8000' - # IMEI number of the device. It is used if no SUPI is provided - imei: '356938035643801' - # IMEISV number of the device. It is used if no SUPI and IMEI is provided - imeiSv: '4370816125816151' - - # List of gNB IP addresses for Radio Link Simulation - gnbSearchList: - - 0.0.0.0 - - # Initial PDU sessions to be established - sessions: - - type: 'IPv4' - apn: 'internet' - slice: - sst: 1 - sd: 1 - emergency: false - - # Configured NSSAI for this UE by HPLMN - configured-nssai: - - sst: 1 - sd: 1 - - # Default Configured NSSAI for this UE - default-nssai: - - sst: 1 - sd: 1 - - # Supported encryption algorithms by this UE - integrity: - IA1: true - IA2: true - IA3: true - - # Supported integrity algorithms by this UE - ciphering: - EA1: true - EA2: true - EA3: true - - # Integrity protection maximum data rate for user plane - integrityMaxRate: - uplink: 'full' - downlink: 'full' diff --git a/5gran/templates/5gran-ue-configmap.yaml b/5gran/templates/5gran-ue-configmap.yaml index c6e63b0..7046409 100644 --- a/5gran/templates/5gran-ue-configmap.yaml +++ b/5gran/templates/5gran-ue-configmap.yaml @@ -13,21 +13,35 @@ data: mnc: '93' # Permanent subscription key - key: '465B5CE8B199B49FAA5F0A2EE238A6BC' + key: '{{ .Values.ran.user.subscriptionKey }}' # Operator code (OP or OPC) of the UE - op: 'E8ED289DEBA952E4283B54E88E6183CA' + op: '{{ .Values.ran.user.opCode }}' # This value specifies the OP type and it can be either 'OP' or 'OPC' opType: 'OPC' # Authentication Management Field (AMF) value amf: '8000' # IMEI number of the device. It is used if no SUPI is provided - imei: '356938035643801' + imei: '{{ .Values.ran.user.imei }}' # IMEISV number of the device. It is used if no SUPI and IMEI is provided - imeiSv: '4370816125816151' + imeiSv: '{{ .Values.ran.user.imeiSv }}' # List of gNB IP addresses for Radio Link Simulation gnbSearchList: - - 0.0.0.0 + - {{ .Values.ran.gtp.localaddress }} + + # UAC Access Identities Configuration + uacAic: + mps: false + mcs: false + + # UAC Access Control Class + uacAcc: + normalClass: 0 + class11: false + class12: false + class13: false + class14: false + class15: false # Initial PDU sessions to be established sessions: @@ -35,19 +49,15 @@ data: apn: 'internet' slice: sst: 1 - sd: 1 - emergency: false - # Configured NSSAI for this UE by HPLMN + # Configured NSSAI for this UE by HPLMN configured-nssai: - sst: 1 - sd: 1 - + # Default Configured NSSAI for this UE default-nssai: - sst: 1 - sd: 1 - + # Supported encryption algorithms by this UE integrity: IA1: true diff --git a/5gran/values.yaml b/5gran/values.yaml index c42f1c1..4b407a3 100644 --- a/5gran/values.yaml +++ b/5gran/values.yaml @@ -3,10 +3,16 @@ ran: image: repository: docker.io/efatnar/ueransim pullPolicy: IfNotPresent - tag: "v1.5" + tag: "v2.0" amf: - address: 172.27.103.93 + address: 172.27.201.23 port: 30412 + gtp: + localaddress: 0.0.0.0 user: imsi: "imsi-208930000000001" + imei: "356938035643801" + imeiSv: "4370816125816151" + subscriptionKey: "465B5CE8B199B49FAA5F0A2EE238A6BC" + opCode: "E8ED289DEBA952E4283B54E88E6183CA" tac: 7 diff --git a/README.md b/README.md index c734158..dd84a5c 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ +# RELEASE CUT: Release-1.0 +>> This Release includes Open5g deployment on OCP with RH-OSSM with leveraging HPA for CNFs.
+>> This Release does not include Multus! Multus is part of the Main branch for development and verification. Once that effort reaches stability we will have Release 2.0 cut.
+ # 5G Core with RAN + UE simulator deployment on Red Hat Openshift with Service Mesh
Background:
@@ -24,7 +28,11 @@ oc get nodes ![alt text](https://raw.githubusercontent.com/fenar/cnvopen5gcore/main/pics/Open5GCoreServiceMesh2.png)
---- -(2) Provision user equipment (UE) imsi (see ueransim/ueransim-ue-configmap.yaml, defaul imsi is 208930000000001) to 5gcore so your ue registration (ie running ueransim ue mode) will be allowed. +(2) Provision user equipment (UE) imsi (see ueransim/ueransim-ue-configmap.yaml, defaul imsi is 208930000000001) to 5gcore so your ue registration (ie running ueransim ue mode) will be allowed.
+``` +username: admin +password: 1423 +``` ![alt text](https://raw.githubusercontent.com/fenar/cnvopen5gcore/main/pics/Open5GSWebUI.png)
---- diff --git a/docker/5gcore.dockerfile b/docker/5gcore.dockerfile index 34e1204..7c89f1d 100644 --- a/docker/5gcore.dockerfile +++ b/docker/5gcore.dockerfile @@ -1,15 +1,94 @@ -FROM ubuntu:focal +FROM ubuntu:jammy as efatnar_step -MAINTAINER Fatih Nar +ENV DEBIAN_FRONTEND=noninteractive +ENV LD_LIBRARY_PATH=/open5gs/install/lib/x86_64-linux-gnu -ENV DEBIAN_FRONTEND noninteractive +# Install updates and dependencies +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + python3-pip \ + python3-setuptools \ + python3-wheel \ + ninja-build \ + build-essential \ + flex \ + bison \ + git \ + libsctp-dev \ + libgnutls28-dev \ + libgcrypt-dev \ + libssl-dev \ + libidn11-dev \ + libmongoc-dev \ + libbson-dev \ + libyaml-dev \ + meson \ + mongodb \ + curl \ + gnupg \ + ca-certificates \ + libmicrohttpd-dev \ + libcurl4-gnutls-dev \ + libnghttp2-dev \ + libtins-dev \ + libidn11-dev \ + libtalloc-dev + +RUN curl -fsSL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs + +# Get open5gs code and install +RUN git clone --recursive https://github.com/open5gs/open5gs && cd open5gs && \ + git checkout main && meson build --prefix=`pwd`/install && \ + ninja -C build && cd build && ninja install && \ + mkdir -p /open5gs/install/include + +# Building WebUI of open5gs +RUN cd open5gs/webui && npm ci --no-optional + +# Build final image +FROM ubuntu:jammy + +ENV DEBIAN_FRONTEND=noninteractive +ENV LD_LIBRARY_PATH=/open5gs/install/lib/x86_64-linux-gnu RUN apt-get update && \ - apt-get -yq dist-upgrade && \ - apt-get --no-install-recommends -qqy install python3-pip python3-setuptools python3-wheel ninja-build build-essential flex bison git libsctp-dev libgnutls28-dev libgcrypt-dev libssl-dev \ - libidn11-dev libmongoc-dev libbson-dev libyaml-dev libmicrohttpd-dev libcurl4-gnutls-dev meson iproute2 libnghttp2-dev \ - iptables iputils-ping tcpdump cmake curl gnupg meson && \ - git clone --recursive -b v2.2.2 https://github.com/open5gs/open5gs && \ - cd open5gs && meson build --prefix=/ && ninja -C build && cd build && ninja install - -WORKDIR / + apt-get install -y --no-install-recommends \ + curl \ + ca-certificates \ + libssl-dev \ + libyaml-dev \ + libmicrohttpd-dev \ + libmongoc-dev \ + libsctp-dev \ + libcurl4-gnutls-dev \ + libtins-dev \ + libidn11-dev \ + libtalloc-dev \ + netbase \ + ifupdown \ + net-tools \ + iputils-ping \ + python3-setuptools \ + python3-wheel \ + python3-pip \ + iptables && \ + apt-get autoremove -y && apt-get autoclean + +RUN pip3 install click + +RUN curl -fsSL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs && \ + apt-get remove -y curl && apt-get autoremove -y && apt-get autoclean + +RUN update-ca-certificates + +COPY --from=efatnar_step /open5gs/install/bin /open5gs/install/bin +COPY --from=efatnar_step /open5gs/install/etc /open5gs/install/etc +COPY --from=efatnar_step /open5gs/install/include /open5gs/install/include +COPY --from=efatnar_step /open5gs/install/lib /open5gs/install/lib +COPY --from=efatnar_step /open5gs/webui /open5gs/webui + +# Set the working directory to open5gs +WORKDIR open5gs + +COPY open5gs_init.sh / +CMD /open5gs_init.sh diff --git a/docker/ueransim.dockerfile b/docker/ueransim.dockerfile index 1e1a6ef..48e24b4 100644 --- a/docker/ueransim.dockerfile +++ b/docker/ueransim.dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:focal +FROM ubuntu:jammy MAINTAINER Fatih Nar @@ -8,7 +8,7 @@ USER root RUN apt-get update && \ apt-get -yq dist-upgrade && \ - apt-get install iputils-ping dnsutils && \ + apt-get install -y iputils-ping dnsutils && \ apt-get --no-install-recommends -qqy install make g++ libsctp-dev lksctp-tools iproute2 python3-pip && \ mkdir UERANSIM diff --git a/enablesctp.yaml b/enablesctp.yaml index ddca52e..b84f310 100644 --- a/enablesctp.yaml +++ b/enablesctp.yaml @@ -1,23 +1,23 @@ +# Ref: https://docs.openshift.com/container-platform/4.9/networking/using-sctp.html apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: + name: load-sctp-module labels: - # for 3 node cluster change role to ; master machineconfiguration.openshift.io/role: worker - name: sctpmodule spec: config: ignition: - version: 3.1.0 + version: 3.2.0 storage: files: - - contents: - source: data:, - mode: 420 + - path: /etc/modprobe.d/sctp-blacklist.conf + mode: 0644 overwrite: true - path: /etc/modprobe.d/sctp-blacklist.conf - - contents: - source: data:text/plain;charset=utf-8,sctp - mode: 420 + contents: + source: data:, + - path: /etc/modules-load.d/sctp-load.conf + mode: 0644 overwrite: true - path: /etc/modules-load.d/sctp-load.conf + contents: + source: data:,sctp diff --git a/k8s-deployment-stress.yaml b/k8s-deployment-stress.yaml new file mode 100644 index 0000000..6264d04 --- /dev/null +++ b/k8s-deployment-stress.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: stress-test + namespace: stress-test +spec: + replicas: 10 + selector: + matchLabels: + app: stress-test + template: + metadata: + labels: + app: stress-test + spec: + containers: + - name: stress-test + image: efatnar/stress-test + command: ["/usr/bin/stress", + "--verbose", + "-c", + "2", + "--vm", + "2", + "--vm-bytes", + "512M"]