-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplified Merge-All #33
Conversation
Technically shouldn't force the user to use the kube-monkey namespace
Had to run `glide cache-clear` and then `glide update --strip-vendor`
Allow people to copy pasta ;) asobti#23
Only relevant after asobti#24
CreateClient involves creating a clientset that accesses the k8 api It does not belong in chaos but rather kubernetes
New sublocation for all kinds
run with make gofmt
Allow victims to do the heavylifting for common methods
Whitelists and Blacklists both operate. Blacklist overrides a whitelist.
Log improvements
K8 upgrade
Templatize
Print time fixes
Statefulsets
glide up --v && v0.2.0
deploy-test.yaml ---
apiVersion: v1
kind: Namespace
metadata:
name: test-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: counter
namespace: test-system
spec:
replicas: 2
template:
metadata:
labels:
kube-monkey/enabled: enabled
kube-monkey/identifier: monkey-victim-counter
kube-monkey/mtbf: "1"
kube-monkey/kill-mode: "kill-all"
spec:
containers:
- args:
- /bin/sh
- -c
- 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done'
image: busybox:latest
imagePullPolicy: Always
name: test-counter
restartPolicy: Always
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: counter-delete-all-fail-test
namespace: test-system
spec:
replicas: 2
template:
metadata:
labels:
kube-monkey/enabled: enabled
kube-monkey/identifier: monkey-victim-delete-all-fail-test
kube-monkey/mtbf: "1"
kube-monkey/kill-mode: "kill-all"
spec:
containers:
- args:
- /bin/sh
- -c
- 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done'
image: DOESNOTEXIST:latest
imagePullPolicy: Always
name: test-counter-delete-all-fail-test
restartPolicy: Always
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: singlecounter
namespace: test-system
spec:
replicas: 1
template:
metadata:
labels:
kube-monkey/enabled: enabled
kube-monkey/identifier: monkey-victim-single-counter
kube-monkey/mtbf: "2"
kube-monkey/kill-mode: "fixed"
kube-monkey/kill-value: "2"
spec:
containers:
- args:
- /bin/sh
- -c
- 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done'
image: busybox:latest
imagePullPolicy: Always
name: test-single-counter
restartPolicy: Always
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: opt-out-counter
namespace: test-system
spec:
replicas: 1
template:
metadata:
labels:
kube-monkey/enabled: disabled
kube-monkey/identifier: not-a-counter-victim
kube-monkey/mtbf: "1"
kube-monkey/kill-mode: "kill-all"
spec:
containers:
- args:
- /bin/sh
- -c
- 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 86400; done'
image: busybox:latest
imagePullPolicy: Always
name: not-a-counter-victim
restartPolicy: Always
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: fail-deploy
namespace: test-system
spec:
replicas: 2
template:
metadata:
labels:
kube-monkey/enabled: enabled
kube-monkey/identifier: failure-test
kube-monkey/mtbf: "1"
kube-monkey/kill-mode: "fixed"
kube-monkey/kill-value: "2"
spec:
containers:
- args:
- /bin/sh
- -c
- 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 300; done'
image: invalidimage
imagePullPolicy: Always
name: fail-deploy
restartPolicy: Always
---
# missing-secret.yaml
# a failed deployment
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: secret-pod
namespace: test-system
spec:
replicas: 2
template:
metadata:
labels:
kube-monkey/enabled: enabled
kube-monkey/identifier: missing-secret-test
kube-monkey/mtbf: "1"
kube-monkey/kill-mode: "random-max-percent"
kube-monkey/kill-value: "2"
spec:
containers:
- name: missing-secret-test
image: busybox:latest
command: [ "/bin/sh", "-c", "env" ]
volumeMounts:
- mountPath: /etc/secret/
name: myothersecret
volumes:
- name: myothersecret
secret:
secretName: myothersecret
restartPolicy: Always ss-test.yaml ---
apiVersion: v1
kind: Namespace
metadata:
name: test-system
---
apiVersion: v1
kind: Service
metadata:
labels:
app: counter-ss
name: counter-ss
namespace: test-system
spec:
clusterIP: None
ports:
- port: 9001
selector:
app: counter-ss
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: counter-ss
namespace: test-system
spec:
serviceName: counter-ss
replicas: 3
template:
metadata:
labels:
kube-monkey/enabled: enabled
kube-monkey/identifier: monkey-victim-counter-ss
kube-monkey/mtbf: "1"
kube-monkey/kill-mode: "kill-all"
spec:
containers:
- args:
- /bin/sh
- -c
- 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done'
image: busybox:latest
imagePullPolicy: Always
name: test-counter-ss
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app: counter-delete-all-fail-test-ss
name: counter-delete-all-fail-test-ss
namespace: test-system
spec:
clusterIP: None
ports:
- port: 9002
selector:
app: counter-delete-all-fail-test-ss
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: counter-delete-all-fail-test-ss
namespace: test-system
spec:
serviceName: counter-delete-all-fail-test-ss
replicas: 3
template:
metadata:
labels:
kube-monkey/enabled: enabled
kube-monkey/identifier: monkey-victim-delete-all-fail-test-ss
kube-monkey/mtbf: "1"
kube-monkey/kill-mode: "kill-all"
spec:
containers:
- args:
- /bin/sh
- -c
- 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done'
image: DOESNOTEXIST:latest
imagePullPolicy: Always
name: test-counter-delete-all-fail-test-ss
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app: singlecounter-ss
name: singlecounter-ss
namespace: test-system
spec:
clusterIP: None
ports:
- port: 9003
selector:
app: singlecounter-ss
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: singlecounter-ss
namespace: test-system
spec:
serviceName: singlecounter-ss
replicas: 1
template:
metadata:
labels:
kube-monkey/enabled: enabled
kube-monkey/identifier: monkey-victim-single-counter-ss
kube-monkey/mtbf: "2"
kube-monkey/kill-mode: "fixed"
kube-monkey/kill-value: "2"
spec:
containers:
- args:
- /bin/sh
- -c
- 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done'
image: busybox:latest
imagePullPolicy: Always
name: test-single-counter-ss
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app: opt-out-counter-ss
name: opt-out-counter-ss
namespace: test-system
spec:
clusterIP: None
ports:
- port: 9004
selector:
app: opt-out-counter-ss
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: opt-out-counter-ss
namespace: test-system
spec:
serviceName: opt-out-counter-ss
replicas: 1
template:
metadata:
labels:
kube-monkey/enabled: disabled
kube-monkey/identifier: not-a-counter-victim-ss
kube-monkey/mtbf: "1"
kube-monkey/kill-mode: "kill-all"
spec:
containers:
- args:
- /bin/sh
- -c
- 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 86400; done'
image: busybox:latest
imagePullPolicy: Always
name: not-a-counter-victim-ss
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app: fail-deploy-ss
name: fail-deploy-ss
namespace: test-system
spec:
clusterIP: None
ports:
- port: 9005
selector:
app: fail-deploy-ss
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: fail-deploy-ss
namespace: test-system
spec:
serviceName: fail-deploy-ss
replicas: 2
template:
metadata:
labels:
kube-monkey/enabled: enabled
kube-monkey/identifier: failure-test-ss
kube-monkey/mtbf: "1"
kube-monkey/kill-mode: "random-max-percent"
kube-monkey/kill-value: "75"
spec:
containers:
- args:
- /bin/sh
- -c
- 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 300; done'
image: invalidimage
imagePullPolicy: Always
name: fail-deploy-ss
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app: secret-pod-ss
name: secret-pod-ss
namespace: test-system
spec:
clusterIP: None
ports:
- port: 9006
selector:
app: secret-pod-ss
---
# missing-secret.yaml
# a failed deployment
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: secret-pod-ss
namespace: test-system
spec:
serviceName: secret-pod-ss
replicas: 2
template:
metadata:
labels:
kube-monkey/enabled: enabled
kube-monkey/identifier: missing-secret-test-ss
kube-monkey/mtbf: "1"
kube-monkey/kill-mode: "random-max-percent"
kube-monkey/kill-value: "75"
spec:
containers:
- name: missing-secret-test-ss
image: busybox:latest
command: [ "/bin/sh", "-c", "env" ]
volumeMounts:
- mountPath: /etc/secret/
name: myothersecret
volumes:
- name: myothersecret
secret:
secretName: myothersecret
restartPolicy: Always config.toml config.toml: |
[kubemonkey]
dry_run = false
time_zone = "America/New_York"
run_hour = 8
start_hour = 10
end_hour = 16
graceperiod_sec = 10
blacklisted_namespaces = ["kube-system"]
whitelisted_namespaces = ["default", "test-system"]
[debug]
enabled = false
schedule_delay = 10
force_should_kill = false
schedule_immediate_kill = true |
I just updated the glide.lock by rewriting it (y) |
chaos/chaos.go
Outdated
return c.DeletePod(client, targetPod) | ||
} | ||
// Has the victim been removed from the whitelist since scheduling? | ||
if !c.Victim().IsWhitelisted() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Spellchaser Does this mean that each victim has to specifically be listed in the whitelist for kube-monkey to act on it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but the default for whitelisting is all namespaces. So if you don't enable a whitelist, it doesn't affect you.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose a better comment would be something like
// Does the namespace whitelist still include the victim's namespace now at killtime?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like the default is NamespaceDefault
viper.SetDefault(param.WhitelistedNamespaces, []string{metav1.NamespaceDefault})
Is that the same as NamespaceAll
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nada, NamespaceDefault is "default" NamespaceAll is ""
I figured it'd be safer, abliet more confusing for users
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, if I don't specify the whitelisted_namespaces
in my config file, my victims will not be killed (assuming they are in their own namespace) ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, ignore that. I saw the following commit where you update docs for the whitelisting stuff and that clears it up.
Not entirely...
If you didn't specify whitelist in the configs it would default to
whitelisting the `default` namespace. Your deployments in `default` still
have to be opted in.
If you whitelisted only `test-namespace`, only deployments in
`test-namespace` could opt in.
On Jan 23, 2018 8:55 PM, "Ayush Sobti" <notifications@github.com> wrote:
*@asobti* commented on this pull request.
------------------------------
In chaos/chaos.go
<#33 (comment)>:
- glog.V(2).Infof("Terminating pod %s for deployment %s", targetPod,
c.deployment.Name())
- return c.DeletePod(client, targetPod)
-}
+ // Has the victim been removed from the whitelist since scheduling?
+ if !c.Victim().IsWhitelisted() {
So, if I don't specify the whitelisted_namespaces in my config file, my
victims will not be killed (assuming they are in their own namespace) ?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#33 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ACV_i6AiQDcJWnIo64dow2N8rfy21F4Kks5tNo14gaJpZM4RRPx6>
.
|
Aggregates #18, #19, #24, #25, #27, #28, #29, #30, #31, #34