Documentation
¶
Index ¶
- Variables
- func CallAPI(request APIRequest) (*http.Response, error)
- func GetGVR(group, version, resource string) schema.GroupVersionResource
- func GetWithRetry(sleepInterval time.Duration, retryCount int, retryFunc func() error) error
- type APIRequest
- type E2EClient
- func (e2e *E2EClient) CleanClusterPolicies(gvr schema.GroupVersionResource) error
- func (e2e *E2EClient) ClusterPolicyReady(policyName string) bool
- func (e2e *E2EClient) CreateClusteredResource(gvr schema.GroupVersionResource, resourceData *unstructured.Unstructured) (*unstructured.Unstructured, error)
- func (e2e *E2EClient) CreateClusteredResourceYaml(gvr schema.GroupVersionResource, resourceData []byte) (*unstructured.Unstructured, error)
- func (e2e *E2EClient) CreateNamespacedResource(gvr schema.GroupVersionResource, namespace string, ...) (*unstructured.Unstructured, error)
- func (e2e *E2EClient) CreateNamespacedResourceYaml(gvr schema.GroupVersionResource, namespace, name string, resourceData []byte) (*unstructured.Unstructured, error)
- func (e2e *E2EClient) DeleteClusteredResource(gvr schema.GroupVersionResource, name string) error
- func (e2e *E2EClient) DeleteNamespacedResource(gvr schema.GroupVersionResource, namespace, name string) error
- func (e2e *E2EClient) GetClusteredResource(gvr schema.GroupVersionResource, name string) (*unstructured.Unstructured, error)
- func (e2e *E2EClient) GetNamespacedResource(gvr schema.GroupVersionResource, namespace, name string) (*unstructured.Unstructured, error)
- func (e2e *E2EClient) ListNamespacedResources(gvr schema.GroupVersionResource, namespace string) (*unstructured.UnstructuredList, error)
- func (e2e *E2EClient) PolicyReady(namespace string, policyName string) bool
- func (e2e *E2EClient) UpdateClusteredResource(gvr schema.GroupVersionResource, resourceData *unstructured.Unstructured) (*unstructured.Unstructured, error)
- func (e2e *E2EClient) UpdateClusteredResourceYaml(gvr schema.GroupVersionResource, resourceData []byte) (*unstructured.Unstructured, error)
- func (e2e *E2EClient) UpdateNamespacedResource(gvr schema.GroupVersionResource, namespace string, ...) (*unstructured.Unstructured, error)
- func (e2e *E2EClient) UpdateNamespacedResourceYaml(gvr schema.GroupVersionResource, namespace string, resourceData []byte) (*unstructured.Unstructured, error)
Constants ¶
This section is empty.
Variables ¶
View Source
var ChaosEngineYaml = []byte(`
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: kind-chaos
namespace: test-litmus
spec:
# It can be active/stop
engineState: 'active'
appinfo:
appns: 'kyverno'
applabel: 'app.kubernetes.io/name=kyverno'
appkind: 'deployment'
chaosServiceAccount: pod-cpu-hog-sa
# It can be delete/retain
jobCleanUpPolicy: 'delete'
experiments:
- name: pod-cpu-hog
spec:
components:
env:
#number of cpu cores to be consumed
#verify the resources the app has been launched with
- name: CPU_CORES
value: '1'
- name: TOTAL_CHAOS_DURATION
value: '60' # in seconds
`)
ChaosEngine Manifest
View Source
var ChaosRoleBindingYaml = []byte(`
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pod-cpu-hog-sa
namespace: test-litmus
labels:
name: pod-cpu-hog-sa
app.kubernetes.io/part-of: litmus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-cpu-hog-sa
subjects:
- kind: ServiceAccount
name: pod-cpu-hog-sa
namespace: test-litmus
`)
View Source
var ChaosRoleYaml = []byte(`
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-cpu-hog-sa
namespace: test-litmus
labels:
name: pod-cpu-hog-sa
app.kubernetes.io/part-of: litmus
rules:
- apiGroups: [""]
resources: ["pods","events"]
verbs: ["create","list","get","patch","update","delete","deletecollection"]
- apiGroups: [""]
resources: ["pods/exec","pods/log","replicationcontrollers"]
verbs: ["create","list","get"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create","list","get","delete","deletecollection"]
- apiGroups: ["apps"]
resources: ["deployments","statefulsets","daemonsets","replicasets"]
verbs: ["list","get"]
- apiGroups: ["apps.openshift.io"]
resources: ["deploymentconfigs"]
verbs: ["list","get"]
- apiGroups: ["argoproj.io"]
resources: ["rollouts"]
verbs: ["list","get"]
- apiGroups: ["litmuschaos.io"]
resources: ["chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update"]
`)
View Source
var ChaosServiceAccountYaml = []byte(`
apiVersion: v1
kind: ServiceAccount
metadata:
name: pod-cpu-hog-sa
namespace: test-litmus
labels:
name: pod-cpu-hog-sa
app.kubernetes.io/part-of: litmus
`)
Litmus Chaos Service Account
View Source
var DisallowAddingCapabilitiesYaml = []byte(`
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disallow-add-capabilities
annotations:
policies.kyverno.io/category: Pod Security Standards (Baseline)
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Pod
policies.kyverno.io/description: >-
Capabilities permit privileged actions without giving full root access.
Adding capabilities beyond the default set must not be allowed.
spec:
validationFailureAction: enforce
background: true
rules:
- name: capabilities
match:
resources:
kinds:
- Pod
validate:
message: >-
Adding of additional capabilities beyond the default set is not allowed.
The fields spec.containers[*].securityContext.capabilities.add and
spec.initContainers[*].securityContext.capabilities.add must be empty.
pattern:
spec:
containers:
- =(securityContext):
=(capabilities):
X(add): null
=(initContainers):
- =(securityContext):
=(capabilities):
X(add): null
`)
install disallow_cri_sock_mount
View Source
var KyvernoTestResourcesYaml = []byte(`
apiVersion: v1
kind: Pod
metadata:
name: add-new-capabilities
spec:
containers:
- name: add-new-capabilities
image: "ubuntu:18.04"
command:
- /bin/sleep
- "300"
securityContext:
capabilities:
add:
- NET_ADMIN
`)
disallow_cri_sock_mount Resource
View Source
var LitmusChaosnamespaceYaml = []byte(`
apiVersion: v1
kind: Namespace
metadata:
name: test-litmus
`)
Namespace Description
View Source
var PodCPUHogExperimentYaml = []byte(`
apiVersion: litmuschaos.io/v1alpha1
description:
message: |
Injects cpu consumption on pods belonging to an app deployment
kind: ChaosExperiment
metadata:
name: pod-cpu-hog
labels:
name: pod-cpu-hog
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: chaosexperiment
app.kubernetes.io/version: 1.13.3
spec:
definition:
scope: Namespaced
permissions:
- apiGroups:
- ""
- "batch"
- "apps"
- "apps.openshift.io"
- "argoproj.io"
- "litmuschaos.io"
resources:
- "jobs"
- "pods"
- "pods/log"
- "events"
- "replicationcontrollers"
- "deployments"
- "statefulsets"
- "daemonsets"
- "replicasets"
- "deploymentconfigs"
- "rollouts"
- "pods/exec"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
verbs:
- "create"
- "list"
- "get"
- "patch"
- "update"
- "delete"
- "deletecollection"
image: "litmuschaos/go-runner:1.13.3"
imagePullPolicy: Always
args:
- -c
- ./experiments -name pod-cpu-hog
command:
- /bin/bash
env:
- name: TOTAL_CHAOS_DURATION
value: '60'
## Number of CPU cores to stress
- name: CPU_CORES
value: '1'
## Percentage of total pods to target
- name: PODS_AFFECTED_PERC
value: ''
## Period to wait before and after injection of chaos in sec
- name: RAMP_TIME
value: ''
## env var that describes the library used to execute the chaos
## default: litmus. Supported values: litmus, pumba
- name: LIB
value: 'litmus'
## It is used in pumba lib only
- name: LIB_IMAGE
value: 'litmuschaos/go-runner:1.13.3'
## It is used in pumba lib only
- name: STRESS_IMAGE
value: 'alexeiled/stress-ng:latest-ubuntu'
# provide the socket file path
# it is used in pumba lib
- name: SOCKET_PATH
value: '/var/run/docker.sock'
- name: TARGET_PODS
value: ''
## it defines the sequence of chaos execution for multiple target pods
## supported values: serial, parallel
- name: SEQUENCE
value: 'parallel'
labels:
name: pod-cpu-hog
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: experiment-job
app.kubernetes.io/version: 1.13.3
`)
Pod CPU Hog Experiment
View Source
var PodCPUHogTest = struct { // TestName - Name of the Test TestName string TestData []testData }{ TestName: "test-litmus-chaos-experiment", TestData: []testData{ { // contains filtered or unexported fields }, }, }
Pod CPU hog test
Functions ¶
func GetGVR ¶ added in v1.9.0
func GetGVR(group, version, resource string) schema.GroupVersionResource
GetGVR :- gets GroupVersionResource for dynamic client
Types ¶
type E2EClient ¶ added in v1.9.0
E2EClient ...
func NewE2EClient ¶ added in v1.9.0
NewE2EClient returns a new instance of E2EClient
func (*E2EClient) CleanClusterPolicies ¶ added in v1.9.0
func (e2e *E2EClient) CleanClusterPolicies(gvr schema.GroupVersionResource) error
CleanClusterPolicies ;- Deletes all the cluster policies
func (*E2EClient) ClusterPolicyReady ¶ added in v1.9.0
func (*E2EClient) CreateClusteredResource ¶ added in v1.9.0
func (e2e *E2EClient) CreateClusteredResource(gvr schema.GroupVersionResource, resourceData *unstructured.Unstructured) (*unstructured.Unstructured, error)
CreateClusteredResource ...
func (*E2EClient) CreateClusteredResourceYaml ¶ added in v1.9.0
func (e2e *E2EClient) CreateClusteredResourceYaml(gvr schema.GroupVersionResource, resourceData []byte) (*unstructured.Unstructured, error)
CreateClusteredResourceYaml creates cluster resources from YAML like Namespace, ClusterRole, ClusterRoleBinding etc ...
func (*E2EClient) CreateNamespacedResource ¶ added in v1.9.0
func (e2e *E2EClient) CreateNamespacedResource(gvr schema.GroupVersionResource, namespace string, resourceData *unstructured.Unstructured) (*unstructured.Unstructured, error)
CreateNamespacedResource ...
func (*E2EClient) CreateNamespacedResourceYaml ¶ added in v1.9.0
func (e2e *E2EClient) CreateNamespacedResourceYaml(gvr schema.GroupVersionResource, namespace, name string, resourceData []byte) (*unstructured.Unstructured, error)
CreateNamespacedResourceYaml creates namespaced resources like Pods, Services, Deployments etc
func (*E2EClient) DeleteClusteredResource ¶ added in v1.9.0
func (e2e *E2EClient) DeleteClusteredResource(gvr schema.GroupVersionResource, name string) error
DeleteClusteredResource ...
func (*E2EClient) DeleteNamespacedResource ¶ added in v1.9.0
func (e2e *E2EClient) DeleteNamespacedResource(gvr schema.GroupVersionResource, namespace, name string) error
DeleteNamespacedResource ...
func (*E2EClient) GetClusteredResource ¶ added in v1.9.0
func (e2e *E2EClient) GetClusteredResource(gvr schema.GroupVersionResource, name string) (*unstructured.Unstructured, error)
GetClusteredResource ...
func (*E2EClient) GetNamespacedResource ¶ added in v1.9.0
func (e2e *E2EClient) GetNamespacedResource(gvr schema.GroupVersionResource, namespace, name string) (*unstructured.Unstructured, error)
GetNamespacedResource ...
func (*E2EClient) ListNamespacedResources ¶ added in v1.9.0
func (e2e *E2EClient) ListNamespacedResources(gvr schema.GroupVersionResource, namespace string) (*unstructured.UnstructuredList, error)
ListNamespacedResources ...
func (*E2EClient) PolicyReady ¶ added in v1.9.0
func (*E2EClient) UpdateClusteredResource ¶ added in v1.9.0
func (e2e *E2EClient) UpdateClusteredResource(gvr schema.GroupVersionResource, resourceData *unstructured.Unstructured) (*unstructured.Unstructured, error)
UpdateClusteredResource ...
func (*E2EClient) UpdateClusteredResourceYaml ¶ added in v1.9.0
func (e2e *E2EClient) UpdateClusteredResourceYaml(gvr schema.GroupVersionResource, resourceData []byte) (*unstructured.Unstructured, error)
UpdateClusteredResourceYaml creates cluster resources from YAML like Namespace, ClusterRole, ClusterRoleBinding etc ...
func (*E2EClient) UpdateNamespacedResource ¶ added in v1.9.0
func (e2e *E2EClient) UpdateNamespacedResource(gvr schema.GroupVersionResource, namespace string, resourceData *unstructured.Unstructured) (*unstructured.Unstructured, error)
UpdateNamespacedResource ...
func (*E2EClient) UpdateNamespacedResourceYaml ¶ added in v1.9.0
func (e2e *E2EClient) UpdateNamespacedResourceYaml(gvr schema.GroupVersionResource, namespace string, resourceData []byte) (*unstructured.Unstructured, error)
UpdateNamespacedResourceYaml creates namespaced resources like Pods, Services, Deployments etc
Source Files
Click to show internal directories.
Click to hide internal directories.