github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-06 10:43:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #123908 from Nordix/esotsal/OOMKiller

Browse Source 
oomkiller_linux_test: fix warnings
This commit is contained in:
Kubernetes Prow Robot 2024-03-27 11:42:19 -07:00 committed by GitHub
commit f4e246bc93
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
test/e2e_node/oomkiller_linux_test.go
View File

@ -31,6 +31,7 @@ import (
"github.com/onsi/ginkgo/v2" "github.com/onsi/ginkgo/v2"
libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups" libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups"
"k8s.io/utils/ptr"
) )
type testCase struct { type testCase struct {
@ -211,6 +212,16 @@ func getOOMTargetContainer(name string) v1.Container {
v1.ResourceMemory: resource.MustParse("15Mi"), v1.ResourceMemory: resource.MustParse("15Mi"),
}, },
}, },
SecurityContext: &v1.SecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
AllowPrivilegeEscalation: ptr.To(false),
RunAsUser: ptr.To[int64](999),
RunAsGroup: ptr.To[int64](999),
RunAsNonRoot: ptr.To(true),
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
},
} }
} }
@ -234,6 +245,16 @@ func getOOMTargetContainerMultiProcess(name string) v1.Container {
v1.ResourceMemory: resource.MustParse("15Mi"), v1.ResourceMemory: resource.MustParse("15Mi"),
}, },
}, },
SecurityContext: &v1.SecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
AllowPrivilegeEscalation: ptr.To(false),
RunAsUser: ptr.To[int64](999),
RunAsGroup: ptr.To[int64](999),
RunAsNonRoot: ptr.To(true),
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
},
} }
} }
@ -249,5 +270,15 @@ func getOOMTargetContainerWithoutLimit(name string) v1.Container {
// use the dd tool to attempt to allocate huge block of memory which exceeds the node allocatable // use the dd tool to attempt to allocate huge block of memory which exceeds the node allocatable
"sleep 5 && dd if=/dev/zero of=/dev/null iflag=fullblock count=10 bs=10G", "sleep 5 && dd if=/dev/zero of=/dev/null iflag=fullblock count=10 bs=10G",
}, },
SecurityContext: &v1.SecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
AllowPrivilegeEscalation: ptr.To(false),
RunAsUser: ptr.To[int64](999),
RunAsGroup: ptr.To[int64](999),
RunAsNonRoot: ptr.To(true),
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
},
} }
} }