From 839a854ae8bc3e8cf794a099f088ee3948b68d56 Mon Sep 17 00:00:00 2001 From: Marco Date: Mon, 30 Sep 2024 22:21:25 +0200 Subject: [PATCH 1/2] adding open5gs-sepp chart components --- charts/open5gs-sepp/Chart.yaml | 26 + charts/open5gs-sepp/README.md | 131 +++++ .../open5gs-sepp/resources/config/sepp.yaml | 255 ++++++++++ charts/open5gs-sepp/templates/_helpers.tpl | 24 + charts/open5gs-sepp/templates/configmap.yaml | 12 + charts/open5gs-sepp/templates/deployment.yaml | 214 ++++++++ charts/open5gs-sepp/templates/hpa.yaml | 10 + .../open5gs-sepp/templates/service-n32.yaml | 53 ++ .../open5gs-sepp/templates/service-sbi.yaml | 52 ++ .../templates/serviceaccount.yaml | 19 + charts/open5gs-sepp/values.schema.json | 455 ++++++++++++++++++ charts/open5gs-sepp/values.yaml | 414 ++++++++++++++++ 12 files changed, 1665 insertions(+) create mode 100644 charts/open5gs-sepp/Chart.yaml create mode 100644 charts/open5gs-sepp/README.md create mode 100644 charts/open5gs-sepp/resources/config/sepp.yaml create mode 100644 charts/open5gs-sepp/templates/_helpers.tpl create mode 100644 charts/open5gs-sepp/templates/configmap.yaml create mode 100644 charts/open5gs-sepp/templates/deployment.yaml create mode 100644 charts/open5gs-sepp/templates/hpa.yaml create mode 100644 charts/open5gs-sepp/templates/service-n32.yaml create mode 100644 charts/open5gs-sepp/templates/service-sbi.yaml create mode 100644 charts/open5gs-sepp/templates/serviceaccount.yaml create mode 100644 charts/open5gs-sepp/values.schema.json create mode 100644 charts/open5gs-sepp/values.yaml diff --git a/charts/open5gs-sepp/Chart.yaml b/charts/open5gs-sepp/Chart.yaml new file mode 100644 index 000000000..7e568e279 --- /dev/null +++ b/charts/open5gs-sepp/Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v2 +appVersion: "2.7.2" +description: > + Helm chart to deploy Open5gs sepp service on Kubernetes. +home: https://github.com/gradiant/5g-charts +sources: + - http://open5gs.org +icon: https://open5gs.org/assets/img/open5gs-logo.png +maintainers: +- email: cgiraldo@gradiant.org + name: cgiraldo +name: open5gs-sepp +version: 2.2.5 +annotations: + artifacthub.io/category: networking +keywords: + - network + - epc + - ngc + - gradiant +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x diff --git a/charts/open5gs-sepp/README.md b/charts/open5gs-sepp/README.md new file mode 100644 index 000000000..d0b428a74 --- /dev/null +++ b/charts/open5gs-sepp/README.md @@ -0,0 +1,131 @@ +# open5gs-sepp + +![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![AppVersion: 2.6.4](https://img.shields.io/badge/AppVersion-2.6.4-informational?style=flat-square) + +Helm chart to deploy Open5gs sepp service on Kubernetes. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| cgiraldo | | | + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | common | 1.x.x | +| https://charts.bitnami.com/bitnami | mongodb | ~12.1.19 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| args | list | `[]` | | +| command | list | `[]` | | +| commonAnnotations | object | `{}` | | +| commonLabels | object | `{}` | | +| config.logLevel | string | `"info"` | | +| config.nrf.enabled | bool | `true` | | +| config.nrf.sbi.hostname | string | `""` | | +| config.nrf.sbi.port | int | `7777` | | +| config.sbi.advertise | string | `""` | | +| config.sbi.client.no_tls | bool | `true` | | +| config.sbi.server.no_tls | bool | `true` | | +| containerPorts.sbi | int | `7777` | | +| containerSecurityContext.enabled | bool | `true` | | +| containerSecurityContext.runAsNonRoot | bool | `true` | | +| containerSecurityContext.runAsUser | int | `1001` | | +| customLivenessProbe | object | `{}` | | +| customOpen5gsConfig | object | `{}` | | +| customReadinessProbe | object | `{}` | | +| customStartupProbe | object | `{}` | | +| dbURI | string | `""` | | +| extraDeploy | list | `[]` | | +| extraEnvVars | list | `[]` | | +| extraEnvVarsCM | string | `""` | | +| extraEnvVarsSecret | string | `""` | | +| extraVolumeMounts | list | `[]` | | +| extraVolumes | list | `[]` | | +| fullnameOverride | string | `""` | | +| global.imagePullSecrets | list | `[]` | | +| global.imageRegistry | string | `""` | | +| global.storageClass | string | `""` | | +| hostAliases | list | `[]` | | +| image.debug | bool | `false` | | +| image.digest | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.pullSecrets | list | `[]` | | +| image.registry | string | `"docker.io"` | | +| image.repository | string | `"gradiant/open5gs"` | | +| image.tag | string | `"2.6.4"` | | +| initContainers | list | `[]` | | +| kubeVersion | string | `""` | | +| lifecycleHooks | object | `{}` | | +| livenessProbe.enabled | bool | `true` | | +| livenessProbe.failureThreshold | int | `5` | | +| livenessProbe.initialDelaySeconds | int | `600` | | +| livenessProbe.periodSeconds | int | `10` | | +| livenessProbe.successThreshold | int | `1` | | +| livenessProbe.timeoutSeconds | int | `5` | | +| mongodb.auth.enabled | bool | `false` | | +| mongodb.enabled | bool | `true` | set to 'false' to disable automatically deploying dependent