Merge pull request #123908 from Nordix/esotsal/OOMKiller

oomkiller_linux_test: fix warnings
2025-08-05 02:09:56 +00:00 · 2024-03-27 11:42:19 -07:00 · 2024-03-27 11:42:19 -07:00 · f4e246bc93
commit f4e246bc93
parent 531726ee65 a7f23e46da
1 changed files with 31 additions and 0 deletions
--- a/test/e2e_node/oomkiller_linux_test.go
+++ b/test/e2e_node/oomkiller_linux_test.go
@ -31,6 +31,7 @@ import (

 	"github.com/onsi/ginkgo/v2"
 	libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups"
+	"k8s.io/utils/ptr"
 )

 type testCase struct {
@ -211,6 +212,16 @@ func getOOMTargetContainer(name string) v1.Container {
 				v1.ResourceMemory: resource.MustParse("15Mi"),
 			},
 		},
+		SecurityContext: &v1.SecurityContext{
+			SeccompProfile: &v1.SeccompProfile{
+				Type: v1.SeccompProfileTypeRuntimeDefault,
+			},
+			AllowPrivilegeEscalation: ptr.To(false),
+			RunAsUser:                ptr.To[int64](999),
+			RunAsGroup:               ptr.To[int64](999),
+			RunAsNonRoot:             ptr.To(true),
+			Capabilities:             &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
+		},
 	}
 }

@ -234,6 +245,16 @@ func getOOMTargetContainerMultiProcess(name string) v1.Container {
 				v1.ResourceMemory: resource.MustParse("15Mi"),
 			},
 		},
+		SecurityContext: &v1.SecurityContext{
+			SeccompProfile: &v1.SeccompProfile{
+				Type: v1.SeccompProfileTypeRuntimeDefault,
+			},
+			AllowPrivilegeEscalation: ptr.To(false),
+			RunAsUser:                ptr.To[int64](999),
+			RunAsGroup:               ptr.To[int64](999),
+			RunAsNonRoot:             ptr.To(true),
+			Capabilities:             &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
+		},
 	}
 }

@ -249,5 +270,15 @@ func getOOMTargetContainerWithoutLimit(name string) v1.Container {
 			// use the dd tool to attempt to allocate huge block of memory which exceeds the node allocatable
 			"sleep 5 && dd if=/dev/zero of=/dev/null iflag=fullblock count=10 bs=10G",
 		},
+		SecurityContext: &v1.SecurityContext{
+			SeccompProfile: &v1.SeccompProfile{
+				Type: v1.SeccompProfileTypeRuntimeDefault,
+			},
+			AllowPrivilegeEscalation: ptr.To(false),
+			RunAsUser:                ptr.To[int64](999),
+			RunAsGroup:               ptr.To[int64](999),
+			RunAsNonRoot:             ptr.To(true),
+			Capabilities:             &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
+		},
 	}
 }