From 384f66fab519bfaf27e77a4310f40709b28b0d4c Mon Sep 17 00:00:00 2001 From: neelanjan00 Date: Mon, 30 Jan 2023 20:41:13 +0530 Subject: [PATCH 1/2] replaces depriciated argo workflow crd manifest link Signed-off-by: neelanjan00 --- docs/chaos-workflows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/chaos-workflows.md b/docs/chaos-workflows.md index 1843dee9..9fafbe3a 100644 --- a/docs/chaos-workflows.md +++ b/docs/chaos-workflows.md @@ -31,7 +31,7 @@ namespaces. Ensure that you have the right permission to be able to create the s - Create the CRDs, workflow controller deployment with associated RBAC ``` - kubectl apply -f https://raw.githubusercontent.com/argoproj/argo/stable/manifests/install.yaml -n argo + kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-workflows/master/manifests/quick-start-minimal.yaml -n argo ``` - Install the argo CLI on the test harness machine (where the kubeconfig is available) From fbcc5a87f619b9c5446652c3acdaa8537c5dfe94 Mon Sep 17 00:00:00 2001 From: neelanjan00 Date: Fri, 3 Feb 2023 12:07:51 +0530 Subject: [PATCH 2/2] updates embedmd changes Signed-off-by: neelanjan00 --- docs/aws-ssm-chaos-by-id.md | 26 ++++++++--- docs/aws-ssm-chaos-by-tag.md | 26 ++++++++--- docs/azure-instance-stop.md | 42 ++++++++++++------ docs/byoc-pod-delete.md | 2 - docs/cassandra-pod-delete.md | 51 +++++++++++++++------- docs/container-kill.md | 65 ++++++++++++++++++--------- docs/disk-fill.md | 65 ++++++++++++++++++--------- docs/docker-service-kill.md | 38 +++++++++++++--- docs/ebs-loss-by-id.md | 40 ++++++++++++----- docs/ebs-loss-by-tag.md | 40 ++++++++++++----- docs/ec2-terminate-by-id.md | 47 +++++++++++++------- docs/ec2-terminate-by-tag.md | 47 +++++++++++++------- docs/gcp-vm-disk-loss.md | 52 ++++++++++++++-------- docs/gcp-vm-instance-stop.md | 57 ++++++++++++++++-------- docs/getstarted.md | 65 ++++++++++++++++++--------- docs/kafka-broker-pod-failure.md | 50 +++++++++++++-------- docs/kubelet-service-kill.md | 47 +++++++++++++------- docs/litmus-psp.md | 75 +++++++++++++++++++++----------- docs/node-cpu-hog.md | 56 +++++++++++++++++------- docs/node-drain.md | 54 +++++++++++++++-------- docs/node-io-stress.md | 47 +++++++++++++------- docs/node-memory-hog.md | 62 +++++++++++++++++--------- docs/node-poweroff.md | 47 +++++++++++++------- docs/node-restart.md | 47 +++++++++++++------- docs/node-taint.md | 54 +++++++++++++++-------- docs/openshift-litmus.md | 65 ++++++++++++++++++--------- docs/pod-autoscaler.md | 47 +++++++++++++------- docs/pod-cpu-hog-exec.md | 65 ++++++++++++++++++--------- docs/pod-cpu-hog.md | 65 ++++++++++++++++++--------- docs/pod-delete.md | 65 ++++++++++++++++++--------- docs/pod-dns-error.md | 50 +++++++++++++++------ docs/pod-dns-spoof.md | 50 +++++++++++++++------ docs/pod-io-stress.md | 69 ++++++++++++++++++++--------- docs/pod-memory-hog-exec.md | 65 ++++++++++++++++++--------- docs/pod-memory-hog.md | 65 ++++++++++++++++++--------- docs/pod-network-corruption.md | 65 ++++++++++++++++++--------- docs/pod-network-duplication.md | 65 ++++++++++++++++++--------- docs/pod-network-latency.md | 68 ++++++++++++++++++++--------- docs/pod-network-loss.md | 65 ++++++++++++++++++--------- docs/rancher-litmus.md | 65 ++++++++++++++++++--------- docs/vm-poweroff.md | 50 ++++++++++++++------- 41 files changed, 1500 insertions(+), 686 deletions(-) diff --git a/docs/aws-ssm-chaos-by-id.md b/docs/aws-ssm-chaos-by-id.md index 82e08c80..0db5c14a 100644 --- a/docs/aws-ssm-chaos-by-id.md +++ b/docs/aws-ssm-chaos-by-id.md @@ -99,18 +99,34 @@ metadata: name: aws-ssm-chaos-by-id-sa app.kubernetes.io/part-of: litmus rules: +# Create and monitor the experiment & helper pods - apiGroups: [""] - resources: ["pods","events","secrets","configmaps"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] +# Performs CRUD operations on the events inside chaosengine and chaosresult - apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] + resources: ["events"] + verbs: ["create","get","list","patch","update"] +# Fetch configmaps & secrets details and mount it to the experiment pod (if specified) +- apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] +# Track and get the runner, experiment, and helper pods log +- apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] +# for creating and managing to execute comands inside target container +- apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] +# for configuring and monitor the experiment job by the chaos-runner pod - apiGroups: ["batch"] resources: ["jobs"] verbs: ["create","list","get","delete","deletecollection"] +# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow - apiGroups: ["litmuschaos.io"] resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/aws-ssm-chaos-by-tag.md b/docs/aws-ssm-chaos-by-tag.md index acbcb74b..ed9cf420 100644 --- a/docs/aws-ssm-chaos-by-tag.md +++ b/docs/aws-ssm-chaos-by-tag.md @@ -99,18 +99,34 @@ metadata: name: aws-ssm-chaos-by-tag-sa app.kubernetes.io/part-of: litmus rules: +# Create and monitor the experiment & helper pods - apiGroups: [""] - resources: ["pods","events","secrets","configmaps"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] +# Performs CRUD operations on the events inside chaosengine and chaosresult - apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] + resources: ["events"] + verbs: ["create","get","list","patch","update"] +# Fetch configmaps & secrets details and mount it to the experiment pod (if specified) +- apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] +# Track and get the runner, experiment, and helper pods log +- apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] +# for creating and managing to execute comands inside target container +- apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] +# for configuring and monitor the experiment job by the chaos-runner pod - apiGroups: ["batch"] resources: ["jobs"] verbs: ["create","list","get","delete","deletecollection"] +# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow - apiGroups: ["litmuschaos.io"] resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/azure-instance-stop.md b/docs/azure-instance-stop.md index b80d2b82..6c7fbf83 100644 --- a/docs/azure-instance-stop.md +++ b/docs/azure-instance-stop.md @@ -105,18 +105,34 @@ metadata: name: azure-instance-stop-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","secrets"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -228,7 +244,7 @@ spec: value: '30' # provide the target instance name(s) (comma separated if multiple) - - name: AZURE_INSTANCE_NAME + - name: AZURE_INSTANCE_NAMES value: '' # provide the resource group of the instance diff --git a/docs/byoc-pod-delete.md b/docs/byoc-pod-delete.md index 0c9ea26e..20a037ee 100644 --- a/docs/byoc-pod-delete.md +++ b/docs/byoc-pod-delete.md @@ -103,7 +103,6 @@ sidebar_label: Service Pod - Application #### Sample RBAC Manifest -[embedmd]:# (https://raw.githubusercontent.com/litmuschaos/chaos-charts/master/charts/generic/byoc-pod-delete/rbac.yaml yaml) ```yaml --- apiVersion: v1 @@ -216,7 +215,6 @@ subjects: #### Sample ChaosEngine Manifest -[embedmd]:# (https://raw.githubusercontent.com/litmuschaos/chaos-charts/master/charts/generic/byoc-pod-delete/engine.yaml yaml) ```yaml apiVersion: litmuschaos.io/v1alpha1 kind: ChaosEngine diff --git a/docs/cassandra-pod-delete.md b/docs/cassandra-pod-delete.md index 7576466a..242235b3 100644 --- a/docs/cassandra-pod-delete.md +++ b/docs/cassandra-pod-delete.md @@ -79,21 +79,42 @@ metadata: name: cassandra-pod-delete-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","services"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Create and manage the liveness and target application services + - apiGroups: [""] + resources: ["services"] + verbs: ["create","delete","get","list", "deletecollection"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for deriving the parent/owner details of the pod + - apiGroups: ["apps"] + resources: ["deployments","statefulsets"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/container-kill.md b/docs/container-kill.md index 4edb07a5..37bd635c 100644 --- a/docs/container-kill.md +++ b/docs/container-kill.md @@ -87,27 +87,50 @@ metadata: name: container-kill-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["list","get","create"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/disk-fill.md b/docs/disk-fill.md index 148b3cff..0618bd27 100644 --- a/docs/disk-fill.md +++ b/docs/disk-fill.md @@ -109,27 +109,50 @@ metadata: name: disk-fill-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["list","get","create"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/docker-service-kill.md b/docs/docker-service-kill.md index 2717f254..813b6558 100644 --- a/docs/docker-service-kill.md +++ b/docs/docker-service-kill.md @@ -84,12 +84,38 @@ metadata: name: docker-service-kill-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","pods/log","events","chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update","delete"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/ebs-loss-by-id.md b/docs/ebs-loss-by-id.md index aa23455c..f0ad3700 100644 --- a/docs/ebs-loss-by-id.md +++ b/docs/ebs-loss-by-id.md @@ -101,18 +101,34 @@ metadata: name: ebs-loss-by-id-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","secrets"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/ebs-loss-by-tag.md b/docs/ebs-loss-by-tag.md index 1cabd792..694a95ae 100644 --- a/docs/ebs-loss-by-tag.md +++ b/docs/ebs-loss-by-tag.md @@ -101,18 +101,34 @@ metadata: name: ebs-loss-by-tag-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","secrets"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/ec2-terminate-by-id.md b/docs/ec2-terminate-by-id.md index 81617168..d35777e0 100644 --- a/docs/ec2-terminate-by-id.md +++ b/docs/ec2-terminate-by-id.md @@ -102,21 +102,38 @@ metadata: name: ec2-terminate-by-id-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","secrets"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["patch","get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/ec2-terminate-by-tag.md b/docs/ec2-terminate-by-tag.md index b63c589a..4a3ebcf8 100644 --- a/docs/ec2-terminate-by-tag.md +++ b/docs/ec2-terminate-by-tag.md @@ -102,21 +102,38 @@ metadata: name: ec2-terminate-by-tag-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","secrets"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["patch","get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/gcp-vm-disk-loss.md b/docs/gcp-vm-disk-loss.md index 28540a48..834398e3 100644 --- a/docs/gcp-vm-disk-loss.md +++ b/docs/gcp-vm-disk-loss.md @@ -92,18 +92,34 @@ metadata: name: gcp-vm-disk-loss-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","secrets"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -233,14 +249,12 @@ spec: # set the disk zone(s) as comma seperated values in the corresponding # order of DISK_VOLUME_NAME # eg. zone1,zone2,... - - name: DISK_ZONES - value: '' - - # set the device name(s) as comma seperated values in the corresponding - # order of DISK_VOLUME_NAME - # eg. device1,device2,... - - name: DEVICE_NAMES + - name: ZONES value: '' + + # parallel or serial; determines how chaos is injected + - name: SEQUENCE + value: 'parallel' ``` ### Create the ChaosEngine Resource diff --git a/docs/gcp-vm-instance-stop.md b/docs/gcp-vm-instance-stop.md index 98bee746..f28612b8 100644 --- a/docs/gcp-vm-instance-stop.md +++ b/docs/gcp-vm-instance-stop.md @@ -98,21 +98,38 @@ metadata: name: gcp-vm-instance-stop-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","secrets"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -240,12 +257,16 @@ spec: # Instance zone(s) of the target vm instance(s) # If more than one instance is targetted, provide zone for each in the order of their # respective instance name in VM_INSTANCE_NAME as comma separated values ex: zone1,zone2 - - name: INSTANCE_ZONES + - name: ZONES value: '' - # enable it if the target instance is a part of self-managed auto scaling group. - - name: AUTO_SCALING_GROUP + # enable it if the target instance is a part of a managed instance group. + - name: MANAGED_INSTANCE_GROUP value: 'disable' + + # parallel or serial; determines how chaos is injected + - name: SEQUENCE + value: 'parallel' ``` ### Create the ChaosEngine Resource diff --git a/docs/getstarted.md b/docs/getstarted.md index 39f258f3..5280b019 100644 --- a/docs/getstarted.md +++ b/docs/getstarted.md @@ -177,27 +177,50 @@ metadata: labels: name: pod-delete-sa rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/kafka-broker-pod-failure.md b/docs/kafka-broker-pod-failure.md index 11438825..079813ad 100644 --- a/docs/kafka-broker-pod-failure.md +++ b/docs/kafka-broker-pod-failure.md @@ -89,24 +89,38 @@ metadata: name: kafka-broker-pod-failure-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for deriving the parent/owner details of the pod + - apiGroups: ["apps"] + resources: ["deployments","statefulsets"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/kubelet-service-kill.md b/docs/kubelet-service-kill.md index b434c011..36706d78 100644 --- a/docs/kubelet-service-kill.md +++ b/docs/kubelet-service-kill.md @@ -82,21 +82,38 @@ metadata: name: kubelet-service-kill-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/litmus-psp.md b/docs/litmus-psp.md index ff6ad6fb..a604e6fd 100644 --- a/docs/litmus-psp.md +++ b/docs/litmus-psp.md @@ -20,7 +20,6 @@ opting for the default ["restricted"](https://kubernetes.io/docs/concepts/policy - To run the litmus pods with operating characteristics described above, first create a custom PodSecurityPolicy that allows the same: -[embedmd]:# (https://raw.githubusercontent.com/litmuschaos/chaos-charts/master/pod-security-policy/psp-litmus.yaml yaml) ```yaml apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -101,31 +100,55 @@ metadata: name: pod-delete-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: ["litmus"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # use litmus psp + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: ["litmus"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/node-cpu-hog.md b/docs/node-cpu-hog.md index cf67756c..0ad6c45f 100644 --- a/docs/node-cpu-hog.md +++ b/docs/node-cpu-hog.md @@ -78,21 +78,38 @@ metadata: name: node-cpu-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["list","get","create"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -217,8 +234,15 @@ spec: - name: TOTAL_CHAOS_DURATION value: '60' + ## ENTER THE NUMBER OF CORES OF CPU FOR CPU HOGGING + ## OPTIONAL VALUE IN CASE OF EMPTY VALUE IT WILL TAKE NODE CPU CAPACITY - name: NODE_CPU_CORE - value: '' + value: '1' + + ## LOAD CPU WITH GIVEN PERCENT LOADING FOR THE CPU STRESS WORKERS. + ## 0 IS EFFECTIVELY A SLEEP (NO LOAD) AND 100 IS FULL LOADING + - name: CPU_LOAD + value: '0' ## percentage of total nodes to target - name: NODES_AFFECTED_PERC diff --git a/docs/node-drain.md b/docs/node-drain.md index 987556c0..7c27f719 100644 --- a/docs/node-drain.md +++ b/docs/node-drain.md @@ -80,24 +80,42 @@ metadata: name: node-drain-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","pods/eviction"] - verbs: ["list","get","create"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - verbs: ["list","get","delete"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["patch","get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec","pods/eviction"] + verbs: ["get","list","create"] + # ignore daemonsets while draining the node + - apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["list","get","delete"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list","patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/node-io-stress.md b/docs/node-io-stress.md index 5184d241..735c0fc4 100644 --- a/docs/node-io-stress.md +++ b/docs/node-io-stress.md @@ -77,21 +77,38 @@ metadata: name: node-io-stress-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/node-memory-hog.md b/docs/node-memory-hog.md index 5eaa78a3..4b1e7004 100644 --- a/docs/node-memory-hog.md +++ b/docs/node-memory-hog.md @@ -79,21 +79,38 @@ metadata: name: node-memory-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -230,11 +247,6 @@ spec: - name: TOTAL_CHAOS_DURATION value: '120' - ## Specify the size as percent of total node capacity Ex: '30' - ## Note: For consuming memory in mebibytes change the variable to MEMORY_CONSUMPTION_MEBIBYTES - - name: MEMORY_CONSUMPTION_PERCENTAGE - value: '30' - ## percentage of total nodes to target - name: NODES_AFFECTED_PERC value: '' @@ -242,6 +254,16 @@ spec: # provide the comma separated target node names - name: TARGET_NODES value: '' + + ## Specify the size as percent of total node capacity Ex: '30' + ## NOTE: for selecting this option keep MEMORY_CONSUMPTION_MEBIBYTES empty + - name: MEMORY_CONSUMPTION_PERCENTAGE + value: '0' + + ## Specify the amount of memory to be consumed in mebibytes + ## NOTE: for selecting this option keep MEMORY_CONSUMPTION_PERCENTAGE empty + - name: MEMORY_CONSUMPTION_MEBIBYTES + value: '0' ``` ### Create the ChaosEngine Resource diff --git a/docs/node-poweroff.md b/docs/node-poweroff.md index dc917042..49ed1751 100644 --- a/docs/node-poweroff.md +++ b/docs/node-poweroff.md @@ -101,21 +101,38 @@ metadata: name: node-poweroff-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","secrets"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps","secrets"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/node-restart.md b/docs/node-restart.md index e302ba17..0c8c572d 100644 --- a/docs/node-restart.md +++ b/docs/node-restart.md @@ -101,21 +101,38 @@ metadata: name: node-restart-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","secrets"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps","secrets"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/node-taint.md b/docs/node-taint.md index c66fc821..3e1c1247 100644 --- a/docs/node-taint.md +++ b/docs/node-taint.md @@ -82,24 +82,42 @@ metadata: name: node-taint-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","pods/eviction"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - verbs: ["list","get","delete"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["patch","get","list","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec","pods/eviction"] + verbs: ["get","list","create"] + # ignore daemonsets while draining the node + - apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["list","get","delete"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # for experiment to perform node status checks + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/openshift-litmus.md b/docs/openshift-litmus.md index 409e3f8a..d8c0f0ec 100644 --- a/docs/openshift-litmus.md +++ b/docs/openshift-litmus.md @@ -147,27 +147,50 @@ metadata: labels: name: pod-delete-sa rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/pod-autoscaler.md b/docs/pod-autoscaler.md index 303d9174..0c77a712 100644 --- a/docs/pod-autoscaler.md +++ b/docs/pod-autoscaler.md @@ -77,21 +77,38 @@ metadata: name: pod-autoscaler-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets"] - verbs: ["list","get","patch","update"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # performs CRUD operations on the deployments and statefulsets + - apiGroups: ["apps"] + resources: ["deployments","statefulsets"] + verbs: ["list","get","patch","update"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/docs/pod-cpu-hog-exec.md b/docs/pod-cpu-hog-exec.md index cfc98b1b..93b6894d 100644 --- a/docs/pod-cpu-hog-exec.md +++ b/docs/pod-cpu-hog-exec.md @@ -78,27 +78,50 @@ metadata: name: pod-cpu-hog-exec-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/pod-cpu-hog.md b/docs/pod-cpu-hog.md index ea6dda21..f90225f5 100644 --- a/docs/pod-cpu-hog.md +++ b/docs/pod-cpu-hog.md @@ -78,27 +78,50 @@ metadata: name: pod-cpu-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/pod-delete.md b/docs/pod-delete.md index 004581e3..619e47cb 100644 --- a/docs/pod-delete.md +++ b/docs/pod-delete.md @@ -76,27 +76,50 @@ metadata: name: pod-delete-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/pod-dns-error.md b/docs/pod-dns-error.md index d9dcb2d2..a4f0b048 100644 --- a/docs/pod-dns-error.md +++ b/docs/pod-dns-error.md @@ -73,28 +73,50 @@ metadata: name: pod-dns-error-sa app.kubernetes.io/part-of: litmus rules: + # Create and monitor the experiment & helper pods - apiGroups: [""] - resources: ["pods", "events"] - verbs: - ["create", "list", "get", "patch", "update", "delete", "deletecollection"] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult - apiGroups: [""] - resources: ["pods/exec", "pods/log", "replicationcontrollers"] - verbs: ["create", "list", "get"] - - apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create", "list", "get", "delete", "deletecollection"] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) - apiGroups: ["apps"] - resources: ["deployments", "statefulsets", "daemonsets", "replicasets"] - verbs: ["list", "get"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) - apiGroups: ["apps.openshift.io"] resources: ["deploymentconfigs"] - verbs: ["list", "get"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) - apiGroups: ["argoproj.io"] resources: ["rollouts"] - verbs: ["list", "get"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow - apiGroups: ["litmuschaos.io"] - resources: ["chaosengines", "chaosexperiments", "chaosresults"] - verbs: ["create", "list", "get", "patch", "update"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/pod-dns-spoof.md b/docs/pod-dns-spoof.md index 27a8a43a..0ef2a2b5 100644 --- a/docs/pod-dns-spoof.md +++ b/docs/pod-dns-spoof.md @@ -73,28 +73,50 @@ metadata: name: pod-dns-spoof-sa app.kubernetes.io/part-of: litmus rules: + # Create and monitor the experiment & helper pods - apiGroups: [""] - resources: ["pods", "events"] - verbs: - ["create", "list", "get", "patch", "update", "delete", "deletecollection"] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult - apiGroups: [""] - resources: ["pods/exec", "pods/log", "replicationcontrollers"] - verbs: ["create", "list", "get"] - - apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create", "list", "get", "delete", "deletecollection"] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) - apiGroups: ["apps"] - resources: ["deployments", "statefulsets", "daemonsets", "replicasets"] - verbs: ["list", "get"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) - apiGroups: ["apps.openshift.io"] resources: ["deploymentconfigs"] - verbs: ["list", "get"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) - apiGroups: ["argoproj.io"] resources: ["rollouts"] - verbs: ["list", "get"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow - apiGroups: ["litmuschaos.io"] - resources: ["chaosengines", "chaosexperiments", "chaosresults"] - verbs: ["create", "list", "get", "patch", "update"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/pod-io-stress.md b/docs/pod-io-stress.md index 497106fc..4c5e1992 100644 --- a/docs/pod-io-stress.md +++ b/docs/pod-io-stress.md @@ -76,27 +76,50 @@ metadata: name: pod-io-stress-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -251,6 +274,10 @@ spec: - name: FILESYSTEM_UTILIZATION_PERCENTAGE value: '10' + ## Percentage of total pods to target + - name: PODS_AFFECTED_PERC + value: '' + ## provide the cluster runtime - name: CONTAINER_RUNTIME value: 'docker' diff --git a/docs/pod-memory-hog-exec.md b/docs/pod-memory-hog-exec.md index d2e66051..83304c65 100644 --- a/docs/pod-memory-hog-exec.md +++ b/docs/pod-memory-hog-exec.md @@ -77,27 +77,50 @@ metadata: name: pod-memory-hog-exec-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/pod-memory-hog.md b/docs/pod-memory-hog.md index 91077cd4..860a83d4 100644 --- a/docs/pod-memory-hog.md +++ b/docs/pod-memory-hog.md @@ -78,27 +78,50 @@ metadata: name: pod-memory-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/pod-network-corruption.md b/docs/pod-network-corruption.md index 6247e791..a95eb775 100644 --- a/docs/pod-network-corruption.md +++ b/docs/pod-network-corruption.md @@ -75,27 +75,50 @@ metadata: name: pod-network-corruption-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/pod-network-duplication.md b/docs/pod-network-duplication.md index efd8df00..328c02b3 100644 --- a/docs/pod-network-duplication.md +++ b/docs/pod-network-duplication.md @@ -72,27 +72,50 @@ metadata: name: pod-network-duplication-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/pod-network-latency.md b/docs/pod-network-latency.md index a0ab711e..dc04daa4 100644 --- a/docs/pod-network-latency.md +++ b/docs/pod-network-latency.md @@ -75,27 +75,50 @@ metadata: name: pod-network-latency-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -260,6 +283,9 @@ spec: - name: NETWORK_LATENCY value: '2000' + - name: JITTER + value: '0' + # provide the name of container runtime # for litmus LIB, it supports docker, containerd, crio # for pumba LIB, it supports docker only diff --git a/docs/pod-network-loss.md b/docs/pod-network-loss.md index 23b4f6ea..70d86556 100644 --- a/docs/pod-network-loss.md +++ b/docs/pod-network-loss.md @@ -72,27 +72,50 @@ metadata: name: pod-network-loss-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/rancher-litmus.md b/docs/rancher-litmus.md index 648ae1ee..de0de528 100644 --- a/docs/rancher-litmus.md +++ b/docs/rancher-litmus.md @@ -222,27 +222,50 @@ metadata: labels: name: container-kill-sa rules: -- apiGroups: [""] - resources: ["pods","events"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log","replicationcontrollers"] - verbs: ["list","get","create"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["apps"] - resources: ["deployments","statefulsets","daemonsets","replicasets"] - verbs: ["list","get"] -- apiGroups: ["apps.openshift.io"] - resources: ["deploymentconfigs"] - verbs: ["list","get"] -- apiGroups: ["argoproj.io"] - resources: ["rollouts"] - verbs: ["list","get"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/docs/vm-poweroff.md b/docs/vm-poweroff.md index ff8e450f..c5ddf35f 100644 --- a/docs/vm-poweroff.md +++ b/docs/vm-poweroff.md @@ -95,18 +95,34 @@ metadata: name: vm-poweroff-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: [""] - resources: ["pods","events","secrets"] - verbs: ["create","list","get","patch","update","delete","deletecollection"] -- apiGroups: [""] - resources: ["pods/exec","pods/log"] - verbs: ["create","list","get"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create","list","get","delete","deletecollection"] -- apiGroups: ["litmuschaos.io"] - resources: ["chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update"] + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps & secrets details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["secrets","configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -172,7 +188,7 @@ subjects: apiVersion: litmuschaos.io/v1alpha1 kind: ChaosEngine metadata: - name: nginx-chaos + name: vmware-vm-chaos namespace: default spec: # It can be active/stop @@ -189,8 +205,12 @@ spec: - name: TOTAL_CHAOS_DURATION value: '30' - # provide vm moid - - name: APP_VM_MOID + # set chaos interval (in sec) as desired + - name: CHAOS_INTERVAL + value: '30' + + # provide VM MOIDs as comma separated values + - name: APP_VM_MOIDS value: '' ```