aws-samples / opensource-4g-core-eks Goto Github PK

1. There are no Gov cloud regions mentioned.

2. Also see an error with the SAM:

   Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [ConfigMapUpdate] is invalid. User: arn:aws-us-gov:iam::xxxxxxxxxx:user/<Redacted> is not authorized to perform: serverlessrepo:CreateCloudFormationTemplate on resource: arn:aws:serverlessrepo:us-east-1:903779448426:applications/eks-auth-update-hook. Rollback requested by user.

This can be because of the following reason
[] AWS Serverless Application Repository - How AWS Serverless Application Repository Differs for AWS GovCloud (US) - https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-sar.html#govcloud-sar-diffs

> Applications that are publicly shared in other AWS Regions are not automatically available in AWS GovCloud (US) Regions. To make applications available in AWS GovCloud (US) Regions, you must publish and share them independently of other AWS Regions.

I received the following error when I launched the template for infra set-up

The Parameter Group docdbparametergroup-open5gs with DBParameterGroupFamily docdb3.6 cannot be used for this instance. Please use a Parameter Group with DBParameterGroupFamily docdb4.0 (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: a21f5d76-07cd-4ef4-8f3b-80d94de1ff6c; Proxy: null)

Changing the version of DocumentDB to 4.0 works.

Please , does it be better if we add --force-overwrite ?😥

https://github.com/aws-samples/opensource-4g-core-eks/blob/main/Build-Container-Images.md#x86-architecture
contains this command

docker push container_registry/open5gs-x86-aio:41fd851 -f open5gs-epc-aio

The -f seems to be a flag for the docker build command only, and not for docker push

When I've executed cluster_intilizer.sh I'm getting the following error:

private key does not match public key

ERROR:
Partition "aws" is not valid for resource "arn:aws:ssm:::parameter/aws/service/eks/optimized-ami/*". (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 25e7b74d-b2cc-4dcb-8a03-7fb6cac85ace; Proxy: null)

FIX:
updated line 612 of the yaml file to arn::ssm:::parameter/aws/service/eks/optimized-ami/

Hi

Facing issue in the last step at Helm Deployment:

Install Helm chart with the following command:
helm -n open5gs install -f values.yaml epc-core ./

[[ec2-user@ip-10-0-0-14 x86-Architecture]$ kubectl get -n open5gs pods
NAME READY STATUS RESTARTS AGE
open5gs-hss-deployment-5d856c4f7b-jgmfx 0/1 Init:0/1 0 19m
open5gs-mme-deployment-848cd7766-5t82q 0/1 Init:0/1 0 19m
open5gs-nrf-deployment-55cc9fc696-zczwz 1/1 Running 0 19m
open5gs-pcrf-deployment-f8fb984fb-7w7d8 0/1 Init:0/1 0 19m
open5gs-sgwc-deployment-5bb6d97475-9p6st 0/1 Init:0/1 0 19m
open5gs-sgwu-deployment-bfcc6c8cf-c98rr 1/1 Running 0 19m
open5gs-smf-deployment-7f679b945-x79l4 0/1 Init:0/1 0 19m
open5gs-upf-deployment-64cf6b6499-wpzrz 1/1 Running 0 19m
open5gs-webui-5dd5944c56-jc59c 1/1 Running 0 19m
[ec2-user@ip-10-0-0-14 x86-Architecture]$
[ec2-user@ip-10-0-0-14 x86-Architecture]$

Completed all the install steps Following this link to install:https://aws.amazon.com/blogs/opensource/open-source-mobile-core-network-implementation-on-amazon-elastic-kubernetes-service/

1. Run the CloudFormation for infra creation (open5gs-infra.yaml).
2. Bastion host configuration and K8s ConfigMap update.
3. DocumentDB initialization.
4. CoreDNS ConfigMap update to use Route 53 for 3GPP service interfaces.
5. Run the CloudFormation for Multus worker node group creation (open5gs-worker.yaml).
6. DNS controller and Multus-IP update controller deployment for the automation.
7. Run shell script for cluster initialization (setting up namespace, etc.).
8. Helm installation for all network functions.

[ec2-user@ip-10-0-0-218 x86-Architecture]$ kubectl -n open5gs get secret
NAME TYPE DATA AGE
diameter-ca Opaque 1 8h
hss-tls kubernetes.io/tls 2 8h
mme-tls kubernetes.io/tls 2 8h
mongodb-ca Opaque 1 8h
pcrf-tls kubernetes.io/tls 2 8h
smf-tls kubernetes.io/tls 2 8h

[ec2-user@ip-10-0-0-218 x86-Architecture]$ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
aws-node-r5bsr 1/1 Running 0 9m6s
coredns-594b88dc6c-njnw9 1/1 Running 0 19m
coredns-594b88dc6c-pj24l 1/1 Running 0 19m
kube-multus-ds-5nqt9 1/1 Running 0 9m6s
kube-proxy-cdbj4 1/1 Running 0 9m6s
multus-route53-service-operator-645c94c4bb-5c4wf 1/1 Running 0 19m
multus-secondary-ip-ec2-mapping-operator-74586574d4-zrzwz 1/1 Running 0 19m

[ec2-user@ip-10-0-0-14 x86-Architecture]$ kubectl describe pod open5gs-smf-deployment-7f679b945-x79l4 --namespace open5gs
Name: open5gs-smf-deployment-7f679b945-x79l4
Namespace: open5gs
Priority: 0
Node: ip-10-0-2-39.ca-central-1.compute.internal/10.0.2.39
Start Time: Mon, 22 May 2023 20:01:00 +0000
Labels: epc-mode=smf
pod-template-hash=7f679b945
Annotations: k8s.v1.cni.cncf.io/network-status:
[{
"name": "aws-cni",
"interface": "dummybb591efea73",
"ips": [
"10.0.2.228"
],
"mac": "0",
"default": true,
"dns": {}
},{
"name": "open5gs/ipvlan-multus-sub-1-cp",
"interface": "net1",
"ips": [
"10.0.4.208"
],
"mac": "02:13:f3:9b:f0:3c",
"dns": {}
}]
k8s.v1.cni.cncf.io/networks: [ { "name": "ipvlan-multus-sub-1-cp", "interface": "net1" } ]
k8s.v1.cni.cncf.io/networks-status:
[{
"name": "aws-cni",
"interface": "dummybb591efea73",
"ips": [
"10.0.2.228"
],
"mac": "0",
"default": true,
"dns": {}
},{
"name": "open5gs/ipvlan-multus-sub-1-cp",
"interface": "net1",
"ips": [
"10.0.4.208"
],
"mac": "02:13:f3:9b:f0:3c",
"dns": {}
}]
route53-service-name: [ { "name": "s5.smf.open5gs.service", "multus-int": "ipvlan-multus-sub-1-cp" } ]
Status: Pending
IP: 10.0.2.228
IPs:
IP: 10.0.2.228
Controlled By: ReplicaSet/open5gs-smf-deployment-7f679b945
Init Containers:
init-smf:
Container ID: docker://349bab56b9e0e28c70594489ae364e8d96d504c30d2c17611f070f39e986dc84
Image: busybox:1.28
Image ID: docker-pullable://busybox@sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df416dea4f41046e0f37d47
Port:
Host Port:
Command:
sh
-c
Args:
until nslookup gx.pcrf.open5gs.service >> /dev/null; do echo waiting for pcrf DNS record to be ready;done; until nslookup sx.upf.open5gs.service >> /dev/null; do echo waiting for upf DNS record to be ready; done
State: Running
Started: Mon, 22 May 2023 20:01:02 +0000
Ready: False
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-s4zq9 (ro)
Containers:
smf:
Container ID:
Image: 523531615794.dkr.ecr.ca-central-1.amazonaws.com/hannanrepo:open5gs-x86-aio
Image ID:
Port:
Host Port:
Command:
/bin/sh
-c
Args:
sleep 10; open5gs-smfd -c /open5gs/config-map/smf.yaml;
State: Waiting
Reason: PodInitializing
Ready: False
Restart Count: 0
Environment:
Mounts:
/open5gs/config-map/diameter-smf.conf from open5gs-smf-diameter (rw,path="diameter-smf.conf")
/open5gs/config-map/smf.yaml from open5gs-smf-config (rw,path="smf.yaml")
/open5gs/diameter-ca/ from diameter-ca (rw)
/open5gs/tls/ from smf-tls (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-s4zq9 (ro)
Conditions:
Type Status
Initialized False
Ready False
ContainersReady False
PodScheduled True
Volumes:
open5gs-smf-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: open5gs-smf-config
Optional: false
open5gs-smf-diameter:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: open5gs-smf-diameter
Optional: false
diameter-ca:
Type: Secret (a volume populated by a Secret)
SecretName: diameter-ca
Optional: false
smf-tls:
Type: Secret (a volume populated by a Secret)
SecretName: smf-tls
Optional: false
kube-api-access-s4zq9:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: nodegroup=control-plane
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message

Normal Scheduled 6m4s default-scheduler Successfully assigned open5gs/open5gs-smf-deployment-7f679b945-x79l4 to ip-10-0-2-39.ca-central-1.compute.internal
Normal AddedInterface 6m3s multus Add eth0 [10.0.2.228/32] from aws-cni
Normal AddedInterface 6m3s multus Add net1 [10.0.4.208/24] from open5gs/ipvlan-multus-sub-1-cp
Normal Pulled 6m3s kubelet Container image "busybox:1.28" already present on machine
Normal Created 6m3s kubelet Created container init-smf
Normal Started 6m2s kubelet Started container init-smf
[ec2-user@ip-10-0-0-14 x86-Architecture]$

1. I've set up the infrastructure using open5gs-infra.yaml
2. I've configured the bastion host and run step 5 properly (by providing the correct ARN value)
3. I've initialised the DocumentDB
4. I updated the CoreDNS configmap and restarted coredns pods
5. I then ran the cloudformation yaml file for the creation of the worker node group
6. However, the workernode group doesn't join the cluster. I've double-checked the parameters that I feed to the cloudformation template. I've even tried to edit the authConfig manually after the worker node group has been created so that the worker nodes can join the cluster. But that doesn't work.

Since there are no worker nodes, the pods can't be scheduled and the cluster is non-usable. What can I do so that the worker node group joins the cluster?