diff --git a/Makefile b/Makefile index 2972658b14..69a083e9c3 100644 --- a/Makefile +++ b/Makefile @@ -57,7 +57,7 @@ restart: # Generate manifests e.g. CRD, RBAC etc. manifests: controller-gen - $(CONTROLLER_GEN) rbac:roleName=chaos-controller-role crd:trivialVersions=true,preserveUnknownFields=false,crdVersions=v1beta1 paths="./..." output:crd:dir=./chart/templates/crds/ output:rbac:dir=./chart/templates/ + $(CONTROLLER_GEN) rbac:roleName=chaos-controller-role crd:crdVersions=v1 paths="./..." output:crd:dir=./chart/templates/crds/ output:rbac:dir=./chart/templates/ # Run go fmt against code fmt: @@ -99,7 +99,7 @@ ifeq (, $(shell which controller-gen)) CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ cd $$CONTROLLER_GEN_TMP_DIR ;\ go mod init tmp ;\ - go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.2 ;\ + go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0 ;\ rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ } CONTROLLER_GEN=$(GOBIN)/controller-gen @@ -121,7 +121,7 @@ minikube-start: --container-runtime=${container-runtime} \ --memory=${minikube-memory} \ --cpus=4 \ - --kubernetes-version=1.19.14 \ + --kubernetes-version=1.22.5 \ --disk-size=50GB \ --extra-config=apiserver.enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota \ --iso-url=https://public-chaos-controller.s3.amazonaws.com/minikube/minikube-2021-01-18.iso diff --git a/PROJECT b/PROJECT index 2aec2e1d46..5e43133bcc 100644 --- a/PROJECT +++ b/PROJECT @@ -16,5 +16,5 @@ resources: webhooks: defaulting: true validation: true - webhookVersion: v1beta1 + webhookVersion: v1 version: "3" diff --git a/README.md b/README.md index 08df4e96a7..d5ced6f13b 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -**Oldest Kubernetes version supported: 1.15** +**Oldest Kubernetes version supported: 1.16** > :warning: **Kubernetes version 1.20.x is not supported!** _This [Kubernetes issue](https://github.com/kubernetes/kubernetes/issues/97288) prevents the controller from running properly on Kubernetes 1.20.0-1.20.4. Earlier versions of Kubernetes as well as 1.20.5 and later are still supported._ diff --git a/api/v1beta1/disruption_webhook.go b/api/v1beta1/disruption_webhook.go index 1e367bc892..1c00027c60 100644 --- a/api/v1beta1/disruption_webhook.go +++ b/api/v1beta1/disruption_webhook.go @@ -40,7 +40,7 @@ func (r *Disruption) SetupWebhookWithManager(mgr ctrl.Manager, l *zap.SugaredLog Complete() } -//+kubebuilder:webhook:webhookVersions={v1beta1},path=/mutate-chaos-datadoghq-com-v1beta1-disruption,mutating=true,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions,verbs=create;update,versions=v1beta1,name=mdisruption.kb.io,admissionReviewVersions={v1,v1beta1} +//+kubebuilder:webhook:webhookVersions={v1},path=/mutate-chaos-datadoghq-com-v1beta1-disruption,mutating=true,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions,verbs=create;update,versions=v1beta1,name=mdisruption.kb.io,admissionReviewVersions={v1,v1beta1} var _ webhook.Defaulter = &Disruption{} @@ -52,7 +52,7 @@ func (r *Disruption) Default() { } } -//+kubebuilder:webhook:webhookVersions={v1beta1},path=/validate-chaos-datadoghq-com-v1beta1-disruption,mutating=false,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions,verbs=create;update;delete,versions=v1beta1,name=vdisruption.kb.io,admissionReviewVersions={v1,v1beta1} +//+kubebuilder:webhook:webhookVersions={v1},path=/validate-chaos-datadoghq-com-v1beta1-disruption,mutating=false,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions,verbs=create;update;delete,versions=v1beta1,name=vdisruption.kb.io,admissionReviewVersions={v1,v1beta1} var _ webhook.Validator = &Disruption{} diff --git a/chart/install.yaml b/chart/install.yaml index b5fe1abd64..fc8fecd78e 100644 --- a/chart/install.yaml +++ b/chart/install.yaml @@ -74,11 +74,11 @@ data: timeout: "1m" --- # Source: chaos-controller/templates/crds/chaos.datadoghq.com_disruptions.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: disruptions.chaos.datadoghq.com spec: @@ -88,346 +88,347 @@ spec: listKind: DisruptionList plural: disruptions shortNames: - - dis + - dis singular: disruption - preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: Disruption is the Schema for the disruptions API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DisruptionSpec defines the desired state of Disruption + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Disruption is the Schema for the disruptions API properties: - advancedSelector: - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the operator - is Exists or DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - nullable: true - type: array - containerFailure: - description: ContainerFailureSpec represents a container failure injection - nullable: true - properties: - forced: - type: boolean - type: object - containers: - items: - type: string - type: array - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - cpuPressure: - description: CPUPressureSpec represents a cpu pressure disruption - nullable: true + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: type: object - diskPressure: - description: DiskPressureSpec represents a disk pressure disruption - nullable: true + spec: + description: DisruptionSpec defines the desired state of Disruption properties: - path: - type: string - throttling: - description: DiskPressureThrottlingSpec represents a throttle on - read and write disk operations - properties: - readBytesPerSec: - type: integer - writeBytesPerSec: - type: integer - type: object - required: - - path - - throttling - type: object - dns: - description: DNSDisruptionSpec represents a dns disruption - items: - description: HostRecordPair represents a hostname and a corresponding - dns record override - properties: - hostname: - type: string - record: - description: DNSRecord represents a type of DNS Record, such as - A or CNAME, and the value of that record + advancedSelector: + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. properties: - type: + key: + description: key is the label key that the selector applies + to. type: string - value: + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array required: - - type - - value + - key + - operator type: object - required: - - hostname - - record - type: object - nullable: true - type: array - dryRun: - type: boolean - duration: - type: string - grpc: - description: GRPCDisruptionSpec represents a gRPC disruption - nullable: true - properties: - endpoints: + nullable: true + type: array + containerFailure: + description: ContainerFailureSpec represents a container failure injection + nullable: true + properties: + forced: + type: boolean + type: object + containers: items: - description: EndpointAlteration represents an endpoint to disrupt - and the corresponding error to return + type: string + type: array + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + cpuPressure: + description: CPUPressureSpec represents a cpu pressure disruption + nullable: true + type: object + diskPressure: + description: DiskPressureSpec represents a disk pressure disruption + nullable: true + properties: + path: + type: string + throttling: + description: DiskPressureThrottlingSpec represents a throttle + on read and write disk operations + properties: + readBytesPerSec: + type: integer + writeBytesPerSec: + type: integer + type: object + required: + - path + - throttling + type: object + dns: + description: DNSDisruptionSpec represents a dns disruption + items: + description: HostRecordPair represents a hostname and a corresponding + dns record override properties: - endpoint: - type: string - error: - enum: - - OK - - CANCELED - - UNKNOWN - - INVALID_ARGUMENT - - DEADLINE_EXCEEDED - - NOT_FOUND - - ALREADY_EXISTS - - PERMISSION_DENIED - - RESOURCE_EXHAUSTED - - FAILED_PRECONDITION - - ABORTED - - OUT_OF_RANGE - - UNIMPLEMENTED - - INTERNAL - - UNAVAILABLE - - DATA_LOSS - - UNAUTHENTICATED + hostname: type: string - override: - type: string - queryPercent: - maximum: 100 - minimum: 0 - type: integer + record: + description: DNSRecord represents a type of DNS Record, such + as A or CNAME, and the value of that record + properties: + type: + type: string + value: + type: string + required: + - type + - value + type: object required: - - endpoint + - hostname + - record type: object + nullable: true type: array - port: - maximum: 65535 - minimum: 1 - type: integer + dryRun: + type: boolean + duration: + type: string + grpc: + description: GRPCDisruptionSpec represents a gRPC disruption + nullable: true + properties: + endpoints: + items: + description: EndpointAlteration represents an endpoint to disrupt + and the corresponding error to return + properties: + endpoint: + type: string + error: + enum: + - OK + - CANCELED + - UNKNOWN + - INVALID_ARGUMENT + - DEADLINE_EXCEEDED + - NOT_FOUND + - ALREADY_EXISTS + - PERMISSION_DENIED + - RESOURCE_EXHAUSTED + - FAILED_PRECONDITION + - ABORTED + - OUT_OF_RANGE + - UNIMPLEMENTED + - INTERNAL + - UNAVAILABLE + - DATA_LOSS + - UNAUTHENTICATED + type: string + override: + type: string + queryPercent: + maximum: 100 + minimum: 0 + type: integer + required: + - endpoint + type: object + type: array + port: + maximum: 65535 + minimum: 1 + type: integer + required: + - endpoints + - port + type: object + level: + description: DisruptionLevel represents which level the disruption + should be injected at + enum: + - pod + - node + - "" + type: string + network: + description: NetworkDisruptionSpec represents a network disruption + injection + nullable: true + properties: + allowedHosts: + items: + properties: + host: + type: string + port: + maximum: 65535 + minimum: 0 + type: integer + protocol: + enum: + - tcp + - udp + - "" + type: string + type: object + nullable: true + type: array + bandwidthLimit: + minimum: 0 + type: integer + corrupt: + maximum: 100 + minimum: 0 + type: integer + delay: + maximum: 60000 + minimum: 0 + type: integer + delayJitter: + maximum: 100 + minimum: 0 + type: integer + drop: + maximum: 100 + minimum: 0 + type: integer + duplicate: + maximum: 100 + minimum: 0 + type: integer + flow: + enum: + - egress + - ingress + type: string + hosts: + items: + properties: + host: + type: string + port: + maximum: 65535 + minimum: 0 + type: integer + protocol: + enum: + - tcp + - udp + - "" + type: string + type: object + nullable: true + type: array + port: + maximum: 65535 + minimum: 0 + nullable: true + type: integer + services: + items: + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + nullable: true + type: array + type: object + nodeFailure: + description: NodeFailureSpec represents a node failure injection + nullable: true + properties: + shutdown: + type: boolean + type: object + onInit: + type: boolean + selector: + additionalProperties: + type: string + description: Set is a map of label:value. It implements Labels. + nullable: true + type: object required: - - endpoints - - port + - count type: object - level: - description: DisruptionLevel represents which level the disruption should - be injected at - enum: - - pod - - node - - "" - type: string - network: - description: NetworkDisruptionSpec represents a network disruption injection - nullable: true + status: + description: DisruptionStatus defines the observed state of Disruption properties: - allowedHosts: + ignoredTargets: items: - properties: - host: - type: string - port: - maximum: 65535 - minimum: 0 - type: integer - protocol: - enum: - - tcp - - udp - - "" - type: string - type: object + type: string nullable: true type: array - bandwidthLimit: - minimum: 0 - type: integer - corrupt: - maximum: 100 - minimum: 0 - type: integer - delay: - maximum: 60000 - minimum: 0 - type: integer - delayJitter: - maximum: 100 - minimum: 0 - type: integer - drop: - maximum: 100 - minimum: 0 - type: integer - duplicate: - maximum: 100 - minimum: 0 - type: integer - flow: + injectionStatus: + description: DisruptionInjectionStatus represents the injection status + of a disruption enum: - - egress - - ingress + - NotInjected + - PartiallyInjected + - Injected type: string - hosts: + isInjected: + type: boolean + isStuckOnRemoval: + type: boolean + targets: items: - properties: - host: - type: string - port: - maximum: 65535 - minimum: 0 - type: integer - protocol: - enum: - - tcp - - udp - - "" - type: string - type: object + type: string nullable: true type: array - port: - maximum: 65535 - minimum: 0 + userInfo: + description: UserInfo holds the information about the user needed + to implement the user.Info interface. nullable: true - type: integer - services: - items: - properties: - name: - type: string - namespace: + properties: + extra: + additionalProperties: + description: ExtraValue masks the value so protobuf can generate + items: + type: string + type: array + description: Any additional information provided by the authenticator. + type: object + groups: + description: The names of groups this user is a part of. + items: type: string - required: - - name - - namespace - type: object - nullable: true - type: array - type: object - nodeFailure: - description: NodeFailureSpec represents a node failure injection - nullable: true - properties: - shutdown: - type: boolean - type: object - onInit: - type: boolean - selector: - additionalProperties: - type: string - description: Set is a map of label:value. It implements Labels. - nullable: true - type: object - required: - - count - type: object - status: - description: DisruptionStatus defines the observed state of Disruption - properties: - ignoredTargets: - items: - type: string - nullable: true - type: array - injectionStatus: - description: DisruptionInjectionStatus represents the injection status - of a disruption - enum: - - NotInjected - - PartiallyInjected - - Injected - type: string - isInjected: - type: boolean - isStuckOnRemoval: - type: boolean - targets: - items: - type: string - nullable: true - type: array - userInfo: - description: UserInfo holds the information about the user needed to - implement the user.Info interface. - nullable: true - properties: - extra: - additionalProperties: - description: ExtraValue masks the value so protobuf can generate - items: + type: array + uid: + description: A unique value that identifies this user across time. + If this user is deleted and another user by the same name is + added, they will have different UIDs. + type: string + username: + description: The name that uniquely identifies this user among + all active users. type: string - type: array - description: Any additional information provided by the authenticator. type: object - groups: - description: The names of groups this user is a part of. - items: - type: string - type: array - uid: - description: A unique value that identifies this user across time. - If this user is deleted and another user by the same name is added, - they will have different UIDs. - type: string - username: - description: The name that uniquely identifies this user among all - active users. - type: string type: object type: object - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true + served: true + storage: true status: acceptedNames: kind: "" @@ -805,7 +806,7 @@ spec: selfSigned: {} --- # Source: chaos-controller/templates/webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -831,7 +832,7 @@ webhooks: - disruptions --- # Source: chaos-controller/templates/webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -861,7 +862,7 @@ webhooks: - pods --- # Source: chaos-controller/templates/webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -889,7 +890,7 @@ webhooks: - disruptions/status --- # Source: chaos-controller/templates/webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: diff --git a/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml b/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml index 402cbc35ec..69b0da08b4 100644 --- a/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml +++ b/chart/templates/crds/chaos.datadoghq.com_disruptions.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: disruptions.chaos.datadoghq.com spec: @@ -16,342 +16,343 @@ spec: shortNames: - dis singular: disruption - preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: Disruption is the Schema for the disruptions API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DisruptionSpec defines the desired state of Disruption - properties: - advancedSelector: - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Disruption is the Schema for the disruptions API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DisruptionSpec defines the desired state of Disruption + properties: + advancedSelector: + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + nullable: true + type: array + containerFailure: + description: ContainerFailureSpec represents a container failure injection + nullable: true properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set - of values. Valid operators are In, NotIn, Exists and DoesNotExist. + forced: + type: boolean + type: object + containers: + items: + type: string + type: array + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + cpuPressure: + description: CPUPressureSpec represents a cpu pressure disruption + nullable: true + type: object + diskPressure: + description: DiskPressureSpec represents a disk pressure disruption + nullable: true + properties: + path: type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the operator - is Exists or DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: + throttling: + description: DiskPressureThrottlingSpec represents a throttle + on read and write disk operations + properties: + readBytesPerSec: + type: integer + writeBytesPerSec: + type: integer + type: object + required: + - path + - throttling + type: object + dns: + description: DNSDisruptionSpec represents a dns disruption + items: + description: HostRecordPair represents a hostname and a corresponding + dns record override + properties: + hostname: type: string + record: + description: DNSRecord represents a type of DNS Record, such + as A or CNAME, and the value of that record + properties: + type: + type: string + value: + type: string + required: + - type + - value + type: object + required: + - hostname + - record + type: object + nullable: true + type: array + dryRun: + type: boolean + duration: + type: string + grpc: + description: GRPCDisruptionSpec represents a gRPC disruption + nullable: true + properties: + endpoints: + items: + description: EndpointAlteration represents an endpoint to disrupt + and the corresponding error to return + properties: + endpoint: + type: string + error: + enum: + - OK + - CANCELED + - UNKNOWN + - INVALID_ARGUMENT + - DEADLINE_EXCEEDED + - NOT_FOUND + - ALREADY_EXISTS + - PERMISSION_DENIED + - RESOURCE_EXHAUSTED + - FAILED_PRECONDITION + - ABORTED + - OUT_OF_RANGE + - UNIMPLEMENTED + - INTERNAL + - UNAVAILABLE + - DATA_LOSS + - UNAUTHENTICATED + type: string + override: + type: string + queryPercent: + maximum: 100 + minimum: 0 + type: integer + required: + - endpoint + type: object type: array + port: + maximum: 65535 + minimum: 1 + type: integer required: - - key - - operator + - endpoints + - port type: object - nullable: true - type: array - containerFailure: - description: ContainerFailureSpec represents a container failure injection - nullable: true - properties: - forced: - type: boolean - type: object - containers: - items: + level: + description: DisruptionLevel represents which level the disruption + should be injected at + enum: + - pod + - node + - "" type: string - type: array - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - cpuPressure: - description: CPUPressureSpec represents a cpu pressure disruption - nullable: true - type: object - diskPressure: - description: DiskPressureSpec represents a disk pressure disruption - nullable: true - properties: - path: - type: string - throttling: - description: DiskPressureThrottlingSpec represents a throttle on - read and write disk operations - properties: - readBytesPerSec: - type: integer - writeBytesPerSec: - type: integer - type: object - required: - - path - - throttling - type: object - dns: - description: DNSDisruptionSpec represents a dns disruption - items: - description: HostRecordPair represents a hostname and a corresponding - dns record override + network: + description: NetworkDisruptionSpec represents a network disruption + injection + nullable: true properties: - hostname: + allowedHosts: + items: + properties: + host: + type: string + port: + maximum: 65535 + minimum: 0 + type: integer + protocol: + enum: + - tcp + - udp + - "" + type: string + type: object + nullable: true + type: array + bandwidthLimit: + minimum: 0 + type: integer + corrupt: + maximum: 100 + minimum: 0 + type: integer + delay: + maximum: 60000 + minimum: 0 + type: integer + delayJitter: + maximum: 100 + minimum: 0 + type: integer + drop: + maximum: 100 + minimum: 0 + type: integer + duplicate: + maximum: 100 + minimum: 0 + type: integer + flow: + enum: + - egress + - ingress type: string - record: - description: DNSRecord represents a type of DNS Record, such as - A or CNAME, and the value of that record - properties: - type: - type: string - value: - type: string - required: - - type - - value - type: object - required: - - hostname - - record + hosts: + items: + properties: + host: + type: string + port: + maximum: 65535 + minimum: 0 + type: integer + protocol: + enum: + - tcp + - udp + - "" + type: string + type: object + nullable: true + type: array + port: + maximum: 65535 + minimum: 0 + nullable: true + type: integer + services: + items: + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + nullable: true + type: array type: object - nullable: true - type: array - dryRun: - type: boolean - duration: - type: string - grpc: - description: GRPCDisruptionSpec represents a gRPC disruption - nullable: true - properties: - endpoints: - items: - description: EndpointAlteration represents an endpoint to disrupt - and the corresponding error to return - properties: - endpoint: - type: string - error: - enum: - - OK - - CANCELED - - UNKNOWN - - INVALID_ARGUMENT - - DEADLINE_EXCEEDED - - NOT_FOUND - - ALREADY_EXISTS - - PERMISSION_DENIED - - RESOURCE_EXHAUSTED - - FAILED_PRECONDITION - - ABORTED - - OUT_OF_RANGE - - UNIMPLEMENTED - - INTERNAL - - UNAVAILABLE - - DATA_LOSS - - UNAUTHENTICATED - type: string - override: - type: string - queryPercent: - maximum: 100 - minimum: 0 - type: integer - required: - - endpoint - type: object - type: array - port: - maximum: 65535 - minimum: 1 - type: integer - required: - - endpoints - - port - type: object - level: - description: DisruptionLevel represents which level the disruption should - be injected at - enum: - - pod - - node - - "" - type: string - network: - description: NetworkDisruptionSpec represents a network disruption injection - nullable: true - properties: - allowedHosts: - items: - properties: - host: - type: string - port: - maximum: 65535 - minimum: 0 - type: integer - protocol: - enum: - - tcp - - udp - - "" - type: string - type: object - nullable: true - type: array - bandwidthLimit: - minimum: 0 - type: integer - corrupt: - maximum: 100 - minimum: 0 - type: integer - delay: - maximum: 60000 - minimum: 0 - type: integer - delayJitter: - maximum: 100 - minimum: 0 - type: integer - drop: - maximum: 100 - minimum: 0 - type: integer - duplicate: - maximum: 100 - minimum: 0 - type: integer - flow: - enum: - - egress - - ingress + nodeFailure: + description: NodeFailureSpec represents a node failure injection + nullable: true + properties: + shutdown: + type: boolean + type: object + onInit: + type: boolean + selector: + additionalProperties: type: string - hosts: - items: - properties: - host: - type: string - port: - maximum: 65535 - minimum: 0 - type: integer - protocol: - enum: - - tcp - - udp - - "" - type: string - type: object - nullable: true - type: array - port: - maximum: 65535 - minimum: 0 - nullable: true - type: integer - services: - items: - properties: - name: - type: string - namespace: + description: Set is a map of label:value. It implements Labels. + nullable: true + type: object + required: + - count + type: object + status: + description: DisruptionStatus defines the observed state of Disruption + properties: + ignoredTargets: + items: + type: string + nullable: true + type: array + injectionStatus: + description: DisruptionInjectionStatus represents the injection status + of a disruption + enum: + - NotInjected + - PartiallyInjected + - Injected + type: string + isInjected: + type: boolean + isStuckOnRemoval: + type: boolean + targets: + items: + type: string + nullable: true + type: array + userInfo: + description: UserInfo holds the information about the user needed + to implement the user.Info interface. + nullable: true + properties: + extra: + additionalProperties: + description: ExtraValue masks the value so protobuf can generate + items: type: string - required: - - name - - namespace + type: array + description: Any additional information provided by the authenticator. type: object - nullable: true - type: array - type: object - nodeFailure: - description: NodeFailureSpec represents a node failure injection - nullable: true - properties: - shutdown: - type: boolean - type: object - onInit: - type: boolean - selector: - additionalProperties: - type: string - description: Set is a map of label:value. It implements Labels. - nullable: true - type: object - required: - - count - type: object - status: - description: DisruptionStatus defines the observed state of Disruption - properties: - ignoredTargets: - items: - type: string - nullable: true - type: array - injectionStatus: - description: DisruptionInjectionStatus represents the injection status - of a disruption - enum: - - NotInjected - - PartiallyInjected - - Injected - type: string - isInjected: - type: boolean - isStuckOnRemoval: - type: boolean - targets: - items: - type: string - nullable: true - type: array - userInfo: - description: UserInfo holds the information about the user needed to - implement the user.Info interface. - nullable: true - properties: - extra: - additionalProperties: - description: ExtraValue masks the value so protobuf can generate + groups: + description: The names of groups this user is a part of. items: type: string type: array - description: Any additional information provided by the authenticator. - type: object - groups: - description: The names of groups this user is a part of. - items: + uid: + description: A unique value that identifies this user across time. + If this user is deleted and another user by the same name is + added, they will have different UIDs. type: string - type: array - uid: - description: A unique value that identifies this user across time. - If this user is deleted and another user by the same name is added, - they will have different UIDs. - type: string - username: - description: The name that uniquely identifies this user among all - active users. - type: string - type: object - type: object - type: object - version: v1beta1 - versions: - - name: v1beta1 + username: + description: The name that uniquely identifies this user among + all active users. + type: string + type: object + type: object + type: object served: true storage: true status: diff --git a/chart/templates/webhook.yaml b/chart/templates/webhook.yaml index ccadbfe71c..925b4fd140 100644 --- a/chart/templates/webhook.yaml +++ b/chart/templates/webhook.yaml @@ -8,7 +8,7 @@ {{- $altName2 := "chaos-controller-webhook-service.chaos-engineering.svc.cluster.local" }} {{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: @@ -29,6 +29,8 @@ webhooks: path: /validate-chaos-datadoghq-com-v1beta1-disruption failurePolicy: Fail name: chaos-controller-webhook-service.chaos-engineering.svc + sideEffects: NoneOnDryRun + admissionReviewVersions: ["v1", "v1beta1"] rules: - apiGroups: - chaos.datadoghq.com @@ -41,7 +43,7 @@ webhooks: resources: - disruptions --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -62,6 +64,8 @@ webhooks: path: /mutate-chaos-datadoghq-com-v1beta1-disruption failurePolicy: Fail name: chaos-controller-webhook-service.chaos-engineering.svc + sideEffects: NoneOnDryRun + admissionReviewVersions: ["v1", "v1beta1"] rules: - apiGroups: - chaos.datadoghq.com @@ -72,7 +76,7 @@ webhooks: resources: - disruptions --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -93,6 +97,8 @@ webhooks: path: /mutate-v1-pod-chaos-handler-init-container failurePolicy: Ignore name: chaos-controller-admission-webhook.chaos-engineering.svc + sideEffects: NoneOnDryRun + admissionReviewVersions: ["v1", "v1beta1"] objectSelector: matchExpressions: - key: "chaos.datadoghq.com/disrupt-on-init" @@ -107,7 +113,7 @@ webhooks: resources: - pods --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: @@ -128,6 +134,8 @@ webhooks: path: /mutate-chaos-datadoghq-com-v1beta1-disruption-user-info failurePolicy: Fail name: chaos-controller-admission-webhook.chaos-engineering.svc + sideEffects: NoneOnDryRun + admissionReviewVersions: ["v1", "v1beta1"] rules: - apiGroups: - "chaos.datadoghq.com" diff --git a/webhook/user_info.go b/webhook/user_info.go index e0315ad848..7a589bfe8e 100644 --- a/webhook/user_info.go +++ b/webhook/user_info.go @@ -16,7 +16,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) -// +kubebuilder:webhook:webhookVersions={v1beta1},path=/mutate-chaos-datadoghq-com-v1beta1-disruption-user-info,mutating=true,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions;disruptions/status,verbs=create,versions=v1beta1,,name=mdisruption.kb.io,admissionReviewVersions={v1,v1beta1} +// +kubebuilder:webhook:webhookVersions={v1},path=/mutate-chaos-datadoghq-com-v1beta1-disruption-user-info,mutating=true,failurePolicy=fail,sideEffects=None,groups=chaos.datadoghq.com,resources=disruptions;disruptions/status,verbs=create,versions=v1beta1,,name=mdisruption.kb.io,admissionReviewVersions={v1,v1beta1} type UserInfoMutator struct { Client client.Client Log *zap.SugaredLogger