├── Arm-Architecture ├── .helmignore ├── Chart.yaml ├── Dockerfiles │ ├── aws-secondary-ip-sync-controller │ │ ├── Dockerfile │ │ └── hooks │ │ │ └── sync-secondary-ip.sh │ ├── multus-svc-watcher-route53-controller │ │ ├── Dockerfile │ │ └── hooks │ │ │ └── svc-watcher.sh │ └── open5gs-epc │ │ ├── open5gs-epc-aio │ │ └── web-gui ├── ca-tls-certificates │ └── make_certs.sh ├── cfn-templates │ ├── open5gs-infra.yaml │ └── open5gs-worker-arm.yaml ├── cluster_initializer.sh ├── controllers │ ├── deployments │ │ ├── aws-secondary-int-controller-deployment.yaml │ │ └── svc-watcher-route53-deployment.yaml │ └── rbac │ │ ├── aws-secondary-int-controller-rbac.yaml │ │ └── svc-watcher-route53-rbac.yaml ├── multus-networks │ ├── multus-sub-net-1-cp.yaml │ ├── multus-sub-net-1-up.yaml │ └── multus-sub-net-2-user-plane.yaml ├── templates │ ├── NOTES.txt │ ├── hss-configmap.yaml │ ├── hss-deploy.yaml │ ├── hss-free-diameter-configmap.yaml │ ├── mme-configmap.yaml │ ├── mme-deploy.yaml │ ├── mme-free-diameter-configmap.yaml │ ├── nrf-configmap.yaml │ ├── nrf-deploy.yaml │ ├── pcrf-configmap.yaml │ ├── pcrf-deploy.yaml │ ├── pcrf-free-diameter-configmap.yaml │ ├── sgw-c-configmap.yaml │ ├── sgw-c-deploy.yaml │ ├── sgw-u-configmap.yaml │ ├── sgw-u-deploy.yaml │ ├── smf-configmap.yaml │ ├── smf-deploy.yaml │ ├── smf-free-diameter-configmap.yaml │ ├── upf-configmap.yaml │ ├── upf-deploy.yaml │ └── web-ui-deploy.yaml └── values.yaml ├── Build-Container-Images.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── srsLTE ├── README.md ├── k8s-manifests │ ├── srsLTE-Dockerfile │ ├── srslte-config-configmap.yaml │ └── srslte-deployment.yaml └── sample-srs-lte-config │ ├── enb │ ├── drb.conf │ ├── enb.conf │ ├── rr.conf │ └── sib.conf │ └── ue │ └── ue.conf └── x86-Architecture ├── .helmignore ├── Chart.yaml ├── Dockerfiles ├── aws-secondary-ip-sync-controller │ ├── Dockerfile │ └── hooks │ │ └── sync-secondary-ip.sh ├── multus-svc-watcher-route53-controller │ ├── Dockerfile │ └── hooks │ │ └── svc-watcher.sh └── open5gs-epc │ ├── open5gs-epc-aio │ └── web-gui ├── ca-tls-certificates └── make_certs.sh ├── cfn-templates ├── open5gs-infra.yaml └── open5gs-worker-x86.yaml ├── cluster_initializer.sh ├── controllers ├── deployments │ ├── aws-secondary-int-controller-deployment.yaml │ └── svc-watcher-route53-deployment.yaml └── rbac │ ├── aws-secondary-int-controller-rbac.yaml │ └── svc-watcher-route53-rbac.yaml ├── multus-networks ├── multus-sub-net-1-cp.yaml ├── multus-sub-net-1-up.yaml └── multus-sub-net-2-user-plane.yaml ├── templates ├── NOTES.txt ├── hss-configmap.yaml ├── hss-deploy.yaml ├── hss-free-diameter-configmap.yaml ├── mme-configmap.yaml ├── mme-deploy.yaml ├── mme-free-diameter-configmap.yaml ├── nrf-configmap.yaml ├── nrf-deploy.yaml ├── pcrf-configmap.yaml ├── pcrf-deploy.yaml ├── pcrf-free-diameter-configmap.yaml ├── sgw-c-configmap.yaml ├── sgw-c-deploy.yaml ├── sgw-u-configmap.yaml ├── sgw-u-deploy.yaml ├── smf-configmap.yaml ├── smf-deploy.yaml ├── smf-free-diameter-configmap.yaml ├── upf-configmap.yaml ├── upf-deploy.yaml └── web-ui-deploy.yaml └── values.yaml /Arm-Architecture/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /Arm-Architecture/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: open5gs-epc-helm 3 | description: A Helm chart for open5gs 4G EPC 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.0.1 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | appVersion: 2.22.0 24 | -------------------------------------------------------------------------------- /Arm-Architecture/Dockerfiles/aws-secondary-ip-sync-controller/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM flant/shell-operator:latest 2 | 3 | ADD hooks /hooks 4 | 5 | ENV KUBECTL_VER=1.18.0 6 | 7 | RUN apk --no-cache add \ 8 | bind-tools \ 9 | curl \ 10 | aws-cli \ 11 | # Remove kubectl binary from flant container image since it ships the x86, arm version is needed 12 | && rm -rf /bin/kubectl \ 13 | && wget https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/linux/arm64/kubectl \ 14 | && chmod +x kubectl \ 15 | && mv kubectl /bin/ \ 16 | && chmod +x /hooks/sync-secondary-ip.sh -------------------------------------------------------------------------------- /Arm-Architecture/Dockerfiles/aws-secondary-ip-sync-controller/hooks/sync-secondary-ip.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #set -xv 3 | 4 | ARRAY_COUNT=`jq -r '. | length-1' $BINDING_CONTEXT_PATH` 5 | 6 | touch /root/secondary-eni-ip-pod-mappings.txt 7 | 8 | function AddIPToEC2Instance() { 9 | echo -e "Pod ${resourceName} has been created, proceeding to associate the necessary secondary IPs with the EC2 instance \n" 10 | 11 | echo "Sleeping for 5 secs for interfaces to be up and running" 12 | 13 | sleep 5 14 | 15 | for macAddress in $(kubectl -n ${resourceNameSpace} get po ${resourceName} -o jsonpath='{.metadata.annotations.k8s\.v1\.cni\.cncf\.io/networks-status}' | grep mac | awk '{print $NF}' | sed 's/"//g;s/,//g') 16 | do 17 | 18 | instance_region=$(curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) 19 | 20 | eni=$(aws --region $instance_region ec2 describe-network-interfaces \ 21 | | grep -A 1 ${macAddress} | grep NetworkInterfaceId | \ 22 | awk '{print $NF}' | sed 's/,//g;s/"//g') 23 | 24 | instance_id=$(aws --region $instance_region ec2 describe-network-interface-attribute \ 25 | --network-interface-id ${eni} --attribute \ 26 | attachment | jq -r .Attachment.InstanceId) 27 | 28 | ip_address=$(kubectl -n ${resourceNameSpace} get po ${resourceName} -o jsonpath='{.metadata.annotations.k8s\.v1\.cni\.cncf\.io/networks-status}' | grep -B 2 "$macAddress" | head -1 | awk '{print $NF}' | sed 's/"//g;s/,//g') 29 | 30 | echo -e "Adding $ip_address to instance ${instance_id} \n" 31 | 32 | aws --region $instance_region ec2 assign-private-ip-addresses \ 33 | --network-interface-id $eni \ 34 | --private-ip-addresses $ip_address \ 35 | --allow-reassignment 36 | 37 | echo -e "Finished allocating IP $ip_address to instance ${instance_id} to ENI ${eni} \n" 38 | 39 | # Save the eni and IP info in state file, this will be used when POD is deleted 40 | 41 | echo "${resourceName} ${instance_region} $eni $ip_address" >> /root/secondary-eni-ip-pod-mappings.txt 42 | 43 | done 44 | } 45 | 46 | function DetachIPFromEC2Instance() { 47 | echo "Pod ${resourceName} has been deleted, proceeding to dissociate the necessary secondary IPs from the EC2 instance" 48 | 49 | # Make grep to return complete line instead of individual words when used in FOR loop 50 | IFS=$'\n' 51 | 52 | # Retrieve POD IPs that was saved in the state file using the POD name 53 | for entry in $(grep ${resourceName} /root/secondary-eni-ip-pod-mappings.txt) 54 | do 55 | ip_address=$(echo ${entry} | awk '{print $NF}') 56 | 57 | eni=$(echo ${entry} | awk '{print $3}') 58 | 59 | region=$(echo ${entry} | awk '{print $2}') 60 | 61 | aws --region ${region} ec2 unassign-private-ip-addresses --network-interface-id \ 62 | ${eni} --private-ip-addresses ${ip_address} 63 | 64 | echo "Secondary IP ${ip_address} entry for pod ${resourceName} has been removed from ${eni}" 65 | 66 | done 67 | 68 | IFS="" 69 | 70 | #Remove pod eni IP mapping entry in the state file 71 | sed -i "/${resourceName}/d" /root/secondary-eni-ip-pod-mappings.txt 72 | 73 | } 74 | 75 | if [[ $1 == "--config" ]] ; then 76 | cat < /tmp/${resourceName}.json 53 | 54 | aws --region ${region} route53 change-resource-record-sets --hosted-zone-id ${zoneID} \ 55 | --change-batch file:///tmp/${resourceName}.json 56 | 57 | rm -rf /tmp/${resourceName}.json 58 | 59 | echo "Record ${route53ServiceName} has been mapped to ${multusPodIP} in route53" 60 | 61 | localRoute53mapping="${resourceName} ${route53ServiceName} ${multusPodIP} ${zoneID}" 62 | 63 | echo ${localRoute53mapping} >> /route53_service_id_record.txt 64 | } 65 | 66 | function RemoveServiceNameFromroute53() { 67 | echo "Pod ${resourceName} has been deleted, proceeding to remove the A record for the service in route53" 68 | 69 | deleteTemplate='{ 70 | "Comment": "Delete single record set", 71 | "Changes": [ 72 | { 73 | "Action": "DELETE", 74 | "ResourceRecordSet": { 75 | "Name": "DOMAIN", 76 | "Type": "A", 77 | "TTL": 30, 78 | "ResourceRecords": [ 79 | { 80 | "Value": "IP_ADDR" 81 | } 82 | ] 83 | } 84 | } 85 | ] 86 | }' 87 | 88 | IFS=$'\n' 89 | 90 | for record in $(grep ${resourceName} /route53_service_id_record.txt) 91 | do 92 | route53ServiceName=$(echo ${record} | awk '{print $2}') 93 | 94 | route53IPentry=$(echo ${record} | awk '{print $3}') 95 | 96 | zoneID=$(echo ${record} | awk '{print $NF}') 97 | 98 | echo $deleteTemplate | sed "s/DOMAIN/${route53ServiceName}./g;s/IP_ADDR/${route53IPentry}/g" \ 99 | | jq . > /tmp/${resourceName}-deletion.json 100 | 101 | aws --region ${region} route53 change-resource-record-sets --hosted-zone-id ${zoneID} \ 102 | --change-batch file:///tmp/${resourceName}-deletion.json 103 | 104 | #Remove route53 service mapping entry in the records file 105 | sed -i "/${route53IPentry}/d" /route53_service_id_record.txt 106 | echo "${route53IPentry} entry for POD ${resourceName} for DNS ${route53ServiceName} in route53 has been removed" 107 | done 108 | 109 | IFS="" 110 | } 111 | 112 | #function RemoveMultusIPFromEC2() { 113 | # #statements 114 | #} 115 | 116 | if [[ $1 == "--config" ]] ; then 117 | cat < 4 | 5 | ENV DEBIAN_FRONTEND noninteractive 6 | 7 | RUN apt-get update && \ 8 | apt-get -yq dist-upgrade && \ 9 | apt-get install -y --no-install-recommends \ 10 | python3-pip \ 11 | python3-setuptools \ 12 | python3-wheel \ 13 | ninja-build \ 14 | build-essential \ 15 | flex \ 16 | bison \ 17 | git \ 18 | meson \ 19 | libsctp-dev \ 20 | libgnutls28-dev \ 21 | libgcrypt-dev \ 22 | libssl-dev \ 23 | libidn11-dev \ 24 | libmongoc-dev \ 25 | libbson-dev \ 26 | libyaml-dev \ 27 | libmicrohttpd-dev \ 28 | libcurl4-gnutls-dev \ 29 | libnghttp2-dev \ 30 | iproute2 \ 31 | ca-certificates \ 32 | netbase \ 33 | iptables \ 34 | net-tools \ 35 | dnsutils \ 36 | pkg-config && \ 37 | apt-get clean && \ 38 | git clone -b v2.2.6 --recursive https://github.com/open5gs/open5gs && \ 39 | cd open5gs && meson build --prefix=/ && ninja -C build && cd build && ninja install 40 | 41 | WORKDIR / 42 | -------------------------------------------------------------------------------- /Arm-Architecture/Dockerfiles/open5gs-epc/web-gui: -------------------------------------------------------------------------------- 1 | FROM node:12.22.1-alpine 2 | 3 | RUN apk update && apk add git && \ 4 | git clone -b v2.2.6 https://github.com/open5gs/open5gs.git 5 | 6 | WORKDIR /open5gs/webui 7 | 8 | RUN npm install && \ 9 | npm run build 10 | 11 | CMD npm run start 12 | 13 | EXPOSE 3000 14 | -------------------------------------------------------------------------------- /Arm-Architecture/ca-tls-certificates/make_certs.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | #Script to generate required SSL certs 4 | 5 | if ls ./*.pem 2>/dev/null 1>&2; then 6 | echo "certificates exists..., no need to generate SSL certs" 7 | exit 8 | fi 9 | 10 | FILE=/etc/pki/CA/serial 11 | 12 | if [[ ! -f "$FILE" ]]; then 13 | echo "$FILE does not exist, proceeding to create it" 14 | echo '1000' | sudo tee /etc/pki/CA/serial 15 | fi 16 | 17 | sudo touch /etc/pki/CA/index.txt 18 | 19 | wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem 20 | 21 | openssl req -new -batch -x509 -days 3650 -nodes -newkey rsa:1024 -out ./cacert.pem -keyout cakey.pem -subj /CN=ca.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests 22 | openssl genrsa -out ./mme.key.pem 1024 23 | openssl req -new -batch -out mme.csr.pem -key ./mme.key.pem -subj /CN=mme.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests 24 | sudo openssl ca -cert ./cacert.pem -days 3650 -keyfile cakey.pem -in mme.csr.pem -out ./mme.cert.pem -outdir . -batch 25 | openssl genrsa -out ./hss.key.pem 1024 26 | openssl req -new -batch -out hss.csr.pem -key ./hss.key.pem -subj /CN=hss.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests 27 | sudo openssl ca -cert ./cacert.pem -days 3650 -keyfile cakey.pem -in hss.csr.pem -out ./hss.cert.pem -outdir . -batch 28 | openssl genrsa -out ./smf.key.pem 1024 29 | openssl req -new -batch -out smf.csr.pem -key ./smf.key.pem -subj /CN=smf.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests 30 | sudo openssl ca -cert ./cacert.pem -days 3650 -keyfile cakey.pem -in smf.csr.pem -out ./smf.cert.pem -outdir . -batch 31 | openssl genrsa -out ./pcrf.key.pem 1024 32 | openssl req -new -batch -out pcrf.csr.pem -key ./pcrf.key.pem -subj /CN=pcrf.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests 33 | sudo openssl ca -cert ./cacert.pem -days 3650 -keyfile cakey.pem -in pcrf.csr.pem -out ./pcrf.cert.pem -outdir . -batch 34 | -------------------------------------------------------------------------------- /Arm-Architecture/cluster_initializer.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | #Script written to install the pre-requisite resources that are needed 4 | 5 | echo -e "Creating open5gs namespace....\n" 6 | 7 | echo 8 | 9 | kubectl create ns open5gs 10 | 11 | echo -e "Checking and creating the needed certificates if not already created....\n" 12 | 13 | echo 14 | 15 | cd ca-tls-certificates 16 | 17 | ./make_certs.sh 18 | 19 | kubectl -n open5gs create secret generic mongodb-ca --from-file=rds-combined-ca-bundle.pem 20 | 21 | kubectl -n open5gs create secret generic diameter-ca --from-file=cacert.pem 22 | 23 | kubectl -n open5gs create secret tls hss-tls \ 24 | --cert=hss.cert.pem \ 25 | --key=hss.key.pem 26 | 27 | kubectl -n open5gs create secret tls mme-tls \ 28 | --cert=mme.cert.pem \ 29 | --key=mme.key.pem 30 | 31 | kubectl -n open5gs create secret tls pcrf-tls \ 32 | --cert=pcrf.cert.pem \ 33 | --key=pcrf.key.pem 34 | 35 | kubectl -n open5gs create secret tls smf-tls \ 36 | --cert=smf.cert.pem \ 37 | --key=smf.key.pem 38 | 39 | echo -e "Installing multus daemonset\n" 40 | 41 | echo 42 | 43 | kubectl apply -f https://github.com/intel/multus-cni/raw/master/images/multus-daemonset.yml 44 | 45 | cd .. 46 | 47 | echo -e "Creating the multus network attachments\n" 48 | 49 | echo 50 | 51 | kubectl apply -f multus-networks/ 52 | 53 | echo -e "Creating RBAC entries and deployments for the required controllers\n" 54 | 55 | echo 56 | 57 | kubectl apply -f controllers/rbac/ 58 | 59 | kubectl apply -f controllers/deployments/ 60 | 61 | echo -e "The pre-requisite resources have been installed, see below for the status\n" 62 | 63 | echo 64 | 65 | kubectl get -n kube-system po 66 | 67 | echo 68 | 69 | kubectl -n open5gs get secret 70 | 71 | echo "You can now proceed to install the Helm chart" 72 | -------------------------------------------------------------------------------- /Arm-Architecture/controllers/deployments/aws-secondary-int-controller-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: multus-secondary-ip-ec2-mapping-operator 5 | namespace: kube-system 6 | labels: 7 | app: multus-secondary-ip-ec2-mapping 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: multus-secondary-ip-ec2-mapping 13 | template: 14 | metadata: 15 | labels: 16 | app: multus-secondary-ip-ec2-mapping 17 | spec: 18 | containers: 19 | - name: shell-operator 20 | image: { AWS_SEC_IP_CONTROLLER_IMAGE } 21 | serviceAccountName: multus-sec-ip-operator-acct 22 | -------------------------------------------------------------------------------- /Arm-Architecture/controllers/deployments/svc-watcher-route53-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: multus-route53-service-operator 5 | namespace: kube-system 6 | labels: 7 | app: multus-route53-service 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: multus-route53-service 13 | template: 14 | metadata: 15 | labels: 16 | app: multus-route53-service 17 | spec: 18 | containers: 19 | - name: shell-operator 20 | image: { SVC_DISCOVERY_CONTROLLER_IMAGE } 21 | serviceAccountName: multus-service-route53-acct 22 | -------------------------------------------------------------------------------- /Arm-Architecture/controllers/rbac/aws-secondary-int-controller-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: multus-sec-ip-operator-acct 6 | namespace: kube-system 7 | 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1beta1 10 | kind: ClusterRole 11 | metadata: 12 | name: multus-sec-ip-operator 13 | rules: 14 | - apiGroups: [""] 15 | resources: ["pods"] 16 | verbs: ["get", "watch", "list"] 17 | - apiGroups: [""] 18 | resources: ["pods/exec"] 19 | verbs: ["create"] 20 | 21 | --- 22 | apiVersion: rbac.authorization.k8s.io/v1beta1 23 | kind: ClusterRoleBinding 24 | metadata: 25 | name: multus-sec-ip-operator 26 | roleRef: 27 | apiGroup: rbac.authorization.k8s.io 28 | kind: ClusterRole 29 | name: multus-sec-ip-operator 30 | subjects: 31 | - kind: ServiceAccount 32 | name: multus-sec-ip-operator-acct 33 | namespace: kube-system 34 | -------------------------------------------------------------------------------- /Arm-Architecture/controllers/rbac/svc-watcher-route53-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: multus-service-route53-acct 6 | namespace: kube-system 7 | 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1beta1 10 | kind: ClusterRole 11 | metadata: 12 | name: multus-service-route53-monitor-pods 13 | rules: 14 | - apiGroups: [""] 15 | resources: ["pods"] 16 | verbs: ["get", "watch", "list"] 17 | 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1beta1 20 | kind: ClusterRoleBinding 21 | metadata: 22 | name: multus-service-route53-monitor-pods 23 | roleRef: 24 | apiGroup: rbac.authorization.k8s.io 25 | kind: ClusterRole 26 | name: multus-service-route53-monitor-pods 27 | subjects: 28 | - kind: ServiceAccount 29 | name: multus-service-route53-acct 30 | namespace: kube-system 31 | -------------------------------------------------------------------------------- /Arm-Architecture/multus-networks/multus-sub-net-1-cp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "k8s.cni.cncf.io/v1" 2 | kind: NetworkAttachmentDefinition 3 | metadata: 4 | name: ipvlan-multus-sub-1-cp 5 | namespace: open5gs 6 | spec: 7 | config: '{ 8 | "cniVersion": "0.3.1", 9 | "type": "ipvlan", 10 | "master": "eth1", 11 | "mode": "l3", 12 | "ipam": { 13 | "type": "host-local", 14 | "subnet": "10.0.4.0/24", 15 | "rangeStart": "10.0.4.200", 16 | "rangeEnd": "10.0.4.220", 17 | "gateway": "10.0.4.1" 18 | } 19 | }' -------------------------------------------------------------------------------- /Arm-Architecture/multus-networks/multus-sub-net-1-up.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "k8s.cni.cncf.io/v1" 2 | kind: NetworkAttachmentDefinition 3 | metadata: 4 | name: ipvlan-multus-sub-1-up 5 | namespace: open5gs 6 | spec: 7 | config: '{ 8 | "cniVersion": "0.3.1", 9 | "type": "ipvlan", 10 | "master": "eth1", 11 | "mode": "l3", 12 | "ipam": { 13 | "type": "host-local", 14 | "subnet": "10.0.4.0/24", 15 | "rangeStart": "10.0.4.221", 16 | "rangeEnd": "10.0.4.250", 17 | "gateway": "10.0.4.1" 18 | } 19 | }' -------------------------------------------------------------------------------- /Arm-Architecture/multus-networks/multus-sub-net-2-user-plane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "k8s.cni.cncf.io/v1" 2 | kind: NetworkAttachmentDefinition 3 | metadata: 4 | name: ipvlan-multus-sub-2 5 | namespace: open5gs 6 | spec: 7 | config: '{ 8 | "cniVersion": "0.3.1", 9 | "type": "ipvlan", 10 | "master": "eth2", 11 | "mode": "l3", 12 | "ipam": { 13 | "type": "host-local", 14 | "subnet": "10.0.6.0/24", 15 | "rangeStart": "10.0.6.200", 16 | "rangeEnd": "10.0.6.220", 17 | "gateway": "10.0.6.1" 18 | } 19 | }' -------------------------------------------------------------------------------- /Arm-Architecture/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Status after deployment: 2 | 3 | kubectl --namespace {{ .Release.Namespace }} get all -------------------------------------------------------------------------------- /Arm-Architecture/templates/hss-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-hss-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: hss 8 | data: 9 | hss.yaml: | 10 | db_uri: {{ .Values.mongo.uri }} 11 | 12 | logger: 13 | file: /var/log/open5gs/hss.log 14 | 15 | parameter: 16 | 17 | hss: 18 | freeDiameter: /open5gs/config-map/diameter-hss.conf -------------------------------------------------------------------------------- /Arm-Architecture/templates/hss-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-hss-deployment 5 | labels: 6 | epc-mode: hss 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | epc-mode: hss 12 | template: 13 | metadata: 14 | annotations: 15 | route53-service-name: '[ 16 | { "name": "s6a.hss.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } 17 | ]' 18 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } 19 | ]' 20 | labels: 21 | epc-mode: hss 22 | spec: 23 | nodeSelector: 24 | nodegroup: control-plane 25 | initContainers: 26 | - name: init-hss 27 | image: busybox:1.28 28 | command: ['sh', '-c', "until nslookup s6a.mme.open5gs.service >> /dev/null; do echo waiting for mme DNS record to be ready; done"] 29 | containers: 30 | - name: hss 31 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 32 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 33 | command: ["/bin/sh", "-c"] 34 | args: 35 | - sleep 10; 36 | open5gs-hssd -c /open5gs/config-map/hss.yaml 37 | volumeMounts: 38 | - name: open5gs-hss-config 39 | mountPath: /open5gs/config-map/hss.yaml 40 | subPath: "hss.yaml" 41 | - name: open5gs-hss-diameter 42 | mountPath: /open5gs/config-map/diameter-hss.conf 43 | subPath: "diameter-hss.conf" 44 | - mountPath: "/root/" 45 | name: mongo-ca-cert 46 | readOnly: true 47 | - mountPath: "/open5gs/diameter-ca/" 48 | name: diameter-ca 49 | - mountPath: "/open5gs/tls/" 50 | name: hss-tls 51 | volumes: 52 | - name: open5gs-hss-config 53 | configMap: 54 | name: open5gs-hss-config 55 | - name: open5gs-hss-diameter 56 | configMap: 57 | name: open5gs-hss-diameter 58 | - name: mongo-ca-cert 59 | secret: 60 | secretName: {{ .Values.mongo.caSecretName }} 61 | - name: diameter-ca 62 | secret: 63 | secretName: {{ .Values.diameter.caSecretName }} 64 | - name: hss-tls 65 | secret: 66 | secretName: {{ .Values.hss.tlsSecretName }} 67 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/hss-free-diameter-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-hss-diameter 5 | namespace: open5gs 6 | labels: 7 | epc-mode: hss 8 | data: 9 | diameter-hss.conf: | 10 | # This is a sample configuration file for freeDiameter daemon. 