diff --git a/charts/generic/generic.chartserviceversion.yaml b/charts/generic/generic.chartserviceversion.yaml index 42b5f2b..ce3f0ae 100644 --- a/charts/generic/generic.chartserviceversion.yaml +++ b/charts/generic/generic.chartserviceversion.yaml @@ -38,6 +38,7 @@ spec: - pod-memory-hog-exec - pod-network-partition - pod-http-latency + - pod-http-modify-header - pod-http-modify-body - pod-http-reset-peer keywords: diff --git a/charts/generic/generic.package.yaml b/charts/generic/generic.package.yaml index 799ffe0..a83f61c 100644 --- a/charts/generic/generic.package.yaml +++ b/charts/generic/generic.package.yaml @@ -75,6 +75,9 @@ experiments: - name: pod-http-latency CSV: pod-http-latency.chartserviceversion.yaml desc: "pod-http-latency" + - name: pod-http-modify-header + CSV: pod-http-modify-header.chartserviceversion.yaml + desc: "pod-http-modify-header" - name: pod-http-modify-body CSV: pod-http-modify-body.chartserviceversion.yaml desc: "pod-http-modify-body" diff --git a/charts/generic/icons/pod-http-modify-header.png b/charts/generic/icons/pod-http-modify-header.png new file mode 100644 index 0000000..5d13f6b Binary files /dev/null and b/charts/generic/icons/pod-http-modify-header.png differ diff --git a/charts/generic/pod-http-modify-header/engine.yaml b/charts/generic/pod-http-modify-header/engine.yaml new file mode 100644 index 0000000..fce7401 --- /dev/null +++ b/charts/generic/pod-http-modify-header/engine.yaml @@ -0,0 +1,47 @@ +apiVersion: litmuschaos.io/v1alpha1 +kind: ChaosEngine +metadata: + name: nginx-http-chaos + namespace: default +spec: + # It can be active/stop + engineState: 'active' + appinfo: + appns: 'default' + # FYI, To see app label, apply kubectl get pods --show-labels + applabel: 'app=nginx' + appkind: 'deployment' + chaosServiceAccount: pod-http-modify-header-sa + experiments: + - name: pod-http-modify-header + spec: + components: + env: + - name: TOTAL_CHAOS_DURATION + value: '60' # in seconds + + # port of the target service + - name: TARGET_SERVICE_PORT + value: "80" + + # map of headers to modify/add; Eg: {"X-Litmus-Test-Header": "X-Litmus-Test-Value"} + # to remove a header, just set the value to ""; Eg: {"X-Litmus-Test-Header": ""} + - name: HEADERS_MAP + value: '{}' + + # whether to modify response headers or request headers. Accepted values: request, response + - name: HEADER_MODE + value: 'response' + + # provide the name of container runtime + # it supports docker, containerd, crio + - name: CONTAINER_RUNTIME + value: 'docker' + + # provide the socket file path + - name: SOCKET_PATH + value: '/var/run/docker.sock' + + ## percentage of total pods to target + - name: PODS_AFFECTED_PERC + value: '' diff --git a/charts/generic/pod-http-modify-header/experiment.yaml b/charts/generic/pod-http-modify-header/experiment.yaml new file mode 100644 index 0000000..7e50fe3 --- /dev/null +++ b/charts/generic/pod-http-modify-header/experiment.yaml @@ -0,0 +1,140 @@ +apiVersion: litmuschaos.io/v1alpha1 +description: + message: | + It injects the chaos inside the pod which modifies the header of the request/response from the provided application server to the headers provided by the user and reverts after a specified duration +kind: ChaosExperiment +metadata: + name: pod-http-modify-header + labels: + name: pod-http-modify-header + app.kubernetes.io/part-of: litmus + app.kubernetes.io/component: chaosexperiment + app.kubernetes.io/version: latest +spec: + definition: + scope: Namespaced + permissions: + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + image: "litmuschaos/go-runner:latest" + imagePullPolicy: Always + args: + - -c + - ./experiments -name pod-http-modify-header + command: + - /bin/bash + env: + + - name: TARGET_CONTAINER + value: '' + + # provide lib image + - name: LIB_IMAGE + value: 'litmuschaos/go-runner:latest' + + # map of headers to modify/add; Eg: {"X-Litmus-Test-Header": "X-Litmus-Test-Value"} + # to remove a header, just set the value to ""; Eg: {"X-Litmus-Test-Header": ""} + - name: HEADERS_MAP + value: '{}' + + # whether to modify response headers or request headers. Accepted values: request, response + - name: HEADER_MODE + value: 'response' + + # port of the target service + - name: TARGET_SERVICE_PORT + value: "80" + + # port on which the proxy will listen + - name: PROXY_PORT + value: "20000" + + # network interface on which the proxy will listen + - name: NETWORK_INTERFACE + value: "eth0" + + - name: TOTAL_CHAOS_DURATION + value: '60' # in seconds + + # Time period to wait before and after injection of chaos in sec + - name: RAMP_TIME + value: '' + + # lib can be litmus or pumba + - name: LIB + value: 'litmus' + + # percentage of total pods to target + - name: PODS_AFFECTED_PERC + value: '' + + - name: TARGET_PODS + value: '' + + # provide the name of container runtime + # for litmus LIB, it supports docker, containerd, crio + # for pumba LIB, it supports docker only + - name: CONTAINER_RUNTIME + value: 'docker' + + # provide the socket file path + - name: SOCKET_PATH + value: '/var/run/docker.sock' + + # To select pods on specific node(s) + - name: NODE_LABEL + value: '' + + ## it defines the sequence of chaos execution for multiple target pods + ## supported values: serial, parallel + - name: SEQUENCE + value: 'parallel' + + labels: + name: pod-http-modify-header + app.kubernetes.io/part-of: litmus + app.kubernetes.io/component: experiment-job + app.kubernetes.io/runtime-api-usage: "true" + app.kubernetes.io/version: latest diff --git a/charts/generic/pod-http-modify-header/pod-http-modify-header.chartserviceversion.yaml b/charts/generic/pod-http-modify-header/pod-http-modify-header.chartserviceversion.yaml new file mode 100644 index 0000000..c34601a --- /dev/null +++ b/charts/generic/pod-http-modify-header/pod-http-modify-header.chartserviceversion.yaml @@ -0,0 +1,45 @@ +apiVersion: litmuchaos.io/v1alpha1 +kind: ChartServiceVersion +metadata: + createdAt: 2022-07-13T2:14:08Z + name: pod-http-modify-header + version: 0.1.0 + annotations: + categories: Kubernetes + vendor: CNCF + support: https://slack.kubernetes.io/ +spec: + displayName: pod-http-modify-header + categoryDescription: | + Pod-http-modify-header contains chaos to disrupt http requests of kubernetes pods. This experiment can modify headers of incoming requests or the response from the service targetted. + - Causes modification of request/response headers of the HTTP request. + - The application pod should be healthy once chaos is stopped. Service-requests should be served despite chaos. + keywords: + - Kubernetes + - K8S + - HTTP + - Pod + - Headers + platforms: + - GKE + - Minikube + - EKS + maturity: alpha + maintainers: + - name: Akash Shrivastava + email: akash.shrivastava@harness.io + minKubeVersion: 1.12.0 + provider: + name: Harness + labels: + app.kubernetes.io/component: chartserviceversion + app.kubernetes.io/version: latest + links: + - name: Source Code + url: https://github.com/litmuschaos/litmus-go/tree/master/experiments/generic/pod-http-modify-header + - name: Documentation + url: https://litmuschaos.github.io/litmus/experiments/categories/pods/pod-http-modify-header/ + icon: + - base64data: "" + mediatype: "" + chaosexpcrdlink: https://raw.githubusercontent.com/litmuschaos/chaos-charts/master/charts/generic/pod-http-modify-header/experiment.yaml diff --git a/charts/generic/pod-http-modify-header/rbac-psp.yaml b/charts/generic/pod-http-modify-header/rbac-psp.yaml new file mode 100644 index 0000000..fb35617 --- /dev/null +++ b/charts/generic/pod-http-modify-header/rbac-psp.yaml @@ -0,0 +1,85 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +rules: + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # use litmus psp + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: ["litmus"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-http-modify-header-sa +subjects: +- kind: ServiceAccount + name: pod-http-modify-header-sa + namespace: default diff --git a/charts/generic/pod-http-modify-header/rbac.yaml b/charts/generic/pod-http-modify-header/rbac.yaml new file mode 100644 index 0000000..5f9208f --- /dev/null +++ b/charts/generic/pod-http-modify-header/rbac.