charts | +| nameOverride | string | `""` | | +| namespaceOverride | string | `""` | | +| nodeAffinityPreset.key | string | `""` | | +| nodeAffinityPreset.type | string | `""` | | +| nodeAffinityPreset.values | list | `[]` | | +| nodeSelector | object | `{}` | | +| podAffinityPreset | string | `""` | | +| podAnnotations | object | `{}` | | +| podAntiAffinityPreset | string | `"soft"` | | +| podLabels | object | `{}` | | +| podSecurityContext.enabled | bool | `true` | | +| podSecurityContext.fsGroup | int | `1001` | | +| priorityClassName | string | `""` | | +| readinessProbe.enabled | bool | `true` | | +| readinessProbe.failureThreshold | int | `5` | | +| readinessProbe.initialDelaySeconds | int | `30` | | +| readinessProbe.periodSeconds | int | `5` | | +| readinessProbe.successThreshold | int | `1` | | +| readinessProbe.timeoutSeconds | int | `1` | | +| replicaCount | int | `1` | | +| resources.limits | object | `{}` | | +| resources.requests | object | `{}` | | +| schedulerName | string | `""` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automountServiceAccountToken | bool | `true` | | +| serviceAccount.create | bool | `false` | | +| serviceAccount.name | string | `""` | | +| services.sbi.annotations | object | `{}` | | +| services.sbi.clusterIP | string | `""` | | +| services.sbi.externalTrafficPolicy | string | `"Cluster"` | | +| services.sbi.extraPorts | list | `[]` | | +| services.sbi.loadBalancerIP | string | `""` | | +| services.sbi.loadBalancerSourceRanges | list | `[]` | | +| services.sbi.nodePorts.sbi | string | `""` | | +| services.sbi.ports.sbi | int | `7777` | | +| services.sbi.sessionAffinity | string | `"None"` | | +| services.sbi.sessionAffinityConfig | object | `{}` | | +| services.sbi.type | string | `"ClusterIP"` | | +| sessionAffinity | string | `"None"` | | +| sidecars | list | `[]` | | +| startupProbe.enabled | bool | `false` | | +| startupProbe.failureThreshold | int | `5` | | +| startupProbe.initialDelaySeconds | int | `600` | | +| startupProbe.periodSeconds | int | `10` | | +| startupProbe.successThreshold | int | `1` | | +| startupProbe.timeoutSeconds | int | `5` | | +| tolerations | list | `[]` | | +| topologySpreadConstraints | list | `[]` | | +| updateStrategy.type | string | `"RollingUpdate"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/open5gs-sepp/resources/config/sepp.yaml b/charts/open5gs-sepp/resources/config/sepp.yaml new file mode 100644 index 000000000..d3fa80cc6 --- /dev/null +++ b/charts/open5gs-sepp/resources/config/sepp.yaml @@ -0,0 +1,255 @@ +{{ $open5gsName := .Release.Name }} +logger: + level: {{ .Values.config.logLevel }} +# level: info # fatal|error|warn|info(default)|debug|trace + +global: +# max: +# ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +sepp: + default: + tls: + server: + private_key: /etc/tls/sepp.key + cert: /etc/tls/sepp.crt + client: + cacert: /etc/tls/ca.crt + sbi: + server: + - dev: eth0 + port: {{ .Values.containerPorts.sbi }} + client: + {{- if .Values.config.sbi.client.nrf.enabled }} + nrf: + - uri: {{ default (printf "http://%s-nrf-sbi:7777" $open5gsName) .Values.config.sbi.client.nrf.uri }} + {{- end }} + {{- if .Values.config.sbi.client.scp.enabled }} + scp: + - uri: {{ default (printf "http://%s-scp-sbi:7777" $open5gsName) .Values.config.sbi.client.scp.uri }} + {{- end }} + n32: + server: + - sender: sepp1.localdomain + scheme: https + dev: eth0 + port: {{ .Values.containerPorts.n32 }} + client: + sepp: + # - receiver: sepp2.localdomain + # uri: https://sepp2.localdomain:7777 + # resolve: 127.0.2.251 + # n32f: + # uri: https://sepp2.localdomain:7777 + # resolve: 127.0.2.252 + +################################################################################ +# SEPP Info +################################################################################ +# o SEPP port number(s) for HTTP and/or HTTPS +# - This attribute shall be present if the SEPP uses non-default HTTP and/or +# HTTPS ports. When present, it shall contain the HTTP and/or HTTPS ports. +# (Minimum: 0 Maximum: 65535) +# info: +# port: +# http: 7777 +# https: 8888 +# +################################################################################ +# No TLS - N32 Server/Client +################################################################################ +# o SEPP uses the same interface that other NFs(NRF, AMF, ...) use. +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: http://127.0.2.250:7777 +# +# o SEPP uses a separate interface +# that is different from those used by other NFs. +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# address: 127.0.1.251 +# port: 7777 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: http://127.0.2.251:7777 +# +# o Not only SEPP but also the N32 forwarding uses a separate interface +# that is different from those used by other NFs. +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# address: 127.0.1.251 +# port: 7777 +# n32f: +# address: 127.0.1.252 +# port: 7777 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: http://127.0.2.251:7777 +# n32f: +# uri: http://127.0.2.252:7777 +# +################################################################################ +# HTTPS scheme with TLS - N32 Server/Client +################################################################################ +# +# o Only N32 uses HTTPS with TLS, while other NFs use HTTP without TLS. +# default: +# tls: +# server: +# private_key: /etc/open5gs/tls/sepp1.key +# cert: /etc/open5gs/tls/sepp1.crt +# client: +# cacert: /etc/open5gs/tls/ca.crt +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# scheme: https +# address: 127.0.1.251 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: https://sepp2.localdomain +# resolve: 127.0.2.251 +# +# o Add client TLS verification to N32 interface +# default: +# tls: +# server: +# private_key: /etc/open5gs/tls/sepp1.key +# cert: /etc/open5gs/tls/sepp1.crt +# verify_client: true +# verify_client_cacert: /etc/open5gs/tls/ca.crt +# client: +# cacert: /etc/open5gs/tls/ca.crt +# client_private_key: /etc/open5gs/tls/sepp1.key +# client_cert: /etc/open5gs/tls/sepp1.crt +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# scheme: https +# address: 127.0.1.251 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: https://sepp2.localdomain +# resolve: 127.0.2.251 +# +# o Both SEPP and N32 forwarding also uses HTTPS with TLS, +# while other NFs use HTTP without TLS. +# default: +# tls: +# server: +# private_key: /etc/open5gs/tls/sepp1.key +# cert: /etc/open5gs/tls/sepp1.crt +# verify_client: true +# verify_client_cacert: /etc/open5gs/tls/ca.crt +# client: +# cacert: /etc/open5gs/tls/ca.crt +# client_private_key: /etc/open5gs/tls/sepp1.key +# client_cert: /etc/open5gs/tls/sepp1.crt +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# scheme: https +# address: 127.0.1.251 +# n32f: +# scheme: https +# address: 127.0.1.252 +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: https://sepp2.localdomain +# resolve: 127.0.2.251 +# n32f: +# uri: https://sepp2.localdomain +# resolve: 127.0.2.252 +# +# o N32 control and N32 forwarding interface use different key/certificate. +# sbi: +# server: +# - address: 127.0.1.250 +# port: 7777 +# client: +# scp: +# - uri: http://127.0.0.200:7777 +# n32: +# server: +# - sender: sepp1.localdomain +# scheme: https +# address: 127.0.1.251 +# private_key: /etc/open5gs/tls/sepp1.key +# cert: /etc/open5gs/tls/sepp1.crt +# verify_client: true +# verify_client_cacert: /etc/open5gs/tls/ca.crt +# n32f: +# scheme: https +# address: 127.0.1.252 +# private_key: /etc/open5gs/tls/sepp1-n32f.key +# cert: /etc/open5gs/tls/sepp1-n32f.crt +# verify_client: true +# verify_client_cacert: /etc/open5gs/tls/ca.crt +# client: +# sepp: +# - receiver: sepp2.localdomain +# uri: https://sepp2.localdomain +# resolve: 127.0.2.251 +# cacert: /etc/open5gs/tls/ca.crt +# client_private_key: /etc/open5gs/tls/sepp1.key +# client_cert: /etc/open5gs/tls/sepp1.crt +# n32f: +# uri: https://sepp2.localdomain +# resolve: 127.0.2.252 +# cacert: /etc/open5gs/tls/ca.crt +# client_private_key: /etc/open5gs/tls/sepp1-n32f.key +# client_cert: /etc/open5gs/tls/sepp1-n32f.crt diff --git a/charts/open5gs-sepp/templates/_helpers.tpl b/charts/open5gs-sepp/templates/_helpers.tpl new file mode 100644 index 000000000..4f033fec5 --- /dev/null +++ b/charts/open5gs-sepp/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{/* +Return the proper Open5gs sepp image name +*/}} +{{- define "open5gs.sepp.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "open5gs.sepp.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image ) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "open5gs.sepp.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/open5gs-sepp/templates/configmap.yaml b/charts/open5gs-sepp/templates/configmap.yaml new file mode 100644 index 000000000..8a6d2d99f --- /dev/null +++ b/charts/open5gs-sepp/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} +data: + sepp.yaml: | + {{- if .Values.customOpen5gsConfig }} + {{ toYaml .Values.customOpen5gsConfig | nindent 4 }} + {{- else }} +{{ tpl (.Files.Get "resources/config/sepp.yaml") . | indent 4 }} + {{- end }} diff --git a/charts/open5gs-sepp/templates/deployment.yaml b/charts/open5gs-sepp/templates/deployment.yaml new file mode 100644 index 000000000..42c9d6b93 --- /dev/null +++ b/charts/open5gs-sepp/templates/deployment.yaml @@ -0,0 +1,214 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + annotations: + config-hash: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "open5gs.sepp.imagePullSecrets" . | nindent 6 }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + serviceAccountName: {{ include "open5gs.sepp.serviceAccountName" . }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.hostAliases }} + # yamllint disable rule:indentation + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + # yamllint enable rule:indentation + {{- end }} + initContainers: + - name: tls-create + image: {{ template "open5gs.sepp.image" . }} + command: + - /bin/sh + - '-c' + - | + mkdir -p /etc/tls && \ + + # Create CA certificate and key + openssl req -new -x509 -days 3650 -newkey rsa:2048 -nodes \ + -keyout /etc/tls/ca.key \ + -out /etc/tls/ca.crt \ + -subj "/CN=ca.localdomain/C=KO/ST=Seoul/O=NeoPlane" && \ + + # Generate SEPP private key + openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out /etc/tls/sepp.key && \ + + # Generate SEPP CSR + openssl req -new -key /etc/tls/sepp.key -out /etc/tls/sepp.csr \ + -subj "/CN=sepp.localdomain/C=KO/ST=Seoul/O=NeoPlane" && \ + + # Sign the SEPP certificate with the CA + openssl x509 -req -in /etc/tls/sepp.csr -CA /etc/tls/ca.crt -CAkey /etc/tls/ca.key \ + -CAcreateserial -out /etc/tls/sepp.crt -days 3650 + + chmod +r /etc/tls/* + resources: {} + volumeMounts: + - name: tls-volume + mountPath: /etc/tls + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + securityContext: + privileged: true + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: {{ include "common.names.fullname" . }} + image: {{ template "open5gs.sepp.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- else }} + args: + - "open5gs-seppd" + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + - name: DB_URI + {{- if .Values.dbURI }} + value: {{ .Values.dbURI }} + {{- else }} + value: {{ printf "mongodb://%s/open5gs" (include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.mongodb "context" $)) }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + ports: + - name: sbi + containerPort: {{ .Values.containerPorts.sbi }} + - name: n32 + containerPort: {{ .Values.containerPorts.n32 }} + protocol: TCP + {{- if .Values.startupProbe.enabled }} + startupProbe: + # Using tcpSocket instead of httpGet because open5gs only support HTTP/2 + tcpSocket: + port: sbi + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + # Using tcpSocket instead of httpGet because open5gs only support HTTP/2 + tcpSocket: + port: sbi + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + # Using tcpSocket instead of httpGet because open5gs only support HTTP/2 + tcpSocket: + port: sbi + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: config + mountPath: /opt/open5gs/etc/open5gs/sepp.yaml + subPath: "sepp.yaml" + - name: tls-volume + mountPath: /etc/tls + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: tls-volume + emptyDir: {} + - name: config + configMap: + name: {{ include "common.names.fullname" . }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/open5gs-sepp/templates/hpa.yaml b/charts/open5gs-sepp/templates/hpa.yaml new file mode 100644 index 000000000..22b3b2083 --- /dev/null +++ b/charts/open5gs-sepp/templates/hpa.yaml @@ -0,0 +1,10 @@ +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "common.names.fullname" . }} +spec: + maxReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "common.names.fullname" . }} \ No newline at end of file diff --git a/charts/open5gs-sepp/templates/service-n32.yaml b/charts/open5gs-sepp/templates/service-n32.yaml new file mode 100644 index 000000000..91bc3bd4f --- /dev/null +++ b/charts/open5gs-sepp/templates/service-n32.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-n32 + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.services.n32.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.services.n32.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.services.n32.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.services.n32.type }} + {{- if .Values.services.n32.sessionAffinity }} + sessionAffinity: {{ .Values.services.n32.sessionAffinity }} + {{- end }} + {{- if .Values.services.n32.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.services.n32.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if and .Values.services.n32.clusterIP (eq .Values.services.n32.type "ClusterIP") }} + clusterIP: {{ .Values.services.n32.clusterIP }} + {{- end }} + {{- if (and (eq .Values.services.n32.type "LoadBalancer") (not (empty .Values.services.n32.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.services.n32.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.services.n32.type "LoadBalancer") .Values.services.n32.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.services.n32.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if or (eq .Values.services.n32.type "LoadBalancer") (eq .Values.services.n32.type "NodePort") }} + externalTrafficPolicy: {{ .Values.services.n32.externalTrafficPolicy | quote }} + {{- end }} + ports: + - name: n32 + port: {{ .Values.services.n32.ports.n32 }} + targetPort: n32 + protocol: TCP + {{- if and (or (eq .Values.services.n32.type "NodePort") (eq .Values.services.n32.type "LoadBalancer")) (not (empty .Values.services.n32.nodePorts.n32)) }} + nodePort: {{ .Values.services.n32.nodePorts.n32 }} + {{- else if eq .Values.services.n32.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.services.n32.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.services.n32.extraPorts "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/open5gs-sepp/templates/service-sbi.yaml b/charts/open5gs-sepp/templates/service-sbi.yaml new file mode 100644 index 000000000..45d804006 --- /dev/null +++ b/charts/open5gs-sepp/templates/service-sbi.