initial sdcore-helm-charts update
Change-Id: I91788de083b0f906ce4b32ac226f616fb2647ef9
diff --git a/omec-control-plane/.gitignore b/omec-control-plane/.gitignore
new file mode 100644
index 0000000..894f7fe
--- /dev/null
+++ b/omec-control-plane/.gitignore
@@ -0,0 +1,5 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+charts/
diff --git a/omec-control-plane/.helmignore b/omec-control-plane/.helmignore
new file mode 100644
index 0000000..0d5155a
--- /dev/null
+++ b/omec-control-plane/.helmignore
@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/omec-control-plane/Chart.yaml b/omec-control-plane/Chart.yaml
new file mode 100644
index 0000000..f1aa0b3
--- /dev/null
+++ b/omec-control-plane/Chart.yaml
@@ -0,0 +1,13 @@
+---
+# Copyright 2018 Intel Corporation
+# Copyright 2018-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+apiVersion: v1
+description: OMEC control plane services
+name: omec-control-plane
+icon: https://guide.opencord.org/logos/cord.svg
+
+version: 0.7.14
diff --git a/omec-control-plane/requirements.yaml b/omec-control-plane/requirements.yaml
new file mode 100644
index 0000000..49146fd
--- /dev/null
+++ b/omec-control-plane/requirements.yaml
@@ -0,0 +1,9 @@
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+dependencies:
+ - name: cassandra
+ version: 0.13.1
+ repository: https://charts.helm.sh/incubator
+ condition: cassandra.deploy
diff --git a/omec-control-plane/templates/NOTES.txt b/omec-control-plane/templates/NOTES.txt
new file mode 100644
index 0000000..78c519b
--- /dev/null
+++ b/omec-control-plane/templates/NOTES.txt
@@ -0,0 +1,21 @@
+{{- /*
+
+# Copyright 2018 Intel Corporation
+# Copyright 2018-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+*/ -}}
+
+This is the instruction to configure your eNodeB to work with ONF M-CORD. You can find architecture illustration in assets/mcord-architecture.png.
+
+1. Configure eNodeB with the correct MME information.
+ export MMEIP=[node IP]
+ export MMEPORT="36412"
+
+ You can change MMEPORT by overriding "Values.config.mme.s1ap.sctp_port_external".
+
+2. Make sure UE's SIM card information is configured in hss.yaml.
+
+3. Attach UE to OMEC.
diff --git a/omec-control-plane/templates/_helpers.tpl b/omec-control-plane/templates/_helpers.tpl
new file mode 100644
index 0000000..be7fc5f
--- /dev/null
+++ b/omec-control-plane/templates/_helpers.tpl
@@ -0,0 +1,133 @@
+{{- /*
+
+# Copyright 2018 Intel Corporation
+# Copyright 2018-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+*/ -}}
+
+{{/*
+Renders a set of standardised labels
+*/}}
+{{- define "omec-control-plane.metadata_labels" -}}
+{{- $application := index . 0 -}}
+{{- $context := index . 1 -}}
+release: {{ $context.Release.Name }}
+app: {{ $application }}
+{{- end -}}
+
+{{/*
+Render the given template.
+*/}}
+{{- define "omec-control-plane.template" -}}
+{{- $name := index . 0 -}}
+{{- $context := index . 1 -}}
+{{- $last := base $context.Template.Name }}
+{{- $wtf := $context.Template.Name | replace $last $name -}}
+{{ include $wtf $context }}
+{{- end -}}
+
+{{/*
+Return domain name for Diameter identity, realm, and hostname for a given application.
+*/}}
+{{- define "omec-control-plane.diameter_endpoint" -}}
+{{- $service := index . 0 -}}
+{{- $type := index . 1 -}}
+{{- $context := index . 2 -}}
+{{- if eq $type "identity" -}}
+{{- printf "%s.%s.svc.%s" $service $context.Release.Namespace $context.Values.config.clusterDomain -}}
+{{- else if eq $type "realm" -}}
+{{- printf "%s.svc.%s" $context.Release.Namespace $context.Values.config.clusterDomain -}}
+{{- else if eq $type "host" -}}
+{{- printf "%s" $service -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Render ServiceAccount, Role, and RoleBinding required for kubernetes-entrypoint.
+*/}}
+{{- define "omec-control-plane.service_account" -}}
+{{- $context := index . 1 -}}
+{{- $saName := index . 0 -}}
+{{- $saNamespace := $context.Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ $saName }}
+ namespace: {{ $saNamespace }}
+ labels:
+{{ tuple $saName $context | include "omec-control-plane.metadata_labels" | indent 4 }}
+---
+{{- if semverCompare ">=1.16-0" $context.Capabilities.KubeVersion.GitVersion }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+ name: {{ $saName }}
+ namespace: {{ $saNamespace }}
+ labels:
+{{ tuple $saName $context | include "omec-control-plane.metadata_labels" | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $saName }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $saName }}
+ namespace: {{ $saNamespace }}
+---
+{{- if semverCompare ">=1.16-0" $context.Capabilities.KubeVersion.GitVersion }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: Role
+metadata:
+ name: {{ $saName }}
+ namespace: {{ $saNamespace }}
+ labels:
+{{ tuple $saName $context | include "omec-control-plane.metadata_labels" | indent 4 }}
+rules:
+ - apiGroups:
+ - ""
+ - extensions
+ - batch
+ - apps
+ verbs:
+ - get
+ - list
+ - patch
+ resources:
+ - statefulsets
+ - daemonsets
+ - jobs
+ - pods
+ - services
+ - endpoints
+ - configmaps
+{{- end -}}
+
+{{/*
+Render init container for coredump.
+*/}}
+{{- define "omec-control-plane.coredump_init" -}}
+{{- $pod := index . 0 -}}
+{{- $context := index . 1 -}}
+- name: {{ $pod }}-coredump-init
+ image: {{ $context.Values.images.tags.init | quote }}
+ imagePullPolicy: {{ $context.Values.images.pullPolicy }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ command: ["sh", "-xc"]
+ args:
+ - echo '/tmp/coredump/core.%h.%e.%t' > /mnt/host-rootfs/proc/sys/kernel/core_pattern
+ volumeMounts:
+ - name: host-rootfs
+ mountPath: /mnt/host-rootfs
+{{- end -}}
diff --git a/omec-control-plane/templates/bin/_config4g-run.sh.tpl b/omec-control-plane/templates/bin/_config4g-run.sh.tpl
new file mode 100644
index 0000000..b568195
--- /dev/null
+++ b/omec-control-plane/templates/bin/_config4g-run.sh.tpl
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# Copyright 2020-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -xe
+
+{{- if .Values.config.coreDump.enabled }}
+cp /free5gc/webconsole/webconsole /tmp/coredump/
+{{- end }}
+
+cd /free5gc
+
+cat config/webuicfg.conf
+
+./webconsole/webconsole -webuicfg config/webuicfg.conf
diff --git a/omec-control-plane/templates/bin/_hss-bootstrap.sh.tpl b/omec-control-plane/templates/bin/_hss-bootstrap.sh.tpl
new file mode 100644
index 0000000..b6d8fda
--- /dev/null
+++ b/omec-control-plane/templates/bin/_hss-bootstrap.sh.tpl
@@ -0,0 +1,132 @@
+#!/bin/bash
+
+# Copyright 2018 Intel Corporation
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -ex
+
+function provision_users() {
+ count=${1}
+ imsi=${2}
+ msisdn=${3}
+ apn=${4}
+ key=${5}
+ opc=${6}
+ sqn=${7}
+ cassandra_ip=${8}
+ mmeidentity=${9}
+ mmerealm=${10}
+
+ for (( i=1; i<=$count; i++ ))
+ do
+ echo "IMSI=$imsi MSISDN=$msisdn"
+ cqlsh $cassandra_ip -e "INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, opc, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data, supported_features) VALUES ('$imsi', $msisdn, 41, '$key', '$opc','$mmeidentity', 3, '$mmerealm', '2683b376d1056746de3b254012908e0e', $sqn, '{\"Subscription-Data\":{\"Access-Restriction-Data\":41,\"Subscriber-Status\":0,\"Network-Access-Mode\":2,\"Regional-Subscription-Zone-Code\":[\"0x0123\",\"0x4567\",\"0x89AB\",\"0xCDEF\",\"0x1234\",\"0x5678\",\"0x9ABC\",\"0xDEF0\",\"0x2345\",\"0x6789\"],\"MSISDN\":\"0x$msisdn\",\"AMBR\":{\"Max-Requested-Bandwidth-UL\":50000000,\"Max-Requested-Bandwidth-DL\":100000000},\"APN-Configuration-Profile\":{\"Context-Identifier\":0,\"All-APN-Configurations-Included-Indicator\":0,\"APN-Configuration\":{\"Context-Identifier\":0,\"PDN-Type\":0,\"Served-Party-IP-Address\":[\"0.0.0.0\"],\"Service-Selection\":\"$apn\",\"EPS-Subscribed-QoS-Profile\":{\"QoS-Class-Identifier\":9,\"Allocation-Retention-Priority\":{\"Priority-Level\":15,\"Pre-emption-Capability\":0,\"Pre-emption-Vulnerability\":0}},\"AMBR\":{\"Max-Requested-Bandwidth-UL\":50000000,\"Max-Requested-Bandwidth-DL\":100000000},\"PDN-GW-Allocation-Type\":0,\"MIP6-Agent-Info\":{\"MIP-Home-Agent-Address\":[\"172.26.17.183\"]}}},\"Subscribed-Periodic-RAU-TAU-Timer\":0}}', '{\"Supported-Features\":{\"Vendor-Id\": 10415, \"Feature-List-ID\": 2, \"Feature-List\": 134217728}}');"
+
+ if [ $? -ne 0 ];then
+ echo -e "oops! Something went wrong adding $imsi to vhss.users_imsi!\n"
+ exit 1
+ fi
+
+ cqlsh $cassandra_ip -e "INSERT INTO vhss.msisdn_imsi (msisdn, imsi) VALUES ($msisdn, '$imsi');"
+ if [ $? -ne 0 ];then
+ echo -e "oops! Something went wrong adding $imsi to vhss.msisdn_imsi!\n"
+ exit 1
+ fi
+
+ echo -e "Added $imsi\n"
+
+ imsi=`expr $imsi + 1`;
+ msisdn=`expr $msisdn + 1`
+ done
+}
+
+function provision_staticusers() {
+ imsi=${1}
+ msisdn=${2}
+ apn=${3}
+ key=${4}
+ opc=${5}
+ sqn=${6}
+ cassandra_ip=${7}
+ mmeidentity=${8}
+ mmerealm=${9}
+ staticAddr=${10}
+
+ echo "IMSI=$imsi MSISDN=$msisdn"