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +rules: + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-http-modify-header-sa +subjects: +- kind: ServiceAccount + name: pod-http-modify-header-sa + namespace: default diff --git a/experiments/generic/generic.chartserviceversion.yaml b/experiments/generic/generic.chartserviceversion.yaml index f764798..8d540b1 100644 --- a/experiments/generic/generic.chartserviceversion.yaml +++ b/experiments/generic/generic.chartserviceversion.yaml @@ -67,6 +67,8 @@ spec: description: "" - name: pod-http-reset-peer description: "" + - name: pod-http-modify-header + description: "" keywords: - Kubernetes - K8S diff --git a/experiments/generic/generic.package.yaml b/experiments/generic/generic.package.yaml index 799ffe0..65b0ab8 100644 --- a/experiments/generic/generic.package.yaml +++ b/experiments/generic/generic.package.yaml @@ -81,3 +81,6 @@ experiments: - name: pod-http-reset-peer CSV: pod-http-reset-peer.chartserviceversion.yaml desc: "pod-http-reset-peer" + - name: pod-http-modify-header + CSV: pod-http-modify-header.chartserviceversion.yaml + desc: "pod-http-modify-header" diff --git a/experiments/generic/icons/pod-http-modify-header.png b/experiments/generic/icons/pod-http-modify-header.png new file mode 100644 index 0000000..5d13f6b Binary files /dev/null and b/experiments/generic/icons/pod-http-modify-header.png differ diff --git a/experiments/generic/pod-http-modify-header/engine.yaml b/experiments/generic/pod-http-modify-header/engine.yaml new file mode 100644 index 0000000..fce7401 --- /dev/null +++ b/experiments/generic/pod-http-modify-header/engine.yaml @@ -0,0 +1,47 @@ +apiVersion: litmuschaos.io/v1alpha1 +kind: ChaosEngine +metadata: + name: nginx-http-chaos + namespace: default +spec: + # It can be active/stop + engineState: 'active' + appinfo: + appns: 'default' + # FYI, To see app label, apply kubectl get pods --show-labels + applabel: 'app=nginx' + appkind: 'deployment' + chaosServiceAccount: pod-http-modify-header-sa + experiments: + - name: pod-http-modify-header + spec: + components: + env: + - name: TOTAL_CHAOS_DURATION + value: '60' # in seconds + + # port of the target service + - name: TARGET_SERVICE_PORT + value: "80" + + # map of headers to modify/add; Eg: {"X-Litmus-Test-Header": "X-Litmus-Test-Value"} + # to remove a header, just set the value to ""; Eg: {"X-Litmus-Test-Header": ""} + - name: HEADERS_MAP + value: '{}' + + # whether to modify response headers or request headers. Accepted values: request, response + - name: HEADER_MODE + value: 'response' + + # provide the name of container runtime + # it supports docker, containerd, crio + - name: CONTAINER_RUNTIME + value: 'docker' + + # provide the socket file path + - name: SOCKET_PATH + value: '/var/run/docker.sock' + + ## percentage of total pods to target + - name: PODS_AFFECTED_PERC + value: '' diff --git a/experiments/generic/pod-http-modify-header/experiment.yaml b/experiments/generic/pod-http-modify-header/experiment.yaml new file mode 100644 index 0000000..7e50fe3 --- /dev/null +++ b/experiments/generic/pod-http-modify-header/experiment.yaml @@ -0,0 +1,140 @@ +apiVersion: litmuschaos.io/v1alpha1 +description: + message: | + It injects the chaos inside the pod which modifies the header of the request/response from the provided application server to the headers provided by the user and reverts after a specified duration +kind: ChaosExperiment +metadata: + name: pod-http-modify-header + labels: + name: pod-http-modify-header + app.kubernetes.io/part-of: litmus + app.kubernetes.io/component: chaosexperiment + app.kubernetes.io/version: latest +spec: + definition: + scope: Namespaced + permissions: + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + image: "litmuschaos/go-runner:latest" + imagePullPolicy: Always + args: + - -c + - ./experiments -name pod-http-modify-header + command: + - /bin/bash + env: + + - name: TARGET_CONTAINER + value: '' + + # provide lib image + - name: LIB_IMAGE + value: 'litmuschaos/go-runner:latest' + + # map of headers to modify/add; Eg: {"X-Litmus-Test-Header": "X-Litmus-Test-Value"} + # to remove a header, just set the value to ""; Eg: {"X-Litmus-Test-Header": ""} + - name: HEADERS_MAP + value: '{}' + + # whether to modify response headers or request headers. Accepted values: request, response + - name: HEADER_MODE + value: 'response' + + # port of the target service + - name: TARGET_SERVICE_PORT + value: "80" + + # port on which the proxy will listen + - name: PROXY_PORT + value: "20000" + + # network interface on which the proxy will listen + - name: NETWORK_INTERFACE + value: "eth0" + + - name: TOTAL_CHAOS_DURATION + value: '60' # in seconds + + # Time period to wait before and after injection of chaos in sec + - name: RAMP_TIME + value: '' + + # lib can be litmus or pumba + - name: LIB + value: 'litmus' + + # percentage of total pods to target + - name: PODS_AFFECTED_PERC + value: '' + + - name: TARGET_PODS + value: '' + + # provide the name of container runtime + # for litmus LIB, it supports docker, containerd, crio + # for pumba LIB, it supports docker only + - name: CONTAINER_RUNTIME + value: 'docker' + + # provide the socket file path + - name: SOCKET_PATH + value: '/var/run/docker.sock' + + # To select pods on specific node(s) + - name: NODE_LABEL + value: '' + + ## it defines the sequence of chaos execution for multiple target pods + ## supported values: serial, parallel + - name: SEQUENCE + value: 'parallel' + + labels: + name: pod-http-modify-header + app.kubernetes.io/part-of: litmus + app.kubernetes.io/component: experiment-job + app.kubernetes.io/runtime-api-usage: "true" + app.kubernetes.io/version: latest diff --git a/experiments/generic/pod-http-modify-header/pod-http-modify-header.chartserviceversion.yaml b/experiments/generic/pod-http-modify-header/pod-http-modify-header.chartserviceversion.yaml new file mode 100644 index 0000000..c34601a --- /dev/null +++ b/experiments/generic/pod-http-modify-header/pod-http-modify-header.chartserviceversion.yaml @@ -0,0 +1,45 @@ +apiVersion: litmuchaos.io/v1alpha1 +kind: ChartServiceVersion +metadata: + createdAt: 2022-07-13T2:14:08Z + name: pod-http-modify-header + version: 0.1.0 + annotations: + categories: Kubernetes + vendor: CNCF + support: https://slack.kubernetes.io/ +spec: + displayName: pod-http-modify-header + categoryDescription: | + Pod-http-modify-header contains chaos to disrupt http requests of kubernetes pods. This experiment can modify headers of incoming requests or the response from the service targetted. + - Causes modification of request/response headers of the HTTP request. + - The application pod should be healthy once chaos is stopped. Service-requests should be served despite chaos. + keywords: + - Kubernetes + - K8S + - HTTP + - Pod + - Headers + platforms: + - GKE + - Minikube + - EKS + maturity: alpha + maintainers: + - name: Akash Shrivastava + email: akash.shrivastava@harness.io + minKubeVersion: 1.12.0 + provider: + name: Harness + labels: + app.kubernetes.io/component: chartserviceversion + app.kubernetes.io/version: latest + links: + - name: Source Code + url: https://github.com/litmuschaos/litmus-go/tree/master/experiments/generic/pod-http-modify-header + - name: Documentation + url: https://litmuschaos.github.io/litmus/experiments/categories/pods/pod-http-modify-header/ + icon: + - base64data: "" + mediatype: "" + chaosexpcrdlink: https://raw.githubusercontent.com/litmuschaos/chaos-charts/master/charts/generic/pod-http-modify-header/experiment.yaml diff --git a/experiments/generic/pod-http-modify-header/rbac-psp.yaml b/experiments/generic/pod-http-modify-header/rbac-psp.yaml new file mode 100644 index 0000000..fb35617 --- /dev/null +++ b/experiments/generic/pod-http-modify-header/rbac-psp.yaml @@ -0,0 +1,85 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +rules: + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] + # use litmus psp + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: ["litmus"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-http-modify-header-sa +subjects: +- kind: ServiceAccount + name: pod-http-modify-header-sa + namespace: default diff --git a/experiments/generic/pod-http-modify-header/rbac.yaml b/experiments/generic/pod-http-modify-header/rbac.yaml new file mode 100644 index 0000000..5f9208f --- /dev/null +++ b/experiments/generic/pod-http-modify-header/rbac.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +rules: + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","patch","update", "deletecollection"] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create","get","list","patch","update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get","list",] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get","list","watch"] + # for creating and managing to execute comands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get","list","create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments","statefulsets","replicasets", "daemonsets"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get","list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pod-http-modify-header-sa + namespace: default + labels: + name: pod-http-modify-header-sa + app.kubernetes.io/part-of: litmus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-http-modify-header-sa +subjects: +- kind: ServiceAccount + name: pod-http-modify-header-sa + namespace: default