ivanch/litmus-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added DNS Spoof chaos (#455)

Browse Source 
* added dns-spoof chaos chart

Signed-off-by: Soumya Ghosh Dastidar <gdsoumya@gmail.com>
This commit is contained in:
Soumya Ghosh Dastidar
2021-05-14 12:25:32 +05:30
committed by GitHub
parent de46820cdb
commit cb425d8522
16 changed files with 1308 additions and 945 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1629
charts/generic/experiments.yaml
View File

File diff suppressed because it is too large Load Diff

3
charts/generic/generic.chartserviceversion.yaml
View File

@@ -35,7 +35,8 @@ spec:
- node-io-stress - node-io-stress
- pod-io-stress - pod-io-stress
- node-restart - node-restart
- pod-dns-chaos - pod-dns-error
- pod-dns-spoof
keywords: keywords:
- Kubernetes - Kubernetes

11
charts/generic/generic.package.yaml
View File

@@ -4,7 +4,7 @@ experiments:
CSV: pod-delete.chartserviceversion.yaml CSV: pod-delete.chartserviceversion.yaml
desc: "pod-delete" desc: "pod-delete"
- name: container-kill - name: container-kill
CSV: container-kill.chartserviceversion.yaml CSV: container-kill.chartserviceversion.yaml
desc: "container-kill" desc: "container-kill"
- name: pod-network-loss - name: pod-network-loss
CSV: pod-network-loss.chartserviceversion.yaml CSV: pod-network-loss.chartserviceversion.yaml
@@ -66,6 +66,9 @@ experiments:
- name: node-restart - name: node-restart
CSV: node-restart.chartserviceversion.yaml CSV: node-restart.chartserviceversion.yaml
desc: "node-restart" desc: "node-restart"
- name: pod-dns-chaos - name: pod-dns-error
CSV: pod-dns-chaos.chartserviceversion.yaml CSV: pod-dns-error.chartserviceversion.yaml
desc: "pod-dns-chaos" desc: "pod-dns-error"
- name: pod-dns-spoof
CSV: pod-dns-spoof.chartserviceversion.yaml
desc: "pod-dns-spoof"

0
charts/generic/icons/pod-dns-chaos.png → charts/generic/icons/pod-dns-error.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

BIN
charts/generic/icons/pod-dns-spoof.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

57
charts/generic/pod-dns-chaos/rbac.yaml
View File

@@ -1,57 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pod-dns-chaos-sa
namespace: default
labels:
name: pod-dns-chaos-sa
app.kubernetes.io/part-of: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-dns-chaos-sa
namespace: default
labels:
name: pod-dns-chaos-sa
app.kubernetes.io/part-of: litmus
rules:
- apiGroups: [""]
resources: ["pods","events"]
verbs: ["create","list","get","patch","update","delete","deletecollection"]
- apiGroups: [""]
resources: ["pods/exec","pods/log","replicationcontrollers"]
verbs: ["create","list","get"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create","list","get","delete","deletecollection"]
- apiGroups: ["apps"]
resources: ["deployments","statefulsets","daemonsets","replicasets"]
verbs: ["list","get"]
- apiGroups: ["apps.openshift.io"]
resources: ["deploymentconfigs"]
verbs: ["list","get"]
- apiGroups: ["argoproj.io"]
resources: ["rollouts"]
verbs: ["list","get"]
- apiGroups: ["litmuschaos.io"]
resources: ["chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pod-dns-chaos-sa
namespace: default
labels:
name: pod-dns-chaos-sa
app.kubernetes.io/part-of: litmus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-dns-chaos-sa
subjects:
- kind: ServiceAccount
name: pod-dns-chaos-sa
namespace: default

31
charts/generic/pod-dns-chaos/engine.yaml → charts/generic/pod-dns-error/engine.yaml
View File

@@ -4,41 +4,36 @@ metadata:
name: nginx-chaos name: nginx-chaos
spec: spec:
appinfo: appinfo:
appns: 'default' appns: "default"
applabel: 'app=nginx' applabel: "app=nginx"
appkind: 'deployment' appkind: "deployment"
# It can be active/stop # It can be active/stop
engineState: 'active' engineState: "active"
#ex. values: ns1:name=percona,ns2:run=nginx #ex. values: ns1:name=percona,ns2:run=nginx
auxiliaryAppInfo: '' auxiliaryAppInfo: ""
chaosServiceAccount: pod-dns-chaos-sa chaosServiceAccount: pod-dns-error-sa
# It can be delete/retain # It can be delete/retain
jobCleanUpPolicy: 'delete' jobCleanUpPolicy: "delete"
experiments: experiments:
- name: pod-dns-chaos - name: pod-dns-error
spec: spec:
components: components:
env: env:
# list of the target hostnames or kewywords eg. '["litmuschaos","chaosnative.io"]' . If empty all hostnames are targets # list of the target hostnames or kewywords eg. '["litmuschaos","chaosnative.io"]' . If empty all hostnames are targets
- name: TARGET_HOSTNAMES - name: TARGET_HOSTNAMES
value: '' value: ""
# can be either exact or substring, determines whether the dns query has to match exactly with one of the targets or can have any of the targets as substring # can be either exact or substring, determines whether the dns query has to match exactly with one of the targets or can have any of the targets as substring
- name: MATCH_SCHEME - name: MATCH_SCHEME
value: 'exact' value: "exact"
# currently only error chaos is supported
- name: CHAOS_TYPE
value: 'error'
- name: TOTAL_CHAOS_DURATION - name: TOTAL_CHAOS_DURATION
value: '60' # in seconds value: "60" # in seconds
# provide the name of container runtime, it supports docker, containerd, crio # provide the name of container runtime, it supports docker, containerd, crio
- name: CONTAINER_RUNTIME - name: CONTAINER_RUNTIME
value: 'docker' value: "docker"
# provide the socket file path # provide the socket file path
- name: SOCKET_PATH - name: SOCKET_PATH
value: '/var/run/docker.sock' value: "/var/run/docker.sock"

42
charts/generic/pod-dns-chaos/experiment.yaml → charts/generic/pod-dns-error/experiment.yaml
View File

@@ -1,12 +1,12 @@
apiVersion: litmuschaos.io/v1alpha1 apiVersion: litmuschaos.io/v1alpha1
description: description:
message: | message: |
injects dns failure in target pod container Pod DNS Error injects dns failure/error in target pod containersr
kind: ChaosExperiment kind: ChaosExperiment
metadata: metadata:
name: pod-dns-chaos name: pod-dns-error
labels: labels:
name: pod-dns-chaos name: pod-dns-error
app.kubernetes.io/part-of: litmus app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: chaosexperiment app.kubernetes.io/component: chaosexperiment
app.kubernetes.io/version: latest app.kubernetes.io/version: latest
@@ -47,61 +47,55 @@ spec:
- "deletecollection" - "deletecollection"
image: "litmuschaos/go-runner:latest" image: "litmuschaos/go-runner:latest"
args: args:
- -c - -c
- ./experiments -name pod-dns-chaos - ./experiments -name pod-dns-error
command: command:
- /bin/bash - /bin/bash
env: env:
- name: TARGET_CONTAINER - name: TARGET_CONTAINER
value: '' value: ""
# provide lib image # provide lib image
- name: LIB_IMAGE - name: LIB_IMAGE
value: 'litmuschaos/go-runner:latest' value: "litmuschaos/go-runner:latest"
- name: TOTAL_CHAOS_DURATION - name: TOTAL_CHAOS_DURATION
value: '60' # in seconds value: "60" # in seconds
# Time period to wait before and after injection of chaos in sec # Time period to wait before and after injection of chaos in sec
- name: RAMP_TIME - name: RAMP_TIME
value: '' value: ""
## percentage of total pods to target ## percentage of total pods to target
- name: PODS_AFFECTED_PERC - name: PODS_AFFECTED_PERC
value: '' value: ""
- name: TARGET_PODS - name: TARGET_PODS
value: '' value: ""
# provide the name of container runtime, it supports docker, containerd, crio # provide the name of container runtime, it supports docker, containerd, crio
- name: CONTAINER_RUNTIME - name: CONTAINER_RUNTIME
value: 'docker' value: "docker"
# provide the socket file path # provide the socket file path
- name: SOCKET_PATH - name: SOCKET_PATH
value: '/var/run/docker.sock' value: "/var/run/docker.sock"
## it defines the sequence of chaos execution for multiple target pods ## it defines the sequence of chaos execution for multiple target pods
## supported values: serial, parallel ## supported values: serial, parallel
- name: SEQUENCE - name: SEQUENCE
value: 'parallel' value: "parallel"
# list of the target hostnames or kewywords eg. '["litmuschaos","chaosnative.io"]' . If empty all hostnames are targets # list of the target hostnames or kewywords eg. '["litmuschaos","chaosnative.io"]' . If empty all hostnames are targets
- name: TARGET_HOSTNAMES - name: TARGET_HOSTNAMES
value: '' value: ""
# can be either exact or substring, determines whether the dns query has to match exactly with one of the targets or can have any of the targets as substring # can be either exact or substring, determines whether the dns query has to match exactly with one of the targets or can have any of the targets as substring
- name: MATCH_SCHEME - name: MATCH_SCHEME
value: 'exact' value: "exact"
# currently only error chaos is supported
- name: CHAOS_TYPE
value: 'error'
labels: labels:
experiment: pod-dns-chaos experiment: pod-dns-error
app.kubernetes.io/part-of: litmus app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: experiment-job app.kubernetes.io/component: experiment-job
app.kubernetes.io/version: latest app.kubernetes.io/version: latest

10
charts/generic/pod-dns-chaos/pod-dns-chaos.chartserviceversion.yaml → charts/generic/pod-dns-error/pod-dns-error.chartserviceversion.yaml
View File

@@ -1,14 +1,14 @@
apiVersion: litmuchaos.io/v1alpha1 apiVersion: litmuchaos.io/v1alpha1
kind: ChartServiceVersion kind: ChartServiceVersion
metadata: metadata:
name: pod-dns-chaos name: pod-dns-error
version: 0.1.0 version: 0.1.0
annotations: annotations:
categories: generic categories: generic
spec: spec:
displayName: pod-dns-chaos displayName: pod-dns-error
categoryDescription: > categoryDescription: >
injects dns failure in target pod container Pod DNS Error injects dns failure/error in target pod containers
keywords: keywords:
- "pods" - "pods"
- "kubernetes" - "kubernetes"
@@ -26,7 +26,7 @@ spec:
app.kubernetes.io/version: latest app.kubernetes.io/version: latest
links: links:
- name: Source Code - name: Source Code
url: https://github.com/litmuschaos/litmus-go/tree/master/experiments/generic/pod-dns-chaos url: https://github.com/litmuschaos/litmus-go/tree/master/experiments/generic/pod-dns-error
- name: Documentation - name: Documentation
url: https://docs.litmuschaos.io/docs/getstarted/ url: https://docs.litmuschaos.io/docs/getstarted/
- name: Video - name: Video
@@ -34,4 +34,4 @@ spec:
icon: icon:
- base64data: "" - base64data: ""
mediatype: "" mediatype: ""
chaosexpcrdlink: https://raw.githubusercontent.com/litmuschaos/chaos-charts/master/charts/generic/pod-dns-chaos/experiment.yaml chaosexpcrdlink: https://raw.githubusercontent.com/litmuschaos/chaos-charts/master/charts/generic/pod-dns-error/experiment.yaml

43
charts/generic/pod-dns-chaos/rbac-psp.yaml → charts/generic/pod-dns-error/rbac-psp.yaml
View File

@@ -2,42 +2,43 @@
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: pod-dns-chaos-sa name: pod-dns-error-sa
namespace: default namespace: default
labels: labels:
name: pod-dns-chaos-sa name: pod-dns-error-sa
app.kubernetes.io/part-of: litmus app.kubernetes.io/part-of: litmus
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: pod-dns-chaos-sa name: pod-dns-error-sa
namespace: default namespace: default
labels: labels:
name: pod-dns-chaos-sa name: pod-dns-error-sa
app.kubernetes.io/part-of: litmus app.kubernetes.io/part-of: litmus
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["pods","events"] resources: ["pods", "events"]
verbs: ["create","list","get","patch","update","delete","deletecollection"] verbs:
["create", "list", "get", "patch", "update", "delete", "deletecollection"]
- apiGroups: [""] - apiGroups: [""]
resources: ["pods/exec","pods/log","replicationcontrollers"] resources: ["pods/exec", "pods/log", "replicationcontrollers"]
verbs: ["create","list","get"] verbs: ["create", "list", "get"]
- apiGroups: ["batch"] - apiGroups: ["batch"]
resources: ["jobs"] resources: ["jobs"]
verbs: ["create","list","get","delete","deletecollection"] verbs: ["create", "list", "get", "delete", "deletecollection"]
- apiGroups: ["apps"] - apiGroups: ["apps"]
resources: ["deployments","statefulsets","daemonsets","replicasets"] resources: ["deployments", "statefulsets", "daemonsets", "replicasets"]
verbs: ["list","get"] verbs: ["list", "get"]
- apiGroups: ["apps.openshift.io"] - apiGroups: ["apps.openshift.io"]
resources: ["deploymentconfigs"] resources: ["deploymentconfigs"]
verbs: ["list","get"] verbs: ["list", "get"]
- apiGroups: ["argoproj.io"] - apiGroups: ["argoproj.io"]
resources: ["rollouts"] resources: ["rollouts"]
verbs: ["list","get"] verbs: ["list", "get"]
- apiGroups: ["litmuschaos.io"] - apiGroups: ["litmuschaos.io"]
resources: ["chaosengines","chaosexperiments","chaosresults"] resources: ["chaosengines", "chaosexperiments", "chaosresults"]
verbs: ["create","list","get","patch","update"] verbs: ["create", "list", "get", "patch", "update"]
- apiGroups: ["policy"] - apiGroups: ["policy"]
resources: ["podsecuritypolicies"] resources: ["podsecuritypolicies"]
verbs: ["use"] verbs: ["use"]
@@ -46,16 +47,16 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: pod-dns-chaos-sa name: pod-dns-error-sa
namespace: default namespace: default
labels: labels:
name: pod-dns-chaos-sa name: pod-dns-error-sa
app.kubernetes.io/part-of: litmus app.kubernetes.io/part-of: litmus
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
name: pod-dns-chaos-sa name: pod-dns-error-sa
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: pod-dns-chaos-sa name: pod-dns-error-sa
namespace: default namespace: default

58
charts/generic/pod-dns-error/rbac.yaml Normal file
View File

@@ -0,0 +1,58 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pod-dns-error-sa
namespace: default
labels:
name: pod-dns-error-sa
app.kubernetes.io/part-of: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-dns-error-sa
namespace: default
labels:
name: pod-dns-error-sa
app.kubernetes.io/part-of: litmus
rules:
- apiGroups: [""]
resources: ["pods", "events"]
verbs:
["create", "list", "get", "patch", "update", "delete", "deletecollection"]
- apiGroups: [""]
resources: ["pods/exec", "pods/log", "replicationcontrollers"]
verbs: ["create", "list", "get"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create", "list", "get", "delete", "deletecollection"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets", "daemonsets", "replicasets"]
verbs: ["list", "get"]
- apiGroups: ["apps.openshift.io"]
resources: ["deploymentconfigs"]
verbs: ["list", "get"]
- apiGroups: ["argoproj.io"]
resources: ["rollouts"]
verbs: ["list", "get"]
- apiGroups: ["litmuschaos.io"]
resources: ["chaosengines", "chaosexperiments", "chaosresults"]
verbs: ["create", "list", "get", "patch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pod-dns-error-sa
namespace: default
labels:
name: pod-dns-error-sa
app.kubernetes.io/part-of: litmus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-dns-error-sa
subjects:
- kind: ServiceAccount
name: pod-dns-error-sa
namespace: default

35
charts/generic/pod-dns-spoof/engine.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: nginx-chaos
spec:
appinfo:
appns: "default"
applabel: "app=nginx"
appkind: "deployment"
# It can be active/stop
engineState: "active"
#ex. values: ns1:name=percona,ns2:run=nginx
auxiliaryAppInfo: ""
chaosServiceAccount: pod-dns-spoof-sa
# It can be delete/retain
jobCleanUpPolicy: "delete"
experiments:
- name: pod-dns-spoof
spec:
components:
env:
# map of the target hostnames eg. '{"abc.com":"spoofabc.com"}' . If empty no queries will be spoofed
- name: SPOOF_MAP
value: '{"google.com":"fakegoogle.com"}'
- name: TOTAL_CHAOS_DURATION
value: "60" # in seconds
# provide the name of container runtime, it supports docker, containerd, crio
- name: CONTAINER_RUNTIME
value: "docker"
# provide the socket file path
- name: SOCKET_PATH
value: "/var/run/docker.sock"

97
charts/generic/pod-dns-spoof/experiment.yaml Normal file
View File

@@ -0,0 +1,97 @@
apiVersion: litmuschaos.io/v1alpha1
description:
message: |
Pod DNS Spoof can spoof particular dns requests in target pod container to desired target hostnames
kind: ChaosExperiment
metadata:
name: pod-dns-spoof
labels:
name: pod-dns-spoof
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: chaosexperiment
app.kubernetes.io/version: latest
spec:
definition:
scope: Namespaced
permissions:
- apiGroups:
- ""
- "batch"
- "apps"
- "apps.openshift.io"
- "argoproj.io"
- "litmuschaos.io"
resources:
- "jobs"
- "pods"
- "pods/log"
- "replicationcontrollers"
- "deployments"
- "statefulsets"
- "daemonsets"
- "replicasets"
- "deploymentconfigs"
- "rollouts"
- "pods/exec"
- "events"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
verbs:
- "create"
- "list"
- "get"
- "patch"
- "update"
- "delete"
- "deletecollection"
image: "litmuschaos/go-runner:latest"
args:
- -c
- ./experiments -name pod-dns-spoof
command:
- /bin/bash
env:
- name: TARGET_CONTAINER
value: ""
# provide lib image
- name: LIB_IMAGE
value: "litmuschaos/go-runner:latest"
- name: TOTAL_CHAOS_DURATION
value: "60" # in seconds
# Time period to wait before and after injection of chaos in sec
- name: RAMP_TIME
value: ""
## percentage of total pods to target
- name: PODS_AFFECTED_PERC
value: ""
- name: TARGET_PODS
value: ""
# provide the name of container runtime, it supports docker, containerd, crio
- name: CONTAINER_RUNTIME
value: "docker"
# provide the socket file path
- name: SOCKET_PATH
value: "/var/run/docker.sock"
## it defines the sequence of chaos execution for multiple target pods
## supported values: serial, parallel
- name: SEQUENCE
value: "parallel"
# map of the target hostnames eg. '{"abc.com":"spoofabc.com"}' . If empty no queries will be spoofed
- name: SPOOF_MAP
value: ""
labels:
experiment: pod-dns-spoof
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: experiment-job
app.kubernetes.io/version: latest

37
charts/generic/pod-dns-spoof/pod-dns-spoof.chartserviceversion.yaml Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: litmuchaos.io/v1alpha1
kind: ChartServiceVersion
metadata:
name: pod-dns-spoof
version: 0.1.0
annotations:
categories: generic
spec:
displayName: pod-dns-spoof
categoryDescription: >
Pod DNS Spoof can spoof particular dns requests in target pod container to desired target hostnames
keywords:
- "pods"
- "kubernetes"
- "generic"
- "dns"
maturity: alpha
minKubeVersion: 1.12.0
provider:
name: ChaosNative
maintainers:
- name: gdsoumya
email: gdsoumya@chaosnative.com
labels:
app.kubernetes.io/component: chartserviceversion
app.kubernetes.io/version: latest
links:
- name: Source Code
url: https://github.com/litmuschaos/litmus-go/tree/master/experiments/generic/pod-dns-spoof
- name: Documentation
url: https://docs.litmuschaos.io/docs/getstarted/
- name: Video
url:
icon:
- base64data: ""
mediatype: ""
chaosexpcrdlink: https://raw.githubusercontent.com/litmuschaos/chaos-charts/master/charts/generic/pod-dns-spoof/experiment.yaml

62
charts/generic/pod-dns-spoof/rbac-psp.yaml Normal file
View File

@@ -0,0 +1,62 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pod-dns-spoof-sa
namespace: default
labels:
name: pod-dns-spoof-sa
app.kubernetes.io/part-of: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-dns-spoof-sa
namespace: default
labels:
name: pod-dns-spoof-sa
app.kubernetes.io/part-of: litmus
rules:
- apiGroups: [""]
resources: ["pods", "events"]
verbs:
["create", "list", "get", "patch", "update", "delete", "deletecollection"]
- apiGroups: [""]
resources: ["pods/exec", "pods/log", "replicationcontrollers"]
verbs: ["create", "list", "get"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create", "list", "get", "delete", "deletecollection"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets", "daemonsets", "replicasets"]
verbs: ["list", "get"]
- apiGroups: ["apps.openshift.io"]
resources: ["deploymentconfigs"]
verbs: ["list", "get"]
- apiGroups: ["argoproj.io"]
resources: ["rollouts"]
verbs: ["list", "get"]
- apiGroups: ["litmuschaos.io"]
resources: ["chaosengines", "chaosexperiments", "chaosresults"]
verbs: ["create", "list", "get", "patch", "update"]
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
verbs: ["use"]
resourceNames: ["litmus"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pod-dns-spoof-sa
namespace: default
labels:
name: pod-dns-spoof-sa
app.kubernetes.io/part-of: litmus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-dns-spoof-sa
subjects:
- kind: ServiceAccount
name: pod-dns-spoof-sa
namespace: default

58
charts/generic/pod-dns-spoof/rbac.yaml Normal file
View File

@@ -0,0 +1,58 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pod-dns-spoof-sa
namespace: default
labels:
name: pod-dns-spoof-sa
app.kubernetes.io/part-of: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-dns-spoof-sa
namespace: default
labels:
name: pod-dns-spoof-sa
app.kubernetes.io/part-of: litmus
rules:
- apiGroups: [""]
resources: ["pods", "events"]
verbs:
["create", "list", "get", "patch", "update", "delete", "deletecollection"]
- apiGroups: [""]
resources: ["pods/exec", "pods/log", "replicationcontrollers"]
verbs: ["create", "list", "get"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create", "list", "get", "delete", "deletecollection"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets", "daemonsets", "replicasets"]
verbs: ["list", "get"]
- apiGroups: ["apps.openshift.io"]
resources: ["deploymentconfigs"]
verbs: ["list", "get"]
- apiGroups: ["argoproj.io"]
resources: ["rollouts"]
verbs: ["list", "get"]
- apiGroups: ["litmuschaos.io"]
resources: ["chaosengines", "chaosexperiments", "chaosresults"]
verbs: ["create", "list", "get", "patch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pod-dns-spoof-sa
namespace: default
labels:
name: pod-dns-spoof-sa
app.kubernetes.io/part-of: litmus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-dns-spoof-sa
subjects:
- kind: ServiceAccount
name: pod-dns-spoof-sa
namespace: default