diff --git a/charts/generic/container-kill/rbac.yaml b/charts/generic/container-kill/rbac.yaml new file mode 100644 index 0000000..4021474 --- /dev/null +++ b/charts/generic/container-kill/rbac.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +rules: +- apiGroups: ["","litmuschaos.io","batch","apps"] + resources: ["pods","jobs","daemonsets","pods/exec","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default + diff --git a/charts/generic/disk-fill/rbac.yaml b/charts/generic/disk-fill/rbac.yaml new file mode 100644 index 0000000..97f62ba --- /dev/null +++ b/charts/generic/disk-fill/rbac.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-sa + labels: + name: nginx-sa +rules: +- apiGroups: ["","apps","litmuschaos.io","batch"] + resources: ["pods","jobs","pods/exec","daemonsets","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-sa + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/generic/disk-loss/rbac.yaml b/charts/generic/disk-loss/rbac.yaml new file mode 100644 index 0000000..9d2a40b --- /dev/null +++ b/charts/generic/disk-loss/rbac.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-sa + labels: + name: nginx-sa +rules: +- apiGroups: ["","litmuschaos.io","batch"] + resources: ["pods","jobs","secrets","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-sa + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/generic/node-cpu-hog/rbac.yaml b/charts/generic/node-cpu-hog/rbac.yaml new file mode 100644 index 0000000..6d24154 --- /dev/null +++ b/charts/generic/node-cpu-hog/rbac.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-sa + labels: + name: nginx-sa +rules: +- apiGroups: ["","litmuschaos.io","batch","apps"] + resources: ["pods","daemonsets","jobs","pods/exec","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs : ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-sa + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/generic/node-drain/rbac.yaml b/charts/generic/node-drain/rbac.yaml new file mode 100644 index 0000000..68208fb --- /dev/null +++ b/charts/generic/node-drain/rbac.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-sa + labels: + name: nginx-sa +rules: +- apiGroups: ["","litmuschaos.io","batch","extensions"] + resources: ["pods","jobs","chaosengines","daemonsets","pods/eviction","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["patch","get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-sa + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default + diff --git a/charts/generic/pod-cpu-hog/rbac.yaml b/charts/generic/pod-cpu-hog/rbac.yaml new file mode 100644 index 0000000..044384e --- /dev/null +++ b/charts/generic/pod-cpu-hog/rbac.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +rules: +- apiGroups: ["","litmuschaos.io","batch"] + resources: ["pods","jobs","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/generic/pod-delete/rbac.yaml b/charts/generic/pod-delete/rbac.yaml new file mode 100644 index 0000000..427bf75 --- /dev/null +++ b/charts/generic/pod-delete/rbac.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +rules: +- apiGroups: ["","litmuschaos.io","batch","apps"] + resources: ["pods","deployments","jobs","configmaps","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs : ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default + diff --git a/charts/generic/pod-network-corruption/rbac.yaml b/charts/generic/pod-network-corruption/rbac.yaml new file mode 100644 index 0000000..044384e --- /dev/null +++ b/charts/generic/pod-network-corruption/rbac.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +rules: +- apiGroups: ["","litmuschaos.io","batch"] + resources: ["pods","jobs","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/generic/pod-network-latency/rbac.yaml b/charts/generic/pod-network-latency/rbac.yaml new file mode 100644 index 0000000..044384e --- /dev/null +++ b/charts/generic/pod-network-latency/rbac.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +rules: +- apiGroups: ["","litmuschaos.io","batch"] + resources: ["pods","jobs","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/generic/pod-network-loss/rbac.yaml b/charts/generic/pod-network-loss/rbac.yaml new file mode 100644 index 0000000..25bd2a5 --- /dev/null +++ b/charts/generic/pod-network-loss/rbac.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +rules: +- apiGroups: ["","litmuschaos.io","batch"] + resources: ["pods","jobs","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/kafka/kafka-broker-disk-failure/rbac.yaml b/charts/kafka/kafka-broker-disk-failure/rbac.yaml new file mode 100644 index 0000000..692b3c7 --- /dev/null +++ b/charts/kafka/kafka-broker-disk-failure/rbac.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kafka-sa + namespace: default + labels: + name: kafka-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: kafka-sa + labels: + name: kafka-sa +rules: +- apiGroups: ["","litmuschaos.io","batch","apps"] + resources: ["pods","jobs","pod/exec","statefulsets","secrets","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: kafka-sa + labels: + name: kafka-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kafka-role +subjects: +- kind: ServiceAccount + name: kafka-sa + namespace: default + diff --git a/charts/kafka/kafka-broker-pod-failure/rbac.yaml b/charts/kafka/kafka-broker-pod-failure/rbac.yaml new file mode 100644 index 0000000..2419569 --- /dev/null +++ b/charts/kafka/kafka-broker-pod-failure/rbac.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kafka-sa + namespace: default + labels: + name: kafka-sa +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: kafka-sa + labels: + name: kafka-sa +rules: +- apiGroups: ["","litmuschaos.io","batch","apps"] + resources: ["pods","deployments","jobs","pod/exec","statefulsets","configmaps","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs : ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: kafka-sa + labels: + name: kafka-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kafka-role +subjects: +- kind: ServiceAccount + name: kafka-sa + namespace: default diff --git a/charts/openebs/openebs-pool-container-failure/rbac.yaml b/charts/openebs/openebs-pool-container-failure/rbac.yaml new file mode 100644 index 0000000..d1f9fc2 --- /dev/null +++ b/charts/openebs/openebs-pool-container-failure/rbac.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +# Source: openebs/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-sa + labels: + name: nginx-sa +rules: +- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io",openebs.io"] + resources: ["pods","jobs","daemonsets","replicasets","pods/exec","configmaps","secrets","persistentvolumeclaims","cstorvolumereplicas","chaosexperiments","chaosresults","chaosengines"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-sa + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/openebs/openebs-pool-pod-failure/rbac.yaml b/charts/openebs/openebs-pool-pod-failure/rbac.yaml new file mode 100644 index 0000000..3443a9f --- /dev/null +++ b/charts/openebs/openebs-pool-pod-failure/rbac.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +# Source: openebs/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-sa + labels: + name: nginx-sa +rules: +- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"] + resources: ["pods","jobs","deployments","configmaps","secrets","replicasets","persistentvolumeclaims","storageclasses","cstorvolumereplicas","chaosexperiments","chaosresults","chaosengines"] + verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-sa + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/openebs/openebs-target-container-failure/rbac.yaml b/charts/openebs/openebs-target-container-failure/rbac.yaml new file mode 100644 index 0000000..fdb3bb3 --- /dev/null +++ b/charts/openebs/openebs-target-container-failure/rbac.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +# Source: openebs/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-sa + labels: + name: nginx-sa +rules: +- apiGroups: ["","litmuschaos.io","batch","apps","storage.k8s.io"] + resources: ["pods","jobs","pods/exec","configmaps","secrets","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-sa + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/openebs/openebs-target-network-delay/rbac.yaml b/charts/openebs/openebs-target-network-delay/rbac.yaml new file mode 100644 index 0000000..abf0ac5 --- /dev/null +++ b/charts/openebs/openebs-target-network-delay/rbac.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +# Source: openebs/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-sa + labels: + name: nginx-sa +rules: +- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"] + resources: ["pods","pods/exec","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-sa + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/openebs/openebs-target-network-loss/rbac.yaml b/charts/openebs/openebs-target-network-loss/rbac.yaml new file mode 100644 index 0000000..abf0ac5 --- /dev/null +++ b/charts/openebs/openebs-target-network-loss/rbac.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +# Source: openebs/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-sa + labels: + name: nginx-sa +rules: +- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"] + resources: ["pods","pods/exec","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"] + verbs: ["create","list","get","patch","update","delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-sa + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default diff --git a/charts/openebs/openebs-target-pod-failure/rbac.yaml b/charts/openebs/openebs-target-pod-failure/rbac.yaml new file mode 100644 index 0000000..ed0ffab --- /dev/null +++ b/charts/openebs/openebs-target-pod-failure/rbac.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-sa + namespace: default + labels: + name: nginx-sa +--- +# Source: openebs/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-sa + labels: + name: nginx-sa +rules: +- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"] + resources: ["pods","jobs","deployments","pods/exec","chaosexperiments","chaosresults","chaosengines","configmaps","secrets","services,"persistentvolumeclaims","storageclasses","persistentvolumes"] + verbs: ["create","list","get","patch","update","delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-sa + labels: + name: nginx-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-sa +subjects: +- kind: ServiceAccount + name: nginx-sa + namespace: default +