From 1f7ad0f1e1a048c848cf533c758b36fe523bd976 Mon Sep 17 00:00:00 2001 From: Shubham Chaudhary Date: Thu, 26 Mar 2020 17:22:50 +0530 Subject: [PATCH] feat(permissions): Adding node as a resource in RBAC (#193) Signed-off-by: shubhamchaudhary --- charts/generic/container-kill/experiment.yaml | 7 ++++ charts/generic/container-kill/rbac.yaml | 3 ++ .../container-kill/rbac_nginx_getstarted.yaml | 3 ++ charts/generic/disk-fill/experiment.yaml | 7 ++++ charts/generic/disk-fill/rbac.yaml | 3 ++ charts/generic/node-cpu-hog/experiment.yaml | 2 +- charts/generic/node-cpu-hog/rbac.yaml | 2 +- charts/generic/node-drain/experiment.yaml | 2 +- .../generic/node-memory-hog/experiment.yaml | 2 +- charts/generic/node-memory-hog/rbac.yaml | 2 +- charts/generic/pod-cpu-hog/experiment.yaml | 7 ++++ charts/generic/pod-cpu-hog/rbac.yaml | 3 ++ charts/generic/pod-delete/experiment.yaml | 2 +- charts/generic/pod-delete/rbac.yaml | 2 +- .../pod-network-corruption/experiment.yaml | 7 ++++ .../generic/pod-network-corruption/rbac.yaml | 3 ++ .../pod-network-latency/experiment.yaml | 7 ++++ charts/generic/pod-network-latency/rbac.yaml | 3 ++ .../generic/pod-network-loss/experiment.yaml | 39 +++++++++++-------- charts/generic/pod-network-loss/rbac.yaml | 3 ++ .../kafka-broker-pod-failure/experiment.yaml | 2 +- .../kafka/kafka-broker-pod-failure/rbac.yaml | 2 +- .../openebs-control-plane-chaos/rbac.yaml | 2 +- .../experiment.yaml | 7 ++++ .../openebs-pool-container-failure/rbac.yaml | 3 ++ .../experiment.yaml | 7 ++++ .../openebs-pool-network-delay/rbac.yaml | 3 ++ .../openebs-pool-network-loss/experiment.yaml | 7 ++++ .../openebs-pool-network-loss/rbac.yaml | 39 +++---------------- .../experiment.yaml | 7 ++++ .../rbac.yaml | 3 ++ .../experiment.yaml | 7 ++++ .../openebs-target-network-delay/rbac.yaml | 3 ++ .../experiment.yaml | 7 ++++ .../openebs-target-network-loss/rbac.yaml | 3 ++ 35 files changed, 152 insertions(+), 59 deletions(-) diff --git a/charts/generic/container-kill/experiment.yaml b/charts/generic/container-kill/experiment.yaml index 8445447..159c5b4 100644 --- a/charts/generic/container-kill/experiment.yaml +++ b/charts/generic/container-kill/experiment.yaml @@ -31,6 +31,13 @@ spec: - "update" - "patch" - "delete" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/generic/container-kill/rbac.yaml b/charts/generic/container-kill/rbac.yaml index e8adfb3..874748d 100644 --- a/charts/generic/container-kill/rbac.yaml +++ b/charts/generic/container-kill/rbac.yaml @@ -18,6 +18,9 @@ rules: - apiGroups: ["","litmuschaos.io","batch","apps"] resources: ["pods","jobs","daemonsets","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/charts/generic/container-kill/rbac_nginx_getstarted.yaml b/charts/generic/container-kill/rbac_nginx_getstarted.yaml index ebffeb7..a5d56d3 100644 --- a/charts/generic/container-kill/rbac_nginx_getstarted.yaml +++ b/charts/generic/container-kill/rbac_nginx_getstarted.yaml @@ -18,6 +18,9 @@ rules: - apiGroups: ["","litmuschaos.io","batch","apps"] resources: ["pods","jobs","daemonsets","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/charts/generic/disk-fill/experiment.yaml b/charts/generic/disk-fill/experiment.yaml index 211b8aa..86531cd 100644 --- a/charts/generic/disk-fill/experiment.yaml +++ b/charts/generic/disk-fill/experiment.yaml @@ -32,6 +32,13 @@ spec: - "patch" - "update" - "delete" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/generic/disk-fill/rbac.yaml