From 2f5e67778c1ca3aa3993c02f8b3965c536d51477 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 28 Apr 2020 17:06:16 +0200 Subject: [PATCH 01/82] helm3 initial commit - WIP --- charts/oai-spgwc/Chart.yaml | 42 +++++++++++ charts/oai-spgwc/templates/NOTES.txt | 15 ++++ charts/oai-spgwc/templates/_helpers.tpl | 63 ++++++++++++++++ charts/oai-spgwc/templates/configmap.yaml | 9 +++ charts/oai-spgwc/templates/deployment.yaml | 67 +++++++++++++++++ charts/oai-spgwc/templates/service.yaml | 26 +++++++ .../oai-spgwc/templates/serviceaccount.yaml | 12 ++++ .../templates/tests/test-connection.yaml | 15 ++++ charts/oai-spgwc/values.yaml | 71 +++++++++++++++++++ 9 files changed, 320 insertions(+) create mode 100644 charts/oai-spgwc/Chart.yaml create mode 100644 charts/oai-spgwc/templates/NOTES.txt create mode 100644 charts/oai-spgwc/templates/_helpers.tpl create mode 100644 charts/oai-spgwc/templates/configmap.yaml create mode 100644 charts/oai-spgwc/templates/deployment.yaml create mode 100644 charts/oai-spgwc/templates/service.yaml create mode 100644 charts/oai-spgwc/templates/serviceaccount.yaml create mode 100644 charts/oai-spgwc/templates/tests/test-connection.yaml create mode 100644 charts/oai-spgwc/values.yaml diff --git a/charts/oai-spgwc/Chart.yaml b/charts/oai-spgwc/Chart.yaml new file mode 100644 index 0000000..d4a1fae --- /dev/null +++ b/charts/oai-spgwc/Chart.yaml @@ -0,0 +1,42 @@ +apiVersion: v2 +name: oai-spgwc +description: A Helm chart for SPGWC network function + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_final_logo.png + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: develop-vco3 + +keywords: + - Core Network + - EPC + - 4G + - Edge + - SPGW + - CUPS + +sources: + - https://github.com/OPENAIRINTERFACE/openair-spgwc + - https://github.com/OPENAIRINTERFACE/openair-k8s + +maintainers: + - name: OPENAIRINTERFACE + email: contact@openairinterface.org + # GITHUB account + - name: lionelgo + email: lionel.gauthier@eurecom.fr diff --git a/charts/oai-spgwc/templates/NOTES.txt b/charts/oai-spgwc/templates/NOTES.txt new file mode 100644 index 0000000..4127a83 --- /dev/null +++ b/charts/oai-spgwc/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "oai-spgwc.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "oai-spgwc.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "oai-spgwc.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "oai-spgwc.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/oai-spgwc/templates/_helpers.tpl b/charts/oai-spgwc/templates/_helpers.tpl new file mode 100644 index 0000000..ac7f2be --- /dev/null +++ b/charts/oai-spgwc/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "oai-spgwc.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "oai-spgwc.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "oai-spgwc.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "oai-spgwc.labels" -}} +helm.sh/chart: {{ include "oai-spgwc.chart" . }} +{{ include "oai-spgwc.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "oai-spgwc.selectorLabels" -}} +app.kubernetes.io/name: {{ include "oai-spgwc.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "oai-spgwc.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "oai-spgwc.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/oai-spgwc/templates/configmap.yaml b/charts/oai-spgwc/templates/configmap.yaml new file mode 100644 index 0000000..4128239 --- /dev/null +++ b/charts/oai-spgwc/templates/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-configmap +data: + sgwS11If: {{ .Values.lte.sgwS11If }} + pgwSxIf: {{ .Values.lte.pgwSxIf }} + ueIpAddressPool: {{ .Values.lte.ueIpAddressPool }} + ueDnsServer: {{ .Values.lte.ueDnsServer }} diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml new file mode 100644 index 0000000..be03663 --- /dev/null +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "oai-spgwc.fullname" . }} + labels: + {{- include "oai-spgwc.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "oai-spgwc.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "oai-spgwc.selectorLabels" . | nindent 8 }} + annotations: + k8s.v1.cni.cncf.io/networks: spgwc-net1, spgwc-net2 + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "oai-spgwc.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: "SGW_S11_INTERFACE" + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-configmap + key: sgwS11If + - name: "PGW_SX_INTERFACE" + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-configmap + key: pgwSxIf + - name: UE_IP_ADDRESS_POOL + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-configmap + key: ueIpAddressPool + - name: UE_DNS_SERVER + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-configmap + key: ueDnsServer + command: + - /bin/sleep + - infinity + image: corfr/tcpdump + command: + - /bin/sleep + - infinity + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + serviceAccountName: spgwc-sa + terminationGracePeriodSeconds: 30 + diff --git a/charts/oai-spgwc/templates/service.yaml b/charts/oai-spgwc/templates/service.yaml new file mode 100644 index 0000000..68e92c5 --- /dev/null +++ b/charts/oai-spgwc/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "oai-spgwc.fullname" . }} + labels: + {{- include "oai-spgwc.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} +{{- if contains "ClusterIP" .Values.service.type }} + clusterIP: None +{{- end }} + ports: + - name: pfcp + # Port accessible outside cluster + port: {{ .Values.service.pfcpPort }} + # Port to forward to inside the pod + targetPort: {{ .Values.service.pfcpPort }} + protocol: UDP + - name: gtpc + # Port accessible outside cluster + port: {{ .Values.service.gtpcPort }} + # Port to forward to inside the pod + targetPort: {{ .Values.service.gtpcPort }} + protocol: UDP + selector: + {{- include "oai-spgwc.selectorLabels" . | nindent 4 }} diff --git a/charts/oai-spgwc/templates/serviceaccount.yaml b/charts/oai-spgwc/templates/serviceaccount.yaml new file mode 100644 index 0000000..4e1c6a6 --- /dev/null +++ b/charts/oai-spgwc/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "oai-spgwc.serviceAccountName" . }} + labels: + {{- include "oai-spgwc.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/oai-spgwc/templates/tests/test-connection.yaml b/charts/oai-spgwc/templates/tests/test-connection.yaml new file mode 100644 index 0000000..2c64ef4 --- /dev/null +++ b/charts/oai-spgwc/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "oai-spgwc.fullname" . }}-test-connection" + labels: + {{- include "oai-spgwc.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "oai-spgwc.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml new file mode 100644 index 0000000..5993605 --- /dev/null +++ b/charts/oai-spgwc/values.yaml @@ -0,0 +1,71 @@ +# Default values for oai-spgwc. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + + +image: + registry: local + repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwc + version: develop-vco3 + # pullPolicy: IfNotPresent or Never or Always + pullPolicy: Always + +imagePullSecrets: [] + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: spgwc-sa + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + + +securityContext: + privileged: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + pfcpPort: 8805 + gtpcPort: 2123 + +lte: + sgwS11If: "net2" + pgwSxIf: "net1" + ueIpAddressPool: "12.1.1.2-12.1.1.253" + ueDnsServer: "192.168.18.129" + apn: "oai.ipv4" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From ea842dc7bb86c32e88be2edbceb566c64c7f764b Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 28 Apr 2020 19:38:08 +0200 Subject: [PATCH 02/82] helm3 WIP multus --- charts/oai-spgwc/templates/multus.yaml | 42 ++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 charts/oai-spgwc/templates/multus.yaml diff --git a/charts/oai-spgwc/templates/multus.yaml b/charts/oai-spgwc/templates/multus.yaml new file mode 100644 index 0000000..38e6c48 --- /dev/null +++ b/charts/oai-spgwc/templates/multus.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: spgwc-net1 +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "macvlan", + "master": "bond0", + "mode": "bridge", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "192.168.2.100/24", + "gateway": "192.168.2.1" + } + ] + } + }' +--- +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: spgwc-net2 +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "macvlan", + "master": "bond0", + "mode": "bridge", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "172.16.1.101/24", + "gateway": "172.16.1.1" + } + ] + } + }' From f56bb997470deb07ea3be14a6fa39b41b9b2c4ca Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 28 Apr 2020 20:34:54 +0200 Subject: [PATCH 03/82] helm3 WIP rbac --- charts/oai-spgwc/templates/rbac.yaml | 12 ++++++++++++ charts/oai-spgwc/templates/service.yaml | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 charts/oai-spgwc/templates/rbac.yaml diff --git a/charts/oai-spgwc/templates/rbac.yaml b/charts/oai-spgwc/templates/rbac.yaml new file mode 100644 index 0000000..a03171c --- /dev/null +++ b/charts/oai-spgwc/templates/rbac.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: oai-spgwc-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: {{ include "oai-spgwc.serviceAccountName" . }} + namespace: oai diff --git a/charts/oai-spgwc/templates/service.yaml b/charts/oai-spgwc/templates/service.yaml index 68e92c5..131840c 100644 --- a/charts/oai-spgwc/templates/service.yaml +++ b/charts/oai-spgwc/templates/service.yaml @@ -10,13 +10,13 @@ spec: clusterIP: None {{- end }} ports: - - name: pfcp + - name: sxab # Port accessible outside cluster port: {{ .Values.service.pfcpPort }} # Port to forward to inside the pod targetPort: {{ .Values.service.pfcpPort }} protocol: UDP - - name: gtpc + - name: s11 # Port accessible outside cluster port: {{ .Values.service.gtpcPort }} # Port to forward to inside the pod From a255792476fac8d35fdc1340b38e617c5b7e625b Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 30 Apr 2020 23:37:05 +0200 Subject: [PATCH 04/82] WIP helm3 install spgwc in an oc project called onap-helm-test --- charts/oai-spgwc/templates/configmap.yaml | 2 +- charts/oai-spgwc/templates/deployment.yaml | 33 +++++++++++-------- charts/oai-spgwc/templates/rbac.yaml | 6 ++-- charts/oai-spgwc/templates/service.yaml | 4 +-- .../oai-spgwc/templates/serviceaccount.yaml | 10 +----- .../templates/tests/test-connection.yaml | 6 ++-- charts/oai-spgwc/values.yaml | 3 +- 7 files changed, 31 insertions(+), 33 deletions(-) diff --git a/charts/oai-spgwc/templates/configmap.yaml b/charts/oai-spgwc/templates/configmap.yaml index 4128239..2bd7cc5 100644 --- a/charts/oai-spgwc/templates/configmap.yaml +++ b/charts/oai-spgwc/templates/configmap.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-configmap + name: {{ .Chart.Name }}-configmap data: sgwS11If: {{ .Values.lte.sgwS11If }} pgwSxIf: {{ .Values.lte.pgwSxIf }} diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index be03663..22a55f4 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "oai-spgwc.fullname" . }} + name: {{ .Chart.Name }} labels: {{- include "oai-spgwc.labels" . | nindent 4 }} spec: @@ -24,37 +24,42 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "oai-spgwc.serviceAccountName" . }} containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + - name: spgwc image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + ports: + - containerPort: 8805 + name: oai-spgwc + - containerPort: 2123 + name: s11 env: - - name: "SGW_S11_INTERFACE" - valueFrom: - configMapKeyRef: - name: {{ .Release.Name }}-configmap - key: sgwS11If - name: "PGW_SX_INTERFACE" valueFrom: configMapKeyRef: - name: {{ .Release.Name }}-configmap + name: {{ .Chart.Name }}-configmap key: pgwSxIf + - name: "SGW_S11_INTERFACE" + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: sgwS11If - name: UE_IP_ADDRESS_POOL valueFrom: configMapKeyRef: - name: {{ .Release.Name }}-configmap + name: {{ .Chart.Name }}-configmap key: ueIpAddressPool - name: UE_DNS_SERVER valueFrom: configMapKeyRef: - name: {{ .Release.Name }}-configmap + name: {{ .Chart.Name }}-configmap key: ueDnsServer command: - /bin/sleep - infinity + - name: tcpdump image: corfr/tcpdump command: - /bin/sleep @@ -62,6 +67,6 @@ spec: dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler - serviceAccountName: spgwc-sa + serviceAccountName: {{ .Values.serviceAccount.name }} terminationGracePeriodSeconds: 30 diff --git a/charts/oai-spgwc/templates/rbac.yaml b/charts/oai-spgwc/templates/rbac.yaml index a03171c..00aa3ca 100644 --- a/charts/oai-spgwc/templates/rbac.yaml +++ b/charts/oai-spgwc/templates/rbac.yaml @@ -1,12 +1,12 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: oai-spgwc-rbac + name: {{ .Chart.Name }}-rbac roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount - name: {{ include "oai-spgwc.serviceAccountName" . }} - namespace: oai + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Values.namespace }} diff --git a/charts/oai-spgwc/templates/service.yaml b/charts/oai-spgwc/templates/service.yaml index 131840c..a252368 100644 --- a/charts/oai-spgwc/templates/service.yaml +++ b/charts/oai-spgwc/templates/service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "oai-spgwc.fullname" . }} + name: {{ .Chart.Name }} labels: {{- include "oai-spgwc.labels" . | nindent 4 }} spec: @@ -10,7 +10,7 @@ spec: clusterIP: None {{- end }} ports: - - name: sxab + - name: oai-spgwc # Port accessible outside cluster port: {{ .Values.service.pfcpPort }} # Port to forward to inside the pod diff --git a/charts/oai-spgwc/templates/serviceaccount.yaml b/charts/oai-spgwc/templates/serviceaccount.yaml index 4e1c6a6..21c813d 100644 --- a/charts/oai-spgwc/templates/serviceaccount.yaml +++ b/charts/oai-spgwc/templates/serviceaccount.yaml @@ -1,12 +1,4 @@ -{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "oai-spgwc.serviceAccountName" . }} - labels: - {{- include "oai-spgwc.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} + name: {{ .Values.serviceAccount.name }} diff --git a/charts/oai-spgwc/templates/tests/test-connection.yaml b/charts/oai-spgwc/templates/tests/test-connection.yaml index 2c64ef4..2813df8 100644 --- a/charts/oai-spgwc/templates/tests/test-connection.yaml +++ b/charts/oai-spgwc/templates/tests/test-connection.yaml @@ -8,8 +8,8 @@ metadata: "helm.sh/hook": test-success spec: containers: - - name: wget + - name: ping image: busybox - command: ['wget'] - args: ['{{ include "oai-spgwc.fullname" . }}:{{ .Values.service.port }}'] + command: ['ping'] + args: ['-c' , '1', {{ include "oai-spgwc.fullname" . }} ] restartPolicy: Never diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index 5993605..b1efee0 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -4,6 +4,7 @@ replicaCount: 1 +namespace: "onap-helm-test" image: registry: local @@ -24,7 +25,7 @@ serviceAccount: annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template - name: spgwc-sa + name: "oai-spgwc-sa" podSecurityContext: runAsUser: 0 From 84eacb7270baa1d23cbc5f13630767b524e624a3 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Mon, 4 May 2020 22:50:04 +0200 Subject: [PATCH 05/82] helm3 WIP spgwc --- charts/oai-spgwc/Chart.yaml | 1 + charts/oai-spgwc/templates/deployment.yaml | 10 ++++++---- charts/oai-spgwc/values.yaml | 3 +-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/charts/oai-spgwc/Chart.yaml b/charts/oai-spgwc/Chart.yaml index d4a1fae..83d33e8 100644 --- a/charts/oai-spgwc/Chart.yaml +++ b/charts/oai-spgwc/Chart.yaml @@ -28,6 +28,7 @@ keywords: - 4G - Edge - SPGW + - SPGW-C - CUPS sources: diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index 22a55f4..3aab7d8 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -36,12 +36,12 @@ spec: - containerPort: 2123 name: s11 env: - - name: "PGW_SX_INTERFACE" + - name: PGW_SX_INTERFACE valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: pgwSxIf - - name: "SGW_S11_INTERFACE" + - name: SGW_S11_INTERFACE valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap @@ -57,8 +57,10 @@ spec: name: {{ .Chart.Name }}-configmap key: ueDnsServer command: - - /bin/sleep - - infinity + - /opt/oai-spgwc/bin/spgwc + - -c + - /opt/oai-spgwc/etc/spgw_c.conf + - -o - name: tcpdump image: corfr/tcpdump command: diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index b1efee0..b9d878b 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -31,7 +31,6 @@ podSecurityContext: runAsUser: 0 runAsGroup: 0 - securityContext: privileged: true # capabilities: @@ -51,7 +50,7 @@ lte: pgwSxIf: "net1" ueIpAddressPool: "12.1.1.2-12.1.1.253" ueDnsServer: "192.168.18.129" - apn: "oai.ipv4" + apn: "apn.oai.svc.cluster.local" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious From 241e6158f394682ddf1e43af8fcf129c4a1a4ab1 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Mon, 4 May 2020 22:51:58 +0200 Subject: [PATCH 06/82] helm3 WIP spgwu --- charts/oai-spgwu-tiny/Chart.yaml | 43 +++++++++++ charts/oai-spgwu-tiny/templates/NOTES.txt | 15 ++++ charts/oai-spgwu-tiny/templates/_helpers.tpl | 63 +++++++++++++++ .../oai-spgwu-tiny/templates/configmap.yaml | 10 +++ .../oai-spgwu-tiny/templates/deployment.yaml | 76 +++++++++++++++++++ charts/oai-spgwu-tiny/templates/multus.yaml | 63 +++++++++++++++ charts/oai-spgwu-tiny/templates/rbac.yaml | 12 +++ charts/oai-spgwu-tiny/templates/service.yaml | 26 +++++++ .../templates/serviceaccount.yaml | 5 ++ .../templates/tests/test-connection.yaml | 15 ++++ charts/oai-spgwu-tiny/values.yaml | 70 +++++++++++++++++ 11 files changed, 398 insertions(+) create mode 100644 charts/oai-spgwu-tiny/Chart.yaml create mode 100644 charts/oai-spgwu-tiny/templates/NOTES.txt create mode 100644 charts/oai-spgwu-tiny/templates/_helpers.tpl create mode 100644 charts/oai-spgwu-tiny/templates/configmap.yaml create mode 100644 charts/oai-spgwu-tiny/templates/deployment.yaml create mode 100644 charts/oai-spgwu-tiny/templates/multus.yaml create mode 100644 charts/oai-spgwu-tiny/templates/rbac.yaml create mode 100644 charts/oai-spgwu-tiny/templates/service.yaml create mode 100644 charts/oai-spgwu-tiny/templates/serviceaccount.yaml create mode 100644 charts/oai-spgwu-tiny/templates/tests/test-connection.yaml create mode 100644 charts/oai-spgwu-tiny/values.yaml diff --git a/charts/oai-spgwu-tiny/Chart.yaml b/charts/oai-spgwu-tiny/Chart.yaml new file mode 100644 index 0000000..1016c95 --- /dev/null +++ b/charts/oai-spgwu-tiny/Chart.yaml @@ -0,0 +1,43 @@ +apiVersion: v2 +name: oai-spgwu-tiny +description: A Helm chart for SPGWU-TINY network function + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_final_logo.png + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: develop-vco3 + +keywords: + - Core Network + - EPC + - 4G + - Edge + - SPGW + - SPGW-U + - CUPS + +sources: + - https://github.com/OPENAIRINTERFACE/openair-spgwu-tiny + - https://github.com/OPENAIRINTERFACE/openair-k8s + +maintainers: + - name: OPENAIRINTERFACE + email: contact@openairinterface.org + # GITHUB account + - name: lionelgo + email: lionel.gauthier@eurecom.fr diff --git a/charts/oai-spgwu-tiny/templates/NOTES.txt b/charts/oai-spgwu-tiny/templates/NOTES.txt new file mode 100644 index 0000000..7faeed3 --- /dev/null +++ b/charts/oai-spgwu-tiny/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "oai-spgwu-tiny.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "oai-spgwu-tiny.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "oai-spgwu-tiny.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "oai-spgwu-tiny.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/oai-spgwu-tiny/templates/_helpers.tpl b/charts/oai-spgwu-tiny/templates/_helpers.tpl new file mode 100644 index 0000000..0de3d73 --- /dev/null +++ b/charts/oai-spgwu-tiny/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "oai-spgwu-tiny.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "oai-spgwu-tiny.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "oai-spgwu-tiny.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "oai-spgwu-tiny.labels" -}} +helm.sh/chart: {{ include "oai-spgwu-tiny.chart" . }} +{{ include "oai-spgwu-tiny.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "oai-spgwu-tiny.selectorLabels" -}} +app.kubernetes.io/name: {{ include "oai-spgwu-tiny.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "oai-spgwu-tiny.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "oai-spgwu-tiny.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/oai-spgwu-tiny/templates/configmap.yaml b/charts/oai-spgwu-tiny/templates/configmap.yaml new file mode 100644 index 0000000..3cb2af6 --- /dev/null +++ b/charts/oai-spgwu-tiny/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap +data: + sgwS1uIf: {{ .Values.lte.sgwS1uIf }} + pgwuSgiGw: {{ .Values.lte.pgwuSgiGw }} + sgwSxIf: {{ .Values.lte.sgwSxIf }} + netUeIp: {{ .Values.lte.netUeIp }} + pgwcSxIp: {{ .Values.lte.pgwcSxIp }} diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml new file mode 100644 index 0000000..b66f3f1 --- /dev/null +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + labels: + {{- include "oai-spgwu-tiny.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "oai-spgwu-tiny.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "oai-spgwu-tiny.selectorLabels" . | nindent 8 }} + annotations: + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-net1, {{ .Chart.Name }}-net2, {{ .Chart.Name }}-net3 + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: spgwu-tiny + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + env: + - name: SGW_S1U_INTERFACE + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: sgwS1uIf + - name: SGW_SX_INTERFACE + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: sgwSxIf + - name: PGW_SGI_INTERFACE + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: sgwS1uIf + - name: NETWORK_UE_IP + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: netUeIp + - name: PGWC_SX_IP_ADDRESS + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: pgwcSxIp + - name: PGWU_SGI_GW + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: pgwuSgiGw + command: + - /bin/sleep + - infinity + - name: tcpdump + image: corfr/tcpdump + command: + - /bin/sleep + - infinity + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + serviceAccountName: {{ .Values.serviceAccount.name }} + terminationGracePeriodSeconds: 30 diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml new file mode 100644 index 0000000..301cfd1 --- /dev/null +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: {{ .Chart.Name }}-net1 +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "macvlan", + "master": "bond0", + "mode": "bridge", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "192.168.2.101/24", + "gateway": "192.168.2.1" + } + ] + } + }' +--- +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: {{ .Chart.Name }}-net2 +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "macvlan", + "master": "bond0", + "mode": "bridge", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "172.16.2.100/24", + "gateway": "172.16.2.1" + } + ] + } + }' +--- +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: {{ .Chart.Name }}-net3 +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "macvlan", + "master": "bond0", + "mode": "bridge", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "192.168.3.100/24", + "gateway": "192.168.3.1" + } + ] + } + }' diff --git a/charts/oai-spgwu-tiny/templates/rbac.yaml b/charts/oai-spgwu-tiny/templates/rbac.yaml new file mode 100644 index 0000000..00aa3ca --- /dev/null +++ b/charts/oai-spgwu-tiny/templates/rbac.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Values.namespace }} diff --git a/charts/oai-spgwu-tiny/templates/service.yaml b/charts/oai-spgwu-tiny/templates/service.yaml new file mode 100644 index 0000000..979237b --- /dev/null +++ b/charts/oai-spgwu-tiny/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + labels: + {{- include "oai-spgwu-tiny.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} +{{- if contains "ClusterIP" .Values.service.type }} + clusterIP: None +{{- end }} + ports: + - name: oai-spgwu-tiny + # Port accessible outside cluster + port: {{ .Values.service.pfcpPort }} + # Port to forward to inside the pod + targetPort: {{ .Values.service.pfcpPort }} + protocol: UDP + - name: s1u + # Port accessible outside cluster + port: {{ .Values.service.gtpuPort }} + # Port to forward to inside the pod + targetPort: {{ .Values.service.gtpuPort }} + protocol: UDP + selector: + {{- include "oai-spgwu-tiny.selectorLabels" . | nindent 4 }} diff --git a/charts/oai-spgwu-tiny/templates/serviceaccount.yaml b/charts/oai-spgwu-tiny/templates/serviceaccount.yaml new file mode 100644 index 0000000..a78df20 --- /dev/null +++ b/charts/oai-spgwu-tiny/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} + diff --git a/charts/oai-spgwu-tiny/templates/tests/test-connection.yaml b/charts/oai-spgwu-tiny/templates/tests/test-connection.yaml new file mode 100644 index 0000000..3a3f9c2 --- /dev/null +++ b/charts/oai-spgwu-tiny/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "oai-spgwu-tiny.fullname" . }}-test-connection" + labels: + {{- include "oai-spgwu-tiny.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: ping + image: busybox + command: ['ping'] + args: ['-c' , '1', {{ include "oai-spgwu-tiny.fullname" . }} ] + restartPolicy: Never diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml new file mode 100644 index 0000000..d33b29e --- /dev/null +++ b/charts/oai-spgwu-tiny/values.yaml @@ -0,0 +1,70 @@ +# Default values for oai-spgwu-tiny. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +namespace: "onap-helm-test" + +image: + registry: local + repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwu + version: develop-vco3 + # pullPolicy: IfNotPresent or Never or Always + pullPolicy: Always + +imagePullSecrets: [] + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "oai-spgwu-tiny-sa" + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + pfcpPort: 8805 + gtpuPort: 2152 + +lte: + sgwS1uIf: "net2" + sgwSxIf: "net1" + pgwuSgiGw: "192.168.18.129" + netUeIp: "12.1.1.0/24" + pgwcSxIp: "192.168.18.2" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 6bbf5e69633bdac6d40d7e3e270a0a8d85d19b38 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 5 May 2020 15:16:41 +0200 Subject: [PATCH 07/82] WIP helm3 spgwc - startup of spgwc seems ok --- charts/oai-spgwc/templates/deployment.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index 3aab7d8..ec9214a 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -56,11 +56,6 @@ spec: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: ueDnsServer - command: - - /opt/oai-spgwc/bin/spgwc - - -c - - /opt/oai-spgwc/etc/spgw_c.conf - - -o - name: tcpdump image: corfr/tcpdump command: From 9fdb2d9af7bb08063538256c0162bd3cffed2b42 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 5 May 2020 15:18:10 +0200 Subject: [PATCH 08/82] wip helm3 spgwu: helmignore --- charts/oai-spgwu-tiny/.helmignore | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 charts/oai-spgwu-tiny/.helmignore diff --git a/charts/oai-spgwu-tiny/.helmignore b/charts/oai-spgwu-tiny/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/oai-spgwu-tiny/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ From 7e35a95aeb14046117e07eb9993dffde886fbe61 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 5 May 2020 18:33:31 +0200 Subject: [PATCH 09/82] helm3 spgwu: CX with spgw-c is fine for project oai --- charts/oai-spgwc/values.yaml | 2 +- charts/oai-spgwu-tiny/templates/configmap.yaml | 1 + charts/oai-spgwu-tiny/templates/deployment.yaml | 5 +---- charts/oai-spgwu-tiny/values.yaml | 10 ++++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index b9d878b..a42240d 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -48,7 +48,7 @@ service: lte: sgwS11If: "net2" pgwSxIf: "net1" - ueIpAddressPool: "12.1.1.2-12.1.1.253" + ueIpAddressPool: "192.168.20.2-192.168.20.200" ueDnsServer: "192.168.18.129" apn: "apn.oai.svc.cluster.local" diff --git a/charts/oai-spgwu-tiny/templates/configmap.yaml b/charts/oai-spgwu-tiny/templates/configmap.yaml index 3cb2af6..039cd89 100644 --- a/charts/oai-spgwu-tiny/templates/configmap.yaml +++ b/charts/oai-spgwu-tiny/templates/configmap.yaml @@ -4,6 +4,7 @@ metadata: name: {{ .Chart.Name }}-configmap data: sgwS1uIf: {{ .Values.lte.sgwS1uIf }} + pgwSgiIf: {{ .Values.lte.pgwSgiIf }} pgwuSgiGw: {{ .Values.lte.pgwuSgiGw }} sgwSxIf: {{ .Values.lte.sgwSxIf }} netUeIp: {{ .Values.lte.netUeIp }} diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index b66f3f1..20a0853 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -45,7 +45,7 @@ spec: valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap - key: sgwS1uIf + key: pgwSgiIf - name: NETWORK_UE_IP valueFrom: configMapKeyRef: @@ -61,9 +61,6 @@ spec: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: pgwuSgiGw - command: - - /bin/sleep - - infinity - name: tcpdump image: corfr/tcpdump command: diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index d33b29e..8981b49 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -31,7 +31,8 @@ podSecurityContext: runAsUser: 0 runAsGroup: 0 -securityContext: {} +securityContext: + privileged: true # capabilities: # drop: # - ALL @@ -47,9 +48,10 @@ service: lte: sgwS1uIf: "net2" sgwSxIf: "net1" - pgwuSgiGw: "192.168.18.129" - netUeIp: "12.1.1.0/24" - pgwcSxIp: "192.168.18.2" + pgwSgiIf: "net3" + pgwuSgiGw: "192.168.3.101" + netUeIp: "192.168.20.0/24" + pgwcSxIp: "192.168.2.100" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious From ec5f41dee9462a2923b62c4611bfeeeff1aaf8cf Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Fri, 28 Aug 2020 13:15:53 +0200 Subject: [PATCH 10/82] Force use local interface lo for S5c --- charts/oai-spgwc/Chart.yaml | 5 ++-- charts/oai-spgwc/templates/configmap.yaml | 5 ++++ charts/oai-spgwc/templates/deployment.yaml | 31 +++++++++++++++++++--- charts/oai-spgwc/values.yaml | 11 +++++--- 4 files changed, 44 insertions(+), 8 deletions(-) diff --git a/charts/oai-spgwc/Chart.yaml b/charts/oai-spgwc/Chart.yaml index 83d33e8..387be18 100644 --- a/charts/oai-spgwc/Chart.yaml +++ b/charts/oai-spgwc/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: oai-spgwc +name: onap-oai-spgwc description: A Helm chart for SPGWC network function # A chart can be either an 'application' or a 'library' chart. @@ -20,7 +20,8 @@ version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: develop-vco3 +#appVersion: develop-vco3 +appVersion: onap-test keywords: - Core Network diff --git a/charts/oai-spgwc/templates/configmap.yaml b/charts/oai-spgwc/templates/configmap.yaml index 2bd7cc5..471a3b6 100644 --- a/charts/oai-spgwc/templates/configmap.yaml +++ b/charts/oai-spgwc/templates/configmap.yaml @@ -3,7 +3,12 @@ kind: ConfigMap metadata: name: {{ .Chart.Name }}-configmap data: + pidDirectory: {{ .Values.lte.pidDirectory }} sgwS11If: {{ .Values.lte.sgwS11If }} + sgwS5S8Ip: {{ .Values.lte.sgwS5S8Ip }} + pgwS5S8Ip: {{ .Values.lte.pgwS5S8Ip }} pgwSxIf: {{ .Values.lte.pgwSxIf }} ueIpAddressPool: {{ .Values.lte.ueIpAddressPool }} + apn: {{ .Values.lte.apn }} ueDnsServer: {{ .Values.lte.ueDnsServer }} + ueDnsServerSec: {{ .Values.lte.ueDnsServerSec }} diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index ec9214a..6629f92 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -36,26 +36,51 @@ spec: - containerPort: 2123 name: s11 env: - - name: PGW_SX_INTERFACE + - name: PID_DIRECTORY + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: pidDirectory + - name: PGW_INTERFACE_NAME_FOR_SX valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: pgwSxIf - - name: SGW_S11_INTERFACE + - name: SGW_INTERFACE_NAME_FOR_S11 valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: sgwS11If + - name: SGW_IP_FOR_S5_S8_CP + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: sgwS5S8Ip + - name: PGW_IP_FOR_S5_S8_CP + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: pgwS5S8Ip - name: UE_IP_ADDRESS_POOL valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: ueIpAddressPool - - name: UE_DNS_SERVER + - name: DEFAULT_APN + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: apn + - name: DEFAULT_DNS_IPV4_ADDRESS valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: ueDnsServer + - name: DEFAULT_DNS_SEC_IPV4_ADDRESS + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: ueDnsServerSec - name: tcpdump image: corfr/tcpdump command: diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index a42240d..d71816e 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -4,12 +4,13 @@ replicaCount: 1 -namespace: "onap-helm-test" +namespace: "oai-cn" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwc - version: develop-vco3 + repository: image-registry.openshift-image-registry.svc:5000/oai-cn/oai-spgwc + #version: develop-vco3 + version: onap-test # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -46,10 +47,14 @@ service: gtpcPort: 2123 lte: + pidDirectory: "/var/run" sgwS11If: "net2" + sgwS5S8Ip: "127.0.58.2/8" + pgwS5S8Ip: "127.0.58.1/8" pgwSxIf: "net1" ueIpAddressPool: "192.168.20.2-192.168.20.200" ueDnsServer: "192.168.18.129" + ueDnsServerSec: "192.168.18.129" apn: "apn.oai.svc.cluster.local" resources: {} From 51ced311dff43e9a8322b971c69e4426b7d219b5 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Fri, 28 Aug 2020 16:49:18 +0200 Subject: [PATCH 11/82] Can start pod with image genererated in openair-spgwu-tiny GH repo --- charts/oai-spgwu-tiny/Chart.yaml | 4 ++-- charts/oai-spgwu-tiny/templates/configmap.yaml | 1 + charts/oai-spgwu-tiny/templates/deployment.yaml | 13 +++++++++---- charts/oai-spgwu-tiny/values.yaml | 7 ++++--- 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/charts/oai-spgwu-tiny/Chart.yaml b/charts/oai-spgwu-tiny/Chart.yaml index 1016c95..61ab65a 100644 --- a/charts/oai-spgwu-tiny/Chart.yaml +++ b/charts/oai-spgwu-tiny/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: oai-spgwu-tiny +name: onap-oai-spgwu-tiny description: A Helm chart for SPGWU-TINY network function # A chart can be either an 'application' or a 'library' chart. @@ -20,7 +20,7 @@ version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: develop-vco3 +appVersion: onap-test keywords: - Core Network diff --git a/charts/oai-spgwu-tiny/templates/configmap.yaml b/charts/oai-spgwu-tiny/templates/configmap.yaml index 039cd89..bb1f9ac 100644 --- a/charts/oai-spgwu-tiny/templates/configmap.yaml +++ b/charts/oai-spgwu-tiny/templates/configmap.yaml @@ -3,6 +3,7 @@ kind: ConfigMap metadata: name: {{ .Chart.Name }}-configmap data: + pidDirectory: {{ .Values.lte.pidDirectory }} sgwS1uIf: {{ .Values.lte.sgwS1uIf }} pgwSgiIf: {{ .Values.lte.pgwSgiIf }} pgwuSgiGw: {{ .Values.lte.pgwuSgiGw }} diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index 20a0853..c14f168 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -31,17 +31,22 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} env: - - name: SGW_S1U_INTERFACE + - name: PID_DIRECTORY + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: pidDirectory + - name: SGW_INTERFACE_NAME_FOR_S1U_S12_S4_UP valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: sgwS1uIf - - name: SGW_SX_INTERFACE + - name: SGW_INTERFACE_NAME_FOR_SX valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: sgwSxIf - - name: PGW_SGI_INTERFACE + - name: PGW_INTERFACE_NAME_FOR_SGI valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap @@ -51,7 +56,7 @@ spec: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: netUeIp - - name: PGWC_SX_IP_ADDRESS + - name: SPGWC0_IP_ADDRESS valueFrom: configMapKeyRef: name: {{ .Chart.Name }}-configmap diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 8981b49..f72dc05 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -4,12 +4,12 @@ replicaCount: 1 -namespace: "onap-helm-test" +namespace: "oai-cn" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwu - version: develop-vco3 + repository: image-registry.openshift-image-registry.svc:5000/oai-cn/oai-spgwu-tiny + version: onap-test # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -46,6 +46,7 @@ service: gtpuPort: 2152 lte: + pidDirectory: "/var/run" sgwS1uIf: "net2" sgwSxIf: "net1" pgwSgiIf: "net3" From 8c47a215057bd2088c600dcb06fdb40b68de5eab Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Mon, 31 Aug 2020 17:04:18 +0200 Subject: [PATCH 12/82] helm for https://github.com/OPENAIRINTERFACE/openair-mme/tree/helm3.1-onap-sync-with-cn-split-repos --- charts/oai-mme/Chart.yaml | 41 +++ charts/oai-mme/templates/NOTES.txt | 15 + charts/oai-mme/templates/_helpers.tpl | 63 +++++ charts/oai-mme/templates/configmap.yaml | 42 +++ charts/oai-mme/templates/deployment.yaml | 256 ++++++++++++++++++ charts/oai-mme/templates/multus.yaml | 42 +++ charts/oai-mme/templates/rbac.yaml | 12 + charts/oai-mme/templates/service.yaml | 32 +++ charts/oai-mme/templates/serviceaccount.yaml | 4 + .../templates/tests/test-connection.yaml | 15 + charts/oai-mme/values.yaml | 101 +++++++ 11 files changed, 623 insertions(+) create mode 100644 charts/oai-mme/Chart.yaml create mode 100644 charts/oai-mme/templates/NOTES.txt create mode 100644 charts/oai-mme/templates/_helpers.tpl create mode 100644 charts/oai-mme/templates/configmap.yaml create mode 100644 charts/oai-mme/templates/deployment.yaml create mode 100644 charts/oai-mme/templates/multus.yaml create mode 100644 charts/oai-mme/templates/rbac.yaml create mode 100644 charts/oai-mme/templates/service.yaml create mode 100644 charts/oai-mme/templates/serviceaccount.yaml create mode 100644 charts/oai-mme/templates/tests/test-connection.yaml create mode 100644 charts/oai-mme/values.yaml diff --git a/charts/oai-mme/Chart.yaml b/charts/oai-mme/Chart.yaml new file mode 100644 index 0000000..950175e --- /dev/null +++ b/charts/oai-mme/Chart.yaml @@ -0,0 +1,41 @@ +apiVersion: v2 +name: onap-oai-mme +description: A Helm chart for MME network function + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_final_logo.png + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: onap-test + +keywords: + - Core Network + - EPC + - 4G + - Edge + - MME + +sources: + - https://github.com/OPENAIRINTERFACE/openair-mme + - https://github.com/OPENAIRINTERFACE/openair-k8s + +maintainers: + - name: OPENAIRINTERFACE + email: contact@openairinterface.org + # GITHUB account + - name: lionelgo + email: lionel.gauthier@eurecom.fr diff --git a/charts/oai-mme/templates/NOTES.txt b/charts/oai-mme/templates/NOTES.txt new file mode 100644 index 0000000..f1a2b9e --- /dev/null +++ b/charts/oai-mme/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "oai-mme.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "oai-mme.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "oai-mme.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "oai-mme.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/oai-mme/templates/_helpers.tpl b/charts/oai-mme/templates/_helpers.tpl new file mode 100644 index 0000000..dddea34 --- /dev/null +++ b/charts/oai-mme/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "oai-mme.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "oai-mme.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "oai-mme.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "oai-mme.labels" -}} +helm.sh/chart: {{ include "oai-mme.chart" . }} +{{ include "oai-mme.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "oai-mme.selectorLabels" -}} +app.kubernetes.io/name: {{ include "oai-mme.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "oai-mme.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "oai-mme.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/oai-mme/templates/configmap.yaml b/charts/oai-mme/templates/configmap.yaml new file mode 100644 index 0000000..7e8cac6 --- /dev/null +++ b/charts/oai-mme/templates/configmap.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap +data: + instance: {{ .Values.lte.instance | quote }} + output: {{ .Values.lte.output }} + prefix: {{ .Values.lte.prefix }} + pidDirectory: {{ .Values.lte.pidDirectory }} + mmeService: {{ .Values.lte.mmeService }} + mmeRealm: {{ .Values.lte.mmeRealm }} + mmeGid: {{ .Values.lte.mmeGid | quote }} + mmeCode: {{ .Values.lte.mmeCode | quote }} + mcc: {{ .Values.lte.mcc | quote }} + mnc: {{ .Values.lte.mnc | quote }} + mnc3: {{ .Values.lte.mnc3 | quote }} + tac_0: {{ .Values.lte.tac_0 | quote }} + tac_0_lb: {{ .Values.lte.tac_0_lb | quote }} + tac_0_hb: {{ .Values.lte.tac_0_hb | quote }} + tac_1: {{ .Values.lte.tac_1 | quote }} + tac_2: {{ .Values.lte.tac_2 | quote }} + nwIfS1c: {{ .Values.lte.nwIfS1c }} + nwIfS11: {{ .Values.lte.nwIfS11 }} + nwIfS10: {{ .Values.lte.nwIfS10 }} + mmeIpS1c: {{ .Values.lte.mmeIpS1c }} + mmeIpS11: {{ .Values.lte.mmeIpS11 }} + mmeIpS10: {{ .Values.lte.mmeIpS10 }} + sgwIpS11: {{ .Values.lte.sgwIpS11 }} + hssService: {{ .Values.lte.hssService }} + hssRealm: {{ .Values.lte.hssRealm }} + hssHostname: {{ .Values.lte.hssHostname }} + hssIp: {{ .Values.lte.hssIp }} + peerMme0Ipv4Address: "0.0.0.0" + peerMme1Ipv4Address: "0.0.0.0" + mcc_mme0: "000" + mnc3_mme0: "000" + mcc_mme1: "000" + mnc3_mme1: "000" + tac_lb_mme0: "00" + tac_hb_mme0: "00" + tac_lb_mme1: "00" + tac_hb_mme1: "00" \ No newline at end of file diff --git a/charts/oai-mme/templates/deployment.yaml b/charts/oai-mme/templates/deployment.yaml new file mode 100644 index 0000000..54cfde0 --- /dev/null +++ b/charts/oai-mme/templates/deployment.yaml @@ -0,0 +1,256 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + labels: + {{- include "oai-mme.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "oai-mme.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "oai-mme.selectorLabels" . | nindent 8 }} + annotations: + k8s.v1.cni.cncf.io/networks: mme-net1, mme-net2 + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: mme + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + ports: + - containerPort: {{ .Values.service.diameterPort }} + name: oai-mme + - containerPort: {{ .Values.service.diameterSecPort }} + name: oai-mme-secure + - containerPort: {{ .Values.service.gtpcPort }} + name: s11 + env: + - name: INSTANCE + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: instance + - name: OUTPUT + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: output + - name: PREFIX + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: prefix + - name: PID_DIRECTORY + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: pidDirectory + - name: MME_FQDN + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mmeService + - name: HSS_FQDN + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: hssService + - name: REALM + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mmeRealm + - name: MME_GID + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mmeGid + - name: MME_CODE + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mmeCode + - name: MME_INTERFACE_NAME_FOR_S1_MME + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: nwIfS1c + - name: MME_INTERFACE_NAME_FOR_S11 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: nwIfS11 + - name: MME_INTERFACE_NAME_FOR_S10 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: nwIfS10 + - name: MCC + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mcc + - name: MNC + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mnc + - name: MCC_SGW_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mcc + - name: MNC3_SGW_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mnc3 + - name: MNC3_MME_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mnc3_mme0 + - name: MNC3_MME_1 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mnc3_mme0 + - name: MCC_MME_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mcc_mme0 + - name: MCC_MME_1 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mcc_mme1 + - name: TAC_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_0 + - name: TAC_1 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_1 + - name: TAC_2 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_2 + - name: TAC_LB_SGW_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_0_lb + - name: TAC_HB_SGW_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_0_hb + - name: TAC_LB_SGW_TEST_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_0_lb + - name: TAC_HB_SGW_TEST_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_0_hb + - name: TAC_LB_MME_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_lb_mme0 + - name: TAC_HB_MME_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_hb_mme0 + - name: TAC_LB_MME_1 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_lb_mme1 + - name: TAC_HB_MME_1 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: tac_hb_mme1 + - name: MME_IPV4_ADDRESS_FOR_S1_MME + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mmeIpS1c + - name: MME_S6A_IP_ADDR + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mmeIpS1c + - name: MME_IPV4_ADDRESS_FOR_S11 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mmeIpS11 + - name: MME_IPV4_ADDRESS_FOR_S10 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: mmeIpS10 + - name: PEER_MME_IPV4_ADDRESS_FOR_S10_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: peerMme0Ipv4Address + - name: PEER_MME_IPV4_ADDRESS_FOR_S10_1 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: peerMme1Ipv4Address + - name: SGW_IPV4_ADDRESS_FOR_S11_0 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: sgwIpS11 + - name: HSS_REALM + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: hssRealm + - name: HSS_HOSTNAME + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: hssHostname + - name: HSS_IP_ADDR + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: hssIp + - name: tcpdump + image: corfr/tcpdump + command: + - /bin/sleep + - infinity + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + serviceAccountName: {{ .Values.serviceAccount.name }} + terminationGracePeriodSeconds: 30 + diff --git a/charts/oai-mme/templates/multus.yaml b/charts/oai-mme/templates/multus.yaml new file mode 100644 index 0000000..222700c --- /dev/null +++ b/charts/oai-mme/templates/multus.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: mme-net1 +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "macvlan", + "master": "bond0", + "mode": "bridge", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "192.168.1.100/24", + "gateway": "192.168.1.1" + } + ] + } + }' +--- +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: mme-net2 +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "macvlan", + "master": "bond0", + "mode": "bridge", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "172.16.1.100/24", + "gateway": "172.16.1.1" + } + ] + } + }' diff --git a/charts/oai-mme/templates/rbac.yaml b/charts/oai-mme/templates/rbac.yaml new file mode 100644 index 0000000..00aa3ca --- /dev/null +++ b/charts/oai-mme/templates/rbac.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Values.namespace }} diff --git a/charts/oai-mme/templates/service.yaml b/charts/oai-mme/templates/service.yaml new file mode 100644 index 0000000..5bcdaaa --- /dev/null +++ b/charts/oai-mme/templates/service.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + labels: + {{- include "oai-mme.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} +{{- if contains "ClusterIP" .Values.service.type }} + clusterIP: None +{{- end }} + ports: + - name: oai-mme + # Port accessible outside cluster + port: {{ .Values.service.diameterPort }} + # Port to forward to inside the pod + targetPort: {{ .Values.service.peerDiameterPort }} + protocol: TCP + - name: oai-mme-secure + # Port accessible outside cluster + port: {{ .Values.service.diameterSecPort }} + # Port to forward to inside the pod + targetPort: {{ .Values.service.peerDiameterPortSecPort }} + protocol: TCP + - name: s11 + # Port accessible outside cluster + port: {{ .Values.service.gtpcPort }} + # Port to forward to inside the pod + targetPort: {{ .Values.service.gtpcPort }} + protocol: UDP + selector: + {{- include "oai-mme.selectorLabels" . | nindent 4 }} diff --git a/charts/oai-mme/templates/serviceaccount.yaml b/charts/oai-mme/templates/serviceaccount.yaml new file mode 100644 index 0000000..21c813d --- /dev/null +++ b/charts/oai-mme/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} diff --git a/charts/oai-mme/templates/tests/test-connection.yaml b/charts/oai-mme/templates/tests/test-connection.yaml new file mode 100644 index 0000000..22f2f4d --- /dev/null +++ b/charts/oai-mme/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "oai-mme.fullname" . }}-test-connection" + labels: + {{- include "oai-mme.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: ping + image: busybox + command: ['ping'] + args: ['-c' , '1', {{ include "oai-mme.fullname" . }} ] + restartPolicy: Never diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml new file mode 100644 index 0000000..ed4d15b --- /dev/null +++ b/charts/oai-mme/values.yaml @@ -0,0 +1,101 @@ +# Default values for oai-mme. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +namespace: "oai-cn" + +image: + registry: local + repository: image-registry.openshift-image-registry.svc:5000/oai-cn/oai-mme + version: onap-test + # pullPolicy: IfNotPresent or Never or Always + pullPolicy: Always + +imagePullSecrets: [] + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "oai-mme-sa" + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + +securityContext: + privileged: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + diameterPort: 3870 + diameterSecPort: 5870 + peerDiameterPort: 3868 + peerDiameterSecPort: 5868 + gtpcPort: 2123 + +lte: + # Should use a tai list as done previously + instance: "0" + output: "CONSOLE" + prefix: "/openair-mme/etc" + pidDirectory: "/var/run" + mmeService: "oai-mme.oai-cn.svc.cluster.local" + mmeRealm: "oai-cn.svc.cluster.local" + mmeGid: "4" + mmeCode: "1" + nwIfS1c: "net1" + nwIfS11: "net2" + nwIfS10: "lo" + mcc: "208" + mnc: "96" + mnc3: "096" + tac_0: "1" + tac_0_lb: "01" + tac_0_hb: "00" + tac_1: "2" + tac_1_lb: "02" + tac_1_hb: "00" + tac_2: "3" + tac_2_lb: "03" + tac_2_hb: "00" + mmeIpS1c: "192.168.1.100" + mmeIpS11: "172.16.1.100" + mmeIpS10: "127.0.0.1" + sgwIpS11: "172.16.1.101" + hssService: "oai-hss.oai-cn.svc.cluster.local" + hssRealm: "oai-cn.svc.cluster.local" + hssHostname: "oai-hss" + hssIp: "oai-hss.oai-cn.svc.cluster.local" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 3dd98f984be9a741de872a1ff42fbcbb9cea8ed3 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Mon, 31 Aug 2020 23:25:48 +0200 Subject: [PATCH 13/82] WIP helm HSS (certs volume todo) --- charts/oai-hss/Chart.yaml | 41 +++++++ charts/oai-hss/templates/NOTES.txt | 15 +++ charts/oai-hss/templates/_helpers.tpl | 63 ++++++++++ charts/oai-hss/templates/configmap.yaml | 20 ++++ charts/oai-hss/templates/deployment.yaml | 111 ++++++++++++++++++ charts/oai-hss/templates/multus.yaml | 21 ++++ charts/oai-hss/templates/rbac.yaml | 12 ++ charts/oai-hss/templates/service.yaml | 26 ++++ charts/oai-hss/templates/serviceaccount.yaml | 4 + .../templates/tests/test-connection.yaml | 15 +++ charts/oai-hss/values.yaml | 80 +++++++++++++ 11 files changed, 408 insertions(+) create mode 100644 charts/oai-hss/Chart.yaml create mode 100644 charts/oai-hss/templates/NOTES.txt create mode 100644 charts/oai-hss/templates/_helpers.tpl create mode 100644 charts/oai-hss/templates/configmap.yaml create mode 100644 charts/oai-hss/templates/deployment.yaml create mode 100644 charts/oai-hss/templates/multus.yaml create mode 100644 charts/oai-hss/templates/rbac.yaml create mode 100644 charts/oai-hss/templates/service.yaml create mode 100644 charts/oai-hss/templates/serviceaccount.yaml create mode 100644 charts/oai-hss/templates/tests/test-connection.yaml create mode 100644 charts/oai-hss/values.yaml diff --git a/charts/oai-hss/Chart.yaml b/charts/oai-hss/Chart.yaml new file mode 100644 index 0000000..7df0ff1 --- /dev/null +++ b/charts/oai-hss/Chart.yaml @@ -0,0 +1,41 @@ +apiVersion: v2 +name: oai-hss +description: A Helm chart for HSS network function + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_final_logo.png + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: develop-vco3 + +keywords: + - Core Network + - EPC + - 4G + - Edge + - HSS + +sources: + - https://github.com/OPENAIRINTERFACE/openair-hss + - https://github.com/OPENAIRINTERFACE/openair-k8s + +maintainers: + - name: OPENAIRINTERFACE + email: contact@openairinterface.org + # GITHUB account + - name: lionelgo + email: lionel.gauthier@eurecom.fr diff --git a/charts/oai-hss/templates/NOTES.txt b/charts/oai-hss/templates/NOTES.txt new file mode 100644 index 0000000..98ba93f --- /dev/null +++ b/charts/oai-hss/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "oai-hss.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "oai-hss.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "oai-hss.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "oai-hss.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/oai-hss/templates/_helpers.tpl b/charts/oai-hss/templates/_helpers.tpl new file mode 100644 index 0000000..8d584c0 --- /dev/null +++ b/charts/oai-hss/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "oai-hss.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "oai-hss.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "oai-hss.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "oai-hss.labels" -}} +helm.sh/chart: {{ include "oai-hss.chart" . }} +{{ include "oai-hss.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "oai-hss.selectorLabels" -}} +app.kubernetes.io/name: {{ include "oai-hss.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "oai-hss.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "oai-hss.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/oai-hss/templates/configmap.yaml b/charts/oai-hss/templates/configmap.yaml new file mode 100644 index 0000000..ac28433 --- /dev/null +++ b/charts/oai-hss/templates/configmap.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap +data: + prefix: {{ .Values.lte.prefix }} + identity: {{ .Values.lte.identity }} + realm: {{ .Values.lte.realm }} + dbFqdn: {{ .Values.lte.dbFqdn }} + opKey: {{ .Values.lte.opKey | quote }} + roaming: {{ .Values.lte.roaming | quote }} + apn1: {{ .Values.lte.apn1 }} + apn2: {{ .Values.lte.apn2 }} + lteK: {{ .Values.lte.lteK | quote }} + imsi: {{ .Values.lte.imsi | quote }} + numSubscribers: {{ .Values.lte.numSubscribers | quote }} + dbName: {{ .Values.lte.dbName }} + dbUser: {{ .Values.lte.dbUser }} + dbPassword: {{ .Values.lte.dbPassword }} + diff --git a/charts/oai-hss/templates/deployment.yaml b/charts/oai-hss/templates/deployment.yaml new file mode 100644 index 0000000..a1426be --- /dev/null +++ b/charts/oai-hss/templates/deployment.yaml @@ -0,0 +1,111 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + labels: + {{- include "oai-hss.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "oai-hss.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "oai-hss.selectorLabels" . | nindent 8 }} + annotations: + k8s.v1.cni.cncf.io/networks: hss-net1 + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: hss + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + ports: + - containerPort: 3868 + name: oai-hss + - containerPort: 5868 + name: oai-hss-secure + - containerPort: 9080 + name: jmx + - containerPort: 9081 + name: cql + volumeMounts: + - mountPath: /opt/oai-hss/certs + name: certs + env: + - name: PREFIX + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: prefix + - name: HSS_FQDN + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: identity + - name: REALM + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: realm + - name: cassandra_Server_IP + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: dbFqdn + - name: OP_KEY + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: opKey + - name: ROAMING_ALLOWED + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: roaming + - name: APN1 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: apn1 + - name: APN2 + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: apn2 + - name: LTE_K + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: lteK + - name: FIRST_IMSI + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: imsi + - name: NB_USERS + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: numSubscribers + - name: tcpdump + image: corfr/tcpdump + command: + - /bin/sleep + - infinity + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + serviceAccountName: {{ .Values.serviceAccount.name }} + terminationGracePeriodSeconds: 30 + diff --git a/charts/oai-hss/templates/multus.yaml b/charts/oai-hss/templates/multus.yaml new file mode 100644 index 0000000..284f9a1 --- /dev/null +++ b/charts/oai-hss/templates/multus.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: hss-net1 +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "macvlan", + "master": "bond0", + "mode": "bridge", + "ipam": { + "type": "static", + "addresses": [ + { + "address": "192.168.1.102/24", + "gateway": "192.168.1.1" + } + ] + } + }' diff --git a/charts/oai-hss/templates/rbac.yaml b/charts/oai-hss/templates/rbac.yaml new file mode 100644 index 0000000..00aa3ca --- /dev/null +++ b/charts/oai-hss/templates/rbac.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Values.namespace }} diff --git a/charts/oai-hss/templates/service.yaml b/charts/oai-hss/templates/service.yaml new file mode 100644 index 0000000..d45b10c --- /dev/null +++ b/charts/oai-hss/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + labels: + {{- include "oai-hss.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} +{{- if contains "ClusterIP" .Values.service.type }} + clusterIP: None +{{- end }} + ports: + - name: oai-hss + # Port accessible outside cluster + port: {{ .Values.service.diameterPort }} + # Port to forward to inside the pod + targetPort: {{ .Values.service.diameterPort }} + protocol: TCP + - name: oai-hss-secure + # Port accessible outside cluster + port: {{ .Values.service.diameterSecPort }} + # Port to forward to inside the pod + targetPort: {{ .Values.service.diameterSecPort }} + protocol: TCP + selector: + {{- include "oai-hss.selectorLabels" . | nindent 4 }} diff --git a/charts/oai-hss/templates/serviceaccount.yaml b/charts/oai-hss/templates/serviceaccount.yaml new file mode 100644 index 0000000..21c813d --- /dev/null +++ b/charts/oai-hss/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} diff --git a/charts/oai-hss/templates/tests/test-connection.yaml b/charts/oai-hss/templates/tests/test-connection.yaml new file mode 100644 index 0000000..bfcf8b0 --- /dev/null +++ b/charts/oai-hss/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "oai-hss.fullname" . }}-test-connection" + labels: + {{- include "oai-hss.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: ping + image: busybox + command: ['ping'] + args: ['-c' , '1', {{ include "oai-hss.fullname" . }} ] + restartPolicy: Never diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml new file mode 100644 index 0000000..e2d7aa7 --- /dev/null +++ b/charts/oai-hss/values.yaml @@ -0,0 +1,80 @@ +# Default values for oai-hss. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +namespace: "oai-cn" + +image: + registry: local + repository: image-registry.openshift-image-registry.svc:5000/{{ .namespace }}/oai-hss + version: onap-test + # pullPolicy: IfNotPresent or Never or Always + pullPolicy: Always + +imagePullSecrets: [] + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "oai-hss-sa" + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + +securityContext: + privileged: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + diameterPort: 3868 + diameterSecPort: 5868 + +lte: + prefix: "/openair-hss/etc" + identity: "oai-hss.oai-cn.svc.cluster.local" + realm: "oai-cn.svc.cluster.local" + dbFqdn: "cassandra-0.cassandra.oai.svc.cluster.local" + opKey: "11111111111111111111111111111111" + roaming: "true" + apn1: "apn.oai-cn.svc.cluster.local" + apn2: "internet" + lteK: "8baf473f2f8fd09487cccbd7097c6862" + imsi: "311480100001101" + numSubscribers: "1000" + dbName: "vhss" + dbUser: "cassandra" + dbPassword: "cassandra" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From dc61300e4432dff8197180f28e6588a1fec35d00 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 1 Sep 2020 11:48:17 +0200 Subject: [PATCH 14/82] helm HSS deploy seems fine, todo test db provisionning --- charts/oai-hss/Chart.yaml | 2 +- charts/oai-hss/templates/configmap.yaml | 4 ++-- charts/oai-hss/templates/deployment.yaml | 6 +++--- charts/oai-hss/values.yaml | 10 +++++----- images/oai-spgwc/configs/spgw_c.conf | 6 +++--- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/charts/oai-hss/Chart.yaml b/charts/oai-hss/Chart.yaml index 7df0ff1..10d610b 100644 --- a/charts/oai-hss/Chart.yaml +++ b/charts/oai-hss/Chart.yaml @@ -20,7 +20,7 @@ version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: develop-vco3 +appVersion: onap-test keywords: - Core Network diff --git a/charts/oai-hss/templates/configmap.yaml b/charts/oai-hss/templates/configmap.yaml index ac28433..426d2d0 100644 --- a/charts/oai-hss/templates/configmap.yaml +++ b/charts/oai-hss/templates/configmap.yaml @@ -4,9 +4,9 @@ metadata: name: {{ .Chart.Name }}-configmap data: prefix: {{ .Values.lte.prefix }} - identity: {{ .Values.lte.identity }} - realm: {{ .Values.lte.realm }} dbFqdn: {{ .Values.lte.dbFqdn }} + realm: {{ .Values.lte.realm }} + identity: {{ .Values.lte.identity }} opKey: {{ .Values.lte.opKey | quote }} roaming: {{ .Values.lte.roaming | quote }} apn1: {{ .Values.lte.apn1 }} diff --git a/charts/oai-hss/templates/deployment.yaml b/charts/oai-hss/templates/deployment.yaml index a1426be..2bab01f 100644 --- a/charts/oai-hss/templates/deployment.yaml +++ b/charts/oai-hss/templates/deployment.yaml @@ -39,9 +39,9 @@ spec: name: jmx - containerPort: 9081 name: cql - volumeMounts: - - mountPath: /opt/oai-hss/certs - name: certs + # volumeMounts: + # - mountPath: /opt/oai-hss/certs + # name: certs env: - name: PREFIX valueFrom: diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index e2d7aa7..5ad1d2c 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -8,7 +8,7 @@ namespace: "oai-cn" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/{{ .namespace }}/oai-hss + repository: image-registry.openshift-image-registry.svc:5000/oai-cn/oai-hss version: onap-test # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -47,12 +47,12 @@ service: lte: prefix: "/openair-hss/etc" - identity: "oai-hss.oai-cn.svc.cluster.local" - realm: "oai-cn.svc.cluster.local" - dbFqdn: "cassandra-0.cassandra.oai.svc.cluster.local" + realm: "${namespace}.svc.cluster.local" + identity: "oai-hss.${lte.realm}" + dbFqdn: "cassandra-0.cassandra.${lte.realm}" opKey: "11111111111111111111111111111111" roaming: "true" - apn1: "apn.oai-cn.svc.cluster.local" + apn1: "apn.${lte.realm}" apn2: "internet" lteK: "8baf473f2f8fd09487cccbd7097c6862" imsi: "311480100001101" diff --git a/images/oai-spgwc/configs/spgw_c.conf b/images/oai-spgwc/configs/spgw_c.conf index f0b1a80..aa8fb67 100644 --- a/images/oai-spgwc/configs/spgw_c.conf +++ b/images/oai-spgwc/configs/spgw_c.conf @@ -20,8 +20,8 @@ ################################################################################ S-GW = { - INSTANCE = 0; # 0 is the default - PID_DIRECTORY = "/opt/oai-spgwc"; # /var/run is the default + INSTANCE = ${INSTANCE}; # 0 is the default + PID_DIRECTORY = ${PID_DIRECTORY}; # /var/run is the default #ITTI_TASKS : #{ @@ -68,7 +68,7 @@ S-GW = S11_CP : { # S-GW binded interface for S11 communication (GTPV2-C), if none selected the ITTI message interface is used - INTERFACE_NAME = "${SGW_S11_INTERFACE}"; # STRING, interface name, YOUR NETWORK CONFIG HERE + INTERFACE_NAME = "${SGW_INTERFACE_NAME_FOR_S11}"; # STRING, interface name, YOUR NETWORK CONFIG HERE IPV4_ADDRESS = "read"; # STRING, CIDR or "read" to let app read interface configured IP address, YOUR NETWORK CONFIG HERE #PORT = 2123; # INTEGER, port number, PREFER NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING #SCHED_PARAMS : # SCHEADULING PARAMS OF THE LOOPING RECEIVER THREAD BOUND TO THIS INTERFACE/PROTOCOL From 09e873875e41eb9834be810bec1338a414d9fec5 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 2 Sep 2020 09:48:40 +0200 Subject: [PATCH 15/82] WIP Changed IP addresses of LTE NW + misc fixes --- charts/oai-hss/Chart.yaml | 7 ++++++- charts/oai-hss/templates/deployment.yaml | 2 +- charts/oai-hss/templates/multus.yaml | 6 +++--- charts/oai-mme/Chart.yaml | 13 +++++++++++-- charts/oai-mme/templates/deployment.yaml | 2 +- charts/oai-mme/templates/multus.yaml | 12 ++++++------ charts/oai-mme/values.yaml | 10 +++++----- charts/oai-spgwc/Chart.yaml | 5 ++--- charts/oai-spgwc/templates/deployment.yaml | 2 +- charts/oai-spgwc/templates/multus.yaml | 12 ++++++------ charts/oai-spgwc/templates/rbac.yaml | 2 +- charts/oai-spgwu-tiny/Chart.yaml | 10 ++++++++-- .../oai-spgwu-tiny/templates/deployment.yaml | 2 +- charts/oai-spgwu-tiny/templates/multus.yaml | 18 +++++++++--------- charts/oai-spgwu-tiny/templates/rbac.yaml | 2 +- 15 files changed, 62 insertions(+), 43 deletions(-) diff --git a/charts/oai-hss/Chart.yaml b/charts/oai-hss/Chart.yaml index 10d610b..b32a281 100644 --- a/charts/oai-hss/Chart.yaml +++ b/charts/oai-hss/Chart.yaml @@ -16,12 +16,17 @@ icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_fin # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. appVersion: onap-test +dependencies: +- name: cassandra + version: "0.1.0" + repository: "https://github.com/OPENAIRINTERFACE/openair-k8s/tree/helm3.1-onap-sync-with-cn-split-repos/charts" + keywords: - Core Network - EPC diff --git a/charts/oai-hss/templates/deployment.yaml b/charts/oai-hss/templates/deployment.yaml index 2bab01f..4a156b0 100644 --- a/charts/oai-hss/templates/deployment.yaml +++ b/charts/oai-hss/templates/deployment.yaml @@ -16,7 +16,7 @@ spec: labels: {{- include "oai-hss.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: hss-net1 + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} diff --git a/charts/oai-hss/templates/multus.yaml b/charts/oai-hss/templates/multus.yaml index 284f9a1..d99b83c 100644 --- a/charts/oai-hss/templates/multus.yaml +++ b/charts/oai-hss/templates/multus.yaml @@ -2,7 +2,7 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: hss-net1 + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 spec: config: '{ "cniVersion": "0.3.0", @@ -13,8 +13,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.1.102/24", - "gateway": "192.168.1.1" + "address": "192.168.211.102/24", + "gateway": "192.168.211.1" } ] } diff --git a/charts/oai-mme/Chart.yaml b/charts/oai-mme/Chart.yaml index 950175e..987e7a6 100644 --- a/charts/oai-mme/Chart.yaml +++ b/charts/oai-mme/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: onap-oai-mme +name: oai-mme description: A Helm chart for MME network function # A chart can be either an 'application' or a 'library' chart. @@ -16,12 +16,21 @@ icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_fin # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. appVersion: onap-test +# TODO +#dependencies: +#- name: oai-spgwc +# version: "0.1.0" +# repository: "https://..." +#- name: oai-hss +# version: "0.1.0" +# repository: "https://..." + keywords: - Core Network - EPC diff --git a/charts/oai-mme/templates/deployment.yaml b/charts/oai-mme/templates/deployment.yaml index 54cfde0..f2aaa0b 100644 --- a/charts/oai-mme/templates/deployment.yaml +++ b/charts/oai-mme/templates/deployment.yaml @@ -16,7 +16,7 @@ spec: labels: {{- include "oai-mme.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: mme-net1, mme-net2 + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1, {{ .Chart.Name }}-{{ .Values.namespace }}-net2 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} diff --git a/charts/oai-mme/templates/multus.yaml b/charts/oai-mme/templates/multus.yaml index 222700c..206eac0 100644 --- a/charts/oai-mme/templates/multus.yaml +++ b/charts/oai-mme/templates/multus.yaml @@ -2,7 +2,7 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: mme-net1 + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 spec: config: '{ "cniVersion": "0.3.0", @@ -13,8 +13,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.1.100/24", - "gateway": "192.168.1.1" + "address": "192.168.211.100/24", + "gateway": "192.168.211.1" } ] } @@ -23,7 +23,7 @@ spec: apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: mme-net2 + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net2 spec: config: '{ "cniVersion": "0.3.0", @@ -34,8 +34,8 @@ spec: "type": "static", "addresses": [ { - "address": "172.16.1.100/24", - "gateway": "172.16.1.1" + "address": "172.16.211.100/24", + "gateway": "172.16.211.1" } ] } diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index ed4d15b..8fbc2cb 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -54,8 +54,8 @@ lte: output: "CONSOLE" prefix: "/openair-mme/etc" pidDirectory: "/var/run" - mmeService: "oai-mme.oai-cn.svc.cluster.local" - mmeRealm: "oai-cn.svc.cluster.local" + mmeRealm: "${namespace}.svc.cluster.local" + mmeService: "oai-mme.${lte.mmeRealm}" mmeGid: "4" mmeCode: "1" nwIfS1c: "net1" @@ -77,10 +77,10 @@ lte: mmeIpS11: "172.16.1.100" mmeIpS10: "127.0.0.1" sgwIpS11: "172.16.1.101" - hssService: "oai-hss.oai-cn.svc.cluster.local" - hssRealm: "oai-cn.svc.cluster.local" + hssRealm: "${lte.mmeRealm}" + hssService: "oai-hss.${lte.hssRealm}" hssHostname: "oai-hss" - hssIp: "oai-hss.oai-cn.svc.cluster.local" + hssIp: "${lte.hssService}" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/charts/oai-spgwc/Chart.yaml b/charts/oai-spgwc/Chart.yaml index 387be18..2985bdf 100644 --- a/charts/oai-spgwc/Chart.yaml +++ b/charts/oai-spgwc/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: onap-oai-spgwc +name: oai-spgwc description: A Helm chart for SPGWC network function # A chart can be either an 'application' or a 'library' chart. @@ -16,11 +16,10 @@ icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_fin # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -#appVersion: develop-vco3 appVersion: onap-test keywords: diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index 6629f92..21647a6 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -16,7 +16,7 @@ spec: labels: {{- include "oai-spgwc.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: spgwc-net1, spgwc-net2 + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1, {{ .Chart.Name }}-{{ .Values.namespace }}-net2 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} diff --git a/charts/oai-spgwc/templates/multus.yaml b/charts/oai-spgwc/templates/multus.yaml index 38e6c48..7365545 100644 --- a/charts/oai-spgwc/templates/multus.yaml +++ b/charts/oai-spgwc/templates/multus.yaml @@ -2,7 +2,7 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: spgwc-net1 + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 spec: config: '{ "cniVersion": "0.3.0", @@ -13,8 +13,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.2.100/24", - "gateway": "192.168.2.1" + "address": "192.168.212.100/24", + "gateway": "192.168.212.1" } ] } @@ -23,7 +23,7 @@ spec: apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: spgwc-net2 + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net2 spec: config: '{ "cniVersion": "0.3.0", @@ -34,8 +34,8 @@ spec: "type": "static", "addresses": [ { - "address": "172.16.1.101/24", - "gateway": "172.16.1.1" + "address": "172.16.211.101/24", + "gateway": "172.16.211.1" } ] } diff --git a/charts/oai-spgwc/templates/rbac.yaml b/charts/oai-spgwc/templates/rbac.yaml index 00aa3ca..4c7d8d7 100644 --- a/charts/oai-spgwc/templates/rbac.yaml +++ b/charts/oai-spgwc/templates/rbac.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: {{ .Chart.Name }}-rbac + name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/oai-spgwu-tiny/Chart.yaml b/charts/oai-spgwu-tiny/Chart.yaml index 61ab65a..1c7a2b1 100644 --- a/charts/oai-spgwu-tiny/Chart.yaml +++ b/charts/oai-spgwu-tiny/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: onap-oai-spgwu-tiny +name: oai-spgwu-tiny description: A Helm chart for SPGWU-TINY network function # A chart can be either an 'application' or a 'library' chart. @@ -16,12 +16,18 @@ icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_fin # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. appVersion: onap-test +# TODO +#dependencies: +#- name: oai-spgwc +# version: "0.1.0" +# repository: "file://..." + keywords: - Core Network - EPC diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index c14f168..ed20f2a 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -16,7 +16,7 @@ spec: labels: {{- include "oai-spgwu-tiny.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-net1, {{ .Chart.Name }}-net2, {{ .Chart.Name }}-net3 + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1, {{ .Chart.Name }}-{{ .Values.namespace }}-net2, {{ .Chart.Name }}-{{ .Values.namespace }}-net3 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index 301cfd1..e686149 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -2,7 +2,7 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-net1 + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 spec: config: '{ "cniVersion": "0.3.0", @@ -13,8 +13,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.2.101/24", - "gateway": "192.168.2.1" + "address": "192.168.212.101/24", + "gateway": "192.168.212.1" } ] } @@ -23,7 +23,7 @@ spec: apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-net2 + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net2 spec: config: '{ "cniVersion": "0.3.0", @@ -34,8 +34,8 @@ spec: "type": "static", "addresses": [ { - "address": "172.16.2.100/24", - "gateway": "172.16.2.1" + "address": "172.16.212.100/24", + "gateway": "172.16.212.1" } ] } @@ -44,7 +44,7 @@ spec: apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-net3 + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net3 spec: config: '{ "cniVersion": "0.3.0", @@ -55,8 +55,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.3.100/24", - "gateway": "192.168.3.1" + "address": "192.168.213.100/24", + "gateway": "192.168.213.1" } ] } diff --git a/charts/oai-spgwu-tiny/templates/rbac.yaml b/charts/oai-spgwu-tiny/templates/rbac.yaml index 00aa3ca..4c7d8d7 100644 --- a/charts/oai-spgwu-tiny/templates/rbac.yaml +++ b/charts/oai-spgwu-tiny/templates/rbac.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: {{ .Chart.Name }}-rbac + name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole From 3034f75f6606327d7f5c6a9d9c38ad9f92530327 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 2 Sep 2020 09:53:18 +0200 Subject: [PATCH 16/82] Helm renamed SPGWU container --- charts/oai-spgwu-tiny/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index ed20f2a..144defa 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -25,7 +25,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} containers: - - name: spgwu-tiny + - name: spgwu image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: From 8e3e66c7046b2e3e33071861d211942226f9db1b Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 2 Sep 2020 22:52:04 +0200 Subject: [PATCH 17/82] Helm spgw c/u use port values --- charts/oai-spgwc/templates/deployment.yaml | 4 ++-- charts/oai-spgwu-tiny/templates/deployment.yaml | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index 21647a6..815d365 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -31,9 +31,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} ports: - - containerPort: 8805 + - containerPort: {{ .Values.service.pfcpPort }} name: oai-spgwc - - containerPort: 2123 + - containerPort: {{ .Values.service.gtpcPort }} name: s11 env: - name: PID_DIRECTORY diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index 144defa..f475eaa 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -30,6 +30,11 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + ports: + - containerPort: {{ .Values.service.pfcpPort }} + name: oai-spgwu + - containerPort: {{ .Values.service.gtpuPort }} + name: s1u env: - name: PID_DIRECTORY valueFrom: From 714c2570b493f89b99a3d06f49db761730e32eb0 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 2 Sep 2020 22:53:07 +0200 Subject: [PATCH 18/82] Helm spgwu right spgwc address (SX association is fine) --- charts/oai-spgwu-tiny/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index f72dc05..38ddd3e 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -52,7 +52,7 @@ lte: pgwSgiIf: "net3" pgwuSgiGw: "192.168.3.101" netUeIp: "192.168.20.0/24" - pgwcSxIp: "192.168.2.100" + pgwcSxIp: "192.168.212.100" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious From aabd54816cf0641a66fb1f29249a8b88f64ff1ab Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 2 Sep 2020 22:57:57 +0200 Subject: [PATCH 19/82] Helm mme right s1c S11 ip addresses --- charts/oai-mme/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index 8fbc2cb..b95b2fb 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -73,10 +73,10 @@ lte: tac_2: "3" tac_2_lb: "03" tac_2_hb: "00" - mmeIpS1c: "192.168.1.100" - mmeIpS11: "172.16.1.100" + mmeIpS1c: "192.168.211.100" + mmeIpS11: "172.16.211.100" mmeIpS10: "127.0.0.1" - sgwIpS11: "172.16.1.101" + sgwIpS11: "172.16.211.101" hssRealm: "${lte.mmeRealm}" hssService: "oai-hss.${lte.hssRealm}" hssHostname: "oai-hss" From abfc3dbe480a641d9f52148d71a72ec497844aac Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 8 Sep 2020 23:44:15 +0200 Subject: [PATCH 20/82] WIP Helm HSS: populate cassandra DB is fine, but may be to be moved elswhere --- charts/oai-hss/Chart.yaml | 5 ----- charts/oai-hss/templates/configmap.yaml | 8 ++++---- charts/oai-hss/values.yaml | 6 ++---- 3 files changed, 6 insertions(+), 13 deletions(-) diff --git a/charts/oai-hss/Chart.yaml b/charts/oai-hss/Chart.yaml index b32a281..d21ae13 100644 --- a/charts/oai-hss/Chart.yaml +++ b/charts/oai-hss/Chart.yaml @@ -22,11 +22,6 @@ version: 0.1.1 # incremented each time you make changes to the application. appVersion: onap-test -dependencies: -- name: cassandra - version: "0.1.0" - repository: "https://github.com/OPENAIRINTERFACE/openair-k8s/tree/helm3.1-onap-sync-with-cn-split-repos/charts" - keywords: - Core Network - EPC diff --git a/charts/oai-hss/templates/configmap.yaml b/charts/oai-hss/templates/configmap.yaml index 426d2d0..3aedaf6 100644 --- a/charts/oai-hss/templates/configmap.yaml +++ b/charts/oai-hss/templates/configmap.yaml @@ -4,12 +4,12 @@ metadata: name: {{ .Chart.Name }}-configmap data: prefix: {{ .Values.lte.prefix }} - dbFqdn: {{ .Values.lte.dbFqdn }} - realm: {{ .Values.lte.realm }} - identity: {{ .Values.lte.identity }} + dbFqdn: {{ .Values.lte.dbFqdn }}.{{ .Values.namespace }}.svc.cluster.local + realm: {{ .Values.namespace }}.svc.cluster.local + identity: oai-hss.{{ .Values.namespace }}.svc.cluster.local opKey: {{ .Values.lte.opKey | quote }} roaming: {{ .Values.lte.roaming | quote }} - apn1: {{ .Values.lte.apn1 }} + apn1: apn.{{ .Values.namespace }}.svc.cluster.local apn2: {{ .Values.lte.apn2 }} lteK: {{ .Values.lte.lteK | quote }} imsi: {{ .Values.lte.imsi | quote }} diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index 5ad1d2c..dde2670 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -45,14 +45,12 @@ service: diameterPort: 3868 diameterSecPort: 5868 + # Assume cassandra pod name is cassandra lte: prefix: "/openair-hss/etc" - realm: "${namespace}.svc.cluster.local" - identity: "oai-hss.${lte.realm}" - dbFqdn: "cassandra-0.cassandra.${lte.realm}" + dbFqdn: "cassandra-0.cassandra" opKey: "11111111111111111111111111111111" roaming: "true" - apn1: "apn.${lte.realm}" apn2: "internet" lteK: "8baf473f2f8fd09487cccbd7097c6862" imsi: "311480100001101" From a8abd0edb41fa28f2399e88dc3d1fb98473476dc Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 9 Sep 2020 23:21:20 +0200 Subject: [PATCH 21/82] Helm HSS --- charts/oai-hss/templates/configmap.yaml | 8 ++++---- charts/oai-hss/values.yaml | 5 ++++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/charts/oai-hss/templates/configmap.yaml b/charts/oai-hss/templates/configmap.yaml index 3aedaf6..426d2d0 100644 --- a/charts/oai-hss/templates/configmap.yaml +++ b/charts/oai-hss/templates/configmap.yaml @@ -4,12 +4,12 @@ metadata: name: {{ .Chart.Name }}-configmap data: prefix: {{ .Values.lte.prefix }} - dbFqdn: {{ .Values.lte.dbFqdn }}.{{ .Values.namespace }}.svc.cluster.local - realm: {{ .Values.namespace }}.svc.cluster.local - identity: oai-hss.{{ .Values.namespace }}.svc.cluster.local + dbFqdn: {{ .Values.lte.dbFqdn }} + realm: {{ .Values.lte.realm }} + identity: {{ .Values.lte.identity }} opKey: {{ .Values.lte.opKey | quote }} roaming: {{ .Values.lte.roaming | quote }} - apn1: apn.{{ .Values.namespace }}.svc.cluster.local + apn1: {{ .Values.lte.apn1 }} apn2: {{ .Values.lte.apn2 }} lteK: {{ .Values.lte.lteK | quote }} imsi: {{ .Values.lte.imsi | quote }} diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index dde2670..266d935 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -48,9 +48,12 @@ service: # Assume cassandra pod name is cassandra lte: prefix: "/openair-hss/etc" - dbFqdn: "cassandra-0.cassandra" + realm: "oai-cn.svc.cluster.local" + dbFqdn: "cassandra-0.cassandra.oai-cn.svc.cluster.local" + identity: "oai-hss.oai-cn.svc.cluster.local" opKey: "11111111111111111111111111111111" roaming: "true" + apn1: "apn.oai-cn.svc.cluster.local" apn2: "internet" lteK: "8baf473f2f8fd09487cccbd7097c6862" imsi: "311480100001101" From a6bb2127b715f582544b995dc85c297967db142b Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 10 Sep 2020 11:43:56 +0200 Subject: [PATCH 22/82] Helm WIP mme --- charts/oai-mme/templates/configmap.yaml | 12 ++++++------ charts/oai-mme/values.yaml | 9 +++------ 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/charts/oai-mme/templates/configmap.yaml b/charts/oai-mme/templates/configmap.yaml index 7e8cac6..f750348 100644 --- a/charts/oai-mme/templates/configmap.yaml +++ b/charts/oai-mme/templates/configmap.yaml @@ -7,8 +7,8 @@ data: output: {{ .Values.lte.output }} prefix: {{ .Values.lte.prefix }} pidDirectory: {{ .Values.lte.pidDirectory }} - mmeService: {{ .Values.lte.mmeService }} - mmeRealm: {{ .Values.lte.mmeRealm }} + mmeService: {{ .Values.lte.fdMmeHostname }}.{{ .Values.lte.domainName }} + mmeRealm: {{ .Values.lte.domainName }} mmeGid: {{ .Values.lte.mmeGid | quote }} mmeCode: {{ .Values.lte.mmeCode | quote }} mcc: {{ .Values.lte.mcc | quote }} @@ -26,10 +26,10 @@ data: mmeIpS11: {{ .Values.lte.mmeIpS11 }} mmeIpS10: {{ .Values.lte.mmeIpS10 }} sgwIpS11: {{ .Values.lte.sgwIpS11 }} - hssService: {{ .Values.lte.hssService }} - hssRealm: {{ .Values.lte.hssRealm }} - hssHostname: {{ .Values.lte.hssHostname }} - hssIp: {{ .Values.lte.hssIp }} + hssService: {{ .Values.lte.fdHssHostname }}.{{ .Values.lte.domainName }} + hssRealm: {{ .Values.lte.domainName }} + hssHostname: {{ .Values.lte.fdHssHostname }} + hssIp: {{ .Values.lte.fdHssHostname }}.{{ .Values.lte.domainName }} peerMme0Ipv4Address: "0.0.0.0" peerMme1Ipv4Address: "0.0.0.0" mcc_mme0: "000" diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index b95b2fb..bf04fe3 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -54,8 +54,8 @@ lte: output: "CONSOLE" prefix: "/openair-mme/etc" pidDirectory: "/var/run" - mmeRealm: "${namespace}.svc.cluster.local" - mmeService: "oai-mme.${lte.mmeRealm}" + domainName: "oai-cn.svc.cluster.local" + fdMmeHostname: "oai-mme" mmeGid: "4" mmeCode: "1" nwIfS1c: "net1" @@ -77,10 +77,7 @@ lte: mmeIpS11: "172.16.211.100" mmeIpS10: "127.0.0.1" sgwIpS11: "172.16.211.101" - hssRealm: "${lte.mmeRealm}" - hssService: "oai-hss.${lte.hssRealm}" - hssHostname: "oai-hss" - hssIp: "${lte.hssService}" + fdHssHostname: "oai-hss" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious From d9ab9c594a19a531249797c3ffd27dad9fdad878 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Fri, 11 Sep 2020 10:43:17 +0200 Subject: [PATCH 23/82] Create README.md --- charts/README.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 charts/README.md diff --git a/charts/README.md b/charts/README.md new file mode 100644 index 0000000..8395aa8 --- /dev/null +++ b/charts/README.md @@ -0,0 +1,2 @@ +# Deploy OAI CN with helm charts on Open Shift + From f0f5d226b4cf22ac97f71121df0314eab8488035 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Fri, 11 Sep 2020 12:43:57 +0200 Subject: [PATCH 24/82] Update README.md --- charts/README.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/charts/README.md b/charts/README.md index 8395aa8..f59c1c6 100644 --- a/charts/README.md +++ b/charts/README.md @@ -1,2 +1,40 @@ # Deploy OAI CN with helm charts on Open Shift +## Prerequisites +- Assuming you are using Open Shift Server Version: 4.4.10, Kubernetes Version: v1.17.1+9d33dd3 +- Assuming you have installed helm v3.1.0", GitCommit:"b29d20baf09943e134c2fa5e1e1cab3bf93315fa + +### Use official cassandra image +Add cassandra helm chart to helm repo: +```bash +helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com +helm repo update +``` + +# Build Network functions images +For all network functions (HSS, MME, SPGW-C, SPGW-U) you have to build an image: +Please refer to: +1. MME: https://github.com/OPENAIRINTERFACE/openair-mme/blob/helm3.1-onap-sync-with-cn-split-repos/openshift +1. HSS: https://github.com/OPENAIRINTERFACE/openair-hss/blob/helm3.1-onap-sync-with-cn-split-repos/openshift +1. SPGW-C: https://github.com/OPENAIRINTERFACE/openair-spgwc/tree/helm3.1-onap-sync-with-cn-split-repos/openshift +1. SPGW-U: https://github.com/OPENAIRINTERFACE/openair-spgwu-tiny/tree/helm3.1-onap-sync-with-cn-split-repos/openshift + +# Deploy Cassandra +## Storage class +To be able to deploy cassandra on oc (step not required on k8s), logged as kubeadmin on oc: +```bash +oc adm policy add-scc-to-user anyuid -z default +``` +Logged as administrator of your namespace on oc (not kubeadmin): +```bash +helm install --set config.endpoint_snitch=GossipingPropertyFileSnitch,persistence.storageClass=managed-nfs-storage cassandra incubator/cassandra +``` +This will create 3 pods (namespace is 'oai-cn' here) + +```bash +oai-cn cassandra-0 1/1 Running 0 8m39s +oai-cn cassandra-1 1/1 Running 0 7m +oai-cn cassandra-2 1/1 Running 0 5m13s +``` + + From a289117dc07a93910dbfe87b798acbe27a28a8c3 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Fri, 11 Sep 2020 14:08:00 +0200 Subject: [PATCH 25/82] Update README.md --- charts/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/README.md b/charts/README.md index f59c1c6..e25ae2f 100644 --- a/charts/README.md +++ b/charts/README.md @@ -21,9 +21,13 @@ Please refer to: # Deploy Cassandra ## Storage class +The envisionned storage for cassandra is nfs (provisioner example.com/nfs), storage class name is "managed-nfs-storage". + +## Security context permissions To be able to deploy cassandra on oc (step not required on k8s), logged as kubeadmin on oc: ```bash oc adm policy add-scc-to-user anyuid -z default +# THIS IS THE COMMAND OF THE MONTH! ``` Logged as administrator of your namespace on oc (not kubeadmin): ```bash From 5bbd73c9c7c9eb83a67519f606a998e721b363e8 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Fri, 11 Sep 2020 14:29:05 +0200 Subject: [PATCH 26/82] Update README.md --- charts/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/charts/README.md b/charts/README.md index e25ae2f..2fc302a 100644 --- a/charts/README.md +++ b/charts/README.md @@ -29,6 +29,7 @@ To be able to deploy cassandra on oc (step not required on k8s), logged as kubea oc adm policy add-scc-to-user anyuid -z default # THIS IS THE COMMAND OF THE MONTH! ``` +## Deployment Logged as administrator of your namespace on oc (not kubeadmin): ```bash helm install --set config.endpoint_snitch=GossipingPropertyFileSnitch,persistence.storageClass=managed-nfs-storage cassandra incubator/cassandra @@ -41,4 +42,12 @@ oai-cn cassandra-1 1/1 Running 0 7m oai-cn cassandra-2 1/1 Running 0 5m13s ``` +# Deploy HSS +Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. + +```bash +helm install hss /path-to-your-openait-k8s-cloned-dir/charts/oai-hss +``` + + From bbd5e0d9d85a98bef9b05d3871923012ae648299 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Fri, 11 Sep 2020 14:36:42 +0200 Subject: [PATCH 27/82] Update README.md --- charts/README.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/charts/README.md b/charts/README.md index 2fc302a..367eab3 100644 --- a/charts/README.md +++ b/charts/README.md @@ -1,4 +1,4 @@ -# Deploy OAI CN with helm charts on Open Shift +# Deploy OAI CN with helm charts on Open Shift (Work In Progress) ## Prerequisites - Assuming you are using Open Shift Server Version: 4.4.10, Kubernetes Version: v1.17.1+9d33dd3 @@ -49,5 +49,24 @@ Since the deployment uses multus for creating networks, the cluster role 'cluste helm install hss /path-to-your-openait-k8s-cloned-dir/charts/oai-hss ``` +# Deploy SPGW-C +Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. + +```bash +helm install spgwc /path-to-your-openait-k8s-cloned-dir/charts/oai-spgwc +``` +# Deploy SPGW-U +Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. + +```bash +helm install spgwu /path-to-your-openait-k8s-cloned-dir/charts/oai-spgwu-tiny +``` + +# Deploy MME +Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. + +```bash +helm install mme /path-to-your-openait-k8s-cloned-dir/charts/oai-mme + From 54d0934efea1b2554a925d06b1204100d91e7b35 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Fri, 11 Sep 2020 14:39:30 +0200 Subject: [PATCH 28/82] Update README.md --- charts/README.md | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/charts/README.md b/charts/README.md index 367eab3..103cebb 100644 --- a/charts/README.md +++ b/charts/README.md @@ -11,7 +11,7 @@ helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.c helm repo update ``` -# Build Network functions images +## Build Network functions images For all network functions (HSS, MME, SPGW-C, SPGW-U) you have to build an image: Please refer to: 1. MME: https://github.com/OPENAIRINTERFACE/openair-mme/blob/helm3.1-onap-sync-with-cn-split-repos/openshift @@ -19,17 +19,17 @@ Please refer to: 1. SPGW-C: https://github.com/OPENAIRINTERFACE/openair-spgwc/tree/helm3.1-onap-sync-with-cn-split-repos/openshift 1. SPGW-U: https://github.com/OPENAIRINTERFACE/openair-spgwu-tiny/tree/helm3.1-onap-sync-with-cn-split-repos/openshift -# Deploy Cassandra -## Storage class +## Deploy Cassandra +### Storage class The envisionned storage for cassandra is nfs (provisioner example.com/nfs), storage class name is "managed-nfs-storage". -## Security context permissions +### Security context permissions To be able to deploy cassandra on oc (step not required on k8s), logged as kubeadmin on oc: ```bash oc adm policy add-scc-to-user anyuid -z default # THIS IS THE COMMAND OF THE MONTH! ``` -## Deployment +### Deployment Logged as administrator of your namespace on oc (not kubeadmin): ```bash helm install --set config.endpoint_snitch=GossipingPropertyFileSnitch,persistence.storageClass=managed-nfs-storage cassandra incubator/cassandra @@ -42,31 +42,29 @@ oai-cn cassandra-1 1/1 Running 0 7m oai-cn cassandra-2 1/1 Running 0 5m13s ``` -# Deploy HSS +## Deploy HSS Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash helm install hss /path-to-your-openait-k8s-cloned-dir/charts/oai-hss ``` -# Deploy SPGW-C +## Deploy SPGW-C Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash helm install spgwc /path-to-your-openait-k8s-cloned-dir/charts/oai-spgwc ``` -# Deploy SPGW-U +## Deploy SPGW-U Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash helm install spgwu /path-to-your-openait-k8s-cloned-dir/charts/oai-spgwu-tiny ``` -# Deploy MME +## Deploy MME Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash helm install mme /path-to-your-openait-k8s-cloned-dir/charts/oai-mme - - From 1eea3079d2cc4c4696e16867af9738bf6b827824 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Mon, 14 Sep 2020 15:28:52 +0200 Subject: [PATCH 29/82] helm: service sctp port 36413 for S1AP --- charts/oai-mme/templates/service.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/oai-mme/templates/service.yaml b/charts/oai-mme/templates/service.yaml index 5bcdaaa..2cde071 100644 --- a/charts/oai-mme/templates/service.yaml +++ b/charts/oai-mme/templates/service.yaml @@ -22,6 +22,10 @@ spec: # Port to forward to inside the pod targetPort: {{ .Values.service.peerDiameterPortSecPort }} protocol: TCP + - name: sctpservers1ap + protocol: SCTP + port: 36413 + targetPort: 36413 - name: s11 # Port accessible outside cluster port: {{ .Values.service.gtpcPort }} From f15d4279998e42ab403a45da64cd48f11c03c6ae Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Mon, 14 Sep 2020 15:31:51 +0200 Subject: [PATCH 30/82] helm: create db schema before hss starts --- .../oai-hss/templates/cassandra-oai-db.yaml | 105 ++++++++++++++++++ charts/oai-hss/templates/deployment.yaml | 14 +++ 2 files changed, 119 insertions(+) create mode 100644 charts/oai-hss/templates/cassandra-oai-db.yaml diff --git a/charts/oai-hss/templates/cassandra-oai-db.yaml b/charts/oai-hss/templates/cassandra-oai-db.yaml new file mode 100644 index 0000000..bd0ce5f --- /dev/null +++ b/charts/oai-hss/templates/cassandra-oai-db.yaml @@ -0,0 +1,105 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: oai-db +data: + oai_db.cql: | + CREATE KEYSPACE IF NOT EXISTS vhss WITH replication = {'class': 'NetworkTopologyStrategy', 'DC1': '1'}; + CREATE TABLE IF NOT EXISTS vhss.users_imsi ( + imsi text PRIMARY KEY, + access_restriction int, + idmmeidentity int, + imei text, + imei_sv text, + key text, + lipa_permissions text, + mme_cap int, + mmehost text, + mmeidentity_idmmeidentity int, + mmerealm text, + ms_ps_status text, + msisdn bigint, + niddvalidity text, + nir_dest_host text, + nir_dest_realm text, + opc text, + pgw_id int, + rand text, + rfsp_index varint, + sqn bigint, + subscription_data text, + ue_reachability varint, + urrp_mme varint, + user_identifier text, + visited_plmnid text); + CREATE TABLE IF NOT EXISTS vhss.msisdn_imsi ( + msisdn bigint PRIMARY KEY, + imsi text + ); + CREATE TABLE IF NOT EXISTS vhss.global_ids ( + table_name text PRIMARY KEY, + id counter); + CREATE TABLE IF NOT EXISTS vhss.mmeidentity_host ( + mmehost text PRIMARY KEY, + idmmeidentity int, + mmerealm text, + ue_reachability varint, + mmeisdn text); + CREATE TABLE IF NOT EXISTS vhss.mmeidentity ( + idmmeidentity int PRIMARY KEY, + mmehost text, + mmerealm text, + ue_reachability varint, + mmeisdn text); + CREATE TABLE IF NOT EXISTS vhss.events ( + scef_id text, + scef_ref_id bigint, + extid text, + monitoring_event_configuration text, + monitoring_type int, + msisdn bigint, + user_identifier text, + primary key (scef_id, scef_ref_id) + ); + CREATE TABLE IF NOT EXISTS vhss.events_msisdn ( + msisdn bigint, + scef_id text, + scef_ref_id bigint, + primary key (msisdn, scef_id, scef_ref_id) + ); + CREATE TABLE IF NOT EXISTS vhss.events_extid ( + extid text, + scef_id text, + scef_ref_id bigint, + primary key (extid, scef_id, scef_ref_id) + ); + CREATE TABLE IF NOT EXISTS vhss.extid ( + extid text primary key + ); + CREATE TABLE IF NOT EXISTS vhss.extid_imsi ( + extid text, + imsi text, + primary key (extid, imsi) + ); + CREATE TABLE IF NOT EXISTS vhss.extid_imsi_xref ( + imsi text, + extid text, + primary key (imsi, extid) + ); + INSERT into vhss.mmeidentity JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}'; + INSERT into vhss.mmeidentity_host JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}'; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001110', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001111', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001112', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001113', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001114', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001115', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001116', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001117', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001118', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001119', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001120', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000001', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000101', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000102', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208950000000002', 001011234561000, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); diff --git a/charts/oai-hss/templates/deployment.yaml b/charts/oai-hss/templates/deployment.yaml index 4a156b0..bcd5419 100644 --- a/charts/oai-hss/templates/deployment.yaml +++ b/charts/oai-hss/templates/deployment.yaml @@ -24,6 +24,16 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + - name: init-db + image: cassandra:3.11 + command: + - sh + - -c + - cqlsh cassandra-0.cassandra.{{ .Values.namespace }}.svc.cluster.local --file /root/oai_db.cql + volumeMounts: + - mountPath: /root + name: db-schema containers: - name: hss image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" @@ -103,6 +113,10 @@ spec: command: - /bin/sleep - infinity + volumes: + - configMap: + name: oai-db + name: db-schema dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler From 844de4c0ccfaa92fc3062c76911d2a93b1973d67 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Tue, 15 Sep 2020 10:11:55 +0200 Subject: [PATCH 31/82] SCTP enabled --- charts/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/README.md b/charts/README.md index 103cebb..44ca815 100644 --- a/charts/README.md +++ b/charts/README.md @@ -3,6 +3,7 @@ ## Prerequisites - Assuming you are using Open Shift Server Version: 4.4.10, Kubernetes Version: v1.17.1+9d33dd3 - Assuming you have installed helm v3.1.0", GitCommit:"b29d20baf09943e134c2fa5e1e1cab3bf93315fa +- Assuming SCTP protocol is [enabled on the cluster](https://docs.openshift.com/container-platform/4.4/networking/using-sctp.html#nw-sctp-enabling_using-sctp) ### Use official cassandra image Add cassandra helm chart to helm repo: From a6a810325f7b72365526f67207774dbec7098318 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Tue, 15 Sep 2020 10:29:05 +0200 Subject: [PATCH 32/82] helm 3.1 link --- charts/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/README.md b/charts/README.md index 44ca815..0429bbd 100644 --- a/charts/README.md +++ b/charts/README.md @@ -2,7 +2,7 @@ ## Prerequisites - Assuming you are using Open Shift Server Version: 4.4.10, Kubernetes Version: v1.17.1+9d33dd3 -- Assuming you have installed helm v3.1.0", GitCommit:"b29d20baf09943e134c2fa5e1e1cab3bf93315fa +- Assuming you have installed [helm v3.1.0](https://github.com/helm/helm/releases/tag/v3.1.0) - Assuming SCTP protocol is [enabled on the cluster](https://docs.openshift.com/container-platform/4.4/networking/using-sctp.html#nw-sctp-enabling_using-sctp) ### Use official cassandra image From 1f7d71a67fe02adcbc1cdf5c7c37dead15804fb9 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Tue, 15 Sep 2020 10:31:56 +0200 Subject: [PATCH 33/82] check SCTP --- charts/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/README.md b/charts/README.md index 0429bbd..78ee8ff 100644 --- a/charts/README.md +++ b/charts/README.md @@ -4,6 +4,8 @@ - Assuming you are using Open Shift Server Version: 4.4.10, Kubernetes Version: v1.17.1+9d33dd3 - Assuming you have installed [helm v3.1.0](https://github.com/helm/helm/releases/tag/v3.1.0) - Assuming SCTP protocol is [enabled on the cluster](https://docs.openshift.com/container-platform/4.4/networking/using-sctp.html#nw-sctp-enabling_using-sctp) + + You can check if SCTP is enabled by running a client/server [basic app](https://docs.openshift.com/container-platform/4.4/networking/using-sctp.html#nw-sctp-verifying_using-sctp) ### Use official cassandra image Add cassandra helm chart to helm repo: From 4526f1eb1ff3cf045c8d9c6fa110cc0d2945e0f9 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Tue, 15 Sep 2020 10:43:46 +0200 Subject: [PATCH 34/82] Update README.md --- charts/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/README.md b/charts/README.md index 78ee8ff..34b99ab 100644 --- a/charts/README.md +++ b/charts/README.md @@ -2,7 +2,7 @@ ## Prerequisites - Assuming you are using Open Shift Server Version: 4.4.10, Kubernetes Version: v1.17.1+9d33dd3 -- Assuming you have installed [helm v3.1.0](https://github.com/helm/helm/releases/tag/v3.1.0) +- Assuming you have installed [helm v3.1.0](https://github.com/helm/helm/releases/tag/v3.1.0) on the cluster node from which you type helm commands. - Assuming SCTP protocol is [enabled on the cluster](https://docs.openshift.com/container-platform/4.4/networking/using-sctp.html#nw-sctp-enabling_using-sctp) You can check if SCTP is enabled by running a client/server [basic app](https://docs.openshift.com/container-platform/4.4/networking/using-sctp.html#nw-sctp-verifying_using-sctp) From f3fbb98b0e937392fab354bd53469ebb0920c682 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Tue, 15 Sep 2020 10:46:21 +0200 Subject: [PATCH 35/82] helm readme: k8s repo --- charts/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/README.md b/charts/README.md index 34b99ab..0b1c428 100644 --- a/charts/README.md +++ b/charts/README.md @@ -3,6 +3,7 @@ ## Prerequisites - Assuming you are using Open Shift Server Version: 4.4.10, Kubernetes Version: v1.17.1+9d33dd3 - Assuming you have installed [helm v3.1.0](https://github.com/helm/helm/releases/tag/v3.1.0) on the cluster node from which you type helm commands. +- Assuming you have cloned the [openair-k8s](https://github.com/OPENAIRINTERFACE/openair-k8s) repo on the cluster node from which you type helm commands. - Assuming SCTP protocol is [enabled on the cluster](https://docs.openshift.com/container-platform/4.4/networking/using-sctp.html#nw-sctp-enabling_using-sctp) You can check if SCTP is enabled by running a client/server [basic app](https://docs.openshift.com/container-platform/4.4/networking/using-sctp.html#nw-sctp-verifying_using-sctp) From ba17e678d629275a3ecc546ae29fd8e56b28794d Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Tue, 15 Sep 2020 11:01:53 +0200 Subject: [PATCH 36/82] Update README.md --- charts/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/README.md b/charts/README.md index 0b1c428..331b474 100644 --- a/charts/README.md +++ b/charts/README.md @@ -23,6 +23,8 @@ Please refer to: 1. SPGW-C: https://github.com/OPENAIRINTERFACE/openair-spgwc/tree/helm3.1-onap-sync-with-cn-split-repos/openshift 1. SPGW-U: https://github.com/OPENAIRINTERFACE/openair-spgwu-tiny/tree/helm3.1-onap-sync-with-cn-split-repos/openshift +On francelab cluster be aware that certificates (/etc/rhsm/ca/redhat-uep.pem) are renewed every month, so you may have to redo the "pki-entitlement" phase every month. + ## Deploy Cassandra ### Storage class The envisionned storage for cassandra is nfs (provisioner example.com/nfs), storage class name is "managed-nfs-storage". From e41d1cd529850d278ca70138a415f939c01d34bd Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Tue, 15 Sep 2020 14:00:09 +0200 Subject: [PATCH 37/82] helm readme typo --- charts/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/README.md b/charts/README.md index 331b474..51873c8 100644 --- a/charts/README.md +++ b/charts/README.md @@ -52,25 +52,25 @@ oai-cn cassandra-2 1/1 Running 0 5m13s Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash -helm install hss /path-to-your-openait-k8s-cloned-dir/charts/oai-hss +helm install hss /path-to-your-openair-k8s-cloned-dir/charts/oai-hss ``` ## Deploy SPGW-C Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash -helm install spgwc /path-to-your-openait-k8s-cloned-dir/charts/oai-spgwc +helm install spgwc /path-to-your-openair-k8s-cloned-dir/charts/oai-spgwc ``` ## Deploy SPGW-U Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash -helm install spgwu /path-to-your-openait-k8s-cloned-dir/charts/oai-spgwu-tiny +helm install spgwu /path-to-your-openair-k8s-cloned-dir/charts/oai-spgwu-tiny ``` ## Deploy MME Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash -helm install mme /path-to-your-openait-k8s-cloned-dir/charts/oai-mme +helm install mme /path-to-your-openair-k8s-cloned-dir/charts/oai-mme From b6512e2d3fb71d11eba82076554962f242968219 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 16 Sep 2020 17:47:53 +0200 Subject: [PATCH 38/82] Helm deploy HSS on oai namespace --- charts/oai-hss/Chart.yaml | 2 +- charts/oai-hss/templates/multus.yaml | 4 ++-- charts/oai-hss/templates/rbac.yaml | 2 +- charts/oai-hss/values.yaml | 14 +++++++------- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/oai-hss/Chart.yaml b/charts/oai-hss/Chart.yaml index d21ae13..87a942f 100644 --- a/charts/oai-hss/Chart.yaml +++ b/charts/oai-hss/Chart.yaml @@ -20,7 +20,7 @@ version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: onap-test +appVersion: onap-0.1.0 keywords: - Core Network diff --git a/charts/oai-hss/templates/multus.yaml b/charts/oai-hss/templates/multus.yaml index d99b83c..e1e42d4 100644 --- a/charts/oai-hss/templates/multus.yaml +++ b/charts/oai-hss/templates/multus.yaml @@ -13,8 +13,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.211.102/24", - "gateway": "192.168.211.1" + "address": "192.168.1.102/24", + "gateway": "192.168.1.1" } ] } diff --git a/charts/oai-hss/templates/rbac.yaml b/charts/oai-hss/templates/rbac.yaml index 00aa3ca..4c7d8d7 100644 --- a/charts/oai-hss/templates/rbac.yaml +++ b/charts/oai-hss/templates/rbac.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: {{ .Chart.Name }}-rbac + name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index 266d935..e0de667 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -4,12 +4,12 @@ replicaCount: 1 -namespace: "oai-cn" +namespace: "oai" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai-cn/oai-hss - version: onap-test + repository: image-registry.openshift-image-registry.svc:5000/oai/oai-hss + version: onap-0.1.0 # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -48,12 +48,12 @@ service: # Assume cassandra pod name is cassandra lte: prefix: "/openair-hss/etc" - realm: "oai-cn.svc.cluster.local" - dbFqdn: "cassandra-0.cassandra.oai-cn.svc.cluster.local" - identity: "oai-hss.oai-cn.svc.cluster.local" + realm: "oai.svc.cluster.local" + dbFqdn: "cassandra-0.cassandra.oai.svc.cluster.local" + identity: "oai-hss.oai.svc.cluster.local" opKey: "11111111111111111111111111111111" roaming: "true" - apn1: "apn.oai-cn.svc.cluster.local" + apn1: "apn.oai.svc.cluster.local" apn2: "internet" lteK: "8baf473f2f8fd09487cccbd7097c6862" imsi: "311480100001101" From 40c7d090ffb069a6e2d4fb5acef2d58099826f54 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 17 Sep 2020 10:51:26 +0200 Subject: [PATCH 39/82] Helm deploy MME on oai namespace --- charts/oai-mme/Chart.yaml | 2 +- charts/oai-mme/templates/multus.yaml | 8 ++++---- charts/oai-mme/values.yaml | 12 ++++++------ 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/oai-mme/Chart.yaml b/charts/oai-mme/Chart.yaml index 987e7a6..2c1446a 100644 --- a/charts/oai-mme/Chart.yaml +++ b/charts/oai-mme/Chart.yaml @@ -20,7 +20,7 @@ version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: onap-test +appVersion: onap-0.1.0 # TODO #dependencies: diff --git a/charts/oai-mme/templates/multus.yaml b/charts/oai-mme/templates/multus.yaml index 206eac0..5ee1193 100644 --- a/charts/oai-mme/templates/multus.yaml +++ b/charts/oai-mme/templates/multus.yaml @@ -13,8 +13,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.211.100/24", - "gateway": "192.168.211.1" + "address": "192.168.1.100/24", + "gateway": "192.168.1.1" } ] } @@ -34,8 +34,8 @@ spec: "type": "static", "addresses": [ { - "address": "172.16.211.100/24", - "gateway": "172.16.211.1" + "address": "172.16.1.100/24", + "gateway": "172.16.1.1" } ] } diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index bf04fe3..6342532 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -4,12 +4,12 @@ replicaCount: 1 -namespace: "oai-cn" +namespace: "oai" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai-cn/oai-mme - version: onap-test + repository: image-registry.openshift-image-registry.svc:5000/oai/oai-mme + version: onap-0.1.0 # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -73,10 +73,10 @@ lte: tac_2: "3" tac_2_lb: "03" tac_2_hb: "00" - mmeIpS1c: "192.168.211.100" - mmeIpS11: "172.16.211.100" + mmeIpS1c: "192.168.1.100" + mmeIpS11: "172.16.1.100" mmeIpS10: "127.0.0.1" - sgwIpS11: "172.16.211.101" + sgwIpS11: "172.16.1.101" fdHssHostname: "oai-hss" resources: {} From fbef1d27e3498ab7e2bcc5af1adab1b90c1690bf Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 17 Sep 2020 10:51:51 +0200 Subject: [PATCH 40/82] Helm deploy SPGWC on oai namespace --- charts/oai-spgwc/Chart.yaml | 4 ++-- charts/oai-spgwc/templates/multus.yaml | 8 ++++---- charts/oai-spgwc/values.yaml | 7 +++---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/charts/oai-spgwc/Chart.yaml b/charts/oai-spgwc/Chart.yaml index 2985bdf..46e9442 100644 --- a/charts/oai-spgwc/Chart.yaml +++ b/charts/oai-spgwc/Chart.yaml @@ -16,11 +16,11 @@ icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_fin # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.1 +version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: onap-test +appVersion: onap-0.1.0 keywords: - Core Network diff --git a/charts/oai-spgwc/templates/multus.yaml b/charts/oai-spgwc/templates/multus.yaml index 7365545..7a7b0d2 100644 --- a/charts/oai-spgwc/templates/multus.yaml +++ b/charts/oai-spgwc/templates/multus.yaml @@ -13,8 +13,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.212.100/24", - "gateway": "192.168.212.1" + "address": "192.168.2.100/24", + "gateway": "192.168.2.1" } ] } @@ -34,8 +34,8 @@ spec: "type": "static", "addresses": [ { - "address": "172.16.211.101/24", - "gateway": "172.16.211.1" + "address": "172.16.1.101/24", + "gateway": "172.16.1.1" } ] } diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index d71816e..9213f22 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -4,13 +4,12 @@ replicaCount: 1 -namespace: "oai-cn" +namespace: "oai" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai-cn/oai-spgwc - #version: develop-vco3 - version: onap-test + repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwc + version: onap-0.1.0 # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always From 48d0f9108638d25454e9141115fbf3c655612721 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 17 Sep 2020 10:52:09 +0200 Subject: [PATCH 41/82] Helm deploy SPGWU on oai namespace --- charts/oai-spgwu-tiny/Chart.yaml | 2 +- charts/oai-spgwu-tiny/templates/multus.yaml | 12 ++++++------ charts/oai-spgwu-tiny/values.yaml | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/oai-spgwu-tiny/Chart.yaml b/charts/oai-spgwu-tiny/Chart.yaml index 1c7a2b1..8665a96 100644 --- a/charts/oai-spgwu-tiny/Chart.yaml +++ b/charts/oai-spgwu-tiny/Chart.yaml @@ -20,7 +20,7 @@ version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: onap-test +appVersion: onap-0.1.0 # TODO #dependencies: diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index e686149..993467e 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -13,8 +13,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.212.101/24", - "gateway": "192.168.212.1" + "address": "192.168.2.101/24", + "gateway": "192.168.2.1" } ] } @@ -34,8 +34,8 @@ spec: "type": "static", "addresses": [ { - "address": "172.16.212.100/24", - "gateway": "172.16.212.1" + "address": "172.16.2.100/24", + "gateway": "172.16.2.1" } ] } @@ -55,8 +55,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.213.100/24", - "gateway": "192.168.213.1" + "address": "192.168.3.100/24", + "gateway": "192.168.3.1" } ] } diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 38ddd3e..9280448 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -4,12 +4,12 @@ replicaCount: 1 -namespace: "oai-cn" +namespace: "oai" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai-cn/oai-spgwu-tiny - version: onap-test + repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwu-tiny + version: onap-0.1.0 # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -52,7 +52,7 @@ lte: pgwSgiIf: "net3" pgwuSgiGw: "192.168.3.101" netUeIp: "192.168.20.0/24" - pgwcSxIp: "192.168.212.100" + pgwcSxIp: "192.168.2.100" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious From b578df0f2fb728bb7deb68bf372ff3dae54e1442 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Thu, 17 Sep 2020 10:58:31 +0200 Subject: [PATCH 42/82] Update README.md --- charts/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/README.md b/charts/README.md index 51873c8..5a43411 100644 --- a/charts/README.md +++ b/charts/README.md @@ -36,6 +36,8 @@ oc adm policy add-scc-to-user anyuid -z default # THIS IS THE COMMAND OF THE MONTH! ``` ### Deployment +Work is in progress, please follow the described deployment sequence (cassandra, HSS, SPGWC, SPGWU, MME). + Logged as administrator of your namespace on oc (not kubeadmin): ```bash helm install --set config.endpoint_snitch=GossipingPropertyFileSnitch,persistence.storageClass=managed-nfs-storage cassandra incubator/cassandra From d139a48f2ec036cd05fe7dba9d8e066ab49489ad Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 1 Oct 2020 10:08:24 +0200 Subject: [PATCH 43/82] Helm: MME deployment on node perse --- charts/oai-mme/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/oai-mme/templates/deployment.yaml b/charts/oai-mme/templates/deployment.yaml index f2aaa0b..fb4eddc 100644 --- a/charts/oai-mme/templates/deployment.yaml +++ b/charts/oai-mme/templates/deployment.yaml @@ -253,4 +253,5 @@ spec: schedulerName: default-scheduler serviceAccountName: {{ .Values.serviceAccount.name }} terminationGracePeriodSeconds: 30 + nodeName: perse.5glab.nsa.eurecom.fr From b0c5897803fc18d29a352fb613252a83493e0cd6 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 1 Oct 2020 12:03:06 +0200 Subject: [PATCH 44/82] helm MME: fix oai namespace --- charts/oai-mme/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index 6342532..6dc307e 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -54,7 +54,7 @@ lte: output: "CONSOLE" prefix: "/openair-mme/etc" pidDirectory: "/var/run" - domainName: "oai-cn.svc.cluster.local" + domainName: "oai.svc.cluster.local" fdMmeHostname: "oai-mme" mmeGid: "4" mmeCode: "1" From 78da67439d8ee3d6a2d0c893318947d6fc723777 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 1 Oct 2020 12:05:27 +0200 Subject: [PATCH 45/82] Helm 4G CN S1C-S1U-S6A on network 18 --- charts/oai-hss/templates/deployment.yaml | 2 +- charts/oai-hss/templates/multus.yaml | 6 +++--- charts/oai-mme/templates/multus.yaml | 4 ++-- charts/oai-mme/values.yaml | 2 +- charts/oai-spgwu-tiny/templates/multus.yaml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/oai-hss/templates/deployment.yaml b/charts/oai-hss/templates/deployment.yaml index bcd5419..013fd65 100644 --- a/charts/oai-hss/templates/deployment.yaml +++ b/charts/oai-hss/templates/deployment.yaml @@ -16,7 +16,7 @@ spec: labels: {{- include "oai-hss.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net6 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} diff --git a/charts/oai-hss/templates/multus.yaml b/charts/oai-hss/templates/multus.yaml index e1e42d4..01f03ae 100644 --- a/charts/oai-hss/templates/multus.yaml +++ b/charts/oai-hss/templates/multus.yaml @@ -2,7 +2,7 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net6 spec: config: '{ "cniVersion": "0.3.0", @@ -13,8 +13,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.1.102/24", - "gateway": "192.168.1.1" + "address": "192.168.18.176/24", + "gateway": "192.168.18.1" } ] } diff --git a/charts/oai-mme/templates/multus.yaml b/charts/oai-mme/templates/multus.yaml index 5ee1193..12bac87 100644 --- a/charts/oai-mme/templates/multus.yaml +++ b/charts/oai-mme/templates/multus.yaml @@ -13,8 +13,8 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.1.100/24", - "gateway": "192.168.1.1" + "address": "192.168.18.150/24", + "gateway": "192.168.18.1" } ] } diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index 6dc307e..13ef54b 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -73,7 +73,7 @@ lte: tac_2: "3" tac_2_lb: "03" tac_2_hb: "00" - mmeIpS1c: "192.168.1.100" + mmeIpS1c: "192.168.18.150" mmeIpS11: "172.16.1.100" mmeIpS10: "127.0.0.1" sgwIpS11: "172.16.1.101" diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index 993467e..87c4f64 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -34,8 +34,8 @@ spec: "type": "static", "addresses": [ { - "address": "172.16.2.100/24", - "gateway": "172.16.2.1" + "address": "172.16.18.151/24", + "gateway": "172.16.18.1" } ] } From 3707457acac8751fe2d4e9c4526e265bab957d64 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 1 Oct 2020 13:06:29 +0200 Subject: [PATCH 46/82] Helm spgwu typo exposed S1U IP address --- charts/oai-spgwu-tiny/templates/multus.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index 87c4f64..476e40a 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -34,8 +34,8 @@ spec: "type": "static", "addresses": [ { - "address": "172.16.18.151/24", - "gateway": "172.16.18.1" + "address": "192.168.18.151/24", + "gateway": "192.168.18.1" } ] } From 62a83b4644468e0125846abb402a58f166170fc2 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 1 Oct 2020 15:48:36 +0200 Subject: [PATCH 47/82] Change HSS parameters for IMSI TIM (222 01) --- .../oai-hss/templates/cassandra-oai-db.yaml | 35 ++++++++++--------- charts/oai-hss/values.yaml | 4 +-- 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/charts/oai-hss/templates/cassandra-oai-db.yaml b/charts/oai-hss/templates/cassandra-oai-db.yaml index bd0ce5f..ad6961a 100644 --- a/charts/oai-hss/templates/cassandra-oai-db.yaml +++ b/charts/oai-hss/templates/cassandra-oai-db.yaml @@ -86,20 +86,21 @@ data: extid text, primary key (imsi, extid) ); - INSERT into vhss.mmeidentity JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}'; - INSERT into vhss.mmeidentity_host JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}'; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001110', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001111', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001112', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001113', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001114', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001115', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001116', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001117', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001118', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001119', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001120', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000001', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000101', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000102', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208950000000002', 001011234561000, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.mmeidentity JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}'; + INSERT INTO vhss.mmeidentity_host JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}'; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001110', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001111', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001112', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001113', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001114', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001115', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001116', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001117', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001118', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001119', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001120', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000001', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000101', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000102', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208950000000002', 001011234561000, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('222010100001140', 222011234561000, 41, 'fec86ba6eb707ed08905757b1bb44b8f', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"oai.ipv4","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index e0de667..e57005c 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -51,9 +51,9 @@ lte: realm: "oai.svc.cluster.local" dbFqdn: "cassandra-0.cassandra.oai.svc.cluster.local" identity: "oai-hss.oai.svc.cluster.local" - opKey: "11111111111111111111111111111111" + opKey: "1006020f0a478bf6b699f15c062e42b3" roaming: "true" - apn1: "apn.oai.svc.cluster.local" + apn1: "oai.ipv4" apn2: "internet" lteK: "8baf473f2f8fd09487cccbd7097c6862" imsi: "311480100001101" From 9839a9d5f7571c296343f501d17efe14394bc8a2 Mon Sep 17 00:00:00 2001 From: Raphael Defosseux Date: Tue, 3 Nov 2020 17:52:01 +0100 Subject: [PATCH 48/82] [SPGW-U] adding possibility to enable NAT on UE IP pool Signed-off-by: Raphael Defosseux --- charts/oai-spgwu-tiny/templates/configmap.yaml | 1 + charts/oai-spgwu-tiny/templates/deployment.yaml | 5 +++++ charts/oai-spgwu-tiny/values.yaml | 1 + 3 files changed, 7 insertions(+) diff --git a/charts/oai-spgwu-tiny/templates/configmap.yaml b/charts/oai-spgwu-tiny/templates/configmap.yaml index bb1f9ac..ef0c89d 100644 --- a/charts/oai-spgwu-tiny/templates/configmap.yaml +++ b/charts/oai-spgwu-tiny/templates/configmap.yaml @@ -10,3 +10,4 @@ data: sgwSxIf: {{ .Values.lte.sgwSxIf }} netUeIp: {{ .Values.lte.netUeIp }} pgwcSxIp: {{ .Values.lte.pgwcSxIp }} + netUeNatOption: {{ .Values.lte.netUeNatOption | quote }} diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index f475eaa..f75b0b6 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -61,6 +61,11 @@ spec: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: netUeIp + - name: NETWORK_UE_NAT_OPTION + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: netUeNatOption - name: SPGWC0_IP_ADDRESS valueFrom: configMapKeyRef: diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 9280448..4b9f1a2 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -53,6 +53,7 @@ lte: pgwuSgiGw: "192.168.3.101" netUeIp: "192.168.20.0/24" pgwcSxIp: "192.168.2.100" + netUeNatOption: "yes" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious From 4faad7d06aabcf5a4cb9b4adb4e982812e9d6fd9 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Fri, 6 Nov 2020 10:27:12 +0100 Subject: [PATCH 49/82] DB : populate mme table with values if values not exist --- charts/oai-hss/templates/cassandra-oai-db.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/oai-hss/templates/cassandra-oai-db.yaml b/charts/oai-hss/templates/cassandra-oai-db.yaml index ad6961a..34e2ca6 100644 --- a/charts/oai-hss/templates/cassandra-oai-db.yaml +++ b/charts/oai-hss/templates/cassandra-oai-db.yaml @@ -86,8 +86,8 @@ data: extid text, primary key (imsi, extid) ); - INSERT INTO vhss.mmeidentity JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}'; - INSERT INTO vhss.mmeidentity_host JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}'; + INSERT INTO vhss.mmeidentity JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}' IF NOT EXISTS; + INSERT INTO vhss.mmeidentity_host JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}' IF NOT EXISTS; INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001110', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001111', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001112', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; From b9ffc69e15768f8f3a966b3ee1ccc9bf3ac67025 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Fri, 6 Nov 2020 10:30:12 +0100 Subject: [PATCH 50/82] rbac include namespace name --- charts/oai-mme/templates/rbac.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/oai-mme/templates/rbac.yaml b/charts/oai-mme/templates/rbac.yaml index 00aa3ca..4c7d8d7 100644 --- a/charts/oai-mme/templates/rbac.yaml +++ b/charts/oai-mme/templates/rbac.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: {{ .Chart.Name }}-rbac + name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole From 0ae0efe48d6e23c4a2c2a9a64391b2be9fdf7961 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Fri, 6 Nov 2020 10:31:34 +0100 Subject: [PATCH 51/82] HSS,MME domains name can be different (HSS in oc ns1, MME in OC ns2) --- charts/oai-mme/templates/configmap.yaml | 8 ++++---- charts/oai-mme/values.yaml | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/oai-mme/templates/configmap.yaml b/charts/oai-mme/templates/configmap.yaml index f750348..9c9090b 100644 --- a/charts/oai-mme/templates/configmap.yaml +++ b/charts/oai-mme/templates/configmap.yaml @@ -26,10 +26,10 @@ data: mmeIpS11: {{ .Values.lte.mmeIpS11 }} mmeIpS10: {{ .Values.lte.mmeIpS10 }} sgwIpS11: {{ .Values.lte.sgwIpS11 }} - hssService: {{ .Values.lte.fdHssHostname }}.{{ .Values.lte.domainName }} - hssRealm: {{ .Values.lte.domainName }} + hssService: {{ .Values.lte.fdHssHostname }}.{{ .Values.lte.hssDomainName }} + hssRealm: {{ .Values.lte.hssDomainName }} hssHostname: {{ .Values.lte.fdHssHostname }} - hssIp: {{ .Values.lte.fdHssHostname }}.{{ .Values.lte.domainName }} + hssIp: {{ .Values.lte.fdHssHostname }}.{{ .Values.lte.hssDomainName }} peerMme0Ipv4Address: "0.0.0.0" peerMme1Ipv4Address: "0.0.0.0" mcc_mme0: "000" @@ -39,4 +39,4 @@ data: tac_lb_mme0: "00" tac_hb_mme0: "00" tac_lb_mme1: "00" - tac_hb_mme1: "00" \ No newline at end of file + tac_hb_mme1: "00" diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index 13ef54b..d150fa9 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -78,6 +78,7 @@ lte: mmeIpS10: "127.0.0.1" sgwIpS11: "172.16.1.101" fdHssHostname: "oai-hss" + hssDomainName: "oai.svc.cluster.local" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious From 42674fd2918eeb4de6af7890e32f7d73f2888fbd Mon Sep 17 00:00:00 2001 From: Raphael Defosseux Date: Thu, 19 Nov 2020 14:10:27 +0100 Subject: [PATCH 52/82] moving to TIM PLMN for 5G NSA usage Signed-off-by: Raphael Defosseux --- charts/oai-mme/values.yaml | 6 +++--- charts/oai-spgwc/templates/configmap.yaml | 1 + charts/oai-spgwc/templates/deployment.yaml | 5 +++++ charts/oai-spgwc/values.yaml | 3 ++- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index d150fa9..2f9c8bd 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -61,9 +61,9 @@ lte: nwIfS1c: "net1" nwIfS11: "net2" nwIfS10: "lo" - mcc: "208" - mnc: "96" - mnc3: "096" + mcc: "222" + mnc: "01" + mnc3: "001" tac_0: "1" tac_0_lb: "01" tac_0_hb: "00" diff --git a/charts/oai-spgwc/templates/configmap.yaml b/charts/oai-spgwc/templates/configmap.yaml index 471a3b6..d8c2bbc 100644 --- a/charts/oai-spgwc/templates/configmap.yaml +++ b/charts/oai-spgwc/templates/configmap.yaml @@ -12,3 +12,4 @@ data: apn: {{ .Values.lte.apn }} ueDnsServer: {{ .Values.lte.ueDnsServer }} ueDnsServerSec: {{ .Values.lte.ueDnsServerSec }} + pushProtocolOption: {{ .Values.lte.pushProtocolOption | quote }} diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index 815d365..df23ee7 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -81,6 +81,11 @@ spec: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: ueDnsServerSec + - name: PUSH_PROTOCOL_OPTION + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: pushProtocolOption - name: tcpdump image: corfr/tcpdump command: diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index 9213f22..ca8c3d9 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -54,7 +54,8 @@ lte: ueIpAddressPool: "192.168.20.2-192.168.20.200" ueDnsServer: "192.168.18.129" ueDnsServerSec: "192.168.18.129" - apn: "apn.oai.svc.cluster.local" + apn: "oai.ipv4" + pushProtocolOption: "yes" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious From ae95ca152e860acd77d8dcb4e0639ff4b869b4fd Mon Sep 17 00:00:00 2001 From: Mohammed Ismail Date: Sun, 22 Nov 2020 23:28:56 +0100 Subject: [PATCH 53/82] [mme]: persistance storage for tcpdump added to store .pcap Signed-off-by: Mohammed Ismail --- charts/oai-mme/templates/deployment.yaml | 15 +++++++++++++-- charts/oai-mme/templates/pvc.yaml | 15 +++++++++++++++ charts/oai-mme/values.yaml | 4 ++++ 3 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 charts/oai-mme/templates/pvc.yaml diff --git a/charts/oai-mme/templates/deployment.yaml b/charts/oai-mme/templates/deployment.yaml index fb4eddc..860dd73 100644 --- a/charts/oai-mme/templates/deployment.yaml +++ b/charts/oai-mme/templates/deployment.yaml @@ -246,8 +246,19 @@ spec: - name: tcpdump image: corfr/tcpdump command: - - /bin/sleep - - infinity + - /bin/sh + - -c + # /bin/mkdir /pcap + - /usr/sbin/tcpdump -i any port 36412 -C 100 -W 10 -w /pcap/S1_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + # /bin/sleep infinity + # - -i any port 36412 -C 100 -W 2 -w /pcap/S1_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap; + volumeMounts: + - mountPath: "/pcap" + name: {{ .Chart.Name }}-pv + volumes: + - name: {{ .Chart.Name }}-pv + persistentVolumeClaim: + claimName: {{ .Chart.Name }}-pvc dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler diff --git a/charts/oai-mme/templates/pvc.yaml b/charts/oai-mme/templates/pvc.yaml new file mode 100644 index 0000000..e136072 --- /dev/null +++ b/charts/oai-mme/templates/pvc.yaml @@ -0,0 +1,15 @@ +{{- if .Values.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Chart.Name }}-pvc + annotations: + "helm.sh/resource-policy": keep +spec: + accessModes: + - ReadWriteOnce + storageClassName: managed-nfs-storage + resources: + requests: + storage: 1Gi +{{- end }} diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index 2f9c8bd..3524cbc 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -80,6 +80,10 @@ lte: fdHssHostname: "oai-hss" hssDomainName: "oai.svc.cluster.local" +persistence: + #make it true for the first time when you want to create persistance volume and then false + enabled: false + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little From c004bc4a0395fe9a505360893ee9761ece5b9c37 Mon Sep 17 00:00:00 2001 From: Mohammed Ismail Date: Mon, 30 Nov 2020 11:40:45 +0100 Subject: [PATCH 54/82] [spgwu] fix internet access Signed-off-by: Mohammed Ismail --- charts/oai-spgwu-tiny/templates/deployment.yaml | 9 ++++++++- charts/oai-spgwu-tiny/templates/multus.yaml | 2 +- charts/oai-spgwu-tiny/values.yaml | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index f75b0b6..2c5c831 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -16,7 +16,14 @@ spec: labels: {{- include "oai-spgwu-tiny.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1, {{ .Chart.Name }}-{{ .Values.namespace }}-net2, {{ .Chart.Name }}-{{ .Values.namespace }}-net3 + k8s.v1.cni.cncf.io/networks: >- + [{ + "name": "oai-spgwu-tiny-oai-net1" + }, + { + "name": "oai-spgwu-tiny-oai-net2", + "default-route": ["192.168.18.129"] + }] spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index 476e40a..4aeea99 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -35,7 +35,7 @@ spec: "addresses": [ { "address": "192.168.18.151/24", - "gateway": "192.168.18.1" + "gateway": "192.168.18.129" } ] } diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 4b9f1a2..8a321a9 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -49,7 +49,7 @@ lte: pidDirectory: "/var/run" sgwS1uIf: "net2" sgwSxIf: "net1" - pgwSgiIf: "net3" + pgwSgiIf: "net2" pgwuSgiGw: "192.168.3.101" netUeIp: "192.168.20.0/24" pgwcSxIp: "192.168.2.100" From 87bae6eb1c85e7d847425d3ea7284d8309314d30 Mon Sep 17 00:00:00 2001 From: Raphael Defosseux Date: Mon, 7 Dec 2020 15:20:33 +0100 Subject: [PATCH 55/82] removing static IP allocation scheme Signed-off-by: Raphael Defosseux --- .../oai-hss/templates/cassandra-oai-db.yaml | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/charts/oai-hss/templates/cassandra-oai-db.yaml b/charts/oai-hss/templates/cassandra-oai-db.yaml index 34e2ca6..ec8cdf7 100644 --- a/charts/oai-hss/templates/cassandra-oai-db.yaml +++ b/charts/oai-hss/templates/cassandra-oai-db.yaml @@ -88,19 +88,19 @@ data: ); INSERT INTO vhss.mmeidentity JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}' IF NOT EXISTS; INSERT INTO vhss.mmeidentity_host JSON '{"idmmeidentity":"1","mmeisdn":"mme-isdn", "mmehost":"oai-mme.oai.svc.cluster.local", "mmerealm":"oai.svc.cluster.local", "ue_reachability":"1"}' IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001110', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001111', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001112', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001113', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001114', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001115', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001116', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001117', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001118', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001119', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001120', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000001', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000101', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000102', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208950000000002', 001011234561000, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; - INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('222010100001140', 222011234561000, 41, 'fec86ba6eb707ed08905757b1bb44b8f', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Served-Party-IP-Address":["10.0.0.1","10.0.0.2"],"Service-Selection":"oai.ipv4","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001110', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001111', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001112', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001113', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001114', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001115', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001116', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001117', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001118', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001119', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208920100001120', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000001', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000101', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208960000000102', 0033663000021, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('208950000000002', 001011234561000, 41, '8baf473f2f8fd09487cccbd7097c6862', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"apn.oai.svc.cluster.local","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}') IF NOT EXISTS; + INSERT INTO vhss.users_imsi (imsi, msisdn, access_restriction, key, mmehost, mmeidentity_idmmeidentity, mmerealm, rand, sqn, subscription_data) VALUES ('222010100001140', 222011234561000, 41, 'fec86ba6eb707ed08905757b1bb44b8f', 'oai-mme.oai.svc.cluster.local', 4, 'oai.svc.cluster.local', '2683b376d1056746de3b254012908e0e', 96, '{"Subscription-Data":{"Access-Restriction-Data":41,"Subscriber-Status":0,"Network-Access-Mode":2,"Regional-Subscription-Zone-Code":["0x0123","0x4567","0x89AB","0xCDEF","0x1234","0x5678","0x9ABC","0xDEF0","0x2345","0x6789"],"MSISDN":"0x0033663000021","AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"APN-Configuration-Profile":{"Context-Identifier":0,"All-APN-Configurations-Included-Indicator":0,"APN-Configuration":{"Context-Identifier":0,"PDN-Type":0,"Service-Selection":"oai.ipv4","EPS-Subscribed-QoS-Profile":{"QoS-Class-Identifier":9,"Allocation-Retention-Priority":{"Priority-Level":15,"Pre-emption-Capability":0,"Pre-emption-Vulnerability":0}},"AMBR":{"Max-Requested-Bandwidth-UL":50000000,"Max-Requested-Bandwidth-DL":100000000},"PDN-GW-Allocation-Type":0,"MIP6-Agent-Info":{"MIP-Home-Agent-Address":["172.26.17.183"]}}},"Subscribed-Periodic-RAU-TAU-Timer":0}}'); From dc7561c53ec63809e2f0ac37a36bb5d49d4b9877 Mon Sep 17 00:00:00 2001 From: Lionel Date: Tue, 19 Jan 2021 11:54:15 +0100 Subject: [PATCH 56/82] spgwu-tiny additions --- .../oai-spgwu-tiny/templates/deployment.yaml | 2 ++ charts/oai-spgwu-tiny/values.yaml | 18 +++++++++--------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index f75b0b6..1aaf78e 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -85,4 +85,6 @@ spec: restartPolicy: Always schedulerName: default-scheduler serviceAccountName: {{ .Values.serviceAccount.name }} + # RT worker + nodeName: dedale.5glab.nsa.eurecom.fr terminationGracePeriodSeconds: 30 diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 4b9f1a2..cc8572b 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -49,23 +49,23 @@ lte: pidDirectory: "/var/run" sgwS1uIf: "net2" sgwSxIf: "net1" - pgwSgiIf: "net3" - pgwuSgiGw: "192.168.3.101" + pgwSgiIf: "net2" + pgwuSgiGw: "192.168.18.129" netUeIp: "192.168.20.0/24" pgwcSxIp: "192.168.2.100" netUeNatOption: "yes" -resources: {} +resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + limits: + cpu: 6000m + memory: 512Mi + requests: + cpu: 4000m + memory: 256Mi nodeSelector: {} From d2707b622c021d87e02e9a281a74d513294976ab Mon Sep 17 00:00:00 2001 From: Lionel Date: Tue, 19 Jan 2021 12:17:06 +0100 Subject: [PATCH 57/82] sync with oai OC project --- charts/oai-mme/values.yaml | 6 +- charts/oai-spgwc/templates/deployment.yaml | 27 ++++++- charts/oai-spgwc/values.yaml | 10 ++- .../oai-spgwu-tiny/templates/configmap.yaml | 7 ++ .../oai-spgwu-tiny/templates/deployment.yaml | 73 ++++++++++++++++++- charts/oai-spgwu-tiny/templates/multus.yaml | 24 +----- charts/oai-spgwu-tiny/templates/service.yaml | 6 ++ charts/oai-spgwu-tiny/values.yaml | 24 +++++- 8 files changed, 138 insertions(+), 39 deletions(-) diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index 3524cbc..8a0b5b5 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -61,9 +61,9 @@ lte: nwIfS1c: "net1" nwIfS11: "net2" nwIfS10: "lo" - mcc: "222" - mnc: "01" - mnc3: "001" + mcc: "208" + mnc: "99" + mnc3: "099" tac_0: "1" tac_0_lb: "01" tac_0_hb: "00" diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index df23ee7..38f4c44 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -25,8 +25,22 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} containers: + - name: tcpdump + image: corfr/tcpdump + command: + {{- if .Values.start.tcpdump}} + - /bin/sh + - -c + - /usr/sbin/tcpdump -i any port 2123 or port 8805 or arp or icmp -C 100 -W 10 -w /pcap/SPGWC_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + {{- else}} + - /bin/sleep + - infinity + {{- end}} + volumeMounts: + - mountPath: "/pcap" + name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv - name: spgwc - image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} @@ -86,14 +100,19 @@ spec: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: pushProtocolOption - - name: tcpdump - image: corfr/tcpdump + {{- if .Values.start.spgwc}} + {{- else}} command: - /bin/sleep - infinity + {{- end}} + volumes: + - name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv + persistentVolumeClaim: + claimName: {{ .Chart.Name }}-{{ .Values.namespace }}-pvc dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler serviceAccountName: {{ .Values.serviceAccount.name }} - terminationGracePeriodSeconds: 30 + terminationGracePeriodSeconds: 15 diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index ca8c3d9..b4d8dc5 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -45,6 +45,9 @@ service: pfcpPort: 8805 gtpcPort: 2123 +start: + spgwc: true + tcpdump: true lte: pidDirectory: "/var/run" sgwS11If: "net2" @@ -57,9 +60,11 @@ lte: apn: "oai.ipv4" pushProtocolOption: "yes" -resources: {} +persistence: # We usually recommend not to specify default resources and to leave this as a conscious + enabled: false # choice for the user. This also increases chances charts run on environments with little +resources: # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: @@ -68,6 +73,9 @@ resources: {} # requests: # cpu: 100m # memory: 128Mi + requests: + cpu: 100m + memory: 256Mi nodeSelector: {} diff --git a/charts/oai-spgwu-tiny/templates/configmap.yaml b/charts/oai-spgwu-tiny/templates/configmap.yaml index ef0c89d..68b905e 100644 --- a/charts/oai-spgwu-tiny/templates/configmap.yaml +++ b/charts/oai-spgwu-tiny/templates/configmap.yaml @@ -11,3 +11,10 @@ data: netUeIp: {{ .Values.lte.netUeIp }} pgwcSxIp: {{ .Values.lte.pgwcSxIp }} netUeNatOption: {{ .Values.lte.netUeNatOption | quote }} + threadsS1uUl: {{ .Values.lte.threadsS1uUl | quote }} + threadsSgiDl: {{ .Values.lte.threadsSgiDl | quote }} + threadsSx: {{ .Values.lte.threadsSx | quote }} + threadsSgiPrio: {{ .Values.lte.threadsSgiPrio | quote }} + threadsS1uPrio: {{ .Values.lte.threadsS1uPrio | quote }} + threadsSxPrio: {{ .Values.lte.threadsSxPrio | quote }} + bypassUlPfcpRules: {{ .Values.lte.bypassUlPfcpRules | quote }} diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index 4894e39..1ac7d19 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -32,8 +32,23 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} containers: + - name: tcpdump + image: corfr/tcpdump + command: + {{- if .Values.start.tcpdump}} + - /bin/sh + - -c + - /usr/sbin/tcpdump -i any -C 100 -W 10 -w /pcap/SPGWU_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + # - /usr/sbin/tcpdump -i any port 2152 or port 8805 or port 5001 or arp or icmp -C 100 -W 10 -w /pcap/SPGWU_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + {{- else}} + - /bin/sleep + - infinity + {{- end}} + volumeMounts: + - mountPath: "/pcap" + name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv - name: spgwu - image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} @@ -42,6 +57,8 @@ spec: name: oai-spgwu - containerPort: {{ .Values.service.gtpuPort }} name: s1u + - containerPort: 5001 + name: iperf env: - name: PID_DIRECTORY valueFrom: @@ -83,15 +100,63 @@ spec: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: pgwuSgiGw - - name: tcpdump - image: corfr/tcpdump + - name: S1U_THREADS + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: threadsS1uUl + - name: SGI_THREADS + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: threadsSgiDl + - name: SX_THREADS + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: threadsSx + - name: THREAD_SGI_PRIO + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: threadsSgiPrio + - name: THREAD_S1U_PRIO + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: threadsS1uPrio + - name: THREAD_SX_PRIO + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: threadsSxPrio + - name: BYPASS_UL_PFCP_RULES + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: bypassUlPfcpRules + {{- if .Values.start.spgwu}} + {{- else}} command: - /bin/sleep - infinity + {{- end}} + #volumeMounts: + #- mountPath: /dev/hugepages + # name: hugepage + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + volumes: + - name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv + persistentVolumeClaim: + claimName: {{ .Chart.Name }}-{{ .Values.namespace }}-pvc dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler serviceAccountName: {{ .Values.serviceAccount.name }} + terminationGracePeriodSeconds: 15 # RT worker nodeName: dedale.5glab.nsa.eurecom.fr - terminationGracePeriodSeconds: 30 + diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index 4aeea99..fb5b802 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -34,29 +34,7 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.18.151/24", - "gateway": "192.168.18.129" - } - ] - } - }' ---- -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition -metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net3 -spec: - config: '{ - "cniVersion": "0.3.0", - "type": "macvlan", - "master": "bond0", - "mode": "bridge", - "ipam": { - "type": "static", - "addresses": [ - { - "address": "192.168.3.100/24", - "gateway": "192.168.3.1" + "address": "192.168.18.151/24" } ] } diff --git a/charts/oai-spgwu-tiny/templates/service.yaml b/charts/oai-spgwu-tiny/templates/service.yaml index 979237b..5e57abd 100644 --- a/charts/oai-spgwu-tiny/templates/service.yaml +++ b/charts/oai-spgwu-tiny/templates/service.yaml @@ -22,5 +22,11 @@ spec: # Port to forward to inside the pod targetPort: {{ .Values.service.gtpuPort }} protocol: UDP + - name: iperf + # Port accessible outside cluster + port: 5001 + # Port to forward to inside the pod + targetPort: 5001 + protocol: UDP selector: {{- include "oai-spgwu-tiny.selectorLabels" . | nindent 4 }} diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index cc8572b..1a34ab1 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -33,6 +33,8 @@ podSecurityContext: securityContext: privileged: true + capabilities: + add: ["NET_ADMIN", "NET_RAW"] # capabilities: # drop: # - ALL @@ -45,6 +47,9 @@ service: pfcpPort: 8805 gtpuPort: 2152 +start: + spgwu: true + tcpdump: true lte: pidDirectory: "/var/run" sgwS1uIf: "net2" @@ -54,17 +59,28 @@ lte: netUeIp: "192.168.20.0/24" pgwcSxIp: "192.168.2.100" netUeNatOption: "yes" + threadsS1uUl: "16" + threadsSgiDl: "16" + threadsSx: "1" + threadsSgiPrio: "64" + threadsS1uPrio: "64" + threadsSxPrio: "64" + # standart feature is no, put yes if you want less UL packet delay + bypassUlPfcpRules: "yes" + +persistence: + # make it true for the first time when you want to create persistance volume + # and then false + enabled: false + resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 6000m - memory: 512Mi requests: - cpu: 4000m + cpu: 8 memory: 256Mi nodeSelector: {} From 4ac198eca75aff748b5245ebdb04cae9a79211c4 Mon Sep 17 00:00:00 2001 From: Lionel Date: Tue, 19 Jan 2021 12:25:21 +0100 Subject: [PATCH 58/82] mme magma-oai addition --- charts/magma-oai-mme/Chart.yaml | 51 +++++ charts/magma-oai-mme/templates/NOTES.txt | 15 ++ charts/magma-oai-mme/templates/_helpers.tpl | 63 +++++ .../magma-oai-mme/templates/deployment.yaml | 116 ++++++++++ .../templates/mme-cfg-configmap.yaml | 216 ++++++++++++++++++ .../templates/mme-configmap.yaml | 7 + .../templates/mme-fd-configmap.yaml | 165 +++++++++++++ .../templates/multiple-services.yaml | 15 ++ charts/magma-oai-mme/templates/multus.yaml | 42 ++++ charts/magma-oai-mme/templates/pvc.yaml | 16 ++ charts/magma-oai-mme/templates/rbac.yaml | 13 ++ charts/magma-oai-mme/templates/service.yaml | 37 +++ .../templates/serviceaccount.yaml | 5 + .../templates/tests/test-connection.yaml | 16 ++ charts/magma-oai-mme/values.yaml | 120 ++++++++++ 15 files changed, 897 insertions(+) create mode 100644 charts/magma-oai-mme/Chart.yaml create mode 100644 charts/magma-oai-mme/templates/NOTES.txt create mode 100644 charts/magma-oai-mme/templates/_helpers.tpl create mode 100644 charts/magma-oai-mme/templates/deployment.yaml create mode 100644 charts/magma-oai-mme/templates/mme-cfg-configmap.yaml create mode 100644 charts/magma-oai-mme/templates/mme-configmap.yaml create mode 100644 charts/magma-oai-mme/templates/mme-fd-configmap.yaml create mode 100644 charts/magma-oai-mme/templates/multiple-services.yaml create mode 100644 charts/magma-oai-mme/templates/multus.yaml create mode 100644 charts/magma-oai-mme/templates/pvc.yaml create mode 100644 charts/magma-oai-mme/templates/rbac.yaml create mode 100644 charts/magma-oai-mme/templates/service.yaml create mode 100644 charts/magma-oai-mme/templates/serviceaccount.yaml create mode 100644 charts/magma-oai-mme/templates/tests/test-connection.yaml create mode 100644 charts/magma-oai-mme/values.yaml diff --git a/charts/magma-oai-mme/Chart.yaml b/charts/magma-oai-mme/Chart.yaml new file mode 100644 index 0000000..16d60ac --- /dev/null +++ b/charts/magma-oai-mme/Chart.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: v2 +name: magma-oai-mme +description: A Helm chart for MME network function + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_final_logo.png + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: magma-mme-0.1.0 + +# TODO +# dependencies: +# - name: oai-spgwc +# version: "0.1.0" +# repository: "https://..." +# - name: oai-hss +# version: "0.1.0" +# repository: "https://..." + +keywords: + - Core Network + - EPC + - 4G + - Edge + - MME + +sources: + - https://github.com/OPENAIRINTERFACE/openair-mme + - https://github.com/OPENAIRINTERFACE/openair-k8s + +maintainers: + - name: OPENAIRINTERFACE + email: contact@openairinterface.org + # GITHUB account + - name: lionelgo + email: lionel.gauthier@eurecom.fr diff --git a/charts/magma-oai-mme/templates/NOTES.txt b/charts/magma-oai-mme/templates/NOTES.txt new file mode 100644 index 0000000..08da954 --- /dev/null +++ b/charts/magma-oai-mme/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "magma-oai-mme.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "magma-oai-mme.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "magma-oai-mme.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "magma-oai-mme.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/magma-oai-mme/templates/_helpers.tpl b/charts/magma-oai-mme/templates/_helpers.tpl new file mode 100644 index 0000000..5f987d8 --- /dev/null +++ b/charts/magma-oai-mme/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "magma-oai-mme.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "magma-oai-mme.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "magma-oai-mme.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "magma-oai-mme.labels" -}} +helm.sh/chart: {{ include "magma-oai-mme.chart" . }} +{{ include "magma-oai-mme.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "magma-oai-mme.selectorLabels" -}} +app.kubernetes.io/name: {{ include "magma-oai-mme.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "magma-oai-mme.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "magma-oai-mme.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/magma-oai-mme/templates/deployment.yaml b/charts/magma-oai-mme/templates/deployment.yaml new file mode 100644 index 0000000..9a8db66 --- /dev/null +++ b/charts/magma-oai-mme/templates/deployment.yaml @@ -0,0 +1,116 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.Chart.Name}} + labels: + {{- include "magma-oai-mme.labels" . | nindent 4}} +spec: + replicas: {{.Values.replicaCount}} + selector: + matchLabels: + {{- include "magma-oai-mme.selectorLabels" . | nindent 6}} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "magma-oai-mme.selectorLabels" . | nindent 8}} + annotations: + k8s.v1.cni.cncf.io/networks: {{.Chart.Name}}-{{.Values.namespace}}-net1, {{.Chart.Name}}-{{.Values.namespace}}-net2 + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8}} + {{- if .Values.imagePullSecrets}} + imagePullSecrets: + {{- toYaml . | nindent 8}} + {{- end}} + containers: + - name: tcpdump + image: corfr/tcpdump + volumeMounts: + - mountPath: /pcap + name: {{.Chart.Name}}-{{.Values.namespace}}-pv + command: + {{- if .Values.start.tcpdump}} + - /bin/sh + - -c + - /usr/sbin/tcpdump -i any -C 100 -W 10 -w /pcap/magma-oai-mme_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + {{- else}} + - /bin/sleep + - infinity + {{- end}} + - name: redis + image: "{{.Values.image.repository}}:{{.Values.image.version}}" + command: + {{- if .Values.start.redis}} + - /bin/sh + - -c + - mkdir /var/opt/magma;/usr/bin/redis-server /usr/local/etc/redis/redis.conf; sleep infinity + {{- else}} + - /bin/sleep + - infinity + {{- end}} + - name: mme + image: "{{.Values.image.repository}}:{{.Values.image.version}}" + imagePullPolicy: {{.Values.image.pullPolicy}} + securityContext: + {{- toYaml .Values.securityContext | nindent 12}} + ports: + - containerPort: {{.Values.service.diameterPort}} + name: magma-oai-mme + - containerPort: {{.Values.service.diameterSecPort}} + name: oai-mme-sec + - containerPort: {{.Values.service.gtpcPort}} + name: s11 + env: + - name: PREFIX + value: {{.Values.mmeConf.prefix}} + - name: MME_FQDN + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name}}-{{.Values.namespace}}-configmap + key: mmeService + volumeMounts: + - mountPath: /magma/etc/mme_fd.conf + name: fd-vol + subPath: mme_fd.conf + - mountPath: /magma/etc/mme.conf + name: cfg-vol + subPath: mme.conf + - mountPath: /magma/bin/mme.exe + name: svc-vol + subPath: mme.exe + {{- with .Values.resources}} + resources: + {{- toYaml . | nindent 10}} + {{- end}} + command: + {{- if .Values.start.mme}} + - /bin/sh + - -c + - /magma/bin/mme.exe + {{- else}} + - /bin/sleep + - infinity + {{- end}} + volumes: + - name: {{.Chart.Name}}-{{.Values.namespace}}-pv + persistentVolumeClaim: + claimName: {{.Chart.Name}}-{{.Values.namespace}}-pvc + - configMap: + name: mme-cfg-configmap + name: cfg-vol + - configMap: + name: mme-fd-configmap + name: fd-vol + - configMap: + name: mme-services-configmap + defaultMode: 0777 + name: svc-vol + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + serviceAccountName: {{.Values.serviceAccount.name}} + terminationGracePeriodSeconds: 15 + nodeName: perse.5glab.nsa.eurecom.fr diff --git a/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml b/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml new file mode 100644 index 0000000..1d69ea7 --- /dev/null +++ b/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml @@ -0,0 +1,216 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: mme-cfg-configmap +data: + mme.conf: | + MME : + { + REALM = "{{ .Values.namespace }}.{{ .Values.mmeConf.domainName }}" + PID_DIRECTORY = "/var/run"; + # Define the limits of the system in terms of served eNB and served UE. + # When the limits will be reached, overload procedure will take place. + MAXENB = 8; # power of 2 + MAXUE = 16; # power of 2 + RELATIVE_CAPACITY = 10; + EMERGENCY_ATTACH_SUPPORTED = "no"; + UNAUTHENTICATED_IMSI_SUPPORTED = "no"; + # EPS network feature support + EPS_NETWORK_FEATURE_SUPPORT_IMS_VOICE_OVER_PS_SESSION_IN_S1 = "no"; # DO NOT CHANGE + EPS_NETWORK_FEATURE_SUPPORT_EMERGENCY_BEARER_SERVICES_IN_S1_MODE = "no"; # DO NOT CHANGE + EPS_NETWORK_FEATURE_SUPPORT_LOCATION_SERVICES_VIA_EPC = "no"; # DO NOT CHANGE + EPS_NETWORK_FEATURE_SUPPORT_EXTENDED_SERVICE_REQUEST = "no"; # DO NOT CHANGE + # Display statistics about whole system (expressed in seconds) + MME_STATISTIC_TIMER = 10; + USE_STATELESS = "{{ .Values.mmeConf.useStateless }}"; + + INTERTASK_INTERFACE : + { + # max queue size per task + ITTI_QUEUE_SIZE = 2000000; + }; + + S6A : + { + S6A_CONF = "{{ .Values.mmeConf.prefix }}/etc/mme_fd.conf"; # YOUR MME freeDiameter config file path + HSS_HOSTNAME = "{{ .Values.mmeConf.fdHssHostname }}.{{ .Values.mmeConf.hssDomainName }}"; # relevant for freeDiameter only + HSS_REALM = "{{ .Values.mmeConf.hssDomainName }}"; # relevant for freeDiameter only + }; + + # ------- SCTP definitions + SCTP : + { + # Number of streams to use in input/output + SCTP_INSTREAMS = 8; + SCTP_OUTSTREAMS = 8; + }; + + # ------- S1AP definitions + S1AP : + { + # outcome drop timer value (seconds) + S1AP_OUTCOME_TIMER = 10; + }; + + # ------- MME served GUMMEIs + # MME code DEFAULT size = 8 bits + # MME GROUP ID size = 16 bits + GUMMEI_LIST = ( + { MCC="{{ .Values.mmeConf.mcc }}" ; MNC="{{ .Values.mmeConf.mnc }}"; MME_GID="{{ .Values.mmeConf.mmeGid }}" ; MME_CODE="{{ .Values.mmeConf.mmeCode }}"; } + ); + # MME served TAIs + # TA (mcc.mnc:tracking area code) + # max values = 999.999:65535 + # maximum of 16 TAIs, comma separated + # !!! Actually use only one PLMN + + TAI_LIST = {{ .Values.mmeConf.taiList }} + + CSFB : + { + NON_EPS_SERVICE_CONTROL = "{{ .Values.mmeConf.nonEpsServiceControl }}"; + CSFB_MCC = "{{ .Values.mmeConf.csfbMcc }}"; + CSFB_MNC = "{{ .Values.mmeConf.csfbMnc }}"; + LAC = "{{ .Values.mmeConf.lac }}"; + }; + + NAS : + { + # 3GPP TS 33.401 section 7.2.4.3 Procedures for NAS algorithm selection + # decreasing preference goes from left to right + ORDERED_SUPPORTED_INTEGRITY_ALGORITHM_LIST = [ "EIA2" , "EIA1" , "EIA0" ]; + ORDERED_SUPPORTED_CIPHERING_ALGORITHM_LIST = [ "EEA0" , "EEA1" , "EEA2" ]; + # EMM TIMERS + # T3402 start: + # At attach failure and the attempt counter is equal to 5. + # At tracking area updating failure and the attempt counter is equal to 5. + # T3402 stop: + # ATTACH REQUEST sent, TRACKING AREA REQUEST sent. + # On expiry: + # Initiation of the attach procedure, if still required or TAU procedure + # attached for emergency bearer services. + T3402 = 1 # in minutes (default is 12 minutes) + # T3412 start: + # In EMM-REGISTERED, when EMM-CONNECTED mode is left. + # T3412 stop: + # When entering state EMM-DEREGISTERED or when entering EMM-CONNECTED mode. + # On expiry: + # Initiation of the periodic TAU procedure if the UE is not attached for + # emergency bearer services. Implicit detach from network if the UE is + # attached for emergency bearer services. + T3412 = 54 # in minutes (default is 54 minutes, network dependent) + # T3422 start: DETACH REQUEST sent + # T3422 stop: DETACH ACCEPT received + # ON THE 1st, 2nd, 3rd, 4th EXPIRY: Retransmission of DETACH REQUEST + T3422 = 6 # in seconds (default is 6s) + # T3450 start: + # ATTACH ACCEPT sent, TRACKING AREA UPDATE ACCEPT sent with GUTI, TRACKING AREA UPDATE ACCEPT sent with TMSI, + # GUTI REALLOCATION COMMAND sent + # T3450 stop: + # ATTACH COMPLETE received, TRACKING AREA UPDATE COMPLETE received, GUTI REALLOCATION COMPLETE received + # ON THE 1st, 2nd, 3rd, 4th EXPIRY: Retransmission of the same message type + T3450 = 6 # in seconds (default is 6s) + # T3460 start: AUTHENTICATION REQUEST sent, SECURITY MODE COMMAND sent + # T3460 stop: + # AUTHENTICATION RESPONSE received, AUTHENTICATION FAILURE received, + # SECURITY MODE COMPLETE received, SECURITY MODE REJECT received + # ON THE 1st, 2nd, 3rd, 4th EXPIRY: Retransmission of the same message type + T3460 = 6 # in seconds (default is 6s) + # T3470 start: IDENTITY REQUEST sent + # T3470 stop: IDENTITY RESPONSE received + # ON THE 1st, 2nd, 3rd, 4th EXPIRY: Retransmission of IDENTITY REQUEST + T3470 = 6 # in seconds (default is 6s) + # ESM TIMERS + T3485 = 8 # UNUSED in seconds (default is 8s) + T3486 = 8 # UNUSED in seconds (default is 8s) + T3489 = 4 # UNUSED in seconds (default is 4s) + T3495 = 8 # UNUSED in seconds (default is 8s) + # APN CORRECTION FEATURE + ENABLE_APN_CORRECTION = "false" + APN_CORRECTION_MAP_LIST = ( ); + }; + SGS : + { + # TS6_1 start: SGSAP LOCATION UPDATE REQUEST sent + # TS6_1 stop: SGSAP LOCATION UPDATE ACCEPT received,SGSAP LOCATION UPDATE REJECT received + TS6_1 = 10 # in seconds (default is 10s) + + # TS8 start: SGSAP EPS DETACH INDICATION explicit detach sent for EPS services + # TS8 stop: SGSAP EPS DETACH ACK received + TS8 = 4 # in seconds (default is 4s) + + # TS9 start: SGSAP IMSI DETACH INDICATION explicit detach sent for non-EPS services + # TS9 stop: SGSAP IMSI DETACH ACK received + # changed the Ts9 default value to 2s since the T3421 ue detach timer value is 5s + # To avoid retransmission of UE detach message and small delay to wait for sgs detach retransmission + TS9 = 2 # in seconds (default is 4s) + + # TS10 start: SGSAP IMSI DETACH INDICATION implicit detach sent for non-EPS services + # TS10 stop: SGSAP EPS DETACH ACK received + TS10 = 4 # in seconds (default is 4s) + + # TS13 start: SGSAP EPS DETACH INDICATION implicit detach sent for EPS services + # TS13 stop: SGSAP EPS DETACH ACK received + TS13 = 4 # in seconds (default is 4s) + + + }; + NETWORK_INTERFACES : + { + # MME binded interface for S1-C or S1-MME communication (S1AP), can be ethernet interface, virtual ethernet interface, + # we don't advise wireless interfaces + MME_INTERFACE_NAME_FOR_S1_MME = "{{ .Values.mmeConf.s1apIfaceName }}"; + MME_IPV4_ADDRESS_FOR_S1_MME = {{- cat .Values.mmeConf.mmeIpS1c "/" .Values.mmeConf.mmeNetmaskS1c | nospace | quote }}; + + # MME binded interface for S11 communication (GTPV2-C) + MME_INTERFACE_NAME_FOR_S11_MME = "{{ .Values.mmeConf.s11IfaceName }}"; + MME_IPV4_ADDRESS_FOR_S11_MME = {{- cat .Values.mmeConf.mmeIpS11 "/" .Values.mmeConf.mmeNetmaskS11 | nospace | quote }}; + MME_PORT_FOR_S11_MME = {{ .Values.service.gtpcPort }}; + }; + LOGGING : + { + # OUTPUT choice in { "CONSOLE", "SYSLOG", `path to file`", "`IPv4@`:`TCP port num`"} + # `path to file` must start with '.' or '/' + # if TCP stream choice, then you can easily dump the traffic on the remote or local host: nc -l `TCP port num` > received.txt + #OUTPUT = "CONSOLE"; + #OUTPUT = "SYSLOG"; + OUTPUT = "/var/log/mme.log"; + #OUTPUT = "127.0.0.1:5656"; + # THREAD_SAFE choice in { "yes", "no" } means use of thread safe intermediate buffer then a single thread pick each message log one + # by one to flush it to the chosen output + THREAD_SAFE = "no"; + # COLOR choice in { "yes", "no" } means use of ANSI styling codes or no + COLOR = "no"; + # Log level choice in { "EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", "NOTICE", "INFO", "DEBUG", "TRACE"} + SCTP_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + GTPV1U_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + SPGW_APP_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + UDP_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + S1AP_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + NAS_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + MME_APP_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + GTPV2C_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + S11_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + S6A_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + UTIL_LOG_LEVEL = "{{ .Values.mmeConf.oaiLogLevel }}"; + MSC_LOG_LEVEL = "ERROR"; + ITTI_LOG_LEVEL = "ERROR"; + MME_SCENARIO_PLAYER_LOG_LEVEL = "ERROR"; + # ASN1 VERBOSITY: none, info, annoying + # for S1AP protocol + # Won't be templatized because its value space is different + ASN1_VERBOSITY = "INFO"; + }; + TESTING : + { + # file should be copied here from source tree by following command: run_mme --install-mme-files ... + SCENARIO_FILE = "/usr/local/share/oai/test/MME/no_regression.xml"; + }; + S-GW : + { + # S-GW binded interface for S11 communication (GTPV2-C), if none selected the ITTI message interface is used + SGW_IPV4_ADDRESS_FOR_S11 = "{{ .Values.mmeConf.remoteSgwIp }}"; + }; + }; + diff --git a/charts/magma-oai-mme/templates/mme-configmap.yaml b/charts/magma-oai-mme/templates/mme-configmap.yaml new file mode 100644 index 0000000..4b0b68e --- /dev/null +++ b/charts/magma-oai-mme/templates/mme-configmap.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{.Chart.Name}}-{{.Values.namespace}}-configmap +data: + mmeService: {{.Values.mmeConf.fdMmeHostname}}.{{.Values.namespace}}.{{.Values.mmeConf.domainName}} diff --git a/charts/magma-oai-mme/templates/mme-fd-configmap.yaml b/charts/magma-oai-mme/templates/mme-fd-configmap.yaml new file mode 100644 index 0000000..04f5639 --- /dev/null +++ b/charts/magma-oai-mme/templates/mme-fd-configmap.yaml @@ -0,0 +1,165 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: mme-fd-configmap +data: + mme_fd.conf: | + ################################################################################ + # Copyright 2020 The Magma Authors. + # This source code is licensed under the BSD-style license found in the + # LICENSE file in the root directory of this source tree. + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + ################################################################################ + # -------- Local --------- + # Uncomment if the framework cannot resolv it. + Identity = "{{ .Values.mmeConf.fdMmeHostname }}.{{ .Values.namespace }}.{{ .Values.mmeConf.domainName }}"; + Realm = "{{ .Values.namespace }}.{{ .Values.mmeConf.domainName }}"; + # TLS configuration (see previous section) + TLS_Cred = "{{ .Values.mmeConf.prefix }}/etc/mme.cert.pem", + "{{ .Values.mmeConf.prefix }}/etc/mme.key.pem"; + TLS_CA = "{{ .Values.mmeConf.prefix }}/etc/mme.cacert.pem"; + # Disable use of TCP protocol (only listen and connect in SCTP) + # Default : TCP enabled + No_SCTP; + # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. + # Prefer TCP instead of SCTP for establishing new connections. + # This setting may be overwritten per peer in peer configuration blocs. + # Default : SCTP is attempted first. + Prefer_TCP; + No_IPv6; + # Overwrite the number of SCTP streams. This value should be kept low, + # especially if you are using TLS over SCTP, because it consumes a lot of + # resources in that case. See tickets 19 and 27 for some additional details on + # this. + # Limit the number of SCTP streams + SCTP_streams = 3; + # By default, freeDiameter acts as a Diameter Relay Agent by forwarding all + # messages it cannot handle locally. This parameter disables this behavior. + NoRelay; + # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed + # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the + # CER/CEA exchange on a dedicated secure port. + # This parameter only affects outgoing connections. + # The setting can be also defined per-peer (see Peers configuration section). + # Default: use RFC6733 method with separate port for TLS. + #TLS_old_method; + AppServThreads = 4; + # Specify the addresses on which to bind the listening server. This must be + # specified if the framework is unable to auto-detect these addresses, or if the + # auto-detected values are incorrect. Note that the list of addresses is sent + # in CER or CEA message, so one should pay attention to this parameter if some + # adresses should be kept hidden. + #ListenOn = ; + Port = {{ .Values.service.diameterPort }}; + SecPort = {{ .Values.service.diameterSecPort }}; + # -------- Extensions --------- + # Uncomment (and create rtd.conf) to specify routing table for this peer. + #LoadExtension = "/usr/local/lib/freeDiameter/rt_default.fdx" : "rtd.conf"; + #LoadExtension = "/usr/local/lib/freeDiameter/_sample.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/app_acct.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/app_diameap.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/app_radgw.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/app_redirect.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/app_sip.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dbg_interactive.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dbg_monitor.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dbg_msg_dumps.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dbg_msg_timings.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dbg_rt.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_CreditControl.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_CxDx.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_Gx.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_NAS.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_Ro.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_Rx.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_S6mS6n.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_SGd.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_SLh.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_Sd.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_Sh.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_T4.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_T6aT6bT7.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_Tsp.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_dcca.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_dcca_3gpp.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_dcca_starent.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_eap.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_legacy_xml.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_mip6a.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_mip6i.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_nas_mipv6.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_nasreq.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_sip.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/rt_busypeers.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/rt_default.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/rt_ereg.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/rt_ignore_dh.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/rt_load_balance.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/rt_randomize.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/rt_redirect.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/test_acct.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/test_app.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/test_hss.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/test_netemul.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/test_rt_any.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/test_sip.fdx"; + #LoadExtension = "/usr/local/lib/freeDiameter/dict_Rf.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_S6as6d.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_S6t.fdx"; + LoadExtension = "/usr/local/lib/freeDiameter/dict_S6c.fdx"; + # -------- Peers --------- + # The framework will actively attempt to establish and maintain a connection + # with the peers listed here. + # For only accepting incoming connections, see the acl_wl.fx extension. + # ConnectPeer + # Declare a remote peer to which this peer must maintain a connection. + # In addition, this allows specifying non-default parameters for this peer only + # (for example disable SCTP with this peer, or use RFC3588-flavour TLS). + # Note that by default, if a peer is not listed as a ConnectPeer entry, an + # incoming connection from this peer will be rejected. If you want to accept + # incoming connections from other peers, see the acl_wl.fdx? extension which + # allows exactly this. + ConnectPeer= "{{ .Values.mmeConf.fdHssHostname }}.{{ .Values.mmeConf.hssDomainName }}" { ConnectTo = "{{ .Values.mmeConf.hssIp }}"; No_SCTP ; No_IPv6; Prefer_TCP; No_TLS; port = {{ .Values.service.peerDiameterPort }};}; + \ No newline at end of file diff --git a/charts/magma-oai-mme/templates/multiple-services.yaml b/charts/magma-oai-mme/templates/multiple-services.yaml new file mode 100644 index 0000000..a625c55 --- /dev/null +++ b/charts/magma-oai-mme/templates/multiple-services.yaml @@ -0,0 +1,15 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: mme-services-configmap +data: + mme.exe: | + #!/bin/sh + # turn on bash's job control + set -m + /magma/bin/sctpd & + # let create unix socket + sleep 7 + /magma/scripts/entrypoint.sh /magma/bin/oai_mme -c /magma/etc/mme.conf + diff --git a/charts/magma-oai-mme/templates/multus.yaml b/charts/magma-oai-mme/templates/multus.yaml new file mode 100644 index 0000000..6879678 --- /dev/null +++ b/charts/magma-oai-mme/templates/multus.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "macvlan", + "master": "bond0", + "mode": "bridge", + "ipam": { + "type": "static", + "addresses": [ + { + "address": {{- cat .Values.mmeConf.mmeIpS1c "/" .Values.mmeConf.mmeNetmaskS1c | nospace | quote }}, + "gateway": {{ .Values.mmeConf.mmeGatewayS1c | quote }} + } + ] + } + }' +--- +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net2 +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "macvlan", + "master": "bond0", + "mode": "bridge", + "ipam": { + "type": "static", + "addresses": [ + { + "address": {{- cat .Values.mmeConf.mmeIpS11 "/" .Values.mmeConf.mmeNetmaskS11 | nospace | quote }}, + "gateway": {{ .Values.mmeConf.mmeGatewayS11 | quote }} + } + ] + } + }' diff --git a/charts/magma-oai-mme/templates/pvc.yaml b/charts/magma-oai-mme/templates/pvc.yaml new file mode 100644 index 0000000..3bb3c67 --- /dev/null +++ b/charts/magma-oai-mme/templates/pvc.yaml @@ -0,0 +1,16 @@ +--- +{{- if .Values.persistence.enabled}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{.Chart.Name}}-{{.Values.namespace}}-pvc + annotations: + "helm.sh/resource-policy": keep +spec: + accessModes: + - ReadWriteOnce + storageClassName: managed-nfs-storage + resources: + requests: + storage: 1Gi +{{- end}} diff --git a/charts/magma-oai-mme/templates/rbac.yaml b/charts/magma-oai-mme/templates/rbac.yaml new file mode 100644 index 0000000..42823ad --- /dev/null +++ b/charts/magma-oai-mme/templates/rbac.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{.Chart.Name}}-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{.Values.serviceAccount.name}} + namespace: {{.Values.namespace}} diff --git a/charts/magma-oai-mme/templates/service.yaml b/charts/magma-oai-mme/templates/service.yaml new file mode 100644 index 0000000..e271835 --- /dev/null +++ b/charts/magma-oai-mme/templates/service.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{.Chart.Name}} + labels: + {{- include "magma-oai-mme.labels" . | nindent 4}} +spec: + type: {{.Values.service.type}} +{{- if contains "ClusterIP" .Values.service.type}} + clusterIP: None +{{- end}} + ports: + - name: magma-oai-mme + # Port accessible outside cluster + port: {{ .Values.service.diameterPort }} + # Port to forward to inside the pod + targetPort: {{.Values.service.peerDiameterPort}} + protocol: TCP + - name: oai-mme-sec + # Port accessible outside cluster + port: {{.Values.service.diameterSecPort}} + # Port to forward to inside the pod + targetPort: {{.Values.service.peerDiameterPortSecPort}} + protocol: TCP + - name: sctpservers1ap + protocol: SCTP + port: 36413 + targetPort: 36413 + - name: s11 + # Port accessible outside cluster + port: {{.Values.service.gtpcPort}} + # Port to forward to inside the pod + targetPort: {{.Values.service.gtpcPort}} + protocol: UDP + selector: + {{- include "magma-oai-mme.selectorLabels" . | nindent 4}} diff --git a/charts/magma-oai-mme/templates/serviceaccount.yaml b/charts/magma-oai-mme/templates/serviceaccount.yaml new file mode 100644 index 0000000..d16abb2 --- /dev/null +++ b/charts/magma-oai-mme/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{.Values.serviceAccount.name}} diff --git a/charts/magma-oai-mme/templates/tests/test-connection.yaml b/charts/magma-oai-mme/templates/tests/test-connection.yaml new file mode 100644 index 0000000..e3a8994 --- /dev/null +++ b/charts/magma-oai-mme/templates/tests/test-connection.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "magma-oai-mme.fullname" . }}-test-connection" + labels: + {{- include "magma-oai-mme.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: ping + image: busybox + command: ['ping'] + args: ['-c' , '1', {{ include "magma-oai-mme.fullname" . }} ] + restartPolicy: Never diff --git a/charts/magma-oai-mme/values.yaml b/charts/magma-oai-mme/values.yaml new file mode 100644 index 0000000..0035865 --- /dev/null +++ b/charts/magma-oai-mme/values.yaml @@ -0,0 +1,120 @@ +--- +# Default values for magma-oai-mme. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +namespace: "oai" + +image: + registry: local + repository: image-registry.openshift-image-registry.svc:5000/oai-cn/magma-mme + # version: nsa-support-no-emm-info + # version: rel15_centos8 + version: validated-nsa-oppo-quectel-2020-12-17 + # pullPolicy: IfNotPresent or Never or Always + pullPolicy: Always + +imagePullSecrets: [] + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname + # template + name: "magma-oai-mme-sa" + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + +securityContext: + privileged: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +persistence: + # make it true for the first time when you want to create persistance volume + # and then false + enabled: false + +service: + type: ClusterIP + diameterPort: 3870 + diameterSecPort: 5870 + peerDiameterPort: 3868 + peerDiameterSecPort: 5868 + gtpcPort: 2123 + +start: + mme: true + redis: true + tcpdump: true + +mmeConf: + # source file folder + magma_root: /magma + # contains etc, bin subdirs + # May be not always same as magma_root + prefix: /magma + domainName: "svc.cluster.local" + fdMmeHostname: "magma-oai-mme" + fdHssHostname: "oai-hss" + hssDomainName: "oai.svc.cluster.local" + useStateless: "true" + logLevel: "TRACE" + oaiLogLevel: "TRACE" + mcc: &mcc "208" + mnc: &mnc "99" + tac: "1" + mmeGid: "4" + mmeCode: "1" + nonEpsServiceControl: "null" + csfbMcc: "001" + csfbMnc: "01" + lac: "1" + enableApnCorrection: "false" + apnCorrectionMapList: + - imsiPrefix: "00101" + apnOverride: "magma.ipv4" + mmeIpS1c: "192.168.18.150" + mmeGatewayS1c: "192.168.18.1" + mmeNetmaskS1c: "24" + mmeIpS11: "172.16.1.100" + mmeGatewayS11: "172.16.1.1" + mmeNetmaskS11: "24" + s1apIfaceName: "net1" + s11IfaceName: "net2" + remoteSgwIp: "172.16.1.101" + taiList: | + ({ MCC="208";MNC="99";TAC="1";},{ MCC="208";MNC="99";TAC="2";},{ MCC="208";MNC="99";TAC="3";}); + hssIp: "192.168.18.176" + +resources: + # We usually recommend not to specify default resources and to leave this as a + # conscious choice for the user. This also increases chances charts run on + # environments with little resources, such as Minikube. If you do want to + # specify resources, uncomment the following lines, adjust them as necessary, + # and remove the curly braces after 'resources:' + # limits: + # cpu: 4 + requests: + cpu: 200m + memory: 256Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From accaeb079945ff38cf6a622cab782c5221c16d58 Mon Sep 17 00:00:00 2001 From: Lionel Date: Tue, 19 Jan 2021 13:56:00 +0100 Subject: [PATCH 59/82] stable tag for images, S1C,S11,SX,S1U,SGi reachable on public networt 192.168.18/24 --- .../magma-oai-mme/templates/deployment.yaml | 2 +- charts/magma-oai-mme/templates/multus.yaml | 21 ---------------- charts/magma-oai-mme/values.yaml | 11 ++++----- charts/oai-hss/values.yaml | 2 +- charts/oai-spgwc/templates/deployment.yaml | 2 +- charts/oai-spgwc/templates/multus.yaml | 24 +------------------ charts/oai-spgwc/values.yaml | 18 +++++++------- .../oai-spgwu-tiny/templates/deployment.yaml | 5 +--- charts/oai-spgwu-tiny/templates/multus.yaml | 21 ---------------- charts/oai-spgwu-tiny/values.yaml | 8 +++---- 10 files changed, 22 insertions(+), 92 deletions(-) diff --git a/charts/magma-oai-mme/templates/deployment.yaml b/charts/magma-oai-mme/templates/deployment.yaml index 9a8db66..c610a30 100644 --- a/charts/magma-oai-mme/templates/deployment.yaml +++ b/charts/magma-oai-mme/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: labels: {{- include "magma-oai-mme.selectorLabels" . | nindent 8}} annotations: - k8s.v1.cni.cncf.io/networks: {{.Chart.Name}}-{{.Values.namespace}}-net1, {{.Chart.Name}}-{{.Values.namespace}}-net2 + k8s.v1.cni.cncf.io/networks: {{.Chart.Name}}-{{.Values.namespace}}-net1 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8}} diff --git a/charts/magma-oai-mme/templates/multus.yaml b/charts/magma-oai-mme/templates/multus.yaml index 6879678..1ca50c4 100644 --- a/charts/magma-oai-mme/templates/multus.yaml +++ b/charts/magma-oai-mme/templates/multus.yaml @@ -19,24 +19,3 @@ spec: ] } }' ---- -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition -metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net2 -spec: - config: '{ - "cniVersion": "0.3.0", - "type": "macvlan", - "master": "bond0", - "mode": "bridge", - "ipam": { - "type": "static", - "addresses": [ - { - "address": {{- cat .Values.mmeConf.mmeIpS11 "/" .Values.mmeConf.mmeNetmaskS11 | nospace | quote }}, - "gateway": {{ .Values.mmeConf.mmeGatewayS11 | quote }} - } - ] - } - }' diff --git a/charts/magma-oai-mme/values.yaml b/charts/magma-oai-mme/values.yaml index 0035865..ff54595 100644 --- a/charts/magma-oai-mme/values.yaml +++ b/charts/magma-oai-mme/values.yaml @@ -10,9 +10,7 @@ namespace: "oai" image: registry: local repository: image-registry.openshift-image-registry.svc:5000/oai-cn/magma-mme - # version: nsa-support-no-emm-info - # version: rel15_centos8 - version: validated-nsa-oppo-quectel-2020-12-17 + version: stable # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -91,12 +89,11 @@ mmeConf: mmeIpS1c: "192.168.18.150" mmeGatewayS1c: "192.168.18.1" mmeNetmaskS1c: "24" - mmeIpS11: "172.16.1.100" - mmeGatewayS11: "172.16.1.1" + mmeIpS11: "192.168.18.150" mmeNetmaskS11: "24" s1apIfaceName: "net1" - s11IfaceName: "net2" - remoteSgwIp: "172.16.1.101" + s11IfaceName: "net1" + remoteSgwIp: "192.168.18.156" taiList: | ({ MCC="208";MNC="99";TAC="1";},{ MCC="208";MNC="99";TAC="2";},{ MCC="208";MNC="99";TAC="3";}); hssIp: "192.168.18.176" diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index e57005c..e4241dc 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -9,7 +9,7 @@ namespace: "oai" image: registry: local repository: image-registry.openshift-image-registry.svc:5000/oai/oai-hss - version: onap-0.1.0 + version: stable # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index 38f4c44..0081808 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -16,7 +16,7 @@ spec: labels: {{- include "oai-spgwc.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1, {{ .Chart.Name }}-{{ .Values.namespace }}-net2 + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} diff --git a/charts/oai-spgwc/templates/multus.yaml b/charts/oai-spgwc/templates/multus.yaml index 7a7b0d2..a82277a 100644 --- a/charts/oai-spgwc/templates/multus.yaml +++ b/charts/oai-spgwc/templates/multus.yaml @@ -13,29 +13,7 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.2.100/24", - "gateway": "192.168.2.1" - } - ] - } - }' ---- -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition -metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net2 -spec: - config: '{ - "cniVersion": "0.3.0", - "type": "macvlan", - "master": "bond0", - "mode": "bridge", - "ipam": { - "type": "static", - "addresses": [ - { - "address": "172.16.1.101/24", - "gateway": "172.16.1.1" + "address": "192.168.18.156/24" } ] } diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index b4d8dc5..3ccfc4c 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -9,7 +9,7 @@ namespace: "oai" image: registry: local repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwc - version: onap-0.1.0 + version: stable # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -46,33 +46,33 @@ service: gtpcPort: 2123 start: - spgwc: true + spgwc: false tcpdump: true lte: pidDirectory: "/var/run" - sgwS11If: "net2" + sgwS11If: "net1" sgwS5S8Ip: "127.0.58.2/8" pgwS5S8Ip: "127.0.58.1/8" pgwSxIf: "net1" - ueIpAddressPool: "192.168.20.2-192.168.20.200" + ueIpAddressPool: "192.168.21.2-192.168.21.200" ueDnsServer: "192.168.18.129" ueDnsServerSec: "192.168.18.129" apn: "oai.ipv4" pushProtocolOption: "yes" persistence: - # We usually recommend not to specify default resources and to leave this as a conscious + # make it true for the first time when you want to create persistance volume + # and then false enabled: false - # choice for the user. This also increases chances charts run on environments with little + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi requests: cpu: 100m memory: 256Mi diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index 1ac7d19..ce325c4 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -18,10 +18,7 @@ spec: annotations: k8s.v1.cni.cncf.io/networks: >- [{ - "name": "oai-spgwu-tiny-oai-net1" - }, - { - "name": "oai-spgwu-tiny-oai-net2", + "name": "oai-spgwu-tiny-oai-net1", "default-route": ["192.168.18.129"] }] spec: diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index fb5b802..2ec17c6 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -3,27 +3,6 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 -spec: - config: '{ - "cniVersion": "0.3.0", - "type": "macvlan", - "master": "bond0", - "mode": "bridge", - "ipam": { - "type": "static", - "addresses": [ - { - "address": "192.168.2.101/24", - "gateway": "192.168.2.1" - } - ] - } - }' ---- -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition -metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net2 spec: config: '{ "cniVersion": "0.3.0", diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 1a34ab1..5a7758f 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -9,7 +9,7 @@ namespace: "oai" image: registry: local repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwu-tiny - version: onap-0.1.0 + version: stable # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -52,12 +52,12 @@ start: tcpdump: true lte: pidDirectory: "/var/run" - sgwS1uIf: "net2" + sgwS1uIf: "net1" sgwSxIf: "net1" - pgwSgiIf: "net2" + pgwSgiIf: "net1" pgwuSgiGw: "192.168.18.129" netUeIp: "192.168.20.0/24" - pgwcSxIp: "192.168.2.100" + pgwcSxIp: "192.168.18.156" netUeNatOption: "yes" threadsS1uUl: "16" threadsSgiDl: "16" From c1961d08170cc2504ea2d184e88402f1ad7cf324 Mon Sep 17 00:00:00 2001 From: Lionel-GAUTHIER <29477918+lionelgo@users.noreply.github.com> Date: Wed, 20 Jan 2021 22:53:58 +0100 Subject: [PATCH 60/82] Update README.md Minimal instructions for people to deploy MME, SPGWs in oai namespace on EURECOM cluster. More to come. --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 411561a..9443167 100644 --- a/README.md +++ b/README.md @@ -116,3 +116,17 @@ To remove all resources from the 'oai' namespace plus delete the namespace itsel ```sh hack/clean_oai_on_k8s ``` + +### Running with helm +The full automation of 4G components is in progress. This is why it is still needed to follow the sequence listed bellow. +``` +cd openair-k8s/charts +helm install spgwc oai-spgwc; helm install mmme magma-oai-mme ; sleep 15; helm install spgwu oai-spgwu-tiny +``` + +### Cleaning +To remove a component from running on the cluster, execute: +``` +helm uninstall mme +``` + From ff6ee934515fef38987c4b3573f9ec38310bb0a1 Mon Sep 17 00:00:00 2001 From: Lionel Date: Thu, 21 Jan 2021 21:25:18 +0100 Subject: [PATCH 61/82] sync actual deployment on OC EURECOM, project oai --- charts/oai-spgwc/values.yaml | 4 ++-- charts/oai-spgwu-tiny/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index 3ccfc4c..208150e 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -9,7 +9,7 @@ namespace: "oai" image: registry: local repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwc - version: stable + version: ue-mtu-1358 # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -46,7 +46,7 @@ service: gtpcPort: 2123 start: - spgwc: false + spgwc: true tcpdump: true lte: pidDirectory: "/var/run" diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 5a7758f..05cde44 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -56,7 +56,7 @@ lte: sgwSxIf: "net1" pgwSgiIf: "net1" pgwuSgiGw: "192.168.18.129" - netUeIp: "192.168.20.0/24" + netUeIp: "192.168.21.0/24" pgwcSxIp: "192.168.18.156" netUeNatOption: "yes" threadsS1uUl: "16" From b2f343a33824e4993f26ff0324a887a1693b3266 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Fri, 23 Apr 2021 14:22:03 +0200 Subject: [PATCH 62/82] update from latest trials on OC Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/README.md | 30 +++-- .../magma-oai-mme/templates/deployment.yaml | 20 ++-- .../templates/multiple-services.yaml | 11 ++ charts/magma-oai-mme/templates/multus.yaml | 3 +- charts/magma-oai-mme/values.yaml | 10 +- charts/oai-spgwc/templates/cfg-configmap.yaml | 84 +++++++++++++ charts/oai-spgwc/templates/configmap.yaml | 10 -- charts/oai-spgwc/templates/deployment.yaml | 77 +++--------- charts/oai-spgwc/templates/multus.yaml | 2 +- charts/oai-spgwc/values.yaml | 37 ++++-- .../templates/cfg-configmap.yaml | 73 ++++++++++++ .../oai-spgwu-tiny/templates/configmap.yaml | 20 ---- .../oai-spgwu-tiny/templates/deployment.yaml | 112 ++++-------------- charts/oai-spgwu-tiny/templates/multus.yaml | 4 +- charts/oai-spgwu-tiny/templates/rbac.yaml | 2 +- charts/oai-spgwu-tiny/templates/service.yaml | 2 +- charts/oai-spgwu-tiny/values.yaml | 18 ++- 17 files changed, 293 insertions(+), 222 deletions(-) create mode 100644 charts/oai-spgwc/templates/cfg-configmap.yaml create mode 100644 charts/oai-spgwu-tiny/templates/cfg-configmap.yaml delete mode 100644 charts/oai-spgwu-tiny/templates/configmap.yaml diff --git a/charts/README.md b/charts/README.md index 5a43411..cfb8e74 100644 --- a/charts/README.md +++ b/charts/README.md @@ -18,10 +18,10 @@ helm repo update ## Build Network functions images For all network functions (HSS, MME, SPGW-C, SPGW-U) you have to build an image: Please refer to: -1. MME: https://github.com/OPENAIRINTERFACE/openair-mme/blob/helm3.1-onap-sync-with-cn-split-repos/openshift +1. MME: https://github.com/magma/magma 1. HSS: https://github.com/OPENAIRINTERFACE/openair-hss/blob/helm3.1-onap-sync-with-cn-split-repos/openshift -1. SPGW-C: https://github.com/OPENAIRINTERFACE/openair-spgwc/tree/helm3.1-onap-sync-with-cn-split-repos/openshift -1. SPGW-U: https://github.com/OPENAIRINTERFACE/openair-spgwu-tiny/tree/helm3.1-onap-sync-with-cn-split-repos/openshift +1. SPGW-C: https://github.com/lionelgo/openair-spgwc/tree/multi-spgwu/openshift +1. SPGW-U: https://github.com/lionelgo/openair-spgwu-tiny/tree/multi-spgwu/openshift On francelab cluster be aware that certificates (/etc/rhsm/ca/redhat-uep.pem) are renewed every month, so you may have to redo the "pki-entitlement" phase every month. @@ -54,25 +54,37 @@ oai-cn cassandra-2 1/1 Running 0 5m13s Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash -helm install hss /path-to-your-openair-k8s-cloned-dir/charts/oai-hss +K8S_DIR="/path-to-your-openair-k8s-cloned-dir" +helm install hss $K8S_DIR/charts/oai-hss ``` ## Deploy SPGW-C Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash -helm install spgwc /path-to-your-openair-k8s-cloned-dir/charts/oai-spgwc +K8S_DIR="/path-to-your-openair-k8s-cloned-dir" +helm install spgwc $K8S_DIR/charts/oai-spgwc --set start.tcpdump="true" ``` -## Deploy SPGW-U +## Deploy MME Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash -helm install spgwu /path-to-your-openair-k8s-cloned-dir/charts/oai-spgwu-tiny +K8S_DIR="/path-to-your-openair-k8s-cloned-dir" +helm install mme $K8S_DIR/charts/magma-oai-mme --set start.tcpdump="true" ``` -## Deploy MME +## Deploy SPGW-U Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. ```bash -helm install mme /path-to-your-openair-k8s-cloned-dir/charts/oai-mme +K8S_DIR="/path-to-your-openair-k8s-cloned-dir" +helm install spgwu1 $K8S_DIR/charts/oai-spgwu-tiny --set serviceAccount.name="oai-spgwu1-tiny-sa" --set lte.instance="0" --set lte.fqdn="gwu1.spgw.node.epc.mnc099.mcc208.3gppnetwork.org" --set lte.spgwIpOneIf="192.168.18.151" --set lte.netUeIp="192.168.21.0/24" --set start.tcpdump="false" +``` + +## Un-deploy NFs +Upon your needs: + +``` +helm uninstall mme spgwc spgwu1 +``` diff --git a/charts/magma-oai-mme/templates/deployment.yaml b/charts/magma-oai-mme/templates/deployment.yaml index c610a30..0a0b984 100644 --- a/charts/magma-oai-mme/templates/deployment.yaml +++ b/charts/magma-oai-mme/templates/deployment.yaml @@ -17,7 +17,11 @@ spec: labels: {{- include "magma-oai-mme.selectorLabels" . | nindent 8}} annotations: - k8s.v1.cni.cncf.io/networks: {{.Chart.Name}}-{{.Values.namespace}}-net1 + k8s.v1.cni.cncf.io/networks: >- + [{ + "name": "{{ .Chart.Name }}-{{ .Values.namespace }}-net1", + "default-route": ["{{ .Values.mmeConf.mmeS1cGw }}"] + }] spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8}} @@ -26,20 +30,17 @@ spec: {{- toYaml . | nindent 8}} {{- end}} containers: + {{- if .Values.start.tcpdump}} - name: tcpdump - image: corfr/tcpdump + image: "image-registry.openshift-image-registry.svc:5000/oai/tcpdump-internal:latest" volumeMounts: - mountPath: /pcap name: {{.Chart.Name}}-{{.Values.namespace}}-pv command: - {{- if .Values.start.tcpdump}} - /bin/sh - -c - /usr/sbin/tcpdump -i any -C 100 -W 10 -w /pcap/magma-oai-mme_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap - {{- else}} - - /bin/sleep - - infinity - {{- end}} + {{- end}} - name: redis image: "{{.Values.image.repository}}:{{.Values.image.version}}" command: @@ -51,6 +52,9 @@ spec: - /bin/sleep - infinity {{- end}} + volumeMounts: + - mountPath: /var/log + name: {{.Chart.Name}}-{{.Values.namespace}}-pv - name: mme image: "{{.Values.image.repository}}:{{.Values.image.version}}" imagePullPolicy: {{.Values.image.pullPolicy}} @@ -72,6 +76,8 @@ spec: name: {{ .Chart.Name}}-{{.Values.namespace}}-configmap key: mmeService volumeMounts: + - mountPath: /var/log + name: {{.Chart.Name}}-{{.Values.namespace}}-pv - mountPath: /magma/etc/mme_fd.conf name: fd-vol subPath: mme_fd.conf diff --git a/charts/magma-oai-mme/templates/multiple-services.yaml b/charts/magma-oai-mme/templates/multiple-services.yaml index a625c55..32ebb93 100644 --- a/charts/magma-oai-mme/templates/multiple-services.yaml +++ b/charts/magma-oai-mme/templates/multiple-services.yaml @@ -8,6 +8,17 @@ data: #!/bin/sh # turn on bash's job control set -m + # move core dumps to OC persistent volume + echo "/var/log.%e.%p.%h.%t" > /proc/sys/kernel/core_pattern + # Configured mme.log in already available persistent volume + # Rename previously generated mme.log with its creation time + pushd /var/log + for f in MME.magma-oai-mme* + do + fb=$(basename "$f") + mv "$fb" "$(date -r "$f" +"%Y-%m-%d_%H-%M-%S")_$fb" + done + popd /magma/bin/sctpd & # let create unix socket sleep 7 diff --git a/charts/magma-oai-mme/templates/multus.yaml b/charts/magma-oai-mme/templates/multus.yaml index 1ca50c4..2b1c98d 100644 --- a/charts/magma-oai-mme/templates/multus.yaml +++ b/charts/magma-oai-mme/templates/multus.yaml @@ -13,8 +13,7 @@ spec: "type": "static", "addresses": [ { - "address": {{- cat .Values.mmeConf.mmeIpS1c "/" .Values.mmeConf.mmeNetmaskS1c | nospace | quote }}, - "gateway": {{ .Values.mmeConf.mmeGatewayS1c | quote }} + "address": {{- cat .Values.mmeConf.mmeIpS1c "/" .Values.mmeConf.mmeNetmaskS1c | nospace | quote }} } ] } diff --git a/charts/magma-oai-mme/values.yaml b/charts/magma-oai-mme/values.yaml index ff54595..89813dc 100644 --- a/charts/magma-oai-mme/values.yaml +++ b/charts/magma-oai-mme/values.yaml @@ -9,8 +9,10 @@ namespace: "oai" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai-cn/magma-mme - version: stable + # repository: image-registry.openshift-image-registry.svc:5000/oai-cn/magma-mme + repository: image-registry.openshift-image-registry.svc:5000/oai/magma-mme + # version: stable + version: master-81a44df-20210413 # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -87,7 +89,7 @@ mmeConf: - imsiPrefix: "00101" apnOverride: "magma.ipv4" mmeIpS1c: "192.168.18.150" - mmeGatewayS1c: "192.168.18.1" + mmeS1cGw: "192.168.18.129" mmeNetmaskS1c: "24" mmeIpS11: "192.168.18.150" mmeNetmaskS11: "24" @@ -95,7 +97,7 @@ mmeConf: s11IfaceName: "net1" remoteSgwIp: "192.168.18.156" taiList: | - ({ MCC="208";MNC="99";TAC="1";},{ MCC="208";MNC="99";TAC="2";},{ MCC="208";MNC="99";TAC="3";}); + ({ MCC="208";MNC="99";TAC="1";},{ MCC="208";MNC="99";TAC="2";},{ MCC="208";MNC="99";TAC="3";},{ MCC="208";MNC="99";TAC="4";}); hssIp: "192.168.18.176" resources: diff --git a/charts/oai-spgwc/templates/cfg-configmap.yaml b/charts/oai-spgwc/templates/cfg-configmap.yaml new file mode 100644 index 0000000..abc3afc --- /dev/null +++ b/charts/oai-spgwc/templates/cfg-configmap.yaml @@ -0,0 +1,84 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: spgwc-cfg-configmap +data: + spgw_c.json: | + { + "timer" : { + "itti" : { + "sched_params" : { + "sched_policy" : "sched_fifo", + "sched_priority" : {{ .Values.lte.threadTimerPrio }} + } + } + }, + "gtpv2c" : { + "port" : 2123, + "n3" : {{ .Values.lte.n3 }}, + "t3_ms" : {{ .Values.lte.t3MilliSec }}, + "sched_params" : { + "sched_policy" : "sched_fifo", + "sched_priority" : {{ .Values.lte.threadgtpv2cPrio }} + } + }, + "pfcp" : { + "port" : 8805, + "n1" : {{ .Values.lte.n1 }}, + "t1_ms" : {{ .Values.lte.t1MilliSec }}, + "sched_params" : { + "sched_policy" : "sched_fifo", + "sched_priority" : {{ .Values.lte.threadpfcpPrio }} + } + }, + "s11" : { + "interface_name" : "{{ .Values.lte.spgwOneIf }}", + "ipv4_address" : "read" + }, + "sgws5s8" : { + "interface_name" : "lo", + "ipv4_address" : "{{ .Values.lte.sgwS5S8Ip }}" + }, + "pgws5s8" : { + "interface_name" : "lo", + "ipv4_address" : "{{ .Values.lte.pgwS5S8Ip }}" + }, + "sx" : { + "interface_name" : "{{ .Values.lte.spgwOneIf }}", + "ipv4_address" : "read" + }, + "spgw_app" : { + "sched_params" : { + "sched_policy" : "sched_fifo", + "sched_priority" : {{ .Values.lte.threadSpgwAppPrio }} + }, + "default_dns_ipv4_address" : "{{ .Values.lte.ueDnsServer }}", + "default_dns_sec_ipv4_address" : "{{ .Values.lte.ueDnsServerSec }}", + "default_dns_ipv6_address" : "2001:4860:4860::8888", + "default_dns_sec_ipv6_address" : "2001:4860:4860::8844", + "force_push_protocol_configuration_options" : {{ .Values.lte.pushProtocolOption }} + }, + "pdns" : + [ + { "apn_ni" : "{{ .Values.lte.apn }}", "dyn_ue_ipv4_range" : "{{ .Values.lte.dynUeIpv4Range }}" } + ], + "cups" : { + "association_retry_period_ms" : {{ .Values.lte.associationRetryPeriodMs }}, + "association_heartbeat_period_ms" : {{ .Values.lte.associationHeartbeatPeriodMs }}, + "feature_overload_control" : false, + "feature_load_control" : false, + "up_nodes_selection" : + [ + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 1, "pdn_idx" : 0, "id" : "gwu1.spgw.node.epc.mnc{{ .Values.lte.mnc3 }}.mcc{{ .Values.lte.mcc }}.3gppnetwork.org" }, + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 2, "pdn_idx" : 0, "id" : "gwu1.spgw.node.epc.mnc{{ .Values.lte.mnc3 }}.mcc{{ .Values.lte.mcc }}.3gppnetwork.org" }, + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 3, "pdn_idx" : 0, "id" : "gwu1.spgw.node.epc.mnc{{ .Values.lte.mnc3 }}.mcc{{ .Values.lte.mcc }}.3gppnetwork.org" }, + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 4, "pdn_idx" : 0, "id" : "gwu1.spgw.node.epc.mnc{{ .Values.lte.mnc3 }}.mcc{{ .Values.lte.mcc }}.3gppnetwork.org" } + ] + }, + "pcef" : { + "apn_ambr_ul_kbits" : 500000, + "apn_ambr_dl_kbits" : 500000 + } + } + diff --git a/charts/oai-spgwc/templates/configmap.yaml b/charts/oai-spgwc/templates/configmap.yaml index d8c2bbc..8f32187 100644 --- a/charts/oai-spgwc/templates/configmap.yaml +++ b/charts/oai-spgwc/templates/configmap.yaml @@ -3,13 +3,3 @@ kind: ConfigMap metadata: name: {{ .Chart.Name }}-configmap data: - pidDirectory: {{ .Values.lte.pidDirectory }} - sgwS11If: {{ .Values.lte.sgwS11If }} - sgwS5S8Ip: {{ .Values.lte.sgwS5S8Ip }} - pgwS5S8Ip: {{ .Values.lte.pgwS5S8Ip }} - pgwSxIf: {{ .Values.lte.pgwSxIf }} - ueIpAddressPool: {{ .Values.lte.ueIpAddressPool }} - apn: {{ .Values.lte.apn }} - ueDnsServer: {{ .Values.lte.ueDnsServer }} - ueDnsServerSec: {{ .Values.lte.ueDnsServerSec }} - pushProtocolOption: {{ .Values.lte.pushProtocolOption | quote }} diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index 0081808..18021fd 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -25,20 +25,17 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} containers: + {{- if .Values.start.tcpdump}} - name: tcpdump - image: corfr/tcpdump + image: "image-registry.openshift-image-registry.svc:5000/oai/tcpdump-internal:latest" command: - {{- if .Values.start.tcpdump}} - /bin/sh - -c - - /usr/sbin/tcpdump -i any port 2123 or port 8805 or arp or icmp -C 100 -W 10 -w /pcap/SPGWC_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap - {{- else}} - - /bin/sleep - - infinity - {{- end}} + - /usr/sbin/tcpdump -i any port {{ .Values.service.gtpcPort }} or port {{ .Values.service.pfcpPort }} or arp or icmp -C 100 -W 10 -w /pcap/SPGWC_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap volumeMounts: - mountPath: "/pcap" name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv + {{- end}} - name: spgwc image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -49,58 +46,17 @@ spec: name: oai-spgwc - containerPort: {{ .Values.service.gtpcPort }} name: s11 - env: - - name: PID_DIRECTORY - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: pidDirectory - - name: PGW_INTERFACE_NAME_FOR_SX - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: pgwSxIf - - name: SGW_INTERFACE_NAME_FOR_S11 - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: sgwS11If - - name: SGW_IP_FOR_S5_S8_CP - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: sgwS5S8Ip - - name: PGW_IP_FOR_S5_S8_CP - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: pgwS5S8Ip - - name: UE_IP_ADDRESS_POOL - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: ueIpAddressPool - - name: DEFAULT_APN - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: apn - - name: DEFAULT_DNS_IPV4_ADDRESS - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: ueDnsServer - - name: DEFAULT_DNS_SEC_IPV4_ADDRESS - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: ueDnsServerSec - - name: PUSH_PROTOCOL_OPTION - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: pushProtocolOption + volumeMounts: + - mountPath: /openair-spgwc/etc/spgw_c.json + name: cfg-vol + subPath: spgw_c.json + - mountPath: "/var/crash/core" + name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv {{- if .Values.start.spgwc}} + command: + - /bin/sh + - -c + - echo "/var/crash/core.%e.%p.%h.%t" > /proc/sys/kernel/core_pattern && /openair-spgwc/bin/oai_spgwc -c /openair-spgwc/etc/spgw_c.json {{ .Values.log.stdout }} {{ .Values.log.file }} > /var/crash/core/SPGWC_`date +%Y-%m-%d_%H_%M-%S-%Z`.log 2>&1 {{- else}} command: - /bin/sleep @@ -110,9 +66,12 @@ spec: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv persistentVolumeClaim: claimName: {{ .Chart.Name }}-{{ .Values.namespace }}-pvc + - configMap: + name: spgwc-cfg-configmap + name: cfg-vol dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler serviceAccountName: {{ .Values.serviceAccount.name }} - terminationGracePeriodSeconds: 15 + terminationGracePeriodSeconds: 5 diff --git a/charts/oai-spgwc/templates/multus.yaml b/charts/oai-spgwc/templates/multus.yaml index a82277a..883cae0 100644 --- a/charts/oai-spgwc/templates/multus.yaml +++ b/charts/oai-spgwc/templates/multus.yaml @@ -13,7 +13,7 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.18.156/24" + "address": {{- cat .Values.lte.spgwIpOneIf "/" .Values.lte.spgwNetmaskOneIf | nospace | quote }} } ] } diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index 208150e..513ba0c 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -9,7 +9,7 @@ namespace: "oai" image: registry: local repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwc - version: ue-mtu-1358 + version: sanitize-leak # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -47,18 +47,35 @@ service: start: spgwc: true - tcpdump: true + tcpdump: false +log: + # Leave string empty to disable + stdout: " -o " + file: " -r " lte: - pidDirectory: "/var/run" - sgwS11If: "net1" - sgwS5S8Ip: "127.0.58.2/8" - pgwS5S8Ip: "127.0.58.1/8" - pgwSxIf: "net1" - ueIpAddressPool: "192.168.21.2-192.168.21.200" + apn: "oai.ipv4" + mcc: "208" + mnc: "99" + mnc3: "099" + spgwOneIf: "net1" + spgwIpOneIf : "192.168.18.156" + spgwNetmaskOneIf : "24" + sgwS5S8Ip: "127.0.58.2" + pgwS5S8Ip: "127.0.58.1" ueDnsServer: "192.168.18.129" ueDnsServerSec: "192.168.18.129" - apn: "oai.ipv4" - pushProtocolOption: "yes" + pushProtocolOption: true + dynUeIpv4Range: "192.168.29.2 - 192.168.29.254" + associationRetryPeriodMs : "15000" + associationHeartbeatPeriodMs : "2000" + threadTimerPrio: "64" + threadpfcpPrio: "64" + threadgtpv2cPrio: "64" + threadSpgwAppPrio: "64" + n1: "3" + n3: "3" + t1MilliSec: "1000" + t3MilliSec: "1000" persistence: # make it true for the first time when you want to create persistance volume diff --git a/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml b/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml new file mode 100644 index 0000000..d082922 --- /dev/null +++ b/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml @@ -0,0 +1,73 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: spgwu{{ .Values.lte.instance }}-cfg-configmap +data: + spgw_u.conf: | + SPGW-U = + { + FQDN = "{{ .Values.lte.fqdn }}"; + INSTANCE = {{ .Values.lte.instance }}; # 0 is the default + PID_DIRECTORY = "{{ .Values.lte.pidDirectory }}"; # /var/run is the default + + INTERFACES : + { + S1U_S12_S4_UP : + { + # S-GW binded interface for S1-U communication (GTPV1-U) can be ethernet interface, virtual ethernet interface, we don't advise wireless interfaces + INTERFACE_NAME = "{{ .Values.lte.spgwOneIf }}"; # STRING, interface name, YOUR NETWORK CONFIG HERE + IPV4_ADDRESS = "read"; # STRING, CIDR or "read to let app read interface configured IP address + #PORT = 2152; # Default is 2152 + SCHED_PARAMS : + { + #CPU_ID = 2; + SCHED_POLICY = "SCHED_FIFO"; # Values in { SCHED_OTHER, SCHED_IDLE, SCHED_BATCH, SCHED_FIFO, SCHED_RR } + SCHED_PRIORITY = {{ .Values.lte.threadsS1uPrio }}; + POOL_SIZE = {{ .Values.lte.threadsS1uUl }}; # NUM THREADS + }; + }; + SX : + { + # S/P-GW binded interface for SX communication + INTERFACE_NAME = "{{ .Values.lte.spgwOneIf }}"; # STRING, interface name + IPV4_ADDRESS = "read"; # STRING, CIDR or "read" to let app read interface configured IP address + #PORT = 8805; # Default is 8805 + SCHED_PARAMS : + { + #CPU_ID = 1; + SCHED_POLICY = "SCHED_FIFO"; # Values in { SCHED_OTHER, SCHED_IDLE, SCHED_BATCH, SCHED_FIFO, SCHED_RR } + SCHED_PRIORITY = {{ .Values.lte.threadsSxPrio }}; + POOL_SIZE = {{ .Values.lte.threadsSx }}; # NUM THREADS + }; + }; + SGI : + { + # No config to set, the software will set the SGi interface to the interface used for the default route. + INTERFACE_NAME = "{{ .Values.lte.spgwOneIf }}"; # STRING, interface name or "default_gateway" + IPV4_ADDRESS = "read"; # STRING, CIDR or "read" to let app read interface configured IP address + SCHED_PARAMS : + { + #CPU_ID = 3; + SCHED_POLICY = "SCHED_FIFO"; # Values in { SCHED_OTHER, SCHED_IDLE, SCHED_BATCH, SCHED_FIFO, SCHED_RR } + SCHED_PRIORITY = {{ .Values.lte.threadsSgiPrio }}; + POOL_SIZE = {{ .Values.lte.threadsSgiDl }}; # NUM THREADS + }; + }; + }; + + SNAT = "{{ .Values.lte.netUeNatOption }}"; # SNAT Values in {yes, no} + PDN_NETWORK_LIST = ( + {NETWORK_IPV4 = "{{ .Values.lte.netUeIp }}";} # 1 ITEM SUPPORTED ONLY + ); + + SPGW-C_LIST = ( + {IPV4_ADDRESS="{{ .Values.lte.pgwcSxIp }}" ;} + ); + + NON_STANDART_FEATURES : + { + BYPASS_UL_PFCP_RULES = "{{ .Values.lte.bypassUlPfcpRules }}"; # 'no' for standart features, yes for enhancing UL throughput + }; + }; + diff --git a/charts/oai-spgwu-tiny/templates/configmap.yaml b/charts/oai-spgwu-tiny/templates/configmap.yaml deleted file mode 100644 index 68b905e..0000000 --- a/charts/oai-spgwu-tiny/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Chart.Name }}-configmap -data: - pidDirectory: {{ .Values.lte.pidDirectory }} - sgwS1uIf: {{ .Values.lte.sgwS1uIf }} - pgwSgiIf: {{ .Values.lte.pgwSgiIf }} - pgwuSgiGw: {{ .Values.lte.pgwuSgiGw }} - sgwSxIf: {{ .Values.lte.sgwSxIf }} - netUeIp: {{ .Values.lte.netUeIp }} - pgwcSxIp: {{ .Values.lte.pgwcSxIp }} - netUeNatOption: {{ .Values.lte.netUeNatOption | quote }} - threadsS1uUl: {{ .Values.lte.threadsS1uUl | quote }} - threadsSgiDl: {{ .Values.lte.threadsSgiDl | quote }} - threadsSx: {{ .Values.lte.threadsSx | quote }} - threadsSgiPrio: {{ .Values.lte.threadsSgiPrio | quote }} - threadsS1uPrio: {{ .Values.lte.threadsS1uPrio | quote }} - threadsSxPrio: {{ .Values.lte.threadsSxPrio | quote }} - bypassUlPfcpRules: {{ .Values.lte.bypassUlPfcpRules | quote }} diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index ce325c4..032e812 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Chart.Name }} + name: {{ .Chart.Name }}-{{ .Values.lte.instance }} labels: {{- include "oai-spgwu-tiny.labels" . | nindent 4 }} spec: @@ -18,8 +18,8 @@ spec: annotations: k8s.v1.cni.cncf.io/networks: >- [{ - "name": "oai-spgwu-tiny-oai-net1", - "default-route": ["192.168.18.129"] + "name": "{{ .Chart.Name }}-{{ .Values.lte.instance }}-{{ .Values.namespace }}-net1", + "default-route": ["{{ .Values.lte.pgwuSgiGw }}"] }] spec: securityContext: @@ -29,21 +29,18 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} containers: + {{- if .Values.start.tcpdump }} - name: tcpdump - image: corfr/tcpdump + image: "image-registry.openshift-image-registry.svc:5000/oai/tcpdump-internal:latest" command: - {{- if .Values.start.tcpdump}} - /bin/sh - -c - - /usr/sbin/tcpdump -i any -C 100 -W 10 -w /pcap/SPGWU_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap - # - /usr/sbin/tcpdump -i any port 2152 or port 8805 or port 5001 or arp or icmp -C 100 -W 10 -w /pcap/SPGWU_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap - {{- else}} - - /bin/sleep - - infinity - {{- end}} + - /usr/sbin/tcpdump -i any -C 100 -W 10 -w /pcap/SPGWU{{ .Values.lte.instance }}_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + # - /usr/sbin/tcpdump -i any port 2152 or port 8805 or port 5001 or arp or icmp -C 100 -W 10 -w /pcap/SPGWU{{ .Values.lte.instance }}_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap volumeMounts: - mountPath: "/pcap" name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv + {{- end }} - name: spgwu image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -56,83 +53,15 @@ spec: name: s1u - containerPort: 5001 name: iperf - env: - - name: PID_DIRECTORY - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: pidDirectory - - name: SGW_INTERFACE_NAME_FOR_S1U_S12_S4_UP - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: sgwS1uIf - - name: SGW_INTERFACE_NAME_FOR_SX - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: sgwSxIf - - name: PGW_INTERFACE_NAME_FOR_SGI - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: pgwSgiIf - - name: NETWORK_UE_IP - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: netUeIp - - name: NETWORK_UE_NAT_OPTION - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: netUeNatOption - - name: SPGWC0_IP_ADDRESS - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: pgwcSxIp - - name: PGWU_SGI_GW - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: pgwuSgiGw - - name: S1U_THREADS - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: threadsS1uUl - - name: SGI_THREADS - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: threadsSgiDl - - name: SX_THREADS - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: threadsSx - - name: THREAD_SGI_PRIO - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: threadsSgiPrio - - name: THREAD_S1U_PRIO - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: threadsS1uPrio - - name: THREAD_SX_PRIO - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: threadsSxPrio - - name: BYPASS_UL_PFCP_RULES - valueFrom: - configMapKeyRef: - name: {{ .Chart.Name }}-configmap - key: bypassUlPfcpRules + volumeMounts: + - mountPath: /openair-spgwu-tiny/etc/spgw_u.conf + name: cfg-vol + subPath: spgw_u.conf {{- if .Values.start.spgwu}} + command: + - /bin/sh + - -c + - /openair-spgwu-tiny/bin/oai_spgwu -c /openair-spgwu-tiny/etc/spgw_u.conf {{ .Values.log.stdout }} {{ .Values.log.file }} {{- else}} command: - /bin/sleep @@ -148,12 +77,15 @@ spec: volumes: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv persistentVolumeClaim: - claimName: {{ .Chart.Name }}-{{ .Values.namespace }}-pvc + claimName: {{ .Chart.Name }}-{{ .Values.namespace }}-pvc + - configMap: + name: spgwu{{ .Values.lte.instance }}-cfg-configmap + name: cfg-vol dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler serviceAccountName: {{ .Values.serviceAccount.name }} - terminationGracePeriodSeconds: 15 + terminationGracePeriodSeconds: 5 # RT worker - nodeName: dedale.5glab.nsa.eurecom.fr + # nodeName: dedale.5glab.nsa.eurecom.fr diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index 2ec17c6..9e11be8 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -2,7 +2,7 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 + name: {{ .Chart.Name }}-{{ .Values.lte.instance }}-{{ .Values.namespace }}-net1 spec: config: '{ "cniVersion": "0.3.0", @@ -13,7 +13,7 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.18.151/24" + "address": {{- cat .Values.lte.spgwIpOneIf "/" .Values.lte.spgwNetmaskOneIf | nospace | quote }} } ] } diff --git a/charts/oai-spgwu-tiny/templates/rbac.yaml b/charts/oai-spgwu-tiny/templates/rbac.yaml index 4c7d8d7..40d3299 100644 --- a/charts/oai-spgwu-tiny/templates/rbac.yaml +++ b/charts/oai-spgwu-tiny/templates/rbac.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac + name: {{ .Chart.Name }}-{{ .Values.lte.instance }}-{{ .Values.namespace }}-rbac roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/oai-spgwu-tiny/templates/service.yaml b/charts/oai-spgwu-tiny/templates/service.yaml index 5e57abd..e63b704 100644 --- a/charts/oai-spgwu-tiny/templates/service.yaml +++ b/charts/oai-spgwu-tiny/templates/service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Chart.Name }} + name: {{ .Chart.Name }}-{{ .Values.lte.instance }} labels: {{- include "oai-spgwu-tiny.labels" . | nindent 4 }} spec: diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 05cde44..3164fe0 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -9,7 +9,7 @@ namespace: "oai" image: registry: local repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwu-tiny - version: stable + version: multi-spgwu # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -49,14 +49,20 @@ service: start: spgwu: true - tcpdump: true + tcpdump: false +log: + # Leave string empty to disable + stdout: " -o " + file: " -r " lte: + instance: 0 + fqdn: "gwu1.spgw.node.epc.mnc099.mcc208.3gppnetwork.org" pidDirectory: "/var/run" - sgwS1uIf: "net1" - sgwSxIf: "net1" - pgwSgiIf: "net1" + spgwOneIf: "net1" + spgwIpOneIf: "192.168.18.151" + spgwNetmaskOneIf: "24" pgwuSgiGw: "192.168.18.129" - netUeIp: "192.168.21.0/24" + netUeIp: "192.168.29.0/24" pgwcSxIp: "192.168.18.156" netUeNatOption: "yes" threadsS1uUl: "16" From 1d2e851047a09b576155b21f758e024e2dad7a87 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Mon, 16 Aug 2021 19:24:22 +0200 Subject: [PATCH 63/82] Update HSS image repository Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-hss/templates/deployment.yaml | 4 ++-- manifests/oai-hss/05_deployment.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/oai-hss/templates/deployment.yaml b/charts/oai-hss/templates/deployment.yaml index 013fd65..03492d9 100644 --- a/charts/oai-hss/templates/deployment.yaml +++ b/charts/oai-hss/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: {{- end }} initContainers: - name: init-db - image: cassandra:3.11 + image: image-registry.openshift-image-registry.svc:5000/oai/cassandra:3.11 command: - sh - -c @@ -109,7 +109,7 @@ spec: name: {{ .Chart.Name }}-configmap key: numSubscribers - name: tcpdump - image: corfr/tcpdump + image: "image-registry.openshift-image-registry.svc:5000/oai/tcpdump-internal:latest" command: - /bin/sleep - infinity diff --git a/manifests/oai-hss/05_deployment.yaml b/manifests/oai-hss/05_deployment.yaml index 5eb35b8..2a75e09 100644 --- a/manifests/oai-hss/05_deployment.yaml +++ b/manifests/oai-hss/05_deployment.yaml @@ -20,7 +20,7 @@ spec: spec: containers: - name: hss - image: image-registry.openshift-image-registry.svc:5000/oai/oai-hss:develop-vco3 + image: image-registry.openshift-image-registry.svc:5000/oai/oai-hss:onap-0.1.0 imagePullPolicy: Always #command: ['sh', '-c', 'sleep infinity'] ports: @@ -86,7 +86,7 @@ spec: - sh - -c - cqlsh cassandra-0.cassandra.oai.svc.cluster.local --file /root/oai_db.cql - image: cassandra:3.11 + image: image-registry.openshift-image-registry.svc:5000/oai/cassandra:3.11 name: init-db restartPolicy: Never volumeMounts: From ca816ee7513f77bc59877d860882dac1e5ab554d Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 18 Aug 2021 12:30:44 +0200 Subject: [PATCH 64/82] upgrade magma mme config file Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- .../templates/mme-cfg-configmap.yaml | 36 ++++++++++++++++++- charts/magma-oai-mme/values.yaml | 9 +++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml b/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml index 1d69ea7..25e382d 100644 --- a/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml +++ b/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml @@ -22,8 +22,21 @@ data: EPS_NETWORK_FEATURE_SUPPORT_LOCATION_SERVICES_VIA_EPC = "no"; # DO NOT CHANGE EPS_NETWORK_FEATURE_SUPPORT_EXTENDED_SERVICE_REQUEST = "no"; # DO NOT CHANGE # Display statistics about whole system (expressed in seconds) - MME_STATISTIC_TIMER = 10; + STATS_TIMER_SEC = 6; + USE_STATELESS = "{{ .Values.mmeConf.useStateless }}"; + USE_HA = "{{ .Values.mmeConf.useHa }}"; + ENABLE_GTPU_PRIVATE_IP_CORRECTION = "{{ .Values.mmeConf.enableGtpuPrivateIpCorrection }}"; + ENABLE_CONVERGED_CORE = "{{ .Values.mmeConf.enableConvergedCore }}"; + + # Congestion control configuration parameters + CONGESTION_CONTROL_ENABLED = "{{ .Values.mmeConf.congestionControlEnabled }}"; + # Congestion control thresholds (expressed in microseconds) + S1AP_ZMQ_TH = {{ .Values.mmeConf.s1apZmqThUs }}; + MME_APP_ZMQ_CONGEST_TH = {{ .Values.mmeConf.mmeAppZmqCongestThUs }}; + MME_APP_ZMQ_AUTH_TH = {{ .Values.mmeConf.mmeAppZmqAuthThUs }}; + MME_APP_ZMQ_IDENT_TH = {{ .Values.mmeConf.mmeAppZmqIdentThUs }}; + MME_APP_ZMQ_SMC_TH = {{ .Values.mmeConf.mmeAppZmqSmcThUs }}; INTERTASK_INTERFACE : { @@ -67,6 +80,19 @@ data: TAI_LIST = {{ .Values.mmeConf.taiList }} + TAC_LIST = (); + + # List of restricted PLMNs + # By default this list is empty + # Max number of restricted plmn is 10 + RESTRICTED_PLMN_LIST = (); + + # List of blocked IMEIs + # By default this list is empty + # Stored in a hash table on mme side + # Length of IMEI=15 digits, length of IMEISV=16 digits + BLOCKED_IMEI_LIST = (); + CSFB : { NON_EPS_SERVICE_CONTROL = "{{ .Values.mmeConf.nonEpsServiceControl }}"; @@ -212,5 +238,13 @@ data: # S-GW binded interface for S11 communication (GTPV2-C), if none selected the ITTI message interface is used SGW_IPV4_ADDRESS_FOR_S11 = "{{ .Values.mmeConf.remoteSgwIp }}"; }; + + + FEDERATED_MODE_MAP = ( + # ModeMapItem values can be found at magma/lte/protos/mconfig/mconfigs.proto + ); + + SRVC_AREA_CODE_2_TACS_MAP = (); + SENTRY_CONFIG = {}; }; diff --git a/charts/magma-oai-mme/values.yaml b/charts/magma-oai-mme/values.yaml index 89813dc..ab00c25 100644 --- a/charts/magma-oai-mme/values.yaml +++ b/charts/magma-oai-mme/values.yaml @@ -73,6 +73,15 @@ mmeConf: fdHssHostname: "oai-hss" hssDomainName: "oai.svc.cluster.local" useStateless: "true" + useHa: "false" + enableGtpuPrivateIpCorrection: "false" + enableConvergedCore: "false" + congestionControlEnabled: "false" + s1apZmqThUs: 2000000 # delay threshold used for dropping initial UE message + mmeAppZmqCongestThUs: 100000 # delay threshold used for rejecting attach requests + mmeAppZmqAuthThUs: 200000 # delay threshold used for dropping Authentication Complete + mmeAppZmqIdentThUs: 400000 # delay threshold used for dropping Identification Complete + mmeAppZmqSmcThUs: 1000000 # delay threshold used for dropping SMC Complete logLevel: "TRACE" oaiLogLevel: "TRACE" mcc: &mcc "208" From 438546bbb3b9fffa0ba1d6e8c9f93fadf4a6c33f Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 18 May 2022 15:13:11 +0200 Subject: [PATCH 65/82] charts in progress --- .../magma-oai-mme/templates/deployment.yaml | 2 +- charts/magma-oai-mme/values.yaml | 7 +++--- charts/oai-hss/Chart.yaml | 4 ++-- charts/oai-hss/templates/deployment.yaml | 6 ++--- charts/oai-hss/templates/multus.yaml | 4 ++-- charts/oai-hss/values.yaml | 4 ++-- charts/oai-spgwc/Chart.yaml | 4 ++-- charts/oai-spgwc/templates/deployment.yaml | 2 +- charts/oai-spgwc/values.yaml | 10 ++++---- charts/oai-spgwu-tiny/Chart.yaml | 4 ++-- .../templates/cfg-configmap.yaml | 23 +++++++++++++++++++ .../oai-spgwu-tiny/templates/deployment.yaml | 2 +- charts/oai-spgwu-tiny/values.yaml | 12 +++++----- 13 files changed, 53 insertions(+), 31 deletions(-) diff --git a/charts/magma-oai-mme/templates/deployment.yaml b/charts/magma-oai-mme/templates/deployment.yaml index 0a0b984..1016f31 100644 --- a/charts/magma-oai-mme/templates/deployment.yaml +++ b/charts/magma-oai-mme/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: containers: {{- if .Values.start.tcpdump}} - name: tcpdump - image: "image-registry.openshift-image-registry.svc:5000/oai/tcpdump-internal:latest" + image: "network-tools-rhel8:v4.10.0-202205022327.p0.gbcfec9c.assembly.stream" volumeMounts: - mountPath: /pcap name: {{.Chart.Name}}-{{.Values.namespace}}-pv diff --git a/charts/magma-oai-mme/values.yaml b/charts/magma-oai-mme/values.yaml index ab00c25..17e8071 100644 --- a/charts/magma-oai-mme/values.yaml +++ b/charts/magma-oai-mme/values.yaml @@ -5,14 +5,13 @@ replicaCount: 1 -namespace: "oai" +namespace: "oai4g" image: registry: local - # repository: image-registry.openshift-image-registry.svc:5000/oai-cn/magma-mme - repository: image-registry.openshift-image-registry.svc:5000/oai/magma-mme + repository: image-registry.openshift-image-registry.svc:5000/oai4g/magma-oai-mme # version: stable - version: master-81a44df-20210413 + version: oai-oc # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always diff --git a/charts/oai-hss/Chart.yaml b/charts/oai-hss/Chart.yaml index 87a942f..c92729d 100644 --- a/charts/oai-hss/Chart.yaml +++ b/charts/oai-hss/Chart.yaml @@ -16,11 +16,11 @@ icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_fin # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.1 +version: 1.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: onap-0.1.0 +appVersion: oc-1.0.0 keywords: - Core Network diff --git a/charts/oai-hss/templates/deployment.yaml b/charts/oai-hss/templates/deployment.yaml index 03492d9..65a4594 100644 --- a/charts/oai-hss/templates/deployment.yaml +++ b/charts/oai-hss/templates/deployment.yaml @@ -16,7 +16,7 @@ spec: labels: {{- include "oai-hss.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net6 + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} @@ -26,7 +26,7 @@ spec: {{- end }} initContainers: - name: init-db - image: image-registry.openshift-image-registry.svc:5000/oai/cassandra:3.11 + image: image-registry.openshift-image-registry.svc:5000/oai4g/cassandra:3.11.6-ubi7 command: - sh - -c @@ -109,7 +109,7 @@ spec: name: {{ .Chart.Name }}-configmap key: numSubscribers - name: tcpdump - image: "image-registry.openshift-image-registry.svc:5000/oai/tcpdump-internal:latest" + image: "network-tools-rhel8:v4.10.0-202205022327.p0.gbcfec9c.assembly.stream" command: - /bin/sleep - infinity diff --git a/charts/oai-hss/templates/multus.yaml b/charts/oai-hss/templates/multus.yaml index 01f03ae..c1b1a2c 100644 --- a/charts/oai-hss/templates/multus.yaml +++ b/charts/oai-hss/templates/multus.yaml @@ -2,7 +2,7 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net6 + name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 spec: config: '{ "cniVersion": "0.3.0", @@ -13,7 +13,7 @@ spec: "type": "static", "addresses": [ { - "address": "192.168.18.176/24", + "address": "172.21.6.180/22", "gateway": "192.168.18.1" } ] diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index e4241dc..2fc0185 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -4,11 +4,11 @@ replicaCount: 1 -namespace: "oai" +namespace: "oai4g" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai/oai-hss + repository: image-registry.openshift-image-registry.svc:5000/oai4g/oai-hss version: stable # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always diff --git a/charts/oai-spgwc/Chart.yaml b/charts/oai-spgwc/Chart.yaml index 46e9442..6adb4b2 100644 --- a/charts/oai-spgwc/Chart.yaml +++ b/charts/oai-spgwc/Chart.yaml @@ -16,11 +16,11 @@ icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_fin # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.0 +version: 1.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: onap-0.1.0 +appVersion: oc-1.0.0 keywords: - Core Network diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index 18021fd..32b9a0b 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -27,7 +27,7 @@ spec: containers: {{- if .Values.start.tcpdump}} - name: tcpdump - image: "image-registry.openshift-image-registry.svc:5000/oai/tcpdump-internal:latest" + image: "network-tools-rhel8:v4.10.0-202205022327.p0.gbcfec9c.assembly.stream" command: - /bin/sh - -c diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index 513ba0c..c8e4549 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -4,12 +4,12 @@ replicaCount: 1 -namespace: "oai" +namespace: "oai4g" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwc - version: sanitize-leak + repository: image-registry.openshift-image-registry.svc:5000/oai4g/oai-spgwc + version: oai-oc # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -58,8 +58,8 @@ lte: mnc: "99" mnc3: "099" spgwOneIf: "net1" - spgwIpOneIf : "192.168.18.156" - spgwNetmaskOneIf : "24" + spgwIpOneIf : "172.21.6.181" + spgwNetmaskOneIf : "22" sgwS5S8Ip: "127.0.58.2" pgwS5S8Ip: "127.0.58.1" ueDnsServer: "192.168.18.129" diff --git a/charts/oai-spgwu-tiny/Chart.yaml b/charts/oai-spgwu-tiny/Chart.yaml index 8665a96..e1667e7 100644 --- a/charts/oai-spgwu-tiny/Chart.yaml +++ b/charts/oai-spgwu-tiny/Chart.yaml @@ -16,11 +16,11 @@ icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_fin # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.1 +version: 1.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: onap-0.1.0 +appVersion: oc-1.0.0 # TODO #dependencies: diff --git a/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml b/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml index d082922..e27306a 100644 --- a/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml +++ b/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml @@ -69,5 +69,28 @@ data: { BYPASS_UL_PFCP_RULES = "{{ .Values.lte.bypassUlPfcpRules }}"; # 'no' for standart features, yes for enhancing UL throughput }; + + SUPPORT_5G_FEATURES: + { + # STRING, {"yes", "no"}, + ENABLE_5G_FEATURES = "no" # Set to 'yes' to support 5G Features + REGISTER_NRF = "no"; # Set to 'yes' if UPF resgisters to an NRF + USE_FQDN_NRF = "no"; # Set to 'yes' if UPF relies on a DNS/FQDN service to resolve NRF's FQDN + UPF_FQDN_5G = "oai-spgwu-tiny-svc"; #Set FQDN of UPF + + NRF : + { + IPV4_ADDRESS = "127.0.0.1"; # YOUR NRF CONFIG HERE + PORT = 80; # YOUR NRF CONFIG HERE (default: 80) + HTTP_VERSION = 1; #Set HTTP version for NRF (1 or 2)Default 1 + API_VERSION = "v1"; # YOUR NRF API VERSION HERE + FQDN = "gw.openairinterface.org"; + }; + + # Additional info to be sent to NRF for supporting Network Slicing + UPF_INFO = ( + { NSSAI_SST = 1; NSSAI_SD = "2"; DNN_LIST = ({DNN = "default";}); } + ); + } }; diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index 032e812..090df18 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -31,7 +31,7 @@ spec: containers: {{- if .Values.start.tcpdump }} - name: tcpdump - image: "image-registry.openshift-image-registry.svc:5000/oai/tcpdump-internal:latest" + image: "network-tools-rhel8:v4.10.0-202205022327.p0.gbcfec9c.assembly.stream" command: - /bin/sh - -c diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 3164fe0..6dc7bcb 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -4,12 +4,12 @@ replicaCount: 1 -namespace: "oai" +namespace: "oai4g" image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai/oai-spgwu-tiny - version: multi-spgwu + repository: image-registry.openshift-image-registry.svc:5000/oai4g/oai-spgwu-tiny + version: oai-oc # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -59,9 +59,9 @@ lte: fqdn: "gwu1.spgw.node.epc.mnc099.mcc208.3gppnetwork.org" pidDirectory: "/var/run" spgwOneIf: "net1" - spgwIpOneIf: "192.168.18.151" - spgwNetmaskOneIf: "24" - pgwuSgiGw: "192.168.18.129" + spgwIpOneIf: "172.21.6.183" + spgwNetmaskOneIf: "22" + pgwuSgiGw: "172.21.7.254" netUeIp: "192.168.29.0/24" pgwcSxIp: "192.168.18.156" netUeNatOption: "yes" From c2807d40c65b2811828da7d7df0d42d04123c5a3 Mon Sep 17 00:00:00 2001 From: Sagar Arora Date: Thu, 19 May 2022 17:53:00 +0200 Subject: [PATCH 66/82] fix the charts with right permissions --- charts/cassandra/.helmignore | 21 + charts/cassandra/Chart.lock | 6 + charts/cassandra/Chart.yaml | 26 + charts/cassandra/README.md | 454 ++++++++++ charts/cassandra/charts/common-1.14.0.tgz | Bin 0 -> 14386 bytes charts/cassandra/templates/NOTES.txt | 91 ++ charts/cassandra/templates/_helpers.tpl | 254 ++++++ .../cassandra/templates/cassandra-secret.yaml | 40 + charts/cassandra/templates/extra-list.yaml | 4 + charts/cassandra/templates/headless-svc.yaml | 35 + charts/cassandra/templates/networkpolicy.yaml | 43 + charts/cassandra/templates/pdb.yaml | 23 + charts/cassandra/templates/rbac.yaml | 42 + charts/cassandra/templates/service.yaml | 52 ++ .../cassandra/templates/serviceaccount.yaml | 19 + .../cassandra/templates/servicemonitor.yaml | 43 + charts/cassandra/templates/statefulset.yaml | 558 +++++++++++++ charts/cassandra/templates/tls-secret.yaml | 25 + charts/cassandra/values.yaml | 775 ++++++++++++++++++ charts/magma-oai-mme/Chart.yaml | 2 +- .../magma-oai-mme/templates/deployment.yaml | 51 +- .../templates/mme-cfg-configmap.yaml | 2 +- .../templates/mme-configmap.yaml | 4 +- .../templates/mme-fd-configmap.yaml | 6 +- charts/magma-oai-mme/templates/multus.yaml | 4 +- charts/magma-oai-mme/templates/rbac.yaml | 47 +- charts/magma-oai-mme/values.yaml | 39 +- charts/oai-hss/templates/deployment.yaml | 30 +- charts/oai-hss/templates/multus.yaml | 7 +- .../templates/pvc.yaml | 7 +- charts/oai-hss/templates/rbac.yaml | 44 +- charts/oai-hss/values.yaml | 48 +- charts/oai-mme/templates/deployment.yaml | 33 +- charts/oai-mme/templates/multus.yaml | 18 +- charts/oai-mme/templates/pvc.yaml | 4 +- charts/oai-mme/templates/rbac.yaml | 44 +- charts/oai-mme/values.yaml | 31 +- charts/oai-spgwc/templates/deployment.yaml | 41 +- charts/oai-spgwc/templates/multus.yaml | 2 +- charts/oai-spgwc/templates/rbac.yaml | 45 +- charts/oai-spgwc/values.yaml | 27 +- .../oai-spgwu-tiny/templates/deployment.yaml | 46 +- charts/oai-spgwu-tiny/templates/multus.yaml | 4 +- charts/oai-spgwu-tiny/templates/rbac.yaml | 44 +- charts/oai-spgwu-tiny/values.yaml | 36 +- 45 files changed, 3010 insertions(+), 167 deletions(-) create mode 100644 charts/cassandra/.helmignore create mode 100644 charts/cassandra/Chart.lock create mode 100644 charts/cassandra/Chart.yaml create mode 100644 charts/cassandra/README.md create mode 100644 charts/cassandra/charts/common-1.14.0.tgz create mode 100644 charts/cassandra/templates/NOTES.txt create mode 100644 charts/cassandra/templates/_helpers.tpl create mode 100644 charts/cassandra/templates/cassandra-secret.yaml create mode 100644 charts/cassandra/templates/extra-list.yaml create mode 100644 charts/cassandra/templates/headless-svc.yaml create mode 100644 charts/cassandra/templates/networkpolicy.yaml create mode 100644 charts/cassandra/templates/pdb.yaml create mode 100644 charts/cassandra/templates/rbac.yaml create mode 100644 charts/cassandra/templates/service.yaml create mode 100644 charts/cassandra/templates/serviceaccount.yaml create mode 100644 charts/cassandra/templates/servicemonitor.yaml create mode 100644 charts/cassandra/templates/statefulset.yaml create mode 100644 charts/cassandra/templates/tls-secret.yaml create mode 100644 charts/cassandra/values.yaml rename charts/{magma-oai-mme => oai-hss}/templates/pvc.yaml (56%) diff --git a/charts/cassandra/.helmignore b/charts/cassandra/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/cassandra/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/cassandra/Chart.lock b/charts/cassandra/Chart.lock new file mode 100644 index 0000000..703051d --- /dev/null +++ b/charts/cassandra/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.14.0 +digest: sha256:965d4465e4039d36637175307a8edfc13a53414d3bb698c0d26c8acc1cf3ec3d +generated: "2022-05-19T17:06:29.542872245+02:00" diff --git a/charts/cassandra/Chart.yaml b/charts/cassandra/Chart.yaml new file mode 100644 index 0000000..7f4144d --- /dev/null +++ b/charts/cassandra/Chart.yaml @@ -0,0 +1,26 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 4.0.3 +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: Apache Cassandra is an open source distributed database management system designed to handle large amounts of data across many servers, providing high availability with no single point of failure. +engine: gotpl +home: https://github.com/bitnami/charts/tree/master/bitnami/cassandra +icon: https://bitnami.com/assets/stacks/cassandra/img/cassandra-stack-220x234.png +keywords: + - cassandra + - database + - nosql +maintainers: + - email: containers@bitnami.com + name: Bitnami +name: cassandra +sources: + - https://github.com/bitnami/bitnami-docker-cassandra + - http://cassandra.apache.org +version: 9.1.21 diff --git a/charts/cassandra/README.md b/charts/cassandra/README.md new file mode 100644 index 0000000..29fff88 --- /dev/null +++ b/charts/cassandra/README.md @@ -0,0 +1,454 @@ + + +# Apache Cassandra packaged by Bitnami + +Apache Cassandra is an open source distributed database management system designed to handle large amounts of data across many servers, providing high availability with no single point of failure. + +[Overview of Apache Cassandra](http://cassandra.apache.org/) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/cassandra +``` + +## Introduction + +This chart bootstraps an [Apache Cassandra](https://github.com/bitnami/bitnami-docker-cassandra) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/cassandra +``` + +These commands deploy one node with Apache Cassandra on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` release: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `commonLabels` | Labels to add to all deployed objects (sub-charts are not considered) | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### Cassandra parameters + +| Name | Description | Value | +| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- | +| `image.registry` | Cassandra image registry | `docker.io` | +| `image.repository` | Cassandra image repository | `bitnami/cassandra` | +| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.0.3-debian-10-r59` | +| `image.pullPolicy` | image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Cassandra image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `dbUser.user` | Cassandra admin user | `cassandra` | +| `dbUser.forcePassword` | Force the user to provide a non | `false` | +| `dbUser.password` | Password for `dbUser.user`. Randomly generated if empty | `""` | +| `dbUser.existingSecret` | Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`) | `""` | +| `initDBConfigMap` | ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data | `""` | +| `initDBSecret` | Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data | `""` | +| `existingConfiguration` | ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart | `""` | +| `cluster.name` | Cassandra cluster name | `cassandra` | +| `cluster.seedCount` | Number of seed nodes | `1` | +| `cluster.numTokens` | Number of tokens for each node | `256` | +| `cluster.datacenter` | Datacenter name | `dc1` | +| `cluster.rack` | Rack name | `rack1` | +| `cluster.endpointSnitch` | Endpoint Snitch | `SimpleSnitch` | +| `cluster.internodeEncryption` | DEPRECATED: use tls.internode and tls.client instead. Encryption values. | `none` | +| `cluster.clientEncryption` | Client Encryption | `false` | +| `cluster.extraSeeds` | For an external/second cassandra ring. | `[]` | +| `cluster.enableUDF` | Enable User defined functions | `false` | +| `jvm.extraOpts` | Set the value for Java Virtual Machine extra options | `""` | +| `jvm.maxHeapSize` | Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` | `""` | +| `jvm.newHeapSize` | Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil` | `""` | +| `command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `extraEnvVars` | Extra environment variables to be set on cassandra container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | + + +### Statefulset parameters + +| Name | Description | Value | +| --------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- | +| `replicaCount` | Number of Cassandra replicas | `1` | +| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` | +| `priorityClassName` | Cassandra pods' priority. | `""` | +| `podAnnotations` | Additional pod annotations | `{}` | +| `podLabels` | Additional pod labels | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set Cassandra container's Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Force the container to be run as non root | `true` | +| `resources.limits` | The resources limits for Cassandra containers | `{}` | +| `resources.requests` | The requested resources for Cassandra containers | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `lifecycleHooks` | Override default etcd container hooks | `{}` | +| `schedulerName` | Alternative scheduler | `""` | +| `extraVolumes` | Optionally specify extra list of additional volumes for cassandra container | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra container | `[]` | +| `initContainers` | Add additional init containers to the cassandra pods | `[]` | +| `sidecars` | Add additional sidecar containers to the cassandra pods | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Mininimum number of pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | +| `hostNetwork` | Enable HOST Network | `false` | +| `containerPorts.intra` | Intra Port on the Host and Container | `7000` | +| `containerPorts.tls` | TLS Port on the Host and Container | `7001` | +| `containerPorts.jmx` | JMX Port on the Host and Container | `7199` | +| `containerPorts.cql` | CQL Port on the Host and Container | `9042` | + + +### RBAC parameters + +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------- | ------ | +| `serviceAccount.create` | Enable the creation of a ServiceAccount for Cassandra pods | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.annotations` | Annotations for Cassandra Service Account | `{}` | +| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `true` | + + +### Traffic Exposure Parameters + +| Name | Description | Value | +| ---------------------------------- | ----------------------------------------------------------------------------- | ----------- | +| `service.type` | Cassandra service type | `ClusterIP` | +| `service.ports.cql` | Cassandra service CQL Port | `9042` | +| `service.ports.metrics` | Cassandra service metrics port | `8080` | +| `service.nodePorts.cql` | Node port for CQL | `""` | +| `service.nodePorts.metrics` | Node port for metrics | `""` | +| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | +| `service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | +| `service.clusterIP` | Service Cluster IP | `""` | +| `service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | +| `service.annotations` | Provide any additional annotations which may be required. | `{}` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | + + +### Persistence parameters + +| Name | Description | Value | +| -------------------------------- | -------------------------------------------------------------------------------------------------- | -------------------- | +| `persistence.enabled` | Enable Cassandra data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir | `true` | +| `persistence.storageClass` | PVC Storage Class for Cassandra data volume | `""` | +| `persistence.commitStorageClass` | PVC Storage Class for Cassandra Commit Log volume | `""` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.accessModes` | Persistent Volume Access Mode | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for Cassandra data volume | `8Gi` | +| `persistence.mountPath` | The path the data volume will be mounted at | `/bitnami/cassandra` | + + +### Volume Permissions parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | +| `volumePermissions.image.registry` | Init container volume | `docker.io` | +| `volumePermissions.image.repository` | Init container volume | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume | `10-debian-10-r400` | +| `volumePermissions.image.pullPolicy` | Init container volume | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | +| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | + + +### Metrics parameters + +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------ | ---------------------------- | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Cassandra exporter image registry | `docker.io` | +| `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` | +| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-10-r23` | +| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.resources.limits` | The resources limits for the container | `{}` | +| `metrics.resources.requests` | The requested resources for the container | `{}` | +| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | +| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` | +| `metrics.containerPorts.http` | HTTP Port on the Host and Container | `8080` | +| `metrics.containerPorts.jmx` | JMX Port on the Host and Container | `5555` | + + +### TLS/SSL parameters + +| Name | Description | Value | +| ----------------------------- | --------------------------------------------------------------------------------------------- | ------- | +| `tls.internodeEncryption` | Set internode encryption | `none` | +| `tls.clientEncryption` | Set client-server encryption | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates. Currently only supports PEM certificates | `false` | +| `tls.existingSecret` | Existing secret that contains Cassandra Keystore and truststore | `""` | +| `tls.passwordsSecret` | Secret containing the Keystore and Truststore passwords if needed | `""` | +| `tls.keystorePassword` | Password for the keystore, if needed. | `""` | +| `tls.truststorePassword` | Password for the truststore, if needed. | `""` | +| `tls.resources.limits` | The resources limits for the TLS init container | `{}` | +| `tls.resources.requests` | The requested resources for the TLS init container | `{}` | +| `tls.certificatesSecret` | Secret with the TLS certificates. | `""` | +| `tls.tlsEncryptionSecretName` | Secret with the encryption of the TLS certificates | `""` | + + +The above parameters map to the env variables defined in [bitnami/cassandra](https://github.com/bitnami/bitnami-docker-cassandra). For more information please refer to the [bitnami/cassandra](https://github.com/bitnami/bitnami-docker-cassandra) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set dbUser.user=admin,dbUser.password=password \ + bitnami/cassandra +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml bitnami/cassandra +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Enable TLS + +This chart supports TLS between client and server and between nodes, as explained below: + +* For internode cluster encryption, set the `tls.internodeEncryption` chart parameter to a value different from `none`. Available values are `all`, `dc` or `rack`. +* For client-server encryption, set the `tls.clientEncryption` chart parameter to `true`. + +In both cases, it is also necessary to create a secret containing the keystore and truststore certificates and their corresponding protection passwords. This secret is to be passed to the chart via the `tls.existingSecret` parameter at deployment-time. + +Refer to the chart documentation for more [information on creating the secret and a TLS deployment example](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/administration/enable-tls/). + +### Use a custom configuration file + +This chart also supports mounting custom configuration file(s) for Apache Cassandra. This is achieved by setting the `existingConfiguration` parameter with the name of a ConfigMap that includes the custom configuration file(s). + +> NOTE: This ConfigMap will override other Apache Cassandra configuration variables set in the chart. + +Refer to the chart documentation for more [information on customizing an Apache Cassandra deployment](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/configuration/customize-new-instance/). + +### Initialize the database + +The [Bitnami Apache Cassandra image](https://github.com/bitnami/bitnami-docker-cassandra) image supports the use of custom scripts to initialize a fresh instance. This may be done by creating a Kubernetes ConfigMap that includes the necessary *sh* or *cql* scripts and passing this ConfigMap to the chart via the *initDBConfigMap* parameter. + +Refer to the chart documentation for more [information on customizing an Apache Cassandra deployment](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/configuration/customize-new-instance/). + +### Set pod affinity + +This chart allows you to set custom pod affinity using the `XXX.affinity` parameter(s). Find more information about pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Persistence + +The [Bitnami Apache Cassandra](https://github.com/bitnami/bitnami-docker-cassandra) image stores the Apache Cassandra data at the `/bitnami/cassandra` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +### Adjust permissions of persistent volume mountpoint + +As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. There are two approaches to achieve this: + +* Use Kubernetes SecurityContexts by setting the `podSecurityContext.enabled` and `containerSecurityContext.enabled` to `true`. This option is enabled by default in the chart. However, this feature does not work in all Kubernetes distributions. +* Use an init container to change the ownership of the volume before mounting it in the final destination. Enable this container by setting the `volumePermissions.enabled` parameter to `true`. + +## Backup and restore + +Refer to our detailed tutorial on [backing up and restoring Bitnami Apache Cassandra deployments on Kubernetes](https://docs.bitnami.com/tutorials/backup-restore-data-cassandra-kubernetes/). + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +It's necessary to set the `dbUser.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release bitnami/cassandra --set dbUser.password=[PASSWORD] +``` + +| Note: you need to substitute the placeholder _[PASSWORD]_ with the value obtained in the installation notes. + +### To 9.0.0 +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. + +Affected values: + +- `serviceMonitor.labels` renamed as `serviceMonitor.selector`. +- `service.port` renamed as `service.ports.cql`. +- `service.metricsPort` renamed as `service.ports.metrics`. +- `service.nodePort` renamed as `service.nodePorts.cql`. +- `updateStrategy` changed from String type (previously default to 'rollingUpdate') to Object type, allowing users to configure other updateStrategy parameters, similar to other charts. +- Removed value `rollingUpdatePartition`, now configured using `updateStrategy` setting `updateStrategy.rollingUpdate.partition`. + +### To 8.0.0 + +Cassandra's version was bumped to `4.0`, [the new major](https://cassandra.apache.org/_/blog/Apache-Cassandra-4.0-is-Here.html) considered LTS. Among other features, this release removes support for [Thrift](https://issues.apache.org/jira/browse/CASSANDRA-11115), which means that the following properties of the chart will no longer be available: + + - `cluster.enableRPC` + - `service.thriftPort` + - `service.nodePorts.thrift` + - `containerPorts.thrift` + +For this version, there have been [intensive efforts](https://cwiki.apache.org/confluence/display/CASSANDRA/4.0+Quality%3A+Components+and+Test+Plans) from Apache to ensure that a safe cluster upgrade can be performed. Nevertheless, a backup creation prior to undergoing the upgrade process is recommended. Please, refer to the [official guide](https://cassandra.apache.org/doc/latest/operating/backups.html#snapshots) for further information. + +### To 7.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/administration/upgrade-helm3/). + +### To 6.0.0 + +- Several parameters were renamed or disappeared in favor of new ones on this major version: + - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. + - Parameters prefixed with `statefulset.` were renamed removing the prefix. E.g. `statefulset.rollingUpdatePartition` -> renamed to `rollingUpdatePartition`. + - `cluster.replicaCount` is renamed to `replicaCount`. + - `cluster.domain` is renamed to `clusterDomain`. +- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). +- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +Consequences: + +- Backwards compatibility is not guaranteed. To upgrade to `6.0.0`, install a new release of the Cassandra chart, and migrate the data from your previous release. To do so, create an snapshot of the database, and restore it on the new database. Check [this guide](https://cassandra.apache.org/doc/latest/operating/backups.html#snapshots) for more information. + +### To 5.4.0 + +The `minimumAvailable` option has been renamed to `minAvailable` for consistency with other charts. This is not a breaking change as `minimumAvailable` never worked before because of an error in chart templates. + +### To 5.0.0 + +An issue in StatefulSet manifest of the 4.x chart series rendered chart upgrades to be broken. The 5.0.0 series fixes this issue. To upgrade to the 5.x series you need to manually delete the Cassandra StatefulSet before executing the `helm upgrade` command. + +```bash +kubectl delete sts -l release= +helm upgrade ... +``` + +### To 4.0.0 + +This release changes uses Bitnami Cassandra container `3.11.4-debian-9-r188`, based on Bash. + +### To 2.0.0 + +This release make it possible to specify custom initialization scripts in both cql and sh files. + +#### Breaking changes + +- `startupCQL` has been removed. Instead, for initializing the database, see [this section](#initializing-the-database). + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/cassandra/charts/common-1.14.0.tgz b/charts/cassandra/charts/common-1.14.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..1377e155c14dd951f7045cab50e15b4b9ec3ec30 GIT binary patch literal 14386 zcmV-2IL*f&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMd)qjYFgl<4E9%hciJggP$xhrep3RXblF+6AHUP@eBzb@P``|``H(hMmNp{T-iA(~8LZPZqC=?1Yn@$T-6;|h^YW8MB_OfF+<~wkHH?H^(UhS??51qYg!|T;B7PZVbR1mb`4!`d zI1GBWV?hrlIL$B*dLZ#MOOeDu4@NnS6@`MH>uWGYgi1sx=DIqbB9b0L%-qZW@-PVi zC{i7LZY!I=Y?FfJJjNQzQbKrTuCA^kzqf&$XZR3OGl0R&8|NocKlsudd;e_mvHE|8 z(j1FhngEvQ|Nh|MpsxSF-#@t5|9A0hZ9z>9Zf(JdR<<1fo)eA}rDl&$c8_0xWGoec zXaX5$F%|-gNR|IDaY-`3AJ8;Q@jJyz!PZvb|Lt^CPivoh9rD#YR{q@-C3b&BqYpFVwhZ~xuN^YP>EBbbrtAqXsCL{h9~|7TN0mUw~>;nD8r z&q1Jy1!q|1oB{&DMiMAX@R8w_IV9LH4Wkfz{0M}`X`WyR4SPi%PpN7mQV>GePDm^v zyu|Ym!oR(F6GCVvq7b%IA|!;*kIq8%?|+9oJJ9?5Ind~Q{Ma)sE^R?o$v7Ti&T;Z0 z=Y)>W;|Wgkl+f|Xn6l#a%MUotwecDN^uScYG{)+0^-PhBCoex_91G#hW%Kml63-9e z<41@t@f<#XF1`S;409wIR|d8B+H~{Kdjp_)#StB2h|K3IB-M^;0zSd-Ig_~lRaM6{ zaj&m18BgRP3z`sMJ8g*^jp6joxX^qGOh*N>9Pz}GV1J%^1 zK(+KG{rmO* zT|C!V|H}ymiTD^x_@PiMV7Cc6WwpXqN*&q#qjHiXqhcN%r)-GQig49G`Y`;03rh98 zVp^WPzug2G9s79xP}Ytd6xTo}WM8OlE1PLyrKO1)9h7C9WtWdQI|V>JdqZfN z+?@@ESfW8#C2LpNaAUNhSY9!HX*<3em292UHHr28jcJ8HNKCaeV>NnNL7mw(n) z!6r!;b4Gt-!xf3z!$;TF3@X3Qvlv<&Pv!uTa!?rj4mm4?S zrcO7ah3~0$*K^m|^P^+n*hbT=C{=uj;x+Wm&F6d5U@j+&lYi>~uC++GsQTted3^R_ zRRYF5S%ZEzXFZgWlI_!lh*669id3CsXbp>W|K{Yh2ogHpo$VxjKgx@w2fPmvM z{-7PQK&X%yCBR1T@uRk4x^RHcpJ9k&lnZPi6FSz6r22h{O(?4?ODO!uezdRVi9D4G z13(ZGDls3S7;B1*SWc4=Fy~D1+@rS)h8Q@WvKda`YJv?5$4H`-jUNh_5=y2yZ5xe8 zk5)8)^DJXr3J=!`=X#V0KW@){?)U!kuboFf|No!=_2~2G2O(@%$OE51vUAB5C9H>C z!O`rqh}*ujSL^;+^=bNlHM?#s_UjMJqC!FQu ziP2|9edXDhqeN+kT&RD|u3UzM(BbelGzR1ZNl+lQS{!0iE((I51RCQ*vu!y;DM_?3 z@KQC<@5AA<#-2)9NZ7!dNHv_|NP{f)n)J6H^cGWw8}L{~9Id;NY`PSXtx2e*acU=0ih1%?e&tR$O3!UcHI#KiAbu@BcWB25zPRJXX5 zrE%ushFyb@A&yM&RS)W|K@aQ%(*svCf>#OwHu6fV$)C`%Q09o9MU^G4_Ufe4+wi|JLiM(NlM4RM zC89}7{l?bsiTKIjQQ3cZpmDS`J$we?FZA^2{QUi!vlr*^^6c!**&+Os3o5#v+CoiU=SeKypmb`n6cIA4>nSX2(!j4{O=rMnY$)st*ja+VKMEGCS}-UO#p z6C~dwLgZNNZk3(y8TRX4O-PD+#kkn=c4Wjgy7*nKl8v6I6l*f%Cm11;eqH<7_s@Dy z)BYnd zK9&_E8rMpxH{L?o-!W+qWU#Rb27<%Lg@QG^@T{XoXViiBn~Z9}d>7IP!tccHcj8b7 z!c~gZ>7u*c?Tpfp9GC?aS8?fC=6b>6OU&U!Geptnb8QWSj(UUb1ZNz_NaExWwA-e_ z7aY?B^V2*{O)cS^K|2fBH7kqPn6@yCJNb6-xcl4QPRZ5P7?o96yn>ZyWP0xvQ)=`S zP3yeobD%w!;IouZqh1k{*l6Jype$44R(Tt>GGg_wpwhJIRHd5zlHCy^WCYuO9H|Fp zM~_FHEQd8rD-G*bdiH3xKG#vhqk_if_#dl9B$7($*p;?2huu`ZfXN$@v2j+fEee;g zcMCqtncRML3p=Hg-S5gkyAs{OWp+qg%WXhF8oL5AORa0bbiC>m2qE(6=c1x_z7{dN z^X_~_!uqAnwT(Y5_P-6?*xUkOsr^5w=YM%R=->N)@8nr0{`c?NZy_-ZQGBT+0#h|5 zX$KAw%J|BVB*PS&%|4W-et_`N>51FZ629xVIY(Irw5=4{M3^mZ>j|}A?O*oWDdV#I zX8)@DCr>?ZqzAKbL`Hgc1vUai0e>JuPq4P6>$_iDwNupIJ)trJ{Yt4A*k&APJ{@Ad zqd=+&-d2m?M8XwGQy5~998sYpFagORAtQbISi&4lQ%JDV!U~JR-HEI}6c|@%5-RZ+ zH(Z@B6ybb7=i3P`KD(_=C;Npt!DzPwv@tlvy2#soKYX@iC%i2NtvvqYtz8(0ZTx!$ zcw4m6PP0^ZXpw2a8+kJg_^eQVR|8r3u1B`M4zk}4i~Kw-00A-u%U=j8Q9BV3nxPCE zZMbtltq4>i*)6FYKtg2|+D`dxlrkg_p47j)<}|A|8~mhLtYxNLysA4jfeMl&0%^t{taH2(4{yM9-5Nv^DA4tiCt^X?^nEI&}-;#+b|A6j3zRI}&z7%S)D~ zwddPc=ODO#@iSa;@h<>hQ)nJ?(XT@p^7St8SOlsHzDPKj1l3K!c7TwW7GEukK@3TA!x?~GA?V1PizYaoMq*-;7%r%yzuP*^_VflbjjdhfpQLUt zZ&XXt8_ugWY|w4HN6#JwmrQ%68MTLgB9Y-Z686Nre*#`_`-@pzEwPNYl_T^wCGWbV zy4RoI`qR|^hAB3v{+IfH_8R%$o;=;ZKmUCv&l>vw<%djZC}q)7>mbqL%Q|&*r<(G0 zOs_0rk3#FZTAMiYQ@@!zX37(HIW)^-nTA&qpKj0m5F>rZ-3)bBv@#%Al!m zcCpk*m;m-}DTMIX@cNxX1>r_{ zn$F?(9HnGL)WRgobZ4XBJvPvFd8yh^n2RE?U9c(ky>jKM(JWh1G9}gtB_~9{wk6ez z*XOFN_Jn0P-id;fk&6X0K#I_PkM^W=aA~^h;CzL=#da~xRl&wW((#G=Snx`(b_B6e zU?sZyOUMV*Mg*+PuO6NSISiEQ)LGzKdAl}(buO$xGwrU!Y>QXOOPSDkDKU-b-y|<~ zFQpAPmfiCh)8&X#%~)4-Sa1(#-h{;b<-ksl&0*;kE$)RKG`s5X2_FZbEIvWr;_x_LSXtgU&A4G+FUSiI!>xgm2N}z+@5b~b30eds3}!XBual6T^m9;ofkhB zZSdAW_26aY#cpx-S`WE4lBrvbC0K%`UrW_Qq?joJP!7t(GX7sTJuRfZ_Oyh1!FH{eN1pCsc&OB zoTK)MyJ`G&7WEM=Dd4)_ZY9p14{UbWnfYPrPo_9KC> zJ)e^*OR+afpB#Ip^_sn)25H8vrt7Jo!p<_-#Yk(UaW zXFzCzKP;;Cpg_7icyg(@IS|XGtvJNVIB+aE!85FQOP^CrIY!AGV(l78R+7r{$fVg- z@xr?*2VUK>xhjPa+7pY(yK2tZ`Wf0m%emUUa0kK^)3Ka{FzD+sWNHj`96@yzU-`W- zfXoVigJYprVcCafBp();h2Uy}IW`gBj>bfQkW8`rB3YCVo!~3WpKACus^9i7#P9xRB=TFP50wpg=31i2-I% zHDdxj9b;7LONF!fVtYEayqN$;G-1<%a0ZMSPUyjN#!`%E71a9))~7Zl1C%5n=F=fF z`*SOREClG%MyEsOiB7a4`=xxYQ`9?UNCp78X`*v79E5Q-wvbHQ;#9QTL&+ zHA`-APQ3zGv$ud`OEYCw7|raOk;=A^5XC`YczB8D3!9NH?TX=SJ!VAIXW~*MozKva z5+^$Wz+MEW#o2b()fqu`At{Nc6lN)|!XfR*QHfyg-RZvgGUwm*y9bl`)yz+xSM7H}y zVao%KvwkopN_`&9B}qjz#_|U|{~KphrPci#cti+MP4#;dSh-y3YWAJWYTwzgE}@$K z!85S+G~L>Vg{_<6d4VL-tF4r=%RGZ{rlxOat3Ozf^WKi{PLwDR-kC=auy4ZI@G<|h zf6q^q9h@=NUixE87HMZ=wWM5lTN>EEgx`r@LP!`knX{~VD<*UE{TCX#?wM8>AGfzr zz#Zf19i}RK*HP9x%K8b02Tw4K{ksMHetYK(Ylo*WMZ**)6~Yz*^~{%|u2Vk`T-fEQ zC!Y1(DeWBROi4#Rmo`O{F?48z9!4!p>YqTXqoNZaTr2xavsb<5*t}~=9b!_lv?JoJ zQZ|(WrW==5d9I$;imWA88~k(0i=J$!>X@O=|)9W~W$X)o4mCTPuFCh1!~i`!Zw2^|n`?CT})HHfP8Cgnsu=%l@Ba9F6ha zo&OvR4xZHa|N8g$|KH8Ce*PCfN5Q$_70_pXTJ^VOrdSmy51th1xnkVzi}wnwnhd7a zRJpvfA2g2I>FWWHDj$2z%q?|qu1yNisOI0|Rc-Ov;z|p*NVKkQ*0P_r@$Y&Ys8VF7 z=2mudxL?K`di*8)CG_(w_;$szy2g-c$E>qA_mj!j_cZl?nayESGr$u4-#_R#;y<1| zy^sIClV>gcPZP`wZ=!M57Oq*xL5l(@TM~spHB(5-RA8JEtHwn(o2Y5<#{S)`bdZ#q zPiCq6;wP19yFJXWvK`F|7s@};G~H>h{T1aEY0AIx^WEk7kA6e`pFBPI{$Bp?;#ouf z&0&5*O%{HA@>Vh!tM$BFUE4jqZVh0V%WhMSv9xl(cv;TjJ~lFXg8ihud<$#)xuYMekhV`Jl>&I%a2GPOP+7kNL9Q*W2*LH;!kR3;ct6dH4+MpSDz$ z%lxACLB8I$Y1F#?v{Tu*^w^;mFcvj;&=&gftA_)W(v7}9 zI(vQc`tOHuR`wneEO9Jx0^7q);Y|!HF3zN{#Y?-HX;8=AN zQyV^qW{f0FYTFyfGJWlt4h+L|MmVG9*n|$w?!JM-(gt(kE}_r?d^%4{&$iN2t@ON- zf#Dt8Y3YPO*p#IWUxg4KkW|=YWn~C@9)q5-OaOx{*rR zl$r6$D}xX>mmfB+_*x}as^qrk2uSsGi7jWsKFZFz6zd$@ z*bf&2UtnE0K19!AYua^DW^Iw_Q4yG4w&V`YAyL+4T#+?`7iPV8X!_eZN3Kd-Z}nL_ z`qHwNDIr*pjbl|6cs2xZB|xTZ4MH;fNnn1;@rZm_3Cty)N2XE@l8YGhV+qSuQF(r$ z)@C)VO`8>r8^hs2{oIevKwCdUruSHP+(%0gla#W0Qm7HxC+cpib)q60-R%sCY+>GT z8Dgaetof}yzOmeZS*`W z(mC50ubuc?sN9x{ipw0bKwW(SwXqcKifb(@QS>;b9tvE-G_qAcW9R(cwMc|TAXf&o zse!kWTXto=v3J_7eb84Q3GM0WWX$VQ);65gFZW@d_s^2`-xP6zlHm8@IFOYa!`cD?V4>fhbn|_ss=DzV-<{ zSqK*pp+l&;xv!=C3QSnmx&<<|;k1}y|63e6tIU8K^W|*N7+3}GYdCWp*cN!#apbHB zX2WhA*NHX8{hBVEE+{v2;5e{fx%TTFD zr{s5ykuA;aZ*o*i^p}jNuO-_?%zyu7-Ed3%Ka7sqE&G24{U>{k{r~;%@9%%QljmCg zAH@|fp8t{K@n1LZ1hOpm^*Dk2-gbL}4B9vJ1^G?gl0&FT-t`FmQYH;pGy z*KpI^s!MdylH?n4o-OLaP1N7*yF|aVSLW`X#s0sH2|4Ci{GQ-QijH#pd@#eePf z2lw$`ck^7w|95J*;{5-6wQ=vC$8cYb1F*!Y+x=ITxtRyhYwLFWf9(Wb%LV9xxZyFN z7D%l=z+%-}l=m08%b_ZRz`YfvZ*EB&UQEOS?^1hftzlGAb=LcWu~W@rt(5I{A2f@1 zFP&RtV?#%bnpjkQMwUX}K(57w{wS8CSM^S`G*KUq1;k!AbZ8-St~3I-8%DIaXJ3<3 z<9b$of@6~4BFDMCU=V{%7HjcbH0L#$Ef+X)8Ez}tm@e_W$3{K(ZPC2ed1;!?DP`|{ zbJ&_2SO~RPyD6-u#5*UI#XYFn^)(B;Bd2a_DX$%mJq@Sm8`756vdNizhembOznEWZ z`3$b&M<4F;_@vV6m&eWB-4SZ&wG)WfCSPqkC+&Vt2YXB+DR-mp8& z>*AUmb3Lcn0zfzPi}{1~ZMeo7CgGYx&|y~IqIYJq%Y&7BbSv7UEc#Qi+r3P9cCSx_HZ(F5iN!rQUjajI@#aqxMzOi~eRZ=x~zhN$J?a$`4n@{L9HC-L* z5>Ok~cYbTx^;KT$+V&e}m(D&dVVMq=$ZBHl^TVQYU&al+*#FCMLT;W2aLM`KgZ=(q zJ^r(Qpa1V}p5QtT;4{S*f0P_0c=G|EhUdN-@2^Iu+wrSE-^}N0TDTo|Z-bbtIc80@ z)qJv@v6&Shmv}CsOqZPYUa~pW0#EaBXIQew9uqGvk?i z1l&^0^nPVZYoCmrIB#*4wJ|HCd)n_FW>d!>v&E!8p5XYhylYm|TjQ@GJ`|3k!q{_8 zfg72GZEG{Ye?Ei3lbw}EqSfrU0sptc^A9$71)Nf^PG8$=*jzhiE(|+tFV%p(65^V3 zM;+V6=7+i3u&sGtVvCDu?_;%Y=UKe|_h+)}djXcL|DPP}_v`Urdk6RDKkwwZ&hp$3CAg*UCVY3oAs@|)T)K;}*Lu9xjDj<*wgp^;?H4$)ZCu?0n_XP-oKG)*gc z&dQ};hc~4(DmuL>?d^J3#P6=2V9nnDwXA(p%=XP9lOT!Oo9K>vSi!0&e4@bp7cdm-;?Px6*3$13{7F^~o8(S#t%lp*Xm$06qZmCFCE|~Le zVejX?(A=%i)D{{I=+LWn&lS}dpm_cB+{mhjnO=X4qIHC_Dm!(L<#n&jCT zW6C(*d>c#b|NhfP{+GS)`%mxf|GRj$;1o%vsq|&Oh6B{JLt&VcG*MbSL-8dVV-W>g z@ODB3h&;;}mjc8Dr>Ty4fhm&lgwXM0;5bE+% z-HXY1SN-Gu6f?S80ve+DGSBqdM+A=|ag_y+q9M8r9z}AR1&{tuum$fBCoC6m^5Ufk zqKvcOa4ds}BpB_Qa-97ZL^Bby1n+)BJ_#%TXD^Rl{P;4OCb!YXV)=ji{r3m;`~UXt z_y6zc*@EZhUN|QWugH)qtL0ctWI=EQKmP-#)9UMgZM&Q0)U*+aiN0ZOSF()6VmCEK zf7Mf=*xgcPcC`0<%vqi(m14LKQZ^UOuZ-wwzlBytG~WD3xbP_3uRdc z3C=K0FpUYe*1MWp4=p@B&s#_8Aq=7q(FYfGV=v=7EUv_}jrf=1+25)$-Qp05N$>y^ z`cO1HhdfhuYEeq#g);KawL2RGmxLyVpjPl?{3FVODV9iC&kALOaLbZOUk@IQ@-#KE zka|Dc)tb(YX$0XvaGElB&v=@I28pdLIH9t*2rvk=k~W4&#@UP{SO9V~cb-1guMBem zR}&IXAVyS~K-&4Q4?4_n$}*t%%8rM3iqWBhmABmq-I(HQe62%cAlv(kXp_&@)U z4>8IzQ9`@4Z}e~&mPv4yviVdQhsszr;Pszu1e!CC4SYf&PIDnK7m=B!^jAZM2@)_= zJSMSFYYe?rlPM5CJ2VwGoMMRuoR*g=p5;`MDXyZJah61c?e4(#^B+#nb|QG8u>|#3 zaVLH**;FrR-o84A7;{NRBt{a8$BOUA`X)`P^C2kKRDY`e&RNa@Wkr~nm4j1`wJ$*s ziA50fd~^rV;4gm)dZxeo(O%U5lc}Q?xmXcIu>^(@OH+1b?vEU%=0az)LE=~e%@9fT zH@ot)qHK9YN58}@!+K?ykkJTht6ku@M0E>}Mk7LrBnr__3M(~@lLS*m0nEXFKEVqt zVovlj5mtUa!OIVsxo-1>X1QEmA^6l={4D#vscN5sPjF#H9u<^|C`;7Zm5t;Dd;)V- zHy}_iKz*}Botp(PX(QJsxbWkv|MuohXdNx(McdDh&O-I?e}_94un?6A;zm9hX48yOOl5&k=_IBQh%PJ@#4vBD51iV7U`1K8Y^Oyaw(z_)a`y&ggG!7?mc-MH`+d%Q(w8(JtMh zsGf2hglmlZ8hDlyc^%bN@$?|vBA!AbiAQ-Va2?TA@$@0w9-f5iLpnDYcL!lTVy=rP zAELMg$u;midwz5b91E877_WownsSu1qq#Dk$7e6DLCkgW%veg|c^j&$;;Cjb9Os=HBv>^;VDd14>4OodO@g{F0*nj+>iGEv>q+H@zf^N zOU@Zz%XqqVt7%iu+H0ZJpsr!R-MZnnspobO^+f?|K8x~f%u#~NgBNByQt7@E30EXd z0aKCd<0Y-9XU1fPsqw>KVg1H{)LsMQ)QI3@1Q+E7sA2I7XG)rlMPgf%6V9#xQP2o# z$Af+^B+HB#8jJzyrF>MbRq74YLs;AgFMy?ZHQ0gb(#A^T$rO#3FJZCHVt9cChK`SzQmM$ciLuS&w8$zFEP1)GX_QZR0Ps4 ztcNJR#5B2R83Opbjokv|1kbo zMUT+lpf@`;8Wx*B|b|*yD zw!kYi#OZCV7P^|g#+JrrXRT$M6{)6*J42RKJyza!gew51!df&~?Dnx3=m;+}MoL|n zUm%$_oEe1+{x?IhM(-$1*_A!iX<~7U&o-4MGo49rePCB>O;hQ@RxpJ%5wkQG z>ljxH_|vYz7Hh2=>a1^Y?Xl*wSmoYO;eLawj5Qyh^G&S0uSL8?NL`KC!1~2w;|z*M z_U{&(qMrD|>Jg>I&-0N!pd3!;#ZTWOpj|>QEA{`iz2yK3n_i>EIkXAxYmn~}&kG$~ zkk6i=xWsF0Q{9MsMS@_xi2IT>TGT_2e5E7Yn6?)!8U zQ%e8aW-7l+CVmX2{$nt8wZ&t~9=XMnvEo^A9IK7{^oWX!%4V8Nf`B07c&4M&i-Tc~ zw2pkHegsR&*B+1bEj?}?mW-n@-drT&mzi`o7r*#rX1xkCn<0tf6bau+?R%;1uz_|k zl-!yr+e}DIW8AJNy#g&83#aARe{FAhWji((GzY!SOs3gQ*>Yd8)wUsX>nk>_d_I&} zT4c$i3Fd|s)h|(;de-Mtl`=$xmU|$T-O;>*70oHX>MT$k-7Ss`gP5>9O~9aFGVi!% z9v6#>5y!vhn96kSD#w*Y$HjvSHEXKXh~?U!Bw6k=x!paJjWPNP8y2_7avKBf^Ips0 zSu?9Y&qVEbV|0 zDNIUvBqwWiPi$8iw`J{m zP#eqI3{QbF+HN={aoV!z?Zii zzI6Lv(c>$YC0RE7E!Y+E#@r^;RqV2r@;ycLCfQ{!>}>YfZh)$FeUSyCx}HCw5F?>| zZSyk5@3D6P&xGWS%gBHUyK>W}HyAf88Y3HK3Xz` zGJdth`o*5WdgE8QNa02!*c>^N7W>N%nwOOKZlrF7k&BTKh$b9WMsMAbJ9bbuq&u7A zSK#@D$FRWTuEufM%xABGzv0ZMpuBkgM~=rglss58h!)u|J^dLh?sodq3;OqnQ$okf zSMw{Z+;6nFUb-AzVd;0X7$1+TuPjv}&eD|7@mn-jbH61Ppdrhp&9`DpfJ9@h=qcryL7Rhg4^a}W+`YJdP6mFT+zFWcp1!j-cjQ4l0}n0w?NnmY#?q%nPQCqcEk(%LO0mpaNz zaX0=TIRZjQj89F}xk(x&{6R9e5h&h1qI#K(XpAkeAwCSY3byn)ZmW_Ns>&~0ivAs= zzXjg#gFh0%7MQMEjBIYEE%0_7OUbe~O)RC8yPm<62XD_Z@`<467zB1_Rd1RuiG+vcKqeJPMGmq>?Ce;_4Ek1OI1F94z$0vp09&9bppo9v`xRcZ1@j?{D9{LDHSbshZSPE(p2y5sa~D583d++ z=zN)47PW=xXFVgd*fM(zf=w|vd2*r*-XZm&JF`-NxGbar$^`K@86ug2udS!=C%(H z1K;*Eq|`TBjjCT3kjszPEOJqI#R_&_{Pw^mr}m#qJYU%2rI-AA)dt-*W^r@c=g*pc z!IqyHU6ZvYQB~nzCQVRr9P#jb&w?o2iUrL%O_0gR0*Ln-D`REEta+|WlE2jIdH}JrT`mYK^Ed_XY8uOr#JNzMIT!IJY z*@NxNe28P2>dNj~fL?jf!JV`yxdD0%eiMu;^qz$uBc<~qj}JeGO2Hw451v4;m*AKs zcqeEh#Nb+l82E%3Y=#hnTOh=soe(Zp>Q63_h7IpyFo^n5KL~z)L*X@>;pq@_80;PRetzVmDjD^V&YLd08?`0}fD{*?cAemATjAyI} z^DonOjxdrrSD=!_r1Ugh-8c4>hN7g>8o)YGq-e_a0EiSg9jPT2;)%5~3X;8i^C}90 zM~~j?C_0Py73LU-O<0TVB@=Zb{J)PL1wju^T|~2eEettaa#zz|eblLHo?O7TRUn!S z!#NC@oR~^`x_kSM_8uTLvL?H)?tT^KUK6HCxC)G>^PLEO{s-oGab{$f5m~VS%82ch z2~XP5Yv34B#Zw7PnWj>?@-G-37J|41iTFEjBnZsQ%(Y=VYZl2{9rHg_j% z%Ep*tHS$+zUU9p+e7#=oU&Ug_icu5H?P*t?Ij2mSqlJVNY-E`0#JU}<740(M)XJK$ zFE6-WpGYu_;8Gb|xp}PNnSf6EP{K&5FGS}+gvha2y-8!QTPd=9Dq>6#C#*;nS)8** zqFOs)Sg7Wm!gA7x=v<9siALEA6M0>gHNR^{W)#|D5#Ci|*!hIx5#~-!{me!qq8*UB zSi<65t#b6JEtZ|x-mkO$U#DbjhIn_Y_}R+^?!`!8v16sgexhSDc&-nU!E9eK%TEH2 z@)S}+FNNU+*RpD{k`!F#l5v7kvCFYw=?wQ2a(nvU{a(g|?3IX^ao+Xdt;c54yeHY_BJo{kgxZXR}u%##F5;k6AW1caHusX4(9&YWCW5(h>x=Tmm^w?2Va6 z8Hy*^L3j)P(2A7Y$oiI3SdONm)RyUD_W zh=PAw0Bk6c7IKB9o84?FK+@O>iXMl%yH{6N5z<&jjE{FyQ%dZ?(Ng>!sULlTygb2yWFqahqIjo2PzkpK4 z6vCr(I5`jD`O*2w`QzaI$=iRt`ROgZKRP=*dj0m~dGq=l-uw-Y zUjGw*IC=fzF<@exdLJ@igQ$3wW!MRPk;TkVI`PwZ@Vn`7k=V**!%x2hZ7-X1F si7*o+qDhdFDRJli8{LV%q1!3$pZn+jxy|SQ1^@v6|Iit)bO3At03#k&B>(^b literal 0 HcmV?d00001 diff --git a/charts/cassandra/templates/NOTES.txt b/charts/cassandra/templates/NOTES.txt new file mode 100644 index 0000000..90326c0 --- /dev/null +++ b/charts/cassandra/templates/NOTES.txt @@ -0,0 +1,91 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +{{- $cassandraPasswordKey := ( include "common.secrets.key" (dict "existingSecret" .Values.dbUser.existingSecret "key" "cassandra-password") ) -}} +{{- $cassandraSecretName := ( include "common.secrets.name" (dict "existingSecret" .Values.dbUser.existingSecret "context" $) ) -}} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/cassandra/entrypoint.sh /opt/bitnami/scripts/cassandra/run.sh + +{{- else }} + +Cassandra can be accessed through the following URLs from within the cluster: + + - CQL: {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.ports.cql }} + +To get your password run: + + {{ include "common.utils.secret.getvalue" (dict "secret" $cassandraSecretName "field" $cassandraPasswordKey "context" $) }} + +Check the cluster status by running: + + kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "common.names.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status + +To connect to your Cassandra cluster using CQL: + +1. Run a Cassandra pod that you can use as a client: + + kubectl run --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' \ + --env CASSANDRA_PASSWORD=$CASSANDRA_PASSWORD \ + {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ include "common.names.name" . }}-client=true"{{ end }} \ + --image {{ include "cassandra.image" . }} -- bash + +2. Connect using the cqlsh client: + + cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD {{ include "common.names.fullname" . }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with the label below will be able to connect to Cassandra: + + "{{ include "common.names.fullname" . }}-client=true" + +{{- else -}} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) + + cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $NODE_IP $NODE_PORT + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $SERVICE_IP + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.cql }}:{{ .Values.service.ports.cql }} & + cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD 127.0.0.1 {{ .Values.service.ports.cql }} + +{{- end }} +{{- end }} +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "cassandra.validateValues" . }} diff --git a/charts/cassandra/templates/_helpers.tpl b/charts/cassandra/templates/_helpers.tpl new file mode 100644 index 0000000..bd9713b --- /dev/null +++ b/charts/cassandra/templates/_helpers.tpl @@ -0,0 +1,254 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Cassandra image name +*/}} +{{- define "cassandra.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper metrics image name +*/}} +{{- define "cassandra.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "cassandra.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "cassandra.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cassandra.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the list of Cassandra seed nodes +*/}} +{{- define "cassandra.seeds" -}} +{{- $seeds := list }} +{{- $fullname := include "common.names.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $seedCount := .Values.cluster.seedCount | int }} +{{- range $e, $i := until $seedCount }} +{{- $seeds = append $seeds (printf "%s-%d.%s-headless.%s.svc.%s" $fullname $i $fullname $releaseNamespace $clusterDomain) }} +{{- end }} +{{- range .Values.cluster.extraSeeds }} +{{- $seeds = append $seeds . }} +{{- end }} +{{- join "," $seeds }} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "cassandra.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "cassandra.validateValues.seedCount" .) -}} +{{- $messages := append $messages (include "cassandra.validateValues.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Cassandra - Number of seed nodes */}} +{{- define "cassandra.validateValues.seedCount" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $seedCount := int .Values.cluster.seedCount }} +{{- if or (lt $seedCount 1) (gt $seedCount $replicaCount) }} +cassandra: cluster.seedCount + + Number of seed nodes must be greater or equal than 1 and less or + equal to `replicaCount`. +{{- end -}} +{{- end -}} + +{{/* Validate values of Cassandra - Tls enabled */}} +{{- define "cassandra.validateValues.tls" -}} +{{- if and (include "cassandra.tlsEncryption" .) (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }} +cassandra: tls.enabled + In order to enable TLS, you also need to provide + an existing secret containing the Keystore and Truststore or + enable auto-generated certificates. +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Commit Storage Class +{{ include "cassandra.commitstorage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "cassandra.commitstorage.class" -}} +{{- $storageClass := .persistence.commitStorageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.commitStorageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if encryption via TLS for client connections should be configured +*/}} +{{- define "cassandra.client.tlsEncryption" -}} +{{- if (or .Values.tls.clientEncryption .Values.cluster.clientEncryption) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if encryption via TLS for internode communication connections should be configured +*/}} +{{- define "cassandra.internode.tlsEncryption" -}} +{{- if (ne .Values.tls.internodeEncryption "none") -}} + {{- printf "%s" .Values.tls.internodeEncryption -}} +{{- else if (ne .Values.cluster.internodeEncryption "none") -}} + {{- printf "%s" .Values.cluster.internodeEncryption -}} +{{- else -}} + {{- printf "none" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if encryption via TLS should be configured +*/}} +{{- define "cassandra.tlsEncryption" -}} +{{- if or (include "cassandra.client.tlsEncryption" . ) ( ne "none" (include "cassandra.internode.tlsEncryption" . )) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Cassandra TLS credentials secret +*/}} +{{- define "cassandra.tlsSecretName" -}} +{{- $secretName := coalesce .Values.tls.existingSecret .Values.tlsEncryptionSecretName -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName $) -}} +{{- else -}} + {{- printf "%s-crt" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "cassandra.createTlsSecret" -}} +{{- if and (include "cassandra.tlsEncryption" .) .Values.tls.autoGenerated (not .Values.tls.existingSecret) (not .Values.tlsEncryptionSecretName) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "cassandra.tlsPasswordsSecret" -}} +{{- $secretName := coalesce .Values.tls.passwordsSecret .Values.tlsEncryptionSecretName -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName $) -}} +{{- else -}} + {{- printf "%s-tls-pass" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} + {{- $len := (default 16 .Length) | int -}} + {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} + {{- if $obj }} + {{- index $obj .Key | b64dec -}} + {{- else -}} + {{- randAlphaNum $len -}} + {{- end -}} +{{- end }} + +{{- define "cassandra.password" -}} + {{- if .Values.dbUser.password }} + {{- .Values.dbUser.password }} + {{- else if (not .Values.dbUser.forcePassword) }} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "cassandra-password") -}} + {{- else }} + {{ required "A Cassandra Password is required!" .Values.dbUser.password }} + {{- end }} +{{- end -}} + +{{- define "cassandra.keystore.password" -}} + {{- if .Values.tls.keystorePassword }} + {{- .Values.tls.keystorePassword }} + {{- else }} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (printf "%s-%s" (include "common.names.fullname" .) "tls-pass") "Length" 10 "Key" "keystore-password") -}} + {{- end }} +{{- end -}} + +{{- define "cassandra.truststore.password" -}} + {{- if .Values.tls.truststorePassword }} + {{- .Values.tls.truststorePassword }} + {{- else }} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (printf "%s-%s" (include "common.names.fullname" .) "tls-pass") "Length" 10 "Key" "truststore-password") -}} + {{- end }} +{{- end -}} + + +{{/* +Returns the available TLS Cert in an existing secret (if it exists), +otherwise it generates a new one. +*/}} +{{- define "cassandra.getTlsCertStrFromSecret" }} + {{- $len := (default 365 .Length) | int -}} + {{- $ca := "" -}} + {{- $crt := "" -}} + {{- $key := "" -}} + {{- $tlsCert := (lookup "v1" "Secret" .Release.Namespace (printf "%s-%s" (include "common.names.fullname" .) "crt")).data -}} + + {{- if $tlsCert }} + {{- $ca = (get $tlsCert "ca.crt" | b64dec) -}} + {{- $crt = (get $tlsCert "tls.crt" | b64dec) -}} + {{- $key = (get $tlsCert "tls.key" | b64dec) -}} + {{- else -}} + {{- $caFull := genCA "cassandra-ca" 365 }} + {{- $fullname := include "common.names.fullname" . }} + {{- $releaseNamespace := .Release.Namespace }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $serviceName := include "common.names.fullname" . }} + {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} + {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "localhost" "127.0.0.1" $fullname }} + {{- $cert := genSignedCert $fullname nil $altNames 365 $caFull }} + {{- $ca = $caFull.Cert -}} + {{- $crt = $cert.Cert -}} + {{- $key = $cert.Key -}} + {{- end -}} + + {{- printf "%s###%s###%s" $ca $crt $key -}} +{{- end }} diff --git a/charts/cassandra/templates/cassandra-secret.yaml b/charts/cassandra/templates/cassandra-secret.yaml new file mode 100644 index 0000000..b04fcfa --- /dev/null +++ b/charts/cassandra/templates/cassandra-secret.yaml @@ -0,0 +1,40 @@ +{{- if (not .Values.dbUser.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + cassandra-password: {{ include "cassandra.password" . | b64enc | quote }} +{{- end }} +{{- if and (or .Values.tls.keystorePassword .Values.tls.truststorePassword .Values.tls.autoGenerated) (not .Values.tls.passwordsSecret) (not .Values.tls.tlsEncryptionSecretName) -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-tls-pass + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if or .Values.tls.keystorePassword .Values.tls.autoGenerated }} + keystore-password: {{ include "cassandra.keystore.password" . | b64enc | quote }} + {{- end }} + {{- if or .Values.tls.truststorePassword .Values.tls.autoGenerated }} + truststore-password: {{ include "cassandra.truststore.password" . | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/cassandra/templates/extra-list.yaml b/charts/cassandra/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/charts/cassandra/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/cassandra/templates/headless-svc.yaml b/charts/cassandra/templates/headless-svc.yaml new file mode 100644 index 0000000..95dd905 --- /dev/null +++ b/charts/cassandra/templates/headless-svc.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-headless + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: intra + port: 7000 + targetPort: intra + - name: tls + port: 7001 + targetPort: tls + - name: jmx + port: 7199 + targetPort: jmx + - name: cql + port: {{ .Values.service.ports.cql }} + targetPort: cql + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/cassandra/templates/networkpolicy.yaml b/charts/cassandra/templates/networkpolicy.yaml new file mode 100644 index 0000000..dc09d6f --- /dev/null +++ b/charts/cassandra/templates/networkpolicy.yaml @@ -0,0 +1,43 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + # CQL port + - ports: + - port: {{ .Values.service.ports.cql }} + from: + {{- if not .Values.networkPolicy.allowExternal }} + - podSelector: + matchLabels: + {{ include "common.names.fullname" . }}-client: "true" + {{- end }} + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} + # Internal ports + - ports: + - port: intra + - port: tls + - port: jmx + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} + {{- if .Values.metrics.enabled }} + # Allow prometheus scrapes for metrics + - ports: + - port: {{ .Values.metrics.containerPorts.http | default "8080" }} + {{- end }} +{{- end }} diff --git a/charts/cassandra/templates/pdb.yaml b/charts/cassandra/templates/pdb.yaml new file mode 100644 index 0000000..2760f34 --- /dev/null +++ b/charts/cassandra/templates/pdb.yaml @@ -0,0 +1,23 @@ +{{- if .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/cassandra/templates/rbac.yaml b/charts/cassandra/templates/rbac.yaml new file mode 100644 index 0000000..5f130cb --- /dev/null +++ b/charts/cassandra/templates/rbac.yaml @@ -0,0 +1,42 @@ +--- +#apiVersion: rbac.authorization.k8s.io/v1beta1 +#kind: ClusterRoleBinding +#metadata: +# name: {{.Chart.Name}}-rbac +#roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: ClusterRole +# name: cluster-admin +#subjects: +# - kind: ServiceAccount +# name: {{.Values.serviceAccount.name}} +# namespace: {{.Values.namespace}} +--- +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-binding +subjects: +- kind: ServiceAccount + name: {{ include "cassandra.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role + apiGroup: rbac.authorization.k8s.io + diff --git a/charts/cassandra/templates/service.yaml b/charts/cassandra/templates/service.yaml new file mode 100644 index 0000000..578aac5 --- /dev/null +++ b/charts/cassandra/templates/service.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + ports: + - name: cql + port: {{ .Values.service.ports.cql }} + targetPort: cql + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.cql)) }} + nodePort: {{ .Values.service.nodePorts.cql }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: metrics + port: {{ .Values.service.ports.metrics }} + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.metrics)) }} + nodePort: {{ .Values.service.nodePorts.metrics }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/cassandra/templates/serviceaccount.yaml b/charts/cassandra/templates/serviceaccount.yaml new file mode 100644 index 0000000..abe122a --- /dev/null +++ b/charts/cassandra/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "cassandra.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/cassandra/templates/servicemonitor.yaml b/charts/cassandra/templates/servicemonitor.yaml new file mode 100644 index 0000000..f9001ac --- /dev/null +++ b/charts/cassandra/templates/servicemonitor.yaml @@ -0,0 +1,43 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/charts/cassandra/templates/statefulset.yaml b/charts/cassandra/templates/statefulset.yaml new file mode 100644 index 0000000..fa5079d --- /dev/null +++ b/charts/cassandra/templates/statefulset.yaml @@ -0,0 +1,558 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + serviceName: {{ include "common.names.fullname" . }}-headless + podManagementPolicy: {{ .Values.podManagementPolicy }} + replicas: {{ .Values.replicaCount }} + updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} + {{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }} + annotations: + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + {{- if .Values.metrics.podAnnotations }} + {{- toYaml .Values.metrics.podAnnotations | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "cassandra.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "cassandra.serviceAccountName" . }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.initContainers (include "cassandra.tlsEncryption" . ) (and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled) }} + initContainers: + {{- if and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "cassandra.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data + chmod 700 {{ .Values.persistence.mountPath }}/data + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if .Values.persistence.commitStorageClass }} + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.commitLogMountPath }}/commitlog + chmod 700 {{ .Values.persistence.commitLogMountPath }}/commitlog + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs -r chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.commitLogMountPath }} + - name: commitlog + mountPath: {{ .Values.persistence.commitLogMountPath }} + {{- end }} + {{- end }} + {{- if (include "cassandra.tlsEncryption" . ) }} + - name: init-certs + image: {{ include "cassandra.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - /bin/bash + - -ec + - |- + {{- if .Values.tls.autoGenerated }} + if [[ -f "/certs/tls.key" ]] && [[ -f "/certs/tls.crt" ]] && [[ -f "/certs/ca.crt" ]]; then + openssl pkcs12 -export -in "/certs/tls.crt" \ + -passout pass:"${CASSANDRA_KEYSTORE_PASSWORD}" \ + -inkey "/certs/tls.key" \ + -out "/tmp/keystore.p12" + keytool -importkeystore -srckeystore "/tmp/keystore.p12" \ + -srcstoretype PKCS12 \ + -srcstorepass "${CASSANDRA_KEYSTORE_PASSWORD}" \ + -deststorepass "${CASSANDRA_KEYSTORE_PASSWORD}" \ + -destkeystore "/opt/bitnami/cassandra/certs/keystore" + rm "/tmp/keystore.p12" + keytool -import -file "/certs/ca.crt" \ + -keystore "/opt/bitnami/cassandra/certs/truststore" \ + -storepass "${CASSANDRA_TRUSTSTORE_PASSWORD}" \ + -noprompt + else + echo "Couldn't find the expected PEM certificates! They are mandatory when encryption via TLS is enabled." + exit 1 + fi + {{- else }} + if [[ -f "/certs/truststore" ]] && [[ -f "/certs/keystore" ]]; then + cp "/certs/truststore" "/opt/bitnami/cassandra/certs/truststore" + cp "/certs/keystore" "/opt/bitnami/cassandra/certs/keystore" + else + echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when encryption via TLS is enabled." + exit 1 + fi + {{- end }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + {{- if or .Values.tls.passwordsSecret .Values.tlsEncryptionSecretName .Values.tls.truststorePassword .Values.tls.autoGenerated }} + - name: CASSANDRA_TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ (include "cassandra.tlsPasswordsSecret" .) }} + key: truststore-password + {{- end }} + {{- if or .Values.tls.passwordsSecret .Values.tlsEncryptionSecretName .Values.tls.keystorePassword .Values.tls.autoGenerated }} + - name: CASSANDRA_KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ (include "cassandra.tlsPasswordsSecret" .) }} + key: keystore-password + {{- end }} + {{- if .Values.tls.resources }} + resources: {{- toYaml .Values.tls.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: certs + mountPath: /certs + - name: certs-shared + mountPath: /opt/bitnami/cassandra/certs + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.hostNetwork }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + {{- end }} + containers: + - name: cassandra + command: + {{- if .Values.command }} + {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- else }} + - bash + - -ec + - | + # Node 0 is the password seeder + if [[ $POD_NAME =~ (.*)-0$ ]]; then + echo "Setting node as password seeder" + export CASSANDRA_PASSWORD_SEEDER=yes + else + # Only node 0 will execute the startup initdb scripts + export CASSANDRA_IGNORE_INITDB_SCRIPTS=1 + fi + /opt/bitnami/scripts/cassandra/entrypoint.sh /opt/bitnami/scripts/cassandra/run.sh + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + image: {{ include "cassandra.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: CASSANDRA_CLUSTER_NAME + value: {{ .Values.cluster.name }} + - name: CASSANDRA_SEEDS + value: {{ (include "cassandra.seeds" .) | quote }} + - name: CASSANDRA_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.dbUser.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.dbUser.existingSecret "key" "cassandra-password") }} + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CASSANDRA_USER + value: {{ .Values.dbUser.user | quote }} + - name: CASSANDRA_NUM_TOKENS + value: {{ .Values.cluster.numTokens | quote }} + - name: CASSANDRA_DATACENTER + value: {{ .Values.cluster.datacenter }} + - name: CASSANDRA_ENDPOINT_SNITCH + value: {{ .Values.cluster.endpointSnitch }} + - name: CASSANDRA_KEYSTORE_LOCATION + value: "/opt/bitnami/cassandra/certs/keystore" + - name: CASSANDRA_TRUSTSTORE_LOCATION + value: "/opt/bitnami/cassandra/certs/truststore" + {{- if ne "none" (include "cassandra.internode.tlsEncryption" .) }} + - name: CASSANDRA_INTERNODE_ENCRYPTION + value: {{ (include "cassandra.internode.tlsEncryption" .) | quote }} + {{- end }} + {{- if (include "cassandra.client.tlsEncryption" .) }} + - name: CASSANDRA_CLIENT_ENCRYPTION + value: "true" + {{- end }} + {{- if or .Values.tls.passwordsSecret .Values.tlsEncryptionSecretName .Values.tls.truststorePassword .Values.tls.autoGenerated }} + - name: CASSANDRA_TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ (include "cassandra.tlsPasswordsSecret" .) }} + key: truststore-password + {{- end }} + {{- if or .Values.tls.passwordsSecret .Values.tlsEncryptionSecretName .Values.tls.keystorePassword .Values.tls.autoGenerated }} + - name: CASSANDRA_KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ (include "cassandra.tlsPasswordsSecret" .) }} + key: keystore-password + {{- end }} + - name: CASSANDRA_RACK + value: {{ .Values.cluster.rack }} + {{- if .Values.jvm.maxHeapSize }} + - name: MAX_HEAP_SIZE + value: {{ .Values.jvm.maxHeapSize | quote }} + {{- end }} + {{- if .Values.jvm.newHeapSize }} + - name: HEAP_NEWSIZE + value: {{ .Values.jvm.newHeapSize | quote }} + {{- end }} + {{- if .Values.jvm.extraOpts }} + - name: JVM_EXTRA_OPTS + value: {{ .Values.jvm.extraOpts | quote }} + {{- end }} + {{- if .Values.cluster.enableUDF }} + - name: CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS + value: {{ .Values.cluster.enableUDF | quote }} + {{- end }} + {{- if .Values.containerPorts.intra }} + - name: CASSANDRA_TRANSPORT_PORT_NUMBER + value: {{ .Values.containerPorts.intra | quote }} + {{- end }} + {{- if .Values.containerPorts.jmx }} + - name: CASSANDRA_JMX_PORT_NUMBER + value: {{ .Values.containerPorts.jmx | quote }} + {{- end }} + {{- if .Values.containerPorts.cql }} + - name: CASSANDRA_CQL_PORT_NUMBER + value: {{ .Values.containerPorts.cql | quote }} + {{- end }} + {{- if .Values.persistence.commitLogMountPath }} + - name: CASSANDRA_COMMITLOG_DIR + value: {{ .Values.persistence.commitLogMountPath | quote }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/bash + - -ec + - | + nodetool status + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/bash + - -ec + - | + nodetool status | grep -E "^UN\\s+${POD_IP}" + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + exec: + command: + - /bin/bash + - -ec + - | + nodetool status | grep -E "^UN\\s+${POD_IP}" + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if and (not .Values.lifecycleHooks) (not .Values.persistence.enabled) }} + lifecycle: + preStop: + exec: + command: + - bash + - -ec + - nodetool decommission + {{- else if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- end }} + ports: + - name: intra + containerPort: {{ .Values.containerPorts.intra | default "7000" }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.containerPorts.intra }} + {{- end }} + - name: tls + containerPort: {{ .Values.containerPorts.tls | default "7001" }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.containerPorts.tls }} + {{- end }} + - name: jmx + containerPort: {{ .Values.containerPorts.jmx | default "7199" }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.containerPorts.jmx }} + {{- end }} + - name: cql + containerPort: {{ .Values.containerPorts.cql | default "9042" }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.containerPorts.cql }} + {{- end }} + {{- if .Values.resources }} + resources: {{ toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.commitStorageClass }} + - name: commitlog + mountPath: {{ .Values.persistence.commitLogMountPath }} + {{- end }} + {{- if (include "cassandra.tlsEncryption" . ) }} + - name: certs-shared + mountPath: /opt/bitnami/cassandra/certs + {{- end }} + {{- if .Values.initDBConfigMap }} + - name: init-db-cm + mountPath: /docker-entrypoint-initdb.d/configmap + {{- end }} + {{- if .Values.initDBSecret }} + - name: init-db-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{ if .Values.existingConfiguration }} + - name: configurations + mountPath: {{ .Values.persistence.mountPath }}/conf + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "cassandra.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.hostNetwork }} + env: + - name: CASSANDRA_EXPORTER_CONFIG_listenPort + value: {{ .Values.metrics.containerPorts.http | quote }} + - name: CASSANDRA_EXPORTER_CONFIG_host + value: localhost:{{ .Values.containerPorts.jmx }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPorts.http | default "8080" }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.metrics.containerPorts.http }} + {{- end }} + protocol: TCP + - name: jmx + containerPort: {{ .Values.metrics.containerPorts.jmx | default "5555" }} + {{- if .Values.hostNetwork }} + hostPort: {{ .Values.metrics.containerPorts.jmx }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + livenessProbe: + tcpSocket: + port: metrics + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 20 + timeoutSeconds: 45 + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if (include "cassandra.tlsEncryption" . ) }} + - name: certs + secret: + secretName: {{ include "cassandra.tlsSecretName" . }} + defaultMode: 256 + - name: certs-shared + emptyDir: {} + {{- end }} + {{- if .Values.existingConfiguration }} + - name: configurations + configMap: + name: {{ tpl .Values.existingConfiguration $ }} + {{- end }} + {{- if .Values.initDBConfigMap }} + - name: init-db-cm + configMap: + name: {{ tpl .Values.initDBConfigMap $ }} + {{- end }} + {{- if .Values.initDBSecret }} + - name: init-db-secret + secret: + secretName: {{ tpl .Values.initDBSecret $ }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + labels: {{- include "common.labels.matchLabels" . | nindent 10 }} + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} + {{- if .Values.persistence.commitLogMountPath }} + - metadata: + name: commitlog + labels: {{- include "common.labels.matchLabels" . | nindent 10 }} + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.commitLogsize | quote }} + {{- include "cassandra.commitstorage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} + {{- end }} + {{- end }} diff --git a/charts/cassandra/templates/tls-secret.yaml b/charts/cassandra/templates/tls-secret.yaml new file mode 100644 index 0000000..5938f07 --- /dev/null +++ b/charts/cassandra/templates/tls-secret.yaml @@ -0,0 +1,25 @@ +{{- if (include "cassandra.createTlsSecret" . ) }} + +{{- $tlsCertStr := regexSplit "###" (include "cassandra.getTlsCertStrFromSecret" .) -1 }} +{{- $ca := index $tlsCertStr 0 }} +{{- $crt := index $tlsCertStr 1 }} +{{- $key := index $tlsCertStr 2 }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-crt + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + ca.crt: {{ $ca | b64enc | quote }} + tls.crt: {{ $crt | b64enc | quote }} + tls.key: {{ $key | b64enc | quote }} +{{- end }} diff --git a/charts/cassandra/values.yaml b/charts/cassandra/values.yaml new file mode 100644 index 0000000..2cc6971 --- /dev/null +++ b/charts/cassandra/values.yaml @@ -0,0 +1,775 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters +## + +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param commonLabels Labels to add to all deployed objects (sub-charts are not considered) +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section Cassandra parameters +## + +## Bitnami Cassandra image +## ref: https://hub.docker.com/r/bitnami/cassandra/tags/ +## @param image.registry Cassandra image registry +## @param image.repository Cassandra image repository +## @param image.tag Cassandra image tag (immutable tags are recommended) +## @param image.pullPolicy image pull policy +## @param image.pullSecrets Cassandra image pull secrets +## @param image.debug Enable image debug mode +## +image: + registry: docker.io + repository: bitnami/cassandra + tag: 4.0.3-debian-10-r68 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false + +## Secret with keystore, keystore password, truststore, truststore password +## DEPRECATED. Use tls.existingSecret instead +# tlsEncryptionSecretName: + +## Database credentials +## @param dbUser.user Cassandra admin user +## @param dbUser.forcePassword Force the user to provide a non +## @param dbUser.password Password for `dbUser.user`. Randomly generated if empty +## @param dbUser.existingSecret Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`) +## +dbUser: + user: cassandra + forcePassword: false + password: "cassandra" + ## Use an existing secrets which already stores your password data. + ## for backwards compatibility, existingSecret can be a simple string, + ## referencing the secret by name. + ## existingSecret: + ## ## Name of the existing secret + ## ## + ## name: mySecret + ## ## Key mapping where is the value which the deployment is expecting and + ## ## is the name of the key in the existing secret. + ## ## + ## keyMapping: + ## cassandra-password: myCassandraPasswordKey + ## + existingSecret: "" + +## @param initDBConfigMap ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data +## +initDBConfigMap: "" +## @param initDBSecret Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data +## +initDBSecret: "" +## @param existingConfiguration ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart +## +existingConfiguration: "" +## Cluster parameters +## @param cluster.name Cassandra cluster name +## @param cluster.seedCount Number of seed nodes +## @param cluster.numTokens Number of tokens for each node +## @param cluster.datacenter Datacenter name +## @param cluster.rack Rack name +## @param cluster.endpointSnitch Endpoint Snitch +## @param cluster.internodeEncryption DEPRECATED: use tls.internode and tls.client instead. Encryption values. +## @param cluster.clientEncryption Client Encryption +## @param cluster.extraSeeds For an external/second cassandra ring. +## @param cluster.enableUDF Enable User defined functions +## +cluster: + name: cassandra + seedCount: 1 + numTokens: 256 + datacenter: dc1 + rack: rack1 + endpointSnitch: GossipingPropertyFileSnitch + ## NOTE: internodeEncryption requires tlsEncryptionSecretName + ## + internodeEncryption: none + clientEncryption: false + ## eg: + ## extraSeeds: + ## - hostname/IP + ## - hostname/IP + ## + extraSeeds: [] + enableUDF: false + +## JVM Settings +## @param jvm.extraOpts Set the value for Java Virtual Machine extra options +## @param jvm.maxHeapSize Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` +## @param jvm.newHeapSize Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil` +## +jvm: + extraOpts: "" + ## Memory settings: These are calculated automatically unless specified otherwise + ## To run on environments with little resources (<= 8GB), tune your heap settings: + ## - calculate 1/2 ram and cap to 1024MB + ## - calculate 1/4 ram and cap to 8192MB + ## - pick the max + ## + maxHeapSize: "" + ## newHeapSize: + ## A good guideline is 100 MB per CPU core. + ## - min(100 * num_cores, 1/4 * heap size) + ## ref: https://docs.datastax.com/en/archived/cassandra/2.0/cassandra/operations/ops_tune_jvm_c.html + ## + newHeapSize: "" +## @param command Command for running the container (set to default if not set). Use array form +## +command: [] +## @param args Args for running the container (set to default if not set). Use array form +## +args: [] +## @param extraEnvVars Extra environment variables to be set on cassandra container +## For example: +## - name: FOO +## value: BAR +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars +## +extraEnvVarsSecret: "" + +## @section Statefulset parameters +## + +## @param replicaCount Number of Cassandra replicas +## +replicaCount: 3 +## @param updateStrategy.type updateStrategy for Cassandra statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate +## @param hostAliases Add deployment host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param podManagementPolicy StatefulSet pod management policy +## +podManagementPolicy: OrderedReady +## @param priorityClassName Cassandra pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param podAnnotations Additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podLabels Additional pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment +## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## The value is evaluated as a template +## +topologySpreadConstraints: [] +## Pod security context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled Cassandra pods' Security Context +## @param podSecurityContext.fsGroup Set Cassandra pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Configure Container Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context +## @param containerSecurityContext.runAsUser Set Cassandra container's Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Force the container to be run as non root +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## Cassandra pods' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## Minimum memory for development is 4GB and 2 CPU cores +## Minimum memory for production is 8GB and 4 CPU cores +## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html +## +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for Cassandra containers +## @param resources.requests The requested resources for Cassandra containers +## +resources: + ## Example: + ## limits: + ## cpu: 2 + ## memory: 4Gi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 2 + ## memory: 4Gi + ## + requests: {} +## Configure extra options for Cassandra containers' liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +## Configure extra options for startup probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 60 +## @param customLivenessProbe Custom livenessProbe that overrides the default one +## +customLivenessProbe: {} +## @param customReadinessProbe Custom readinessProbe that overrides the default one +## +customReadinessProbe: {} +## @param customStartupProbe [object] Override default startup probe +## +customStartupProbe: {} +## @param lifecycleHooks [object] Override default etcd container hooks +## +lifecycleHooks: {} +## @param schedulerName Alternative scheduler +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param extraVolumes Optionally specify extra list of additional volumes for cassandra container +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for cassandra container +## +extraVolumeMounts: [] +## @param initContainers Add additional init containers to the cassandra pods +## +initContainers: [] +## @param sidecars Add additional sidecar containers to the cassandra pods +## +sidecars: [] +## Cassandra Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: false + ## @param pdb.minAvailable Mininimum number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction + ## + maxUnavailable: "" +## @param hostNetwork Enable HOST Network +## If hostNetwork true -> dnsPolicy is set to ClusterFirstWithHostNet +## +hostNetwork: false +## Cassandra container ports to open +## If hostNetwork true: the hostPort is set identical to the containerPort +## @param containerPorts.intra Intra Port on the Host and Container +## @param containerPorts.tls TLS Port on the Host and Container +## @param containerPorts.jmx JMX Port on the Host and Container +## @param containerPorts.cql CQL Port on the Host and Container +## +containerPorts: + intra: 7000 + tls: 7001 + jmx: 7199 + cql: 9042 + +## @section RBAC parameters +## + +## Cassandra pods ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable the creation of a ServiceAccount for Cassandra pods + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the cassandra.fullname template + ## + name: "" + ## @param serviceAccount.annotations Annotations for Cassandra Service Account + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account. + ## + automountServiceAccountToken: true + +## @section Traffic Exposure Parameters +## + +## Cassandra service parameters +## +service: + ## @param service.type Cassandra service type + ## + type: ClusterIP + ## @param service.ports.cql Cassandra service CQL Port + ## @param service.ports.metrics Cassandra service metrics port + ## + ports: + cql: 9042 + metrics: 8080 + ## Node ports to expose + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## @param service.nodePorts.cql Node port for CQL + ## @param service.nodePorts.metrics Node port for metrics + ## + nodePorts: + cql: "" + metrics: "" + ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.loadBalancerIP LoadBalancerIP if service type is `LoadBalancer` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.clusterIP Service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.externalTrafficPolicy Service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Provide any additional annotations which may be required. + ## This can be used to set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} +## Network policies +## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port Redis™ is listening + ## on. When true, Redis™ will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + +## @section Persistence parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable Cassandra data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## @param persistence.storageClass PVC Storage Class for Cassandra data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "nfs-client" + ## @param persistence.commitStorageClass PVC Storage Class for Cassandra Commit Log volume + ## Storage class to use with CASSANDRA_COMMITLOG_DIR to reduce the concurrence for writing data and commit logs + ## ref: https://github.com/bitnami/bitnami-docker-cassandra + ## If set to "-", commitStorageClass: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + commitStorageClass: "" + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.accessModes Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for Cassandra data volume + ## + size: 8Gi + ## @skip persistence.commitLogsize PVC Storage Request for Cassandra commit log volume + ## + # commitLogsize: 2Gi + ## @param persistence.mountPath The path the data volume will be mounted at + ## + mountPath: /bitnami/cassandra + ## @skip persistence.commitLogMountPath The path the commit log volume will be mounted at + ## + # commitLogMountPath: /bitnami/cassandra/commitlog + +## @section Volume Permissions parameters +## + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume + ## @param volumePermissions.image.repository Init container volume + ## @param volumePermissions.image.tag Init container volume + ## @param volumePermissions.image.pullPolicy Init container volume + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r410 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: + - "regcred" + ## Init container' resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resources.limits The resources limits for the container + ## @param volumePermissions.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## @param volumePermissions.securityContext.runAsUser User ID for the init container + ## + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## @section Metrics parameters +## + +## Cassandra Prometheus exporter configuration +## +metrics: + ## @param metrics.enabled Start a side-car prometheus exporter + ## + enabled: false + ## Bitnami Cassandra Exporter image + ## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/ + ## @param metrics.image.registry Cassandra exporter image registry + ## @param metrics.image.repository Cassandra exporter image name + ## @param metrics.image.tag Cassandra exporter image tag + ## @param metrics.image.pullPolicy image pull policy + ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + pullPolicy: IfNotPresent + repository: bitnami/cassandra-exporter + tag: 2.3.8-debian-10-r33 + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Cassandra Prometheus exporter resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param metrics.resources.limits The resources limits for the container + ## @param metrics.