11 | 12 | # Most of the options can be omitted, as they default to reasonable values. 13 | # Only TLS-related options must be configured properly in usual setups. 14 | 15 | # It is possible to use "include" keyword to import additional files 16 | # e.g.: include "/etc/freeDiameter.d/*.conf" 17 | # This is exactly equivalent as copy & paste the content of the included file(s) 18 | # where the "include" keyword is found. 19 | 20 | 21 | ############################################################## 22 | ## Peer identity and realm 23 | 24 | # The Diameter Identity of this daemon. 25 | # This must be a valid FQDN that resolves to the local host. 26 | # Default: hostname's FQDN 27 | #Identity = "aaa.koganei.freediameter.net"; 28 | Identity = "hss.localdomain"; 29 | 30 | # The Diameter Realm of this daemon. 31 | # Default: the domain part of Identity (after the first dot). 32 | #Realm = "koganei.freediameter.net"; 33 | Realm = "localdomain"; 34 | 35 | ############################################################## 36 | ## Transport protocol configuration 37 | 38 | # The port this peer is listening on for incoming connections (TCP and SCTP). 39 | # Default: 3868. Use 0 to disable. 40 | #Port = 3868; 41 | 42 | # The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). 43 | # See TLS_old_method for more information about TLS flavours. 44 | # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. 45 | # Default: 5868. Use 0 to disable. 46 | #SecPort = 5868; 47 | 48 | # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 49 | # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 50 | # CER/CEA exchange on a dedicated secure port. 51 | # This parameter only affects outgoing connections. 52 | # The setting can be also defined per-peer (see Peers configuration section). 53 | # Default: use RFC6733 method with separate port for TLS. 54 | #TLS_old_method; 55 | 56 | # Disable use of TCP protocol (only listen and connect over SCTP) 57 | # Default : TCP enabled 58 | #No_TCP; 59 | 60 | # Disable use of SCTP protocol (only listen and connect over TCP) 61 | # Default : SCTP enabled 62 | #No_SCTP; 63 | # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. 64 | 65 | # Prefer TCP instead of SCTP for establishing new connections. 66 | # This setting may be overwritten per peer in peer configuration blocs. 67 | # Default : SCTP is attempted first. 68 | #Prefer_TCP; 69 | 70 | # Default number of streams per SCTP associations. 71 | # This setting may be overwritten per peer basis. 72 | # Default : 30 streams 73 | #SCTP_streams = 30; 74 | 75 | ############################################################## 76 | ## Endpoint configuration 77 | 78 | # Disable use of IP addresses (only IPv6) 79 | # Default : IP enabled 80 | #No_IP; 81 | 82 | # Disable use of IPv6 addresses (only IP) 83 | # Default : IPv6 enabled 84 | #No_IPv6; 85 | 86 | # Specify local addresses the server must bind to 87 | # Default : listen on all addresses available. 88 | #ListenOn = "202.249.37.5"; 89 | #ListenOn = "2001:200:903:2::202:1"; 90 | #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; 91 | #ListenOn = "127.0.0.8"; 92 | 93 | 94 | ############################################################## 95 | ## Server configuration 96 | 97 | # How many Diameter peers are allowed to be connecting at the same time ? 98 | # This parameter limits the number of incoming connections from the time 99 | # the connection is accepted until the first CER is received. 100 | # Default: 5 unidentified clients in paralel. 101 | #ThreadsPerServer = 5; 102 | 103 | ############################################################## 104 | ## TLS Configuration 105 | 106 | # TLS is managed by the GNUTLS library in the freeDiameter daemon. 107 | # You may find more information about parameters and special behaviors 108 | # in the relevant documentation. 109 | # http://www.gnu.org/software/gnutls/manual/ 110 | 111 | # Credentials of the local peer 112 | # The X509 certificate and private key file to use for the local peer. 113 | # The files must contain PKCS-1 encoded RSA key, in PEM format. 114 | # (These parameters are passed to gnutls_certificate_set_x509_key_file function) 115 | # Default : NO DEFAULT 116 | #TLS_Cred = "" , ""; 117 | #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; 118 | TLS_Cred = "/open5gs/tls/tls.crt", "/open5gs/tls/tls.key"; 119 | 120 | # Certificate authority / trust anchors 121 | # The file containing the list of trusted Certificate Authorities (PEM list) 122 | # (This parameter is passed to gnutls_certificate_set_x509_trust_file function) 123 | # The directive can appear several times to specify several files. 124 | # Default : GNUTLS default behavior 125 | #TLS_CA = ""; 126 | TLS_CA = "/open5gs/diameter-ca/cacert.pem"; 127 | 128 | # Certificate Revocation List file 129 | # The information about revoked certificates. 130 | # The file contains a list of trusted CRLs in PEM format. They should have been verified before. 131 | # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) 132 | # Note: openssl CRL format might have interoperability issue with GNUTLS format. 133 | # Default : GNUTLS default behavior 134 | #TLS_CRL = ""; 135 | 136 | # GNU TLS Priority string 137 | # This string allows to configure the behavior of GNUTLS key exchanges 138 | # algorithms. See gnutls_priority_init function documentation for information. 139 | # You should also refer to the Diameter required TLS support here: 140 | # http://tools.ietf.org/html/rfc6733#section-13.1 141 | # Default : "NORMAL" 142 | # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; 143 | #TLS_Prio = "NORMAL"; 144 | 145 | # Diffie-Hellman parameters size 146 | # Set the number of bits for generated DH parameters 147 | # Valid value should be 768, 1024, 2048, 3072 or 4096. 148 | # (This parameter is passed to gnutls_dh_params_generate2 function, 149 | # it usually should match RSA key size) 150 | # Default : 1024 151 | #TLS_DH_Bits = 1024; 152 | 153 | # Alternatively, you can specify a file to load the PKCS#3 encoded 154 | # DH parameters directly from. This accelerates the daemon start 155 | # but is slightly less secure. If this file is provided, the 156 | # TLS_DH_Bits parameters has no effect. 157 | # Default : no default. 158 | #TLS_DH_File = ""; 159 | 160 | 161 | ############################################################## 162 | ## Timers configuration 163 | 164 | # The Tc timer of this peer. 165 | # It is the delay before a new attempt is made to reconnect a disconnected peer. 166 | # The value is expressed in seconds. The recommended value is 30 seconds. 167 | # Default: 30 168 | #TcTimer = 30; 169 | 170 | # The Tw timer of this peer. 171 | # It is the delay before a watchdog message is sent, as described in RFC 3539. 172 | # The value is expressed in seconds. The default value is 30 seconds. Value must 173 | # be greater or equal to 6 seconds. See details in the RFC. 174 | # Default: 30 175 | #TwTimer = 30; 176 | 177 | ############################################################## 178 | ## Applications configuration 179 | 180 | # Disable the relaying of Diameter messages? 181 | # For messages not handled locally, the default behavior is to forward the 182 | # message to another peer if any is available, according to the routing 183 | # algorithms. In addition the "0xffffff" application is advertised in CER/CEA 184 | # exchanges. 185 | # Default: Relaying is enabled. 186 | #NoRelay; 187 | 188 | # Number of server threads that can handle incoming messages at the same time. 189 | # Default: 4 190 | #AppServThreads = 4; 191 | 192 | # Other applications are configured by loaded extensions. 193 | 194 | ############################################################## 195 | ## Extensions configuration 196 | 197 | # The freeDiameter framework merely provides support for 198 | # Diameter Base Protocol. The specific application behaviors, 199 | # as well as advanced functions, are provided 200 | # by loadable extensions (plug-ins). 201 | # These extensions may in addition receive the name of a 202 | # configuration file, the format of which is extension-specific. 203 | # 204 | # Format: 205 | #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; 206 | # 207 | # Examples: 208 | #LoadExtension = "extensions/sample.fdx"; 209 | #LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; 210 | 211 | # Extensions are named as follow: 212 | # dict_* for extensions that add content to the dictionary definitions. 213 | # dbg_* for extensions useful only to retrieve more information on the framework execution. 214 | # acl_* : Access control list, to control which peers are allowed to connect. 215 | # rt_* : routing extensions that impact how messages are forwarded to other peers. 216 | # app_* : applications, these extensions usually register callbacks to handle specific messages. 217 | # test_* : dummy extensions that are useful only in testing environments. 218 | 219 | 220 | # The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some 221 | # information about some events. This extension does not actually use a configuration file 222 | # but receives directly a parameter in the string passed to the extension. Here are some examples: 223 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. 224 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. 225 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. 226 | # The four digits respectively control: connections, routing decisions, sent/received messages, errors. 227 | # The values for each digit are: 228 | # 0 - default - keep the default behavior 229 | # 1 - quiet - remove any specific log 230 | # 2 - compact - display only a summary of the information 231 | # 4 - full - display the complete information on a single long line 232 | # 8 - tree - display the complete information in an easier to read format spanning several lines. 233 | 234 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx" : "0x8888"; 235 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_rfc5777.fdx"; 236 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_mip6i.fdx"; 237 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_nasreq.fdx"; 238 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx"; 239 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_dcca.fdx"; 240 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx"; 241 | 242 | 243 | ############################################################## 244 | ## Peers configuration 245 | 246 | # The local server listens for incoming connections. By default, 247 | # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). 248 | # 249 | # In addition to incoming connections, the local peer can 250 | # be configured to establish and maintain connections to some 251 | # Diameter nodes and allow connections from these nodes. 252 | # This is achieved with the ConnectPeer directive described below. 253 | # 254 | # Note that the configured Diameter Identity MUST match 255 | # the information received inside CEA, or the connection will be aborted. 256 | # 257 | # Format: 258 | #ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; 259 | # Parameters that can be specified in the peer's parameter list: 260 | # No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; 261 | # No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). 262 | # Port = 5868; # The port to connect to 263 | # TcTimer = 30; 264 | # TwTimer = 30; 265 | # ConnectTo = "202.249.37.5"; 266 | # ConnectTo = "2001:200:903:2::202:1"; 267 | # TLS_Prio = "NORMAL"; 268 | # Realm = "realm.net"; # Reject the peer if it does not advertise this realm. 269 | # Examples: 270 | #ConnectPeer = "aaa.wide.ad.jp"; 271 | #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; 272 | ConnectPeer = "mme.localdomain" { ConnectTo = "s6a.mme.open5gs.service"; No_TLS; }; 273 | 274 | ############################################################## -------------------------------------------------------------------------------- /Arm-Architecture/templates/mme-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-mme-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: mme 8 | data: 9 | mme.yaml: | 10 | logger: 11 | file: /var/log/open5gs/mme.log 12 | 13 | parameter: 14 | 15 | mme: 16 | freeDiameter: /open5gs/config-map/diameter-mme.conf 17 | s1ap: 18 | dev: net1 19 | gtpc: 20 | dev: net1 21 | gummei: 22 | plmn_id: 23 | mcc: {{ .Values.mme.mcc }} 24 | mnc: {{ .Values.mme.mnc }} 25 | mme_gid: 2 26 | mme_code: 1 27 | tai: 28 | plmn_id: 29 | mcc: {{ .Values.mme.mcc }} 30 | mnc: {{ .Values.mme.mnc }} 31 | tac: {{ .Values.mme.tac }} 32 | security: 33 | integrity_order : [ EIA1, EIA2, EIA0 ] 34 | ciphering_order : [ EEA0, EEA1, EEA2 ] 35 | network_name: 36 | full: Open5GS 37 | 38 | sgwc: 39 | gtpc: 40 | - name: s11.sgwc.open5gs.service 41 | smf: 42 | gtpc: 43 | - name: s5.smf.open5gs.service 44 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/mme-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-mme-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: mme 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: mme 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "s6a.mme.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } 20 | ]' 21 | labels: 22 | epc-mode: mme 23 | spec: 24 | nodeSelector: 25 | nodegroup: control-plane 26 | initContainers: 27 | - name: init-mme 28 | image: busybox:1.28 29 | command: ['sh', '-c'] 30 | args: 31 | - until nslookup s6a.hss.open5gs.service >> /dev/null; do echo waiting for hss DNS record to be ready;done; 32 | until nslookup s11.sgwc.open5gs.service >> /dev/null; do echo waiting for sgwc DNS record to be ready; done; 33 | until nslookup s5.smf.open5gs.service >> /dev/null; do echo waiting for smf DNS record to be ready; done; 34 | containers: 35 | - name: mme 36 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 37 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 38 | command: ["/bin/sh", "-c"] 39 | args: 40 | - sleep 10; 41 | open5gs-mmed -c /open5gs/config-map/mme.yaml 42 | volumeMounts: 43 | - name: open5gs-mme-config 44 | mountPath: /open5gs/config-map/mme.yaml 45 | subPath: "mme.yaml" 46 | - name: open5gs-mme-diameter 47 | mountPath: /open5gs/config-map/diameter-mme.conf 48 | subPath: "diameter-mme.conf" 49 | - mountPath: "/open5gs/diameter-ca/" 50 | name: diameter-ca 51 | - mountPath: "/open5gs/tls/" 52 | name: mme-tls 53 | volumes: 54 | - name: open5gs-mme-config 55 | configMap: 56 | name: open5gs-mme-config 57 | - name: open5gs-mme-diameter 58 | configMap: 59 | name: open5gs-mme-diameter 60 | - name: diameter-ca 61 | secret: 62 | secretName: {{ .Values.diameter.caSecretName }} 63 | - name: mme-tls 64 | secret: 65 | secretName: {{ .Values.mme.tlsSecretName }} 66 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/mme-free-diameter-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-mme-diameter 5 | namespace: open5gs 6 | labels: 7 | epc-mode: mme 8 | data: 9 | diameter-mme.conf: | 10 | # This is a sample configuration file for freeDiameter daemon. 11 | 12 | # Most of the options can be omitted, as they default to reasonable values. 13 | # Only TLS-related options must be configured properly in usual setups. 14 | 15 | # It is possible to use "include" keyword to import additional files 16 | # e.g.: include "/etc/freeDiameter.d/*.conf" 17 | # This is exactly equivalent as copy & paste the content of the included file(s) 18 | # where the "include" keyword is found. 19 | 20 | 21 | ############################################################## 22 | ## Peer identity and realm 23 | 24 | # The Diameter Identity of this daemon. 25 | # This must be a valid FQDN that resolves to the local host. 26 | # Default: hostname's FQDN 27 | #Identity = "aaa.koganei.freediameter.net"; 28 | Identity = "mme.localdomain"; 29 | 30 | # The Diameter Realm of this daemon. 31 | # Default: the domain part of Identity (after the first dot). 32 | #Realm = "koganei.freediameter.net"; 33 | Realm = "localdomain"; 34 | 35 | ############################################################## 36 | ## Transport protocol configuration 37 | 38 | # The port this peer is listening on for incoming connections (TCP and SCTP). 39 | # Default: 3868. Use 0 to disable. 40 | #Port = 3868; 41 | 42 | # The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). 43 | # See TLS_old_method for more information about TLS flavours. 44 | # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. 45 | # Default: 5868. Use 0 to disable. 46 | #SecPort = 5868; 47 | 48 | # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 49 | # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 50 | # CER/CEA exchange on a dedicated secure port. 51 | # This parameter only affects outgoing connections. 52 | # The setting can be also defined per-peer (see Peers configuration section). 53 | # Default: use RFC6733 method with separate port for TLS. 54 | #TLS_old_method; 55 | 56 | # Disable use of TCP protocol (only listen and connect over SCTP) 57 | # Default : TCP enabled 58 | #No_TCP; 59 | 60 | # Disable use of SCTP protocol (only listen and connect over TCP) 61 | # Default : SCTP enabled 62 | #No_SCTP; 63 | # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. 64 | 65 | # Prefer TCP instead of SCTP for establishing new connections. 66 | # This setting may be overwritten per peer in peer configuration blocs. 67 | # Default : SCTP is attempted first. 68 | #Prefer_TCP; 69 | 70 | # Default number of streams per SCTP associations. 71 | # This setting may be overwritten per peer basis. 72 | # Default : 30 streams 73 | #SCTP_streams = 30; 74 | 75 | ############################################################## 76 | ## Endpoint configuration 77 | 78 | # Disable use of IP addresses (only IPv6) 79 | # Default : IP enabled 80 | #No_IP; 81 | 82 | # Disable use of IPv6 addresses (only IP) 83 | # Default : IPv6 enabled 84 | #No_IPv6; 85 | 86 | # Specify local addresses the server must bind to 87 | # Default : listen on all addresses available. 88 | #ListenOn = "202.249.37.5"; 89 | #ListenOn = "2001:200:903:2::202:1"; 90 | #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; 91 | #ListenOn = "127.0.0.2"; 92 | 93 | 94 | ############################################################## 95 | ## Server configuration 96 | 97 | # How many Diameter peers are allowed to be connecting at the same time ? 98 | # This parameter limits the number of incoming connections from the time 99 | # the connection is accepted until the first CER is received. 100 | # Default: 5 unidentified clients in paralel. 101 | #ThreadsPerServer = 5; 102 | 103 | ############################################################## 104 | ## TLS Configuration 105 | 106 | # TLS is managed by the GNUTLS library in the freeDiameter daemon. 107 | # You may find more information about parameters and special behaviors 108 | # in the relevant documentation. 109 | # http://www.gnu.org/software/gnutls/manual/ 110 | 111 | # Credentials of the local peer 112 | # The X509 certificate and private key file to use for the local peer. 113 | # The files must contain PKCS-1 encoded RSA key, in PEM format. 114 | # (These parameters are passed to gnutls_certificate_set_x509_key_file function) 115 | # Default : NO DEFAULT 116 | #TLS_Cred = "" , ""; 117 | #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; 118 | TLS_Cred = "/open5gs/tls/tls.crt", "/open5gs/tls/tls.key"; 119 | 120 | # Certificate authority / trust anchors 121 | # The file containing the list of trusted Certificate Authorities (PEM list) 122 | # (This parameter is passed to gnutls_certificate_set_x509_trust_file function) 123 | # The directive can appear several times to specify several files. 124 | # Default : GNUTLS default behavior 125 | #TLS_CA = ""; 126 | TLS_CA = "/open5gs/diameter-ca/cacert.pem"; 127 | 128 | # Certificate Revocation List file 129 | # The information about revoked certificates. 130 | # The file contains a list of trusted CRLs in PEM format. They should have been verified before. 131 | # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) 132 | # Note: openssl CRL format might have interoperability issue with GNUTLS format. 133 | # Default : GNUTLS default behavior 134 | #TLS_CRL = ""; 135 | 136 | # GNU TLS Priority string 137 | # This string allows to configure the behavior of GNUTLS key exchanges 138 | # algorithms. See gnutls_priority_init function documentation for information. 139 | # You should also refer to the Diameter required TLS support here: 140 | # http://tools.ietf.org/html/rfc6733#section-13.1 141 | # Default : "NORMAL" 142 | # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; 143 | #TLS_Prio = "NORMAL"; 144 | 145 | # Diffie-Hellman parameters size 146 | # Set the number of bits for generated DH parameters 147 | # Valid value should be 768, 1024, 2048, 3072 or 4096. 148 | # (This parameter is passed to gnutls_dh_params_generate2 function, 149 | # it usually should match RSA key size) 150 | # Default : 1024 151 | #TLS_DH_Bits = 1024; 152 | 153 | # Alternatively, you can specify a file to load the PKCS#3 encoded 154 | # DH parameters directly from. This accelerates the daemon start 155 | # but is slightly less secure. If this file is provided, the 156 | # TLS_DH_Bits parameters has no effect. 157 | # Default : no default. 158 | #TLS_DH_File = ""; 159 | 160 | 161 | ############################################################## 162 | ## Timers configuration 163 | 164 | # The Tc timer of this peer. 165 | # It is the delay before a new attempt is made to reconnect a disconnected peer. 166 | # The value is expressed in seconds. The recommended value is 30 seconds. 167 | # Default: 30 168 | #TcTimer = 30; 169 | 170 | # The Tw timer of this peer. 171 | # It is the delay before a watchdog message is sent, as described in RFC 3539. 172 | # The value is expressed in seconds. The default value is 30 seconds. Value must 173 | # be greater or equal to 6 seconds. See details in the RFC. 174 | # Default: 30 175 | #TwTimer = 30; 176 | 177 | ############################################################## 178 | ## Applications configuration 179 | 180 | # Disable the relaying of Diameter messages? 181 | # For messages not handled locally, the default behavior is to forward the 182 | # message to another peer if any is available, according to the routing 183 | # algorithms. In addition the "0xffffff" application is advertised in CER/CEA 184 | # exchanges. 185 | # Default: Relaying is enabled. 186 | #NoRelay; 187 | 188 | # Number of server threads that can handle incoming messages at the same time. 189 | # Default: 4 190 | #AppServThreads = 4; 191 | 192 | # Other applications are configured by loaded extensions. 193 | 194 | ############################################################## 195 | ## Extensions configuration 196 | 197 | # The freeDiameter framework merely provides support for 198 | # Diameter Base Protocol. The specific application behaviors, 199 | # as well as advanced functions, are provided 200 | # by loadable extensions (plug-ins). 201 | # These extensions may in addition receive the name of a 202 | # configuration file, the format of which is extension-specific. 203 | # 204 | # Format: 205 | #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; 206 | # 207 | # Examples: 208 | #LoadExtension = "extensions/sample.fdx"; 209 | #LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; 210 | 211 | # Extensions are named as follow: 212 | # dict_* for extensions that add content to the dictionary definitions. 213 | # dbg_* for extensions useful only to retrieve more information on the framework execution. 214 | # acl_* : Access control list, to control which peers are allowed to connect. 215 | # rt_* : routing extensions that impact how messages are forwarded to other peers. 216 | # app_* : applications, these extensions usually register callbacks to handle specific messages. 217 | # test_* : dummy extensions that are useful only in testing environments. 218 | 219 | 220 | # The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some 221 | # information about some events. This extension does not actually use a configuration file 222 | # but receives directly a parameter in the string passed to the extension. Here are some examples: 223 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. 224 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. 225 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. 226 | # The four digits respectively control: connections, routing decisions, sent/received messages, errors. 227 | # The values for each digit are: 228 | # 0 - default - keep the default behavior 229 | # 1 - quiet - remove any specific log 230 | # 2 - compact - display only a summary of the information 231 | # 4 - full - display the complete information on a single long line 232 | # 8 - tree - display the complete information in an easier to read format spanning several lines. 233 | 234 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx" : "0x8888"; 235 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_rfc5777.fdx"; 236 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_mip6i.fdx"; 237 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_nasreq.fdx"; 238 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx"; 239 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_dcca.fdx"; 240 | LoadExtension = "/usr/lib/aarch64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx"; 241 | 242 | 243 | ############################################################## 244 | ## Peers configuration 245 | 246 | # The local server listens for incoming connections. By default, 247 | # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). 248 | # 249 | # In addition to incoming connections, the local peer can 250 | # be configured to establish and maintain connections to some 251 | # Diameter nodes and allow connections from these nodes. 252 | # This is achieved with the ConnectPeer directive described below. 253 | # 254 | # Note that the configured Diameter Identity MUST match 255 | # the information received inside CEA, or the connection will be aborted. 256 | # 257 | # Format: 258 | #ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; 259 | # Parameters that can be specified in the peer's parameter list: 260 | # No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; 261 | # No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). 262 | # Port = 5868; # The port to connect to 263 | # TcTimer = 30; 264 | # TwTimer = 30; 265 | # ConnectTo = "202.249.37.5"; 266 | # ConnectTo = "2001:200:903:2::202:1"; 267 | # TLS_Prio = "NORMAL"; 268 | # Realm = "realm.net"; # Reject the peer if it does not advertise this realm. 269 | # Examples: 270 | #ConnectPeer = "aaa.wide.ad.jp"; 271 | #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; 272 | ConnectPeer = "hss.localdomain" { ConnectTo = "s6a.hss.open5gs.service"; No_TLS; }; 273 | 274 | 275 | ############################################################## -------------------------------------------------------------------------------- /Arm-Architecture/templates/nrf-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-nrf-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: nrf 8 | data: 9 | nrf.yaml: | 10 | logger: 11 | file: /var/log/open5gs/nrf.log 12 | 13 | nrf: 14 | sbi: 15 | - dev: eth0 16 | port: 7777 17 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/nrf-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: open5gs-nrf-svc-pool 5 | namespace: open5gs 6 | labels: 7 | epc-mode: nrf 8 | spec: 9 | selector: 10 | epc-mode: nrf 11 | ports: 12 | - protocol: TCP 13 | port: 7777 14 | --- 15 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 16 | kind: Deployment 17 | metadata: 18 | name: open5gs-nrf-deployment 19 | namespace: open5gs 20 | labels: 21 | epc-mode: nrf 22 | spec: 23 | replicas: 1 24 | selector: 25 | matchLabels: 26 | epc-mode: nrf 27 | template: 28 | metadata: 29 | labels: 30 | epc-mode: nrf 31 | spec: 32 | nodeSelector: 33 | nodegroup: control-plane 34 | containers: 35 | - name: nrf 36 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 37 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 38 | command: ["open5gs-nrfd", "-c", "/open5gs/config-map/nrf.yaml"] 39 | volumeMounts: 40 | - name: open5gs-nrf-config 41 | mountPath: /open5gs/config-map/nrf.yaml 42 | subPath: "nrf.yaml" 43 | volumes: 44 | - name: open5gs-nrf-config 45 | configMap: 46 | name: open5gs-nrf-config 47 | 48 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/pcrf-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-pcrf-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: pcrf 8 | data: 9 | pcrf.yaml: | 10 | db_uri: {{ .Values.mongo.uri }} 11 | 12 | logger: 13 | file: /var/log/open5gs/pcrf.log 14 | 15 | pcrf: 16 | freeDiameter: /open5gs/config-map/diameter-pcrf.conf 17 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/pcrf-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-pcrf-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: pcrf 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: pcrf 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "gx.pcrf.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } 20 | ]' 21 | labels: 22 | epc-mode: pcrf 23 | spec: 24 | nodeSelector: 25 | nodegroup: control-plane 26 | initContainers: 27 | - name: init-pcrf 28 | image: busybox:1.28 29 | command: ['sh', '-c', "until nslookup s5.smf.open5gs.service >> /dev/null; do echo waiting for smf DNS record to be ready; done"] 30 | containers: 31 | - name: pcrf 32 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 33 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 34 | command: ["/bin/sh", "-c"] 35 | args: 36 | - sleep 10; 37 | open5gs-pcrfd -c /open5gs/config-map/pcrf.yaml 38 | volumeMounts: 39 | - name: open5gs-pcrf-config 40 | mountPath: /open5gs/config-map/pcrf.yaml 41 | subPath: "pcrf.yaml" 42 | - name: open5gs-pcrf-diameter 43 | mountPath: /open5gs/config-map/diameter-pcrf.conf 44 | subPath: "diameter-pcrf.conf" 45 | - mountPath: "/root/" 46 | name: mongo-ca-cert 47 | readOnly: true 48 | - mountPath: "/open5gs/diameter-ca/" 49 | name: diameter-ca 50 | - mountPath: "/open5gs/tls/" 51 | name: pcrf-tls 52 | volumes: 53 | - name: open5gs-pcrf-config 54 | configMap: 55 | name: open5gs-pcrf-config 56 | - name: open5gs-pcrf-diameter 57 | configMap: 58 | name: open5gs-pcrf-diameter 59 | - name: mongo-ca-cert 60 | secret: 61 | secretName: {{ .Values.mongo.caSecretName }} 62 | - name: diameter-ca 63 | secret: 64 | secretName: {{ .Values.diameter.caSecretName }} 65 | - name: pcrf-tls 66 | secret: 67 | secretName: {{ .Values.pcrf.tlsSecretName }} 68 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/sgw-c-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-sgwc-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: sgwc 8 | data: 9 | sgwc.yaml: | 10 | logger: 11 | file: /var/log/open5gs/sgwc.log 12 | 13 | parameter: 14 | no_ipv6: true 15 | 16 | sgwc: 17 | gtpc: 18 | dev: net1 19 | pfcp: 20 | dev: net1 21 | 22 | sgwu: 23 | pfcp: 24 | - name: sx.sgwu.open5gs.service 25 | apn: {{ .Values.apn }} 26 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/sgw-c-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-sgwc-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: sgwc 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: sgwc 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "s11.sgwc.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } 20 | ]' 21 | labels: 22 | epc-mode: sgwc 23 | spec: 24 | nodeSelector: 25 | nodegroup: control-plane 26 | initContainers: 27 | - name: init-sgwc 28 | image: busybox:1.28 29 | command: ['sh', '-c', "until nslookup sx.sgwu.open5gs.service >> /dev/null; do echo waiting for sgwu DNS record to be ready; done"] 30 | containers: 31 | - name: sgwc 32 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 33 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 34 | command: ["/bin/sh", "-c"] 35 | args: 36 | - sleep 10; 37 | open5gs-sgwcd -c /open5gs/config-map/sgwc.yaml; 38 | volumeMounts: 39 | - name: open5gs-sgwc-config 40 | mountPath: /open5gs/config-map/sgwc.yaml 41 | subPath: "sgwc.yaml" 42 | volumes: 43 | - name: open5gs-sgwc-config 44 | configMap: 45 | name: open5gs-sgwc-config 46 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/sgw-u-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-sgwu-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: sgwu 8 | data: 9 | sgwu.yaml: | 10 | logger: 11 | file: /var/log/open5gs/sgwu.log 12 | 13 | parameter: 14 | no_ipv6: true 15 | 16 | sgwu: 17 | gtpu: 18 | dev: net2 19 | pfcp: 20 | dev: net1 21 | 22 | #sgwc: 23 | # pfcp: 24 | # - name: sgwcPFCP-open5gs.service.open5gs 25 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/sgw-u-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-sgwu-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: sgwu 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: sgwu 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "sx.sgwu.open5gs.service", "multus-int": "ipvlan-multus-sub-1-up" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-2", "interface": "net2" }, 20 | { "name": "ipvlan-multus-sub-1-up", "interface": "net1" } 21 | ]' 22 | labels: 23 | epc-mode: sgwu 24 | spec: 25 | nodeSelector: 26 | nodegroup: user-plane 27 | containers: 28 | - name: sgwu 29 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 30 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 31 | command: ["/bin/sh", "-c"] 32 | args: 33 | - open5gs-sgwud -c /open5gs/config-map/sgwu.yaml; 34 | volumeMounts: 35 | - name: open5gs-sgwu-config 36 | mountPath: /open5gs/config-map/sgwu.yaml 37 | subPath: "sgwu.yaml" 38 | volumes: 39 | - name: open5gs-sgwu-config 40 | configMap: 41 | name: open5gs-sgwu-config 42 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/smf-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-smf-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: smf 8 | data: 9 | smf.yaml: | 10 | logger: 11 | file: /var/log/open5gs/smf.log 12 | 13 | parameter: 14 | no_ipv6: true 15 | 16 | smf: 17 | sbi: 18 | dev: eth0 19 | gtpc: 20 | dev: net1 21 | gtpu: 22 | dev: net1 23 | pfcp: 24 | dev: net1 25 | subnet: 26 | - addr: 10.45.0.1/16 27 | apn: {{ .Values.apn }} 28 | dns: 29 | - 8.8.8.8 30 | - 8.8.4.4 31 | mtu: 1400 32 | freeDiameter: /open5gs/config-map/diameter-smf.conf 33 | 34 | nrf: 35 | sbi: 36 | - name: 37 | - open5gs-nrf-svc-pool 38 | port: 7777 39 | 40 | upf: 41 | pfcp: 42 | - name: sx.upf.open5gs.service 43 | apn: {{ .Values.apn }} -------------------------------------------------------------------------------- /Arm-Architecture/templates/smf-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-smf-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: smf 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: smf 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "s5.smf.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } 20 | ]' 21 | labels: 22 | epc-mode: smf 23 | spec: 24 | nodeSelector: 25 | nodegroup: control-plane 26 | initContainers: 27 | - name: init-smf 28 | image: busybox:1.28 29 | command: ['sh', '-c'] 30 | args: 31 | - until nslookup gx.pcrf.open5gs.service >> /dev/null; do echo waiting for pcrf DNS record to be ready;done; 32 | until nslookup sx.upf.open5gs.service >> /dev/null; do echo waiting for upf DNS record to be ready; done 33 | containers: 34 | - name: smf 35 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 36 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 37 | command: ["/bin/sh", "-c"] 38 | args: 39 | - sleep 10; 40 | open5gs-smfd -c /open5gs/config-map/smf.yaml; 41 | volumeMounts: 42 | - name: open5gs-smf-config 43 | mountPath: /open5gs/config-map/smf.yaml 44 | subPath: "smf.yaml" 45 | - name: open5gs-smf-diameter 46 | mountPath: /open5gs/config-map/diameter-smf.conf 47 | subPath: "diameter-smf.conf" 48 | - mountPath: "/open5gs/diameter-ca/" 49 | name: diameter-ca 50 | - mountPath: "/open5gs/tls/" 51 | name: smf-tls 52 | volumes: 53 | - name: open5gs-smf-config 54 | configMap: 55 | name: open5gs-smf-config 56 | - name: open5gs-smf-diameter 57 | configMap: 58 | name: open5gs-smf-diameter 59 | - name: diameter-ca 60 | secret: 61 | secretName: {{ .Values.diameter.caSecretName }} 62 | - name: smf-tls 63 | secret: 64 | secretName: {{ .Values.smf.tlsSecretName }} 65 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/upf-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-upf-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: upf 8 | data: 9 | upf.yaml: | 10 | logger: 11 | file: /var/log/open5gs/upf.log 12 | 13 | upf: 14 | pfcp: 15 | dev: net1 16 | gtpu: 17 | dev: net2 18 | subnet: 19 | - addr: 10.45.0.1/16 20 | apn: {{ .Values.apn }} 21 | #smf: 22 | # pfcp: 23 | # - name: smfPFCP-open5gs.service.open5gs 24 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/upf-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-upf-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: upf 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: upf 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "sx.upf.open5gs.service", "multus-int": "ipvlan-multus-sub-1-up" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-2", "interface": "net2" }, 20 | { "name": "ipvlan-multus-sub-1-up", "interface": "net1" } 21 | ]' 22 | labels: 23 | epc-mode: upf 24 | spec: 25 | nodeSelector: 26 | nodegroup: user-plane 27 | containers: 28 | - name: upf 29 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 30 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 31 | securityContext: 32 | privileged: true 33 | command: ["/bin/sh", "-c"] 34 | args: 35 | - ip tuntap add name ogstun mode tun; 36 | ip addr add 10.45.0.1/16 dev ogstun; 37 | sysctl -w net.ipv6.conf.all.disable_ipv6=1; 38 | ip link set ogstun up; 39 | sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"; 40 | iptables -t nat -A POSTROUTING -s 10.45.0.0/16 ! -o ogstun -j MASQUERADE; 41 | open5gs-upfd -c /open5gs/config-map/upf.yaml; 42 | volumeMounts: 43 | - name: open5gs-upf-config 44 | mountPath: /open5gs/config-map/upf.yaml 45 | subPath: "upf.yaml" 46 | - mountPath: /dev/net/tun 47 | name: dev-net-tun 48 | volumes: 49 | - name: open5gs-upf-config 50 | configMap: 51 | name: open5gs-upf-config 52 | - name: dev-net-tun 53 | hostPath: 54 | path: /dev/net/tun 55 | -------------------------------------------------------------------------------- /Arm-Architecture/templates/web-ui-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: open5gs-webui 5 | namespace: open5gs 6 | labels: 7 | epc-mode: webui 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | - port: 80 12 | targetPort: 3000 13 | selector: 14 | epc-mode: webui 15 | --- 16 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 17 | kind: Deployment 18 | metadata: 19 | name: open5gs-webui 20 | namespace: open5gs 21 | labels: 22 | epc-mode: webui 23 | spec: 24 | replicas: 1 25 | selector: 26 | matchLabels: 27 | epc-mode: webui 28 | template: 29 | metadata: 30 | labels: 31 | epc-mode: webui 32 | spec: 33 | nodeSelector: 34 | nodegroup: control-plane 35 | containers: 36 | - name: webui 37 | imagePullPolicy: {{ .Values.webui.image.pullPolicy }} 38 | image: "{{ .Values.webui.image.repository }}:{{ .Values.webui.image.tag }}" 39 | volumeMounts: 40 | - mountPath: "/root/" 41 | name: mongo-ca-cert 42 | readOnly: true 43 | env: 44 | - name: DB_URI 45 | value: {{ .Values.mongo.uri }} 46 | - name: NODE_ENV 47 | value: "production" 48 | - name: HOSTNAME 49 | value: '0.0.0.0' 50 | volumes: 51 | - name: mongo-ca-cert 52 | secret: 53 | secretName: {{ .Values.mongo.caSecretName }} -------------------------------------------------------------------------------- /Arm-Architecture/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for open5gs-epc-helm. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | open5gs: 6 | image: 7 | repository: 8 | pullPolicy: IfNotPresent 9 | tag: "" 10 | 11 | webui: 12 | image: 13 | repository: 14 | pullPolicy: IfNotPresent 15 | tag: "" 16 | 17 | #This uses the documentDB uri, you need to add open5gs DB to the uri 18 | mongo: 19 | uri: "mongodb://DOCUMENT_DB_USER:DOCUMENT_DB_PASSWD@DOCUMENT_DB_URL:27017/open5gs?ssl=true&tlsCAFile=/root/rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false" 20 | caSecretName: mongodb-ca 21 | 22 | apn: internet 23 | 24 | diameter: 25 | caSecretName: diameter-ca 26 | 27 | hss: 28 | tlsSecretName: hss-tls 29 | 30 | mme: 31 | tlsSecretName: mme-tls 32 | mcc: 208 33 | mnc: 93 34 | tac: 7 35 | networkName: Open5GS 36 | 37 | pcrf: 38 | tlsSecretName: pcrf-tls 39 | 40 | smf: 41 | tlsSecretName: smf-tls -------------------------------------------------------------------------------- /Build-Container-Images.md: -------------------------------------------------------------------------------- 1 | ## x86 Architecture 2 | 3 | **Open5gs images:** 4 | 5 | cd x86-Architecture/Dockerfiles/open5gs-epc/ 6 | 7 | docker build -t container_registry/open5gs-x86-aio:41fd851 -f open5gs-epc-aio . 8 | 9 | docker build -t container_registry/open5gs-x86-web:41fd851 -f web-gui . 10 | 11 | **Service discovery and secondary_init_controller:** 12 | 13 | cd x86-Architecture/Dockerfiles/aws-secondary-ip-sync-controller/ 14 | 15 | docker build -t container_registry/multus-x86-sec-ip-controller:v0.1 . 16 | 17 | cd x86-Architecture/Dockerfiles/multus-svc-watcher-route53-controller/ 18 | 19 | docker build -t container_registry/multus-x86-svc-watcher-route53:v0.1 . 20 | 21 | **Push images to your ECR:** 22 | 23 | docker push container_registry/open5gs-x86-aio:41fd851 24 | 25 | docker push container_registry/open5gs-x86-web:41fd851 26 | 27 | docker push container_registry/multus-x86-sec-ip-controller:v0.1 28 | 29 | docker push container_registry/multus-x86-svc-watcher-route53:v0.1 30 | 31 | ## Arm Architecture 32 | **Open5gs images:** 33 | 34 | cd Arm-Architecture/Dockerfiles/open5gs-epc/ 35 | 36 | docker build -t container_registry/open5gs-arm-aio:v2.1.1-5-gefd1780 -f open5gs-epc-aio . 37 | 38 | docker build -t container_registry/open5gs-arm-web:v2.1.1-5-gefd1780 -f web-gui . 39 | 40 | **Service discovery and secondary_init_controller:** 41 | 42 | cd Arm-Architecture/Dockerfiles/aws-secondary-ip-sync-controller/ 43 | 44 | docker build -t container_registry/multus-arm-sec-ip-controller:v0.1 . 45 | 46 | cd Arm-Architecture/Dockerfiles/multus-svc-watcher-route53-controller/ 47 | 48 | docker build -t container_registry/multus-arm-svc-watcher-route53:v0.1 . 49 | 50 | **Push images to your ECR:** 51 | 52 | docker push container_registry/open5gs-arm-aio:v2.1.1-5-gefd1780 53 | 54 | docker push container_registry/open5gs-arm-web:v2.1.1-5-gefd1780 55 | 56 | docker push container_registry/multus-arm-sec-ip-controller:v0.1 57 | 58 | docker push container_registry/multus-arm-svc-watcher-route53:v0.1 59 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *main* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | 43 | ## Finding contributions to work on 44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. 45 | 46 | 47 | ## Code of Conduct 48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 50 | opensource-codeofconduct@amazon.com with any additional questions or comments. 51 | 52 | 53 | ## Security issue notifications 54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 55 | 56 | 57 | ## Licensing 58 | 59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 60 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software is furnished to do so. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Opensource 4G Core 2 | 3 | This repo contains the code templates that was used in the Opensource Mobile Packet Core Implementation on Amazon EKS blog post. 4 | https://aws.amazon.com/blogs/opensource/open-source-mobile-core-network-implementation-on-amazon-elastic-kubernetes-service/ 5 | 6 | ***N.B - You are required to build the container images yourself and push to your ECR.*** 7 | 8 | ## Security 9 | 10 | See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. 