ivanch/litmus-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(permissions): Adding node as a resource in RBAC (#193)

Browse Source 
Signed-off-by: shubhamchaudhary <shubham.chaudhary@mayadata.io>
This commit is contained in:
Shubham Chaudhary
2020-03-26 17:22:50 +05:30
committed by GitHub
parent f1cf739b3b
commit 1f7ad0f1e1
35 changed files with 152 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
charts/generic/container-kill/experiment.yaml
View File

@@ -31,6 +31,13 @@ spec:
- "update"
- "patch"
- "delete"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/generic/container-kill/rbac.yaml
View File

@@ -18,6 +18,9 @@ rules:
- apiGroups: ["","litmuschaos.io","batch","apps"]
resources: ["pods","jobs","daemonsets","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding

3
charts/generic/container-kill/rbac_nginx_getstarted.yaml
View File

@@ -18,6 +18,9 @@ rules:
- apiGroups: ["","litmuschaos.io","batch","apps"]
resources: ["pods","jobs","daemonsets","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding

7
charts/generic/disk-fill/experiment.yaml
View File

@@ -32,6 +32,13 @@ spec:
- "patch"
- "update"
- "delete"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/generic/disk-fill/rbac.yaml
View File

@@ -17,6 +17,9 @@ rules:
- apiGroups: ["","apps","litmuschaos.io","batch"]
resources: ["pods","jobs","pods/exec","events","pods/log","daemonsets","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding

2
charts/generic/node-cpu-hog/experiment.yaml
View File

@@ -35,7 +35,7 @@ spec:
- ""
resources:
- "nodes"
verbs :
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"

2
charts/generic/node-cpu-hog/rbac.yaml
View File

@@ -19,7 +19,7 @@ rules:
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs : ["get","list"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding

2
charts/generic/node-drain/experiment.yaml
View File

@@ -37,7 +37,7 @@ spec:
- ""
resources:
- "nodes"
verbs :
verbs:
- "get"
- "list"
- "patch"

2
charts/generic/node-memory-hog/experiment.yaml
View File

@@ -34,7 +34,7 @@ spec:
- ""
resources:
- "nodes"
verbs :
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"

2
charts/generic/node-memory-hog/rbac.yaml
View File

@@ -19,7 +19,7 @@ rules:
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs : ["get","list"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding

7
charts/generic/pod-cpu-hog/experiment.yaml
View File

@@ -29,6 +29,13 @@ spec:
- "patch"
- "update"
- "delete"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/generic/pod-cpu-hog/rbac.yaml
View File

@@ -18,6 +18,9 @@ rules:
- apiGroups: ["","litmuschaos.io","batch"]
resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding

2
charts/generic/pod-delete/experiment.yaml
View File

@@ -36,7 +36,7 @@ spec:
- ""
resources:
- "nodes"
verbs :
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"

2
charts/generic/pod-delete/rbac.yaml
View File

@@ -20,7 +20,7 @@ rules:
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs : ["get","list"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding

7
charts/generic/pod-network-corruption/experiment.yaml
View File

@@ -29,6 +29,13 @@ spec:
- "patch"
- "update"
- "get"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/generic/pod-network-corruption/rbac.yaml
View File

@@ -18,6 +18,9 @@ rules:
- apiGroups: ["","litmuschaos.io","batch"]
resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding

7
charts/generic/pod-network-latency/experiment.yaml
View File

@@ -29,6 +29,13 @@ spec:
- "patch"
- "update"
- "delete"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/generic/pod-network-latency/rbac.yaml
View File

@@ -18,6 +18,9 @@ rules:
- apiGroups: ["","litmuschaos.io","batch"]
resources: ["pods","jobs","pods/log","events","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding

39
charts/generic/pod-network-loss/experiment.yaml
View File

@@ -11,24 +11,31 @@ spec:
scope: Namespaced
permissions:
- apiGroups:
- ""
- "batch"
- "litmuschaos.io"
- ""
- "batch"
- "litmuschaos.io"
resources:
- "jobs"
- "pods"
- "pods/log"
- "events"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
- "jobs"
- "pods"
- "pods/log"
- "events"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
verbs:
- "get"
- "list"
- "patch"
- "create"
- "update"
- "delete"
- "get"
- "list"
- "patch"
- "create"
- "update"
- "delete"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/generic/pod-network-loss/rbac.yaml
View File

@@ -17,6 +17,9 @@ rules:
- apiGroups: ["","litmuschaos.io","batch"]
resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding

2
charts/kafka/kafka-broker-pod-failure/experiment.yaml
View File

@@ -37,7 +37,7 @@ spec:
- ""
resources:
- "nodes"
verbs :
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"

2
charts/kafka/kafka-broker-pod-failure/rbac.yaml
View File

@@ -18,7 +18,7 @@ rules:
verbs: ["create","list","get","patch","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs : ["get","list"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding

2
charts/openebs/openebs-control-plane-chaos/rbac.yaml
View File

@@ -20,7 +20,7 @@ rules:
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs : ["get","list"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding

7
charts/openebs/openebs-pool-container-failure/experiment.yaml
View File

@@ -43,6 +43,13 @@ spec:
- "list"
- "patch"
- "update"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/openebs/openebs-pool-container-failure/rbac.yaml
View File

@@ -18,6 +18,9 @@ rules:
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
resources: ["pods","jobs","daemonsets","events","pods/log","replicasets","pods/exec","configmaps","secrets","persistentvolumeclaims","cstorvolumereplicas","chaosexperiments","chaosresults","chaosengines"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding

7
charts/openebs/openebs-pool-network-delay/experiment.yaml
View File

@@ -45,6 +45,13 @@ spec:
- "patch"
- "update"
- "delete"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/openebs/openebs-pool-network-delay/rbac.yaml
View File

@@ -17,6 +17,9 @@ rules:
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults","cstorpools","cstorvolumereplicas","replicasets"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding

7
charts/openebs/openebs-pool-network-loss/experiment.yaml
View File

@@ -45,6 +45,13 @@ spec:
- "list"
- "patch"
- "update"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

39
charts/openebs/openebs-pool-network-loss/rbac.yaml
View File

@@ -15,39 +15,12 @@ metadata:
labels:
name: pool-network-loss-sa
rules:
- apiGroups:
- ""
- "apps"
- "litmuschaos.io"
- "batch"
- "extensions"
- "storage.k8s.io"
- "openebs.io"
resources:
- "pods"
- "pods/exec"
- "jobs"
- "pods/log"
- "events"
- "configmaps"
- "services"
- "persistentvolumeclaims"
- "storageclasses"
- "persistentvolumeclaims"
- "persistentvolumes"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
- "cstorpools"
- "cstorvolumereplicas"
- "replicasets"
verbs:
- "create"
- "get"
- "delete"
- "list"
- "patch"
- "update"
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults","cstorpools","cstorvolumereplicas","replicasets"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding

7
charts/openebs/openebs-target-container-failure/experiment.yaml
View File

@@ -41,6 +41,13 @@ spec:
- "list"
- "patch"
- "update"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/openebs/openebs-target-container-failure/rbac.yaml
View File

@@ -18,6 +18,9 @@ rules:
- apiGroups: ["","litmuschaos.io","batch","apps","storage.k8s.io"]
resources: ["pods","jobs","pods/log","pods/exec","daemonsets","events","configmaps","secrets","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding

7
charts/openebs/openebs-target-network-delay/experiment.yaml
View File

@@ -41,6 +41,13 @@ spec:
- "list"
- "patch"
- "update"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/openebs/openebs-target-network-delay/rbac.yaml
View File

@@ -18,6 +18,9 @@ rules:
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding

7
charts/openebs/openebs-target-network-loss/experiment.yaml
View File

@@ -41,6 +41,13 @@ spec:
- "list"
- "patch"
- "update"
- apiGroups:
- ""
resources:
- "nodes"
verbs:
- "get"
- "list"
image: "litmuschaos/ansible-runner:latest"
args:
- -c

3
charts/openebs/openebs-target-network-loss/rbac.yaml
View File

@@ -18,6 +18,9 @@ rules:
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding