The Open5GS Kubernetes Operator is a custom Kubernetes operator designed to automate the deployment, configuration, and lifecycle management of Open5GS and its subscribers in a declarative way. It uses two CRDs (Custom Resource Definitions): one for managing Open5GS deployments and another for managing Open5GS users, allowing efficient and automated core and subscriber management.
The operator automates the deployment and reconfiguration of Open5GS instances in a Kubernetes cluster. It allows you to define the desired state of an Open5GS deployment in a declarative way, and the operator will ensure that the actual state of the deployment matches the desired state. This includes enabling/disabling components, configuring network slices, and defining the parameters of the Open5GS deployment. Any drift between the actual and desired state will be detected and corrected automatically by the operator. Note that the operator will restart the neccesary pods to apply the changes and that may cause a service interruption.
The operator handles multiple Open5GS deployments across different Kubernetes namespaces, ensuring resource isolation. It can also manage several Open5GS deployments within the same namespace, allowing independent management of each Open5GS instance.
The operator provides full management of Open5GS subscribers, including configuration of network slices and the target Open5GS deployment to which they should be assigned. It distinguishes between Managed Users and Unmanaged Users:
-
Managed Users: These are users whose IMSI is defined in a CR (Custom Resource). The operator controls their configuration, and any discrepancy between the actual state and the desired state in the CR will be detected as drift and corrected automatically, ensuring the configuration always aligns with the declarative source of truth.
-
Unmanaged Users: These users are not controlled by the operator and are created externally (e.g., via scripts that directly modify the database or the Open5GS WebUI). Unmanaged users will not be altered by the operator, allowing compatibility with external tools and temporary deployments that don't need strict management by the operator.
- Operator SDK: OperatorSDK 1.37.0 version
- Go: go 1.23.3 version
To install by using Helm, you can use the Helm chart provided in the charts directory or the open5gs-operator-1.0.1.tgz file. The chart is also available in the Gradiant Charts repository.
helm install open5gs-operator oci://registry-1.docker.io/gradiantcharts/open5gs-operator --version 1.0.1To uninstall the operator, run:
helm uninstall open5gs-operatorFor the other installation options, you can follow this guide.
-
Create a deployment configuration file for Open5GS. Here’s a basic example (the configuration missing will be set to default values):
apiVersion: net.gradiant.org/v1 kind: Open5GS metadata: name: open5gs-sample namespace: default spec: configuration: slices: - sst: "1" sd: "0x111111"
-
Apply the deployment file:
kubectl apply -f open5gs-deployment.yaml
-
Create a configuration file for the users you want to add. Here’s an example:
apiVersion: net.gradiant.org/v1 kind: Open5GSUser metadata: name: open5gsuser-sample namespace: default spec: imsi: "999700000000001" key: "465B5CE8B199B49FAA5F0A2EE238A6BC" opc: "E8ED289DEBA952E4283B54E88E6183CA" sd: "111111" sst: "1" apn: "internet" open5gs: name: "open5gs-sample" namespace: "default"
- The
apn,sst, andsdfields are optional. If they are not provided in the configuration, default values will be used by the system. - The
open5gsfield must contain thenameandnamespaceof the Open5GS deployment to which the user will be assigned.
- The
-
Apply the user configuration:
kubectl apply -f open5gsuser-1.yaml
For more information on how to use the operator and more advanced configurations, please refer to the Documentation.
A complete demo with UERANSIM is available at this link.
- The operator will restart the necessary pods to apply the changes and that may cause a service interruption. For example, if the
amf.metricsparameter is changed, the operator will update the AMF deployment to apply the changes, resulting in a service interruption. - By default, all core components are enabled (except for the WebUI). To disable a component, set the
enabledfield tofalsein the CR. - By default, service accounts are not created. To create a service account, set the
serviceAccountfield totruein the CR for the desired component. - By default, components with metrics support have metrics enabled (AMF, PCF, UPF). To disable metrics, set the
metricsfield tofalsein the CR for the desired component. - By default, components use the
ClusterIPservice type. To change the service type, set theserviceTypefield toLoadBalancerorNodePortin the CR for the desired component. This option is currently available for theamf-ngap,smf-pfcp,upf-pfcp, andupf-gtpuservices. - The
open5gsImagefield in the CR specifies the version of the Open5GS images. If not specified, the operator defaults to versiondocker.io/gradiant/open5gs:2.7.4. - The
webuiImagefield in the CR specifies the version of the Open5GS WebUI image. If not specified, the operator defaults to versiondocker.io/gradiant/open5gs-webui:2.7.4. - The
mongoDBVersionfield in the CR specifies the version of the MongoDB image. If not specified, the operator defaults to versionbitnami/mongodb:8.0.6-debian-12-r0. - Components with metric support can generate a
ServiceMonitorCR to expose metrics to Prometheus. However, ensure that theServiceMonitorCRD is installed in the cluster; otherwise, the operator will encounter an error and fail to create the resource. To create a ServiceMonitor, set theserviceMonitorfield totruein the CR for the desired component.