+ cqlsh $cassandra_ip -e "INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, opc, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data, supported_features) VALUES ('$imsi', $msisdn, 41, '$key', '$opc','$mmeidentity', 3, '$mmerealm', '2683b376d1056746de3b254012908e0e', $sqn, '{\"Subscription-Data\":{\"Access-Restriction-Data\":41,\"Subscriber-Status\":0,\"Network-Access-Mode\":2,\"Regional-Subscription-Zone-Code\":[\"0x0123\",\"0x4567\",\"0x89AB\",\"0xCDEF\",\"0x1234\",\"0x5678\",\"0x9ABC\",\"0xDEF0\",\"0x2345\",\"0x6789\"],\"MSISDN\":\"0x$msisdn\",\"AMBR\":{\"Max-Requested-Bandwidth-UL\":50000000,\"Max-Requested-Bandwidth-DL\":100000000},\"APN-Configuration-Profile\":{\"Context-Identifier\":0,\"All-APN-Configurations-Included-Indicator\":0,\"APN-Configuration\":{\"Context-Identifier\":0,\"PDN-Type\":0,\"Served-Party-IP-Address\":[\"$staticAddr\"],\"Service-Selection\":\"$apn\",\"EPS-Subscribed-QoS-Profile\":{\"QoS-Class-Identifier\":9,\"Allocation-Retention-Priority\":{\"Priority-Level\":15,\"Pre-emption-Capability\":0,\"Pre-emption-Vulnerability\":0}},\"AMBR\":{\"Max-Requested-Bandwidth-UL\":50000000,\"Max-Requested-Bandwidth-DL\":100000000},\"PDN-GW-Allocation-Type\":0,\"MIP6-Agent-Info\":{\"MIP-Home-Agent-Address\":[\"172.26.17.183\"]}}},\"Subscribed-Periodic-RAU-TAU-Timer\":0}}', '{\"Supported-Features\":{\"Vendor-Id\": 10415, \"Feature-List-ID\": 2, \"Feature-List\": 134217728}}');"
+
+ cqlsh $cassandra_ip -e "INSERT INTO vhss.msisdn_imsi (msisdn, imsi) VALUES ($msisdn, '$imsi');"
+ echo -e "Added $imsi\n"
+}
+
+function provision_mme() {
+ id=$1
+ isdn=$2
+ host=$3
+ realm=$4
+ uereachability=$5
+ cassandra_ip=$6
+
+ cqlsh $cassandra_ip -e "INSERT INTO vhss.mmeidentity (idmmeidentity, mmeisdn, mmehost, mmerealm, ue_reachability) VALUES ($id, '$isdn', '$host', '$realm', $uereachability);"
+ if [ $? -ne 0 ];then
+ echo -e "oops! Something went wrong adding to vhss.mmeidentity!\n"
+ exit 1
+ fi
+
+ cqlsh $cassandra_ip -e "INSERT INTO vhss.mmeidentity_host (idmmeidentity, mmeisdn, mmehost, mmerealm, ue_reachability) VALUES ($id, '$isdn', '$host', '$realm', $uereachability);"
+ if [ $? -ne 0 ];then
+ echo -e "oops! Something went wrong adding to vhss.mmeidentity_host!\n"
+ exit 1
+ fi
+
+ echo -e "Added mme $id\n"
+}
+
+until cqlsh --file /opt/c3po/hssdb/oai_db.cql {{ .Values.config.hss.hssdb }};
+ do echo "Provisioning HSSDB";
+ sleep 2;
+done
+
+{{- if .Values.config.hss.bootstrap.enabled }}
+{{- range .Values.config.hss.bootstrap.users }}
+provision_users \
+ {{ .count }} \
+ {{ .imsiStart }} \
+ {{ .msisdnStart }} \
+ {{ .apn }} \
+ {{ .key }} \
+ {{ .opc }} \
+ {{ .sqn }} \
+ {{ $.Values.config.hss.hssdb }} \
+ {{ .mme_identity }} \
+ {{ .mme_realm }}
+{{- end }}
+
+{{- range .Values.config.hss.bootstrap.staticusers }}
+provision_staticusers \
+ {{ .imsi }} \
+ {{ .msisdn }} \
+ {{ .apn }} \
+ {{ .key }} \
+ {{ .opc }} \
+ {{ .sqn }} \
+ {{ $.Values.config.hss.hssdb }} \
+ {{ .mme_identity }} \
+ {{ .mme_realm }} \
+ {{ .staticAddr }}
+{{- end }}
+
+{{- range .Values.config.hss.bootstrap.mmes }}
+provision_mme \
+ {{ .id }} \
+ {{ .isdn }} \
+ {{ .mme_identity }} \
+ {{ .mme_realm }} \
+ {{ .unreachability }} \
+ {{ $.Values.config.hss.hssdb }}
+{{- end }}
+{{- end }}
+
diff --git a/omec-control-plane/templates/bin/_hss-run.sh.tpl b/omec-control-plane/templates/bin/_hss-run.sh.tpl
new file mode 100644
index 0000000..6f2d8e9
--- /dev/null
+++ b/omec-control-plane/templates/bin/_hss-run.sh.tpl
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -ex
+
+{{- if .Values.config.coreDump.enabled }}
+cp /bin/hss /tmp/coredump/
+{{- end }}
+
+CONF_DIR="/opt/c3po/hss/conf"
+LOGS_DIR="/opt/c3po/hss/logs"
+mkdir -p $CONF_DIR $LOGS_DIR
+
+cp /etc/hss/conf/{acl.conf,hss.json,hss.conf,oss.json} $CONF_DIR
+cat $CONF_DIR/{hss.json,hss.conf}
+
+cd $CONF_DIR
+make_certs.sh {{ tuple "hss" "host" . | include "omec-control-plane.diameter_endpoint" }} {{ tuple "hss" "realm" . | include "omec-control-plane.diameter_endpoint" }}
+
+cd ..
+hss -j $CONF_DIR/hss.json
diff --git a/omec-control-plane/templates/bin/_mme-init.sh.tpl b/omec-control-plane/templates/bin/_mme-init.sh.tpl
new file mode 100644
index 0000000..256da0d
--- /dev/null
+++ b/omec-control-plane/templates/bin/_mme-init.sh.tpl
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -ex
+
+cp /opt/mme/config/config.json /opt/mme/config/shared/config.json
+cd /opt/mme/config/shared
+
+# Set local IP address for s1ap and s11 networks to the config
+jq --arg MME_LOCAL_IP "$POD_IP" '.mme.ip_addr=$MME_LOCAL_IP' config.json > config.tmp && mv config.tmp config.json
+jq --arg MME_LOCAL_IP "$POD_IP" '.s1ap.s1ap_local_addr=$MME_LOCAL_IP' config.json > config.tmp && mv config.tmp config.json
+jq --arg MME_LOCAL_IP "$POD_IP" '.s11.egtp_local_addr=$MME_LOCAL_IP' config.json > config.tmp && mv config.tmp config.json
+
+# Set SPGWC address to the config
+# We need to convert service domain name to actual IP address
+# because mme apps does not take domain address - should be fixed in openmme
+SPGWC_ADDR=$(dig +short +search {{ .Values.config.mme.spgwAddr }})
+jq --arg SPGWC_ADDR "$SPGWC_ADDR" '.s11.sgw_addr //= $SPGWC_ADDR' config.json > config.tmp && mv config.tmp config.json
+jq --arg SPGWC_ADDR "$SPGWC_ADDR" '.s11.pgw_addr //= $SPGWC_ADDR' config.json > config.tmp && mv config.tmp config.json
+
+# Add additional redundant keys - should be fixed in openmme
+HSS_TYPE=$(jq -r '.s6a.host_type' config.json)
+HSS_HOST=$(jq -r '.s6a.host' config.json)
+jq --arg HSS_TYPE "$HSS_TYPE" '.s6a.hss_type=$HSS_TYPE' config.json > config.tmp && mv config.tmp config.json
+jq --arg HSS_HOST "$HSS_HOST" '.s6a.host_name=$HSS_HOST' config.json > config.tmp && mv config.tmp config.json
+
+# Copy the final configs for each applications
+cp /opt/mme/config/shared/config.json /opt/mme/config/shared/mme.json
+cp /opt/mme/config/shared/config.json /opt/mme/config/shared/s11.json
+cp /opt/mme/config/shared/config.json /opt/mme/config/shared/s1ap.json
+cp /opt/mme/config/shared/config.json /opt/mme/config/shared/s6a.json
+cp /opt/mme/config/s6a_fd.conf /opt/mme/config/shared/s6a_fd.conf
+
+#This multiple copies of config needs some cleanup. For now I want
+#that after running mme_init config to be present in the target directory
+cp /opt/mme/config/shared/* /openmme/target/conf/
+
+# Generate certs
+MME_IDENTITY={{ tuple "mme" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+DIAMETER_HOST=$(echo $MME_IDENTITY | cut -d'.' -f1)
+DIAMETER_REALM={{ tuple "mme" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+
+cp /openmme/target/conf/make_certs.sh /opt/mme/config/shared/make_certs.sh
+cd /opt/mme/config/shared
+./make_certs.sh $DIAMETER_HOST $DIAMETER_REALM
diff --git a/omec-control-plane/templates/bin/_mme-run.sh.tpl b/omec-control-plane/templates/bin/_mme-run.sh.tpl
new file mode 100644
index 0000000..c739aa6
--- /dev/null
+++ b/omec-control-plane/templates/bin/_mme-run.sh.tpl
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+APPLICATION=$1
+
+{{- if .Values.config.coreDump.enabled }}
+cp /openmme/target/bin/$APPLICATION /tmp/coredump/
+{{- end }}
+
+# copy config files to openmme target directly
+cp /opt/mme/config/shared/* /openmme/target/conf/
+
+cd /openmme/target
+export LD_LIBRARY_PATH=/usr/local/lib:./lib
+
+case $APPLICATION in
+ "mme-app")
+ echo "Starting mme-app"
+ echo "conf/mme.json"
+ cat conf/mme.json
+ ./bin/mme-app
+ ;;
+ "s1ap-app")
+ echo "Starting s1ap-app"
+ echo "conf/s1ap.json"
+ cat conf/s1ap.json
+ ./bin/s1ap-app
+ ;;
+ "s6a-app")
+ echo "Starting s6a-app"
+ echo "conf/s6a.json"
+ cat conf/s6a.json
+ echo "conf/s6a_fd.conf"
+ cat conf/s6a_fd.conf
+ ./bin/s6a-app
+ ;;
+ "s11-app")
+ echo "Starting s11-app"
+ echo "conf/s11.json"
+ cat conf/s11.json
+ ./bin/s11-app
+ ;;
+ *)
+ echo "invalid app $APPLICATION"
+ ;;
+esac
diff --git a/omec-control-plane/templates/bin/_pcrf-bootstrap.sh.tpl b/omec-control-plane/templates/bin/_pcrf-bootstrap.sh.tpl
new file mode 100644
index 0000000..4afc210
--- /dev/null
+++ b/omec-control-plane/templates/bin/_pcrf-bootstrap.sh.tpl
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Copyright 2020-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -ex
+
+until cqlsh --file /opt/c3po/pcrfdb/pcrf_cassandra.cql {{ .Values.config.pcrf.pcrfdb }};
+ do echo "Provisioning PCRFDB";
+ sleep 2;
+done
+
diff --git a/omec-control-plane/templates/bin/_pcrf-run.sh.tpl b/omec-control-plane/templates/bin/_pcrf-run.sh.tpl
new file mode 100644
index 0000000..7be50a6
--- /dev/null
+++ b/omec-control-plane/templates/bin/_pcrf-run.sh.tpl
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Copyright 2020-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -ex
+
+{{- if .Values.config.coreDump.enabled }}
+cp /bin/pcrf /tmp/coredump/
+{{- end }}
+
+CONF_DIR="/opt/c3po/pcrf/conf"
+LOGS_DIR="/opt/c3po/pcrf/logs"
+#TODO - Need to remove logs directory
+mkdir -p $CONF_DIR $LOGS_DIR
+
+cp /etc/pcrf/conf/{acl.conf,pcrf.json,pcrf.conf,oss.json,subscriber_mapping.json} $CONF_DIR
+cat $CONF_DIR/{pcrf.json,pcrf.conf}
+
+cd $CONF_DIR
+make_certs.sh {{ tuple "pcrf" "host" . | include "omec-control-plane.diameter_endpoint" }} {{ tuple "pcrf" "realm" . | include "omec-control-plane.diameter_endpoint" }}
+
+cd ..