11 | 12 | ## License 13 | 14 | This library is licensed under the MIT-0 License. See the LICENSE file. 15 | 16 | -------------------------------------------------------------------------------- /srsLTE/README.md: -------------------------------------------------------------------------------- 1 | ## Sample srsLTE Deployment Manifest And Configurations 2 | 3 | This is to make it a bit easier to deploy srsLTE enb and ue. 4 | 5 | Description of the folders are: 6 | 7 | **sample-srs-lte-config:** This consists of sample config files, you can use them if you want to deploy srsLTE in a separate VM, this does not include the building/compilation of the srsLTE. 8 | 9 | **k8s-manifests:** This consists of both the Dockerfile and Kubernetes manifest files, you can use this to deploy srsLTE inside the same Kubernetes cluster that is been used for Open5gs. Kindly take note of the following directions: 10 | 11 | 1.) Build the srsLTE and push to ECR 12 | 13 | 2.) Create the configmaps first (srs-configmap.yaml) 14 | 15 | 3.) Create the deployments (srs-deployment.yaml), you have to replace {{srsLTEImage}} with the srsLTE you built. 16 | 17 | 4.) Exec into the srslte POD: 18 | 19 | - copy the enb.conf, rr.conf, sib.conf and drb.conf files from /srsLTEconfig to the srsLTE/build/srsenb/src/ and change the following place-holders: 20 | 21 | ​ **enb.conf -** 22 | 23 | ​ **{{MCC}}:** replace with MCC 24 | 25 | ​ **{{MNC}}:** replace with MNC 26 | 27 | ​ **{{MME_ADDR}}:** replace with the MME POD net1 interface IP (you need to exec inside the POD to get the IP) 28 | 29 | ​ **{{GTP_BIND_ADDR}}:** replace with the net1 interface IP inside the srslte POD 30 | 31 | ​ **{{S1C_BIND_ADDR}}:** replace with the net2 interface IP inside the srslte POD 32 | 33 | ​ **rr.conf:** 34 | 35 | ​ **{{TAC}}:** replace with the TAC (example is 0x0007) 36 | 37 | * copy *ue.conf* from /srsLTEconfig to the srsLTE/build/srsue/src/ and change the following place-holders, these values must match what was configured in the Open5gs web-gui: 38 | 39 | ​ **{{OPC_CODE}}:** replace with the opc (example is e734f8734007d6c5ce7a0508809e7e9c) 40 | 41 | ​ **{{SECURITY_KEY}}:** replace with the security key (example is 8baf473f2f8fd09487cccbd7097c6862) 42 | 43 | ​ **{{UE_IMSI}}:** replace with the subscriber IMSI (example is 208930100001111) 44 | 45 | * Exec into the srslte POD and start the enb from the srsLTE/build/srsenb/src/: **./srsenb enb.conf** 46 | * Open another exec session into the srslte POD start the ue from the srsLTE/build/srsue/src/: **ip netns add ue1;./srsue ue.conf** 47 | 48 | Check the srsLTE zeroMQ for more details: https://docs.srslte.com/en/latest/app_notes/source/zeromq/source/index.html#zeromq-installation -------------------------------------------------------------------------------- /srsLTE/k8s-manifests/srsLTE-Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:focal 2 | 3 | MAINTAINER Christopher Adigun 4 | 5 | ENV DEBIAN_FRONTEND noninteractive 6 | 7 | RUN apt-get update && \ 8 | apt-get -yq dist-upgrade && \ 9 | apt-get install -y --no-install-recommends \ 10 | cmake \ 11 | libfftw3-dev \ 12 | libmbedtls-dev \ 13 | libboost-program-options-dev \ 14 | libconfig++-dev \ 15 | libsctp-dev \ 16 | build-essential \ 17 | iproute2 \ 18 | iputils-ping \ 19 | dnsutils \ 20 | vim \ 21 | tcpdump \ 22 | ca-certificates \ 23 | update-ca-certificates \ 24 | nano \ 25 | git \ 26 | libzmq3-dev 27 | 28 | RUN git clone https://github.com/srsLTE/srsLTE.git && \ 29 | cd srsLTE && \ 30 | mkdir build && \ 31 | cd build && \ 32 | cmake ../ && \ 33 | make 34 | -------------------------------------------------------------------------------- /srsLTE/k8s-manifests/srslte-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: srslte 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | epc-mode: srslte 10 | template: 11 | metadata: 12 | annotations: 13 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-2", "interface": "net1" }, 14 | { "name": "ipvlan-multus-sub-1-up", "interface": "net2" } 15 | ]' 16 | labels: 17 | epc-mode: srslte 18 | spec: 19 | nodeSelector: 20 | nodegroup: user-plane 21 | containers: 22 | - name: srslte 23 | image: {{srsLTEImage}} 24 | securityContext: 25 | privileged: true 26 | command: ["sleep"] 27 | args: [ "infinity" ] 28 | volumeMounts: 29 | - name: srslte-lte-config 30 | mountPath: /srsLTEconfig 31 | volumes: 32 | - name: srslte-lte-config 33 | configMap: 34 | name: srslte-config -------------------------------------------------------------------------------- /srsLTE/sample-srs-lte-config/enb/drb.conf: -------------------------------------------------------------------------------- 1 | 2 | // All times are in ms. Use -1 for infinity, where available 3 | 4 | qci_config = ( 5 | 6 | { 7 | qci=7; 8 | pdcp_config = { 9 | discard_timer = 100; 10 | pdcp_sn_size = 12; 11 | } 12 | rlc_config = { 13 | ul_um = { 14 | sn_field_length = 10; 15 | }; 16 | dl_um = { 17 | sn_field_length = 10; 18 | t_reordering = 45; 19 | }; 20 | }; 21 | logical_channel_config = { 22 | priority = 13; 23 | prioritized_bit_rate = -1; 24 | bucket_size_duration = 100; 25 | log_chan_group = 2; 26 | }; 27 | }, 28 | { 29 | qci=9; 30 | pdcp_config = { 31 | discard_timer = -1; 32 | status_report_required = true; 33 | } 34 | rlc_config = { 35 | ul_am = { 36 | t_poll_retx = 120; 37 | poll_pdu = 64; 38 | poll_byte = 750; 39 | max_retx_thresh = 16; 40 | }; 41 | dl_am = { 42 | t_reordering = 50; 43 | t_status_prohibit = 50; 44 | }; 45 | }; 46 | logical_channel_config = { 47 | priority = 11; 48 | prioritized_bit_rate = -1; 49 | bucket_size_duration = 100; 50 | log_chan_group = 3; 51 | }; 52 | } 53 | 54 | ); -------------------------------------------------------------------------------- /srsLTE/sample-srs-lte-config/enb/enb.conf: -------------------------------------------------------------------------------- 1 | ##################################################################### 2 | # srsENB configuration file 3 | ##################################################################### 4 | 5 | ##################################################################### 6 | # eNB configuration 7 | # 8 | # enb_id: 20-bit eNB identifier. 9 | # mcc: Mobile Country Code 10 | # mnc: Mobile Network Code 11 | # mme_addr: IP address of MME for S1 connnection 12 | # gtp_bind_addr: Local IP address to bind for GTP connection 13 | # s1c_bind_addr: Local IP address to bind for S1AP connection 14 | # n_prb: Number of Physical Resource Blocks (6,15,25,50,75,100) 15 | # tm: Transmission mode 1-4 (TM1 default) 16 | # nof_ports: Number of Tx ports (1 port default, set to 2 for TM2/3/4) 17 | # 18 | ##################################################################### 19 | [enb] 20 | enb_id = 0x19B 21 | mcc = 208 22 | mnc = 93 23 | mme_addr = 10.0.4.202 24 | gtp_bind_addr = 10.0.6.71 25 | s1c_bind_addr = 10.0.4.22 26 | n_prb = 50 27 | #tm = 4 28 | #nof_ports = 2 29 | 30 | ##################################################################### 31 | # eNB configuration files 32 | # 33 | # sib_config: SIB1, SIB2 and SIB3 configuration file 34 | # note: when enabling mbms, use the sib.conf.mbsfn configuration file which includes SIB13 35 | # rr_config: Radio Resources configuration file 36 | # drb_config: DRB configuration file 37 | ##################################################################### 38 | [enb_files] 39 | sib_config = sib.conf 40 | rr_config = rr.conf 41 | drb_config = drb.conf 42 | 43 | ##################################################################### 44 | # RF configuration 45 | # 46 | # dl_earfcn: EARFCN code for DL (only valid if a single cell is configured in rr.conf) 47 | # tx_gain: Transmit gain (dB). 48 | # rx_gain: Optional receive gain (dB). If disabled, AGC if enabled 49 | # 50 | # Optional parameters: 51 | # dl_freq: Override DL frequency corresponding to dl_earfcn 52 | # ul_freq: Override UL frequency corresponding to dl_earfcn (must be set if dl_freq is set) 53 | # device_name: Device driver family. 54 | # Supported options: "auto" (uses first found), "UHD", "bladeRF", "soapy" or "zmq". 55 | # device_args: Arguments for the device driver. Options are "auto" or any string. 56 | # Default for UHD: "recv_frame_size=9232,send_frame_size=9232" 57 | # Default for bladeRF: "" 58 | # time_adv_nsamples: Transmission time advance (in number of samples) to compensate for RF delay 59 | # from antenna to timestamp insertion. 60 | # Default "auto". B210 USRP: 100 samples, bladeRF: 27. 61 | ##################################################################### 62 | [rf] 63 | #dl_earfcn = 3350 64 | tx_gain = 80 65 | rx_gain = 40 66 | device_name = zmq 67 | device_args = fail_on_disconnect=true,tx_port=tcp://*:2000,rx_port=tcp://localhost:2001,id=enb,base_srate=23.04e6 68 | 69 | #device_name = auto 70 | 71 | # For best performance in 2x2 MIMO and >= 15 MHz use the following device_args settings: 72 | # USRP B210: num_recv_frames=64,num_send_frames=64 73 | # And for 75 PRBs, also append ",master_clock_rate=15.36e6" to the device args 74 | 75 | # For best performance when BW<5 MHz (25 PRB), use the following device_args settings: 76 | # USRP B210: send_frame_size=512,recv_frame_size=512 77 | 78 | #device_args = auto 79 | #time_adv_nsamples = auto 80 | 81 | # Example for ZMQ-based operation with TCP transport for I/Q samples 82 | #device_name = zmq 83 | #device_args = fail_on_disconnect=true,tx_port=tcp://*:2000,rx_port=tcp://localhost:2001,id=enb,base_srate=23.04e6 84 | 85 | ##################################################################### 86 | # Packet capture configuration 87 | # 88 | # MAC Packets are captured to file in the compact format decoded by 89 | # the Wireshark mac-lte-framed dissector and with DLT 147. 90 | # To use the dissector, edit the preferences for DLT_USER to 91 | # add an entry with DLT=147, Payload Protocol=mac-lte-framed. 92 | # For more information see: https://wiki.wireshark.org/MAC-LTE 93 | # 94 | # Please note that this setting will by default only capture MAC 95 | # frames on dedicated channels, and not SIB. You have to build with 96 | # WRITE_SIB_PCAP enabled in srsenb/src/stack/mac/mac.cc if you want 97 | # SIB to be part of the MAC pcap file. 98 | # 99 | # S1AP Packets are captured to file in the compact format decoded by 100 | # the Wireshark s1ap dissector and with DLT 150. 101 | # To use the dissector, edit the preferences for DLT_USER to 102 | # add an entry with DLT=150, Payload Protocol=s1ap. 103 | # 104 | # mac_enable: Enable MAC layer packet captures (true/false) 105 | # mac_filename: File path to use for packet captures 106 | # s1ap_enable: Enable or disable the PCAP. 107 | # s1ap_filename: File name where to save the PCAP. 108 | # 109 | ##################################################################### 110 | [pcap] 111 | enable = false 112 | filename = /tmp/enb.pcap 113 | s1ap_enable = false 114 | s1ap_filename = /tmp/enb_s1ap.pcap 115 | 116 | ##################################################################### 117 | # Log configuration 118 | # 119 | # Log levels can be set for individual layers. "all_level" sets log 120 | # level for all layers unless otherwise configured. 121 | # Format: e.g. phy_level = info 122 | # 123 | # In the same way, packet hex dumps can be limited for each level. 124 | # "all_hex_limit" sets the hex limit for all layers unless otherwise 125 | # configured. 126 | # Format: e.g. phy_hex_limit = 32 127 | # 128 | # Logging layers: rf, phy, phy_lib, mac, rlc, pdcp, rrc, gtpu, s1ap, stack, all 129 | # Logging levels: debug, info, warning, error, none 130 | # 131 | # filename: File path to use for log output. Can be set to stdout 132 | # to print logs to standard output 133 | # file_max_size: Maximum file size (in kilobytes). When passed, multiple files are created. 134 | # If set to negative, a single log file will be created. 135 | ##################################################################### 136 | [log] 137 | all_level = warning 138 | all_hex_limit = 32 139 | filename = /tmp/enb.log 140 | file_max_size = -1 141 | 142 | [gui] 143 | enable = false 144 | 145 | ##################################################################### 146 | # Scheduler configuration options 147 | # 148 | # max_aggr_level: Optional maximum aggregation level index (l=log2(L) can be 0, 1, 2 or 3) 149 | # pdsch_mcs: Optional fixed PDSCH MCS (ignores reported CQIs if specified) 150 | # pdsch_max_mcs: Optional PDSCH MCS limit 151 | # pusch_mcs: Optional fixed PUSCH MCS (ignores reported CQIs if specified) 152 | # pusch_max_mcs: Optional PUSCH MCS limit 153 | # min_nof_ctrl_symbols: Minimum number of control symbols 154 | # max_nof_ctrl_symbols: Maximum number of control symbols 155 | # 156 | ##################################################################### 157 | [scheduler] 158 | #max_aggr_level = -1 159 | #pdsch_mcs = -1 160 | #pdsch_max_mcs = -1 161 | #pusch_mcs = -1 162 | #pusch_max_mcs = 16 163 | #min_nof_ctrl_symbols = 1 164 | #max_nof_ctrl_symbols = 3 165 | 166 | ##################################################################### 167 | # eMBMS configuration options 168 | # 169 | # enable: Enable MBMS transmission in the eNB 170 | # m1u_multiaddr: Multicast addres the M1-U socket will register to 171 | # m1u_if_addr: Address of the inteferface the M1-U interface will listen for multicast packets. 172 | # mcs: Modulation and Coding scheme for MBMS traffic. 173 | # 174 | ##################################################################### 175 | [embms] 176 | #enable = false 177 | #m1u_multiaddr = 239.255.0.1 178 | #m1u_if_addr = 127.0.1.201 179 | #mcs = 20 180 | 181 | 182 | 183 | ##################################################################### 184 | # Channel emulator options: 185 | # enable: Enable/Disable internal Downlink/Uplink channel emulator 186 | # 187 | # -- AWGN Generator 188 | # awgn.enable: Enable/disable AWGN generator 189 | # awgn.snr: Target SNR in dB 190 | # 191 | # -- Fading emulator 192 | # fading.enable: Enable/disable fading simulator 193 | # fading.model: Fading model + maximum doppler (E.g. none, epa5, eva70, etu300, etc) 194 | # 195 | # -- Delay Emulator delay(t) = delay_min + (delay_max - delay_min) * (1 + sin(2pi*t/period)) / 2 196 | # Maximum speed [m/s]: (delay_max - delay_min) * pi * 300 / period 197 | # delay.enable: Enable/disable delay simulator 198 | # delay.period_s: Delay period in seconds. 199 | # delay.init_time_s: Delay initial time in seconds. 200 | # delay.maximum_us: Maximum delay in microseconds 201 | # delay.minumum_us: Minimum delay in microseconds 202 | # 203 | # -- Radio-Link Failure (RLF) Emulator 204 | # rlf.enable: Enable/disable RLF simulator 205 | # rlf.t_on_ms: Time for On state of the channel (ms) 206 | # rlf.t_off_ms: Time for Off state of the channel (ms) 207 | # 208 | # -- High Speed Train Doppler model simulator 209 | # hst.enable: Enable/Disable HST simulator 210 | # hst.period_s: HST simulation period in seconds 211 | # hst.fd_hz: Doppler frequency in Hz 212 | # hst.init_time_s: Initial time in seconds 213 | ##################################################################### 214 | [channel.dl] 215 | #enable = false 216 | 217 | [channel.dl.awgn] 218 | #enable = false 219 | #snr = 30 220 | 221 | [channel.dl.fading] 222 | #enable = false 223 | #model = none 224 | 225 | [channel.dl.delay] 226 | #enable = false 227 | #period_s = 3600 228 | #init_time_s = 0 229 | #maximum_us = 100 230 | #minimum_us = 10 231 | 232 | [channel.dl.rlf] 233 | #enable = false 234 | #t_on_ms = 10000 235 | #t_off_ms = 2000 236 | 237 | [channel.dl.hst] 238 | #enable = false 239 | #period_s = 7.2 240 | #fd_hz = 750.0 241 | #init_time_s = 0.0 242 | 243 | [channel.ul] 244 | #enable = false 245 | 246 | [channel.ul.awgn] 247 | #enable = false 248 | #n0 = -30 249 | 250 | [channel.ul.fading] 251 | #enable = false 252 | #model = none 253 | 254 | [channel.ul.delay] 255 | #enable = false 256 | #period_s = 3600 257 | #init_time_s = 0 258 | #maximum_us = 100 259 | #minimum_us = 10 260 | 261 | [channel.ul.rlf] 262 | #enable = false 263 | #t_on_ms = 10000 264 | #t_off_ms = 2000 265 | 266 | [channel.ul.hst] 267 | #enable = false 268 | #period_s = 7.2 269 | #fd_hz = -750.0 270 | #init_time_s = 0.0 271 | 272 | 273 | ##################################################################### 274 | # Expert configuration options 275 | # 276 | # pusch_max_its: Maximum number of turbo decoder iterations (Default 4) 277 | # pusch_8bit_decoder: Use 8-bit for LLR representation and turbo decoder trellis computation (Experimental) 278 | # nof_phy_threads: Selects the number of PHY threads (maximum 4, minimum 1, default 3) 279 | # metrics_period_secs: Sets the period at which metrics are requested from the eNB. 280 | # metrics_csv_enable: Write eNB metrics to CSV file. 281 | # metrics_csv_filename: File path to use for CSV metrics. 282 | # pregenerate_signals: Pregenerate uplink signals after attach. Improves CPU performance. 283 | # tx_amplitude: Transmit amplitude factor (set 0-1 to reduce PAPR) 284 | # rrc_inactivity_timer Inactivity timeout used to remove UE context from RRC (in milliseconds). 285 | # max_prach_offset_us: Maximum allowed RACH offset (in us) 286 | # eea_pref_list: Ordered preference list for the selection of encryption algorithm (EEA) (default: EEA0, EEA2, EEA1). 287 | # eia_pref_list: Ordered preference list for the selection of integrity algorithm (EIA) (default: EIA2, EIA1, EIA0). 288 | # 289 | ##################################################################### 290 | [expert] 291 | #pusch_max_its = 8 # These are half iterations 292 | #pusch_8bit_decoder = false 293 | #nof_phy_threads = 3 294 | #metrics_period_secs = 1 295 | #metrics_csv_enable = false 296 | #metrics_csv_filename = /tmp/enb_metrics.csv 297 | #pregenerate_signals = false 298 | #tx_amplitude = 0.6 299 | #rrc_inactivity_timer = 30000 300 | #max_prach_offset_us = 30 301 | #eea_pref_list = EEA0, EEA2, EEA1 302 | #eia_pref_list = EIA2, EIA1, EIA0 -------------------------------------------------------------------------------- /srsLTE/sample-srs-lte-config/enb/rr.conf: -------------------------------------------------------------------------------- 1 | mac_cnfg = 2 | { 3 | phr_cnfg = 4 | { 5 | dl_pathloss_change = "dB3"; // Valid: 1, 3, 6 or INFINITY 6 | periodic_phr_timer = 50; 7 | prohibit_phr_timer = 0; 8 | }; 9 | ulsch_cnfg = 10 | { 11 | max_harq_tx = 4; 12 | periodic_bsr_timer = 20; // in ms 13 | retx_bsr_timer = 320; // in ms 14 | }; 15 | 16 | time_alignment_timer = -1; // -1 is infinity 17 | }; 18 | 19 | phy_cnfg = 20 | { 21 | phich_cnfg = 22 | { 23 | duration = "Normal"; 24 | resources = "1/6"; 25 | }; 26 | 27 | pusch_cnfg_ded = 28 | { 29 | beta_offset_ack_idx = 6; 30 | beta_offset_ri_idx = 6; 31 | beta_offset_cqi_idx = 6; 32 | }; 33 | 34 | // PUCCH-SR resources are scheduled on time-frequeny domain first, then multiplexed in the same resource. 35 | sched_request_cnfg = 36 | { 37 | dsr_trans_max = 64; 38 | period = 20; // in ms 39 | //subframe = [1, 11]; // Optional vector of subframe indices allowed for SR transmissions (default uses all) 40 | nof_prb = 2; // number of PRBs on each extreme used for SR (total prb is twice this number) 41 | }; 42 | cqi_report_cnfg = 43 | { 44 | mode = "periodic"; 45 | simultaneousAckCQI = true; 46 | period = 40; // in ms 47 | //subframe = [0, 10, 20, 30]; // Optional vector of subframe indices every period where CQI resources will be allocated (default uses all) 48 | nof_prb = 2; 49 | m_ri = 8; // RI period in CQI period 50 | }; 51 | }; 52 | 53 | cell_list = 54 | ( 55 | { 56 | // rf_port = 0; 57 | cell_id = 0x01; 58 | tac = 0x0007; 59 | pci = 1; 60 | // root_seq_idx = 204; 61 | dl_earfcn = 3350; 62 | //ul_earfcn = 21400; 63 | ho_active = false; 64 | 65 | // CA cells 66 | scell_list = ( 67 | // {cell_id = 0x02; cross_carrier_scheduling = false; scheduling_cell_id = 0x02; ul_allowed = true} 68 | ) 69 | 70 | // Cells available for handover 71 | meas_cell_list = 72 | ( 73 | { 74 | eci = 0x19C02; 75 | dl_earfcn = 2850; 76 | pci = 2; 77 | } 78 | ); 79 | 80 | // ReportCfg (only A3 supported) 81 | meas_report_desc = { 82 | a3_report_type = "RSRP"; 83 | a3_offset = 6; 84 | a3_hysteresis = 0; 85 | a3_time_to_trigger = 480; 86 | rsrq_config = 4; 87 | }; 88 | } 89 | // Add here more cells 90 | ); -------------------------------------------------------------------------------- /srsLTE/sample-srs-lte-config/enb/sib.conf: -------------------------------------------------------------------------------- 1 | sib1 = 2 | { 3 | intra_freq_reselection = "Allowed"; 4 | q_rx_lev_min = -65; 5 | //p_max = 3; 6 | cell_barred = "NotBarred" 7 | si_window_length = 20; 8 | sched_info = 9 | ( 10 | { 11 | si_periodicity = 16; 12 | 13 | // comma-separated array of SIB-indexes (from 3 to 13), leave empty or commented to just scheduler sib2 14 | si_mapping_info = [ 3 ]; 15 | } 16 | ); 17 | system_info_value_tag = 0; 18 | }; 19 | 20 | sib2 = 21 | { 22 | rr_config_common_sib = 23 | { 24 | rach_cnfg = 25 | { 26 | num_ra_preambles = 52; 27 | preamble_init_rx_target_pwr = -104; 28 | pwr_ramping_step = 6; // in dB 29 | preamble_trans_max = 10; 30 | ra_resp_win_size = 10; // in ms 31 | mac_con_res_timer = 64; // in ms 32 | max_harq_msg3_tx = 4; 33 | }; 34 | bcch_cnfg = 35 | { 36 | modification_period_coeff = 16; // in ms 37 | }; 38 | pcch_cnfg = 39 | { 40 | default_paging_cycle = 32; // in rf 41 | nB = "1"; 42 | }; 43 | prach_cnfg = 44 | { 45 | root_sequence_index = 128; 46 | prach_cnfg_info = 47 | { 48 | high_speed_flag = false; 49 | prach_config_index = 3; 50 | prach_freq_offset = 2; 51 | zero_correlation_zone_config = 5; 52 | }; 53 | }; 54 | pdsch_cnfg = 55 | { 56 | /* Warning: Currently disabled and forced to p_b=1 for TM2/3/4 and p_b=0 for TM1 57 | */ 58 | p_b = 1; 59 | rs_power = 0; 60 | }; 61 | pusch_cnfg = 62 | { 63 | n_sb = 1; 64 | hopping_mode = "inter-subframe"; 65 | pusch_hopping_offset = 2; 66 | enable_64_qam = false; // 64QAM PUSCH is not currently enabled 67 | ul_rs = 68 | { 69 | cyclic_shift = 0; 70 | group_assignment_pusch = 0; 71 | group_hopping_enabled = false; 72 | sequence_hopping_enabled = false; 73 | }; 74 | }; 75 | pucch_cnfg = 76 | { 77 | delta_pucch_shift = 2; 78 | n_rb_cqi = 2; 79 | n_cs_an = 0; 80 | n1_pucch_an = 12; 81 | }; 82 | ul_pwr_ctrl = 83 | { 84 | p0_nominal_pusch = -85; 85 | alpha = 0.7; 86 | p0_nominal_pucch = -107; 87 | delta_flist_pucch = 88 | { 89 | format_1 = 0; 90 | format_1b = 3; 91 | format_2 = 1; 92 | format_2a = 2; 93 | format_2b = 2; 94 | }; 95 | delta_preamble_msg3 = 6; 96 | }; 97 | ul_cp_length = "len1"; 98 | }; 99 | 100 | ue_timers_and_constants = 101 | { 102 | t300 = 2000; // in ms 103 | t301 = 100; // in ms 104 | t310 = 200; // in ms 105 | n310 = 1; 106 | t311 = 10000; // in ms 107 | n311 = 1; 108 | }; 109 | 110 | freqInfo = 111 | { 112 | ul_carrier_freq_present = true; 113 | ul_bw_present = true; 114 | additional_spectrum_emission = 1; 115 | }; 116 | 117 | time_alignment_timer = "INFINITY"; // use "sf500", "sf750", etc. 118 | }; 119 | 120 | sib3 = 121 | { 122 | cell_reselection_common = { 123 | q_hyst = 2; // in dB 124 | }, 125 | cell_reselection_serving = { 126 | s_non_intra_search = 3, 127 | thresh_serving_low = 2, 128 | cell_resel_prio = 6 129 | }, 130 | intra_freq_reselection = { 131 | q_rx_lev_min = -61, 132 | p_max = 23, 133 | s_intra_search = 5, 134 | presence_ant_port_1 = true, 135 | neigh_cell_cnfg = 1, 136 | t_resel_eutra = 1 137 | } 138 | }; 139 | 140 | ##################################################################### 141 | # sib7 configuration options (See TS 36.331) 142 | # Contains GERAN neighbor information for CSFB and inter-rat handover. 143 | # Must be added to sib1::sched_info::si_mapping_info array parameter to be transmitted 144 | # 145 | # t_resel_geran: Cell reselection timer (seconds) 146 | # carrier_freqs_info_list: A list of carrier frequency groups. 147 | # cell_resel_prio: Absolute priority of the carrier frequency group 148 | # ncc_permitted: 8-bit bitmap of NCC carriers permitted for monitoring 149 | # q_rx_lev_min: Minimum receive level in gsm cell, ([field_val] * 2) - 115 = [level in dBm] 150 | # thresh_x_high: Srclev threshold (dB) to select to a higher-priority RAT/Frequency 151 | # thresh_x_low: Srclev threshold (dB) to select to a lower-priority RAT/Frequency 152 | # start_arfcn: Initial search ARFCN value 153 | # band_ind: One of "dcs1800" or "pcs1900" Disambiguates ARFCNs in these bands, has no meaning for other ARFCNs. 154 | # explicit_list_of_arfcns: List of ARFCN numbers in the group 155 | # 156 | ##################################################################### 157 | sib7 = 158 | { 159 | t_resel_geran = 1; 160 | carrier_freqs_info_list = 161 | ( 162 | { 163 | cell_resel_prio = 0; 164 | ncc_permitted = 255; 165 | q_rx_lev_min = 0; 166 | thresh_x_high = 2; 167 | thresh_x_low = 2; 168 | 169 | start_arfcn = 871; 170 | band_ind = "dcs1800"; 171 | explicit_list_of_arfcns = ( 172 | 871 173 | ); 174 | } 175 | ); 176 | }; -------------------------------------------------------------------------------- /x86-Architecture/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /x86-Architecture/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: open5gs-epc-helm 3 | description: A Helm chart for open5gs 4G EPC 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.0.1 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | appVersion: 2.22.0 24 | -------------------------------------------------------------------------------- /x86-Architecture/Dockerfiles/aws-secondary-ip-sync-controller/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM flant/shell-operator:latest 2 | 3 | ADD hooks /hooks 4 | 5 | ENV GLIBC_VER=2.31-r0 6 | 7 | # install glibc compatibility for alpine 8 | RUN apk --no-cache add \ 9 | bind-tools \ 10 | unzip \ 11 | curl \ 12 | binutils \ 13 | curl \ 14 | && curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \ 15 | && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk \ 16 | && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk \ 17 | && apk add --no-cache \ 18 | glibc-${GLIBC_VER}.apk \ 19 | glibc-bin-${GLIBC_VER}.apk \ 20 | && curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip \ 21 | && unzip awscliv2.zip \ 22 | && aws/install \ 23 | && rm -rf \ 24 | awscliv2.zip \ 25 | aws \ 26 | /usr/local/aws-cli/v2/*/dist/aws_completer \ 27 | /usr/local/aws-cli/v2/*/dist/awscli/data/ac.index \ 28 | /usr/local/aws-cli/v2/*/dist/awscli/examples \ 29 | && apk --no-cache del \ 30 | binutils \ 31 | && rm glibc-${GLIBC_VER}.apk \ 32 | && rm glibc-bin-${GLIBC_VER}.apk \ 33 | && rm -rf /var/cache/apk/* \ 34 | && chmod +x /hooks/sync-secondary-ip.sh -------------------------------------------------------------------------------- /x86-Architecture/Dockerfiles/aws-secondary-ip-sync-controller/hooks/sync-secondary-ip.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #set -xv 3 | 4 | ARRAY_COUNT=`jq -r '. | length-1' $BINDING_CONTEXT_PATH` 5 | 6 | touch /root/secondary-eni-ip-pod-mappings.txt 7 | 8 | function AddIPToEC2Instance() { 9 | echo -e "Pod ${resourceName} has been created, proceeding to associate the necessary secondary IPs with the EC2 instance \n" 10 | 11 | echo "Sleeping for 5 secs for interfaces to be up and running" 12 | 13 | sleep 5 14 | 15 | for macAddress in $(kubectl -n ${resourceNameSpace} get po ${resourceName} -o jsonpath='{.metadata.annotations.k8s\.v1\.cni\.cncf\.io/networks-status}' | grep mac | awk '{print $NF}' | sed 's/"//g;s/,//g') 16 | do 17 | 18 | instance_region=$(curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) 19 | 20 | eni=$(aws --region $instance_region ec2 describe-network-interfaces \ 21 | | grep -A 1 ${macAddress} | grep NetworkInterfaceId | \ 22 | awk '{print $NF}' | sed 's/,//g;s/"//g') 23 | 24 | instance_id=$(aws --region $instance_region ec2 describe-network-interface-attribute \ 25 | --network-interface-id ${eni} --attribute \ 26 | attachment | jq -r .Attachment.InstanceId) 27 | 28 | ip_address=$(kubectl -n ${resourceNameSpace} get po ${resourceName} -o jsonpath='{.metadata.annotations.k8s\.v1\.cni\.cncf\.io/networks-status}' | grep -B 2 "$macAddress" | head -1 | awk '{print $NF}' | sed 's/"//g;s/,//g') 29 | 30 | echo -e "Adding $ip_address to instance ${instance_id} \n" 31 | 32 | aws --region $instance_region ec2 assign-private-ip-addresses \ 33 | --network-interface-id $eni \ 34 | --private-ip-addresses $ip_address \ 35 | --allow-reassignment 36 | 37 | echo -e "Finished allocating IP $ip_address to instance ${instance_id} to ENI ${eni} \n" 38 | 39 | # Save the eni and IP info in state file, this will be used when POD is deleted 40 | 41 | echo "${resourceName} ${instance_region} $eni $ip_address" >> /root/secondary-eni-ip-pod-mappings.txt 42 | 43 | done 44 | } 45 | 46 | function DetachIPFromEC2Instance() { 47 | echo "Pod ${resourceName} has been deleted, proceeding to dissociate the necessary secondary IPs from the EC2 instance" 48 | 49 | # Make grep to return complete line instead of individual words when used in FOR loop 50 | IFS=$'\n' 51 | 52 | # Retrieve POD IPs that was saved in the state file using the POD name 53 | for entry in $(grep ${resourceName} /root/secondary-eni-ip-pod-mappings.txt) 54 | do 55 | ip_address=$(echo ${entry} | awk '{print $NF}') 56 | 57 | eni=$(echo ${entry} | awk '{print $3}') 58 | 59 | region=$(echo ${entry} | awk '{print $2}') 60 | 61 | aws --region ${region} ec2 unassign-private-ip-addresses --network-interface-id \ 62 | ${eni} --private-ip-addresses ${ip_address} 63 | 64 | echo "Secondary IP ${ip_address} entry for pod ${resourceName} has been removed from ${eni}" 65 | 66 | done 67 | 68 | IFS="" 69 | 70 | #Remove pod eni IP mapping entry in the state file 71 | sed -i "/${resourceName}/d" /root/secondary-eni-ip-pod-mappings.txt 72 | 73 | } 74 | 75 | if [[ $1 == "--config" ]] ; then 76 | cat < /tmp/${resourceName}.json 53 | 54 | aws --region ${region} route53 change-resource-record-sets --hosted-zone-id ${zoneID} \ 55 | --change-batch file:///tmp/${resourceName}.json 56 | 57 | rm -rf /tmp/${resourceName}.json 58 | 59 | echo "Record ${route53ServiceName} has been mapped to ${multusPodIP} in route53" 60 | 61 | localRoute53mapping="${resourceName} ${route53ServiceName} ${multusPodIP} ${zoneID}" 62 | 63 | echo ${localRoute53mapping} >> /route53_service_id_record.txt 64 | } 65 | 66 | function RemoveServiceNameFromroute53() { 67 | echo "Pod ${resourceName} has been deleted, proceeding to remove the A record for the service in route53" 68 | 69 | deleteTemplate='{ 70 | "Comment": "Delete single record set", 71 | "Changes": [ 72 | { 73 | "Action": "DELETE", 74 | "ResourceRecordSet": { 75 | "Name": "DOMAIN", 76 | "Type": "A", 77 | "TTL": 30, 78 | "ResourceRecords": [ 79 | { 80 | "Value": "IP_ADDR" 81 | } 82 | ] 83 | } 84 | } 85 | ] 86 | }' 87 | 88 | IFS=$'\n' 89 | 90 | for record in $(grep ${resourceName} /route53_service_id_record.txt) 91 | do 92 | route53ServiceName=$(echo ${record} | awk '{print $2}') 93 | 94 | route53IPentry=$(echo ${record} | awk '{print $3}') 95 | 96 | zoneID=$(echo ${record} | awk '{print $NF}') 97 | 98 | echo $deleteTemplate | sed "s/DOMAIN/${route53ServiceName}./g;s/IP_ADDR/${route53IPentry}/g" \ 99 | | jq . > /tmp/${resourceName}-deletion.json 100 | 101 | aws --region ${region} route53 change-resource-record-sets --hosted-zone-id ${zoneID} \ 102 | --change-batch file:///tmp/${resourceName}-deletion.json 103 | 104 | #Remove route53 service mapping entry in the records file 105 | sed -i "/${route53IPentry}/d" /route53_service_id_record.txt 106 | echo "${route53IPentry} entry for POD ${resourceName} for DNS ${route53ServiceName} in route53 has been removed" 107 | done 108 | 109 | IFS="" 110 | } 111 | 112 | #function RemoveMultusIPFromEC2() { 113 | # #statements 114 | #} 115 | 116 | if [[ $1 == "--config" ]] ; then 117 | cat < 4 | 5 | ENV DEBIAN_FRONTEND noninteractive 6 | 7 | RUN apt-get update && \ 8 | apt-get -yq dist-upgrade && \ 9 | apt-get install -y --no-install-recommends \ 10 | python3-pip \ 11 | python3-setuptools \ 12 | python3-wheel \ 13 | ninja-build \ 14 | build-essential \ 15 | flex \ 16 | bison \ 17 | git \ 18 | meson \ 19 | libsctp-dev \ 20 | libgnutls28-dev \ 21 | libgcrypt-dev \ 22 | libssl-dev \ 23 | libidn11-dev \ 24 | libmongoc-dev \ 25 | libbson-dev \ 26 | libyaml-dev \ 27 | libmicrohttpd-dev \ 28 | libcurl4-gnutls-dev \ 29 | libnghttp2-dev \ 30 | iproute2 \ 31 | ca-certificates \ 32 | netbase \ 33 | net-tools \ 34 | iptables \ 35 | dnsutils \ 36 | pkg-config && \ 37 | apt-get clean && \ 38 | git clone -b v2.2.6 --recursive https://github.com/open5gs/open5gs && \ 39 | cd open5gs && meson build --prefix=/ && ninja -C build && cd build && ninja install 40 | 41 | WORKDIR / -------------------------------------------------------------------------------- /x86-Architecture/Dockerfiles/open5gs-epc/web-gui: -------------------------------------------------------------------------------- 1 | FROM node:12.22.1-alpine 2 | 3 | RUN apk update && apk add git && \ 4 | git clone -b v2.2.6 https://github.com/open5gs/open5gs.git 5 | 6 | WORKDIR /open5gs/webui 7 | 8 | RUN npm install && \ 9 | npm run build 10 | 11 | CMD npm run start 12 | 13 | EXPOSE 3000 14 | -------------------------------------------------------------------------------- /x86-Architecture/ca-tls-certificates/make_certs.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | #Script to generate required SSL certs 4 | 5 | if ls ./*.pem 2>/dev/null 1>&2; then 6 | echo "certificates exists..., no need to generate SSL certs" 7 | exit 8 | fi 9 | 10 | FILE=/etc/pki/CA/serial 11 | 12 | if [[ ! -f "$FILE" ]]; then 13 | echo "$FILE does not exist, proceeding to create it" 14 | echo '1000' | sudo tee /etc/pki/CA/serial 15 | fi 16 | 17 | sudo touch /etc/pki/CA/index.txt 18 | 19 | wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem 20 | 21 | openssl req -new -batch -x509 -days 3650 -nodes -newkey rsa:1024 -out ./cacert.pem -keyout cakey.pem -subj /CN=ca.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests 22 | openssl genrsa -out ./mme.key.pem 1024 23 | openssl req -new -batch -out mme.csr.pem -key ./mme.key.pem -subj /CN=mme.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests 24 | sudo openssl ca -cert ./cacert.pem -days 3650 -keyfile cakey.pem -in mme.csr.pem -out ./mme.cert.pem -outdir . -batch 25 | openssl genrsa -out ./hss.key.pem 1024 26 | openssl req -new -batch -out hss.csr.pem -key ./hss.key.pem -subj /CN=hss.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests 27 | sudo openssl ca -cert ./cacert.pem -days 3650 -keyfile cakey.pem -in hss.csr.pem -out ./hss.cert.pem -outdir . -batch 28 | openssl genrsa -out ./smf.key.pem 1024 29 | openssl req -new -batch -out smf.csr.pem -key ./smf.key.pem -subj /CN=smf.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests 30 | sudo openssl ca -cert ./cacert.pem -days 3650 -keyfile cakey.pem -in smf.csr.pem -out ./smf.cert.pem -outdir . -batch 31 | openssl genrsa -out ./pcrf.key.pem 1024 32 | openssl req -new -batch -out pcrf.csr.pem -key ./pcrf.key.pem -subj /CN=pcrf.localdomain/C=KO/ST=Seoul/L=Nowon/O=Open5GS/OU=Tests 33 | sudo openssl ca -cert ./cacert.pem -days 3650 -keyfile cakey.pem -in pcrf.csr.pem -out ./pcrf.cert.pem -outdir . -batch 34 | -------------------------------------------------------------------------------- /x86-Architecture/cluster_initializer.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | #Script written to install the pre-requisite resources that are needed 4 | 5 | echo -e "Creating open5gs namespace....\n" 6 | 7 | echo 8 | 9 | kubectl create ns open5gs 10 | 11 | echo -e "Checking and creating the needed certificates if not already created....\n" 12 | 13 | echo 14 | 15 | cd ca-tls-certificates 16 | 17 | ./make_certs.sh 18 | 19 | kubectl -n open5gs create secret generic mongodb-ca --from-file=rds-combined-ca-bundle.pem 20 | 21 | kubectl -n open5gs create secret generic diameter-ca --from-file=cacert.pem 22 | 23 | kubectl -n open5gs create secret tls hss-tls \ 24 | --cert=hss.cert.pem \ 25 | --key=hss.key.pem 26 | 27 | kubectl -n open5gs create secret tls mme-tls \ 28 | --cert=mme.cert.pem \ 29 | --key=mme.key.pem 30 | 31 | kubectl -n open5gs create secret tls pcrf-tls \ 32 | --cert=pcrf.cert.pem \ 33 | --key=pcrf.key.pem 34 | 35 | kubectl -n open5gs create secret tls smf-tls \ 36 | --cert=smf.cert.pem \ 37 | --key=smf.key.pem 38 | 39 | echo -e "Installing multus daemonset\n" 40 | 41 | echo 42 | 43 | https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/multus/v3.7.2-eksbuild.1/aws-k8s-multus.yaml 44 | 45 | cd .. 46 | 47 | echo -e "Creating the multus network attachments\n" 48 | 49 | echo 50 | 51 | kubectl apply -f multus-networks/ 52 | 53 | echo -e "Creating RBAC entries and deployments for the required controllers\n" 54 | 55 | echo 56 | 57 | kubectl apply -f controllers/rbac/ 58 | 59 | kubectl apply -f controllers/deployments/ 60 | 61 | echo -e "The pre-requisite resources have been installed, see below for the status\n" 62 | 63 | echo 64 | 65 | kubectl get -n kube-system po 66 | 67 | echo 68 | 69 | kubectl -n open5gs get secret 70 | 71 | echo "You can now proceed to install the Helm chart" 72 | -------------------------------------------------------------------------------- /x86-Architecture/controllers/deployments/aws-secondary-int-controller-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: multus-secondary-ip-ec2-mapping-operator 5 | namespace: kube-system 6 | labels: 7 | app: multus-secondary-ip-ec2-mapping 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: multus-secondary-ip-ec2-mapping 13 | template: 14 | metadata: 15 | labels: 16 | app: multus-secondary-ip-ec2-mapping 17 | spec: 18 | containers: 19 | - name: shell-operator 20 | image: { AWS_SEC_IP_CONTROLLER_IMAGE } 21 | serviceAccountName: multus-sec-ip-operator-acct 22 | -------------------------------------------------------------------------------- /x86-Architecture/controllers/deployments/svc-watcher-route53-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: multus-route53-service-operator 5 | namespace: kube-system 6 | labels: 7 | app: multus-route53-service 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: multus-route53-service 13 | template: 14 | metadata: 15 | labels: 16 | app: multus-route53-service 17 | spec: 18 | containers: 19 | - name: shell-operator 20 | image: { SVC_DISCOVERY_CONTROLLER_IMAGE } 21 | serviceAccountName: multus-service-route53-acct 22 | -------------------------------------------------------------------------------- /x86-Architecture/controllers/rbac/aws-secondary-int-controller-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: multus-sec-ip-operator-acct 6 | namespace: kube-system 7 | 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1beta1 10 | kind: ClusterRole 11 | metadata: 12 | name: multus-sec-ip-operator 13 | rules: 14 | - apiGroups: [""] 15 | resources: ["pods"] 16 | verbs: ["get", "watch", "list"] 17 | - apiGroups: [""] 18 | resources: ["pods/exec"] 19 | verbs: ["create"] 20 | 21 | --- 22 | apiVersion: rbac.authorization.k8s.io/v1beta1 23 | kind: ClusterRoleBinding 24 | metadata: 25 | name: multus-sec-ip-operator 26 | roleRef: 27 | apiGroup: rbac.authorization.k8s.io 28 | kind: ClusterRole 29 | name: multus-sec-ip-operator 30 | subjects: 31 | - kind: ServiceAccount 32 | name: multus-sec-ip-operator-acct 33 | namespace: kube-system 34 | -------------------------------------------------------------------------------- /x86-Architecture/controllers/rbac/svc-watcher-route53-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: multus-service-route53-acct 6 | namespace: kube-system 7 | 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1beta1 10 | kind: ClusterRole 11 | metadata: 12 | name: multus-service-route53-monitor-pods 13 | rules: 14 | - apiGroups: [""] 15 | resources: ["pods"] 16 | verbs: ["get", "watch", "list"] 17 | 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1beta1 20 | kind: ClusterRoleBinding 21 | metadata: 22 | name: multus-service-route53-monitor-pods 23 | roleRef: 24 | apiGroup: rbac.authorization.k8s.io 25 | kind: ClusterRole 26 | name: multus-service-route53-monitor-pods 27 | subjects: 28 | - kind: ServiceAccount 29 | name: multus-service-route53-acct 30 | namespace: kube-system 31 | -------------------------------------------------------------------------------- /x86-Architecture/multus-networks/multus-sub-net-1-cp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "k8s.cni.cncf.io/v1" 2 | kind: NetworkAttachmentDefinition 3 | metadata: 4 | name: ipvlan-multus-sub-1-cp 5 | namespace: open5gs 6 | spec: 7 | config: '{ 8 | "cniVersion": "0.3.1", 9 | "type": "ipvlan", 10 | "master": "eth1", 11 | "mode": "l3", 12 | "ipam": { 13 | "type": "host-local", 14 | "subnet": "10.0.4.0/24", 15 | "rangeStart": "10.0.4.200", 16 | "rangeEnd": "10.0.4.220", 17 | "gateway": "10.0.4.1" 18 | } 19 | }' -------------------------------------------------------------------------------- /x86-Architecture/multus-networks/multus-sub-net-1-up.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "k8s.cni.cncf.io/v1" 2 | kind: NetworkAttachmentDefinition 3 | metadata: 4 | name: ipvlan-multus-sub-1-up 5 | namespace: open5gs 6 | spec: 7 | config: '{ 8 | "cniVersion": "0.3.1", 9 | "type": "ipvlan", 10 | "master": "eth1", 11 | "mode": "l3", 12 | "ipam": { 13 | "type": "host-local", 14 | "subnet": "10.0.4.0/24", 15 | "rangeStart": "10.0.4.221", 16 | "rangeEnd": "10.0.4.250", 17 | "gateway": "10.0.4.1" 18 | } 19 | }' -------------------------------------------------------------------------------- /x86-Architecture/multus-networks/multus-sub-net-2-user-plane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "k8s.cni.cncf.io/v1" 2 | kind: NetworkAttachmentDefinition 3 | metadata: 4 | name: ipvlan-multus-sub-2 5 | namespace: open5gs 6 | spec: 7 | config: '{ 8 | "cniVersion": "0.3.1", 9 | "type": "ipvlan", 10 | "master": "eth2", 11 | "mode": "l3", 12 | "ipam": { 13 | "type": "host-local", 14 | "subnet": "10.0.6.0/24", 15 | "rangeStart": "10.0.6.200", 16 | "rangeEnd": "10.0.6.220", 17 | "gateway": "10.0.6.1" 18 | } 19 | }' -------------------------------------------------------------------------------- /x86-Architecture/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Status after deployment: 2 | 3 | kubectl --namespace {{ .Release.Namespace }} get all -------------------------------------------------------------------------------- /x86-Architecture/templates/hss-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-hss-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: hss 8 | data: 9 | hss.yaml: | 10 | db_uri: {{ .Values.mongo.uri }} 11 | 12 | logger: 13 | file: /var/log/open5gs/hss.log 14 | 15 | parameter: 16 | 17 | hss: 18 | freeDiameter: /open5gs/config-map/diameter-hss.conf -------------------------------------------------------------------------------- /x86-Architecture/templates/hss-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-hss-deployment 5 | labels: 6 | epc-mode: hss 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | epc-mode: hss 12 | template: 13 | metadata: 14 | annotations: 15 | route53-service-name: '[ 16 | { "name": "s6a.hss.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } 17 | ]' 18 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } 19 | ]' 20 | labels: 21 | epc-mode: hss 22 | spec: 23 | nodeSelector: 24 | nodegroup: control-plane 25 | initContainers: 26 | - name: init-hss 27 | image: busybox:1.28 28 | command: ['sh', '-c', "until nslookup s6a.mme.open5gs.service >> /dev/null; do echo waiting for mme DNS record to be ready; done"] 29 | containers: 30 | - name: hss 31 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 32 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 33 | command: ["/bin/sh", "-c"] 34 | args: 35 | - sleep 10; 36 | open5gs-hssd -c /open5gs/config-map/hss.yaml 37 | volumeMounts: 38 | - name: open5gs-hss-config 39 | mountPath: /open5gs/config-map/hss.yaml 40 | subPath: "hss.yaml" 41 | - name: open5gs-hss-diameter 42 | mountPath: /open5gs/config-map/diameter-hss.conf 43 | subPath: "diameter-hss.conf" 44 | - mountPath: "/root/" 45 | name: mongo-ca-cert 46 | readOnly: true 47 | - mountPath: "/open5gs/diameter-ca/" 48 | name: diameter-ca 49 | - mountPath: "/open5gs/tls/" 50 | name: hss-tls 51 | volumes: 52 | - name: open5gs-hss-config 53 | configMap: 54 | name: open5gs-hss-config 55 | - name: open5gs-hss-diameter 56 | configMap: 57 | name: open5gs-hss-diameter 58 | - name: mongo-ca-cert 59 | secret: 60 | secretName: {{ .Values.mongo.caSecretName }} 61 | - name: diameter-ca 62 | secret: 63 | secretName: {{ .Values.diameter.caSecretName }} 64 | - name: hss-tls 65 | secret: 66 | secretName: {{ .Values.hss.tlsSecretName }} 67 | -------------------------------------------------------------------------------- /x86-Architecture/templates/hss-free-diameter-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-hss-diameter 5 | namespace: open5gs 6 | labels: 7 | epc-mode: hss 8 | data: 9 | diameter-hss.conf: | 10 | # This is a sample configuration file for freeDiameter daemon. 