b/charts/generic/disk-fill/rbac.yaml index fe8838b..3b19e3d 100644 --- a/charts/generic/disk-fill/rbac.yaml +++ b/charts/generic/disk-fill/rbac.yaml @@ -17,6 +17,9 @@ rules: - apiGroups: ["","apps","litmuschaos.io","batch"] resources: ["pods","jobs","pods/exec","events","pods/log","daemonsets","chaosengines","chaosexperiments","chaosresults"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding diff --git a/charts/generic/node-cpu-hog/experiment.yaml b/charts/generic/node-cpu-hog/experiment.yaml index 12fc594..2906e80 100644 --- a/charts/generic/node-cpu-hog/experiment.yaml +++ b/charts/generic/node-cpu-hog/experiment.yaml @@ -35,7 +35,7 @@ spec: - "" resources: - "nodes" - verbs : + verbs: - "get" - "list" image: "litmuschaos/ansible-runner:latest" diff --git a/charts/generic/node-cpu-hog/rbac.yaml b/charts/generic/node-cpu-hog/rbac.yaml index 840e006..19b2bb1 100644 --- a/charts/generic/node-cpu-hog/rbac.yaml +++ b/charts/generic/node-cpu-hog/rbac.yaml @@ -19,7 +19,7 @@ rules: verbs: ["create","list","get","patch","update","delete"] - apiGroups: [""] resources: ["nodes"] - verbs : ["get","list"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding diff --git a/charts/generic/node-drain/experiment.yaml b/charts/generic/node-drain/experiment.yaml index 5a549c9..2ef99a0 100644 --- a/charts/generic/node-drain/experiment.yaml +++ b/charts/generic/node-drain/experiment.yaml @@ -37,7 +37,7 @@ spec: - "" resources: - "nodes" - verbs : + verbs: - "get" - "list" - "patch" diff --git a/charts/generic/node-memory-hog/experiment.yaml b/charts/generic/node-memory-hog/experiment.yaml index 5f93194..fb4dfc2 100644 --- a/charts/generic/node-memory-hog/experiment.yaml +++ b/charts/generic/node-memory-hog/experiment.yaml @@ -34,7 +34,7 @@ spec: - "" resources: - "nodes" - verbs : + verbs: - "get" - "list" image: "litmuschaos/ansible-runner:latest" diff --git a/charts/generic/node-memory-hog/rbac.yaml b/charts/generic/node-memory-hog/rbac.yaml index 9995ad8..a1f08c5 100644 --- a/charts/generic/node-memory-hog/rbac.yaml +++ b/charts/generic/node-memory-hog/rbac.yaml @@ -19,7 +19,7 @@ rules: verbs: ["create","list","get","patch","update","delete"] - apiGroups: [""] resources: ["nodes"] - verbs : ["get","list"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding diff --git a/charts/generic/pod-cpu-hog/experiment.yaml b/charts/generic/pod-cpu-hog/experiment.yaml index ac3a77a..1ca5f65 100644 --- a/charts/generic/pod-cpu-hog/experiment.yaml +++ b/charts/generic/pod-cpu-hog/experiment.yaml @@ -29,6 +29,13 @@ spec: - "patch" - "update" - "delete" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/generic/pod-cpu-hog/rbac.yaml b/charts/generic/pod-cpu-hog/rbac.yaml index bf8f8c3..0d19381 100644 --- a/charts/generic/pod-cpu-hog/rbac.yaml +++ b/charts/generic/pod-cpu-hog/rbac.yaml @@ -18,6 +18,9 @@ rules: - apiGroups: ["","litmuschaos.io","batch"] resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/charts/generic/pod-delete/experiment.yaml b/charts/generic/pod-delete/experiment.yaml index e8c1889..428daec 100644 --- a/charts/generic/pod-delete/experiment.yaml +++ b/charts/generic/pod-delete/experiment.yaml @@ -36,7 +36,7 @@ spec: - "" resources: - "nodes" - verbs : + verbs: - "get" - "list" image: "litmuschaos/ansible-runner:latest" diff --git a/charts/generic/pod-delete/rbac.yaml b/charts/generic/pod-delete/rbac.yaml index 10d8f49..0b49796 100644 --- a/charts/generic/pod-delete/rbac.yaml +++ b/charts/generic/pod-delete/rbac.yaml @@ -20,7 +20,7 @@ rules: verbs: ["create","list","get","patch","update","delete"] - apiGroups: [""] resources: ["nodes"] - verbs : ["get","list"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/charts/generic/pod-network-corruption/experiment.yaml b/charts/generic/pod-network-corruption/experiment.yaml index 744eb16..7408143 100644 --- a/charts/generic/pod-network-corruption/experiment.yaml +++ b/charts/generic/pod-network-corruption/experiment.yaml @@ -29,6 +29,13 @@ spec: - "patch" - "update" - "get" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/generic/pod-network-corruption/rbac.yaml b/charts/generic/pod-network-corruption/rbac.yaml index 2bf6f83..affd71e 100644 --- a/charts/generic/pod-network-corruption/rbac.yaml +++ b/charts/generic/pod-network-corruption/rbac.yaml @@ -18,6 +18,9 @@ rules: - apiGroups: ["","litmuschaos.io","batch"] resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/charts/generic/pod-network-latency/experiment.yaml b/charts/generic/pod-network-latency/experiment.yaml index 85fd4c5..a38dfc0 100644 --- a/charts/generic/pod-network-latency/experiment.yaml +++ b/charts/generic/pod-network-latency/experiment.yaml @@ -29,6 +29,13 @@ spec: - "patch" - "update" - "delete" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/generic/pod-network-latency/rbac.yaml b/charts/generic/pod-network-latency/rbac.yaml index ef6be13..b2e5f4e 100644 --- a/charts/generic/pod-network-latency/rbac.yaml +++ b/charts/generic/pod-network-latency/rbac.yaml @@ -18,6 +18,9 @@ rules: - apiGroups: ["","litmuschaos.io","batch"] resources: ["pods","jobs","pods/log","events","chaosengines","chaosexperiments","chaosresults"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/charts/generic/pod-network-loss/experiment.yaml b/charts/generic/pod-network-loss/experiment.yaml index 18b2159..2fad4d4 100644 --- a/charts/generic/pod-network-loss/experiment.yaml +++ b/charts/generic/pod-network-loss/experiment.yaml @@ -11,24 +11,31 @@ spec: scope: Namespaced permissions: - apiGroups: - - "" - - "batch" - - "litmuschaos.io" + - "" + - "batch" + - "litmuschaos.io" resources: - - "jobs" - - "pods" - - "pods/log" - - "events" - - "chaosengines" - - "chaosexperiments" - - "chaosresults" + - "jobs" + - "pods" + - "pods/log" + - "events" + - "chaosengines" + - "chaosexperiments" + - "chaosresults" verbs: - - "get" - - "list" - - "patch" - - "create" - - "update" - - "delete" + - "get" + - "list" + - "patch" + - "create" + - "update" + - "delete" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/generic/pod-network-loss/rbac.yaml b/charts/generic/pod-network-loss/rbac.yaml index 4be813a..4305931 100644 --- a/charts/generic/pod-network-loss/rbac.yaml +++ b/charts/generic/pod-network-loss/rbac.yaml @@ -17,6 +17,9 @@ rules: - apiGroups: ["","litmuschaos.io","batch"] resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/charts/kafka/kafka-broker-pod-failure/experiment.yaml b/charts/kafka/kafka-broker-pod-failure/experiment.yaml index 302ae87..0d75691 100644 --- a/charts/kafka/kafka-broker-pod-failure/experiment.yaml +++ b/charts/kafka/kafka-broker-pod-failure/experiment.yaml @@ -37,7 +37,7 @@ spec: - "" resources: - "nodes" - verbs : + verbs: - "get" - "list" image: "litmuschaos/ansible-runner:latest" diff --git a/charts/kafka/kafka-broker-pod-failure/rbac.yaml b/charts/kafka/kafka-broker-pod-failure/rbac.yaml index 2d32808..8166077 100644 --- a/charts/kafka/kafka-broker-pod-failure/rbac.yaml +++ b/charts/kafka/kafka-broker-pod-failure/rbac.yaml @@ -18,7 +18,7 @@ rules: verbs: ["create","list","get","patch","delete"] - apiGroups: [""] resources: ["nodes"] - verbs : ["get","list"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding diff --git a/charts/openebs/openebs-control-plane-chaos/rbac.yaml b/charts/openebs/openebs-control-plane-chaos/rbac.yaml index 4f91c44..55bdff3 100644 --- a/charts/openebs/openebs-control-plane-chaos/rbac.yaml +++ b/charts/openebs/openebs-control-plane-chaos/rbac.yaml @@ -20,7 +20,7 @@ rules: verbs: ["create","list","get","patch","update","delete"] - apiGroups: [""] resources: ["nodes"] - verbs : ["get","list"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding diff --git a/charts/openebs/openebs-pool-container-failure/experiment.yaml b/charts/openebs/openebs-pool-container-failure/experiment.yaml index b5971c7..28a5e5c 100644 --- a/charts/openebs/openebs-pool-container-failure/experiment.yaml +++ b/charts/openebs/openebs-pool-container-failure/experiment.yaml @@ -43,6 +43,13 @@ spec: - "list" - "patch" - "update" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/openebs/openebs-pool-container-failure/rbac.yaml b/charts/openebs/openebs-pool-container-failure/rbac.yaml index 6bec97c..3f374e6 100644 --- a/charts/openebs/openebs-pool-container-failure/rbac.yaml +++ b/charts/openebs/openebs-pool-container-failure/rbac.yaml @@ -18,6 +18,9 @@ rules: - apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"] resources: ["pods","jobs","daemonsets","events","pods/log","replicasets","pods/exec","configmaps","secrets","persistentvolumeclaims","cstorvolumereplicas","chaosexperiments","chaosresults","chaosengines"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding diff --git a/charts/openebs/openebs-pool-network-delay/experiment.yaml b/charts/openebs/openebs-pool-network-delay/experiment.yaml index 3973f50..4944e00 100644 --- a/charts/openebs/openebs-pool-network-delay/experiment.yaml +++ b/charts/openebs/openebs-pool-network-delay/experiment.yaml @@ -45,6 +45,13 @@ spec: - "patch" - "update" - "delete" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/openebs/openebs-pool-network-delay/rbac.yaml b/charts/openebs/openebs-pool-network-delay/rbac.yaml index 6cc45ab..1e92f02 100644 --- a/charts/openebs/openebs-pool-network-delay/rbac.yaml +++ b/charts/openebs/openebs-pool-network-delay/rbac.yaml @@ -17,6 +17,9 @@ rules: - apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"] resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults","cstorpools","cstorvolumereplicas","replicasets"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding diff --git a/charts/openebs/openebs-pool-network-loss/experiment.yaml b/charts/openebs/openebs-pool-network-loss/experiment.yaml index bc74eb3..9f4167d 100644 --- a/charts/openebs/openebs-pool-network-loss/experiment.yaml +++ b/charts/openebs/openebs-pool-network-loss/experiment.yaml @@ -45,6 +45,13 @@ spec: - "list" - "patch" - "update" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/openebs/openebs-pool-network-loss/rbac.yaml b/charts/openebs/openebs-pool-network-loss/rbac.yaml index 33aef0d..17e3c19 100644 --- a/charts/openebs/openebs-pool-network-loss/rbac.yaml +++ b/charts/openebs/openebs-pool-network-loss/rbac.yaml @@ -15,39 +15,12 @@ metadata: labels: name: pool-network-loss-sa rules: -- apiGroups: - - "" - - "apps" - - "litmuschaos.io" - - "batch" - - "extensions" - - "storage.k8s.io" - - "openebs.io" - resources: - - "pods" - - "pods/exec" - - "jobs" - - "pods/log" - - "events" - - "configmaps" - - "services" - - "persistentvolumeclaims" - - "storageclasses" - - "persistentvolumeclaims" - - "persistentvolumes" - - "chaosengines" - - "chaosexperiments" - - "chaosresults" - - "cstorpools" - - "cstorvolumereplicas" - - "replicasets" - verbs: - - "create" - - "get" - - "delete" - - "list" - - "patch" - - "update" +- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"] + resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults","cstorpools","cstorvolumereplicas","replicasets"] + verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding diff --git a/charts/openebs/openebs-target-container-failure/experiment.yaml b/charts/openebs/openebs-target-container-failure/experiment.yaml index b72c4df..a00da43 100644 --- a/charts/openebs/openebs-target-container-failure/experiment.yaml +++ b/charts/openebs/openebs-target-container-failure/experiment.yaml @@ -41,6 +41,13 @@ spec: - "list" - "patch" - "update" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/openebs/openebs-target-container-failure/rbac.yaml b/charts/openebs/openebs-target-container-failure/rbac.yaml index ea83e0e..034f909 100644 --- a/charts/openebs/openebs-target-container-failure/rbac.yaml +++ b/charts/openebs/openebs-target-container-failure/rbac.yaml @@ -18,6 +18,9 @@ rules: - apiGroups: ["","litmuschaos.io","batch","apps","storage.k8s.io"] resources: ["pods","jobs","pods/log","pods/exec","daemonsets","events","configmaps","secrets","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding diff --git a/charts/openebs/openebs-target-network-delay/experiment.yaml b/charts/openebs/openebs-target-network-delay/experiment.yaml index a660b0a..7e6a44a 100644 --- a/charts/openebs/openebs-target-network-delay/experiment.yaml +++ b/charts/openebs/openebs-target-network-delay/experiment.yaml @@ -41,6 +41,13 @@ spec: - "list" - "patch" - "update" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/openebs/openebs-target-network-delay/rbac.yaml b/charts/openebs/openebs-target-network-delay/rbac.yaml index 132c255..c1e805c 100644 --- a/charts/openebs/openebs-target-network-delay/rbac.yaml +++ b/charts/openebs/openebs-target-network-delay/rbac.yaml @@ -18,6 +18,9 @@ rules: - apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"] resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding diff --git a/charts/openebs/openebs-target-network-loss/experiment.yaml b/charts/openebs/openebs-target-network-loss/experiment.yaml index 9961249..4231a7a 100644 --- a/charts/openebs/openebs-target-network-loss/experiment.yaml +++ b/charts/openebs/openebs-target-network-loss/experiment.yaml @@ -41,6 +41,13 @@ spec: - "list" - "patch" - "update" + - apiGroups: + - "" + resources: + - "nodes" + verbs: + - "get" + - "list" image: "litmuschaos/ansible-runner:latest" args: - -c diff --git a/charts/openebs/openebs-target-network-loss/rbac.yaml b/charts/openebs/openebs-target-network-loss/rbac.yaml index 818a699..8188cb7 100644 --- a/charts/openebs/openebs-target-network-loss/rbac.yaml +++ b/charts/openebs/openebs-target-network-loss/rbac.yaml @@ -18,6 +18,9 @@ rules: - apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"] resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"] verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding