From 5a5e386de0a793a77fd5f814325eee523466eb5f Mon Sep 17 00:00:00 2001 From: Shubham Chaudhary Date: Thu, 17 Dec 2020 23:55:36 +0530 Subject: [PATCH] chore(rbac): updating the rabc permissions for generic experiments (#399) Signed-off-by: shubhamchaudhary --- charts/generic/container-kill/engine.yaml | 2 +- charts/generic/container-kill/rbac-psp.yaml | 19 ++++- charts/generic/container-kill/rbac.yaml | 19 ++++- .../container-kill/rbac_nginx_getstarted.yaml | 19 ++++- charts/generic/disk-fill/rbac-psp.yaml | 19 ++++- charts/generic/disk-fill/rbac.yaml | 19 ++++- .../kubelet-service-kill/rbac-psp.yaml | 12 ++- charts/generic/kubelet-service-kill/rbac.yaml | 12 ++- charts/generic/node-cpu-hog/rbac-psp.yaml | 10 ++- charts/generic/node-cpu-hog/rbac.yaml | 10 ++- charts/generic/node-drain/rbac-psp.yaml | 15 +++- charts/generic/node-drain/rbac.yaml | 15 +++- charts/generic/node-io-stress/rbac-psp.yaml | 10 ++- charts/generic/node-io-stress/rbac.yaml | 10 ++- charts/generic/node-memory-hog/rbac-psp.yaml | 10 ++- charts/generic/node-memory-hog/rbac.yaml | 10 ++- charts/generic/node-poweroff/rbac-psp.yaml | 10 ++- charts/generic/node-poweroff/rbac.yaml | 10 ++- charts/generic/node-restart/rbac-psp.yaml | 10 ++- charts/generic/node-restart/rbac.yaml | 10 ++- charts/generic/node-taint/rbac-psp.yaml | 18 ++++- charts/generic/node-taint/rbac.yaml | 18 ++++- charts/generic/pod-autoscaler/rbac-psp.yaml | 16 ++-- charts/generic/pod-autoscaler/rbac.yaml | 16 ++-- charts/generic/pod-cpu-hog/engine.yaml | 2 +- charts/generic/pod-cpu-hog/rbac-psp.yaml | 19 ++++- charts/generic/pod-cpu-hog/rbac.yaml | 19 ++++- charts/generic/pod-delete/engine.yaml | 2 +- .../pod-delete/powerfulseal_experiment.yaml | 74 ------------------- .../generic/pod-delete/powerfulseal_rbac.yaml | 38 ---------- charts/generic/pod-delete/rbac-psp.yaml | 19 ++++- charts/generic/pod-delete/rbac.yaml | 19 ++++- .../pod-delete/rbac_nginx_getstarted.yaml | 19 ++++- charts/generic/pod-io-stress/engine.yaml | 2 +- charts/generic/pod-io-stress/rbac-psp.yaml | 19 ++++- charts/generic/pod-io-stress/rbac.yaml | 19 ++++- charts/generic/pod-memory-hog/engine.yaml | 2 +- charts/generic/pod-memory-hog/rbac-psp.yaml | 19 ++++- charts/generic/pod-memory-hog/rbac.yaml | 19 ++++- .../pod-network-corruption/engine.yaml | 2 +- .../pod-network-corruption/rbac-psp.yaml | 19 ++++- .../generic/pod-network-corruption/rbac.yaml | 19 ++++- .../pod-network-duplication/engine.yaml | 2 +- .../pod-network-duplication/rbac-psp.yaml | 19 ++++- .../generic/pod-network-duplication/rbac.yaml | 19 ++++- .../generic/pod-network-latency/engine.yaml | 2 +- .../generic/pod-network-latency/rbac-psp.yaml | 19 ++++- charts/generic/pod-network-latency/rbac.yaml | 19 ++++- charts/generic/pod-network-loss/engine.yaml | 2 +- charts/generic/pod-network-loss/rbac-psp.yaml | 19 ++++- charts/generic/pod-network-loss/rbac.yaml | 19 ++++- 51 files changed, 557 insertions(+), 213 deletions(-) delete mode 100644 charts/generic/pod-delete/powerfulseal_experiment.yaml delete mode 100644 charts/generic/pod-delete/powerfulseal_rbac.yaml diff --git a/charts/generic/container-kill/engine.yaml b/charts/generic/container-kill/engine.yaml index 17b938a..866c06b 100644 --- a/charts/generic/container-kill/engine.yaml +++ b/charts/generic/container-kill/engine.yaml @@ -5,7 +5,7 @@ metadata: namespace: default spec: # It can be true/false - annotationCheck: 'true' + annotationCheck: 'false' # It can be active/stop engineState: 'active' appinfo: diff --git a/charts/generic/container-kill/rbac-psp.yaml b/charts/generic/container-kill/rbac-psp.yaml index abf8d14..fcdd776 100644 --- a/charts/generic/container-kill/rbac-psp.yaml +++ b/charts/generic/container-kill/rbac-psp.yaml @@ -17,9 +17,24 @@ metadata: name: container-kill-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/container-kill/rbac.yaml b/charts/generic/container-kill/rbac.yaml index aa568b9..4e68da4 