Skip to content

Commit f4e246b

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request kubernetes#123908 from Nordix/esotsal/OOMKiller
oomkiller_linux_test: fix warnings
2 parents 531726e + a7f23e4 commit f4e246b

File tree

1 file changed

+31
-0
lines changed

1 file changed

+31
-0
lines changed

test/e2e_node/oomkiller_linux_test.go

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ import (
3131

3232
"github.com/onsi/ginkgo/v2"
3333
libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups"
34+
"k8s.io/utils/ptr"
3435
)
3536

3637
type testCase struct {
@@ -211,6 +212,16 @@ func getOOMTargetContainer(name string) v1.Container {
211212
v1.ResourceMemory: resource.MustParse("15Mi"),
212213
},
213214
},
215+
SecurityContext: &v1.SecurityContext{
216+
SeccompProfile: &v1.SeccompProfile{
217+
Type: v1.SeccompProfileTypeRuntimeDefault,
218+
},
219+
AllowPrivilegeEscalation: ptr.To(false),
220+
RunAsUser: ptr.To[int64](999),
221+
RunAsGroup: ptr.To[int64](999),
222+
RunAsNonRoot: ptr.To(true),
223+
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
224+
},
214225
}
215226
}
216227

@@ -234,6 +245,16 @@ func getOOMTargetContainerMultiProcess(name string) v1.Container {
234245
v1.ResourceMemory: resource.MustParse("15Mi"),
235246
},
236247
},
248+
SecurityContext: &v1.SecurityContext{
249+
SeccompProfile: &v1.SeccompProfile{
250+
Type: v1.SeccompProfileTypeRuntimeDefault,
251+
},
252+
AllowPrivilegeEscalation: ptr.To(false),
253+
RunAsUser: ptr.To[int64](999),
254+
RunAsGroup: ptr.To[int64](999),
255+
RunAsNonRoot: ptr.To(true),
256+
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
257+
},
237258
}
238259
}
239260

@@ -249,5 +270,15 @@ func getOOMTargetContainerWithoutLimit(name string) v1.Container {
249270
// use the dd tool to attempt to allocate huge block of memory which exceeds the node allocatable
250271
"sleep 5 && dd if=/dev/zero of=/dev/null iflag=fullblock count=10 bs=10G",
251272
},
273+
SecurityContext: &v1.SecurityContext{
274+
SeccompProfile: &v1.SeccompProfile{
275+
Type: v1.SeccompProfileTypeRuntimeDefault,
276+
},
277+
AllowPrivilegeEscalation: ptr.To(false),
278+
RunAsUser: ptr.To[int64](999),
279+
RunAsGroup: ptr.To[int64](999),
280+
RunAsNonRoot: ptr.To(true),
281+
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
282+
},
252283
}
253284
}

0 commit comments

Comments
 (0)