chore(rbac): updating the rabc permissions for generic experiments (#399)
Signed-off-by: shubhamchaudhary <shubham.chaudhary@mayadata.io>
This commit is contained in:
Shubham Chaudhary
committed by
GitHub
GitHub
parent
8eec20a1a6
commit
5a5e386de0
@@ -9,7 +9,7 @@ spec:
|
||||
applabel: 'app=nginx'
|
||||
appkind: 'deployment'
|
||||
# It can be true/false
|
||||
annotationCheck: 'true'
|
||||
annotationCheck: 'false'
|
||||
# It can be active/stop
|
||||
engineState: 'active'
|
||||
chaosServiceAccount: pod-delete-sa
|
||||
|
||||
@@ -1,74 +0,0 @@
|
||||
apiVersion: litmuschaos.io/v1alpha1
|
||||
description:
|
||||
message: |
|
||||
Deletes a pod belonging to a deployment/statefulset/daemonset
|
||||
kind: ChaosExperiment
|
||||
metadata:
|
||||
name: pod-delete
|
||||
version: 0.1.17
|
||||
spec:
|
||||
definition:
|
||||
scope: Namespaced
|
||||
permissions:
|
||||
- apiGroups:
|
||||
- ""
|
||||
- "apps"
|
||||
- "batch"
|
||||
- "litmuschaos.io"
|
||||
resources:
|
||||
- "deployments"
|
||||
- "jobs"
|
||||
- "pods"
|
||||
- "pods/log"
|
||||
- "events"
|
||||
- "configmaps"
|
||||
- "chaosengines"
|
||||
- "chaosexperiments"
|
||||
- "chaosresults"
|
||||
verbs:
|
||||
- "create"
|
||||
- "list"
|
||||
- "get"
|
||||
- "patch"
|
||||
- "update"
|
||||
- "delete"
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- "nodes"
|
||||
verbs:
|
||||
- "get"
|
||||
- "list"
|
||||
image: "litmuschaos/ansible-runner:latest"
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- -c
|
||||
- ansible-playbook ./experiments/generic/pod_delete/pod_delete_ansible_logic.yml -i /etc/ansible/hosts -vv; exit 0
|
||||
command:
|
||||
- /bin/bash
|
||||
env:
|
||||
|
||||
- name: ANSIBLE_STDOUT_CALLBACK
|
||||
value: 'default'
|
||||
|
||||
- name: TOTAL_CHAOS_DURATION
|
||||
value: '15'
|
||||
|
||||
# Period to wait before injection of chaos in sec
|
||||
- name: RAMP_TIME
|
||||
value: ''
|
||||
|
||||
# provide the kill count
|
||||
- name: KILL_COUNT
|
||||
value: ''
|
||||
|
||||
- name: FORCE
|
||||
value: 'true'
|
||||
|
||||
- name: CHAOS_INTERVAL
|
||||
value: '5'
|
||||
|
||||
- name: LIB
|
||||
value: 'powerfulseal'
|
||||
labels:
|
||||
name: pod-delete
|
||||
@@ -1,38 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: pod-delete-sa
|
||||
namespace: default
|
||||
labels:
|
||||
name: pod-delete-sa
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: pod-delete-sa
|
||||
labels:
|
||||
name: pod-delete-sa
|
||||
rules:
|
||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||
resources: ["pods","deployments","pods/log","events","jobs","configmaps","chaosengines","chaosexperiments","chaosresults"]
|
||||
verbs: ["create","list","get","patch","update","delete"]
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get","list"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: pod-delete-sa
|
||||
labels:
|
||||
name: pod-delete-sa
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: pod-delete-sa
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: pod-delete-sa
|
||||
namespace: default
|
||||
|
||||
@@ -17,9 +17,24 @@ metadata:
|
||||
name: pod-delete-sa
|
||||
app.kubernetes.io/part-of: litmus
|
||||
rules:
|
||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||
resources: ["pods","deployments","pods/log","pods/exec","events","jobs","chaosengines","chaosexperiments","chaosresults"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"]
|
||||
verbs: ["create","list","get","patch","update","delete","deletecollection"]
|
||||
- apiGroups: ["batch"]
|
||||
resources: ["jobs"]
|
||||
verbs: ["create","list","get","delete","deletecollection"]
|
||||
- apiGroups: ["apps"]
|
||||
resources: ["deployments","statefulsets","daemonsets","replicasets"]
|
||||
verbs: ["list","get"]
|
||||
- apiGroups: ["apps.openshift.io"]
|
||||
resources: ["deploymentconfigs"]
|
||||
verbs: ["list","get"]
|
||||
- apiGroups: ["argoproj.io"]
|
||||
resources: ["rollouts"]
|
||||
verbs: ["list","get"]
|
||||
- apiGroups: ["litmuschaos.io"]
|
||||
resources: ["chaosengines","chaosexperiments","chaosresults"]
|
||||
verbs: ["create","list","get","patch","update"]
|
||||
- apiGroups: ["policy"]
|
||||
resources: ["podsecuritypolicies"]
|
||||
verbs: ["use"]
|
||||
|
||||
@@ -17,9 +17,24 @@ metadata:
|
||||
name: pod-delete-sa
|
||||
app.kubernetes.io/part-of: litmus
|
||||
rules:
|
||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||
resources: ["pods","deployments","pods/log","pods/exec","events","jobs","chaosengines","chaosexperiments","chaosresults"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"]
|
||||
verbs: ["create","list","get","patch","update","delete","deletecollection"]
|
||||
- apiGroups: ["batch"]
|
||||
resources: ["jobs"]
|
||||
verbs: ["create","list","get","delete","deletecollection"]
|
||||
- apiGroups: ["apps"]
|
||||
resources: ["deployments","statefulsets","daemonsets","replicasets"]
|
||||
verbs: ["list","get"]
|
||||
- apiGroups: ["apps.openshift.io"]
|
||||
resources: ["deploymentconfigs"]
|
||||
verbs: ["list","get"]
|
||||
- apiGroups: ["argoproj.io"]
|
||||
resources: ["rollouts"]
|
||||
verbs: ["list","get"]
|
||||
- apiGroups: ["litmuschaos.io"]
|
||||
resources: ["chaosengines","chaosexperiments","chaosresults"]
|
||||
verbs: ["create","list","get","patch","update"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
|
||||
@@ -15,9 +15,24 @@ metadata:
|
||||
labels:
|
||||
name: pod-delete-sa
|
||||
rules:
|
||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||
resources: ["pods","deployments","pods/log","pods/exec","events","jobs","chaosengines","chaosexperiments","chaosresults"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods","pods/exec","pods/log","events","replicationcontrollers"]
|
||||
verbs: ["create","list","get","patch","update","delete","deletecollection"]
|
||||
- apiGroups: ["batch"]
|
||||
resources: ["jobs"]
|
||||
verbs: ["create","list","get","delete","deletecollection"]
|
||||
- apiGroups: ["apps"]
|
||||
resources: ["deployments","statefulsets","daemonsets","replicasets"]
|
||||
verbs: ["list","get"]
|
||||
- apiGroups: ["apps.openshift.io"]
|
||||
resources: ["deploymentconfigs"]
|
||||
verbs: ["list","get"]
|
||||
- apiGroups: ["argoproj.io"]
|
||||
resources: ["rollouts"]
|
||||
verbs: ["list","get"]
|
||||
- apiGroups: ["litmuschaos.io"]
|
||||
resources: ["chaosengines","chaosexperiments","chaosresults"]
|
||||
verbs: ["create","list","get","patch","update"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
|
||||
Reference in New Issue
Block a user