100644 --- a/charts/generic/container-kill/rbac.yaml +++ b/charts/generic/container-kill/rbac.yaml @@ -17,9 +17,24 @@ metadata: name: container-kill-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/generic/container-kill/rbac_nginx_getstarted.yaml b/charts/generic/container-kill/rbac_nginx_getstarted.yaml index c04a5d0..fcaa590 100644 --- a/charts/generic/container-kill/rbac_nginx_getstarted.yaml +++ b/charts/generic/container-kill/rbac_nginx_getstarted.yaml @@ -15,9 +15,24 @@ metadata: labels: name: container-kill-sa rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/generic/disk-fill/rbac-psp.yaml b/charts/generic/disk-fill/rbac-psp.yaml index 4602d82..96e7269 100644 --- a/charts/generic/disk-fill/rbac-psp.yaml +++ b/charts/generic/disk-fill/rbac-psp.yaml @@ -16,9 +16,24 @@ metadata: name: disk-fill-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","apps","litmuschaos.io","batch"] - resources: ["pods","jobs","pods/exec","events","pods/log","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/disk-fill/rbac.yaml b/charts/generic/disk-fill/rbac.yaml index 74a535e..9141372 100644 --- a/charts/generic/disk-fill/rbac.yaml +++ b/charts/generic/disk-fill/rbac.yaml @@ -16,9 +16,24 @@ metadata: name: disk-fill-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","apps","litmuschaos.io","batch"] - resources: ["pods","jobs","pods/exec","events","pods/log","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/generic/kubelet-service-kill/rbac-psp.yaml b/charts/generic/kubelet-service-kill/rbac-psp.yaml index cad45d6..49836b3 100644 --- a/charts/generic/kubelet-service-kill/rbac-psp.yaml +++ b/charts/generic/kubelet-service-kill/rbac-psp.yaml @@ -16,9 +16,15 @@ metadata: name: kubelet-service-kill-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","pods/log","pods/exec","events","chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events"] + verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/kubelet-service-kill/rbac.yaml b/charts/generic/kubelet-service-kill/rbac.yaml index 3981b1e..46269e2 100644 --- a/charts/generic/kubelet-service-kill/rbac.yaml +++ b/charts/generic/kubelet-service-kill/rbac.yaml @@ -16,9 +16,15 @@ metadata: name: kubelet-service-kill-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","pods/log","pods/exec","events","chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events"] + verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-cpu-hog/rbac-psp.yaml b/charts/generic/node-cpu-hog/rbac-psp.yaml index ce72330..28ead2b 100644 --- a/charts/generic/node-cpu-hog/rbac-psp.yaml +++ b/charts/generic/node-cpu-hog/rbac-psp.yaml @@ -16,9 +16,15 @@ metadata: name: node-cpu-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","events","chaosengines","pods/log","pods/exec","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-cpu-hog/rbac.yaml b/charts/generic/node-cpu-hog/rbac.yaml index a89d4f6..f9c57bf 100644 --- a/charts/generic/node-cpu-hog/rbac.yaml +++ b/charts/generic/node-cpu-hog/rbac.yaml @@ -16,9 +16,15 @@ metadata: name: node-cpu-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","events","chaosengines","pods/log","pods/exec","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-drain/rbac-psp.yaml b/charts/generic/node-drain/rbac-psp.yaml index 46ee6a9..bb91b16 100644 --- a/charts/generic/node-drain/rbac-psp.yaml +++ b/charts/generic/node-drain/rbac-psp.yaml @@ -16,9 +16,18 @@ metadata: name: node-drain-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","extensions","apps"] - resources: ["pods","jobs","events","chaosengines","pods/log","pods/exec","daemonsets","pods/eviction","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","pods/eviction"] + verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["list","get","delete"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["patch","get","list"] diff --git a/charts/generic/node-drain/rbac.yaml b/charts/generic/node-drain/rbac.yaml