Add image louisroyer/dev-nextmn-upf for nextmn/upf

Close #41

.github/workflows/docker-image-upf.yml

@@ -0,0 +1,59 @@
+name: Docker Image CI - UPF
+
+on:
+  push:
+    paths:
+      - 'upf/**'
+    branches: [ master ]
+  workflow_dispatch:
+  repository_dispatch:
+    types: [docker-build]
+
+jobs:
+   docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ vars.DOCKERHUB_USERNAME }}/${{ vars.DOCKERHUB_REPO_UPF }}
+          tags: |
+            type=raw,enable=true,priority=100,prefix=bookworm-,suffix=-slim,value={{date 'YYYY-MM-DD'}}-{{sha}}
+          flavor: |
+            latest=true
+            prefix=
+            suffix=
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3 
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: "{{defaultContext}}:upf"
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          build-args: BUILD_DATE=${{ steps.date.outputs.date }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

Makefile

@@ -1,5 +1,5 @@
 .PHONY: docker
 
-all: docker/srv6 docker/srv6-ctrl
+all: docker/upf docker/srv6 docker/srv6-ctrl
 docker/%:
 	docker buildx build -t louisroyer/dev-nextmn-$(@F) ./$(@F)

README.md

@@ -9,8 +9,53 @@
 > ```
 
 ## Configuration
+### NextMN-UPF
+- On Dockerhub: [`louisroyer/dev-nextmn-upf`](https://hub.docker.com/r/louisroyer/dev-nextmn-upf).
+
+> [!NOTE]
+> Please note that even if this software is not yet properly packaged using `.deb`, the generated binary file `/usr/local/bin/upf` is provided to you under MIT License.
+> A copy of the source code is available at in the repository [`nextmn/upf`](https://github.com/nextmn/upf).
+
+Environment variable used to select templating system:
+```yaml
+environment:
+  TEMPLATE_SCRIPT: "template-script.sh"
+  TEMPLATE_SCRIPT_ARGS: ""
+  CONFIG_FILE: "/etc/nextmn/upf.yaml"
+  CONFIG_TEMPLATE: "/usr/local/share/nextmn/template-upf.yaml"
+```
+
+Environment variables for templating:
+```yaml
+environment:
+  N4: "203.0.113.2"
+  DNN_LIST: |-
+    - dnn: "sliceA"
+      cidr: "10.0.111.0./24"
+  GTPU_ENTITIES_LIST: |-
+    - "10.0.201.5"
+    - "10.0.215.4"
+```
+
+#### Container deployment
+> [!IMPORTANT]
+> - The container requires the `NET_ADMIN` capability;
+> - The container requires the forwarding to be enabled (not enabled by the container itself);
+> - The tun interface (`/dev/net/tun`) must be available in the container.
+
+This can be done in `docker-compose.yaml` by defining the following for the service:
+
+```yaml
+cap_add:
+    - NET_ADMIN
+devices:
+    - "/dev/net/tun"
+sysctls:
+    - net.ipv4.ip_forward=1
+```
+
 ### NextMN-SRv6-ctrl
-- On Dockerhub: [`louisroyer/dev-free5gc-amf`](https://hub.docker.com/r/louisroyer/dev-nextmn-srv6-ctrl).
+- On Dockerhub: [`louisroyer/dev-nextmn-srv6-ctrl`](https://hub.docker.com/r/louisroyer/dev-nextmn-srv6-ctrl).
 
 > [!NOTE]
 > Please note that even if this software is not yet properly packaged using `.deb`, the generated binary file `/usr/local/bin/srv6-ctrl` is provided to you under MIT License.
@@ -36,7 +81,7 @@ environment:
 ```
 
 #### Routing
-> ![TIP]
+> [!TIP]
 > If you choose to configure the container using `docker-setup` (default), please refer to [`docker-setup`'s documentation](https://github.com/louisroyer/docker-setup). The environment variable ONESHOT is set to "true".
 > By default, it does nothing, but if you intend to use it, don't forget to add the capability `NET_ADMIN`.
 

upf/Dockerfile

@@ -0,0 +1,35 @@
+# Copyright 2024 Louis Royer. All rights reserved.
+# Use of this source code is governed by a MIT-style license that can be
+# found in the LICENSE file.
+# SPDX-License-Identifier: MIT
+
+FROM golang:1.22 AS builder
+ARG COMMIT=v0.0.6
+RUN : ${COMMIT:? Missing build-arg COMMIT.} && go install github.com/nextmn/upf@${COMMIT}
+
+
+FROM louisroyer/base-irit:latest
+
+LABEL maintainer="Louis Royer <louis.royer@irit.fr>" \
+      org.opencontainers.image.authors="Louis Royer <louis.royer@irit.fr>" \
+      org.opencontainers.image.source="https://github.com/louisroyer-docker/nextmn"
+
+# Used to disable caching of next steps, if not build since 1 day,
+# allowing to search and apply security upgrades
+ARG BUILD_DATE=""
+
+RUN apt-get update -q && DEBIAN_FRONTEND=non-interactive apt-get install -qy --no-install-recommends --no-install-suggests \
+    iproute2 iptables \
+    && apt-get upgrade -qy \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /go/bin/upf /usr/local/bin/upf
+COPY ./*.sh /usr/local/bin/
+COPY ./template-upf.yaml /usr/local/share/nextmn/
+ENV TEMPLATE_SCRIPT="template-script.sh" \
+    TEMPLATE_SCRIPT_ARGS="" \
+    CONFIG_FILE="/etc/nextmn/upf.yaml" \
+    CONFIG_TEMPLATE="/usr/local/share/nextmn/template-upf.yaml"
+
+ENTRYPOINT ["entrypoint.sh"]
+CMD ["--help"]

upf/entrypoint.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+# Copyright 2024 Louis Royer. All rights reserved.
+# Use of this source code is governed by a MIT-style license that can be
+# found in the LICENSE file.
+# SPDX-License-Identifier: MIT
+
+set -e
+savedargs=( "$@" )
+config_opt=1
+while [ $# -gt 0 ]; do
+	if [[ $1 == "--config" || $1 == "-c" ]]; then
+		config_opt=0
+	fi
+	shift
+done
+set -- "${savedargs[@]}"
+
+if  [[ -n "${CONFIG_TEMPLATE}" && -n "${CONFIG_FILE}" ]]; then
+	if [ -n "${TEMPLATE_SCRIPT}" ]; then
+		echo "[$(date --iso-8601=s)] Running ${TEMPLATE_SCRIPT}${TEMPLATE_SCRIPT_ARGS:+ }${TEMPLATE_SCRIPT_ARGS} for building ${CONFIG_FILE} from ${CONFIG_TEMPLATE}." > /dev/stderr
+		"$TEMPLATE_SCRIPT" "$TEMPLATE_SCRIPT_ARGS"
+	fi
+else
+	config_opt=0
+fi
+
+if [[ $config_opt -eq 1 ]]; then
+	exec upf --config "$CONFIG_FILE" "$@"
+else
+	exec upf "$@"
+fi

upf/template-script.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+# Copyright 2024 Louis Royer. All rights reserved.
+# Use of this source code is governed by a MIT-style license that can be
+# found in the LICENSE file.
+# SPDX-License-Identifier: MIT
+
+set -e
+mkdir -p "$(dirname "${CONFIG_FILE}")"
+
+if [ -z "$N4" ]; then
+	echo "Missing mandatory environment variable (N4)." > /dev/stderr
+	exit 1
+fi
+if [ -z "$DNN_LIST" ]; then
+	echo "Missing mandatory environment variable (DNN_LIST)." > /dev/stderr
+	exit 1
+fi
+if [ -z "$GTPU_ENTITIES_LIST" ]; then
+	echo "Missing mandatory environment variable (GTPU_ENTITIES_LIST)." > /dev/stderr
+	exit 1
+fi
+# For future: https://github.com/nextmn/upf/issues/30
+#if [ -z "$IF_LIST" ]; then
+#	echo "Missing mandatory environment variable (IF_LIST)." > /dev/stderr
+#	exit 1
+#fi
+
+IFS=$'\n'
+
+DNN_LIST_SUB=""
+for DNN in ${DNN_LIST}; do
+	if [ -n "${DNN}" ]; then
+		DNN_LIST_SUB="${DNN_LIST_SUB}\n  ${DNN}"
+	fi
+done
+# For future: https://github.com/nextmn/upf/issues/30
+#IF_LIST_SUB=""
+#for INTERFACE in ${IF_LIST}; do
+#	if [ -n "${INTERFACE}" ]; then
+#		IF_LIST_SUB="${IF_LIST_SUB}\n    ${INTERFACE}"
+#	fi
+#done
+for GTPU_ENTITIES in ${GTPU_ENTITIES_LIST}; do
+	if [ -n "${GTPU_ENTITIES}" ]; then
+		GTPU_ENTITIES_LIST_SUB="${GTPU_ENTITIES_LIST_SUB}\n  ${GTPU_ENTITIES}"
+	fi
+done
+
+awk \
+	-v N4="${N4}" \
+	-v DNN_LIST="${DNN_LIST_SUB}" \
+	-v GTPU_ENTITIES_LIST="${GTPU_ENTITIES_LIST_SUB}" \
+	'{
+		sub(/%N4/, N4);
+		sub(/%DNN_LIST/, DNN_LIST);
+		sub(/%GTPU_ENTITIES_LIST/, GTPU_ENTITIES_LIST);
+		print;
+	}' \
+	"${CONFIG_TEMPLATE}" > "${CONFIG_FILE}"

upf/template-upf.yaml

@@ -0,0 +1,4 @@
+pfcp-address: %N4
+tun-interface: upf
+dnn_list: %DNN_LIST
+gtpu-entities: %IF_LIST