+pcrf -j $CONF_DIR/pcrf.json
diff --git a/omec-control-plane/templates/bin/_spgwc-init.sh.tpl b/omec-control-plane/templates/bin/_spgwc-init.sh.tpl
new file mode 100644
index 0000000..82ca533
--- /dev/null
+++ b/omec-control-plane/templates/bin/_spgwc-init.sh.tpl
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# Copyright 2021-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+while ! curl -f --connect-timeout 5 http://spgwc:8080/startup
+do
+ echo Waiting for SPGWC to be ready
+ sleep 5
+done
+echo SPGWC is ready
+
+echo Posting to sync URL {{ .Values.config.spgwc.managedByRoc.syncUrl }}
+while ! curl --connect-timeout 5 -f -X POST {{ .Values.config.spgwc.managedByRoc.syncUrl }}
+do
+ echo Failed posting to sync URL
+ sleep 5
+done
+echo
+
+echo Sleeping forever
+while true
+do
+ sleep 86400
+done
\ No newline at end of file
diff --git a/omec-control-plane/templates/bin/_spgwc-run.sh.tpl b/omec-control-plane/templates/bin/_spgwc-run.sh.tpl
new file mode 100644
index 0000000..fd1096d
--- /dev/null
+++ b/omec-control-plane/templates/bin/_spgwc-run.sh.tpl
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+APPLICATION=$1
+set -xe
+
+mkdir -p /opt/cp/config
+cd /opt/cp/config
+cp /etc/cp/config/{*.json,*.conf} .
+
+case $APPLICATION in
+ "ngic_controlplane")
+ echo "Starting ngic controlplane app"
+ cat /opt/cp/config/cp.json
+ cat /opt/cp/config/subscriber_mapping.json
+ {{- if .Values.config.coreDump.enabled }}
+ cp /bin/ngic_controlplane /tmp/coredump/
+ {{- end }}
+
+ ngic_controlplane -f /etc/cp/config/
+ ;;
+
+ "gx-app")
+ echo "Starting gx-app"
+ SPGWC_IDENTITY={{ tuple "spgwc" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+ DIAMETER_HOST=$(echo $SPGWC_IDENTITY| cut -d'.' -f1)
+ DIAMETER_REALM={{ tuple "spgwc" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+ chmod +x /bin/make_certs.sh
+ cp /bin/make_certs.sh /opt/cp/config
+ /bin/make_certs.sh $DIAMETER_HOST $DIAMETER_REALM
+ {{- if .Values.config.coreDump.enabled }}
+ cp /bin/gx_app /tmp/coredump/
+ {{- end }}
+ cd /opt/cp/
+ gx_app
+ ;;
+
+ *)
+ echo "invalid app $APPLICATION"
+ ;;
+esac
diff --git a/omec-control-plane/templates/configmap-config4g.yaml b/omec-control-plane/templates/configmap-config4g.yaml
new file mode 100644
index 0000000..7a0b722
--- /dev/null
+++ b/omec-control-plane/templates/configmap-config4g.yaml
@@ -0,0 +1,40 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.config4g.deploy }}
+
+{{- if not .Values.config.useExistingConfigMap -}}
+{{- $config4gcfg := index .Values.config.config4g.cfgFiles "webuicfg.conf" }}
+{{- $config := index $config4gcfg "configuration" }}
+
+{{- if not (hasKey $config4gcfg "logger") -}}
+{{- $_ := .Values.config.logger | set $config4gcfg "logger" -}}
+{{- end }}
+
+{{- if not (hasKey $config "managedByConfigPod") -}}
+{{- $_ := .Values.config.managedByConfigPod | set $config "managedByConfigPod" -}}
+{{- end }}
+
+
+{{- end }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config4g
+ labels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+ config4g-run.sh: |
+{{ tuple "bin/_config4g-run.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+{{- if not .Values.config.useExistingConfigMap -}}
+{{- range $key, $value := .Values.config.config4g.cfgFiles }}
+ {{ $key }}: |-
+{{ toYaml $value | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/configmap-hss.yaml b/omec-control-plane/templates/configmap-hss.yaml
new file mode 100644
index 0000000..029a8b6
--- /dev/null
+++ b/omec-control-plane/templates/configmap-hss.yaml
@@ -0,0 +1,117 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Default values for mcord-vepc-helm.
+This is a YAML-formatted file.
+Declare variables to be passed into your templates.
+*/}}
+
+{{- if .Values.config.hss.deploy }}
+{{- if not .Values.config.useExistingConfigMap }}
+{{- $hssJson := index .Values.config.hss.cfgFiles "hss.json" }}
+{{- $hssJsonCommon := index $hssJson "common" }}
+{{- $hssJsonHss := index $hssJson "hss" }}
+
+{{- $_ := .Values.config.hss.prometheus.port | set $hssJsonCommon "prom_port" -}}
+{{- if not (hasKey $hssJsonCommon "originhost") -}}
+{{- $_ := tuple "hss" "identity" . | include "omec-control-plane.diameter_endpoint" | set $hssJsonCommon "originhost" -}}
+{{- end }}
+{{- if not (hasKey $hssJsonCommon "originrealm") -}}
+{{- $_ := tuple "hss" "realm" . | include "omec-control-plane.diameter_endpoint" | set $hssJsonCommon "originrealm" -}}
+{{- end }}
+{{- if not (hasKey $hssJsonHss "casssrv") -}}
+{{- $_ := .Values.cassandra.fullnameOverride | set $hssJsonHss "casssrv" -}}
+{{- end }}
+{{- if not (hasKey $hssJsonHss "restport") -}}
+{{- $_ := .Values.config.hss.configPort.port | set $hssJsonHss "restport" -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: hss-configs
+ labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+ acl.conf: |
+ {{- if hasKey .Values.config.hss.acl "oldTls" }}
+ ALLOW_OLD_TLS {{ .Values.config.hss.acl.oldTls }}
+ {{- end }}
+ {{- if hasKey .Values.config.hss.acl "ipSec" }}
+ ALLOW_IPSEC {{ .Values.config.hss.acl.ipSec }}
+ {{- end }}
+ hss.conf: |
+ Identity = {{ tuple "hss" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+ Realm = {{ tuple "hss" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+ TLS_Cred = "/opt/c3po/hss/conf/{{ tuple "hss" "host" . | include "omec-control-plane.diameter_endpoint" }}.cert.pem",
+ "/opt/c3po/hss/conf/{{ tuple "hss" "host" . | include "omec-control-plane.diameter_endpoint" }}.key.pem";
+ TLS_CA = "/opt/c3po/hss/conf/cacert.pem";
+ No_SCTP;
+ Prefer_TCP;
+ No_IPv6;
+ SCTP_streams = 3;
+ NoRelay;
+ AppServThreads = 4;
+ Port = 3868;
+ SecPort = 5868;
+ LoadExtension = "/usr/local/lib/freeDiameter/acl_wl.fdx" : "/opt/c3po/hss/conf/acl.conf";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6as6d.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6t.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6c.fdx";
+{{- range $key, $value := .Values.config.hss.cfgFiles }}
+ {{ $key }}: |-
+{{ toPrettyJson $value | indent 4 }}
+{{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: hss-scripts
+ labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+ hss-run.sh: |
+{{ tuple "bin/_hss-run.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+ hss-bootstrap.sh: |
+{{ tuple "bin/_hss-bootstrap.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+{{- end }}
diff --git a/omec-control-plane/templates/configmap-mme.yaml b/omec-control-plane/templates/configmap-mme.yaml
new file mode 100644
index 0000000..f45f6ed
--- /dev/null
+++ b/omec-control-plane/templates/configmap-mme.yaml
@@ -0,0 +1,102 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.mme.deploy }}
+{{- if not .Values.config.useExistingConfigMap }}
+{{- $configJson := index .Values.config.mme.cfgFiles "config.json" }}
+{{- $configJsonMme := index $configJson "mme" }}
+{{- $configJsonS6a := index $configJson "s6a" }}
+
+{{- $_ := .Values.config.mme.prometheus.port | set $configJsonMme "prom_port" -}}
+{{- if not (hasKey $configJsonS6a "host") -}}
+{{- $_ := tuple "hss" "identity" . | include "omec-control-plane.diameter_endpoint" | set $configJsonS6a "host" -}}
+{{- end }}
+{{- if not (hasKey $configJsonS6a "realm") -}}
+{{- $_ := tuple "hss" "realm" . | include "omec-control-plane.diameter_endpoint" | set $configJsonS6a "realm" -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: mme-configs
+ labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+ s6a_fd.conf: |
+ Identity = {{ tuple "mme" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+ Realm = {{ tuple "mme" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+ TLS_Cred = "conf/{{ tuple "mme" "host" . | include "omec-control-plane.diameter_endpoint" }}.cert.pem",
+ "conf/{{ tuple "mme" "host" . | include "omec-control-plane.diameter_endpoint" }}.key.pem";
+ TLS_CA = "conf/cacert.pem";
+ AppServThreads = 40;
+ SCTP_streams = 3;
+ NoRelay;
+ No_IPv6;
+ #Port = 3868;
+ #SecPort = 3869;
+
+ ConnectPeer = {{ tuple "hss" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }} { No_TLS; port = 3868; };
+
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6as6d.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6c.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6t.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_SGd.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_T6aT6bT7.fdx";
+{{- range $key, $value := .Values.config.mme.cfgFiles }}
+ {{ $key }}: |-
+{{ toPrettyJson $value | indent 4 }}
+{{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: mme-scripts
+ labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+ mme-init.sh: |
+{{ tuple "bin/_mme-init.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+ mme-run.sh: |
+{{ tuple "bin/_mme-run.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+{{- end }}
diff --git a/omec-control-plane/templates/configmap-pcrf.yaml b/omec-control-plane/templates/configmap-pcrf.yaml
new file mode 100644
index 0000000..d5ad7cc
--- /dev/null
+++ b/omec-control-plane/templates/configmap-pcrf.yaml
@@ -0,0 +1,120 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Default values for mcord-vepc-helm.
+This is a YAML-formatted file.
+Declare variables to be passed into your templates.
+*/}}
+
+{{- if .Values.config.pcrf.deploy }}
+{{- if not .Values.config.useExistingConfigMap }}
+{{- $pcrfJson := index .Values.config.pcrf.cfgFiles "pcrf.json" }}
+{{- $pcrfJsonCommon := index $pcrfJson "common" }}
+{{- $pcrfJsonHss := index $pcrfJson "pcrf" }}
+
+{{- $_ := .Values.config.pcrf.prometheus.port | set $pcrfJsonCommon "prom_port" -}}
+{{- if not (hasKey $pcrfJsonCommon "originhost") -}}
+{{- $_ := tuple "pcrf" "identity" . | include "omec-control-plane.diameter_endpoint" | set $pcrfJsonCommon "originhost" -}}
+{{- end }}
+{{- if not (hasKey $pcrfJsonCommon "originrealm") -}}
+{{- $_ := tuple "pcrf" "realm" . | include "omec-control-plane.diameter_endpoint" | set $pcrfJsonCommon "originrealm" -}}
+{{- end }}
+{{- if not (hasKey $pcrfJsonHss "casssrv") -}}
+{{- $_ := .Values.cassandra.fullnameOverride | set $pcrfJsonHss "casssrv" -}}
+{{- end }}
+{{- if not (hasKey $pcrfJsonHss "restport") -}}
+{{- $_ := .Values.config.pcrf.configPort.port | set $pcrfJsonHss "restport" -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: pcrf-configs
+ labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+ acl.conf: |
+ {{- if hasKey .Values.config.pcrf.acl "oldTls" }}
+ ALLOW_OLD_TLS {{ .Values.config.pcrf.acl.oldTls }}
+ {{- end }}
+ {{- if hasKey .Values.config.pcrf.acl "ipSec" }}
+ ALLOW_IPSEC {{ .Values.config.pcrf.acl.ipSec }}
+ {{- end }}
+ pcrf.conf: |
+ Identity = {{ tuple "pcrf" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+ Realm = {{ tuple "pcrf" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+ TLS_Cred = "/opt/c3po/pcrf/conf/{{ tuple "pcrf" "host" . | include "omec-control-plane.diameter_endpoint" }}.cert.pem",
+ "/opt/c3po/pcrf/conf/{{ tuple "pcrf" "host" . | include "omec-control-plane.diameter_endpoint" }}.key.pem";
+ TLS_CA = "/opt/c3po/pcrf/conf/cacert.pem";
+ No_SCTP;
+ Prefer_TCP;
+ No_IPv6;
+ SCTP_streams = 3;
+ NoRelay;
+ AppServThreads = 4;
+ Port = 3868;
+ SecPort = 5868;
+ LoadExtension = "/usr/local/lib/freeDiameter/acl_wl.fdx" : "/opt/c3po/pcrf/conf/acl.conf";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_CreditControl.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_Gx.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_NAS.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_Rx.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_Sd.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_St.fdx";
+{{- range $key, $value := .Values.config.pcrf.cfgFiles }}
+ {{ $key }}: |-
+{{ toPrettyJson $value | indent 4 }}
+{{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: pcrf-scripts
+ labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+ pcrf-run.sh: |
+{{ tuple "bin/_pcrf-run.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+ pcrf-bootstrap.sh: |
+{{ tuple "bin/_pcrf-bootstrap.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+{{- end }}
diff --git a/omec-control-plane/templates/configmap-spgwc.yaml b/omec-control-plane/templates/configmap-spgwc.yaml
new file mode 100644
index 0000000..6616998
--- /dev/null
+++ b/omec-control-plane/templates/configmap-spgwc.yaml
@@ -0,0 +1,112 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.spgwc.deploy }}
+{{- if not .Values.config.useExistingConfigMap }}
+{{- $cpJson := index .Values.config.spgwc.cfgFiles "cp.json" }}
+{{- $global := index $cpJson "global" }}
+{{- $configJson := index .Values.config.spgwc.cfgFiles "config.json" }}
+{{- $configJsonSpgwc := index $configJson "spgwc" }}
+{{- $configJsonGx := index $configJson "gx" }}
+
+{{- if not (hasKey $configJsonGx "host") -}}
+{{- $_ := tuple "pcrf" "identity" . | include "omec-control-plane.diameter_endpoint" | set $configJsonGx "host" -}}
+{{- end }}
+{{- if not (hasKey $configJsonGx "realm") -}}
+{{- $_ := tuple "pcrf" "realm" . | include "omec-control-plane.diameter_endpoint" | set $configJsonGx "realm" -}}
+{{- end }}
+{{- if not (hasKey $global "httpPort") -}}
+{{- $_ := .Values.config.spgwc.rest.port | set $global "httpPort" -}}
+{{- end }}
+{{- if not (hasKey $global "pfcpPort") -}}
+{{- $_ := .Values.config.spgwc.n4.port | set $global "pfcpPort" -}}
+{{- end }}
+{{- if not (hasKey $global "s11Port") -}}
+{{- $_ := .Values.config.spgwc.s11.port | set $global "s11Port" -}}
+{{- end }}
+{{- if not (hasKey $global "prometheusPort") -}}
+{{- $_ := .Values.config.spgwc.prometheus.port | set $global "prometheusPort" -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: spgwc-configs
+ labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+ gx.conf: |
+ Identity = {{ tuple "spgwc" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+ Realm = {{ tuple "spgwc" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+ TLS_Cred = "config/{{ tuple "spgwc" "host" . | include "omec-control-plane.diameter_endpoint" }}.cert.pem",
+ "config/{{ tuple "spgwc" "host" . | include "omec-control-plane.diameter_endpoint" }}.key.pem";
+ TLS_CA = "config/cacert.pem";
+ AppServThreads = 40;
+ SCTP_streams = 3;
+ NoRelay;
+ No_IPv6;
+ #Port = 3868;
+ #SecPort = 3869;
+
+ ConnectPeer = {{ tuple "pcrf" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }} { No_TLS; port = 3868; };
+
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_CreditControl.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_Gx.fdx";
+{{- range $key, $value := .Values.config.spgwc.cfgFiles }}
+ {{ $key }}: |-
+{{ toPrettyJson $value | indent 4 }}
+{{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: spgwc-scripts
+ labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+ spgwc-run.sh: |
+{{ tuple "bin/_spgwc-run.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+ spgwc-init.sh: |
+{{ tuple "bin/_spgwc-init.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+{{- end }}
diff --git a/omec-control-plane/templates/service-config4g.yaml b/omec-control-plane/templates/service-config4g.yaml
new file mode 100644
index 0000000..ab01c6c
--- /dev/null
+++ b/omec-control-plane/templates/service-config4g.yaml
@@ -0,0 +1,52 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.config4g.deploy }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: config4g
+ labels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ type: ClusterIP
+ selector:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ ports:
+ - name: prometheus-exporter
+ port: {{ .Values.config.config4g.prometheus.port }}
+ protocol: TCP
+ - name: urlport-http
+ port: {{ .Values.config.config4g.urlport.port }}
+ protocol: TCP
+{{- if or .Values.config.config4g.urlport.nodePort.enabled .Values.config.config4g.prometheus.nodePort.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: config4g-external
+ labels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ type: NodePort
+ selector:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ ports:
+{{- if .Values.config.config4g.prometheus.nodePort.enabled }}
+ - name: prometheus-exporter
+ port: {{ .Values.config.config4g.prometheus.port }}
+ protocol: TCP
+ nodePort: {{ .Values.config.config4g.prometheus.nodePort.port }}
+{{- end }}
+{{- if .Values.config.config4g.urlport.nodePort.enabled }}
+ - name: urlport-http
+ port: {{ .Values.config.config4g.urlport.port }}
+ protocol: TCP
+ nodePort: {{ .Values.config.config4g.urlport.nodePort.port }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/service-hss.yaml b/omec-control-plane/templates/service-hss.yaml
new file mode 100644
index 0000000..371b363
--- /dev/null
+++ b/omec-control-plane/templates/service-hss.yaml
@@ -0,0 +1,76 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.hss.deploy }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: hss
+ labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ selector:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ ports:
+ - name: s6a
+ port: 3868
+ protocol: TCP
+ - name: config-port
+ port: {{ .Values.config.hss.configPort.port }}
+ protocol: TCP
+ - name: prometheus-exporter
+ port: {{ .Values.config.hss.prometheus.port }}
+ protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: hss-headless
+ labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ selector:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ clusterIP: None
+ ports:
+ - name: s6a
+ port: 3868
+ protocol: TCP
+ - name: config-port
+ port: {{ .Values.config.hss.configPort.port }}
+ protocol: TCP
+{{- if or .Values.config.hss.s6a.nodePort.enabled .Values.config.hss.configPort.nodePort.enabled}}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: hss-external
+ labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ selector:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ type: NodePort
+ ports:
+ {{- if .Values.config.hss.prometheus.nodePort.enabled }}
+ - name: prometheus-exporter
+ port: {{ .Values.config.hss.prometheus.port }}
+ protocol: TCP
+ nodePort: {{ .Values.config.hss.prometheus.nodePort.port }}
+ {{- end }}
+ - name: s6a
+ port: 3868
+ protocol: TCP
+ nodePort: {{ .Values.config.hss.s6a.nodePort.port }}
+ {{- if .Values.config.hss.configPort.nodePort.enabled }}
+ - name: config-port
+ port: {{ .Values.config.hss.configPort.port }}
+ protocol: TCP
+ nodePort: {{ .Values.config.hss.configPort.nodePort.port }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/service-mme.yaml b/omec-control-plane/templates/service-mme.yaml
new file mode 100644
index 0000000..8ae95b9
--- /dev/null
+++ b/omec-control-plane/templates/service-mme.yaml
@@ -0,0 +1,96 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.mme.deploy }}
+{{- $configJson := index .Values.config.mme.cfgFiles "config.json" }}
+{{- $configJsonS11 := index $configJson "s11" }}
+{{- $configJsonS1ap := index $configJson "s1ap" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: mme
+ labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ selector:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ type: ClusterIP
+ ports:
+ - name: s11
+ port: {{ index $configJsonS11 "egtp_default_port" }}
+ protocol: UDP
+ - name: s6a
+ port: 3868
+ protocol: TCP
+ - name: s1ap
+ port: {{ index $configJsonS1ap "sctp_port" }}
+ protocol: SCTP
+ - name: prometheus-exporter
+ port: {{ .Values.config.mme.prometheus.port }}
+ protocol: TCP
+ - name: mme-app-config
+ port: 8080
+ protocol: TCP
+ - name: mme-s1ap-config
+ port: 8081
+ protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: mme-headless
+ labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ selector:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ clusterIP: None
+ ports:
+ - name: s11
+ port: {{ index $configJsonS11 "egtp_default_port" }}
+ protocol: UDP
+ - name: s6a
+ port: 3868
+ protocol: TCP
+ - name: s1ap
+ port: {{ index $configJsonS1ap "sctp_port" }}
+ protocol: SCTP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: mme-external
+ labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ selector:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ type: NodePort
+ ports:
+ {{- if .Values.config.mme.prometheus.nodePort.enabled }}
+ - name: prometheus-exporter
+ port: {{ .Values.config.mme.prometheus.port }}
+ protocol: TCP
+ nodePort: {{ .Values.config.mme.prometheus.nodePort.port }}
+ {{- end }}
+ {{- if .Values.config.mme.s11.nodePort.enabled }}
+ - name: s11
+ port: {{ index $configJsonS11 "egtp_default_port" }}
+ protocol: UDP
+ nodePort: {{ .Values.config.mme.s11.nodePort.port }}
+ {{- end }}
+ {{- if .Values.config.mme.s6a.nodePort.enabled }}
+ - name: s6a
+ port: 3868
+ protocol: TCP
+ nodePort: {{ .Values.config.mme.s6a.nodePort.port }}
+ {{- end }}
+ - name: s1ap
+ port: {{ index $configJsonS1ap "sctp_port" }}
+ nodePort: {{ index $configJsonS1ap "sctp_port_external" }}
+ protocol: SCTP
+{{- end }}
diff --git a/omec-control-plane/templates/service-pcrf.yaml b/omec-control-plane/templates/service-pcrf.yaml
new file mode 100644
index 0000000..116f930
--- /dev/null
+++ b/omec-control-plane/templates/service-pcrf.yaml
@@ -0,0 +1,81 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.pcrf.deploy }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: pcrf
+ labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ selector:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ ports:
+ - name: gx
+ port: 3868
+ protocol: TCP
+ - name: prometheus-exporter
+ port: {{ .Values.config.pcrf.prometheus.port }}
+ protocol: TCP
+ - name: config-port
+ port: {{ .Values.config.pcrf.configPort.port }}
+ protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: pcrf-headless
+ labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ selector:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ clusterIP: None
+ ports:
+ - name: gx
+ port: 3868
+ protocol: TCP
+ - name: prometheus-exporter
+ port: {{ .Values.config.pcrf.prometheus.port }}
+ protocol: TCP
+ - name: config-port
+ port: {{ .Values.config.pcrf.configPort.port }}
+ protocol: TCP
+{{- if or (.Values.config.pcrf.prometheus.nodePort.enabled) (.Values.config.pcrf.gx.nodePort.enabled) }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: pcrf-external
+ labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ selector:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ type: NodePort
+ ports:
+ {{- if .Values.config.pcrf.prometheus.nodePort.enabled }}
+ - name: prometheus-exporter
+ port: {{ .Values.config.pcrf.prometheus.port }}
+ protocol: TCP
+ nodePort: {{ .Values.config.pcrf.prometheus.nodePort.port }}
+ {{- end }}
+ {{- if .Values.config.pcrf.gx.nodePort.enabled }}
+ - name: gx
+ port: 3868
+ protocol: TCP
+ nodePort: {{ .Values.config.pcrf.gx.nodePort.port }}
+ {{- end }}
+ {{- if .Values.config.pcrf.configPort.nodePort.enabled }}
+ - name: config-port
+ port: {{ .Values.config.pcrf.configPort.port }}
+ protocol: TCP
+ nodePort: {{ .Values.config.pcrf.configPort.nodePort.port }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/service-spgwc.yaml b/omec-control-plane/templates/service-spgwc.yaml
new file mode 100644
index 0000000..c97689a
--- /dev/null
+++ b/omec-control-plane/templates/service-spgwc.yaml
@@ -0,0 +1,81 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.spgwc.deploy }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: spgwc
+ labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ type: ClusterIP
+ selector:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ ports:
+ - name: s11
+ port: {{ .Values.config.spgwc.s11.port }}
+ protocol: UDP
+ - name: pfcp
+ port: {{ .Values.config.spgwc.n4.port }}
+ protocol: UDP
+ - name: prometheus-exporter
+ port: {{ .Values.config.spgwc.prometheus.port }}
+ protocol: TCP
+ - name: rest
+ port: {{ .Values.config.spgwc.rest.port }}
+ protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: spgwc-headless
+ labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ clusterIP: None
+ selector:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+{{- if or .Values.config.spgwc.s11.nodePort.enabled .Values.config.spgwc.n4.nodePort.enabled .Values.config.spgwc.prometheus.nodePort.enabled .Values.config.spgwc.rest.nodePort.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: spgwc-external
+ labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ type: NodePort
+ selector:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+ ports:
+{{- if .Values.config.spgwc.s11.nodePort.enabled }}
+ - name: s11
+ port: {{ .Values.config.spgwc.s11.port }}
+ protocol: UDP
+ nodePort: {{ .Values.config.spgwc.s11.nodePort.port }}
+{{- end }}
+{{- if .Values.config.spgwc.n4.nodePort.enabled }}
+ - name: pfcp
+ port: {{ .Values.config.spgwc.n4.port }}
+ protocol: UDP
+ nodePort: {{ .Values.config.spgwc.n4.nodePort.port }}
+{{- end }}
+{{- if .Values.config.spgwc.prometheus.nodePort.enabled }}
+ - name: prometheus-exporter
+ port: {{ .Values.config.spgwc.prometheus.port }}
+ protocol: TCP
+ nodePort: {{ .Values.config.spgwc.prometheus.nodePort.port }}
+{{- end }}
+{{- if .Values.config.spgwc.rest.nodePort.enabled }}
+ - name: rest
+ port: {{ .Values.config.spgwc.rest.port }}
+ protocol: TCP
+ nodePort: {{ .Values.config.spgwc.rest.nodePort.port }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/statefulset-config4g.yaml b/omec-control-plane/templates/statefulset-config4g.yaml
new file mode 100644
index 0000000..2a20980
--- /dev/null
+++ b/omec-control-plane/templates/statefulset-config4g.yaml
@@ -0,0 +1,85 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.config4g.deploy }}
+{{ tuple "config4g" . | include "omec-control-plane.service_account" }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: config4g
+ labels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ replicas: 1
+ serviceName: config4g-headless
+ selector:
+ matchLabels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 6 }}
+ template:
+ metadata:
+ labels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 8 }}
+ {{- with .Values.config.config4g.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: config4g
+ {{- if hasKey .Values.images "pullSecrets" }}
+ imagePullSecrets:
+{{ toYaml .Values.images.pullSecrets | indent 8 }}
+ {{- end }}
+ containers:
+ - name: config-4g
+ image: {{ .Values.images.tags.config4g }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ {{- if .Values.config.coreDump.enabled }}
+ securityContext:
+ runAsUser: 0
+ {{- end }}
+ stdin: true
+ tty: true
+ command: ["/free5gc/script/config4g-run.sh"]
+ env:
+ - name: CONFIGPOD_DEPLOYMENT
+ value: "4G"
+ {{- if .Values.config.managedByConfigPod.enabled }}
+ - name: MANAGED_BY_CONFIG_POD
+ value: "true"
+ {{- end }}
+ {{- if .Values.resources.enabled }}
+ resources:
+{{ toYaml .Values.resources.config4g | indent 10 }}
+ {{- end }}
+ volumeMounts:
+ - name: run-script
+ mountPath: /free5gc/script/config4g-run.sh
+ subPath: config4g-run.sh
+ - name: nf-config
+ mountPath: /free5gc/config
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ mountPath: /tmp/coredump
+ {{- end }}
+ volumes:
+ - name: run-script
+ configMap:
+ name: config4g
+ defaultMode: 493
+ - name: nf-config
+ configMap:
+ name: config4g
+ defaultMode: 493
+ {{- if .Values.config.coreDump.enabled }}
+ - name: host-rootfs
+ hostPath:
+ path: /
+ - name: coredump
+ hostPath:
+ path: {{ .Values.config.coreDump.path }}
+ {{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/statefulset-hss.yaml b/omec-control-plane/templates/statefulset-hss.yaml
new file mode 100644
index 0000000..a69b4ac
--- /dev/null
+++ b/omec-control-plane/templates/statefulset-hss.yaml
@@ -0,0 +1,97 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Default values for mcord-vepc-helm.
+This is a YAML-formatted file.
+Declare variables to be passed into your templates.