11 | 12 | # Most of the options can be omitted, as they default to reasonable values. 13 | # Only TLS-related options must be configured properly in usual setups. 14 | 15 | # It is possible to use "include" keyword to import additional files 16 | # e.g.: include "/etc/freeDiameter.d/*.conf" 17 | # This is exactly equivalent as copy & paste the content of the included file(s) 18 | # where the "include" keyword is found. 19 | 20 | 21 | ############################################################## 22 | ## Peer identity and realm 23 | 24 | # The Diameter Identity of this daemon. 25 | # This must be a valid FQDN that resolves to the local host. 26 | # Default: hostname's FQDN 27 | #Identity = "aaa.koganei.freediameter.net"; 28 | Identity = "hss.localdomain"; 29 | 30 | # The Diameter Realm of this daemon. 31 | # Default: the domain part of Identity (after the first dot). 32 | #Realm = "koganei.freediameter.net"; 33 | Realm = "localdomain"; 34 | 35 | ############################################################## 36 | ## Transport protocol configuration 37 | 38 | # The port this peer is listening on for incoming connections (TCP and SCTP). 39 | # Default: 3868. Use 0 to disable. 40 | #Port = 3868; 41 | 42 | # The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). 43 | # See TLS_old_method for more information about TLS flavours. 44 | # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. 45 | # Default: 5868. Use 0 to disable. 46 | #SecPort = 5868; 47 | 48 | # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 49 | # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 50 | # CER/CEA exchange on a dedicated secure port. 51 | # This parameter only affects outgoing connections. 52 | # The setting can be also defined per-peer (see Peers configuration section). 53 | # Default: use RFC6733 method with separate port for TLS. 54 | #TLS_old_method; 55 | 56 | # Disable use of TCP protocol (only listen and connect over SCTP) 57 | # Default : TCP enabled 58 | #No_TCP; 59 | 60 | # Disable use of SCTP protocol (only listen and connect over TCP) 61 | # Default : SCTP enabled 62 | #No_SCTP; 63 | # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. 64 | 65 | # Prefer TCP instead of SCTP for establishing new connections. 66 | # This setting may be overwritten per peer in peer configuration blocs. 67 | # Default : SCTP is attempted first. 68 | #Prefer_TCP; 69 | 70 | # Default number of streams per SCTP associations. 71 | # This setting may be overwritten per peer basis. 72 | # Default : 30 streams 73 | #SCTP_streams = 30; 74 | 75 | ############################################################## 76 | ## Endpoint configuration 77 | 78 | # Disable use of IP addresses (only IPv6) 79 | # Default : IP enabled 80 | #No_IP; 81 | 82 | # Disable use of IPv6 addresses (only IP) 83 | # Default : IPv6 enabled 84 | #No_IPv6; 85 | 86 | # Specify local addresses the server must bind to 87 | # Default : listen on all addresses available. 88 | #ListenOn = "202.249.37.5"; 89 | #ListenOn = "2001:200:903:2::202:1"; 90 | #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; 91 | #ListenOn = "127.0.0.8"; 92 | 93 | 94 | ############################################################## 95 | ## Server configuration 96 | 97 | # How many Diameter peers are allowed to be connecting at the same time ? 98 | # This parameter limits the number of incoming connections from the time 99 | # the connection is accepted until the first CER is received. 100 | # Default: 5 unidentified clients in paralel. 101 | #ThreadsPerServer = 5; 102 | 103 | ############################################################## 104 | ## TLS Configuration 105 | 106 | # TLS is managed by the GNUTLS library in the freeDiameter daemon. 107 | # You may find more information about parameters and special behaviors 108 | # in the relevant documentation. 109 | # http://www.gnu.org/software/gnutls/manual/ 110 | 111 | # Credentials of the local peer 112 | # The X509 certificate and private key file to use for the local peer. 113 | # The files must contain PKCS-1 encoded RSA key, in PEM format. 114 | # (These parameters are passed to gnutls_certificate_set_x509_key_file function) 115 | # Default : NO DEFAULT 116 | #TLS_Cred = "" , ""; 117 | #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; 118 | TLS_Cred = "/open5gs/tls/tls.crt", "/open5gs/tls/tls.key"; 119 | 120 | # Certificate authority / trust anchors 121 | # The file containing the list of trusted Certificate Authorities (PEM list) 122 | # (This parameter is passed to gnutls_certificate_set_x509_trust_file function) 123 | # The directive can appear several times to specify several files. 124 | # Default : GNUTLS default behavior 125 | #TLS_CA = ""; 126 | TLS_CA = "/open5gs/diameter-ca/cacert.pem"; 127 | 128 | # Certificate Revocation List file 129 | # The information about revoked certificates. 130 | # The file contains a list of trusted CRLs in PEM format. They should have been verified before. 131 | # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) 132 | # Note: openssl CRL format might have interoperability issue with GNUTLS format. 133 | # Default : GNUTLS default behavior 134 | #TLS_CRL = ""; 135 | 136 | # GNU TLS Priority string 137 | # This string allows to configure the behavior of GNUTLS key exchanges 138 | # algorithms. See gnutls_priority_init function documentation for information. 139 | # You should also refer to the Diameter required TLS support here: 140 | # http://tools.ietf.org/html/rfc6733#section-13.1 141 | # Default : "NORMAL" 142 | # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; 143 | #TLS_Prio = "NORMAL"; 144 | 145 | # Diffie-Hellman parameters size 146 | # Set the number of bits for generated DH parameters 147 | # Valid value should be 768, 1024, 2048, 3072 or 4096. 148 | # (This parameter is passed to gnutls_dh_params_generate2 function, 149 | # it usually should match RSA key size) 150 | # Default : 1024 151 | #TLS_DH_Bits = 1024; 152 | 153 | # Alternatively, you can specify a file to load the PKCS#3 encoded 154 | # DH parameters directly from. This accelerates the daemon start 155 | # but is slightly less secure. If this file is provided, the 156 | # TLS_DH_Bits parameters has no effect. 157 | # Default : no default. 158 | #TLS_DH_File = ""; 159 | 160 | 161 | ############################################################## 162 | ## Timers configuration 163 | 164 | # The Tc timer of this peer. 165 | # It is the delay before a new attempt is made to reconnect a disconnected peer. 166 | # The value is expressed in seconds. The recommended value is 30 seconds. 167 | # Default: 30 168 | #TcTimer = 30; 169 | 170 | # The Tw timer of this peer. 171 | # It is the delay before a watchdog message is sent, as described in RFC 3539. 172 | # The value is expressed in seconds. The default value is 30 seconds. Value must 173 | # be greater or equal to 6 seconds. See details in the RFC. 174 | # Default: 30 175 | #TwTimer = 30; 176 | 177 | ############################################################## 178 | ## Applications configuration 179 | 180 | # Disable the relaying of Diameter messages? 181 | # For messages not handled locally, the default behavior is to forward the 182 | # message to another peer if any is available, according to the routing 183 | # algorithms. In addition the "0xffffff" application is advertised in CER/CEA 184 | # exchanges. 185 | # Default: Relaying is enabled. 186 | #NoRelay; 187 | 188 | # Number of server threads that can handle incoming messages at the same time. 189 | # Default: 4 190 | #AppServThreads = 4; 191 | 192 | # Other applications are configured by loaded extensions. 193 | 194 | ############################################################## 195 | ## Extensions configuration 196 | 197 | # The freeDiameter framework merely provides support for 198 | # Diameter Base Protocol. The specific application behaviors, 199 | # as well as advanced functions, are provided 200 | # by loadable extensions (plug-ins). 201 | # These extensions may in addition receive the name of a 202 | # configuration file, the format of which is extension-specific. 203 | # 204 | # Format: 205 | #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; 206 | # 207 | # Examples: 208 | #LoadExtension = "extensions/sample.fdx"; 209 | #LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; 210 | 211 | # Extensions are named as follow: 212 | # dict_* for extensions that add content to the dictionary definitions. 213 | # dbg_* for extensions useful only to retrieve more information on the framework execution. 214 | # acl_* : Access control list, to control which peers are allowed to connect. 215 | # rt_* : routing extensions that impact how messages are forwarded to other peers. 216 | # app_* : applications, these extensions usually register callbacks to handle specific messages. 217 | # test_* : dummy extensions that are useful only in testing environments. 218 | 219 | 220 | # The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some 221 | # information about some events. This extension does not actually use a configuration file 222 | # but receives directly a parameter in the string passed to the extension. Here are some examples: 223 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. 224 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. 225 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. 226 | # The four digits respectively control: connections, routing decisions, sent/received messages, errors. 227 | # The values for each digit are: 228 | # 0 - default - keep the default behavior 229 | # 1 - quiet - remove any specific log 230 | # 2 - compact - display only a summary of the information 231 | # 4 - full - display the complete information on a single long line 232 | # 8 - tree - display the complete information in an easier to read format spanning several lines. 233 | 234 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx" : "0x8888"; 235 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_rfc5777.fdx"; 236 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_mip6i.fdx"; 237 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_nasreq.fdx"; 238 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx"; 239 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca.fdx"; 240 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx"; 241 | 242 | 243 | ############################################################## 244 | ## Peers configuration 245 | 246 | # The local server listens for incoming connections. By default, 247 | # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). 248 | # 249 | # In addition to incoming connections, the local peer can 250 | # be configured to establish and maintain connections to some 251 | # Diameter nodes and allow connections from these nodes. 252 | # This is achieved with the ConnectPeer directive described below. 253 | # 254 | # Note that the configured Diameter Identity MUST match 255 | # the information received inside CEA, or the connection will be aborted. 256 | # 257 | # Format: 258 | #ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; 259 | # Parameters that can be specified in the peer's parameter list: 260 | # No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; 261 | # No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). 262 | # Port = 5868; # The port to connect to 263 | # TcTimer = 30; 264 | # TwTimer = 30; 265 | # ConnectTo = "202.249.37.5"; 266 | # ConnectTo = "2001:200:903:2::202:1"; 267 | # TLS_Prio = "NORMAL"; 268 | # Realm = "realm.net"; # Reject the peer if it does not advertise this realm. 269 | # Examples: 270 | #ConnectPeer = "aaa.wide.ad.jp"; 271 | #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; 272 | ConnectPeer = "mme.localdomain" { ConnectTo = "s6a.mme.open5gs.service"; No_TLS; }; 273 | 274 | ############################################################## -------------------------------------------------------------------------------- /x86-Architecture/templates/mme-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-mme-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: mme 8 | data: 9 | mme.yaml: | 10 | logger: 11 | file: /var/log/open5gs/mme.log 12 | 13 | parameter: 14 | 15 | mme: 16 | freeDiameter: /open5gs/config-map/diameter-mme.conf 17 | s1ap: 18 | dev: net1 19 | gtpc: 20 | dev: net1 21 | gummei: 22 | plmn_id: 23 | mcc: {{ .Values.mme.mcc }} 24 | mnc: {{ .Values.mme.mnc }} 25 | mme_gid: 2 26 | mme_code: 1 27 | tai: 28 | plmn_id: 29 | mcc: {{ .Values.mme.mcc }} 30 | mnc: {{ .Values.mme.mnc }} 31 | tac: {{ .Values.mme.tac }} 32 | security: 33 | integrity_order : [ EIA1, EIA2, EIA0 ] 34 | ciphering_order : [ EEA0, EEA1, EEA2 ] 35 | network_name: 36 | full: Open5GS 37 | 38 | sgwc: 39 | gtpc: 40 | - name: s11.sgwc.open5gs.service 41 | smf: 42 | gtpc: 43 | - name: s5.smf.open5gs.service 44 | -------------------------------------------------------------------------------- /x86-Architecture/templates/mme-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-mme-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: mme 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: mme 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "s6a.mme.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } 20 | ]' 21 | labels: 22 | epc-mode: mme 23 | spec: 24 | nodeSelector: 25 | nodegroup: control-plane 26 | initContainers: 27 | - name: init-mme 28 | image: busybox:1.28 29 | command: ['sh', '-c'] 30 | args: 31 | - until nslookup s6a.hss.open5gs.service >> /dev/null; do echo waiting for hss DNS record to be ready;done; 32 | until nslookup s11.sgwc.open5gs.service >> /dev/null; do echo waiting for sgwc DNS record to be ready; done; 33 | until nslookup s5.smf.open5gs.service >> /dev/null; do echo waiting for smf DNS record to be ready; done; 34 | containers: 35 | - name: mme 36 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 37 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 38 | command: ["/bin/sh", "-c"] 39 | args: 40 | - sleep 10; 41 | open5gs-mmed -c /open5gs/config-map/mme.yaml 42 | volumeMounts: 43 | - name: open5gs-mme-config 44 | mountPath: /open5gs/config-map/mme.yaml 45 | subPath: "mme.yaml" 46 | - name: open5gs-mme-diameter 47 | mountPath: /open5gs/config-map/diameter-mme.conf 48 | subPath: "diameter-mme.conf" 49 | - mountPath: "/open5gs/diameter-ca/" 50 | name: diameter-ca 51 | - mountPath: "/open5gs/tls/" 52 | name: mme-tls 53 | volumes: 54 | - name: open5gs-mme-config 55 | configMap: 56 | name: open5gs-mme-config 57 | - name: open5gs-mme-diameter 58 | configMap: 59 | name: open5gs-mme-diameter 60 | - name: diameter-ca 61 | secret: 62 | secretName: {{ .Values.diameter.caSecretName }} 63 | - name: mme-tls 64 | secret: 65 | secretName: {{ .Values.mme.tlsSecretName }} 66 | -------------------------------------------------------------------------------- /x86-Architecture/templates/mme-free-diameter-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-mme-diameter 5 | namespace: open5gs 6 | labels: 7 | epc-mode: mme 8 | data: 9 | diameter-mme.conf: | 10 | # This is a sample configuration file for freeDiameter daemon. 11 | 12 | # Most of the options can be omitted, as they default to reasonable values. 13 | # Only TLS-related options must be configured properly in usual setups. 14 | 15 | # It is possible to use "include" keyword to import additional files 16 | # e.g.: include "/etc/freeDiameter.d/*.conf" 17 | # This is exactly equivalent as copy & paste the content of the included file(s) 18 | # where the "include" keyword is found. 19 | 20 | 21 | ############################################################## 22 | ## Peer identity and realm 23 | 24 | # The Diameter Identity of this daemon. 25 | # This must be a valid FQDN that resolves to the local host. 26 | # Default: hostname's FQDN 27 | #Identity = "aaa.koganei.freediameter.net"; 28 | Identity = "mme.localdomain"; 29 | 30 | # The Diameter Realm of this daemon. 31 | # Default: the domain part of Identity (after the first dot). 32 | #Realm = "koganei.freediameter.net"; 33 | Realm = "localdomain"; 34 | 35 | ############################################################## 36 | ## Transport protocol configuration 37 | 38 | # The port this peer is listening on for incoming connections (TCP and SCTP). 39 | # Default: 3868. Use 0 to disable. 40 | #Port = 3868; 41 | 42 | # The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). 43 | # See TLS_old_method for more information about TLS flavours. 44 | # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. 45 | # Default: 5868. Use 0 to disable. 46 | #SecPort = 5868; 47 | 48 | # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 49 | # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 50 | # CER/CEA exchange on a dedicated secure port. 51 | # This parameter only affects outgoing connections. 52 | # The setting can be also defined per-peer (see Peers configuration section). 53 | # Default: use RFC6733 method with separate port for TLS. 54 | #TLS_old_method; 55 | 56 | # Disable use of TCP protocol (only listen and connect over SCTP) 57 | # Default : TCP enabled 58 | #No_TCP; 59 | 60 | # Disable use of SCTP protocol (only listen and connect over TCP) 61 | # Default : SCTP enabled 62 | #No_SCTP; 63 | # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. 64 | 65 | # Prefer TCP instead of SCTP for establishing new connections. 66 | # This setting may be overwritten per peer in peer configuration blocs. 67 | # Default : SCTP is attempted first. 68 | #Prefer_TCP; 69 | 70 | # Default number of streams per SCTP associations. 71 | # This setting may be overwritten per peer basis. 72 | # Default : 30 streams 73 | #SCTP_streams = 30; 74 | 75 | ############################################################## 76 | ## Endpoint configuration 77 | 78 | # Disable use of IP addresses (only IPv6) 79 | # Default : IP enabled 80 | #No_IP; 81 | 82 | # Disable use of IPv6 addresses (only IP) 83 | # Default : IPv6 enabled 84 | #No_IPv6; 85 | 86 | # Specify local addresses the server must bind to 87 | # Default : listen on all addresses available. 88 | #ListenOn = "202.249.37.5"; 89 | #ListenOn = "2001:200:903:2::202:1"; 90 | #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; 91 | #ListenOn = "127.0.0.2"; 92 | 93 | 94 | ############################################################## 95 | ## Server configuration 96 | 97 | # How many Diameter peers are allowed to be connecting at the same time ? 98 | # This parameter limits the number of incoming connections from the time 99 | # the connection is accepted until the first CER is received. 100 | # Default: 5 unidentified clients in paralel. 101 | #ThreadsPerServer = 5; 102 | 103 | ############################################################## 104 | ## TLS Configuration 105 | 106 | # TLS is managed by the GNUTLS library in the freeDiameter daemon. 107 | # You may find more information about parameters and special behaviors 108 | # in the relevant documentation. 109 | # http://www.gnu.org/software/gnutls/manual/ 110 | 111 | # Credentials of the local peer 112 | # The X509 certificate and private key file to use for the local peer. 113 | # The files must contain PKCS-1 encoded RSA key, in PEM format. 114 | # (These parameters are passed to gnutls_certificate_set_x509_key_file function) 115 | # Default : NO DEFAULT 116 | #TLS_Cred = "" , ""; 117 | #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; 118 | TLS_Cred = "/open5gs/tls/tls.crt", "/open5gs/tls/tls.key"; 119 | 120 | # Certificate authority / trust anchors 121 | # The file containing the list of trusted Certificate Authorities (PEM list) 122 | # (This parameter is passed to gnutls_certificate_set_x509_trust_file function) 123 | # The directive can appear several times to specify several files. 124 | # Default : GNUTLS default behavior 125 | #TLS_CA = ""; 126 | TLS_CA = "/open5gs/diameter-ca/cacert.pem"; 127 | 128 | # Certificate Revocation List file 129 | # The information about revoked certificates. 130 | # The file contains a list of trusted CRLs in PEM format. They should have been verified before. 131 | # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) 132 | # Note: openssl CRL format might have interoperability issue with GNUTLS format. 133 | # Default : GNUTLS default behavior 134 | #TLS_CRL = ""; 135 | 136 | # GNU TLS Priority string 137 | # This string allows to configure the behavior of GNUTLS key exchanges 138 | # algorithms. See gnutls_priority_init function documentation for information. 139 | # You should also refer to the Diameter required TLS support here: 140 | # http://tools.ietf.org/html/rfc6733#section-13.1 141 | # Default : "NORMAL" 142 | # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; 143 | #TLS_Prio = "NORMAL"; 144 | 145 | # Diffie-Hellman parameters size 146 | # Set the number of bits for generated DH parameters 147 | # Valid value should be 768, 1024, 2048, 3072 or 4096. 148 | # (This parameter is passed to gnutls_dh_params_generate2 function, 149 | # it usually should match RSA key size) 150 | # Default : 1024 151 | #TLS_DH_Bits = 1024; 152 | 153 | # Alternatively, you can specify a file to load the PKCS#3 encoded 154 | # DH parameters directly from. This accelerates the daemon start 155 | # but is slightly less secure. If this file is provided, the 156 | # TLS_DH_Bits parameters has no effect. 157 | # Default : no default. 158 | #TLS_DH_File = ""; 159 | 160 | 161 | ############################################################## 162 | ## Timers configuration 163 | 164 | # The Tc timer of this peer. 165 | # It is the delay before a new attempt is made to reconnect a disconnected peer. 166 | # The value is expressed in seconds. The recommended value is 30 seconds. 167 | # Default: 30 168 | #TcTimer = 30; 169 | 170 | # The Tw timer of this peer. 171 | # It is the delay before a watchdog message is sent, as described in RFC 3539. 172 | # The value is expressed in seconds. The default value is 30 seconds. Value must 173 | # be greater or equal to 6 seconds. See details in the RFC. 174 | # Default: 30 175 | #TwTimer = 30; 176 | 177 | ############################################################## 178 | ## Applications configuration 179 | 180 | # Disable the relaying of Diameter messages? 181 | # For messages not handled locally, the default behavior is to forward the 182 | # message to another peer if any is available, according to the routing 183 | # algorithms. In addition the "0xffffff" application is advertised in CER/CEA 184 | # exchanges. 185 | # Default: Relaying is enabled. 186 | #NoRelay; 187 | 188 | # Number of server threads that can handle incoming messages at the same time. 189 | # Default: 4 190 | #AppServThreads = 4; 191 | 192 | # Other applications are configured by loaded extensions. 193 | 194 | ############################################################## 195 | ## Extensions configuration 196 | 197 | # The freeDiameter framework merely provides support for 198 | # Diameter Base Protocol. The specific application behaviors, 199 | # as well as advanced functions, are provided 200 | # by loadable extensions (plug-ins). 201 | # These extensions may in addition receive the name of a 202 | # configuration file, the format of which is extension-specific. 203 | # 204 | # Format: 205 | #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; 206 | # 207 | # Examples: 208 | #LoadExtension = "extensions/sample.fdx"; 209 | #LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; 210 | 211 | # Extensions are named as follow: 212 | # dict_* for extensions that add content to the dictionary definitions. 213 | # dbg_* for extensions useful only to retrieve more information on the framework execution. 214 | # acl_* : Access control list, to control which peers are allowed to connect. 215 | # rt_* : routing extensions that impact how messages are forwarded to other peers. 216 | # app_* : applications, these extensions usually register callbacks to handle specific messages. 217 | # test_* : dummy extensions that are useful only in testing environments. 218 | 219 | 220 | # The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some 221 | # information about some events. This extension does not actually use a configuration file 222 | # but receives directly a parameter in the string passed to the extension. Here are some examples: 223 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. 224 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. 225 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. 226 | # The four digits respectively control: connections, routing decisions, sent/received messages, errors. 227 | # The values for each digit are: 228 | # 0 - default - keep the default behavior 229 | # 1 - quiet - remove any specific log 230 | # 2 - compact - display only a summary of the information 231 | # 4 - full - display the complete information on a single long line 232 | # 8 - tree - display the complete information in an easier to read format spanning several lines. 233 | 234 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx" : "0x8888"; 235 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_rfc5777.fdx"; 236 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_mip6i.fdx"; 237 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_nasreq.fdx"; 238 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx"; 239 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca.fdx"; 240 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx"; 241 | 242 | 243 | ############################################################## 244 | ## Peers configuration 245 | 246 | # The local server listens for incoming connections. By default, 247 | # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). 248 | # 249 | # In addition to incoming connections, the local peer can 250 | # be configured to establish and maintain connections to some 251 | # Diameter nodes and allow connections from these nodes. 252 | # This is achieved with the ConnectPeer directive described below. 253 | # 254 | # Note that the configured Diameter Identity MUST match 255 | # the information received inside CEA, or the connection will be aborted. 256 | # 257 | # Format: 258 | #ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; 259 | # Parameters that can be specified in the peer's parameter list: 260 | # No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; 261 | # No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). 262 | # Port = 5868; # The port to connect to 263 | # TcTimer = 30; 264 | # TwTimer = 30; 265 | # ConnectTo = "202.249.37.5"; 266 | # ConnectTo = "2001:200:903:2::202:1"; 267 | # TLS_Prio = "NORMAL"; 268 | # Realm = "realm.net"; # Reject the peer if it does not advertise this realm. 269 | # Examples: 270 | #ConnectPeer = "aaa.wide.ad.jp"; 271 | #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; 272 | ConnectPeer = "hss.localdomain" { ConnectTo = "s6a.hss.open5gs.service"; No_TLS; }; 273 | 274 | 275 | ############################################################## -------------------------------------------------------------------------------- /x86-Architecture/templates/nrf-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-nrf-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: nrf 8 | data: 9 | nrf.yaml: | 10 | logger: 11 | file: /var/log/open5gs/nrf.log 12 | 13 | nrf: 14 | sbi: 15 | - dev: eth0 16 | port: 7777 17 | -------------------------------------------------------------------------------- /x86-Architecture/templates/nrf-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: open5gs-nrf-svc-pool 5 | namespace: open5gs 6 | labels: 7 | epc-mode: nrf 8 | spec: 9 | selector: 10 | epc-mode: nrf 11 | ports: 12 | - protocol: TCP 13 | port: 7777 14 | --- 15 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 16 | kind: Deployment 17 | metadata: 18 | name: open5gs-nrf-deployment 19 | namespace: open5gs 20 | labels: 21 | epc-mode: nrf 22 | spec: 23 | replicas: 1 24 | selector: 25 | matchLabels: 26 | epc-mode: nrf 27 | template: 28 | metadata: 29 | labels: 30 | epc-mode: nrf 31 | spec: 32 | nodeSelector: 33 | nodegroup: control-plane 34 | containers: 35 | - name: nrf 36 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 37 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 38 | command: ["open5gs-nrfd", "-c", "/open5gs/config-map/nrf.yaml"] 39 | volumeMounts: 40 | - name: open5gs-nrf-config 41 | mountPath: /open5gs/config-map/nrf.yaml 42 | subPath: "nrf.yaml" 43 | volumes: 44 | - name: open5gs-nrf-config 45 | configMap: 46 | name: open5gs-nrf-config 47 | 48 | -------------------------------------------------------------------------------- /x86-Architecture/templates/pcrf-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-pcrf-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: pcrf 8 | data: 9 | pcrf.yaml: | 10 | db_uri: {{ .Values.mongo.uri }} 11 | 12 | logger: 13 | file: /var/log/open5gs/pcrf.log 14 | 15 | pcrf: 16 | freeDiameter: /open5gs/config-map/diameter-pcrf.conf 17 | -------------------------------------------------------------------------------- /x86-Architecture/templates/pcrf-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-pcrf-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: pcrf 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: pcrf 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "gx.pcrf.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } 20 | ]' 21 | labels: 22 | epc-mode: pcrf 23 | spec: 24 | nodeSelector: 25 | nodegroup: control-plane 26 | initContainers: 27 | - name: init-pcrf 28 | image: busybox:1.28 29 | command: ['sh', '-c', "until nslookup s5.smf.open5gs.service >> /dev/null; do echo waiting for smf DNS record to be ready; done"] 30 | containers: 31 | - name: pcrf 32 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 33 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 34 | command: ["/bin/sh", "-c"] 35 | args: 36 | - sleep 10; 37 | open5gs-pcrfd -c /open5gs/config-map/pcrf.yaml 38 | volumeMounts: 39 | - name: open5gs-pcrf-config 40 | mountPath: /open5gs/config-map/pcrf.yaml 41 | subPath: "pcrf.yaml" 42 | - name: open5gs-pcrf-diameter 43 | mountPath: /open5gs/config-map/diameter-pcrf.conf 44 | subPath: "diameter-pcrf.conf" 45 | - mountPath: "/root/" 46 | name: mongo-ca-cert 47 | readOnly: true 48 | - mountPath: "/open5gs/diameter-ca/" 49 | name: diameter-ca 50 | - mountPath: "/open5gs/tls/" 51 | name: pcrf-tls 52 | volumes: 53 | - name: open5gs-pcrf-config 54 | configMap: 55 | name: open5gs-pcrf-config 56 | - name: open5gs-pcrf-diameter 57 | configMap: 58 | name: open5gs-pcrf-diameter 59 | - name: mongo-ca-cert 60 | secret: 61 | secretName: {{ .Values.mongo.caSecretName }} 62 | - name: diameter-ca 63 | secret: 64 | secretName: {{ .Values.diameter.caSecretName }} 65 | - name: pcrf-tls 66 | secret: 67 | secretName: {{ .Values.pcrf.tlsSecretName }} 68 | -------------------------------------------------------------------------------- /x86-Architecture/templates/pcrf-free-diameter-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-pcrf-diameter 5 | namespace: open5gs 6 | labels: 7 | epc-mode: pcrf 8 | data: 9 | diameter-pcrf.conf: | 10 | # This is a sample configuration file for freeDiameter daemon. 11 | 12 | # Most of the options can be omitted, as they default to reasonable values. 13 | # Only TLS-related options must be configured properly in usual setups. 14 | 15 | # It is possible to use "include" keyword to import additional files 16 | # e.g.: include "/etc/freeDiameter.d/*.conf" 17 | # This is exactly equivalent as copy & paste the content of the included file(s) 18 | # where the "include" keyword is found. 19 | 20 | 21 | ############################################################## 22 | ## Peer identity and realm 23 | 24 | # The Diameter Identity of this daemon. 25 | # This must be a valid FQDN that resolves to the local host. 26 | # Default: hostname's FQDN 27 | #Identity = "aaa.koganei.freediameter.net"; 28 | Identity = "pcrf.localdomain"; 29 | 30 | # The Diameter Realm of this daemon. 31 | # Default: the domain part of Identity (after the first dot). 32 | #Realm = "koganei.freediameter.net"; 33 | Realm = "localdomain"; 34 | 35 | ############################################################## 36 | ## Transport protocol configuration 37 | 38 | # The port this peer is listening on for incoming connections (TCP and SCTP). 39 | # Default: 3868. Use 0 to disable. 40 | #Port = 3868; 41 | 42 | # The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). 43 | # See TLS_old_method for more information about TLS flavours. 44 | # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. 45 | # Default: 5868. Use 0 to disable. 46 | #SecPort = 5868; 47 | 48 | # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 49 | # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 50 | # CER/CEA exchange on a dedicated secure port. 51 | # This parameter only affects outgoing connections. 52 | # The setting can be also defined per-peer (see Peers configuration section). 53 | # Default: use RFC6733 method with separate port for TLS. 54 | #TLS_old_method; 55 | 56 | # Disable use of TCP protocol (only listen and connect over SCTP) 57 | # Default : TCP enabled 58 | #No_TCP; 59 | 60 | # Disable use of SCTP protocol (only listen and connect over TCP) 61 | # Default : SCTP enabled 62 | #No_SCTP; 63 | # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. 64 | 65 | # Prefer TCP instead of SCTP for establishing new connections. 66 | # This setting may be overwritten per peer in peer configuration blocs. 67 | # Default : SCTP is attempted first. 68 | #Prefer_TCP; 69 | 70 | # Default number of streams per SCTP associations. 71 | # This setting may be overwritten per peer basis. 72 | # Default : 30 streams 73 | #SCTP_streams = 30; 74 | 75 | ############################################################## 76 | ## Endpoint configuration 77 | 78 | # Disable use of IP addresses (only IPv6) 79 | # Default : IP enabled 80 | #No_IP; 81 | 82 | # Disable use of IPv6 addresses (only IP) 83 | # Default : IPv6 enabled 84 | #No_IPv6; 85 | 86 | # Specify local addresses the server must bind to 87 | # Default : listen on all addresses available. 88 | #ListenOn = "202.249.37.5"; 89 | #ListenOn = "2001:200:903:2::202:1"; 90 | #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; 91 | #ListenOn = "127.0.0.9"; 92 | 93 | 94 | ############################################################## 95 | ## Server configuration 96 | 97 | # How many Diameter peers are allowed to be connecting at the same time ? 98 | # This parameter limits the number of incoming connections from the time 99 | # the connection is accepted until the first CER is received. 100 | # Default: 5 unidentified clients in paralel. 101 | #ThreadsPerServer = 5; 102 | 103 | ############################################################## 104 | ## TLS Configuration 105 | 106 | # TLS is managed by the GNUTLS library in the freeDiameter daemon. 107 | # You may find more information about parameters and special behaviors 108 | # in the relevant documentation. 109 | # http://www.gnu.org/software/gnutls/manual/ 110 | 111 | # Credentials of the local peer 112 | # The X509 certificate and private key file to use for the local peer. 113 | # The files must contain PKCS-1 encoded RSA key, in PEM format. 114 | # (These parameters are passed to gnutls_certificate_set_x509_key_file function) 115 | # Default : NO DEFAULT 116 | #TLS_Cred = "" , ""; 117 | #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; 118 | TLS_Cred = "/open5gs/tls/tls.crt", "/open5gs/tls/tls.key"; 119 | 120 | # Certificate authority / trust anchors 121 | # The file containing the list of trusted Certificate Authorities (PEM list) 122 | # (This parameter is passed to gnutls_certificate_set_x509_trust_file function) 123 | # The directive can appear several times to specify several files. 124 | # Default : GNUTLS default behavior 125 | #TLS_CA = ""; 126 | TLS_CA = "/open5gs/diameter-ca/cacert.pem"; 127 | 128 | # Certificate Revocation List file 129 | # The information about revoked certificates. 130 | # The file contains a list of trusted CRLs in PEM format. They should have been verified before. 131 | # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) 132 | # Note: openssl CRL format might have interoperability issue with GNUTLS format. 133 | # Default : GNUTLS default behavior 134 | #TLS_CRL = ""; 135 | 136 | # GNU TLS Priority string 137 | # This string allows to configure the behavior of GNUTLS key exchanges 138 | # algorithms. See gnutls_priority_init function documentation for information. 139 | # You should also refer to the Diameter required TLS support here: 140 | # http://tools.ietf.org/html/rfc6733#section-13.1 141 | # Default : "NORMAL" 142 | # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; 143 | #TLS_Prio = "NORMAL"; 144 | 145 | # Diffie-Hellman parameters size 146 | # Set the number of bits for generated DH parameters 147 | # Valid value should be 768, 1024, 2048, 3072 or 4096. 148 | # (This parameter is passed to gnutls_dh_params_generate2 function, 149 | # it usually should match RSA key size) 150 | # Default : 1024 151 | #TLS_DH_Bits = 1024; 152 | 153 | # Alternatively, you can specify a file to load the PKCS#3 encoded 154 | # DH parameters directly from. This accelerates the daemon start 155 | # but is slightly less secure. If this file is provided, the 156 | # TLS_DH_Bits parameters has no effect. 157 | # Default : no default. 158 | #TLS_DH_File = ""; 159 | 160 | 161 | ############################################################## 162 | ## Timers configuration 163 | 164 | # The Tc timer of this peer. 165 | # It is the delay before a new attempt is made to reconnect a disconnected peer. 166 | # The value is expressed in seconds. The recommended value is 30 seconds. 167 | # Default: 30 168 | #TcTimer = 30; 169 | 170 | # The Tw timer of this peer. 171 | # It is the delay before a watchdog message is sent, as described in RFC 3539. 172 | # The value is expressed in seconds. The default value is 30 seconds. Value must 173 | # be greater or equal to 6 seconds. See details in the RFC. 174 | # Default: 30 175 | #TwTimer = 30; 176 | 177 | ############################################################## 178 | ## Applications configuration 179 | 180 | # Disable the relaying of Diameter messages? 181 | # For messages not handled locally, the default behavior is to forward the 182 | # message to another peer if any is available, according to the routing 183 | # algorithms. In addition the "0xffffff" application is advertised in CER/CEA 184 | # exchanges. 185 | # Default: Relaying is enabled. 186 | #NoRelay; 187 | 188 | # Number of server threads that can handle incoming messages at the same time. 189 | # Default: 4 190 | #AppServThreads = 4; 191 | 192 | # Other applications are configured by loaded extensions. 193 | 194 | ############################################################## 195 | ## Extensions configuration 196 | 197 | # The freeDiameter framework merely provides support for 198 | # Diameter Base Protocol. The specific application behaviors, 199 | # as well as advanced functions, are provided 200 | # by loadable extensions (plug-ins). 201 | # These extensions may in addition receive the name of a 202 | # configuration file, the format of which is extension-specific. 203 | # 204 | # Format: 205 | #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; 206 | # 207 | # Examples: 208 | #LoadExtension = "extensions/sample.fdx"; 209 | #LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; 210 | 211 | # Extensions are named as follow: 212 | # dict_* for extensions that add content to the dictionary definitions. 213 | # dbg_* for extensions useful only to retrieve more information on the framework execution. 214 | # acl_* : Access control list, to control which peers are allowed to connect. 215 | # rt_* : routing extensions that impact how messages are forwarded to other peers. 216 | # app_* : applications, these extensions usually register callbacks to handle specific messages. 217 | # test_* : dummy extensions that are useful only in testing environments. 218 | 219 | 220 | # The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some 221 | # information about some events. This extension does not actually use a configuration file 222 | # but receives directly a parameter in the string passed to the extension. Here are some examples: 223 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. 224 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. 225 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. 226 | # The four digits respectively control: connections, routing decisions, sent/received messages, errors. 227 | # The values for each digit are: 228 | # 0 - default - keep the default behavior 229 | # 1 - quiet - remove any specific log 230 | # 2 - compact - display only a summary of the information 231 | # 4 - full - display the complete information on a single long line 232 | # 8 - tree - display the complete information in an easier to read format spanning several lines. 233 | 234 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx" : "0x8888"; 235 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_rfc5777.fdx"; 236 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_mip6i.fdx"; 237 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_nasreq.fdx"; 238 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx"; 239 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca.fdx"; 240 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx"; 241 | 242 | 243 | ############################################################## 244 | ## Peers configuration 245 | 246 | # The local server listens for incoming connections. By default, 247 | # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). 248 | # 249 | # In addition to incoming connections, the local peer can 250 | # be configured to establish and maintain connections to some 251 | # Diameter nodes and allow connections from these nodes. 252 | # This is achieved with the ConnectPeer directive described below. 253 | # 254 | # Note that the configured Diameter Identity MUST match 255 | # the information received inside CEA, or the connection will be aborted. 256 | # 257 | # Format: 258 | #ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; 259 | # Parameters that can be specified in the peer's parameter list: 260 | # No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; 261 | # No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). 262 | # Port = 5868; # The port to connect to 263 | # TcTimer = 30; 264 | # TwTimer = 30; 265 | # ConnectTo = "202.249.37.5"; 266 | # ConnectTo = "2001:200:903:2::202:1"; 267 | # TLS_Prio = "NORMAL"; 268 | # Realm = "realm.net"; # Reject the peer if it does not advertise this realm. 269 | # Examples: 270 | #ConnectPeer = "aaa.wide.ad.jp"; 271 | #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; 272 | ConnectPeer = "smf.localdomain" { ConnectTo = "s5.smf.open5gs.service"; No_TLS; No_SCTP; }; 273 | 274 | ############################################################## 275 | -------------------------------------------------------------------------------- /x86-Architecture/templates/sgw-c-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-sgwc-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: sgwc 8 | data: 9 | sgwc.yaml: | 10 | logger: 11 | file: /var/log/open5gs/sgwc.log 12 | 13 | parameter: 14 | no_ipv6: true 15 | 16 | sgwc: 17 | gtpc: 18 | dev: net1 19 | pfcp: 20 | dev: net1 21 | 22 | sgwu: 23 | pfcp: 24 | - name: sx.sgwu.open5gs.service 25 | apn: {{ .Values.apn }} 26 | -------------------------------------------------------------------------------- /x86-Architecture/templates/sgw-c-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-sgwc-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: sgwc 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: sgwc 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "s11.sgwc.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } 20 | ]' 21 | labels: 22 | epc-mode: sgwc 23 | spec: 24 | nodeSelector: 25 | nodegroup: control-plane 26 | initContainers: 27 | - name: init-sgwc 28 | image: busybox:1.28 29 | command: ['sh', '-c', "until nslookup sx.sgwu.open5gs.service >> /dev/null; do echo waiting for sgwu DNS record to be ready; done"] 30 | containers: 31 | - name: sgwc 32 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 33 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 34 | command: ["/bin/sh", "-c"] 35 | args: 36 | - sleep 10; 37 | open5gs-sgwcd -c /open5gs/config-map/sgwc.yaml; 38 | volumeMounts: 39 | - name: open5gs-sgwc-config 40 | mountPath: /open5gs/config-map/sgwc.yaml 41 | subPath: "sgwc.yaml" 42 | volumes: 43 | - name: open5gs-sgwc-config 44 | configMap: 45 | name: open5gs-sgwc-config 46 | -------------------------------------------------------------------------------- /x86-Architecture/templates/sgw-u-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-sgwu-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: sgwu 8 | data: 9 | sgwu.yaml: | 10 | logger: 11 | file: /var/log/open5gs/sgwu.log 12 | 13 | parameter: 14 | no_ipv6: true 15 | 16 | sgwu: 17 | gtpu: 18 | dev: net2 19 | pfcp: 20 | dev: net1 21 | 22 | #sgwc: 23 | # pfcp: 24 | # - name: sgwcPFCP-open5gs.service.open5gs 25 | -------------------------------------------------------------------------------- /x86-Architecture/templates/sgw-u-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-sgwu-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: sgwu 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: sgwu 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "sx.sgwu.open5gs.service", "multus-int": "ipvlan-multus-sub-1-up" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-2", "interface": "net2" }, 20 | { "name": "ipvlan-multus-sub-1-up", "interface": "net1" } 21 | ]' 22 | labels: 23 | epc-mode: sgwu 24 | spec: 25 | nodeSelector: 26 | nodegroup: user-plane 27 | containers: 28 | - name: sgwu 29 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 30 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 31 | command: ["/bin/sh", "-c"] 32 | args: 33 | - open5gs-sgwud -c /open5gs/config-map/sgwu.yaml; 34 | volumeMounts: 35 | - name: open5gs-sgwu-config 36 | mountPath: /open5gs/config-map/sgwu.yaml 37 | subPath: "sgwu.yaml" 38 | volumes: 39 | - name: open5gs-sgwu-config 40 | configMap: 41 | name: open5gs-sgwu-config 42 | -------------------------------------------------------------------------------- /x86-Architecture/templates/smf-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-smf-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: smf 8 | data: 9 | smf.yaml: | 10 | logger: 11 | file: /var/log/open5gs/smf.log 12 | 13 | parameter: 14 | no_ipv6: true 15 | 16 | smf: 17 | sbi: 18 | dev: eth0 19 | gtpc: 20 | dev: net1 21 | gtpu: 22 | dev: net1 23 | pfcp: 24 | dev: net1 25 | subnet: 26 | - addr: 10.45.0.1/16 27 | apn: {{ .Values.apn }} 28 | dns: 29 | - 8.8.8.8 30 | - 8.8.4.4 31 | mtu: 1400 32 | freeDiameter: /open5gs/config-map/diameter-smf.conf 33 | 34 | nrf: 35 | sbi: 36 | - name: 37 | - open5gs-nrf-svc-pool 38 | port: 7777 39 | 40 | upf: 41 | pfcp: 42 | - name: sx.upf.open5gs.service 43 | apn: {{ .Values.apn }} -------------------------------------------------------------------------------- /x86-Architecture/templates/smf-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-smf-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: smf 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: smf 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "s5.smf.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } 20 | ]' 21 | labels: 22 | epc-mode: smf 23 | spec: 24 | nodeSelector: 25 | nodegroup: control-plane 26 | initContainers: 27 | - name: init-smf 28 | image: busybox:1.28 29 | command: ['sh', '-c'] 30 | args: 31 | - until nslookup gx.pcrf.open5gs.service >> /dev/null; do echo waiting for pcrf DNS record to be ready;done; 32 | until nslookup sx.upf.open5gs.service >> /dev/null; do echo waiting for upf DNS record to be ready; done 33 | containers: 34 | - name: smf 35 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 36 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 37 | command: ["/bin/sh", "-c"] 38 | args: 39 | - sleep 10; 40 | open5gs-smfd -c /open5gs/config-map/smf.yaml; 41 | volumeMounts: 42 | - name: open5gs-smf-config 43 | mountPath: /open5gs/config-map/smf.yaml 44 | subPath: "smf.yaml" 45 | - name: open5gs-smf-diameter 46 | mountPath: /open5gs/config-map/diameter-smf.conf 47 | subPath: "diameter-smf.conf" 48 | - mountPath: "/open5gs/diameter-ca/" 49 | name: diameter-ca 50 | - mountPath: "/open5gs/tls/" 51 | name: smf-tls 52 | volumes: 53 | - name: open5gs-smf-config 54 | configMap: 55 | name: open5gs-smf-config 56 | - name: open5gs-smf-diameter 57 | configMap: 58 | name: open5gs-smf-diameter 59 | - name: diameter-ca 60 | secret: 61 | secretName: {{ .Values.diameter.caSecretName }} 62 | - name: smf-tls 63 | secret: 64 | secretName: {{ .Values.smf.tlsSecretName }} 65 | -------------------------------------------------------------------------------- /x86-Architecture/templates/smf-free-diameter-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-smf-diameter 5 | namespace: open5gs 6 | labels: 7 | epc-mode: smf 8 | data: 9 | diameter-smf.conf: | 10 | # This is a sample configuration file for freeDiameter daemon. 11 | 12 | # Most of the options can be omitted, as they default to reasonable values. 13 | # Only TLS-related options must be configured properly in usual setups. 14 | 15 | # It is possible to use "include" keyword to import additional files 16 | # e.g.: include "/etc/freeDiameter.d/*.conf" 17 | # This is exactly equivalent as copy & paste the content of the included file(s) 18 | # where the "include" keyword is found. 19 | 20 | 21 | ############################################################## 22 | ## Peer identity and realm 23 | 24 | # The Diameter Identity of this daemon. 25 | # This must be a valid FQDN that resolves to the local host. 26 | # Default: hostname's FQDN 27 | #Identity = "aaa.koganei.freediameter.net"; 28 | Identity = "smf.localdomain"; 29 | 30 | # The Diameter Realm of this daemon. 31 | # Default: the domain part of Identity (after the first dot). 32 | #Realm = "koganei.freediameter.net"; 33 | Realm = "localdomain"; 34 | 35 | ############################################################## 36 | ## Transport protocol configuration 37 | 38 | # The port this peer is listening on for incoming connections (TCP and SCTP). 39 | # Default: 3868. Use 0 to disable. 40 | #Port = 3868; 41 | 42 | # The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). 43 | # See TLS_old_method for more information about TLS flavours. 44 | # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. 45 | # Default: 5868. Use 0 to disable. 46 | #SecPort = 5868; 47 | 48 | # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 49 | # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 50 | # CER/CEA exchange on a dedicated secure port. 51 | # This parameter only affects outgoing connections. 52 | # The setting can be also defined per-peer (see Peers configuration section). 53 | # Default: use RFC6733 method with separate port for TLS. 54 | #TLS_old_method; 55 | 56 | # Disable use of TCP protocol (only listen and connect over SCTP) 57 | # Default : TCP enabled 58 | #No_TCP; 59 | 60 | # Disable use of SCTP protocol (only listen and connect over TCP) 61 | # Default : SCTP enabled 62 | #No_SCTP; 63 | # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. 64 | 65 | # Prefer TCP instead of SCTP for establishing new connections. 66 | # This setting may be overwritten per peer in peer configuration blocs. 67 | # Default : SCTP is attempted first. 68 | #Prefer_TCP; 69 | 70 | # Default number of streams per SCTP associations. 71 | # This setting may be overwritten per peer basis. 72 | # Default : 30 streams 73 | #SCTP_streams = 30; 74 | 75 | ############################################################## 76 | ## Endpoint configuration 77 | 78 | # Disable use of IP addresses (only IPv6) 79 | # Default : IP enabled 80 | #No_IP; 81 | 82 | # Disable use of IPv6 addresses (only IP) 83 | # Default : IPv6 enabled 84 | #No_IPv6; 85 | 86 | # Specify local addresses the server must bind to 87 | # Default : listen on all addresses available. 88 | #ListenOn = "202.249.37.5"; 89 | #ListenOn = "2001:200:903:2::202:1"; 90 | #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; 91 | #ListenOn = "127.0.0.4"; 92 | 93 | 94 | ############################################################## 95 | ## Server configuration 96 | 97 | # How many Diameter peers are allowed to be connecting at the same time ? 98 | # This parameter limits the number of incoming connections from the time 99 | # the connection is accepted until the first CER is received. 100 | # Default: 5 unidentified clients in paralel. 101 | #ThreadsPerServer = 5; 102 | 103 | ############################################################## 104 | ## TLS Configuration 105 | 106 | # TLS is managed by the GNUTLS library in the freeDiameter daemon. 107 | # You may find more information about parameters and special behaviors 108 | # in the relevant documentation. 109 | # http://www.gnu.org/software/gnutls/manual/ 110 | 111 | # Credentials of the local peer 112 | # The X509 certificate and private key file to use for the local peer. 113 | # The files must contain PKCS-1 encoded RSA key, in PEM format. 114 | # (These parameters are passed to gnutls_certificate_set_x509_key_file function) 115 | # Default : NO DEFAULT 116 | #TLS_Cred = "" , ""; 117 | #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; 118 | TLS_Cred = "/open5gs/tls/tls.crt", "/open5gs/tls/tls.key"; 119 | 120 | # Certificate authority / trust anchors 121 | # The file containing the list of trusted Certificate Authorities (PEM list) 122 | # (This parameter is passed to gnutls_certificate_set_x509_trust_file function) 123 | # The directive can appear several times to specify several files. 124 | # Default : GNUTLS default behavior 125 | #TLS_CA = ""; 126 | TLS_CA = "/open5gs/diameter-ca/cacert.pem"; 127 | 128 | # Certificate Revocation List file 129 | # The information about revoked certificates. 130 | # The file contains a list of trusted CRLs in PEM format. They should have been verified before. 131 | # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) 132 | # Note: openssl CRL format might have interoperability issue with GNUTLS format. 133 | # Default : GNUTLS default behavior 134 | #TLS_CRL = ""; 135 | 136 | # GNU TLS Priority string 137 | # This string allows to configure the behavior of GNUTLS key exchanges 138 | # algorithms. See gnutls_priority_init function documentation for information. 139 | # You should also refer to the Diameter required TLS support here: 140 | # http://tools.ietf.org/html/rfc6733#section-13.1 141 | # Default : "NORMAL" 142 | # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; 143 | #TLS_Prio = "NORMAL"; 144 | 145 | # Diffie-Hellman parameters size 146 | # Set the number of bits for generated DH parameters 147 | # Valid value should be 768, 1024, 2048, 3072 or 4096. 148 | # (This parameter is passed to gnutls_dh_params_generate2 function, 149 | # it usually should match RSA key size) 150 | # Default : 1024 151 | #TLS_DH_Bits = 1024; 152 | 153 | # Alternatively, you can specify a file to load the PKCS#3 encoded 154 | # DH parameters directly from. This accelerates the daemon start 155 | # but is slightly less secure. If this file is provided, the 156 | # TLS_DH_Bits parameters has no effect. 157 | # Default : no default. 158 | #TLS_DH_File = ""; 159 | 160 | 161 | ############################################################## 162 | ## Timers configuration 163 | 164 | # The Tc timer of this peer. 165 | # It is the delay before a new attempt is made to reconnect a disconnected peer. 166 | # The value is expressed in seconds. The recommended value is 30 seconds. 167 | # Default: 30 168 | #TcTimer = 30; 169 | 170 | # The Tw timer of this peer. 171 | # It is the delay before a watchdog message is sent, as described in RFC 3539. 172 | # The value is expressed in seconds. The default value is 30 seconds. Value must 173 | # be greater or equal to 6 seconds. See details in the RFC. 174 | # Default: 30 175 | #TwTimer = 30; 176 | 177 | ############################################################## 178 | ## Applications configuration 179 | 180 | # Disable the relaying of Diameter messages? 181 | # For messages not handled locally, the default behavior is to forward the 182 | # message to another peer if any is available, according to the routing 183 | # algorithms. In addition the "0xffffff" application is advertised in CER/CEA 184 | # exchanges. 185 | # Default: Relaying is enabled. 186 | #NoRelay; 187 | 188 | # Number of server threads that can handle incoming messages at the same time. 189 | # Default: 4 190 | #AppServThreads = 4; 191 | 192 | # Other applications are configured by loaded extensions. 193 | 194 | ############################################################## 195 | ## Extensions configuration 196 | 197 | # The freeDiameter framework merely provides support for 198 | # Diameter Base Protocol. The specific application behaviors, 199 | # as well as advanced functions, are provided 200 | # by loadable extensions (plug-ins). 201 | # These extensions may in addition receive the name of a 202 | # configuration file, the format of which is extension-specific. 203 | # 204 | # Format: 205 | #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; 206 | # 207 | # Examples: 208 | #LoadExtension = "extensions/sample.fdx"; 209 | #LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; 210 | 211 | # Extensions are named as follow: 212 | # dict_* for extensions that add content to the dictionary definitions. 213 | # dbg_* for extensions useful only to retrieve more information on the framework execution. 214 | # acl_* : Access control list, to control which peers are allowed to connect. 215 | # rt_* : routing extensions that impact how messages are forwarded to other peers. 216 | # app_* : applications, these extensions usually register callbacks to handle specific messages. 217 | # test_* : dummy extensions that are useful only in testing environments. 218 | 219 | 220 | # The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some 221 | # information about some events. This extension does not actually use a configuration file 222 | # but receives directly a parameter in the string passed to the extension. Here are some examples: 223 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. 224 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. 225 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. 226 | # The four digits respectively control: connections, routing decisions, sent/received messages, errors. 227 | # The values for each digit are: 228 | # 0 - default - keep the default behavior 229 | # 1 - quiet - remove any specific log 230 | # 2 - compact - display only a summary of the information 231 | # 4 - full - display the complete information on a single long line 232 | # 8 - tree - display the complete information in an easier to read format spanning several lines. 233 | 234 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx" : "0x8888"; 235 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_rfc5777.fdx"; 236 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_mip6i.fdx"; 237 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_nasreq.fdx"; 238 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx"; 239 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca.fdx"; 240 | LoadExtension = "/usr/lib/x86_64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx"; 241 | 242 | 243 | ############################################################## 244 | ## Peers configuration 245 | 246 | # The local server listens for incoming connections. By default, 247 | # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). 248 | # 249 | # In addition to incoming connections, the local peer can 250 | # be configured to establish and maintain connections to some 251 | # Diameter nodes and allow connections from these nodes. 252 | # This is achieved with the ConnectPeer directive described below. 253 | # 254 | # Note that the configured Diameter Identity MUST match 255 | # the information received inside CEA, or the connection will be aborted. 256 | # 257 | # Format: 258 | #ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; 259 | # Parameters that can be specified in the peer's parameter list: 260 | # No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; 261 | # No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). 262 | # Port = 5868; # The port to connect to 263 | # TcTimer = 30; 264 | # TwTimer = 30; 265 | # ConnectTo = "202.249.37.5"; 266 | # ConnectTo = "2001:200:903:2::202:1"; 267 | # TLS_Prio = "NORMAL"; 268 | # Realm = "realm.net"; # Reject the peer if it does not advertise this realm. 269 | # Examples: 270 | #ConnectPeer = "aaa.wide.ad.jp"; 271 | #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; 272 | ConnectPeer = "pcrf.localdomain" { ConnectTo = "gx.pcrf.open5gs.service"; No_TLS; No_SCTP; }; 273 | 274 | ############################################################## 275 | -------------------------------------------------------------------------------- /x86-Architecture/templates/upf-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: open5gs-upf-config 5 | namespace: open5gs 6 | labels: 7 | epc-mode: upf 8 | data: 9 | upf.yaml: | 10 | logger: 11 | file: /var/log/open5gs/upf.log 12 | 13 | upf: 14 | pfcp: 15 | dev: net1 16 | gtpu: 17 | dev: net2 18 | subnet: 19 | - addr: 10.45.0.1/16 20 | apn: {{ .Values.apn }} 21 | #smf: 22 | # pfcp: 23 | # - name: smfPFCP-open5gs.service.open5gs 24 | -------------------------------------------------------------------------------- /x86-Architecture/templates/upf-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: open5gs-upf-deployment 5 | namespace: open5gs 6 | labels: 7 | epc-mode: upf 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | epc-mode: upf 13 | template: 14 | metadata: 15 | annotations: 16 | route53-service-name: '[ 17 | { "name": "sx.upf.open5gs.service", "multus-int": "ipvlan-multus-sub-1-up" } 18 | ]' 19 | k8s.v1.cni.cncf.io/networks: '[ { "name": "ipvlan-multus-sub-2", "interface": "net2" }, 20 | { "name": "ipvlan-multus-sub-1-up", "interface": "net1" } 21 | ]' 22 | labels: 23 | epc-mode: upf 24 | spec: 25 | nodeSelector: 26 | nodegroup: user-plane 27 | containers: 28 | - name: upf 29 | image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}" 30 | imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }} 31 | securityContext: 32 | privileged: true 33 | command: ["/bin/sh", "-c"] 34 | args: 35 | - ip tuntap add name ogstun mode tun; 36 | ip addr add 10.45.0.1/16 dev ogstun; 37 | sysctl -w net.ipv6.conf.all.disable_ipv6=1; 38 | ip link set ogstun up; 39 | sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"; 40 | iptables -t nat -A POSTROUTING -s 10.45.0.0/16 ! -o ogstun -j MASQUERADE; 41 | open5gs-upfd -c /open5gs/config-map/upf.yaml; 42 | volumeMounts: 43 | - name: open5gs-upf-config 44 | mountPath: /open5gs/config-map/upf.yaml 45 | subPath: "upf.yaml" 46 | - mountPath: /dev/net/tun 47 | name: dev-net-tun 48 | volumes: 49 | - name: open5gs-upf-config 50 | configMap: 51 | name: open5gs-upf-config 52 | - name: dev-net-tun 53 | hostPath: 54 | path: /dev/net/tun 55 | -------------------------------------------------------------------------------- /x86-Architecture/templates/web-ui-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: open5gs-webui 5 | namespace: open5gs 6 | labels: 7 | epc-mode: webui 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | - port: 80 12 | targetPort: 3000 13 | selector: 14 | epc-mode: webui 15 | --- 16 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 17 | kind: Deployment 18 | metadata: 19 | name: open5gs-webui 20 | namespace: open5gs 21 | labels: 22 | epc-mode: webui 23 | spec: 24 | replicas: 1 25 | selector: 26 | matchLabels: 27 | epc-mode: webui 28 | template: 29 | metadata: 30 | labels: 31 | epc-mode: webui 32 | spec: 33 | nodeSelector: 34 | nodegroup: control-plane 35 | containers: 36 | - name: webui 37 | imagePullPolicy: {{ .Values.webui.image.pullPolicy }} 38 | image: "{{ .Values.webui.image.repository }}:{{ .Values.webui.image.tag }}" 39 | volumeMounts: 40 | - mountPath: "/root/" 41 | name: mongo-ca-cert 42 | readOnly: true 43 | env: 44 | - name: DB_URI 45 | value: {{ .Values.mongo.uri }} 46 | - name: NODE_ENV 47 | value: "production" 48 | - name: HOSTNAME 49 | value: '0.0.0.0' 50 | volumes: 51 | - name: mongo-ca-cert 52 | secret: 53 | secretName: {{ .Values.mongo.caSecretName }} -------------------------------------------------------------------------------- /x86-Architecture/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for open5gs-epc-helm. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | open5gs: 6 | image: 7 | repository: 8 | pullPolicy: IfNotPresent 9 | tag: "" 10 | 11 | webui: 12 | image: 13 | repository: 14 | pullPolicy: IfNotPresent 15 | tag: "" 16 | 17 | #This uses the documentDB uri, you need to add open5gs DB to the uri 18 | mongo: 19 | uri: "mongodb://DOCUMENT_DB_USER:DOCUMENT_DB_PASSWD@DOCUMENT_DB_URL:27017/open5gs?ssl=true&tlsCAFile=/root/rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false" 20 | caSecretName: mongodb-ca 21 | 22 | apn: internet 23 | 24 | diameter: 25 | caSecretName: diameter-ca 26 | 27 | hss: 28 | tlsSecretName: hss-tls 29 | 30 | mme: 31 | tlsSecretName: mme-tls 32 | mcc: 208 33 | mnc: 93 34 | tac: 7 35 | networkName: Open5GS 36 | 37 | pcrf: 38 | tlsSecretName: pcrf-tls 39 | 40 | smf: 41 | tlsSecretName: smf-tls --------------------------------------------------------------------------------