(fix): Remove sudo privilege from helm-charts

- Change security context to anyuid
- Changed from deployment to job, now the pods will be in completed

charts/physims/Chart.yaml

@@ -16,7 +16,7 @@ icon: http://www.openairinterface.org/wp-content/uploads/2015/06/cropped-oai_fin
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.1.1
+version: 1.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.

charts/physims/charts/dlsim.100rb+tm2/templates/deployment.yaml → charts/physims/charts/dlsim.100rb+tm2/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-dlsim-100rb-tm2.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-dlsim-100rb-tm2.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-dlsim-100rb-tm2.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "dlsim.100rb+tm2" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/dlsim.100rb+tm2/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/dlsim.basic/templates/deployment.yaml → charts/physims/charts/dlsim.basic/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-dlsim-basic.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-dlsim-basic.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-dlsim-basic.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -26,10 +15,15 @@ spec:
       - name: physim
         image: "{{ .Values.global.image.repository }}:{{ .Values.global.image.version }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
+#        resources:
+#          requests:
+#            memory: "4096Mi"
+#            cpu: "4000m"
+#          limits:
+#            memory: "4096Mi"
+#            cpu: "4000m"
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +31,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "dlsim.basic" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
-      serviceAccountName: {{ .Values.global.serviceAccountName }}
+      serviceAccountName: oai-physim-sa 
       terminationGracePeriodSeconds: 30

charts/physims/charts/dlsim.basic/values.yaml

@@ -20,17 +20,17 @@ serviceAccount:
   annotations: {}
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name: "oai-dlsim-basic"
+  name: "oai-physim-sa" #"oai-dlsim-basic"
 
 podSecurityContext:
   runAsUser: 0
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+  #capabilities:
+  #  add:
+  #    - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true
@@ -41,17 +41,13 @@ service:
   type: ClusterIP
   port: 80
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+   limits:
+     cpu: 100m
+     memory: 128Mi
+   requests:
+     cpu: 100m
+     memory: 128Mi
 
 nodeSelector: {}
 

charts/physims/charts/ldpctest/templates/deployment.yaml → charts/physims/charts/ldpctest/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-ldpctest.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-ldpctest.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-ldpctest.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >  
           cmake_targets/autotests/run_exec_autotests.bash -g "ldpctest" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/ldpctest/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-dlschsim/templates/deployment.yaml → charts/physims/charts/nr-dlschsim/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-dlschsim.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-dlschsim.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-dlschsim.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >  
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_dlschsim" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-dlschsim/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-dlsim.basic/templates/deployment.yaml → charts/physims/charts/nr-dlsim.basic/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-dlsim-basic.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-dlsim-basic.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-dlsim-basic.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_dlsim.basic" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-dlsim.basic/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-dlsim.dmrs+ptrs/templates/deployment.yaml → charts/physims/charts/nr-dlsim.dmrs+ptrs/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-dlsim-dmrs-ptrs.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-dlsim-dmrs-ptrs.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-dlsim-dmrs-ptrs.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_dlsim.dmrs+ptrs" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-dlsim.dmrs+ptrs/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-dlsim.mcs+mimo/templates/deployment.yaml → charts/physims/charts/nr-dlsim.mcs+mimo/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-dlsim-mcs-mimo.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-dlsim-mcs-mimo.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-dlsim-mcs-mimo.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_dlsim.mcs+mimo" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-dlsim.mcs+mimo/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-dlsim.offset/templates/deployment.yaml → charts/physims/charts/nr-dlsim.offset/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-dlsim-offset.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-dlsim-offset.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-dlsim-offset.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_dlsim.offset" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-dlsim.offset/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-pbchsim.106rb/templates/deployment.yaml → charts/physims/charts/nr-pbchsim.106rb/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-pbchsim-106rb.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-pbchsim-106rb.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
     metadata:
       labels:
@@ -28,8 +20,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +27,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_pbchsim.106rb" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-pbchsim.106rb/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-pbchsim.217rb/templates/deployment.yaml → charts/physims/charts/nr-pbchsim.217rb/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-pbchsim-217rb.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-pbchsim-217rb.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-pbchsim-217rb.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_pbchsim.217rb" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-pbchsim.217rb/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-pbchsim.273rb/templates/deployment.yaml → charts/physims/charts/nr-pbchsim.273rb/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-pbchsim-273rb.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-pbchsim-273rb.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-pbchsim-273rb.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_pbchsim.273rb" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-pbchsim.273rb/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-prachsim/templates/deployment.yaml → charts/physims/charts/nr-prachsim/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-prachsim.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-prachsim.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-prachsim.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >  
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_prachsim" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED" 
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-prachsim/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-pucchsim/templates/deployment.yaml → charts/physims/charts/nr-pucchsim/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-pucchsim.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-pucchsim.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-pucchsim.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >  
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_pucchsim" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-pucchsim/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-ulschsim/templates/deployment.yaml → charts/physims/charts/nr-ulschsim/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-ulschsim.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-ulschsim.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-ulschsim.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >  
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_ulschsim" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-ulschsim/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-ulsim.3gpp/templates/deployment.yaml → charts/physims/charts/nr-ulsim.3gpp/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-ulsim-3gpp.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-ulsim-3gpp.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-ulsim-3gpp.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_ulsim.3gpp" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED" 
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-ulsim.3gpp/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-ulsim.mimo/templates/deployment.yaml → charts/physims/charts/nr-ulsim.mimo/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-ulsim-mimo.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-ulsim-mimo.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-ulsim-mimo.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_ulsim.mimo" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-ulsim.mimo/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-ulsim.misc/templates/deployment.yaml → charts/physims/charts/nr-ulsim.misc/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-ulsim-misc.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-ulsim-misc.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-ulsim-misc.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_ulsim.misc" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-ulsim.misc/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/nr-ulsim.sc-fdma/templates/deployment.yaml → charts/physims/charts/nr-ulsim.sc-fdma/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-nr-ulsim-sc-fdma.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-nr-ulsim-sc-fdma.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-nr-ulsim-sc-fdma.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -37,9 +26,9 @@ spec:
         args:
         - >
           cmake_targets/autotests/run_exec_autotests.bash -g "nr_ulsim.sc-fdma" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED" 
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/nr-ulsim.sc-fdma/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/polartest/templates/deployment.yaml → charts/physims/charts/polartest/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-polartest.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-polartest.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-polartest.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >  
           cmake_targets/autotests/run_exec_autotests.bash -g "polartest" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/polartest/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/smallblocktest/templates/deployment.yaml → charts/physims/charts/smallblocktest/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-smallblocktest.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-smallblocktest.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-smallblocktest.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >  
           cmake_targets/autotests/run_exec_autotests.bash -g "smallblocktest" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/smallblocktest/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/charts/ulsim/templates/deployment.yaml → charts/physims/charts/ulsim/templates/job.yaml

-apiVersion: apps/v1
-kind: Deployment
+apiVersion: batch/v1
+kind: Job
 metadata:
   name: {{ .Chart.Name }}
-  labels:
-    {{- include "oai-ulsim.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "oai-ulsim.selectorLabels" . | nindent 6 }}
-  strategy:
-    type: Recreate
   template:
-    metadata:
-      labels:
-        {{- include "oai-ulsim.selectorLabels" . | nindent 8 }}
     spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -28,8 +17,6 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
-        ports:
-        - containerPort: 80
         env:
         - name: OPENAIR_DIR
           value: /opt/oai-physim
@@ -37,9 +24,9 @@ spec:
         args:
         - >  
           cmake_targets/autotests/run_exec_autotests.bash -g "ulsim" -d bin/ &&
-          echo "FINISHED" && sleep infinity
+          echo "FINISHED"
       dnsPolicy: ClusterFirst
-      restartPolicy: Always
+      restartPolicy: Never
       schedulerName: default-scheduler
       serviceAccountName: {{ .Values.global.serviceAccountName }}
       terminationGracePeriodSeconds: 30

charts/physims/charts/ulsim/values.yaml

@@ -27,10 +27,10 @@ podSecurityContext:
   runAsGroup: 0
 
 securityContext:
-  privileged: true
-  capabilities:
-    add:
-      - SYS_CAP_PTRACE
+  privileged: false
+#  capabilities:
+#    add:
+#      - SYS_CAP_PTRACE
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

charts/physims/templates/rbac.yaml

@@ -6,7 +6,7 @@ rules:
 - apiGroups:
   - security.openshift.io
   resourceNames:
-  - privileged
+  - anyuid
   resources:
   - securitycontextconstraints
   verbs:

charts/physims/templates/serviceaccount.yaml

 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.global.serviceAccountName }}
+  name: oai-physim-sa #{{ .Values.global.serviceAccountName }}

charts/physims/values.yaml

@@ -5,137 +5,53 @@
 global:
   serviceAccountName: oai-physim-sa
   namespace: "OAICICD_PROJECT"
-  image:
+  image: 
     registry: local
     repository: image-registry.openshift-image-registry.svc:5000/oaicicd-ran/oai-physim
     version: TAG
     # pullPolicy: IfNotPresent or Never or Always
     pullPolicy: Always
 
-## Declaring values specific to coressponding physim to overwrite
+## Declaring values specific to coressponding physim to overwrite (At the moment unused)
 
 dlsim.basic:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 dlsim.100rb+tm2:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 ulsim:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 ldpctest:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 polartest:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-pbchsim.106rb:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-pbchsim.217rb:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-pbchsim.273rb:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-dlsim.basic:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-dlsim.dmrs+ptrs:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-dlsim.mcs+mimo:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-dlsim.offset:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-dlschsim:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 smallblocktest:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-ulschsim:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-pucchsim:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-ulsim.3gpp:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-ulsim.mimo:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-ulsim.misc:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-ulsim.sc-fdma:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80
 
 nr-prachsim:
-  replicaCount: 1
-  service:
-    type: ClusterIP
-    port: 80