+*/}}
+
+{{- if .Values.config.hss.deploy }}
+{{ tuple "hss" . | include "omec-control-plane.service_account" }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: hss
+ labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ replicas: 1
+ serviceName: hss-headless
+ selector:
+ matchLabels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 6 }}
+ template:
+ metadata:
+ labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 8 }}
+ {{- with .Values.config.hss.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.nodeSelectors.enabled }}
+ nodeSelector:
+ {{ .Values.nodeSelectors.hss.label }}: {{ .Values.nodeSelectors.hss.value }}
+ {{- end }}
+ serviceAccountName: hss
+ {{- if hasKey .Values.images "pullSecrets" }}
+ imagePullSecrets:
+{{ toYaml .Values.images.pullSecrets | indent 8 }}
+ {{- end }}
+ initContainers:
+ - name: hss-bootstrap
+ image: {{ .Values.images.tags.hssdb }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ command: ["/opt/c3po/hss/scripts/hss-bootstrap.sh"]
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/c3po/hss/scripts
+ {{- if .Values.config.coreDump.enabled }}
+{{ tuple "hss" . | include "omec-control-plane.coredump_init" | indent 6 }}
+ {{- end }}
+ containers:
+ - name: hss
+ image: {{ .Values.images.tags.hss }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ {{- if .Values.config.coreDump.enabled }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ stdin: true
+ tty: true
+ command: ["bash", "-c", "/opt/c3po/hss/scripts/hss-run.sh; sleep 3600"]
+ {{- if .Values.resources.enabled }}
+ resources:
+{{ toYaml .Values.resources.hss | indent 10 }}
+ {{- end }}
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/c3po/hss/scripts
+ - name: configs
+ mountPath: /etc/hss/conf
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ mountPath: /tmp/coredump
+ {{- end }}
+ volumes:
+ - name: scripts
+ configMap:
+ name: hss-scripts
+ defaultMode: 493
+ - name: configs
+ configMap:
+ name: hss-configs
+ defaultMode: 420
+ {{- if .Values.config.coreDump.enabled }}
+ - name: host-rootfs
+ hostPath:
+ path: /
+ - name: coredump
+ hostPath:
+ path: {{ .Values.config.coreDump.path }}
+ {{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/statefulset-mme.yaml b/omec-control-plane/templates/statefulset-mme.yaml
new file mode 100644
index 0000000..d690bb5
--- /dev/null
+++ b/omec-control-plane/templates/statefulset-mme.yaml
@@ -0,0 +1,269 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.mme.deploy }}
+{{ tuple "mme" . | include "omec-control-plane.service_account" }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: mme
+ labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ replicas: 1
+ serviceName: mme-headless
+ selector:
+ matchLabels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 6 }}
+ template:
+ metadata:
+ labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 8 }}
+ {{- with .Values.config.mme.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.nodeSelectors.enabled }}
+ nodeSelector:
+ {{ .Values.nodeSelectors.mme.label }}: {{ .Values.nodeSelectors.mme.value }}
+ {{- end }}
+ serviceAccountName: mme
+ {{- if hasKey .Values.images "pullSecrets" }}
+ imagePullSecrets:
+{{ toYaml .Values.images.pullSecrets | indent 8 }}
+ {{- end }}
+ initContainers:
+ - name: mme-load-sctp-module
+ image: {{ .Values.images.tags.init | quote }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ command: ["sh", "-xc"]
+ args:
+ - |
+ if chroot /mnt/host-rootfs modinfo nf_conntrack_proto_sctp > /dev/null 2>&1; then \
+ chroot /mnt/host-rootfs modprobe nf_conntrack_proto_sctp; \
+ fi;
+ chroot /mnt/host-rootfs modprobe tipc
+ volumeMounts:
+ - name: host-rootfs
+ mountPath: /mnt/host-rootfs
+ {{- if .Values.config.hss.deploy }}
+ - name: mme-dep-check
+ image: {{ .Values.images.tags.depCheck | quote }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: false
+ runAsUser: 0
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.name
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: PATH
+ value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/
+ - name: COMMAND
+ value: "echo done"
+ - name: DEPENDENCY_POD_JSON
+ value: '[{"labels": {"app": "hss"}, "requireSameNode": false}]'
+ # add dependency job for make_certs.sh
+ command:
+ - kubernetes-entrypoint
+ volumeMounts:
+ []
+ {{- end }}
+ - name: mme-init
+ image: {{ .Values.images.tags.mme | quote }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ command: ["/opt/mme/scripts/mme-init.sh"]
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/mme/scripts
+ - name: configs
+ mountPath: /opt/mme/config
+ - name: shared-data
+ mountPath: /opt/mme/config/shared
+ {{- if .Values.config.coreDump.enabled }}
+{{ tuple "mme" . | include "omec-control-plane.coredump_init" | indent 6 }}
+ {{- end }}
+ containers:
+ - name: mme-app
+ image: {{ .Values.images.tags.mme | quote }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ {{- if .Values.config.coreDump.enabled }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ command: ["bash", "-xc"]
+ args:
+ - /opt/mme/scripts/mme-run.sh mme-app
+ {{- if .Values.resources.enabled }}
+ resources:
+{{ toYaml .Values.resources.mme | indent 10 }}
+ {{- end }}
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: MMERUNENV
+ value: "container"
+ {{- if .Values.config.managedByConfigPod.enabled }}
+ - name: MANAGED_BY_CONFIG_POD
+ value: "true"
+ {{- end }}
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/mme/scripts
+ - name: shared-data
+ mountPath: /opt/mme/config/shared
+ - name: shared-app
+ mountPath: /tmp
+ - name: configs
+ mountPath: /opt/mme/config
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ mountPath: /tmp/coredump
+ {{- end }}
+ - name: s1ap-app
+ image: {{ .Values.images.tags.mme | quote }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ {{- if .Values.config.coreDump.enabled }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ command: ["bash", "-xc"]
+ args:
+ - /opt/mme/scripts/mme-run.sh s1ap-app
+ {{- if .Values.resources.enabled }}
+ resources:
+{{ toYaml .Values.resources.mme | indent 10 }}
+ {{- end }}
+ env:
+ - name: MMERUNENV
+ value: "container"
+ {{- if .Values.config.managedByConfigPod.enabled }}
+ - name: MANAGED_BY_CONFIG_POD
+ value: "true"
+ {{- end }}
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/mme/scripts
+ - name: shared-data
+ mountPath: /opt/mme/config/shared
+ - name: shared-app
+ mountPath: /tmp
+ - name: configs
+ mountPath: /opt/mme/config
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ mountPath: /tmp/coredump
+ {{- end }}
+ - name: s6a-app
+ image: {{ .Values.images.tags.mme | quote }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ {{- if .Values.config.coreDump.enabled }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ command: ["bash", "-xc"]
+ args:
+ - /opt/mme/scripts/mme-run.sh s6a-app
+ {{- if .Values.resources.enabled }}
+ resources:
+{{ toYaml .Values.resources.mme | indent 10 }}
+ {{- end }}
+ env:
+ - name: MMERUNENV
+ value: "container"
+ {{- if .Values.config.managedByConfigPod.enabled }}
+ - name: MANAGED_BY_CONFIG_POD
+ value: "true"
+ {{- end }}
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/mme/scripts
+ - name: shared-data
+ mountPath: /opt/mme/config/shared
+ - name: shared-app
+ mountPath: /tmp
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ mountPath: /tmp/coredump
+ {{- end }}
+ - name: s11-app
+ image: {{ .Values.images.tags.mme | quote }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ {{- if .Values.config.coreDump.enabled }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ command: ["bash", "-xc"]
+ args:
+ - /opt/mme/scripts/mme-run.sh s11-app
+ {{- if .Values.resources.enabled }}
+ resources:
+{{ toYaml .Values.resources.mme | indent 10 }}
+ {{- end }}
+ env:
+ - name: MMERUNENV
+ value: "container"
+ {{- if .Values.config.managedByConfigPod.enabled }}
+ - name: MANAGED_BY_CONFIG_POD
+ value: "true"
+ {{- end }}
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/mme/scripts
+ - name: shared-data
+ mountPath: /opt/mme/config/shared
+ - name: shared-app
+ mountPath: /tmp
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ mountPath: /tmp/coredump
+ {{- end }}
+ volumes:
+ - name: scripts
+ configMap:
+ name: mme-scripts
+ defaultMode: 493
+ - name: configs
+ configMap:
+ name: mme-configs
+ defaultMode: 420
+ - name: shared-data
+ emptyDir: {}
+ - name: shared-app
+ emptyDir: {}
+ - name: host-rootfs
+ hostPath:
+ path: /
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ hostPath:
+ path: {{ .Values.config.coreDump.path }}
+ {{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/statefulset-pcrf.yaml b/omec-control-plane/templates/statefulset-pcrf.yaml
new file mode 100644
index 0000000..a7eb327
--- /dev/null
+++ b/omec-control-plane/templates/statefulset-pcrf.yaml
@@ -0,0 +1,93 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Default values for mcord-vepc-helm.
+This is a YAML-formatted file.
+Declare variables to be passed into your templates.