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-sbi + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.services.sbi.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.services.sbi.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.services.sbi.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.services.sbi.type }} + {{- if .Values.services.sbi.sessionAffinity }} + sessionAffinity: {{ .Values.services.sbi.sessionAffinity }} + {{- end }} + {{- if .Values.services.sbi.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.services.sbi.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if and .Values.services.sbi.clusterIP (eq .Values.services.sbi.type "ClusterIP") }} + clusterIP: {{ .Values.services.sbi.clusterIP }} + {{- end }} + {{- if (and (eq .Values.services.sbi.type "LoadBalancer") (not (empty .Values.services.sbi.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.services.sbi.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.services.sbi.type "LoadBalancer") .Values.services.sbi.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.services.sbi.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if or (eq .Values.services.sbi.type "LoadBalancer") (eq .Values.services.sbi.type "NodePort") }} + externalTrafficPolicy: {{ .Values.services.sbi.externalTrafficPolicy | quote }} + {{- end }} + ports: + - name: sbi + port: {{ .Values.services.sbi.ports.sbi }} + targetPort: sbi + {{- if and (or (eq .Values.services.sbi.type "NodePort") (eq .Values.services.sbi.type "LoadBalancer")) (not (empty .Values.services.sbi.nodePorts.sbi)) }} + nodePort: {{ .Values.services.sbi.nodePorts.sbi }} + {{- else if eq .Values.services.sbi.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.services.sbi.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.services.sbi.extraPorts "context" $) | nindent 4 }} + {{- end }} + publishNotReadyAddresses: true + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/open5gs-sepp/templates/serviceaccount.yaml b/charts/open5gs-sepp/templates/serviceaccount.yaml new file mode 100644 index 000000000..ceb07d316 --- /dev/null +++ b/charts/open5gs-sepp/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "open5gs.sepp.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} \ No newline at end of file diff --git a/charts/open5gs-sepp/values.schema.json b/charts/open5gs-sepp/values.schema.json new file mode 100644 index 000000000..dabc2b634 --- /dev/null +++ b/charts/open5gs-sepp/values.schema.json @@ -0,0 +1,455 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "args": { + "type": "array" + }, + "command": { + "type": "array" + }, + "commonAnnotations": { + "type": "object" + }, + "commonLabels": { + "type": "object" + }, + "config": { + "type": "object", + "properties": { + "logLevel": { + "type": "string" + }, + "sbi": { + "type": "object", + "properties": { + "client": { + "type": "object", + "properties": { + "nrf": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "uri": { + "type": "string" + } + } + } + } + }, + "server": { + "type": "null" + } + } + } + } + }, + "containerPorts": { + "type": "object", + "properties": { + "sbi": { + "type": "integer" + }, + "n32": { + "type": "integer" + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + } + }, + "customLivenessProbe": { + "type": "object" + }, + "customOpen5gsConfig": { + "type": "object" + }, + "customReadinessProbe": { + "type": "object" + }, + "customStartupProbe": { + "type": "object" + }, + "dbURI": { + "type": "string" + }, + "extraDeploy": { + "type": "array" + }, + "extraEnvVars": { + "type": "array" + }, + "extraEnvVarsCM": { + "type": "string" + }, + "extraEnvVarsSecret": { + "type": "string" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "fullnameOverride": { + "type": "string" + }, + "global": { + "type": "object", + "properties": { + "imagePullSecrets": { + "type": "array" + }, + "imageRegistry": { + "type": "string" + }, + "storageClass": { + "type": "string" + } + } + }, + "hostAliases": { + "type": "array" + }, + "image": { + "type": "object", + "properties": { + "debug": { + "type": "boolean" + }, + "digest": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "pullSecrets": { + "type": "array" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "initContainers": { + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "lifecycleHooks": { + "type": "object" + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "mongodb": { + "type": "object", + "properties": { + "auth": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "enabled": { + "type": "boolean" + } + } + }, + "nameOverride": { + "type": "string" + }, + "namespaceOverride": { + "type": "string" + }, + "nodeAffinityPreset": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "type": { + "type": "string" + }, + "values": { + "type": "array" + } + } + }, + "nodeSelector": { + "type": "object" + }, + "podAffinityPreset": { + "type": "string" + }, + "podAnnotations": { + "type": "object" + }, + "podAntiAffinityPreset": { + "type": "string" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "fsGroup": { + "type": "integer" + } + } + }, + "priorityClassName": { + "type": "string" + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object" + }, + "requests": { + "type": "object" + } + } + }, + "schedulerName": { + "type": "string" + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "services": { + "type": "object", + "properties": { + "sbi": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "clusterIP": { + "type": "string" + }, + "externalTrafficPolicy": { + "type": "string" + }, + "extraPorts": { + "type": "array" + }, + "loadBalancerIP": { + "type": "string" + }, + "loadBalancerSourceRanges": { + "type": "array" + }, + "nodePorts": { + "type": "object", + "properties": { + "sbi": { + "type": "string" + } + } + }, + "ports": { + "type": "object", + "properties": { + "sbi": { + "type": "integer" + } + } + }, + "sessionAffinity": { + "type": "string" + }, + "sessionAffinityConfig": { + "type": "object" + }, + "type": { + "type": "string" + } + } + }, + "n32": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "clusterIP": { + "type": "string" + }, + "externalTrafficPolicy": { + "type": "string" + }, + "extraPorts": { + "type": "array" + }, + "loadBalancerIP": { + "type": "string" + }, + "loadBalancerSourceRanges": { + "type": "array" + }, + "nodePorts": { + "type": "object", + "properties": { + "n32": { + "type": "string" + } + } + }, + "ports": { + "type": "object", + "properties": { + "n32": { + "type": "integer" + } + } + }, + "sessionAffinity": { + "type": "string" + }, + "sessionAffinityConfig": { + "type": "object" + }, + "type": { + "type": "string" + } + } + } + } + }, + "sessionAffinity": { + "type": "string" + }, + "sidecars": { + "type": "array" + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } +} diff --git a/charts/open5gs-sepp/values.yaml b/charts/open5gs-sepp/values.yaml new file mode 100644 index 000000000..4b489c31e --- /dev/null +++ b/charts/open5gs-sepp/values.yaml @@ -0,0 +1,414 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override open5gs-sepp.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override open5gs-sepp.fullname template +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonAnnotations Common annotations to add to all open5gs-sepp resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} +## @param commonLabels Common labels to add to all open5gs-sepp resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} + +## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). +## +extraDeploy: [] + +## @section open5gs-sepp parameters + +## Bitnami open5gs image version +## ref: https://hub.docker.com/r/gradiant/open5gs/tags/ +## @param image.registry Open5gs image registry +## @param image.repository Open5gs Image name +## @param image.tag Open5gs Image tag +## @param image.digest Open5gs image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Open5gs image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled +## +image: + registry: docker.io + repository: gradiant/open5gs + tag: "2.7.2" + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false + +config: + logLevel: info + sbi: + server: + client: + nrf: + enabled: false + uri: "" # if empty default is autogenerated open5gs svc fullname + scp: + enabled: true + uri: "" # if empty default is autogenerated open5gs svc fullname +## @param customOpen5gsConfig overwrite open5gs configuration file +customOpen5gsConfig: {} + +## @param replicaCount Number of open5gs-sepp Pods to run (requires ReadWriteMany PVC support) +## +replicaCount: 1 +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## @param priorityClassName open5gs-sepp pods' priorityClassName +## +priorityClassName: "" +## @param schedulerName Name of the k8s scheduler (other than default) +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment +## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## The value is evaluated as a template +## +topologySpreadConstraints: [] +## @param hostAliases [array] Add deployment host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param extraEnvVars Extra environment variables +## For example: +## +extraEnvVars: [] +# - name: BEARER_AUTH +# value: true +## @param extraEnvVarsCM ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) +## +extraEnvVarsSecret: "" +## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` +## +extraVolumes: [] +## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. +## +extraVolumeMounts: [] +## @param initContainers Add additional init containers to the pod (evaluated as a template) +## +initContainers: [] +## @param sidecars Attach additional containers to the pod (evaluated as a template) +## +sidecars: [] +## @param tolerations Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +serviceAccount: + ## @param serviceAccount.create Specifies whether a service account should be created + ## + create: false + ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template + ## + name: "" + ## @param serviceAccount.annotations Add annotations + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account. + ## + automountServiceAccountToken: true +## @param containerPorts [object] Container ports +## +containerPorts: + sbi: 7777 + n32: 7443 +## @param sessionAffinity Control where client requests go, to the same pod or round-robin. Values: ClientIP or None +## ref: https://kubernetes.io/docs/user-guide/services/ +## +sessionAffinity: "None" + +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. +## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. +## +nodeAffinityPreset: + type: "" + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## open5gs-sepp container's resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## @param resources.requests [object] The requested resources for the init container +## @param resources.limits The resources limits for the init container +## +resources: + requests: {} + limits: {} +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable open5gs-sepp pods' Security Context +## @param podSecurityContext.fsGroup open5gs-sepp pods' group ID +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Configure Container Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enable open5gs-sepp containers' Security Context +## @param containerSecurityContext.runAsUser open5gs-sepp containers' Security Context +## @param containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## Configure extra options for startup probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 600 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 600 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 5 + successThreshold: 1 +## @param customStartupProbe Override default startup probe +## +customStartupProbe: {} +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template +## +lifecycleHooks: {} +## @param podAnnotations Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podLabels Add additional labels to the pod (evaluated as a template) +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} + +## @section Traffic Exposure Parameters + +## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer +## +services: + sbi: + ## @param service.type Kubernetes Service type + ## + type: ClusterIP + ## @param service.ports.sbi Service HTTP port + ## + ports: + sbi: 7777 + ## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) + ## e.g: + ## loadBalancerSourceRanges: + ## - 0.0.0.0/0 + ## + loadBalancerSourceRanges: [] + ## @param service.loadBalancerIP loadBalancerIP for the open5gs-sepp Service (optional, cloud specific) + ## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer + loadBalancerIP: "" + ## @param service.nodePorts [object] Kubernetes node port + ## nodePorts: + ## http: + ## + nodePorts: + sbi: "" + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service + ## + annotations: {} + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + n32: + ## @param service.type Kubernetes Service type + ## + type: ClusterIP + ## @param service.ports.n32 Service HTTP port + ## + ports: + n32: 7443 + ## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) + ## e.g: + ## loadBalancerSourceRanges: + ## - 0.0.0.0/0 + ## + loadBalancerSourceRanges: [] + ## @param service.loadBalancerIP loadBalancerIP for the open5gs-amf Service (optional, cloud specific) + ## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer + loadBalancerIP: "" + ## @param service.nodePorts [object] Kubernetes node port + ## nodePorts: + ## n32: + ## + nodePorts: + n32: "" + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Additional custom annotations for %%MAIN_CONTAINER_NAME%% service + ## + annotations: {} + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +dbURI: "" # if empty default is mongodb://{{ mongodb fullname}}/open5gs +mongodb: + # mongodb.enabled -- set to 'false' to disable automatically deploying dependent charts + enabled: false + auth: + enabled: false From 1de56035fa7230c7cc6bf1dc7f6e316c8ce1f278 Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 23 Oct 2024 16:35:32 +0200 Subject: [PATCH 2/2] add handling of SBI advertise in each NF yaml config --- charts/open5gs-amf/resources/config/amf.yaml | 3 +++ charts/open5gs-ausf/resources/config/ausf.yaml | 3 +++ charts/open5gs-bsf/resources/config/bsf.yaml | 3 +++ charts/open5gs-nrf/resources/config/nrf.yaml | 3 +++ charts/open5gs-nrf/values.yaml | 1 + charts/open5gs-nssf/resources/config/nssf.yaml | 3 +++ charts/open5gs-pcf/resources/config/pcf.yaml | 3 +++ charts/open5gs-scp/resources/config/scp.yaml | 3 +++ charts/open5gs-scp/values.yaml | 1 + charts/open5gs-smf/resources/config/smf.yaml | 3 +++ charts/open5gs-udm/resources/config/udm.yaml | 3 +++ charts/open5gs-udr/resources/config/udr.yaml | 3 +++ 12 files changed, 32 insertions(+) diff --git a/charts/open5gs-amf/resources/config/amf.yaml b/charts/open5gs-amf/resources/config/amf.yaml index 33e184b97..3c33a3f2e 100644 --- a/charts/open5gs-amf/resources/config/amf.yaml +++ b/charts/open5gs-amf/resources/config/amf.yaml @@ -13,6 +13,9 @@ amf: server: - dev: eth0 port: {{ .Values.containerPorts.sbi }} + {{- if .Values.config.advertise }} + advertise: {{ .Values.config.advertise }} + {{- end }} client: {{- if .Values.config.sbi.client.nrf.enabled }} nrf: diff --git a/charts/open5gs-ausf/resources/config/ausf.yaml b/charts/open5gs-ausf/resources/config/ausf.yaml index 7ef28006e..d42d653c8 100644 --- a/charts/open5gs-ausf/resources/config/ausf.yaml +++ b/charts/open5gs-ausf/resources/config/ausf.yaml @@ -14,6 +14,9 @@ ausf: server: - dev: eth0 port: {{ .Values.containerPorts.sbi }} + {{- if .Values.config.advertise }} + advertise: {{ .Values.config.advertise }} + {{- end }} client: {{- if .Values.config.sbi.client.nrf.enabled }} nrf: diff --git a/charts/open5gs-bsf/resources/config/bsf.yaml b/charts/open5gs-bsf/resources/config/bsf.yaml index b9770838e..17ca4671a 100644 --- a/charts/open5gs-bsf/resources/config/bsf.yaml +++ b/charts/open5gs-bsf/resources/config/bsf.yaml @@ -14,6 +14,9 @@ bsf: server: - dev: eth0 port: {{ .Values.containerPorts.sbi }} + {{- if .Values.config.advertise }} + advertise: {{ .Values.config.advertise }} + {{- end }} client: {{- if .Values.config.sbi.client.nrf.enabled }} nrf: diff --git a/charts/open5gs-nrf/resources/config/nrf.yaml b/charts/open5gs-nrf/resources/config/nrf.yaml index 0af6d4c55..4e61998ef 100644 --- a/charts/open5gs-nrf/resources/config/nrf.yaml +++ b/charts/open5gs-nrf/resources/config/nrf.yaml @@ -16,6 +16,9 @@ nrf: server: - dev: eth0 port: {{ .Values.containerPorts.sbi }} + {{- if .Values.config.advertise }} + advertise: {{ .Values.config.advertise }} + {{- end }} ################################################################################ # SBI Server diff --git a/charts/open5gs-nrf/values.yaml b/charts/open5gs-nrf/values.yaml index efd32aa93..e8360f5a8 100644 --- a/charts/open5gs-nrf/values.yaml +++ b/charts/open5gs-nrf/values.yaml @@ -77,6 +77,7 @@ image: config: logLevel: info + # advertise: provide custom SBI address to be advertised to NRF servingList: - plmn_id: mcc: 999 diff --git a/charts/open5gs-nssf/resources/config/nssf.yaml b/charts/open5gs-nssf/resources/config/nssf.yaml index 0ffe64222..e30e9bcbc 100644 --- a/charts/open5gs-nssf/resources/config/nssf.yaml +++ b/charts/open5gs-nssf/resources/config/nssf.yaml @@ -13,6 +13,9 @@ nssf: server: - dev: eth0 port: {{ .Values.containerPorts.sbi }} + {{- if .Values.config.advertise }} + advertise: {{ .Values.config.advertise }} + {{- end }} client: {{- if .Values.config.sbi.client.nrf.enabled }} nrf: diff --git a/charts/open5gs-pcf/resources/config/pcf.yaml b/charts/open5gs-pcf/resources/config/pcf.yaml index e1dcc807e..876ac939d 100644 --- a/charts/open5gs-pcf/resources/config/pcf.yaml +++ b/charts/open5gs-pcf/resources/config/pcf.yaml @@ -13,6 +13,9 @@ pcf: server: - dev: eth0 port: {{ .Values.containerPorts.sbi }} + {{- if .Values.config.advertise }} + advertise: {{ .Values.config.advertise }} + {{- end }} client: {{- if .Values.config.sbi.client.nrf.enabled }} nrf: diff --git a/charts/open5gs-scp/resources/config/scp.yaml b/charts/open5gs-scp/resources/config/scp.yaml index b6b16d60c..302bf3fd4 100644 --- a/charts/open5gs-scp/resources/config/scp.yaml +++ b/charts/open5gs-scp/resources/config/scp.yaml @@ -13,6 +13,9 @@ scp: server: - dev: eth0 port: {{ .Values.containerPorts.sbi }} + {{- if .Values.config.advertise }} + advertise: {{ .Values.config.advertise }} + {{- end }} client: {{- if .Values.config.sbi.client.nrf.enabled }} nrf: diff --git a/charts/open5gs-scp/values.yaml b/charts/open5gs-scp/values.yaml index eb5cda656..4f49169e8 100644 --- a/charts/open5gs-scp/values.yaml +++ b/charts/open5gs-scp/values.yaml @@ -77,6 +77,7 @@ image: config: logLevel: info + # advertise: provide custom SBI address to be advertised to NRF sbi: server: client: diff --git a/charts/open5gs-smf/resources/config/smf.yaml b/charts/open5gs-smf/resources/config/smf.yaml index 60213a0e7..22c5d0177 100644 --- a/charts/open5gs-smf/resources/config/smf.yaml +++ b/charts/open5gs-smf/resources/config/smf.yaml @@ -14,6 +14,9 @@ smf: server: - dev: eth0 port: {{ .Values.containerPorts.sbi }} + {{- if .Values.config.advertise }} + advertise: {{ .Values.config.advertise }} + {{- end }} client: {{- if .Values.config.sbi.client.nrf.enabled }} nrf: diff --git a/charts/open5gs-udm/resources/config/udm.yaml b/charts/open5gs-udm/resources/config/udm.yaml index b4febb4ca..c680cbf3f 100644 --- a/charts/open5gs-udm/resources/config/udm.yaml +++ b/charts/open5gs-udm/resources/config/udm.yaml @@ -32,6 +32,9 @@ udm: server: - dev: eth0 port: {{ .Values.containerPorts.sbi }} + {{- if .Values.config.advertise }} + advertise: {{ .Values.config.advertise }} + {{- end }} client: {{- if .Values.config.sbi.client.nrf.enabled }} nrf: diff --git a/charts/open5gs-udr/resources/config/udr.yaml b/charts/open5gs-udr/resources/config/udr.yaml index cdaac4573..171ddf2bb 100644 --- a/charts/open5gs-udr/resources/config/udr.yaml +++ b/charts/open5gs-udr/resources/config/udr.yaml @@ -13,6 +13,9 @@ udr: server: - dev: eth0 port: {{ .Values.containerPorts.sbi }} + {{- if .Values.config.advertise }} + advertise: {{ .Values.config.advertise }} + {{- end }} client: {{- if .Values.config.sbi.client.nrf.enabled }} nrf: