Skip to content

Commit 9896079

Browse files
skontoskonto
authored
Fix sec context and resources for performance jobs (#14529)
* fix sec ctx for performance jobs * fix lint
1 parent 707d286 commit 9896079

15 files changed

+181
-4
lines changed

test/performance/benchmarks/dataplane-probe/dataplane-probe-activator.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,3 +75,15 @@ spec:
7575
requests:
7676
cpu: 1000m
7777
memory: 3Gi
78+
limits:
79+
cpu: 1000m
80+
memory: 3Gi
81+
securityContext:
82+
seccompProfile:
83+
type: RuntimeDefault
84+
allowPrivilegeEscalation: false
85+
readOnlyRootFilesystem: true
86+
runAsNonRoot: true
87+
capabilities:
88+
drop:
89+
- ALL

test/performance/benchmarks/dataplane-probe/dataplane-probe-deployment.yaml

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,4 +75,15 @@ spec:
7575
requests:
7676
cpu: 1000m
7777
memory: 3Gi
78-
---
78+
limits:
79+
cpu: 1000m
80+
memory: 3Gi
81+
securityContext:
82+
seccompProfile:
83+
type: RuntimeDefault
84+
allowPrivilegeEscalation: false
85+
readOnlyRootFilesystem: true
86+
runAsNonRoot: true
87+
capabilities:
88+
drop:
89+
- ALL

test/performance/benchmarks/dataplane-probe/dataplane-probe-queue.yaml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,4 +75,13 @@ spec:
7575
requests:
7676
cpu: 1000m
7777
memory: 3Gi
78+
securityContext:
79+
seccompProfile:
80+
type: RuntimeDefault
81+
allowPrivilegeEscalation: false
82+
readOnlyRootFilesystem: true
83+
runAsNonRoot: true
84+
capabilities:
85+
drop:
86+
- ALL
7887
---

test/performance/benchmarks/load-test/load-test-0-direct.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,4 +77,16 @@ spec:
7777
requests:
7878
cpu: 1000m
7979
memory: 3Gi
80+
limits:
81+
cpu: 1000m
82+
memory: 3Gi
83+
securityContext:
84+
seccompProfile:
85+
type: RuntimeDefault
86+
allowPrivilegeEscalation: false
87+
readOnlyRootFilesystem: true
88+
runAsNonRoot: true
89+
capabilities:
90+
drop:
91+
- ALL
8092
restartPolicy: Never

test/performance/benchmarks/load-test/load-test-200-direct.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,4 +77,16 @@ spec:
7777
requests:
7878
cpu: 1000m
7979
memory: 3Gi
80+
limits:
81+
cpu: 1000m
82+
memory: 3Gi
83+
securityContext:
84+
seccompProfile:
85+
type: RuntimeDefault
86+
allowPrivilegeEscalation: false
87+
readOnlyRootFilesystem: true
88+
runAsNonRoot: true
89+
capabilities:
90+
drop:
91+
- ALL
8092
restartPolicy: Never

test/performance/benchmarks/load-test/load-test-always-direct.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,4 +77,16 @@ spec:
7777
requests:
7878
cpu: 1000m
7979
memory: 3Gi
80+
limits:
81+
cpu: 1000m
82+
memory: 3Gi
83+
securityContext:
84+
seccompProfile:
85+
type: RuntimeDefault
86+
allowPrivilegeEscalation: false
87+
readOnlyRootFilesystem: true
88+
runAsNonRoot: true
89+
capabilities:
90+
drop:
91+
- ALL
8092
restartPolicy: Never

test/performance/benchmarks/real-traffic-test/real-traffic-test.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,4 +78,16 @@ spec:
7878
requests:
7979
cpu: 1000m
8080
memory: 2Gi
81+
limits:
82+
cpu: 1000m
83+
memory: 3Gi
84+
securityContext:
85+
seccompProfile:
86+
type: RuntimeDefault
87+
allowPrivilegeEscalation: false
88+
readOnlyRootFilesystem: true
89+
runAsNonRoot: true
90+
capabilities:
91+
drop:
92+
- ALL
8193
restartPolicy: Never

test/performance/benchmarks/reconciliation-delay/reconciliation-delay.yaml

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -49,9 +49,6 @@ spec:
4949
args:
5050
- "-duration=15m"
5151
- "-frequency=5s"
52-
resources:
53-
requests:
54-
cpu: 100m
5552
env:
5653
- name: KO_DOCKER_REPO
5754
value: $KO_DOCKER_REPO
@@ -85,4 +82,20 @@ spec:
8582
valueFrom:
8683
fieldRef:
8784
fieldPath: metadata.uid
85+
resources:
86+
requests:
87+
cpu: 100m
88+
memory: 500Mi
89+
limits:
90+
cpu: 1000m
91+
memory: 1Gi
92+
securityContext:
93+
seccompProfile:
94+
type: RuntimeDefault
95+
allowPrivilegeEscalation: false
96+
readOnlyRootFilesystem: true
97+
runAsNonRoot: true
98+
capabilities:
99+
drop:
100+
- ALL
88101
restartPolicy: Never

test/performance/benchmarks/rollout-probe/rollout-probe-activator-direct-lin.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,4 +76,16 @@ spec:
7676
requests:
7777
cpu: 1000m
7878
memory: 3Gi
79+
limits:
80+
cpu: 1000m
81+
memory: 3Gi
82+
securityContext:
83+
seccompProfile:
84+
type: RuntimeDefault
85+
allowPrivilegeEscalation: false
86+
readOnlyRootFilesystem: true
87+
runAsNonRoot: true
88+
capabilities:
89+
drop:
90+
- ALL
7991
restartPolicy: Never

test/performance/benchmarks/rollout-probe/rollout-probe-activator-direct.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,4 +76,16 @@ spec:
7676
requests:
7777
cpu: 1000m
7878
memory: 3Gi
79+
limits:
80+
cpu: 1000m
81+
memory: 3Gi
82+
securityContext:
83+
seccompProfile:
84+
type: RuntimeDefault
85+
allowPrivilegeEscalation: false
86+
readOnlyRootFilesystem: true
87+
runAsNonRoot: true
88+
capabilities:
89+
drop:
90+
- ALL
7991
restartPolicy: Never

0 commit comments

Comments
 (0)