+*/}}
+
+{{- if .Values.config.pcrf.deploy }}
+{{ tuple "pcrf" . | include "omec-control-plane.service_account" }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: pcrf
+ labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ replicas: 1
+ serviceName: pcrf-headless
+ selector:
+ matchLabels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 6 }}
+ template:
+ metadata:
+ labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 8 }}
+ spec:
+ {{- if .Values.nodeSelectors.enabled }}
+ nodeSelector:
+ {{ .Values.nodeSelectors.pcrf.label }}: {{ .Values.nodeSelectors.pcrf.value }}
+ {{- end }}
+ {{- if hasKey .Values.images "pullSecrets" }}
+ imagePullSecrets:
+{{ toYaml .Values.images.pullSecrets | indent 8 }}
+ {{- end }}
+ serviceAccountName: pcrf
+ initContainers:
+ - name: pcrf-bootstrap
+ image: {{ .Values.images.tags.pcrfdb }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ command: ["/opt/c3po/pcrf/pcrf-bootstrap.sh"]
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/c3po/pcrf
+ {{- if .Values.config.coreDump.enabled }}
+{{ tuple "pcrf" . | include "omec-control-plane.coredump_init" | indent 6 }}
+ {{- end }}
+ containers:
+ - name: pcrf
+ image: {{ .Values.images.tags.pcrf }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ {{- if .Values.config.coreDump.enabled }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ stdin: true
+ tty: true
+ command: ["bash", "-c", "/opt/c3po/pcrf/scripts/pcrf-run.sh"]
+ {{- if .Values.resources.enabled }}
+ resources:
+{{ toYaml .Values.resources.pcrf | indent 10 }}
+ {{- end }}
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/c3po/pcrf/scripts
+ - name: configs
+ mountPath: /etc/pcrf/conf
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ mountPath: /tmp/coredump
+ {{- end }}
+ volumes:
+ - name: scripts
+ configMap:
+ name: pcrf-scripts
+ defaultMode: 493
+ - name: configs
+ configMap:
+ name: pcrf-configs
+ defaultMode: 420
+ {{- if .Values.config.coreDump.enabled }}
+ - name: host-rootfs
+ hostPath:
+ path: /
+ - name: coredump
+ hostPath:
+ path: {{ .Values.config.coreDump.path }}
+ {{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/statefulset-spgwc.yaml b/omec-control-plane/templates/statefulset-spgwc.yaml
new file mode 100644
index 0000000..7d9d943
--- /dev/null
+++ b/omec-control-plane/templates/statefulset-spgwc.yaml
@@ -0,0 +1,178 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.spgwc.deploy }}
+{{ tuple "spgwc" . | include "omec-control-plane.service_account" }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: spgwc
+ labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+ replicas: 1
+ serviceName: spgwc-headless
+ selector:
+ matchLabels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 6 }}
+ template:
+ metadata:
+ labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 8 }}
+ {{- with .Values.config.spgwc.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.nodeSelectors.enabled }}
+ nodeSelector:
+ {{ .Values.nodeSelectors.spgwc.label }}: {{ .Values.nodeSelectors.spgwc.value }}
+ {{- end }}
+ serviceAccountName: spgwc
+ {{- if hasKey .Values.images "pullSecrets" }}
+ imagePullSecrets:
+{{ toYaml .Values.images.pullSecrets | indent 8 }}
+ {{- end }}
+ {{- if .Values.config.coreDump.enabled }}
+ initContainers:
+{{ tuple "spgwc" . | include "omec-control-plane.coredump_init" | indent 6 }}
+ {{- end }}
+ containers:
+ - name: spgwc
+ image: {{ .Values.images.tags.spgwc }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ {{- if .Values.config.coreDump.enabled }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ stdin: true
+ tty: true
+ command: ["bash", "-xc"]
+ args:
+ - /opt/cp/scripts/spgwc-run.sh ngic_controlplane
+ livenessProbe:
+ httpGet:
+ path: /liveness
+ port: {{ .Values.config.spgwc.rest.port }}
+ initialDelaySeconds: 10
+ periodSeconds: 3
+ readinessProbe:
+ httpGet:
+ path: /readiness
+ port: {{ .Values.config.spgwc.rest.port }}
+ initialDelaySeconds: 10
+ periodSeconds: 3
+{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }}
+ startupProbe:
+ #looks like available only in 1.16 K8s version and above
+ httpGet:
+ path: /startup
+ port: {{ .Values.config.spgwc.rest.port }}
+ failureThreshold: 30
+ periodSeconds: 10
+{{- end }}
+ env:
+ - name: MEM_LIMIT
+ valueFrom:
+ resourceFieldRef:
+ containerName: spgwc
+ resource: limits.memory
+ divisor: 1Mi
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ {{- if .Values.config.managedByConfigPod.enabled }}
+ - name: MANAGED_BY_CONFIG_POD
+ value: "true"
+ {{- end }}
+ {{- if .Values.config.spgwc.managedByRoc.enabled }}
+ - name: DISABLE_CONFIG_WATCHER # If the variable has a value then changes
+ value: "true" # to subscriber_mapping.json are ignored
+ {{- end }}
+ {{- if .Values.resources.enabled }}
+ resources:
+{{ toYaml .Values.resources.spgwc | indent 10 }}
+ {{- end }}
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/cp/scripts
+ - name: configs
+ mountPath: /etc/cp/config
+ - name: shared-app
+ mountPath: /tmp
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ mountPath: /tmp/coredump
+ {{- end }}
+ - name: gx-app
+ image: {{ .Values.images.tags.spgwc }}
+ imagePullPolicy: {{ .Values.images.pullPolicy }}
+ {{- if .Values.config.coreDump.enabled }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ stdin: true
+ tty: true
+ command: ["bash", "-xc"]
+ args:
+ - /opt/cp/scripts/spgwc-run.sh gx-app
+ {{- if .Values.resources.enabled }}
+ resources:
+{{ toYaml .Values.resources.spgwc | indent 10 }}
+ {{- end }}
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/cp/scripts
+ - name: configs
+ mountPath: /etc/cp/config
+ - name: shared-app
+ mountPath: /tmp
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ mountPath: /tmp/coredump
+ {{- end }}
+ {{- if .Values.config.spgwc.managedByRoc.enabled }}
+ - name: init-sync
+ image: curlimages/curl:7.77.0
+ imagePullPolicy: IfNotPresent
+ stdin: true
+ tty: true
+ command: ["sh", "-c"]
+ args:
+ - /opt/cp/scripts/spgwc-init.sh
+ volumeMounts:
+ - name: scripts
+ mountPath: /opt/cp/scripts
+ volumes:
+ - name: scripts
+ configMap:
+ name: spgwc-scripts
+ defaultMode: 493
+ {{- end }}
+ volumes:
+ - name: scripts
+ configMap:
+ name: spgwc-scripts
+ defaultMode: 493
+ - name: configs
+ configMap:
+ name: spgwc-configs
+ defaultMode: 420
+ - name: shared-app
+ emptyDir: {}
+ - name: host-rootfs
+ hostPath:
+ path: /
+ {{- if .Values.config.coreDump.enabled }}
+ - name: coredump
+ hostPath:
+ path: {{ .Values.config.coreDump.path }}
+ {{- end }}
+{{- end }}
diff --git a/omec-control-plane/values.yaml b/omec-control-plane/values.yaml
new file mode 100644
index 0000000..4474228
--- /dev/null
+++ b/omec-control-plane/values.yaml
@@ -0,0 +1,594 @@
+# Copyright 2018 Intel Corporation
+# Copyright 2018-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+images:
+ tags:
+ init: registry.aetherproject.org/tools/busybox:stable
+ depCheck: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+ hssdb: registry.aetherproject.org/proxy/omecproject/c3po-hssdb:master-771c0c3
+ hss: registry.aetherproject.org/proxy/omecproject/c3po-hss:master-771c0c3
+ mme: registry.aetherproject.org/proxy/omecproject/nucleus:master-5f0a821
+ spgwc: registry.aetherproject.org/omecproject/spgw:master-86f31e4
+ pcrf: registry.aetherproject.org/proxy/omecproject/c3po-pcrf:pcrf-b29af70
+ pcrfdb: registry.aetherproject.org/proxy/omecproject/c3po-pcrfdb:pcrf-b29af70
+ config4g: registry.aetherproject.org/omecproject/5gc-webui:onf-release3.0.5-0534804
+ pullPolicy: IfNotPresent
+ # Secrets must be manually created in the namespace.
+ pullSecrets:
+ - name: aether.registry
+
+nodeSelectors:
+ enabled: false
+ hss:
+ label: omec-cp
+ value: enabled
+ pcrf:
+ label: omec-cp
+ value: enabled
+ mme:
+ label: omec-cp
+ value: enabled
+ spgwc:
+ label: omec-cp
+ value: enabled
+ config4g:
+ label: omec-cp
+ value: enabled
+
+resources:
+ enabled: true
+ pcrf:
+ requests:
+ cpu: 2
+ memory: 1Gi
+ limits:
+ cpu: 2
+ memory: 1Gi
+ hss:
+ requests:
+ cpu: 2
+ memory: 1Gi
+ limits:
+ cpu: 2
+ memory: 1Gi
+ mme:
+ # Note that MME pod is composed of 4 containers
+ # Provide resources for a container, not a pod total
+ requests:
+ cpu: 0.5
+ memory: 1Gi
+ limits:
+ cpu: 0.5
+ memory: 1Gi
+ spgwc:
+ requests:
+ cpu: 2
+ memory: 5Gi
+ limits:
+ cpu: 2
+ memory: 5Gi
+ config4g:
+ requests:
+ cpu: 1
+ memory: 1Gi
+ limits:
+ cpu: 1
+ memory: 1Gi
+
+cassandra:
+ deploy: true
+ fullnameOverride: cassandra
+ image:
+ tag: 2.1.20
+ #selector:
+ # nodeSelector:
+ # cassandra: enabled
+ persistence:
+ enabled: false
+ config:
+ #cluster_size: 1
+ #seed_size: 1
+ endpoint_snitch: GossipingPropertyFileSnitch
+ readinessProbe:
+ initialDelaySeconds: 10
+ resources: {}
+ #requests:
+ # memory: 4Gi
+ # cpu: 2
+ #limits:
+ # memory: 4Gi
+ # cpu: 2
+
+config:
+ clusterDomain: cluster.local
+ coreDump:
+ enabled: true
+ path: /tmp/coredump
+ managedByConfigPod: # config comes from helm by default, if enabled true, then discard
+ enabled: false # helm chart config and use the config from config Pod
+ useExistingConfigMap: false
+ logger:
+ WEBUI:
+ debugLevel: info
+ ReportCaller: false
+ config4g:
+ deploy: false
+ podAnnotations:
+ field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9089,"schema":"HTTP"}]'
+ prometheus:
+ port: 9089
+ nodePort:
+ enabled: false
+ port: 30084
+ urlport:
+ port: 5000
+ nodePort:
+ enabled: false
+ port: 35000
+ ingress:
+ enabled: false
+ hostname: free5gc.local
+ path: /
+ pathType: Prefix
+ cfgFiles:
+ webuicfg.conf:
+ info:
+ version: 1.0.0
+ description: WebUI initial local configuration
+ configuration:
+ endpoints:
+ - type: spgw
+ configPushUrl: "http://spgwc:8080/v1/config"
+ configCheckUrl: "http://spgwc:8080/v1/config-check"
+ #- type: mmeapp
+ # configPushUrl: "http://mme-app-config:8080/v1/config/slice"
+ # configCheckUrl: "http://mme-app-config:8080/v1/config-check"
+ - type: mme-s1ap
+ configPushUrl: "http://mme:8081/v1/config/slice"
+ configCheckUrl: "http://mme:8081/v1/config-check"
+ - type: hss
+ configPushUrl: "http://hss:8080/v2/config/imsis"
+ configCheckUrl: "http://hss:8080/v2/config-check"
+ - type: pcrf
+ configPushUrl: "http://pcrf:8080/v1/config/policies"
+ configCheckUrl: "http://pcrf:8080/v1/config-check"
+ pcrf:
+ deploy: true
+ podAnnotations:
+ fluentbit.io/parser: pcrf
+ field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9089,"schema":"HTTP"}]'
+ pcrfdb: cassandra
+ configPort:
+ port: 8080
+ nodePort:
+ enabled: false
+ port: 30081
+ gx:
+ nodePort:
+ enabled: false
+ port: 33868
+ prometheus:
+ port: 9089
+ nodePort:
+ enabled: false
+ port: 30086
+ # Provide the peer whitelist extension
+ # The peer name must be a fqdn. We allow also a special "*" character as the
+ # first label of the fqdn, to allow all fqdn with the same domain name.
+ # Example: *.example.net will allow host1.example.net and host2.example.net
+ acl:
+ oldTls: "*.cluster.local"
+ #ipSec:
+ bootstrap:
+ enabled: false
+ # See https://github.com/omec-project/c3po for details of config options
+ cfgFiles:
+ subscriber_mapping.json:
+ Policies:
+ service-groups:
+ internet:
+ default-activate-service:
+ - be-internet-access
+ services:
+ be-internet-access:
+ qci: 9
+ arp: 1
+ AMBR_UL: 1024000
+ AMBR_DL: 10240000
+ service-activation-rules:
+ - best-effort-internet-access
+ #activate-conditions:
+ # timer: 50
+ #deactivate-conditions:
+ # timer: 60
+ rules:
+ best-effort-internet-access:
+ definition:
+ Charging-Rule-Name: "best-effort-internet-access"
+ Flow-Status: 2
+ QoS-Information:
+ QoS-Class-Identifier: 9
+ Max-Requested-Bandwidth-UL: 512000
+ Max-Requested-Bandwidth-DL: 5120000
+ Guaranteed-Bitrate-UL: 0
+ Guaranteed-Bitrate-DL: 0
+ Allocation-Retention-Priority:
+ Priority-Level: 1
+ Pre-emption-Capability: 1
+ Pre-emption-Vulnerability: 1
+ Flow-Information:
+ Flow-Direction: 3
+ Flow-Description: "permit out ip from 0.0.0.0/0 to assigned"
+ pcrf.json:
+ common:
+ fdcfg: conf/pcrf.conf
+ # Origin host and realm will be set automatically if unset
+ #originhost: ""
+ #originrealm: ""
+ pcrf:
+ gtwhost: "*"
+ gtwport: 9080
+ #restport will be set by configmap
+ #restport: ""
+ ossport: 9082
+ # casssrv will be set to cassandra in the same cluster if unset
+ #casssrv: ""
+ casskeyspace: vpcrf
+ casshost: "cassandra"
+ cassusr: root
+ casspwd: root
+ cassdb: vpcrf
+ casscoreconnections: 2
+ cassmaxconnections: 8
+ cassioqueuesize: 32768
+ cassiothreads: 2
+ randv: true
+ optkey: "63bfa50ee6523365ff14c1f45f88737d"
+ reloadkey: false
+ logsize: 20
+ lognumber: 5
+ logname: logs/pcrf.log
+ logqsize: 8192
+ statlogsize: 20
+ statlognumber: 5
+ statlogname: logs/pcrf_stat.log
+ auditlogsize: 20
+ auditlognumber: 5
+ auditlogname: logs/pcrf_audit.log
+ statfreq: 2000
+ numworkers: 4
+ concurrent: 10
+ ossfile: conf/oss.json
+ verifyroamingsubscribers: false
+ rulesfile: conf/subscriber_mapping.json
+ oss.json:
+ option:
+ id: url
+ type: string
+ services:
+ - id: logger
+ commands:
+ - id: describe_loggers
+ - id: set_logger_level
+ options:
+ - id: name
+ type: string
+ - id: level
+ type: integer
+ - id: stats
+ commands:
+ - id: describe_stats_frequency
+ - id: describe_stats_live
+ - id: set_stats_frequency
+ options:
+ - id: frequency
+ type: integer
+ hss:
+ deploy: true
+ podAnnotations:
+ fluentbit.io/parser: hss
+ field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9089,"schema":"HTTP"}]'
+ hssdb: cassandra
+ s6a:
+ nodePort:
+ enabled: false
+ port: 33868
+ configPort:
+ port: 8080
+ nodePort:
+ enabled: false
+ port: 30081
+ prometheus:
+ port: 9089
+ nodePort:
+ enabled: false
+ port: 30086
+ # Provide the peer whitelist extension
+ # The peer name must be a fqdn. We allow also a special "*" character as the
+ # first label of the fqdn, to allow all fqdn with the same domain name.
+ # Example: *.example.net will allow host1.example.net and host2.example.net
+ acl:
+ oldTls: "*.cluster.local"
+ #ipSec:
+ bootstrap:
+ enabled: true
+ users:
+ - apn: internet
+ key: "465b5ce8b199b49faa5f0a2ee238a6bc"
+ opc: "d4416644f6154936193433dd20a0ace0"
+ sqn: 96
+ imsiStart: "208014567891200"
+ msisdnStart: "1122334455"
+ mme_identity: mme.omec.svc.cluster.local
+ mme_realm: omec.svc.cluster.local
+ count: 10
+ staticusers:
+ - apn: internet
+ key: "465b5ce8b199b49faa5f0a2ee238a6bc"
+ opc: "d4416644f6154936193433dd20a0ace0"
+ sqn: 96
+ imsi: "208014567891200"
+ msisdn: "1122334455"
+ staticAddr: 0.0.0.0
+ mme_identity: mme.omec.svc.cluster.local
+ mme_realm: omec.svc.cluster.local
+ mmes:
+ - id: 1
+ mme_identity: mme.omec.svc.cluster.local
+ mme_realm: omec.svc.cluster.local
+ isdn: "19136246000"
+ unreachability: 1
+ # See https://github.com/omec-project/c3po for details of config options
+ cfgFiles:
+ hss.json:
+ common:
+ fdcfg: conf/hss.conf
+ # Origin host and realm will be set automatically if unset
+ #originhost: ""
+ #originrealm: ""
+ hss:
+ gtwhost: "*"
+ gtwport: 9080
+ #restport will be set by configmap
+ #restport: ""
+ ossport: 9082
+ # casssrv will be set to cassandra in the same cluster if unset
+ #casssrv: ""
+ cassusr: root
+ casspwd: root
+ cassdb: vhss
+ casscoreconnections: 2
+ cassmaxconnections: 8
+ cassioqueuesize: 32768
+ cassiothreads: 2
+ randv: true
+ optkey: "63bfa50ee6523365ff14c1f45f88737d"
+ reloadkey: false
+ logsize: 20
+ lognumber: 5
+ logname: logs/hss.log
+ logqsize: 8192
+ statlogsize: 20
+ statlognumber: 5
+ statlogname: logs/hss_stat.log
+ auditlogsize: 20
+ auditlognumber: 5
+ auditlogname: logs/hss_audit.log
+ statfreq: 2000
+ numworkers: 4
+ concurrent: 10
+ ossfile: conf/oss.json
+ verifyroamingsubscribers: false
+ oss.json:
+ option:
+ id: url
+ type: string
+ services:
+ - id: logger
+ commands:
+ - id: describe_loggers
+ - id: set_logger_level
+ options:
+ - id: name
+ type: string
+ - id: level
+ type: integer
+ - id: stats
+ commands:
+ - id: describe_stats_frequency
+ - id: describe_stats_live
+ - id: set_stats_frequency
+ options:
+ - id: frequency
+ type: integer
+ mme:
+ deploy: true
+ podAnnotations:
+ fluentbit.io/parser: mme
+ field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":3081,"schema":"HTTP"}]'
+ spgwAddr: spgwc
+ s11:
+ nodePort:
+ enabled: false
+ port: 32124
+ s6a:
+ nodePort:
+ enabled: false
+ port: 33869
+ prometheus:
+ port: 3081
+ nodePort:
+ enabled: false
+ port: 30085
+ # See https://github.com/omec-project/openmme/blob/master/README.txt for more config options
+ cfgFiles:
+ config.json:
+ mme:
+ name: vmmestandalone
+ group_id: 1
+ code: 1
+ logging: debug
+ plmnlist:
+ #plmn1 is aether common plmn, plmn2 is for aether-in-a-box
+ plmn1: "mcc=315,mnc=010"
+ plmn2: "mcc=208,mnc=01"
+ apnlist:
+ internet: "spgwc"
+ default: "spgwc" #default spgwc to be used
+ feature_list:
+ dcnr_support: "disabled"
+ security:
+ #int_alg_list: "[EIA0]"
+ int_alg_list: "[EIA1, EIA2, EIA0]"
+ sec_alg_list: "[EEA0, EEA1, EEA2]"
+ s1ap:
+ sctp_port: 36412
+ sctp_port_external: 36412
+ s11:
+ egtp_default_port: 2123
+ # sgw_addr and pgw_addr will be set dynamically if unset
+ #sgw_addr:
+ #pgw_addr:
+ s6a:
+ host_type: freediameter
+ # host and realm will be set dynamically if unset
+ #host:
+ #realm:
+ spgwc:
+ deploy: true
+ managedByRoc:
+ enabled: false
+ syncUrl: ""
+ podAnnotations:
+ fluentbit.io/parser: spgwc
+ field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9089,"schema":"HTTP"}]'
+ s11:
+ port: 2123
+ nodePort:
+ enabled: false
+ port: 32123
+ n4:
+ port: 8805
+ nodePort:
+ enabled: false
+ port: 30021
+ prometheus:
+ port: 9089
+ nodePort:
+ enabled: false
+ port: 30084
+ rest:
+ port: 8080
+ nodePort:
+ enabled: false
+ port: 30080
+ cfgFiles:
+ cp.json:
+ global:
+ transmitTimerSec: 2
+ periodicTimerSec: 10
+ transmitCount: 5
+ requestTimeoutMilliSec: 5000
+ requestTries: 3
+ gxConfig: 0
+ urrConfig: 0
+ loggingLevel: "LOG_DEBUG"
+ heartbeatFailure: false
+ #DNS Server - 3gpp compliant DNS server
+ dns:
+ cache:
+ concurrent: 25
+ percentage: 80
+ intervalSec: 60
+ queryTimeoutMilliSec: 1000
+ queryTries: 1
+ app:
+ frequencySec: 3
+ filename: "appqueries.json"
+ nameserver: "127.0.0.1"
+ ops:
+ frequencySec: 3
+ filename: "opsqueries.json"
+ nameserver: "127.0.0.1"
+ ip_pool_config:
+ ueIpPool:
+ ip: "10.250.0.0"
+ mask: "255.255.0.0"
+ staticUeIpPool:
+ ip: "10.249.1.0"
+ mask: "255.255.255.0"
+ config.json:
+ gx:
+ host_type: freediameter
+ # host and realm will be set dynamically if unset
+ #host:
+ #realm:
+ subscriber_mapping.json:
+ subscriber-selection-rules:
+ - priority: 5
+ keys:
+ serving-plmn:
+ mcc: 208
+ mnc: 10
+ tac: 1
+ imsi-range:
+ from: 200000000000000
+ to: 299999999999999
+ selected-apn-profile: apn-profile1
+ selected-qos-profile: qos-profile1
+ selected-access-profile:
+ - access-all
+ selected-user-plane-profile: user-plane1
+ - priority: 10
+ keys:
+ match-all: true
+ selected-apn-profile: apn-profile1
+ selected-qos-profile: qos-profile1
+ selected-access-profile:
+ - access-all
+ selected-user-plane-profile: user-plane1
+ apn-profiles:
+ apn-profile1:
+ apn-name: internet
+ usage: 1
+ network: lbo
+ gx_enabled: true
+ dns_primary: 8.8.8.4
+ dns_secondary: 8.8.8.8
+ mtu: 1460
+ user-plane-profiles:
+ user-plane1:
+ user-plane: upf
+ global-address: true
+ qos-tags:
+ tag1: BW
+ access-tags:
+ tag1: ACC
+ qos-profiles:
+ mobile:
+ qci: 9
+ arp: 1
+ apn-ambr:
+ - 12345678
+ - 12345678
+ access-profiles:
+ access-all:
+ type: allow-all
+ internet-only:
+ type: internet-only
+ filter: No_private_network
+ intranet-only:
+ type: intranet-only
+ filter: only_private_network
+ apps-only:
+ type: specific-network
+ filter: only_apps_network
+ specific-app:
+ type: specific-destination-only
+ filter: allow-app-name
+ excluding-app:
+ type: excluding-this-app
+ filter: exclude-app-name