forked from krkn-chaos/krkn-hub
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'krkn-chaos:main' into main
- Loading branch information
Showing
10 changed files
with
280 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
### Service Hijacking scenario | ||
This scenario reroutes traffic intended for a target service to a custom web service that is automatically deployed by Krkn. | ||
This web service responds with user-defined HTTP statuses, MIME types, and bodies. | ||
For more details, please refer to the following [documentation](https://github.com/krkn-chaos/krkn/blob/main/docs/service_hijacking_scenarios.md). | ||
|
||
#### Run | ||
Unlike other krkn-hub scenarios, this one requires a specific configuration due to its unique structure. | ||
You must set up the scenario in a local file following the [scenario syntax](https://github.com/krkn-chaos/krkn/blob/main/scenarios/kube/service_hijacking.yaml), | ||
and then pass this file's base64-encoded content to the container via the SCENARIO_BASE64 variable. | ||
|
||
If enabling [Cerberus](https://github.com/krkn-chaos/krkn#kraken-scenario-passfail-criteria-and-report) to monitor the cluster and pass/fail the scenario post chaos, refer [docs](https://github.com/redhat-chaos/krkn-hub/tree/main/docs/cerberus.md). | ||
Make sure to start it before injecting the chaos and set `CERBERUS_ENABLED` | ||
environment variable for the chaos injection container to autoconnect. | ||
|
||
``` | ||
$ podman run --name=<container_name> \ | ||
-e SCENARIO_BASE64="$(base64 -w0 <scenario_file>)" \ | ||
-v <path_to_kubeconfig>:/root/.kube/config:Z quay.io/krkn-chaos/krkn-hub:service-hijacking | ||
$ podman logs -f <container_name or container_id> # Streams Kraken logs | ||
$ podman inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario | ||
``` | ||
|
||
``` | ||
$ export SCENARIO_BASE64="$(base64 -w0 <scenario_file>)" | ||
$ docker run $(./get_docker_params.sh) --name=<container_name> \ | ||
--net=host \ | ||
-v <path-to-kube-config>:/root/.kube/config:Z \ | ||
-d quay.io/krkn-chaos/krkn-hub:service-hijacking | ||
OR | ||
$ docker run --name=<container_name> -e SCENARIO_BASE64="$(base64 -w0 <scenario_file>)" \ | ||
--net=host \ | ||
-v <path-to-kube-config>:/root/.kube/config:Z \ | ||
-d quay.io/krkn-chaos/krkn-hub:service-hijacking | ||
$ docker logs -f <container_name or container_id> # Streams Kraken logs | ||
$ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario | ||
``` | ||
|
||
|
||
#### Supported parameters | ||
|
||
The following environment variables can be set on the host running the container to tweak the scenario/faults being injected: | ||
|
||
ex.) | ||
`export <parameter_name>=<value>` | ||
|
||
See list of variables that apply to all scenarios [here](all_scenarios_env.md) that can be used/set in addition to these scenario specific variables | ||
|
||
| Parameter | Description | | ||
|-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ||
| SCENARIO_BASE64 | Base64 encoded service-hijacking scenario file. Note that the __-w0__ option in the command substitution `SCENARIO_BASE64="$(base64 -w0 <scenario_file>)"` is __mandatory__ in order to remove line breaks from the base64 command output | | ||
|
||
|
||
**NOTE** In case of using custom metrics profile or alerts profile when `CAPTURE_METRICS` or `ENABLE_ALERTS` is enabled, mount the metrics profile from the host on which the container is run using podman/docker under `/root/kraken/config/metrics-aggregated.yaml` and `/root/kraken/config/alerts`. For example: | ||
``` | ||
$ podman run -e SCENARIO_BASE64="$(base64 -w0 <scenario_file>)" \ | ||
--name=<container_name> \ | ||
--net=host \ | ||
--env-host=true \ | ||
-v <path-to-custom-metrics-profile>:/root/kraken/config/metrics-aggregated.yaml \ | ||
-v <path-to-custom-alerts-profile>:/root/kraken/config/alerts \ | ||
-v <path-to-kube-config>:/root/.kube/config:Z \ | ||
-d quay.io/krkn-chaos/krkn-hub:service-hijacking | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Dockerfile for kraken | ||
|
||
FROM quay.io/krkn-chaos/krkn:latest | ||
|
||
ENV KUBECONFIG /root/.kube/config | ||
|
||
# Install dependencies | ||
RUN yum install -y which | ||
RUN pip install jsonschema | ||
|
||
# Copy configurations | ||
COPY config.yaml.template /root/kraken/config/config.yaml.template | ||
COPY service-hijacking/env.sh /root/env.sh | ||
COPY service-hijacking/run.sh /root/run.sh | ||
COPY env.sh /root/main_env.sh | ||
|
||
|
||
COPY service-hijacking/config-schema.json /root/kraken/scenarios/service-hijacking-schema.json | ||
COPY service-hijacking/validate_config.py /root/validate_config.py | ||
|
||
COPY common_run.sh /root/common_run.sh | ||
|
||
ENTRYPOINT /root/run.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
See [doc](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/service-hijacking.md) for how to run and all the variables listed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
{ | ||
"$schema": "http://json-schema.org/draft-07/schema#", | ||
"type": "object", | ||
"properties": { | ||
"service_target_port": { | ||
"oneOf": [ | ||
{ | ||
"type": "string" | ||
}, | ||
{ | ||
"type": "integer" | ||
} | ||
] | ||
}, | ||
"service_name": { | ||
"type": "string" | ||
}, | ||
"service_namespace": { | ||
"type": "string" | ||
}, | ||
"image": { | ||
"type": "string" | ||
}, | ||
"chaos_duration": { | ||
"type": "integer" | ||
}, | ||
"plan": { | ||
"type": "array", | ||
"minItems": 1, | ||
"items": { | ||
"type": "object", | ||
"properties": { | ||
"resource": { | ||
"type": "string" | ||
}, | ||
"steps": { | ||
"type": "object", | ||
"patternProperties": { | ||
"^[A-Z]+$": { | ||
"type": "array", | ||
"minItems": 1, | ||
"items": { | ||
"type": "object", | ||
"properties": { | ||
"duration": { | ||
"type": "integer" | ||
}, | ||
"status": { | ||
"type": "integer" | ||
}, | ||
"mime_type": { | ||
"type": "string" | ||
}, | ||
"payload": { | ||
"type": "string" | ||
} | ||
}, | ||
"required": ["duration", "status", "mime_type", "payload"] | ||
} | ||
} | ||
}, | ||
"additionalProperties": false | ||
} | ||
}, | ||
"required": ["resource", "steps"] | ||
} | ||
} | ||
}, | ||
"required": [ | ||
"service_target_port", | ||
"service_name", | ||
"service_namespace", | ||
"image", | ||
"chaos_duration", | ||
"plan" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
#!/bin/bash | ||
|
||
# Vars and respective defaults | ||
export SCENARIO_BASE64=${SCENARIO_BASE64:=1} | ||
export SCENARIO_TYPE="service_hijacking" | ||
export SCENARIO_FILE="scenarios/service_hijacking.yaml" | ||
export SCENARIO_POST_ACTION=${SCENARIO_POST_ACTION:=""} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
#!/bin/bash | ||
|
||
set -ex | ||
|
||
# Source env.sh to read all the vars | ||
source /root/main_env.sh | ||
source /root/env.sh | ||
|
||
source /root/common_run.sh | ||
checks | ||
|
||
# check if SCENARIO_BASE64 is set | ||
|
||
[ $SCENARIO_BASE64 == 1 ] && \ | ||
( echo "[ERROR] please set SCENARIO_BASE64 variable with a valid base64 encoded hijacking scenario | ||
eg. podman run -e SCENARIO_BASE64=\$(base64 -w0 ~/krkn/scenarios/kube/service_hijacking.yaml) [...] " && \ | ||
exit 1 ) | ||
|
||
|
||
# Substitute config with environment vars defined | ||
echo $SCENARIO_BASE64 | base64 -d >> /root/kraken/scenarios/service_hijacking.yaml || \ | ||
(echo -e "[ERROR] Unable to decode SCENARIO_BASE64, bad base64 format please refer to documentation" \ | ||
&& exit 1) | ||
|
||
# Validate scenario against schema | ||
|
||
python3.9 /root/validate_config.py -y /root/kraken/scenarios/service_hijacking.yaml \ | ||
-s /root/kraken/scenarios/service-hijacking-schema.json | ||
|
||
|
||
# replace env variables | ||
|
||
envsubst < /root/kraken/config/config.yaml.template > /root/kraken/config/service_hijacking_config.yaml | ||
|
||
# Run Kraken | ||
cd /root/kraken | ||
|
||
cat scenarios/service_hijacking.yaml | ||
cat config/service_hijacking_config.yaml | ||
|
||
python3.9 run_kraken.py --config=config/service_hijacking_config.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
import os.path | ||
import sys | ||
|
||
from jsonschema import validate, ValidationError | ||
import yaml | ||
import argparse | ||
|
||
parser= argparse.ArgumentParser(description="python validate_config.py -y input.yaml -j schema.json") | ||
required_args = parser.add_argument_group('Required arguments') | ||
required_args.add_argument("-y", "--yaml", help="YAML file to validate", required=True) | ||
required_args.add_argument("-s", "--schema", help="JSON schema used to validate the YAML file", required=True) | ||
args = parser.parse_args() | ||
|
||
if not os.path.exists(args.yaml): | ||
print(f"[ERROR] file not found: {args.yaml}") | ||
sys.exit(1) | ||
if not os.path.exists(args.schema): | ||
print(f"[ERROR] file not found: {args.schema}") | ||
sys.exit(1) | ||
try: | ||
with open(args.yaml) as stream: | ||
yaml_file = yaml.safe_load(stream) | ||
with open(args.schema) as stream: | ||
schema = yaml.safe_load(stream) | ||
|
||
validate(yaml_file, schema) | ||
print("[SUCCESS] scenario configuration successfully validated") | ||
sys.exit(0) | ||
except ValidationError as e: | ||
print("[ERROR] Bad configuration file, please refer to the Krkn Documentation https://github.com/krkn-chaos/krkn/blob/main/docs/service_hijacking_scenarios.md") | ||
print(str(e)) | ||
sys.exit(1) | ||
except Exception as e: | ||
print(f"[ERROR] Failed to validate file with exception: {str(e)}") | ||
sys.exit(1) | ||
|
||
|