index bacab01..32e8e7b 100644 --- a/charts/generic/node-drain/rbac.yaml +++ b/charts/generic/node-drain/rbac.yaml @@ -16,9 +16,18 @@ metadata: name: node-drain-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","extensions","apps"] - resources: ["pods","jobs","events","chaosengines","pods/log","pods/exec","daemonsets","pods/eviction","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","pods/eviction"] + verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["list","get","delete"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["patch","get","list"] diff --git a/charts/generic/node-io-stress/rbac-psp.yaml b/charts/generic/node-io-stress/rbac-psp.yaml index 24a49bf..845e60a 100644 --- a/charts/generic/node-io-stress/rbac-psp.yaml +++ b/charts/generic/node-io-stress/rbac-psp.yaml @@ -16,9 +16,15 @@ metadata: name: node-io-stress-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","pods/log","pods/exec","events","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-io-stress/rbac.yaml b/charts/generic/node-io-stress/rbac.yaml index ef58d36..e1e95ac 100644 --- a/charts/generic/node-io-stress/rbac.yaml +++ b/charts/generic/node-io-stress/rbac.yaml @@ -16,9 +16,15 @@ metadata: name: node-io-stress-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","pods/log","pods/exec","events","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-memory-hog/rbac-psp.yaml b/charts/generic/node-memory-hog/rbac-psp.yaml index a4c5148..65b2dda 100644 --- a/charts/generic/node-memory-hog/rbac-psp.yaml +++ b/charts/generic/node-memory-hog/rbac-psp.yaml @@ -16,9 +16,15 @@ metadata: name: node-memory-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","pods/log","pods/exec","events","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-memory-hog/rbac.yaml b/charts/generic/node-memory-hog/rbac.yaml index 943e168..1f70f11 100644 --- a/charts/generic/node-memory-hog/rbac.yaml +++ b/charts/generic/node-memory-hog/rbac.yaml @@ -16,9 +16,15 @@ metadata: name: node-memory-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","pods/log","pods/exec","events","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-poweroff/rbac-psp.yaml b/charts/generic/node-poweroff/rbac-psp.yaml index caf13d1..040f353 100644 --- a/charts/generic/node-poweroff/rbac-psp.yaml +++ b/charts/generic/node-poweroff/rbac-psp.yaml @@ -16,9 +16,15 @@ metadata: name: node-poweroff-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","secrets","events","chaosengines","pods/log","pods/exec","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","secrets"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-poweroff/rbac.yaml b/charts/generic/node-poweroff/rbac.yaml index 9738827..9b1c381 100644 --- a/charts/generic/node-poweroff/rbac.yaml +++ b/charts/generic/node-poweroff/rbac.yaml @@ -16,9 +16,15 @@ metadata: name: node-poweroff-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","secrets","events","chaosengines","pods/log","pods/exec","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","secrets"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-restart/rbac-psp.yaml b/charts/generic/node-restart/rbac-psp.yaml index 0b0ab57..80c7e1f 100644 --- a/charts/generic/node-restart/rbac-psp.yaml +++ b/charts/generic/node-restart/rbac-psp.yaml @@ -16,9 +16,15 @@ metadata: name: node-restart-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","secrets","events","chaosengines","pods/log","pods/exec","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","secrets"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-restart/rbac.yaml b/charts/generic/node-restart/rbac.yaml index 8f6fad1..9c4b4ea 100644 --- a/charts/generic/node-restart/rbac.yaml +++ b/charts/generic/node-restart/rbac.yaml @@ -16,9 +16,15 @@ metadata: name: node-restart-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","jobs","secrets","events","chaosengines","pods/log","pods/exec","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","secrets"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get","list"] diff --git a/charts/generic/node-taint/rbac-psp.yaml b/charts/generic/node-taint/rbac-psp.yaml index 41273bb..af6fce3 100644 --- a/charts/generic/node-taint/rbac-psp.yaml +++ b/charts/generic/node-taint/rbac-psp.yaml @@ -16,9 +16,21 @@ metadata: name: node-taint-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","extensions"] - resources: ["pods","jobs","events","chaosengines","pods/log","pods/exec","daemonsets","pods/eviction","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","pods/eviction"] + verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["list","get","delete"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["patch","get","list"] - apiGroups: [""] resources: ["nodes"] verbs: ["patch","get","list","update"] diff --git a/charts/generic/node-taint/rbac.yaml b/charts/generic/node-taint/rbac.yaml index b009e22..fd3f327 100644 --- a/charts/generic/node-taint/rbac.yaml +++ b/charts/generic/node-taint/rbac.yaml @@ -16,9 +16,21 @@ metadata: name: node-taint-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","extensions"] - resources: ["pods","jobs","events","chaosengines","pods/log","pods/exec","daemonsets","pods/eviction","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","pods/eviction"] + verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["list","get","delete"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["patch","get","list"] - apiGroups: [""] resources: ["nodes"] verbs: ["patch","get","list","update"] diff --git a/charts/generic/pod-autoscaler/rbac-psp.yaml b/charts/generic/pod-autoscaler/rbac-psp.yaml index 51b9d36..d0f26d6 100644 --- a/charts/generic/pod-autoscaler/rbac-psp.yaml +++ b/charts/generic/pod-autoscaler/rbac-psp.yaml @@ -16,12 +16,18 @@ metadata: name: pod-autoscaler-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","deployments","jobs","events","chaosengines","pods/log","pods/exec","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update","delete"] - apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + resources: ["pods","pods/exec","pods/log","events"] + verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["list","get","patch","update"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/pod-autoscaler/rbac.yaml b/charts/generic/pod-autoscaler/rbac.yaml index 9357961..92f08f2 100644 --- a/charts/generic/pod-autoscaler/rbac.yaml +++ b/charts/generic/pod-autoscaler/rbac.yaml @@ -16,12 +16,18 @@ metadata: name: pod-autoscaler-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","deployments","jobs","events","chaosengines","pods/log","pods/exec","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update","delete"] - apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] + resources: ["pods","pods/exec","pods/log","events"] + verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["list","get","patch","update"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/generic/pod-cpu-hog/engine.yaml b/charts/generic/pod-cpu-hog/engine.yaml index 7efeaee..77dabb2 100644 --- a/charts/generic/pod-cpu-hog/engine.yaml +++ b/charts/generic/pod-cpu-hog/engine.yaml @@ -5,7 +5,7 @@ metadata: namespace: default spec: # It can be true/false - annotationCheck: 'true' + annotationCheck: 'false' # It can be active/stop engineState: 'active' appinfo: diff --git a/charts/generic/pod-cpu-hog/rbac-psp.yaml b/charts/generic/pod-cpu-hog/rbac-psp.yaml index d263e9c..894fc8d 100644 --- a/charts/generic/pod-cpu-hog/rbac-psp.yaml +++ b/charts/generic/pod-cpu-hog/rbac-psp.yaml @@ -17,9 +17,24 @@ metadata: name: pod-cpu-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/pod-cpu-hog/rbac.yaml b/charts/generic/pod-cpu-hog/rbac.yaml index 7122fcc..140fa35 100644 --- a/charts/generic/pod-cpu-hog/rbac.yaml +++ b/charts/generic/pod-cpu-hog/rbac.yaml @@ -17,9 +17,24 @@ metadata: name: pod-cpu-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/generic/pod-delete/engine.yaml b/charts/generic/pod-delete/engine.yaml index fbbe92a..5da441c 100644 --- a/charts/generic/pod-delete/engine.yaml +++ b/charts/generic/pod-delete/engine.yaml @@ -9,7 +9,7 @@ spec: applabel: 'app=nginx' appkind: 'deployment' # It can be true/false - annotationCheck: 'true' + annotationCheck: 'false' # It can be active/stop engineState: 'active' chaosServiceAccount: pod-delete-sa diff --git a/charts/generic/pod-delete/powerfulseal_experiment.yaml b/charts/generic/pod-delete/powerfulseal_experiment.yaml deleted file mode 100644 index 33b0bbf..0000000 --- a/charts/generic/pod-delete/powerfulseal_experiment.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: litmuschaos.io/v1alpha1 -description: - message: | - Deletes a pod belonging to a deployment/statefulset/daemonset -kind: ChaosExperiment -metadata: - name: pod-delete - version: 0.1.17 -spec: - definition: - scope: Namespaced - permissions: - - apiGroups: - - "" - - "apps" - - "batch" - - "litmuschaos.io" - resources: - - "deployments" - - "jobs" - - "pods" - - "pods/log" - - "events" - - "configmaps" - - "chaosengines" - - "chaosexperiments" - - "chaosresults" - verbs: - - "create" - - "list" - - "get" - - "patch" - - "update" - - "delete" - - apiGroups: - - "" - resources: - - "nodes" - verbs: - - "get" - - "list" - image: "litmuschaos/ansible-runner:latest" - imagePullPolicy: Always - args: - - -c - - ansible-playbook ./experiments/generic/pod_delete/pod_delete_ansible_logic.yml -i /etc/ansible/hosts -vv; exit 0 - command: - - /bin/bash - env: - - - name: ANSIBLE_STDOUT_CALLBACK - value: 'default' - - - name: TOTAL_CHAOS_DURATION - value: '15' - - # Period to wait before injection of chaos in sec - - name: RAMP_TIME - value: '' - - # provide the kill count - - name: KILL_COUNT - value: '' - - - name: FORCE - value: 'true' - - - name: CHAOS_INTERVAL - value: '5' - - - name: LIB - value: 'powerfulseal' - labels: - name: pod-delete diff --git a/charts/generic/pod-delete/powerfulseal_rbac.yaml b/charts/generic/pod-delete/powerfulseal_rbac.yaml deleted file mode 100644 index f53e37b..0000000 --- a/charts/generic/pod-delete/powerfulseal_rbac.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pod-delete-sa - namespace: default - labels: - name: pod-delete-sa ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: pod-delete-sa - labels: - name: pod-delete-sa -rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","deployments","pods/log","events","jobs","configmaps","chaosengines","chaosexperiments","chaosresults"] - verbs: ["create","list","get","patch","update","delete"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get","list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: pod-delete-sa - labels: - name: pod-delete-sa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: pod-delete-sa -subjects: -- kind: ServiceAccount - name: pod-delete-sa - namespace: default - diff --git a/charts/generic/pod-delete/rbac-psp.yaml b/charts/generic/pod-delete/rbac-psp.yaml index c8b2e04..a363bc9 100644 --- a/charts/generic/pod-delete/rbac-psp.yaml +++ b/charts/generic/pod-delete/rbac-psp.yaml @@ -17,9 +17,24 @@ metadata: name: pod-delete-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","deployments","pods/log","pods/exec","events","jobs","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/pod-delete/rbac.yaml b/charts/generic/pod-delete/rbac.yaml index 6c9e754..dcc01d4 100644 --- a/charts/generic/pod-delete/rbac.yaml +++ b/charts/generic/pod-delete/rbac.yaml @@ -17,9 +17,24 @@ metadata: name: pod-delete-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","deployments","pods/log","pods/exec","events","jobs","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/generic/pod-delete/rbac_nginx_getstarted.yaml b/charts/generic/pod-delete/rbac_nginx_getstarted.yaml index 2a1776a..f5157b0 100644 --- a/charts/generic/pod-delete/rbac_nginx_getstarted.yaml +++ b/charts/generic/pod-delete/rbac_nginx_getstarted.yaml @@ -15,9 +15,24 @@ metadata: labels: name: pod-delete-sa rules: -- apiGroups: ["","litmuschaos.io","batch","apps"] - resources: ["pods","deployments","pods/log","pods/exec","events","jobs","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/generic/pod-io-stress/engine.yaml b/charts/generic/pod-io-stress/engine.yaml index 0a2c9d9..144e59c 100644 --- a/charts/generic/pod-io-stress/engine.yaml +++ b/charts/generic/pod-io-stress/engine.yaml @@ -5,7 +5,7 @@ metadata: namespace: default spec: # It can be true/false - annotationCheck: 'true' + annotationCheck: 'false' # It can be active/stop engineState: 'active' appinfo: diff --git a/charts/generic/pod-io-stress/rbac-psp.yaml b/charts/generic/pod-io-stress/rbac-psp.yaml index 3b444a9..8cba83e 100644 --- a/charts/generic/pod-io-stress/rbac-psp.yaml +++ b/charts/generic/pod-io-stress/rbac-psp.yaml @@ -17,9 +17,24 @@ metadata: name: pod-io-stress-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/pod-io-stress/rbac.yaml b/charts/generic/pod-io-stress/rbac.yaml index 21467e3..ea7d0b7 100644 --- a/charts/generic/pod-io-stress/rbac.yaml +++ b/charts/generic/pod-io-stress/rbac.yaml @@ -17,9 +17,24 @@ metadata: name: pod-io-stress-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/generic/pod-memory-hog/engine.yaml b/charts/generic/pod-memory-hog/engine.yaml index caca568..530bd8a 100644 --- a/charts/generic/pod-memory-hog/engine.yaml +++ b/charts/generic/pod-memory-hog/engine.yaml @@ -5,7 +5,7 @@ metadata: namespace: default spec: # It can be true/false - annotationCheck: 'true' + annotationCheck: 'false' # It can be active/stop engineState: 'active' appinfo: diff --git a/charts/generic/pod-memory-hog/rbac-psp.yaml b/charts/generic/pod-memory-hog/rbac-psp.yaml index 67dd23f..fdc3f63 100644 --- a/charts/generic/pod-memory-hog/rbac-psp.yaml +++ b/charts/generic/pod-memory-hog/rbac-psp.yaml @@ -17,9 +17,24 @@ metadata: name: pod-memory-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/pod-memory-hog/rbac.yaml b/charts/generic/pod-memory-hog/rbac.yaml index d6e272b..8cd02ba 100644 --- a/charts/generic/pod-memory-hog/rbac.yaml +++ b/charts/generic/pod-memory-hog/rbac.yaml @@ -17,9 +17,24 @@ metadata: name: pod-memory-hog-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/generic/pod-network-corruption/engine.yaml b/charts/generic/pod-network-corruption/engine.yaml index ea77303..a54e8ae 100644 --- a/charts/generic/pod-network-corruption/engine.yaml +++ b/charts/generic/pod-network-corruption/engine.yaml @@ -7,7 +7,7 @@ spec: # It can be delete/retain jobCleanUpPolicy: 'delete' # It can be true/false - annotationCheck: 'true' + annotationCheck: 'false' # It can be active/stop engineState: 'active' monitoring: false diff --git a/charts/generic/pod-network-corruption/rbac-psp.yaml b/charts/generic/pod-network-corruption/rbac-psp.yaml index 2039035..8d97bed 100644 --- a/charts/generic/pod-network-corruption/rbac-psp.yaml +++ b/charts/generic/pod-network-corruption/rbac-psp.yaml @@ -17,9 +17,24 @@ metadata: name: pod-network-corruption-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/pod-network-corruption/rbac.yaml b/charts/generic/pod-network-corruption/rbac.yaml index c54f381..1c4250a 100644 --- a/charts/generic/pod-network-corruption/rbac.yaml +++ b/charts/generic/pod-network-corruption/rbac.yaml @@ -17,9 +17,24 @@ metadata: name: pod-network-corruption-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/generic/pod-network-duplication/engine.yaml b/charts/generic/pod-network-duplication/engine.yaml index c8f89eb..d842767 100644 --- a/charts/generic/pod-network-duplication/engine.yaml +++ b/charts/generic/pod-network-duplication/engine.yaml @@ -8,7 +8,7 @@ spec: # It can be delete/retain jobCleanUpPolicy: 'delete' # It can be true/false - annotationCheck: 'true' + annotationCheck: 'false' # It can be active/stop engineState: 'active' monitoring: false diff --git a/charts/generic/pod-network-duplication/rbac-psp.yaml b/charts/generic/pod-network-duplication/rbac-psp.yaml index 21a462f..c691f10 100644 --- a/charts/generic/pod-network-duplication/rbac-psp.yaml +++ b/charts/generic/pod-network-duplication/rbac-psp.yaml @@ -16,9 +16,24 @@ metadata: name: pod-network-duplication-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/pod-network-duplication/rbac.yaml b/charts/generic/pod-network-duplication/rbac.yaml index 0337910..091a76e 100644 --- a/charts/generic/pod-network-duplication/rbac.yaml +++ b/charts/generic/pod-network-duplication/rbac.yaml @@ -16,9 +16,24 @@ metadata: name: pod-network-duplication-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/generic/pod-network-latency/engine.yaml b/charts/generic/pod-network-latency/engine.yaml index da2f6ac..40237d6 100644 --- a/charts/generic/pod-network-latency/engine.yaml +++ b/charts/generic/pod-network-latency/engine.yaml @@ -7,7 +7,7 @@ spec: # It can be delete/retain jobCleanUpPolicy: 'delete' # It can be true/false - annotationCheck: 'true' + annotationCheck: 'false' # It can be active/stop engineState: 'active' monitoring: false diff --git a/charts/generic/pod-network-latency/rbac-psp.yaml b/charts/generic/pod-network-latency/rbac-psp.yaml index 81dfa01..d9a975a 100644 --- a/charts/generic/pod-network-latency/rbac-psp.yaml +++ b/charts/generic/pod-network-latency/rbac-psp.yaml @@ -17,9 +17,24 @@ metadata: name: pod-network-latency-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","pods/log","pods/exec","events","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/pod-network-latency/rbac.yaml b/charts/generic/pod-network-latency/rbac.yaml index ee82786..524e1f3 100644 --- a/charts/generic/pod-network-latency/rbac.yaml +++ b/charts/generic/pod-network-latency/rbac.yaml @@ -17,9 +17,24 @@ metadata: name: pod-network-latency-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","pods/log","pods/exec","events","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/generic/pod-network-loss/engine.yaml b/charts/generic/pod-network-loss/engine.yaml index 4f5aa01..321dc04 100644 --- a/charts/generic/pod-network-loss/engine.yaml +++ b/charts/generic/pod-network-loss/engine.yaml @@ -8,7 +8,7 @@ spec: # It can be delete/retain jobCleanUpPolicy: 'delete' # It can be true/false - annotationCheck: 'true' + annotationCheck: 'false' # It can be active/stop engineState: 'active' monitoring: false diff --git a/charts/generic/pod-network-loss/rbac-psp.yaml b/charts/generic/pod-network-loss/rbac-psp.yaml index 61637b5..baf504c 100644 --- a/charts/generic/pod-network-loss/rbac-psp.yaml +++ b/charts/generic/pod-network-loss/rbac-psp.yaml @@ -16,9 +16,24 @@ metadata: name: pod-network-loss-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] diff --git a/charts/generic/pod-network-loss/rbac.yaml b/charts/generic/pod-network-loss/rbac.yaml index 24413ac..6d6b7c7 100644 --- a/charts/generic/pod-network-loss/rbac.yaml +++ b/charts/generic/pod-network-loss/rbac.yaml @@ -16,9 +16,24 @@ metadata: name: pod-network-loss-sa app.kubernetes.io/part-of: litmus rules: -- apiGroups: ["","litmuschaos.io","batch"] - resources: ["pods","jobs","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"] +- apiGroups: [""] + resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"] verbs: ["create","list","get","patch","update","delete","deletecollection"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create","list","get","delete","deletecollection"] +- apiGroups: ["apps"] + resources: ["deployments","statefulsets","daemonsets","replicasets"] + verbs: ["list","get"] +- apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list","get"] +- apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list","get"] +- apiGroups: ["litmuschaos.io"] + resources: ["chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding