initial sdcore-helm-charts update

Change-Id: I91788de083b0f906ce4b32ac226f616fb2647ef9
diff --git a/omec-control-plane/.gitignore b/omec-control-plane/.gitignore
new file mode 100644
index 0000000..894f7fe
--- /dev/null
+++ b/omec-control-plane/.gitignore
@@ -0,0 +1,5 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+charts/
diff --git a/omec-control-plane/.helmignore b/omec-control-plane/.helmignore
new file mode 100644
index 0000000..0d5155a
--- /dev/null
+++ b/omec-control-plane/.helmignore
@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/omec-control-plane/Chart.yaml b/omec-control-plane/Chart.yaml
new file mode 100644
index 0000000..f1aa0b3
--- /dev/null
+++ b/omec-control-plane/Chart.yaml
@@ -0,0 +1,13 @@
+---
+# Copyright 2018 Intel Corporation
+# Copyright 2018-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+apiVersion: v1
+description: OMEC control plane services
+name: omec-control-plane
+icon: https://guide.opencord.org/logos/cord.svg
+
+version: 0.7.14
diff --git a/omec-control-plane/requirements.yaml b/omec-control-plane/requirements.yaml
new file mode 100644
index 0000000..49146fd
--- /dev/null
+++ b/omec-control-plane/requirements.yaml
@@ -0,0 +1,9 @@
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+dependencies:
+  - name: cassandra
+    version: 0.13.1
+    repository: https://charts.helm.sh/incubator
+    condition: cassandra.deploy
diff --git a/omec-control-plane/templates/NOTES.txt b/omec-control-plane/templates/NOTES.txt
new file mode 100644
index 0000000..78c519b
--- /dev/null
+++ b/omec-control-plane/templates/NOTES.txt
@@ -0,0 +1,21 @@
+{{- /*
+
+# Copyright 2018 Intel Corporation
+# Copyright 2018-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+*/ -}}
+
+This is the instruction to configure your eNodeB to work with ONF M-CORD. You can find architecture illustration in assets/mcord-architecture.png.
+
+1. Configure eNodeB with the correct MME information.
+    export MMEIP=[node IP]
+    export MMEPORT="36412"
+
+    You can change MMEPORT by overriding "Values.config.mme.s1ap.sctp_port_external".
+
+2. Make sure UE's SIM card information is configured in hss.yaml.
+
+3. Attach UE to OMEC.
diff --git a/omec-control-plane/templates/_helpers.tpl b/omec-control-plane/templates/_helpers.tpl
new file mode 100644
index 0000000..be7fc5f
--- /dev/null
+++ b/omec-control-plane/templates/_helpers.tpl
@@ -0,0 +1,133 @@
+{{- /*
+
+# Copyright 2018 Intel Corporation
+# Copyright 2018-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+*/ -}}
+
+{{/*
+Renders a set of standardised labels
+*/}}
+{{- define "omec-control-plane.metadata_labels" -}}
+{{- $application := index . 0 -}}
+{{- $context := index . 1 -}}
+release: {{ $context.Release.Name }}
+app: {{ $application }}
+{{- end -}}
+
+{{/*
+Render the given template.
+*/}}
+{{- define "omec-control-plane.template" -}}
+{{- $name := index . 0 -}}
+{{- $context := index . 1 -}}
+{{- $last := base $context.Template.Name }}
+{{- $wtf := $context.Template.Name | replace $last $name -}}
+{{ include $wtf $context }}
+{{- end -}}
+
+{{/*
+Return domain name for Diameter identity, realm, and hostname for a given application.
+*/}}
+{{- define "omec-control-plane.diameter_endpoint" -}}
+{{- $service := index . 0 -}}
+{{- $type := index . 1 -}}
+{{- $context := index . 2 -}}
+{{- if eq $type "identity" -}}
+{{- printf "%s.%s.svc.%s" $service $context.Release.Namespace $context.Values.config.clusterDomain -}}
+{{- else if eq $type "realm" -}}
+{{- printf "%s.svc.%s" $context.Release.Namespace $context.Values.config.clusterDomain -}}
+{{- else if eq $type "host" -}}
+{{- printf "%s" $service -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Render ServiceAccount, Role, and RoleBinding required for kubernetes-entrypoint.
+*/}}
+{{- define "omec-control-plane.service_account" -}}
+{{- $context := index . 1 -}}
+{{- $saName := index . 0 -}}
+{{- $saNamespace := $context.Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ $saName }}
+  namespace: {{ $saNamespace }}
+  labels:
+{{ tuple $saName $context | include "omec-control-plane.metadata_labels" | indent 4 }}
+---
+{{- if semverCompare ">=1.16-0" $context.Capabilities.KubeVersion.GitVersion }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ $saName }}
+  namespace: {{ $saNamespace }}
+  labels:
+{{ tuple $saName $context | include "omec-control-plane.metadata_labels" | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ $saName }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $saName }}
+    namespace: {{ $saNamespace }}
+---
+{{- if semverCompare ">=1.16-0" $context.Capabilities.KubeVersion.GitVersion }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: Role
+metadata:
+  name: {{ $saName }}
+  namespace: {{ $saNamespace }}
+  labels:
+{{ tuple $saName $context | include "omec-control-plane.metadata_labels" | indent 4 }}
+rules:
+  - apiGroups:
+      - ""
+      - extensions
+      - batch
+      - apps
+    verbs:
+      - get
+      - list
+      - patch
+    resources:
+      - statefulsets
+      - daemonsets
+      - jobs
+      - pods
+      - services
+      - endpoints
+      - configmaps
+{{- end -}}
+
+{{/*
+Render init container for coredump.
+*/}}
+{{- define "omec-control-plane.coredump_init" -}}
+{{- $pod := index . 0 -}}
+{{- $context := index . 1 -}}
+- name: {{ $pod }}-coredump-init
+  image: {{ $context.Values.images.tags.init | quote }}
+  imagePullPolicy: {{ $context.Values.images.pullPolicy }}
+  securityContext:
+    privileged: true
+    runAsUser: 0
+  command: ["sh", "-xc"]
+  args:
+    - echo '/tmp/coredump/core.%h.%e.%t' > /mnt/host-rootfs/proc/sys/kernel/core_pattern
+  volumeMounts:
+    - name: host-rootfs
+      mountPath: /mnt/host-rootfs
+{{- end -}}
diff --git a/omec-control-plane/templates/bin/_config4g-run.sh.tpl b/omec-control-plane/templates/bin/_config4g-run.sh.tpl
new file mode 100644
index 0000000..b568195
--- /dev/null
+++ b/omec-control-plane/templates/bin/_config4g-run.sh.tpl
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# Copyright 2020-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -xe
+
+{{- if .Values.config.coreDump.enabled }}
+cp /free5gc/webconsole/webconsole /tmp/coredump/
+{{- end }}
+
+cd /free5gc
+
+cat config/webuicfg.conf
+
+./webconsole/webconsole -webuicfg config/webuicfg.conf
diff --git a/omec-control-plane/templates/bin/_hss-bootstrap.sh.tpl b/omec-control-plane/templates/bin/_hss-bootstrap.sh.tpl
new file mode 100644
index 0000000..b6d8fda
--- /dev/null
+++ b/omec-control-plane/templates/bin/_hss-bootstrap.sh.tpl
@@ -0,0 +1,132 @@
+#!/bin/bash
+
+# Copyright 2018 Intel Corporation
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -ex
+
+function provision_users() {
+    count=${1}
+    imsi=${2}
+    msisdn=${3}
+    apn=${4}
+    key=${5}
+    opc=${6}
+    sqn=${7}
+    cassandra_ip=${8}
+    mmeidentity=${9}
+    mmerealm=${10}
+
+    for (( i=1; i<=$count; i++ ))
+    do
+        echo "IMSI=$imsi MSISDN=$msisdn"
+        cqlsh $cassandra_ip -e "INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, opc, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data, supported_features) VALUES ('$imsi', $msisdn, 41, '$key', '$opc','$mmeidentity', 3, '$mmerealm', '2683b376d1056746de3b254012908e0e', $sqn, '{\"Subscription-Data\":{\"Access-Restriction-Data\":41,\"Subscriber-Status\":0,\"Network-Access-Mode\":2,\"Regional-Subscription-Zone-Code\":[\"0x0123\",\"0x4567\",\"0x89AB\",\"0xCDEF\",\"0x1234\",\"0x5678\",\"0x9ABC\",\"0xDEF0\",\"0x2345\",\"0x6789\"],\"MSISDN\":\"0x$msisdn\",\"AMBR\":{\"Max-Requested-Bandwidth-UL\":50000000,\"Max-Requested-Bandwidth-DL\":100000000},\"APN-Configuration-Profile\":{\"Context-Identifier\":0,\"All-APN-Configurations-Included-Indicator\":0,\"APN-Configuration\":{\"Context-Identifier\":0,\"PDN-Type\":0,\"Served-Party-IP-Address\":[\"0.0.0.0\"],\"Service-Selection\":\"$apn\",\"EPS-Subscribed-QoS-Profile\":{\"QoS-Class-Identifier\":9,\"Allocation-Retention-Priority\":{\"Priority-Level\":15,\"Pre-emption-Capability\":0,\"Pre-emption-Vulnerability\":0}},\"AMBR\":{\"Max-Requested-Bandwidth-UL\":50000000,\"Max-Requested-Bandwidth-DL\":100000000},\"PDN-GW-Allocation-Type\":0,\"MIP6-Agent-Info\":{\"MIP-Home-Agent-Address\":[\"172.26.17.183\"]}}},\"Subscribed-Periodic-RAU-TAU-Timer\":0}}', '{\"Supported-Features\":{\"Vendor-Id\": 10415, \"Feature-List-ID\": 2, \"Feature-List\": 134217728}}');"
+
+        if [ $? -ne 0 ];then
+           echo -e "oops! Something went wrong adding $imsi to vhss.users_imsi!\n"
+           exit 1
+        fi
+
+        cqlsh $cassandra_ip -e "INSERT INTO vhss.msisdn_imsi (msisdn, imsi) VALUES ($msisdn, '$imsi');"
+        if [ $? -ne 0 ];then
+           echo -e "oops! Something went wrong adding $imsi to vhss.msisdn_imsi!\n"
+           exit 1
+        fi
+
+        echo -e "Added $imsi\n"
+
+        imsi=`expr $imsi + 1`;
+        msisdn=`expr $msisdn + 1`
+    done
+}
+
+function provision_staticusers() {
+    imsi=${1}
+    msisdn=${2}
+    apn=${3}
+    key=${4}
+    opc=${5}
+    sqn=${6}
+    cassandra_ip=${7}
+    mmeidentity=${8}
+    mmerealm=${9}
+    staticAddr=${10}
+
+    echo "IMSI=$imsi MSISDN=$msisdn"
+    cqlsh $cassandra_ip -e "INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, opc, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data, supported_features) VALUES ('$imsi', $msisdn, 41, '$key', '$opc','$mmeidentity', 3, '$mmerealm', '2683b376d1056746de3b254012908e0e', $sqn, '{\"Subscription-Data\":{\"Access-Restriction-Data\":41,\"Subscriber-Status\":0,\"Network-Access-Mode\":2,\"Regional-Subscription-Zone-Code\":[\"0x0123\",\"0x4567\",\"0x89AB\",\"0xCDEF\",\"0x1234\",\"0x5678\",\"0x9ABC\",\"0xDEF0\",\"0x2345\",\"0x6789\"],\"MSISDN\":\"0x$msisdn\",\"AMBR\":{\"Max-Requested-Bandwidth-UL\":50000000,\"Max-Requested-Bandwidth-DL\":100000000},\"APN-Configuration-Profile\":{\"Context-Identifier\":0,\"All-APN-Configurations-Included-Indicator\":0,\"APN-Configuration\":{\"Context-Identifier\":0,\"PDN-Type\":0,\"Served-Party-IP-Address\":[\"$staticAddr\"],\"Service-Selection\":\"$apn\",\"EPS-Subscribed-QoS-Profile\":{\"QoS-Class-Identifier\":9,\"Allocation-Retention-Priority\":{\"Priority-Level\":15,\"Pre-emption-Capability\":0,\"Pre-emption-Vulnerability\":0}},\"AMBR\":{\"Max-Requested-Bandwidth-UL\":50000000,\"Max-Requested-Bandwidth-DL\":100000000},\"PDN-GW-Allocation-Type\":0,\"MIP6-Agent-Info\":{\"MIP-Home-Agent-Address\":[\"172.26.17.183\"]}}},\"Subscribed-Periodic-RAU-TAU-Timer\":0}}', '{\"Supported-Features\":{\"Vendor-Id\": 10415, \"Feature-List-ID\": 2, \"Feature-List\": 134217728}}');"
+
+    cqlsh $cassandra_ip -e "INSERT INTO vhss.msisdn_imsi (msisdn, imsi) VALUES ($msisdn, '$imsi');"
+    echo -e "Added $imsi\n"
+}
+
+function provision_mme() {
+    id=$1
+    isdn=$2
+    host=$3
+    realm=$4
+    uereachability=$5
+    cassandra_ip=$6
+
+    cqlsh $cassandra_ip -e "INSERT INTO vhss.mmeidentity (idmmeidentity, mmeisdn, mmehost, mmerealm, ue_reachability) VALUES ($id, '$isdn', '$host', '$realm', $uereachability);"
+    if [ $? -ne 0 ];then
+       echo -e "oops! Something went wrong adding to vhss.mmeidentity!\n"
+       exit 1
+    fi
+
+    cqlsh $cassandra_ip -e "INSERT INTO vhss.mmeidentity_host (idmmeidentity, mmeisdn, mmehost, mmerealm, ue_reachability) VALUES ($id, '$isdn', '$host', '$realm', $uereachability);"
+    if [ $? -ne 0 ];then
+       echo -e "oops! Something went wrong adding to vhss.mmeidentity_host!\n"
+       exit 1
+    fi
+
+    echo -e "Added mme $id\n"
+}
+
+until cqlsh --file /opt/c3po/hssdb/oai_db.cql {{ .Values.config.hss.hssdb }};
+    do echo "Provisioning HSSDB";
+    sleep 2;
+done
+
+{{- if .Values.config.hss.bootstrap.enabled }}
+{{- range .Values.config.hss.bootstrap.users }}
+provision_users \
+    {{ .count }} \
+    {{ .imsiStart }} \
+    {{ .msisdnStart }} \
+    {{ .apn }} \
+    {{ .key }} \
+    {{ .opc }} \
+    {{ .sqn }} \
+    {{ $.Values.config.hss.hssdb }} \
+    {{ .mme_identity }} \
+    {{ .mme_realm }}
+{{- end }}
+
+{{- range .Values.config.hss.bootstrap.staticusers }}
+provision_staticusers \
+    {{ .imsi }} \
+    {{ .msisdn }} \
+    {{ .apn }} \
+    {{ .key }} \
+    {{ .opc }} \
+    {{ .sqn }} \
+    {{ $.Values.config.hss.hssdb }} \
+    {{ .mme_identity }} \
+    {{ .mme_realm }} \
+    {{ .staticAddr }}
+{{- end }}
+
+{{- range .Values.config.hss.bootstrap.mmes }}
+provision_mme \
+    {{ .id }} \
+    {{ .isdn }} \
+    {{ .mme_identity }} \
+    {{ .mme_realm }} \
+    {{ .unreachability }} \
+    {{ $.Values.config.hss.hssdb }}
+{{- end }}
+{{- end }}
+
diff --git a/omec-control-plane/templates/bin/_hss-run.sh.tpl b/omec-control-plane/templates/bin/_hss-run.sh.tpl
new file mode 100644
index 0000000..6f2d8e9
--- /dev/null
+++ b/omec-control-plane/templates/bin/_hss-run.sh.tpl
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -ex
+
+{{- if .Values.config.coreDump.enabled }}
+cp /bin/hss /tmp/coredump/
+{{- end }}
+
+CONF_DIR="/opt/c3po/hss/conf"
+LOGS_DIR="/opt/c3po/hss/logs"
+mkdir -p $CONF_DIR $LOGS_DIR
+
+cp /etc/hss/conf/{acl.conf,hss.json,hss.conf,oss.json} $CONF_DIR
+cat $CONF_DIR/{hss.json,hss.conf}
+
+cd $CONF_DIR
+make_certs.sh {{ tuple "hss" "host" . | include "omec-control-plane.diameter_endpoint" }} {{ tuple "hss" "realm" . | include "omec-control-plane.diameter_endpoint" }}
+
+cd ..
+hss -j $CONF_DIR/hss.json
diff --git a/omec-control-plane/templates/bin/_mme-init.sh.tpl b/omec-control-plane/templates/bin/_mme-init.sh.tpl
new file mode 100644
index 0000000..256da0d
--- /dev/null
+++ b/omec-control-plane/templates/bin/_mme-init.sh.tpl
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -ex
+
+cp /opt/mme/config/config.json /opt/mme/config/shared/config.json
+cd /opt/mme/config/shared
+
+# Set local IP address for s1ap and s11 networks to the config
+jq --arg MME_LOCAL_IP "$POD_IP" '.mme.ip_addr=$MME_LOCAL_IP' config.json > config.tmp && mv config.tmp config.json
+jq --arg MME_LOCAL_IP "$POD_IP" '.s1ap.s1ap_local_addr=$MME_LOCAL_IP' config.json > config.tmp && mv config.tmp config.json
+jq --arg MME_LOCAL_IP "$POD_IP" '.s11.egtp_local_addr=$MME_LOCAL_IP' config.json > config.tmp && mv config.tmp config.json
+
+# Set SPGWC address to the config
+# We need to convert service domain name to actual IP address
+# because mme apps does not take domain address - should be fixed in openmme
+SPGWC_ADDR=$(dig +short +search {{ .Values.config.mme.spgwAddr }})
+jq --arg SPGWC_ADDR "$SPGWC_ADDR" '.s11.sgw_addr //= $SPGWC_ADDR' config.json > config.tmp && mv config.tmp config.json
+jq --arg SPGWC_ADDR "$SPGWC_ADDR" '.s11.pgw_addr //= $SPGWC_ADDR' config.json > config.tmp && mv config.tmp config.json
+
+# Add additional redundant keys - should be fixed in openmme
+HSS_TYPE=$(jq -r '.s6a.host_type' config.json)
+HSS_HOST=$(jq -r '.s6a.host' config.json)
+jq --arg HSS_TYPE "$HSS_TYPE" '.s6a.hss_type=$HSS_TYPE' config.json > config.tmp && mv config.tmp config.json
+jq --arg HSS_HOST "$HSS_HOST" '.s6a.host_name=$HSS_HOST' config.json > config.tmp && mv config.tmp config.json
+
+# Copy the final configs for each applications
+cp /opt/mme/config/shared/config.json /opt/mme/config/shared/mme.json
+cp /opt/mme/config/shared/config.json /opt/mme/config/shared/s11.json
+cp /opt/mme/config/shared/config.json /opt/mme/config/shared/s1ap.json
+cp /opt/mme/config/shared/config.json /opt/mme/config/shared/s6a.json
+cp /opt/mme/config/s6a_fd.conf /opt/mme/config/shared/s6a_fd.conf
+
+#This multiple copies of config needs some cleanup. For now I want 
+#that after running mme_init config to be present in the target directory
+cp /opt/mme/config/shared/* /openmme/target/conf/
+
+# Generate certs
+MME_IDENTITY={{ tuple "mme" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+DIAMETER_HOST=$(echo $MME_IDENTITY | cut -d'.' -f1)
+DIAMETER_REALM={{ tuple "mme" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+
+cp /openmme/target/conf/make_certs.sh /opt/mme/config/shared/make_certs.sh
+cd /opt/mme/config/shared
+./make_certs.sh $DIAMETER_HOST $DIAMETER_REALM
diff --git a/omec-control-plane/templates/bin/_mme-run.sh.tpl b/omec-control-plane/templates/bin/_mme-run.sh.tpl
new file mode 100644
index 0000000..c739aa6
--- /dev/null
+++ b/omec-control-plane/templates/bin/_mme-run.sh.tpl
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+APPLICATION=$1
+
+{{- if .Values.config.coreDump.enabled }}
+cp /openmme/target/bin/$APPLICATION /tmp/coredump/
+{{- end }}
+
+# copy config files to openmme target directly
+cp /opt/mme/config/shared/* /openmme/target/conf/
+
+cd /openmme/target
+export LD_LIBRARY_PATH=/usr/local/lib:./lib
+
+case $APPLICATION in
+    "mme-app")
+      echo "Starting mme-app"
+      echo "conf/mme.json"
+      cat conf/mme.json
+      ./bin/mme-app
+      ;;
+    "s1ap-app")
+      echo "Starting s1ap-app"
+      echo "conf/s1ap.json"
+      cat conf/s1ap.json
+      ./bin/s1ap-app
+      ;;
+    "s6a-app")
+      echo "Starting s6a-app"
+      echo "conf/s6a.json"
+      cat conf/s6a.json
+      echo "conf/s6a_fd.conf"
+      cat conf/s6a_fd.conf
+      ./bin/s6a-app
+      ;;
+    "s11-app")
+      echo "Starting s11-app"
+      echo "conf/s11.json"
+      cat conf/s11.json
+      ./bin/s11-app
+      ;;
+    *)
+      echo "invalid app $APPLICATION"
+      ;;
+esac
diff --git a/omec-control-plane/templates/bin/_pcrf-bootstrap.sh.tpl b/omec-control-plane/templates/bin/_pcrf-bootstrap.sh.tpl
new file mode 100644
index 0000000..4afc210
--- /dev/null
+++ b/omec-control-plane/templates/bin/_pcrf-bootstrap.sh.tpl
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Copyright 2020-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -ex
+
+until cqlsh --file /opt/c3po/pcrfdb/pcrf_cassandra.cql {{ .Values.config.pcrf.pcrfdb }};
+    do echo "Provisioning PCRFDB";
+    sleep 2;
+done
+
diff --git a/omec-control-plane/templates/bin/_pcrf-run.sh.tpl b/omec-control-plane/templates/bin/_pcrf-run.sh.tpl
new file mode 100644
index 0000000..7be50a6
--- /dev/null
+++ b/omec-control-plane/templates/bin/_pcrf-run.sh.tpl
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Copyright 2020-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+set -ex
+
+{{- if .Values.config.coreDump.enabled }}
+cp /bin/pcrf /tmp/coredump/
+{{- end }}
+
+CONF_DIR="/opt/c3po/pcrf/conf"
+LOGS_DIR="/opt/c3po/pcrf/logs"
+#TODO - Need to remove logs directory
+mkdir -p $CONF_DIR $LOGS_DIR
+
+cp /etc/pcrf/conf/{acl.conf,pcrf.json,pcrf.conf,oss.json,subscriber_mapping.json} $CONF_DIR
+cat $CONF_DIR/{pcrf.json,pcrf.conf}
+
+cd $CONF_DIR
+make_certs.sh {{ tuple "pcrf" "host" . | include "omec-control-plane.diameter_endpoint" }} {{ tuple "pcrf" "realm" . | include "omec-control-plane.diameter_endpoint" }}
+
+cd ..
+pcrf -j $CONF_DIR/pcrf.json
diff --git a/omec-control-plane/templates/bin/_spgwc-init.sh.tpl b/omec-control-plane/templates/bin/_spgwc-init.sh.tpl
new file mode 100644
index 0000000..82ca533
--- /dev/null
+++ b/omec-control-plane/templates/bin/_spgwc-init.sh.tpl
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# Copyright 2021-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+while ! curl -f --connect-timeout 5 http://spgwc:8080/startup
+do
+  echo Waiting for SPGWC to be ready
+  sleep 5
+done
+echo SPGWC is ready
+
+echo Posting to sync URL {{ .Values.config.spgwc.managedByRoc.syncUrl }}
+while ! curl --connect-timeout 5 -f -X POST {{ .Values.config.spgwc.managedByRoc.syncUrl }}
+do
+  echo Failed posting to sync URL
+  sleep 5
+done
+echo
+
+echo Sleeping forever
+while true
+do
+  sleep 86400
+done
\ No newline at end of file
diff --git a/omec-control-plane/templates/bin/_spgwc-run.sh.tpl b/omec-control-plane/templates/bin/_spgwc-run.sh.tpl
new file mode 100644
index 0000000..fd1096d
--- /dev/null
+++ b/omec-control-plane/templates/bin/_spgwc-run.sh.tpl
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# Copyright 2019-present Open Networking Foundation
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+APPLICATION=$1
+set -xe
+
+mkdir -p /opt/cp/config
+cd /opt/cp/config
+cp /etc/cp/config/{*.json,*.conf} .
+
+case $APPLICATION in
+    "ngic_controlplane")
+      echo "Starting ngic controlplane app"
+      cat /opt/cp/config/cp.json
+      cat /opt/cp/config/subscriber_mapping.json
+      {{- if .Values.config.coreDump.enabled }}
+      cp /bin/ngic_controlplane /tmp/coredump/
+      {{- end }}
+
+      ngic_controlplane -f /etc/cp/config/
+      ;;
+
+    "gx-app")
+      echo "Starting gx-app"
+      SPGWC_IDENTITY={{ tuple "spgwc" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+      DIAMETER_HOST=$(echo $SPGWC_IDENTITY| cut -d'.' -f1)
+      DIAMETER_REALM={{ tuple "spgwc" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+      chmod +x /bin/make_certs.sh
+      cp /bin/make_certs.sh /opt/cp/config
+      /bin/make_certs.sh $DIAMETER_HOST $DIAMETER_REALM
+      {{- if .Values.config.coreDump.enabled }}
+      cp /bin/gx_app /tmp/coredump/
+      {{- end }}
+      cd /opt/cp/
+      gx_app
+      ;;
+
+    *)
+      echo "invalid app $APPLICATION"
+      ;;
+esac
diff --git a/omec-control-plane/templates/configmap-config4g.yaml b/omec-control-plane/templates/configmap-config4g.yaml
new file mode 100644
index 0000000..7a0b722
--- /dev/null
+++ b/omec-control-plane/templates/configmap-config4g.yaml
@@ -0,0 +1,40 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.config4g.deploy }}
+
+{{- if not .Values.config.useExistingConfigMap -}}
+{{- $config4gcfg := index .Values.config.config4g.cfgFiles "webuicfg.conf" }}
+{{- $config := index $config4gcfg "configuration" }}
+
+{{- if not (hasKey $config4gcfg "logger") -}}
+{{- $_ := .Values.config.logger | set $config4gcfg "logger" -}}
+{{- end }}
+
+{{- if not (hasKey $config "managedByConfigPod") -}}
+{{- $_ := .Values.config.managedByConfigPod | set $config "managedByConfigPod" -}}
+{{- end }}
+
+
+{{- end }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config4g
+  labels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+  config4g-run.sh: |
+{{ tuple "bin/_config4g-run.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+{{- if not .Values.config.useExistingConfigMap -}}
+{{- range $key, $value := .Values.config.config4g.cfgFiles }}
+  {{ $key }}: |-
+{{ toYaml $value | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/configmap-hss.yaml b/omec-control-plane/templates/configmap-hss.yaml
new file mode 100644
index 0000000..029a8b6
--- /dev/null
+++ b/omec-control-plane/templates/configmap-hss.yaml
@@ -0,0 +1,117 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Default values for mcord-vepc-helm.
+This is a YAML-formatted file.
+Declare variables to be passed into your templates.
+*/}}
+
+{{- if .Values.config.hss.deploy }}
+{{- if not .Values.config.useExistingConfigMap }}
+{{- $hssJson := index .Values.config.hss.cfgFiles "hss.json" }}
+{{- $hssJsonCommon := index $hssJson "common" }}
+{{- $hssJsonHss := index $hssJson "hss" }}
+
+{{- $_ := .Values.config.hss.prometheus.port | set $hssJsonCommon "prom_port" -}}
+{{- if not (hasKey $hssJsonCommon "originhost") -}}
+{{- $_ := tuple "hss" "identity" . | include "omec-control-plane.diameter_endpoint" | set $hssJsonCommon "originhost" -}}
+{{- end }}
+{{- if not (hasKey $hssJsonCommon "originrealm") -}}
+{{- $_ := tuple "hss" "realm" . | include "omec-control-plane.diameter_endpoint" | set $hssJsonCommon "originrealm" -}}
+{{- end }}
+{{- if not (hasKey $hssJsonHss "casssrv") -}}
+{{- $_ := .Values.cassandra.fullnameOverride | set $hssJsonHss "casssrv" -}}
+{{- end }}
+{{- if not (hasKey $hssJsonHss "restport") -}}
+{{- $_ := .Values.config.hss.configPort.port | set $hssJsonHss "restport" -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hss-configs
+  labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+  acl.conf: |
+  {{- if hasKey .Values.config.hss.acl "oldTls" }}
+    ALLOW_OLD_TLS {{ .Values.config.hss.acl.oldTls }}
+  {{- end }}
+  {{- if hasKey .Values.config.hss.acl "ipSec" }}
+    ALLOW_IPSEC {{ .Values.config.hss.acl.ipSec }}
+  {{- end }}
+  hss.conf: |
+    Identity = {{ tuple "hss" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+    Realm = {{ tuple "hss" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+    TLS_Cred = "/opt/c3po/hss/conf/{{ tuple "hss" "host" . | include "omec-control-plane.diameter_endpoint" }}.cert.pem",
+               "/opt/c3po/hss/conf/{{ tuple "hss" "host" . | include "omec-control-plane.diameter_endpoint" }}.key.pem";
+    TLS_CA = "/opt/c3po/hss/conf/cacert.pem";
+    No_SCTP;
+    Prefer_TCP;
+    No_IPv6;
+    SCTP_streams = 3;
+    NoRelay;
+    AppServThreads = 4;
+    Port = 3868;
+    SecPort = 5868;
+    LoadExtension = "/usr/local/lib/freeDiameter/acl_wl.fdx" : "/opt/c3po/hss/conf/acl.conf";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_S6as6d.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_S6t.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_S6c.fdx";
+{{- range $key, $value := .Values.config.hss.cfgFiles }}
+  {{ $key }}: |-
+{{ toPrettyJson $value | indent 4 }}
+{{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hss-scripts
+  labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+  hss-run.sh: |
+{{ tuple "bin/_hss-run.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+  hss-bootstrap.sh: |
+{{ tuple "bin/_hss-bootstrap.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+{{- end }}
diff --git a/omec-control-plane/templates/configmap-mme.yaml b/omec-control-plane/templates/configmap-mme.yaml
new file mode 100644
index 0000000..f45f6ed
--- /dev/null
+++ b/omec-control-plane/templates/configmap-mme.yaml
@@ -0,0 +1,102 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.mme.deploy }}
+{{- if not .Values.config.useExistingConfigMap }}
+{{- $configJson := index .Values.config.mme.cfgFiles "config.json" }}
+{{- $configJsonMme := index $configJson "mme" }}
+{{- $configJsonS6a := index $configJson "s6a" }}
+
+{{- $_ := .Values.config.mme.prometheus.port | set $configJsonMme "prom_port" -}}
+{{- if not (hasKey $configJsonS6a "host") -}}
+{{- $_ := tuple "hss" "identity" . | include "omec-control-plane.diameter_endpoint" | set $configJsonS6a "host" -}}
+{{- end }}
+{{- if not (hasKey $configJsonS6a "realm") -}}
+{{- $_ := tuple "hss" "realm" . | include "omec-control-plane.diameter_endpoint" | set $configJsonS6a "realm" -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mme-configs
+  labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+  s6a_fd.conf: |
+    Identity = {{ tuple "mme" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+    Realm = {{ tuple "mme" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+    TLS_Cred = "conf/{{ tuple "mme" "host" . | include "omec-control-plane.diameter_endpoint" }}.cert.pem",
+               "conf/{{ tuple "mme" "host" . | include "omec-control-plane.diameter_endpoint" }}.key.pem";
+    TLS_CA = "conf/cacert.pem";
+    AppServThreads = 40;
+    SCTP_streams = 3;
+    NoRelay;
+    No_IPv6;
+    #Port = 3868;
+    #SecPort = 3869;
+
+    ConnectPeer = {{ tuple "hss" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }} { No_TLS; port = 3868; };
+
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_S6as6d.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_S6c.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_S6t.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_SGd.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_T6aT6bT7.fdx";
+{{- range $key, $value := .Values.config.mme.cfgFiles }}
+  {{ $key }}: |-
+{{ toPrettyJson $value | indent 4 }}
+{{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mme-scripts
+  labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+  mme-init.sh: |
+{{ tuple "bin/_mme-init.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+  mme-run.sh: |
+{{ tuple "bin/_mme-run.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+{{- end }}
diff --git a/omec-control-plane/templates/configmap-pcrf.yaml b/omec-control-plane/templates/configmap-pcrf.yaml
new file mode 100644
index 0000000..d5ad7cc
--- /dev/null
+++ b/omec-control-plane/templates/configmap-pcrf.yaml
@@ -0,0 +1,120 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Default values for mcord-vepc-helm.
+This is a YAML-formatted file.
+Declare variables to be passed into your templates.
+*/}}
+
+{{- if .Values.config.pcrf.deploy }}
+{{- if not .Values.config.useExistingConfigMap }}
+{{- $pcrfJson := index .Values.config.pcrf.cfgFiles "pcrf.json" }}
+{{- $pcrfJsonCommon := index $pcrfJson "common" }}
+{{- $pcrfJsonHss := index $pcrfJson "pcrf" }}
+
+{{- $_ := .Values.config.pcrf.prometheus.port | set $pcrfJsonCommon "prom_port" -}}
+{{- if not (hasKey $pcrfJsonCommon "originhost") -}}
+{{- $_ := tuple "pcrf" "identity" . | include "omec-control-plane.diameter_endpoint" | set $pcrfJsonCommon "originhost" -}}
+{{- end }}
+{{- if not (hasKey $pcrfJsonCommon "originrealm") -}}
+{{- $_ := tuple "pcrf" "realm" . | include "omec-control-plane.diameter_endpoint" | set $pcrfJsonCommon "originrealm" -}}
+{{- end }}
+{{- if not (hasKey $pcrfJsonHss "casssrv") -}}
+{{- $_ := .Values.cassandra.fullnameOverride | set $pcrfJsonHss "casssrv" -}}
+{{- end }}
+{{- if not (hasKey $pcrfJsonHss "restport") -}}
+{{- $_ := .Values.config.pcrf.configPort.port | set $pcrfJsonHss "restport" -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: pcrf-configs
+  labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+  acl.conf: |
+  {{- if hasKey .Values.config.pcrf.acl "oldTls" }}
+    ALLOW_OLD_TLS {{ .Values.config.pcrf.acl.oldTls }}
+  {{- end }}
+  {{- if hasKey .Values.config.pcrf.acl "ipSec" }}
+    ALLOW_IPSEC {{ .Values.config.pcrf.acl.ipSec }}
+  {{- end }}
+  pcrf.conf: |
+    Identity = {{ tuple "pcrf" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+    Realm = {{ tuple "pcrf" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+    TLS_Cred = "/opt/c3po/pcrf/conf/{{ tuple "pcrf" "host" . | include "omec-control-plane.diameter_endpoint" }}.cert.pem",
+               "/opt/c3po/pcrf/conf/{{ tuple "pcrf" "host" . | include "omec-control-plane.diameter_endpoint" }}.key.pem";
+    TLS_CA = "/opt/c3po/pcrf/conf/cacert.pem";
+    No_SCTP;
+    Prefer_TCP;
+    No_IPv6;
+    SCTP_streams = 3;
+    NoRelay;
+    AppServThreads = 4;
+    Port = 3868;
+    SecPort = 5868;
+    LoadExtension = "/usr/local/lib/freeDiameter/acl_wl.fdx" : "/opt/c3po/pcrf/conf/acl.conf";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_CreditControl.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_Gx.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_NAS.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_Rx.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_Sd.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_St.fdx";
+{{- range $key, $value := .Values.config.pcrf.cfgFiles }}
+  {{ $key }}: |-
+{{ toPrettyJson $value | indent 4 }}
+{{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: pcrf-scripts
+  labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+  pcrf-run.sh: |
+{{ tuple "bin/_pcrf-run.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+  pcrf-bootstrap.sh: |
+{{ tuple "bin/_pcrf-bootstrap.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+{{- end }}
diff --git a/omec-control-plane/templates/configmap-spgwc.yaml b/omec-control-plane/templates/configmap-spgwc.yaml
new file mode 100644
index 0000000..6616998
--- /dev/null
+++ b/omec-control-plane/templates/configmap-spgwc.yaml
@@ -0,0 +1,112 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.spgwc.deploy }}
+{{- if not .Values.config.useExistingConfigMap }}
+{{- $cpJson := index .Values.config.spgwc.cfgFiles "cp.json" }}
+{{- $global := index $cpJson "global" }}
+{{- $configJson := index .Values.config.spgwc.cfgFiles "config.json" }}
+{{- $configJsonSpgwc := index $configJson "spgwc" }}
+{{- $configJsonGx := index $configJson "gx" }}
+
+{{- if not (hasKey $configJsonGx "host") -}}
+{{- $_ := tuple "pcrf" "identity" . | include "omec-control-plane.diameter_endpoint" | set $configJsonGx "host" -}}
+{{- end }}
+{{- if not (hasKey $configJsonGx "realm") -}}
+{{- $_ := tuple "pcrf" "realm" . | include "omec-control-plane.diameter_endpoint" | set $configJsonGx "realm" -}}
+{{- end }}
+{{- if not (hasKey $global "httpPort") -}}
+{{- $_ := .Values.config.spgwc.rest.port | set $global "httpPort" -}}
+{{- end }}
+{{- if not (hasKey $global "pfcpPort") -}}
+{{- $_ := .Values.config.spgwc.n4.port | set $global "pfcpPort" -}}
+{{- end }}
+{{- if not (hasKey $global "s11Port") -}}
+{{- $_ := .Values.config.spgwc.s11.port | set $global "s11Port" -}}
+{{- end }}
+{{- if not (hasKey $global "prometheusPort") -}}
+{{- $_ := .Values.config.spgwc.prometheus.port | set $global "prometheusPort" -}}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: spgwc-configs
+  labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+  gx.conf: |
+    Identity = {{ tuple "spgwc" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }};
+    Realm = {{ tuple "spgwc" "realm" . | include "omec-control-plane.diameter_endpoint" | quote }};
+    TLS_Cred = "config/{{ tuple "spgwc" "host" . | include "omec-control-plane.diameter_endpoint" }}.cert.pem",
+               "config/{{ tuple "spgwc" "host" . | include "omec-control-plane.diameter_endpoint" }}.key.pem";
+    TLS_CA = "config/cacert.pem";
+    AppServThreads = 40;
+    SCTP_streams = 3;
+    NoRelay;
+    No_IPv6;
+    #Port = 3868;
+    #SecPort = 3869;
+
+    ConnectPeer = {{ tuple "pcrf" "identity" . | include "omec-control-plane.diameter_endpoint" | quote }} { No_TLS; port = 3868; };
+
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_CreditControl.fdx";
+    LoadExtension = "/usr/local/lib/freeDiameter/dict_Gx.fdx";
+{{- range $key, $value := .Values.config.spgwc.cfgFiles }}
+  {{ $key }}: |-
+{{ toPrettyJson $value | indent 4 }}
+{{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: spgwc-scripts
+  labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+data:
+  spgwc-run.sh: |
+{{ tuple "bin/_spgwc-run.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+  spgwc-init.sh: |
+{{ tuple "bin/_spgwc-init.sh.tpl" . | include "omec-control-plane.template" | indent 4 }}
+{{- end }}
diff --git a/omec-control-plane/templates/service-config4g.yaml b/omec-control-plane/templates/service-config4g.yaml
new file mode 100644
index 0000000..ab01c6c
--- /dev/null
+++ b/omec-control-plane/templates/service-config4g.yaml
@@ -0,0 +1,52 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.config4g.deploy }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: config4g
+  labels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  type: ClusterIP
+  selector:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  ports:
+  - name: prometheus-exporter
+    port: {{ .Values.config.config4g.prometheus.port }}
+    protocol: TCP
+  - name: urlport-http
+    port: {{ .Values.config.config4g.urlport.port }}
+    protocol: TCP
+{{- if or .Values.config.config4g.urlport.nodePort.enabled .Values.config.config4g.prometheus.nodePort.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: config4g-external
+  labels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  type: NodePort
+  selector:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  ports:
+{{- if .Values.config.config4g.prometheus.nodePort.enabled }}
+  - name: prometheus-exporter
+    port: {{ .Values.config.config4g.prometheus.port }}
+    protocol: TCP
+    nodePort: {{ .Values.config.config4g.prometheus.nodePort.port }}
+{{- end }}
+{{- if .Values.config.config4g.urlport.nodePort.enabled }}
+  - name: urlport-http
+    port: {{ .Values.config.config4g.urlport.port }}
+    protocol: TCP
+    nodePort: {{ .Values.config.config4g.urlport.nodePort.port }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/service-hss.yaml b/omec-control-plane/templates/service-hss.yaml
new file mode 100644
index 0000000..371b363
--- /dev/null
+++ b/omec-control-plane/templates/service-hss.yaml
@@ -0,0 +1,76 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.hss.deploy }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hss
+  labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  selector:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  ports:
+  - name: s6a
+    port: 3868
+    protocol: TCP
+  - name: config-port
+    port: {{ .Values.config.hss.configPort.port }}
+    protocol: TCP
+  - name: prometheus-exporter
+    port: {{ .Values.config.hss.prometheus.port }}
+    protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hss-headless
+  labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  selector:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  clusterIP: None
+  ports:
+  - name: s6a
+    port: 3868
+    protocol: TCP
+  - name: config-port
+    port: {{ .Values.config.hss.configPort.port }}
+    protocol: TCP
+{{- if or .Values.config.hss.s6a.nodePort.enabled .Values.config.hss.configPort.nodePort.enabled}}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hss-external
+  labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  selector:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  type: NodePort
+  ports:
+  {{- if .Values.config.hss.prometheus.nodePort.enabled }}
+    - name: prometheus-exporter
+      port: {{ .Values.config.hss.prometheus.port }}
+      protocol: TCP
+      nodePort: {{ .Values.config.hss.prometheus.nodePort.port }}
+  {{- end }}
+    - name: s6a
+      port: 3868
+      protocol: TCP
+      nodePort: {{ .Values.config.hss.s6a.nodePort.port }}
+  {{- if .Values.config.hss.configPort.nodePort.enabled }}
+    - name: config-port
+      port: {{ .Values.config.hss.configPort.port }}
+      protocol: TCP
+      nodePort: {{ .Values.config.hss.configPort.nodePort.port }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/service-mme.yaml b/omec-control-plane/templates/service-mme.yaml
new file mode 100644
index 0000000..8ae95b9
--- /dev/null
+++ b/omec-control-plane/templates/service-mme.yaml
@@ -0,0 +1,96 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.mme.deploy }}
+{{- $configJson := index .Values.config.mme.cfgFiles "config.json" }}
+{{- $configJsonS11 := index $configJson "s11" }}
+{{- $configJsonS1ap := index $configJson "s1ap" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mme
+  labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  selector:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  type: ClusterIP
+  ports:
+    - name: s11
+      port: {{ index $configJsonS11 "egtp_default_port" }}
+      protocol: UDP
+    - name: s6a
+      port: 3868
+      protocol: TCP
+    - name: s1ap
+      port: {{ index $configJsonS1ap "sctp_port" }}
+      protocol: SCTP
+    - name: prometheus-exporter
+      port: {{ .Values.config.mme.prometheus.port }}
+      protocol: TCP
+    - name: mme-app-config
+      port: 8080
+      protocol: TCP
+    - name: mme-s1ap-config
+      port: 8081
+      protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mme-headless
+  labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  selector:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  clusterIP: None
+  ports:
+    - name: s11
+      port: {{ index $configJsonS11 "egtp_default_port" }}
+      protocol: UDP
+    - name: s6a
+      port: 3868
+      protocol: TCP
+    - name: s1ap
+      port: {{ index $configJsonS1ap "sctp_port" }}
+      protocol: SCTP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mme-external
+  labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  selector:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  type: NodePort
+  ports:
+  {{- if .Values.config.mme.prometheus.nodePort.enabled }}
+    - name: prometheus-exporter
+      port: {{ .Values.config.mme.prometheus.port }}
+      protocol: TCP
+      nodePort: {{ .Values.config.mme.prometheus.nodePort.port }}
+  {{- end }}
+  {{- if .Values.config.mme.s11.nodePort.enabled }}
+    - name: s11
+      port: {{ index $configJsonS11 "egtp_default_port" }}
+      protocol: UDP
+      nodePort: {{ .Values.config.mme.s11.nodePort.port }}
+  {{- end }}
+  {{- if .Values.config.mme.s6a.nodePort.enabled }}
+    - name: s6a
+      port: 3868
+      protocol: TCP
+      nodePort: {{ .Values.config.mme.s6a.nodePort.port }}
+  {{- end }}
+    - name: s1ap
+      port: {{ index $configJsonS1ap "sctp_port" }}
+      nodePort: {{ index $configJsonS1ap "sctp_port_external" }}
+      protocol: SCTP
+{{- end }}
diff --git a/omec-control-plane/templates/service-pcrf.yaml b/omec-control-plane/templates/service-pcrf.yaml
new file mode 100644
index 0000000..116f930
--- /dev/null
+++ b/omec-control-plane/templates/service-pcrf.yaml
@@ -0,0 +1,81 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.pcrf.deploy }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pcrf
+  labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  selector:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  ports:
+  - name: gx
+    port: 3868
+    protocol: TCP
+  - name: prometheus-exporter
+    port: {{ .Values.config.pcrf.prometheus.port }}
+    protocol: TCP
+  - name: config-port
+    port: {{ .Values.config.pcrf.configPort.port }}
+    protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pcrf-headless
+  labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  selector:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  clusterIP: None
+  ports:
+  - name: gx
+    port: 3868
+    protocol: TCP
+  - name: prometheus-exporter
+    port: {{ .Values.config.pcrf.prometheus.port }}
+    protocol: TCP
+  - name: config-port
+    port: {{ .Values.config.pcrf.configPort.port }}
+    protocol: TCP
+{{- if or (.Values.config.pcrf.prometheus.nodePort.enabled) (.Values.config.pcrf.gx.nodePort.enabled) }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pcrf-external
+  labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  selector:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  type: NodePort
+  ports:
+  {{- if .Values.config.pcrf.prometheus.nodePort.enabled }}
+    - name: prometheus-exporter
+      port: {{ .Values.config.pcrf.prometheus.port }}
+      protocol: TCP
+      nodePort: {{ .Values.config.pcrf.prometheus.nodePort.port }}
+  {{- end }}
+  {{- if .Values.config.pcrf.gx.nodePort.enabled }}
+  - name: gx
+    port: 3868
+    protocol: TCP
+    nodePort: {{ .Values.config.pcrf.gx.nodePort.port }}
+  {{- end }}
+  {{- if .Values.config.pcrf.configPort.nodePort.enabled }}
+    - name: config-port
+      port: {{ .Values.config.pcrf.configPort.port }}
+      protocol: TCP
+      nodePort: {{ .Values.config.pcrf.configPort.nodePort.port }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/service-spgwc.yaml b/omec-control-plane/templates/service-spgwc.yaml
new file mode 100644
index 0000000..c97689a
--- /dev/null
+++ b/omec-control-plane/templates/service-spgwc.yaml
@@ -0,0 +1,81 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.spgwc.deploy }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: spgwc
+  labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  type: ClusterIP
+  selector:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  ports:
+  - name: s11
+    port: {{ .Values.config.spgwc.s11.port }}
+    protocol: UDP
+  - name: pfcp
+    port: {{ .Values.config.spgwc.n4.port }}
+    protocol: UDP
+  - name: prometheus-exporter
+    port: {{ .Values.config.spgwc.prometheus.port }}
+    protocol: TCP
+  - name: rest
+    port: {{ .Values.config.spgwc.rest.port }}
+    protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: spgwc-headless
+  labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  clusterIP: None
+  selector:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+{{- if or .Values.config.spgwc.s11.nodePort.enabled .Values.config.spgwc.n4.nodePort.enabled .Values.config.spgwc.prometheus.nodePort.enabled .Values.config.spgwc.rest.nodePort.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: spgwc-external
+  labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  type: NodePort
+  selector:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+  ports:
+{{- if .Values.config.spgwc.s11.nodePort.enabled }}
+  - name: s11
+    port: {{ .Values.config.spgwc.s11.port }}
+    protocol: UDP
+    nodePort: {{ .Values.config.spgwc.s11.nodePort.port }}
+{{- end }}
+{{- if .Values.config.spgwc.n4.nodePort.enabled }}
+  - name: pfcp
+    port: {{ .Values.config.spgwc.n4.port }}
+    protocol: UDP
+    nodePort: {{ .Values.config.spgwc.n4.nodePort.port }}
+{{- end }}
+{{- if .Values.config.spgwc.prometheus.nodePort.enabled }}
+  - name: prometheus-exporter
+    port: {{ .Values.config.spgwc.prometheus.port }}
+    protocol: TCP
+    nodePort: {{ .Values.config.spgwc.prometheus.nodePort.port }}
+{{- end }}
+{{- if .Values.config.spgwc.rest.nodePort.enabled }}
+  - name: rest
+    port: {{ .Values.config.spgwc.rest.port }}
+    protocol: TCP
+    nodePort: {{ .Values.config.spgwc.rest.nodePort.port }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/statefulset-config4g.yaml b/omec-control-plane/templates/statefulset-config4g.yaml
new file mode 100644
index 0000000..2a20980
--- /dev/null
+++ b/omec-control-plane/templates/statefulset-config4g.yaml
@@ -0,0 +1,85 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.config4g.deploy }}
+{{ tuple "config4g" . | include "omec-control-plane.service_account" }}
+---
+apiVersion: apps/v1
+kind: StatefulSet 
+metadata:
+  name: config4g
+  labels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  replicas: 1
+  serviceName: config4g-headless
+  selector:
+    matchLabels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 6 }}
+  template:
+    metadata:
+      labels:
+{{ tuple "config4g" . | include "omec-control-plane.metadata_labels" | indent 8 }}
+    {{- with .Values.config.config4g.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    spec:
+      serviceAccountName: config4g
+    {{- if hasKey .Values.images "pullSecrets" }}
+      imagePullSecrets:
+{{ toYaml .Values.images.pullSecrets | indent 8 }}
+    {{- end }}
+      containers:
+      - name: config-4g
+        image: {{ .Values.images.tags.config4g }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+      {{- if .Values.config.coreDump.enabled }}
+        securityContext:
+          runAsUser: 0
+      {{- end }}
+        stdin: true
+        tty: true
+        command: ["/free5gc/script/config4g-run.sh"]
+        env:
+        - name: CONFIGPOD_DEPLOYMENT
+          value: "4G"
+      {{- if .Values.config.managedByConfigPod.enabled }}
+        - name: MANAGED_BY_CONFIG_POD
+          value: "true"
+      {{- end }}
+      {{- if .Values.resources.enabled }}
+        resources:
+{{ toYaml .Values.resources.config4g | indent 10 }}
+      {{- end }}
+        volumeMounts:
+        - name: run-script
+          mountPath: /free5gc/script/config4g-run.sh
+          subPath: config4g-run.sh
+        - name: nf-config
+          mountPath: /free5gc/config
+      {{- if .Values.config.coreDump.enabled }}
+        - name: coredump
+          mountPath: /tmp/coredump
+      {{- end }}
+      volumes:
+      - name: run-script
+        configMap:
+          name: config4g
+          defaultMode: 493
+      - name: nf-config
+        configMap:
+          name: config4g
+          defaultMode: 493
+    {{- if .Values.config.coreDump.enabled }}
+      - name: host-rootfs
+        hostPath:
+          path: /
+      - name: coredump
+        hostPath:
+          path: {{ .Values.config.coreDump.path }}
+    {{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/statefulset-hss.yaml b/omec-control-plane/templates/statefulset-hss.yaml
new file mode 100644
index 0000000..a69b4ac
--- /dev/null
+++ b/omec-control-plane/templates/statefulset-hss.yaml
@@ -0,0 +1,97 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Default values for mcord-vepc-helm.
+This is a YAML-formatted file.
+Declare variables to be passed into your templates.
+*/}}
+
+{{- if .Values.config.hss.deploy }}
+{{ tuple "hss" . | include "omec-control-plane.service_account" }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: hss
+  labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  replicas: 1
+  serviceName: hss-headless
+  selector:
+    matchLabels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 6 }}
+  template:
+    metadata:
+      labels:
+{{ tuple "hss" . | include "omec-control-plane.metadata_labels" | indent 8 }}
+    {{- with .Values.config.hss.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    spec:
+    {{- if .Values.nodeSelectors.enabled }}
+      nodeSelector:
+        {{ .Values.nodeSelectors.hss.label }}: {{ .Values.nodeSelectors.hss.value }}
+    {{- end }}
+      serviceAccountName: hss
+    {{- if hasKey .Values.images "pullSecrets" }}
+      imagePullSecrets:
+{{ toYaml .Values.images.pullSecrets | indent 8 }}
+    {{- end }}
+      initContainers:
+      - name: hss-bootstrap
+        image: {{ .Values.images.tags.hssdb }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+        command: ["/opt/c3po/hss/scripts/hss-bootstrap.sh"]
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/c3po/hss/scripts
+    {{- if .Values.config.coreDump.enabled }}
+{{ tuple "hss" . | include "omec-control-plane.coredump_init" | indent 6 }}
+    {{- end }}
+      containers:
+      - name: hss
+        image: {{ .Values.images.tags.hss }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+      {{- if .Values.config.coreDump.enabled }}
+        securityContext:
+          privileged: true
+          runAsUser: 0
+      {{- end }}
+        stdin: true
+        tty: true
+        command: ["bash", "-c", "/opt/c3po/hss/scripts/hss-run.sh; sleep 3600"]
+      {{- if .Values.resources.enabled }}
+        resources:
+{{ toYaml .Values.resources.hss | indent 10 }}
+      {{- end }}
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/c3po/hss/scripts
+        - name: configs
+          mountPath: /etc/hss/conf
+      {{- if .Values.config.coreDump.enabled }}
+        - name: coredump
+          mountPath: /tmp/coredump
+      {{- end }}
+      volumes:
+      - name: scripts
+        configMap:
+          name: hss-scripts
+          defaultMode: 493
+      - name: configs
+        configMap:
+          name: hss-configs
+          defaultMode: 420
+    {{- if .Values.config.coreDump.enabled }}
+      - name: host-rootfs
+        hostPath:
+          path: /
+      - name: coredump
+        hostPath:
+          path: {{ .Values.config.coreDump.path }}
+    {{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/statefulset-mme.yaml b/omec-control-plane/templates/statefulset-mme.yaml
new file mode 100644
index 0000000..d690bb5
--- /dev/null
+++ b/omec-control-plane/templates/statefulset-mme.yaml
@@ -0,0 +1,269 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.mme.deploy }}
+{{ tuple "mme" . | include "omec-control-plane.service_account" }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mme
+  labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  replicas: 1
+  serviceName: mme-headless
+  selector:
+    matchLabels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 6 }}
+  template:
+    metadata:
+      labels:
+{{ tuple "mme" . | include "omec-control-plane.metadata_labels" | indent 8 }}
+    {{- with .Values.config.mme.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    spec:
+    {{- if .Values.nodeSelectors.enabled }}
+      nodeSelector:
+        {{ .Values.nodeSelectors.mme.label }}: {{ .Values.nodeSelectors.mme.value }}
+    {{- end }}
+      serviceAccountName: mme
+    {{- if hasKey .Values.images "pullSecrets" }}
+      imagePullSecrets:
+{{ toYaml .Values.images.pullSecrets | indent 8 }}
+    {{- end }}
+      initContainers:
+      - name: mme-load-sctp-module
+        image: {{ .Values.images.tags.init | quote }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+        securityContext:
+          privileged: true
+          runAsUser: 0
+        command: ["sh", "-xc"]
+        args:
+        - |
+          if chroot /mnt/host-rootfs modinfo nf_conntrack_proto_sctp > /dev/null 2>&1; then \
+              chroot /mnt/host-rootfs modprobe nf_conntrack_proto_sctp; \
+          fi;
+          chroot /mnt/host-rootfs modprobe tipc
+        volumeMounts:
+        - name: host-rootfs
+          mountPath: /mnt/host-rootfs
+    {{- if .Values.config.hss.deploy }}
+      - name: mme-dep-check
+        image: {{ .Values.images.tags.depCheck | quote }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: false
+          runAsUser: 0
+        env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.name
+          - name: NAMESPACE
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.namespace
+          - name: PATH
+            value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/
+          - name: COMMAND
+            value: "echo done"
+          - name: DEPENDENCY_POD_JSON
+            value: '[{"labels": {"app": "hss"}, "requireSameNode": false}]'
+          # add dependency job for make_certs.sh
+        command:
+          - kubernetes-entrypoint
+        volumeMounts:
+          []
+    {{- end }}
+      - name: mme-init
+        image: {{ .Values.images.tags.mme | quote }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+        command: ["/opt/mme/scripts/mme-init.sh"]
+        env:
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/mme/scripts
+        - name: configs
+          mountPath: /opt/mme/config
+        - name: shared-data
+          mountPath: /opt/mme/config/shared
+    {{- if .Values.config.coreDump.enabled }}
+{{ tuple "mme" . | include "omec-control-plane.coredump_init" | indent 6 }}
+    {{- end }}
+      containers:
+      - name: mme-app
+        image: {{ .Values.images.tags.mme | quote }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+      {{- if .Values.config.coreDump.enabled }}
+        securityContext:
+          privileged: true
+          runAsUser: 0
+      {{- end }}
+        command: ["bash", "-xc"]
+        args:
+        - /opt/mme/scripts/mme-run.sh mme-app
+      {{- if .Values.resources.enabled }}
+        resources:
+{{ toYaml .Values.resources.mme | indent 10 }}
+      {{- end }}
+        env:
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: MMERUNENV
+          value: "container"
+      {{- if .Values.config.managedByConfigPod.enabled }}
+        - name: MANAGED_BY_CONFIG_POD
+          value: "true"
+      {{- end }}
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/mme/scripts
+        - name: shared-data
+          mountPath: /opt/mme/config/shared
+        - name: shared-app
+          mountPath: /tmp
+        - name: configs
+          mountPath: /opt/mme/config
+      {{- if .Values.config.coreDump.enabled }}
+        - name: coredump
+          mountPath: /tmp/coredump
+      {{- end }}
+      - name: s1ap-app
+        image: {{ .Values.images.tags.mme | quote }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+      {{- if .Values.config.coreDump.enabled }}
+        securityContext:
+          privileged: true
+          runAsUser: 0
+      {{- end }}
+        command: ["bash", "-xc"]
+        args:
+        - /opt/mme/scripts/mme-run.sh s1ap-app
+      {{- if .Values.resources.enabled }}
+        resources:
+{{ toYaml .Values.resources.mme | indent 10 }}
+      {{- end }}
+        env:
+        - name: MMERUNENV
+          value: "container"
+      {{- if .Values.config.managedByConfigPod.enabled }}
+        - name: MANAGED_BY_CONFIG_POD
+          value: "true"
+      {{- end }}
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/mme/scripts
+        - name: shared-data
+          mountPath: /opt/mme/config/shared
+        - name: shared-app
+          mountPath: /tmp
+        - name: configs
+          mountPath: /opt/mme/config
+      {{- if .Values.config.coreDump.enabled }}
+        - name: coredump
+          mountPath: /tmp/coredump
+      {{- end }}
+      - name: s6a-app
+        image: {{ .Values.images.tags.mme | quote }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+      {{- if .Values.config.coreDump.enabled }}
+        securityContext:
+          privileged: true
+          runAsUser: 0
+      {{- end }}
+        command: ["bash", "-xc"]
+        args:
+        - /opt/mme/scripts/mme-run.sh s6a-app
+      {{- if .Values.resources.enabled }}
+        resources:
+{{ toYaml .Values.resources.mme | indent 10 }}
+      {{- end }}
+        env:
+        - name: MMERUNENV
+          value: "container"
+      {{- if .Values.config.managedByConfigPod.enabled }}
+        - name: MANAGED_BY_CONFIG_POD
+          value: "true"
+      {{- end }}
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/mme/scripts
+        - name: shared-data
+          mountPath: /opt/mme/config/shared
+        - name: shared-app
+          mountPath: /tmp
+      {{- if .Values.config.coreDump.enabled }}
+        - name: coredump
+          mountPath: /tmp/coredump
+      {{- end }}
+      - name: s11-app
+        image: {{ .Values.images.tags.mme | quote }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+      {{- if .Values.config.coreDump.enabled }}
+        securityContext:
+          privileged: true
+          runAsUser: 0
+      {{- end }}
+        command: ["bash", "-xc"]
+        args:
+        - /opt/mme/scripts/mme-run.sh s11-app
+      {{- if .Values.resources.enabled }}
+        resources:
+{{ toYaml .Values.resources.mme | indent 10 }}
+      {{- end }}
+        env:
+        - name: MMERUNENV
+          value: "container"
+      {{- if .Values.config.managedByConfigPod.enabled }}
+        - name: MANAGED_BY_CONFIG_POD
+          value: "true"
+      {{- end }}
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/mme/scripts
+        - name: shared-data
+          mountPath: /opt/mme/config/shared
+        - name: shared-app
+          mountPath: /tmp
+      {{- if .Values.config.coreDump.enabled }}
+        - name: coredump
+          mountPath: /tmp/coredump
+      {{- end }}
+      volumes:
+      - name: scripts
+        configMap:
+          name: mme-scripts
+          defaultMode: 493
+      - name: configs
+        configMap:
+          name: mme-configs
+          defaultMode: 420
+      - name: shared-data
+        emptyDir: {}
+      - name: shared-app
+        emptyDir: {}
+      - name: host-rootfs
+        hostPath:
+          path: /
+    {{- if .Values.config.coreDump.enabled }}
+      - name: coredump
+        hostPath:
+          path: {{ .Values.config.coreDump.path }}
+    {{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/statefulset-pcrf.yaml b/omec-control-plane/templates/statefulset-pcrf.yaml
new file mode 100644
index 0000000..a7eb327
--- /dev/null
+++ b/omec-control-plane/templates/statefulset-pcrf.yaml
@@ -0,0 +1,93 @@
+{{/*
+# Copyright 2020-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+Default values for mcord-vepc-helm.
+This is a YAML-formatted file.
+Declare variables to be passed into your templates.
+*/}}
+
+{{- if .Values.config.pcrf.deploy }}
+{{ tuple "pcrf" . | include "omec-control-plane.service_account" }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: pcrf
+  labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  replicas: 1
+  serviceName: pcrf-headless
+  selector:
+    matchLabels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 6 }}
+  template:
+    metadata:
+      labels:
+{{ tuple "pcrf" . | include "omec-control-plane.metadata_labels" | indent 8 }}
+    spec:
+    {{- if .Values.nodeSelectors.enabled }}
+      nodeSelector:
+        {{ .Values.nodeSelectors.pcrf.label }}: {{ .Values.nodeSelectors.pcrf.value }}
+    {{- end }}
+    {{- if hasKey .Values.images "pullSecrets" }}
+      imagePullSecrets:
+{{ toYaml .Values.images.pullSecrets | indent 8 }}
+    {{- end }}
+      serviceAccountName: pcrf
+      initContainers:
+      - name: pcrf-bootstrap
+        image: {{ .Values.images.tags.pcrfdb }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+        command: ["/opt/c3po/pcrf/pcrf-bootstrap.sh"]
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/c3po/pcrf
+    {{- if .Values.config.coreDump.enabled }}
+{{ tuple "pcrf" . | include "omec-control-plane.coredump_init" | indent 6 }}
+    {{- end }}
+      containers:
+      - name: pcrf
+        image: {{ .Values.images.tags.pcrf }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+      {{- if .Values.config.coreDump.enabled }}
+        securityContext:
+          privileged: true
+          runAsUser: 0
+      {{- end }}
+        stdin: true
+        tty: true
+        command: ["bash", "-c", "/opt/c3po/pcrf/scripts/pcrf-run.sh"]
+      {{- if .Values.resources.enabled }}
+        resources:
+{{ toYaml .Values.resources.pcrf | indent 10 }}
+      {{- end }}
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/c3po/pcrf/scripts
+        - name: configs
+          mountPath: /etc/pcrf/conf
+      {{- if .Values.config.coreDump.enabled }}
+        - name: coredump
+          mountPath: /tmp/coredump
+      {{- end }}
+      volumes:
+      - name: scripts
+        configMap:
+          name: pcrf-scripts
+          defaultMode: 493
+      - name: configs
+        configMap:
+          name: pcrf-configs
+          defaultMode: 420
+    {{- if .Values.config.coreDump.enabled }}
+      - name: host-rootfs
+        hostPath:
+          path: /
+      - name: coredump
+        hostPath:
+          path: {{ .Values.config.coreDump.path }}
+    {{- end }}
+{{- end }}
diff --git a/omec-control-plane/templates/statefulset-spgwc.yaml b/omec-control-plane/templates/statefulset-spgwc.yaml
new file mode 100644
index 0000000..7d9d943
--- /dev/null
+++ b/omec-control-plane/templates/statefulset-spgwc.yaml
@@ -0,0 +1,178 @@
+{{/*
+# Copyright 2019-present Open Networking Foundation
+
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+*/}}
+
+{{- if .Values.config.spgwc.deploy }}
+{{ tuple "spgwc" . | include "omec-control-plane.service_account" }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: spgwc
+  labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 4 }}
+spec:
+  replicas: 1
+  serviceName: spgwc-headless
+  selector:
+    matchLabels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 6 }}
+  template:
+    metadata:
+      labels:
+{{ tuple "spgwc" . | include "omec-control-plane.metadata_labels" | indent 8 }}
+    {{- with .Values.config.spgwc.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    spec:
+    {{- if .Values.nodeSelectors.enabled }}
+      nodeSelector:
+        {{ .Values.nodeSelectors.spgwc.label }}: {{ .Values.nodeSelectors.spgwc.value }}
+    {{- end }}
+      serviceAccountName: spgwc
+    {{- if hasKey .Values.images "pullSecrets" }}
+      imagePullSecrets:
+{{ toYaml .Values.images.pullSecrets | indent 8 }}
+    {{- end }}
+    {{- if .Values.config.coreDump.enabled }}
+      initContainers:
+{{ tuple "spgwc" . | include "omec-control-plane.coredump_init" | indent 6 }}
+    {{- end }}
+      containers:
+      - name: spgwc
+        image: {{ .Values.images.tags.spgwc }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+      {{- if .Values.config.coreDump.enabled }}
+        securityContext:
+          privileged: true
+          runAsUser: 0
+      {{- end }}
+        stdin: true
+        tty: true
+        command: ["bash", "-xc"]
+        args: 
+        - /opt/cp/scripts/spgwc-run.sh ngic_controlplane
+        livenessProbe:
+          httpGet:
+            path: /liveness
+            port: {{ .Values.config.spgwc.rest.port }}
+          initialDelaySeconds: 10
+          periodSeconds: 3
+        readinessProbe:
+          httpGet:
+            path: /readiness
+            port: {{ .Values.config.spgwc.rest.port }}
+          initialDelaySeconds: 10
+          periodSeconds: 3
+{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }}
+        startupProbe:
+          #looks like available only in 1.16 K8s version and above
+          httpGet:
+            path: /startup
+            port: {{ .Values.config.spgwc.rest.port }}
+          failureThreshold: 30
+          periodSeconds: 10
+{{- end }}
+        env:
+        - name: MEM_LIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: spgwc
+              resource: limits.memory
+              divisor: 1Mi
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+      {{- if .Values.config.managedByConfigPod.enabled }}
+        - name: MANAGED_BY_CONFIG_POD
+          value: "true"
+      {{- end }}
+      {{- if .Values.config.spgwc.managedByRoc.enabled }}
+        - name: DISABLE_CONFIG_WATCHER  # If the variable has a value then changes
+          value: "true"                 # to subscriber_mapping.json are ignored
+      {{- end }}
+      {{- if .Values.resources.enabled }}
+        resources:
+{{ toYaml .Values.resources.spgwc | indent 10 }}
+      {{- end }}
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/cp/scripts
+        - name: configs
+          mountPath: /etc/cp/config
+        - name: shared-app
+          mountPath: /tmp
+      {{- if .Values.config.coreDump.enabled }}
+        - name: coredump
+          mountPath: /tmp/coredump
+      {{- end }}
+      - name: gx-app
+        image: {{ .Values.images.tags.spgwc }}
+        imagePullPolicy: {{ .Values.images.pullPolicy }}
+      {{- if .Values.config.coreDump.enabled }}
+        securityContext:
+          privileged: true
+          runAsUser: 0
+      {{- end }}
+        stdin: true
+        tty: true
+        command: ["bash", "-xc"]
+        args:
+        - /opt/cp/scripts/spgwc-run.sh gx-app
+      {{- if .Values.resources.enabled }}
+        resources:
+{{ toYaml .Values.resources.spgwc | indent 10 }}
+      {{- end }}
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/cp/scripts
+        - name: configs
+          mountPath: /etc/cp/config
+        - name: shared-app
+          mountPath: /tmp
+      {{- if .Values.config.coreDump.enabled }}
+        - name: coredump
+          mountPath: /tmp/coredump
+      {{- end }}
+    {{- if .Values.config.spgwc.managedByRoc.enabled }}
+      - name: init-sync
+        image: curlimages/curl:7.77.0
+        imagePullPolicy: IfNotPresent
+        stdin: true
+        tty: true
+        command: ["sh", "-c"]
+        args:
+        - /opt/cp/scripts/spgwc-init.sh
+        volumeMounts:
+        - name: scripts
+          mountPath: /opt/cp/scripts
+      volumes:
+      - name: scripts
+        configMap:
+          name: spgwc-scripts
+          defaultMode: 493
+    {{- end }}
+      volumes:
+      - name: scripts
+        configMap:
+          name: spgwc-scripts
+          defaultMode: 493
+      - name: configs
+        configMap:
+          name: spgwc-configs
+          defaultMode: 420
+      - name: shared-app
+        emptyDir: {}
+      - name: host-rootfs
+        hostPath:
+          path: /
+    {{- if .Values.config.coreDump.enabled }}
+      - name: coredump
+        hostPath:
+          path: {{ .Values.config.coreDump.path }}
+    {{- end }}
+{{- end }}
diff --git a/omec-control-plane/values.yaml b/omec-control-plane/values.yaml
new file mode 100644
index 0000000..4474228
--- /dev/null
+++ b/omec-control-plane/values.yaml
@@ -0,0 +1,594 @@
+# Copyright 2018 Intel Corporation
+# Copyright 2018-present Open Networking Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
+
+images:
+  tags:
+    init: registry.aetherproject.org/tools/busybox:stable
+    depCheck: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+    hssdb: registry.aetherproject.org/proxy/omecproject/c3po-hssdb:master-771c0c3
+    hss: registry.aetherproject.org/proxy/omecproject/c3po-hss:master-771c0c3
+    mme: registry.aetherproject.org/proxy/omecproject/nucleus:master-5f0a821
+    spgwc: registry.aetherproject.org/omecproject/spgw:master-86f31e4
+    pcrf: registry.aetherproject.org/proxy/omecproject/c3po-pcrf:pcrf-b29af70
+    pcrfdb: registry.aetherproject.org/proxy/omecproject/c3po-pcrfdb:pcrf-b29af70
+    config4g: registry.aetherproject.org/omecproject/5gc-webui:onf-release3.0.5-0534804
+  pullPolicy: IfNotPresent
+  # Secrets must be manually created in the namespace.
+  pullSecrets:
+    - name: aether.registry
+
+nodeSelectors:
+  enabled: false
+  hss:
+    label: omec-cp
+    value: enabled
+  pcrf:
+    label: omec-cp
+    value: enabled
+  mme:
+    label: omec-cp
+    value: enabled
+  spgwc:
+    label: omec-cp
+    value: enabled
+  config4g:
+    label: omec-cp
+    value: enabled
+
+resources:
+  enabled: true
+  pcrf:
+    requests:
+      cpu: 2
+      memory: 1Gi
+    limits:
+      cpu: 2
+      memory: 1Gi
+  hss:
+    requests:
+      cpu: 2
+      memory: 1Gi
+    limits:
+      cpu: 2
+      memory: 1Gi
+  mme:
+    # Note that MME pod is composed of 4 containers
+    # Provide resources for a container, not a pod total
+    requests:
+      cpu: 0.5
+      memory: 1Gi
+    limits:
+      cpu: 0.5
+      memory: 1Gi
+  spgwc:
+    requests:
+      cpu: 2
+      memory: 5Gi
+    limits:
+      cpu: 2
+      memory: 5Gi
+  config4g:
+    requests:
+      cpu: 1
+      memory: 1Gi
+    limits:
+      cpu: 1
+      memory: 1Gi
+
+cassandra:
+  deploy: true
+  fullnameOverride: cassandra
+  image:
+    tag: 2.1.20
+  #selector:
+  #  nodeSelector:
+  #    cassandra: enabled
+  persistence:
+    enabled: false
+  config:
+    #cluster_size: 1
+    #seed_size: 1
+    endpoint_snitch: GossipingPropertyFileSnitch
+  readinessProbe:
+    initialDelaySeconds: 10
+  resources: {}
+    #requests:
+    #  memory: 4Gi
+    #  cpu: 2
+    #limits:
+    #  memory: 4Gi
+    #  cpu: 2
+
+config:
+  clusterDomain: cluster.local
+  coreDump:
+    enabled: true
+    path: /tmp/coredump
+  managedByConfigPod:      # config comes from helm by default, if enabled true, then discard
+    enabled: false         # helm chart config and use the config from config Pod
+  useExistingConfigMap: false
+  logger:
+    WEBUI:
+      debugLevel: info
+      ReportCaller: false
+  config4g:
+    deploy: false
+    podAnnotations:
+      field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9089,"schema":"HTTP"}]'
+    prometheus:
+      port: 9089
+      nodePort:
+        enabled: false
+        port: 30084
+    urlport:
+      port: 5000
+      nodePort:
+        enabled: false
+        port: 35000
+    ingress:
+      enabled: false
+      hostname: free5gc.local
+      path: /
+      pathType: Prefix
+    cfgFiles:
+      webuicfg.conf:
+        info:
+          version: 1.0.0
+          description: WebUI initial local configuration
+        configuration:
+          endpoints:
+            - type: spgw
+              configPushUrl: "http://spgwc:8080/v1/config"
+              configCheckUrl: "http://spgwc:8080/v1/config-check"
+            #- type: mmeapp
+            #  configPushUrl: "http://mme-app-config:8080/v1/config/slice"
+            #  configCheckUrl: "http://mme-app-config:8080/v1/config-check"
+            - type: mme-s1ap
+              configPushUrl: "http://mme:8081/v1/config/slice"
+              configCheckUrl: "http://mme:8081/v1/config-check"
+            - type: hss
+              configPushUrl: "http://hss:8080/v2/config/imsis"
+              configCheckUrl: "http://hss:8080/v2/config-check"
+            - type: pcrf
+              configPushUrl: "http://pcrf:8080/v1/config/policies"
+              configCheckUrl: "http://pcrf:8080/v1/config-check"
+  pcrf:
+    deploy: true
+    podAnnotations:
+      fluentbit.io/parser: pcrf
+      field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9089,"schema":"HTTP"}]'
+    pcrfdb: cassandra
+    configPort:
+      port: 8080
+      nodePort:
+        enabled: false
+        port: 30081
+    gx:
+      nodePort:
+        enabled: false
+        port: 33868
+    prometheus:
+      port: 9089
+      nodePort:
+        enabled: false
+        port: 30086
+    # Provide the peer whitelist extension
+    # The peer name must be a fqdn. We allow also a special "*" character as the
+    # first label of the fqdn, to allow all fqdn with the same domain name.
+    # Example: *.example.net will allow host1.example.net and host2.example.net
+    acl:
+      oldTls: "*.cluster.local"
+      #ipSec:
+    bootstrap:
+      enabled: false
+    # See https://github.com/omec-project/c3po for details of config options
+    cfgFiles:
+      subscriber_mapping.json:
+        Policies:
+          service-groups:
+            internet:
+              default-activate-service:
+              - be-internet-access
+          services:
+            be-internet-access:
+              qci: 9
+              arp: 1
+              AMBR_UL: 1024000
+              AMBR_DL: 10240000
+              service-activation-rules:
+              - best-effort-internet-access
+              #activate-conditions:
+              #  timer: 50
+              #deactivate-conditions:
+              #  timer: 60
+          rules:
+            best-effort-internet-access:
+              definition:
+                Charging-Rule-Name: "best-effort-internet-access"
+                Flow-Status: 2
+                QoS-Information:
+                  QoS-Class-Identifier: 9
+                  Max-Requested-Bandwidth-UL: 512000
+                  Max-Requested-Bandwidth-DL: 5120000
+                  Guaranteed-Bitrate-UL: 0
+                  Guaranteed-Bitrate-DL: 0
+                  Allocation-Retention-Priority:
+                    Priority-Level: 1
+                    Pre-emption-Capability: 1
+                    Pre-emption-Vulnerability: 1
+                Flow-Information:
+                  Flow-Direction: 3
+                  Flow-Description: "permit out ip from 0.0.0.0/0 to assigned"
+      pcrf.json:
+        common:
+          fdcfg: conf/pcrf.conf
+          # Origin host and realm will be set automatically if unset
+          #originhost: ""
+          #originrealm: ""
+        pcrf:
+          gtwhost: "*"
+          gtwport: 9080
+          #restport will be set by configmap
+          #restport: ""
+          ossport: 9082
+          # casssrv will be set to cassandra in the same cluster if unset
+          #casssrv: ""
+          casskeyspace: vpcrf
+          casshost: "cassandra"
+          cassusr: root
+          casspwd: root
+          cassdb: vpcrf
+          casscoreconnections: 2
+          cassmaxconnections: 8
+          cassioqueuesize: 32768
+          cassiothreads: 2
+          randv: true
+          optkey: "63bfa50ee6523365ff14c1f45f88737d"
+          reloadkey: false
+          logsize: 20
+          lognumber: 5
+          logname: logs/pcrf.log
+          logqsize: 8192
+          statlogsize: 20
+          statlognumber: 5
+          statlogname: logs/pcrf_stat.log
+          auditlogsize: 20
+          auditlognumber: 5
+          auditlogname: logs/pcrf_audit.log
+          statfreq: 2000
+          numworkers: 4
+          concurrent: 10
+          ossfile: conf/oss.json
+          verifyroamingsubscribers: false
+          rulesfile: conf/subscriber_mapping.json
+      oss.json:
+        option:
+          id: url
+          type: string
+        services:
+          - id: logger
+            commands:
+              - id: describe_loggers
+              - id: set_logger_level
+                options:
+                  - id: name
+                    type: string
+                  - id: level
+                    type: integer
+          - id: stats
+            commands:
+              - id: describe_stats_frequency
+              - id: describe_stats_live
+              - id: set_stats_frequency
+                options:
+                  - id: frequency
+                    type: integer
+  hss:
+    deploy: true
+    podAnnotations:
+      fluentbit.io/parser: hss
+      field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9089,"schema":"HTTP"}]'
+    hssdb: cassandra
+    s6a:
+      nodePort:
+        enabled: false
+        port: 33868
+    configPort:
+      port: 8080
+      nodePort:
+        enabled: false
+        port: 30081
+    prometheus:
+      port: 9089
+      nodePort:
+        enabled: false
+        port: 30086
+    # Provide the peer whitelist extension
+    # The peer name must be a fqdn. We allow also a special "*" character as the
+    # first label of the fqdn, to allow all fqdn with the same domain name.
+    # Example: *.example.net will allow host1.example.net and host2.example.net
+    acl:
+      oldTls: "*.cluster.local"
+      #ipSec:
+    bootstrap:
+      enabled: true
+      users:
+        - apn: internet
+          key: "465b5ce8b199b49faa5f0a2ee238a6bc"
+          opc: "d4416644f6154936193433dd20a0ace0"
+          sqn: 96
+          imsiStart: "208014567891200"
+          msisdnStart: "1122334455"
+          mme_identity: mme.omec.svc.cluster.local
+          mme_realm: omec.svc.cluster.local
+          count: 10
+      staticusers:
+        - apn: internet
+          key: "465b5ce8b199b49faa5f0a2ee238a6bc"
+          opc: "d4416644f6154936193433dd20a0ace0"
+          sqn: 96
+          imsi: "208014567891200"
+          msisdn: "1122334455"
+          staticAddr: 0.0.0.0
+          mme_identity: mme.omec.svc.cluster.local
+          mme_realm: omec.svc.cluster.local
+      mmes:
+        - id: 1
+          mme_identity: mme.omec.svc.cluster.local
+          mme_realm: omec.svc.cluster.local
+          isdn: "19136246000"
+          unreachability: 1
+    # See https://github.com/omec-project/c3po for details of config options
+    cfgFiles:
+      hss.json:
+        common:
+          fdcfg: conf/hss.conf
+          # Origin host and realm will be set automatically if unset
+          #originhost: ""
+          #originrealm: ""
+        hss:
+          gtwhost: "*"
+          gtwport: 9080
+          #restport will be set by configmap
+          #restport: ""
+          ossport: 9082
+          # casssrv will be set to cassandra in the same cluster if unset
+          #casssrv: ""
+          cassusr: root
+          casspwd: root
+          cassdb: vhss
+          casscoreconnections: 2
+          cassmaxconnections: 8
+          cassioqueuesize: 32768
+          cassiothreads: 2
+          randv: true
+          optkey: "63bfa50ee6523365ff14c1f45f88737d"
+          reloadkey: false
+          logsize: 20
+          lognumber: 5
+          logname: logs/hss.log
+          logqsize: 8192
+          statlogsize: 20
+          statlognumber: 5
+          statlogname: logs/hss_stat.log
+          auditlogsize: 20
+          auditlognumber: 5
+          auditlogname: logs/hss_audit.log
+          statfreq: 2000
+          numworkers: 4
+          concurrent: 10
+          ossfile: conf/oss.json
+          verifyroamingsubscribers: false
+      oss.json:
+        option:
+          id: url
+          type: string
+        services:
+          - id: logger
+            commands:
+              - id: describe_loggers
+              - id: set_logger_level
+                options:
+                  - id: name
+                    type: string
+                  - id: level
+                    type: integer
+          - id: stats
+            commands:
+              - id: describe_stats_frequency
+              - id: describe_stats_live
+              - id: set_stats_frequency
+                options:
+                  - id: frequency
+                    type: integer
+  mme:
+    deploy: true
+    podAnnotations:
+      fluentbit.io/parser: mme
+      field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":3081,"schema":"HTTP"}]'
+    spgwAddr: spgwc
+    s11:
+      nodePort:
+        enabled: false
+        port: 32124
+    s6a:
+      nodePort:
+        enabled: false
+        port: 33869
+    prometheus:
+      port: 3081
+      nodePort:
+        enabled: false
+        port: 30085
+    # See https://github.com/omec-project/openmme/blob/master/README.txt for more config options
+    cfgFiles:
+      config.json:
+        mme:
+          name: vmmestandalone
+          group_id: 1
+          code: 1
+          logging: debug
+          plmnlist:
+            #plmn1 is aether common plmn, plmn2 is for aether-in-a-box
+            plmn1: "mcc=315,mnc=010"
+            plmn2: "mcc=208,mnc=01"
+          apnlist:
+            internet: "spgwc"
+            default: "spgwc" #default spgwc to be used
+          feature_list:
+            dcnr_support: "disabled"
+          security:
+            #int_alg_list: "[EIA0]"
+            int_alg_list: "[EIA1, EIA2, EIA0]"
+            sec_alg_list: "[EEA0, EEA1, EEA2]"
+        s1ap:
+          sctp_port: 36412
+          sctp_port_external: 36412
+        s11:
+          egtp_default_port: 2123
+          # sgw_addr and pgw_addr will be set dynamically if unset
+          #sgw_addr:
+          #pgw_addr:
+        s6a:
+          host_type: freediameter
+          # host and realm will be set dynamically if unset
+          #host:
+          #realm:
+  spgwc:
+    deploy: true
+    managedByRoc:
+      enabled: false
+      syncUrl: ""
+    podAnnotations:
+      fluentbit.io/parser: spgwc
+      field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9089,"schema":"HTTP"}]'
+    s11:
+      port: 2123
+      nodePort:
+        enabled: false
+        port: 32123
+    n4:
+      port: 8805
+      nodePort:
+        enabled: false
+        port: 30021
+    prometheus:
+      port: 9089
+      nodePort:
+        enabled: false
+        port: 30084
+    rest:
+      port: 8080
+      nodePort:
+        enabled: false
+        port: 30080
+    cfgFiles:
+      cp.json:
+        global:
+          transmitTimerSec: 2
+          periodicTimerSec: 10
+          transmitCount: 5
+          requestTimeoutMilliSec: 5000
+          requestTries: 3
+          gxConfig: 0
+          urrConfig: 0
+          loggingLevel: "LOG_DEBUG"
+          heartbeatFailure: false
+        #DNS Server - 3gpp compliant DNS server
+        dns:
+          cache:
+            concurrent: 25
+            percentage: 80
+            intervalSec: 60
+            queryTimeoutMilliSec: 1000
+            queryTries: 1
+          app:
+            frequencySec: 3
+            filename: "appqueries.json"
+            nameserver: "127.0.0.1"
+          ops:
+            frequencySec: 3
+            filename: "opsqueries.json"
+            nameserver: "127.0.0.1"
+        ip_pool_config:
+          ueIpPool:
+            ip: "10.250.0.0"
+            mask: "255.255.0.0"
+          staticUeIpPool:
+            ip: "10.249.1.0"
+            mask: "255.255.255.0"
+      config.json:
+        gx:
+          host_type: freediameter
+          # host and realm will be set dynamically if unset
+          #host:
+          #realm:
+      subscriber_mapping.json:
+        subscriber-selection-rules:
+          - priority: 5
+            keys:
+              serving-plmn:
+                mcc: 208
+                mnc: 10
+                tac: 1
+              imsi-range:
+                from: 200000000000000
+                to: 299999999999999
+            selected-apn-profile: apn-profile1
+            selected-qos-profile: qos-profile1
+            selected-access-profile:
+              - access-all
+            selected-user-plane-profile: user-plane1
+          - priority: 10
+            keys:
+              match-all: true
+            selected-apn-profile: apn-profile1
+            selected-qos-profile: qos-profile1
+            selected-access-profile:
+              - access-all
+            selected-user-plane-profile: user-plane1
+        apn-profiles:
+          apn-profile1:
+            apn-name: internet
+            usage: 1
+            network: lbo
+            gx_enabled: true
+            dns_primary: 8.8.8.4
+            dns_secondary: 8.8.8.8
+            mtu: 1460
+        user-plane-profiles:
+          user-plane1:
+            user-plane: upf
+            global-address: true
+            qos-tags:
+              tag1: BW
+            access-tags:
+              tag1: ACC
+        qos-profiles:
+          mobile:
+            qci: 9
+            arp: 1
+            apn-ambr:
+              - 12345678
+              - 12345678
+        access-profiles:
+          access-all:
+            type: allow-all
+          internet-only:
+            type: internet-only
+            filter: No_private_network
+          intranet-only:
+            type: intranet-only
+            filter: only_private_network
+          apps-only:
+            type: specific-network
+            filter: only_apps_network
+          specific-app:
+            type: specific-destination-only
+            filter: allow-app-name
+          excluding-app:
+            type: excluding-this-app
+            filter: exclude-app-name