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: monitoring + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## @param metrics.serviceMonitor.additionalLabels Used to pass Labels that are required by the installed Prometheus Operator + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + + ## Metrics container ports to open + ## If hostNetwork true: the hostPort is set identical to the containerPort + ## @param metrics.containerPorts.http HTTP Port on the Host and Container + ## @param metrics.containerPorts.jmx JMX Port on the Host and Container + ## + containerPorts: + http: 8080 + jmx: 5555 + +## @section TLS/SSL parameters +## + +## TLS/SSL parameters +## @param tls.internodeEncryption Set internode encryption +## @param tls.clientEncryption Set client-server encryption +## @param tls.autoGenerated Generate automatically self-signed TLS certificates. Currently only supports PEM certificates +## @param tls.existingSecret Existing secret that contains Cassandra Keystore and truststore +## @param tls.passwordsSecret Secret containing the Keystore and Truststore passwords if needed +## @param tls.keystorePassword Password for the keystore, if needed. +## @param tls.truststorePassword Password for the truststore, if needed. +## @param tls.resources.limits The resources limits for the TLS init container +## @param tls.resources.requests The requested resources for the TLS init container +## @param tls.certificatesSecret Secret with the TLS certificates. +## @param tls.tlsEncryptionSecretName Secret with the encryption of the TLS certificates +## +tls: + internodeEncryption: none + clientEncryption: false + autoGenerated: false + existingSecret: "" + passwordsSecret: "" + keystorePassword: "" + truststorePassword: "" + certificatesSecret: "" + tlsEncryptionSecretName: "" + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} diff --git a/charts/magma-oai-mme/Chart.yaml b/charts/magma-oai-mme/Chart.yaml index 16d60ac..bd1f4d5 100644 --- a/charts/magma-oai-mme/Chart.yaml +++ b/charts/magma-oai-mme/Chart.yaml @@ -17,7 +17,7 @@ icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_fin # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.1 +version: 1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. diff --git a/charts/magma-oai-mme/templates/deployment.yaml b/charts/magma-oai-mme/templates/deployment.yaml index 1016f31..b12752d 100644 --- a/charts/magma-oai-mme/templates/deployment.yaml +++ b/charts/magma-oai-mme/templates/deployment.yaml @@ -19,7 +19,7 @@ spec: annotations: k8s.v1.cni.cncf.io/networks: >- [{ - "name": "{{ .Chart.Name }}-{{ .Values.namespace }}-net1", + "name": "{{ .Chart.Name }}-net1", "default-route": ["{{ .Values.mmeConf.mmeS1cGw }}"] }] spec: @@ -30,17 +30,26 @@ spec: {{- toYaml . | nindent 8}} {{- end}} containers: - {{- if .Values.start.tcpdump}} - name: tcpdump - image: "network-tools-rhel8:v4.10.0-202205022327.p0.gbcfec9c.assembly.stream" - volumeMounts: - - mountPath: /pcap - name: {{.Chart.Name}}-{{.Values.namespace}}-pv + image: "{{ .Values.tcpdumpimage.repository }}:{{ .Values.tcpdumpimage.version }}" + imagePullPolicy: {{ .Values.tcpdumpimage.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.start.tcpdump}} command: - - /bin/sh - - -c - - /usr/sbin/tcpdump -i any -C 100 -W 10 -w /pcap/magma-oai-mme_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap - {{- end}} + - /bin/sh + - -c + - /usr/sbin/tcpdump -i any -C 100 -W 10 -w /pcap/magma-oai-mme_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + {{- else}} + command: + - /bin/sleep + - infinity + {{- end}} + {{- if .Values.persistence.enabled}} + volumeMounts: + - mountPath: "/pcap" + name: cn4g-pv + {{- end}} - name: redis image: "{{.Values.image.repository}}:{{.Values.image.version}}" command: @@ -54,7 +63,7 @@ spec: {{- end}} volumeMounts: - mountPath: /var/log - name: {{.Chart.Name}}-{{.Values.namespace}}-pv + name: {{.Chart.Name}}-pv - name: mme image: "{{.Values.image.repository}}:{{.Values.image.version}}" imagePullPolicy: {{.Values.image.pullPolicy}} @@ -73,11 +82,11 @@ spec: - name: MME_FQDN valueFrom: configMapKeyRef: - name: {{ .Chart.Name}}-{{.Values.namespace}}-configmap + name: {{ .Chart.Name}}-{{ .Release.Namespace }}-configmap key: mmeService volumeMounts: - mountPath: /var/log - name: {{.Chart.Name}}-{{.Values.namespace}}-pv + name: {{.Chart.Name}}-pv - mountPath: /magma/etc/mme_fd.conf name: fd-vol subPath: mme_fd.conf @@ -101,9 +110,11 @@ spec: - infinity {{- end}} volumes: - - name: {{.Chart.Name}}-{{.Values.namespace}}-pv + {{- if .Values.persistence.enabled}} + - name: cn4g-pv persistentVolumeClaim: - claimName: {{.Chart.Name}}-{{.Values.namespace}}-pvc + claimName: cn4g-pvc + {{- end }} - configMap: name: mme-cfg-configmap name: cfg-vol @@ -118,5 +129,11 @@ spec: restartPolicy: Always schedulerName: default-scheduler serviceAccountName: {{.Values.serviceAccount.name}} - terminationGracePeriodSeconds: 15 - nodeName: perse.5glab.nsa.eurecom.fr + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- if .Values.nodeSelector}} + nodeSelector: {{- toYaml .Values.nodeSelector | nindent 4 }} + {{- end }} + {{- if .Values.nodeName}} + nodeName: {{ .Values.nodeName }} + {{- end }} + diff --git a/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml b/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml index 25e382d..64d462d 100644 --- a/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml +++ b/charts/magma-oai-mme/templates/mme-cfg-configmap.yaml @@ -7,7 +7,7 @@ data: mme.conf: | MME : { - REALM = "{{ .Values.namespace }}.{{ .Values.mmeConf.domainName }}" + REALM = "{{ .Release.Namespace }}.{{ .Values.mmeConf.domainName }}" PID_DIRECTORY = "/var/run"; # Define the limits of the system in terms of served eNB and served UE. # When the limits will be reached, overload procedure will take place. diff --git a/charts/magma-oai-mme/templates/mme-configmap.yaml b/charts/magma-oai-mme/templates/mme-configmap.yaml index 4b0b68e..ed0ce8c 100644 --- a/charts/magma-oai-mme/templates/mme-configmap.yaml +++ b/charts/magma-oai-mme/templates/mme-configmap.yaml @@ -2,6 +2,6 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{.Chart.Name}}-{{.Values.namespace}}-configmap + name: {{.Chart.Name}}-{{ .Release.Namespace }}-configmap data: - mmeService: {{.Values.mmeConf.fdMmeHostname}}.{{.Values.namespace}}.{{.Values.mmeConf.domainName}} + mmeService: {{.Values.mmeConf.fdMmeHostname}}.{{ .Release.Namespace }}.{{.Values.mmeConf.domainName}} diff --git a/charts/magma-oai-mme/templates/mme-fd-configmap.yaml b/charts/magma-oai-mme/templates/mme-fd-configmap.yaml index 04f5639..46d5bd7 100644 --- a/charts/magma-oai-mme/templates/mme-fd-configmap.yaml +++ b/charts/magma-oai-mme/templates/mme-fd-configmap.yaml @@ -17,8 +17,8 @@ data: ################################################################################ # -------- Local --------- # Uncomment if the framework cannot resolv it. - Identity = "{{ .Values.mmeConf.fdMmeHostname }}.{{ .Values.namespace }}.{{ .Values.mmeConf.domainName }}"; - Realm = "{{ .Values.namespace }}.{{ .Values.mmeConf.domainName }}"; + Identity = "{{ .Values.mmeConf.fdMmeHostname }}.{{ .Release.Namespace }}.{{ .Values.mmeConf.domainName }}"; + Realm = "{{ .Release.Namespace }}.{{ .Values.mmeConf.domainName }}"; # TLS configuration (see previous section) TLS_Cred = "{{ .Values.mmeConf.prefix }}/etc/mme.cert.pem", "{{ .Values.mmeConf.prefix }}/etc/mme.key.pem"; @@ -162,4 +162,4 @@ data: # incoming connections from other peers, see the acl_wl.fdx? extension which # allows exactly this. ConnectPeer= "{{ .Values.mmeConf.fdHssHostname }}.{{ .Values.mmeConf.hssDomainName }}" { ConnectTo = "{{ .Values.mmeConf.hssIp }}"; No_SCTP ; No_IPv6; Prefer_TCP; No_TLS; port = {{ .Values.service.peerDiameterPort }};}; - \ No newline at end of file + diff --git a/charts/magma-oai-mme/templates/multus.yaml b/charts/magma-oai-mme/templates/multus.yaml index 2b1c98d..a7ee289 100644 --- a/charts/magma-oai-mme/templates/multus.yaml +++ b/charts/magma-oai-mme/templates/multus.yaml @@ -2,12 +2,12 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 + name: {{ .Chart.Name }}-net1 spec: config: '{ "cniVersion": "0.3.0", "type": "macvlan", - "master": "bond0", + "master": {{- cat .Values.multus.hostInterface | nospace | quote }}, "mode": "bridge", "ipam": { "type": "static", diff --git a/charts/magma-oai-mme/templates/rbac.yaml b/charts/magma-oai-mme/templates/rbac.yaml index 42823ad..2ca3bea 100644 --- a/charts/magma-oai-mme/templates/rbac.yaml +++ b/charts/magma-oai-mme/templates/rbac.yaml @@ -1,13 +1,42 @@ --- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding +#apiVersion: rbac.authorization.k8s.io/v1beta1 +#kind: ClusterRoleBinding +#metadata: +# name: {{.Chart.Name}}-rbac +#roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: ClusterRole +# name: cluster-admin +#subjects: +# - kind: ServiceAccount +# name: {{.Values.serviceAccount.name}} +# namespace: {{.Values.namespace}} +--- +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: - name: {{.Chart.Name}}-rbac + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-binding +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace }} roleRef: + kind: Role + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: {{.Values.serviceAccount.name}} - namespace: {{.Values.namespace}} + diff --git a/charts/magma-oai-mme/values.yaml b/charts/magma-oai-mme/values.yaml index 17e8071..bb347d7 100644 --- a/charts/magma-oai-mme/values.yaml +++ b/charts/magma-oai-mme/values.yaml @@ -5,16 +5,22 @@ replicaCount: 1 -namespace: "oai4g" - image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai4g/magma-oai-mme + repository: magma-oai-mme # version: stable version: oai-oc # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always +tcpdumpimage: + registry: local + repository: network-tools-rhel8 + version: v4.10.0-202205022327.p0.gbcfec9c.assembly.stream + #pullPolicy: IfNotPresent or Never or Always + pullPolicy: IfNotPresent + + imagePullSecrets: [] nameOverride: "" @@ -47,6 +53,12 @@ persistence: # make it true for the first time when you want to create persistance volume # and then false enabled: false + volumeName: managed-nfs-storage + size: 1Gi + + +multus: + hostInterface: "bond0" # Interface of the host machine on which this pod will be scheduled service: type: ClusterIP @@ -59,7 +71,7 @@ service: start: mme: true redis: true - tcpdump: true + tcpdump: false mmeConf: # source file folder @@ -96,17 +108,17 @@ mmeConf: apnCorrectionMapList: - imsiPrefix: "00101" apnOverride: "magma.ipv4" - mmeIpS1c: "192.168.18.150" - mmeS1cGw: "192.168.18.129" - mmeNetmaskS1c: "24" - mmeIpS11: "192.168.18.150" - mmeNetmaskS11: "24" + mmeIpS1c: "172.21.6.182" + mmeS1cGw: "172.21.7.254" + mmeNetmaskS1c: "22" + mmeIpS11: "172.21.6.182" + mmeNetmaskS11: "22" s1apIfaceName: "net1" s11IfaceName: "net1" - remoteSgwIp: "192.168.18.156" + remoteSgwIp: "172.21.6.181" taiList: | ({ MCC="208";MNC="99";TAC="1";},{ MCC="208";MNC="99";TAC="2";},{ MCC="208";MNC="99";TAC="3";},{ MCC="208";MNC="99";TAC="4";}); - hssIp: "192.168.18.176" + hssIp: "172.21.6.180" resources: # We usually recommend not to specify default resources and to leave this as a @@ -125,3 +137,8 @@ nodeSelector: {} tolerations: [] affinity: {} + +terminationGracePeriodSeconds: 30 + +nodeName: + diff --git a/charts/oai-hss/templates/deployment.yaml b/charts/oai-hss/templates/deployment.yaml index 65a4594..672421b 100644 --- a/charts/oai-hss/templates/deployment.yaml +++ b/charts/oai-hss/templates/deployment.yaml @@ -16,7 +16,7 @@ spec: labels: {{- include "oai-hss.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-net1 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} @@ -26,11 +26,11 @@ spec: {{- end }} initContainers: - name: init-db - image: image-registry.openshift-image-registry.svc:5000/oai4g/cassandra:3.11.6-ubi7 + image: "{{ .Values.cassandra.repository }}:{{ .Values.cassandra.version }}" command: - sh - -c - - cqlsh cassandra-0.cassandra.{{ .Values.namespace }}.svc.cluster.local --file /root/oai_db.cql + - cqlsh cassandra -u cassandra -p cassandra --file /root/oai_db.cql volumeMounts: - mountPath: /root name: db-schema @@ -109,11 +109,31 @@ spec: name: {{ .Chart.Name }}-configmap key: numSubscribers - name: tcpdump - image: "network-tools-rhel8:v4.10.0-202205022327.p0.gbcfec9c.assembly.stream" + image: "{{ .Values.tcpdumpimage.repository }}:{{ .Values.tcpdumpimage.version }}" + imagePullPolicy: {{ .Values.tcpdumpimage.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.start.tcpdump}} + command: + - /bin/sh + - -c + - /usr/sbin/tcpdump -i any -w /pcap/{{ .Chart.Name }}_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + {{- else}} command: - /bin/sleep - infinity + {{- end}} + {{- if .Values.persistence.enabled}} + volumeMounts: + - mountPath: "/pcap" + name: cn4g-pv + {{- end}} volumes: + {{- if .Values.persistence.enabled}} + - name: cn4g-pv + persistentVolumeClaim: + claimName: cn4g-pvc + {{- end }} - configMap: name: oai-db name: db-schema @@ -121,5 +141,5 @@ spec: restartPolicy: Always schedulerName: default-scheduler serviceAccountName: {{ .Values.serviceAccount.name }} - terminationGracePeriodSeconds: 30 + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} diff --git a/charts/oai-hss/templates/multus.yaml b/charts/oai-hss/templates/multus.yaml index c1b1a2c..0220bce 100644 --- a/charts/oai-hss/templates/multus.yaml +++ b/charts/oai-hss/templates/multus.yaml @@ -2,19 +2,18 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 + name: {{ .Chart.Name }}-net1 spec: config: '{ "cniVersion": "0.3.0", "type": "macvlan", - "master": "bond0", + "master": {{- cat .Values.multus.hostInterface | nospace | quote }}, "mode": "bridge", "ipam": { "type": "static", "addresses": [ { - "address": "172.21.6.180/22", - "gateway": "192.168.18.1" + "address": {{- cat .Values.multus.s6IPadd "/" .Values.multus.s6Netmask | nospace | quote }} } ] } diff --git a/charts/magma-oai-mme/templates/pvc.yaml b/charts/oai-hss/templates/pvc.yaml similarity index 56% rename from charts/magma-oai-mme/templates/pvc.yaml rename to charts/oai-hss/templates/pvc.yaml index 3bb3c67..0cff6ab 100644 --- a/charts/magma-oai-mme/templates/pvc.yaml +++ b/charts/oai-hss/templates/pvc.yaml @@ -3,14 +3,15 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{.Chart.Name}}-{{.Values.namespace}}-pvc + name: cn5g-pvc +# name: {{.Chart.Name}}-{{ .Release.Namespace }}-pvc annotations: "helm.sh/resource-policy": keep spec: accessModes: - ReadWriteOnce - storageClassName: managed-nfs-storage + storageClassName: {{ .Values.persistence.volumeName }} resources: requests: - storage: 1Gi + storage: {{ .Values.persistence.size }} {{- end}} diff --git a/charts/oai-hss/templates/rbac.yaml b/charts/oai-hss/templates/rbac.yaml index 4c7d8d7..18dd830 100644 --- a/charts/oai-hss/templates/rbac.yaml +++ b/charts/oai-hss/templates/rbac.yaml @@ -1,12 +1,40 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding +#apiVersion: rbac.authorization.k8s.io/v1beta1 +#kind: ClusterRoleBinding +#metadata: +# name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac +#roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: ClusterRole +# name: cluster-admin +#subjects: +#- kind: ServiceAccount +# name: {{ .Values.serviceAccount.name }} +# namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-binding subjects: - kind: ServiceAccount name: {{ .Values.serviceAccount.name }} - namespace: {{ .Values.namespace }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role + apiGroup: rbac.authorization.k8s.io + diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index 2fc0185..ce41ee7 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -4,15 +4,31 @@ replicaCount: 1 -namespace: "oai4g" - image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai4g/oai-hss - version: stable + repository: oai-hss + version: develop # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always +tcpdumpimage: + registry: local + repository: network-tools-rhel8 + version: v4.10.0-202205022327.p0.gbcfec9c.assembly.stream + #pullPolicy: IfNotPresent or Never or Always + pullPolicy: IfNotPresent + +cassandra: + registry: local + repository: bitnami/cassandra + version: 4.0.3-debian-10-r68 + #pullPolicy: IfNotPresent or Never or Always + pullPolicy: IfNotPresent + url: cassandra + username: cassandra + password: cassandra + + imagePullSecrets: [] nameOverride: "" @@ -31,6 +47,17 @@ podSecurityContext: runAsUser: 0 runAsGroup: 0 + +start: + tcpdump: false # WARNING: start tcpdump collection to analyse but beware it will take a lot of space in the container/persistent volume + +persistence: + # make it true for the first time when you want to create persistance volume + # and then false + enabled: false + volumeName: managed-nfs-storage + size: 1Gi + securityContext: privileged: true # capabilities: @@ -40,6 +67,14 @@ securityContext: # runAsNonRoot: true # runAsUser: 1000 + +multus: + create: false + s6IPadd: "172.21.6.180" + s6Netmask: "22" + s6Gateway: "172.21.7.254" + hostInterface: "bond0" # Interface of the host machine on which this pod will be scheduled + service: type: ClusterIP diameterPort: 3868 @@ -79,3 +114,8 @@ nodeSelector: {} tolerations: [] affinity: {} + +terminationGracePeriodSeconds: 30 + +nodeName: perse + diff --git a/charts/oai-mme/templates/deployment.yaml b/charts/oai-mme/templates/deployment.yaml index 860dd73..43d4f3c 100644 --- a/charts/oai-mme/templates/deployment.yaml +++ b/charts/oai-mme/templates/deployment.yaml @@ -16,7 +16,7 @@ spec: labels: {{- include "oai-mme.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1, {{ .Chart.Name }}-{{ .Values.namespace }}-net2 + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-net1, {{ .Chart.Name }}-net2 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} @@ -37,6 +37,12 @@ spec: name: oai-mme-secure - containerPort: {{ .Values.service.gtpcPort }} name: s11 + {{- if .Values.start.mme}} + {{- else}} + command: + - /bin/sleep + - infinity + {{- end}} env: - name: INSTANCE valueFrom: @@ -244,14 +250,20 @@ spec: name: {{ .Chart.Name }}-configmap key: hssIp - name: tcpdump - image: corfr/tcpdump + image: "{{ .Values.tcpdumpimage.repository }}:{{ .Values.tcpdumpimage.version }}" + imagePullPolicy: {{ .Values.tcpdumpimage.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.start.tcpdump}} + command: + - /bin/sh + - -c + - /usr/sbin/tcpdump -i any port 36412 -C 100 -W 10 -w /pcap/{{ .Chart.Name }}_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + {{- else}} command: - - /bin/sh - - -c - # /bin/mkdir /pcap - - /usr/sbin/tcpdump -i any port 36412 -C 100 -W 10 -w /pcap/S1_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap - # /bin/sleep infinity - # - -i any port 36412 -C 100 -W 2 -w /pcap/S1_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap; + - /bin/sleep + - infinity + {{- end}} volumeMounts: - mountPath: "/pcap" name: {{ .Chart.Name }}-pv @@ -264,5 +276,6 @@ spec: schedulerName: default-scheduler serviceAccountName: {{ .Values.serviceAccount.name }} terminationGracePeriodSeconds: 30 - nodeName: perse.5glab.nsa.eurecom.fr - + {{- if .Values.nodeName}} + nodeName: {{ .Values.nodeName }} + {{- end }} diff --git a/charts/oai-mme/templates/multus.yaml b/charts/oai-mme/templates/multus.yaml index 12bac87..30c6300 100644 --- a/charts/oai-mme/templates/multus.yaml +++ b/charts/oai-mme/templates/multus.yaml @@ -1,20 +1,21 @@ --- +{{- if .Values.multus.create }} apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 + name: {{ .Chart.Name }}-net1 spec: config: '{ "cniVersion": "0.3.0", "type": "macvlan", - "master": "bond0", + "master": {{- cat .Values.multus.hostInterface | nospace | quote }}, "mode": "bridge", "ipam": { "type": "static", "addresses": [ { - "address": "192.168.18.150/24", - "gateway": "192.168.18.1" + "address": {{- cat .Values.multus.s1cIPadd "/" .Values.multus.s1cNetmask | nospace | quote }}, + "gateway": {{- cat .Values.multus.s1cGateway | nospace | quote }} } ] } @@ -23,20 +24,21 @@ spec: apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net2 + name: {{ .Chart.Name }}-net2 spec: config: '{ "cniVersion": "0.3.0", "type": "macvlan", - "master": "bond0", + "master": {{- cat .Values.multus.hostInterface | nospace | quote }}, "mode": "bridge", "ipam": { "type": "static", "addresses": [ { - "address": "172.16.1.100/24", - "gateway": "172.16.1.1" + "address": {{- cat .Values.multus.s11IPadd "/" .Values.multus.s11Netmask | nospace | quote }}, + "gateway": {{- cat .Values.multus.s11Gateway | nospace | quote }} } ] } }' +{{- end }} diff --git a/charts/oai-mme/templates/pvc.yaml b/charts/oai-mme/templates/pvc.yaml index e136072..1214fd9 100644 --- a/charts/oai-mme/templates/pvc.yaml +++ b/charts/oai-mme/templates/pvc.yaml @@ -8,8 +8,8 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: managed-nfs-storage + storageClassName: {{ .Values.persistent.volumeName }} resources: requests: - storage: 1Gi + storage: {{ .Values.persistent.size }} {{- end }} diff --git a/charts/oai-mme/templates/rbac.yaml b/charts/oai-mme/templates/rbac.yaml index 4c7d8d7..58fa9d5 100644 --- a/charts/oai-mme/templates/rbac.yaml +++ b/charts/oai-mme/templates/rbac.yaml @@ -1,12 +1,40 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-binding subjects: - kind: ServiceAccount name: {{ .Values.serviceAccount.name }} - namespace: {{ .Values.namespace }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role + apiGroup: rbac.authorization.k8s.io + +#apiVersion: rbac.authorization.k8s.io/v1beta1 +#kind: ClusterRoleBinding +#metadata: +# name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac +#roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: ClusterRole +# name: cluster-admin +#subjects: +#- kind: ServiceAccount +# name: {{ .Values.serviceAccount.name }} +# namespace: {{ .Values.namespace }} diff --git a/charts/oai-mme/values.yaml b/charts/oai-mme/values.yaml index 8a0b5b5..723dd55 100644 --- a/charts/oai-mme/values.yaml +++ b/charts/oai-mme/values.yaml @@ -4,15 +4,20 @@ replicaCount: 1 -namespace: "oai" - image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai/oai-mme - version: onap-0.1.0 + repository: magma-oai-mme + version: oai-oc # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always +tcpdumpimage: + registry: local + repository: network-tools-rhel8 + version: v4.10.0-202205022327.p0.gbcfec9c.assembly.stream + #pullPolicy: IfNotPresent or Never or Always + pullPolicy: IfNotPresent + imagePullSecrets: [] nameOverride: "" @@ -40,6 +45,20 @@ securityContext: # runAsNonRoot: true # runAsUser: 1000 +multus: + create: false + s1cIPadd: "172.21.10.6" + s1cNetmask: "22" + s1cGateway: "172.21.11.254" + hostInterface: "bond0" # Interface of the host machine on which this pod will be scheduled + s11IPadd: "172.21.10.6" + s11Netmask: "22" + s11Gateway: "172.21.11.254" + +start: + mme: true + tcpdump: false # WARNING: start tcpdump collection to analyse but beware it will take a lot of space in the container/persistent volume + service: type: ClusterIP diameterPort: 3870 @@ -83,6 +102,8 @@ lte: persistence: #make it true for the first time when you want to create persistance volume and then false enabled: false + volumneName: managed-nfs-storage + size: 1Gi resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -101,3 +122,5 @@ nodeSelector: {} tolerations: [] affinity: {} + +nodeName: diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index 32b9a0b..fdfa767 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -16,7 +16,7 @@ spec: labels: {{- include "oai-spgwc.selectorLabels" . | nindent 8 }} annotations: - k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 + k8s.v1.cni.cncf.io/networks: {{ .Chart.Name }}-net1 spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} @@ -25,17 +25,26 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} containers: - {{- if .Values.start.tcpdump}} - name: tcpdump - image: "network-tools-rhel8:v4.10.0-202205022327.p0.gbcfec9c.assembly.stream" + image: "{{ .Values.tcpdumpimage.repository }}:{{ .Values.tcpdumpimage.version }}" + imagePullPolicy: {{ .Values.tcpdumpimage.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.start.tcpdump}} command: - - /bin/sh - - -c - - /usr/sbin/tcpdump -i any port {{ .Values.service.gtpcPort }} or port {{ .Values.service.pfcpPort }} or arp or icmp -C 100 -W 10 -w /pcap/SPGWC_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + - /bin/sh + - -c + - /usr/sbin/tcpdump -i any port {{ .Values.service.gtpcPort }} or port {{ .Values.service.pfcpPort }} or arp or icmp -C 100 -W 10 -w /pcap/{{ .Chart.Name }}_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + {{- else}} + command: + - /bin/sleep + - infinity + {{- end}} + {{- if .Values.persistence.enabled}} volumeMounts: - mountPath: "/pcap" - name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv - {{- end}} + name: cn4g-pv + {{- end}} - name: spgwc image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -51,7 +60,7 @@ spec: name: cfg-vol subPath: spgw_c.json - mountPath: "/var/crash/core" - name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv + name: cn4g-pv {{- if .Values.start.spgwc}} command: - /bin/sh @@ -63,9 +72,11 @@ spec: - infinity {{- end}} volumes: - - name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv + {{- if .Values.persistence.enabled}} + - name: cn4g-pv persistentVolumeClaim: - claimName: {{ .Chart.Name }}-{{ .Values.namespace }}-pvc + claimName: cn4g-pvc + {{- end }} - configMap: name: spgwc-cfg-configmap name: cfg-vol @@ -73,5 +84,11 @@ spec: restartPolicy: Always schedulerName: default-scheduler serviceAccountName: {{ .Values.serviceAccount.name }} - terminationGracePeriodSeconds: 5 + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- if .Values.nodeSelector}} + nodeSelector: {{- toYaml .Values.nodeSelector | nindent 4 }} + {{- end }} + {{- if .Values.nodeName}} + nodeName: {{ .Values.nodeName }} + {{- end }} diff --git a/charts/oai-spgwc/templates/multus.yaml b/charts/oai-spgwc/templates/multus.yaml index 883cae0..cfc0237 100644 --- a/charts/oai-spgwc/templates/multus.yaml +++ b/charts/oai-spgwc/templates/multus.yaml @@ -7,7 +7,7 @@ spec: config: '{ "cniVersion": "0.3.0", "type": "macvlan", - "master": "bond0", + "master": {{- cat .Values.multus.hostInterface | nospace | quote }}, "mode": "bridge", "ipam": { "type": "static", diff --git a/charts/oai-spgwc/templates/rbac.yaml b/charts/oai-spgwc/templates/rbac.yaml index 4c7d8d7..5b8cf74 100644 --- a/charts/oai-spgwc/templates/rbac.yaml +++ b/charts/oai-spgwc/templates/rbac.yaml @@ -1,12 +1,41 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding +#apiVersion: rbac.authorization.k8s.io/v1beta1 +#kind: ClusterRoleBinding +#metadata: +# name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac +#roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: ClusterRole +# name: cluster-admin +#subjects: +#- kind: ServiceAccount +# name: {{ .Values.serviceAccount.name }} +# namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-binding subjects: - kind: ServiceAccount name: {{ .Values.serviceAccount.name }} - namespace: {{ .Values.namespace }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role + apiGroup: rbac.authorization.k8s.io + + diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index c8e4549..95163ab 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -4,15 +4,20 @@ replicaCount: 1 -namespace: "oai4g" - image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai4g/oai-spgwc + repository: oai-spgwc-dev version: oai-oc # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always +tcpdumpimage: + registry: local + repository: network-tools-rhel8 + version: v4.10.0-202205022327.p0.gbcfec9c.assembly.stream + #pullPolicy: IfNotPresent or Never or Always + pullPolicy: IfNotPresent + imagePullSecrets: [] nameOverride: "" @@ -48,6 +53,8 @@ service: start: spgwc: true tcpdump: false + + log: # Leave string empty to disable stdout: " -o " @@ -62,8 +69,8 @@ lte: spgwNetmaskOneIf : "22" sgwS5S8Ip: "127.0.58.2" pgwS5S8Ip: "127.0.58.1" - ueDnsServer: "192.168.18.129" - ueDnsServerSec: "192.168.18.129" + ueDnsServer: "172.21.3.100" + ueDnsServerSec: "172.21.3.100" pushProtocolOption: true dynUeIpv4Range: "192.168.29.2 - 192.168.29.254" associationRetryPeriodMs : "15000" @@ -78,9 +85,14 @@ lte: t3MilliSec: "1000" persistence: - # make it true for the first time when you want to create persistance volume + # make it true for the first time when you want to create persistance volume # and then false enabled: false + volumeName: managed-nfs-storage + size: 1Gi + +multus: + hostInterface: "bond0" # Interface of the host machine on which this pod will be scheduled resources: # We usually recommend not to specify default resources and to leave this as a conscious @@ -99,3 +111,6 @@ nodeSelector: {} tolerations: [] affinity: {} + +nodeName: + diff --git a/charts/oai-spgwu-tiny/templates/deployment.yaml b/charts/oai-spgwu-tiny/templates/deployment.yaml index 090df18..98b1e75 100644 --- a/charts/oai-spgwu-tiny/templates/deployment.yaml +++ b/charts/oai-spgwu-tiny/templates/deployment.yaml @@ -18,7 +18,7 @@ spec: annotations: k8s.v1.cni.cncf.io/networks: >- [{ - "name": "{{ .Chart.Name }}-{{ .Values.lte.instance }}-{{ .Values.namespace }}-net1", + "name": "{{ .Chart.Name }}-{{ .Values.lte.instance }}-net1", "default-route": ["{{ .Values.lte.pgwuSgiGw }}"] }] spec: @@ -29,18 +29,26 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} containers: - {{- if .Values.start.tcpdump }} - name: tcpdump - image: "network-tools-rhel8:v4.10.0-202205022327.p0.gbcfec9c.assembly.stream" + image: "{{ .Values.tcpdumpimage.repository }}:{{ .Values.tcpdumpimage.version }}" + imagePullPolicy: {{ .Values.tcpdumpimage.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.start.tcpdump}} command: - - /bin/sh - - -c - - /usr/sbin/tcpdump -i any -C 100 -W 10 -w /pcap/SPGWU{{ .Values.lte.instance }}_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap - # - /usr/sbin/tcpdump -i any port 2152 or port 8805 or port 5001 or arp or icmp -C 100 -W 10 -w /pcap/SPGWU{{ .Values.lte.instance }}_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + - /bin/sh + - -c + - /usr/sbin/tcpdump -i any -C 100 -W 10 -w /pcap/SPGWU{{ .Values.lte.instance }}_`date +%Y-%m-%d_%H_%M-%S-%Z`.pcap + {{- else}} + command: + - /bin/sleep + - infinity + {{- end}} + {{- if .Values.persistence.enabled}} volumeMounts: - mountPath: "/pcap" - name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv - {{- end }} + name: cn4g-pv + {{- end}} - name: spgwu image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -67,17 +75,16 @@ spec: - /bin/sleep - infinity {{- end}} - #volumeMounts: - #- mountPath: /dev/hugepages - # name: hugepage {{- with .Values.resources }} resources: {{- toYaml . | nindent 10 }} {{- end }} volumes: - - name: {{ .Chart.Name }}-{{ .Values.namespace }}-pv + {{- if .Values.persistence.enabled}} + - name: cn4g-pv persistentVolumeClaim: - claimName: {{ .Chart.Name }}-{{ .Values.namespace }}-pvc + claimName: cn4g-pvc + {{- end }} - configMap: name: spgwu{{ .Values.lte.instance }}-cfg-configmap name: cfg-vol @@ -85,7 +92,10 @@ spec: restartPolicy: Always schedulerName: default-scheduler serviceAccountName: {{ .Values.serviceAccount.name }} - terminationGracePeriodSeconds: 5 - # RT worker - # nodeName: dedale.5glab.nsa.eurecom.fr - + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- if .Values.nodeSelector}} + nodeSelector: {{- toYaml .Values.nodeSelector | nindent 4 }} + {{- end }} + {{- if .Values.nodeName}} + nodeName: {{ .Values.nodeName }} + {{- end }} diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index 9e11be8..1d79d9f 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -2,12 +2,12 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-{{ .Values.lte.instance }}-{{ .Values.namespace }}-net1 + name: {{ .Chart.Name }}-{{ .Values.lte.instance }}--net1 spec: config: '{ "cniVersion": "0.3.0", "type": "macvlan", - "master": "bond0", + "master": {{- cat .Values.multus.hostInterface | nospace | quote }} , "mode": "bridge", "ipam": { "type": "static", diff --git a/charts/oai-spgwu-tiny/templates/rbac.yaml b/charts/oai-spgwu-tiny/templates/rbac.yaml index 40d3299..e6acd8a 100644 --- a/charts/oai-spgwu-tiny/templates/rbac.yaml +++ b/charts/oai-spgwu-tiny/templates/rbac.yaml @@ -1,12 +1,40 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding +#apiVersion: rbac.authorization.k8s.io/v1beta1 +#kind: ClusterRoleBinding +#metadata: +# name: {{ .Chart.Name }}-{{ .Values.lte.instance }}-{{ .Values.namespace }}-rbac +#roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: ClusterRole +# name: cluster-admin +#subjects: +#- kind: ServiceAccount +# name: {{ .Values.serviceAccount.name }} +# namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: {{ .Chart.Name }}-{{ .Values.lte.instance }}-{{ .Values.namespace }}-rbac -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-binding subjects: - kind: ServiceAccount name: {{ .Values.serviceAccount.name }} - namespace: {{ .Values.namespace }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role + apiGroup: rbac.authorization.k8s.io + diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 6dc7bcb..9216244 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -4,15 +4,32 @@ replicaCount: 1 -namespace: "oai4g" - image: registry: local - repository: image-registry.openshift-image-registry.svc:5000/oai4g/oai-spgwu-tiny + repository: oai-spgwu-tiny version: oai-oc # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always +tcpdumpimage: + registry: local + repository: network-tools-rhel8 + version: v4.10.0-202205022327.p0.gbcfec9c.assembly.stream + #pullPolicy: IfNotPresent or Never or Always + pullPolicy: IfNotPresent + + + +persistence: + # make it true for the first time when you want to create persistance volume + # and then false + enabled: true + volumeName: managed-nfs-storage + size: 1Gi + +multus: + hostInterface: "bond0" # Interface of the host machine on which this pod will be scheduled + imagePullSecrets: [] nameOverride: "" @@ -63,7 +80,7 @@ lte: spgwNetmaskOneIf: "22" pgwuSgiGw: "172.21.7.254" netUeIp: "192.168.29.0/24" - pgwcSxIp: "192.168.18.156" + pgwcSxIp: "172.21.6.181" netUeNatOption: "yes" threadsS1uUl: "16" threadsSgiDl: "16" @@ -74,12 +91,6 @@ lte: # standart feature is no, put yes if you want less UL packet delay bypassUlPfcpRules: "yes" -persistence: - # make it true for the first time when you want to create persistance volume - # and then false - enabled: false - - resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -94,3 +105,8 @@ nodeSelector: {} tolerations: [] affinity: {} + +terminationGracePeriodSeconds: 30 + +nodeName: + From f40831ed6734e1b6c5e71d1535791658e55ad7c6 Mon Sep 17 00:00:00 2001 From: arora-sagar Date: Thu, 19 May 2022 18:17:04 +0200 Subject: [PATCH 67/82] updated readme --- charts/README.md | 59 ++++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/charts/README.md b/charts/README.md index cfb8e74..7adfe11 100644 --- a/charts/README.md +++ b/charts/README.md @@ -1,20 +1,13 @@ # Deploy OAI CN with helm charts on Open Shift (Work In Progress) ## Prerequisites -- Assuming you are using Open Shift Server Version: 4.4.10, Kubernetes Version: v1.17.1+9d33dd3 +- Assuming you are using Open Shift Server Version: 4.9.X, Kubernetes Version: v1.17.1+9d33dd3 - Assuming you have installed [helm v3.1.0](https://github.com/helm/helm/releases/tag/v3.1.0) on the cluster node from which you type helm commands. - Assuming you have cloned the [openair-k8s](https://github.com/OPENAIRINTERFACE/openair-k8s) repo on the cluster node from which you type helm commands. - Assuming SCTP protocol is [enabled on the cluster](https://docs.openshift.com/container-platform/4.4/networking/using-sctp.html#nw-sctp-enabling_using-sctp) You can check if SCTP is enabled by running a client/server [basic app](https://docs.openshift.com/container-platform/4.4/networking/using-sctp.html#nw-sctp-verifying_using-sctp) -### Use official cassandra image -Add cassandra helm chart to helm repo: -```bash -helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com -helm repo update -``` - ## Build Network functions images For all network functions (HSS, MME, SPGW-C, SPGW-U) you have to build an image: Please refer to: @@ -23,68 +16,74 @@ Please refer to: 1. SPGW-C: https://github.com/lionelgo/openair-spgwc/tree/multi-spgwu/openshift 1. SPGW-U: https://github.com/lionelgo/openair-spgwu-tiny/tree/multi-spgwu/openshift -On francelab cluster be aware that certificates (/etc/rhsm/ca/redhat-uep.pem) are renewed every month, so you may have to redo the "pki-entitlement" phase every month. +On francelab cluster be aware that certificates (/etc/rhsm/ca/redhat-uep.pem) are renewed every month, so you may have to redo the "pki-entitlement" phase every month +(only required if you want to install some packages inside the image) ## Deploy Cassandra ### Storage class -The envisionned storage for cassandra is nfs (provisioner example.com/nfs), storage class name is "managed-nfs-storage". +The envisionned storage for cassandra is nfs (provisioner example.com/nfs), storage class name is "nfs-client" (on our cluster). -### Security context permissions -To be able to deploy cassandra on oc (step not required on k8s), logged as kubeadmin on oc: -```bash -oc adm policy add-scc-to-user anyuid -z default -# THIS IS THE COMMAND OF THE MONTH! -``` ### Deployment Work is in progress, please follow the described deployment sequence (cassandra, HSS, SPGWC, SPGWU, MME). +``` bash +oc new-project oai4g +``` + Logged as administrator of your namespace on oc (not kubeadmin): ```bash -helm install --set config.endpoint_snitch=GossipingPropertyFileSnitch,persistence.storageClass=managed-nfs-storage cassandra incubator/cassandra +helm install cassandra cassandra/ ``` -This will create 3 pods (namespace is 'oai-cn' here) + +This will create 3 pods (namespace is 'oai4g' here) ```bash -oai-cn cassandra-0 1/1 Running 0 8m39s -oai-cn cassandra-1 1/1 Running 0 7m -oai-cn cassandra-2 1/1 Running 0 5m13s +oai4g cassandra-0 1/1 Running 0 8m39s +oai4g cassandra-1 1/1 Running 0 7m +oai4g cassandra-2 1/1 Running 0 5m13s ``` +Cassandra service name is `cassandra` username is `cassandra` and password `cassandra` + ## Deploy HSS -Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. +Since the deployment uses multus for creating network, your account should have enough permission to create multus objects ```bash K8S_DIR="/path-to-your-openair-k8s-cloned-dir" -helm install hss $K8S_DIR/charts/oai-hss +helm install oai-hss $K8S_DIR/charts/oai-hss ``` ## Deploy SPGW-C -Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. +Since the deployment uses multus for creating network, your account should have enough permission to create multus objects ```bash K8S_DIR="/path-to-your-openair-k8s-cloned-dir" -helm install spgwc $K8S_DIR/charts/oai-spgwc --set start.tcpdump="true" +helm install oai-spgwc $K8S_DIR/charts/oai-spgwc ``` + ## Deploy MME -Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. +Since the deployment uses multus for creating network, your account should have enough permission to create multus objects ```bash K8S_DIR="/path-to-your-openair-k8s-cloned-dir" -helm install mme $K8S_DIR/charts/magma-oai-mme --set start.tcpdump="true" +helm install magma-mme $K8S_DIR/charts/magma-oai-mme ``` ## Deploy SPGW-U -Idem: Since the deployment uses multus for creating networks, the cluster role 'cluster-admin' is required, so you have to log on oc with a user having this role. +Since the deployment uses multus for creating network, your account should have enough permission to create multus objects ```bash K8S_DIR="/path-to-your-openair-k8s-cloned-dir" -helm install spgwu1 $K8S_DIR/charts/oai-spgwu-tiny --set serviceAccount.name="oai-spgwu1-tiny-sa" --set lte.instance="0" --set lte.fqdn="gwu1.spgw.node.epc.mnc099.mcc208.3gppnetwork.org" --set lte.spgwIpOneIf="192.168.18.151" --set lte.netUeIp="192.168.21.0/24" --set start.tcpdump="false" +helm install oai-spgwu-tiny $K8S_DIR/charts/oai-spgwu-tiny --set serviceAccount.name="oai-spgwu1-tiny-sa" --set lte.instance="0" --set lte.fqdn="gwu1.spgw.node.epc.mnc099.mcc208.3gppnetwork.org" --set lte.spgwIpOneIf="192.168.18.151" --set lte.netUeIp="192.168.21.0/24" ``` ## Un-deploy NFs Upon your needs: ``` -helm uninstall mme spgwc spgwu1 +helm uninstall magma-mme oai-spgwc oai-spgwu-tiny ``` +When un-deploy cassandra the helm charts don't really remove cassandra pvc so you need to manually remove it + +oc delete pvc cassandra-0 cassandra-1 cassandra-2 From 4e861516241b70c8c476bd5bd8bf818d94e56b03 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Fri, 20 May 2022 11:57:50 +0200 Subject: [PATCH 68/82] Fixing hss image tag, cassandra keyspace - WIP Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-hss/Chart.yaml | 2 +- charts/oai-hss/templates/cassandra-oai-db.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/oai-hss/Chart.yaml b/charts/oai-hss/Chart.yaml index c92729d..37126eb 100644 --- a/charts/oai-hss/Chart.yaml +++ b/charts/oai-hss/Chart.yaml @@ -20,7 +20,7 @@ version: 1.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: oc-1.0.0 +appVersion: develop keywords: - Core Network diff --git a/charts/oai-hss/templates/cassandra-oai-db.yaml b/charts/oai-hss/templates/cassandra-oai-db.yaml index ec8cdf7..1ab69de 100644 --- a/charts/oai-hss/templates/cassandra-oai-db.yaml +++ b/charts/oai-hss/templates/cassandra-oai-db.yaml @@ -4,7 +4,7 @@ metadata: name: oai-db data: oai_db.cql: | - CREATE KEYSPACE IF NOT EXISTS vhss WITH replication = {'class': 'NetworkTopologyStrategy', 'DC1': '1'}; + CREATE KEYSPACE IF NOT EXISTS vhss WITH replication = {'class': 'NetworkTopologyStrategy', 'replication_factor':3}; CREATE TABLE IF NOT EXISTS vhss.users_imsi ( imsi text PRIMARY KEY, access_restriction int, From f827f3d08877eef122b70629651b5d229a0f0f44 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Fri, 20 May 2022 12:46:30 +0200 Subject: [PATCH 69/82] hss image version from values, not chart App version Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-hss/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/oai-hss/templates/deployment.yaml b/charts/oai-hss/templates/deployment.yaml index 672421b..8e595dd 100644 --- a/charts/oai-hss/templates/deployment.yaml +++ b/charts/oai-hss/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: name: db-schema containers: - name: hss - image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} From c0171d8008a7bb873903eb34f386d45fba44e54a Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 25 May 2022 15:18:06 +0200 Subject: [PATCH 70/82] HSS starting Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-hss/templates/cassandra-oai-db.yaml | 2 +- charts/oai-hss/templates/deployment.yaml | 12 +++++++++++- charts/oai-hss/values.yaml | 12 ++++++------ 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/charts/oai-hss/templates/cassandra-oai-db.yaml b/charts/oai-hss/templates/cassandra-oai-db.yaml index 1ab69de..f8b006d 100644 --- a/charts/oai-hss/templates/cassandra-oai-db.yaml +++ b/charts/oai-hss/templates/cassandra-oai-db.yaml @@ -4,7 +4,7 @@ metadata: name: oai-db data: oai_db.cql: | - CREATE KEYSPACE IF NOT EXISTS vhss WITH replication = {'class': 'NetworkTopologyStrategy', 'replication_factor':3}; + CREATE KEYSPACE IF NOT EXISTS vhss WITH replication = {'class': 'SimpleStrategy', 'replication_factor':3}; CREATE TABLE IF NOT EXISTS vhss.users_imsi ( imsi text PRIMARY KEY, access_restriction int, diff --git a/charts/oai-hss/templates/deployment.yaml b/charts/oai-hss/templates/deployment.yaml index 8e595dd..12d9e15 100644 --- a/charts/oai-hss/templates/deployment.yaml +++ b/charts/oai-hss/templates/deployment.yaml @@ -30,7 +30,7 @@ spec: command: - sh - -c - - cqlsh cassandra -u cassandra -p cassandra --file /root/oai_db.cql + - cqlsh cassandra --file /root/oai_db.cql volumeMounts: - mountPath: /root name: db-schema @@ -108,6 +108,16 @@ spec: configMapKeyRef: name: {{ .Chart.Name }}-configmap key: numSubscribers + - name: CASS_LOGIN + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: dbUser + - name: CASS_PASSWORD + valueFrom: + configMapKeyRef: + name: {{ .Chart.Name }}-configmap + key: dbPassword - name: tcpdump image: "{{ .Values.tcpdumpimage.repository }}:{{ .Values.tcpdumpimage.version }}" imagePullPolicy: {{ .Values.tcpdumpimage.pullPolicy }} diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index ce41ee7..b09ddf6 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -20,8 +20,8 @@ tcpdumpimage: cassandra: registry: local - repository: bitnami/cassandra - version: 4.0.3-debian-10-r68 + repository: docker.io/cassandra + version: 3.11.6 #pullPolicy: IfNotPresent or Never or Always pullPolicy: IfNotPresent url: cassandra @@ -83,16 +83,16 @@ service: # Assume cassandra pod name is cassandra lte: prefix: "/openair-hss/etc" - realm: "oai.svc.cluster.local" - dbFqdn: "cassandra-0.cassandra.oai.svc.cluster.local" - identity: "oai-hss.oai.svc.cluster.local" + realm: "oai4g.svc.cluster.local" + dbFqdn: "cassandra" + identity: "oai-hss.oai4g.svc.cluster.local" opKey: "1006020f0a478bf6b699f15c062e42b3" roaming: "true" apn1: "oai.ipv4" apn2: "internet" lteK: "8baf473f2f8fd09487cccbd7097c6862" imsi: "311480100001101" - numSubscribers: "1000" + numSubscribers: "50" dbName: "vhss" dbUser: "cassandra" dbPassword: "cassandra" From 0bfbede819e38d3bc14916ed36d2257b7d1ff07e Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 25 May 2022 15:41:12 +0200 Subject: [PATCH 71/82] realms update Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/magma-oai-mme/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/magma-oai-mme/values.yaml b/charts/magma-oai-mme/values.yaml index bb347d7..4a074ea 100644 --- a/charts/magma-oai-mme/values.yaml +++ b/charts/magma-oai-mme/values.yaml @@ -52,8 +52,8 @@ securityContext: persistence: # make it true for the first time when you want to create persistance volume # and then false - enabled: false - volumeName: managed-nfs-storage + enabled: true + volumeName: nfs-client size: 1Gi @@ -79,10 +79,10 @@ mmeConf: # contains etc, bin subdirs # May be not always same as magma_root prefix: /magma - domainName: "svc.cluster.local" + domainName: "oai4g.svc.cluster.local" fdMmeHostname: "magma-oai-mme" fdHssHostname: "oai-hss" - hssDomainName: "oai.svc.cluster.local" + hssDomainName: "oai4g.svc.cluster.local" useStateless: "true" useHa: "false" enableGtpuPrivateIpCorrection: "false" From 8d47e1810fb9796b91c1bb874ca68e831fa3532c Mon Sep 17 00:00:00 2001 From: arora-sagar Date: Wed, 25 May 2022 16:11:34 +0200 Subject: [PATCH 72/82] fixed the persistent volume section --- charts/cassandra/.helmignore | 6 +- charts/cassandra/Chart.lock | 6 - charts/cassandra/Chart.yaml | 39 +- charts/cassandra/README.md | 587 ++++------- charts/cassandra/charts/common-1.14.0.tgz | Bin 14386 -> 0 bytes .../cassandra/sample/create-storage-gce.yaml | 7 + charts/cassandra/templates/NOTES.txt | 106 +- charts/cassandra/templates/_helpers.tpl | 251 +---- .../cassandra/templates/backup/cronjob.yaml | 90 ++ charts/cassandra/templates/backup/rbac.yaml | 50 + .../cassandra/templates/cassandra-secret.yaml | 40 - charts/cassandra/templates/configmap.yaml | 14 + charts/cassandra/templates/extra-list.yaml | 4 - charts/cassandra/templates/headless-svc.yaml | 35 - charts/cassandra/templates/networkpolicy.yaml | 43 - charts/cassandra/templates/pdb.yaml | 32 +- charts/cassandra/templates/rbac.yaml | 28 +- charts/cassandra/templates/service.yaml | 79 +- .../cassandra/templates/serviceaccount.yaml | 19 - .../cassandra/templates/servicemonitor.yaml | 51 +- charts/cassandra/templates/statefulset.yaml | 742 ++++---------- charts/cassandra/templates/tls-secret.yaml | 25 - charts/cassandra/values.yaml | 953 ++++-------------- .../magma-oai-mme/templates/deployment.yaml | 7 +- charts/magma-oai-mme/values.yaml | 3 +- charts/oai-hss/templates/pvc.yaml | 5 +- charts/oai-hss/values.yaml | 4 +- charts/oai-spgwc/templates/deployment.yaml | 3 +- charts/oai-spgwc/templates/multus.yaml | 2 +- charts/oai-spgwc/templates/rbac.yaml | 12 - charts/oai-spgwc/values.yaml | 9 +- charts/oai-spgwu-tiny/templates/multus.yaml | 2 +- charts/oai-spgwu-tiny/values.yaml | 2 +- 33 files changed, 920 insertions(+), 2336 deletions(-) delete mode 100644 charts/cassandra/Chart.lock delete mode 100644 charts/cassandra/charts/common-1.14.0.tgz create mode 100644 charts/cassandra/sample/create-storage-gce.yaml create mode 100644 charts/cassandra/templates/backup/cronjob.yaml create mode 100644 charts/cassandra/templates/backup/rbac.yaml delete mode 100644 charts/cassandra/templates/cassandra-secret.yaml create mode 100644 charts/cassandra/templates/configmap.yaml delete mode 100644 charts/cassandra/templates/extra-list.yaml delete mode 100644 charts/cassandra/templates/headless-svc.yaml delete mode 100644 charts/cassandra/templates/networkpolicy.yaml delete mode 100644 charts/cassandra/templates/serviceaccount.yaml delete mode 100644 charts/cassandra/templates/tls-secret.yaml diff --git a/charts/cassandra/.helmignore b/charts/cassandra/.helmignore index f0c1319..5e03def 100644 --- a/charts/cassandra/.helmignore +++ b/charts/cassandra/.helmignore @@ -5,11 +5,6 @@ # Common VCS dirs .git/ .gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ # Common backup files *.swp *.bak @@ -19,3 +14,4 @@ .project .idea/ *.tmproj +OWNERS diff --git a/charts/cassandra/Chart.lock b/charts/cassandra/Chart.lock deleted file mode 100644 index 703051d..0000000 --- a/charts/cassandra/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.14.0 -digest: sha256:965d4465e4039d36637175307a8edfc13a53414d3bb698c0d26c8acc1cf3ec3d -generated: "2022-05-19T17:06:29.542872245+02:00" diff --git a/charts/cassandra/Chart.yaml b/charts/cassandra/Chart.yaml index 7f4144d..4e6122b 100644 --- a/charts/cassandra/Chart.yaml +++ b/charts/cassandra/Chart.yaml @@ -1,26 +1,15 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 4.0.3 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Apache Cassandra is an open source distributed database management system designed to handle large amounts of data across many servers, providing high availability with no single point of failure. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/cassandra -icon: https://bitnami.com/assets/stacks/cassandra/img/cassandra-stack-220x234.png -keywords: - - cassandra - - database - - nosql -maintainers: - - email: containers@bitnami.com - name: Bitnami +apiVersion: v1 name: cassandra -sources: - - https://github.com/bitnami/bitnami-docker-cassandra - - http://cassandra.apache.org -version: 9.1.21 +version: 0.15.4 +appVersion: 3.11.6 +description: DEPRECATED Apache Cassandra is a free and open-source distributed database management + system designed to handle large amounts of data across many commodity servers, providing + high availability with no single point of failure. +icon: https://upload.wikimedia.org/wikipedia/commons/thumb/5/5e/Cassandra_logo.svg/330px-Cassandra_logo.svg.png +keywords: +- cassandra +- database +- nosql +home: http://cassandra.apache.org +deprecated: false +engine: gotpl diff --git a/charts/cassandra/README.md b/charts/cassandra/README.md index 29fff88..cabb65a 100644 --- a/charts/cassandra/README.md +++ b/charts/cassandra/README.md @@ -1,454 +1,227 @@ - +# ⚠️ Repo Archive Notice -# Apache Cassandra packaged by Bitnami +As of Nov 13, 2020, charts in this repo will no longer be updated. +For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). -Apache Cassandra is an open source distributed database management system designed to handle large amounts of data across many servers, providing high availability with no single point of failure. +# Cassandra +A Cassandra Chart for Kubernetes -[Overview of Apache Cassandra](http://cassandra.apache.org/) +## DEPRECATION NOTICE -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR +This chart is deprecated and no longer supported. -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/cassandra -``` - -## Introduction - -This chart bootstraps an [Apache Cassandra](https://github.com/bitnami/bitnami-docker-cassandra) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites +## Install Chart +To install the Cassandra Chart into your Kubernetes cluster (This Chart requires persistent volume by default, you may need to create a storage class before install chart. To create storage class, see [Persist data](#persist_data) section) -- Kubernetes 1.19+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/cassandra +```bash +helm install --namespace "cassandra" -n "cassandra" incubator/cassandra ``` -These commands deploy one node with Apache Cassandra on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. +After installation succeeds, you can get a status of Chart -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` release: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `commonLabels` | Labels to add to all deployed objects (sub-charts are not considered) | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### Cassandra parameters - -| Name | Description | Value | -| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | Cassandra image registry | `docker.io` | -| `image.repository` | Cassandra image repository | `bitnami/cassandra` | -| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.0.3-debian-10-r59` | -| `image.pullPolicy` | image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Cassandra image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `dbUser.user` | Cassandra admin user | `cassandra` | -| `dbUser.forcePassword` | Force the user to provide a non | `false` | -| `dbUser.password` | Password for `dbUser.user`. Randomly generated if empty | `""` | -| `dbUser.existingSecret` | Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`) | `""` | -| `initDBConfigMap` | ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data | `""` | -| `initDBSecret` | Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data | `""` | -| `existingConfiguration` | ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart | `""` | -| `cluster.name` | Cassandra cluster name | `cassandra` | -| `cluster.seedCount` | Number of seed nodes | `1` | -| `cluster.numTokens` | Number of tokens for each node | `256` | -| `cluster.datacenter` | Datacenter name | `dc1` | -| `cluster.rack` | Rack name | `rack1` | -| `cluster.endpointSnitch` | Endpoint Snitch | `SimpleSnitch` | -| `cluster.internodeEncryption` | DEPRECATED: use tls.internode and tls.client instead. Encryption values. | `none` | -| `cluster.clientEncryption` | Client Encryption | `false` | -| `cluster.extraSeeds` | For an external/second cassandra ring. | `[]` | -| `cluster.enableUDF` | Enable User defined functions | `false` | -| `jvm.extraOpts` | Set the value for Java Virtual Machine extra options | `""` | -| `jvm.maxHeapSize` | Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` | `""` | -| `jvm.newHeapSize` | Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil` | `""` | -| `command` | Command for running the container (set to default if not set). Use array form | `[]` | -| `args` | Args for running the container (set to default if not set). Use array form | `[]` | -| `extraEnvVars` | Extra environment variables to be set on cassandra container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | - - -### Statefulset parameters - -| Name | Description | Value | -| --------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- | -| `replicaCount` | Number of Cassandra replicas | `1` | -| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` | -| `priorityClassName` | Cassandra pods' priority. | `""` | -| `podAnnotations` | Additional pod annotations | `{}` | -| `podLabels` | Additional pod labels | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set Cassandra container's Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Force the container to be run as non root | `true` | -| `resources.limits` | The resources limits for Cassandra containers | `{}` | -| `resources.requests` | The requested resources for Cassandra containers | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `lifecycleHooks` | Override default etcd container hooks | `{}` | -| `schedulerName` | Alternative scheduler | `""` | -| `extraVolumes` | Optionally specify extra list of additional volumes for cassandra container | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra container | `[]` | -| `initContainers` | Add additional init containers to the cassandra pods | `[]` | -| `sidecars` | Add additional sidecar containers to the cassandra pods | `[]` | -| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `pdb.minAvailable` | Mininimum number of pods that must still be available after the eviction | `1` | -| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | -| `hostNetwork` | Enable HOST Network | `false` | -| `containerPorts.intra` | Intra Port on the Host and Container | `7000` | -| `containerPorts.tls` | TLS Port on the Host and Container | `7001` | -| `containerPorts.jmx` | JMX Port on the Host and Container | `7199` | -| `containerPorts.cql` | CQL Port on the Host and Container | `9042` | - - -### RBAC parameters - -| Name | Description | Value | -| --------------------------------------------- | ---------------------------------------------------------- | ------ | -| `serviceAccount.create` | Enable the creation of a ServiceAccount for Cassandra pods | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.annotations` | Annotations for Cassandra Service Account | `{}` | -| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `true` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | ----------------------------------------------------------------------------- | ----------- | -| `service.type` | Cassandra service type | `ClusterIP` | -| `service.ports.cql` | Cassandra service CQL Port | `9042` | -| `service.ports.metrics` | Cassandra service metrics port | `8080` | -| `service.nodePorts.cql` | Node port for CQL | `""` | -| `service.nodePorts.metrics` | Node port for metrics | `""` | -| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | -| `service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | -| `service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | -| `service.clusterIP` | Service Cluster IP | `""` | -| `service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | -| `service.annotations` | Provide any additional annotations which may be required. | `{}` | -| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | - - -### Persistence parameters - -| Name | Description | Value | -| -------------------------------- | -------------------------------------------------------------------------------------------------- | -------------------- | -| `persistence.enabled` | Enable Cassandra data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir | `true` | -| `persistence.storageClass` | PVC Storage Class for Cassandra data volume | `""` | -| `persistence.commitStorageClass` | PVC Storage Class for Cassandra Commit Log volume | `""` | -| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `persistence.accessModes` | Persistent Volume Access Mode | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for Cassandra data volume | `8Gi` | -| `persistence.mountPath` | The path the data volume will be mounted at | `/bitnami/cassandra` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | -| `volumePermissions.image.registry` | Init container volume | `docker.io` | -| `volumePermissions.image.repository` | Init container volume | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume | `10-debian-10-r400` | -| `volumePermissions.image.pullPolicy` | Init container volume | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | - - -### Metrics parameters - -| Name | Description | Value | -| ------------------------------------------ | ------------------------------------------------------------------------------------------------------ | ---------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Cassandra exporter image registry | `docker.io` | -| `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` | -| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-10-r23` | -| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources.limits` | The resources limits for the container | `{}` | -| `metrics.resources.requests` | The requested resources for the container | `{}` | -| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | -| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` | -| `metrics.containerPorts.http` | HTTP Port on the Host and Container | `8080` | -| `metrics.containerPorts.jmx` | JMX Port on the Host and Container | `5555` | - - -### TLS/SSL parameters - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------- | ------- | -| `tls.internodeEncryption` | Set internode encryption | `none` | -| `tls.clientEncryption` | Set client-server encryption | `false` | -| `tls.autoGenerated` | Generate automatically self-signed TLS certificates. Currently only supports PEM certificates | `false` | -| `tls.existingSecret` | Existing secret that contains Cassandra Keystore and truststore | `""` | -| `tls.passwordsSecret` | Secret containing the Keystore and Truststore passwords if needed | `""` | -| `tls.keystorePassword` | Password for the keystore, if needed. | `""` | -| `tls.truststorePassword` | Password for the truststore, if needed. | `""` | -| `tls.resources.limits` | The resources limits for the TLS init container | `{}` | -| `tls.resources.requests` | The requested resources for the TLS init container | `{}` | -| `tls.certificatesSecret` | Secret with the TLS certificates. | `""` | -| `tls.tlsEncryptionSecretName` | Secret with the encryption of the TLS certificates | `""` | - - -The above parameters map to the env variables defined in [bitnami/cassandra](https://github.com/bitnami/bitnami-docker-cassandra). For more information please refer to the [bitnami/cassandra](https://github.com/bitnami/bitnami-docker-cassandra) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install my-release \ - --set dbUser.user=admin,dbUser.password=password \ - bitnami/cassandra +```bash +helm status "cassandra" ``` -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml bitnami/cassandra +If you want to delete your Chart, use this command +```bash +helm delete --purge "cassandra" ``` -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Enable TLS - -This chart supports TLS between client and server and between nodes, as explained below: - -* For internode cluster encryption, set the `tls.internodeEncryption` chart parameter to a value different from `none`. Available values are `all`, `dc` or `rack`. -* For client-server encryption, set the `tls.clientEncryption` chart parameter to `true`. - -In both cases, it is also necessary to create a secret containing the keystore and truststore certificates and their corresponding protection passwords. This secret is to be passed to the chart via the `tls.existingSecret` parameter at deployment-time. - -Refer to the chart documentation for more [information on creating the secret and a TLS deployment example](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/administration/enable-tls/). - -### Use a custom configuration file - -This chart also supports mounting custom configuration file(s) for Apache Cassandra. This is achieved by setting the `existingConfiguration` parameter with the name of a ConfigMap that includes the custom configuration file(s). - -> NOTE: This ConfigMap will override other Apache Cassandra configuration variables set in the chart. - -Refer to the chart documentation for more [information on customizing an Apache Cassandra deployment](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/configuration/customize-new-instance/). - -### Initialize the database - -The [Bitnami Apache Cassandra image](https://github.com/bitnami/bitnami-docker-cassandra) image supports the use of custom scripts to initialize a fresh instance. This may be done by creating a Kubernetes ConfigMap that includes the necessary *sh* or *cql* scripts and passing this ConfigMap to the chart via the *initDBConfigMap* parameter. - -Refer to the chart documentation for more [information on customizing an Apache Cassandra deployment](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/configuration/customize-new-instance/). - -### Set pod affinity - -This chart allows you to set custom pod affinity using the `XXX.affinity` parameter(s). Find more information about pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami Apache Cassandra](https://github.com/bitnami/bitnami-docker-cassandra) image stores the Apache Cassandra data at the `/bitnami/cassandra` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -### Adjust permissions of persistent volume mountpoint - -As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. There are two approaches to achieve this: - -* Use Kubernetes SecurityContexts by setting the `podSecurityContext.enabled` and `containerSecurityContext.enabled` to `true`. This option is enabled by default in the chart. However, this feature does not work in all Kubernetes distributions. -* Use an init container to change the ownership of the volume before mounting it in the final destination. Enable this container by setting the `volumePermissions.enabled` parameter to `true`. - -## Backup and restore - -Refer to our detailed tutorial on [backing up and restoring Bitnami Apache Cassandra deployments on Kubernetes](https://docs.bitnami.com/tutorials/backup-restore-data-cassandra-kubernetes/). - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - ## Upgrading -It's necessary to set the `dbUser.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password and run the command below to upgrade your chart: +To upgrade your Cassandra release, simply run ```bash -$ helm upgrade my-release bitnami/cassandra --set dbUser.password=[PASSWORD] +helm upgrade "cassandra" incubator/cassandra ``` -| Note: you need to substitute the placeholder _[PASSWORD]_ with the value obtained in the installation notes. +### 0.12.0 -### To 9.0.0 -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. +This version fixes https://github.com/helm/charts/issues/7803 by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable. -Affected values: +Until this version, in order to upgrade, you have to delete the Cassandra StatefulSet before upgrading: +```bash +$ kubectl delete statefulset --cascade=false my-cassandra-release +``` -- `serviceMonitor.labels` renamed as `serviceMonitor.selector`. -- `service.port` renamed as `service.ports.cql`. -- `service.metricsPort` renamed as `service.ports.metrics`. -- `service.nodePort` renamed as `service.nodePorts.cql`. -- `updateStrategy` changed from String type (previously default to 'rollingUpdate') to Object type, allowing users to configure other updateStrategy parameters, similar to other charts. -- Removed value `rollingUpdatePartition`, now configured using `updateStrategy` setting `updateStrategy.rollingUpdate.partition`. -### To 8.0.0 +## Persist data +You need to create `StorageClass` before able to persist data in persistent volume. +To create a `StorageClass` on Google Cloud, run the following -Cassandra's version was bumped to `4.0`, [the new major](https://cassandra.apache.org/_/blog/Apache-Cassandra-4.0-is-Here.html) considered LTS. Among other features, this release removes support for [Thrift](https://issues.apache.org/jira/browse/CASSANDRA-11115), which means that the following properties of the chart will no longer be available: +```bash +kubectl create -f sample/create-storage-gce.yaml +``` - - `cluster.enableRPC` - - `service.thriftPort` - - `service.nodePorts.thrift` - - `containerPorts.thrift` +And set the following values in `values.yaml` -For this version, there have been [intensive efforts](https://cwiki.apache.org/confluence/display/CASSANDRA/4.0+Quality%3A+Components+and+Test+Plans) from Apache to ensure that a safe cluster upgrade can be performed. Nevertheless, a backup creation prior to undergoing the upgrade process is recommended. Please, refer to the [official guide](https://cassandra.apache.org/doc/latest/operating/backups.html#snapshots) for further information. +```yaml +persistence: + enabled: true +``` -### To 7.0.0 +If you want to create a `StorageClass` on other platform, please see documentation here [https://kubernetes.io/docs/user-guide/persistent-volumes/](https://kubernetes.io/docs/user-guide/persistent-volumes/) -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. +When running a cluster without persistence, the termination of a pod will first initiate a decommissioning of that pod. +Depending on the amount of data stored inside the cluster this may take a while. In order to complete a graceful +termination, pods need to get more time for it. Set the following values in `values.yaml`: -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/cassandra/administration/upgrade-helm3/). +```yaml +podSettings: + terminationGracePeriodSeconds: 1800 +``` -### To 6.0.0 +## Install Chart with specific cluster size +By default, this Chart will create a cassandra with 3 nodes. If you want to change the cluster size during installation, you can use `--set config.cluster_size={value}` argument. Or edit `values.yaml` -- Several parameters were renamed or disappeared in favor of new ones on this major version: - - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. - - Parameters prefixed with `statefulset.` were renamed removing the prefix. E.g. `statefulset.rollingUpdatePartition` -> renamed to `rollingUpdatePartition`. - - `cluster.replicaCount` is renamed to `replicaCount`. - - `cluster.domain` is renamed to `clusterDomain`. -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. +For example: +Set cluster size to 5 -Consequences: +```bash +helm install --namespace "cassandra" -n "cassandra" --set config.cluster_size=5 incubator/cassandra/ +``` -- Backwards compatibility is not guaranteed. To upgrade to `6.0.0`, install a new release of the Cassandra chart, and migrate the data from your previous release. To do so, create an snapshot of the database, and restore it on the new database. Check [this guide](https://cassandra.apache.org/doc/latest/operating/backups.html#snapshots) for more information. +## Install Chart with specific resource size +By default, this Chart will create a cassandra with CPU 2 vCPU and 4Gi of memory which is suitable for development environment. +If you want to use this Chart for production, I would recommend to update the CPU to 4 vCPU and 16Gi. Also increase size of `max_heap_size` and `heap_new_size`. +To update the settings, edit `values.yaml` -### To 5.4.0 +## Install Chart with specific node +Sometime you may need to deploy your cassandra to specific nodes to allocate resources. You can use node selector by edit `nodes.enabled=true` in `values.yaml` +For example, you have 6 vms in node pools and you want to deploy cassandra to node which labeled as `cloud.google.com/gke-nodepool: pool-db` -The `minimumAvailable` option has been renamed to `minAvailable` for consistency with other charts. This is not a breaking change as `minimumAvailable` never worked before because of an error in chart templates. +Set the following values in `values.yaml` -### To 5.0.0 +```yaml +nodes: + enabled: true + selector: + nodeSelector: + cloud.google.com/gke-nodepool: pool-db +``` -An issue in StatefulSet manifest of the 4.x chart series rendered chart upgrades to be broken. The 5.0.0 series fixes this issue. To upgrade to the 5.x series you need to manually delete the Cassandra StatefulSet before executing the `helm upgrade` command. +## Configuration + +The following table lists the configurable parameters of the Cassandra chart and their default values. + +| Parameter | Description | Default | +| ----------------------- | --------------------------------------------- | ---------------------------------------------------------- | +| `image.repo` | `cassandra` image repository | `cassandra` | +| `image.tag` | `cassandra` image tag | `3.11.5` | +| `image.pullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `nil` | +| `config.cluster_domain` | The name of the cluster domain. | `cluster.local` | +| `config.cluster_name` | The name of the cluster. | `cassandra` | +| `config.cluster_size` | The number of nodes in the cluster. | `3` | +| `config.seed_size` | The number of seed nodes used to bootstrap new clients joining the cluster. | `2` | +| `config.seeds` | The comma-separated list of seed nodes. | Automatically generated according to `.Release.Name` and `config.seed_size` | +| `config.num_tokens` | Initdb Arguments | `256` | +| `config.dc_name` | Initdb Arguments | `DC1` | +| `config.rack_name` | Initdb Arguments | `RAC1` | +| `config.endpoint_snitch` | Initdb Arguments | `SimpleSnitch` | +| `config.max_heap_size` | Initdb Arguments | `2048M` | +| `config.heap_new_size` | Initdb Arguments | `512M` | +| `config.ports.cql` | Initdb Arguments | `9042` | +| `config.ports.thrift` | Initdb Arguments | `9160` | +| `config.ports.agent` | The port of the JVM Agent (if any) | `nil` | +| `config.start_rpc` | Initdb Arguments | `false` | +| `configOverrides` | Overrides config files in /etc/cassandra dir | `{}` | +| `commandOverrides` | Overrides default docker command | `[]` | +| `argsOverrides` | Overrides default docker args | `[]` | +| `env` | Custom env variables | `{}` | +| `schedulerName` | Name of k8s scheduler (other than the default) | `nil` | +| `persistence.enabled` | Use a PVC to persist data | `true` | +| `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) | +| `persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` | +| `persistence.size` | Size of data volume | `10Gi` | +| `resources` | CPU/Memory resource requests/limits | Memory: `4Gi`, CPU: `2` | +| `service.type` | k8s service type exposing ports, e.g. `NodePort`| `ClusterIP` | +| `service.annotations` | Annotations to apply to cassandra service | `""` | +| `podManagementPolicy` | podManagementPolicy of the StatefulSet | `OrderedReady` | +| `podDisruptionBudget` | Pod distruption budget | `{}` | +| `podAnnotations` | pod annotations for the StatefulSet | `{}` | +| `updateStrategy.type` | UpdateStrategy of the StatefulSet | `OnDelete` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `90` | +| `livenessProbe.periodSeconds` | How often to perform the probe | `30` | +| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `90` | +| `readinessProbe.periodSeconds` | How often to perform the probe | `30` | +| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `readinessProbe.address` | Address to use for checking node has joined the cluster and is ready. | `${POD_IP}` | +| `rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use | | +| `backup.enabled` | Enable backup on chart installation | `false` | +| `backup.schedule` | Keyspaces to backup, each with cron time | | +| `backup.annotations` | Backup pod annotations | iam.amazonaws.com/role: `cain` | +| `backup.image.repository` | Backup image repository | `maorfr/cain` | +| `backup.image.tag` | Backup image tag | `0.6.0` | +| `backup.extraArgs` | Additional arguments for cain | `[]` | +| `backup.env` | Backup environment variables | AWS_REGION: `us-east-1` | +| `backup.resources` | Backup CPU/Memory resource requests/limits | Memory: `1Gi`, CPU: `1` | +| `backup.destination` | Destination to store backup artifacts | `s3://bucket/cassandra` | +| `backup.google.serviceAccountSecret` | Secret containing credentials if GCS is used as destination | | +| `exporter.enabled` | Enable Cassandra exporter | `false` | +| `exporter.servicemonitor.enabled` | Enable ServiceMonitor for exporter | `true` | +| `exporter.servicemonitor.additionalLabels`| Additional labels for Service Monitor | `{}` | +| `exporter.image.repo` | Exporter image repository | `criteord/cassandra_exporter` | +| `exporter.image.tag` | Exporter image tag | `2.0.2` | +| `exporter.port` | Exporter port | `5556` | +| `exporter.jvmOpts` | Exporter additional JVM options | | +| `exporter.resources` | Exporter CPU/Memory resource requests/limits | `{}` | +| `extraContainers` | Sidecar containers for the pods | `[]` | +| `extraVolumes` | Additional volumes for the pods | `[]` | +| `extraVolumeMounts` | Extra volume mounts for the pods | `[]` | +| `affinity` | Kubernetes node affinity | `{}` | +| `tolerations` | Kubernetes node tolerations | `[]` | + + +## Scale cassandra +When you want to change the cluster size of your cassandra, you can use the helm upgrade command. ```bash -kubectl delete sts -l release= -helm upgrade ... +helm upgrade --set config.cluster_size=5 cassandra incubator/cassandra ``` -### To 4.0.0 - -This release changes uses Bitnami Cassandra container `3.11.4-debian-9-r188`, based on Bash. - -### To 2.0.0 - -This release make it possible to specify custom initialization scripts in both cql and sh files. - -#### Breaking changes +## Get cassandra status +You can get your cassandra cluster status by running the command -- `startupCQL` has been removed. Instead, for initializing the database, see [this section](#initializing-the-database). +```bash +kubectl exec -it --namespace cassandra $(kubectl get pods --namespace cassandra -l app=cassandra-cassandra -o jsonpath='{.items[0].metadata.name}') nodetool status +``` -## License +Output +```bash +Datacenter: asia-east1 +====================== +Status=Up/Down +|/ State=Normal/Leaving/Joining/Moving +-- Address Load Tokens Owns (effective) Host ID Rack +UN 10.8.1.11 108.45 KiB 256 66.1% 410cc9da-8993-4dc2-9026-1dd381874c54 a +UN 10.8.4.12 84.08 KiB 256 68.7% 96e159e1-ef94-406e-a0be-e58fbd32a830 c +UN 10.8.3.6 103.07 KiB 256 65.2% 1a42b953-8728-4139-b070-b855b8fff326 b +``` -Copyright © 2022 Bitnami +## Benchmark +You can use [cassandra-stress](https://docs.datastax.com/en/cassandra/3.0/cassandra/tools/toolsCStress.html) tool to run the benchmark on the cluster by the following command -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at +```bash +kubectl exec -it --namespace cassandra $(kubectl get pods --namespace cassandra -l app=cassandra-cassandra -o jsonpath='{.items[0].metadata.name}') cassandra-stress +``` - http://www.apache.org/licenses/LICENSE-2.0 +Example of `cassandra-stress` argument + - Run both read and write with ration 9:1 + - Operator total 1 million keys with uniform distribution + - Use QUORUM for read/write + - Generate 50 threads + - Generate result in graph + - Use NetworkTopologyStrategy with replica factor 2 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +```bash +cassandra-stress mixed ratio\(write=1,read=9\) n=1000000 cl=QUORUM -pop dist=UNIFORM\(1..1000000\) -mode native cql3 -rate threads=50 -log file=~/mixed_autorate_r9w1_1M.log -graph file=test2.html title=test revision=test2 -schema "replication(strategy=NetworkTopologyStrategy, factor=2)" +``` diff --git a/charts/cassandra/charts/common-1.14.0.tgz b/charts/cassandra/charts/common-1.14.0.tgz deleted file mode 100644 index 1377e155c14dd951f7045cab50e15b4b9ec3ec30..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14386 zcmV-2IL*f&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMd)qjYFgl<4E9%hciJggP$xhrep3RXblF+6AHUP@eBzb@P``|``H(hMmNp{T-iA(~8LZPZqC=?1Yn@$T-6;|h^YW8MB_OfF+<~wkHH?H^(UhS??51qYg!|T;B7PZVbR1mb`4!`d zI1GBWV?hrlIL$B*dLZ#MOOeDu4@NnS6@`MH>uWGYgi1sx=DIqbB9b0L%-qZW@-PVi zC{i7LZY!I=Y?FfJJjNQzQbKrTuCA^kzqf&$XZR3OGl0R&8|NocKlsudd;e_mvHE|8 z(j1FhngEvQ|Nh|MpsxSF-#@t5|9A0hZ9z>9Zf(JdR<<1fo)eA}rDl&$c8_0xWGoec zXaX5$F%|-gNR|IDaY-`3AJ8;Q@jJyz!PZvb|Lt^CPivoh9rD#YR{q@-C3b&BqYpFVwhZ~xuN^YP>EBbbrtAqXsCL{h9~|7TN0mUw~>;nD8r z&q1Jy1!q|1oB{&DMiMAX@R8w_IV9LH4Wkfz{0M}`X`WyR4SPi%PpN7mQV>GePDm^v zyu|Ym!oR(F6GCVvq7b%IA|!;*kIq8%?|+9oJJ9?5Ind~Q{Ma)sE^R?o$v7Ti&T;Z0 z=Y)>W;|Wgkl+f|Xn6l#a%MUotwecDN^uScYG{)+0^-PhBCoex_91G#hW%Kml63-9e z<41@t@f<#XF1`S;409wIR|d8B+H~{Kdjp_)#StB2h|K3IB-M^;0zSd-Ig_~lRaM6{ zaj&m18BgRP3z`sMJ8g*^jp6joxX^qGOh*N>9Pz}GV1J%^1 zK(+KG{rmO* zT|C!V|H}ymiTD^x_@PiMV7Cc6WwpXqN*&q#qjHiXqhcN%r)-GQig49G`Y`;03rh98 zVp^WPzug2G9s79xP}Ytd6xTo}WM8OlE1PLyrKO1)9h7C9WtWdQI|V>JdqZfN z+?@@ESfW8#C2LpNaAUNhSY9!HX*<3em292UHHr28jcJ8HNKCaeV>NnNL7mw(n) z!6r!;b4Gt-!xf3z!$;TF3@X3Qvlv<&Pv!uTa!?rj4mm4?S zrcO7ah3~0$*K^m|^P^+n*hbT=C{=uj;x+Wm&F6d5U@j+&lYi>~uC++GsQTted3^R_ zRRYF5S%ZEzXFZgWlI_!lh*669id3CsXbp>W|K{Yh2ogHpo$VxjKgx@w2fPmvM z{-7PQK&X%yCBR1T@uRk4x^RHcpJ9k&lnZPi6FSz6r22h{O(?4?ODO!uezdRVi9D4G z13(ZGDls3S7;B1*SWc4=Fy~D1+@rS)h8Q@WvKda`YJv?5$4H`-jUNh_5=y2yZ5xe8 zk5)8)^DJXr3J=!`=X#V0KW@){?)U!kuboFf|No!=_2~2G2O(@%$OE51vUAB5C9H>C z!O`rqh}*ujSL^;+^=bNlHM?#s_UjMJqC!FQu ziP2|9edXDhqeN+kT&RD|u3UzM(BbelGzR1ZNl+lQS{!0iE((I51RCQ*vu!y;DM_?3 z@KQC<@5AA<#-2)9NZ7!dNHv_|NP{f)n)J6H^cGWw8}L{~9Id;NY`PSXtx2e*acU=0ih1%?e&tR$O3!UcHI#KiAbu@BcWB25zPRJXX5 zrE%ushFyb@A&yM&RS)W|K@aQ%(*svCf>#OwHu6fV$)C`%Q09o9MU^G4_Ufe4+wi|JLiM(NlM4RM zC89}7{l?bsiTKIjQQ3cZpmDS`J$we?FZA^2{QUi!vlr*^^6c!**&+Os3o5#v+CoiU=SeKypmb`n6cIA4>nSX2(!j4{O=rMnY$)st*ja+VKMEGCS}-UO#p z6C~dwLgZNNZk3(y8TRX4O-PD+#kkn=c4Wjgy7*nKl8v6I6l*f%Cm11;eqH<7_s@Dy z)BYnd zK9&_E8rMpxH{L?o-!W+qWU#Rb27<%Lg@QG^@T{XoXViiBn~Z9}d>7IP!tccHcj8b7 z!c~gZ>7u*c?Tpfp9GC?aS8?fC=6b>6OU&U!Geptnb8QWSj(UUb1ZNz_NaExWwA-e_ z7aY?B^V2*{O)cS^K|2fBH7kqPn6@yCJNb6-xcl4QPRZ5P7?o96yn>ZyWP0xvQ)=`S zP3yeobD%w!;IouZqh1k{*l6Jype$44R(Tt>GGg_wpwhJIRHd5zlHCy^WCYuO9H|Fp zM~_FHEQd8rD-G*bdiH3xKG#vhqk_if_#dl9B$7($*p;?2huu`ZfXN$@v2j+fEee;g zcMCqtncRML3p=Hg-S5gkyAs{OWp+qg%WXhF8oL5AORa0bbiC>m2qE(6=c1x_z7{dN z^X_~_!uqAnwT(Y5_P-6?*xUkOsr^5w=YM%R=->N)@8nr0{`c?NZy_-ZQGBT+0#h|5 zX$KAw%J|BVB*PS&%|4W-et_`N>51FZ629xVIY(Irw5=4{M3^mZ>j|}A?O*oWDdV#I zX8)@DCr>?ZqzAKbL`Hgc1vUai0e>JuPq4P6>$_iDwNupIJ)trJ{Yt4A*k&APJ{@Ad zqd=+&-d2m?M8XwGQy5~998sYpFagORAtQbISi&4lQ%JDV!U~JR-HEI}6c|@%5-RZ+ zH(Z@B6ybb7=i3P`KD(_=C;Npt!DzPwv@tlvy2#soKYX@iC%i2NtvvqYtz8(0ZTx!$ zcw4m6PP0^ZXpw2a8+kJg_^eQVR|8r3u1B`M4zk}4i~Kw-00A-u%U=j8Q9BV3nxPCE zZMbtltq4>i*)6FYKtg2|+D`dxlrkg_p47j)<}|A|8~mhLtYxNLysA4jfeMl&0%^t{taH2(4{yM9-5Nv^DA4tiCt^X?^nEI&}-;#+b|A6j3zRI}&z7%S)D~ zwddPc=ODO#@iSa;@h<>hQ)nJ?(XT@p^7St8SOlsHzDPKj1l3K!c7TwW7GEukK@3TA!x?~GA?V1PizYaoMq*-;7%r%yzuP*^_VflbjjdhfpQLUt zZ&XXt8_ugWY|w4HN6#JwmrQ%68MTLgB9Y-Z686Nre*#`_`-@pzEwPNYl_T^wCGWbV zy4RoI`qR|^hAB3v{+IfH_8R%$o;=;ZKmUCv&l>vw<%djZC}q)7>mbqL%Q|&*r<(G0 zOs_0rk3#FZTAMiYQ@@!zX37(HIW)^-nTA&qpKj0m5F>rZ-3)bBv@#%Al!m zcCpk*m;m-}DTMIX@cNxX1>r_{ zn$F?(9HnGL)WRgobZ4XBJvPvFd8yh^n2RE?U9c(ky>jKM(JWh1G9}gtB_~9{wk6ez z*XOFN_Jn0P-id;fk&6X0K#I_PkM^W=aA~^h;CzL=#da~xRl&wW((#G=Snx`(b_B6e zU?sZyOUMV*Mg*+PuO6NSISiEQ)LGzKdAl}(buO$xGwrU!Y>QXOOPSDkDKU-b-y|<~ zFQpAPmfiCh)8&X#%~)4-Sa1(#-h{;b<-ksl&0*;kE$)RKG`s5X2_FZbEIvWr;_x_LSXtgU&A4G+FUSiI!>xgm2N}z+@5b~b30eds3}!XBual6T^m9;ofkhB zZSdAW_26aY#cpx-S`WE4lBrvbC0K%`UrW_Qq?joJP!7t(GX7sTJuRfZ_Oyh1!FH{eN1pCsc&OB zoTK)MyJ`G&7WEM=Dd4)_ZY9p14{UbWnfYPrPo_9KC> zJ)e^*OR+afpB#Ip^_sn)25H8vrt7Jo!p<_-#Yk(UaW zXFzCzKP;;Cpg_7icyg(@IS|XGtvJNVIB+aE!85FQOP^CrIY!AGV(l78R+7r{$fVg- z@xr?*2VUK>xhjPa+7pY(yK2tZ`Wf0m%emUUa0kK^)3Ka{FzD+sWNHj`96@yzU-`W- zfXoVigJYprVcCafBp();h2Uy}IW`gBj>bfQkW8`rB3YCVo!~3WpKACus^9i7#P9xRB=TFP50wpg=31i2-I% zHDdxj9b;7LONF!fVtYEayqN$;G-1<%a0ZMSPUyjN#!`%E71a9))~7Zl1C%5n=F=fF z`*SOREClG%MyEsOiB7a4`=xxYQ`9?UNCp78X`*v79E5Q-wvbHQ;#9QTL&+ zHA`-APQ3zGv$ud`OEYCw7|raOk;=A^5XC`YczB8D3!9NH?TX=SJ!VAIXW~*MozKva z5+^$Wz+MEW#o2b()fqu`At{Nc6lN)|!XfR*QHfyg-RZvgGUwm*y9bl`)yz+xSM7H}y zVao%KvwkopN_`&9B}qjz#_|U|{~KphrPci#cti+MP4#;dSh-y3YWAJWYTwzgE}@$K z!85S+G~L>Vg{_<6d4VL-tF4r=%RGZ{rlxOat3Ozf^WKi{PLwDR-kC=auy4ZI@G<|h zf6q^q9h@=NUixE87HMZ=wWM5lTN>EEgx`r@LP!`knX{~VD<*UE{TCX#?wM8>AGfzr zz#Zf19i}RK*HP9x%K8b02Tw4K{ksMHetYK(Ylo*WMZ**)6~Yz*^~{%|u2Vk`T-fEQ zC!Y1(DeWBROi4#Rmo`O{F?48z9!4!p>YqTXqoNZaTr2xavsb<5*t}~=9b!_lv?JoJ zQZ|(WrW==5d9I$;imWA88~k(0i=J$!>X@O=|)9W~W$X)o4mCTPuFCh1!~i`!Zw2^|n`?CT})HHfP8Cgnsu=%l@Ba9F6ha zo&OvR4xZHa|N8g$|KH8Ce*PCfN5Q$_70_pXTJ^VOrdSmy51th1xnkVzi}wnwnhd7a zRJpvfA2g2I>FWWHDj$2z%q?|qu1yNisOI0|Rc-Ov;z|p*NVKkQ*0P_r@$Y&Ys8VF7 z=2mudxL?K`di*8)CG_(w_;$szy2g-c$E>qA_mj!j_cZl?nayESGr$u4-#_R#;y<1| zy^sIClV>gcPZP`wZ=!M57Oq*xL5l(@TM~spHB(5-RA8JEtHwn(o2Y5<#{S)`bdZ#q zPiCq6;wP19yFJXWvK`F|7s@};G~H>h{T1aEY0AIx^WEk7kA6e`pFBPI{$Bp?;#ouf z&0&5*O%{HA@>Vh!tM$BFUE4jqZVh0V%WhMSv9xl(cv;TjJ~lFXg8ihud<$#)xuYMekhV`Jl>&I%a2GPOP+7kNL9Q*W2*LH;!kR3;ct6dH4+MpSDz$ z%lxACLB8I$Y1F#?v{Tu*^w^;mFcvj;&=&gftA_)W(v7}9 zI(vQc`tOHuR`wneEO9Jx0^7q);Y|!HF3zN{#Y?-HX;8=AN zQyV^qW{f0FYTFyfGJWlt4h+L|MmVG9*n|$w?!JM-(gt(kE}_r?d^%4{&$iN2t@ON- zf#Dt8Y3YPO*p#IWUxg4KkW|=YWn~C@9)q5-OaOx{*rR zl$r6$D}xX>mmfB+_*x}as^qrk2uSsGi7jWsKFZFz6zd$@ z*bf&2UtnE0K19!AYua^DW^Iw_Q4yG4w&V`YAyL+4T#+?`7iPV8X!_eZN3Kd-Z}nL_ z`qHwNDIr*pjbl|6cs2xZB|xTZ4MH;fNnn1;@rZm_3Cty)N2XE@l8YGhV+qSuQF(r$ z)@C)VO`8>r8^hs2{oIevKwCdUruSHP+(%0gla#W0Qm7HxC+cpib)q60-R%sCY+>GT z8Dgaetof}yzOmeZS*`W z(mC50ubuc?sN9x{ipw0bKwW(SwXqcKifb(@QS>;b9tvE-G_qAcW9R(cwMc|TAXf&o zse!kWTXto=v3J_7eb84Q3GM0WWX$VQ);65gFZW@d_s^2`-xP6zlHm8@IFOYa!`cD?V4>fhbn|_ss=DzV-<{ zSqK*pp+l&;xv!=C3QSnmx&<<|;k1}y|63e6tIU8K^W|*N7+3}GYdCWp*cN!#apbHB zX2WhA*NHX8{hBVEE+{v2;5e{fx%TTFD zr{s5ykuA;aZ*o*i^p}jNuO-_?%zyu7-Ed3%Ka7sqE&G24{U>{k{r~;%@9%%QljmCg zAH@|fp8t{K@n1LZ1hOpm^*Dk2-gbL}4B9vJ1^G?gl0&FT-t`FmQYH;pGy z*KpI^s!MdylH?n4o-OLaP1N7*yF|aVSLW`X#s0sH2|4Ci{GQ-QijH#pd@#eePf z2lw$`ck^7w|95J*;{5-6wQ=vC$8cYb1F*!Y+x=ITxtRyhYwLFWf9(Wb%LV9xxZyFN z7D%l=z+%-}l=m08%b_ZRz`YfvZ*EB&UQEOS?^1hftzlGAb=LcWu~W@rt(5I{A2f@1 zFP&RtV?#%bnpjkQMwUX}K(57w{wS8CSM^S`G*KUq1;k!AbZ8-St~3I-8%DIaXJ3<3 z<9b$of@6~4BFDMCU=V{%7HjcbH0L#$Ef+X)8Ez}tm@e_W$3{K(ZPC2ed1;!?DP`|{ zbJ&_2SO~RPyD6-u#5*UI#XYFn^)(B;Bd2a_DX$%mJq@Sm8`756vdNizhembOznEWZ z`3$b&M<4F;_@vV6m&eWB-4SZ&wG)WfCSPqkC+&Vt2YXB+DR-mp8& z>*AUmb3Lcn0zfzPi}{1~ZMeo7CgGYx&|y~IqIYJq%Y&7BbSv7UEc#Qi+r3P9cCSx_HZ(F5iN!rQUjajI@#aqxMzOi~eRZ=x~zhN$J?a$`4n@{L9HC-L* z5>Ok~cYbTx^;KT$+V&e}m(D&dVVMq=$ZBHl^TVQYU&al+*#FCMLT;W2aLM`KgZ=(q zJ^r(Qpa1V}p5QtT;4{S*f0P_0c=G|EhUdN-@2^Iu+wrSE-^}N0TDTo|Z-bbtIc80@ z)qJv@v6&Shmv}CsOqZPYUa~pW0#EaBXIQew9uqGvk?i z1l&^0^nPVZYoCmrIB#*4wJ|HCd)n_FW>d!>v&E!8p5XYhylYm|TjQ@GJ`|3k!q{_8 zfg72GZEG{Ye?Ei3lbw}EqSfrU0sptc^A9$71)Nf^PG8$=*jzhiE(|+tFV%p(65^V3 zM;+V6=7+i3u&sGtVvCDu?_;%Y=UKe|_h+)}djXcL|DPP}_v`Urdk6RDKkwwZ&hp$3CAg*UCVY3oAs@|)T)K;}*Lu9xjDj<*wgp^;?H4$)ZCu?0n_XP-oKG)*gc z&dQ};hc~4(DmuL>?d^J3#P6=2V9nnDwXA(p%=XP9lOT!Oo9K>vSi!0&e4@bp7cdm-;?Px6*3$13{7F^~o8(S#t%lp*Xm$06qZmCFCE|~Le zVejX?(A=%i)D{{I=+LWn&lS}dpm_cB+{mhjnO=X4qIHC_Dm!(L<#n&jCT zW6C(*d>c#b|NhfP{+GS)`%mxf|GRj$;1o%vsq|&Oh6B{JLt&VcG*MbSL-8dVV-W>g z@ODB3h&;;}mjc8Dr>Ty4fhm&lgwXM0;5bE+% z-HXY1SN-Gu6f?S80ve+DGSBqdM+A=|ag_y+q9M8r9z}AR1&{tuum$fBCoC6m^5Ufk zqKvcOa4ds}BpB_Qa-97ZL^Bby1n+)BJ_#%TXD^Rl{P;4OCb!YXV)=ji{r3m;`~UXt z_y6zc*@EZhUN|QWugH)qtL0ctWI=EQKmP-#)9UMgZM&Q0)U*+aiN0ZOSF()6VmCEK zf7Mf=*xgcPcC`0<%vqi(m14LKQZ^UOuZ-wwzlBytG~WD3xbP_3uRdc z3C=K0FpUYe*1MWp4=p@B&s#_8Aq=7q(FYfGV=v=7EUv_}jrf=1+25)$-Qp05N$>y^ z`cO1HhdfhuYEeq#g);KawL2RGmxLyVpjPl?{3FVODV9iC&kALOaLbZOUk@IQ@-#KE zka|Dc)tb(YX$0XvaGElB&v=@I28pdLIH9t*2rvk=k~W4&#@UP{SO9V~cb-1guMBem zR}&IXAVyS~K-&4Q4?4_n$}*t%%8rM3iqWBhmABmq-I(HQe62%cAlv(kXp_&@)U z4>8IzQ9`@4Z}e~&mPv4yviVdQhsszr;Pszu1e!CC4SYf&PIDnK7m=B!^jAZM2@)_= zJSMSFYYe?rlPM5CJ2VwGoMMRuoR*g=p5;`MDXyZJah61c?e4(#^B+#nb|QG8u>|#3 zaVLH**;FrR-o84A7;{NRBt{a8$BOUA`X)`P^C2kKRDY`e&RNa@Wkr~nm4j1`wJ$*s ziA50fd~^rV;4gm)dZxeo(O%U5lc}Q?xmXcIu>^(@OH+1b?vEU%=0az)LE=~e%@9fT zH@ot)qHK9YN58}@!+K?ykkJTht6ku@M0E>}Mk7LrBnr__3M(~@lLS*m0nEXFKEVqt zVovlj5mtUa!OIVsxo-1>X1QEmA^6l={4D#vscN5sPjF#H9u<^|C`;7Zm5t;Dd;)V- zHy}_iKz*}Botp(PX(QJsxbWkv|MuohXdNx(McdDh&O-I?e}_94un?6A;zm9hX48yOOl5&k=_IBQh%PJ@#4vBD51iV7U`1K8Y^Oyaw(z_)a`y&ggG!7?mc-MH`+d%Q(w8(JtMh zsGf2hglmlZ8hDlyc^%bN@$?|vBA!AbiAQ-Va2?TA@$@0w9-f5iLpnDYcL!lTVy=rP zAELMg$u;midwz5b91E877_WownsSu1qq#Dk$7e6DLCkgW%veg|c^j&$;;Cjb9Os=HBv>^;VDd14>4OodO@g{F0*nj+>iGEv>q+H@zf^N zOU@Zz%XqqVt7%iu+H0ZJpsr!R-MZnnspobO^+f?|K8x~f%u#~NgBNByQt7@E30EXd z0aKCd<0Y-9XU1fPsqw>KVg1H{)LsMQ)QI3@1Q+E7sA2I7XG)rlMPgf%6V9#xQP2o# z$Af+^B+HB#8jJzyrF>MbRq74YLs;AgFMy?ZHQ0gb(#A^T$rO#3FJZCHVt9cChK`SzQmM$ciLuS&w8$zFEP1)GX_QZR0Ps4 ztcNJR#5B2R83Opbjokv|1kbo zMUT+lpf@`;8Wx*B|b|*yD zw!kYi#OZCV7P^|g#+JrrXRT$M6{)6*J42RKJyza!gew51!df&~?Dnx3=m;+}MoL|n zUm%$_oEe1+{x?IhM(-$1*_A!iX<~7U&o-4MGo49rePCB>O;hQ@RxpJ%5wkQG z>ljxH_|vYz7Hh2=>a1^Y?Xl*wSmoYO;eLawj5Qyh^G&S0uSL8?NL`KC!1~2w;|z*M z_U{&(qMrD|>Jg>I&-0N!pd3!;#ZTWOpj|>QEA{`iz2yK3n_i>EIkXAxYmn~}&kG$~ zkk6i=xWsF0Q{9MsMS@_xi2IT>TGT_2e5E7Yn6?)!8U zQ%e8aW-7l+CVmX2{$nt8wZ&t~9=XMnvEo^A9IK7{^oWX!%4V8Nf`B07c&4M&i-Tc~ zw2pkHegsR&*B+1bEj?}?mW-n@-drT&mzi`o7r*#rX1xkCn<0tf6bau+?R%;1uz_|k zl-!yr+e}DIW8AJNy#g&83#aARe{FAhWji((GzY!SOs3gQ*>Yd8)wUsX>nk>_d_I&} zT4c$i3Fd|s)h|(;de-Mtl`=$xmU|$T-O;>*70oHX>MT$k-7Ss`gP5>9O~9aFGVi!% z9v6#>5y!vhn96kSD#w*Y$HjvSHEXKXh~?U!Bw6k=x!paJjWPNP8y2_7avKBf^Ips0 zSu?9Y&qVEbV|0 zDNIUvBqwWiPi$8iw`J{m zP#eqI3{QbF+HN={aoV!z?Zii zzI6Lv(c>$YC0RE7E!Y+E#@r^;RqV2r@;ycLCfQ{!>}>YfZh)$FeUSyCx}HCw5F?>| zZSyk5@3D6P&xGWS%gBHUyK>W}HyAf88Y3HK3Xz` zGJdth`o*5WdgE8QNa02!*c>^N7W>N%nwOOKZlrF7k&BTKh$b9WMsMAbJ9bbuq&u7A zSK#@D$FRWTuEufM%xABGzv0ZMpuBkgM~=rglss58h!)u|J^dLh?sodq3;OqnQ$okf zSMw{Z+;6nFUb-AzVd;0X7$1+TuPjv}&eD|7@mn-jbH61Ppdrhp&9`DpfJ9@h=qcryL7Rhg4^a}W+`YJdP6mFT+zFWcp1!j-cjQ4l0}n0w?NnmY#?q%nPQCqcEk(%LO0mpaNz zaX0=TIRZjQj89F}xk(x&{6R9e5h&h1qI#K(XpAkeAwCSY3byn)ZmW_Ns>&~0ivAs= zzXjg#gFh0%7MQMEjBIYEE%0_7OUbe~O)RC8yPm<62XD_Z@`<467zB1_Rd1RuiG+vcKqeJPMGmq>?Ce;_4Ek1OI1F94z$0vp09&9bppo9v`xRcZ1@j?{D9{LDHSbshZSPE(p2y5sa~D583d++ z=zN)47PW=xXFVgd*fM(zf=w|vd2*r*-XZm&JF`-NxGbar$^`K@86ug2udS!=C%(H z1K;*Eq|`TBjjCT3kjszPEOJqI#R_&_{Pw^mr}m#qJYU%2rI-AA)dt-*W^r@c=g*pc z!IqyHU6ZvYQB~nzCQVRr9P#jb&w?o2iUrL%O_0gR0*Ln-D`REEta+|WlE2jIdH}JrT`mYK^Ed_XY8uOr#JNzMIT!IJY z*@NxNe28P2>dNj~fL?jf!JV`yxdD0%eiMu;^qz$uBc<~qj}JeGO2Hw451v4;m*AKs zcqeEh#Nb+l82E%3Y=#hnTOh=soe(Zp>Q63_h7IpyFo^n5KL~z)L*X@>;pq@_80;PRetzVmDjD^V&YLd08?`0}fD{*?cAemATjAyI} z^DonOjxdrrSD=!_r1Ugh-8c4>hN7g>8o)YGq-e_a0EiSg9jPT2;)%5~3X;8i^C}90 zM~~j?C_0Py73LU-O<0TVB@=Zb{J)PL1wju^T|~2eEettaa#zz|eblLHo?O7TRUn!S z!#NC@oR~^`x_kSM_8uTLvL?H)?tT^KUK6HCxC)G>^PLEO{s-oGab{$f5m~VS%82ch z2~XP5Yv34B#Zw7PnWj>?@-G-37J|41iTFEjBnZsQ%(Y=VYZl2{9rHg_j% z%Ep*tHS$+zUU9p+e7#=oU&Ug_icu5H?P*t?Ij2mSqlJVNY-E`0#JU}<740(M)XJK$ zFE6-WpGYu_;8Gb|xp}PNnSf6EP{K&5FGS}+gvha2y-8!QTPd=9Dq>6#C#*;nS)8** zqFOs)Sg7Wm!gA7x=v<9siALEA6M0>gHNR^{W)#|D5#Ci|*!hIx5#~-!{me!qq8*UB zSi<65t#b6JEtZ|x-mkO$U#DbjhIn_Y_}R+^?!`!8v16sgexhSDc&-nU!E9eK%TEH2 z@)S}+FNNU+*RpD{k`!F#l5v7kvCFYw=?wQ2a(nvU{a(g|?3IX^ao+Xdt;c54yeHY_BJo{kgxZXR}u%##F5;k6AW1caHusX4(9&YWCW5(h>x=Tmm^w?2Va6 z8Hy*^L3j)P(2A7Y$oiI3SdONm)RyUD_W zh=PAw0Bk6c7IKB9o84?FK+@O>iXMl%yH{6N5z<&jjE{FyQ%dZ?(Ng>!sULlTygb2yWFqahqIjo2PzkpK4 z6vCr(I5`jD`O*2w`QzaI$=iRt`ROgZKRP=*dj0m~dGq=l-uw-Y zUjGw*IC=fzF<@exdLJ@igQ$3wW!MRPk;TkVI`PwZ@Vn`7k=V**!%x2hZ7-X1F si7*o+qDhdFDRJli8{LV%q1!3$pZn+jxy|SQ1^@v6|Iit)bO3At03#k&B>(^b diff --git a/charts/cassandra/sample/create-storage-gce.yaml b/charts/cassandra/sample/create-storage-gce.yaml new file mode 100644 index 0000000..2467b95 --- /dev/null +++ b/charts/cassandra/sample/create-storage-gce.yaml @@ -0,0 +1,7 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: generic +provisioner: kubernetes.io/gce-pd +parameters: + type: pd-ssd diff --git a/charts/cassandra/templates/NOTES.txt b/charts/cassandra/templates/NOTES.txt index 90326c0..9ecb004 100644 --- a/charts/cassandra/templates/NOTES.txt +++ b/charts/cassandra/templates/NOTES.txt @@ -1,91 +1,35 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} +Cassandra CQL can be accessed via port {{ .Values.config.ports.cql }} on the following DNS name from within your cluster: +Cassandra Thrift can be accessed via port {{ .Values.config.ports.thrift }} on the following DNS name from within your cluster: -{{- $cassandraPasswordKey := ( include "common.secrets.key" (dict "existingSecret" .Values.dbUser.existingSecret "key" "cassandra-password") ) -}} -{{- $cassandraSecretName := ( include "common.secrets.name" (dict "existingSecret" .Values.dbUser.existingSecret "context" $) ) -}} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/bitnami/scripts/cassandra/entrypoint.sh /opt/bitnami/scripts/cassandra/run.sh - -{{- else }} - -Cassandra can be accessed through the following URLs from within the cluster: - - - CQL: {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.ports.cql }} - -To get your password run: - - {{ include "common.utils.secret.getvalue" (dict "secret" $cassandraSecretName "field" $cassandraPasswordKey "context" $) }} - -Check the cluster status by running: - - kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "common.names.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status - -To connect to your Cassandra cluster using CQL: - -1. Run a Cassandra pod that you can use as a client: - - kubectl run --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' \ - --env CASSANDRA_PASSWORD=$CASSANDRA_PASSWORD \ - {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ include "common.names.name" . }}-client=true"{{ end }} \ - --image {{ include "cassandra.image" . }} -- bash - -2. Connect using the cqlsh client: - - cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD {{ include "common.names.fullname" . }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with the label below will be able to connect to Cassandra: - - "{{ include "common.names.fullname" . }}-client=true" - -{{- else -}} - -To connect to your database from outside the cluster execute the following commands: +If you want to connect to the remote instance with your local Cassandra CQL cli. To forward the API port to localhost:9042 run the following: +- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "cassandra.name" . }},release={{ .Release.Name }} -o jsonpath='{ .items[0].metadata.name }') 9042:{{ .Values.config.ports.cql }} +If you want to connect to the Cassandra CQL run the following: {{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - - cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $NODE_IP $NODE_PORT +- export CQL_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "cassandra.fullname" . }}) +- export CQL_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") +- cqlsh $CQL_HOST $CQL_PORT {{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "cassandra.fullname" . }}' +- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "cassandra.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') +- echo cqlsh $SERVICE_IP +{{- else if contains "ClusterIP" .Values.service.type }} +- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "cassandra.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 9042:{{ .Values.config.ports.cql }} + echo cqlsh 127.0.0.1 9042 +{{- end }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $SERVICE_IP +You can also see the cluster status by run the following: +- kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "cassandra.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status -{{- else if contains "ClusterIP" .Values.service.type }} +To tail the logs for the Cassandra pod run the following: +- kubectl logs -f --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "cassandra.name" . }},release={{ .Release.Name }} -o jsonpath='{ .items[0].metadata.name }') - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.cql }}:{{ .Values.service.ports.cql }} & - cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD 127.0.0.1 {{ .Values.service.ports.cql }} +{{- if not .Values.persistence.enabled }} -{{- end }} -{{- end }} -{{- end }} +Note that the cluster is running with node-local storage instead of PersistentVolumes. In order to prevent data loss, +pods will be decommissioned upon termination. Decommissioning may take some time, so you might also want to adjust the +pod termination gace period, which is currently set to {{ .Values.podSettings.terminationGracePeriodSeconds }} seconds. -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- include "cassandra.validateValues" . }} +{{- end}} diff --git a/charts/cassandra/templates/_helpers.tpl b/charts/cassandra/templates/_helpers.tpl index bd9713b..b870420 100644 --- a/charts/cassandra/templates/_helpers.tpl +++ b/charts/cassandra/templates/_helpers.tpl @@ -1,31 +1,34 @@ {{/* vim: set filetype=mustache: */}} - {{/* -Return the proper Cassandra image name +Expand the name of the chart. */}} -{{- define "cassandra.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- define "cassandra.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* -Return the proper metrics image name +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} -{{- define "cassandra.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- define "cassandra.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} {{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "cassandra.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} {{- end -}} {{/* -Return the proper Docker Image Registry Secret Names +Create chart name and version as used by the chart label. */}} -{{- define "cassandra.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- define "cassandra.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -33,222 +36,8 @@ Create the name of the service account to use */}} {{- define "cassandra.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} + {{ default (include "cassandra.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} - -{{/* -Return the list of Cassandra seed nodes -*/}} -{{- define "cassandra.seeds" -}} -{{- $seeds := list }} -{{- $fullname := include "common.names.fullname" . }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $seedCount := .Values.cluster.seedCount | int }} -{{- range $e, $i := until $seedCount }} -{{- $seeds = append $seeds (printf "%s-%d.%s-headless.%s.svc.%s" $fullname $i $fullname $releaseNamespace $clusterDomain) }} -{{- end }} -{{- range .Values.cluster.extraSeeds }} -{{- $seeds = append $seeds . }} -{{- end }} -{{- join "," $seeds }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "cassandra.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "cassandra.validateValues.seedCount" .) -}} -{{- $messages := append $messages (include "cassandra.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Cassandra - Number of seed nodes */}} -{{- define "cassandra.validateValues.seedCount" -}} -{{- $replicaCount := int .Values.replicaCount }} -{{- $seedCount := int .Values.cluster.seedCount }} -{{- if or (lt $seedCount 1) (gt $seedCount $replicaCount) }} -cassandra: cluster.seedCount - - Number of seed nodes must be greater or equal than 1 and less or - equal to `replicaCount`. -{{- end -}} -{{- end -}} - -{{/* Validate values of Cassandra - Tls enabled */}} -{{- define "cassandra.validateValues.tls" -}} -{{- if and (include "cassandra.tlsEncryption" .) (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }} -cassandra: tls.enabled - In order to enable TLS, you also need to provide - an existing secret containing the Keystore and Truststore or - enable auto-generated certificates. -{{- end -}} -{{- end -}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Commit Storage Class -{{ include "cassandra.commitstorage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "cassandra.commitstorage.class" -}} -{{- $storageClass := .persistence.commitStorageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.commitStorageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if encryption via TLS for client connections should be configured -*/}} -{{- define "cassandra.client.tlsEncryption" -}} -{{- if (or .Values.tls.clientEncryption .Values.cluster.clientEncryption) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if encryption via TLS for internode communication connections should be configured -*/}} -{{- define "cassandra.internode.tlsEncryption" -}} -{{- if (ne .Values.tls.internodeEncryption "none") -}} - {{- printf "%s" .Values.tls.internodeEncryption -}} -{{- else if (ne .Values.cluster.internodeEncryption "none") -}} - {{- printf "%s" .Values.cluster.internodeEncryption -}} -{{- else -}} - {{- printf "none" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if encryption via TLS should be configured -*/}} -{{- define "cassandra.tlsEncryption" -}} -{{- if or (include "cassandra.client.tlsEncryption" . ) ( ne "none" (include "cassandra.internode.tlsEncryption" . )) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Cassandra TLS credentials secret -*/}} -{{- define "cassandra.tlsSecretName" -}} -{{- $secretName := coalesce .Values.tls.existingSecret .Values.tlsEncryptionSecretName -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-crt" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS credentials secret object should be created -*/}} -{{- define "cassandra.createTlsSecret" -}} -{{- if and (include "cassandra.tlsEncryption" .) .Values.tls.autoGenerated (not .Values.tls.existingSecret) (not .Values.tlsEncryptionSecretName) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS credentials secret object should be created -*/}} -{{- define "cassandra.tlsPasswordsSecret" -}} -{{- $secretName := coalesce .Values.tls.passwordsSecret .Values.tlsEncryptionSecretName -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-tls-pass" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Returns the available value for certain key in an existing secret (if it exists), -otherwise it generates a random value. -*/}} -{{- define "getValueFromSecret" }} - {{- $len := (default 16 .Length) | int -}} - {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} - {{- if $obj }} - {{- index $obj .Key | b64dec -}} - {{- else -}} - {{- randAlphaNum $len -}} - {{- end -}} -{{- end }} - -{{- define "cassandra.password" -}} - {{- if .Values.dbUser.password }} - {{- .Values.dbUser.password }} - {{- else if (not .Values.dbUser.forcePassword) }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "cassandra-password") -}} - {{- else }} - {{ required "A Cassandra Password is required!" .Values.dbUser.password }} - {{- end }} -{{- end -}} - -{{- define "cassandra.keystore.password" -}} - {{- if .Values.tls.keystorePassword }} - {{- .Values.tls.keystorePassword }} - {{- else }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (printf "%s-%s" (include "common.names.fullname" .) "tls-pass") "Length" 10 "Key" "keystore-password") -}} - {{- end }} -{{- end -}} - -{{- define "cassandra.truststore.password" -}} - {{- if .Values.tls.truststorePassword }} - {{- .Values.tls.truststorePassword }} - {{- else }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (printf "%s-%s" (include "common.names.fullname" .) "tls-pass") "Length" 10 "Key" "truststore-password") -}} - {{- end }} -{{- end -}} - - -{{/* -Returns the available TLS Cert in an existing secret (if it exists), -otherwise it generates a new one. -*/}} -{{- define "cassandra.getTlsCertStrFromSecret" }} - {{- $len := (default 365 .Length) | int -}} - {{- $ca := "" -}} - {{- $crt := "" -}} - {{- $key := "" -}} - {{- $tlsCert := (lookup "v1" "Secret" .Release.Namespace (printf "%s-%s" (include "common.names.fullname" .) "crt")).data -}} - - {{- if $tlsCert }} - {{- $ca = (get $tlsCert "ca.crt" | b64dec) -}} - {{- $crt = (get $tlsCert "tls.crt" | b64dec) -}} - {{- $key = (get $tlsCert "tls.key" | b64dec) -}} - {{- else -}} - {{- $caFull := genCA "cassandra-ca" 365 }} - {{- $fullname := include "common.names.fullname" . }} - {{- $releaseNamespace := .Release.Namespace }} - {{- $clusterDomain := .Values.clusterDomain }} - {{- $serviceName := include "common.names.fullname" . }} - {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} - {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "localhost" "127.0.0.1" $fullname }} - {{- $cert := genSignedCert $fullname nil $altNames 365 $caFull }} - {{- $ca = $caFull.Cert -}} - {{- $crt = $cert.Cert -}} - {{- $key = $cert.Key -}} - {{- end -}} - - {{- printf "%s###%s###%s" $ca $crt $key -}} -{{- end }} diff --git a/charts/cassandra/templates/backup/cronjob.yaml b/charts/cassandra/templates/backup/cronjob.yaml new file mode 100644 index 0000000..3ee3210 --- /dev/null +++ b/charts/cassandra/templates/backup/cronjob.yaml @@ -0,0 +1,90 @@ +{{- if .Values.backup.enabled }} +{{- $release := .Release }} +{{- $values := .Values }} +{{- $backup := $values.backup }} +{{- range $index, $schedule := $backup.schedule }} +--- +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: {{ template "cassandra.fullname" $ }}-backup-{{ $schedule.keyspace | replace "_" "-" }} + labels: + app: {{ template "cassandra.name" $ }}-cain + chart: {{ template "cassandra.chart" $ }} + release: "{{ $release.Name }}" + heritage: "{{ $release.Service }}" +spec: + schedule: {{ $schedule.cron | quote }} + concurrencyPolicy: Forbid + startingDeadlineSeconds: 120 + jobTemplate: + spec: + template: + metadata: + annotations: + {{ toYaml $backup.annotations }} + spec: + restartPolicy: OnFailure + serviceAccountName: {{ template "cassandra.serviceAccountName" $ }} + containers: + - name: cassandra-backup + image: "{{ $backup.image.repository }}:{{ $backup.image.tag }}" + command: ["cain"] + args: + - backup + - --namespace + - {{ $release.Namespace }} + - --selector + - release={{ $release.Name }},app={{ template "cassandra.name" $ }} + - --keyspace + - {{ $schedule.keyspace }} + - --dst + - {{ $backup.destination }} + {{- with $backup.extraArgs }} +{{ toYaml . | indent 12 }} + {{- end }} + env: +{{- if $backup.google.serviceAccountSecret }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/secrets/google/credentials.json" +{{- end }} + {{- with $backup.env }} +{{ toYaml . | indent 12 }} + {{- end }} + {{- with $backup.resources }} + resources: +{{ toYaml . | indent 14 }} + {{- end }} +{{- if $backup.google.serviceAccountSecret }} + volumeMounts: + - name: google-service-account + mountPath: /etc/secrets/google/ +{{- end }} +{{- if $backup.google.serviceAccountSecret }} + volumes: + - name: google-service-account + secret: + secretName: {{ $backup.google.serviceAccountSecret | quote }} +{{- end }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ template "cassandra.fullname" $ }} + - key: release + operator: In + values: + - {{ $release.Name }} + topologyKey: "kubernetes.io/hostname" + {{- with $values.tolerations }} + tolerations: +{{ toYaml . | indent 12 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/cassandra/templates/backup/rbac.yaml b/charts/cassandra/templates/backup/rbac.yaml new file mode 100644 index 0000000..12b0f27 --- /dev/null +++ b/charts/cassandra/templates/backup/rbac.yaml @@ -0,0 +1,50 @@ +{{- if .Values.backup.enabled }} +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "cassandra.serviceAccountName" . }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +--- +{{- end }} +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "cassandra.fullname" . }}-backup + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: +- apiGroups: [""] + resources: ["pods", "pods/log"] + verbs: ["get", "list"] +- apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "cassandra.fullname" . }}-backup + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "cassandra.fullname" . }}-backup +subjects: +- kind: ServiceAccount + name: {{ template "cassandra.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/cassandra/templates/cassandra-secret.yaml b/charts/cassandra/templates/cassandra-secret.yaml deleted file mode 100644 index b04fcfa..0000000 --- a/charts/cassandra/templates/cassandra-secret.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if (not .Values.dbUser.existingSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - cassandra-password: {{ include "cassandra.password" . | b64enc | quote }} -{{- end }} -{{- if and (or .Values.tls.keystorePassword .Values.tls.truststorePassword .Values.tls.autoGenerated) (not .Values.tls.passwordsSecret) (not .Values.tls.tlsEncryptionSecretName) -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-tls-pass - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if or .Values.tls.keystorePassword .Values.tls.autoGenerated }} - keystore-password: {{ include "cassandra.keystore.password" . | b64enc | quote }} - {{- end }} - {{- if or .Values.tls.truststorePassword .Values.tls.autoGenerated }} - truststore-password: {{ include "cassandra.truststore.password" . | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/cassandra/templates/configmap.yaml b/charts/cassandra/templates/configmap.yaml new file mode 100644 index 0000000..4e5ab76 --- /dev/null +++ b/charts/cassandra/templates/configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.configOverrides }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "cassandra.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ toYaml .Values.configOverrides | indent 2 }} +{{- end }} diff --git a/charts/cassandra/templates/extra-list.yaml b/charts/cassandra/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/charts/cassandra/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/cassandra/templates/headless-svc.yaml b/charts/cassandra/templates/headless-svc.yaml deleted file mode 100644 index 95dd905..0000000 --- a/charts/cassandra/templates/headless-svc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-headless - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: intra - port: 7000 - targetPort: intra - - name: tls - port: 7001 - targetPort: tls - - name: jmx - port: 7199 - targetPort: jmx - - name: cql - port: {{ .Values.service.ports.cql }} - targetPort: cql - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/cassandra/templates/networkpolicy.yaml b/charts/cassandra/templates/networkpolicy.yaml deleted file mode 100644 index dc09d6f..0000000 --- a/charts/cassandra/templates/networkpolicy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - # CQL port - - ports: - - port: {{ .Values.service.ports.cql }} - from: - {{- if not .Values.networkPolicy.allowExternal }} - - podSelector: - matchLabels: - {{ include "common.names.fullname" . }}-client: "true" - {{- end }} - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} - # Internal ports - - ports: - - port: intra - - port: tls - - port: jmx - from: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes for metrics - - ports: - - port: {{ .Values.metrics.containerPorts.http | default "8080" }} - {{- end }} -{{- end }} diff --git a/charts/cassandra/templates/pdb.yaml b/charts/cassandra/templates/pdb.yaml index 2760f34..2e539bd 100644 --- a/charts/cassandra/templates/pdb.yaml +++ b/charts/cassandra/templates/pdb.yaml @@ -1,23 +1,17 @@ -{{- if .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "cassandra.fullname" . }} spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} + matchLabels: + app: {{ template "cassandra.name" . }} + release: {{ .Release.Name }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/charts/cassandra/templates/rbac.yaml b/charts/cassandra/templates/rbac.yaml index 5f130cb..6b87a11 100644 --- a/charts/cassandra/templates/rbac.yaml +++ b/charts/cassandra/templates/rbac.yaml @@ -1,17 +1,13 @@ ---- -#apiVersion: rbac.authorization.k8s.io/v1beta1 -#kind: ClusterRoleBinding -#metadata: -# name: {{.Chart.Name}}-rbac -#roleRef: -# apiGroup: rbac.authorization.k8s.io -# kind: ClusterRole -# name: cluster-admin -#subjects: -# - kind: ServiceAccount -# name: {{.Values.serviceAccount.name}} -# namespace: {{.Values.namespace}} ---- +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "cassandra.serviceAccountName" . }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -33,10 +29,10 @@ metadata: name: {{ .Chart.Name }}-{{ .Release.Namespace }}-binding subjects: - kind: ServiceAccount - name: {{ include "cassandra.serviceAccountName" . }} + name: {{ .Values.serviceAccount.name }} namespace: {{ .Release.Namespace }} roleRef: kind: Role name: {{ .Chart.Name }}-{{ .Release.Namespace }}-role apiGroup: rbac.authorization.k8s.io - +{{- end }} diff --git a/charts/cassandra/templates/service.yaml b/charts/cassandra/templates/service.yaml index 578aac5..da0a84e 100644 --- a/charts/cassandra/templates/service.yaml +++ b/charts/cassandra/templates/service.yaml @@ -1,52 +1,45 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} + name: {{ template "cassandra.fullname" . }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.service.annotations }} annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} + {{- toYaml . | nindent 4 }} {{- end }} spec: + clusterIP: None type: {{ .Values.service.type }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} ports: - - name: cql - port: {{ .Values.service.ports.cql }} - targetPort: cql - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.cql)) }} - nodePort: {{ .Values.service.nodePorts.cql }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: metrics - port: {{ .Values.service.ports.metrics }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.metrics)) }} - nodePort: {{ .Values.service.nodePorts.metrics }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- if .Values.exporter.enabled }} + - name: metrics + port: 5556 + targetPort: {{ .Values.exporter.port }} {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + - name: intra + port: 7000 + targetPort: 7000 + - name: tls + port: 7001 + targetPort: 7001 + - name: jmx + port: 7199 + targetPort: 7199 + - name: cql + port: {{ default 9042 .Values.config.ports.cql }} + targetPort: {{ default 9042 .Values.config.ports.cql }} + - name: thrift + port: {{ default 9160 .Values.config.ports.thrift }} + targetPort: {{ default 9160 .Values.config.ports.thrift }} + {{- if .Values.config.ports.agent }} + - name: agent + port: {{ .Values.config.ports.agent }} + targetPort: {{ .Values.config.ports.agent }} + {{- end }} + selector: + app: {{ template "cassandra.name" . }} + release: {{ .Release.Name }} diff --git a/charts/cassandra/templates/serviceaccount.yaml b/charts/cassandra/templates/serviceaccount.yaml deleted file mode 100644 index abe122a..0000000 --- a/charts/cassandra/templates/serviceaccount.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "cassandra.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/charts/cassandra/templates/servicemonitor.yaml b/charts/cassandra/templates/servicemonitor.yaml index f9001ac..cf9408b 100644 --- a/charts/cassandra/templates/servicemonitor.yaml +++ b/charts/cassandra/templates/servicemonitor.yaml @@ -1,43 +1,24 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +{{- if and .Values.exporter.enabled .Values.exporter.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + name: {{ template "cassandra.fullname" . }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.exporter.serviceMonitor.additionalLabels }} +{{ toYaml .Values.exporter.serviceMonitor.additionalLabels | indent 4 }} {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} + jobLabel: {{ template "cassandra.name" . }} endpoints: - - port: metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} + - port: metrics + interval: 10s + selector: + matchLabels: + app: {{ template "cassandra.name" . }} namespaceSelector: - matchNames: - - {{ .Release.Namespace }} + any: true {{- end }} diff --git a/charts/cassandra/templates/statefulset.yaml b/charts/cassandra/templates/statefulset.yaml index fa5079d..925ff28 100644 --- a/charts/cassandra/templates/statefulset.yaml +++ b/charts/cassandra/templates/statefulset.yaml @@ -1,558 +1,230 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} + name: {{ template "cassandra.fullname" . }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ template "cassandra.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} spec: selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - serviceName: {{ include "common.names.fullname" . }}-headless + matchLabels: + app: {{ template "cassandra.name" . }} + release: {{ .Release.Name }} + serviceName: {{ template "cassandra.fullname" . }} + replicas: {{ .Values.config.cluster_size }} podManagementPolicy: {{ .Values.podManagementPolicy }} - replicas: {{ .Values.replicaCount }} - updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} template: metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} - {{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }} + labels: + app: {{ template "cassandra.name" . }} + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} +{{- if .Values.podAnnotations }} annotations: - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- toYaml .Values.metrics.podAnnotations | nindent 8 }} - {{- end }} - {{- end }} +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} spec: - {{- include "cassandra.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "cassandra.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} + serviceAccountName: {{ .Values.serviceAccount.name }} {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + schedulerName: "{{ .Values.schedulerName }}" {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} + hostNetwork: {{ .Values.hostNetwork }} +{{- if .Values.selector }} +{{ toYaml .Values.selector | indent 6 }} +{{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} - {{- if or .Values.initContainers (include "cassandra.tlsEncryption" . ) (and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled) }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} +{{- if .Values.configOverrides }} initContainers: - {{- if and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "cassandra.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data - chmod 700 {{ .Values.persistence.mountPath }}/data - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if .Values.persistence.commitStorageClass }} - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.commitLogMountPath }}/commitlog - chmod 700 {{ .Values.persistence.commitLogMountPath }}/commitlog - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs -r chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.commitLogMountPath }} - - name: commitlog - mountPath: {{ .Values.persistence.commitLogMountPath }} - {{- end }} - {{- end }} - {{- if (include "cassandra.tlsEncryption" . ) }} - - name: init-certs - image: {{ include "cassandra.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - command: - - /bin/bash - - -ec - - |- - {{- if .Values.tls.autoGenerated }} - if [[ -f "/certs/tls.key" ]] && [[ -f "/certs/tls.crt" ]] && [[ -f "/certs/ca.crt" ]]; then - openssl pkcs12 -export -in "/certs/tls.crt" \ - -passout pass:"${CASSANDRA_KEYSTORE_PASSWORD}" \ - -inkey "/certs/tls.key" \ - -out "/tmp/keystore.p12" - keytool -importkeystore -srckeystore "/tmp/keystore.p12" \ - -srcstoretype PKCS12 \ - -srcstorepass "${CASSANDRA_KEYSTORE_PASSWORD}" \ - -deststorepass "${CASSANDRA_KEYSTORE_PASSWORD}" \ - -destkeystore "/opt/bitnami/cassandra/certs/keystore" - rm "/tmp/keystore.p12" - keytool -import -file "/certs/ca.crt" \ - -keystore "/opt/bitnami/cassandra/certs/truststore" \ - -storepass "${CASSANDRA_TRUSTSTORE_PASSWORD}" \ - -noprompt - else - echo "Couldn't find the expected PEM certificates! They are mandatory when encryption via TLS is enabled." - exit 1 - fi - {{- else }} - if [[ -f "/certs/truststore" ]] && [[ -f "/certs/keystore" ]]; then - cp "/certs/truststore" "/opt/bitnami/cassandra/certs/truststore" - cp "/certs/keystore" "/opt/bitnami/cassandra/certs/keystore" - else - echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when encryption via TLS is enabled." - exit 1 - fi - {{- end }} - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - {{- if or .Values.tls.passwordsSecret .Values.tlsEncryptionSecretName .Values.tls.truststorePassword .Values.tls.autoGenerated }} - - name: CASSANDRA_TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (include "cassandra.tlsPasswordsSecret" .) }} - key: truststore-password - {{- end }} - {{- if or .Values.tls.passwordsSecret .Values.tlsEncryptionSecretName .Values.tls.keystorePassword .Values.tls.autoGenerated }} - - name: CASSANDRA_KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (include "cassandra.tlsPasswordsSecret" .) }} - key: keystore-password - {{- end }} - {{- if .Values.tls.resources }} - resources: {{- toYaml .Values.tls.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: certs - mountPath: /certs - - name: certs-shared - mountPath: /opt/bitnami/cassandra/certs - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.hostNetwork }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - {{- end }} + - name: config-copier + image: busybox + command: [ 'sh', '-c', 'cp /configmap-files/* /cassandra-configs/ && chown 999:999 /cassandra-configs/*'] + volumeMounts: +{{- range $key, $value := .Values.configOverrides }} + - name: cassandra-config-{{ $key | replace "." "-" | replace "_" "--" }} + mountPath: /configmap-files/{{ $key }} + subPath: {{ $key }} +{{- end }} + - name: cassandra-configs + mountPath: /cassandra-configs/ +{{- end }} containers: - - name: cassandra - command: - {{- if .Values.command }} - {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- else }} - - bash - - -ec - - | - # Node 0 is the password seeder - if [[ $POD_NAME =~ (.*)-0$ ]]; then - echo "Setting node as password seeder" - export CASSANDRA_PASSWORD_SEEDER=yes - else - # Only node 0 will execute the startup initdb scripts - export CASSANDRA_IGNORE_INITDB_SCRIPTS=1 - fi - /opt/bitnami/scripts/cassandra/entrypoint.sh /opt/bitnami/scripts/cassandra/run.sh - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - image: {{ include "cassandra.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: CASSANDRA_CLUSTER_NAME - value: {{ .Values.cluster.name }} - - name: CASSANDRA_SEEDS - value: {{ (include "cassandra.seeds" .) | quote }} - - name: CASSANDRA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.dbUser.