github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 09:22:44 +00:00
Code Issues Projects Releases Wiki Activity

Fix OOMKiller test warnings

Browse Source
This commit is contained in:
Sotiris Salloumis 2024-03-12 23:08:55 +01:00
parent 656cb1028e
commit a7f23e46da
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
test/e2e_node/oomkiller_linux_test.go
View File

@ -31,6 +31,7 @@ import (
"github.com/onsi/ginkgo/v2"
libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups"
"k8s.io/utils/ptr"
)
type testCase struct {
@ -211,6 +212,16 @@ func getOOMTargetContainer(name string) v1.Container {
v1.ResourceMemory: resource.MustParse("15Mi"),
},
},
SecurityContext: &v1.SecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
AllowPrivilegeEscalation: ptr.To(false),
RunAsUser: ptr.To[int64](999),
RunAsGroup: ptr.To[int64](999),
RunAsNonRoot: ptr.To(true),
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
},
}
}
@ -234,6 +245,16 @@ func getOOMTargetContainerMultiProcess(name string) v1.Container {
v1.ResourceMemory: resource.MustParse("15Mi"),
},
},
SecurityContext: &v1.SecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
AllowPrivilegeEscalation: ptr.To(false),
RunAsUser: ptr.To[int64](999),
RunAsGroup: ptr.To[int64](999),
RunAsNonRoot: ptr.To(true),
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
},
}
}
@ -249,5 +270,15 @@ func getOOMTargetContainerWithoutLimit(name string) v1.Container {
// use the dd tool to attempt to allocate huge block of memory which exceeds the node allocatable
"sleep 5 && dd if=/dev/zero of=/dev/null iflag=fullblock count=10 bs=10G",
},
SecurityContext: &v1.SecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
AllowPrivilegeEscalation: ptr.To(false),
RunAsUser: ptr.To[int64](999),
RunAsGroup: ptr.To[int64](999),
RunAsNonRoot: ptr.To(true),
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
},
}
}