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.dbUser.existingSecret "key" "cassandra-password") }} - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: CASSANDRA_USER - value: {{ .Values.dbUser.user | quote }} - - name: CASSANDRA_NUM_TOKENS - value: {{ .Values.cluster.numTokens | quote }} - - name: CASSANDRA_DATACENTER - value: {{ .Values.cluster.datacenter }} - - name: CASSANDRA_ENDPOINT_SNITCH - value: {{ .Values.cluster.endpointSnitch }} - - name: CASSANDRA_KEYSTORE_LOCATION - value: "/opt/bitnami/cassandra/certs/keystore" - - name: CASSANDRA_TRUSTSTORE_LOCATION - value: "/opt/bitnami/cassandra/certs/truststore" - {{- if ne "none" (include "cassandra.internode.tlsEncryption" .) }} - - name: CASSANDRA_INTERNODE_ENCRYPTION - value: {{ (include "cassandra.internode.tlsEncryption" .) | quote }} - {{- end }} - {{- if (include "cassandra.client.tlsEncryption" .) }} - - name: CASSANDRA_CLIENT_ENCRYPTION - value: "true" - {{- end }} - {{- if or .Values.tls.passwordsSecret .Values.tlsEncryptionSecretName .Values.tls.truststorePassword .Values.tls.autoGenerated }} - - name: CASSANDRA_TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (include "cassandra.tlsPasswordsSecret" .) }} - key: truststore-password - {{- end }} - {{- if or .Values.tls.passwordsSecret .Values.tlsEncryptionSecretName .Values.tls.keystorePassword .Values.tls.autoGenerated }} - - name: CASSANDRA_KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (include "cassandra.tlsPasswordsSecret" .) }} - key: keystore-password - {{- end }} - - name: CASSANDRA_RACK - value: {{ .Values.cluster.rack }} - {{- if .Values.jvm.maxHeapSize }} - - name: MAX_HEAP_SIZE - value: {{ .Values.jvm.maxHeapSize | quote }} - {{- end }} - {{- if .Values.jvm.newHeapSize }} - - name: HEAP_NEWSIZE - value: {{ .Values.jvm.newHeapSize | quote }} - {{- end }} - {{- if .Values.jvm.extraOpts }} - - name: JVM_EXTRA_OPTS - value: {{ .Values.jvm.extraOpts | quote }} - {{- end }} - {{- if .Values.cluster.enableUDF }} - - name: CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS - value: {{ .Values.cluster.enableUDF | quote }} - {{- end }} - {{- if .Values.containerPorts.intra }} - - name: CASSANDRA_TRANSPORT_PORT_NUMBER - value: {{ .Values.containerPorts.intra | quote }} - {{- end }} - {{- if .Values.containerPorts.jmx }} - - name: CASSANDRA_JMX_PORT_NUMBER - value: {{ .Values.containerPorts.jmx | quote }} - {{- end }} - {{- if .Values.containerPorts.cql }} - - name: CASSANDRA_CQL_PORT_NUMBER - value: {{ .Values.containerPorts.cql | quote }} - {{- end }} - {{- if .Values.persistence.commitLogMountPath }} - - name: CASSANDRA_COMMITLOG_DIR - value: {{ .Values.persistence.commitLogMountPath | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/bash - - -ec - - | - nodetool status - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/bash - - -ec - - | - nodetool status | grep -E "^UN\\s+${POD_IP}" - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: - exec: - command: - - /bin/bash - - -ec - - | - nodetool status | grep -E "^UN\\s+${POD_IP}" - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if and (not .Values.lifecycleHooks) (not .Values.persistence.enabled) }} - lifecycle: - preStop: - exec: - command: - - bash - - -ec - - nodetool decommission - {{- else if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- end }} - ports: - - name: intra - containerPort: {{ .Values.containerPorts.intra | default "7000" }} - {{- if .Values.hostNetwork }} - hostPort: {{ .Values.containerPorts.intra }} - {{- end }} - - name: tls - containerPort: {{ .Values.containerPorts.tls | default "7001" }} - {{- if .Values.hostNetwork }} - hostPort: {{ .Values.containerPorts.tls }} - {{- end }} - - name: jmx - containerPort: {{ .Values.containerPorts.jmx | default "7199" }} - {{- if .Values.hostNetwork }} - hostPort: {{ .Values.containerPorts.jmx }} - {{- end }} - - name: cql - containerPort: {{ .Values.containerPorts.cql | default "9042" }} - {{- if .Values.hostNetwork }} - hostPort: {{ .Values.containerPorts.cql }} - {{- end }} - {{- if .Values.resources }} - resources: {{ toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.commitStorageClass }} - - name: commitlog - mountPath: {{ .Values.persistence.commitLogMountPath }} - {{- end }} - {{- if (include "cassandra.tlsEncryption" . ) }} - - name: certs-shared - mountPath: /opt/bitnami/cassandra/certs - {{- end }} - {{- if .Values.initDBConfigMap }} - - name: init-db-cm - mountPath: /docker-entrypoint-initdb.d/configmap - {{- end }} - {{- if .Values.initDBSecret }} - - name: init-db-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{ if .Values.existingConfiguration }} - - name: configurations - mountPath: {{ .Values.persistence.mountPath }}/conf - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "cassandra.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} +{{- if .Values.extraContainers }} +{{ tpl (toYaml .Values.extraContainers) . | indent 6}} +{{- end }} +{{- if .Values.exporter.enabled }} + - name: cassandra-exporter + image: "{{ .Values.exporter.image.repo }}:{{ .Values.exporter.image.tag }}" + resources: +{{ toYaml .Values.exporter.resources | indent 10 }} + env: + - name: CASSANDRA_EXPORTER_CONFIG_listenPort + value: {{ .Values.exporter.port | quote }} + - name: JVM_OPTS + value: {{ .Values.exporter.jvmOpts | quote }} + ports: + - name: metrics + containerPort: {{ .Values.exporter.port }} + protocol: TCP + - name: jmx + containerPort: 5555 + livenessProbe: + tcpSocket: + port: {{ .Values.exporter.port }} + readinessProbe: + httpGet: + path: /metrics + port: {{ .Values.exporter.port }} + initialDelaySeconds: 20 + timeoutSeconds: 45 +{{- end }} + - name: {{ template "cassandra.fullname" . }} + image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} +{{- if .Values.commandOverrides }} + command: {{ .Values.commandOverrides }} +{{- end }} +{{- if .Values.argsOverrides }} + args: {{ .Values.argsOverrides }} +{{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + env: + {{- $seed_size := default 1 .Values.config.seed_size | int -}} + {{- $global := . }} + - name: CASSANDRA_SEEDS {{- if .Values.hostNetwork }} - env: - - name: CASSANDRA_EXPORTER_CONFIG_listenPort - value: {{ .Values.metrics.containerPorts.http | quote }} - - name: CASSANDRA_EXPORTER_CONFIG_host - value: localhost:{{ .Values.containerPorts.jmx }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.metrics.containerPorts.http | default "8080" }} - {{- if .Values.hostNetwork }} - hostPort: {{ .Values.metrics.containerPorts.http }} - {{- end }} - protocol: TCP - - name: jmx - containerPort: {{ .Values.metrics.containerPorts.jmx | default "5555" }} - {{- if .Values.hostNetwork }} - hostPort: {{ .Values.metrics.containerPorts.jmx }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - livenessProbe: - tcpSocket: - port: metrics - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 20 - timeoutSeconds: 45 - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if (include "cassandra.tlsEncryption" . ) }} - - name: certs - secret: - secretName: {{ include "cassandra.tlsSecretName" . }} - defaultMode: 256 - - name: certs-shared - emptyDir: {} - {{- end }} - {{- if .Values.existingConfiguration }} - - name: configurations - configMap: - name: {{ tpl .Values.existingConfiguration $ }} + value: {{ required "You must fill \".Values.config.seeds\" with list of Cassandra seeds when hostNetwork is set to true" .Values.config.seeds | quote }} + {{- else }} + value: "{{- range $i, $e := until $seed_size }}{{ template "cassandra.fullname" $global }}-{{ $i }}.{{ template "cassandra.fullname" $global }}.{{ $global.Release.Namespace }}.svc.{{ $global.Values.config.cluster_domain }}{{- if (lt ( add1 $i ) $seed_size ) }},{{- end }}{{- end }}" + {{- end }} + - name: MAX_HEAP_SIZE + value: {{ default "8192M" .Values.config.max_heap_size | quote }} + - name: HEAP_NEWSIZE + value: {{ default "200M" .Values.config.heap_new_size | quote }} + - name: CASSANDRA_ENDPOINT_SNITCH + value: {{ default "SimpleSnitch" .Values.config.endpoint_snitch | quote }} + - name: CASSANDRA_CLUSTER_NAME + value: {{ default "Cassandra" .Values.config.cluster_name | quote }} + - name: CASSANDRA_DC + value: {{ default "DC1" .Values.config.dc_name | quote }} + - name: CASSANDRA_RACK + value: {{ default "RAC1" .Values.config.rack_name | quote }} + - name: CASSANDRA_START_RPC + value: {{ default "false" .Values.config.start_rpc | quote }} + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- range $key, $value := .Values.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} {{- end }} - {{- if .Values.initDBConfigMap }} - - name: init-db-cm - configMap: - name: {{ tpl .Values.initDBConfigMap $ }} + livenessProbe: + exec: + command: [ "/bin/sh", "-c", "nodetool status" ] + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + readinessProbe: + exec: + command: [ "/bin/sh", "-c", "nodetool status | grep -E \"^UN\\s+{{ .Values.readinessProbe.address }}\"" ] + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + ports: + - name: intra + containerPort: 7000 + - name: tls + containerPort: 7001 + - name: jmx + containerPort: 7199 + - name: cql + containerPort: {{ default 9042 .Values.config.ports.cql }} + - name: thrift + containerPort: {{ default 9160 .Values.config.ports.thrift }} + {{- if .Values.config.ports.agent }} + - name: agent + containerPort: {{ .Values.config.ports.agent }} {{- end }} - {{- if .Values.initDBSecret }} - - name: init-db-secret - secret: - secretName: {{ tpl .Values.initDBSecret $ }} + volumeMounts: + - name: data + mountPath: /var/lib/cassandra + {{- if .Values.configOverrides }} + - name: cassandra-configs + mountPath: /etc/cassandra {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- if .Values.extraVolumeMounts }} +{{ toYaml .Values.extraVolumeMounts | indent 8 }} {{- end }} - {{- if not .Values.persistence.enabled }} - - name: data - emptyDir: {} - {{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - {{- if .Values.persistence.annotations }} - annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + {{- if not .Values.persistence.enabled }} + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "exec nodetool decommission"] {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} - {{- if .Values.persistence.commitLogMountPath }} - - metadata: - name: commitlog - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - {{- if .Values.persistence.annotations }} - annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + terminationGracePeriodSeconds: {{ default 30 .Values.podSettings.terminationGracePeriodSeconds }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + - name: {{ .Values.image.pullSecrets }} {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.commitLogsize | quote }} - {{- include "cassandra.commitstorage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} +{{- if or .Values.extraVolumes ( or .Values.configOverrides (not .Values.persistence.enabled) ) }} + volumes: +{{- end }} +{{- if .Values.extraVolumes }} +{{ toYaml .Values.extraVolumes | indent 6 }} +{{- end }} +{{- range $key, $value := .Values.configOverrides }} + - configMap: + name: cassandra + name: cassandra-config-{{ $key | replace "." "-" | replace "_" "--" }} +{{- end }} +{{- if .Values.configOverrides }} + - name: cassandra-configs + emptyDir: {} +{{- end }} +{{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else }} + volumeClaimTemplates: + - metadata: + name: data + labels: + app: {{ template "cassandra.name" . }} + release: {{ .Release.Name }} + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} {{- end }} - {{- end }} +{{- end }} diff --git a/charts/cassandra/templates/tls-secret.yaml b/charts/cassandra/templates/tls-secret.yaml deleted file mode 100644 index 5938f07..0000000 --- a/charts/cassandra/templates/tls-secret.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if (include "cassandra.createTlsSecret" . ) }} - -{{- $tlsCertStr := regexSplit "###" (include "cassandra.getTlsCertStrFromSecret" .) -1 }} -{{- $ca := index $tlsCertStr 0 }} -{{- $crt := index $tlsCertStr 1 }} -{{- $key := index $tlsCertStr 2 }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-crt - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - ca.crt: {{ $ca | b64enc | quote }} - tls.crt: {{ $crt | b64enc | quote }} - tls.key: {{ $key | b64enc | quote }} -{{- end }} diff --git a/charts/cassandra/values.yaml b/charts/cassandra/values.yaml index 2cc6971..f845e75 100644 --- a/charts/cassandra/values.yaml +++ b/charts/cassandra/values.yaml @@ -1,775 +1,254 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" +## Cassandra image version +## ref: https://hub.docker.com/r/library/cassandra/ +image: + repo: docker.io/cassandra + tag: 3.11.6 + pullPolicy: IfNotPresent + ## Specify ImagePullSecrets for Pods + ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + pullSecrets: regcred -## @section Common parameters -## +## Specify a service type +## ref: http://kubernetes.io/docs/user-guide/services/ +service: + type: ClusterIP + annotations: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param commonLabels Labels to add to all deployed objects (sub-charts are not considered) -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## -extraDeploy: [] +# schedulerName: -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment +## Persist data to a persistent volume +persistence: + enabled: true + ## cassandra data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) ## - args: - - infinity + storageClass: "nfs-client" + accessMode: ReadWriteOnce + size: 10Gi -## @section Cassandra parameters -## +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## Minimum memory for development is 4GB and 2 CPU cores +## Minimum memory for production is 8GB and 4 CPU cores +## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html +resources: {} + # requests: + # memory: 4Gi + # cpu: 2 + # limits: + # memory: 4Gi + # cpu: 2 + +## Change cassandra configuration parameters below: +## ref: http://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/configCassandra_yaml.html +## Recommended max heap size is 1/2 of system memory +## Recommended heap new size is 1/4 of max heap size +## ref: http://docs.datastax.com/en/cassandra/3.0/cassandra/operations/opsTuneJVM.html +config: + cluster_domain: cluster.local + cluster_name: cassandra + cluster_size: 3 + seed_size: 2 + num_tokens: 256 + # If you want Cassandra to use this datacenter and rack name, + # you need to set endpoint_snitch to GossipingPropertyFileSnitch. + # Otherwise, these values are ignored and datacenter1 and rack1 + # are used. + dc_name: DC1 + rack_name: RAC1 + endpoint_snitch: GossipingPropertyFileSnitch + max_heap_size: 2048M + heap_new_size: 512M + start_rpc: false + ports: + cql: 9042 + thrift: 9160 + # If a JVM Agent is in place + # agent: 61621 -## Bitnami Cassandra image -## ref: https://hub.docker.com/r/bitnami/cassandra/tags/ -## @param image.registry Cassandra image registry -## @param image.repository Cassandra image repository -## @param image.tag Cassandra image tag (immutable tags are recommended) -## @param image.pullPolicy image pull policy -## @param image.pullSecrets Cassandra image pull secrets -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/cassandra - tag: 4.0.3-debian-10-r68 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false +## Cassandra config files overrides +configOverrides: {} -## Secret with keystore, keystore password, truststore, truststore password -## DEPRECATED. Use tls.existingSecret instead -# tlsEncryptionSecretName: +## Cassandra docker command overrides +commandOverrides: [] -## Database credentials -## @param dbUser.user Cassandra admin user -## @param dbUser.forcePassword Force the user to provide a non -## @param dbUser.password Password for `dbUser.user`. Randomly generated if empty -## @param dbUser.existingSecret Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`) -## -dbUser: - user: cassandra - forcePassword: false - password: "cassandra" - ## Use an existing secrets which already stores your password data. - ## for backwards compatibility, existingSecret can be a simple string, - ## referencing the secret by name. - ## existingSecret: - ## ## Name of the existing secret - ## ## - ## name: mySecret - ## ## Key mapping where is the value which the deployment is expecting and - ## ## is the name of the key in the existing secret. - ## ## - ## keyMapping: - ## cassandra-password: myCassandraPasswordKey - ## - existingSecret: "" +## Cassandra docker args overrides +argsOverrides: [] -## @param initDBConfigMap ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data -## -initDBConfigMap: "" -## @param initDBSecret Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data -## -initDBSecret: "" -## @param existingConfiguration ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart -## -existingConfiguration: "" -## Cluster parameters -## @param cluster.name Cassandra cluster name -## @param cluster.seedCount Number of seed nodes -## @param cluster.numTokens Number of tokens for each node -## @param cluster.datacenter Datacenter name -## @param cluster.rack Rack name -## @param cluster.endpointSnitch Endpoint Snitch -## @param cluster.internodeEncryption DEPRECATED: use tls.internode and tls.client instead. Encryption values. -## @param cluster.clientEncryption Client Encryption -## @param cluster.extraSeeds For an external/second cassandra ring. -## @param cluster.enableUDF Enable User defined functions -## -cluster: - name: cassandra - seedCount: 1 - numTokens: 256 - datacenter: dc1 - rack: rack1 - endpointSnitch: GossipingPropertyFileSnitch - ## NOTE: internodeEncryption requires tlsEncryptionSecretName - ## - internodeEncryption: none - clientEncryption: false - ## eg: - ## extraSeeds: - ## - hostname/IP - ## - hostname/IP - ## - extraSeeds: [] - enableUDF: false +## Custom env variables. +## ref: https://hub.docker.com/_/cassandra/ +env: {} -## JVM Settings -## @param jvm.extraOpts Set the value for Java Virtual Machine extra options -## @param jvm.maxHeapSize Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` -## @param jvm.newHeapSize Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil` -## -jvm: - extraOpts: "" - ## Memory settings: These are calculated automatically unless specified otherwise - ## To run on environments with little resources (<= 8GB), tune your heap settings: - ## - calculate 1/2 ram and cap to 1024MB - ## - calculate 1/4 ram and cap to 8192MB - ## - pick the max - ## - maxHeapSize: "" - ## newHeapSize: - ## A good guideline is 100 MB per CPU core. - ## - min(100 * num_cores, 1/4 * heap size) - ## ref: https://docs.datastax.com/en/archived/cassandra/2.0/cassandra/operations/ops_tune_jvm_c.html - ## - newHeapSize: "" -## @param command Command for running the container (set to default if not set). Use array form -## -command: [] -## @param args Args for running the container (set to default if not set). Use array form -## -args: [] -## @param extraEnvVars Extra environment variables to be set on cassandra container -## For example: -## - name: FOO -## value: BAR -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars -## -extraEnvVarsSecret: "" +## Liveness and Readiness probe values. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +livenessProbe: + initialDelaySeconds: 90 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + initialDelaySeconds: 90 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + address: "${POD_IP}" -## @section Statefulset parameters -## +## Configure node selector. Edit code below for adding selector to pods +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# selector: + # nodeSelector: + # cloud.google.com/gke-nodepool: pool-db -## @param replicaCount Number of Cassandra replicas -## -replicaCount: 3 -## @param updateStrategy.type updateStrategy for Cassandra statefulset -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## -updateStrategy: - type: RollingUpdate -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param podManagementPolicy StatefulSet pod management policy -## -podManagementPolicy: OrderedReady -## @param priorityClassName Cassandra pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param podAnnotations Additional pod annotations +## Additional pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## podAnnotations: {} -## @param podLabels Additional pod labels + +## Additional pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## podLabels: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment + +## Additional pod-level settings +podSettings: + # Change this to give pods more time to properly leave the cluster when not using persistent storage. + terminationGracePeriodSeconds: 30 + +## Pod distruption budget +podDisruptionBudget: {} + # maxUnavailable: 1 + # minAvailable: 2 + +podManagementPolicy: OrderedReady +updateStrategy: + type: OnDelete + +## Pod Security Context +securityContext: + enabled: false + fsGroup: 999 + runAsUser: 999 + +## Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## + +## Node tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] -## @param topologySpreadConstraints Topology Spread Constraints for pod assignment -## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## The value is evaluated as a template -## -topologySpreadConstraints: [] -## Pod security context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled Cassandra pods' Security Context -## @param podSecurityContext.fsGroup Set Cassandra pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context -## @param containerSecurityContext.runAsUser Set Cassandra container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Force the container to be run as non root -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true -## Cassandra pods' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## Minimum memory for development is 4GB and 2 CPU cores -## Minimum memory for production is 8GB and 4 CPU cores -## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html -## -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for Cassandra containers -## @param resources.requests The requested resources for Cassandra containers -## -resources: - ## Example: - ## limits: - ## cpu: 2 - ## memory: 4Gi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 2 - ## memory: 4Gi - ## - requests: {} -## Configure extra options for Cassandra containers' liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 60 - periodSeconds: 30 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 -## Configure extra options for startup probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 60 -## @param customLivenessProbe Custom livenessProbe that overrides the default one -## -customLivenessProbe: {} -## @param customReadinessProbe Custom readinessProbe that overrides the default one -## -customReadinessProbe: {} -## @param customStartupProbe [object] Override default startup probe -## -customStartupProbe: {} -## @param lifecycleHooks [object] Override default etcd container hooks -## -lifecycleHooks: {} -## @param schedulerName Alternative scheduler -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param extraVolumes Optionally specify extra list of additional volumes for cassandra container -## -extraVolumes: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for cassandra container -## -extraVolumeMounts: [] -## @param initContainers Add additional init containers to the cassandra pods -## -initContainers: [] -## @param sidecars Add additional sidecar containers to the cassandra pods -## -sidecars: [] -## Cassandra Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - ## @param pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param pdb.minAvailable Mininimum number of pods that must still be available after the eviction - ## - minAvailable: 1 - ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction - ## - maxUnavailable: "" -## @param hostNetwork Enable HOST Network -## If hostNetwork true -> dnsPolicy is set to ClusterFirstWithHostNet -## -hostNetwork: false -## Cassandra container ports to open -## If hostNetwork true: the hostPort is set identical to the containerPort -## @param containerPorts.intra Intra Port on the Host and Container -## @param containerPorts.tls TLS Port on the Host and Container -## @param containerPorts.jmx JMX Port on the Host and Container -## @param containerPorts.cql CQL Port on the Host and Container -## -containerPorts: - intra: 7000 - tls: 7001 - jmx: 7199 - cql: 9042 -## @section RBAC parameters -## +rbac: + # Specifies whether RBAC resources should be created + create: true -## Cassandra pods ServiceAccount -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## serviceAccount: - ## @param serviceAccount.create Enable the creation of a ServiceAccount for Cassandra pods - ## + # Specifies whether a ServiceAccount should be created create: true - ## @param serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the cassandra.fullname template - ## - name: "" - ## @param serviceAccount.annotations Annotations for Cassandra Service Account - ## - annotations: {} - ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account. - ## - automountServiceAccountToken: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: cassandra -## @section Traffic Exposure Parameters -## +# Use host network for Cassandra pods +# You must pass seed list into config.seeds property if set to true +hostNetwork: false -## Cassandra service parameters -## -service: - ## @param service.type Cassandra service type - ## - type: ClusterIP - ## @param service.ports.cql Cassandra service CQL Port - ## @param service.ports.metrics Cassandra service metrics port - ## - ports: - cql: 9042 - metrics: 8080 - ## Node ports to expose - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## @param service.nodePorts.cql Node port for CQL - ## @param service.nodePorts.metrics Node port for metrics - ## - nodePorts: - cql: "" - metrics: "" - ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param service.loadBalancerIP LoadBalancerIP if service type is `LoadBalancer` - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.clusterIP Service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.externalTrafficPolicy Service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Provide any additional annotations which may be required. - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} -## Network policies -## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## +## Backup cronjob configuration +## Ref: https://github.com/maorfr/cain +backup: enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port Redis™ is listening - ## on. When true, Redis™ will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - -## @section Persistence parameters -## -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable Cassandra data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for Cassandra data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "nfs-client" - ## @param persistence.commitStorageClass PVC Storage Class for Cassandra Commit Log volume - ## Storage class to use with CASSANDRA_COMMITLOG_DIR to reduce the concurrence for writing data and commit logs - ## ref: https://github.com/bitnami/bitnami-docker-cassandra - ## If set to "-", commitStorageClass: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - commitStorageClass: "" - ## @param persistence.annotations Persistent Volume Claim annotations - ## - annotations: {} - ## @param persistence.accessModes Persistent Volume Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for Cassandra data volume - ## - size: 8Gi - ## @skip persistence.commitLogsize PVC Storage Request for Cassandra commit log volume - ## - # commitLogsize: 2Gi - ## @param persistence.mountPath The path the data volume will be mounted at - ## - mountPath: /bitnami/cassandra - ## @skip persistence.commitLogMountPath The path the commit log volume will be mounted at - ## - # commitLogMountPath: /bitnami/cassandra/commitlog + # Schedule to run jobs. Must be in cron time format + # Ref: https://crontab.guru/ + schedule: + - keyspace: keyspace1 + cron: "0 7 * * *" + - keyspace: keyspace2 + cron: "30 7 * * *" -## @section Volume Permissions parameters -## + annotations: + # Example for authorization to AWS S3 using kube2iam + # Can also be done using environment variables + iam.amazonaws.com/role: cain -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume - ## @param volumePermissions.image.repository Init container volume - ## @param volumePermissions.image.tag Init container volume - ## @param volumePermissions.image.pullPolicy Init container volume - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r410 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: - - "regcred" - ## Init container' resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## @param volumePermissions.securityContext.runAsUser User ID for the init container - ## - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 + repository: maorfr/cain + tag: 0.6.0 -## @section Metrics parameters -## + # Additional arguments for cain + # Ref: https://github.com/maorfr/cain#usage + extraArgs: [] + + # Add additional environment variables + env: + # Example environment variable required for AWS credentials chain + - name: AWS_REGION + value: us-east-1 -## Cassandra Prometheus exporter configuration -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## Bitnami Cassandra Exporter image - ## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/ - ## @param metrics.image.registry Cassandra exporter image registry - ## @param metrics.image.repository Cassandra exporter image name - ## @param metrics.image.tag Cassandra exporter image tag - ## @param metrics.image.pullPolicy image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - pullPolicy: IfNotPresent - repository: bitnami/cassandra-exporter - tag: 2.3.8-debian-10-r33 - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Cassandra Prometheus exporter resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for the container - ## @param metrics.resources.requests The requested resources for the container - ## resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "8080" - ## Prometheus Operator ServiceMonitor configuration - ## + requests: + memory: 1Gi + cpu: 1 + limits: + memory: 1Gi + cpu: 1 + + # Name of the secret containing the credentials of the service account used by GOOGLE_APPLICATION_CREDENTIALS, as a credentials.json file + # google: + # serviceAccountSecret: + + # Destination to store the backup artifacts + # Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage, Google Cloud Storage + # Additional support can added. Visit this repository for details + # Ref: https://github.com/maorfr/skbn + destination: s3://bucket/cassandra + +## Cassandra exported configuration +## ref: https://github.com/criteo/cassandra_exporter +exporter: + enabled: false serviceMonitor: - ## @param metrics.serviceMonitor.enabled If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: monitoring - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## @param metrics.serviceMonitor.additionalLabels Used to pass Labels that are required by the installed Prometheus Operator - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## additionalLabels: {} + # prometheus: default + image: + repo: criteord/cassandra_exporter + tag: 2.0.2 + port: 5556 + jvmOpts: "" + resources: {} + # limits: + # cpu: 1 + # memory: 1Gi + # requests: + # cpu: 1 + # memory: 1Gi - ## Metrics container ports to open - ## If hostNetwork true: the hostPort is set identical to the containerPort - ## @param metrics.containerPorts.http HTTP Port on the Host and Container - ## @param metrics.containerPorts.jmx JMX Port on the Host and Container - ## - containerPorts: - http: 8080 - jmx: 5555 - -## @section TLS/SSL parameters -## - -## TLS/SSL parameters -## @param tls.internodeEncryption Set internode encryption -## @param tls.clientEncryption Set client-server encryption -## @param tls.autoGenerated Generate automatically self-signed TLS certificates. Currently only supports PEM certificates -## @param tls.existingSecret Existing secret that contains Cassandra Keystore and truststore -## @param tls.passwordsSecret Secret containing the Keystore and Truststore passwords if needed -## @param tls.keystorePassword Password for the keystore, if needed. -## @param tls.truststorePassword Password for the truststore, if needed. -## @param tls.resources.limits The resources limits for the TLS init container -## @param tls.resources.requests The requested resources for the TLS init container -## @param tls.certificatesSecret Secret with the TLS certificates. -## @param tls.tlsEncryptionSecretName Secret with the encryption of the TLS certificates -## -tls: - internodeEncryption: none - clientEncryption: false - autoGenerated: false - existingSecret: "" - passwordsSecret: "" - keystorePassword: "" - truststorePassword: "" - certificatesSecret: "" - tlsEncryptionSecretName: "" - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} +extraVolumes: [] +extraVolumeMounts: [] +# extraVolumes and extraVolumeMounts allows you to mount other volumes +# Example Use Case: mount ssl certificates +# extraVolumes: +# - name: cas-certs +# secret: +# defaultMode: 420 +# secretName: cas-certs +# extraVolumeMounts: +# - name: cas-certs +# mountPath: /certs +# readOnly: true + +extraContainers: [] +## Additional containers to be added +# extraContainers: +# - name: cassandra-sidecar +# image: cassandra-sidecar:latest +# volumeMounts: +# - name: some-mount +# mountPath: /some/path diff --git a/charts/magma-oai-mme/templates/deployment.yaml b/charts/magma-oai-mme/templates/deployment.yaml index b12752d..e5d6bce 100644 --- a/charts/magma-oai-mme/templates/deployment.yaml +++ b/charts/magma-oai-mme/templates/deployment.yaml @@ -63,7 +63,7 @@ spec: {{- end}} volumeMounts: - mountPath: /var/log - name: {{.Chart.Name}}-pv + name: cn4g-pv - name: mme image: "{{.Values.image.repository}}:{{.Values.image.version}}" imagePullPolicy: {{.Values.image.pullPolicy}} @@ -86,7 +86,7 @@ spec: key: mmeService volumeMounts: - mountPath: /var/log - name: {{.Chart.Name}}-pv + name: cn4g-pv - mountPath: /magma/etc/mme_fd.conf name: fd-vol subPath: mme_fd.conf @@ -131,7 +131,8 @@ spec: serviceAccountName: {{.Values.serviceAccount.name}} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- if .Values.nodeSelector}} - nodeSelector: {{- toYaml .Values.nodeSelector | nindent 4 }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 12 }} {{- end }} {{- if .Values.nodeName}} nodeName: {{ .Values.nodeName }} diff --git a/charts/magma-oai-mme/values.yaml b/charts/magma-oai-mme/values.yaml index 4a074ea..b99ad83 100644 --- a/charts/magma-oai-mme/values.yaml +++ b/charts/magma-oai-mme/values.yaml @@ -132,7 +132,8 @@ resources: cpu: 200m memory: 256Mi -nodeSelector: {} +nodeSelector: + worker: "telco" tolerations: [] diff --git a/charts/oai-hss/templates/pvc.yaml b/charts/oai-hss/templates/pvc.yaml index 0cff6ab..988ae7b 100644 --- a/charts/oai-hss/templates/pvc.yaml +++ b/charts/oai-hss/templates/pvc.yaml @@ -3,10 +3,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: cn5g-pvc -# name: {{.Chart.Name}}-{{ .Release.Namespace }}-pvc - annotations: - "helm.sh/resource-policy": keep + name: cn4g-pvc spec: accessModes: - ReadWriteOnce diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index b09ddf6..7b76a24 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -54,8 +54,8 @@ start: persistence: # make it true for the first time when you want to create persistance volume # and then false - enabled: false - volumeName: managed-nfs-storage + enabled: true + volumeName: nfs-client size: 1Gi securityContext: diff --git a/charts/oai-spgwc/templates/deployment.yaml b/charts/oai-spgwc/templates/deployment.yaml index fdfa767..8e657d8 100644 --- a/charts/oai-spgwc/templates/deployment.yaml +++ b/charts/oai-spgwc/templates/deployment.yaml @@ -86,7 +86,8 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- if .Values.nodeSelector}} - nodeSelector: {{- toYaml .Values.nodeSelector | nindent 4 }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 12 }} {{- end }} {{- if .Values.nodeName}} nodeName: {{ .Values.nodeName }} diff --git a/charts/oai-spgwc/templates/multus.yaml b/charts/oai-spgwc/templates/multus.yaml index cfc0237..0ab9f9f 100644 --- a/charts/oai-spgwc/templates/multus.yaml +++ b/charts/oai-spgwc/templates/multus.yaml @@ -2,7 +2,7 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-{{ .Values.namespace }}-net1 + name: {{ .Chart.Name }}-net1 spec: config: '{ "cniVersion": "0.3.0", diff --git a/charts/oai-spgwc/templates/rbac.yaml b/charts/oai-spgwc/templates/rbac.yaml index 5b8cf74..9bc2f0a 100644 --- a/charts/oai-spgwc/templates/rbac.yaml +++ b/charts/oai-spgwc/templates/rbac.yaml @@ -1,15 +1,3 @@ -#apiVersion: rbac.authorization.k8s.io/v1beta1 -#kind: ClusterRoleBinding -#metadata: -# name: {{ .Chart.Name }}-{{ .Values.namespace }}-rbac -#roleRef: -# apiGroup: rbac.authorization.k8s.io -# kind: ClusterRole -# name: cluster-admin -#subjects: -#- kind: ServiceAccount -# name: {{ .Values.serviceAccount.name }} -# namespace: {{ .Values.namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index 95163ab..9e6d6e3 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -51,7 +51,7 @@ service: gtpcPort: 2123 start: - spgwc: true + spgwc: false tcpdump: false @@ -87,8 +87,8 @@ lte: persistence: # make it true for the first time when you want to create persistance volume # and then false - enabled: false - volumeName: managed-nfs-storage + enabled: true + volumeName: nfs-client size: 1Gi multus: @@ -106,7 +106,8 @@ resources: cpu: 100m memory: 256Mi -nodeSelector: {} +nodeSelector: + worker: telco tolerations: [] diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index 1d79d9f..6447c3c 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -2,7 +2,7 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: {{ .Chart.Name }}-{{ .Values.lte.instance }}--net1 + name: {{ .Chart.Name }}-{{ .Values.lte.instance }}-net1 spec: config: '{ "cniVersion": "0.3.0", diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 9216244..6c01a0d 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -24,7 +24,7 @@ persistence: # make it true for the first time when you want to create persistance volume # and then false enabled: true - volumeName: managed-nfs-storage + volumeName: nfs-client size: 1Gi multus: From 3cf5aa553ec3859295aeb4d01369c86654396e0f Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Mon, 30 May 2022 14:17:47 +0200 Subject: [PATCH 73/82] tweak freeDiameter config, prepare for redis if necessary Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- .../magma-oai-mme/templates/deployment.yaml | 3 + .../templates/mme-configmap.yaml | 2 + .../templates/mme-fd-configmap.yaml | 8 +-- .../templates/multiple-services.yaml | 68 ++++++++++++++++++- charts/magma-oai-mme/values.yaml | 10 +-- 5 files changed, 79 insertions(+), 12 deletions(-) diff --git a/charts/magma-oai-mme/templates/deployment.yaml b/charts/magma-oai-mme/templates/deployment.yaml index e5d6bce..7e17d8b 100644 --- a/charts/magma-oai-mme/templates/deployment.yaml +++ b/charts/magma-oai-mme/templates/deployment.yaml @@ -96,6 +96,9 @@ spec: - mountPath: /magma/bin/mme.exe name: svc-vol subPath: mme.exe + - mountPath: /magma/bin/make_certs.sh + name: svc-vol + subPath: make_certs.sh {{- with .Values.resources}} resources: {{- toYaml . | nindent 10}} diff --git a/charts/magma-oai-mme/templates/mme-configmap.yaml b/charts/magma-oai-mme/templates/mme-configmap.yaml index ed0ce8c..adf85d4 100644 --- a/charts/magma-oai-mme/templates/mme-configmap.yaml +++ b/charts/magma-oai-mme/templates/mme-configmap.yaml @@ -5,3 +5,5 @@ metadata: name: {{.Chart.Name}}-{{ .Release.Namespace }}-configmap data: mmeService: {{.Values.mmeConf.fdMmeHostname}}.{{ .Release.Namespace }}.{{.Values.mmeConf.domainName}} + realm: {{ .Release.Namespace }}.{{ .Values.mmeConf.domainName }} + \ No newline at end of file diff --git a/charts/magma-oai-mme/templates/mme-fd-configmap.yaml b/charts/magma-oai-mme/templates/mme-fd-configmap.yaml index 46d5bd7..c8b0526 100644 --- a/charts/magma-oai-mme/templates/mme-fd-configmap.yaml +++ b/charts/magma-oai-mme/templates/mme-fd-configmap.yaml @@ -20,9 +20,9 @@ data: Identity = "{{ .Values.mmeConf.fdMmeHostname }}.{{ .Release.Namespace }}.{{ .Values.mmeConf.domainName }}"; Realm = "{{ .Release.Namespace }}.{{ .Values.mmeConf.domainName }}"; # TLS configuration (see previous section) - TLS_Cred = "{{ .Values.mmeConf.prefix }}/etc/mme.cert.pem", - "{{ .Values.mmeConf.prefix }}/etc/mme.key.pem"; - TLS_CA = "{{ .Values.mmeConf.prefix }}/etc/mme.cacert.pem"; + TLS_Cred = "{{ .Values.mmeConf.prefix }}/etc/{{ .Values.mmeConf.fdMmeHostname }}.cert.pem", + "{{ .Values.mmeConf.prefix }}/etc/{{ .Values.mmeConf.fdMmeHostname }}.key.pem"; + TLS_CA = "{{ .Values.mmeConf.prefix }}/etc/cacert.pem"; # Disable use of TCP protocol (only listen and connect in SCTP) # Default : TCP enabled No_SCTP; @@ -161,5 +161,5 @@ data: # incoming connection from this peer will be rejected. If you want to accept # incoming connections from other peers, see the acl_wl.fdx? extension which # allows exactly this. - ConnectPeer= "{{ .Values.mmeConf.fdHssHostname }}.{{ .Values.mmeConf.hssDomainName }}" { ConnectTo = "{{ .Values.mmeConf.hssIp }}"; No_SCTP ; No_IPv6; Prefer_TCP; No_TLS; port = {{ .Values.service.peerDiameterPort }};}; + ConnectPeer = "{{ .Values.mmeConf.fdHssHostname }}.{{ .Values.mmeConf.hssDomainName }}" { ConnectTo = "{{ .Values.mmeConf.hssIp }}"; No_SCTP ; No_IPv6; Prefer_TCP; No_TLS; port = {{ .Values.service.peerDiameterPort }};}; diff --git a/charts/magma-oai-mme/templates/multiple-services.yaml b/charts/magma-oai-mme/templates/multiple-services.yaml index 32ebb93..b088094 100644 --- a/charts/magma-oai-mme/templates/multiple-services.yaml +++ b/charts/magma-oai-mme/templates/multiple-services.yaml @@ -4,6 +4,66 @@ apiVersion: v1 metadata: name: mme-services-configmap data: + make_certs.sh: | + #! /bin/bash + #Copyright (c) 2017 Sprint + # + # Licensed to the OpenAirInterface (OAI) Software Alliance under one or more + # contributor license agreements. See the NOTICE file distributed with + # this work for additional information regarding copyright ownership. + # The OpenAirInterface Software Alliance licenses this file to You under + # the terms found in the LICENSE file in the root of this source tree. + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + OS_DISTRO=$(grep "^ID=" /etc/os-release | sed "s/ID=//" | sed "s/\"//g") + case "$OS_DISTRO" in + fedora) OS_BASEDISTRO="fedora";; + rhel) OS_BASEDISTRO="fedora";; + debian) OS_BASEDISTRO="debian";; + ubuntu) OS_BASEDISTRO="debian";; + esac + rm -rf demoCA + mkdir demoCA + echo 01 > demoCA/serial + touch demoCA/index.txt + if [[ "$OS_BASEDISTRO" == "debian" ]] + then + echo 'unique_subject = yes' > demoCA/index.txt.attr + fi + if [ "$#" -lt 2 ]; then + echo "error provide arguments: host domain [prefix]" + return + fi + if [ "$#" -gt 3 ]; then + echo "error provide arguments: host domain [prefix]" + return + fi + HOST=$1 + DOMAIN=$2 + # usually /usr/local/etc/oai + if [ "$#" -eq 3 ]; then + PREFIX=$3 + else + PREFIX="/usr/local/etc/oai" + fi + # CA self certificate + openssl req -new -batch -x509 -days 3650 -nodes -newkey rsa:1024 -out cacert.pem -keyout cakey.pem -subj /CN=$HOST.$DOMAIN/C=FR/ST=BdR/L=Aix/O=fD/OU=Tests + # + openssl genrsa -out $HOST.key.pem 1024 + openssl req -new -batch -out $HOST.csr.pem -key $HOST.key.pem -subj /CN=$HOST.$DOMAIN/C=FR/ST=BdR/L=Aix/O=fD/OU=Tests + if [[ "$OS_BASEDISTRO" == "fedora" ]]; then + cp /etc/pki/tls/openssl.cnf . + chmod 664 openssl.cnf + sed -i -e "s#/etc/pki/CA#./demoCA#" openssl.cnf + openssl ca -cert cacert.pem -keyfile cakey.pem -in $HOST.csr.pem -out $HOST.cert.pem -outdir . -batch -config openssl.cnf + else + openssl ca -cert cacert.pem -keyfile cakey.pem -in $HOST.csr.pem -out $HOST.cert.pem -outdir . -batch + fi + cp -upv $HOST.cert.pem cacert.pem $HOST.key.pem $PREFIX mme.exe: | #!/bin/sh # turn on bash's job control @@ -19,8 +79,10 @@ data: mv "$fb" "$(date -r "$f" +"%Y-%m-%d_%H-%M-%S")_$fb" done popd - /magma/bin/sctpd & + /magma/bin/make_certs.sh {{ .Values.mmeConf.fdMmeHostname }} {{ .Release.Namespace }}.{{ .Values.mmeConf.domainName }} {{ .Values.mmeConf.prefix }}/etc + /magma-mme/bin/sctpd & # let create unix socket sleep 7 - /magma/scripts/entrypoint.sh /magma/bin/oai_mme -c /magma/etc/mme.conf - + #/magma/scripts/entrypoint.sh /magma-mme/bin/oai_mme -c /magma/etc/mme.conf + /magma-mme/bin/oai_mme -c /magma/etc/mme.conf + \ No newline at end of file diff --git a/charts/magma-oai-mme/values.yaml b/charts/magma-oai-mme/values.yaml index b99ad83..bbded6b 100644 --- a/charts/magma-oai-mme/values.yaml +++ b/charts/magma-oai-mme/values.yaml @@ -8,7 +8,7 @@ replicaCount: 1 image: registry: local repository: magma-oai-mme - # version: stable + #repository: image-registry.openshift-image-registry.svc:5000/oai4g/magma-oai-mme-base-builder version: oai-oc # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always @@ -69,8 +69,8 @@ service: gtpcPort: 2123 start: - mme: true - redis: true + mme: false + redis: false tcpdump: false mmeConf: @@ -79,11 +79,11 @@ mmeConf: # contains etc, bin subdirs # May be not always same as magma_root prefix: /magma - domainName: "oai4g.svc.cluster.local" + domainName: "svc.cluster.local" fdMmeHostname: "magma-oai-mme" fdHssHostname: "oai-hss" hssDomainName: "oai4g.svc.cluster.local" - useStateless: "true" + useStateless: "false" useHa: "false" enableGtpuPrivateIpCorrection: "false" enableConvergedCore: "false" From 9fb9833c713bc0eb4e7c99cf4a44ad6e0b0cacb2 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 31 May 2022 12:25:59 +0200 Subject: [PATCH 74/82] PVC for logs independant from network functions Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-hss/templates/pvc.yaml | 14 -------------- charts/pvc.yaml | 12 ++++++++++++ 2 files changed, 12 insertions(+), 14 deletions(-) delete mode 100644 charts/oai-hss/templates/pvc.yaml create mode 100644 charts/pvc.yaml diff --git a/charts/oai-hss/templates/pvc.yaml b/charts/oai-hss/templates/pvc.yaml deleted file mode 100644 index 988ae7b..0000000 --- a/charts/oai-hss/templates/pvc.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -{{- if .Values.persistence.enabled}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: cn4g-pvc -spec: - accessModes: - - ReadWriteOnce - storageClassName: {{ .Values.persistence.volumeName }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end}} diff --git a/charts/pvc.yaml b/charts/pvc.yaml new file mode 100644 index 0000000..deca29e --- /dev/null +++ b/charts/pvc.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: cn4g-pvc +spec: + accessModes: + - ReadWriteOnce + storageClassName: nfs-client + resources: + requests: + storage: 1Gi From 72ea36d111ae87bbb50d7a8d5a5d6d7129198742 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 31 May 2022 12:27:05 +0200 Subject: [PATCH 75/82] use right hss image Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-hss/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index 7b76a24..e140052 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -7,7 +7,7 @@ replicaCount: 1 image: registry: local repository: oai-hss - version: develop + version: oai-oc # pullPolicy: IfNotPresent or Never or Always pullPolicy: Always From ff3f66c86cd1a1431d60382871b632673479ba19 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 31 May 2022 12:27:40 +0200 Subject: [PATCH 76/82] init container for mme for self provisionning mme Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/magma-oai-mme/templates/deployment.yaml | 7 +++++++ charts/magma-oai-mme/values.yaml | 10 +++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/charts/magma-oai-mme/templates/deployment.yaml b/charts/magma-oai-mme/templates/deployment.yaml index 7e17d8b..c96db0a 100644 --- a/charts/magma-oai-mme/templates/deployment.yaml +++ b/charts/magma-oai-mme/templates/deployment.yaml @@ -29,6 +29,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8}} {{- end}} + initContainers: + - name: prov-mme-db + image: "{{ .Values.provisionning.image.repository }}:{{ .Values.provisionning.image.version }}" + command: + - sh + - -c + - /openair-hss/scripts/data_provisioning_mme -C {{ .Values.provisionning.db_url }} --id 4 --mme-identity {{ .Values.mmeConf.fdMmeHostname }}.{{ .Release.Namespace }}.{{ .Values.mmeConf.domainName }} --realm "{{ .Release.Namespace }}.{{ .Values.mmeConf.domainName }}" --verbose true containers: - name: tcpdump image: "{{ .Values.tcpdumpimage.repository }}:{{ .Values.tcpdumpimage.version }}" diff --git a/charts/magma-oai-mme/values.yaml b/charts/magma-oai-mme/values.yaml index bbded6b..074a291 100644 --- a/charts/magma-oai-mme/values.yaml +++ b/charts/magma-oai-mme/values.yaml @@ -5,6 +5,14 @@ replicaCount: 1 +provisionning: + image: + registry: local + repository: oai-hss + #repository: image-registry.openshift-image-registry.svc:5000/oai4g/magma-oai-mme-base-builder + version: oai-oc + db_url: cassandra + image: registry: local repository: magma-oai-mme @@ -69,7 +77,7 @@ service: gtpcPort: 2123 start: - mme: false + mme: true redis: false tcpdump: false From 833d73bf9847e71c5ace937c43be7633babe04ef Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 31 May 2022 15:06:40 +0200 Subject: [PATCH 77/82] typo in spgwc json config file Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-spgwc/templates/cfg-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/oai-spgwc/templates/cfg-configmap.yaml b/charts/oai-spgwc/templates/cfg-configmap.yaml index abc3afc..445a91f 100644 --- a/charts/oai-spgwc/templates/cfg-configmap.yaml +++ b/charts/oai-spgwc/templates/cfg-configmap.yaml @@ -10,7 +10,7 @@ data: "itti" : { "sched_params" : { "sched_policy" : "sched_fifo", - "sched_priority" : {{ .Values.lte.threadTimerPrio }} + "sched_priority" : {{ .Values.lte.threadTimerPrio }} } } }, From 1b40919e6d8cad1ce666bcf34412c32075bc1988 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 31 May 2022 15:22:32 +0200 Subject: [PATCH 78/82] chart spgwc: update config file Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-spgwc/templates/cfg-configmap.yaml | 5 ++++- charts/oai-spgwc/values.yaml | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/oai-spgwc/templates/cfg-configmap.yaml b/charts/oai-spgwc/templates/cfg-configmap.yaml index 445a91f..3c180b3 100644 --- a/charts/oai-spgwc/templates/cfg-configmap.yaml +++ b/charts/oai-spgwc/templates/cfg-configmap.yaml @@ -6,6 +6,7 @@ metadata: data: spgw_c.json: | { + "rest_port" : 9081, "timer" : { "itti" : { "sched_params" : { @@ -57,7 +58,8 @@ data: "default_dns_sec_ipv4_address" : "{{ .Values.lte.ueDnsServerSec }}", "default_dns_ipv6_address" : "2001:4860:4860::8888", "default_dns_sec_ipv6_address" : "2001:4860:4860::8844", - "force_push_protocol_configuration_options" : {{ .Values.lte.pushProtocolOption }} + "force_push_protocol_configuration_options" : {{ .Values.lte.pushProtocolOption }}, + "ue_mtu_ipv4": {{ .Values.lte.ueMtuIpv4 }} }, "pdns" : [ @@ -68,6 +70,7 @@ data: "association_heartbeat_period_ms" : {{ .Values.lte.associationHeartbeatPeriodMs }}, "feature_overload_control" : false, "feature_load_control" : false, + "trigger_association" : true, "up_nodes_selection" : [ { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 1, "pdn_idx" : 0, "id" : "gwu1.spgw.node.epc.mnc{{ .Values.lte.mnc3 }}.mcc{{ .Values.lte.mcc }}.3gppnetwork.org" }, diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index 9e6d6e3..773c0e3 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -83,7 +83,8 @@ lte: n3: "3" t1MilliSec: "1000" t3MilliSec: "1000" - + ueMtuIpv4: "1500" + persistence: # make it true for the first time when you want to create persistance volume # and then false From 6a560f15f0afd24e38cd6b86aee9c35252c3f6fa Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Tue, 31 May 2022 16:21:20 +0200 Subject: [PATCH 79/82] 4G helms seems to work Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-spgwc/templates/cfg-configmap.yaml | 12 ++++++------ charts/oai-spgwc/templates/multus.yaml | 2 +- charts/oai-spgwc/values.yaml | 9 +++++---- charts/oai-spgwu-tiny/templates/cfg-configmap.yaml | 6 +++--- charts/oai-spgwu-tiny/templates/multus.yaml | 2 +- charts/oai-spgwu-tiny/values.yaml | 10 ++++++---- 6 files changed, 22 insertions(+), 19 deletions(-) diff --git a/charts/oai-spgwc/templates/cfg-configmap.yaml b/charts/oai-spgwc/templates/cfg-configmap.yaml index 3c180b3..b9fcd1b 100644 --- a/charts/oai-spgwc/templates/cfg-configmap.yaml +++ b/charts/oai-spgwc/templates/cfg-configmap.yaml @@ -34,7 +34,7 @@ data: } }, "s11" : { - "interface_name" : "{{ .Values.lte.spgwOneIf }}", + "interface_name" : "{{ .Values.lte.spgwS11If }}", "ipv4_address" : "read" }, "sgws5s8" : { @@ -46,7 +46,7 @@ data: "ipv4_address" : "{{ .Values.lte.pgwS5S8Ip }}" }, "sx" : { - "interface_name" : "{{ .Values.lte.spgwOneIf }}", + "interface_name" : "{{ .Values.lte.spgwSxIf }}", "ipv4_address" : "read" }, "spgw_app" : { @@ -73,10 +73,10 @@ data: "trigger_association" : true, "up_nodes_selection" : [ - { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 1, "pdn_idx" : 0, "id" : "gwu1.spgw.node.epc.mnc{{ .Values.lte.mnc3 }}.mcc{{ .Values.lte.mcc }}.3gppnetwork.org" }, - { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 2, "pdn_idx" : 0, "id" : "gwu1.spgw.node.epc.mnc{{ .Values.lte.mnc3 }}.mcc{{ .Values.lte.mcc }}.3gppnetwork.org" }, - { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 3, "pdn_idx" : 0, "id" : "gwu1.spgw.node.epc.mnc{{ .Values.lte.mnc3 }}.mcc{{ .Values.lte.mcc }}.3gppnetwork.org" }, - { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 4, "pdn_idx" : 0, "id" : "gwu1.spgw.node.epc.mnc{{ .Values.lte.mnc3 }}.mcc{{ .Values.lte.mcc }}.3gppnetwork.org" } + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 1, "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" }, + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 2, "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" }, + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 3, "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" }, + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 4, "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" } ] }, "pcef" : { diff --git a/charts/oai-spgwc/templates/multus.yaml b/charts/oai-spgwc/templates/multus.yaml index 0ab9f9f..91dc239 100644 --- a/charts/oai-spgwc/templates/multus.yaml +++ b/charts/oai-spgwc/templates/multus.yaml @@ -13,7 +13,7 @@ spec: "type": "static", "addresses": [ { - "address": {{- cat .Values.lte.spgwIpOneIf "/" .Values.lte.spgwNetmaskOneIf | nospace | quote }} + "address": {{- cat .Values.lte.spgwS11Ip "/" .Values.lte.spgwNetmaskS11 | nospace | quote }} } ] } diff --git a/charts/oai-spgwc/values.yaml b/charts/oai-spgwc/values.yaml index 773c0e3..147b554 100644 --- a/charts/oai-spgwc/values.yaml +++ b/charts/oai-spgwc/values.yaml @@ -51,7 +51,7 @@ service: gtpcPort: 2123 start: - spgwc: false + spgwc: true tcpdump: false @@ -64,9 +64,10 @@ lte: mcc: "208" mnc: "99" mnc3: "099" - spgwOneIf: "net1" - spgwIpOneIf : "172.21.6.181" - spgwNetmaskOneIf : "22" + spgwS11If: "net1" + spgwS11Ip : "172.21.6.181" + spgwSxIf: "eth0" + spgwNetmaskS11 : "22" sgwS5S8Ip: "127.0.58.2" pgwS5S8Ip: "127.0.58.1" ueDnsServer: "172.21.3.100" diff --git a/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml b/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml index e27306a..ab0ffd8 100644 --- a/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml +++ b/charts/oai-spgwu-tiny/templates/cfg-configmap.yaml @@ -16,7 +16,7 @@ data: S1U_S12_S4_UP : { # S-GW binded interface for S1-U communication (GTPV1-U) can be ethernet interface, virtual ethernet interface, we don't advise wireless interfaces - INTERFACE_NAME = "{{ .Values.lte.spgwOneIf }}"; # STRING, interface name, YOUR NETWORK CONFIG HERE + INTERFACE_NAME = "{{ .Values.lte.pgwuS1uIf }}"; # STRING, interface name, YOUR NETWORK CONFIG HERE IPV4_ADDRESS = "read"; # STRING, CIDR or "read to let app read interface configured IP address #PORT = 2152; # Default is 2152 SCHED_PARAMS : @@ -30,7 +30,7 @@ data: SX : { # S/P-GW binded interface for SX communication - INTERFACE_NAME = "{{ .Values.lte.spgwOneIf }}"; # STRING, interface name + INTERFACE_NAME = "{{ .Values.lte.spgwSxIf }}"; # STRING, interface name IPV4_ADDRESS = "read"; # STRING, CIDR or "read" to let app read interface configured IP address #PORT = 8805; # Default is 8805 SCHED_PARAMS : @@ -44,7 +44,7 @@ data: SGI : { # No config to set, the software will set the SGi interface to the interface used for the default route. - INTERFACE_NAME = "{{ .Values.lte.spgwOneIf }}"; # STRING, interface name or "default_gateway" + INTERFACE_NAME = "{{ .Values.lte.pgwuSgiIf }}"; # STRING, interface name or "default_gateway" IPV4_ADDRESS = "read"; # STRING, CIDR or "read" to let app read interface configured IP address SCHED_PARAMS : { diff --git a/charts/oai-spgwu-tiny/templates/multus.yaml b/charts/oai-spgwu-tiny/templates/multus.yaml index 6447c3c..80b4ec4 100644 --- a/charts/oai-spgwu-tiny/templates/multus.yaml +++ b/charts/oai-spgwu-tiny/templates/multus.yaml @@ -13,7 +13,7 @@ spec: "type": "static", "addresses": [ { - "address": {{- cat .Values.lte.spgwIpOneIf "/" .Values.lte.spgwNetmaskOneIf | nospace | quote }} + "address": {{- cat .Values.lte.spgwS1uIp "/" .Values.lte.spgwNetmaskS1u | nospace | quote }} } ] } diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index 6c01a0d..d2ae0a3 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -73,11 +73,13 @@ log: file: " -r " lte: instance: 0 - fqdn: "gwu1.spgw.node.epc.mnc099.mcc208.3gppnetwork.org" + fqdn: "oai-spgwu-tiny-0" pidDirectory: "/var/run" - spgwOneIf: "net1" - spgwIpOneIf: "172.21.6.183" - spgwNetmaskOneIf: "22" + spgwSxIf: "eth0" + pgwuS1uIf: "net1" + pgwuSgiIf: "net1" + spgwS1uIp: "172.21.6.183" + spgwNetmaskS1u: "22" pgwuSgiGw: "172.21.7.254" netUeIp: "192.168.29.0/24" pgwcSxIp: "172.21.6.181" From c4903621ab8708bc64e90336d7306fcb5afdaa6c Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Thu, 2 Jun 2022 17:25:38 +0200 Subject: [PATCH 80/82] thread pool size shrinked to 1 due to non-rt kernel Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-spgwu-tiny/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/oai-spgwu-tiny/values.yaml b/charts/oai-spgwu-tiny/values.yaml index d2ae0a3..157ea46 100644 --- a/charts/oai-spgwu-tiny/values.yaml +++ b/charts/oai-spgwu-tiny/values.yaml @@ -84,8 +84,8 @@ lte: netUeIp: "192.168.29.0/24" pgwcSxIp: "172.21.6.181" netUeNatOption: "yes" - threadsS1uUl: "16" - threadsSgiDl: "16" + threadsS1uUl: "1" + threadsSgiDl: "1" threadsSx: "1" threadsSgiPrio: "64" threadsS1uPrio: "64" From 4dc33afe1022753ca730494dbc57d058e493a384 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 7 Sep 2022 15:47:12 +0200 Subject: [PATCH 81/82] 20899 IMSI base for populating HSS Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-hss/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/oai-hss/values.yaml b/charts/oai-hss/values.yaml index e140052..c578575 100644 --- a/charts/oai-hss/values.yaml +++ b/charts/oai-hss/values.yaml @@ -91,7 +91,8 @@ lte: apn1: "oai.ipv4" apn2: "internet" lteK: "8baf473f2f8fd09487cccbd7097c6862" - imsi: "311480100001101" + # imsi: "311480100001101" + imsi: "208990100001120" numSubscribers: "50" dbName: "vhss" dbUser: "cassandra" From 73e3e990ab8ec249fb81fd62c61b9bdff63c6313 Mon Sep 17 00:00:00 2001 From: lionelgo <29477918+lionelgo@users.noreply.github.com> Date: Wed, 7 Sep 2022 15:48:12 +0200 Subject: [PATCH 82/82] added APNI in spgwc configuration file (yaml) Signed-off-by: lionelgo <29477918+lionelgo@users.noreply.github.com> --- charts/oai-spgwc/templates/cfg-configmap.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/oai-spgwc/templates/cfg-configmap.yaml b/charts/oai-spgwc/templates/cfg-configmap.yaml index b9fcd1b..a97891e 100644 --- a/charts/oai-spgwc/templates/cfg-configmap.yaml +++ b/charts/oai-spgwc/templates/cfg-configmap.yaml @@ -73,10 +73,10 @@ data: "trigger_association" : true, "up_nodes_selection" : [ - { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 1, "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" }, - { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 2, "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" }, - { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 3, "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" }, - { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 4, "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" } + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 1, "apn_ni" : "{{ .Values.lte.apn }}", "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" }, + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 2, "apn_ni" : "{{ .Values.lte.apn }}", "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" }, + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 3, "apn_ni" : "{{ .Values.lte.apn }}", "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" }, + { "mcc" : "{{ .Values.lte.mcc }}", "mnc" : "{{ .Values.lte.mnc }}", "tac" : 4, "apn_ni" : "{{ .Values.lte.apn }}", "pdn_idx" : 0, "id" : "oai-spgwu-tiny-0" } ] }, "pcef" : {