From c16a193f8b70759535c7e49bfb3310ccd3597fb1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8A=A8=E6=84=9F=E5=92=B8=E9=B1=BC?=
<13768528+dynamic-salted-fish@user.noreply.gitee.com>
Date: Thu, 25 Jul 2024 16:36:32 +0800
Subject: [PATCH 1/4] =?UTF-8?q?=E6=9B=B4=E6=96=B0=EF=BC=9A=E5=A2=9E?=
=?UTF-8?q?=E5=8A=A0=E7=AE=80=E6=98=93=E7=89=88=E6=9C=AC=E6=95=85=E9=9A=9C?=
=?UTF-8?q?=E6=B3=A8=E5=85=A5=E5=B9=B3=E5=8F=B0=E9=83=A8=E7=BD=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
chaos/README.md | 26 +
chaos/train-ticket-simple/Chart.yaml | 19 +
chaos/train-ticket-simple/README.md | 13 +
.../charts/chaos-frontend/Chart.yaml | 5 +
.../templates/chaos-backend-cfg.yaml | 50 +
.../templates/chaos-backend-deploy.yaml | 43 +
.../templates/chaos-backend-rabc.yaml | 51 +
.../templates/chaos-backend-svc.yaml | 15 +
.../templates/chaos-front-cfg.yaml | 36 +
.../templates/chaos-front-deploy.yaml | 39 +
.../templates/chaos-front-service.yaml | 15 +
.../charts/chaos-frontend/values.yaml | 3 +
.../charts/chaos-mesh/.helmignore | 21 +
.../charts/chaos-mesh/Chart.yaml | 33 +
.../charts/chaos-mesh/README.md | 235 +
.../crds/chaos-mesh.org_awschaos.yaml | 182 +
.../crds/chaos-mesh.org_azurechaos.yaml | 183 +
.../crds/chaos-mesh.org_blockchaos.yaml | 294 +
.../crds/chaos-mesh.org_dnschaos.yaml | 286 +
.../crds/chaos-mesh.org_gcpchaos.yaml | 185 +
.../crds/chaos-mesh.org_httpchaos.yaml | 403 +
.../crds/chaos-mesh.org_iochaos.yaml | 407 +
.../crds/chaos-mesh.org_jvmchaos.yaml | 330 +
.../crds/chaos-mesh.org_kernelchaos.yaml | 332 +
.../crds/chaos-mesh.org_networkchaos.yaml | 516 +
.../chaos-mesh.org_physicalmachinechaos.yaml | 1099 +
.../crds/chaos-mesh.org_physicalmachines.yaml | 55 +
.../crds/chaos-mesh.org_podchaos.yaml | 282 +
.../crds/chaos-mesh.org_podhttpchaos.yaml | 245 +
.../crds/chaos-mesh.org_podiochaos.yaml | 215 +
.../crds/chaos-mesh.org_podnetworkchaos.yaml | 260 +
.../crds/chaos-mesh.org_remoteclusters.yaml | 109 +
.../crds/chaos-mesh.org_schedules.yaml | 13677 +++++++++++
.../crds/chaos-mesh.org_statuschecks.yaml | 203 +
.../crds/chaos-mesh.org_stresschaos.yaml | 352 +
.../crds/chaos-mesh.org_timechaos.yaml | 278 +
.../crds/chaos-mesh.org_workflownodes.yaml | 20398 ++++++++++++++++
.../crds/chaos-mesh.org_workflows.yaml | 10058 ++++++++
.../charts/chaos-mesh/templates/NOTES.txt | 2 +
.../charts/chaos-mesh/templates/_certs.tpl | 144 +
.../charts/chaos-mesh/templates/_helpers.tpl | 188 +
.../templates/cert-manager-certs.yaml | 166 +
.../templates/chaos-daemon-daemonset.yaml | 214 +
.../templates/chaos-daemon-rbac.yaml | 131 +
.../templates/chaos-daemon-service.yaml | 45 +
.../templates/chaos-dashboard-deployment.yaml | 195 +
.../templates/chaos-dashboard-pvc.yaml | 41 +
.../templates/chaos-dashboard-rbac.yaml | 126 +
.../controller-manager-deployment.yaml | 233 +
.../templates/controller-manager-rbac.yaml | 174 +
.../templates/controller-manager-service.yaml | 57 +
.../chaos-mesh/templates/dns-configmap.yaml | 47 +
.../chaos-mesh/templates/dns-deployment.yaml | 122 +
.../charts/chaos-mesh/templates/dns-rbac.yaml | 135 +
.../chaos-mesh/templates/dns-service.yaml | 46 +
.../charts/chaos-mesh/templates/ingress.yaml | 98 +
.../mutating-admission-webhooks.yaml | 80 +
.../templates/prometheus-configmap.yaml | 77 +
.../templates/prometheus-deployment.yaml | 124 +
.../chaos-mesh/templates/prometheus-rbac.yaml | 57 +
.../templates/prometheus-service.yaml | 35 +
.../templates/secrets-configuration.yaml | 84 +
.../validating-admission-webhooks.yaml | 124 +
.../charts/chaos-mesh/values.schema.json | 765 +
.../charts/chaos-mesh/values.yaml | 564 +
.../charts/elasticsearch/Chart.yaml | 5 +
.../elasticsearch/templates/_helpers.tpl | 7 +
.../elasticsearch/templates/service.yaml | 22 +
.../elasticsearch/templates/statefulset.yaml | 73 +
.../charts/elasticsearch/values.yaml | 13 +
.../charts/mysql/Chart.yaml | 18 +
.../charts/mysql/README.md | 171 +
.../docker-entrypoint-initdb.d/README.md | 3 +
.../charts/mysql/templates/NOTES.txt | 42 +
.../charts/mysql/templates/_helpers.tpl | 109 +
.../templates/initialization-configmap.yaml | 19 +
.../mysql/templates/master-configmap.yaml | 15 +
.../mysql/templates/master-statefulset.yaml | 214 +
.../charts/mysql/templates/master-svc.yaml | 25 +
.../charts/mysql/templates/secrets.yaml | 38 +
.../charts/mysql/values-production.yaml | 276 +
.../charts/mysql/values.yaml | 278 +
.../templates/_helpers.tpl | 3 +
.../ts-admin-basic-info-service-deploy.yaml | 52 +
.../ts-admin-basic-info-service-svc.yaml | 13 +
.../templates/ts-config-service-deploy.yaml | 52 +
.../templates/ts-config-service-svc.yaml | 13 +
.../templates/ts-gateway-service-deploy.yaml | 52 +
.../templates/ts-gateway-service-svc.yaml | 13 +
.../ts-inside-payment-service-deploy.yaml | 52 +
.../ts-inside-payment-service-svc.yaml | 13 +
.../ts-order-other-service-deploy.yaml | 52 +
.../templates/ts-order-other-service-svc.yaml | 13 +
.../templates/ts-order-service-deploy.yaml | 52 +
.../templates/ts-order-service-svc.yaml | 13 +
.../templates/ts-price-service-deploy.yaml | 52 +
.../templates/ts-price-service-svc.yaml | 13 +
.../ts-route-plan-service-deploy.yaml | 52 +
.../templates/ts-route-plan-service-svc.yaml | 13 +
.../templates/ts-route-service-deploy.yaml | 52 +
.../templates/ts-route-service-svc.yaml | 13 +
.../templates/ts-seat-service-deploy.yaml | 52 +
.../templates/ts-seat-service-svc.yaml | 13 +
.../templates/ts-station-service-deploy.yaml | 52 +
.../templates/ts-station-service-svc.yaml | 13 +
.../templates/ts-train-service-deploy.yaml | 52 +
.../templates/ts-train-service-svc.yaml | 13 +
.../ts-travel-plan-service-deploy.yaml | 52 +
.../templates/ts-travel-plan-service-svc.yaml | 13 +
.../templates/ts-travel-service-deploy.yaml | 52 +
.../templates/ts-travel-service-svc.yaml | 13 +
.../templates/ts-travel2-service-deploy.yaml | 52 +
.../templates/ts-travel2-service-svc.yaml | 13 +
.../templates/ts-ui-dashboard-deploy.yaml | 30 +
.../templates/ts-ui-dashboard-svc.yaml | 13 +
.../templates/tsdb-mysql-secret.yaml | 11 +
chaos/train-ticket-simple/values.yaml | 58 +
117 files changed, 57445 insertions(+)
create mode 100644 chaos/train-ticket-simple/Chart.yaml
create mode 100644 chaos/train-ticket-simple/README.md
create mode 100644 chaos/train-ticket-simple/charts/chaos-frontend/Chart.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-cfg.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-deploy.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-rabc.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-svc.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-cfg.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-deploy.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-frontend/values.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/.helmignore
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/Chart.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/README.md
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_awschaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_azurechaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_blockchaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_dnschaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_gcpchaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_httpchaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_iochaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_jvmchaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_kernelchaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_networkchaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_physicalmachinechaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_physicalmachines.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podchaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podhttpchaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podiochaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podnetworkchaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_remoteclusters.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_schedules.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_statuschecks.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_stresschaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_timechaos.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_workflows.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/NOTES.txt
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/_certs.tpl
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/_helpers.tpl
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/cert-manager-certs.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-daemonset.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-rbac.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-service.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-deployment.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-pvc.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-rbac.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-deployment.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-rbac.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-service.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-configmap.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-deployment.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-rbac.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-service.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/ingress.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/mutating-admission-webhooks.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-configmap.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-deployment.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-rbac.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-service.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/secrets-configuration.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/templates/validating-admission-webhooks.yaml
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/values.schema.json
create mode 100644 chaos/train-ticket-simple/charts/chaos-mesh/values.yaml
create mode 100644 chaos/train-ticket-simple/charts/elasticsearch/Chart.yaml
create mode 100644 chaos/train-ticket-simple/charts/elasticsearch/templates/_helpers.tpl
create mode 100644 chaos/train-ticket-simple/charts/elasticsearch/templates/service.yaml
create mode 100644 chaos/train-ticket-simple/charts/elasticsearch/templates/statefulset.yaml
create mode 100644 chaos/train-ticket-simple/charts/elasticsearch/values.yaml
create mode 100644 chaos/train-ticket-simple/charts/mysql/Chart.yaml
create mode 100644 chaos/train-ticket-simple/charts/mysql/README.md
create mode 100644 chaos/train-ticket-simple/charts/mysql/files/docker-entrypoint-initdb.d/README.md
create mode 100644 chaos/train-ticket-simple/charts/mysql/templates/NOTES.txt
create mode 100644 chaos/train-ticket-simple/charts/mysql/templates/_helpers.tpl
create mode 100644 chaos/train-ticket-simple/charts/mysql/templates/initialization-configmap.yaml
create mode 100644 chaos/train-ticket-simple/charts/mysql/templates/master-configmap.yaml
create mode 100644 chaos/train-ticket-simple/charts/mysql/templates/master-statefulset.yaml
create mode 100644 chaos/train-ticket-simple/charts/mysql/templates/master-svc.yaml
create mode 100644 chaos/train-ticket-simple/charts/mysql/templates/secrets.yaml
create mode 100644 chaos/train-ticket-simple/charts/mysql/values-production.yaml
create mode 100644 chaos/train-ticket-simple/charts/mysql/values.yaml
create mode 100644 chaos/train-ticket-simple/templates/_helpers.tpl
create mode 100644 chaos/train-ticket-simple/templates/ts-admin-basic-info-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-admin-basic-info-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-config-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-config-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-gateway-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-gateway-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-inside-payment-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-inside-payment-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-order-other-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-order-other-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-order-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-order-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-price-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-price-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-route-plan-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-route-plan-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-route-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-route-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-seat-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-seat-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-station-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-station-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-train-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-train-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-travel-plan-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-travel-plan-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-travel-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-travel-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-travel2-service-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-travel2-service-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-ui-dashboard-deploy.yaml
create mode 100644 chaos/train-ticket-simple/templates/ts-ui-dashboard-svc.yaml
create mode 100644 chaos/train-ticket-simple/templates/tsdb-mysql-secret.yaml
create mode 100644 chaos/train-ticket-simple/values.yaml
diff --git a/chaos/README.md b/chaos/README.md
index 8f4efc8..6da7912 100644
--- a/chaos/README.md
+++ b/chaos/README.md
@@ -90,6 +90,32 @@
kubectl port-forward -n chaos-injection deploy/chaos-front 30008:80
```
+## 快速开始-部署简易版本soma-chaos平台
+
+#### 与基础版本结构比较:
+
+1. 移除了skywalkingAPM以及skywalking agent;
+
+2. 保留train-ticket的两条主要服务调用链的服务;
+
+#### 为什么部署简易版本:
+
+1. 基础版本资源需求为8C16G*3,而简易版仅需8C16G,注入故障类型数量均与基础版本一样
+
+2. 支持一键部署,简易版本支持通过helm一键部署所有组件
+
+3. 相较于基础版,简易版本可以自由选择APM及其探针组件
+
+### 部署简易版本故障注入平台
+使用`Helm`进行快速部署
+
+```
+cd soma/chaos/
+helm install train-ticket train-ticket-simple \
+-n train-ticket --create-namespace
+```
+运行 `kubectl get pods -n train-ticket` 检查部署状态
+
## 已经支持的故障案例
### 网络类故障案例
diff --git a/chaos/train-ticket-simple/Chart.yaml b/chaos/train-ticket-simple/Chart.yaml
new file mode 100644
index 0000000..0404607
--- /dev/null
+++ b/chaos/train-ticket-simple/Chart.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+name: train-ticket
+version: v1.0.0
+appVersion: v1.0.0
+description: Chart for train-ticket demo
+dependencies:
+- name: mysql
+ version: "4.5.2"
+ repository: "file://dep/mysql"
+- name: elasticsearch
+ version: "1.0.0"
+ repository: "file://dep/elasticsearch"
+- name: chaos-mesh
+ version: "2.6.3"
+ repository: "file://dep/chaos-mesh"
+- name: chaos-frontend
+ version: "1.0.0"
+ repository: "file://dep/chaos-frontend"
+
diff --git a/chaos/train-ticket-simple/README.md b/chaos/train-ticket-simple/README.md
new file mode 100644
index 0000000..0090912
--- /dev/null
+++ b/chaos/train-ticket-simple/README.md
@@ -0,0 +1,13 @@
+本demo使用 Helm 进行部署,用于快速部署train-ticket以及chaos-mesh及其故障注入前端
+创建Demo
+```
+helm install train-ticket train-ticket -n train-ticket --create-namespace
+```
+请求Demo
+```
+TODO
+```
+销毁Demo
+```
+helm uninstall train-ticket -n train-ticket
+```
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/Chart.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/Chart.yaml
new file mode 100644
index 0000000..37f5dbc
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+name: chaos-frontend
+version: v1.0.0
+appVersion: v1.0.0
+description: Chart for chaos-frontend
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-cfg.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-cfg.yaml
new file mode 100644
index 0000000..43bf66f
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-cfg.yaml
@@ -0,0 +1,50 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: chaos-backend-config
+data:
+ chaos_template.yaml: |
+ chaos_template_list:
+ - complex_action: networkchaos#delay
+ describe: "Pod网络延迟200ms"
+ - complex_action: networkchaos#loss
+ describe: "Pod丢包30%"
+ - complex_action: networkchaos#bandwidth
+ describe: "Pod网络限速为20kbit/s"
+ note:
+ ts-basic-service: "对该节点注入限速故障对请求时间影响不明显"
+ ts-travel-plan-service: "对该节点注入限速故障对请求时间影响不明显"
+ ts-train-service: "对该节点注入限速故障对请求时间影响不明显"
+ ts-seat-service: "注入该故障后请求时延过高"
+ # 需要修改ChaosMesh,添加对应的API
+ # - complex_action: networkchaos#tcpdelay
+ # describe: "TCP建连延迟200ms"
+ # note:
+ # common: "train-ticket服务之间保持长连接, 此故障对请求时间影响不明显"
+ - complex_action: networkchaos#delay#dns
+ describe: DNS请求延迟200ms
+ # 需要修改ChaosDaemon镜像,添加对应的JAVA工具包
+ # - complex_action: jvmchaos#ruleData#gcrule
+ # describe: "增加POD FullGC频率"
+ # check_entry_defined: true
+ # - complex_action: jvmchaos#ruleData#cpucost
+ # describe: "增加处理每个请求的CPU消耗"
+ # check_entry_defined: true
+ # - complex_action: jvmchaos#ruleData#exception
+ # describe: "使方法抛出运行时异常"
+ # check_entry_defined: true
+ - complex_action: stresschaos#cpu
+ describe: "运行额外任务抢占Pod可用的CPU资源"
+ note:
+ ts-price-service: "非CPU密集型程序, CPU压力对请求时间影响不明显"
+ ts-train-service: "非CPU密集型程序, CPU压力对请求时间影响不明显"
+ - complex_action: stresschaos#memory
+ describe: "运行额外任务抢占Pod可用的memroy资源"
+ note:
+ common: "非内存IO密集型程序, 内存压力对请求时间影响不明显"
+ - complex_action: iochaos#delay
+ describe: "文件读写延时200ms"
+ support_services:
+ - ts-order-service
+ - complex_action: httpchaos#replace
+ describe: "返回404错误码"
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-deploy.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-deploy.yaml
new file mode 100644
index 0000000..59ff01a
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-deploy.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: chaos-backend
+ labels:
+ app: chaos-backend
+spec:
+ selector:
+ matchLabels:
+ app: chaos-backend
+ replicas: 1
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app: chaos-backend
+ spec:
+ serviceAccount: chaos-backend
+ containers:
+ - name: chaos-backend
+ command:
+ - /app/chaos-backend
+ - --authType=serviceAccount
+ - --skywalkingUIAddr=http://skywalking.train-ticket:12800/graphql
+ - --prometheusUIAddr=http://prometheus-k8s.monitoring:9090
+ - --trainTicketUIAddr=http://ts-gateway-service.train-ticket:18888
+ - --metricSource=skywalking
+ image: {{ .Values.image.repository }}/chaos-backend:latest
+ imagePullPolicy: IfNotPresent
+ ports:
+ - name: http
+ containerPort: 8080
+ protocol: TCP
+ volumeMounts:
+ - name: chaos-backend-config
+ mountPath: /app/config/chaos_template.yaml
+ subPath: chaos_template.yaml
+ volumes:
+ - name: chaos-backend-config
+ configMap:
+ name: chaos-backend-config
+ defaultMode: 420
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-rabc.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-rabc.yaml
new file mode 100644
index 0000000..2655f47
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-rabc.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: chaos-backend
+ namespace: {{ .Values.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: chaos-backend-cluster-role
+rules:
+ - apiGroups:
+ - chaos-mesh.org
+ resources:
+ - awschaos
+ - azurechaos
+ - blockchaos
+ - dnschaos
+ - gcpchaos
+ - httpchaos
+ - iochaos
+ - jvmchaos
+ - kernelchaos
+ - networkchaos
+ - physicalmachinechaos
+ - physicalmachines
+ - podchaos
+ - podhttpchaos
+ - podiochaos
+ - podnetworkchaos
+ - remoteclusters
+ - schedules
+ - statuschecks
+ - stresschaos
+ - timechaos
+ - workflownodes
+ - workflows
+ verbs: ["get", "list", "watch", "create", "update", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: chaos-backend-cluster-role-binding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: chaos-backend-cluster-role
+subjects:
+ - kind: ServiceAccount
+ name: chaos-backend
+ namespace: {{ .Values.namespace }}
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-svc.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-svc.yaml
new file mode 100644
index 0000000..4345dc7
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-backend-svc.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: chaos-backend-svc
+ labels:
+ app: chaos-backend
+spec:
+ type: ClusterIP
+ selector:
+ app: chaos-backend
+ ports:
+ - name: http
+ port: 8080
+ protocol: TCP
+ targetPort: 8080
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-cfg.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-cfg.yaml
new file mode 100644
index 0000000..e857889
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-cfg.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: chaos-front-nginx-config
+data:
+ default.conf: |
+ server {
+ listen 80;
+ listen [::]:80;
+ server_name localhost;
+
+ #access_log /var/log/nginx/host.access.log main;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ }
+
+ location /fault-injection {
+ root /usr/share/nginx/html;
+ try_files $uri $uri/ /index.html;
+ }
+
+ location /api {
+ proxy_pass http://chaos-backend-svc:8080;
+ }
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+ }
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-deploy.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-deploy.yaml
new file mode 100644
index 0000000..b024ae3
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-deploy.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: chaos-front
+ name: chaos-front
+spec:
+ selector:
+ matchLabels:
+ app: chaos-front
+ replicas: 1
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app: chaos-front
+ spec:
+ volumes:
+ - name: chaos-front-nginx-config
+ configMap:
+ name: chaos-front-nginx-config
+ containers:
+ - name: chaos-front
+ image: {{ .Values.image.repository }}/chaos-front:latest
+ imagePullPolicy: IfNotPresent
+ ports:
+ - name: http
+ containerPort: 80
+ protocol: TCP
+ resources:
+ limits:
+ memory: 500Mi
+ requests:
+ memory: 30Mi
+ volumeMounts:
+ - name: chaos-front-nginx-config
+ mountPath: /etc/nginx/conf.d/default.conf
+ subPath: default.conf
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml
new file mode 100644
index 0000000..9317fab
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: chaos-front-svc
+ labels:
+ app: chaos-front
+spec:
+ type: ClusterIP
+ selector:
+ app: chaos-front
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml
new file mode 100644
index 0000000..6cae6b1
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml
@@ -0,0 +1,3 @@
+namespace: train-ticket
+image:
+ repository: registry.cn-hangzhou.aliyuncs.com/train_ticket
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/.helmignore b/chaos/train-ticket-simple/charts/chaos-mesh/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/Chart.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/Chart.yaml
new file mode 100644
index 0000000..fb94574
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/Chart.yaml
@@ -0,0 +1,33 @@
+annotations:
+ artifacthub.io/containsSecurityUpdates: "false"
+ artifacthub.io/license: Apache-2.0
+ artifacthub.io/operator: "true"
+ artifacthub.io/operatorCapabilities: Seamless Upgrades
+ artifacthub.io/prerelease: "true"
+apiVersion: v2
+appVersion: 2.6.3
+description: Chaos Mesh is a cloud-native Chaos Engineering platform that orchestrates
+ chaos on Kubernetes environments.
+home: https://chaos-mesh.org
+icon: https://raw.githubusercontent.com/chaos-mesh/chaos-mesh/master/static/logo.svg
+keywords:
+- chaos-engineering
+- resiliency
+- fault-injection
+- kubernetes
+- testing
+maintainers:
+- email: cwen@pingcap.com
+ name: cwen0
+- email: yangkeao@chunibyo.icu
+ name: YangKeao
+- email: wenghao@pingcap.com
+ name: dcalvin
+- email: yb532204897@gmail.com
+ name: yeya24
+- email: tttick@gmail.com
+ name: Gallardot
+name: chaos-mesh
+sources:
+- https://github.com/chaos-mesh/chaos-mesh
+version: 2.6.3
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/README.md b/chaos/train-ticket-simple/charts/chaos-mesh/README.md
new file mode 100644
index 0000000..07af001
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/README.md
@@ -0,0 +1,235 @@
+# Chaos Mesh
+
+[Chaos Mesh](https://github.com/chaos-mesh/chaos-mesh) is a cloud-native Chaos Engineering platform that orchestrates chaos on Kubernetes environments.
+
+## Introduction
+
+This chart bootstraps a [Chaos Mesh](https://github.com/chaos-mesh/chaos-mesh) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Deploy
+
+Before deploying Chaos Mesh, make sure you have installed the [Prerequisites](https://chaos-mesh.org/docs/production-installation-using-helm#prerequisites). And then follow the [install-by-helm](https://chaos-mesh.org/docs/production-installation-using-helm#install-chaos-mesh-using-helm) doc step by step.
+
+## Configuration
+
+The following tables list the configurable parameters of the Chaos Mesh chart and their default values.
+
+| Parameter | Description | Default |
+|--------------------------------------------|----------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
+| `nameOverride` | | `` |
+| `fullnameOverride` | | `` |
+| `customLabels` | Customized labels that will be tagged on all the resources of Chaos Mesh | `{}` |
+| `clusterScoped` | Whether chaos-mesh should manage kubernetes cluster wide chaos.Also see rbac.create and controllerManager.serviceAccount | `true` |
+| `rbac.create` | Creating rbac API Objects. Also see clusterScoped and controllerManager.serviceAccount | `true` |
+| `timezone` | The timezone where controller-manager, chaos-daemon and dashboard uses. For example: `UTC`, `Asia/Shanghai` | `UTC` |
+| `enableProfiling` | A flag to enable pprof in controller-manager and chaos-daemon | `true` |
+| `enableCtrlServer` | A flag to enable ctrlserver which provides service to chaosctl in controller-manager. | `true` |
+| `images.registry` | The global container registry for the images, you could replace it with your self-hosted container registry. | `ghcr.io` |
+| `images.tag` | The global image tag (for example, semiVer with prefix v, or latest). | `latest` |
+| `imagePullSecrets` | Global Docker registry secret names as an array | [] (does not add image pull secrets to deployed pods) |
+| `controllerManager.securityContext` | Pod securityContext if needed | `{}` |
+| `controllerManager.hostNetwork` | Running chaos-controller-manager on host network | `false` |
+| `controllerManager.allowHostNetworkTesting` | Allow testing on `hostNetwork` pods | `false` |
+| `controllerManager.serviceAccount` | The serviceAccount for chaos-controller-manager | `chaos-controller-manager` |
+| `controllerManager.priorityClassName` | Custom priorityClassName for using pod priorities | `` |
+| `controllerManager.replicaCount` | Replicas for chaos-controller-manager | `3` |
+| `controllerManager.image.registry` | Override global registry, empty value means using the global images.registry | `` |
+| `controllerManager.image.repository` | Repository part for image of chaos-controller-manager | `chaos-mesh/chaos-mesh` |
+| `controllerManager.image.tag` | Override global tag, empty value means using the global images.tag | `` |
+| `controllerManager.imagePullPolicy` | Image pull policy | `Always` |
+| `controllerManager.enableFilterNamespace` | If enabled, only pods in the namespace annotated with `"chaos-mesh.org/inject": "enabled"` could be injected | false |
+| `controllerManager.service.type` | Kubernetes Service type for service chaos-controller-manager | `ClusterIP` |
+| `controllerManager.resources` | CPU/Memory resource requests/limits for chaos-controller-manager pod | `{requests: { cpu: "25m", memory: "256Mi" }, limits:{}}` |
+| `controllerManager.nodeSelector` | Node labels for chaos-controller-manager pod assignment | `{}` |
+| `controllerManager.tolerations` | Toleration labels for chaos-controller-manager pod assignment | `[]` |
+| `controllerManager.affinity` | Map of chaos-controller-manager node/pod affinities | `{}` |
+| `controllerManager.podAnnotations` | Pod annotations of chaos-controller-manager | `{}`|
+| `controllerManager.enabledControllers`| A list of controllers to enable. "*" enables all controllers by default. | `["*"]` |
+| `controllerManager.enabledWebhooks`| A list of webhooks to enable. "*" enables all webhooks by default. | `["*"]` |
+| `controllerManager.podChaos.podFailure.pauseImage` | Custom Pause Container Image for Pod Failure Chaos | `gcr.io/google-containers/pause:latest` |
+| `controllerManager.leaderElection.enabled` | Enable leader election for controller manager. | `true` |
+| `controllerManager.leaderElection.leaseDuration` | The duration that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack. | `15s` |
+| `controllerManager.leaderElection.renewDeadline` | The duration that the acting control-plane will retry refreshing leadership before giving up. | `10s` |
+| `controllerManager.leaderElection.retryPeriod` | The duration the LeaderElector clients should wait between tries of actions. | `2s` |
+| `controllerManager.chaosdSecurityMode` | Enabled for mTLS connection between chaos-controller-manager and chaosd | `true` |
+| `chaosDaemon.image.registry` | Override global registry, empty value means using the global images.registry | `` |
+| `chaosDaemon.image.repository` | Repository part for image of chaos-daemon | `chaos-mesh/chaos-daemon` |
+| `chaosDaemon.image.tag` | Override global tag, empty value means using the global images.tag | `` |
+| `chaosDaemon.imagePullPolicy` | Image pull policy | `Always` |
+| `chaosDaemon.grpcPort` | The port which grpc server listens on | `31767` |
+| `chaosDaemon.httpPort` | The port which http server listens on | `31766` |
+| `chaosDaemon.env` | Extra chaosDaemon envs | `{}` |
+| `chaosDaemon.hostNetwork` | Running chaosDaemon on host network | `false` |
+| `chaosDaemon.mtls.enabled` | Enable mtls on the grpc connection between chaos-controller-manager and chaos-daemon | `true` |
+| `chaosDaemon.privileged` | Run chaos-daemon container in privileged mode. If it is set to false, chaos-daemon will be run in some specified capabilities. capabilities: SYS_PTRACE, NET_ADMIN, MKNOD, SYS_CHROOT, SYS_ADMIN, KILL, IPC_LOCK | `true` |
+| `chaosDaemon.priorityClassName` | Custom priorityClassName for using pod priorities | `` |
+| `chaosDaemon.podAnnotations` | Pod annotations of chaos-daemon | `{}` |
+| `chaosDaemon.serviceAccount`| ServiceAccount name for chaos-daemon | `chaos-daemon` |
+| `chaosDaemon.podSecurityPolicy` | Specify PodSecurityPolicy(psp) on chaos-daemon pods | `false`|
+| `chaosDaemon.runtime` | Runtime specifies which container runtime to use. Currently we only supports docker, containerd and CRI-O. | `docker` |
+| `chaosDaemon.socketPath` | Specifiesthe path of container runtime socket on the host. | `/var/run/docker.sock` |
+| `chaosDaemon.resources` | CPU/Memory resource requests/limits for chaosDaemon container | `{}` |
+| `chaosDaemon.nodeSelector` | Node labels for chaos-daemon pod assignment | `{}` |
+| `chaosDaemon.tolerations` | Toleration labels for chaos-daemon pod assignment | `[]` |
+| `chaosDaemon.affinity` | Map of chaos-daemon node/pod affinities | `{}` |
+| `chaosDaemon.updateStrategy` | Specify DaemonSetUpdateStrategy for chaos-daemon | `{}` |
+| `dashboard.create` | Enable chaos-dashboard | `true` |
+| `dashboard.rootUrl` | Specify the base url for openid/oauth2 (like GCP Auth Integration) callback URL. | `http://localhost:2333` |
+| `dashboard.securityContext` | Pod securityContext if needed | `{}` |
+| `dashboard.hostNetwork` | Running chaos-dashboard on host network | `false` |
+| `dashboard.replicaCount` | Replicas of chaos-dashboard | `1` |
+| `dashboard.priorityClassName` | Custom priorityClassName for using pod priorities | `` |
+| `dashboard.serviceAccount` | The serviceAccount for chaos-dashboard | `chaos-dashboard` |
+| `dashboard.image.registry` | Override global registry, empty value means using the global images.registry | `` |
+| `dashboard.image.repository` | Repository part for image of chaos-dashboard | `chaos-mesh/chaos-dashboard` |
+| `dashboard.image.tag` | Override global tag, empty value means using the global images.tag | `` |
+| `dashboard.imagePullPolicy` | Image pull policy | `Always` |
+| `dashboard.securityMode` | Require user to provide credentials on Chaos Dashboard, instead of using chaos-dashboard service account | `true` |
+| `dashboard.gcpSecurityMode` | Enable GCP Authentication Integration, see: for more details | `false` |
+| `dashboard.gcpClientId` | GCP app's client ID with GCP Authentication Integration | `` |
+| `dashboard.gcpClientSecret` | GCP app's client secret with GCP Authentication Integration | `` |
+| `dashboard.nodeSelector` | Node labels for chaos-dashboard pod assignment | `{}` |
+| `dashboard.tolerations` | Toleration labels for chaos-dashboard pod assignment | `[]` |
+| `dashboard.affinity` | Map of chaos-dashboard node/pod affinities | `{}` |
+| `dashboard.podAnnotations` | Deployment chaos-dashboard annotations | `{}` |
+| `dashboard.service.annotations` | Service annotations for the dashboard | `{}` |
+| `dashboard.service.type` | Service type of the service created for exposing the dashboard | `NodePort` |
+| `dashboard.service.clusterIP` | Set the `clusterIP` of the dashboard service if the type is `ClusterIP` | `nil` |
+| `dashboard.service.nodePort` | Set the `nodePort` of the dashboard service if the type is `NodePort` | `nil` |
+| `dashboard.resources` | CPU/Memory resource requests/limits for chaos-dashboard pod | `requests: { cpu: "25m", memory: "256Mi" }, limits:{}` |
+| `dashboard.persistentVolume.enabled` | Enable storage volume for chaos-dashboard. If you are using SQLite as your DB for Chaos Dashboard, it is recommended to enable persistence| `false` |
+| `dashboard.persistentVolume.existingClaim` | Use the existing PVC for persisting chaos event| `` |
+| `dashboard.persistentVolume.size` | Chaos Dashboard data Persistent Volume size | `8Gi` |
+| `dashboard.persistentVolume.storageClassName` | Chaos Dashboard data Persistent Volume Storage Class | `standard` |
+| `dashboard.persistentVolume.mountPath` | Chaos Dashboard data Persistent Volume mount root path | `/data` |
+| `dashboard.persistentVolume.subPath` | Subdirectory of Chaos Dashboard data Persistent Volume to mount | `` |
+| `dashboard.env` | The keys within the `env` map are mounted as environment variables on the Chaos Dashboard pod | `` |
+| `dashboard.env.LISTEN_HOST` | The address which chaos-dashboard would listen on. | `0.0.0.0` |
+| `dashboard.env.LISTEN_PORT` | The port which chaos-dashboard would listen on. | `2333` |
+| `dashboard.env.METRIC_HOST` | The address which metrics endpoints would listen on. | `0.0.0.0` |
+| `dashboard.env.METRIC_PORT` | The address which metrics endpoints would listen on. | `2334` |
+| `dashboard.env.DATABASE_DRIVER`| The db drive used for Chaos Dashboard, support db: sqlite3, mysql| `sqlite3` |
+| `dashboard.env.DATABASE_DATASOURCE`| The db dsn used for Chaos Dashboard | `/data/core.sqlite` |
+| `dashboard.env.CLEAN_SYNC_PERIOD`| Set the sync period to clean up archived data | `12h` |
+| `dashboard.env.TTL_EVENT`| Set TTL of archived event data | `168h` |
+| `dashboard.env.TTL_EXPERIMENT`| Set TTL of archived experiment data | `336h` |
+| `dashboard.env.TTL_SCHEDULE`| Set TTL of archived schedule data | `336h` |
+| `dashboard.env.TTL_WORKFLOW`| Set TTL of archived workflow data | `336h` |
+| `dashboard.ingress.enabled` | Enable the use of the ingress controller to access the dashboard | `false` |
+| `dashboard.ingress.certManager` | Enable Cert-Manager for ingress | `false` |
+| `dashboard.ingress.annotations` | Annotations for the dashboard Ingress | `{}` |
+| `dashboard.ingress.hosts[0].name` | Hostname to your dashboard installation | `dashboard.local` |
+| `dashboard.ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` |
+| `dashboard.ingress.hosts[0].tlsHosts` | Array of TLS hosts for ingress record (defaults to `ingress.hosts[0].name` if `nil`) | `nil` |
+| `dashboard.ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `dashboard.local-tls` |
+| `dashboard.ingress.paths` | Paths that map requests to chaos dashboard | `["/"]` |
+| `dashboard.ingress.apiVersionOverrides` | Override apiVersion of ingress rendered by this helm chart | `` |
+| `dashboard.ingress.ingressClassName` | Defines which ingress controller will implement the resource | `` |
+| `dnsServer.create` | Enable DNS Server which required by DNSChaos | `true` |
+| `dnsServer.serviceAccount` | Name of serviceaccount for chaos-dns-server. | `chaos-dns-server` |
+| `dnsServer.image` | Image of DNS Server | `ghcr.io/chaos-mesh/chaos-coredns:v0.2.6` |
+| `dnsServer.imagePullPolicy` | Image pull policy | `IfNotPresent` |
+| `dnsServer.priorityClassName` | Customized priorityClassName for chaos-dns-server | `` |
+| `dnsServer.nodeSelector` | Node labels for chaos-dns-server pod assignment | `` |
+| `dnsServer.tolerations` | Toleration labels for chaos-dns-server pod assignment | `[]` |
+| `dnsServer.podAnnotations` | Pod annotations of chaos-dns-server | `` |
+| `dnsServer.name` | The service name of chaos-dns-server | `chaos-mesh-dns-server` |
+| `dnsServer.grpcPort` | Grpc port for chaos-dns-server | `9288` |
+| `dnsServer.resources` | CPU/Memory resource requests/limits for chaos-dns-server pod | `requests: { cpu: "100m", memory: "70Mi" }, limits:{}` |
+| `dnsServer.env.LISTEN_HOST` | The address of chaos-dns-server listen on | `0.0.0.0` |
+| `dnsServer.env.LISTEN_PORT` | The port of chaos-dns-server listen on | `53` |
+| `prometheus.create` | Enable prometheus | `false` |
+| `prometheus.serviceAccount` | The serviceAccount for prometheus | `prometheus` |
+| `prometheus.image` | Docker image for prometheus | `prom/prometheus:v2.15.2` |
+| `prometheus.imagePullPolicy` | Image pull policy | `IfNotPresent` |
+| `prometheus.priorityClassName` | Custom priorityClassName for using pod priorities | `` |
+| `prometheus.nodeSelector` | Node labels for prometheus pod assignment | `{}` |
+| `prometheus.tolerations` | Toleration labels for prometheus pod assignment | `[]` |
+| `prometheus.affinity` | Map of prometheus node/pod affinities | `{}` |
+| `prometheus.podAnnotations` | Deployment prometheus annotations | `{}` |
+| `prometheus.resources` | CPU/Memory resource requests/limits for prometheus pod | `requests: { cpu: "250m", memory: "512Mi" }, limits:{ cpu: "500m", memory: "1024Mi" }` |
+| `prometheus.service.type` | Kubernetes Service type | `ClusterIP` |
+| `prometheus.volume.storage` | Storage size of PVC | `2Gi` |
+| `prometheus.volume.storageClassName` | Storage class of PVC | `standard` |
+| `webhook.certManager.enabled` | Setup the webhook using cert-manager | `false` |
+| `webhook.timeoutSeconds` | Timeout for admission webhooks in seconds | `5` |
+| `webhook.FailurePolicy` | Defines how unrecognized errors and timeout errors from the admission webhook are handled | `Fail` |
+| `webhook.CRDS` | Define a list of chaos types that implement admission webhook | `[podchaos,iochaos,timechaos,networkchaos,kernelchaos,stresschaos,awschaos,azurechaos,gcpchaos,dnschaos,jvmchaos,schedule,workflow,httpchaos,bnlockchaos,physicalmachinechaos,phsicalmachine,statuscheck]` |
+| `bpfki.create` | Enable chaos-kernel | `false` |
+| `bpfki.image.registry` | Override global registry, empty value means using the global images.registry | `` |
+| `bpfki.image.repository` | Repository part for image of chaos-kernel | `chaos-mesh/chaos-kernel` |
+| `bpfki.image.tag` | Override global tag, empty value means using the global images.tag | `` |
+| `bpfki.imagePullPolicy` | Image pull policy | `IfNotPresent` |
+| `bpfki.grpcPort` | The port which grpc server listens on | `50051` |
+| `bpfki.resources` | CPU/Memory resource requests/limits for chaos-kernel container | `{}` |
+| `chaosDlv.enable` | Create sidecar remote debugging container | `false` |
+| `chaosDlv.image.registry` | Override global registry, empty value means using the global images.registry | `false` |
+| `chaosDlv.repository` | Repository part for image of chaos-dlv | `chaos-mesh/chaos-dlv` |
+| `chaosDlv.tag` | Override global tag, empty value means using the global images.tag | `false` |
+| `chaosDlv.imagePullPolicy` | Image pull policy | `IfNotPresent` |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+# helm 2.X
+helm install helm/chaos-mesh --name=chaos-mesh --namespace=chaos-mesh
+# helm 3.X
+helm install chaos-mesh helm/chaos-mesh --namespace=chaos-mesh
+```
+
+The above command enable the Chaos Dashboard.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```console
+# helm 2.X
+helm install helm/chaos-mesh --name=chaos-mesh --namespace=chaos-mesh -f values.yaml
+# helm 3.X
+helm install chaos-mesh helm/chaos-mesh --namespace=chaos-mesh -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## Configuration and installation details
+
+### Using cert-manager for certificate management
+
+[Cert-manager](https://github.com/jetstack/cert-manager) may be the default in the K8s world for certificate management now. If you want to install Cert-manager using the [Helm](https://helm.sh) package manager, please refer to the [official documents](https://github.com/jetstack/cert-manager/tree/master/deploy/charts/cert-manager).
+
+Example for deploy Cert-manager
+
+```bash
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
+
+# if Kubernetes > 1.18/Helm 3.2
+helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.6.1 --set installCRDs=true
+
+# else
+kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.crds.yaml
+helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.6.1
+```
+
+In case you want to using Cert-manager for certificate management, you can use the `webhook.certManager.enabled` property.
+
+```yaml
+webhook:
+ certManager:
+ enabled: true
+```
+
+The webhook's cert and the [MutatingAdmissionWebhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook)'s `caBundle` property will be managed by the [Certificate](https://cert-manager.io/docs/usage/certificate/) of Cert-manager.
+
+In case your Cert-manager's option `enable-certificate-owner-ref` is true, it means that deleting a certificate resource will also delete its secret.
+
+The Cert-manager's option `enable-certificate-owner-ref` refer to the following:
+
+>
+>
+>
+
+You can install your Cert-manager looks like this.
+
+```bash
+helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v0.13.1 --set extraArgs={"--enable-certificate-owner-ref"="true"}
+```
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_awschaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_awschaos.yaml
new file mode 100644
index 0000000..579ac8f
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_awschaos.yaml
@@ -0,0 +1,182 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: awschaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: AWSChaos
+ listKind: AWSChaosList
+ plural: awschaos
+ singular: awschaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.action
+ name: action
+ type: string
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: AWSChaos is the Schema for the awschaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AWSChaosSpec is the content of the specification for an AWSChaos
+ properties:
+ action:
+ description: 'Action defines the specific aws chaos action. Supported
+ action: ec2-stop / ec2-restart / detach-volume Default action: ec2-stop'
+ enum:
+ - ec2-stop
+ - ec2-restart
+ - detach-volume
+ type: string
+ awsRegion:
+ description: AWSRegion defines the region of aws.
+ type: string
+ deviceName:
+ description: DeviceName indicates the name of the device. Needed in
+ detach-volume.
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ ec2Instance:
+ description: Ec2Instance indicates the ID of the ec2 instance.
+ type: string
+ endpoint:
+ description: Endpoint indicates the endpoint of the aws server. Just
+ used it in test now.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ type: string
+ volumeID:
+ description: EbsVolume indicates the ID of the EBS volume. Needed
+ in detach-volume.
+ type: string
+ required:
+ - action
+ - awsRegion
+ - ec2Instance
+ type: object
+ status:
+ description: AWSChaosStatus represents the status of an AWSChaos
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_azurechaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_azurechaos.yaml
new file mode 100644
index 0000000..adf4c67
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_azurechaos.yaml
@@ -0,0 +1,183 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: azurechaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: AzureChaos
+ listKind: AzureChaosList
+ plural: azurechaos
+ singular: azurechaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.action
+ name: action
+ type: string
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: AzureChaos is the Schema for the azurechaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AzureChaosSpec is the content of the specification for an
+ AzureChaos
+ properties:
+ action:
+ description: 'Action defines the specific azure chaos action. Supported
+ action: vm-stop / vm-restart / disk-detach Default action: vm-stop'
+ enum:
+ - vm-stop
+ - vm-restart
+ - disk-detach
+ type: string
+ diskName:
+ description: DiskName indicates the name of the disk. Needed in disk-detach.
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ lun:
+ description: LUN indicates the Logical Unit Number of the data disk.
+ Needed in disk-detach.
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ resourceGroupName:
+ description: ResourceGroupName defines the name of ResourceGroup
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret. It
+ is used for Azure credentials.
+ type: string
+ subscriptionID:
+ description: SubscriptionID defines the id of Azure subscription.
+ type: string
+ vmName:
+ description: VMName defines the name of Virtual Machine
+ type: string
+ required:
+ - action
+ - resourceGroupName
+ - subscriptionID
+ - vmName
+ type: object
+ status:
+ description: AzureChaosStatus represents the status of an AzureChaos
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_blockchaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_blockchaos.yaml
new file mode 100644
index 0000000..5e199d0
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_blockchaos.yaml
@@ -0,0 +1,294 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: blockchaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: BlockChaos
+ listKind: BlockChaosList
+ plural: blockchaos
+ singular: blockchaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.action
+ name: action
+ type: string
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: BlockChaos is the Schema for the blockchaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BlockChaosSpec is the content of the specification for a
+ BlockChaos
+ properties:
+ action:
+ description: 'Action defines the specific block chaos action. Supported
+ action: delay'
+ enum:
+ - delay
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the delay distribution.
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ description: Latency defines the latency of every io request.
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to inject
+ chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select nodes. Selector which must match a node's labels, and
+ objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must belong
+ to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a pod
+ at the current time. supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values that
+ used to select pods. The key defines the namespace which pods
+ belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of pods to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ volumeName:
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumeName
+ type: object
+ status:
+ description: BlockChaosStatus represents the status of a BlockChaos
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ ids:
+ additionalProperties:
+ type: integer
+ description: InjectionIds always specifies the number of injected
+ chaos action
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_dnschaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_dnschaos.yaml
new file mode 100644
index 0000000..2dea166
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_dnschaos.yaml
@@ -0,0 +1,286 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: dnschaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: DNSChaos
+ listKind: DNSChaosList
+ plural: dnschaos
+ singular: dnschaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.action
+ name: action
+ type: string
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: DNSChaos is the Schema for the networkchaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a pod chaos experiment
+ properties:
+ action:
+ description: 'Action defines the specific DNS chaos action. Supported
+ action: error, random Default action: error'
+ enum:
+ - error
+ - random
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patterns:
+ description: "Choose which domain names to take effect, support the
+ placeholder ? and wildcard *, or the Specified domain name. Note:
+ \ 1. The wildcard * must be at the end of the string. For example,
+ chaos-*.org is invalid. 2. if the patterns is empty, will take
+ effect on all the domain names. For example: \t\tThe value is [\"google.com\",
+ \"github.*\", \"chaos-mes?.org\"], \t\twill take effect on \"google.com\",
+ \"github.com\" and \"chaos-mesh.org\""
+ items:
+ type: string
+ type: array
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to inject
+ chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select nodes. Selector which must match a node's labels, and
+ objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must belong
+ to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a pod
+ at the current time. supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values that
+ used to select pods. The key defines the namespace which pods
+ belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of pods to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ status:
+ description: Most recently observed status of the chaos experiment about
+ pods
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_gcpchaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_gcpchaos.yaml
new file mode 100644
index 0000000..c09bec2
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_gcpchaos.yaml
@@ -0,0 +1,185 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: gcpchaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: GCPChaos
+ listKind: GCPChaosList
+ plural: gcpchaos
+ singular: gcpchaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.action
+ name: action
+ type: string
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: GCPChaos is the Schema for the gcpchaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: GCPChaosSpec is the content of the specification for a GCPChaos
+ properties:
+ action:
+ description: 'Action defines the specific gcp chaos action. Supported
+ action: node-stop / node-reset / disk-loss Default action: node-stop'
+ enum:
+ - node-stop
+ - node-reset
+ - disk-loss
+ type: string
+ deviceNames:
+ description: The device name of disks to detach. Needed in disk-loss.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ instance:
+ description: Instance defines the name of the instance
+ type: string
+ project:
+ description: Project defines the ID of gcp project.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret. It
+ is used for GCP credentials.
+ type: string
+ zone:
+ description: Zone defines the zone of gcp project.
+ type: string
+ required:
+ - action
+ - instance
+ - project
+ - zone
+ type: object
+ status:
+ description: GCPChaosStatus represents the status of a GCPChaos
+ properties:
+ attachedDiskStrings:
+ description: The attached disk info strings. Needed in disk-loss.
+ items:
+ type: string
+ type: array
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_httpchaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_httpchaos.yaml
new file mode 100644
index 0000000..bfbf6b0
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_httpchaos.yaml
@@ -0,0 +1,403 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: httpchaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: HTTPChaos
+ listKind: HTTPChaosList
+ plural: httpchaos
+ singular: httpchaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: HTTPChaos is the Schema for the HTTPchaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ abort:
+ description: Abort is a rule to abort a http session.
+ type: boolean
+ code:
+ description: Code is a rule to select target by http status code in
+ response.
+ format: int32
+ type: integer
+ delay:
+ description: Delay represents the delay of the target request/response.
+ A duration string is a possibly unsigned sequence of decimal numbers,
+ each with optional fraction and a unit suffix, such as "300ms",
+ "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m",
+ "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ method:
+ description: Method is a rule to select target by http method in request.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents in target.
+ properties:
+ body:
+ description: Body is a rule to patch message body of target.
+ properties:
+ type:
+ description: Type represents the patch type, only support
+ `JSON` as [merge patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append http headers of target.
+ For example: `[["Set-Cookie", ""], ["Set-Cookie",
+ ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append uri queries of target(Request
+ only). For example: `[["foo", "bar"], ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ path:
+ description: Path is a rule to select target by uri path in http request.
+ type: string
+ port:
+ description: Port represents the target port to be proxy of.
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ replace:
+ description: Replace is a rule to replace some contents in target.
+ properties:
+ body:
+ description: Body is a rule to replace http message body in target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http status code in response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace http headers of target.
+ The key-value pairs represent header name and header value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace http method in request.
+ type: string
+ path:
+ description: Path is rule to to replace uri path in http request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace uri queries in http
+ request. For example, with value `{ "foo": "unknown" }`, the
+ `/?foo=bar` will be altered to `/?foo=unknown`,'
+ type: object
+ type: object
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select target by http headers
+ in request. The key-value pairs represent header name and header
+ value pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select target by http headers
+ in response. The key-value pairs represent header name and header
+ value pairs.
+ type: object
+ selector:
+ description: Selector is used to select pods that are used to inject
+ chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select nodes. Selector which must match a node's labels, and
+ objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must belong
+ to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a pod
+ at the current time. supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values that
+ used to select pods. The key defines the namespace which pods
+ belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target is the object to be selected and injected.
+ enum:
+ - Request
+ - Response
+ type: string
+ tls:
+ description: TLS is the tls config, will override PodHttpChaos if
+ there are multiple HTTPChaos experiments are applied
+ properties:
+ caName:
+ description: CAName represents the data name of ca file in secret,
+ `ca.crt` for example
+ type: string
+ certName:
+ description: CertName represents the data name of cert file in
+ secret, `tls.crt` for example
+ type: string
+ keyName:
+ description: KeyName represents the data name of key file in secret,
+ `tls.key` for example
+ type: string
+ secretName:
+ description: SecretName represents the name of required secret
+ resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents the namespace of required
+ secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of pods to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - target
+ type: object
+ status:
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ instances:
+ additionalProperties:
+ format: int64
+ type: integer
+ description: Instances always specifies podhttpchaos generation or
+ empty
+ type: object
+ required:
+ - experiment
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_iochaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_iochaos.yaml
new file mode 100644
index 0000000..7e5a4b9
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_iochaos.yaml
@@ -0,0 +1,407 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: iochaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: IOChaos
+ listKind: IOChaosList
+ plural: iochaos
+ singular: iochaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.action
+ name: action
+ type: string
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IOChaos is the Schema for the iochaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IOChaosSpec defines the desired state of IOChaos
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos action. Supported
+ action: latency / fault / attrOverride / mistake'
+ enum:
+ - latency
+ - fault
+ - attrOverride
+ - mistake
+ type: string
+ attr:
+ description: Attr defines the overrided attribution
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of file
+ type: string
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ uid:
+ format: int32
+ type: integer
+ type: object
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the value of I/O chaos action delay. A
+ delay string is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as "300ms". Valid
+ time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ It is required when the action is `PodFailureAction`. A duration
+ string is a possibly signed sequence of decimal numbers, each with
+ optional fraction and a unit suffix, such as "300ms", "-1.5h" or
+ "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m",
+ "h".
+ type: string
+ errno:
+ description: 'Errno defines the error code that returned by I/O action.
+ refer to: https://www-numi.fnal.gov/offline_software/srt_public_context/WebDocs/Errors/unix_system_errors.html'
+ format: int32
+ type: integer
+ methods:
+ description: 'Methods defines the I/O methods for injecting I/O chaos
+ action. default: all I/O methods.'
+ items:
+ type: string
+ type: array
+ mistake:
+ description: Mistake defines what types of incorrectness are injected
+ to IO operations
+ properties:
+ filling:
+ description: Filling determines what is filled in the mistake
+ data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data segment in bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences] segments of wrong
+ data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ path:
+ description: Path defines the path of files for injecting I/O chaos
+ action.
+ type: string
+ percent:
+ default: 100
+ description: 'Percent defines the percentage of injection errors and
+ provides a number from 0-100. default: 100.'
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to inject
+ chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select nodes. Selector which must match a node's labels, and
+ objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must belong
+ to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a pod
+ at the current time. supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values that
+ used to select pods. The key defines the namespace which pods
+ belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of pods to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ volumePath:
+ description: VolumePath represents the mount path of injected volume
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumePath
+ type: object
+ status:
+ description: IOChaosStatus defines the observed state of IOChaos
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ instances:
+ additionalProperties:
+ format: int64
+ type: integer
+ description: Instances always specifies podiochaos generation or empty
+ type: object
+ required:
+ - experiment
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_jvmchaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_jvmchaos.yaml
new file mode 100644
index 0000000..58541ec
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_jvmchaos.yaml
@@ -0,0 +1,330 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: jvmchaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: JVMChaos
+ listKind: JVMChaosList
+ plural: jvmchaos
+ singular: jvmchaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.action
+ name: action
+ type: string
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: JVMChaos is the Schema for the jvmchaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: JVMChaosSpec defines the desired state of JVMChaos
+ properties:
+ action:
+ description: 'Action defines the specific jvm chaos action. Supported
+ action: latency;return;exception;stress;gc;ruleData'
+ enum:
+ - latency
+ - return
+ - exception
+ - stress
+ - gc
+ - ruleData
+ - mysql
+ type: string
+ class:
+ description: Java class
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ cpuCount:
+ description: the CPU core number needs to use, only set it when action
+ is stress
+ type: integer
+ database:
+ description: the match database default value is "", means match all
+ database
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ exception:
+ description: the exception which needs to throw for action `exception`
+ or the exception message needs to throw in action `mysql`
+ type: string
+ latency:
+ description: the latency duration for action 'latency', unit ms or
+ the latency duration in action `mysql`
+ type: integer
+ memType:
+ description: the memory type needs to locate, only set it when action
+ is stress, the value can be 'stack' or 'heap'
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only support 5.X.X(set
+ to "5") and 8.X.X(set to "8") now
+ type: string
+ name:
+ description: byteman rule name, should be unique, and will generate
+ one if not set
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ ruleData:
+ description: the byteman rule's data for action 'ruleData'
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to inject
+ chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select nodes. Selector which must match a node's labels, and
+ objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must belong
+ to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a pod
+ at the current time. supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values that
+ used to select pods. The key defines the namespace which pods
+ belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ sqlType:
+ description: the match sql type default value is "", means match all
+ SQL type. The value can be 'select', 'insert', 'update', 'delete',
+ 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means match all
+ table
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of pods to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ status:
+ description: JVMChaosStatus defines the observed state of JVMChaos
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ required:
+ - experiment
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_kernelchaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_kernelchaos.yaml
new file mode 100644
index 0000000..7b28703
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_kernelchaos.yaml
@@ -0,0 +1,332 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: kernelchaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: KernelChaos
+ listKind: KernelChaosList
+ plural: kernelchaos
+ singular: kernelchaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: KernelChaos is the Schema for the kernelchaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a kernel chaos experiment
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ failKernRequest:
+ description: FailKernRequest defines the request of kernel injection
+ properties:
+ callchain:
+ description: 'Callchain indicate a special call chain, such as: ext4_mount ->
+ mount_subtree -> ... -> should_failslab
+ With an optional set of predicates and an optional set of parameters,
+ which used with predicates. You can read call chan and predicate
+ examples from https://github.com/chaos-mesh/bpfki/tree/develop/examples
+ to learn more. If no special call chain, just keep Callchain
+ empty, which means it will fail at any call chain with slab
+ alloc (eg: kmalloc).'
+ items:
+ description: Frame defines the function signature and predicate
+ in function's body
+ properties:
+ funcname:
+ description: Funcname can be find from kernel source or
+ `/proc/kallsyms`, such as `ext4_mount`
+ type: string
+ parameters:
+ description: Parameters is used with predicate, for example,
+ if you want to inject slab error in `d_alloc_parallel(struct
+ dentry *parent, const struct qstr *name)` with a special
+ name `bananas`, you need to set it to `struct dentry *parent,
+ const struct qstr *name` otherwise omit it.
+ type: string
+ predicate:
+ description: Predicate will access the arguments of this
+ Frame, example with Parameters's, you can set it to `STRNCMP(name->name,
+ "bananas", 8)` to make inject only with it, or omit it
+ to inject for all d_alloc_parallel call chain.
+ type: string
+ type: object
+ type: array
+ failtype:
+ description: 'FailType indicates what to fail, can be set to ''0''
+ / ''1'' / ''2'' If `0`, indicates slab to fail (should_failslab)
+ If `1`, indicates alloc_page to fail (should_fail_alloc_page)
+ If `2`, indicates bio to fail (should_fail_bio) You can read: 1.
+ https://www.kernel.org/doc/html/latest/fault-injection/fault-injection.html 2.
+ http://github.com/iovisor/bcc/blob/master/tools/inject_example.txt
+ to learn more'
+ format: int32
+ maximum: 2
+ minimum: 0
+ type: integer
+ headers:
+ description: 'Headers indicates the appropriate kernel headers
+ you need. Eg: "linux/mmzone.h", "linux/blkdev.h" and so on'
+ items:
+ type: string
+ type: array
+ probability:
+ description: Probability indicates the fails with probability.
+ If you want 1%, please set this field with 1.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ times:
+ description: Times indicates the max times of fails.
+ format: int32
+ minimum: 0
+ type: integer
+ required:
+ - failtype
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to inject
+ chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select nodes. Selector which must match a node's labels, and
+ objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must belong
+ to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a pod
+ at the current time. supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values that
+ used to select pods. The key defines the namespace which pods
+ belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of pods to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ required:
+ - failKernRequest
+ - mode
+ - selector
+ type: object
+ status:
+ description: Most recently observed status of the kernel chaos experiment
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_networkchaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_networkchaos.yaml
new file mode 100644
index 0000000..8ec0398
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_networkchaos.yaml
@@ -0,0 +1,516 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: networkchaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: NetworkChaos
+ listKind: NetworkChaosList
+ plural: networkchaos
+ singular: networkchaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.action
+ name: action
+ type: string
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: NetworkChaos is the Schema for the networkchaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a pod chaos experiment
+ properties:
+ action:
+ description: 'Action defines the specific network chaos action. Supported
+ action: partition, netem, delay, loss, duplicate, corrupt Default
+ action: delay'
+ enum:
+ - netem
+ - delay
+ - loss
+ - duplicate
+ - corrupt
+ - partition
+ - bandwidth
+ type: string
+ bandwidth:
+ description: Bandwidth represents the detail about bandwidth control
+ action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount of bytes that tokens
+ can be available for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes that can be queued waiting
+ for tokens to become available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size of the peakrate bucket.
+ For perfect accuracy, should be set to the MTU of the interface. If
+ a peakrate is needed, but some burstiness is acceptable, this
+ size can be raised. A 3000 byte minburst allows around 3mbit/s
+ of peakrate, given 1000 byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion rate of the bucket.
+ The peakrate does not need to be set, it is only necessary if
+ perfect millisecond timescale shaping is required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows bps, kbps, mbps, gbps,
+ tbps unit. bps means bytes per second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about corrupt action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about delay action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details of packet reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device to be affected.
+ type: string
+ direction:
+ default: to
+ description: Direction represents the direction, this applies on netem
+ and network partition action
+ enum:
+ - to
+ - from
+ - both
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ externalTargets:
+ description: ExternalTargets represents network targets outside k8s
+ items:
+ type: string
+ type: array
+ loss:
+ description: Loss represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to inject
+ chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select nodes. Selector which must match a node's labels, and
+ objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must belong
+ to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a pod
+ at the current time. supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values that
+ used to select pods. The key defines the namespace which pods
+ belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target represents network target, this applies on netem
+ and network partition action
+ properties:
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ targetDevice:
+ description: TargetDevice represents the network device to be affected
+ in target scope.
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of pods to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ status:
+ description: Most recently observed status of the chaos experiment about
+ pods
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ instances:
+ additionalProperties:
+ format: int64
+ type: integer
+ description: Instances always specifies podnetworkchaos generation
+ or empty
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_physicalmachinechaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_physicalmachinechaos.yaml
new file mode 100644
index 0000000..5b5f70a
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_physicalmachinechaos.yaml
@@ -0,0 +1,1099 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: physicalmachinechaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: PhysicalMachineChaos
+ listKind: PhysicalMachineChaosList
+ plural: physicalmachinechaos
+ singular: physicalmachinechaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.action
+ name: action
+ type: string
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: PhysicalMachineChaos is the Schema for the physical machine chaos
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a physical machine chaos experiment
+ properties:
+ action:
+ description: the subAction, generate automatically
+ enum:
+ - stress-cpu
+ - stress-mem
+ - disk-read-payload
+ - disk-write-payload
+ - disk-fill
+ - network-corrupt
+ - network-duplicate
+ - network-loss
+ - network-delay
+ - network-partition
+ - network-dns
+ - network-bandwidth
+ - network-flood
+ - network-down
+ - process
+ - jvm-exception
+ - jvm-gc
+ - jvm-latency
+ - jvm-return
+ - jvm-stress
+ - jvm-rule-data
+ - jvm-mysql
+ - clock
+ - redis-expiration
+ - redis-penetration
+ - redis-cacheLimit
+ - redis-restart
+ - redis-stop
+ - kafka-fill
+ - kafka-flood
+ - kafka-io
+ - file-create
+ - file-modify
+ - file-delete
+ - file-rename
+ - file-append
+ - file-replace
+ - vm
+ - user_defined
+ type: string
+ address:
+ description: 'DEPRECATED: Use Selector instead. Only one of Address
+ and Selector could be specified.'
+ items:
+ type: string
+ type: array
+ clock:
+ properties:
+ clock-ids-slice:
+ description: the identifier of the particular clock on which to
+ act. More clock description in linux kernel can be found in
+ man page of clock_getres, clock_gettime, clock_settime. Muti
+ clock ids should be split with ","
+ type: string
+ pid:
+ description: the pid of target program.
+ type: integer
+ time-offset:
+ description: specifies the length of time offset.
+ type: string
+ type: object
+ disk-fill:
+ properties:
+ fill-by-fallocate:
+ description: fill disk by fallocate
+ type: boolean
+ path:
+ description: specifies the location to fill data in. if path not
+ provided, payload will read/write from/into a temp file, temp
+ file will be deleted after writing
+ type: string
+ size:
+ description: 'specifies how many units of data will write into
+ the file path. support unit: c=1, w=2, b=512, kB=1000, K=1024,
+ MB=1000*1000, M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-read-payload:
+ properties:
+ path:
+ description: specifies the location to fill data in. if path not
+ provided, payload will read/write from/into a temp file, temp
+ file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work on writing,
+ default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will write into
+ the file path. support unit: c=1, w=2, b=512, kB=1000, K=1024,
+ MB=1000*1000, M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-write-payload:
+ properties:
+ path:
+ description: specifies the location to fill data in. if path not
+ provided, payload will read/write from/into a temp file, temp
+ file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work on writing,
+ default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will write into
+ the file path. support unit: c=1, w=2, b=512, kB=1000, K=1024,
+ MB=1000*1000, M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ file-append:
+ properties:
+ count:
+ description: Count is the number of times to append the data.
+ type: integer
+ data:
+ description: Data is the data for append.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created, modified,
+ deleted, renamed, or appended.
+ type: string
+ type: object
+ file-create:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created, modified,
+ deleted, renamed, or appended.
+ type: string
+ type: object
+ file-delete:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created, modified,
+ deleted, renamed, or appended.
+ type: string
+ type: object
+ file-modify:
+ properties:
+ file-name:
+ description: FileName is the name of the file to be created, modified,
+ deleted, renamed, or appended.
+ type: string
+ privilege:
+ description: Privilege is the file privilege to be set.
+ format: int32
+ type: integer
+ type: object
+ file-rename:
+ properties:
+ dest-file:
+ description: DestFile is the name to be renamed.
+ type: string
+ source-file:
+ description: SourceFile is the name need to be renamed.
+ type: string
+ type: object
+ file-replace:
+ properties:
+ dest-string:
+ description: DestStr is the destination string of the file.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created, modified,
+ deleted, renamed, or appended.
+ type: string
+ line:
+ description: Line is the line number of the file to be replaced.
+ type: integer
+ origin-string:
+ description: OriginStr is the origin string of the file.
+ type: string
+ type: object
+ http-abort:
+ properties:
+ code:
+ description: Code is a rule to select target by http status code
+ in response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP connection,
+ we will only attack HTTP connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - proxy_ports
+ - target
+ type: object
+ http-config:
+ properties:
+ file_path:
+ description: The config file path
+ type: string
+ type: object
+ http-delay:
+ properties:
+ code:
+ description: Code is a rule to select target by http status code
+ in response
+ type: string
+ delay:
+ description: Delay represents the delay of the target request/response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP connection,
+ we will only attack HTTP connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - delay
+ - proxy_ports
+ - target
+ type: object
+ http-request:
+ description: used for HTTP request, now only support GET
+ properties:
+ count:
+ description: The number of requests to send
+ type: integer
+ enable-conn-pool:
+ description: Enable connection pool
+ type: boolean
+ url:
+ description: Request to send"
+ type: string
+ type: object
+ jvm-exception:
+ properties:
+ class:
+ description: Java class
+ type: string
+ exception:
+ description: the exception which needs to throw for action `exception`
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-gc:
+ properties:
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-latency:
+ properties:
+ class:
+ description: Java class
+ type: string
+ latency:
+ description: the latency duration for action 'latency', unit ms
+ type: integer
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-mysql:
+ properties:
+ database:
+ description: the match database default value is "", means match
+ all database
+ type: string
+ exception:
+ description: The exception which needs to throw for action `exception`
+ or the exception message needs to throw in action `mysql`
+ type: string
+ latency:
+ description: The latency duration for action 'latency' or the
+ latency duration in action `mysql`
+ type: integer
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only support
+ 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ sqlType:
+ description: the match sql type default value is "", means match
+ all SQL type. The value can be 'select', 'insert', 'update',
+ 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means match
+ all table
+ type: string
+ type: object
+ jvm-return:
+ properties:
+ class:
+ description: Java class
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ value:
+ description: the return value for action 'return'
+ type: string
+ type: object
+ jvm-rule-data:
+ properties:
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ rule-data:
+ description: RuleData used to save the rule file's data, will
+ use it when recover
+ type: string
+ type: object
+ jvm-stress:
+ properties:
+ cpu-count:
+ description: the CPU core number need to use, only set it when
+ action is stress
+ type: integer
+ mem-type:
+ description: the memory type need to locate, only set it when
+ action is stress, the value can be 'stack' or 'heap'
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ kafka-fill:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ maxBytes:
+ description: The max bytes to fill
+ format: int64
+ type: integer
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ reloadCommand:
+ description: The command to reload kafka config
+ type: string
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-flood:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ threads:
+ description: The number of worker threads
+ type: integer
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-io:
+ properties:
+ configFile:
+ description: The path of server config
+ type: string
+ nonReadable:
+ description: Make kafka cluster non-readable
+ type: boolean
+ nonWritable:
+ description: Make kafka cluster non-writable
+ type: boolean
+ topic:
+ description: The topic to attack
+ type: string
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ network-bandwidth:
+ properties:
+ buffer:
+ format: int32
+ minimum: 1
+ type: integer
+ device:
+ type: string
+ hostname:
+ type: string
+ ip-address:
+ type: string
+ limit:
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ format: int32
+ type: integer
+ peakrate:
+ format: int64
+ type: integer
+ rate:
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ network-corrupt:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination ports,
+ use a ',' to separate or to indicate the range, such as 80,
+ 8001:8010. it can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol, supported:
+ tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to corrupt (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source ports,
+ use a ',' to separate or to indicate the range, such as 80,
+ 8001:8010. it can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ type: object
+ network-delay:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp flag can be accepted,
+ others will be dropped. only set when the IPProtocol is tcp,
+ used for partition.
+ type: string
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination ports,
+ use a ',' to separate or to indicate the range, such as 80,
+ 8001:8010. it can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol, supported:
+ tcp, udp, icmp, all'
+ type: string
+ jitter:
+ description: 'jitter time, time units: ns, us (or µs), ms, s,
+ m, h.'
+ type: string
+ latency:
+ description: 'delay egress time, time units: ns, us (or µs), ms,
+ s, m, h.'
+ type: string
+ source-port:
+ description: only impact egress traffic from these source ports,
+ use a ',' to separate or to indicate the range, such as 80,
+ 8001:8010. it can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ type: object
+ network-dns:
+ properties:
+ dns-domain-name:
+ description: map this host to specified IP
+ type: string
+ dns-ip:
+ description: map specified host to this IP address
+ type: string
+ dns-server:
+ description: update the DNS server in /etc/resolv.conf with this
+ value
+ type: string
+ type: object
+ network-down:
+ properties:
+ device:
+ description: The network interface to impact
+ type: string
+ duration:
+ description: 'NIC down time, time units: ns, us (or µs), ms, s,
+ m, h.'
+ type: string
+ type: object
+ network-duplicate:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination ports,
+ use a ',' to separate or to indicate the range, such as 80,
+ 8001:8010. it can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol, supported:
+ tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to duplicate (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source ports,
+ use a ',' to separate or to indicate the range, such as 80,
+ 8001:8010. it can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ type: object
+ network-flood:
+ properties:
+ duration:
+ description: The number of seconds to run the iperf test
+ type: string
+ ip-address:
+ description: Generate traffic to this IP address
+ type: string
+ parallel:
+ description: The number of iperf parallel client threads to run
+ format: int32
+ type: integer
+ port:
+ description: Generate traffic to this port on the IP address
+ type: string
+ rate:
+ description: The speed of network traffic, allows bps, kbps, mbps,
+ gbps, tbps unit. bps means bytes per second
+ type: string
+ required:
+ - duration
+ - rate
+ type: object
+ network-loss:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination ports,
+ use a ',' to separate or to indicate the range, such as 80,
+ 8001:8010. it can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol, supported:
+ tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to loss (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source ports,
+ use a ',' to separate or to indicate the range, such as 80,
+ 8001:8010. it can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ type: object
+ network-partition:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp flag can be accepted,
+ others will be dropped. only set when the IPProtocol is tcp,
+ used for partition.
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ direction:
+ description: specifies the partition direction, values can be
+ 'from', 'to'. 'from' means packets coming from the 'IPAddress'
+ or 'Hostname' and going to your server, 'to' means packets originating
+ from your server and going to the 'IPAddress' or 'Hostname'.
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ type: object
+ process:
+ properties:
+ process:
+ description: the process name or the process ID
+ type: string
+ recoverCmd:
+ description: the command to be run when recovering experiment
+ type: string
+ signal:
+ description: the signal number to send
+ type: integer
+ type: object
+ redis-cacheLimit:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ cacheSize:
+ description: The size of `maxmemory`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ percent:
+ description: Specifies maxmemory as a percentage of the original
+ value
+ type: string
+ type: object
+ redis-expiration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ expiration:
+ description: The expiration of the keys
+ type: string
+ key:
+ description: The keys to be expired
+ type: string
+ option:
+ description: Additional options for `expiration`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ type: object
+ redis-penetration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ requestNum:
+ description: The number of requests to be sent
+ type: integer
+ type: object
+ redis-restart:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line tool
+ type: boolean
+ type: object
+ redis-stop:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line tool
+ type: boolean
+ type: object
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select physical machines that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ physicalMachines:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: PhysicalMachines is a map of string keys and a set
+ values that used to select physical machines. The key defines
+ the namespace which physical machine belong, and each value
+ is a set of physical machine names.
+ type: object
+ type: object
+ stress-cpu:
+ properties:
+ load:
+ description: specifies P percent loading per CPU worker. 0 is
+ effectively a sleep (no load) and 100 is full loading.
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: specifies N workers to apply the stressor.
+ type: integer
+ type: object
+ stress-mem:
+ properties:
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: specifies N bytes consumed per vm worker, default
+ is the total available memory. One can specify the size as %
+ of total available memory or in units of B, KB/KiB, MB/MiB,
+ GB/GiB, TB/TiB..
+ type: string
+ type: object
+ uid:
+ description: the experiment ID
+ type: string
+ user_defined:
+ properties:
+ attackCmd:
+ description: The command to be executed when attack
+ type: string
+ recoverCmd:
+ description: The command to be executed when recover
+ type: string
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of physical machines to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of physical machines
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do chaos
+ action
+ type: string
+ vm:
+ properties:
+ vm-name:
+ description: The name of the VM to be injected
+ type: string
+ type: object
+ required:
+ - action
+ - mode
+ type: object
+ status:
+ description: Most recently observed status of the chaos experiment
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_physicalmachines.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_physicalmachines.yaml
new file mode 100644
index 0000000..9afe8bb
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_physicalmachines.yaml
@@ -0,0 +1,55 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: physicalmachines.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: PhysicalMachine
+ listKind: PhysicalMachineList
+ plural: physicalmachines
+ singular: physicalmachine
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: PhysicalMachine is the Schema for the physical machine API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a physical machine
+ properties:
+ address:
+ description: Address represents the address of the physical machine
+ type: string
+ required:
+ - address
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podchaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podchaos.yaml
new file mode 100644
index 0000000..3359311
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podchaos.yaml
@@ -0,0 +1,282 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: podchaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: PodChaos
+ listKind: PodChaosList
+ plural: podchaos
+ singular: podchaos
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: PodChaos is the control script`s spec.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a pod chaos experiment
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos action. Supported
+ action: pod-kill / pod-failure / container-kill Default action:
+ pod-kill'
+ enum:
+ - pod-kill
+ - pod-failure
+ - container-kill
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action.
+ It is required when the action is `PodFailureAction`. A duration
+ string is a possibly signed sequence of decimal numbers, each with
+ optional fraction and a unit suffix, such as "300ms", "-1.5h" or
+ "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m",
+ "h".
+ type: string
+ gracePeriod:
+ description: GracePeriod is used in pod-kill action. It represents
+ the duration in seconds before the pod should be deleted. Value
+ must be non-negative integer. The default value is zero that indicates
+ delete immediately.
+ format: int64
+ minimum: 0
+ type: integer
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to inject
+ chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select nodes. Selector which must match a node's labels, and
+ objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must belong
+ to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a pod
+ at the current time. supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values that
+ used to select pods. The key defines the namespace which pods
+ belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of pods to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ status:
+ description: Most recently observed status of the chaos experiment about
+ pods
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podhttpchaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podhttpchaos.yaml
new file mode 100644
index 0000000..a6f099f
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podhttpchaos.yaml
@@ -0,0 +1,245 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: podhttpchaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: PodHttpChaos
+ listKind: PodHttpChaosList
+ plural: podhttpchaos
+ singular: podhttpchaos
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: PodHttpChaos is the Schema for the podhttpchaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: PodHttpChaosSpec defines the desired state of PodHttpChaos.
+ properties:
+ rules:
+ description: Rules are a list of injection rule for http request.
+ items:
+ description: PodHttpChaosRule defines the injection rule for http.
+ properties:
+ actions:
+ description: Actions contains rules to inject target.
+ properties:
+ abort:
+ description: Abort is a rule to abort a http session.
+ type: boolean
+ delay:
+ description: Delay represents the delay of the target request/response.
+ A duration string is a possibly unsigned sequence of decimal
+ numbers, each with optional fraction and a unit suffix,
+ such as "300ms", "2h45m". Valid time units are "ns", "us"
+ (or "µs"), "ms", "s", "m", "h".
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents in target.
+ properties:
+ body:
+ description: Body is a rule to patch message body of
+ target.
+ properties:
+ type:
+ description: Type represents the patch type, only
+ support `JSON` as [merge patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append http headers
+ of target. For example: `[["Set-Cookie", ""],
+ ["Set-Cookie", ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append uri queries
+ of target(Request only). For example: `[["foo", "bar"],
+ ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ replace:
+ description: Replace is a rule to replace some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to replace http message
+ body in target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http status code
+ in response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace http headers
+ of target. The key-value pairs represent header name
+ and header value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace http method
+ in request.
+ type: string
+ path:
+ description: Path is rule to to replace uri path in
+ http request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace uri queries
+ in http request. For example, with value `{ "foo":
+ "unknown" }`, the `/?foo=bar` will be altered to `/?foo=unknown`,'
+ type: object
+ type: object
+ type: object
+ port:
+ description: Port represents the target port to be proxy of.
+ format: int32
+ type: integer
+ selector:
+ description: Selector contains the rules to select target.
+ properties:
+ code:
+ description: Code is a rule to select target by http status
+ code in response.
+ format: int32
+ type: integer
+ method:
+ description: Method is a rule to select target by http method
+ in request.
+ type: string
+ path:
+ description: Path is a rule to select target by uri path
+ in http request.
+ type: string
+ port:
+ description: Port is a rule to select server listening on
+ specific port.
+ format: int32
+ type: integer
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select target by
+ http headers in request. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select target
+ by http headers in response. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ type: object
+ source:
+ description: Source represents the source of current rules
+ type: string
+ target:
+ description: Target is the object to be selected and injected,
+ .
+ type: string
+ required:
+ - actions
+ - port
+ - selector
+ - target
+ type: object
+ type: array
+ tls:
+ description: TLS is the tls config, will be override if there are
+ multiple HTTPChaos experiments are applied
+ properties:
+ caName:
+ description: CAName represents the data name of ca file in secret,
+ `ca.crt` for example
+ type: string
+ certName:
+ description: CertName represents the data name of cert file in
+ secret, `tls.crt` for example
+ type: string
+ keyName:
+ description: KeyName represents the data name of key file in secret,
+ `tls.key` for example
+ type: string
+ secretName:
+ description: SecretName represents the name of required secret
+ resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents the namespace of required
+ secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ type: object
+ status:
+ description: PodHttpChaosStatus defines the actual state of PodHttpChaos.
+ properties:
+ failedMessage:
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ pid:
+ description: Pid represents a running tproxy process id.
+ format: int64
+ type: integer
+ startTime:
+ description: StartTime represents the start time of a tproxy process.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podiochaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podiochaos.yaml
new file mode 100644
index 0000000..08cc650
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podiochaos.yaml
@@ -0,0 +1,215 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: podiochaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: PodIOChaos
+ listKind: PodIOChaosList
+ plural: podiochaos
+ singular: podiochaos
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: PodIOChaos is the Schema for the podiochaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: PodIOChaosSpec defines the desired state of IOChaos
+ properties:
+ actions:
+ description: Actions are a list of IOChaos actions
+ items:
+ description: IOChaosAction defines a possible action of IOChaos
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ faults:
+ description: Faults represents the fault to inject
+ items:
+ description: IoFault represents the fault to inject and their
+ weight
+ properties:
+ errno:
+ format: int32
+ type: integer
+ weight:
+ format: int32
+ type: integer
+ required:
+ - errno
+ - weight
+ type: object
+ type: array
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of file
+ type: string
+ latency:
+ description: Latency represents the latency to inject
+ type: string
+ methods:
+ description: Methods represents the method that the action will
+ inject in
+ items:
+ type: string
+ type: array
+ mistake:
+ description: MistakeSpec represents the mistake to inject
+ properties:
+ filling:
+ description: Filling determines what is filled in the mistake
+ data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data segment in bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences] segments
+ of wrong data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ path:
+ description: Path represents a glob of injecting path
+ type: string
+ percent:
+ description: Percent represents the percent probability of injecting
+ this action
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ source:
+ description: Source represents the source of current rules
+ type: string
+ type:
+ description: IOChaosType represents the type of IOChaos Action
+ type: string
+ uid:
+ format: int32
+ type: integer
+ required:
+ - path
+ - percent
+ - type
+ type: object
+ type: array
+ container:
+ description: 'TODO: support multiple different container to inject
+ in one pod'
+ type: string
+ volumeMountPath:
+ description: 'VolumeMountPath represents the target mount path It
+ must be a root of mount path now. TODO: search the mount parent
+ of any path automatically. TODO: support multiple different volume
+ mount path in one pod'
+ type: string
+ required:
+ - volumeMountPath
+ type: object
+ status:
+ properties:
+ failedMessage:
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ pid:
+ description: Pid represents a running toda process id
+ format: int64
+ type: integer
+ startTime:
+ description: StartTime represents the start time of a toda process
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podnetworkchaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podnetworkchaos.yaml
new file mode 100644
index 0000000..b47d3b8
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_podnetworkchaos.yaml
@@ -0,0 +1,260 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: podnetworkchaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: PodNetworkChaos
+ listKind: PodNetworkChaosList
+ plural: podnetworkchaos
+ singular: podnetworkchaos
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: PodNetworkChaos is the Schema for the PodNetworkChaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a pod chaos experiment
+ properties:
+ ipsets:
+ description: The ipset on the pod
+ items:
+ description: RawIPSet represents an ipset on specific pod
+ properties:
+ cidrAndPorts:
+ description: The contents of ipset. Only available when IPSetType
+ is NetPortIPSet.
+ items:
+ description: CidrAndPort represents CIDR and port pair
+ properties:
+ cidr:
+ type: string
+ port:
+ maximum: 65535
+ minimum: 1
+ type: integer
+ required:
+ - cidr
+ - port
+ type: object
+ type: array
+ cidrs:
+ description: The contents of ipset. Only available when IPSetType
+ is NetIPSet.
+ items:
+ type: string
+ type: array
+ ipsetType:
+ description: IPSetType represents the type of IP set
+ type: string
+ name:
+ description: The name of ipset
+ type: string
+ setNames:
+ description: The contents of ipset. Only available when IPSetType
+ is SetIPSet.
+ items:
+ type: string
+ type: array
+ source:
+ type: string
+ required:
+ - ipsetType
+ - name
+ - source
+ type: object
+ type: array
+ iptables:
+ description: The iptables rules on the pod
+ items:
+ description: RawIptables represents the iptables rules on specific
+ pod
+ properties:
+ device:
+ description: Device represents the network device to be affected.
+ type: string
+ direction:
+ description: The block direction of this iptables rule
+ type: string
+ ipsets:
+ description: The name of related ipset
+ items:
+ type: string
+ nullable: true
+ type: array
+ name:
+ description: The name of iptables chain
+ type: string
+ source:
+ type: string
+ required:
+ - direction
+ - name
+ - source
+ type: object
+ type: array
+ tcs:
+ description: The tc rules on the pod
+ items:
+ description: RawTrafficControl represents the traffic control chaos
+ on specific pod
+ properties:
+ bandwidth:
+ description: Bandwidth represents the detail about bandwidth
+ control action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount of bytes that
+ tokens can be available for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes that can be queued
+ waiting for tokens to become available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size of the peakrate
+ bucket. For perfect accuracy, should be set to the MTU
+ of the interface. If a peakrate is needed, but some burstiness
+ is acceptable, this size can be raised. A 3000 byte minburst
+ allows around 3mbit/s of peakrate, given 1000 byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion rate of the
+ bucket. The peakrate does not need to be set, it is only
+ necessary if perfect millisecond timescale shaping is
+ required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows bps, kbps, mbps,
+ gbps, tbps unit. bps means bytes per second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about corrupt action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about delay action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details of packet reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device to be affected.
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail about loss
+ action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ ipset:
+ description: The name of target ipset
+ type: string
+ loss:
+ description: Loss represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ source:
+ description: The name and namespace of the source network chaos
+ type: string
+ type:
+ description: The type of traffic control
+ type: string
+ required:
+ - source
+ - type
+ type: object
+ type: array
+ type: object
+ status:
+ description: Most recently observed status of the chaos experiment about
+ pods
+ properties:
+ failedMessage:
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_remoteclusters.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_remoteclusters.yaml
new file mode 100644
index 0000000..a44c1ef
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_remoteclusters.yaml
@@ -0,0 +1,109 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: remoteclusters.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: RemoteCluster
+ listKind: RemoteClusterList
+ plural: remoteclusters
+ singular: remotecluster
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RemoteCluster defines a remote cluster
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RemoteClusterSpec defines the specification of a remote cluster
+ properties:
+ configOverride:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ kubeConfig:
+ description: RemoteClusterKubeConfig refers to a secret by which we'll
+ use to connect remote cluster
+ properties:
+ secretRef:
+ description: RemoteClusterSecretRef refers to a secret in any
+ namespaces
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ required:
+ - secretRef
+ type: object
+ namespace:
+ type: string
+ version:
+ type: string
+ required:
+ - kubeConfig
+ - namespace
+ - version
+ type: object
+ status:
+ properties:
+ conditions:
+ description: Conditions represents the current condition of the remote
+ cluster
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ currentVersion:
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ required:
+ - currentVersion
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_schedules.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_schedules.yaml
new file mode 100644
index 0000000..3e7b9e8
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_schedules.yaml
@@ -0,0 +1,13677 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: schedules.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: Schedule
+ listKind: ScheduleList
+ plural: schedules
+ singular: schedule
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Schedule is the cronly schedule object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ScheduleSpec is the specification of a schedule object
+ properties:
+ awsChaos:
+ description: AWSChaosSpec is the content of the specification for
+ an AWSChaos
+ properties:
+ action:
+ description: 'Action defines the specific aws chaos action. Supported
+ action: ec2-stop / ec2-restart / detach-volume Default action:
+ ec2-stop'
+ enum:
+ - ec2-stop
+ - ec2-restart
+ - detach-volume
+ type: string
+ awsRegion:
+ description: AWSRegion defines the region of aws.
+ type: string
+ deviceName:
+ description: DeviceName indicates the name of the device. Needed
+ in detach-volume.
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ ec2Instance:
+ description: Ec2Instance indicates the ID of the ec2 instance.
+ type: string
+ endpoint:
+ description: Endpoint indicates the endpoint of the aws server.
+ Just used it in test now.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ type: string
+ volumeID:
+ description: EbsVolume indicates the ID of the EBS volume. Needed
+ in detach-volume.
+ type: string
+ required:
+ - action
+ - awsRegion
+ - ec2Instance
+ type: object
+ azureChaos:
+ description: AzureChaosSpec is the content of the specification for
+ an AzureChaos
+ properties:
+ action:
+ description: 'Action defines the specific azure chaos action.
+ Supported action: vm-stop / vm-restart / disk-detach Default
+ action: vm-stop'
+ enum:
+ - vm-stop
+ - vm-restart
+ - disk-detach
+ type: string
+ diskName:
+ description: DiskName indicates the name of the disk. Needed in
+ disk-detach.
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ lun:
+ description: LUN indicates the Logical Unit Number of the data
+ disk. Needed in disk-detach.
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ resourceGroupName:
+ description: ResourceGroupName defines the name of ResourceGroup
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ It is used for Azure credentials.
+ type: string
+ subscriptionID:
+ description: SubscriptionID defines the id of Azure subscription.
+ type: string
+ vmName:
+ description: VMName defines the name of Virtual Machine
+ type: string
+ required:
+ - action
+ - resourceGroupName
+ - subscriptionID
+ - vmName
+ type: object
+ blockChaos:
+ description: BlockChaosSpec is the content of the specification for
+ a BlockChaos
+ properties:
+ action:
+ description: 'Action defines the specific block chaos action.
+ Supported action: delay'
+ enum:
+ - delay
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the delay distribution.
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ description: Latency defines the latency of every io request.
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ volumeName:
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumeName
+ type: object
+ concurrencyPolicy:
+ default: Forbid
+ enum:
+ - Forbid
+ - Allow
+ type: string
+ dnsChaos:
+ description: DNSChaosSpec defines the desired state of DNSChaos
+ properties:
+ action:
+ description: 'Action defines the specific DNS chaos action. Supported
+ action: error, random Default action: error'
+ enum:
+ - error
+ - random
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patterns:
+ description: "Choose which domain names to take effect, support
+ the placeholder ? and wildcard *, or the Specified domain name.
+ Note: 1. The wildcard * must be at the end of the string.
+ For example, chaos-*.org is invalid. 2. if the patterns
+ is empty, will take effect on all the domain names. For example:
+ \t\tThe value is [\"google.com\", \"github.*\", \"chaos-mes?.org\"],
+ \t\twill take effect on \"google.com\", \"github.com\" and \"chaos-mesh.org\""
+ items:
+ type: string
+ type: array
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ gcpChaos:
+ description: GCPChaosSpec is the content of the specification for
+ a GCPChaos
+ properties:
+ action:
+ description: 'Action defines the specific gcp chaos action. Supported
+ action: node-stop / node-reset / disk-loss Default action: node-stop'
+ enum:
+ - node-stop
+ - node-reset
+ - disk-loss
+ type: string
+ deviceNames:
+ description: The device name of disks to detach. Needed in disk-loss.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ instance:
+ description: Instance defines the name of the instance
+ type: string
+ project:
+ description: Project defines the ID of gcp project.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ It is used for GCP credentials.
+ type: string
+ zone:
+ description: Zone defines the zone of gcp project.
+ type: string
+ required:
+ - action
+ - instance
+ - project
+ - zone
+ type: object
+ historyLimit:
+ minimum: 1
+ type: integer
+ httpChaos:
+ properties:
+ abort:
+ description: Abort is a rule to abort a http session.
+ type: boolean
+ code:
+ description: Code is a rule to select target by http status code
+ in response.
+ format: int32
+ type: integer
+ delay:
+ description: Delay represents the delay of the target request/response.
+ A duration string is a possibly unsigned sequence of decimal
+ numbers, each with optional fraction and a unit suffix, such
+ as "300ms", "2h45m". Valid time units are "ns", "us" (or "µs"),
+ "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ method:
+ description: Method is a rule to select target by http method
+ in request.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents in target.
+ properties:
+ body:
+ description: Body is a rule to patch message body of target.
+ properties:
+ type:
+ description: Type represents the patch type, only support
+ `JSON` as [merge patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append http headers of
+ target. For example: `[["Set-Cookie", ""], ["Set-Cookie",
+ ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append uri queries of target(Request
+ only). For example: `[["foo", "bar"], ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ path:
+ description: Path is a rule to select target by uri path in http
+ request.
+ type: string
+ port:
+ description: Port represents the target port to be proxy of.
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ replace:
+ description: Replace is a rule to replace some contents in target.
+ properties:
+ body:
+ description: Body is a rule to replace http message body in
+ target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http status code in
+ response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace http headers of
+ target. The key-value pairs represent header name and header
+ value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace http method in request.
+ type: string
+ path:
+ description: Path is rule to to replace uri path in http request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace uri queries in
+ http request. For example, with value `{ "foo": "unknown"
+ }`, the `/?foo=bar` will be altered to `/?foo=unknown`,'
+ type: object
+ type: object
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select target by http
+ headers in request. The key-value pairs represent header name
+ and header value pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select target by http
+ headers in response. The key-value pairs represent header name
+ and header value pairs.
+ type: object
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target is the object to be selected and injected.
+ enum:
+ - Request
+ - Response
+ type: string
+ tls:
+ description: TLS is the tls config, will override PodHttpChaos
+ if there are multiple HTTPChaos experiments are applied
+ properties:
+ caName:
+ description: CAName represents the data name of ca file in
+ secret, `ca.crt` for example
+ type: string
+ certName:
+ description: CertName represents the data name of cert file
+ in secret, `tls.crt` for example
+ type: string
+ keyName:
+ description: KeyName represents the data name of key file
+ in secret, `tls.key` for example
+ type: string
+ secretName:
+ description: SecretName represents the name of required secret
+ resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents the namespace of required
+ secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - target
+ type: object
+ ioChaos:
+ description: IOChaosSpec defines the desired state of IOChaos
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos action. Supported
+ action: latency / fault / attrOverride / mistake'
+ enum:
+ - latency
+ - fault
+ - attrOverride
+ - mistake
+ type: string
+ attr:
+ description: Attr defines the overrided attribution
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of file
+ type: string
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ uid:
+ format: int32
+ type: integer
+ type: object
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the value of I/O chaos action delay.
+ A delay string is a possibly signed sequence of decimal numbers,
+ each with optional fraction and a unit suffix, such as "300ms".
+ Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ It is required when the action is `PodFailureAction`. A duration
+ string is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as "300ms", "-1.5h"
+ or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms",
+ "s", "m", "h".
+ type: string
+ errno:
+ description: 'Errno defines the error code that returned by I/O
+ action. refer to: https://www-numi.fnal.gov/offline_software/srt_public_context/WebDocs/Errors/unix_system_errors.html'
+ format: int32
+ type: integer
+ methods:
+ description: 'Methods defines the I/O methods for injecting I/O
+ chaos action. default: all I/O methods.'
+ items:
+ type: string
+ type: array
+ mistake:
+ description: Mistake defines what types of incorrectness are injected
+ to IO operations
+ properties:
+ filling:
+ description: Filling determines what is filled in the mistake
+ data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data segment in bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences] segments of
+ wrong data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ path:
+ description: Path defines the path of files for injecting I/O
+ chaos action.
+ type: string
+ percent:
+ default: 100
+ description: 'Percent defines the percentage of injection errors
+ and provides a number from 0-100. default: 100.'
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ volumePath:
+ description: VolumePath represents the mount path of injected
+ volume
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumePath
+ type: object
+ jvmChaos:
+ description: JVMChaosSpec defines the desired state of JVMChaos
+ properties:
+ action:
+ description: 'Action defines the specific jvm chaos action. Supported
+ action: latency;return;exception;stress;gc;ruleData'
+ enum:
+ - latency
+ - return
+ - exception
+ - stress
+ - gc
+ - ruleData
+ - mysql
+ type: string
+ class:
+ description: Java class
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ cpuCount:
+ description: the CPU core number needs to use, only set it when
+ action is stress
+ type: integer
+ database:
+ description: the match database default value is "", means match
+ all database
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ exception:
+ description: the exception which needs to throw for action `exception`
+ or the exception message needs to throw in action `mysql`
+ type: string
+ latency:
+ description: the latency duration for action 'latency', unit ms
+ or the latency duration in action `mysql`
+ type: integer
+ memType:
+ description: the memory type needs to locate, only set it when
+ action is stress, the value can be 'stack' or 'heap'
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only support
+ 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ name:
+ description: byteman rule name, should be unique, and will generate
+ one if not set
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ ruleData:
+ description: the byteman rule's data for action 'ruleData'
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ sqlType:
+ description: the match sql type default value is "", means match
+ all SQL type. The value can be 'select', 'insert', 'update',
+ 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means match
+ all table
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ kernelChaos:
+ description: KernelChaosSpec defines the desired state of KernelChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ failKernRequest:
+ description: FailKernRequest defines the request of kernel injection
+ properties:
+ callchain:
+ description: 'Callchain indicate a special call chain, such
+ as: ext4_mount -> mount_subtree -> ... ->
+ should_failslab With an optional set of predicates and an
+ optional set of parameters, which used with predicates.
+ You can read call chan and predicate examples from https://github.com/chaos-mesh/bpfki/tree/develop/examples
+ to learn more. If no special call chain, just keep Callchain
+ empty, which means it will fail at any call chain with slab
+ alloc (eg: kmalloc).'
+ items:
+ description: Frame defines the function signature and predicate
+ in function's body
+ properties:
+ funcname:
+ description: Funcname can be find from kernel source
+ or `/proc/kallsyms`, such as `ext4_mount`
+ type: string
+ parameters:
+ description: Parameters is used with predicate, for
+ example, if you want to inject slab error in `d_alloc_parallel(struct
+ dentry *parent, const struct qstr *name)` with a special
+ name `bananas`, you need to set it to `struct dentry
+ *parent, const struct qstr *name` otherwise omit it.
+ type: string
+ predicate:
+ description: Predicate will access the arguments of
+ this Frame, example with Parameters's, you can set
+ it to `STRNCMP(name->name, "bananas", 8)` to make
+ inject only with it, or omit it to inject for all
+ d_alloc_parallel call chain.
+ type: string
+ type: object
+ type: array
+ failtype:
+ description: 'FailType indicates what to fail, can be set
+ to ''0'' / ''1'' / ''2'' If `0`, indicates slab to fail
+ (should_failslab) If `1`, indicates alloc_page to fail (should_fail_alloc_page)
+ If `2`, indicates bio to fail (should_fail_bio) You can
+ read: 1. https://www.kernel.org/doc/html/latest/fault-injection/fault-injection.html 2.
+ http://github.com/iovisor/bcc/blob/master/tools/inject_example.txt
+ to learn more'
+ format: int32
+ maximum: 2
+ minimum: 0
+ type: integer
+ headers:
+ description: 'Headers indicates the appropriate kernel headers
+ you need. Eg: "linux/mmzone.h", "linux/blkdev.h" and so
+ on'
+ items:
+ type: string
+ type: array
+ probability:
+ description: Probability indicates the fails with probability.
+ If you want 1%, please set this field with 1.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ times:
+ description: Times indicates the max times of fails.
+ format: int32
+ minimum: 0
+ type: integer
+ required:
+ - failtype
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - failKernRequest
+ - mode
+ - selector
+ type: object
+ networkChaos:
+ description: NetworkChaosSpec defines the desired state of NetworkChaos
+ properties:
+ action:
+ description: 'Action defines the specific network chaos action.
+ Supported action: partition, netem, delay, loss, duplicate,
+ corrupt Default action: delay'
+ enum:
+ - netem
+ - delay
+ - loss
+ - duplicate
+ - corrupt
+ - partition
+ - bandwidth
+ type: string
+ bandwidth:
+ description: Bandwidth represents the detail about bandwidth control
+ action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount of bytes that tokens
+ can be available for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes that can be queued
+ waiting for tokens to become available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size of the peakrate bucket.
+ For perfect accuracy, should be set to the MTU of the interface. If
+ a peakrate is needed, but some burstiness is acceptable,
+ this size can be raised. A 3000 byte minburst allows around
+ 3mbit/s of peakrate, given 1000 byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion rate of the
+ bucket. The peakrate does not need to be set, it is only
+ necessary if perfect millisecond timescale shaping is required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows bps, kbps, mbps,
+ gbps, tbps unit. bps means bytes per second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about corrupt action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about delay action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details of packet reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device to be affected.
+ type: string
+ direction:
+ default: to
+ description: Direction represents the direction, this applies
+ on netem and network partition action
+ enum:
+ - to
+ - from
+ - both
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ externalTargets:
+ description: ExternalTargets represents network targets outside
+ k8s
+ items:
+ type: string
+ type: array
+ loss:
+ description: Loss represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target represents network target, this applies on
+ netem and network partition action
+ properties:
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ targetDevice:
+ description: TargetDevice represents the network device to be
+ affected in target scope.
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ physicalmachineChaos:
+ description: PhysicalMachineChaosSpec defines the desired state of
+ PhysicalMachineChaos
+ properties:
+ action:
+ description: the subAction, generate automatically
+ enum:
+ - stress-cpu
+ - stress-mem
+ - disk-read-payload
+ - disk-write-payload
+ - disk-fill
+ - network-corrupt
+ - network-duplicate
+ - network-loss
+ - network-delay
+ - network-partition
+ - network-dns
+ - network-bandwidth
+ - network-flood
+ - network-down
+ - process
+ - jvm-exception
+ - jvm-gc
+ - jvm-latency
+ - jvm-return
+ - jvm-stress
+ - jvm-rule-data
+ - jvm-mysql
+ - clock
+ - redis-expiration
+ - redis-penetration
+ - redis-cacheLimit
+ - redis-restart
+ - redis-stop
+ - kafka-fill
+ - kafka-flood
+ - kafka-io
+ - file-create
+ - file-modify
+ - file-delete
+ - file-rename
+ - file-append
+ - file-replace
+ - vm
+ - user_defined
+ type: string
+ address:
+ description: 'DEPRECATED: Use Selector instead. Only one of Address
+ and Selector could be specified.'
+ items:
+ type: string
+ type: array
+ clock:
+ properties:
+ clock-ids-slice:
+ description: the identifier of the particular clock on which
+ to act. More clock description in linux kernel can be found
+ in man page of clock_getres, clock_gettime, clock_settime.
+ Muti clock ids should be split with ","
+ type: string
+ pid:
+ description: the pid of target program.
+ type: integer
+ time-offset:
+ description: specifies the length of time offset.
+ type: string
+ type: object
+ disk-fill:
+ properties:
+ fill-by-fallocate:
+ description: fill disk by fallocate
+ type: boolean
+ path:
+ description: specifies the location to fill data in. if path
+ not provided, payload will read/write from/into a temp file,
+ temp file will be deleted after writing
+ type: string
+ size:
+ description: 'specifies how many units of data will write
+ into the file path. support unit: c=1, w=2, b=512, kB=1000,
+ K=1024, MB=1000*1000, M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-read-payload:
+ properties:
+ path:
+ description: specifies the location to fill data in. if path
+ not provided, payload will read/write from/into a temp file,
+ temp file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work on writing,
+ default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will write
+ into the file path. support unit: c=1, w=2, b=512, kB=1000,
+ K=1024, MB=1000*1000, M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-write-payload:
+ properties:
+ path:
+ description: specifies the location to fill data in. if path
+ not provided, payload will read/write from/into a temp file,
+ temp file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work on writing,
+ default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will write
+ into the file path. support unit: c=1, w=2, b=512, kB=1000,
+ K=1024, MB=1000*1000, M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ file-append:
+ properties:
+ count:
+ description: Count is the number of times to append the data.
+ type: integer
+ data:
+ description: Data is the data for append.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-create:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-delete:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-modify:
+ properties:
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ privilege:
+ description: Privilege is the file privilege to be set.
+ format: int32
+ type: integer
+ type: object
+ file-rename:
+ properties:
+ dest-file:
+ description: DestFile is the name to be renamed.
+ type: string
+ source-file:
+ description: SourceFile is the name need to be renamed.
+ type: string
+ type: object
+ file-replace:
+ properties:
+ dest-string:
+ description: DestStr is the destination string of the file.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ line:
+ description: Line is the line number of the file to be replaced.
+ type: integer
+ origin-string:
+ description: OriginStr is the origin string of the file.
+ type: string
+ type: object
+ http-abort:
+ properties:
+ code:
+ description: Code is a rule to select target by http status
+ code in response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service listens
+ on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP connection,
+ we will only attack HTTP connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - proxy_ports
+ - target
+ type: object
+ http-config:
+ properties:
+ file_path:
+ description: The config file path
+ type: string
+ type: object
+ http-delay:
+ properties:
+ code:
+ description: Code is a rule to select target by http status
+ code in response
+ type: string
+ delay:
+ description: Delay represents the delay of the target request/response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service listens
+ on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP connection,
+ we will only attack HTTP connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - delay
+ - proxy_ports
+ - target
+ type: object
+ http-request:
+ description: used for HTTP request, now only support GET
+ properties:
+ count:
+ description: The number of requests to send
+ type: integer
+ enable-conn-pool:
+ description: Enable connection pool
+ type: boolean
+ url:
+ description: Request to send"
+ type: string
+ type: object
+ jvm-exception:
+ properties:
+ class:
+ description: Java class
+ type: string
+ exception:
+ description: the exception which needs to throw for action
+ `exception`
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-gc:
+ properties:
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-latency:
+ properties:
+ class:
+ description: Java class
+ type: string
+ latency:
+ description: the latency duration for action 'latency', unit
+ ms
+ type: integer
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-mysql:
+ properties:
+ database:
+ description: the match database default value is "", means
+ match all database
+ type: string
+ exception:
+ description: The exception which needs to throw for action
+ `exception` or the exception message needs to throw in action
+ `mysql`
+ type: string
+ latency:
+ description: The latency duration for action 'latency' or
+ the latency duration in action `mysql`
+ type: integer
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only support
+ 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ sqlType:
+ description: the match sql type default value is "", means
+ match all SQL type. The value can be 'select', 'insert',
+ 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means match
+ all table
+ type: string
+ type: object
+ jvm-return:
+ properties:
+ class:
+ description: Java class
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ value:
+ description: the return value for action 'return'
+ type: string
+ type: object
+ jvm-rule-data:
+ properties:
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ rule-data:
+ description: RuleData used to save the rule file's data, will
+ use it when recover
+ type: string
+ type: object
+ jvm-stress:
+ properties:
+ cpu-count:
+ description: the CPU core number need to use, only set it
+ when action is stress
+ type: integer
+ mem-type:
+ description: the memory type need to locate, only set it when
+ action is stress, the value can be 'stack' or 'heap'
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ kafka-fill:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ maxBytes:
+ description: The max bytes to fill
+ format: int64
+ type: integer
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ reloadCommand:
+ description: The command to reload kafka config
+ type: string
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-flood:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ threads:
+ description: The number of worker threads
+ type: integer
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-io:
+ properties:
+ configFile:
+ description: The path of server config
+ type: string
+ nonReadable:
+ description: Make kafka cluster non-readable
+ type: boolean
+ nonWritable:
+ description: Make kafka cluster non-writable
+ type: boolean
+ topic:
+ description: The topic to attack
+ type: string
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ network-bandwidth:
+ properties:
+ buffer:
+ format: int32
+ minimum: 1
+ type: integer
+ device:
+ type: string
+ hostname:
+ type: string
+ ip-address:
+ type: string
+ limit:
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ format: int32
+ type: integer
+ peakrate:
+ format: int64
+ type: integer
+ rate:
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ network-corrupt:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to corrupt (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ type: object
+ network-delay:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp flag can
+ be accepted, others will be dropped. only set when the IPProtocol
+ is tcp, used for partition.
+ type: string
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ jitter:
+ description: 'jitter time, time units: ns, us (or µs), ms,
+ s, m, h.'
+ type: string
+ latency:
+ description: 'delay egress time, time units: ns, us (or µs),
+ ms, s, m, h.'
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ type: object
+ network-dns:
+ properties:
+ dns-domain-name:
+ description: map this host to specified IP
+ type: string
+ dns-ip:
+ description: map specified host to this IP address
+ type: string
+ dns-server:
+ description: update the DNS server in /etc/resolv.conf with
+ this value
+ type: string
+ type: object
+ network-down:
+ properties:
+ device:
+ description: The network interface to impact
+ type: string
+ duration:
+ description: 'NIC down time, time units: ns, us (or µs), ms,
+ s, m, h.'
+ type: string
+ type: object
+ network-duplicate:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to duplicate (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ type: object
+ network-flood:
+ properties:
+ duration:
+ description: The number of seconds to run the iperf test
+ type: string
+ ip-address:
+ description: Generate traffic to this IP address
+ type: string
+ parallel:
+ description: The number of iperf parallel client threads to
+ run
+ format: int32
+ type: integer
+ port:
+ description: Generate traffic to this port on the IP address
+ type: string
+ rate:
+ description: The speed of network traffic, allows bps, kbps,
+ mbps, gbps, tbps unit. bps means bytes per second
+ type: string
+ required:
+ - duration
+ - rate
+ type: object
+ network-loss:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to loss (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ type: object
+ network-partition:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp flag can
+ be accepted, others will be dropped. only set when the IPProtocol
+ is tcp, used for partition.
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ direction:
+ description: specifies the partition direction, values can
+ be 'from', 'to'. 'from' means packets coming from the 'IPAddress'
+ or 'Hostname' and going to your server, 'to' means packets
+ originating from your server and going to the 'IPAddress'
+ or 'Hostname'.
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ type: object
+ process:
+ properties:
+ process:
+ description: the process name or the process ID
+ type: string
+ recoverCmd:
+ description: the command to be run when recovering experiment
+ type: string
+ signal:
+ description: the signal number to send
+ type: integer
+ type: object
+ redis-cacheLimit:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ cacheSize:
+ description: The size of `maxmemory`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ percent:
+ description: Specifies maxmemory as a percentage of the original
+ value
+ type: string
+ type: object
+ redis-expiration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ expiration:
+ description: The expiration of the keys
+ type: string
+ key:
+ description: The keys to be expired
+ type: string
+ option:
+ description: Additional options for `expiration`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ type: object
+ redis-penetration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ requestNum:
+ description: The number of requests to be sent
+ type: integer
+ type: object
+ redis-restart:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether to flush
+ config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line tool
+ type: boolean
+ type: object
+ redis-stop:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether to flush
+ config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line tool
+ type: boolean
+ type: object
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select physical machines that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ physicalMachines:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: PhysicalMachines is a map of string keys and
+ a set values that used to select physical machines. The
+ key defines the namespace which physical machine belong,
+ and each value is a set of physical machine names.
+ type: object
+ type: object
+ stress-cpu:
+ properties:
+ load:
+ description: specifies P percent loading per CPU worker. 0
+ is effectively a sleep (no load) and 100 is full loading.
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: specifies N workers to apply the stressor.
+ type: integer
+ type: object
+ stress-mem:
+ properties:
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: specifies N bytes consumed per vm worker, default
+ is the total available memory. One can specify the size
+ as % of total available memory or in units of B, KB/KiB,
+ MB/MiB, GB/GiB, TB/TiB..
+ type: string
+ type: object
+ uid:
+ description: the experiment ID
+ type: string
+ user_defined:
+ properties:
+ attackCmd:
+ description: The command to be executed when attack
+ type: string
+ recoverCmd:
+ description: The command to be executed when recover
+ type: string
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of physical machines to do chaos action.
+ If `FixedPercentMode`, provide a number from 0-100 to specify
+ the percent of physical machines the server can do chaos action.
+ IF `RandomMaxPercentMode`, provide a number from 0-100 to specify
+ the max percent of pods to do chaos action
+ type: string
+ vm:
+ properties:
+ vm-name:
+ description: The name of the VM to be injected
+ type: string
+ type: object
+ required:
+ - action
+ - mode
+ type: object
+ podChaos:
+ description: PodChaosSpec defines the attributes that a user creates
+ on a chaos experiment about pods.
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos action. Supported
+ action: pod-kill / pod-failure / container-kill Default action:
+ pod-kill'
+ enum:
+ - pod-kill
+ - pod-failure
+ - container-kill
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action.
+ It is required when the action is `PodFailureAction`. A duration
+ string is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as "300ms", "-1.5h"
+ or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms",
+ "s", "m", "h".
+ type: string
+ gracePeriod:
+ description: GracePeriod is used in pod-kill action. It represents
+ the duration in seconds before the pod should be deleted. Value
+ must be non-negative integer. The default value is zero that
+ indicates delete immediately.
+ format: int64
+ minimum: 0
+ type: integer
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ schedule:
+ type: string
+ startingDeadlineSeconds:
+ exclusiveMinimum: true
+ format: int64
+ minimum: 0
+ nullable: true
+ type: integer
+ stressChaos:
+ description: StressChaosSpec defines the desired state of StressChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ stressngStressors:
+ description: StressngStressors defines plenty of stressors just
+ like `Stressors` except that it's an experimental feature and
+ more powerful. You can define stressors in `stress-ng` (see
+ also `man stress-ng`) dialect, however not all of the supported
+ stressors are well tested. It maybe retired in later releases.
+ You should always use `Stressors` to define the stressors and
+ use this only when you want more stressors unsupported by `Stressors`.
+ When both `StressngStressors` and `Stressors` are defined, `StressngStressors`
+ wins.
+ type: string
+ stressors:
+ description: Stressors defines plenty of stressors supported to
+ stress system components out. You can use one or more of them
+ to make up various kinds of stresses. At least one of the stressors
+ should be specified.
+ properties:
+ cpu:
+ description: CPUStressor stresses CPU out
+ properties:
+ load:
+ description: Load specifies P percent loading per CPU
+ worker. 0 is effectively a sleep (no load) and 100 is
+ full loading.
+ maximum: 100
+ minimum: 0
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: Workers specifies N workers to apply the
+ stressor. Maximum 8192 workers can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ memory:
+ description: MemoryStressor stresses virtual memory out
+ properties:
+ oomScoreAdj:
+ default: 0
+ description: OOMScoreAdj sets the oom_score_adj of the
+ stress process. See `man 5 proc` to know more about
+ this option.
+ maximum: 1000
+ minimum: -1000
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: Size specifies N bytes consumed per vm worker,
+ default is the total available memory. One can specify
+ the size as % of total available memory or in units
+ of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB.
+ type: string
+ workers:
+ description: Workers specifies N workers to apply the
+ stressor. Maximum 8192 workers can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ timeChaos:
+ description: TimeChaosSpec defines the desired state of TimeChaos
+ properties:
+ clockIds:
+ description: ClockIds defines all affected clock id All available
+ options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID",
+ "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM",
+ "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"]
+ items:
+ type: string
+ type: array
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ timeOffset:
+ description: TimeOffset defines the delta time of injected program.
+ It's a possibly signed sequence of decimal numbers, such as
+ "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us"
+ (or "µs"), "ms", "s", "m", "h".
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - timeOffset
+ type: object
+ type:
+ description: 'TODO: use a custom type, as `TemplateType` contains
+ other possible values'
+ type: string
+ workflow:
+ properties:
+ entry:
+ type: string
+ templates:
+ items:
+ properties:
+ abortWithStatusCheck:
+ description: AbortWithStatusCheck describe whether to abort
+ the workflow when the failure threshold of StatusCheck
+ is exceeded. Only used when Type is TypeStatusCheck.
+ type: boolean
+ awsChaos:
+ description: AWSChaosSpec is the content of the specification
+ for an AWSChaos
+ properties:
+ action:
+ description: 'Action defines the specific aws chaos
+ action. Supported action: ec2-stop / ec2-restart /
+ detach-volume Default action: ec2-stop'
+ enum:
+ - ec2-stop
+ - ec2-restart
+ - detach-volume
+ type: string
+ awsRegion:
+ description: AWSRegion defines the region of aws.
+ type: string
+ deviceName:
+ description: DeviceName indicates the name of the device.
+ Needed in detach-volume.
+ type: string
+ duration:
+ description: Duration represents the duration of the
+ chaos action.
+ type: string
+ ec2Instance:
+ description: Ec2Instance indicates the ID of the ec2
+ instance.
+ type: string
+ endpoint:
+ description: Endpoint indicates the endpoint of the
+ aws server. Just used it in test now.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret.
+ type: string
+ volumeID:
+ description: EbsVolume indicates the ID of the EBS volume.
+ Needed in detach-volume.
+ type: string
+ required:
+ - action
+ - awsRegion
+ - ec2Instance
+ type: object
+ azureChaos:
+ description: AzureChaosSpec is the content of the specification
+ for an AzureChaos
+ properties:
+ action:
+ description: 'Action defines the specific azure chaos
+ action. Supported action: vm-stop / vm-restart / disk-detach
+ Default action: vm-stop'
+ enum:
+ - vm-stop
+ - vm-restart
+ - disk-detach
+ type: string
+ diskName:
+ description: DiskName indicates the name of the disk.
+ Needed in disk-detach.
+ type: string
+ duration:
+ description: Duration represents the duration of the
+ chaos action.
+ type: string
+ lun:
+ description: LUN indicates the Logical Unit Number of
+ the data disk. Needed in disk-detach.
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ resourceGroupName:
+ description: ResourceGroupName defines the name of ResourceGroup
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret. It is used for Azure credentials.
+ type: string
+ subscriptionID:
+ description: SubscriptionID defines the id of Azure
+ subscription.
+ type: string
+ vmName:
+ description: VMName defines the name of Virtual Machine
+ type: string
+ required:
+ - action
+ - resourceGroupName
+ - subscriptionID
+ - vmName
+ type: object
+ blockChaos:
+ description: BlockChaosSpec is the content of the specification
+ for a BlockChaos
+ properties:
+ action:
+ description: 'Action defines the specific block chaos
+ action. Supported action: delay'
+ enum:
+ - delay
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the delay distribution.
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ description: Latency defines the latency of every
+ io request.
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the
+ chaos action.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ volumeName:
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumeName
+ type: object
+ children:
+ description: Children describes the children steps of serial
+ or parallel node. Only used when Type is TypeSerial or
+ TypeParallel.
+ items:
+ type: string
+ type: array
+ conditionalBranches:
+ description: ConditionalBranches describes the conditional
+ branches of custom tasks. Only used when Type is TypeTask.
+ items:
+ properties:
+ expression:
+ description: Expression is the expression for this
+ conditional branch, expected type of result is boolean.
+ If expression is empty, this branch will always
+ be selected/the template will be spawned.
+ type: string
+ target:
+ description: Target is the name of other template,
+ if expression is evaluated as true, this template
+ will be spawned.
+ type: string
+ required:
+ - target
+ type: object
+ type: array
+ deadline:
+ type: string
+ dnsChaos:
+ description: DNSChaosSpec defines the desired state of DNSChaos
+ properties:
+ action:
+ description: 'Action defines the specific DNS chaos
+ action. Supported action: error, random Default action:
+ error'
+ enum:
+ - error
+ - random
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patterns:
+ description: "Choose which domain names to take effect,
+ support the placeholder ? and wildcard *, or the Specified
+ domain name. Note: 1. The wildcard * must be
+ at the end of the string. For example, chaos-*.org
+ is invalid. 2. if the patterns is empty, will
+ take effect on all the domain names. For example:
+ \t\tThe value is [\"google.com\", \"github.*\", \"chaos-mes?.org\"],
+ \t\twill take effect on \"google.com\", \"github.com\"
+ and \"chaos-mesh.org\""
+ items:
+ type: string
+ type: array
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ gcpChaos:
+ description: GCPChaosSpec is the content of the specification
+ for a GCPChaos
+ properties:
+ action:
+ description: 'Action defines the specific gcp chaos
+ action. Supported action: node-stop / node-reset /
+ disk-loss Default action: node-stop'
+ enum:
+ - node-stop
+ - node-reset
+ - disk-loss
+ type: string
+ deviceNames:
+ description: The device name of disks to detach. Needed
+ in disk-loss.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action.
+ type: string
+ instance:
+ description: Instance defines the name of the instance
+ type: string
+ project:
+ description: Project defines the ID of gcp project.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret. It is used for GCP credentials.
+ type: string
+ zone:
+ description: Zone defines the zone of gcp project.
+ type: string
+ required:
+ - action
+ - instance
+ - project
+ - zone
+ type: object
+ httpChaos:
+ properties:
+ abort:
+ description: Abort is a rule to abort a http session.
+ type: boolean
+ code:
+ description: Code is a rule to select target by http
+ status code in response.
+ format: int32
+ type: integer
+ delay:
+ description: Delay represents the delay of the target
+ request/response. A duration string is a possibly
+ unsigned sequence of decimal numbers, each with optional
+ fraction and a unit suffix, such as "300ms", "2h45m".
+ Valid time units are "ns", "us" (or "µs"), "ms", "s",
+ "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the
+ chaos action.
+ type: string
+ method:
+ description: Method is a rule to select target by http
+ method in request.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to patch message body
+ of target.
+ properties:
+ type:
+ description: Type represents the patch type,
+ only support `JSON` as [merge patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append http headers
+ of target. For example: `[["Set-Cookie", ""], ["Set-Cookie", ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append uri queries
+ of target(Request only). For example: `[["foo",
+ "bar"], ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ path:
+ description: Path is a rule to select target by uri
+ path in http request.
+ type: string
+ port:
+ description: Port represents the target port to be proxy
+ of.
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ replace:
+ description: Replace is a rule to replace some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to replace http message
+ body in target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http status
+ code in response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace http headers
+ of target. The key-value pairs represent header
+ name and header value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace http method
+ in request.
+ type: string
+ path:
+ description: Path is rule to to replace uri path
+ in http request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace uri queries
+ in http request. For example, with value `{ "foo":
+ "unknown" }`, the `/?foo=bar` will be altered
+ to `/?foo=unknown`,'
+ type: object
+ type: object
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select target
+ by http headers in request. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select target
+ by http headers in response. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target is the object to be selected and
+ injected.
+ enum:
+ - Request
+ - Response
+ type: string
+ tls:
+ description: TLS is the tls config, will override PodHttpChaos
+ if there are multiple HTTPChaos experiments are applied
+ properties:
+ caName:
+ description: CAName represents the data name of
+ ca file in secret, `ca.crt` for example
+ type: string
+ certName:
+ description: CertName represents the data name of
+ cert file in secret, `tls.crt` for example
+ type: string
+ keyName:
+ description: KeyName represents the data name of
+ key file in secret, `tls.key` for example
+ type: string
+ secretName:
+ description: SecretName represents the name of required
+ secret resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents the namespace
+ of required secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - target
+ type: object
+ ioChaos:
+ description: IOChaosSpec defines the desired state of IOChaos
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos
+ action. Supported action: latency / fault / attrOverride
+ / mistake'
+ enum:
+ - latency
+ - fault
+ - attrOverride
+ - mistake
+ type: string
+ attr:
+ description: Attr defines the overrided attribution
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of file
+ type: string
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ uid:
+ format: int32
+ type: integer
+ type: object
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the value of I/O chaos action
+ delay. A delay string is a possibly signed sequence
+ of decimal numbers, each with optional fraction and
+ a unit suffix, such as "300ms". Valid time units are
+ "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the
+ chaos action. It is required when the action is `PodFailureAction`.
+ A duration string is a possibly signed sequence of
+ decimal numbers, each with optional fraction and a
+ unit suffix, such as "300ms", "-1.5h" or "2h45m".
+ Valid time units are "ns", "us" (or "µs"), "ms", "s",
+ "m", "h".
+ type: string
+ errno:
+ description: 'Errno defines the error code that returned
+ by I/O action. refer to: https://www-numi.fnal.gov/offline_software/srt_public_context/WebDocs/Errors/unix_system_errors.html'
+ format: int32
+ type: integer
+ methods:
+ description: 'Methods defines the I/O methods for injecting
+ I/O chaos action. default: all I/O methods.'
+ items:
+ type: string
+ type: array
+ mistake:
+ description: Mistake defines what types of incorrectness
+ are injected to IO operations
+ properties:
+ filling:
+ description: Filling determines what is filled in
+ the mistake data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data segment
+ in bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences] segments
+ of wrong data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ path:
+ description: Path defines the path of files for injecting
+ I/O chaos action.
+ type: string
+ percent:
+ default: 100
+ description: 'Percent defines the percentage of injection
+ errors and provides a number from 0-100. default:
+ 100.'
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ volumePath:
+ description: VolumePath represents the mount path of
+ injected volume
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumePath
+ type: object
+ jvmChaos:
+ description: JVMChaosSpec defines the desired state of JVMChaos
+ properties:
+ action:
+ description: 'Action defines the specific jvm chaos
+ action. Supported action: latency;return;exception;stress;gc;ruleData'
+ enum:
+ - latency
+ - return
+ - exception
+ - stress
+ - gc
+ - ruleData
+ - mysql
+ type: string
+ class:
+ description: Java class
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ cpuCount:
+ description: the CPU core number needs to use, only
+ set it when action is stress
+ type: integer
+ database:
+ description: the match database default value is "",
+ means match all database
+ type: string
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ exception:
+ description: the exception which needs to throw for
+ action `exception` or the exception message needs
+ to throw in action `mysql`
+ type: string
+ latency:
+ description: the latency duration for action 'latency',
+ unit ms or the latency duration in action `mysql`
+ type: integer
+ memType:
+ description: the memory type needs to locate, only set
+ it when action is stress, the value can be 'stack'
+ or 'heap'
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only
+ support 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ name:
+ description: byteman rule name, should be unique, and
+ will generate one if not set
+ type: string
+ pid:
+ description: the pid of Java process which needs to
+ attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ ruleData:
+ description: the byteman rule's data for action 'ruleData'
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ sqlType:
+ description: the match sql type default value is "",
+ means match all SQL type. The value can be 'select',
+ 'insert', 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means
+ match all table
+ type: string
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ kernelChaos:
+ description: KernelChaosSpec defines the desired state of
+ KernelChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ failKernRequest:
+ description: FailKernRequest defines the request of
+ kernel injection
+ properties:
+ callchain:
+ description: 'Callchain indicate a special call
+ chain, such as: ext4_mount -> mount_subtree ->
+ ... -> should_failslab With an optional
+ set of predicates and an optional set of parameters,
+ which used with predicates. You can read call
+ chan and predicate examples from https://github.com/chaos-mesh/bpfki/tree/develop/examples
+ to learn more. If no special call chain, just
+ keep Callchain empty, which means it will fail
+ at any call chain with slab alloc (eg: kmalloc).'
+ items:
+ description: Frame defines the function signature
+ and predicate in function's body
+ properties:
+ funcname:
+ description: Funcname can be find from kernel
+ source or `/proc/kallsyms`, such as `ext4_mount`
+ type: string
+ parameters:
+ description: Parameters is used with predicate,
+ for example, if you want to inject slab
+ error in `d_alloc_parallel(struct dentry
+ *parent, const struct qstr *name)` with
+ a special name `bananas`, you need to set
+ it to `struct dentry *parent, const struct
+ qstr *name` otherwise omit it.
+ type: string
+ predicate:
+ description: Predicate will access the arguments
+ of this Frame, example with Parameters's,
+ you can set it to `STRNCMP(name->name, "bananas",
+ 8)` to make inject only with it, or omit
+ it to inject for all d_alloc_parallel call
+ chain.
+ type: string
+ type: object
+ type: array
+ failtype:
+ description: 'FailType indicates what to fail, can
+ be set to ''0'' / ''1'' / ''2'' If `0`, indicates
+ slab to fail (should_failslab) If `1`, indicates
+ alloc_page to fail (should_fail_alloc_page) If
+ `2`, indicates bio to fail (should_fail_bio) You
+ can read: 1. https://www.kernel.org/doc/html/latest/fault-injection/fault-injection.html 2.
+ http://github.com/iovisor/bcc/blob/master/tools/inject_example.txt
+ to learn more'
+ format: int32
+ maximum: 2
+ minimum: 0
+ type: integer
+ headers:
+ description: 'Headers indicates the appropriate
+ kernel headers you need. Eg: "linux/mmzone.h",
+ "linux/blkdev.h" and so on'
+ items:
+ type: string
+ type: array
+ probability:
+ description: Probability indicates the fails with
+ probability. If you want 1%, please set this field
+ with 1.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ times:
+ description: Times indicates the max times of fails.
+ format: int32
+ minimum: 0
+ type: integer
+ required:
+ - failtype
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - failKernRequest
+ - mode
+ - selector
+ type: object
+ name:
+ type: string
+ networkChaos:
+ description: NetworkChaosSpec defines the desired state
+ of NetworkChaos
+ properties:
+ action:
+ description: 'Action defines the specific network chaos
+ action. Supported action: partition, netem, delay,
+ loss, duplicate, corrupt Default action: delay'
+ enum:
+ - netem
+ - delay
+ - loss
+ - duplicate
+ - corrupt
+ - partition
+ - bandwidth
+ type: string
+ bandwidth:
+ description: Bandwidth represents the detail about bandwidth
+ control action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount of bytes
+ that tokens can be available for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes that can
+ be queued waiting for tokens to become available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size of the
+ peakrate bucket. For perfect accuracy, should
+ be set to the MTU of the interface. If a peakrate
+ is needed, but some burstiness is acceptable,
+ this size can be raised. A 3000 byte minburst
+ allows around 3mbit/s of peakrate, given 1000
+ byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion rate
+ of the bucket. The peakrate does not need to be
+ set, it is only necessary if perfect millisecond
+ timescale shaping is required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows bps,
+ kbps, mbps, gbps, tbps unit. bps means bytes per
+ second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about corrupt
+ action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about delay
+ action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details of packet
+ reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device to
+ be affected.
+ type: string
+ direction:
+ default: to
+ description: Direction represents the direction, this
+ applies on netem and network partition action
+ enum:
+ - to
+ - from
+ - both
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail about
+ loss action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ externalTargets:
+ description: ExternalTargets represents network targets
+ outside k8s
+ items:
+ type: string
+ type: array
+ loss:
+ description: Loss represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target represents network target, this
+ applies on netem and network partition action
+ properties:
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ targetDevice:
+ description: TargetDevice represents the network device
+ to be affected in target scope.
+ type: string
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ physicalmachineChaos:
+ description: PhysicalMachineChaosSpec defines the desired
+ state of PhysicalMachineChaos
+ properties:
+ action:
+ description: the subAction, generate automatically
+ enum:
+ - stress-cpu
+ - stress-mem
+ - disk-read-payload
+ - disk-write-payload
+ - disk-fill
+ - network-corrupt
+ - network-duplicate
+ - network-loss
+ - network-delay
+ - network-partition
+ - network-dns
+ - network-bandwidth
+ - network-flood
+ - network-down
+ - process
+ - jvm-exception
+ - jvm-gc
+ - jvm-latency
+ - jvm-return
+ - jvm-stress
+ - jvm-rule-data
+ - jvm-mysql
+ - clock
+ - redis-expiration
+ - redis-penetration
+ - redis-cacheLimit
+ - redis-restart
+ - redis-stop
+ - kafka-fill
+ - kafka-flood
+ - kafka-io
+ - file-create
+ - file-modify
+ - file-delete
+ - file-rename
+ - file-append
+ - file-replace
+ - vm
+ - user_defined
+ type: string
+ address:
+ description: 'DEPRECATED: Use Selector instead. Only
+ one of Address and Selector could be specified.'
+ items:
+ type: string
+ type: array
+ clock:
+ properties:
+ clock-ids-slice:
+ description: the identifier of the particular clock
+ on which to act. More clock description in linux
+ kernel can be found in man page of clock_getres,
+ clock_gettime, clock_settime. Muti clock ids should
+ be split with ","
+ type: string
+ pid:
+ description: the pid of target program.
+ type: integer
+ time-offset:
+ description: specifies the length of time offset.
+ type: string
+ type: object
+ disk-fill:
+ properties:
+ fill-by-fallocate:
+ description: fill disk by fallocate
+ type: boolean
+ path:
+ description: specifies the location to fill data
+ in. if path not provided, payload will read/write
+ from/into a temp file, temp file will be deleted
+ after writing
+ type: string
+ size:
+ description: 'specifies how many units of data will
+ write into the file path. support unit: c=1, w=2,
+ b=512, kB=1000, K=1024, MB=1000*1000, M=1024*1024,
+ GB=1000*1000*1000, G=1024*1024*1024 BYTES. example
+ : 1M | 512kB'
+ type: string
+ type: object
+ disk-read-payload:
+ properties:
+ path:
+ description: specifies the location to fill data
+ in. if path not provided, payload will read/write
+ from/into a temp file, temp file will be deleted
+ after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work
+ on writing, default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will
+ write into the file path. support unit: c=1, w=2,
+ b=512, kB=1000, K=1024, MB=1000*1000, M=1024*1024,
+ GB=1000*1000*1000, G=1024*1024*1024 BYTES. example
+ : 1M | 512kB'
+ type: string
+ type: object
+ disk-write-payload:
+ properties:
+ path:
+ description: specifies the location to fill data
+ in. if path not provided, payload will read/write
+ from/into a temp file, temp file will be deleted
+ after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work
+ on writing, default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will
+ write into the file path. support unit: c=1, w=2,
+ b=512, kB=1000, K=1024, MB=1000*1000, M=1024*1024,
+ GB=1000*1000*1000, G=1024*1024*1024 BYTES. example
+ : 1M | 512kB'
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ file-append:
+ properties:
+ count:
+ description: Count is the number of times to append
+ the data.
+ type: integer
+ data:
+ description: Data is the data for append.
+ type: string
+ file-name:
+ description: FileName is the name of the file to
+ be created, modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-create:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create
+ or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to
+ be created, modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-delete:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create
+ or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to
+ be created, modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-modify:
+ properties:
+ file-name:
+ description: FileName is the name of the file to
+ be created, modified, deleted, renamed, or appended.
+ type: string
+ privilege:
+ description: Privilege is the file privilege to
+ be set.
+ format: int32
+ type: integer
+ type: object
+ file-rename:
+ properties:
+ dest-file:
+ description: DestFile is the name to be renamed.
+ type: string
+ source-file:
+ description: SourceFile is the name need to be renamed.
+ type: string
+ type: object
+ file-replace:
+ properties:
+ dest-string:
+ description: DestStr is the destination string of
+ the file.
+ type: string
+ file-name:
+ description: FileName is the name of the file to
+ be created, modified, deleted, renamed, or appended.
+ type: string
+ line:
+ description: Line is the line number of the file
+ to be replaced.
+ type: integer
+ origin-string:
+ description: OriginStr is the origin string of the
+ file.
+ type: string
+ type: object
+ http-abort:
+ properties:
+ code:
+ description: Code is a rule to select target by
+ http status code in response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service
+ listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP
+ connection, we will only attack HTTP connection
+ with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - proxy_ports
+ - target
+ type: object
+ http-config:
+ properties:
+ file_path:
+ description: The config file path
+ type: string
+ type: object
+ http-delay:
+ properties:
+ code:
+ description: Code is a rule to select target by
+ http status code in response
+ type: string
+ delay:
+ description: Delay represents the delay of the target
+ request/response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service
+ listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP
+ connection, we will only attack HTTP connection
+ with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - delay
+ - proxy_ports
+ - target
+ type: object
+ http-request:
+ description: used for HTTP request, now only support
+ GET
+ properties:
+ count:
+ description: The number of requests to send
+ type: integer
+ enable-conn-pool:
+ description: Enable connection pool
+ type: boolean
+ url:
+ description: Request to send"
+ type: string
+ type: object
+ jvm-exception:
+ properties:
+ class:
+ description: Java class
+ type: string
+ exception:
+ description: the exception which needs to throw
+ for action `exception`
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-gc:
+ properties:
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-latency:
+ properties:
+ class:
+ description: Java class
+ type: string
+ latency:
+ description: the latency duration for action 'latency',
+ unit ms
+ type: integer
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-mysql:
+ properties:
+ database:
+ description: the match database default value is
+ "", means match all database
+ type: string
+ exception:
+ description: The exception which needs to throw
+ for action `exception` or the exception message
+ needs to throw in action `mysql`
+ type: string
+ latency:
+ description: The latency duration for action 'latency'
+ or the latency duration in action `mysql`
+ type: integer
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java,
+ only support 5.X.X(set to "5") and 8.X.X(set to
+ "8") now
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ sqlType:
+ description: the match sql type default value is
+ "", means match all SQL type. The value can be
+ 'select', 'insert', 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "",
+ means match all table
+ type: string
+ type: object
+ jvm-return:
+ properties:
+ class:
+ description: Java class
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ value:
+ description: the return value for action 'return'
+ type: string
+ type: object
+ jvm-rule-data:
+ properties:
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ rule-data:
+ description: RuleData used to save the rule file's
+ data, will use it when recover
+ type: string
+ type: object
+ jvm-stress:
+ properties:
+ cpu-count:
+ description: the CPU core number need to use, only
+ set it when action is stress
+ type: integer
+ mem-type:
+ description: the memory type need to locate, only
+ set it when action is stress, the value can be
+ 'stack' or 'heap'
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ kafka-fill:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ maxBytes:
+ description: The max bytes to fill
+ format: int64
+ type: integer
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ reloadCommand:
+ description: The command to reload kafka config
+ type: string
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-flood:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ threads:
+ description: The number of worker threads
+ type: integer
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-io:
+ properties:
+ configFile:
+ description: The path of server config
+ type: string
+ nonReadable:
+ description: Make kafka cluster non-readable
+ type: boolean
+ nonWritable:
+ description: Make kafka cluster non-writable
+ type: boolean
+ topic:
+ description: The topic to attack
+ type: string
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ network-bandwidth:
+ properties:
+ buffer:
+ format: int32
+ minimum: 1
+ type: integer
+ device:
+ type: string
+ hostname:
+ type: string
+ ip-address:
+ type: string
+ limit:
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ format: int32
+ type: integer
+ peakrate:
+ format: int64
+ type: integer
+ rate:
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ network-corrupt:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or to
+ indicate the range, such as 80, 8001:8010. it
+ can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP
+ protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to corrupt (10
+ is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these
+ source ports, use a ',' to separate or to indicate
+ the range, such as 80, 8001:8010. it can only
+ be used in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-delay:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp
+ flag can be accepted, others will be dropped.
+ only set when the IPProtocol is tcp, used for
+ partition.
+ type: string
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or to
+ indicate the range, such as 80, 8001:8010. it
+ can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP
+ protocol, supported: tcp, udp, icmp, all'
+ type: string
+ jitter:
+ description: 'jitter time, time units: ns, us (or
+ µs), ms, s, m, h.'
+ type: string
+ latency:
+ description: 'delay egress time, time units: ns,
+ us (or µs), ms, s, m, h.'
+ type: string
+ source-port:
+ description: only impact egress traffic from these
+ source ports, use a ',' to separate or to indicate
+ the range, such as 80, 8001:8010. it can only
+ be used in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-dns:
+ properties:
+ dns-domain-name:
+ description: map this host to specified IP
+ type: string
+ dns-ip:
+ description: map specified host to this IP address
+ type: string
+ dns-server:
+ description: update the DNS server in /etc/resolv.conf
+ with this value
+ type: string
+ type: object
+ network-down:
+ properties:
+ device:
+ description: The network interface to impact
+ type: string
+ duration:
+ description: 'NIC down time, time units: ns, us
+ (or µs), ms, s, m, h.'
+ type: string
+ type: object
+ network-duplicate:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or to
+ indicate the range, such as 80, 8001:8010. it
+ can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP
+ protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to duplicate
+ (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these
+ source ports, use a ',' to separate or to indicate
+ the range, such as 80, 8001:8010. it can only
+ be used in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-flood:
+ properties:
+ duration:
+ description: The number of seconds to run the iperf
+ test
+ type: string
+ ip-address:
+ description: Generate traffic to this IP address
+ type: string
+ parallel:
+ description: The number of iperf parallel client
+ threads to run
+ format: int32
+ type: integer
+ port:
+ description: Generate traffic to this port on the
+ IP address
+ type: string
+ rate:
+ description: The speed of network traffic, allows
+ bps, kbps, mbps, gbps, tbps unit. bps means bytes
+ per second
+ type: string
+ required:
+ - duration
+ - rate
+ type: object
+ network-loss:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or to
+ indicate the range, such as 80, 8001:8010. it
+ can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP
+ protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to loss (10 is
+ 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these
+ source ports, use a ',' to separate or to indicate
+ the range, such as 80, 8001:8010. it can only
+ be used in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-partition:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp
+ flag can be accepted, others will be dropped.
+ only set when the IPProtocol is tcp, used for
+ partition.
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ direction:
+ description: specifies the partition direction,
+ values can be 'from', 'to'. 'from' means packets
+ coming from the 'IPAddress' or 'Hostname' and
+ going to your server, 'to' means packets originating
+ from your server and going to the 'IPAddress'
+ or 'Hostname'.
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ type: object
+ process:
+ properties:
+ process:
+ description: the process name or the process ID
+ type: string
+ recoverCmd:
+ description: the command to be run when recovering
+ experiment
+ type: string
+ signal:
+ description: the signal number to send
+ type: integer
+ type: object
+ redis-cacheLimit:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ cacheSize:
+ description: The size of `maxmemory`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ percent:
+ description: Specifies maxmemory as a percentage
+ of the original value
+ type: string
+ type: object
+ redis-expiration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ expiration:
+ description: The expiration of the keys
+ type: string
+ key:
+ description: The keys to be expired
+ type: string
+ option:
+ description: Additional options for `expiration`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ type: object
+ redis-penetration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ requestNum:
+ description: The number of requests to be sent
+ type: integer
+ type: object
+ redis-restart:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether
+ to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line
+ tool
+ type: boolean
+ type: object
+ redis-stop:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether
+ to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line
+ tool
+ type: boolean
+ type: object
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select physical machines
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ physicalMachines:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: PhysicalMachines is a map of string
+ keys and a set values that used to select physical
+ machines. The key defines the namespace which
+ physical machine belong, and each value is a set
+ of physical machine names.
+ type: object
+ type: object
+ stress-cpu:
+ properties:
+ load:
+ description: specifies P percent loading per CPU
+ worker. 0 is effectively a sleep (no load) and
+ 100 is full loading.
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: specifies N workers to apply the stressor.
+ type: integer
+ type: object
+ stress-mem:
+ properties:
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: specifies N bytes consumed per vm worker,
+ default is the total available memory. One can
+ specify the size as % of total available memory
+ or in units of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB..
+ type: string
+ type: object
+ uid:
+ description: the experiment ID
+ type: string
+ user_defined:
+ properties:
+ attackCmd:
+ description: The command to be executed when attack
+ type: string
+ recoverCmd:
+ description: The command to be executed when recover
+ type: string
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of physical machines
+ to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of physical
+ machines the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ vm:
+ properties:
+ vm-name:
+ description: The name of the VM to be injected
+ type: string
+ type: object
+ required:
+ - action
+ - mode
+ type: object
+ podChaos:
+ description: PodChaosSpec defines the attributes that a
+ user creates on a chaos experiment about pods.
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos
+ action. Supported action: pod-kill / pod-failure /
+ container-kill Default action: pod-kill'
+ enum:
+ - pod-kill
+ - pod-failure
+ - container-kill
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action. It is required when the action is `PodFailureAction`.
+ A duration string is a possibly signed sequence of
+ decimal numbers, each with optional fraction and a
+ unit suffix, such as "300ms", "-1.5h" or "2h45m".
+ Valid time units are "ns", "us" (or "µs"), "ms", "s",
+ "m", "h".
+ type: string
+ gracePeriod:
+ description: GracePeriod is used in pod-kill action.
+ It represents the duration in seconds before the pod
+ should be deleted. Value must be non-negative integer.
+ The default value is zero that indicates delete immediately.
+ format: int64
+ minimum: 0
+ type: integer
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ schedule:
+ description: Schedule describe the Schedule(describing scheduled
+ chaos) to be injected with chaos nodes. Only used when
+ Type is TypeSchedule.
+ properties:
+ awsChaos:
+ description: AWSChaosSpec is the content of the specification
+ for an AWSChaos
+ properties:
+ action:
+ description: 'Action defines the specific aws chaos
+ action. Supported action: ec2-stop / ec2-restart
+ / detach-volume Default action: ec2-stop'
+ enum:
+ - ec2-stop
+ - ec2-restart
+ - detach-volume
+ type: string
+ awsRegion:
+ description: AWSRegion defines the region of aws.
+ type: string
+ deviceName:
+ description: DeviceName indicates the name of the
+ device. Needed in detach-volume.
+ type: string
+ duration:
+ description: Duration represents the duration of
+ the chaos action.
+ type: string
+ ec2Instance:
+ description: Ec2Instance indicates the ID of the
+ ec2 instance.
+ type: string
+ endpoint:
+ description: Endpoint indicates the endpoint of
+ the aws server. Just used it in test now.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret.
+ type: string
+ volumeID:
+ description: EbsVolume indicates the ID of the EBS
+ volume. Needed in detach-volume.
+ type: string
+ required:
+ - action
+ - awsRegion
+ - ec2Instance
+ type: object
+ azureChaos:
+ description: AzureChaosSpec is the content of the specification
+ for an AzureChaos
+ properties:
+ action:
+ description: 'Action defines the specific azure
+ chaos action. Supported action: vm-stop / vm-restart
+ / disk-detach Default action: vm-stop'
+ enum:
+ - vm-stop
+ - vm-restart
+ - disk-detach
+ type: string
+ diskName:
+ description: DiskName indicates the name of the
+ disk. Needed in disk-detach.
+ type: string
+ duration:
+ description: Duration represents the duration of
+ the chaos action.
+ type: string
+ lun:
+ description: LUN indicates the Logical Unit Number
+ of the data disk. Needed in disk-detach.
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ resourceGroupName:
+ description: ResourceGroupName defines the name
+ of ResourceGroup
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret. It is used for Azure credentials.
+ type: string
+ subscriptionID:
+ description: SubscriptionID defines the id of Azure
+ subscription.
+ type: string
+ vmName:
+ description: VMName defines the name of Virtual
+ Machine
+ type: string
+ required:
+ - action
+ - resourceGroupName
+ - subscriptionID
+ - vmName
+ type: object
+ blockChaos:
+ description: BlockChaosSpec is the content of the specification
+ for a BlockChaos
+ properties:
+ action:
+ description: 'Action defines the specific block
+ chaos action. Supported action: delay'
+ enum:
+ - delay
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the delay distribution.
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ description: Latency defines the latency of
+ every io request.
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of
+ the chaos action.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ volumeName:
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumeName
+ type: object
+ concurrencyPolicy:
+ enum:
+ - Forbid
+ - Allow
+ type: string
+ dnsChaos:
+ description: DNSChaosSpec defines the desired state
+ of DNSChaos
+ properties:
+ action:
+ description: 'Action defines the specific DNS chaos
+ action. Supported action: error, random Default
+ action: error'
+ enum:
+ - error
+ - random
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patterns:
+ description: "Choose which domain names to take
+ effect, support the placeholder ? and wildcard
+ *, or the Specified domain name. Note: 1.
+ The wildcard * must be at the end of the string.
+ For example, chaos-*.org is invalid. 2. if
+ the patterns is empty, will take effect on all
+ the domain names. For example: \t\tThe value is
+ [\"google.com\", \"github.*\", \"chaos-mes?.org\"],
+ \t\twill take effect on \"google.com\", \"github.com\"
+ and \"chaos-mesh.org\""
+ items:
+ type: string
+ type: array
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ gcpChaos:
+ description: GCPChaosSpec is the content of the specification
+ for a GCPChaos
+ properties:
+ action:
+ description: 'Action defines the specific gcp chaos
+ action. Supported action: node-stop / node-reset
+ / disk-loss Default action: node-stop'
+ enum:
+ - node-stop
+ - node-reset
+ - disk-loss
+ type: string
+ deviceNames:
+ description: The device name of disks to detach.
+ Needed in disk-loss.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action.
+ type: string
+ instance:
+ description: Instance defines the name of the instance
+ type: string
+ project:
+ description: Project defines the ID of gcp project.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret. It is used for GCP credentials.
+ type: string
+ zone:
+ description: Zone defines the zone of gcp project.
+ type: string
+ required:
+ - action
+ - instance
+ - project
+ - zone
+ type: object
+ historyLimit:
+ minimum: 1
+ type: integer
+ httpChaos:
+ properties:
+ abort:
+ description: Abort is a rule to abort a http session.
+ type: boolean
+ code:
+ description: Code is a rule to select target by
+ http status code in response.
+ format: int32
+ type: integer
+ delay:
+ description: Delay represents the delay of the target
+ request/response. A duration string is a possibly
+ unsigned sequence of decimal numbers, each with
+ optional fraction and a unit suffix, such as "300ms",
+ "2h45m". Valid time units are "ns", "us" (or "µs"),
+ "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of
+ the chaos action.
+ type: string
+ method:
+ description: Method is a rule to select target by
+ http method in request.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to patch message
+ body of target.
+ properties:
+ type:
+ description: Type represents the patch type,
+ only support `JSON` as [merge patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append http
+ headers of target. For example: `[["Set-Cookie",
+ ""], ["Set-Cookie", ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append uri
+ queries of target(Request only). For example:
+ `[["foo", "bar"], ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ path:
+ description: Path is a rule to select target by
+ uri path in http request.
+ type: string
+ port:
+ description: Port represents the target port to
+ be proxy of.
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ replace:
+ description: Replace is a rule to replace some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to replace http
+ message body in target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http
+ status code in response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace http
+ headers of target. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace http
+ method in request.
+ type: string
+ path:
+ description: Path is rule to to replace uri
+ path in http request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace uri
+ queries in http request. For example, with
+ value `{ "foo": "unknown" }`, the `/?foo=bar`
+ will be altered to `/?foo=unknown`,'
+ type: object
+ type: object
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select
+ target by http headers in request. The key-value
+ pairs represent header name and header value pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select
+ target by http headers in response. The key-value
+ pairs represent header name and header value pairs.
+ type: object
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target is the object to be selected
+ and injected.
+ enum:
+ - Request
+ - Response
+ type: string
+ tls:
+ description: TLS is the tls config, will override
+ PodHttpChaos if there are multiple HTTPChaos experiments
+ are applied
+ properties:
+ caName:
+ description: CAName represents the data name
+ of ca file in secret, `ca.crt` for example
+ type: string
+ certName:
+ description: CertName represents the data name
+ of cert file in secret, `tls.crt` for example
+ type: string
+ keyName:
+ description: KeyName represents the data name
+ of key file in secret, `tls.key` for example
+ type: string
+ secretName:
+ description: SecretName represents the name
+ of required secret resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents the
+ namespace of required secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - target
+ type: object
+ ioChaos:
+ description: IOChaosSpec defines the desired state of
+ IOChaos
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos
+ action. Supported action: latency / fault / attrOverride
+ / mistake'
+ enum:
+ - latency
+ - fault
+ - attrOverride
+ - mistake
+ type: string
+ attr:
+ description: Attr defines the overrided attribution
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of file
+ type: string
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ uid:
+ format: int32
+ type: integer
+ type: object
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the value of I/O chaos
+ action delay. A delay string is a possibly signed
+ sequence of decimal numbers, each with optional
+ fraction and a unit suffix, such as "300ms". Valid
+ time units are "ns", "us" (or "µs"), "ms", "s",
+ "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of
+ the chaos action. It is required when the action
+ is `PodFailureAction`. A duration string is a
+ possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such
+ as "300ms", "-1.5h" or "2h45m". Valid time units
+ are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ errno:
+ description: 'Errno defines the error code that
+ returned by I/O action. refer to: https://www-numi.fnal.gov/offline_software/srt_public_context/WebDocs/Errors/unix_system_errors.html'
+ format: int32
+ type: integer
+ methods:
+ description: 'Methods defines the I/O methods for
+ injecting I/O chaos action. default: all I/O methods.'
+ items:
+ type: string
+ type: array
+ mistake:
+ description: Mistake defines what types of incorrectness
+ are injected to IO operations
+ properties:
+ filling:
+ description: Filling determines what is filled
+ in the mistake data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data segment
+ in bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences]
+ segments of wrong data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ path:
+ description: Path defines the path of files for
+ injecting I/O chaos action.
+ type: string
+ percent:
+ default: 100
+ description: 'Percent defines the percentage of
+ injection errors and provides a number from 0-100.
+ default: 100.'
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ volumePath:
+ description: VolumePath represents the mount path
+ of injected volume
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumePath
+ type: object
+ jvmChaos:
+ description: JVMChaosSpec defines the desired state
+ of JVMChaos
+ properties:
+ action:
+ description: 'Action defines the specific jvm chaos
+ action. Supported action: latency;return;exception;stress;gc;ruleData'
+ enum:
+ - latency
+ - return
+ - exception
+ - stress
+ - gc
+ - ruleData
+ - mysql
+ type: string
+ class:
+ description: Java class
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ cpuCount:
+ description: the CPU core number needs to use, only
+ set it when action is stress
+ type: integer
+ database:
+ description: the match database default value is
+ "", means match all database
+ type: string
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ exception:
+ description: the exception which needs to throw
+ for action `exception` or the exception message
+ needs to throw in action `mysql`
+ type: string
+ latency:
+ description: the latency duration for action 'latency',
+ unit ms or the latency duration in action `mysql`
+ type: integer
+ memType:
+ description: the memory type needs to locate, only
+ set it when action is stress, the value can be
+ 'stack' or 'heap'
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java,
+ only support 5.X.X(set to "5") and 8.X.X(set to
+ "8") now
+ type: string
+ name:
+ description: byteman rule name, should be unique,
+ and will generate one if not set
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ ruleData:
+ description: the byteman rule's data for action
+ 'ruleData'
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ sqlType:
+ description: the match sql type default value is
+ "", means match all SQL type. The value can be
+ 'select', 'insert', 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "",
+ means match all table
+ type: string
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ kernelChaos:
+ description: KernelChaosSpec defines the desired state
+ of KernelChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ failKernRequest:
+ description: FailKernRequest defines the request
+ of kernel injection
+ properties:
+ callchain:
+ description: 'Callchain indicate a special call
+ chain, such as: ext4_mount -> mount_subtree ->
+ ... -> should_failslab With an
+ optional set of predicates and an optional
+ set of parameters, which used with predicates.
+ You can read call chan and predicate examples
+ from https://github.com/chaos-mesh/bpfki/tree/develop/examples
+ to learn more. If no special call chain, just
+ keep Callchain empty, which means it will
+ fail at any call chain with slab alloc (eg:
+ kmalloc).'
+ items:
+ description: Frame defines the function signature
+ and predicate in function's body
+ properties:
+ funcname:
+ description: Funcname can be find from
+ kernel source or `/proc/kallsyms`, such
+ as `ext4_mount`
+ type: string
+ parameters:
+ description: Parameters is used with predicate,
+ for example, if you want to inject slab
+ error in `d_alloc_parallel(struct dentry
+ *parent, const struct qstr *name)` with
+ a special name `bananas`, you need to
+ set it to `struct dentry *parent, const
+ struct qstr *name` otherwise omit it.
+ type: string
+ predicate:
+ description: Predicate will access the
+ arguments of this Frame, example with
+ Parameters's, you can set it to `STRNCMP(name->name,
+ "bananas", 8)` to make inject only with
+ it, or omit it to inject for all d_alloc_parallel
+ call chain.
+ type: string
+ type: object
+ type: array
+ failtype:
+ description: 'FailType indicates what to fail,
+ can be set to ''0'' / ''1'' / ''2'' If `0`,
+ indicates slab to fail (should_failslab) If
+ `1`, indicates alloc_page to fail (should_fail_alloc_page)
+ If `2`, indicates bio to fail (should_fail_bio)
+ You can read: 1. https://www.kernel.org/doc/html/latest/fault-injection/fault-injection.html 2.
+ http://github.com/iovisor/bcc/blob/master/tools/inject_example.txt
+ to learn more'
+ format: int32
+ maximum: 2
+ minimum: 0
+ type: integer
+ headers:
+ description: 'Headers indicates the appropriate
+ kernel headers you need. Eg: "linux/mmzone.h",
+ "linux/blkdev.h" and so on'
+ items:
+ type: string
+ type: array
+ probability:
+ description: Probability indicates the fails
+ with probability. If you want 1%, please set
+ this field with 1.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ times:
+ description: Times indicates the max times of
+ fails.
+ format: int32
+ minimum: 0
+ type: integer
+ required:
+ - failtype
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - failKernRequest
+ - mode
+ - selector
+ type: object
+ networkChaos:
+ description: NetworkChaosSpec defines the desired state
+ of NetworkChaos
+ properties:
+ action:
+ description: 'Action defines the specific network
+ chaos action. Supported action: partition, netem,
+ delay, loss, duplicate, corrupt Default action:
+ delay'
+ enum:
+ - netem
+ - delay
+ - loss
+ - duplicate
+ - corrupt
+ - partition
+ - bandwidth
+ type: string
+ bandwidth:
+ description: Bandwidth represents the detail about
+ bandwidth control action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount of
+ bytes that tokens can be available for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes that
+ can be queued waiting for tokens to become
+ available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size of
+ the peakrate bucket. For perfect accuracy,
+ should be set to the MTU of the interface. If
+ a peakrate is needed, but some burstiness
+ is acceptable, this size can be raised. A
+ 3000 byte minburst allows around 3mbit/s of
+ peakrate, given 1000 byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion
+ rate of the bucket. The peakrate does not
+ need to be set, it is only necessary if perfect
+ millisecond timescale shaping is required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows
+ bps, kbps, mbps, gbps, tbps unit. bps means
+ bytes per second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about
+ corrupt action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about delay
+ action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details of
+ packet reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device
+ to be affected.
+ type: string
+ direction:
+ default: to
+ description: Direction represents the direction,
+ this applies on netem and network partition action
+ enum:
+ - to
+ - from
+ - both
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail
+ about loss action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ externalTargets:
+ description: ExternalTargets represents network
+ targets outside k8s
+ items:
+ type: string
+ type: array
+ loss:
+ description: Loss represents the detail about loss
+ action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target represents network target, this
+ applies on netem and network partition action
+ properties:
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ targetDevice:
+ description: TargetDevice represents the network
+ device to be affected in target scope.
+ type: string
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ physicalmachineChaos:
+ description: PhysicalMachineChaosSpec defines the desired
+ state of PhysicalMachineChaos
+ properties:
+ action:
+ description: the subAction, generate automatically
+ enum:
+ - stress-cpu
+ - stress-mem
+ - disk-read-payload
+ - disk-write-payload
+ - disk-fill
+ - network-corrupt
+ - network-duplicate
+ - network-loss
+ - network-delay
+ - network-partition
+ - network-dns
+ - network-bandwidth
+ - network-flood
+ - network-down
+ - process
+ - jvm-exception
+ - jvm-gc
+ - jvm-latency
+ - jvm-return
+ - jvm-stress
+ - jvm-rule-data
+ - jvm-mysql
+ - clock
+ - redis-expiration
+ - redis-penetration
+ - redis-cacheLimit
+ - redis-restart
+ - redis-stop
+ - kafka-fill
+ - kafka-flood
+ - kafka-io
+ - file-create
+ - file-modify
+ - file-delete
+ - file-rename
+ - file-append
+ - file-replace
+ - vm
+ - user_defined
+ type: string
+ address:
+ description: 'DEPRECATED: Use Selector instead.
+ Only one of Address and Selector could be specified.'
+ items:
+ type: string
+ type: array
+ clock:
+ properties:
+ clock-ids-slice:
+ description: the identifier of the particular
+ clock on which to act. More clock description
+ in linux kernel can be found in man page of
+ clock_getres, clock_gettime, clock_settime.
+ Muti clock ids should be split with ","
+ type: string
+ pid:
+ description: the pid of target program.
+ type: integer
+ time-offset:
+ description: specifies the length of time offset.
+ type: string
+ type: object
+ disk-fill:
+ properties:
+ fill-by-fallocate:
+ description: fill disk by fallocate
+ type: boolean
+ path:
+ description: specifies the location to fill
+ data in. if path not provided, payload will
+ read/write from/into a temp file, temp file
+ will be deleted after writing
+ type: string
+ size:
+ description: 'specifies how many units of data
+ will write into the file path. support unit:
+ c=1, w=2, b=512, kB=1000, K=1024, MB=1000*1000,
+ M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-read-payload:
+ properties:
+ path:
+ description: specifies the location to fill
+ data in. if path not provided, payload will
+ read/write from/into a temp file, temp file
+ will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process
+ work on writing, default 1, only 1-255 is
+ valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data
+ will write into the file path. support unit:
+ c=1, w=2, b=512, kB=1000, K=1024, MB=1000*1000,
+ M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-write-payload:
+ properties:
+ path:
+ description: specifies the location to fill
+ data in. if path not provided, payload will
+ read/write from/into a temp file, temp file
+ will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process
+ work on writing, default 1, only 1-255 is
+ valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data
+ will write into the file path. support unit:
+ c=1, w=2, b=512, kB=1000, K=1024, MB=1000*1000,
+ M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ file-append:
+ properties:
+ count:
+ description: Count is the number of times to
+ append the data.
+ type: integer
+ data:
+ description: Data is the data for append.
+ type: string
+ file-name:
+ description: FileName is the name of the file
+ to be created, modified, deleted, renamed,
+ or appended.
+ type: string
+ type: object
+ file-create:
+ properties:
+ dir-name:
+ description: DirName is the directory name to
+ create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file
+ to be created, modified, deleted, renamed,
+ or appended.
+ type: string
+ type: object
+ file-delete:
+ properties:
+ dir-name:
+ description: DirName is the directory name to
+ create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file
+ to be created, modified, deleted, renamed,
+ or appended.
+ type: string
+ type: object
+ file-modify:
+ properties:
+ file-name:
+ description: FileName is the name of the file
+ to be created, modified, deleted, renamed,
+ or appended.
+ type: string
+ privilege:
+ description: Privilege is the file privilege
+ to be set.
+ format: int32
+ type: integer
+ type: object
+ file-rename:
+ properties:
+ dest-file:
+ description: DestFile is the name to be renamed.
+ type: string
+ source-file:
+ description: SourceFile is the name need to
+ be renamed.
+ type: string
+ type: object
+ file-replace:
+ properties:
+ dest-string:
+ description: DestStr is the destination string
+ of the file.
+ type: string
+ file-name:
+ description: FileName is the name of the file
+ to be created, modified, deleted, renamed,
+ or appended.
+ type: string
+ line:
+ description: Line is the line number of the
+ file to be replaced.
+ type: integer
+ origin-string:
+ description: OriginStr is the origin string
+ of the file.
+ type: string
+ type: object
+ http-abort:
+ properties:
+ code:
+ description: Code is a rule to select target
+ by http status code in response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard
+ matches
+ type: string
+ port:
+ description: The TCP port that the target service
+ listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of
+ HTTP connection, we will only attack HTTP
+ connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - proxy_ports
+ - target
+ type: object
+ http-config:
+ properties:
+ file_path:
+ description: The config file path
+ type: string
+ type: object
+ http-delay:
+ properties:
+ code:
+ description: Code is a rule to select target
+ by http status code in response
+ type: string
+ delay:
+ description: Delay represents the delay of the
+ target request/response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard
+ matches
+ type: string
+ port:
+ description: The TCP port that the target service
+ listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of
+ HTTP connection, we will only attack HTTP
+ connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - delay
+ - proxy_ports
+ - target
+ type: object
+ http-request:
+ description: used for HTTP request, now only support
+ GET
+ properties:
+ count:
+ description: The number of requests to send
+ type: integer
+ enable-conn-pool:
+ description: Enable connection pool
+ type: boolean
+ url:
+ description: Request to send"
+ type: string
+ type: object
+ jvm-exception:
+ properties:
+ class:
+ description: Java class
+ type: string
+ exception:
+ description: the exception which needs to throw
+ for action `exception`
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-gc:
+ properties:
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-latency:
+ properties:
+ class:
+ description: Java class
+ type: string
+ latency:
+ description: the latency duration for action
+ 'latency', unit ms
+ type: integer
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-mysql:
+ properties:
+ database:
+ description: the match database default value
+ is "", means match all database
+ type: string
+ exception:
+ description: The exception which needs to throw
+ for action `exception` or the exception message
+ needs to throw in action `mysql`
+ type: string
+ latency:
+ description: The latency duration for action
+ 'latency' or the latency duration in action
+ `mysql`
+ type: integer
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java,
+ only support 5.X.X(set to "5") and 8.X.X(set
+ to "8") now
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ sqlType:
+ description: the match sql type default value
+ is "", means match all SQL type. The value
+ can be 'select', 'insert', 'update', 'delete',
+ 'replace'.
+ type: string
+ table:
+ description: the match table default value is
+ "", means match all table
+ type: string
+ type: object
+ jvm-return:
+ properties:
+ class:
+ description: Java class
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ value:
+ description: the return value for action 'return'
+ type: string
+ type: object
+ jvm-rule-data:
+ properties:
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ rule-data:
+ description: RuleData used to save the rule
+ file's data, will use it when recover
+ type: string
+ type: object
+ jvm-stress:
+ properties:
+ cpu-count:
+ description: the CPU core number need to use,
+ only set it when action is stress
+ type: integer
+ mem-type:
+ description: the memory type need to locate,
+ only set it when action is stress, the value
+ can be 'stack' or 'heap'
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ kafka-fill:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ maxBytes:
+ description: The max bytes to fill
+ format: int64
+ type: integer
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ reloadCommand:
+ description: The command to reload kafka config
+ type: string
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-flood:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ threads:
+ description: The number of worker threads
+ type: integer
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-io:
+ properties:
+ configFile:
+ description: The path of server config
+ type: string
+ nonReadable:
+ description: Make kafka cluster non-readable
+ type: boolean
+ nonWritable:
+ description: Make kafka cluster non-writable
+ type: boolean
+ topic:
+ description: The topic to attack
+ type: string
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ network-bandwidth:
+ properties:
+ buffer:
+ format: int32
+ minimum: 1
+ type: integer
+ device:
+ type: string
+ hostname:
+ type: string
+ ip-address:
+ type: string
+ limit:
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ format: int32
+ type: integer
+ peakrate:
+ format: int64
+ type: integer
+ rate:
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ network-corrupt:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is
+ 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or
+ to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this
+ IP protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to corrupt
+ (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from
+ these source ports, use a ',' to separate
+ or to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ type: object
+ network-delay:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the
+ tcp flag can be accepted, others will be dropped.
+ only set when the IPProtocol is tcp, used
+ for partition.
+ type: string
+ correlation:
+ description: correlation is percentage (10 is
+ 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or
+ to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this
+ IP protocol, supported: tcp, udp, icmp, all'
+ type: string
+ jitter:
+ description: 'jitter time, time units: ns, us
+ (or µs), ms, s, m, h.'
+ type: string
+ latency:
+ description: 'delay egress time, time units:
+ ns, us (or µs), ms, s, m, h.'
+ type: string
+ source-port:
+ description: only impact egress traffic from
+ these source ports, use a ',' to separate
+ or to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ type: object
+ network-dns:
+ properties:
+ dns-domain-name:
+ description: map this host to specified IP
+ type: string
+ dns-ip:
+ description: map specified host to this IP address
+ type: string
+ dns-server:
+ description: update the DNS server in /etc/resolv.conf
+ with this value
+ type: string
+ type: object
+ network-down:
+ properties:
+ device:
+ description: The network interface to impact
+ type: string
+ duration:
+ description: 'NIC down time, time units: ns,
+ us (or µs), ms, s, m, h.'
+ type: string
+ type: object
+ network-duplicate:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is
+ 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or
+ to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this
+ IP protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to duplicate
+ (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from
+ these source ports, use a ',' to separate
+ or to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ type: object
+ network-flood:
+ properties:
+ duration:
+ description: The number of seconds to run the
+ iperf test
+ type: string
+ ip-address:
+ description: Generate traffic to this IP address
+ type: string
+ parallel:
+ description: The number of iperf parallel client
+ threads to run
+ format: int32
+ type: integer
+ port:
+ description: Generate traffic to this port on
+ the IP address
+ type: string
+ rate:
+ description: The speed of network traffic, allows
+ bps, kbps, mbps, gbps, tbps unit. bps means
+ bytes per second
+ type: string
+ required:
+ - duration
+ - rate
+ type: object
+ network-loss:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is
+ 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or
+ to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this
+ IP protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to loss (10
+ is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from
+ these source ports, use a ',' to separate
+ or to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ type: object
+ network-partition:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the
+ tcp flag can be accepted, others will be dropped.
+ only set when the IPProtocol is tcp, used
+ for partition.
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ direction:
+ description: specifies the partition direction,
+ values can be 'from', 'to'. 'from' means packets
+ coming from the 'IPAddress' or 'Hostname'
+ and going to your server, 'to' means packets
+ originating from your server and going to
+ the 'IPAddress' or 'Hostname'.
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ type: object
+ process:
+ properties:
+ process:
+ description: the process name or the process
+ ID
+ type: string
+ recoverCmd:
+ description: the command to be run when recovering
+ experiment
+ type: string
+ signal:
+ description: the signal number to send
+ type: integer
+ type: object
+ redis-cacheLimit:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ cacheSize:
+ description: The size of `maxmemory`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ percent:
+ description: Specifies maxmemory as a percentage
+ of the original value
+ type: string
+ type: object
+ redis-expiration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ expiration:
+ description: The expiration of the keys
+ type: string
+ key:
+ description: The keys to be expired
+ type: string
+ option:
+ description: Additional options for `expiration`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ type: object
+ redis-penetration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ requestNum:
+ description: The number of requests to be sent
+ type: integer
+ type: object
+ redis-restart:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether
+ to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line
+ tool
+ type: boolean
+ type: object
+ redis-stop:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether
+ to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line
+ tool
+ type: boolean
+ type: object
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select physical
+ machines that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ physicalMachines:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: PhysicalMachines is a map of string
+ keys and a set values that used to select
+ physical machines. The key defines the namespace
+ which physical machine belong, and each value
+ is a set of physical machine names.
+ type: object
+ type: object
+ stress-cpu:
+ properties:
+ load:
+ description: specifies P percent loading per
+ CPU worker. 0 is effectively a sleep (no load)
+ and 100 is full loading.
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: specifies N workers to apply the
+ stressor.
+ type: integer
+ type: object
+ stress-mem:
+ properties:
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: specifies N bytes consumed per
+ vm worker, default is the total available
+ memory. One can specify the size as % of total
+ available memory or in units of B, KB/KiB,
+ MB/MiB, GB/GiB, TB/TiB..
+ type: string
+ type: object
+ uid:
+ description: the experiment ID
+ type: string
+ user_defined:
+ properties:
+ attackCmd:
+ description: The command to be executed when
+ attack
+ type: string
+ recoverCmd:
+ description: The command to be executed when
+ recover
+ type: string
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of physical
+ machines to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent
+ of physical machines the server can do chaos action.
+ IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ vm:
+ properties:
+ vm-name:
+ description: The name of the VM to be injected
+ type: string
+ type: object
+ required:
+ - action
+ - mode
+ type: object
+ podChaos:
+ description: PodChaosSpec defines the attributes that
+ a user creates on a chaos experiment about pods.
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos
+ action. Supported action: pod-kill / pod-failure
+ / container-kill Default action: pod-kill'
+ enum:
+ - pod-kill
+ - pod-failure
+ - container-kill
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action. It is required when the action
+ is `PodFailureAction`. A duration string is a
+ possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such
+ as "300ms", "-1.5h" or "2h45m". Valid time units
+ are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ gracePeriod:
+ description: GracePeriod is used in pod-kill action.
+ It represents the duration in seconds before the
+ pod should be deleted. Value must be non-negative
+ integer. The default value is zero that indicates
+ delete immediately.
+ format: int64
+ minimum: 0
+ type: integer
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ schedule:
+ type: string
+ startingDeadlineSeconds:
+ format: int64
+ minimum: 0
+ nullable: true
+ type: integer
+ stressChaos:
+ description: StressChaosSpec defines the desired state
+ of StressChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ stressngStressors:
+ description: StressngStressors defines plenty of
+ stressors just like `Stressors` except that it's
+ an experimental feature and more powerful. You
+ can define stressors in `stress-ng` (see also
+ `man stress-ng`) dialect, however not all of the
+ supported stressors are well tested. It maybe
+ retired in later releases. You should always use
+ `Stressors` to define the stressors and use this
+ only when you want more stressors unsupported
+ by `Stressors`. When both `StressngStressors`
+ and `Stressors` are defined, `StressngStressors`
+ wins.
+ type: string
+ stressors:
+ description: Stressors defines plenty of stressors
+ supported to stress system components out. You
+ can use one or more of them to make up various
+ kinds of stresses. At least one of the stressors
+ should be specified.
+ properties:
+ cpu:
+ description: CPUStressor stresses CPU out
+ properties:
+ load:
+ description: Load specifies P percent loading
+ per CPU worker. 0 is effectively a sleep
+ (no load) and 100 is full loading.
+ maximum: 100
+ minimum: 0
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: Workers specifies N workers
+ to apply the stressor. Maximum 8192 workers
+ can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ memory:
+ description: MemoryStressor stresses virtual
+ memory out
+ properties:
+ oomScoreAdj:
+ default: 0
+ description: OOMScoreAdj sets the oom_score_adj
+ of the stress process. See `man 5 proc`
+ to know more about this option.
+ maximum: 1000
+ minimum: -1000
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: Size specifies N bytes consumed
+ per vm worker, default is the total available
+ memory. One can specify the size as %
+ of total available memory or in units
+ of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB.
+ type: string
+ workers:
+ description: Workers specifies N workers
+ to apply the stressor. Maximum 8192 workers
+ can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ timeChaos:
+ description: TimeChaosSpec defines the desired state
+ of TimeChaos
+ properties:
+ clockIds:
+ description: ClockIds defines all affected clock
+ id All available options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID",
+ "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM",
+ "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"]
+ items:
+ type: string
+ type: array
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ timeOffset:
+ description: TimeOffset defines the delta time of
+ injected program. It's a possibly signed sequence
+ of decimal numbers, such as "300ms", "-1.5h" or
+ "2h45m". Valid time units are "ns", "us" (or "µs"),
+ "ms", "s", "m", "h".
+ type: string
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - timeOffset
+ type: object
+ type:
+ description: 'TODO: use a custom type, as `TemplateType`
+ contains other possible values'
+ type: string
+ required:
+ - schedule
+ - type
+ type: object
+ statusCheck:
+ description: StatusCheck describe the behavior of StatusCheck.
+ Only used when Type is TypeStatusCheck.
+ properties:
+ duration:
+ description: Duration defines the duration of the whole
+ status check if the number of failed execution does
+ not exceed the failure threshold. Duration is available
+ to both `Synchronous` and `Continuous` mode. A duration
+ string is a possibly signed sequence of decimal numbers,
+ each with optional fraction and a unit suffix, such
+ as "300ms", "-1.5h" or "2h45m". Valid time units are
+ "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ failureThreshold:
+ default: 3
+ description: FailureThreshold defines the minimum consecutive
+ failure for the status check to be considered failed.
+ minimum: 1
+ type: integer
+ http:
+ properties:
+ body:
+ type: string
+ criteria:
+ description: Criteria defines how to determine the
+ result of the status check.
+ properties:
+ statusCode:
+ description: StatusCode defines the expected
+ http status code for the request. A statusCode
+ string could be a single code (e.g. 200),
+ or an inclusive range (e.g. 200-400, both
+ `200` and `400` are included).
+ type: string
+ required:
+ - statusCode
+ type: object
+ headers:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: "A Header represents the key-value
+ pairs in an HTTP header. \n The keys should be
+ in canonical form, as returned by CanonicalHeaderKey."
+ type: object
+ method:
+ default: GET
+ enum:
+ - GET
+ - POST
+ type: string
+ url:
+ type: string
+ required:
+ - criteria
+ - url
+ type: object
+ intervalSeconds:
+ default: 10
+ description: IntervalSeconds defines how often (in seconds)
+ to perform an execution of status check.
+ minimum: 1
+ type: integer
+ mode:
+ description: 'Mode defines the execution mode of the
+ status check. Support type: Synchronous / Continuous'
+ enum:
+ - Synchronous
+ - Continuous
+ type: string
+ recordsHistoryLimit:
+ default: 100
+ description: RecordsHistoryLimit defines the number
+ of record to retain.
+ maximum: 1000
+ minimum: 1
+ type: integer
+ successThreshold:
+ default: 1
+ description: SuccessThreshold defines the minimum consecutive
+ successes for the status check to be considered successful.
+ SuccessThreshold only works for `Synchronous` mode.
+ minimum: 1
+ type: integer
+ timeoutSeconds:
+ default: 1
+ description: TimeoutSeconds defines the number of seconds
+ after which an execution of status check times out.
+ minimum: 1
+ type: integer
+ type:
+ default: HTTP
+ description: 'Type defines the specific status check
+ type. Support type: HTTP'
+ enum:
+ - HTTP
+ type: string
+ required:
+ - type
+ type: object
+ stressChaos:
+ description: StressChaosSpec defines the desired state of
+ StressChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ stressngStressors:
+ description: StressngStressors defines plenty of stressors
+ just like `Stressors` except that it's an experimental
+ feature and more powerful. You can define stressors
+ in `stress-ng` (see also `man stress-ng`) dialect,
+ however not all of the supported stressors are well
+ tested. It maybe retired in later releases. You should
+ always use `Stressors` to define the stressors and
+ use this only when you want more stressors unsupported
+ by `Stressors`. When both `StressngStressors` and
+ `Stressors` are defined, `StressngStressors` wins.
+ type: string
+ stressors:
+ description: Stressors defines plenty of stressors supported
+ to stress system components out. You can use one or
+ more of them to make up various kinds of stresses.
+ At least one of the stressors should be specified.
+ properties:
+ cpu:
+ description: CPUStressor stresses CPU out
+ properties:
+ load:
+ description: Load specifies P percent loading
+ per CPU worker. 0 is effectively a sleep (no
+ load) and 100 is full loading.
+ maximum: 100
+ minimum: 0
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: Workers specifies N workers to
+ apply the stressor. Maximum 8192 workers can
+ run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ memory:
+ description: MemoryStressor stresses virtual memory
+ out
+ properties:
+ oomScoreAdj:
+ default: 0
+ description: OOMScoreAdj sets the oom_score_adj
+ of the stress process. See `man 5 proc` to
+ know more about this option.
+ maximum: 1000
+ minimum: -1000
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: Size specifies N bytes consumed
+ per vm worker, default is the total available
+ memory. One can specify the size as % of total
+ available memory or in units of B, KB/KiB,
+ MB/MiB, GB/GiB, TB/TiB.
+ type: string
+ workers:
+ description: Workers specifies N workers to
+ apply the stressor. Maximum 8192 workers can
+ run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ task:
+ description: Task describes the behavior of the custom task.
+ Only used when Type is TypeTask.
+ properties:
+ container:
+ description: Container is the main container image to
+ run in the pod
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container
+ image''s CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using
+ the container''s environment. If a variable cannot
+ be resolved, the reference in the input string
+ will be unchanged. Double $$ are reduced to a
+ single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will
+ never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The container image''s ENTRYPOINT is
+ used if this is not provided. Variable references
+ $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined
+ environment variables in the container and
+ any service environment variables. If a
+ variable cannot be resolved, the reference
+ in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal
+ "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and
+ requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container
+ is starting. When a key exists in multiple sources,
+ the value associated with the last source will
+ take precedence. Values defined by an Env with
+ a duplicate key will take precedence. Cannot be
+ updated.
+ items:
+ description: EnvFromSource represents the source
+ of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a
+ C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config
+ management to default or override container images
+ in workload controllers like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always,
+ Never, IfNotPresent. Defaults to Always if :latest
+ tag is specified, or IfNotPresent otherwise. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system
+ should take in response to container lifecycle
+ events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately
+ after a container is created. If the handler
+ fails, the container is terminated and restarted
+ according to its restart policy. Other management
+ of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately
+ before a container is terminated due to an
+ API request or management event such as liveness/startup
+ probe failure, preemption, resource contention,
+ etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace
+ period countdown begins before the PreStop
+ hook is executed. Regardless of the outcome
+ of the handler, the container will eventually
+ terminate within the Pod''s termination grace
+ period (unless delayed by finalizers). Other
+ management of the container blocks until the
+ hook completes or until the termination grace
+ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as
+ a DNS_LABEL. Each container in a pod must have
+ a unique name (DNS_LABEL). Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container.
+ Not specifying a port here DOES NOT prevent that
+ port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container
+ will be accessible from the network. Modifying
+ this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the
+ pod's IP address. This must be a valid port
+ number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the
+ host. If specified, this must be a valid
+ port number, 0 < x < 65536. If HostNetwork
+ is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an
+ IANA_SVC_NAME and unique within the pod.
+ Each named port in a pod must have a unique
+ name. Name for the port that can be referred
+ to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP,
+ TCP, or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service
+ readiness. Container will be removed from service
+ endpoints if the probe fails. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this
+ container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security
+ options the container should be run with. If set,
+ the fields of SecurityContext override the equivalent
+ fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges
+ than its parent process. This bool directly
+ controls if the no_new_privs flag will be
+ set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run
+ as Privileged 2) has CAP_SYS_ADMIN Note that
+ this field cannot be set when spec.os.name
+ is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when
+ running containers. Defaults to the default
+ set of capabilities granted by the container
+ runtime. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode.
+ Processes in privileged containers are essentially
+ equivalent to root on the host. Defaults to
+ false. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default
+ is DefaultProcMount which uses the container
+ runtime defaults for readonly paths and masked
+ paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of
+ the container process. Uses runtime default
+ if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must
+ run as a non-root user. If true, the Kubelet
+ will validate the image at runtime to ensure
+ that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset
+ or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of
+ the container process. Defaults to user specified
+ in image metadata if unspecified. May also
+ be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied
+ to the container. If unspecified, the container
+ runtime will allocate a random SELinux context
+ for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided
+ at both the pod & container level, the container
+ options override the pod options. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates
+ a profile defined in a file on the node
+ should be used. The profile must be preconfigured
+ on the node to work. Must be a descending
+ path, relative to the kubelet's configured
+ seccomp profile location. Must only be
+ set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind
+ of seccomp profile will be applied. Valid
+ options are: \n Localhost - a profile
+ defined in a file on the node should be
+ used. RuntimeDefault - the container runtime
+ default profile should be used. Unconfined
+ - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where
+ the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the
+ name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a
+ container should be run as a 'Host Process'
+ container. This field is alpha-level and
+ will only be honored by components that
+ enable the WindowsHostProcessContainers
+ feature flag. Setting this field without
+ the feature flag will result in errors
+ when validating the Pod. All of a Pod's
+ containers must have the same effective
+ HostProcess value (it is not allowed to
+ have a mix of HostProcess containers and
+ non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to
+ run the entrypoint of the container process.
+ Defaults to the user specified in image
+ metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod
+ has successfully initialized. If specified, no
+ other probes are executed until this completes
+ successfully. If this probe fails, the Pod will
+ be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters
+ at the beginning of a Pod''s lifecycle, when it
+ might take a long time to load data or warm a
+ cache, than during steady-state operation. This
+ cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If
+ this is not set, reads from stdin in the container
+ will always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should
+ close the stdin channel after it has been opened
+ by a single attach. When stdin is true the stdin
+ stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is
+ opened on container start, is empty until the
+ first client attaches to stdin, and then remains
+ open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed
+ until the container is restarted. If this flag
+ is false, a container processes that reads from
+ stdin will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to
+ which the container''s termination message will
+ be written is mounted into the container''s filesystem.
+ Message written is intended to be brief final
+ status, such as an assertion failure message.
+ Will be truncated by the node if greater than
+ 4096 bytes. The total message length across all
+ containers will be limited to 12kb. Defaults to
+ /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message
+ should be populated. File will use the contents
+ of terminationMessagePath to populate the container
+ status message on both success and failure. FallbackToLogsOnError
+ will use the last chunk of container log output
+ if the termination message file is empty and the
+ container exited with an error. The log output
+ is limited to 2048 bytes or 80 lines, whichever
+ is smaller. Defaults to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be
+ true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will be
+ mapped to.
+ type: string
+ name:
+ description: name must match the name of a
+ persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at
+ which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how
+ mounts are propagated from the host to container
+ and the other way around. When not set,
+ MountPropagationNone is used. This field
+ is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a
+ Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults
+ to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume
+ from which the container's volume should
+ be mounted. Behaves similarly to SubPath
+ but environment variable references $(VAR_NAME)
+ are expanded using the container's environment.
+ Defaults to "" (volume's root). SubPathExpr
+ and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not
+ specified, the container runtime's default will
+ be used, which might be configured in the container
+ image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ volumes:
+ description: Volumes is a list of volumes that can be
+ mounted by containers in a template.
+ items:
+ description: Volume represents a named volume in a
+ pod that may be accessed by any container in the
+ pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents
+ an AWS Disk resource that is attached to a kubelet''s
+ host machine and then exposed to the pod. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume
+ partition for /dev/sda is "0" (or you can
+ leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force
+ the readOnly setting in VolumeMounts. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the
+ persistent disk resource in AWS (Amazon
+ EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data
+ Disk mount on the host and bind mount to the
+ pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching
+ mode: None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data
+ disk in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk
+ in the blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be
+ "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared:
+ multiple blob disks per storage account Dedicated:
+ single blob disk per storage account Managed:
+ azure managed data disk (only in managed
+ availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File
+ Service mount on the host and bind mount to
+ the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret
+ that contains Azure Storage Account Name
+ and Key
+ type: string
+ shareName:
+ description: shareName is the azure share
+ Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount
+ on the host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors
+ is a collection of Ceph monitors More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the
+ mounted root, rather than the full Ceph
+ tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default
+ is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef
+ is reference to the authentication secret
+ for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is optional: User is the
+ rados user name, default is admin More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume
+ attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified. More info:
+ https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points
+ to a secret object containing parameters
+ used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volumeID used to identify the
+ volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode
+ bits used to set permissions on created
+ files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value
+ between 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644.
+ Directories within the path are not affected
+ by this setting. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced
+ ConfigMap will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional. Paths
+ must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode
+ bits used to set permissions on this
+ file. Must be an octal value between
+ 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires
+ decimal values for mode bits. If not
+ specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path
+ of the file to map the key to. May
+ not be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the
+ ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: csi (Container Storage Interface)
+ represents ephemeral storage that is handled
+ by certain external CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI
+ driver that handles this volume. Consult
+ with your admin for the correct name as
+ registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4",
+ "xfs", "ntfs". If not provided, the empty
+ value is passed to the associated CSI driver
+ which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference
+ to the secret object containing sensitive
+ information to pass to the CSI driver to
+ complete the CSI NodePublishVolume and NodeUnpublishVolume
+ calls. This field is optional, and may
+ be empty if no secret is required. If the
+ secret object contains more than one secret,
+ all secret references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: readOnly specifies a read-only
+ configuration for the volume. Defaults to
+ false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific
+ properties that are passed to the CSI driver.
+ Consult your driver's documentation for
+ supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API
+ about the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on
+ created files by default. Must be a Optional:
+ mode bits used to set permissions on created
+ files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value
+ between 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644.
+ Directories within the path are not affected
+ by this setting. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API
+ volume file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary
+ directory that shares a pod''s lifetime. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type
+ of storage medium should back this directory.
+ The default is "" which means to use the
+ node''s default medium. Must be an empty
+ string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount
+ of local storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage on
+ memory medium EmptyDir would be the minimum
+ value between the SizeLimit specified here
+ and the sum of memory limits of all containers
+ in a pod. The default is nil which means
+ that the limit is undefined. More info:
+ http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that
+ is handled by a cluster storage driver. The
+ volume's lifecycle is tied to the pod that defines
+ it - it will be created before the pod starts,
+ and deleted when the pod is removed. \n Use
+ this if: a) the volume is only needed while
+ the pod runs, b) features of normal volumes
+ like restoring from snapshot or capacity tracking
+ are needed, c) the storage driver is specified
+ through a storage class, and d) the storage
+ driver supports dynamic volume provisioning
+ through a PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection between
+ this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than
+ the lifecycle of an individual pod. \n Use CSI
+ for light-weight local ephemeral volumes if
+ the CSI driver is meant to be used that way
+ - see the documentation of the driver for more
+ information. \n A pod can use both types of
+ ephemeral volumes and persistent volumes at
+ the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone
+ PVC to provision the volume. The pod in
+ which this EphemeralVolumeSource is embedded
+ will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The
+ name of the PVC will be `-` where `` is the name
+ from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the
+ concatenated name is not valid for a PVC
+ (for example, too long). \n An existing
+ PVC with that name that is not owned by
+ the pod will *not* be used for the pod to
+ avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the
+ unrelated PVC is removed. If such a pre-created
+ PVC is meant to be used by the pod, the
+ PVC has to updated with an owner reference
+ to the pod once the pod exists. Normally
+ this should not be necessary, but it may
+ be useful when manually reconstructing a
+ broken cluster. \n This field is read-only
+ and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n
+ Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when
+ creating it. No other fields are allowed
+ and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the
+ PersistentVolumeClaim. The entire content
+ is copied unchanged into the PVC that
+ gets created from this template. The
+ same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains
+ the desired access modes the volume
+ should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can
+ be used to specify either: * An
+ existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external
+ controller can support the specified
+ data source, it will create a new
+ volume based on the contents of
+ the specified data source. When
+ the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents
+ will be copied to dataSourceRef,
+ and dataSourceRef contents will
+ be copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace
+ is specified, then dataSourceRef
+ will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified,
+ the specified Kind must be in
+ the core API group. For any
+ other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type
+ of resource being referenced
+ type: string
+ name:
+ description: Name is the name
+ of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies
+ the object from which to populate
+ the volume with data, if a non-empty
+ volume is desired. This may be any
+ object from a non-empty API group
+ (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed
+ if the type of the specified object
+ matches some installed volume populator
+ or dynamic provisioner. This field
+ will replace the functionality of
+ the dataSource field and as such
+ if both fields are non-empty, they
+ must have the same value. For backwards
+ compatibility, when namespace isn''t
+ specified in dataSourceRef, both
+ fields (dataSource and dataSourceRef)
+ will be set to the same value automatically
+ if one of them is empty and the
+ other is non-empty. When namespace
+ is specified in dataSourceRef, dataSource
+ isn''t set to the same value and
+ must be empty. There are three important
+ differences between dataSource and
+ dataSourceRef: * While dataSource
+ only allows two specific types of
+ objects, dataSourceRef allows
+ any non-core object, as well as
+ PersistentVolumeClaim objects. *
+ While dataSource ignores disallowed
+ values (dropping them), dataSourceRef preserves
+ all values, and generates an error
+ if a disallowed value is specified.
+ * While dataSource only allows local
+ objects, dataSourceRef allows objects in
+ any namespaces. (Beta) Using this
+ field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha)
+ Using the namespace field of dataSourceRef
+ requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified,
+ the specified Kind must be in
+ the core API group. For any
+ other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type
+ of resource being referenced
+ type: string
+ name:
+ description: Name is the name
+ of resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the
+ namespace of resource being
+ referenced Note that when a
+ namespace is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent
+ namespace to allow that namespace's
+ owner to accept the reference.
+ See the ReferenceGrant documentation
+ for details. (Alpha) This field
+ requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents
+ the minimum resources the volume
+ should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed
+ to specify resource requirements
+ that are lower than previous value
+ but must still be higher than capacity
+ recorded in the status field of
+ the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the
+ names of resources, defined
+ in spec.resourceClaims, that
+ are used by this container.
+ \n This is an alpha field and
+ requires enabling the DynamicResourceAllocation
+ feature gate. \n This field
+ is immutable."
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match
+ the name of one entry
+ in pod.spec.resourceClaims
+ of the Pod where this
+ field is used. It makes
+ that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes
+ the maximum amount of compute
+ resources allowed. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes
+ the minimum amount of compute
+ resources required. If Requests
+ is omitted for a container,
+ it defaults to Limits if that
+ is explicitly specified, otherwise
+ to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query
+ over volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector
+ that contains values, a key,
+ and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid
+ operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In
+ or NotIn, the values array
+ must be non-empty. If
+ the operator is Exists
+ or DoesNotExist, the values
+ array must be empty. This
+ array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a
+ map of {key,value} pairs. A
+ single {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator
+ is "In", and the values array
+ contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is
+ the name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what
+ type of volume is required by the
+ claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding
+ reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine
+ and then exposed to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. TODO: how do we prevent
+ errors in the filesystem from compromising
+ the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun
+ number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world
+ wide identifiers (wwids) Either wwids or
+ combination of targetWWNs and lun must be
+ set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume
+ resource that is provisioned/attached using
+ an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver
+ to use for this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field
+ holds extra command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef
+ is reference to the secret object containing
+ sensitive information to pass to the plugin
+ scripts. This may be empty if no secret
+ object is specified. If the secret object
+ contains more than one secret, all secrets
+ are passed to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume
+ attached to a kubelet's host machine. This depends
+ on the Flocker control service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset
+ for Flocker should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the
+ dataset. This is unique identifier of a
+ Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE
+ Disk resource that is attached to a kubelet''s
+ host machine and then exposed to the pod. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of
+ the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume
+ partition for /dev/sda is "0" (or you can
+ leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the
+ PD resource in GCE. Used to identify the
+ disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the
+ ReadOnly setting in VolumeMounts. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository
+ at a particular revision. DEPRECATED: GitRepo
+ is deprecated. To provision a container with
+ a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the
+ EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory
+ name. Must not contain or start with '..'. If
+ '.' is supplied, the volume directory will
+ be the git repository. Otherwise, if specified,
+ the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for
+ the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs
+ mount on the host that shares a pod''s lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name
+ that details Glusterfs topology. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume
+ path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the
+ Glusterfs volume to be mounted with read-only
+ permissions. Defaults to false. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing
+ file or directory on the host machine that is
+ directly exposed to the container. This is generally
+ used for system agents or other privileged things
+ that are allowed to see the host machine. Most
+ containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can
+ use host directory mounts and who can/can not
+ mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the
+ host. If the path is a symlink, it will
+ follow the link to the real path. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults
+ to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource
+ that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether
+ support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether
+ support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI
+ Initiator Name. If initiatorName is specified
+ with iscsiInterface simultaneously, new
+ iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface
+ Name that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun
+ number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the
+ ReadOnly setting in VolumeMounts. Defaults
+ to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret
+ for iSCSI target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: targetPortal is iSCSI Target
+ Portal. The Portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL
+ and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the
+ host that shares a pod''s lifetime More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the
+ NFS export to be mounted with read-only
+ permissions. Defaults to false. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP
+ address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource
+ represents a reference to a PersistentVolumeClaim
+ in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this
+ volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly
+ setting in VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a
+ PhotonController persistent disk attached and
+ mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be
+ "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies
+ Photon Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx
+ volume attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem
+ type to mount Must be a filesystem type
+ supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to
+ be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies
+ a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits
+ used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. Directories within the path are
+ not affected by this setting. This might
+ be in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume
+ projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ configMap:
+ description: configMap information about
+ the configMap data to project
+ properties:
+ items:
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced ConfigMap
+ will be projected into the volume
+ as a file whose name is the key
+ and content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and
+ unlisted keys will not be present.
+ If a key is specified which is
+ not present in the ConfigMap,
+ the volume setup will error unless
+ it is marked optional. Paths must
+ be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key
+ to a path within a volume.
+ properties:
+ key:
+ description: key is the key
+ to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an
+ octal value between 0000
+ and 0777 or a decimal value
+ between 0 and 511. YAML
+ accepts both octal and decimal
+ values, JSON requires decimal
+ values for mode bits. If
+ not specified, the volume
+ defaultMode will be used.
+ This might be in conflict
+ with other options that
+ affect the file mode, like
+ fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map
+ the key to. May not be an
+ absolute path. May not contain
+ the path element '..'. May
+ not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must
+ be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: downwardAPI information
+ about the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of
+ DownwardAPIVolume file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to create
+ the file containing the pod
+ field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only
+ annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of
+ the schema the FieldPath
+ is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the
+ field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode
+ bits used to set permissions
+ on this file, must be an
+ octal value between 0000
+ and 0777 or a decimal value
+ between 0 and 511. YAML
+ accepts both octal and decimal
+ values, JSON requires decimal
+ values for mode bits. If
+ not specified, the volume
+ defaultMode will be used.
+ This might be in conflict
+ with other options that
+ affect the file mode, like
+ fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path
+ is the relative path name
+ of the file to be created.
+ Must not be absolute or
+ contain the ''..'' path.
+ Must be utf-8 encoded. The
+ first item of the relative
+ path must not start with
+ ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory) are
+ currently supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies
+ the output format of
+ the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required:
+ resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about
+ the secret data to project
+ properties:
+ items:
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced Secret
+ will be projected into the volume
+ as a file whose name is the key
+ and content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and
+ unlisted keys will not be present.
+ If a key is specified which is
+ not present in the Secret, the
+ volume setup will error unless
+ it is marked optional. Paths must
+ be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key
+ to a path within a volume.
+ properties:
+ key:
+ description: key is the key
+ to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an
+ octal value between 0000
+ and 0777 or a decimal value
+ between 0 and 511. YAML
+ accepts both octal and decimal
+ values, JSON requires decimal
+ values for mode bits. If
+ not specified, the volume
+ defaultMode will be used.
+ This might be in conflict
+ with other options that
+ affect the file mode, like
+ fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map
+ the key to. May not be an
+ absolute path. May not contain
+ the path element '..'. May
+ not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional field specify
+ whether the Secret or its key
+ must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: serviceAccountToken is
+ information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: audience is the intended
+ audience of the token. A recipient
+ of a token must identify itself
+ with an identifier specified in
+ the audience of the token, and
+ otherwise should reject the token.
+ The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is
+ the requested duration of validity
+ of the service account token.
+ As the token approaches expiration,
+ the kubelet volume plugin will
+ proactively rotate the service
+ account token. The kubelet will
+ start trying to rotate the token
+ if the token is older than 80
+ percent of its time to live or
+ if the token is older than 24
+ hours.Defaults to 1 hour and must
+ be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative
+ to the mount point of the file
+ to project the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount
+ on the host that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: readOnly here will force the
+ Quobyte volume to be mounted with read-only
+ permissions. Defaults to false.
+ type: boolean
+ registry:
+ description: registry represents a single
+ or multiple Quobyte Registry services specified
+ as a string as host:port pair (multiple
+ entries are separated with commas) which
+ acts as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte
+ volume in the Backend Used with dynamically
+ provisioned Quobyte volumes, value is set
+ by the plugin
+ type: string
+ user:
+ description: user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device
+ mount on the host that shares a pod''s lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring
+ for RBDUser. Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of
+ Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name.
+ Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the
+ ReadOnly setting in VolumeMounts. Defaults
+ to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication
+ secret for RBDUser. If provided overrides
+ keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is the rados user name.
+ Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of
+ the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name
+ of the ScaleIO Protection Domain for the
+ configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret
+ for ScaleIO user and other sensitive information.
+ If this is not provided, Login operation
+ will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: sslEnabled Flag enable/disable
+ SSL communication with Gateway, default
+ false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether
+ the storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage
+ system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that
+ is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that
+ should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode
+ bits used to set permissions on created
+ files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value
+ between 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644.
+ Directories within the path are not affected
+ by this setting. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value
+ pair in the Data field of the referenced
+ Secret will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the Secret, the volume setup will error
+ unless it is marked optional. Paths must
+ be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode
+ bits used to set permissions on this
+ file. Must be an octal value between
+ 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires
+ decimal values for mode bits. If not
+ specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path
+ of the file to map the key to. May
+ not be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether
+ the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the
+ secret in the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be
+ "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret
+ to use for obtaining the StorageOS API credentials. If
+ not specified, default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: volumeName is the human-readable
+ name of the StorageOS volume. Volume names
+ are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the
+ scope of the volume within StorageOS. If
+ no namespace is specified then the Pod's
+ namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within
+ StorageOS for tighter integration. Set VolumeName
+ to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces
+ within StorageOS. Namespaces that do not
+ pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere
+ volume attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be
+ "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage
+ Policy Based Management (SPBM) profile ID
+ associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage
+ Policy Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ templateType:
+ type: string
+ timeChaos:
+ description: TimeChaosSpec defines the desired state of
+ TimeChaos
+ properties:
+ clockIds:
+ description: ClockIds defines all affected clock id
+ All available options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID",
+ "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM",
+ "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"]
+ items:
+ type: string
+ type: array
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ timeOffset:
+ description: TimeOffset defines the delta time of injected
+ program. It's a possibly signed sequence of decimal
+ numbers, such as "300ms", "-1.5h" or "2h45m". Valid
+ time units are "ns", "us" (or "µs"), "ms", "s", "m",
+ "h".
+ type: string
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - timeOffset
+ type: object
+ required:
+ - name
+ - templateType
+ type: object
+ type: array
+ required:
+ - entry
+ - templates
+ type: object
+ required:
+ - schedule
+ - type
+ type: object
+ status:
+ description: ScheduleStatus is the status of a schedule object
+ properties:
+ active:
+ items:
+ description: "ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2.
+ Invalid usage help. It is impossible to add specific help for
+ individual usage. In most embedded usages, there are particular
+ \ restrictions like, \"must refer only to types A and B\" or
+ \"UID not honored\" or \"name must be restricted\". Those
+ cannot be well described when embedded. 3. Inconsistent validation.
+ \ Because the usages are different, the validation rules are different
+ by usage, which makes it hard for users to predict what will happen.
+ \ 4. The fields are both imprecise and overly precise. Kind is
+ not a precise mapping to a URL. This can produce ambiguity during
+ interpretation and require a REST mapping. In most cases, the
+ dependency is on the group,resource tuple and the version
+ of the actual struct is irrelevant. 5. We cannot easily change
+ it. Because this type is embedded in many locations, updates
+ to this type will affect numerous schemas. Don't make new
+ APIs embed an underspecified API type they do not control. \n
+ Instead of using this type, create a locally provided and used
+ type that is well-focused on your reference. For example, ServiceReferences
+ for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ time:
+ format: date-time
+ nullable: true
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_statuschecks.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_statuschecks.yaml
new file mode 100644
index 0000000..64969aa
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_statuschecks.yaml
@@ -0,0 +1,203 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: statuschecks.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: StatusCheck
+ listKind: StatusCheckList
+ plural: statuschecks
+ singular: statuscheck
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a status check
+ properties:
+ duration:
+ description: Duration defines the duration of the whole status check
+ if the number of failed execution does not exceed the failure threshold.
+ Duration is available to both `Synchronous` and `Continuous` mode.
+ A duration string is a possibly signed sequence of decimal numbers,
+ each with optional fraction and a unit suffix, such as "300ms",
+ "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms",
+ "s", "m", "h".
+ type: string
+ failureThreshold:
+ default: 3
+ description: FailureThreshold defines the minimum consecutive failure
+ for the status check to be considered failed.
+ minimum: 1
+ type: integer
+ http:
+ properties:
+ body:
+ type: string
+ criteria:
+ description: Criteria defines how to determine the result of the
+ status check.
+ properties:
+ statusCode:
+ description: StatusCode defines the expected http status code
+ for the request. A statusCode string could be a single code
+ (e.g. 200), or an inclusive range (e.g. 200-400, both `200`
+ and `400` are included).
+ type: string
+ required:
+ - statusCode
+ type: object
+ headers:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: "A Header represents the key-value pairs in an HTTP
+ header. \n The keys should be in canonical form, as returned
+ by CanonicalHeaderKey."
+ type: object
+ method:
+ default: GET
+ enum:
+ - GET
+ - POST
+ type: string
+ url:
+ type: string
+ required:
+ - criteria
+ - url
+ type: object
+ intervalSeconds:
+ default: 10
+ description: IntervalSeconds defines how often (in seconds) to perform
+ an execution of status check.
+ minimum: 1
+ type: integer
+ mode:
+ description: 'Mode defines the execution mode of the status check.
+ Support type: Synchronous / Continuous'
+ enum:
+ - Synchronous
+ - Continuous
+ type: string
+ recordsHistoryLimit:
+ default: 100
+ description: RecordsHistoryLimit defines the number of record to retain.
+ maximum: 1000
+ minimum: 1
+ type: integer
+ successThreshold:
+ default: 1
+ description: SuccessThreshold defines the minimum consecutive successes
+ for the status check to be considered successful. SuccessThreshold
+ only works for `Synchronous` mode.
+ minimum: 1
+ type: integer
+ timeoutSeconds:
+ default: 1
+ description: TimeoutSeconds defines the number of seconds after which
+ an execution of status check times out.
+ minimum: 1
+ type: integer
+ type:
+ default: HTTP
+ description: 'Type defines the specific status check type. Support
+ type: HTTP'
+ enum:
+ - HTTP
+ type: string
+ required:
+ - type
+ type: object
+ status:
+ description: Most recently observed status of status check
+ properties:
+ completionTime:
+ description: CompletionTime represents time when the status check
+ was completed.
+ format: date-time
+ type: string
+ conditions:
+ description: Conditions represents the latest available observations
+ of a StatusCheck's current state.
+ items:
+ properties:
+ lastProbeTime:
+ format: date-time
+ type: string
+ lastTransitionTime:
+ format: date-time
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - lastProbeTime
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ count:
+ description: Count represents the total number of the status check
+ executed.
+ format: int64
+ type: integer
+ records:
+ description: Records contains the history of the execution of StatusCheck.
+ items:
+ properties:
+ outcome:
+ type: string
+ startTime:
+ format: date-time
+ type: string
+ required:
+ - outcome
+ - startTime
+ type: object
+ type: array
+ startTime:
+ description: StartTime represents time when the status check started
+ to execute.
+ format: date-time
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_stresschaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_stresschaos.yaml
new file mode 100644
index 0000000..fc2ba4a
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_stresschaos.yaml
@@ -0,0 +1,352 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: stresschaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: StressChaos
+ listKind: StressChaosList
+ plural: stresschaos
+ singular: stresschaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: StressChaos is the Schema for the stresschaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a time chaos experiment
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to inject
+ chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select nodes. Selector which must match a node's labels, and
+ objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must belong
+ to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a pod
+ at the current time. supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values that
+ used to select pods. The key defines the namespace which pods
+ belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ stressngStressors:
+ description: StressngStressors defines plenty of stressors just like
+ `Stressors` except that it's an experimental feature and more powerful.
+ You can define stressors in `stress-ng` (see also `man stress-ng`)
+ dialect, however not all of the supported stressors are well tested.
+ It maybe retired in later releases. You should always use `Stressors`
+ to define the stressors and use this only when you want more stressors
+ unsupported by `Stressors`. When both `StressngStressors` and `Stressors`
+ are defined, `StressngStressors` wins.
+ type: string
+ stressors:
+ description: Stressors defines plenty of stressors supported to stress
+ system components out. You can use one or more of them to make up
+ various kinds of stresses. At least one of the stressors should
+ be specified.
+ properties:
+ cpu:
+ description: CPUStressor stresses CPU out
+ properties:
+ load:
+ description: Load specifies P percent loading per CPU worker.
+ 0 is effectively a sleep (no load) and 100 is full loading.
+ maximum: 100
+ minimum: 0
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: Workers specifies N workers to apply the stressor.
+ Maximum 8192 workers can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ memory:
+ description: MemoryStressor stresses virtual memory out
+ properties:
+ oomScoreAdj:
+ default: 0
+ description: OOMScoreAdj sets the oom_score_adj of the stress
+ process. See `man 5 proc` to know more about this option.
+ maximum: 1000
+ minimum: -1000
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: Size specifies N bytes consumed per vm worker,
+ default is the total available memory. One can specify the
+ size as % of total available memory or in units of B, KB/KiB,
+ MB/MiB, GB/GiB, TB/TiB.
+ type: string
+ workers:
+ description: Workers specifies N workers to apply the stressor.
+ Maximum 8192 workers can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of pods to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ status:
+ description: Most recently observed status of the time chaos experiment
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ instances:
+ additionalProperties:
+ description: StressInstance is an instance generates stresses
+ properties:
+ memoryStartTime:
+ description: MemoryStartTime specifies when the memStress starts
+ format: date-time
+ type: string
+ memoryUid:
+ description: MemoryUID is the memStress identifier
+ type: string
+ startTime:
+ description: StartTime specifies when the stress-ng starts
+ format: date-time
+ type: string
+ uid:
+ description: UID is the stress-ng identifier
+ type: string
+ type: object
+ description: Instances always specifies stressing instances
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_timechaos.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_timechaos.yaml
new file mode 100644
index 0000000..20da06c
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_timechaos.yaml
@@ -0,0 +1,278 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: timechaos.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: TimeChaos
+ listKind: TimeChaosList
+ plural: timechaos
+ singular: timechaos
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.duration
+ name: duration
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: TimeChaos is the Schema for the timechaos API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a time chaos experiment
+ properties:
+ clockIds:
+ description: ClockIds defines all affected clock id All available
+ options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID",
+ "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM",
+ "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"]
+ items:
+ type: string
+ type: array
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where the
+ chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to inject
+ chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can be
+ used to select objects. A list of selectors based on set-based
+ label expressions.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used to
+ select nodes. Selector which must match a node's labels, and
+ objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must belong
+ to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a pod
+ at the current time. supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values that
+ used to select pods. The key defines the namespace which pods
+ belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ timeOffset:
+ description: TimeOffset defines the delta time of injected program.
+ It's a possibly signed sequence of decimal numbers, such as "300ms",
+ "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms",
+ "s", "m", "h".
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`, provide
+ an integer of pods to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - timeOffset
+ type: object
+ status:
+ description: Most recently observed status of the time chaos experiment
+ properties:
+ conditions:
+ description: Conditions represents the current global condition of
+ the chaos
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ experiment:
+ description: Experiment records the last experiment state.
+ properties:
+ containerRecords:
+ description: Records are used to track the running status
+ items:
+ properties:
+ events:
+ description: Events are the essential details about the
+ injections and recoveries
+ items:
+ properties:
+ message:
+ description: Message is the detail message, e.g. the
+ reason why we failed to inject the chaos
+ type: string
+ operation:
+ description: Operation represents the operation we
+ are doing, when we crate this event
+ type: string
+ timestamp:
+ description: Timestamp is time when we create this
+ event
+ format: date-time
+ type: string
+ type:
+ description: Type means the stage of this event
+ type: string
+ required:
+ - operation
+ - timestamp
+ - type
+ type: object
+ type: array
+ id:
+ type: string
+ injectedCount:
+ description: InjectedCount is a counter to record the sum
+ of successful injections
+ type: integer
+ phase:
+ type: string
+ recoveredCount:
+ description: RecoveredCount is a counter to record the sum
+ of successful recoveries
+ type: integer
+ selectorKey:
+ type: string
+ required:
+ - id
+ - injectedCount
+ - phase
+ - recoveredCount
+ - selectorKey
+ type: object
+ type: array
+ desiredPhase:
+ enum:
+ - Run
+ - Stop
+ type: string
+ type: object
+ required:
+ - experiment
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml
new file mode 100644
index 0000000..98eab05
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_workflownodes.yaml
@@ -0,0 +1,20398 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: workflownodes.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: WorkflowNode
+ listKind: WorkflowNodeList
+ plural: workflownodes
+ shortNames:
+ - wfn
+ singular: workflownode
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a node of workflow
+ properties:
+ abortWithStatusCheck:
+ description: AbortWithStatusCheck describe whether to abort the workflow
+ when the failure threshold of StatusCheck is exceeded. Only used
+ when Type is TypeStatusCheck.
+ type: boolean
+ awsChaos:
+ description: AWSChaosSpec is the content of the specification for
+ an AWSChaos
+ properties:
+ action:
+ description: 'Action defines the specific aws chaos action. Supported
+ action: ec2-stop / ec2-restart / detach-volume Default action:
+ ec2-stop'
+ enum:
+ - ec2-stop
+ - ec2-restart
+ - detach-volume
+ type: string
+ awsRegion:
+ description: AWSRegion defines the region of aws.
+ type: string
+ deviceName:
+ description: DeviceName indicates the name of the device. Needed
+ in detach-volume.
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ ec2Instance:
+ description: Ec2Instance indicates the ID of the ec2 instance.
+ type: string
+ endpoint:
+ description: Endpoint indicates the endpoint of the aws server.
+ Just used it in test now.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ type: string
+ volumeID:
+ description: EbsVolume indicates the ID of the EBS volume. Needed
+ in detach-volume.
+ type: string
+ required:
+ - action
+ - awsRegion
+ - ec2Instance
+ type: object
+ azureChaos:
+ description: AzureChaosSpec is the content of the specification for
+ an AzureChaos
+ properties:
+ action:
+ description: 'Action defines the specific azure chaos action.
+ Supported action: vm-stop / vm-restart / disk-detach Default
+ action: vm-stop'
+ enum:
+ - vm-stop
+ - vm-restart
+ - disk-detach
+ type: string
+ diskName:
+ description: DiskName indicates the name of the disk. Needed in
+ disk-detach.
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ lun:
+ description: LUN indicates the Logical Unit Number of the data
+ disk. Needed in disk-detach.
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ resourceGroupName:
+ description: ResourceGroupName defines the name of ResourceGroup
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ It is used for Azure credentials.
+ type: string
+ subscriptionID:
+ description: SubscriptionID defines the id of Azure subscription.
+ type: string
+ vmName:
+ description: VMName defines the name of Virtual Machine
+ type: string
+ required:
+ - action
+ - resourceGroupName
+ - subscriptionID
+ - vmName
+ type: object
+ blockChaos:
+ description: BlockChaosSpec is the content of the specification for
+ a BlockChaos
+ properties:
+ action:
+ description: 'Action defines the specific block chaos action.
+ Supported action: delay'
+ enum:
+ - delay
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the delay distribution.
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ description: Latency defines the latency of every io request.
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ volumeName:
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumeName
+ type: object
+ children:
+ items:
+ type: string
+ type: array
+ conditionalBranches:
+ items:
+ properties:
+ expression:
+ description: Expression is the expression for this conditional
+ branch, expected type of result is boolean. If expression
+ is empty, this branch will always be selected/the template
+ will be spawned.
+ type: string
+ target:
+ description: Target is the name of other template, if expression
+ is evaluated as true, this template will be spawned.
+ type: string
+ required:
+ - target
+ type: object
+ type: array
+ deadline:
+ format: date-time
+ type: string
+ dnsChaos:
+ description: DNSChaosSpec defines the desired state of DNSChaos
+ properties:
+ action:
+ description: 'Action defines the specific DNS chaos action. Supported
+ action: error, random Default action: error'
+ enum:
+ - error
+ - random
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patterns:
+ description: "Choose which domain names to take effect, support
+ the placeholder ? and wildcard *, or the Specified domain name.
+ Note: 1. The wildcard * must be at the end of the string.
+ For example, chaos-*.org is invalid. 2. if the patterns
+ is empty, will take effect on all the domain names. For example:
+ \t\tThe value is [\"google.com\", \"github.*\", \"chaos-mes?.org\"],
+ \t\twill take effect on \"google.com\", \"github.com\" and \"chaos-mesh.org\""
+ items:
+ type: string
+ type: array
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ gcpChaos:
+ description: GCPChaosSpec is the content of the specification for
+ a GCPChaos
+ properties:
+ action:
+ description: 'Action defines the specific gcp chaos action. Supported
+ action: node-stop / node-reset / disk-loss Default action: node-stop'
+ enum:
+ - node-stop
+ - node-reset
+ - disk-loss
+ type: string
+ deviceNames:
+ description: The device name of disks to detach. Needed in disk-loss.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ instance:
+ description: Instance defines the name of the instance
+ type: string
+ project:
+ description: Project defines the ID of gcp project.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ It is used for GCP credentials.
+ type: string
+ zone:
+ description: Zone defines the zone of gcp project.
+ type: string
+ required:
+ - action
+ - instance
+ - project
+ - zone
+ type: object
+ httpChaos:
+ properties:
+ abort:
+ description: Abort is a rule to abort a http session.
+ type: boolean
+ code:
+ description: Code is a rule to select target by http status code
+ in response.
+ format: int32
+ type: integer
+ delay:
+ description: Delay represents the delay of the target request/response.
+ A duration string is a possibly unsigned sequence of decimal
+ numbers, each with optional fraction and a unit suffix, such
+ as "300ms", "2h45m". Valid time units are "ns", "us" (or "µs"),
+ "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ type: string
+ method:
+ description: Method is a rule to select target by http method
+ in request.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents in target.
+ properties:
+ body:
+ description: Body is a rule to patch message body of target.
+ properties:
+ type:
+ description: Type represents the patch type, only support
+ `JSON` as [merge patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append http headers of
+ target. For example: `[["Set-Cookie", ""], ["Set-Cookie",
+ ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append uri queries of target(Request
+ only). For example: `[["foo", "bar"], ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ path:
+ description: Path is a rule to select target by uri path in http
+ request.
+ type: string
+ port:
+ description: Port represents the target port to be proxy of.
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ replace:
+ description: Replace is a rule to replace some contents in target.
+ properties:
+ body:
+ description: Body is a rule to replace http message body in
+ target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http status code in
+ response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace http headers of
+ target. The key-value pairs represent header name and header
+ value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace http method in request.
+ type: string
+ path:
+ description: Path is rule to to replace uri path in http request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace uri queries in
+ http request. For example, with value `{ "foo": "unknown"
+ }`, the `/?foo=bar` will be altered to `/?foo=unknown`,'
+ type: object
+ type: object
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select target by http
+ headers in request. The key-value pairs represent header name
+ and header value pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select target by http
+ headers in response. The key-value pairs represent header name
+ and header value pairs.
+ type: object
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target is the object to be selected and injected.
+ enum:
+ - Request
+ - Response
+ type: string
+ tls:
+ description: TLS is the tls config, will override PodHttpChaos
+ if there are multiple HTTPChaos experiments are applied
+ properties:
+ caName:
+ description: CAName represents the data name of ca file in
+ secret, `ca.crt` for example
+ type: string
+ certName:
+ description: CertName represents the data name of cert file
+ in secret, `tls.crt` for example
+ type: string
+ keyName:
+ description: KeyName represents the data name of key file
+ in secret, `tls.key` for example
+ type: string
+ secretName:
+ description: SecretName represents the name of required secret
+ resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents the namespace of required
+ secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - target
+ type: object
+ ioChaos:
+ description: IOChaosSpec defines the desired state of IOChaos
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos action. Supported
+ action: latency / fault / attrOverride / mistake'
+ enum:
+ - latency
+ - fault
+ - attrOverride
+ - mistake
+ type: string
+ attr:
+ description: Attr defines the overrided attribution
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of file
+ type: string
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ uid:
+ format: int32
+ type: integer
+ type: object
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the value of I/O chaos action delay.
+ A delay string is a possibly signed sequence of decimal numbers,
+ each with optional fraction and a unit suffix, such as "300ms".
+ Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action.
+ It is required when the action is `PodFailureAction`. A duration
+ string is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as "300ms", "-1.5h"
+ or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms",
+ "s", "m", "h".
+ type: string
+ errno:
+ description: 'Errno defines the error code that returned by I/O
+ action. refer to: https://www-numi.fnal.gov/offline_software/srt_public_context/WebDocs/Errors/unix_system_errors.html'
+ format: int32
+ type: integer
+ methods:
+ description: 'Methods defines the I/O methods for injecting I/O
+ chaos action. default: all I/O methods.'
+ items:
+ type: string
+ type: array
+ mistake:
+ description: Mistake defines what types of incorrectness are injected
+ to IO operations
+ properties:
+ filling:
+ description: Filling determines what is filled in the mistake
+ data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data segment in bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences] segments of
+ wrong data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ path:
+ description: Path defines the path of files for injecting I/O
+ chaos action.
+ type: string
+ percent:
+ default: 100
+ description: 'Percent defines the percentage of injection errors
+ and provides a number from 0-100. default: 100.'
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ volumePath:
+ description: VolumePath represents the mount path of injected
+ volume
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumePath
+ type: object
+ jvmChaos:
+ description: JVMChaosSpec defines the desired state of JVMChaos
+ properties:
+ action:
+ description: 'Action defines the specific jvm chaos action. Supported
+ action: latency;return;exception;stress;gc;ruleData'
+ enum:
+ - latency
+ - return
+ - exception
+ - stress
+ - gc
+ - ruleData
+ - mysql
+ type: string
+ class:
+ description: Java class
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ cpuCount:
+ description: the CPU core number needs to use, only set it when
+ action is stress
+ type: integer
+ database:
+ description: the match database default value is "", means match
+ all database
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ exception:
+ description: the exception which needs to throw for action `exception`
+ or the exception message needs to throw in action `mysql`
+ type: string
+ latency:
+ description: the latency duration for action 'latency', unit ms
+ or the latency duration in action `mysql`
+ type: integer
+ memType:
+ description: the memory type needs to locate, only set it when
+ action is stress, the value can be 'stack' or 'heap'
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only support
+ 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ name:
+ description: byteman rule name, should be unique, and will generate
+ one if not set
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ ruleData:
+ description: the byteman rule's data for action 'ruleData'
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ sqlType:
+ description: the match sql type default value is "", means match
+ all SQL type. The value can be 'select', 'insert', 'update',
+ 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means match
+ all table
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ kernelChaos:
+ description: KernelChaosSpec defines the desired state of KernelChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ failKernRequest:
+ description: FailKernRequest defines the request of kernel injection
+ properties:
+ callchain:
+ description: 'Callchain indicate a special call chain, such
+ as: ext4_mount -> mount_subtree -> ... ->
+ should_failslab With an optional set of predicates and an
+ optional set of parameters, which used with predicates.
+ You can read call chan and predicate examples from https://github.com/chaos-mesh/bpfki/tree/develop/examples
+ to learn more. If no special call chain, just keep Callchain
+ empty, which means it will fail at any call chain with slab
+ alloc (eg: kmalloc).'
+ items:
+ description: Frame defines the function signature and predicate
+ in function's body
+ properties:
+ funcname:
+ description: Funcname can be find from kernel source
+ or `/proc/kallsyms`, such as `ext4_mount`
+ type: string
+ parameters:
+ description: Parameters is used with predicate, for
+ example, if you want to inject slab error in `d_alloc_parallel(struct
+ dentry *parent, const struct qstr *name)` with a special
+ name `bananas`, you need to set it to `struct dentry
+ *parent, const struct qstr *name` otherwise omit it.
+ type: string
+ predicate:
+ description: Predicate will access the arguments of
+ this Frame, example with Parameters's, you can set
+ it to `STRNCMP(name->name, "bananas", 8)` to make
+ inject only with it, or omit it to inject for all
+ d_alloc_parallel call chain.
+ type: string
+ type: object
+ type: array
+ failtype:
+ description: 'FailType indicates what to fail, can be set
+ to ''0'' / ''1'' / ''2'' If `0`, indicates slab to fail
+ (should_failslab) If `1`, indicates alloc_page to fail (should_fail_alloc_page)
+ If `2`, indicates bio to fail (should_fail_bio) You can
+ read: 1. https://www.kernel.org/doc/html/latest/fault-injection/fault-injection.html 2.
+ http://github.com/iovisor/bcc/blob/master/tools/inject_example.txt
+ to learn more'
+ format: int32
+ maximum: 2
+ minimum: 0
+ type: integer
+ headers:
+ description: 'Headers indicates the appropriate kernel headers
+ you need. Eg: "linux/mmzone.h", "linux/blkdev.h" and so
+ on'
+ items:
+ type: string
+ type: array
+ probability:
+ description: Probability indicates the fails with probability.
+ If you want 1%, please set this field with 1.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ times:
+ description: Times indicates the max times of fails.
+ format: int32
+ minimum: 0
+ type: integer
+ required:
+ - failtype
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - failKernRequest
+ - mode
+ - selector
+ type: object
+ networkChaos:
+ description: NetworkChaosSpec defines the desired state of NetworkChaos
+ properties:
+ action:
+ description: 'Action defines the specific network chaos action.
+ Supported action: partition, netem, delay, loss, duplicate,
+ corrupt Default action: delay'
+ enum:
+ - netem
+ - delay
+ - loss
+ - duplicate
+ - corrupt
+ - partition
+ - bandwidth
+ type: string
+ bandwidth:
+ description: Bandwidth represents the detail about bandwidth control
+ action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount of bytes that tokens
+ can be available for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes that can be queued
+ waiting for tokens to become available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size of the peakrate bucket.
+ For perfect accuracy, should be set to the MTU of the interface. If
+ a peakrate is needed, but some burstiness is acceptable,
+ this size can be raised. A 3000 byte minburst allows around
+ 3mbit/s of peakrate, given 1000 byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion rate of the
+ bucket. The peakrate does not need to be set, it is only
+ necessary if perfect millisecond timescale shaping is required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows bps, kbps, mbps,
+ gbps, tbps unit. bps means bytes per second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about corrupt action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about delay action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details of packet reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device to be affected.
+ type: string
+ direction:
+ default: to
+ description: Direction represents the direction, this applies
+ on netem and network partition action
+ enum:
+ - to
+ - from
+ - both
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ externalTargets:
+ description: ExternalTargets represents network targets outside
+ k8s
+ items:
+ type: string
+ type: array
+ loss:
+ description: Loss represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target represents network target, this applies on
+ netem and network partition action
+ properties:
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ targetDevice:
+ description: TargetDevice represents the network device to be
+ affected in target scope.
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ physicalmachineChaos:
+ description: PhysicalMachineChaosSpec defines the desired state of
+ PhysicalMachineChaos
+ properties:
+ action:
+ description: the subAction, generate automatically
+ enum:
+ - stress-cpu
+ - stress-mem
+ - disk-read-payload
+ - disk-write-payload
+ - disk-fill
+ - network-corrupt
+ - network-duplicate
+ - network-loss
+ - network-delay
+ - network-partition
+ - network-dns
+ - network-bandwidth
+ - network-flood
+ - network-down
+ - process
+ - jvm-exception
+ - jvm-gc
+ - jvm-latency
+ - jvm-return
+ - jvm-stress
+ - jvm-rule-data
+ - jvm-mysql
+ - clock
+ - redis-expiration
+ - redis-penetration
+ - redis-cacheLimit
+ - redis-restart
+ - redis-stop
+ - kafka-fill
+ - kafka-flood
+ - kafka-io
+ - file-create
+ - file-modify
+ - file-delete
+ - file-rename
+ - file-append
+ - file-replace
+ - vm
+ - user_defined
+ type: string
+ address:
+ description: 'DEPRECATED: Use Selector instead. Only one of Address
+ and Selector could be specified.'
+ items:
+ type: string
+ type: array
+ clock:
+ properties:
+ clock-ids-slice:
+ description: the identifier of the particular clock on which
+ to act. More clock description in linux kernel can be found
+ in man page of clock_getres, clock_gettime, clock_settime.
+ Muti clock ids should be split with ","
+ type: string
+ pid:
+ description: the pid of target program.
+ type: integer
+ time-offset:
+ description: specifies the length of time offset.
+ type: string
+ type: object
+ disk-fill:
+ properties:
+ fill-by-fallocate:
+ description: fill disk by fallocate
+ type: boolean
+ path:
+ description: specifies the location to fill data in. if path
+ not provided, payload will read/write from/into a temp file,
+ temp file will be deleted after writing
+ type: string
+ size:
+ description: 'specifies how many units of data will write
+ into the file path. support unit: c=1, w=2, b=512, kB=1000,
+ K=1024, MB=1000*1000, M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-read-payload:
+ properties:
+ path:
+ description: specifies the location to fill data in. if path
+ not provided, payload will read/write from/into a temp file,
+ temp file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work on writing,
+ default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will write
+ into the file path. support unit: c=1, w=2, b=512, kB=1000,
+ K=1024, MB=1000*1000, M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-write-payload:
+ properties:
+ path:
+ description: specifies the location to fill data in. if path
+ not provided, payload will read/write from/into a temp file,
+ temp file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work on writing,
+ default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will write
+ into the file path. support unit: c=1, w=2, b=512, kB=1000,
+ K=1024, MB=1000*1000, M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ file-append:
+ properties:
+ count:
+ description: Count is the number of times to append the data.
+ type: integer
+ data:
+ description: Data is the data for append.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-create:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-delete:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-modify:
+ properties:
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ privilege:
+ description: Privilege is the file privilege to be set.
+ format: int32
+ type: integer
+ type: object
+ file-rename:
+ properties:
+ dest-file:
+ description: DestFile is the name to be renamed.
+ type: string
+ source-file:
+ description: SourceFile is the name need to be renamed.
+ type: string
+ type: object
+ file-replace:
+ properties:
+ dest-string:
+ description: DestStr is the destination string of the file.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ line:
+ description: Line is the line number of the file to be replaced.
+ type: integer
+ origin-string:
+ description: OriginStr is the origin string of the file.
+ type: string
+ type: object
+ http-abort:
+ properties:
+ code:
+ description: Code is a rule to select target by http status
+ code in response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service listens
+ on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP connection,
+ we will only attack HTTP connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - proxy_ports
+ - target
+ type: object
+ http-config:
+ properties:
+ file_path:
+ description: The config file path
+ type: string
+ type: object
+ http-delay:
+ properties:
+ code:
+ description: Code is a rule to select target by http status
+ code in response
+ type: string
+ delay:
+ description: Delay represents the delay of the target request/response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service listens
+ on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP connection,
+ we will only attack HTTP connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - delay
+ - proxy_ports
+ - target
+ type: object
+ http-request:
+ description: used for HTTP request, now only support GET
+ properties:
+ count:
+ description: The number of requests to send
+ type: integer
+ enable-conn-pool:
+ description: Enable connection pool
+ type: boolean
+ url:
+ description: Request to send"
+ type: string
+ type: object
+ jvm-exception:
+ properties:
+ class:
+ description: Java class
+ type: string
+ exception:
+ description: the exception which needs to throw for action
+ `exception`
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-gc:
+ properties:
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-latency:
+ properties:
+ class:
+ description: Java class
+ type: string
+ latency:
+ description: the latency duration for action 'latency', unit
+ ms
+ type: integer
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-mysql:
+ properties:
+ database:
+ description: the match database default value is "", means
+ match all database
+ type: string
+ exception:
+ description: The exception which needs to throw for action
+ `exception` or the exception message needs to throw in action
+ `mysql`
+ type: string
+ latency:
+ description: The latency duration for action 'latency' or
+ the latency duration in action `mysql`
+ type: integer
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only support
+ 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ sqlType:
+ description: the match sql type default value is "", means
+ match all SQL type. The value can be 'select', 'insert',
+ 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means match
+ all table
+ type: string
+ type: object
+ jvm-return:
+ properties:
+ class:
+ description: Java class
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ value:
+ description: the return value for action 'return'
+ type: string
+ type: object
+ jvm-rule-data:
+ properties:
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ rule-data:
+ description: RuleData used to save the rule file's data, will
+ use it when recover
+ type: string
+ type: object
+ jvm-stress:
+ properties:
+ cpu-count:
+ description: the CPU core number need to use, only set it
+ when action is stress
+ type: integer
+ mem-type:
+ description: the memory type need to locate, only set it when
+ action is stress, the value can be 'stack' or 'heap'
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ kafka-fill:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ maxBytes:
+ description: The max bytes to fill
+ format: int64
+ type: integer
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ reloadCommand:
+ description: The command to reload kafka config
+ type: string
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-flood:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ threads:
+ description: The number of worker threads
+ type: integer
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-io:
+ properties:
+ configFile:
+ description: The path of server config
+ type: string
+ nonReadable:
+ description: Make kafka cluster non-readable
+ type: boolean
+ nonWritable:
+ description: Make kafka cluster non-writable
+ type: boolean
+ topic:
+ description: The topic to attack
+ type: string
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ network-bandwidth:
+ properties:
+ buffer:
+ format: int32
+ minimum: 1
+ type: integer
+ device:
+ type: string
+ hostname:
+ type: string
+ ip-address:
+ type: string
+ limit:
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ format: int32
+ type: integer
+ peakrate:
+ format: int64
+ type: integer
+ rate:
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ network-corrupt:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to corrupt (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ type: object
+ network-delay:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp flag can
+ be accepted, others will be dropped. only set when the IPProtocol
+ is tcp, used for partition.
+ type: string
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ jitter:
+ description: 'jitter time, time units: ns, us (or µs), ms,
+ s, m, h.'
+ type: string
+ latency:
+ description: 'delay egress time, time units: ns, us (or µs),
+ ms, s, m, h.'
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ type: object
+ network-dns:
+ properties:
+ dns-domain-name:
+ description: map this host to specified IP
+ type: string
+ dns-ip:
+ description: map specified host to this IP address
+ type: string
+ dns-server:
+ description: update the DNS server in /etc/resolv.conf with
+ this value
+ type: string
+ type: object
+ network-down:
+ properties:
+ device:
+ description: The network interface to impact
+ type: string
+ duration:
+ description: 'NIC down time, time units: ns, us (or µs), ms,
+ s, m, h.'
+ type: string
+ type: object
+ network-duplicate:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to duplicate (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ type: object
+ network-flood:
+ properties:
+ duration:
+ description: The number of seconds to run the iperf test
+ type: string
+ ip-address:
+ description: Generate traffic to this IP address
+ type: string
+ parallel:
+ description: The number of iperf parallel client threads to
+ run
+ format: int32
+ type: integer
+ port:
+ description: Generate traffic to this port on the IP address
+ type: string
+ rate:
+ description: The speed of network traffic, allows bps, kbps,
+ mbps, gbps, tbps unit. bps means bytes per second
+ type: string
+ required:
+ - duration
+ - rate
+ type: object
+ network-loss:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to loss (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used in conjunction with
+ -p tcp or -p udp
+ type: string
+ type: object
+ network-partition:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp flag can
+ be accepted, others will be dropped. only set when the IPProtocol
+ is tcp, used for partition.
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ direction:
+ description: specifies the partition direction, values can
+ be 'from', 'to'. 'from' means packets coming from the 'IPAddress'
+ or 'Hostname' and going to your server, 'to' means packets
+ originating from your server and going to the 'IPAddress'
+ or 'Hostname'.
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ type: object
+ process:
+ properties:
+ process:
+ description: the process name or the process ID
+ type: string
+ recoverCmd:
+ description: the command to be run when recovering experiment
+ type: string
+ signal:
+ description: the signal number to send
+ type: integer
+ type: object
+ redis-cacheLimit:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ cacheSize:
+ description: The size of `maxmemory`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ percent:
+ description: Specifies maxmemory as a percentage of the original
+ value
+ type: string
+ type: object
+ redis-expiration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ expiration:
+ description: The expiration of the keys
+ type: string
+ key:
+ description: The keys to be expired
+ type: string
+ option:
+ description: Additional options for `expiration`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ type: object
+ redis-penetration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ requestNum:
+ description: The number of requests to be sent
+ type: integer
+ type: object
+ redis-restart:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether to flush
+ config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line tool
+ type: boolean
+ type: object
+ redis-stop:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether to flush
+ config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line tool
+ type: boolean
+ type: object
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select physical machines that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ physicalMachines:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: PhysicalMachines is a map of string keys and
+ a set values that used to select physical machines. The
+ key defines the namespace which physical machine belong,
+ and each value is a set of physical machine names.
+ type: object
+ type: object
+ stress-cpu:
+ properties:
+ load:
+ description: specifies P percent loading per CPU worker. 0
+ is effectively a sleep (no load) and 100 is full loading.
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: specifies N workers to apply the stressor.
+ type: integer
+ type: object
+ stress-mem:
+ properties:
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: specifies N bytes consumed per vm worker, default
+ is the total available memory. One can specify the size
+ as % of total available memory or in units of B, KB/KiB,
+ MB/MiB, GB/GiB, TB/TiB..
+ type: string
+ type: object
+ uid:
+ description: the experiment ID
+ type: string
+ user_defined:
+ properties:
+ attackCmd:
+ description: The command to be executed when attack
+ type: string
+ recoverCmd:
+ description: The command to be executed when recover
+ type: string
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of physical machines to do chaos action.
+ If `FixedPercentMode`, provide a number from 0-100 to specify
+ the percent of physical machines the server can do chaos action.
+ IF `RandomMaxPercentMode`, provide a number from 0-100 to specify
+ the max percent of pods to do chaos action
+ type: string
+ vm:
+ properties:
+ vm-name:
+ description: The name of the VM to be injected
+ type: string
+ type: object
+ required:
+ - action
+ - mode
+ type: object
+ podChaos:
+ description: PodChaosSpec defines the attributes that a user creates
+ on a chaos experiment about pods.
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos action. Supported
+ action: pod-kill / pod-failure / container-kill Default action:
+ pod-kill'
+ enum:
+ - pod-kill
+ - pod-failure
+ - container-kill
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action.
+ It is required when the action is `PodFailureAction`. A duration
+ string is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as "300ms", "-1.5h"
+ or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms",
+ "s", "m", "h".
+ type: string
+ gracePeriod:
+ description: GracePeriod is used in pod-kill action. It represents
+ the duration in seconds before the pod should be deleted. Value
+ must be non-negative integer. The default value is zero that
+ indicates delete immediately.
+ format: int64
+ minimum: 0
+ type: integer
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ schedule:
+ description: ScheduleSpec is the specification of a schedule object
+ properties:
+ awsChaos:
+ description: AWSChaosSpec is the content of the specification
+ for an AWSChaos
+ properties:
+ action:
+ description: 'Action defines the specific aws chaos action.
+ Supported action: ec2-stop / ec2-restart / detach-volume
+ Default action: ec2-stop'
+ enum:
+ - ec2-stop
+ - ec2-restart
+ - detach-volume
+ type: string
+ awsRegion:
+ description: AWSRegion defines the region of aws.
+ type: string
+ deviceName:
+ description: DeviceName indicates the name of the device.
+ Needed in detach-volume.
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos
+ action.
+ type: string
+ ec2Instance:
+ description: Ec2Instance indicates the ID of the ec2 instance.
+ type: string
+ endpoint:
+ description: Endpoint indicates the endpoint of the aws server.
+ Just used it in test now.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ type: string
+ volumeID:
+ description: EbsVolume indicates the ID of the EBS volume.
+ Needed in detach-volume.
+ type: string
+ required:
+ - action
+ - awsRegion
+ - ec2Instance
+ type: object
+ azureChaos:
+ description: AzureChaosSpec is the content of the specification
+ for an AzureChaos
+ properties:
+ action:
+ description: 'Action defines the specific azure chaos action.
+ Supported action: vm-stop / vm-restart / disk-detach Default
+ action: vm-stop'
+ enum:
+ - vm-stop
+ - vm-restart
+ - disk-detach
+ type: string
+ diskName:
+ description: DiskName indicates the name of the disk. Needed
+ in disk-detach.
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos
+ action.
+ type: string
+ lun:
+ description: LUN indicates the Logical Unit Number of the
+ data disk. Needed in disk-detach.
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ resourceGroupName:
+ description: ResourceGroupName defines the name of ResourceGroup
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ It is used for Azure credentials.
+ type: string
+ subscriptionID:
+ description: SubscriptionID defines the id of Azure subscription.
+ type: string
+ vmName:
+ description: VMName defines the name of Virtual Machine
+ type: string
+ required:
+ - action
+ - resourceGroupName
+ - subscriptionID
+ - vmName
+ type: object
+ blockChaos:
+ description: BlockChaosSpec is the content of the specification
+ for a BlockChaos
+ properties:
+ action:
+ description: 'Action defines the specific block chaos action.
+ Supported action: delay'
+ enum:
+ - delay
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the delay distribution.
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ description: Latency defines the latency of every io request.
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos
+ action.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ volumeName:
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumeName
+ type: object
+ concurrencyPolicy:
+ default: Forbid
+ enum:
+ - Forbid
+ - Allow
+ type: string
+ dnsChaos:
+ description: DNSChaosSpec defines the desired state of DNSChaos
+ properties:
+ action:
+ description: 'Action defines the specific DNS chaos action.
+ Supported action: error, random Default action: error'
+ enum:
+ - error
+ - random
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patterns:
+ description: "Choose which domain names to take effect, support
+ the placeholder ? and wildcard *, or the Specified domain
+ name. Note: 1. The wildcard * must be at the end of
+ the string. For example, chaos-*.org is invalid. 2.
+ if the patterns is empty, will take effect on all the domain
+ names. For example: \t\tThe value is [\"google.com\", \"github.*\",
+ \"chaos-mes?.org\"], \t\twill take effect on \"google.com\",
+ \"github.com\" and \"chaos-mesh.org\""
+ items:
+ type: string
+ type: array
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ gcpChaos:
+ description: GCPChaosSpec is the content of the specification
+ for a GCPChaos
+ properties:
+ action:
+ description: 'Action defines the specific gcp chaos action.
+ Supported action: node-stop / node-reset / disk-loss Default
+ action: node-stop'
+ enum:
+ - node-stop
+ - node-reset
+ - disk-loss
+ type: string
+ deviceNames:
+ description: The device name of disks to detach. Needed in
+ disk-loss.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action.
+ type: string
+ instance:
+ description: Instance defines the name of the instance
+ type: string
+ project:
+ description: Project defines the ID of gcp project.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ It is used for GCP credentials.
+ type: string
+ zone:
+ description: Zone defines the zone of gcp project.
+ type: string
+ required:
+ - action
+ - instance
+ - project
+ - zone
+ type: object
+ historyLimit:
+ minimum: 1
+ type: integer
+ httpChaos:
+ properties:
+ abort:
+ description: Abort is a rule to abort a http session.
+ type: boolean
+ code:
+ description: Code is a rule to select target by http status
+ code in response.
+ format: int32
+ type: integer
+ delay:
+ description: Delay represents the delay of the target request/response.
+ A duration string is a possibly unsigned sequence of decimal
+ numbers, each with optional fraction and a unit suffix,
+ such as "300ms", "2h45m". Valid time units are "ns", "us"
+ (or "µs"), "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos
+ action.
+ type: string
+ method:
+ description: Method is a rule to select target by http method
+ in request.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents in target.
+ properties:
+ body:
+ description: Body is a rule to patch message body of target.
+ properties:
+ type:
+ description: Type represents the patch type, only
+ support `JSON` as [merge patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append http headers
+ of target. For example: `[["Set-Cookie", ""],
+ ["Set-Cookie", ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append uri queries
+ of target(Request only). For example: `[["foo", "bar"],
+ ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ path:
+ description: Path is a rule to select target by uri path in
+ http request.
+ type: string
+ port:
+ description: Port represents the target port to be proxy of.
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ replace:
+ description: Replace is a rule to replace some contents in
+ target.
+ properties:
+ body:
+ description: Body is a rule to replace http message body
+ in target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http status code
+ in response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace http headers
+ of target. The key-value pairs represent header name
+ and header value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace http method in
+ request.
+ type: string
+ path:
+ description: Path is rule to to replace uri path in http
+ request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace uri queries
+ in http request. For example, with value `{ "foo": "unknown"
+ }`, the `/?foo=bar` will be altered to `/?foo=unknown`,'
+ type: object
+ type: object
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select target by
+ http headers in request. The key-value pairs represent header
+ name and header value pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select target by
+ http headers in response. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ target:
+ description: Target is the object to be selected and injected.
+ enum:
+ - Request
+ - Response
+ type: string
+ tls:
+ description: TLS is the tls config, will override PodHttpChaos
+ if there are multiple HTTPChaos experiments are applied
+ properties:
+ caName:
+ description: CAName represents the data name of ca file
+ in secret, `ca.crt` for example
+ type: string
+ certName:
+ description: CertName represents the data name of cert
+ file in secret, `tls.crt` for example
+ type: string
+ keyName:
+ description: KeyName represents the data name of key file
+ in secret, `tls.key` for example
+ type: string
+ secretName:
+ description: SecretName represents the name of required
+ secret resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents the namespace
+ of required secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - target
+ type: object
+ ioChaos:
+ description: IOChaosSpec defines the desired state of IOChaos
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos action.
+ Supported action: latency / fault / attrOverride / mistake'
+ enum:
+ - latency
+ - fault
+ - attrOverride
+ - mistake
+ type: string
+ attr:
+ description: Attr defines the overrided attribution
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of file
+ type: string
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ uid:
+ format: int32
+ type: integer
+ type: object
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the value of I/O chaos action delay.
+ A delay string is a possibly signed sequence of decimal
+ numbers, each with optional fraction and a unit suffix,
+ such as "300ms". Valid time units are "ns", "us" (or "µs"),
+ "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos
+ action. It is required when the action is `PodFailureAction`.
+ A duration string is a possibly signed sequence of decimal
+ numbers, each with optional fraction and a unit suffix,
+ such as "300ms", "-1.5h" or "2h45m". Valid time units are
+ "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ errno:
+ description: 'Errno defines the error code that returned by
+ I/O action. refer to: https://www-numi.fnal.gov/offline_software/srt_public_context/WebDocs/Errors/unix_system_errors.html'
+ format: int32
+ type: integer
+ methods:
+ description: 'Methods defines the I/O methods for injecting
+ I/O chaos action. default: all I/O methods.'
+ items:
+ type: string
+ type: array
+ mistake:
+ description: Mistake defines what types of incorrectness are
+ injected to IO operations
+ properties:
+ filling:
+ description: Filling determines what is filled in the
+ mistake data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data segment in
+ bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences] segments
+ of wrong data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ path:
+ description: Path defines the path of files for injecting
+ I/O chaos action.
+ type: string
+ percent:
+ default: 100
+ description: 'Percent defines the percentage of injection
+ errors and provides a number from 0-100. default: 100.'
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ volumePath:
+ description: VolumePath represents the mount path of injected
+ volume
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumePath
+ type: object
+ jvmChaos:
+ description: JVMChaosSpec defines the desired state of JVMChaos
+ properties:
+ action:
+ description: 'Action defines the specific jvm chaos action.
+ Supported action: latency;return;exception;stress;gc;ruleData'
+ enum:
+ - latency
+ - return
+ - exception
+ - stress
+ - gc
+ - ruleData
+ - mysql
+ type: string
+ class:
+ description: Java class
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ cpuCount:
+ description: the CPU core number needs to use, only set it
+ when action is stress
+ type: integer
+ database:
+ description: the match database default value is "", means
+ match all database
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ exception:
+ description: the exception which needs to throw for action
+ `exception` or the exception message needs to throw in action
+ `mysql`
+ type: string
+ latency:
+ description: the latency duration for action 'latency', unit
+ ms or the latency duration in action `mysql`
+ type: integer
+ memType:
+ description: the memory type needs to locate, only set it
+ when action is stress, the value can be 'stack' or 'heap'
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only support
+ 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ name:
+ description: byteman rule name, should be unique, and will
+ generate one if not set
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ ruleData:
+ description: the byteman rule's data for action 'ruleData'
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ sqlType:
+ description: the match sql type default value is "", means
+ match all SQL type. The value can be 'select', 'insert',
+ 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means match
+ all table
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ kernelChaos:
+ description: KernelChaosSpec defines the desired state of KernelChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ failKernRequest:
+ description: FailKernRequest defines the request of kernel
+ injection
+ properties:
+ callchain:
+ description: 'Callchain indicate a special call chain,
+ such as: ext4_mount -> mount_subtree ->
+ ... -> should_failslab With an optional
+ set of predicates and an optional set of parameters,
+ which used with predicates. You can read call chan and
+ predicate examples from https://github.com/chaos-mesh/bpfki/tree/develop/examples
+ to learn more. If no special call chain, just keep Callchain
+ empty, which means it will fail at any call chain with
+ slab alloc (eg: kmalloc).'
+ items:
+ description: Frame defines the function signature and
+ predicate in function's body
+ properties:
+ funcname:
+ description: Funcname can be find from kernel source
+ or `/proc/kallsyms`, such as `ext4_mount`
+ type: string
+ parameters:
+ description: Parameters is used with predicate,
+ for example, if you want to inject slab error
+ in `d_alloc_parallel(struct dentry *parent, const
+ struct qstr *name)` with a special name `bananas`,
+ you need to set it to `struct dentry *parent,
+ const struct qstr *name` otherwise omit it.
+ type: string
+ predicate:
+ description: Predicate will access the arguments
+ of this Frame, example with Parameters's, you
+ can set it to `STRNCMP(name->name, "bananas",
+ 8)` to make inject only with it, or omit it to
+ inject for all d_alloc_parallel call chain.
+ type: string
+ type: object
+ type: array
+ failtype:
+ description: 'FailType indicates what to fail, can be
+ set to ''0'' / ''1'' / ''2'' If `0`, indicates slab
+ to fail (should_failslab) If `1`, indicates alloc_page
+ to fail (should_fail_alloc_page) If `2`, indicates bio
+ to fail (should_fail_bio) You can read: 1. https://www.kernel.org/doc/html/latest/fault-injection/fault-injection.html 2.
+ http://github.com/iovisor/bcc/blob/master/tools/inject_example.txt
+ to learn more'
+ format: int32
+ maximum: 2
+ minimum: 0
+ type: integer
+ headers:
+ description: 'Headers indicates the appropriate kernel
+ headers you need. Eg: "linux/mmzone.h", "linux/blkdev.h"
+ and so on'
+ items:
+ type: string
+ type: array
+ probability:
+ description: Probability indicates the fails with probability.
+ If you want 1%, please set this field with 1.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ times:
+ description: Times indicates the max times of fails.
+ format: int32
+ minimum: 0
+ type: integer
+ required:
+ - failtype
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ required:
+ - failKernRequest
+ - mode
+ - selector
+ type: object
+ networkChaos:
+ description: NetworkChaosSpec defines the desired state of NetworkChaos
+ properties:
+ action:
+ description: 'Action defines the specific network chaos action.
+ Supported action: partition, netem, delay, loss, duplicate,
+ corrupt Default action: delay'
+ enum:
+ - netem
+ - delay
+ - loss
+ - duplicate
+ - corrupt
+ - partition
+ - bandwidth
+ type: string
+ bandwidth:
+ description: Bandwidth represents the detail about bandwidth
+ control action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount of bytes that
+ tokens can be available for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes that can be
+ queued waiting for tokens to become available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size of the peakrate
+ bucket. For perfect accuracy, should be set to the MTU
+ of the interface. If a peakrate is needed, but some
+ burstiness is acceptable, this size can be raised. A
+ 3000 byte minburst allows around 3mbit/s of peakrate,
+ given 1000 byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion rate of
+ the bucket. The peakrate does not need to be set, it
+ is only necessary if perfect millisecond timescale shaping
+ is required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows bps, kbps,
+ mbps, gbps, tbps unit. bps means bytes per second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about corrupt action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about delay action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details of packet reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device to be affected.
+ type: string
+ direction:
+ default: to
+ description: Direction represents the direction, this applies
+ on netem and network partition action
+ enum:
+ - to
+ - from
+ - both
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail about loss
+ action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ externalTargets:
+ description: ExternalTargets represents network targets outside
+ k8s
+ items:
+ type: string
+ type: array
+ loss:
+ description: Loss represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ target:
+ description: Target represents network target, this applies
+ on netem and network partition action
+ properties:
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent /
+ random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines
+ the namespace which pods belong, and the each values
+ is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to
+ `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ targetDevice:
+ description: TargetDevice represents the network device to
+ be affected in target scope.
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ physicalmachineChaos:
+ description: PhysicalMachineChaosSpec defines the desired state
+ of PhysicalMachineChaos
+ properties:
+ action:
+ description: the subAction, generate automatically
+ enum:
+ - stress-cpu
+ - stress-mem
+ - disk-read-payload
+ - disk-write-payload
+ - disk-fill
+ - network-corrupt
+ - network-duplicate
+ - network-loss
+ - network-delay
+ - network-partition
+ - network-dns
+ - network-bandwidth
+ - network-flood
+ - network-down
+ - process
+ - jvm-exception
+ - jvm-gc
+ - jvm-latency
+ - jvm-return
+ - jvm-stress
+ - jvm-rule-data
+ - jvm-mysql
+ - clock
+ - redis-expiration
+ - redis-penetration
+ - redis-cacheLimit
+ - redis-restart
+ - redis-stop
+ - kafka-fill
+ - kafka-flood
+ - kafka-io
+ - file-create
+ - file-modify
+ - file-delete
+ - file-rename
+ - file-append
+ - file-replace
+ - vm
+ - user_defined
+ type: string
+ address:
+ description: 'DEPRECATED: Use Selector instead. Only one of
+ Address and Selector could be specified.'
+ items:
+ type: string
+ type: array
+ clock:
+ properties:
+ clock-ids-slice:
+ description: the identifier of the particular clock on
+ which to act. More clock description in linux kernel
+ can be found in man page of clock_getres, clock_gettime,
+ clock_settime. Muti clock ids should be split with ","
+ type: string
+ pid:
+ description: the pid of target program.
+ type: integer
+ time-offset:
+ description: specifies the length of time offset.
+ type: string
+ type: object
+ disk-fill:
+ properties:
+ fill-by-fallocate:
+ description: fill disk by fallocate
+ type: boolean
+ path:
+ description: specifies the location to fill data in. if
+ path not provided, payload will read/write from/into
+ a temp file, temp file will be deleted after writing
+ type: string
+ size:
+ description: 'specifies how many units of data will write
+ into the file path. support unit: c=1, w=2, b=512, kB=1000,
+ K=1024, MB=1000*1000, M=1024*1024, GB=1000*1000*1000,
+ G=1024*1024*1024 BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-read-payload:
+ properties:
+ path:
+ description: specifies the location to fill data in. if
+ path not provided, payload will read/write from/into
+ a temp file, temp file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work on writing,
+ default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will write
+ into the file path. support unit: c=1, w=2, b=512, kB=1000,
+ K=1024, MB=1000*1000, M=1024*1024, GB=1000*1000*1000,
+ G=1024*1024*1024 BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-write-payload:
+ properties:
+ path:
+ description: specifies the location to fill data in. if
+ path not provided, payload will read/write from/into
+ a temp file, temp file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work on writing,
+ default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will write
+ into the file path. support unit: c=1, w=2, b=512, kB=1000,
+ K=1024, MB=1000*1000, M=1024*1024, GB=1000*1000*1000,
+ G=1024*1024*1024 BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ file-append:
+ properties:
+ count:
+ description: Count is the number of times to append the
+ data.
+ type: integer
+ data:
+ description: Data is the data for append.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-create:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create or
+ delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-delete:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create or
+ delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-modify:
+ properties:
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ privilege:
+ description: Privilege is the file privilege to be set.
+ format: int32
+ type: integer
+ type: object
+ file-rename:
+ properties:
+ dest-file:
+ description: DestFile is the name to be renamed.
+ type: string
+ source-file:
+ description: SourceFile is the name need to be renamed.
+ type: string
+ type: object
+ file-replace:
+ properties:
+ dest-string:
+ description: DestStr is the destination string of the
+ file.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be created,
+ modified, deleted, renamed, or appended.
+ type: string
+ line:
+ description: Line is the line number of the file to be
+ replaced.
+ type: integer
+ origin-string:
+ description: OriginStr is the origin string of the file.
+ type: string
+ type: object
+ http-abort:
+ properties:
+ code:
+ description: Code is a rule to select target by http status
+ code in response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service listens
+ on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP connection,
+ we will only attack HTTP connection with port inside
+ proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - proxy_ports
+ - target
+ type: object
+ http-config:
+ properties:
+ file_path:
+ description: The config file path
+ type: string
+ type: object
+ http-delay:
+ properties:
+ code:
+ description: Code is a rule to select target by http status
+ code in response
+ type: string
+ delay:
+ description: Delay represents the delay of the target
+ request/response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service listens
+ on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP connection,
+ we will only attack HTTP connection with port inside
+ proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - delay
+ - proxy_ports
+ - target
+ type: object
+ http-request:
+ description: used for HTTP request, now only support GET
+ properties:
+ count:
+ description: The number of requests to send
+ type: integer
+ enable-conn-pool:
+ description: Enable connection pool
+ type: boolean
+ url:
+ description: Request to send"
+ type: string
+ type: object
+ jvm-exception:
+ properties:
+ class:
+ description: Java class
+ type: string
+ exception:
+ description: the exception which needs to throw for action
+ `exception`
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-gc:
+ properties:
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-latency:
+ properties:
+ class:
+ description: Java class
+ type: string
+ latency:
+ description: the latency duration for action 'latency',
+ unit ms
+ type: integer
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-mysql:
+ properties:
+ database:
+ description: the match database default value is "", means
+ match all database
+ type: string
+ exception:
+ description: The exception which needs to throw for action
+ `exception` or the exception message needs to throw
+ in action `mysql`
+ type: string
+ latency:
+ description: The latency duration for action 'latency'
+ or the latency duration in action `mysql`
+ type: integer
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only
+ support 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ sqlType:
+ description: the match sql type default value is "", means
+ match all SQL type. The value can be 'select', 'insert',
+ 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means
+ match all table
+ type: string
+ type: object
+ jvm-return:
+ properties:
+ class:
+ description: Java class
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ value:
+ description: the return value for action 'return'
+ type: string
+ type: object
+ jvm-rule-data:
+ properties:
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ rule-data:
+ description: RuleData used to save the rule file's data,
+ will use it when recover
+ type: string
+ type: object
+ jvm-stress:
+ properties:
+ cpu-count:
+ description: the CPU core number need to use, only set
+ it when action is stress
+ type: integer
+ mem-type:
+ description: the memory type need to locate, only set
+ it when action is stress, the value can be 'stack' or
+ 'heap'
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ kafka-fill:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ maxBytes:
+ description: The max bytes to fill
+ format: int64
+ type: integer
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ reloadCommand:
+ description: The command to reload kafka config
+ type: string
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-flood:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ threads:
+ description: The number of worker threads
+ type: integer
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-io:
+ properties:
+ configFile:
+ description: The path of server config
+ type: string
+ nonReadable:
+ description: Make kafka cluster non-readable
+ type: boolean
+ nonWritable:
+ description: Make kafka cluster non-writable
+ type: boolean
+ topic:
+ description: The topic to attack
+ type: string
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ network-bandwidth:
+ properties:
+ buffer:
+ format: int32
+ minimum: 1
+ type: integer
+ device:
+ type: string
+ hostname:
+ type: string
+ ip-address:
+ type: string
+ limit:
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ format: int32
+ type: integer
+ peakrate:
+ format: int64
+ type: integer
+ rate:
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ network-corrupt:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to corrupt (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ type: object
+ network-delay:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp flag
+ can be accepted, others will be dropped. only set when
+ the IPProtocol is tcp, used for partition.
+ type: string
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ jitter:
+ description: 'jitter time, time units: ns, us (or µs),
+ ms, s, m, h.'
+ type: string
+ latency:
+ description: 'delay egress time, time units: ns, us (or
+ µs), ms, s, m, h.'
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ type: object
+ network-dns:
+ properties:
+ dns-domain-name:
+ description: map this host to specified IP
+ type: string
+ dns-ip:
+ description: map specified host to this IP address
+ type: string
+ dns-server:
+ description: update the DNS server in /etc/resolv.conf
+ with this value
+ type: string
+ type: object
+ network-down:
+ properties:
+ device:
+ description: The network interface to impact
+ type: string
+ duration:
+ description: 'NIC down time, time units: ns, us (or µs),
+ ms, s, m, h.'
+ type: string
+ type: object
+ network-duplicate:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to duplicate (10 is
+ 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ type: object
+ network-flood:
+ properties:
+ duration:
+ description: The number of seconds to run the iperf test
+ type: string
+ ip-address:
+ description: Generate traffic to this IP address
+ type: string
+ parallel:
+ description: The number of iperf parallel client threads
+ to run
+ format: int32
+ type: integer
+ port:
+ description: Generate traffic to this port on the IP address
+ type: string
+ rate:
+ description: The speed of network traffic, allows bps,
+ kbps, mbps, gbps, tbps unit. bps means bytes per second
+ type: string
+ required:
+ - duration
+ - rate
+ type: object
+ network-loss:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to loss (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ type: object
+ network-partition:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp flag
+ can be accepted, others will be dropped. only set when
+ the IPProtocol is tcp, used for partition.
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ direction:
+ description: specifies the partition direction, values
+ can be 'from', 'to'. 'from' means packets coming from
+ the 'IPAddress' or 'Hostname' and going to your server,
+ 'to' means packets originating from your server and
+ going to the 'IPAddress' or 'Hostname'.
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ ip-protocol:
+ description: only impact egress traffic to these IP addresses
+ type: string
+ type: object
+ process:
+ properties:
+ process:
+ description: the process name or the process ID
+ type: string
+ recoverCmd:
+ description: the command to be run when recovering experiment
+ type: string
+ signal:
+ description: the signal number to send
+ type: integer
+ type: object
+ redis-cacheLimit:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ cacheSize:
+ description: The size of `maxmemory`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ percent:
+ description: Specifies maxmemory as a percentage of the
+ original value
+ type: string
+ type: object
+ redis-expiration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ expiration:
+ description: The expiration of the keys
+ type: string
+ key:
+ description: The keys to be expired
+ type: string
+ option:
+ description: Additional options for `expiration`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ type: object
+ redis-penetration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ requestNum:
+ description: The number of requests to be sent
+ type: integer
+ type: object
+ redis-restart:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether to flush
+ config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line tool
+ type: boolean
+ type: object
+ redis-stop:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether to flush
+ config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line tool
+ type: boolean
+ type: object
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select physical machines
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ physicalMachines:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: PhysicalMachines is a map of string keys
+ and a set values that used to select physical machines.
+ The key defines the namespace which physical machine
+ belong, and each value is a set of physical machine
+ names.
+ type: object
+ type: object
+ stress-cpu:
+ properties:
+ load:
+ description: specifies P percent loading per CPU worker.
+ 0 is effectively a sleep (no load) and 100 is full loading.
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: specifies N workers to apply the stressor.
+ type: integer
+ type: object
+ stress-mem:
+ properties:
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: specifies N bytes consumed per vm worker,
+ default is the total available memory. One can specify
+ the size as % of total available memory or in units
+ of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB..
+ type: string
+ type: object
+ uid:
+ description: the experiment ID
+ type: string
+ user_defined:
+ properties:
+ attackCmd:
+ description: The command to be executed when attack
+ type: string
+ recoverCmd:
+ description: The command to be executed when recover
+ type: string
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of physical machines to do chaos action.
+ If `FixedPercentMode`, provide a number from 0-100 to specify
+ the percent of physical machines the server can do chaos
+ action. IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do chaos action
+ type: string
+ vm:
+ properties:
+ vm-name:
+ description: The name of the VM to be injected
+ type: string
+ type: object
+ required:
+ - action
+ - mode
+ type: object
+ podChaos:
+ description: PodChaosSpec defines the attributes that a user creates
+ on a chaos experiment about pods.
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos action.
+ Supported action: pod-kill / pod-failure / container-kill
+ Default action: pod-kill'
+ enum:
+ - pod-kill
+ - pod-failure
+ - container-kill
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action. It is required when the action is `PodFailureAction`.
+ A duration string is a possibly signed sequence of decimal
+ numbers, each with optional fraction and a unit suffix,
+ such as "300ms", "-1.5h" or "2h45m". Valid time units are
+ "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ gracePeriod:
+ description: GracePeriod is used in pod-kill action. It represents
+ the duration in seconds before the pod should be deleted.
+ Value must be non-negative integer. The default value is
+ zero that indicates delete immediately.
+ format: int64
+ minimum: 0
+ type: integer
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ schedule:
+ type: string
+ startingDeadlineSeconds:
+ exclusiveMinimum: true
+ format: int64
+ minimum: 0
+ nullable: true
+ type: integer
+ stressChaos:
+ description: StressChaosSpec defines the desired state of StressChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ stressngStressors:
+ description: StressngStressors defines plenty of stressors
+ just like `Stressors` except that it's an experimental feature
+ and more powerful. You can define stressors in `stress-ng`
+ (see also `man stress-ng`) dialect, however not all of the
+ supported stressors are well tested. It maybe retired in
+ later releases. You should always use `Stressors` to define
+ the stressors and use this only when you want more stressors
+ unsupported by `Stressors`. When both `StressngStressors`
+ and `Stressors` are defined, `StressngStressors` wins.
+ type: string
+ stressors:
+ description: Stressors defines plenty of stressors supported
+ to stress system components out. You can use one or more
+ of them to make up various kinds of stresses. At least one
+ of the stressors should be specified.
+ properties:
+ cpu:
+ description: CPUStressor stresses CPU out
+ properties:
+ load:
+ description: Load specifies P percent loading per
+ CPU worker. 0 is effectively a sleep (no load) and
+ 100 is full loading.
+ maximum: 100
+ minimum: 0
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: Workers specifies N workers to apply
+ the stressor. Maximum 8192 workers can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ memory:
+ description: MemoryStressor stresses virtual memory out
+ properties:
+ oomScoreAdj:
+ default: 0
+ description: OOMScoreAdj sets the oom_score_adj of
+ the stress process. See `man 5 proc` to know more
+ about this option.
+ maximum: 1000
+ minimum: -1000
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: Size specifies N bytes consumed per vm
+ worker, default is the total available memory. One
+ can specify the size as % of total available memory
+ or in units of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB.
+ type: string
+ workers:
+ description: Workers specifies N workers to apply
+ the stressor. Maximum 8192 workers can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ timeChaos:
+ description: TimeChaosSpec defines the desired state of TimeChaos
+ properties:
+ clockIds:
+ description: ClockIds defines all affected clock id All available
+ options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID",
+ "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM",
+ "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"]
+ items:
+ type: string
+ type: array
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be
+ used to select nodes. Selector which must match a node's
+ labels, and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod
+ names.
+ type: object
+ type: object
+ timeOffset:
+ description: TimeOffset defines the delta time of injected
+ program. It's a possibly signed sequence of decimal numbers,
+ such as "300ms", "-1.5h" or "2h45m". Valid time units are
+ "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods
+ the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - timeOffset
+ type: object
+ type:
+ description: 'TODO: use a custom type, as `TemplateType` contains
+ other possible values'
+ type: string
+ workflow:
+ properties:
+ entry:
+ type: string
+ templates:
+ items:
+ properties:
+ abortWithStatusCheck:
+ description: AbortWithStatusCheck describe whether to
+ abort the workflow when the failure threshold of StatusCheck
+ is exceeded. Only used when Type is TypeStatusCheck.
+ type: boolean
+ awsChaos:
+ description: AWSChaosSpec is the content of the specification
+ for an AWSChaos
+ properties:
+ action:
+ description: 'Action defines the specific aws chaos
+ action. Supported action: ec2-stop / ec2-restart
+ / detach-volume Default action: ec2-stop'
+ enum:
+ - ec2-stop
+ - ec2-restart
+ - detach-volume
+ type: string
+ awsRegion:
+ description: AWSRegion defines the region of aws.
+ type: string
+ deviceName:
+ description: DeviceName indicates the name of the
+ device. Needed in detach-volume.
+ type: string
+ duration:
+ description: Duration represents the duration of
+ the chaos action.
+ type: string
+ ec2Instance:
+ description: Ec2Instance indicates the ID of the
+ ec2 instance.
+ type: string
+ endpoint:
+ description: Endpoint indicates the endpoint of
+ the aws server. Just used it in test now.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret.
+ type: string
+ volumeID:
+ description: EbsVolume indicates the ID of the EBS
+ volume. Needed in detach-volume.
+ type: string
+ required:
+ - action
+ - awsRegion
+ - ec2Instance
+ type: object
+ azureChaos:
+ description: AzureChaosSpec is the content of the specification
+ for an AzureChaos
+ properties:
+ action:
+ description: 'Action defines the specific azure
+ chaos action. Supported action: vm-stop / vm-restart
+ / disk-detach Default action: vm-stop'
+ enum:
+ - vm-stop
+ - vm-restart
+ - disk-detach
+ type: string
+ diskName:
+ description: DiskName indicates the name of the
+ disk. Needed in disk-detach.
+ type: string
+ duration:
+ description: Duration represents the duration of
+ the chaos action.
+ type: string
+ lun:
+ description: LUN indicates the Logical Unit Number
+ of the data disk. Needed in disk-detach.
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ resourceGroupName:
+ description: ResourceGroupName defines the name
+ of ResourceGroup
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret. It is used for Azure credentials.
+ type: string
+ subscriptionID:
+ description: SubscriptionID defines the id of Azure
+ subscription.
+ type: string
+ vmName:
+ description: VMName defines the name of Virtual
+ Machine
+ type: string
+ required:
+ - action
+ - resourceGroupName
+ - subscriptionID
+ - vmName
+ type: object
+ blockChaos:
+ description: BlockChaosSpec is the content of the specification
+ for a BlockChaos
+ properties:
+ action:
+ description: 'Action defines the specific block
+ chaos action. Supported action: delay'
+ enum:
+ - delay
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the delay distribution.
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ description: Latency defines the latency of
+ every io request.
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of
+ the chaos action.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ volumeName:
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumeName
+ type: object
+ children:
+ description: Children describes the children steps of
+ serial or parallel node. Only used when Type is TypeSerial
+ or TypeParallel.
+ items:
+ type: string
+ type: array
+ conditionalBranches:
+ description: ConditionalBranches describes the conditional
+ branches of custom tasks. Only used when Type is TypeTask.
+ items:
+ properties:
+ expression:
+ description: Expression is the expression for
+ this conditional branch, expected type of result
+ is boolean. If expression is empty, this branch
+ will always be selected/the template will be
+ spawned.
+ type: string
+ target:
+ description: Target is the name of other template,
+ if expression is evaluated as true, this template
+ will be spawned.
+ type: string
+ required:
+ - target
+ type: object
+ type: array
+ deadline:
+ type: string
+ dnsChaos:
+ description: DNSChaosSpec defines the desired state
+ of DNSChaos
+ properties:
+ action:
+ description: 'Action defines the specific DNS chaos
+ action. Supported action: error, random Default
+ action: error'
+ enum:
+ - error
+ - random
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patterns:
+ description: "Choose which domain names to take
+ effect, support the placeholder ? and wildcard
+ *, or the Specified domain name. Note: 1.
+ The wildcard * must be at the end of the string.
+ For example, chaos-*.org is invalid. 2. if
+ the patterns is empty, will take effect on all
+ the domain names. For example: \t\tThe value is
+ [\"google.com\", \"github.*\", \"chaos-mes?.org\"],
+ \t\twill take effect on \"google.com\", \"github.com\"
+ and \"chaos-mesh.org\""
+ items:
+ type: string
+ type: array
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ gcpChaos:
+ description: GCPChaosSpec is the content of the specification
+ for a GCPChaos
+ properties:
+ action:
+ description: 'Action defines the specific gcp chaos
+ action. Supported action: node-stop / node-reset
+ / disk-loss Default action: node-stop'
+ enum:
+ - node-stop
+ - node-reset
+ - disk-loss
+ type: string
+ deviceNames:
+ description: The device name of disks to detach.
+ Needed in disk-loss.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action.
+ type: string
+ instance:
+ description: Instance defines the name of the instance
+ type: string
+ project:
+ description: Project defines the ID of gcp project.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret. It is used for GCP credentials.
+ type: string
+ zone:
+ description: Zone defines the zone of gcp project.
+ type: string
+ required:
+ - action
+ - instance
+ - project
+ - zone
+ type: object
+ httpChaos:
+ properties:
+ abort:
+ description: Abort is a rule to abort a http session.
+ type: boolean
+ code:
+ description: Code is a rule to select target by
+ http status code in response.
+ format: int32
+ type: integer
+ delay:
+ description: Delay represents the delay of the target
+ request/response. A duration string is a possibly
+ unsigned sequence of decimal numbers, each with
+ optional fraction and a unit suffix, such as "300ms",
+ "2h45m". Valid time units are "ns", "us" (or "µs"),
+ "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of
+ the chaos action.
+ type: string
+ method:
+ description: Method is a rule to select target by
+ http method in request.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to patch message
+ body of target.
+ properties:
+ type:
+ description: Type represents the patch type,
+ only support `JSON` as [merge patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append http
+ headers of target. For example: `[["Set-Cookie",
+ ""], ["Set-Cookie", ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append uri
+ queries of target(Request only). For example:
+ `[["foo", "bar"], ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ path:
+ description: Path is a rule to select target by
+ uri path in http request.
+ type: string
+ port:
+ description: Port represents the target port to
+ be proxy of.
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ replace:
+ description: Replace is a rule to replace some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to replace http
+ message body in target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http
+ status code in response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace http
+ headers of target. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace http
+ method in request.
+ type: string
+ path:
+ description: Path is rule to to replace uri
+ path in http request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace uri
+ queries in http request. For example, with
+ value `{ "foo": "unknown" }`, the `/?foo=bar`
+ will be altered to `/?foo=unknown`,'
+ type: object
+ type: object
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select
+ target by http headers in request. The key-value
+ pairs represent header name and header value pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select
+ target by http headers in response. The key-value
+ pairs represent header name and header value pairs.
+ type: object
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target is the object to be selected
+ and injected.
+ enum:
+ - Request
+ - Response
+ type: string
+ tls:
+ description: TLS is the tls config, will override
+ PodHttpChaos if there are multiple HTTPChaos experiments
+ are applied
+ properties:
+ caName:
+ description: CAName represents the data name
+ of ca file in secret, `ca.crt` for example
+ type: string
+ certName:
+ description: CertName represents the data name
+ of cert file in secret, `tls.crt` for example
+ type: string
+ keyName:
+ description: KeyName represents the data name
+ of key file in secret, `tls.key` for example
+ type: string
+ secretName:
+ description: SecretName represents the name
+ of required secret resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents the
+ namespace of required secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - target
+ type: object
+ ioChaos:
+ description: IOChaosSpec defines the desired state of
+ IOChaos
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos
+ action. Supported action: latency / fault / attrOverride
+ / mistake'
+ enum:
+ - latency
+ - fault
+ - attrOverride
+ - mistake
+ type: string
+ attr:
+ description: Attr defines the overrided attribution
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of file
+ type: string
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ uid:
+ format: int32
+ type: integer
+ type: object
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the value of I/O chaos
+ action delay. A delay string is a possibly signed
+ sequence of decimal numbers, each with optional
+ fraction and a unit suffix, such as "300ms". Valid
+ time units are "ns", "us" (or "µs"), "ms", "s",
+ "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of
+ the chaos action. It is required when the action
+ is `PodFailureAction`. A duration string is a
+ possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such
+ as "300ms", "-1.5h" or "2h45m". Valid time units
+ are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ errno:
+ description: 'Errno defines the error code that
+ returned by I/O action. refer to: https://www-numi.fnal.gov/offline_software/srt_public_context/WebDocs/Errors/unix_system_errors.html'
+ format: int32
+ type: integer
+ methods:
+ description: 'Methods defines the I/O methods for
+ injecting I/O chaos action. default: all I/O methods.'
+ items:
+ type: string
+ type: array
+ mistake:
+ description: Mistake defines what types of incorrectness
+ are injected to IO operations
+ properties:
+ filling:
+ description: Filling determines what is filled
+ in the mistake data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data segment
+ in bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences]
+ segments of wrong data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ path:
+ description: Path defines the path of files for
+ injecting I/O chaos action.
+ type: string
+ percent:
+ default: 100
+ description: 'Percent defines the percentage of
+ injection errors and provides a number from 0-100.
+ default: 100.'
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ volumePath:
+ description: VolumePath represents the mount path
+ of injected volume
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumePath
+ type: object
+ jvmChaos:
+ description: JVMChaosSpec defines the desired state
+ of JVMChaos
+ properties:
+ action:
+ description: 'Action defines the specific jvm chaos
+ action. Supported action: latency;return;exception;stress;gc;ruleData'
+ enum:
+ - latency
+ - return
+ - exception
+ - stress
+ - gc
+ - ruleData
+ - mysql
+ type: string
+ class:
+ description: Java class
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ cpuCount:
+ description: the CPU core number needs to use, only
+ set it when action is stress
+ type: integer
+ database:
+ description: the match database default value is
+ "", means match all database
+ type: string
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ exception:
+ description: the exception which needs to throw
+ for action `exception` or the exception message
+ needs to throw in action `mysql`
+ type: string
+ latency:
+ description: the latency duration for action 'latency',
+ unit ms or the latency duration in action `mysql`
+ type: integer
+ memType:
+ description: the memory type needs to locate, only
+ set it when action is stress, the value can be
+ 'stack' or 'heap'
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java,
+ only support 5.X.X(set to "5") and 8.X.X(set to
+ "8") now
+ type: string
+ name:
+ description: byteman rule name, should be unique,
+ and will generate one if not set
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ ruleData:
+ description: the byteman rule's data for action
+ 'ruleData'
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ sqlType:
+ description: the match sql type default value is
+ "", means match all SQL type. The value can be
+ 'select', 'insert', 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "",
+ means match all table
+ type: string
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ kernelChaos:
+ description: KernelChaosSpec defines the desired state
+ of KernelChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ failKernRequest:
+ description: FailKernRequest defines the request
+ of kernel injection
+ properties:
+ callchain:
+ description: 'Callchain indicate a special call
+ chain, such as: ext4_mount -> mount_subtree ->
+ ... -> should_failslab With an
+ optional set of predicates and an optional
+ set of parameters, which used with predicates.
+ You can read call chan and predicate examples
+ from https://github.com/chaos-mesh/bpfki/tree/develop/examples
+ to learn more. If no special call chain, just
+ keep Callchain empty, which means it will
+ fail at any call chain with slab alloc (eg:
+ kmalloc).'
+ items:
+ description: Frame defines the function signature
+ and predicate in function's body
+ properties:
+ funcname:
+ description: Funcname can be find from
+ kernel source or `/proc/kallsyms`, such
+ as `ext4_mount`
+ type: string
+ parameters:
+ description: Parameters is used with predicate,
+ for example, if you want to inject slab
+ error in `d_alloc_parallel(struct dentry
+ *parent, const struct qstr *name)` with
+ a special name `bananas`, you need to
+ set it to `struct dentry *parent, const
+ struct qstr *name` otherwise omit it.
+ type: string
+ predicate:
+ description: Predicate will access the
+ arguments of this Frame, example with
+ Parameters's, you can set it to `STRNCMP(name->name,
+ "bananas", 8)` to make inject only with
+ it, or omit it to inject for all d_alloc_parallel
+ call chain.
+ type: string
+ type: object
+ type: array
+ failtype:
+ description: 'FailType indicates what to fail,
+ can be set to ''0'' / ''1'' / ''2'' If `0`,
+ indicates slab to fail (should_failslab) If
+ `1`, indicates alloc_page to fail (should_fail_alloc_page)
+ If `2`, indicates bio to fail (should_fail_bio)
+ You can read: 1. https://www.kernel.org/doc/html/latest/fault-injection/fault-injection.html 2.
+ http://github.com/iovisor/bcc/blob/master/tools/inject_example.txt
+ to learn more'
+ format: int32
+ maximum: 2
+ minimum: 0
+ type: integer
+ headers:
+ description: 'Headers indicates the appropriate
+ kernel headers you need. Eg: "linux/mmzone.h",
+ "linux/blkdev.h" and so on'
+ items:
+ type: string
+ type: array
+ probability:
+ description: Probability indicates the fails
+ with probability. If you want 1%, please set
+ this field with 1.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ times:
+ description: Times indicates the max times of
+ fails.
+ format: int32
+ minimum: 0
+ type: integer
+ required:
+ - failtype
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - failKernRequest
+ - mode
+ - selector
+ type: object
+ name:
+ type: string
+ networkChaos:
+ description: NetworkChaosSpec defines the desired state
+ of NetworkChaos
+ properties:
+ action:
+ description: 'Action defines the specific network
+ chaos action. Supported action: partition, netem,
+ delay, loss, duplicate, corrupt Default action:
+ delay'
+ enum:
+ - netem
+ - delay
+ - loss
+ - duplicate
+ - corrupt
+ - partition
+ - bandwidth
+ type: string
+ bandwidth:
+ description: Bandwidth represents the detail about
+ bandwidth control action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount of
+ bytes that tokens can be available for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes that
+ can be queued waiting for tokens to become
+ available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size of
+ the peakrate bucket. For perfect accuracy,
+ should be set to the MTU of the interface. If
+ a peakrate is needed, but some burstiness
+ is acceptable, this size can be raised. A
+ 3000 byte minburst allows around 3mbit/s of
+ peakrate, given 1000 byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion
+ rate of the bucket. The peakrate does not
+ need to be set, it is only necessary if perfect
+ millisecond timescale shaping is required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows
+ bps, kbps, mbps, gbps, tbps unit. bps means
+ bytes per second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about
+ corrupt action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about delay
+ action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details of
+ packet reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device
+ to be affected.
+ type: string
+ direction:
+ default: to
+ description: Direction represents the direction,
+ this applies on netem and network partition action
+ enum:
+ - to
+ - from
+ - both
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail
+ about loss action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ externalTargets:
+ description: ExternalTargets represents network
+ targets outside k8s
+ items:
+ type: string
+ type: array
+ loss:
+ description: Loss represents the detail about loss
+ action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target represents network target, this
+ applies on netem and network partition action
+ properties:
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ targetDevice:
+ description: TargetDevice represents the network
+ device to be affected in target scope.
+ type: string
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ physicalmachineChaos:
+ description: PhysicalMachineChaosSpec defines the desired
+ state of PhysicalMachineChaos
+ properties:
+ action:
+ description: the subAction, generate automatically
+ enum:
+ - stress-cpu
+ - stress-mem
+ - disk-read-payload
+ - disk-write-payload
+ - disk-fill
+ - network-corrupt
+ - network-duplicate
+ - network-loss
+ - network-delay
+ - network-partition
+ - network-dns
+ - network-bandwidth
+ - network-flood
+ - network-down
+ - process
+ - jvm-exception
+ - jvm-gc
+ - jvm-latency
+ - jvm-return
+ - jvm-stress
+ - jvm-rule-data
+ - jvm-mysql
+ - clock
+ - redis-expiration
+ - redis-penetration
+ - redis-cacheLimit
+ - redis-restart
+ - redis-stop
+ - kafka-fill
+ - kafka-flood
+ - kafka-io
+ - file-create
+ - file-modify
+ - file-delete
+ - file-rename
+ - file-append
+ - file-replace
+ - vm
+ - user_defined
+ type: string
+ address:
+ description: 'DEPRECATED: Use Selector instead.
+ Only one of Address and Selector could be specified.'
+ items:
+ type: string
+ type: array
+ clock:
+ properties:
+ clock-ids-slice:
+ description: the identifier of the particular
+ clock on which to act. More clock description
+ in linux kernel can be found in man page of
+ clock_getres, clock_gettime, clock_settime.
+ Muti clock ids should be split with ","
+ type: string
+ pid:
+ description: the pid of target program.
+ type: integer
+ time-offset:
+ description: specifies the length of time offset.
+ type: string
+ type: object
+ disk-fill:
+ properties:
+ fill-by-fallocate:
+ description: fill disk by fallocate
+ type: boolean
+ path:
+ description: specifies the location to fill
+ data in. if path not provided, payload will
+ read/write from/into a temp file, temp file
+ will be deleted after writing
+ type: string
+ size:
+ description: 'specifies how many units of data
+ will write into the file path. support unit:
+ c=1, w=2, b=512, kB=1000, K=1024, MB=1000*1000,
+ M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-read-payload:
+ properties:
+ path:
+ description: specifies the location to fill
+ data in. if path not provided, payload will
+ read/write from/into a temp file, temp file
+ will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process
+ work on writing, default 1, only 1-255 is
+ valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data
+ will write into the file path. support unit:
+ c=1, w=2, b=512, kB=1000, K=1024, MB=1000*1000,
+ M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ disk-write-payload:
+ properties:
+ path:
+ description: specifies the location to fill
+ data in. if path not provided, payload will
+ read/write from/into a temp file, temp file
+ will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process
+ work on writing, default 1, only 1-255 is
+ valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data
+ will write into the file path. support unit:
+ c=1, w=2, b=512, kB=1000, K=1024, MB=1000*1000,
+ M=1024*1024, GB=1000*1000*1000, G=1024*1024*1024
+ BYTES. example : 1M | 512kB'
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ file-append:
+ properties:
+ count:
+ description: Count is the number of times to
+ append the data.
+ type: integer
+ data:
+ description: Data is the data for append.
+ type: string
+ file-name:
+ description: FileName is the name of the file
+ to be created, modified, deleted, renamed,
+ or appended.
+ type: string
+ type: object
+ file-create:
+ properties:
+ dir-name:
+ description: DirName is the directory name to
+ create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file
+ to be created, modified, deleted, renamed,
+ or appended.
+ type: string
+ type: object
+ file-delete:
+ properties:
+ dir-name:
+ description: DirName is the directory name to
+ create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file
+ to be created, modified, deleted, renamed,
+ or appended.
+ type: string
+ type: object
+ file-modify:
+ properties:
+ file-name:
+ description: FileName is the name of the file
+ to be created, modified, deleted, renamed,
+ or appended.
+ type: string
+ privilege:
+ description: Privilege is the file privilege
+ to be set.
+ format: int32
+ type: integer
+ type: object
+ file-rename:
+ properties:
+ dest-file:
+ description: DestFile is the name to be renamed.
+ type: string
+ source-file:
+ description: SourceFile is the name need to
+ be renamed.
+ type: string
+ type: object
+ file-replace:
+ properties:
+ dest-string:
+ description: DestStr is the destination string
+ of the file.
+ type: string
+ file-name:
+ description: FileName is the name of the file
+ to be created, modified, deleted, renamed,
+ or appended.
+ type: string
+ line:
+ description: Line is the line number of the
+ file to be replaced.
+ type: integer
+ origin-string:
+ description: OriginStr is the origin string
+ of the file.
+ type: string
+ type: object
+ http-abort:
+ properties:
+ code:
+ description: Code is a rule to select target
+ by http status code in response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard
+ matches
+ type: string
+ port:
+ description: The TCP port that the target service
+ listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of
+ HTTP connection, we will only attack HTTP
+ connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - proxy_ports
+ - target
+ type: object
+ http-config:
+ properties:
+ file_path:
+ description: The config file path
+ type: string
+ type: object
+ http-delay:
+ properties:
+ code:
+ description: Code is a rule to select target
+ by http status code in response
+ type: string
+ delay:
+ description: Delay represents the delay of the
+ target request/response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard
+ matches
+ type: string
+ port:
+ description: The TCP port that the target service
+ listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of
+ HTTP connection, we will only attack HTTP
+ connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - delay
+ - proxy_ports
+ - target
+ type: object
+ http-request:
+ description: used for HTTP request, now only support
+ GET
+ properties:
+ count:
+ description: The number of requests to send
+ type: integer
+ enable-conn-pool:
+ description: Enable connection pool
+ type: boolean
+ url:
+ description: Request to send"
+ type: string
+ type: object
+ jvm-exception:
+ properties:
+ class:
+ description: Java class
+ type: string
+ exception:
+ description: the exception which needs to throw
+ for action `exception`
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-gc:
+ properties:
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-latency:
+ properties:
+ class:
+ description: Java class
+ type: string
+ latency:
+ description: the latency duration for action
+ 'latency', unit ms
+ type: integer
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-mysql:
+ properties:
+ database:
+ description: the match database default value
+ is "", means match all database
+ type: string
+ exception:
+ description: The exception which needs to throw
+ for action `exception` or the exception message
+ needs to throw in action `mysql`
+ type: string
+ latency:
+ description: The latency duration for action
+ 'latency' or the latency duration in action
+ `mysql`
+ type: integer
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java,
+ only support 5.X.X(set to "5") and 8.X.X(set
+ to "8") now
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ sqlType:
+ description: the match sql type default value
+ is "", means match all SQL type. The value
+ can be 'select', 'insert', 'update', 'delete',
+ 'replace'.
+ type: string
+ table:
+ description: the match table default value is
+ "", means match all table
+ type: string
+ type: object
+ jvm-return:
+ properties:
+ class:
+ description: Java class
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ value:
+ description: the return value for action 'return'
+ type: string
+ type: object
+ jvm-rule-data:
+ properties:
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ rule-data:
+ description: RuleData used to save the rule
+ file's data, will use it when recover
+ type: string
+ type: object
+ jvm-stress:
+ properties:
+ cpu-count:
+ description: the CPU core number need to use,
+ only set it when action is stress
+ type: integer
+ mem-type:
+ description: the memory type need to locate,
+ only set it when action is stress, the value
+ can be 'stack' or 'heap'
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ kafka-fill:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ maxBytes:
+ description: The max bytes to fill
+ format: int64
+ type: integer
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ reloadCommand:
+ description: The command to reload kafka config
+ type: string
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-flood:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ threads:
+ description: The number of worker threads
+ type: integer
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-io:
+ properties:
+ configFile:
+ description: The path of server config
+ type: string
+ nonReadable:
+ description: Make kafka cluster non-readable
+ type: boolean
+ nonWritable:
+ description: Make kafka cluster non-writable
+ type: boolean
+ topic:
+ description: The topic to attack
+ type: string
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ network-bandwidth:
+ properties:
+ buffer:
+ format: int32
+ minimum: 1
+ type: integer
+ device:
+ type: string
+ hostname:
+ type: string
+ ip-address:
+ type: string
+ limit:
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ format: int32
+ type: integer
+ peakrate:
+ format: int64
+ type: integer
+ rate:
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ network-corrupt:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is
+ 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or
+ to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this
+ IP protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to corrupt
+ (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from
+ these source ports, use a ',' to separate
+ or to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ type: object
+ network-delay:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the
+ tcp flag can be accepted, others will be dropped.
+ only set when the IPProtocol is tcp, used
+ for partition.
+ type: string
+ correlation:
+ description: correlation is percentage (10 is
+ 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or
+ to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this
+ IP protocol, supported: tcp, udp, icmp, all'
+ type: string
+ jitter:
+ description: 'jitter time, time units: ns, us
+ (or µs), ms, s, m, h.'
+ type: string
+ latency:
+ description: 'delay egress time, time units:
+ ns, us (or µs), ms, s, m, h.'
+ type: string
+ source-port:
+ description: only impact egress traffic from
+ these source ports, use a ',' to separate
+ or to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ type: object
+ network-dns:
+ properties:
+ dns-domain-name:
+ description: map this host to specified IP
+ type: string
+ dns-ip:
+ description: map specified host to this IP address
+ type: string
+ dns-server:
+ description: update the DNS server in /etc/resolv.conf
+ with this value
+ type: string
+ type: object
+ network-down:
+ properties:
+ device:
+ description: The network interface to impact
+ type: string
+ duration:
+ description: 'NIC down time, time units: ns,
+ us (or µs), ms, s, m, h.'
+ type: string
+ type: object
+ network-duplicate:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is
+ 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or
+ to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this
+ IP protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to duplicate
+ (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from
+ these source ports, use a ',' to separate
+ or to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ type: object
+ network-flood:
+ properties:
+ duration:
+ description: The number of seconds to run the
+ iperf test
+ type: string
+ ip-address:
+ description: Generate traffic to this IP address
+ type: string
+ parallel:
+ description: The number of iperf parallel client
+ threads to run
+ format: int32
+ type: integer
+ port:
+ description: Generate traffic to this port on
+ the IP address
+ type: string
+ rate:
+ description: The speed of network traffic, allows
+ bps, kbps, mbps, gbps, tbps unit. bps means
+ bytes per second
+ type: string
+ required:
+ - duration
+ - rate
+ type: object
+ network-loss:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is
+ 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or
+ to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this
+ IP protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to loss (10
+ is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from
+ these source ports, use a ',' to separate
+ or to indicate the range, such as 80, 8001:8010.
+ it can only be used in conjunction with -p
+ tcp or -p udp
+ type: string
+ type: object
+ network-partition:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the
+ tcp flag can be accepted, others will be dropped.
+ only set when the IPProtocol is tcp, used
+ for partition.
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ direction:
+ description: specifies the partition direction,
+ values can be 'from', 'to'. 'from' means packets
+ coming from the 'IPAddress' or 'Hostname'
+ and going to your server, 'to' means packets
+ originating from your server and going to
+ the 'IPAddress' or 'Hostname'.
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ type: object
+ process:
+ properties:
+ process:
+ description: the process name or the process
+ ID
+ type: string
+ recoverCmd:
+ description: the command to be run when recovering
+ experiment
+ type: string
+ signal:
+ description: the signal number to send
+ type: integer
+ type: object
+ redis-cacheLimit:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ cacheSize:
+ description: The size of `maxmemory`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ percent:
+ description: Specifies maxmemory as a percentage
+ of the original value
+ type: string
+ type: object
+ redis-expiration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ expiration:
+ description: The expiration of the keys
+ type: string
+ key:
+ description: The keys to be expired
+ type: string
+ option:
+ description: Additional options for `expiration`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ type: object
+ redis-penetration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ requestNum:
+ description: The number of requests to be sent
+ type: integer
+ type: object
+ redis-restart:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether
+ to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line
+ tool
+ type: boolean
+ type: object
+ redis-stop:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether
+ to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line
+ tool
+ type: boolean
+ type: object
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select physical
+ machines that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ physicalMachines:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: PhysicalMachines is a map of string
+ keys and a set values that used to select
+ physical machines. The key defines the namespace
+ which physical machine belong, and each value
+ is a set of physical machine names.
+ type: object
+ type: object
+ stress-cpu:
+ properties:
+ load:
+ description: specifies P percent loading per
+ CPU worker. 0 is effectively a sleep (no load)
+ and 100 is full loading.
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: specifies N workers to apply the
+ stressor.
+ type: integer
+ type: object
+ stress-mem:
+ properties:
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: specifies N bytes consumed per
+ vm worker, default is the total available
+ memory. One can specify the size as % of total
+ available memory or in units of B, KB/KiB,
+ MB/MiB, GB/GiB, TB/TiB..
+ type: string
+ type: object
+ uid:
+ description: the experiment ID
+ type: string
+ user_defined:
+ properties:
+ attackCmd:
+ description: The command to be executed when
+ attack
+ type: string
+ recoverCmd:
+ description: The command to be executed when
+ recover
+ type: string
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of physical
+ machines to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent
+ of physical machines the server can do chaos action.
+ IF `RandomMaxPercentMode`, provide a number from
+ 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ vm:
+ properties:
+ vm-name:
+ description: The name of the VM to be injected
+ type: string
+ type: object
+ required:
+ - action
+ - mode
+ type: object
+ podChaos:
+ description: PodChaosSpec defines the attributes that
+ a user creates on a chaos experiment about pods.
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos
+ action. Supported action: pod-kill / pod-failure
+ / container-kill Default action: pod-kill'
+ enum:
+ - pod-kill
+ - pod-failure
+ - container-kill
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action. It is required when the action
+ is `PodFailureAction`. A duration string is a
+ possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such
+ as "300ms", "-1.5h" or "2h45m". Valid time units
+ are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ gracePeriod:
+ description: GracePeriod is used in pod-kill action.
+ It represents the duration in seconds before the
+ pod should be deleted. Value must be non-negative
+ integer. The default value is zero that indicates
+ delete immediately.
+ format: int64
+ minimum: 0
+ type: integer
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ schedule:
+ description: Schedule describe the Schedule(describing
+ scheduled chaos) to be injected with chaos nodes.
+ Only used when Type is TypeSchedule.
+ properties:
+ awsChaos:
+ description: AWSChaosSpec is the content of the
+ specification for an AWSChaos
+ properties:
+ action:
+ description: 'Action defines the specific aws
+ chaos action. Supported action: ec2-stop /
+ ec2-restart / detach-volume Default action:
+ ec2-stop'
+ enum:
+ - ec2-stop
+ - ec2-restart
+ - detach-volume
+ type: string
+ awsRegion:
+ description: AWSRegion defines the region of
+ aws.
+ type: string
+ deviceName:
+ description: DeviceName indicates the name of
+ the device. Needed in detach-volume.
+ type: string
+ duration:
+ description: Duration represents the duration
+ of the chaos action.
+ type: string
+ ec2Instance:
+ description: Ec2Instance indicates the ID of
+ the ec2 instance.
+ type: string
+ endpoint:
+ description: Endpoint indicates the endpoint
+ of the aws server. Just used it in test now.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of
+ kubernetes secret.
+ type: string
+ volumeID:
+ description: EbsVolume indicates the ID of the
+ EBS volume. Needed in detach-volume.
+ type: string
+ required:
+ - action
+ - awsRegion
+ - ec2Instance
+ type: object
+ azureChaos:
+ description: AzureChaosSpec is the content of the
+ specification for an AzureChaos
+ properties:
+ action:
+ description: 'Action defines the specific azure
+ chaos action. Supported action: vm-stop /
+ vm-restart / disk-detach Default action: vm-stop'
+ enum:
+ - vm-stop
+ - vm-restart
+ - disk-detach
+ type: string
+ diskName:
+ description: DiskName indicates the name of
+ the disk. Needed in disk-detach.
+ type: string
+ duration:
+ description: Duration represents the duration
+ of the chaos action.
+ type: string
+ lun:
+ description: LUN indicates the Logical Unit
+ Number of the data disk. Needed in disk-detach.
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ resourceGroupName:
+ description: ResourceGroupName defines the name
+ of ResourceGroup
+ type: string
+ secretName:
+ description: SecretName defines the name of
+ kubernetes secret. It is used for Azure credentials.
+ type: string
+ subscriptionID:
+ description: SubscriptionID defines the id of
+ Azure subscription.
+ type: string
+ vmName:
+ description: VMName defines the name of Virtual
+ Machine
+ type: string
+ required:
+ - action
+ - resourceGroupName
+ - subscriptionID
+ - vmName
+ type: object
+ blockChaos:
+ description: BlockChaosSpec is the content of the
+ specification for a BlockChaos
+ properties:
+ action:
+ description: 'Action defines the specific block
+ chaos action. Supported action: delay'
+ enum:
+ - delay
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of
+ the name of affected container. If not set,
+ the first container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the delay distribution.
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ description: Latency defines the latency
+ of every io request.
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration
+ of the chaos action.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ volumeName:
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumeName
+ type: object
+ concurrencyPolicy:
+ enum:
+ - Forbid
+ - Allow
+ type: string
+ dnsChaos:
+ description: DNSChaosSpec defines the desired state
+ of DNSChaos
+ properties:
+ action:
+ description: 'Action defines the specific DNS
+ chaos action. Supported action: error, random
+ Default action: error'
+ enum:
+ - error
+ - random
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of
+ the name of affected container. If not set,
+ the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration
+ of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patterns:
+ description: "Choose which domain names to take
+ effect, support the placeholder ? and wildcard
+ *, or the Specified domain name. Note: 1.
+ The wildcard * must be at the end of the string.
+ For example, chaos-*.org is invalid. 2.
+ if the patterns is empty, will take effect
+ on all the domain names. For example: \t\tThe
+ value is [\"google.com\", \"github.*\", \"chaos-mes?.org\"],
+ \t\twill take effect on \"google.com\", \"github.com\"
+ and \"chaos-mesh.org\""
+ items:
+ type: string
+ type: array
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ gcpChaos:
+ description: GCPChaosSpec is the content of the
+ specification for a GCPChaos
+ properties:
+ action:
+ description: 'Action defines the specific gcp
+ chaos action. Supported action: node-stop
+ / node-reset / disk-loss Default action: node-stop'
+ enum:
+ - node-stop
+ - node-reset
+ - disk-loss
+ type: string
+ deviceNames:
+ description: The device name of disks to detach.
+ Needed in disk-loss.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration
+ of the chaos action.
+ type: string
+ instance:
+ description: Instance defines the name of the
+ instance
+ type: string
+ project:
+ description: Project defines the ID of gcp project.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of
+ kubernetes secret. It is used for GCP credentials.
+ type: string
+ zone:
+ description: Zone defines the zone of gcp project.
+ type: string
+ required:
+ - action
+ - instance
+ - project
+ - zone
+ type: object
+ historyLimit:
+ minimum: 1
+ type: integer
+ httpChaos:
+ properties:
+ abort:
+ description: Abort is a rule to abort a http
+ session.
+ type: boolean
+ code:
+ description: Code is a rule to select target
+ by http status code in response.
+ format: int32
+ type: integer
+ delay:
+ description: Delay represents the delay of the
+ target request/response. A duration string
+ is a possibly unsigned sequence of decimal
+ numbers, each with optional fraction and a
+ unit suffix, such as "300ms", "2h45m". Valid
+ time units are "ns", "us" (or "µs"), "ms",
+ "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration
+ of the chaos action.
+ type: string
+ method:
+ description: Method is a rule to select target
+ by http method in request.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to patch message
+ body of target.
+ properties:
+ type:
+ description: Type represents the patch
+ type, only support `JSON` as [merge
+ patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append
+ http headers of target. For example: `[["Set-Cookie",
+ ""], ["Set-Cookie", ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append
+ uri queries of target(Request only). For
+ example: `[["foo", "bar"], ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ path:
+ description: Path is a rule to select target
+ by uri path in http request.
+ type: string
+ port:
+ description: Port represents the target port
+ to be proxy of.
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ replace:
+ description: Replace is a rule to replace some
+ contents in target.
+ properties:
+ body:
+ description: Body is a rule to replace http
+ message body in target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http
+ status code in response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace
+ http headers of target. The key-value
+ pairs represent header name and header
+ value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace
+ http method in request.
+ type: string
+ path:
+ description: Path is rule to to replace
+ uri path in http request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace
+ uri queries in http request. For example,
+ with value `{ "foo": "unknown" }`, the
+ `/?foo=bar` will be altered to `/?foo=unknown`,'
+ type: object
+ type: object
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select
+ target by http headers in request. The key-value
+ pairs represent header name and header value
+ pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select
+ target by http headers in response. The key-value
+ pairs represent header name and header value
+ pairs.
+ type: object
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ target:
+ description: Target is the object to be selected
+ and injected.
+ enum:
+ - Request
+ - Response
+ type: string
+ tls:
+ description: TLS is the tls config, will override
+ PodHttpChaos if there are multiple HTTPChaos
+ experiments are applied
+ properties:
+ caName:
+ description: CAName represents the data
+ name of ca file in secret, `ca.crt` for
+ example
+ type: string
+ certName:
+ description: CertName represents the data
+ name of cert file in secret, `tls.crt`
+ for example
+ type: string
+ keyName:
+ description: KeyName represents the data
+ name of key file in secret, `tls.key`
+ for example
+ type: string
+ secretName:
+ description: SecretName represents the name
+ of required secret resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents
+ the namespace of required secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - target
+ type: object
+ ioChaos:
+ description: IOChaosSpec defines the desired state
+ of IOChaos
+ properties:
+ action:
+ description: 'Action defines the specific pod
+ chaos action. Supported action: latency /
+ fault / attrOverride / mistake'
+ enum:
+ - latency
+ - fault
+ - attrOverride
+ - mistake
+ type: string
+ attr:
+ description: Attr defines the overrided attribution
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of
+ file
+ type: string
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ uid:
+ format: int32
+ type: integer
+ type: object
+ containerNames:
+ description: ContainerNames indicates list of
+ the name of affected container. If not set,
+ the first container will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the value of I/O
+ chaos action delay. A delay string is a possibly
+ signed sequence of decimal numbers, each with
+ optional fraction and a unit suffix, such
+ as "300ms". Valid time units are "ns", "us"
+ (or "µs"), "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration
+ of the chaos action. It is required when the
+ action is `PodFailureAction`. A duration string
+ is a possibly signed sequence of decimal numbers,
+ each with optional fraction and a unit suffix,
+ such as "300ms", "-1.5h" or "2h45m". Valid
+ time units are "ns", "us" (or "µs"), "ms",
+ "s", "m", "h".
+ type: string
+ errno:
+ description: 'Errno defines the error code that
+ returned by I/O action. refer to: https://www-numi.fnal.gov/offline_software/srt_public_context/WebDocs/Errors/unix_system_errors.html'
+ format: int32
+ type: integer
+ methods:
+ description: 'Methods defines the I/O methods
+ for injecting I/O chaos action. default: all
+ I/O methods.'
+ items:
+ type: string
+ type: array
+ mistake:
+ description: Mistake defines what types of incorrectness
+ are injected to IO operations
+ properties:
+ filling:
+ description: Filling determines what is
+ filled in the mistake data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data
+ segment in bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences]
+ segments of wrong data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ path:
+ description: Path defines the path of files
+ for injecting I/O chaos action.
+ type: string
+ percent:
+ default: 100
+ description: 'Percent defines the percentage
+ of injection errors and provides a number
+ from 0-100. default: 100.'
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ volumePath:
+ description: VolumePath represents the mount
+ path of injected volume
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumePath
+ type: object
+ jvmChaos:
+ description: JVMChaosSpec defines the desired state
+ of JVMChaos
+ properties:
+ action:
+ description: 'Action defines the specific jvm
+ chaos action. Supported action: latency;return;exception;stress;gc;ruleData'
+ enum:
+ - latency
+ - return
+ - exception
+ - stress
+ - gc
+ - ruleData
+ - mysql
+ type: string
+ class:
+ description: Java class
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of
+ the name of affected container. If not set,
+ the first container will be injected
+ items:
+ type: string
+ type: array
+ cpuCount:
+ description: the CPU core number needs to use,
+ only set it when action is stress
+ type: integer
+ database:
+ description: the match database default value
+ is "", means match all database
+ type: string
+ duration:
+ description: Duration represents the duration
+ of the chaos action
+ type: string
+ exception:
+ description: the exception which needs to throw
+ for action `exception` or the exception message
+ needs to throw in action `mysql`
+ type: string
+ latency:
+ description: the latency duration for action
+ 'latency', unit ms or the latency duration
+ in action `mysql`
+ type: integer
+ memType:
+ description: the memory type needs to locate,
+ only set it when action is stress, the value
+ can be 'stack' or 'heap'
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java,
+ only support 5.X.X(set to "5") and 8.X.X(set
+ to "8") now
+ type: string
+ name:
+ description: byteman rule name, should be unique,
+ and will generate one if not set
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ ruleData:
+ description: the byteman rule's data for action
+ 'ruleData'
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ sqlType:
+ description: the match sql type default value
+ is "", means match all SQL type. The value
+ can be 'select', 'insert', 'update', 'delete',
+ 'replace'.
+ type: string
+ table:
+ description: the match table default value is
+ "", means match all table
+ type: string
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ kernelChaos:
+ description: KernelChaosSpec defines the desired
+ state of KernelChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of
+ the name of affected container. If not set,
+ the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration
+ of the chaos action
+ type: string
+ failKernRequest:
+ description: FailKernRequest defines the request
+ of kernel injection
+ properties:
+ callchain:
+ description: 'Callchain indicate a special
+ call chain, such as: ext4_mount ->
+ mount_subtree -> ... ->
+ should_failslab With an optional set of
+ predicates and an optional set of parameters,
+ which used with predicates. You can read
+ call chan and predicate examples from
+ https://github.com/chaos-mesh/bpfki/tree/develop/examples
+ to learn more. If no special call chain,
+ just keep Callchain empty, which means
+ it will fail at any call chain with slab
+ alloc (eg: kmalloc).'
+ items:
+ description: Frame defines the function
+ signature and predicate in function's
+ body
+ properties:
+ funcname:
+ description: Funcname can be find
+ from kernel source or `/proc/kallsyms`,
+ such as `ext4_mount`
+ type: string
+ parameters:
+ description: Parameters is used with
+ predicate, for example, if you want
+ to inject slab error in `d_alloc_parallel(struct
+ dentry *parent, const struct qstr
+ *name)` with a special name `bananas`,
+ you need to set it to `struct dentry
+ *parent, const struct qstr *name`
+ otherwise omit it.
+ type: string
+ predicate:
+ description: Predicate will access
+ the arguments of this Frame, example
+ with Parameters's, you can set it
+ to `STRNCMP(name->name, "bananas",
+ 8)` to make inject only with it,
+ or omit it to inject for all d_alloc_parallel
+ call chain.
+ type: string
+ type: object
+ type: array
+ failtype:
+ description: 'FailType indicates what to
+ fail, can be set to ''0'' / ''1'' / ''2''
+ If `0`, indicates slab to fail (should_failslab)
+ If `1`, indicates alloc_page to fail (should_fail_alloc_page)
+ If `2`, indicates bio to fail (should_fail_bio)
+ You can read: 1. https://www.kernel.org/doc/html/latest/fault-injection/fault-injection.html 2.
+ http://github.com/iovisor/bcc/blob/master/tools/inject_example.txt
+ to learn more'
+ format: int32
+ maximum: 2
+ minimum: 0
+ type: integer
+ headers:
+ description: 'Headers indicates the appropriate
+ kernel headers you need. Eg: "linux/mmzone.h",
+ "linux/blkdev.h" and so on'
+ items:
+ type: string
+ type: array
+ probability:
+ description: Probability indicates the fails
+ with probability. If you want 1%, please
+ set this field with 1.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ times:
+ description: Times indicates the max times
+ of fails.
+ format: int32
+ minimum: 0
+ type: integer
+ required:
+ - failtype
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - failKernRequest
+ - mode
+ - selector
+ type: object
+ networkChaos:
+ description: NetworkChaosSpec defines the desired
+ state of NetworkChaos
+ properties:
+ action:
+ description: 'Action defines the specific network
+ chaos action. Supported action: partition,
+ netem, delay, loss, duplicate, corrupt Default
+ action: delay'
+ enum:
+ - netem
+ - delay
+ - loss
+ - duplicate
+ - corrupt
+ - partition
+ - bandwidth
+ type: string
+ bandwidth:
+ description: Bandwidth represents the detail
+ about bandwidth control action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount
+ of bytes that tokens can be available
+ for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes
+ that can be queued waiting for tokens
+ to become available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size
+ of the peakrate bucket. For perfect accuracy,
+ should be set to the MTU of the interface. If
+ a peakrate is needed, but some burstiness
+ is acceptable, this size can be raised.
+ A 3000 byte minburst allows around 3mbit/s
+ of peakrate, given 1000 byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion
+ rate of the bucket. The peakrate does
+ not need to be set, it is only necessary
+ if perfect millisecond timescale shaping
+ is required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows
+ bps, kbps, mbps, gbps, tbps unit. bps
+ means bytes per second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about
+ corrupt action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about
+ delay action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details
+ of packet reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device
+ to be affected.
+ type: string
+ direction:
+ default: to
+ description: Direction represents the direction,
+ this applies on netem and network partition
+ action
+ enum:
+ - to
+ - from
+ - both
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail
+ about loss action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ duration:
+ description: Duration represents the duration
+ of the chaos action
+ type: string
+ externalTargets:
+ description: ExternalTargets represents network
+ targets outside k8s
+ items:
+ type: string
+ type: array
+ loss:
+ description: Loss represents the detail about
+ loss action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ target:
+ description: Target represents network target,
+ this applies on netem and network partition
+ action
+ properties:
+ mode:
+ description: 'Mode defines the mode to run
+ chaos action. Supported mode: one / all
+ / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ selector:
+ description: Selector is used to select
+ pods that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and
+ values that can be used to select
+ objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector
+ expressions that can be used to select
+ objects. A list of selectors based
+ on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and
+ values that can be used to select
+ objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and
+ values that can be used to select
+ objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of
+ namespace to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and
+ values that can be used to select
+ nodes. Selector which must match a
+ node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node
+ name and objects must belong to these
+ nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a
+ set of condition of a pod at the current
+ time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string
+ keys and a set values that used to
+ select pods. The key defines the namespace
+ which pods belong, and the each values
+ is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the
+ mode is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent
+ of pods the server can do chaos action.
+ IF `RandomMaxPercentMode`, provide a
+ number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ targetDevice:
+ description: TargetDevice represents the network
+ device to be affected in target scope.
+ type: string
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ physicalmachineChaos:
+ description: PhysicalMachineChaosSpec defines the
+ desired state of PhysicalMachineChaos
+ properties:
+ action:
+ description: the subAction, generate automatically
+ enum:
+ - stress-cpu
+ - stress-mem
+ - disk-read-payload
+ - disk-write-payload
+ - disk-fill
+ - network-corrupt
+ - network-duplicate
+ - network-loss
+ - network-delay
+ - network-partition
+ - network-dns
+ - network-bandwidth
+ - network-flood
+ - network-down
+ - process
+ - jvm-exception
+ - jvm-gc
+ - jvm-latency
+ - jvm-return
+ - jvm-stress
+ - jvm-rule-data
+ - jvm-mysql
+ - clock
+ - redis-expiration
+ - redis-penetration
+ - redis-cacheLimit
+ - redis-restart
+ - redis-stop
+ - kafka-fill
+ - kafka-flood
+ - kafka-io
+ - file-create
+ - file-modify
+ - file-delete
+ - file-rename
+ - file-append
+ - file-replace
+ - vm
+ - user_defined
+ type: string
+ address:
+ description: 'DEPRECATED: Use Selector instead.
+ Only one of Address and Selector could be
+ specified.'
+ items:
+ type: string
+ type: array
+ clock:
+ properties:
+ clock-ids-slice:
+ description: the identifier of the particular
+ clock on which to act. More clock description
+ in linux kernel can be found in man page
+ of clock_getres, clock_gettime, clock_settime.
+ Muti clock ids should be split with ","
+ type: string
+ pid:
+ description: the pid of target program.
+ type: integer
+ time-offset:
+ description: specifies the length of time
+ offset.
+ type: string
+ type: object
+ disk-fill:
+ properties:
+ fill-by-fallocate:
+ description: fill disk by fallocate
+ type: boolean
+ path:
+ description: specifies the location to fill
+ data in. if path not provided, payload
+ will read/write from/into a temp file,
+ temp file will be deleted after writing
+ type: string
+ size:
+ description: 'specifies how many units of
+ data will write into the file path. support
+ unit: c=1, w=2, b=512, kB=1000, K=1024,
+ MB=1000*1000, M=1024*1024, GB=1000*1000*1000,
+ G=1024*1024*1024 BYTES. example : 1M |
+ 512kB'
+ type: string
+ type: object
+ disk-read-payload:
+ properties:
+ path:
+ description: specifies the location to fill
+ data in. if path not provided, payload
+ will read/write from/into a temp file,
+ temp file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process
+ work on writing, default 1, only 1-255
+ is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of
+ data will write into the file path. support
+ unit: c=1, w=2, b=512, kB=1000, K=1024,
+ MB=1000*1000, M=1024*1024, GB=1000*1000*1000,
+ G=1024*1024*1024 BYTES. example : 1M |
+ 512kB'
+ type: string
+ type: object
+ disk-write-payload:
+ properties:
+ path:
+ description: specifies the location to fill
+ data in. if path not provided, payload
+ will read/write from/into a temp file,
+ temp file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process
+ work on writing, default 1, only 1-255
+ is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of
+ data will write into the file path. support
+ unit: c=1, w=2, b=512, kB=1000, K=1024,
+ MB=1000*1000, M=1024*1024, GB=1000*1000*1000,
+ G=1024*1024*1024 BYTES. example : 1M |
+ 512kB'
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration
+ of the chaos action
+ type: string
+ file-append:
+ properties:
+ count:
+ description: Count is the number of times
+ to append the data.
+ type: integer
+ data:
+ description: Data is the data for append.
+ type: string
+ file-name:
+ description: FileName is the name of the
+ file to be created, modified, deleted,
+ renamed, or appended.
+ type: string
+ type: object
+ file-create:
+ properties:
+ dir-name:
+ description: DirName is the directory name
+ to create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the
+ file to be created, modified, deleted,
+ renamed, or appended.
+ type: string
+ type: object
+ file-delete:
+ properties:
+ dir-name:
+ description: DirName is the directory name
+ to create or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the
+ file to be created, modified, deleted,
+ renamed, or appended.
+ type: string
+ type: object
+ file-modify:
+ properties:
+ file-name:
+ description: FileName is the name of the
+ file to be created, modified, deleted,
+ renamed, or appended.
+ type: string
+ privilege:
+ description: Privilege is the file privilege
+ to be set.
+ format: int32
+ type: integer
+ type: object
+ file-rename:
+ properties:
+ dest-file:
+ description: DestFile is the name to be
+ renamed.
+ type: string
+ source-file:
+ description: SourceFile is the name need
+ to be renamed.
+ type: string
+ type: object
+ file-replace:
+ properties:
+ dest-string:
+ description: DestStr is the destination
+ string of the file.
+ type: string
+ file-name:
+ description: FileName is the name of the
+ file to be created, modified, deleted,
+ renamed, or appended.
+ type: string
+ line:
+ description: Line is the line number of
+ the file to be replaced.
+ type: integer
+ origin-string:
+ description: OriginStr is the origin string
+ of the file.
+ type: string
+ type: object
+ http-abort:
+ properties:
+ code:
+ description: Code is a rule to select target
+ by http status code in response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard
+ matches
+ type: string
+ port:
+ description: The TCP port that the target
+ service listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port
+ of HTTP connection, we will only attack
+ HTTP connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - proxy_ports
+ - target
+ type: object
+ http-config:
+ properties:
+ file_path:
+ description: The config file path
+ type: string
+ type: object
+ http-delay:
+ properties:
+ code:
+ description: Code is a rule to select target
+ by http status code in response
+ type: string
+ delay:
+ description: Delay represents the delay
+ of the target request/response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard
+ matches
+ type: string
+ port:
+ description: The TCP port that the target
+ service listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port
+ of HTTP connection, we will only attack
+ HTTP connection with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - delay
+ - proxy_ports
+ - target
+ type: object
+ http-request:
+ description: used for HTTP request, now only
+ support GET
+ properties:
+ count:
+ description: The number of requests to send
+ type: integer
+ enable-conn-pool:
+ description: Enable connection pool
+ type: boolean
+ url:
+ description: Request to send"
+ type: string
+ type: object
+ jvm-exception:
+ properties:
+ class:
+ description: Java class
+ type: string
+ exception:
+ description: the exception which needs to
+ throw for action `exception`
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which
+ needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-gc:
+ properties:
+ pid:
+ description: the pid of Java process which
+ needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-latency:
+ properties:
+ class:
+ description: Java class
+ type: string
+ latency:
+ description: the latency duration for action
+ 'latency', unit ms
+ type: integer
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which
+ needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-mysql:
+ properties:
+ database:
+ description: the match database default
+ value is "", means match all database
+ type: string
+ exception:
+ description: The exception which needs to
+ throw for action `exception` or the exception
+ message needs to throw in action `mysql`
+ type: string
+ latency:
+ description: The latency duration for action
+ 'latency' or the latency duration in action
+ `mysql`
+ type: integer
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java,
+ only support 5.X.X(set to "5") and 8.X.X(set
+ to "8") now
+ type: string
+ pid:
+ description: the pid of Java process which
+ needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ sqlType:
+ description: the match sql type default
+ value is "", means match all SQL type.
+ The value can be 'select', 'insert', 'update',
+ 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value
+ is "", means match all table
+ type: string
+ type: object
+ jvm-return:
+ properties:
+ class:
+ description: Java class
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which
+ needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ value:
+ description: the return value for action
+ 'return'
+ type: string
+ type: object
+ jvm-rule-data:
+ properties:
+ pid:
+ description: the pid of Java process which
+ needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ rule-data:
+ description: RuleData used to save the rule
+ file's data, will use it when recover
+ type: string
+ type: object
+ jvm-stress:
+ properties:
+ cpu-count:
+ description: the CPU core number need to
+ use, only set it when action is stress
+ type: integer
+ mem-type:
+ description: the memory type need to locate,
+ only set it when action is stress, the
+ value can be 'stack' or 'heap'
+ type: string
+ pid:
+ description: the pid of Java process which
+ needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default
+ 9277
+ format: int32
+ type: integer
+ type: object
+ kafka-fill:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ maxBytes:
+ description: The max bytes to fill
+ format: int64
+ type: integer
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ reloadCommand:
+ description: The command to reload kafka
+ config
+ type: string
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-flood:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ threads:
+ description: The number of worker threads
+ type: integer
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-io:
+ properties:
+ configFile:
+ description: The path of server config
+ type: string
+ nonReadable:
+ description: Make kafka cluster non-readable
+ type: boolean
+ nonWritable:
+ description: Make kafka cluster non-writable
+ type: boolean
+ topic:
+ description: The topic to attack
+ type: string
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ network-bandwidth:
+ properties:
+ buffer:
+ format: int32
+ minimum: 1
+ type: integer
+ device:
+ type: string
+ hostname:
+ type: string
+ ip-address:
+ type: string
+ limit:
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ format: int32
+ type: integer
+ peakrate:
+ format: int64
+ type: integer
+ rate:
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ network-corrupt:
+ properties:
+ correlation:
+ description: correlation is percentage (10
+ is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic
+ to these destination ports, use a ','
+ to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be
+ used in conjunction with -p tcp or -p
+ udp
+ type: string
+ hostname:
+ description: only impact traffic to these
+ hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic
+ to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using
+ this IP protocol, supported: tcp, udp,
+ icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to corrupt
+ (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic
+ from these source ports, use a ',' to
+ separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used
+ in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-delay:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match
+ the tcp flag can be accepted, others will
+ be dropped. only set when the IPProtocol
+ is tcp, used for partition.
+ type: string
+ correlation:
+ description: correlation is percentage (10
+ is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic
+ to these destination ports, use a ','
+ to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be
+ used in conjunction with -p tcp or -p
+ udp
+ type: string
+ hostname:
+ description: only impact traffic to these
+ hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic
+ to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using
+ this IP protocol, supported: tcp, udp,
+ icmp, all'
+ type: string
+ jitter:
+ description: 'jitter time, time units: ns,
+ us (or µs), ms, s, m, h.'
+ type: string
+ latency:
+ description: 'delay egress time, time units:
+ ns, us (or µs), ms, s, m, h.'
+ type: string
+ source-port:
+ description: only impact egress traffic
+ from these source ports, use a ',' to
+ separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used
+ in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-dns:
+ properties:
+ dns-domain-name:
+ description: map this host to specified
+ IP
+ type: string
+ dns-ip:
+ description: map specified host to this
+ IP address
+ type: string
+ dns-server:
+ description: update the DNS server in /etc/resolv.conf
+ with this value
+ type: string
+ type: object
+ network-down:
+ properties:
+ device:
+ description: The network interface to impact
+ type: string
+ duration:
+ description: 'NIC down time, time units:
+ ns, us (or µs), ms, s, m, h.'
+ type: string
+ type: object
+ network-duplicate:
+ properties:
+ correlation:
+ description: correlation is percentage (10
+ is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic
+ to these destination ports, use a ','
+ to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be
+ used in conjunction with -p tcp or -p
+ udp
+ type: string
+ hostname:
+ description: only impact traffic to these
+ hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic
+ to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using
+ this IP protocol, supported: tcp, udp,
+ icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to duplicate
+ (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic
+ from these source ports, use a ',' to
+ separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used
+ in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-flood:
+ properties:
+ duration:
+ description: The number of seconds to run
+ the iperf test
+ type: string
+ ip-address:
+ description: Generate traffic to this IP
+ address
+ type: string
+ parallel:
+ description: The number of iperf parallel
+ client threads to run
+ format: int32
+ type: integer
+ port:
+ description: Generate traffic to this port
+ on the IP address
+ type: string
+ rate:
+ description: The speed of network traffic,
+ allows bps, kbps, mbps, gbps, tbps unit.
+ bps means bytes per second
+ type: string
+ required:
+ - duration
+ - rate
+ type: object
+ network-loss:
+ properties:
+ correlation:
+ description: correlation is percentage (10
+ is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic
+ to these destination ports, use a ','
+ to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be
+ used in conjunction with -p tcp or -p
+ udp
+ type: string
+ hostname:
+ description: only impact traffic to these
+ hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic
+ to these IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using
+ this IP protocol, supported: tcp, udp,
+ icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to loss
+ (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic
+ from these source ports, use a ',' to
+ separate or to indicate the range, such
+ as 80, 8001:8010. it can only be used
+ in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-partition:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match
+ the tcp flag can be accepted, others will
+ be dropped. only set when the IPProtocol
+ is tcp, used for partition.
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ direction:
+ description: specifies the partition direction,
+ values can be 'from', 'to'. 'from' means
+ packets coming from the 'IPAddress' or
+ 'Hostname' and going to your server, 'to'
+ means packets originating from your server
+ and going to the 'IPAddress' or 'Hostname'.
+ type: string
+ hostname:
+ description: only impact traffic to these
+ hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic
+ to these IP addresses
+ type: string
+ ip-protocol:
+ description: only impact egress traffic
+ to these IP addresses
+ type: string
+ type: object
+ process:
+ properties:
+ process:
+ description: the process name or the process
+ ID
+ type: string
+ recoverCmd:
+ description: the command to be run when
+ recovering experiment
+ type: string
+ signal:
+ description: the signal number to send
+ type: integer
+ type: object
+ redis-cacheLimit:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ cacheSize:
+ description: The size of `maxmemory`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ percent:
+ description: Specifies maxmemory as a percentage
+ of the original value
+ type: string
+ type: object
+ redis-expiration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ expiration:
+ description: The expiration of the keys
+ type: string
+ key:
+ description: The keys to be expired
+ type: string
+ option:
+ description: Additional options for `expiration`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ type: object
+ redis-penetration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ requestNum:
+ description: The number of requests to be
+ sent
+ type: integer
+ type: object
+ redis-restart:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines
+ whether to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server`
+ command-line tool
+ type: boolean
+ type: object
+ redis-stop:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines
+ whether to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server`
+ command-line tool
+ type: boolean
+ type: object
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select physical
+ machines that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ physicalMachines:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: PhysicalMachines is a map of
+ string keys and a set values that used
+ to select physical machines. The key defines
+ the namespace which physical machine belong,
+ and each value is a set of physical machine
+ names.
+ type: object
+ type: object
+ stress-cpu:
+ properties:
+ load:
+ description: specifies P percent loading
+ per CPU worker. 0 is effectively a sleep
+ (no load) and 100 is full loading.
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: specifies N workers to apply
+ the stressor.
+ type: integer
+ type: object
+ stress-mem:
+ properties:
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: specifies N bytes consumed
+ per vm worker, default is the total available
+ memory. One can specify the size as %
+ of total available memory or in units
+ of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB..
+ type: string
+ type: object
+ uid:
+ description: the experiment ID
+ type: string
+ user_defined:
+ properties:
+ attackCmd:
+ description: The command to be executed
+ when attack
+ type: string
+ recoverCmd:
+ description: The command to be executed
+ when recover
+ type: string
+ type: object
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of physical machines to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent
+ of physical machines the server can do chaos
+ action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ vm:
+ properties:
+ vm-name:
+ description: The name of the VM to be injected
+ type: string
+ type: object
+ required:
+ - action
+ - mode
+ type: object
+ podChaos:
+ description: PodChaosSpec defines the attributes
+ that a user creates on a chaos experiment about
+ pods.
+ properties:
+ action:
+ description: 'Action defines the specific pod
+ chaos action. Supported action: pod-kill /
+ pod-failure / container-kill Default action:
+ pod-kill'
+ enum:
+ - pod-kill
+ - pod-failure
+ - container-kill
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of
+ the name of affected container. If not set,
+ the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration
+ of the chaos action. It is required when the
+ action is `PodFailureAction`. A duration string
+ is a possibly signed sequence of decimal numbers,
+ each with optional fraction and a unit suffix,
+ such as "300ms", "-1.5h" or "2h45m". Valid
+ time units are "ns", "us" (or "µs"), "ms",
+ "s", "m", "h".
+ type: string
+ gracePeriod:
+ description: GracePeriod is used in pod-kill
+ action. It represents the duration in seconds
+ before the pod should be deleted. Value must
+ be non-negative integer. The default value
+ is zero that indicates delete immediately.
+ format: int64
+ minimum: 0
+ type: integer
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ schedule:
+ type: string
+ startingDeadlineSeconds:
+ format: int64
+ minimum: 0
+ nullable: true
+ type: integer
+ stressChaos:
+ description: StressChaosSpec defines the desired
+ state of StressChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of
+ the name of affected container. If not set,
+ the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration
+ of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ stressngStressors:
+ description: StressngStressors defines plenty
+ of stressors just like `Stressors` except
+ that it's an experimental feature and more
+ powerful. You can define stressors in `stress-ng`
+ (see also `man stress-ng`) dialect, however
+ not all of the supported stressors are well
+ tested. It maybe retired in later releases.
+ You should always use `Stressors` to define
+ the stressors and use this only when you want
+ more stressors unsupported by `Stressors`.
+ When both `StressngStressors` and `Stressors`
+ are defined, `StressngStressors` wins.
+ type: string
+ stressors:
+ description: Stressors defines plenty of stressors
+ supported to stress system components out.
+ You can use one or more of them to make up
+ various kinds of stresses. At least one of
+ the stressors should be specified.
+ properties:
+ cpu:
+ description: CPUStressor stresses CPU out
+ properties:
+ load:
+ description: Load specifies P percent
+ loading per CPU worker. 0 is effectively
+ a sleep (no load) and 100 is full
+ loading.
+ maximum: 100
+ minimum: 0
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: Workers specifies N workers
+ to apply the stressor. Maximum 8192
+ workers can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ memory:
+ description: MemoryStressor stresses virtual
+ memory out
+ properties:
+ oomScoreAdj:
+ default: 0
+ description: OOMScoreAdj sets the oom_score_adj
+ of the stress process. See `man 5
+ proc` to know more about this option.
+ maximum: 1000
+ minimum: -1000
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: Size specifies N bytes
+ consumed per vm worker, default is
+ the total available memory. One can
+ specify the size as % of total available
+ memory or in units of B, KB/KiB, MB/MiB,
+ GB/GiB, TB/TiB.
+ type: string
+ workers:
+ description: Workers specifies N workers
+ to apply the stressor. Maximum 8192
+ workers can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ timeChaos:
+ description: TimeChaosSpec defines the desired state
+ of TimeChaos
+ properties:
+ clockIds:
+ description: ClockIds defines all affected clock
+ id All available options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID",
+ "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM",
+ "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"]
+ items:
+ type: string
+ type: array
+ containerNames:
+ description: ContainerNames indicates list of
+ the name of affected container. If not set,
+ the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration
+ of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed
+ / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A
+ list of selectors based on set-based label
+ expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select objects. A
+ selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values
+ that can be used to select nodes. Selector
+ which must match a node's labels, and
+ objects must belong to these selected
+ nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name
+ and objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set
+ of condition of a pod at the current time.
+ supported value: Pending / Running / Succeeded
+ / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys
+ and a set values that used to select pods.
+ The key defines the namespace which pods
+ belong, and the each values is a set of
+ pod names.
+ type: object
+ type: object
+ timeOffset:
+ description: TimeOffset defines the delta time
+ of injected program. It's a possibly signed
+ sequence of decimal numbers, such as "300ms",
+ "-1.5h" or "2h45m". Valid time units are "ns",
+ "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ value:
+ description: Value is required when the mode
+ is set to `FixedMode` / `FixedPercentMode`
+ / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action.
+ If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server
+ can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - timeOffset
+ type: object
+ type:
+ description: 'TODO: use a custom type, as `TemplateType`
+ contains other possible values'
+ type: string
+ required:
+ - schedule
+ - type
+ type: object
+ statusCheck:
+ description: StatusCheck describe the behavior of StatusCheck.
+ Only used when Type is TypeStatusCheck.
+ properties:
+ duration:
+ description: Duration defines the duration of the
+ whole status check if the number of failed execution
+ does not exceed the failure threshold. Duration
+ is available to both `Synchronous` and `Continuous`
+ mode. A duration string is a possibly signed sequence
+ of decimal numbers, each with optional fraction
+ and a unit suffix, such as "300ms", "-1.5h" or
+ "2h45m". Valid time units are "ns", "us" (or "µs"),
+ "ms", "s", "m", "h".
+ type: string
+ failureThreshold:
+ default: 3
+ description: FailureThreshold defines the minimum
+ consecutive failure for the status check to be
+ considered failed.
+ minimum: 1
+ type: integer
+ http:
+ properties:
+ body:
+ type: string
+ criteria:
+ description: Criteria defines how to determine
+ the result of the status check.
+ properties:
+ statusCode:
+ description: StatusCode defines the expected
+ http status code for the request. A statusCode
+ string could be a single code (e.g. 200),
+ or an inclusive range (e.g. 200-400, both
+ `200` and `400` are included).
+ type: string
+ required:
+ - statusCode
+ type: object
+ headers:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: "A Header represents the key-value
+ pairs in an HTTP header. \n The keys should
+ be in canonical form, as returned by CanonicalHeaderKey."
+ type: object
+ method:
+ default: GET
+ enum:
+ - GET
+ - POST
+ type: string
+ url:
+ type: string
+ required:
+ - criteria
+ - url
+ type: object
+ intervalSeconds:
+ default: 10
+ description: IntervalSeconds defines how often (in
+ seconds) to perform an execution of status check.
+ minimum: 1
+ type: integer
+ mode:
+ description: 'Mode defines the execution mode of
+ the status check. Support type: Synchronous /
+ Continuous'
+ enum:
+ - Synchronous
+ - Continuous
+ type: string
+ recordsHistoryLimit:
+ default: 100
+ description: RecordsHistoryLimit defines the number
+ of record to retain.
+ maximum: 1000
+ minimum: 1
+ type: integer
+ successThreshold:
+ default: 1
+ description: SuccessThreshold defines the minimum
+ consecutive successes for the status check to
+ be considered successful. SuccessThreshold only
+ works for `Synchronous` mode.
+ minimum: 1
+ type: integer
+ timeoutSeconds:
+ default: 1
+ description: TimeoutSeconds defines the number of
+ seconds after which an execution of status check
+ times out.
+ minimum: 1
+ type: integer
+ type:
+ default: HTTP
+ description: 'Type defines the specific status check
+ type. Support type: HTTP'
+ enum:
+ - HTTP
+ type: string
+ required:
+ - type
+ type: object
+ stressChaos:
+ description: StressChaosSpec defines the desired state
+ of StressChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ stressngStressors:
+ description: StressngStressors defines plenty of
+ stressors just like `Stressors` except that it's
+ an experimental feature and more powerful. You
+ can define stressors in `stress-ng` (see also
+ `man stress-ng`) dialect, however not all of the
+ supported stressors are well tested. It maybe
+ retired in later releases. You should always use
+ `Stressors` to define the stressors and use this
+ only when you want more stressors unsupported
+ by `Stressors`. When both `StressngStressors`
+ and `Stressors` are defined, `StressngStressors`
+ wins.
+ type: string
+ stressors:
+ description: Stressors defines plenty of stressors
+ supported to stress system components out. You
+ can use one or more of them to make up various
+ kinds of stresses. At least one of the stressors
+ should be specified.
+ properties:
+ cpu:
+ description: CPUStressor stresses CPU out
+ properties:
+ load:
+ description: Load specifies P percent loading
+ per CPU worker. 0 is effectively a sleep
+ (no load) and 100 is full loading.
+ maximum: 100
+ minimum: 0
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: Workers specifies N workers
+ to apply the stressor. Maximum 8192 workers
+ can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ memory:
+ description: MemoryStressor stresses virtual
+ memory out
+ properties:
+ oomScoreAdj:
+ default: 0
+ description: OOMScoreAdj sets the oom_score_adj
+ of the stress process. See `man 5 proc`
+ to know more about this option.
+ maximum: 1000
+ minimum: -1000
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: Size specifies N bytes consumed
+ per vm worker, default is the total available
+ memory. One can specify the size as %
+ of total available memory or in units
+ of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB.
+ type: string
+ workers:
+ description: Workers specifies N workers
+ to apply the stressor. Maximum 8192 workers
+ can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ task:
+ description: Task describes the behavior of the custom
+ task. Only used when Type is TypeTask.
+ properties:
+ container:
+ description: Container is the main container image
+ to run in the pod
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The
+ container image''s CMD is used if this is
+ not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment.
+ If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal
+ "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed
+ within a shell. The container image''s ENTRYPOINT
+ is used if this is not provided. Variable
+ references $(VAR_NAME) are expanded using
+ the container''s environment. If a variable
+ cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the
+ $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded,
+ regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to
+ set in the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined
+ environment variables in the container
+ and any service environment variables.
+ If a variable cannot be resolved, the
+ reference in the input string will be
+ unchanged. Double $$ are reduced to
+ a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded,
+ regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if
+ value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the
+ pod: supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in
+ terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified API
+ version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined
+ within a source must be a C_IDENTIFIER. All
+ invalid keys will be reported as an event
+ when the container is starting. When a key
+ exists in multiple sources, the value associated
+ with the last source will take precedence.
+ Values defined by an Env with a duplicate
+ key will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the
+ source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to
+ prepend to each key in the ConfigMap.
+ Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info:
+ https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level
+ config management to default or override container
+ images in workload controllers like Deployments
+ and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always,
+ Never, IfNotPresent. Defaults to Always if
+ :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system
+ should take in response to container lifecycle
+ events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately
+ after a container is created. If the handler
+ fails, the container is terminated and
+ restarted according to its restart policy.
+ Other management of the container blocks
+ until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the
+ command is root ('/') in the
+ container's filesystem. The command
+ is simply exec'd, it is not run
+ inside a shell, so traditional
+ shell instructions ('|', etc)
+ won't work. To use a shell, you
+ need to explicitly call out to
+ that shell. Exit status of 0 is
+ treated as live/healthy and non-zero
+ is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect
+ to, defaults to the pod IP. You
+ probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: The header field
+ name
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the
+ port to access on the container.
+ Number must be in the range 1
+ to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is
+ NOT supported as a LifecycleHandler
+ and kept for the backward compatibility.
+ There are no validation of this field
+ and lifecycle hooks will fail in runtime
+ when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the
+ pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the
+ port to access on the container.
+ Number must be in the range 1
+ to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately
+ before a container is terminated due to
+ an API request or management event such
+ as liveness/startup probe failure, preemption,
+ resource contention, etc. The handler
+ is not called if the container crashes
+ or exits. The Pod''s termination grace
+ period countdown begins before the PreStop
+ hook is executed. Regardless of the outcome
+ of the handler, the container will eventually
+ terminate within the Pod''s termination
+ grace period (unless delayed by finalizers).
+ Other management of the container blocks
+ until the hook completes or until the
+ termination grace period is reached. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the
+ command is root ('/') in the
+ container's filesystem. The command
+ is simply exec'd, it is not run
+ inside a shell, so traditional
+ shell instructions ('|', etc)
+ won't work. To use a shell, you
+ need to explicitly call out to
+ that shell. Exit status of 0 is
+ treated as live/healthy and non-zero
+ is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect
+ to, defaults to the pod IP. You
+ probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: The header field
+ name
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the
+ port to access on the container.
+ Number must be in the range 1
+ to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is
+ NOT supported as a LifecycleHandler
+ and kept for the backward compatibility.
+ There are no validation of this field
+ and lifecycle hooks will fail in runtime
+ when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the
+ pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the
+ port to access on the container.
+ Number must be in the range 1
+ to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures
+ for the probe to be considered failed
+ after having succeeded. Defaults to 3.
+ Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and
+ requires enabling GRPCContainerProbe feature
+ gate.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of
+ the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the
+ container has started before liveness
+ probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes
+ for the probe to be considered successful
+ after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds
+ the pod needs to terminate gracefully
+ upon probe failure. The grace period is
+ the duration in seconds after the processes
+ running in the pod are sent a termination
+ signal and the time when the processes
+ are forcibly halted with a kill signal.
+ Set this value longer than the expected
+ cleanup time for your process. If this
+ value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value
+ zero indicates stop immediately via the
+ kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified
+ as a DNS_LABEL. Each container in a pod must
+ have a unique name (DNS_LABEL). Cannot be
+ updated.
+ type: string
+ ports:
+ description: List of ports to expose from the
+ container. Not specifying a port here DOES
+ NOT prevent that port from being exposed.
+ Any port which is listening on the default
+ "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying
+ this array with strategic merge patch may
+ corrupt the data. For more information See
+ https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose
+ on the pod's IP address. This must be
+ a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the
+ external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose
+ on the host. If specified, this must
+ be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must
+ match ContainerPort. Most containers
+ do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be
+ an IANA_SVC_NAME and unique within the
+ pod. Each named port in a pod must have
+ a unique name. Name for the port that
+ can be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be
+ UDP, TCP, or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service
+ readiness. Container will be removed from
+ service endpoints if the probe fails. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures
+ for the probe to be considered failed
+ after having succeeded. Defaults to 3.
+ Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and
+ requires enabling GRPCContainerProbe feature
+ gate.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of
+ the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the
+ container has started before liveness
+ probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes
+ for the probe to be considered successful
+ after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds
+ the pod needs to terminate gracefully
+ upon probe failure. The grace period is
+ the duration in seconds after the processes
+ running in the pod are sent a termination
+ signal and the time when the processes
+ are forcibly halted with a kill signal.
+ Set this value longer than the expected
+ cleanup time for your process. If this
+ value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value
+ zero indicates stop immediately via the
+ kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by
+ this container. Cannot be updated. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of
+ resources, defined in spec.resourceClaims,
+ that are used by this container. \n This
+ is an alpha field and requires enabling
+ the DynamicResourceAllocation feature
+ gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required.
+ If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security
+ options the container should be run with.
+ If set, the fields of SecurityContext override
+ the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges
+ than its parent process. This bool directly
+ controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is:
+ 1) run as Privileged 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when
+ spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop
+ when running containers. Defaults to the
+ default set of capabilities granted by
+ the container runtime. Note that this
+ field cannot be set when spec.os.name
+ is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent
+ POSIX capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent
+ POSIX capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged
+ mode. Processes in privileged containers
+ are essentially equivalent to root on
+ the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type
+ of proc mount to use for the containers.
+ The default is DefaultProcMount which
+ uses the container runtime defaults for
+ readonly paths and masked paths. This
+ requires the ProcMountType feature flag
+ to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has
+ a read-only root filesystem. Default is
+ false. Note that this field cannot be
+ set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint
+ of the container process. Uses runtime
+ default if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container
+ must run as a non-root user. If true,
+ the Kubelet will validate the image at
+ runtime to ensure that it does not run
+ as UID 0 (root) and fail to start the
+ container if it does. If unset or false,
+ no such validation will be performed.
+ May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint
+ of the container process. Defaults to
+ user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence. Note that this field
+ cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied
+ to the container. If unspecified, the
+ container runtime will allocate a random
+ SELinux context for each container. May
+ also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence. Note that this field
+ cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level
+ label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role
+ label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type
+ label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user
+ label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use
+ by this container. If seccomp options
+ are provided at both the pod & container
+ level, the container options override
+ the pod options. Note that this field
+ cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates
+ a profile defined in a file on the
+ node should be used. The profile must
+ be preconfigured on the node to work.
+ Must be a descending path, relative
+ to the kubelet's configured seccomp
+ profile location. Must only be set
+ if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind
+ of seccomp profile will be applied.
+ Valid options are: \n Localhost -
+ a profile defined in a file on the
+ node should be used. RuntimeDefault
+ - the container runtime default profile
+ should be used. Unconfined - no profile
+ should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings
+ applied to all containers. If unspecified,
+ the options from the PodSecurityContext
+ will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified
+ in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name
+ is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where
+ the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName
+ is the name of the GMSA credential
+ spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines
+ if a container should be run as a
+ 'Host Process' container. This field
+ is alpha-level and will only be honored
+ by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without
+ the feature flag will result in errors
+ when validating the Pod. All of a
+ Pod's containers must have the same
+ effective HostProcess value (it is
+ not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In
+ addition, if HostProcess is true then
+ HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows
+ to run the entrypoint of the container
+ process. Defaults to the user specified
+ in image metadata if unspecified.
+ May also be set in PodSecurityContext.
+ If set in both SecurityContext and
+ PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the
+ Pod has successfully initialized. If specified,
+ no other probes are executed until this completes
+ successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe
+ failed. This can be used to provide different
+ probe parameters at the beginning of a Pod''s
+ lifecycle, when it might take a long time
+ to load data or warm a cache, than during
+ steady-state operation. This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures
+ for the probe to be considered failed
+ after having succeeded. Defaults to 3.
+ Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and
+ requires enabling GRPCContainerProbe feature
+ gate.
+ properties:
+ port:
+ description: Port number of the gRPC
+ service. Number must be in the range
+ 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of
+ the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the
+ container has started before liveness
+ probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes
+ for the probe to be considered successful
+ after having failed. Defaults to 1. Must
+ be 1 for liveness and startup. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds
+ the pod needs to terminate gracefully
+ upon probe failure. The grace period is
+ the duration in seconds after the processes
+ running in the pod are sent a termination
+ signal and the time when the processes
+ are forcibly halted with a kill signal.
+ Set this value longer than the expected
+ cleanup time for your process. If this
+ value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value
+ zero indicates stop immediately via the
+ kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime.
+ If this is not set, reads from stdin in the
+ container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should
+ close the stdin channel after it has been
+ opened by a single attach. When stdin is true
+ the stdin stream will remain open across multiple
+ attach sessions. If stdinOnce is set to true,
+ stdin is opened on container start, is empty
+ until the first client attaches to stdin,
+ and then remains open and accepts data until
+ the client disconnects, at which time stdin
+ is closed and remains closed until the container
+ is restarted. If this flag is false, a container
+ processes that reads from stdin will never
+ receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file
+ to which the container''s termination message
+ will be written is mounted into the container''s
+ filesystem. Message written is intended to
+ be brief final status, such as an assertion
+ failure message. Will be truncated by the
+ node if greater than 4096 bytes. The total
+ message length across all containers will
+ be limited to 12kb. Defaults to /dev/termination-log.
+ Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message
+ should be populated. File will use the contents
+ of terminationMessagePath to populate the
+ container status message on both success and
+ failure. FallbackToLogsOnError will use the
+ last chunk of container log output if the
+ termination message file is empty and the
+ container exited with an error. The log output
+ is limited to 2048 bytes or 80 lines, whichever
+ is smaller. Defaults to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to
+ be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will
+ be mapped to.
+ type: string
+ name:
+ description: name must match the name
+ of a persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container
+ at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines
+ how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is
+ used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name
+ of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true,
+ read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from
+ which the container's volume should
+ be mounted. Defaults to "" (volume's
+ root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the
+ volume from which the container's volume
+ should be mounted. Behaves similarly
+ to SubPath but environment variable
+ references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and
+ SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory.
+ If not specified, the container runtime's
+ default will be used, which might be configured
+ in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ volumes:
+ description: Volumes is a list of volumes that can
+ be mounted by containers in a template.
+ items:
+ description: Volume represents a named volume
+ in a pod that may be accessed by any container
+ in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents
+ an AWS Disk resource that is attached to
+ a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem
+ type of the volume that you want to
+ mount. Tip: Ensure that the filesystem
+ type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition
+ in the volume that you want to mount.
+ If omitted, the default is to mount
+ by volume name. Examples: For volume
+ /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave
+ the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will
+ force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of
+ the persistent disk resource in AWS
+ (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure
+ Data Disk mount on the host and bind mount
+ to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host
+ Caching mode: None, Read Only, Read
+ Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the
+ data disk in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data
+ disk in the blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type
+ to mount. Must be a filesystem type
+ supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are
+ Shared: multiple blob disks per storage
+ account Dedicated: single blob disk
+ per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false
+ (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure
+ File Service mount on the host and bind
+ mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false
+ (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of
+ secret that contains Azure Storage Account
+ Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share
+ Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount
+ on the host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors
+ is a collection of Ceph monitors More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as
+ the mounted root, rather than the full
+ Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional:
+ SecretFile is the path to key ring for
+ User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef
+ is reference to the authentication secret
+ for User, default is empty. More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is optional: User is
+ the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume
+ attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem
+ type to mount. Must be a filesystem
+ type supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if
+ unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false
+ (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points
+ to a secret object containing parameters
+ used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volumeID used to identify
+ the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional:
+ mode bits used to set permissions on
+ created files by default. Must be an
+ octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories
+ within the path are not affected by
+ this setting. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced ConfigMap will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: csi (Container Storage Interface)
+ represents ephemeral storage that is handled
+ by certain external CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: driver is the name of the
+ CSI driver that handles this volume.
+ Consult with your admin for the correct
+ name as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4",
+ "xfs", "ntfs". If not provided, the
+ empty value is passed to the associated
+ CSI driver which will determine the
+ default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a
+ reference to the secret object containing
+ sensitive information to pass to the
+ CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This
+ field is optional, and may be empty
+ if no secret is required. If the secret
+ object contains more than one secret,
+ all secret references are passed.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: readOnly specifies a read-only
+ configuration for the volume. Defaults
+ to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific
+ properties that are passed to the CSI
+ driver. Consult your driver's documentation
+ for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward
+ API about the pod that should populate this
+ volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use
+ on created files by default. Must be
+ a Optional: mode bits used to set permissions
+ on created files by default. Must be
+ an octal value between 0000 and 0777
+ or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal
+ values, JSON requires decimal values
+ for mode bits. Defaults to 0644. Directories
+ within the path are not affected by
+ this setting. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward
+ API volume file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits
+ used to set permissions on this
+ file, must be an octal value between
+ 0000 and 0777 or a decimal value
+ between 0 and 511. YAML accepts
+ both octal and decimal values,
+ JSON requires decimal values for
+ mode bits. If not specified, the
+ volume defaultMode will be used.
+ This might be in conflict with
+ other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu and
+ requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary
+ directory that shares a pod''s lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type
+ of storage medium should back this directory.
+ The default is "" which means to use
+ the node''s default medium. Must be
+ an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount
+ of local storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage
+ on memory medium EmptyDir would be the
+ minimum value between the SizeLimit
+ specified here and the sum of memory
+ limits of all containers in a pod. The
+ default is nil which means that the
+ limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume
+ that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod
+ that defines it - it will be created before
+ the pod starts, and deleted when the pod
+ is removed. \n Use this if: a) the volume
+ is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot
+ or capacity tracking are needed, c) the
+ storage driver is specified through a storage
+ class, and d) the storage driver supports
+ dynamic volume provisioning through a
+ PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection
+ between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the
+ vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual
+ pod. \n Use CSI for light-weight local ephemeral
+ volumes if the CSI driver is meant to be
+ used that way - see the documentation of
+ the driver for more information. \n A pod
+ can use both types of ephemeral volumes
+ and persistent volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a
+ stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the
+ PVC, i.e. the PVC will be deleted together
+ with the pod. The name of the PVC will
+ be `-` where
+ `` is the name from the
+ `PodSpec.Volumes` array entry. Pod validation
+ will reject the pod if the concatenated
+ name is not valid for a PVC (for example,
+ too long). \n An existing PVC with that
+ name that is not owned by the pod will
+ *not* be used for the pod to avoid using
+ an unrelated volume by mistake. Starting
+ the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created
+ PVC is meant to be used by the pod,
+ the PVC has to updated with an owner
+ reference to the pod once the pod exists.
+ Normally this should not be necessary,
+ but it may be useful when manually reconstructing
+ a broken cluster. \n This field is read-only
+ and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and
+ annotations that will be copied
+ into the PVC when creating it. No
+ other fields are allowed and will
+ be rejected during validation.
+ type: object
+ spec:
+ description: The specification for
+ the PersistentVolumeClaim. The entire
+ content is copied unchanged into
+ the PVC that gets created from this
+ template. The same fields as in
+ a PersistentVolumeClaim are also
+ valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains
+ the desired access modes the
+ volume should have. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field
+ can be used to specify either:
+ * An existing VolumeSnapshot
+ object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external
+ controller can support the specified
+ data source, it will create
+ a new volume based on the contents
+ of the specified data source.
+ When the AnyVolumeDataSource
+ feature gate is enabled, dataSource
+ contents will be copied to dataSourceRef,
+ and dataSourceRef contents will
+ be copied to dataSource when
+ dataSourceRef.namespace is not
+ specified. If the namespace
+ is specified, then dataSourceRef
+ will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the
+ group for the resource being
+ referenced. If APIGroup
+ is not specified, the specified
+ Kind must be in the core
+ API group. For any other
+ third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type
+ of resource being referenced
+ type: string
+ name:
+ description: Name is the name
+ of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies
+ the object from which to populate
+ the volume with data, if a non-empty
+ volume is desired. This may
+ be any object from a non-empty
+ API group (non core object)
+ or a PersistentVolumeClaim object.
+ When this field is specified,
+ volume binding will only succeed
+ if the type of the specified
+ object matches some installed
+ volume populator or dynamic
+ provisioner. This field will
+ replace the functionality of
+ the dataSource field and as
+ such if both fields are non-empty,
+ they must have the same value.
+ For backwards compatibility,
+ when namespace isn''t specified
+ in dataSourceRef, both fields
+ (dataSource and dataSourceRef)
+ will be set to the same value
+ automatically if one of them
+ is empty and the other is non-empty.
+ When namespace is specified
+ in dataSourceRef, dataSource
+ isn''t set to the same value
+ and must be empty. There are
+ three important differences
+ between dataSource and dataSourceRef:
+ * While dataSource only allows
+ two specific types of objects,
+ dataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim
+ objects. * While dataSource
+ ignores disallowed values (dropping
+ them), dataSourceRef preserves
+ all values, and generates an
+ error if a disallowed value
+ is specified. * While dataSource
+ only allows local objects, dataSourceRef
+ allows objects in any namespaces.
+ (Beta) Using this field requires
+ the AnyVolumeDataSource feature
+ gate to be enabled. (Alpha)
+ Using the namespace field of
+ dataSourceRef requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the
+ group for the resource being
+ referenced. If APIGroup
+ is not specified, the specified
+ Kind must be in the core
+ API group. For any other
+ third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type
+ of resource being referenced
+ type: string
+ name:
+ description: Name is the name
+ of resource being referenced
+ type: string
+ namespace:
+ description: Namespace is
+ the namespace of resource
+ being referenced Note that
+ when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the
+ referent namespace to allow
+ that namespace's owner to
+ accept the reference. See
+ the ReferenceGrant documentation
+ for details. (Alpha) This
+ field requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents
+ the minimum resources the volume
+ should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are
+ allowed to specify resource
+ requirements that are lower
+ than previous value but must
+ still be higher than capacity
+ recorded in the status field
+ of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists
+ the names of resources,
+ defined in spec.resourceClaims,
+ that are used by this container.
+ \n This is an alpha field
+ and requires enabling the
+ DynamicResourceAllocation
+ feature gate. \n This field
+ is immutable."
+ items:
+ description: ResourceClaim
+ references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must
+ match the name of
+ one entry in pod.spec.resourceClaims
+ of the Pod where this
+ field is used. It
+ makes that resource
+ available inside a
+ container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes
+ the maximum amount of compute
+ resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes
+ the minimum amount of compute
+ resources required. If Requests
+ is omitted for a container,
+ it defaults to Limits if
+ that is explicitly specified,
+ otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label
+ query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector
+ that contains values,
+ a key, and an operator
+ that relates the key and
+ values.
+ properties:
+ key:
+ description: key is
+ the label key that
+ the selector applies
+ to.
+ type: string
+ operator:
+ description: operator
+ represents a key's
+ relationship to a
+ set of values. Valid
+ operators are In,
+ NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values
+ is an array of string
+ values. If the operator
+ is In or NotIn, the
+ values array must
+ be non-empty. If the
+ operator is Exists
+ or DoesNotExist, the
+ values array must
+ be empty. This array
+ is replaced during
+ a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is
+ a map of {key,value} pairs.
+ A single {key,value} in
+ the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key",
+ the operator is "In", and
+ the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName
+ is the name of the StorageClass
+ required by the claim. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines
+ what type of volume is required
+ by the claim. Value of Filesystem
+ is implied when not included
+ in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the
+ binding reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel
+ resource that is attached to a kubelet's
+ host machine and then exposed to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem
+ type to mount. Must be a filesystem
+ type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target
+ lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional:
+ FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume
+ world wide identifiers (wwids) Either
+ wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic
+ volume resource that is provisioned/attached
+ using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the
+ driver to use for this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem
+ type to mount. Must be a filesystem
+ type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". The
+ default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this
+ field holds extra command options if
+ any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults
+ to false (read/write). ReadOnly here
+ will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef
+ is reference to the secret object containing
+ sensitive information to pass to the
+ plugin scripts. This may be empty if
+ no secret object is specified. If the
+ secret object contains more than one
+ secret, all secrets are passed to the
+ plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker
+ volume attached to a kubelet's host machine.
+ This depends on the Flocker control service
+ being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the
+ dataset stored as metadata -> name on
+ the dataset for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of
+ the dataset. This is unique identifier
+ of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents
+ a GCE Disk resource that is attached to
+ a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type
+ of the volume that you want to mount.
+ Tip: Ensure that the filesystem type
+ is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition
+ in the volume that you want to mount.
+ If omitted, the default is to mount
+ by volume name. Examples: For volume
+ /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave
+ the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of
+ the PD resource in GCE. Used to identify
+ the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository
+ at a particular revision. DEPRECATED: GitRepo
+ is deprecated. To provision a container
+ with a git repo, mount an EmptyDir into
+ an InitContainer that clones the repo using
+ git, then mount the EmptyDir into the Pod''s
+ container.'
+ properties:
+ directory:
+ description: directory is the target directory
+ name. Must not contain or start with
+ '..'. If '.' is supplied, the volume
+ directory will be the git repository. Otherwise,
+ if specified, the volume will contain
+ the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash
+ for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs
+ mount on the host that shares a pod''s lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint
+ name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume
+ path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force
+ the Glusterfs volume to be mounted with
+ read-only permissions. Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing
+ file or directory on the host machine that
+ is directly exposed to the container. This
+ is generally used for system agents or other
+ privileged things that are allowed to see
+ the host machine. Most containers will NOT
+ need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who
+ can use host directory mounts and who can/can
+ not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on
+ the host. If the path is a symlink,
+ it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume
+ Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk
+ resource that is attached to a kubelet''s
+ host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines
+ whether support iSCSI Discovery CHAP
+ authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether
+ support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem
+ type of the volume that you want to
+ mount. Tip: Ensure that the filesystem
+ type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom
+ iSCSI Initiator Name. If initiatorName
+ is specified with iscsiInterface simultaneously,
+ new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface
+ Name that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target
+ Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target
+ Portal List. The portal is either an
+ IP or ip_addr:port if the port is other
+ than default (typically TCP ports 860
+ and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret
+ for iSCSI target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: targetPortal is iSCSI Target
+ Portal. The Portal is either an IP or
+ ip_addr:port if the port is other than
+ default (typically TCP ports 860 and
+ 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be
+ a DNS_LABEL and unique within the pod. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount
+ on the host that shares a pod''s lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force
+ the NFS export to be mounted with read-only
+ permissions. Defaults to false. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or
+ IP address of the NFS server. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource
+ represents a reference to a PersistentVolumeClaim
+ in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of
+ a PersistentVolumeClaim in the same
+ namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly
+ setting in VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents
+ a PhotonController persistent disk attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem
+ type to mount. Must be a filesystem
+ type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies
+ Photon Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx
+ volume attached and mounted on kubelets
+ host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem
+ type to mount Must be a filesystem type
+ supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false
+ (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies
+ a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one
+ resources secrets, configmaps, and downward
+ API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode
+ bits used to set permissions on created
+ files by default. Must be an octal value
+ between 0000 and 0777 or a decimal value
+ between 0 and 511. YAML accepts both
+ octal and decimal values, JSON requires
+ decimal values for mode bits. Directories
+ within the path are not affected by
+ this setting. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume
+ projections
+ items:
+ description: Projection that may be
+ projected along with other supported
+ volume types
+ properties:
+ configMap:
+ description: configMap information
+ about the configMap data to project
+ properties:
+ items:
+ description: items if unspecified,
+ each key-value pair in the
+ Data field of the referenced
+ ConfigMap will be projected
+ into the volume as a file
+ whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths,
+ and unlisted keys will not
+ be present. If a key is specified
+ which is not present in the
+ ConfigMap, the volume setup
+ will error unless it is marked
+ optional. Paths must be relative
+ and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string
+ key to a path within a volume.
+ properties:
+ key:
+ description: key is the
+ key to project.
+ type: string
+ mode:
+ description: 'mode is
+ Optional: mode bits
+ used to set permissions
+ on this file. Must be
+ an octal value between
+ 0000 and 0777 or a decimal
+ value between 0 and
+ 511. YAML accepts both
+ octal and decimal values,
+ JSON requires decimal
+ values for mode bits.
+ If not specified, the
+ volume defaultMode will
+ be used. This might
+ be in conflict with
+ other options that affect
+ the file mode, like
+ fsGroup, and the result
+ can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the
+ relative path of the
+ file to map the key
+ to. May not be an absolute
+ path. May not contain
+ the path element '..'.
+ May not start with the
+ string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify
+ whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: downwardAPI information
+ about the downwardAPI data to
+ project
+ properties:
+ items:
+ description: Items is a list
+ of DownwardAPIVolume file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to
+ create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required:
+ Selects a field of the
+ pod: only annotations,
+ labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version
+ of the schema the
+ FieldPath is written
+ in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path
+ of the field to
+ select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional:
+ mode bits used to set
+ permissions on this
+ file, must be an octal
+ value between 0000 and
+ 0777 or a decimal value
+ between 0 and 511. YAML
+ accepts both octal and
+ decimal values, JSON
+ requires decimal values
+ for mode bits. If not
+ specified, the volume
+ defaultMode will be
+ used. This might be
+ in conflict with other
+ options that affect
+ the file mode, like
+ fsGroup, and the result
+ can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required:
+ Path is the relative
+ path name of the file
+ to be created. Must
+ not be absolute or contain
+ the ''..'' path. Must
+ be utf-8 encoded. The
+ first item of the relative
+ path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects
+ a resource of the container:
+ only resources limits
+ and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required for
+ volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies
+ the output format
+ of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required:
+ resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information
+ about the secret data to project
+ properties:
+ items:
+ description: items if unspecified,
+ each key-value pair in the
+ Data field of the referenced
+ Secret will be projected into
+ the volume as a file whose
+ name is the key and content
+ is the value. If specified,
+ the listed keys will be projected
+ into the specified paths,
+ and unlisted keys will not
+ be present. If a key is specified
+ which is not present in the
+ Secret, the volume setup will
+ error unless it is marked
+ optional. Paths must be relative
+ and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string
+ key to a path within a volume.
+ properties:
+ key:
+ description: key is the
+ key to project.
+ type: string
+ mode:
+ description: 'mode is
+ Optional: mode bits
+ used to set permissions
+ on this file. Must be
+ an octal value between
+ 0000 and 0777 or a decimal
+ value between 0 and
+ 511. YAML accepts both
+ octal and decimal values,
+ JSON requires decimal
+ values for mode bits.
+ If not specified, the
+ volume defaultMode will
+ be used. This might
+ be in conflict with
+ other options that affect
+ the file mode, like
+ fsGroup, and the result
+ can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the
+ relative path of the
+ file to map the key
+ to. May not be an absolute
+ path. May not contain
+ the path element '..'.
+ May not start with the
+ string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional field
+ specify whether the Secret
+ or its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: serviceAccountToken
+ is information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: audience is the
+ intended audience of the token.
+ A recipient of a token must
+ identify itself with an identifier
+ specified in the audience
+ of the token, and otherwise
+ should reject the token. The
+ audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds
+ is the requested duration
+ of validity of the service
+ account token. As the token
+ approaches expiration, the
+ kubelet volume plugin will
+ proactively rotate the service
+ account token. The kubelet
+ will start trying to rotate
+ the token if the token is
+ older than 80 percent of its
+ time to live or if the token
+ is older than 24 hours.Defaults
+ to 1 hour and must be at least
+ 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path
+ relative to the mount point
+ of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte
+ mount on the host that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access
+ to Default is no group
+ type: string
+ readOnly:
+ description: readOnly here will force
+ the Quobyte volume to be mounted with
+ read-only permissions. Defaults to false.
+ type: boolean
+ registry:
+ description: registry represents a single
+ or multiple Quobyte Registry services
+ specified as a string as host:port pair
+ (multiple entries are separated with
+ commas) which acts as the central registry
+ for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte
+ volume in the Backend Used with dynamically
+ provisioned Quobyte volumes, value is
+ set by the plugin
+ type: string
+ user:
+ description: user to map volume access
+ to Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by
+ name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block
+ Device mount on the host that shares a pod''s
+ lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem
+ type of the volume that you want to
+ mount. Tip: Ensure that the filesystem
+ type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image
+ name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key
+ ring for RBDUser. Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection
+ of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name.
+ Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the
+ authentication secret for RBDUser. If
+ provided overrides keyring. Default
+ is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is the rados user name.
+ Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO
+ persistent volume attached and mounted on
+ Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem
+ type to mount. Must be a filesystem
+ type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Default
+ is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address
+ of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name
+ of the ScaleIO Protection Domain for
+ the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false
+ (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the
+ secret for ScaleIO user and other sensitive
+ information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: sslEnabled Flag enable/disable
+ SSL communication with Gateway, default
+ false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether
+ the storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO
+ Storage Pool associated with the protection
+ domain.
+ type: string
+ system:
+ description: system is the name of the
+ storage system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of
+ a volume already created in the ScaleIO
+ system that is associated with this
+ volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that
+ should populate this volume. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional:
+ mode bits used to set permissions on
+ created files by default. Must be an
+ octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories
+ within the path are not affected by
+ this setting. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each
+ key-value pair in the Data field of
+ the referenced Secret will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the Secret, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether
+ the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of
+ the secret in the pod''s namespace to
+ use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS
+ volume attached and mounted on Kubernetes
+ nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem
+ type to mount. Must be a filesystem
+ type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false
+ (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret
+ to use for obtaining the StorageOS API
+ credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: volumeName is the human-readable
+ name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies
+ the scope of the volume within StorageOS. If
+ no namespace is specified then the Pod's
+ namespace will be used. This allows
+ the Kubernetes name scoping to be mirrored
+ within StorageOS for tighter integration.
+ Set VolumeName to any name to override
+ the default behaviour. Set to "default"
+ if you are not using namespaces within
+ StorageOS. Namespaces that do not pre-exist
+ within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere
+ volume attached and mounted on kubelets
+ host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type
+ to mount. Must be a filesystem type
+ supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage
+ Policy Based Management (SPBM) profile
+ ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the
+ storage Policy Based Management (SPBM)
+ profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that
+ identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ templateType:
+ type: string
+ timeChaos:
+ description: TimeChaosSpec defines the desired state
+ of TimeChaos
+ properties:
+ clockIds:
+ description: ClockIds defines all affected clock
+ id All available options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID",
+ "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM",
+ "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"]
+ items:
+ type: string
+ type: array
+ containerNames:
+ description: ContainerNames indicates list of the
+ name of affected container. If not set, the first
+ container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of
+ the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote
+ cluster where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ timeOffset:
+ description: TimeOffset defines the delta time of
+ injected program. It's a possibly signed sequence
+ of decimal numbers, such as "300ms", "-1.5h" or
+ "2h45m". Valid time units are "ns", "us" (or "µs"),
+ "ms", "s", "m", "h".
+ type: string
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - timeOffset
+ type: object
+ required:
+ - name
+ - templateType
+ type: object
+ type: array
+ required:
+ - entry
+ - templates
+ type: object
+ required:
+ - schedule
+ - type
+ type: object
+ startTime:
+ format: date-time
+ type: string
+ statusCheck:
+ description: StatusCheck describe the behavior of StatusCheck. Only
+ used when Type is TypeStatusCheck.
+ properties:
+ duration:
+ description: Duration defines the duration of the whole status
+ check if the number of failed execution does not exceed the
+ failure threshold. Duration is available to both `Synchronous`
+ and `Continuous` mode. A duration string is a possibly signed
+ sequence of decimal numbers, each with optional fraction and
+ a unit suffix, such as "300ms", "-1.5h" or "2h45m". Valid time
+ units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ failureThreshold:
+ default: 3
+ description: FailureThreshold defines the minimum consecutive
+ failure for the status check to be considered failed.
+ minimum: 1
+ type: integer
+ http:
+ properties:
+ body:
+ type: string
+ criteria:
+ description: Criteria defines how to determine the result
+ of the status check.
+ properties:
+ statusCode:
+ description: StatusCode defines the expected http status
+ code for the request. A statusCode string could be a
+ single code (e.g. 200), or an inclusive range (e.g.
+ 200-400, both `200` and `400` are included).
+ type: string
+ required:
+ - statusCode
+ type: object
+ headers:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: "A Header represents the key-value pairs in an
+ HTTP header. \n The keys should be in canonical form, as
+ returned by CanonicalHeaderKey."
+ type: object
+ method:
+ default: GET
+ enum:
+ - GET
+ - POST
+ type: string
+ url:
+ type: string
+ required:
+ - criteria
+ - url
+ type: object
+ intervalSeconds:
+ default: 10
+ description: IntervalSeconds defines how often (in seconds) to
+ perform an execution of status check.
+ minimum: 1
+ type: integer
+ mode:
+ description: 'Mode defines the execution mode of the status check.
+ Support type: Synchronous / Continuous'
+ enum:
+ - Synchronous
+ - Continuous
+ type: string
+ recordsHistoryLimit:
+ default: 100
+ description: RecordsHistoryLimit defines the number of record
+ to retain.
+ maximum: 1000
+ minimum: 1
+ type: integer
+ successThreshold:
+ default: 1
+ description: SuccessThreshold defines the minimum consecutive
+ successes for the status check to be considered successful.
+ SuccessThreshold only works for `Synchronous` mode.
+ minimum: 1
+ type: integer
+ timeoutSeconds:
+ default: 1
+ description: TimeoutSeconds defines the number of seconds after
+ which an execution of status check times out.
+ minimum: 1
+ type: integer
+ type:
+ default: HTTP
+ description: 'Type defines the specific status check type. Support
+ type: HTTP'
+ enum:
+ - HTTP
+ type: string
+ required:
+ - type
+ type: object
+ stressChaos:
+ description: StressChaosSpec defines the desired state of StressChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ stressngStressors:
+ description: StressngStressors defines plenty of stressors just
+ like `Stressors` except that it's an experimental feature and
+ more powerful. You can define stressors in `stress-ng` (see
+ also `man stress-ng`) dialect, however not all of the supported
+ stressors are well tested. It maybe retired in later releases.
+ You should always use `Stressors` to define the stressors and
+ use this only when you want more stressors unsupported by `Stressors`.
+ When both `StressngStressors` and `Stressors` are defined, `StressngStressors`
+ wins.
+ type: string
+ stressors:
+ description: Stressors defines plenty of stressors supported to
+ stress system components out. You can use one or more of them
+ to make up various kinds of stresses. At least one of the stressors
+ should be specified.
+ properties:
+ cpu:
+ description: CPUStressor stresses CPU out
+ properties:
+ load:
+ description: Load specifies P percent loading per CPU
+ worker. 0 is effectively a sleep (no load) and 100 is
+ full loading.
+ maximum: 100
+ minimum: 0
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: Workers specifies N workers to apply the
+ stressor. Maximum 8192 workers can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ memory:
+ description: MemoryStressor stresses virtual memory out
+ properties:
+ oomScoreAdj:
+ default: 0
+ description: OOMScoreAdj sets the oom_score_adj of the
+ stress process. See `man 5 proc` to know more about
+ this option.
+ maximum: 1000
+ minimum: -1000
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: Size specifies N bytes consumed per vm worker,
+ default is the total available memory. One can specify
+ the size as % of total available memory or in units
+ of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB.
+ type: string
+ workers:
+ description: Workers specifies N workers to apply the
+ stressor. Maximum 8192 workers can run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ task:
+ properties:
+ container:
+ description: Container is the main container image to run in the
+ pod
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references
+ $(VAR_NAME) are expanded using the container''s environment.
+ If a variable cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced to a single
+ $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of
+ whether the variable exists or not. Cannot be updated. More
+ info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not
+ provided. Variable references $(VAR_NAME) are expanded using
+ the container''s environment. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references will
+ never be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables
+ in the container and any service environment variables.
+ If a variable cannot be resolved, the reference in
+ the input string will be unchanged. Double $$ are
+ reduced to a single $, which allows for escaping the
+ $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must
+ be a C_IDENTIFIER. All invalid keys will be reported as
+ an event when the container is starting. When a key exists
+ in multiple sources, the value associated with the last
+ source will take precedence. Values defined by an Env with
+ a duplicate key will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must
+ be defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be
+ defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a
+ container is created. If the handler fails, the container
+ is terminated and restarted according to its restart
+ policy. Other management of the container blocks until
+ the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory
+ for the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it
+ is not run inside a shell, so traditional shell
+ instructions ('|', etc) won't work. To use a
+ shell, you need to explicitly call out to that
+ shell. Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to
+ perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of this field
+ and lifecycle hooks will fail in runtime when tcp
+ handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption,
+ resource contention, etc. The handler is not called
+ if the container crashes or exits. The Pod''s termination
+ grace period countdown begins before the PreStop hook
+ is executed. Regardless of the outcome of the handler,
+ the container will eventually terminate within the Pod''s
+ termination grace period (unless delayed by finalizers).
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory
+ for the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it
+ is not run inside a shell, so traditional shell
+ instructions ('|', etc) won't work. To use a
+ shell, you need to explicitly call out to that
+ shell. Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to
+ perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of this field
+ and lifecycle hooks will fail in runtime when tcp
+ handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|',
+ etc) won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range 1
+ to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a
+ TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range 1
+ to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe
+ times out. Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in
+ a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x <
+ 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port
+ to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x
+ < 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or
+ SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the
+ probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|',
+ etc) won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range 1
+ to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a
+ TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range 1
+ to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe
+ times out. Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources, defined
+ in spec.resourceClaims, that are used by this container.
+ \n This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate. \n This field
+ is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry
+ in pod.spec.resourceClaims of the Pod where this
+ field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of
+ compute resources required. If Requests is omitted for
+ a container, it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields of
+ SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag
+ will be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be
+ set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running
+ containers. Defaults to the default set of capabilities
+ granted by the container runtime. Note that this field
+ cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent
+ to root on the host. Defaults to false. Note that this
+ field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount
+ to use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as
+ a non-root user. If true, the Kubelet will validate
+ the image at runtime to ensure that it does not run
+ as UID 0 (root) and fail to start the container if it
+ does. If unset or false, no such validation will be
+ performed. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the
+ container. If unspecified, the container runtime will
+ allocate a random SELinux context for each container. May
+ also be set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used. The
+ profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's
+ configured seccomp profile location. Must only be
+ set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are: \n Localhost
+ - a profile defined in a file on the node should
+ be used. RuntimeDefault - the container runtime
+ default profile should be used. Unconfined - no
+ profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to
+ all containers. If unspecified, the options from the
+ PodSecurityContext will be used. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set
+ when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec
+ named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of
+ the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container. This
+ field is alpha-level and will only be honored by
+ components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod.
+ All of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed
+ until this completes successfully. If this probe fails,
+ the Pod will be restarted, just as if the livenessProbe
+ failed. This can be used to provide different probe parameters
+ at the beginning of a Pod''s lifecycle, when it might take
+ a long time to load data or warm a cache, than during steady-state
+ operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|',
+ etc) won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range 1
+ to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a
+ TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range 1
+ to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe
+ times out. Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set,
+ reads from stdin in the container will always result in
+ EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If
+ this flag is false, a container processes that reads from
+ stdin will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success
+ and failure. FallbackToLogsOnError will use the last chunk
+ of container log output if the termination message file
+ is empty and the container exited with an error. The log
+ output is limited to 2048 bytes or 80 lines, whichever is
+ smaller. Defaults to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY
+ for itself, also requires 'stdin' to be true. Default is
+ false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to
+ be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the
+ volume should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and the
+ other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's
+ root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves
+ similarly to SubPath but environment variable references
+ $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root). SubPathExpr and SubPath
+ are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ volumes:
+ description: Volumes is a list of volumes that can be mounted
+ by containers in a template.
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume
+ that you want to mount. If omitted, the default is
+ to mount by volume name. Examples: For volume /dev/sda1,
+ you specify the partition as "1". Similarly, the volume
+ partition for /dev/sda is "0" (or you can leave the
+ property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume). More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount
+ on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in
+ the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the
+ blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must
+ be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure managed
+ data disk (only in managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host
+ that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false
+ (read/write). ReadOnly here will force the ReadOnly
+ setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is
+ the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is
+ empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is optional: User is the rados user
+ name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volumeID used to identify the volume in
+ cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair
+ in the Data field of the referenced ConfigMap will
+ be projected into the volume as a file whose name
+ is the key and content is the value. If specified,
+ the listed keys will be projected into the specified
+ paths, and unlisted keys will not be present. If a
+ key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used
+ to set permissions on this file. Must be an
+ octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires decimal values
+ for mode bits. If not specified, the volume
+ defaultMode will be used. This might be in conflict
+ with other options that affect the file mode,
+ like fsGroup, and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the
+ file to map the key to. May not be an absolute
+ path. May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that
+ handles this volume. Consult with your admin for the
+ correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the
+ associated CSI driver which will determine the default
+ filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to
+ the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret
+ references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific
+ properties that are passed to the CSI driver. Consult
+ your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the
+ pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the
+ pod: only annotations, labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to set
+ permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict with
+ other options that affect the file mode, like
+ fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must not
+ be absolute or contain the ''..'' path. Must
+ be utf-8 encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage
+ medium should back this directory. The default is
+ "" which means to use the node''s default medium.
+ Must be an empty string (default) or Memory. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local
+ storage required for this EmptyDir volume. The size
+ limit is also applicable for memory medium. The maximum
+ usage on memory medium EmptyDir would be the minimum
+ value between the SizeLimit specified here and the
+ sum of memory limits of all containers in a pod. The
+ default is nil which means that the limit is undefined.
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is
+ tied to the pod that defines it - it will be created before
+ the pod starts, and deleted when the pod is removed. \n
+ Use this if: a) the volume is only needed while the pod
+ runs, b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the storage
+ driver is specified through a storage class, and d) the
+ storage driver supports dynamic volume provisioning through
+ \ a PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection between this
+ volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n
+ Use CSI for light-weight local ephemeral volumes if the
+ CSI driver is meant to be used that way - see the documentation
+ of the driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes at the
+ same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC
+ to provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the
+ PVC will be deleted together with the pod. The name
+ of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes`
+ array entry. Pod validation will reject the pod if
+ the concatenated name is not valid for a PVC (for
+ example, too long). \n An existing PVC with that name
+ that is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created PVC is meant
+ to be used by the pod, the PVC has to updated with
+ an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may
+ be useful when manually reconstructing a broken cluster.
+ \n This field is read-only and no changes will be
+ made by Kubernetes to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be rejected
+ during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the
+ PVC that gets created from this template. The
+ same fields as in a PersistentVolumeClaim are
+ also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to
+ specify either: * An existing VolumeSnapshot
+ object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller
+ can support the specified data source, it
+ will create a new volume based on the contents
+ of the specified data source. When the AnyVolumeDataSource
+ feature gate is enabled, dataSource contents
+ will be copied to dataSourceRef, and dataSourceRef
+ contents will be copied to dataSource when
+ dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef
+ will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data,
+ if a non-empty volume is desired. This may
+ be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding
+ will only succeed if the type of the specified
+ object matches some installed volume populator
+ or dynamic provisioner. This field will replace
+ the functionality of the dataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, when namespace isn''t specified
+ in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the same
+ value automatically if one of them is empty
+ and the other is non-empty. When namespace
+ is specified in dataSourceRef, dataSource
+ isn''t set to the same value and must be empty.
+ There are three important differences between
+ dataSource and dataSourceRef: * While dataSource
+ only allows two specific types of objects,
+ dataSourceRef allows any non-core object,
+ as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values
+ (dropping them), dataSourceRef preserves
+ all values, and generates an error if a disallowed
+ value is specified. * While dataSource only
+ allows local objects, dataSourceRef allows
+ objects in any namespaces. (Beta) Using
+ this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using
+ the namespace field of dataSourceRef requires
+ the CrossNamespaceVolumeDataSource feature
+ gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the
+ resource being referenced. If APIGroup
+ is not specified, the specified Kind must
+ be in the core API group. For any other
+ third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace
+ of resource being referenced Note that
+ when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent namespace
+ to allow that namespace's owner to accept
+ the reference. See the ReferenceGrant
+ documentation for details. (Alpha) This
+ field requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than
+ previous value but must still be higher than
+ capacity recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names of
+ resources, defined in spec.resourceClaims,
+ that are used by this container. \n This
+ is an alpha field and requires enabling
+ the DynamicResourceAllocation feature
+ gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed. More
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required.
+ If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly
+ specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the name of
+ the StorageClass required by the claim. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of
+ volume is required by the claim. Value of
+ Filesystem is implied when not included in
+ claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that
+ is attached to a kubelet's host machine and then exposed
+ to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified. TODO: how do we prevent
+ errors in the filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false
+ (read/write). ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs
+ and lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use
+ for this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". The default filesystem
+ depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false
+ (read/write). ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if
+ no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed
+ to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored
+ as metadata -> name on the dataset for Flocker should
+ be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume
+ that you want to mount. If omitted, the default is
+ to mount by volume name. Examples: For volume /dev/sda1,
+ you specify the partition as "1". Similarly, the volume
+ partition for /dev/sda is "0" (or you can leave the
+ property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource
+ in GCE. Used to identify the disk in GCE. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an
+ InitContainer that clones the repo using git, then mount
+ the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied,
+ the volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or
+ directory on the host machine that is directly exposed
+ to the container. This is generally used for system agents
+ or other privileged things that are allowed to see the
+ host machine. Most containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host
+ directory mounts and who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If
+ the path is a symlink, it will follow the link to
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that
+ is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that
+ uses an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List.
+ The portal is either an IP or ip_addr:port if the
+ port is other than default (typically TCP ports 860
+ and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The
+ Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and
+ 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and
+ unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting
+ in VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to
+ mount Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set
+ permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value
+ between 0 and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this
+ setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along
+ with other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced
+ ConfigMap will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional. Paths
+ must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode
+ bits used to set permissions on this
+ file. Must be an octal value between
+ 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires
+ decimal values for mode bits. If not
+ specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path
+ of the file to map the key to. May
+ not be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the
+ ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: downwardAPI information about the
+ downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and
+ 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode,
+ like fsGroup, and the result can be
+ other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced
+ Secret will be projected into the volume
+ as a file whose name is the key and content
+ is the value. If specified, the listed keys
+ will be projected into the specified paths,
+ and unlisted keys will not be present. If
+ a key is specified which is not present
+ in the Secret, the volume setup will error
+ unless it is marked optional. Paths must
+ be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode
+ bits used to set permissions on this
+ file. Must be an octal value between
+ 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires
+ decimal values for mode bits. If not
+ specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path
+ of the file to map the key to. May
+ not be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must
+ identify itself with an identifier specified
+ in the audience of the token, and otherwise
+ should reject the token. The audience defaults
+ to the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token. The kubelet
+ will start trying to rotate the token if
+ the token is older than 80 percent of its
+ time to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must be
+ at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to
+ the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is
+ no group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple
+ Quobyte Registry services specified as a string as
+ host:port pair (multiple entries are separated with
+ commas) which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to
+ serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is
+ rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is the rados user name. Default is
+ admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for
+ ScaleIO user and other sensitive information. If this
+ is not provided, Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage
+ for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool
+ associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used
+ to set permissions on created files by default. Must
+ be an octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within the path
+ are not affected by this setting. This might be in
+ conflict with other options that affect the file mode,
+ like fsGroup, and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair
+ in the Data field of the referenced Secret will be
+ projected into the volume as a file whose name is
+ the key and content is the value. If specified, the
+ listed keys will be projected into the specified paths,
+ and unlisted keys will not be present. If a key is
+ specified which is not present in the Secret, the
+ volume setup will error unless it is marked optional.
+ Paths must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within a
+ volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used
+ to set permissions on this file. Must be an
+ octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both octal
+ and decimal values, JSON requires decimal values
+ for mode bits. If not specified, the volume
+ defaultMode will be used. This might be in conflict
+ with other options that affect the file mode,
+ like fsGroup, and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the
+ file to map the key to. May not be an absolute
+ path. May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret
+ or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in
+ the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for
+ obtaining the StorageOS API credentials. If not specified,
+ default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ volumeName:
+ description: volumeName is the human-readable name of
+ the StorageOS volume. Volume names are only unique
+ within a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of
+ the volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows
+ the Kubernetes name scoping to be mirrored within
+ StorageOS for tighter integration. Set VolumeName
+ to any name to override the default behaviour. Set
+ to "default" if you are not using namespaces within
+ StorageOS. Namespaces that do not pre-exist within
+ StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must
+ be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ templateName:
+ type: string
+ timeChaos:
+ description: TimeChaosSpec defines the desired state of TimeChaos
+ properties:
+ clockIds:
+ description: ClockIds defines all affected clock id All available
+ options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID",
+ "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM",
+ "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"]
+ items:
+ type: string
+ type: array
+ containerNames:
+ description: ContainerNames indicates list of the name of affected
+ container. If not set, the first container will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action. Supported
+ mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster where
+ the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used to
+ inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that can
+ be used to select objects. A list of selectors based on
+ set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which objects
+ belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can be used
+ to select nodes. Selector which must match a node's labels,
+ and objects must belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects must
+ belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition of a
+ pod at the current time. supported value: Pending / Running
+ / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set values
+ that used to select pods. The key defines the namespace
+ which pods belong, and the each values is a set of pod names.
+ type: object
+ type: object
+ timeOffset:
+ description: TimeOffset defines the delta time of injected program.
+ It's a possibly signed sequence of decimal numbers, such as
+ "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us"
+ (or "µs"), "ms", "s", "m", "h".
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of pods the
+ server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods to do
+ chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - timeOffset
+ type: object
+ type:
+ type: string
+ workflowName:
+ type: string
+ required:
+ - startTime
+ - templateName
+ - type
+ - workflowName
+ type: object
+ status:
+ description: Most recently observed status of the workflow node
+ properties:
+ activeChildren:
+ description: ActiveChildren means the created children node
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ chaosResource:
+ description: ChaosResource refs to the real chaos CR object.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in
+ the core API group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ conditionalBranchesStatus:
+ description: ConditionalBranchesStatus records the evaluation result
+ of each ConditionalBranch
+ properties:
+ branches:
+ items:
+ properties:
+ evaluationResult:
+ type: string
+ target:
+ type: string
+ required:
+ - evaluationResult
+ - target
+ type: object
+ type: array
+ context:
+ items:
+ type: string
+ type: array
+ type: object
+ conditions:
+ description: Represents the latest available observations of a workflow
+ node's current state.
+ items:
+ properties:
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ finishedChildren:
+ description: Children is necessary for representing the order when
+ replicated child template references by parent template.
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_workflows.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_workflows.yaml
new file mode 100644
index 0000000..bb71b98
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/crds/chaos-mesh.org_workflows.yaml
@@ -0,0 +1,10058 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.1
+ creationTimestamp: null
+ name: workflows.chaos-mesh.org
+spec:
+ group: chaos-mesh.org
+ names:
+ kind: Workflow
+ listKind: WorkflowList
+ plural: workflows
+ shortNames:
+ - wf
+ singular: workflow
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the behavior of a workflow
+ properties:
+ entry:
+ type: string
+ templates:
+ items:
+ properties:
+ abortWithStatusCheck:
+ description: AbortWithStatusCheck describe whether to abort
+ the workflow when the failure threshold of StatusCheck is
+ exceeded. Only used when Type is TypeStatusCheck.
+ type: boolean
+ awsChaos:
+ description: AWSChaosSpec is the content of the specification
+ for an AWSChaos
+ properties:
+ action:
+ description: 'Action defines the specific aws chaos action.
+ Supported action: ec2-stop / ec2-restart / detach-volume
+ Default action: ec2-stop'
+ enum:
+ - ec2-stop
+ - ec2-restart
+ - detach-volume
+ type: string
+ awsRegion:
+ description: AWSRegion defines the region of aws.
+ type: string
+ deviceName:
+ description: DeviceName indicates the name of the device.
+ Needed in detach-volume.
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos
+ action.
+ type: string
+ ec2Instance:
+ description: Ec2Instance indicates the ID of the ec2 instance.
+ type: string
+ endpoint:
+ description: Endpoint indicates the endpoint of the aws
+ server. Just used it in test now.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ type: string
+ volumeID:
+ description: EbsVolume indicates the ID of the EBS volume.
+ Needed in detach-volume.
+ type: string
+ required:
+ - action
+ - awsRegion
+ - ec2Instance
+ type: object
+ azureChaos:
+ description: AzureChaosSpec is the content of the specification
+ for an AzureChaos
+ properties:
+ action:
+ description: 'Action defines the specific azure chaos action.
+ Supported action: vm-stop / vm-restart / disk-detach Default
+ action: vm-stop'
+ enum:
+ - vm-stop
+ - vm-restart
+ - disk-detach
+ type: string
+ diskName:
+ description: DiskName indicates the name of the disk. Needed
+ in disk-detach.
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos
+ action.
+ type: string
+ lun:
+ description: LUN indicates the Logical Unit Number of the
+ data disk. Needed in disk-detach.
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ resourceGroupName:
+ description: ResourceGroupName defines the name of ResourceGroup
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ It is used for Azure credentials.
+ type: string
+ subscriptionID:
+ description: SubscriptionID defines the id of Azure subscription.
+ type: string
+ vmName:
+ description: VMName defines the name of Virtual Machine
+ type: string
+ required:
+ - action
+ - resourceGroupName
+ - subscriptionID
+ - vmName
+ type: object
+ blockChaos:
+ description: BlockChaosSpec is the content of the specification
+ for a BlockChaos
+ properties:
+ action:
+ description: 'Action defines the specific block chaos action.
+ Supported action: delay'
+ enum:
+ - delay
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the delay distribution.
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ description: Latency defines the latency of every io
+ request.
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos
+ action.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines the
+ namespace which pods belong, and the each values is
+ a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ volumeName:
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumeName
+ type: object
+ children:
+ description: Children describes the children steps of serial
+ or parallel node. Only used when Type is TypeSerial or TypeParallel.
+ items:
+ type: string
+ type: array
+ conditionalBranches:
+ description: ConditionalBranches describes the conditional branches
+ of custom tasks. Only used when Type is TypeTask.
+ items:
+ properties:
+ expression:
+ description: Expression is the expression for this conditional
+ branch, expected type of result is boolean. If expression
+ is empty, this branch will always be selected/the template
+ will be spawned.
+ type: string
+ target:
+ description: Target is the name of other template, if
+ expression is evaluated as true, this template will
+ be spawned.
+ type: string
+ required:
+ - target
+ type: object
+ type: array
+ deadline:
+ type: string
+ dnsChaos:
+ description: DNSChaosSpec defines the desired state of DNSChaos
+ properties:
+ action:
+ description: 'Action defines the specific DNS chaos action.
+ Supported action: error, random Default action: error'
+ enum:
+ - error
+ - random
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patterns:
+ description: "Choose which domain names to take effect,
+ support the placeholder ? and wildcard *, or the Specified
+ domain name. Note: 1. The wildcard * must be at the
+ end of the string. For example, chaos-*.org is invalid.
+ \ 2. if the patterns is empty, will take effect on
+ all the domain names. For example: \t\tThe value is [\"google.com\",
+ \"github.*\", \"chaos-mes?.org\"], \t\twill take effect
+ on \"google.com\", \"github.com\" and \"chaos-mesh.org\""
+ items:
+ type: string
+ type: array
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines the
+ namespace which pods belong, and the each values is
+ a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ gcpChaos:
+ description: GCPChaosSpec is the content of the specification
+ for a GCPChaos
+ properties:
+ action:
+ description: 'Action defines the specific gcp chaos action.
+ Supported action: node-stop / node-reset / disk-loss Default
+ action: node-stop'
+ enum:
+ - node-stop
+ - node-reset
+ - disk-loss
+ type: string
+ deviceNames:
+ description: The device name of disks to detach. Needed
+ in disk-loss.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action.
+ type: string
+ instance:
+ description: Instance defines the name of the instance
+ type: string
+ project:
+ description: Project defines the ID of gcp project.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes secret.
+ It is used for GCP credentials.
+ type: string
+ zone:
+ description: Zone defines the zone of gcp project.
+ type: string
+ required:
+ - action
+ - instance
+ - project
+ - zone
+ type: object
+ httpChaos:
+ properties:
+ abort:
+ description: Abort is a rule to abort a http session.
+ type: boolean
+ code:
+ description: Code is a rule to select target by http status
+ code in response.
+ format: int32
+ type: integer
+ delay:
+ description: Delay represents the delay of the target request/response.
+ A duration string is a possibly unsigned sequence of decimal
+ numbers, each with optional fraction and a unit suffix,
+ such as "300ms", "2h45m". Valid time units are "ns", "us"
+ (or "µs"), "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos
+ action.
+ type: string
+ method:
+ description: Method is a rule to select target by http method
+ in request.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents in target.
+ properties:
+ body:
+ description: Body is a rule to patch message body of
+ target.
+ properties:
+ type:
+ description: Type represents the patch type, only
+ support `JSON` as [merge patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append http headers
+ of target. For example: `[["Set-Cookie", ""],
+ ["Set-Cookie", ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append uri queries
+ of target(Request only). For example: `[["foo", "bar"],
+ ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ path:
+ description: Path is a rule to select target by uri path
+ in http request.
+ type: string
+ port:
+ description: Port represents the target port to be proxy
+ of.
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ replace:
+ description: Replace is a rule to replace some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to replace http message
+ body in target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http status code
+ in response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace http headers
+ of target. The key-value pairs represent header name
+ and header value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace http method
+ in request.
+ type: string
+ path:
+ description: Path is rule to to replace uri path in
+ http request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace uri queries
+ in http request. For example, with value `{ "foo":
+ "unknown" }`, the `/?foo=bar` will be altered to `/?foo=unknown`,'
+ type: object
+ type: object
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select target by
+ http headers in request. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select target
+ by http headers in response. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines the
+ namespace which pods belong, and the each values is
+ a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target is the object to be selected and injected.
+ enum:
+ - Request
+ - Response
+ type: string
+ tls:
+ description: TLS is the tls config, will override PodHttpChaos
+ if there are multiple HTTPChaos experiments are applied
+ properties:
+ caName:
+ description: CAName represents the data name of ca file
+ in secret, `ca.crt` for example
+ type: string
+ certName:
+ description: CertName represents the data name of cert
+ file in secret, `tls.crt` for example
+ type: string
+ keyName:
+ description: KeyName represents the data name of key
+ file in secret, `tls.key` for example
+ type: string
+ secretName:
+ description: SecretName represents the name of required
+ secret resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents the namespace
+ of required secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - target
+ type: object
+ ioChaos:
+ description: IOChaosSpec defines the desired state of IOChaos
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos action.
+ Supported action: latency / fault / attrOverride / mistake'
+ enum:
+ - latency
+ - fault
+ - attrOverride
+ - mistake
+ type: string
+ attr:
+ description: Attr defines the overrided attribution
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of file
+ type: string
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ uid:
+ format: int32
+ type: integer
+ type: object
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the value of I/O chaos action
+ delay. A delay string is a possibly signed sequence of
+ decimal numbers, each with optional fraction and a unit
+ suffix, such as "300ms". Valid time units are "ns", "us"
+ (or "µs"), "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos
+ action. It is required when the action is `PodFailureAction`.
+ A duration string is a possibly signed sequence of decimal
+ numbers, each with optional fraction and a unit suffix,
+ such as "300ms", "-1.5h" or "2h45m". Valid time units
+ are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ errno:
+ description: 'Errno defines the error code that returned
+ by I/O action. refer to: https://www-numi.fnal.gov/offline_software/srt_public_context/WebDocs/Errors/unix_system_errors.html'
+ format: int32
+ type: integer
+ methods:
+ description: 'Methods defines the I/O methods for injecting
+ I/O chaos action. default: all I/O methods.'
+ items:
+ type: string
+ type: array
+ mistake:
+ description: Mistake defines what types of incorrectness
+ are injected to IO operations
+ properties:
+ filling:
+ description: Filling determines what is filled in the
+ mistake data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data segment in
+ bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences] segments
+ of wrong data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ path:
+ description: Path defines the path of files for injecting
+ I/O chaos action.
+ type: string
+ percent:
+ default: 100
+ description: 'Percent defines the percentage of injection
+ errors and provides a number from 0-100. default: 100.'
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines the
+ namespace which pods belong, and the each values is
+ a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ volumePath:
+ description: VolumePath represents the mount path of injected
+ volume
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumePath
+ type: object
+ jvmChaos:
+ description: JVMChaosSpec defines the desired state of JVMChaos
+ properties:
+ action:
+ description: 'Action defines the specific jvm chaos action.
+ Supported action: latency;return;exception;stress;gc;ruleData'
+ enum:
+ - latency
+ - return
+ - exception
+ - stress
+ - gc
+ - ruleData
+ - mysql
+ type: string
+ class:
+ description: Java class
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ cpuCount:
+ description: the CPU core number needs to use, only set
+ it when action is stress
+ type: integer
+ database:
+ description: the match database default value is "", means
+ match all database
+ type: string
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ exception:
+ description: the exception which needs to throw for action
+ `exception` or the exception message needs to throw in
+ action `mysql`
+ type: string
+ latency:
+ description: the latency duration for action 'latency',
+ unit ms or the latency duration in action `mysql`
+ type: integer
+ memType:
+ description: the memory type needs to locate, only set it
+ when action is stress, the value can be 'stack' or 'heap'
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only support
+ 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ name:
+ description: byteman rule name, should be unique, and will
+ generate one if not set
+ type: string
+ pid:
+ description: the pid of Java process which needs to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ ruleData:
+ description: the byteman rule's data for action 'ruleData'
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines the
+ namespace which pods belong, and the each values is
+ a set of pod names.
+ type: object
+ type: object
+ sqlType:
+ description: the match sql type default value is "", means
+ match all SQL type. The value can be 'select', 'insert',
+ 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means
+ match all table
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ kernelChaos:
+ description: KernelChaosSpec defines the desired state of KernelChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ failKernRequest:
+ description: FailKernRequest defines the request of kernel
+ injection
+ properties:
+ callchain:
+ description: 'Callchain indicate a special call chain,
+ such as: ext4_mount -> mount_subtree ->
+ ... -> should_failslab With an optional
+ set of predicates and an optional set of parameters,
+ which used with predicates. You can read call chan
+ and predicate examples from https://github.com/chaos-mesh/bpfki/tree/develop/examples
+ to learn more. If no special call chain, just keep
+ Callchain empty, which means it will fail at any call
+ chain with slab alloc (eg: kmalloc).'
+ items:
+ description: Frame defines the function signature
+ and predicate in function's body
+ properties:
+ funcname:
+ description: Funcname can be find from kernel
+ source or `/proc/kallsyms`, such as `ext4_mount`
+ type: string
+ parameters:
+ description: Parameters is used with predicate,
+ for example, if you want to inject slab error
+ in `d_alloc_parallel(struct dentry *parent,
+ const struct qstr *name)` with a special name
+ `bananas`, you need to set it to `struct dentry
+ *parent, const struct qstr *name` otherwise
+ omit it.
+ type: string
+ predicate:
+ description: Predicate will access the arguments
+ of this Frame, example with Parameters's, you
+ can set it to `STRNCMP(name->name, "bananas",
+ 8)` to make inject only with it, or omit it
+ to inject for all d_alloc_parallel call chain.
+ type: string
+ type: object
+ type: array
+ failtype:
+ description: 'FailType indicates what to fail, can be
+ set to ''0'' / ''1'' / ''2'' If `0`, indicates slab
+ to fail (should_failslab) If `1`, indicates alloc_page
+ to fail (should_fail_alloc_page) If `2`, indicates
+ bio to fail (should_fail_bio) You can read: 1. https://www.kernel.org/doc/html/latest/fault-injection/fault-injection.html 2.
+ http://github.com/iovisor/bcc/blob/master/tools/inject_example.txt
+ to learn more'
+ format: int32
+ maximum: 2
+ minimum: 0
+ type: integer
+ headers:
+ description: 'Headers indicates the appropriate kernel
+ headers you need. Eg: "linux/mmzone.h", "linux/blkdev.h"
+ and so on'
+ items:
+ type: string
+ type: array
+ probability:
+ description: Probability indicates the fails with probability.
+ If you want 1%, please set this field with 1.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ times:
+ description: Times indicates the max times of fails.
+ format: int32
+ minimum: 0
+ type: integer
+ required:
+ - failtype
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines the
+ namespace which pods belong, and the each values is
+ a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ required:
+ - failKernRequest
+ - mode
+ - selector
+ type: object
+ name:
+ type: string
+ networkChaos:
+ description: NetworkChaosSpec defines the desired state of NetworkChaos
+ properties:
+ action:
+ description: 'Action defines the specific network chaos
+ action. Supported action: partition, netem, delay, loss,
+ duplicate, corrupt Default action: delay'
+ enum:
+ - netem
+ - delay
+ - loss
+ - duplicate
+ - corrupt
+ - partition
+ - bandwidth
+ type: string
+ bandwidth:
+ description: Bandwidth represents the detail about bandwidth
+ control action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount of bytes that
+ tokens can be available for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes that can be
+ queued waiting for tokens to become available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size of the peakrate
+ bucket. For perfect accuracy, should be set to the
+ MTU of the interface. If a peakrate is needed, but
+ some burstiness is acceptable, this size can be raised.
+ A 3000 byte minburst allows around 3mbit/s of peakrate,
+ given 1000 byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion rate
+ of the bucket. The peakrate does not need to be set,
+ it is only necessary if perfect millisecond timescale
+ shaping is required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows bps, kbps,
+ mbps, gbps, tbps unit. bps means bytes per second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about corrupt
+ action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about delay action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details of packet reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device to be
+ affected.
+ type: string
+ direction:
+ default: to
+ description: Direction represents the direction, this applies
+ on netem and network partition action
+ enum:
+ - to
+ - from
+ - both
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail about loss
+ action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ externalTargets:
+ description: ExternalTargets represents network targets
+ outside k8s
+ items:
+ type: string
+ type: array
+ loss:
+ description: Loss represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines the
+ namespace which pods belong, and the each values is
+ a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target represents network target, this applies
+ on netem and network partition action
+ properties:
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ targetDevice:
+ description: TargetDevice represents the network device
+ to be affected in target scope.
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ physicalmachineChaos:
+ description: PhysicalMachineChaosSpec defines the desired state
+ of PhysicalMachineChaos
+ properties:
+ action:
+ description: the subAction, generate automatically
+ enum:
+ - stress-cpu
+ - stress-mem
+ - disk-read-payload
+ - disk-write-payload
+ - disk-fill
+ - network-corrupt
+ - network-duplicate
+ - network-loss
+ - network-delay
+ - network-partition
+ - network-dns
+ - network-bandwidth
+ - network-flood
+ - network-down
+ - process
+ - jvm-exception
+ - jvm-gc
+ - jvm-latency
+ - jvm-return
+ - jvm-stress
+ - jvm-rule-data
+ - jvm-mysql
+ - clock
+ - redis-expiration
+ - redis-penetration
+ - redis-cacheLimit
+ - redis-restart
+ - redis-stop
+ - kafka-fill
+ - kafka-flood
+ - kafka-io
+ - file-create
+ - file-modify
+ - file-delete
+ - file-rename
+ - file-append
+ - file-replace
+ - vm
+ - user_defined
+ type: string
+ address:
+ description: 'DEPRECATED: Use Selector instead. Only one
+ of Address and Selector could be specified.'
+ items:
+ type: string
+ type: array
+ clock:
+ properties:
+ clock-ids-slice:
+ description: the identifier of the particular clock
+ on which to act. More clock description in linux kernel
+ can be found in man page of clock_getres, clock_gettime,
+ clock_settime. Muti clock ids should be split with
+ ","
+ type: string
+ pid:
+ description: the pid of target program.
+ type: integer
+ time-offset:
+ description: specifies the length of time offset.
+ type: string
+ type: object
+ disk-fill:
+ properties:
+ fill-by-fallocate:
+ description: fill disk by fallocate
+ type: boolean
+ path:
+ description: specifies the location to fill data in.
+ if path not provided, payload will read/write from/into
+ a temp file, temp file will be deleted after writing
+ type: string
+ size:
+ description: 'specifies how many units of data will
+ write into the file path. support unit: c=1, w=2,
+ b=512, kB=1000, K=1024, MB=1000*1000, M=1024*1024,
+ GB=1000*1000*1000, G=1024*1024*1024 BYTES. example
+ : 1M | 512kB'
+ type: string
+ type: object
+ disk-read-payload:
+ properties:
+ path:
+ description: specifies the location to fill data in.
+ if path not provided, payload will read/write from/into
+ a temp file, temp file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work on
+ writing, default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will
+ write into the file path. support unit: c=1, w=2,
+ b=512, kB=1000, K=1024, MB=1000*1000, M=1024*1024,
+ GB=1000*1000*1000, G=1024*1024*1024 BYTES. example
+ : 1M | 512kB'
+ type: string
+ type: object
+ disk-write-payload:
+ properties:
+ path:
+ description: specifies the location to fill data in.
+ if path not provided, payload will read/write from/into
+ a temp file, temp file will be deleted after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work on
+ writing, default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will
+ write into the file path. support unit: c=1, w=2,
+ b=512, kB=1000, K=1024, MB=1000*1000, M=1024*1024,
+ GB=1000*1000*1000, G=1024*1024*1024 BYTES. example
+ : 1M | 512kB'
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ file-append:
+ properties:
+ count:
+ description: Count is the number of times to append
+ the data.
+ type: integer
+ data:
+ description: Data is the data for append.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be
+ created, modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-create:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create
+ or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be
+ created, modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-delete:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create
+ or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be
+ created, modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-modify:
+ properties:
+ file-name:
+ description: FileName is the name of the file to be
+ created, modified, deleted, renamed, or appended.
+ type: string
+ privilege:
+ description: Privilege is the file privilege to be set.
+ format: int32
+ type: integer
+ type: object
+ file-rename:
+ properties:
+ dest-file:
+ description: DestFile is the name to be renamed.
+ type: string
+ source-file:
+ description: SourceFile is the name need to be renamed.
+ type: string
+ type: object
+ file-replace:
+ properties:
+ dest-string:
+ description: DestStr is the destination string of the
+ file.
+ type: string
+ file-name:
+ description: FileName is the name of the file to be
+ created, modified, deleted, renamed, or appended.
+ type: string
+ line:
+ description: Line is the line number of the file to
+ be replaced.
+ type: integer
+ origin-string:
+ description: OriginStr is the origin string of the file.
+ type: string
+ type: object
+ http-abort:
+ properties:
+ code:
+ description: Code is a rule to select target by http
+ status code in response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service listens
+ on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP connection,
+ we will only attack HTTP connection with port inside
+ proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - proxy_ports
+ - target
+ type: object
+ http-config:
+ properties:
+ file_path:
+ description: The config file path
+ type: string
+ type: object
+ http-delay:
+ properties:
+ code:
+ description: Code is a rule to select target by http
+ status code in response
+ type: string
+ delay:
+ description: Delay represents the delay of the target
+ request/response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service listens
+ on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP connection,
+ we will only attack HTTP connection with port inside
+ proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - delay
+ - proxy_ports
+ - target
+ type: object
+ http-request:
+ description: used for HTTP request, now only support GET
+ properties:
+ count:
+ description: The number of requests to send
+ type: integer
+ enable-conn-pool:
+ description: Enable connection pool
+ type: boolean
+ url:
+ description: Request to send"
+ type: string
+ type: object
+ jvm-exception:
+ properties:
+ class:
+ description: Java class
+ type: string
+ exception:
+ description: the exception which needs to throw for
+ action `exception`
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to
+ attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-gc:
+ properties:
+ pid:
+ description: the pid of Java process which needs to
+ attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-latency:
+ properties:
+ class:
+ description: Java class
+ type: string
+ latency:
+ description: the latency duration for action 'latency',
+ unit ms
+ type: integer
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to
+ attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-mysql:
+ properties:
+ database:
+ description: the match database default value is "",
+ means match all database
+ type: string
+ exception:
+ description: The exception which needs to throw for
+ action `exception` or the exception message needs
+ to throw in action `mysql`
+ type: string
+ latency:
+ description: The latency duration for action 'latency'
+ or the latency duration in action `mysql`
+ type: integer
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only
+ support 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ pid:
+ description: the pid of Java process which needs to
+ attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ sqlType:
+ description: the match sql type default value is "",
+ means match all SQL type. The value can be 'select',
+ 'insert', 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means
+ match all table
+ type: string
+ type: object
+ jvm-return:
+ properties:
+ class:
+ description: Java class
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs to
+ attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ value:
+ description: the return value for action 'return'
+ type: string
+ type: object
+ jvm-rule-data:
+ properties:
+ pid:
+ description: the pid of Java process which needs to
+ attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ rule-data:
+ description: RuleData used to save the rule file's data,
+ will use it when recover
+ type: string
+ type: object
+ jvm-stress:
+ properties:
+ cpu-count:
+ description: the CPU core number need to use, only set
+ it when action is stress
+ type: integer
+ mem-type:
+ description: the memory type need to locate, only set
+ it when action is stress, the value can be 'stack'
+ or 'heap'
+ type: string
+ pid:
+ description: the pid of Java process which needs to
+ attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ kafka-fill:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ maxBytes:
+ description: The max bytes to fill
+ format: int64
+ type: integer
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ reloadCommand:
+ description: The command to reload kafka config
+ type: string
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-flood:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ threads:
+ description: The number of worker threads
+ type: integer
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-io:
+ properties:
+ configFile:
+ description: The path of server config
+ type: string
+ nonReadable:
+ description: Make kafka cluster non-readable
+ type: boolean
+ nonWritable:
+ description: Make kafka cluster non-writable
+ type: boolean
+ topic:
+ description: The topic to attack
+ type: string
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ network-bandwidth:
+ properties:
+ buffer:
+ format: int32
+ minimum: 1
+ type: integer
+ device:
+ type: string
+ hostname:
+ type: string
+ ip-address:
+ type: string
+ limit:
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ format: int32
+ type: integer
+ peakrate:
+ format: int64
+ type: integer
+ rate:
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ network-corrupt:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP
+ addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to corrupt (10 is
+ 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ type: object
+ network-delay:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp flag
+ can be accepted, others will be dropped. only set
+ when the IPProtocol is tcp, used for partition.
+ type: string
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP
+ addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ jitter:
+ description: 'jitter time, time units: ns, us (or µs),
+ ms, s, m, h.'
+ type: string
+ latency:
+ description: 'delay egress time, time units: ns, us
+ (or µs), ms, s, m, h.'
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ type: object
+ network-dns:
+ properties:
+ dns-domain-name:
+ description: map this host to specified IP
+ type: string
+ dns-ip:
+ description: map specified host to this IP address
+ type: string
+ dns-server:
+ description: update the DNS server in /etc/resolv.conf
+ with this value
+ type: string
+ type: object
+ network-down:
+ properties:
+ device:
+ description: The network interface to impact
+ type: string
+ duration:
+ description: 'NIC down time, time units: ns, us (or
+ µs), ms, s, m, h.'
+ type: string
+ type: object
+ network-duplicate:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP
+ addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to duplicate (10
+ is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ type: object
+ network-flood:
+ properties:
+ duration:
+ description: The number of seconds to run the iperf
+ test
+ type: string
+ ip-address:
+ description: Generate traffic to this IP address
+ type: string
+ parallel:
+ description: The number of iperf parallel client threads
+ to run
+ format: int32
+ type: integer
+ port:
+ description: Generate traffic to this port on the IP
+ address
+ type: string
+ rate:
+ description: The speed of network traffic, allows bps,
+ kbps, mbps, gbps, tbps unit. bps means bytes per second
+ type: string
+ required:
+ - duration
+ - rate
+ type: object
+ network-loss:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these destination
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP
+ addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP protocol,
+ supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to loss (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these source
+ ports, use a ',' to separate or to indicate the range,
+ such as 80, 8001:8010. it can only be used in conjunction
+ with -p tcp or -p udp
+ type: string
+ type: object
+ network-partition:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp flag
+ can be accepted, others will be dropped. only set
+ when the IPProtocol is tcp, used for partition.
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ direction:
+ description: specifies the partition direction, values
+ can be 'from', 'to'. 'from' means packets coming from
+ the 'IPAddress' or 'Hostname' and going to your server,
+ 'to' means packets originating from your server and
+ going to the 'IPAddress' or 'Hostname'.
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these IP
+ addresses
+ type: string
+ ip-protocol:
+ description: only impact egress traffic to these IP
+ addresses
+ type: string
+ type: object
+ process:
+ properties:
+ process:
+ description: the process name or the process ID
+ type: string
+ recoverCmd:
+ description: the command to be run when recovering experiment
+ type: string
+ signal:
+ description: the signal number to send
+ type: integer
+ type: object
+ redis-cacheLimit:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ cacheSize:
+ description: The size of `maxmemory`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ percent:
+ description: Specifies maxmemory as a percentage of
+ the original value
+ type: string
+ type: object
+ redis-expiration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ expiration:
+ description: The expiration of the keys
+ type: string
+ key:
+ description: The keys to be expired
+ type: string
+ option:
+ description: Additional options for `expiration`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ type: object
+ redis-penetration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ requestNum:
+ description: The number of requests to be sent
+ type: integer
+ type: object
+ redis-restart:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether to
+ flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line
+ tool
+ type: boolean
+ type: object
+ redis-stop:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether to
+ flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line
+ tool
+ type: boolean
+ type: object
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select physical machines
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ physicalMachines:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: PhysicalMachines is a map of string keys
+ and a set values that used to select physical machines.
+ The key defines the namespace which physical machine
+ belong, and each value is a set of physical machine
+ names.
+ type: object
+ type: object
+ stress-cpu:
+ properties:
+ load:
+ description: specifies P percent loading per CPU worker.
+ 0 is effectively a sleep (no load) and 100 is full
+ loading.
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: specifies N workers to apply the stressor.
+ type: integer
+ type: object
+ stress-mem:
+ properties:
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: specifies N bytes consumed per vm worker,
+ default is the total available memory. One can specify
+ the size as % of total available memory or in units
+ of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB..
+ type: string
+ type: object
+ uid:
+ description: the experiment ID
+ type: string
+ user_defined:
+ properties:
+ attackCmd:
+ description: The command to be executed when attack
+ type: string
+ recoverCmd:
+ description: The command to be executed when recover
+ type: string
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of physical machines to do chaos action.
+ If `FixedPercentMode`, provide a number from 0-100 to
+ specify the percent of physical machines the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide a
+ number from 0-100 to specify the max percent of pods to
+ do chaos action
+ type: string
+ vm:
+ properties:
+ vm-name:
+ description: The name of the VM to be injected
+ type: string
+ type: object
+ required:
+ - action
+ - mode
+ type: object
+ podChaos:
+ description: PodChaosSpec defines the attributes that a user
+ creates on a chaos experiment about pods.
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos action.
+ Supported action: pod-kill / pod-failure / container-kill
+ Default action: pod-kill'
+ enum:
+ - pod-kill
+ - pod-failure
+ - container-kill
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action. It is required when the action is `PodFailureAction`.
+ A duration string is a possibly signed sequence of decimal
+ numbers, each with optional fraction and a unit suffix,
+ such as "300ms", "-1.5h" or "2h45m". Valid time units
+ are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ gracePeriod:
+ description: GracePeriod is used in pod-kill action. It
+ represents the duration in seconds before the pod should
+ be deleted. Value must be non-negative integer. The default
+ value is zero that indicates delete immediately.
+ format: int64
+ minimum: 0
+ type: integer
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines the
+ namespace which pods belong, and the each values is
+ a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ schedule:
+ description: Schedule describe the Schedule(describing scheduled
+ chaos) to be injected with chaos nodes. Only used when Type
+ is TypeSchedule.
+ properties:
+ awsChaos:
+ description: AWSChaosSpec is the content of the specification
+ for an AWSChaos
+ properties:
+ action:
+ description: 'Action defines the specific aws chaos
+ action. Supported action: ec2-stop / ec2-restart /
+ detach-volume Default action: ec2-stop'
+ enum:
+ - ec2-stop
+ - ec2-restart
+ - detach-volume
+ type: string
+ awsRegion:
+ description: AWSRegion defines the region of aws.
+ type: string
+ deviceName:
+ description: DeviceName indicates the name of the device.
+ Needed in detach-volume.
+ type: string
+ duration:
+ description: Duration represents the duration of the
+ chaos action.
+ type: string
+ ec2Instance:
+ description: Ec2Instance indicates the ID of the ec2
+ instance.
+ type: string
+ endpoint:
+ description: Endpoint indicates the endpoint of the
+ aws server. Just used it in test now.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret.
+ type: string
+ volumeID:
+ description: EbsVolume indicates the ID of the EBS volume.
+ Needed in detach-volume.
+ type: string
+ required:
+ - action
+ - awsRegion
+ - ec2Instance
+ type: object
+ azureChaos:
+ description: AzureChaosSpec is the content of the specification
+ for an AzureChaos
+ properties:
+ action:
+ description: 'Action defines the specific azure chaos
+ action. Supported action: vm-stop / vm-restart / disk-detach
+ Default action: vm-stop'
+ enum:
+ - vm-stop
+ - vm-restart
+ - disk-detach
+ type: string
+ diskName:
+ description: DiskName indicates the name of the disk.
+ Needed in disk-detach.
+ type: string
+ duration:
+ description: Duration represents the duration of the
+ chaos action.
+ type: string
+ lun:
+ description: LUN indicates the Logical Unit Number of
+ the data disk. Needed in disk-detach.
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ resourceGroupName:
+ description: ResourceGroupName defines the name of ResourceGroup
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret. It is used for Azure credentials.
+ type: string
+ subscriptionID:
+ description: SubscriptionID defines the id of Azure
+ subscription.
+ type: string
+ vmName:
+ description: VMName defines the name of Virtual Machine
+ type: string
+ required:
+ - action
+ - resourceGroupName
+ - subscriptionID
+ - vmName
+ type: object
+ blockChaos:
+ description: BlockChaosSpec is the content of the specification
+ for a BlockChaos
+ properties:
+ action:
+ description: 'Action defines the specific block chaos
+ action. Supported action: delay'
+ enum:
+ - delay
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the delay distribution.
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ description: Latency defines the latency of every
+ io request.
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the
+ chaos action.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ volumeName:
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumeName
+ type: object
+ concurrencyPolicy:
+ enum:
+ - Forbid
+ - Allow
+ type: string
+ dnsChaos:
+ description: DNSChaosSpec defines the desired state of DNSChaos
+ properties:
+ action:
+ description: 'Action defines the specific DNS chaos
+ action. Supported action: error, random Default action:
+ error'
+ enum:
+ - error
+ - random
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patterns:
+ description: "Choose which domain names to take effect,
+ support the placeholder ? and wildcard *, or the Specified
+ domain name. Note: 1. The wildcard * must be
+ at the end of the string. For example, chaos-*.org
+ is invalid. 2. if the patterns is empty, will
+ take effect on all the domain names. For example:
+ \t\tThe value is [\"google.com\", \"github.*\", \"chaos-mes?.org\"],
+ \t\twill take effect on \"google.com\", \"github.com\"
+ and \"chaos-mesh.org\""
+ items:
+ type: string
+ type: array
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ gcpChaos:
+ description: GCPChaosSpec is the content of the specification
+ for a GCPChaos
+ properties:
+ action:
+ description: 'Action defines the specific gcp chaos
+ action. Supported action: node-stop / node-reset /
+ disk-loss Default action: node-stop'
+ enum:
+ - node-stop
+ - node-reset
+ - disk-loss
+ type: string
+ deviceNames:
+ description: The device name of disks to detach. Needed
+ in disk-loss.
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action.
+ type: string
+ instance:
+ description: Instance defines the name of the instance
+ type: string
+ project:
+ description: Project defines the ID of gcp project.
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ secretName:
+ description: SecretName defines the name of kubernetes
+ secret. It is used for GCP credentials.
+ type: string
+ zone:
+ description: Zone defines the zone of gcp project.
+ type: string
+ required:
+ - action
+ - instance
+ - project
+ - zone
+ type: object
+ historyLimit:
+ minimum: 1
+ type: integer
+ httpChaos:
+ properties:
+ abort:
+ description: Abort is a rule to abort a http session.
+ type: boolean
+ code:
+ description: Code is a rule to select target by http
+ status code in response.
+ format: int32
+ type: integer
+ delay:
+ description: Delay represents the delay of the target
+ request/response. A duration string is a possibly
+ unsigned sequence of decimal numbers, each with optional
+ fraction and a unit suffix, such as "300ms", "2h45m".
+ Valid time units are "ns", "us" (or "µs"), "ms", "s",
+ "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the
+ chaos action.
+ type: string
+ method:
+ description: Method is a rule to select target by http
+ method in request.
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ patch:
+ description: Patch is a rule to patch some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to patch message body
+ of target.
+ properties:
+ type:
+ description: Type represents the patch type,
+ only support `JSON` as [merge patch json](https://tools.ietf.org/html/rfc7396)
+ currently.
+ type: string
+ value:
+ description: Value is the patch contents.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ headers:
+ description: 'Headers is a rule to append http headers
+ of target. For example: `[["Set-Cookie", ""], ["Set-Cookie", ""]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ queries:
+ description: 'Queries is a rule to append uri queries
+ of target(Request only). For example: `[["foo",
+ "bar"], ["foo", "unknown"]]`.'
+ items:
+ items:
+ type: string
+ type: array
+ type: array
+ type: object
+ path:
+ description: Path is a rule to select target by uri
+ path in http request.
+ type: string
+ port:
+ description: Port represents the target port to be proxy
+ of.
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ replace:
+ description: Replace is a rule to replace some contents
+ in target.
+ properties:
+ body:
+ description: Body is a rule to replace http message
+ body in target.
+ format: byte
+ type: string
+ code:
+ description: Code is a rule to replace http status
+ code in response.
+ format: int32
+ type: integer
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers is a rule to replace http headers
+ of target. The key-value pairs represent header
+ name and header value pairs.
+ type: object
+ method:
+ description: Method is a rule to replace http method
+ in request.
+ type: string
+ path:
+ description: Path is rule to to replace uri path
+ in http request.
+ type: string
+ queries:
+ additionalProperties:
+ type: string
+ description: 'Queries is a rule to replace uri queries
+ in http request. For example, with value `{ "foo":
+ "unknown" }`, the `/?foo=bar` will be altered
+ to `/?foo=unknown`,'
+ type: object
+ type: object
+ request_headers:
+ additionalProperties:
+ type: string
+ description: RequestHeaders is a rule to select target
+ by http headers in request. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ response_headers:
+ additionalProperties:
+ type: string
+ description: ResponseHeaders is a rule to select target
+ by http headers in response. The key-value pairs represent
+ header name and header value pairs.
+ type: object
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target is the object to be selected and
+ injected.
+ enum:
+ - Request
+ - Response
+ type: string
+ tls:
+ description: TLS is the tls config, will override PodHttpChaos
+ if there are multiple HTTPChaos experiments are applied
+ properties:
+ caName:
+ description: CAName represents the data name of
+ ca file in secret, `ca.crt` for example
+ type: string
+ certName:
+ description: CertName represents the data name of
+ cert file in secret, `tls.crt` for example
+ type: string
+ keyName:
+ description: KeyName represents the data name of
+ key file in secret, `tls.key` for example
+ type: string
+ secretName:
+ description: SecretName represents the name of required
+ secret resource
+ type: string
+ secretNamespace:
+ description: SecretNamespace represents the namespace
+ of required secret resource
+ type: string
+ required:
+ - certName
+ - keyName
+ - secretName
+ - secretNamespace
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - target
+ type: object
+ ioChaos:
+ description: IOChaosSpec defines the desired state of IOChaos
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos
+ action. Supported action: latency / fault / attrOverride
+ / mistake'
+ enum:
+ - latency
+ - fault
+ - attrOverride
+ - mistake
+ type: string
+ attr:
+ description: Attr defines the overrided attribution
+ properties:
+ atime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ blocks:
+ format: int64
+ type: integer
+ ctime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ gid:
+ format: int32
+ type: integer
+ ino:
+ format: int64
+ type: integer
+ kind:
+ description: FileType represents type of file
+ type: string
+ mtime:
+ description: Timespec represents a time
+ properties:
+ nsec:
+ format: int64
+ type: integer
+ sec:
+ format: int64
+ type: integer
+ required:
+ - nsec
+ - sec
+ type: object
+ nlink:
+ format: int32
+ type: integer
+ perm:
+ type: integer
+ rdev:
+ format: int32
+ type: integer
+ size:
+ format: int64
+ type: integer
+ uid:
+ format: int32
+ type: integer
+ type: object
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ delay:
+ description: Delay defines the value of I/O chaos action
+ delay. A delay string is a possibly signed sequence
+ of decimal numbers, each with optional fraction and
+ a unit suffix, such as "300ms". Valid time units are
+ "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ duration:
+ description: Duration represents the duration of the
+ chaos action. It is required when the action is `PodFailureAction`.
+ A duration string is a possibly signed sequence of
+ decimal numbers, each with optional fraction and a
+ unit suffix, such as "300ms", "-1.5h" or "2h45m".
+ Valid time units are "ns", "us" (or "µs"), "ms", "s",
+ "m", "h".
+ type: string
+ errno:
+ description: 'Errno defines the error code that returned
+ by I/O action. refer to: https://www-numi.fnal.gov/offline_software/srt_public_context/WebDocs/Errors/unix_system_errors.html'
+ format: int32
+ type: integer
+ methods:
+ description: 'Methods defines the I/O methods for injecting
+ I/O chaos action. default: all I/O methods.'
+ items:
+ type: string
+ type: array
+ mistake:
+ description: Mistake defines what types of incorrectness
+ are injected to IO operations
+ properties:
+ filling:
+ description: Filling determines what is filled in
+ the mistake data.
+ enum:
+ - zero
+ - random
+ type: string
+ maxLength:
+ description: Max length of each wrong data segment
+ in bytes
+ format: int64
+ minimum: 1
+ type: integer
+ maxOccurrences:
+ description: There will be [1, MaxOccurrences] segments
+ of wrong data.
+ format: int64
+ minimum: 1
+ type: integer
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ path:
+ description: Path defines the path of files for injecting
+ I/O chaos action.
+ type: string
+ percent:
+ default: 100
+ description: 'Percent defines the percentage of injection
+ errors and provides a number from 0-100. default:
+ 100.'
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ volumePath:
+ description: VolumePath represents the mount path of
+ injected volume
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ - volumePath
+ type: object
+ jvmChaos:
+ description: JVMChaosSpec defines the desired state of JVMChaos
+ properties:
+ action:
+ description: 'Action defines the specific jvm chaos
+ action. Supported action: latency;return;exception;stress;gc;ruleData'
+ enum:
+ - latency
+ - return
+ - exception
+ - stress
+ - gc
+ - ruleData
+ - mysql
+ type: string
+ class:
+ description: Java class
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ cpuCount:
+ description: the CPU core number needs to use, only
+ set it when action is stress
+ type: integer
+ database:
+ description: the match database default value is "",
+ means match all database
+ type: string
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ exception:
+ description: the exception which needs to throw for
+ action `exception` or the exception message needs
+ to throw in action `mysql`
+ type: string
+ latency:
+ description: the latency duration for action 'latency',
+ unit ms or the latency duration in action `mysql`
+ type: integer
+ memType:
+ description: the memory type needs to locate, only set
+ it when action is stress, the value can be 'stack'
+ or 'heap'
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java, only
+ support 5.X.X(set to "5") and 8.X.X(set to "8") now
+ type: string
+ name:
+ description: byteman rule name, should be unique, and
+ will generate one if not set
+ type: string
+ pid:
+ description: the pid of Java process which needs to
+ attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ ruleData:
+ description: the byteman rule's data for action 'ruleData'
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ sqlType:
+ description: the match sql type default value is "",
+ means match all SQL type. The value can be 'select',
+ 'insert', 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "", means
+ match all table
+ type: string
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ kernelChaos:
+ description: KernelChaosSpec defines the desired state of
+ KernelChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ failKernRequest:
+ description: FailKernRequest defines the request of
+ kernel injection
+ properties:
+ callchain:
+ description: 'Callchain indicate a special call
+ chain, such as: ext4_mount -> mount_subtree ->
+ ... -> should_failslab With an optional
+ set of predicates and an optional set of parameters,
+ which used with predicates. You can read call
+ chan and predicate examples from https://github.com/chaos-mesh/bpfki/tree/develop/examples
+ to learn more. If no special call chain, just
+ keep Callchain empty, which means it will fail
+ at any call chain with slab alloc (eg: kmalloc).'
+ items:
+ description: Frame defines the function signature
+ and predicate in function's body
+ properties:
+ funcname:
+ description: Funcname can be find from kernel
+ source or `/proc/kallsyms`, such as `ext4_mount`
+ type: string
+ parameters:
+ description: Parameters is used with predicate,
+ for example, if you want to inject slab
+ error in `d_alloc_parallel(struct dentry
+ *parent, const struct qstr *name)` with
+ a special name `bananas`, you need to set
+ it to `struct dentry *parent, const struct
+ qstr *name` otherwise omit it.
+ type: string
+ predicate:
+ description: Predicate will access the arguments
+ of this Frame, example with Parameters's,
+ you can set it to `STRNCMP(name->name, "bananas",
+ 8)` to make inject only with it, or omit
+ it to inject for all d_alloc_parallel call
+ chain.
+ type: string
+ type: object
+ type: array
+ failtype:
+ description: 'FailType indicates what to fail, can
+ be set to ''0'' / ''1'' / ''2'' If `0`, indicates
+ slab to fail (should_failslab) If `1`, indicates
+ alloc_page to fail (should_fail_alloc_page) If
+ `2`, indicates bio to fail (should_fail_bio) You
+ can read: 1. https://www.kernel.org/doc/html/latest/fault-injection/fault-injection.html 2.
+ http://github.com/iovisor/bcc/blob/master/tools/inject_example.txt
+ to learn more'
+ format: int32
+ maximum: 2
+ minimum: 0
+ type: integer
+ headers:
+ description: 'Headers indicates the appropriate
+ kernel headers you need. Eg: "linux/mmzone.h",
+ "linux/blkdev.h" and so on'
+ items:
+ type: string
+ type: array
+ probability:
+ description: Probability indicates the fails with
+ probability. If you want 1%, please set this field
+ with 1.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ times:
+ description: Times indicates the max times of fails.
+ format: int32
+ minimum: 0
+ type: integer
+ required:
+ - failtype
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - failKernRequest
+ - mode
+ - selector
+ type: object
+ networkChaos:
+ description: NetworkChaosSpec defines the desired state
+ of NetworkChaos
+ properties:
+ action:
+ description: 'Action defines the specific network chaos
+ action. Supported action: partition, netem, delay,
+ loss, duplicate, corrupt Default action: delay'
+ enum:
+ - netem
+ - delay
+ - loss
+ - duplicate
+ - corrupt
+ - partition
+ - bandwidth
+ type: string
+ bandwidth:
+ description: Bandwidth represents the detail about bandwidth
+ control action
+ properties:
+ buffer:
+ description: Buffer is the maximum amount of bytes
+ that tokens can be available for instantaneously.
+ format: int32
+ minimum: 1
+ type: integer
+ limit:
+ description: Limit is the number of bytes that can
+ be queued waiting for tokens to become available.
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ description: Minburst specifies the size of the
+ peakrate bucket. For perfect accuracy, should
+ be set to the MTU of the interface. If a peakrate
+ is needed, but some burstiness is acceptable,
+ this size can be raised. A 3000 byte minburst
+ allows around 3mbit/s of peakrate, given 1000
+ byte packets.
+ format: int32
+ minimum: 0
+ type: integer
+ peakrate:
+ description: Peakrate is the maximum depletion rate
+ of the bucket. The peakrate does not need to be
+ set, it is only necessary if perfect millisecond
+ timescale shaping is required.
+ format: int64
+ minimum: 0
+ type: integer
+ rate:
+ description: Rate is the speed knob. Allows bps,
+ kbps, mbps, gbps, tbps unit. bps means bytes per
+ second.
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ corrupt:
+ description: Corrupt represents the detail about corrupt
+ action
+ properties:
+ correlation:
+ type: string
+ corrupt:
+ type: string
+ required:
+ - corrupt
+ type: object
+ delay:
+ description: Delay represents the detail about delay
+ action
+ properties:
+ correlation:
+ type: string
+ jitter:
+ type: string
+ latency:
+ type: string
+ reorder:
+ description: ReorderSpec defines details of packet
+ reorder.
+ properties:
+ correlation:
+ type: string
+ gap:
+ type: integer
+ reorder:
+ type: string
+ required:
+ - gap
+ - reorder
+ type: object
+ required:
+ - latency
+ type: object
+ device:
+ description: Device represents the network device to
+ be affected.
+ type: string
+ direction:
+ default: to
+ description: Direction represents the direction, this
+ applies on netem and network partition action
+ enum:
+ - to
+ - from
+ - both
+ type: string
+ duplicate:
+ description: DuplicateSpec represents the detail about
+ loss action
+ properties:
+ correlation:
+ type: string
+ duplicate:
+ type: string
+ required:
+ - duplicate
+ type: object
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ externalTargets:
+ description: ExternalTargets represents network targets
+ outside k8s
+ items:
+ type: string
+ type: array
+ loss:
+ description: Loss represents the detail about loss action
+ properties:
+ correlation:
+ type: string
+ loss:
+ type: string
+ required:
+ - loss
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ target:
+ description: Target represents network target, this
+ applies on netem and network partition action
+ properties:
+ mode:
+ description: 'Mode defines the mode to run chaos
+ action. Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ selector:
+ description: Selector is used to select pods that
+ are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list
+ of selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector
+ based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace
+ to which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which
+ must match a node's labels, and objects must
+ belong to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and
+ objects must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of
+ condition of a pod at the current time. supported
+ value: Pending / Running / Succeeded / Failed
+ / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and
+ a set values that used to select pods. The
+ key defines the namespace which pods belong,
+ and the each values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is
+ set to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to
+ do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent
+ of pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ targetDevice:
+ description: TargetDevice represents the network device
+ to be affected in target scope.
+ type: string
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ physicalmachineChaos:
+ description: PhysicalMachineChaosSpec defines the desired
+ state of PhysicalMachineChaos
+ properties:
+ action:
+ description: the subAction, generate automatically
+ enum:
+ - stress-cpu
+ - stress-mem
+ - disk-read-payload
+ - disk-write-payload
+ - disk-fill
+ - network-corrupt
+ - network-duplicate
+ - network-loss
+ - network-delay
+ - network-partition
+ - network-dns
+ - network-bandwidth
+ - network-flood
+ - network-down
+ - process
+ - jvm-exception
+ - jvm-gc
+ - jvm-latency
+ - jvm-return
+ - jvm-stress
+ - jvm-rule-data
+ - jvm-mysql
+ - clock
+ - redis-expiration
+ - redis-penetration
+ - redis-cacheLimit
+ - redis-restart
+ - redis-stop
+ - kafka-fill
+ - kafka-flood
+ - kafka-io
+ - file-create
+ - file-modify
+ - file-delete
+ - file-rename
+ - file-append
+ - file-replace
+ - vm
+ - user_defined
+ type: string
+ address:
+ description: 'DEPRECATED: Use Selector instead. Only
+ one of Address and Selector could be specified.'
+ items:
+ type: string
+ type: array
+ clock:
+ properties:
+ clock-ids-slice:
+ description: the identifier of the particular clock
+ on which to act. More clock description in linux
+ kernel can be found in man page of clock_getres,
+ clock_gettime, clock_settime. Muti clock ids should
+ be split with ","
+ type: string
+ pid:
+ description: the pid of target program.
+ type: integer
+ time-offset:
+ description: specifies the length of time offset.
+ type: string
+ type: object
+ disk-fill:
+ properties:
+ fill-by-fallocate:
+ description: fill disk by fallocate
+ type: boolean
+ path:
+ description: specifies the location to fill data
+ in. if path not provided, payload will read/write
+ from/into a temp file, temp file will be deleted
+ after writing
+ type: string
+ size:
+ description: 'specifies how many units of data will
+ write into the file path. support unit: c=1, w=2,
+ b=512, kB=1000, K=1024, MB=1000*1000, M=1024*1024,
+ GB=1000*1000*1000, G=1024*1024*1024 BYTES. example
+ : 1M | 512kB'
+ type: string
+ type: object
+ disk-read-payload:
+ properties:
+ path:
+ description: specifies the location to fill data
+ in. if path not provided, payload will read/write
+ from/into a temp file, temp file will be deleted
+ after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work
+ on writing, default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will
+ write into the file path. support unit: c=1, w=2,
+ b=512, kB=1000, K=1024, MB=1000*1000, M=1024*1024,
+ GB=1000*1000*1000, G=1024*1024*1024 BYTES. example
+ : 1M | 512kB'
+ type: string
+ type: object
+ disk-write-payload:
+ properties:
+ path:
+ description: specifies the location to fill data
+ in. if path not provided, payload will read/write
+ from/into a temp file, temp file will be deleted
+ after writing
+ type: string
+ payload-process-num:
+ description: specifies the number of process work
+ on writing, default 1, only 1-255 is valid value
+ type: integer
+ size:
+ description: 'specifies how many units of data will
+ write into the file path. support unit: c=1, w=2,
+ b=512, kB=1000, K=1024, MB=1000*1000, M=1024*1024,
+ GB=1000*1000*1000, G=1024*1024*1024 BYTES. example
+ : 1M | 512kB'
+ type: string
+ type: object
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ file-append:
+ properties:
+ count:
+ description: Count is the number of times to append
+ the data.
+ type: integer
+ data:
+ description: Data is the data for append.
+ type: string
+ file-name:
+ description: FileName is the name of the file to
+ be created, modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-create:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create
+ or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to
+ be created, modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-delete:
+ properties:
+ dir-name:
+ description: DirName is the directory name to create
+ or delete.
+ type: string
+ file-name:
+ description: FileName is the name of the file to
+ be created, modified, deleted, renamed, or appended.
+ type: string
+ type: object
+ file-modify:
+ properties:
+ file-name:
+ description: FileName is the name of the file to
+ be created, modified, deleted, renamed, or appended.
+ type: string
+ privilege:
+ description: Privilege is the file privilege to
+ be set.
+ format: int32
+ type: integer
+ type: object
+ file-rename:
+ properties:
+ dest-file:
+ description: DestFile is the name to be renamed.
+ type: string
+ source-file:
+ description: SourceFile is the name need to be renamed.
+ type: string
+ type: object
+ file-replace:
+ properties:
+ dest-string:
+ description: DestStr is the destination string of
+ the file.
+ type: string
+ file-name:
+ description: FileName is the name of the file to
+ be created, modified, deleted, renamed, or appended.
+ type: string
+ line:
+ description: Line is the line number of the file
+ to be replaced.
+ type: integer
+ origin-string:
+ description: OriginStr is the origin string of the
+ file.
+ type: string
+ type: object
+ http-abort:
+ properties:
+ code:
+ description: Code is a rule to select target by
+ http status code in response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service
+ listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP
+ connection, we will only attack HTTP connection
+ with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - proxy_ports
+ - target
+ type: object
+ http-config:
+ properties:
+ file_path:
+ description: The config file path
+ type: string
+ type: object
+ http-delay:
+ properties:
+ code:
+ description: Code is a rule to select target by
+ http status code in response
+ type: string
+ delay:
+ description: Delay represents the delay of the target
+ request/response
+ type: string
+ method:
+ description: HTTP method
+ type: string
+ path:
+ description: Match path of Uri with wildcard matches
+ type: string
+ port:
+ description: The TCP port that the target service
+ listens on
+ format: int32
+ type: integer
+ proxy_ports:
+ description: Composed with one of the port of HTTP
+ connection, we will only attack HTTP connection
+ with port inside proxy_ports
+ items:
+ type: integer
+ type: array
+ target:
+ description: 'HTTP target: Request or Response'
+ type: string
+ required:
+ - delay
+ - proxy_ports
+ - target
+ type: object
+ http-request:
+ description: used for HTTP request, now only support
+ GET
+ properties:
+ count:
+ description: The number of requests to send
+ type: integer
+ enable-conn-pool:
+ description: Enable connection pool
+ type: boolean
+ url:
+ description: Request to send"
+ type: string
+ type: object
+ jvm-exception:
+ properties:
+ class:
+ description: Java class
+ type: string
+ exception:
+ description: the exception which needs to throw
+ for action `exception`
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-gc:
+ properties:
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-latency:
+ properties:
+ class:
+ description: Java class
+ type: string
+ latency:
+ description: the latency duration for action 'latency',
+ unit ms
+ type: integer
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ jvm-mysql:
+ properties:
+ database:
+ description: the match database default value is
+ "", means match all database
+ type: string
+ exception:
+ description: The exception which needs to throw
+ for action `exception` or the exception message
+ needs to throw in action `mysql`
+ type: string
+ latency:
+ description: The latency duration for action 'latency'
+ or the latency duration in action `mysql`
+ type: integer
+ mysqlConnectorVersion:
+ description: the version of mysql-connector-java,
+ only support 5.X.X(set to "5") and 8.X.X(set to
+ "8") now
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ sqlType:
+ description: the match sql type default value is
+ "", means match all SQL type. The value can be
+ 'select', 'insert', 'update', 'delete', 'replace'.
+ type: string
+ table:
+ description: the match table default value is "",
+ means match all table
+ type: string
+ type: object
+ jvm-return:
+ properties:
+ class:
+ description: Java class
+ type: string
+ method:
+ description: the method in Java class
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ value:
+ description: the return value for action 'return'
+ type: string
+ type: object
+ jvm-rule-data:
+ properties:
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ rule-data:
+ description: RuleData used to save the rule file's
+ data, will use it when recover
+ type: string
+ type: object
+ jvm-stress:
+ properties:
+ cpu-count:
+ description: the CPU core number need to use, only
+ set it when action is stress
+ type: integer
+ mem-type:
+ description: the memory type need to locate, only
+ set it when action is stress, the value can be
+ 'stack' or 'heap'
+ type: string
+ pid:
+ description: the pid of Java process which needs
+ to attach
+ type: integer
+ port:
+ description: the port of agent server, default 9277
+ format: int32
+ type: integer
+ type: object
+ kafka-fill:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ maxBytes:
+ description: The max bytes to fill
+ format: int64
+ type: integer
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ reloadCommand:
+ description: The command to reload kafka config
+ type: string
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-flood:
+ properties:
+ host:
+ description: The host of kafka server
+ type: string
+ messageSize:
+ description: The size of each message
+ type: integer
+ password:
+ description: The password of kafka client
+ type: string
+ port:
+ description: The port of kafka server
+ type: integer
+ threads:
+ description: The number of worker threads
+ type: integer
+ topic:
+ description: The topic to attack
+ type: string
+ username:
+ description: The username of kafka client
+ type: string
+ type: object
+ kafka-io:
+ properties:
+ configFile:
+ description: The path of server config
+ type: string
+ nonReadable:
+ description: Make kafka cluster non-readable
+ type: boolean
+ nonWritable:
+ description: Make kafka cluster non-writable
+ type: boolean
+ topic:
+ description: The topic to attack
+ type: string
+ type: object
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ network-bandwidth:
+ properties:
+ buffer:
+ format: int32
+ minimum: 1
+ type: integer
+ device:
+ type: string
+ hostname:
+ type: string
+ ip-address:
+ type: string
+ limit:
+ format: int32
+ minimum: 1
+ type: integer
+ minburst:
+ format: int32
+ type: integer
+ peakrate:
+ format: int64
+ type: integer
+ rate:
+ type: string
+ required:
+ - buffer
+ - limit
+ - rate
+ type: object
+ network-corrupt:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or to
+ indicate the range, such as 80, 8001:8010. it
+ can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP
+ protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to corrupt (10
+ is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these
+ source ports, use a ',' to separate or to indicate
+ the range, such as 80, 8001:8010. it can only
+ be used in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-delay:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp
+ flag can be accepted, others will be dropped.
+ only set when the IPProtocol is tcp, used for
+ partition.
+ type: string
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or to
+ indicate the range, such as 80, 8001:8010. it
+ can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP
+ protocol, supported: tcp, udp, icmp, all'
+ type: string
+ jitter:
+ description: 'jitter time, time units: ns, us (or
+ µs), ms, s, m, h.'
+ type: string
+ latency:
+ description: 'delay egress time, time units: ns,
+ us (or µs), ms, s, m, h.'
+ type: string
+ source-port:
+ description: only impact egress traffic from these
+ source ports, use a ',' to separate or to indicate
+ the range, such as 80, 8001:8010. it can only
+ be used in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-dns:
+ properties:
+ dns-domain-name:
+ description: map this host to specified IP
+ type: string
+ dns-ip:
+ description: map specified host to this IP address
+ type: string
+ dns-server:
+ description: update the DNS server in /etc/resolv.conf
+ with this value
+ type: string
+ type: object
+ network-down:
+ properties:
+ device:
+ description: The network interface to impact
+ type: string
+ duration:
+ description: 'NIC down time, time units: ns, us
+ (or µs), ms, s, m, h.'
+ type: string
+ type: object
+ network-duplicate:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or to
+ indicate the range, such as 80, 8001:8010. it
+ can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP
+ protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to duplicate
+ (10 is 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these
+ source ports, use a ',' to separate or to indicate
+ the range, such as 80, 8001:8010. it can only
+ be used in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-flood:
+ properties:
+ duration:
+ description: The number of seconds to run the iperf
+ test
+ type: string
+ ip-address:
+ description: Generate traffic to this IP address
+ type: string
+ parallel:
+ description: The number of iperf parallel client
+ threads to run
+ format: int32
+ type: integer
+ port:
+ description: Generate traffic to this port on the
+ IP address
+ type: string
+ rate:
+ description: The speed of network traffic, allows
+ bps, kbps, mbps, gbps, tbps unit. bps means bytes
+ per second
+ type: string
+ required:
+ - duration
+ - rate
+ type: object
+ network-loss:
+ properties:
+ correlation:
+ description: correlation is percentage (10 is 10%)
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ egress-port:
+ description: only impact egress traffic to these
+ destination ports, use a ',' to separate or to
+ indicate the range, such as 80, 8001:8010. it
+ can only be used in conjunction with -p tcp or
+ -p udp
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: 'only impact traffic using this IP
+ protocol, supported: tcp, udp, icmp, all'
+ type: string
+ percent:
+ description: percentage of packets to loss (10 is
+ 10%)
+ type: string
+ source-port:
+ description: only impact egress traffic from these
+ source ports, use a ',' to separate or to indicate
+ the range, such as 80, 8001:8010. it can only
+ be used in conjunction with -p tcp or -p udp
+ type: string
+ type: object
+ network-partition:
+ properties:
+ accept-tcp-flags:
+ description: only the packet which match the tcp
+ flag can be accepted, others will be dropped.
+ only set when the IPProtocol is tcp, used for
+ partition.
+ type: string
+ device:
+ description: the network interface to impact
+ type: string
+ direction:
+ description: specifies the partition direction,
+ values can be 'from', 'to'. 'from' means packets
+ coming from the 'IPAddress' or 'Hostname' and
+ going to your server, 'to' means packets originating
+ from your server and going to the 'IPAddress'
+ or 'Hostname'.
+ type: string
+ hostname:
+ description: only impact traffic to these hostnames
+ type: string
+ ip-address:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ ip-protocol:
+ description: only impact egress traffic to these
+ IP addresses
+ type: string
+ type: object
+ process:
+ properties:
+ process:
+ description: the process name or the process ID
+ type: string
+ recoverCmd:
+ description: the command to be run when recovering
+ experiment
+ type: string
+ signal:
+ description: the signal number to send
+ type: integer
+ type: object
+ redis-cacheLimit:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ cacheSize:
+ description: The size of `maxmemory`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ percent:
+ description: Specifies maxmemory as a percentage
+ of the original value
+ type: string
+ type: object
+ redis-expiration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ expiration:
+ description: The expiration of the keys
+ type: string
+ key:
+ description: The keys to be expired
+ type: string
+ option:
+ description: Additional options for `expiration`
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ type: object
+ redis-penetration:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ password:
+ description: The password of Redis server
+ type: string
+ requestNum:
+ description: The number of requests to be sent
+ type: integer
+ type: object
+ redis-restart:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether
+ to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line
+ tool
+ type: boolean
+ type: object
+ redis-stop:
+ properties:
+ addr:
+ description: The adress of Redis server
+ type: string
+ conf:
+ description: The path of Sentinel conf
+ type: string
+ flushConfig:
+ description: The control flag determines whether
+ to flush config
+ type: boolean
+ password:
+ description: The password of Redis server
+ type: string
+ redisPath:
+ description: The path of `redis-server` command-line
+ tool
+ type: boolean
+ type: object
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select physical machines
+ that are used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ physicalMachines:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: PhysicalMachines is a map of string
+ keys and a set values that used to select physical
+ machines. The key defines the namespace which
+ physical machine belong, and each value is a set
+ of physical machine names.
+ type: object
+ type: object
+ stress-cpu:
+ properties:
+ load:
+ description: specifies P percent loading per CPU
+ worker. 0 is effectively a sleep (no load) and
+ 100 is full loading.
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: specifies N workers to apply the stressor.
+ type: integer
+ type: object
+ stress-mem:
+ properties:
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: specifies N bytes consumed per vm worker,
+ default is the total available memory. One can
+ specify the size as % of total available memory
+ or in units of B, KB/KiB, MB/MiB, GB/GiB, TB/TiB..
+ type: string
+ type: object
+ uid:
+ description: the experiment ID
+ type: string
+ user_defined:
+ properties:
+ attackCmd:
+ description: The command to be executed when attack
+ type: string
+ recoverCmd:
+ description: The command to be executed when recover
+ type: string
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of physical machines
+ to do chaos action. If `FixedPercentMode`, provide
+ a number from 0-100 to specify the percent of physical
+ machines the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ vm:
+ properties:
+ vm-name:
+ description: The name of the VM to be injected
+ type: string
+ type: object
+ required:
+ - action
+ - mode
+ type: object
+ podChaos:
+ description: PodChaosSpec defines the attributes that a
+ user creates on a chaos experiment about pods.
+ properties:
+ action:
+ description: 'Action defines the specific pod chaos
+ action. Supported action: pod-kill / pod-failure /
+ container-kill Default action: pod-kill'
+ enum:
+ - pod-kill
+ - pod-failure
+ - container-kill
+ type: string
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action. It is required when the action is `PodFailureAction`.
+ A duration string is a possibly signed sequence of
+ decimal numbers, each with optional fraction and a
+ unit suffix, such as "300ms", "-1.5h" or "2h45m".
+ Valid time units are "ns", "us" (or "µs"), "ms", "s",
+ "m", "h".
+ type: string
+ gracePeriod:
+ description: GracePeriod is used in pod-kill action.
+ It represents the duration in seconds before the pod
+ should be deleted. Value must be non-negative integer.
+ The default value is zero that indicates delete immediately.
+ format: int64
+ minimum: 0
+ type: integer
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - action
+ - mode
+ - selector
+ type: object
+ schedule:
+ type: string
+ startingDeadlineSeconds:
+ format: int64
+ minimum: 0
+ nullable: true
+ type: integer
+ stressChaos:
+ description: StressChaosSpec defines the desired state of
+ StressChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ stressngStressors:
+ description: StressngStressors defines plenty of stressors
+ just like `Stressors` except that it's an experimental
+ feature and more powerful. You can define stressors
+ in `stress-ng` (see also `man stress-ng`) dialect,
+ however not all of the supported stressors are well
+ tested. It maybe retired in later releases. You should
+ always use `Stressors` to define the stressors and
+ use this only when you want more stressors unsupported
+ by `Stressors`. When both `StressngStressors` and
+ `Stressors` are defined, `StressngStressors` wins.
+ type: string
+ stressors:
+ description: Stressors defines plenty of stressors supported
+ to stress system components out. You can use one or
+ more of them to make up various kinds of stresses.
+ At least one of the stressors should be specified.
+ properties:
+ cpu:
+ description: CPUStressor stresses CPU out
+ properties:
+ load:
+ description: Load specifies P percent loading
+ per CPU worker. 0 is effectively a sleep (no
+ load) and 100 is full loading.
+ maximum: 100
+ minimum: 0
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: Workers specifies N workers to
+ apply the stressor. Maximum 8192 workers can
+ run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ memory:
+ description: MemoryStressor stresses virtual memory
+ out
+ properties:
+ oomScoreAdj:
+ default: 0
+ description: OOMScoreAdj sets the oom_score_adj
+ of the stress process. See `man 5 proc` to
+ know more about this option.
+ maximum: 1000
+ minimum: -1000
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: Size specifies N bytes consumed
+ per vm worker, default is the total available
+ memory. One can specify the size as % of total
+ available memory or in units of B, KB/KiB,
+ MB/MiB, GB/GiB, TB/TiB.
+ type: string
+ workers:
+ description: Workers specifies N workers to
+ apply the stressor. Maximum 8192 workers can
+ run by stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ timeChaos:
+ description: TimeChaosSpec defines the desired state of
+ TimeChaos
+ properties:
+ clockIds:
+ description: ClockIds defines all affected clock id
+ All available options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID",
+ "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM",
+ "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"]
+ items:
+ type: string
+ type: array
+ containerNames:
+ description: ContainerNames indicates list of the name
+ of affected container. If not set, the first container
+ will be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the
+ chaos action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent
+ / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are
+ used to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions
+ that can be used to select objects. A list of
+ selectors based on set-based label expressions.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select objects. A selector based
+ on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to
+ which objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that
+ can be used to select nodes. Selector which must
+ match a node's labels, and objects must belong
+ to these selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value:
+ Pending / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a
+ set values that used to select pods. The key defines
+ the namespace which pods belong, and the each
+ values is a set of pod names.
+ type: object
+ type: object
+ timeOffset:
+ description: TimeOffset defines the delta time of injected
+ program. It's a possibly signed sequence of decimal
+ numbers, such as "300ms", "-1.5h" or "2h45m". Valid
+ time units are "ns", "us" (or "µs"), "ms", "s", "m",
+ "h".
+ type: string
+ value:
+ description: Value is required when the mode is set
+ to `FixedMode` / `FixedPercentMode` / `RandomMaxPercentMode`.
+ If `FixedMode`, provide an integer of pods to do chaos
+ action. If `FixedPercentMode`, provide a number from
+ 0-100 to specify the percent of pods the server can
+ do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of
+ pods to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - timeOffset
+ type: object
+ type:
+ description: 'TODO: use a custom type, as `TemplateType`
+ contains other possible values'
+ type: string
+ required:
+ - schedule
+ - type
+ type: object
+ statusCheck:
+ description: StatusCheck describe the behavior of StatusCheck.
+ Only used when Type is TypeStatusCheck.
+ properties:
+ duration:
+ description: Duration defines the duration of the whole
+ status check if the number of failed execution does not
+ exceed the failure threshold. Duration is available to
+ both `Synchronous` and `Continuous` mode. A duration string
+ is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as "300ms",
+ "-1.5h" or "2h45m". Valid time units are "ns", "us" (or
+ "µs"), "ms", "s", "m", "h".
+ type: string
+ failureThreshold:
+ default: 3
+ description: FailureThreshold defines the minimum consecutive
+ failure for the status check to be considered failed.
+ minimum: 1
+ type: integer
+ http:
+ properties:
+ body:
+ type: string
+ criteria:
+ description: Criteria defines how to determine the result
+ of the status check.
+ properties:
+ statusCode:
+ description: StatusCode defines the expected http
+ status code for the request. A statusCode string
+ could be a single code (e.g. 200), or an inclusive
+ range (e.g. 200-400, both `200` and `400` are
+ included).
+ type: string
+ required:
+ - statusCode
+ type: object
+ headers:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: "A Header represents the key-value pairs
+ in an HTTP header. \n The keys should be in canonical
+ form, as returned by CanonicalHeaderKey."
+ type: object
+ method:
+ default: GET
+ enum:
+ - GET
+ - POST
+ type: string
+ url:
+ type: string
+ required:
+ - criteria
+ - url
+ type: object
+ intervalSeconds:
+ default: 10
+ description: IntervalSeconds defines how often (in seconds)
+ to perform an execution of status check.
+ minimum: 1
+ type: integer
+ mode:
+ description: 'Mode defines the execution mode of the status
+ check. Support type: Synchronous / Continuous'
+ enum:
+ - Synchronous
+ - Continuous
+ type: string
+ recordsHistoryLimit:
+ default: 100
+ description: RecordsHistoryLimit defines the number of record
+ to retain.
+ maximum: 1000
+ minimum: 1
+ type: integer
+ successThreshold:
+ default: 1
+ description: SuccessThreshold defines the minimum consecutive
+ successes for the status check to be considered successful.
+ SuccessThreshold only works for `Synchronous` mode.
+ minimum: 1
+ type: integer
+ timeoutSeconds:
+ default: 1
+ description: TimeoutSeconds defines the number of seconds
+ after which an execution of status check times out.
+ minimum: 1
+ type: integer
+ type:
+ default: HTTP
+ description: 'Type defines the specific status check type.
+ Support type: HTTP'
+ enum:
+ - HTTP
+ type: string
+ required:
+ - type
+ type: object
+ stressChaos:
+ description: StressChaosSpec defines the desired state of StressChaos
+ properties:
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines the
+ namespace which pods belong, and the each values is
+ a set of pod names.
+ type: object
+ type: object
+ stressngStressors:
+ description: StressngStressors defines plenty of stressors
+ just like `Stressors` except that it's an experimental
+ feature and more powerful. You can define stressors in
+ `stress-ng` (see also `man stress-ng`) dialect, however
+ not all of the supported stressors are well tested. It
+ maybe retired in later releases. You should always use
+ `Stressors` to define the stressors and use this only
+ when you want more stressors unsupported by `Stressors`.
+ When both `StressngStressors` and `Stressors` are defined,
+ `StressngStressors` wins.
+ type: string
+ stressors:
+ description: Stressors defines plenty of stressors supported
+ to stress system components out. You can use one or more
+ of them to make up various kinds of stresses. At least
+ one of the stressors should be specified.
+ properties:
+ cpu:
+ description: CPUStressor stresses CPU out
+ properties:
+ load:
+ description: Load specifies P percent loading per
+ CPU worker. 0 is effectively a sleep (no load)
+ and 100 is full loading.
+ maximum: 100
+ minimum: 0
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ workers:
+ description: Workers specifies N workers to apply
+ the stressor. Maximum 8192 workers can run by
+ stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ memory:
+ description: MemoryStressor stresses virtual memory
+ out
+ properties:
+ oomScoreAdj:
+ default: 0
+ description: OOMScoreAdj sets the oom_score_adj
+ of the stress process. See `man 5 proc` to know
+ more about this option.
+ maximum: 1000
+ minimum: -1000
+ type: integer
+ options:
+ description: extend stress-ng options
+ items:
+ type: string
+ type: array
+ size:
+ description: Size specifies N bytes consumed per
+ vm worker, default is the total available memory.
+ One can specify the size as % of total available
+ memory or in units of B, KB/KiB, MB/MiB, GB/GiB,
+ TB/TiB.
+ type: string
+ workers:
+ description: Workers specifies N workers to apply
+ the stressor. Maximum 8192 workers can run by
+ stress-ng
+ maximum: 8192
+ type: integer
+ required:
+ - workers
+ type: object
+ type: object
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ type: object
+ task:
+ description: Task describes the behavior of the custom task.
+ Only used when Type is TypeTask.
+ properties:
+ container:
+ description: Container is the main container image to run
+ in the pod
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container
+ image''s CMD is used if this is not provided. Variable
+ references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If
+ a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in
+ the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is
+ starting. When a key exists in multiple sources, the
+ value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will
+ take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config
+ management to default or override container images
+ in workload controllers like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never,
+ IfNotPresent. Defaults to Always if :latest tag is
+ specified, or IfNotPresent otherwise. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should
+ take in response to container lifecycle events. Cannot
+ be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after
+ a container is created. If the handler fails,
+ the container is terminated and restarted according
+ to its restart policy. Other management of the
+ container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before
+ a container is terminated due to an API request
+ or management event such as liveness/startup probe
+ failure, preemption, resource contention, etc.
+ The handler is not called if the container crashes
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's
+ IP address. This must be a valid port number,
+ 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host.
+ If specified, this must be a valid port number,
+ 0 < x < 65536. If HostNetwork is specified,
+ this must match ContainerPort. Most containers
+ do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in
+ a pod must have a unique name. Name for the
+ port that can be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP,
+ or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if
+ the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field and
+ requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the
+ Pod where this field is used. It makes that
+ resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges than
+ its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container
+ process. AllowPrivilegeEscalation is true always
+ when the container is: 1) run as Privileged 2)
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running
+ containers. Defaults to the default set of capabilities
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default is
+ DefaultProcMount which uses the container runtime
+ defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the
+ container process. Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run
+ as a non-root user. If true, the Kubelet will
+ validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no
+ such validation will be performed. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the
+ container process. Defaults to user specified
+ in image metadata if unspecified. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to
+ the container. If unspecified, the container runtime
+ will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided at
+ both the pod & container level, the container
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative
+ to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are:
+ \n Localhost - a profile defined in a file
+ on the node should be used. RuntimeDefault
+ - the container runtime default profile should
+ be used. Unconfined - no profile should be
+ applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the
+ GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run
+ the entrypoint of the container process. Defaults
+ to the user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has
+ successfully initialized. If specified, no other probes
+ are executed until this completes successfully. If
+ this probe fails, the Pod will be restarted, just
+ as if the livenessProbe failed. This can be used to
+ provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time
+ to load data or warm a cache, than during steady-state
+ operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will
+ always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close
+ the stdin channel after it has been opened by a single
+ attach. When stdin is true the stdin stream will remain
+ open across multiple attach sessions. If stdinOnce
+ is set to true, stdin is opened on container start,
+ is empty until the first client attaches to stdin,
+ and then remains open and accepts data until the client
+ disconnects, at which time stdin is closed and remains
+ closed until the container is restarted. If this flag
+ is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which
+ the container''s termination message will be written
+ is mounted into the container''s filesystem. Message
+ written is intended to be brief final status, such
+ as an assertion failure message. Will be truncated
+ by the node if greater than 4096 bytes. The total
+ message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot
+ be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should
+ be populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success
+ and failure. FallbackToLogsOnError will use the last
+ chunk of container log output if the termination message
+ file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines,
+ whichever is smaller. Defaults to File. Cannot be
+ updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which
+ the volume should be mounted. Must not contain
+ ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and
+ the other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults to
+ false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted. Defaults
+ to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from
+ which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment
+ variable references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath
+ are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which
+ might be configured in the container image. Cannot
+ be updated.
+ type: string
+ required:
+ - name
+ type: object
+ volumes:
+ description: Volumes is a list of volumes that can be mounted
+ by containers in a template.
+ items:
+ description: Volume represents a named volume in a pod
+ that may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS
+ Disk resource that is attached to a kubelet''s host
+ machine and then exposed to the pod. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of
+ the volume that you want to mount. Tip: Ensure
+ that the filesystem type is supported by the
+ host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property
+ empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the
+ readOnly setting in VolumeMounts. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk
+ mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching
+ mode: None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data
+ disk in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in
+ the blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared:
+ multiple blob disks per storage account Dedicated:
+ single blob disk per storage account Managed:
+ azure managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret
+ that contains Azure Storage Account Name and
+ Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on
+ the host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is
+ a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts. More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default is
+ /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef
+ is reference to the authentication secret for
+ User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is optional: User is the rados
+ user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info:
+ https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to
+ mount. Must be a filesystem type supported by
+ the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to
+ a secret object containing parameters used to
+ connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volumeID used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that
+ should populate this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits
+ used to set permissions on created files by
+ default. Must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits.
+ Defaults to 0644. Directories within the path
+ are not affected by this setting. This might
+ be in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver
+ that handles this volume. Consult with your
+ admin for the correct name as registered in
+ the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is
+ passed to the associated CSI driver which will
+ determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference
+ to the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if
+ no secret is required. If the secret object
+ contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific
+ properties that are passed to the CSI driver.
+ Consult your driver's documentation for supported
+ values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about
+ the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits
+ used to set permissions on created files by
+ default. Must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits.
+ Defaults to 0644. Directories within the path
+ are not affected by this setting. This might
+ be in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage
+ medium should back this directory. The default
+ is "" which means to use the node''s default
+ medium. Must be an empty string (default) or
+ Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of
+ local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory
+ medium. The maximum usage on memory medium EmptyDir
+ would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits
+ of all containers in a pod. The default is nil
+ which means that the limit is undefined. More
+ info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is
+ handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it - it
+ will be created before the pod starts, and deleted
+ when the pod is removed. \n Use this if: a) the
+ volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or
+ capacity tracking are needed, c) the storage
+ driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning
+ through a PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection between
+ this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the
+ lifecycle of an individual pod. \n Use CSI for light-weight
+ local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes
+ at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone
+ PVC to provision the volume. The pod in which
+ this EphemeralVolumeSource is embedded will
+ be the owner of the PVC, i.e. the PVC will be
+ deleted together with the pod. The name of
+ the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes`
+ array entry. Pod validation will reject the
+ pod if the concatenated name is not valid for
+ a PVC (for example, too long). \n An existing
+ PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid
+ using an unrelated volume by mistake. Starting
+ the pod is then blocked until the unrelated
+ PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to
+ updated with an owner reference to the pod once
+ the pod exists. Normally this should not be
+ necessary, but it may be useful when manually
+ reconstructing a broken cluster. \n This field
+ is read-only and no changes will be made by
+ Kubernetes to the PVC after it has been created.
+ \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will
+ be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into
+ the PVC that gets created from this template.
+ The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the
+ desired access modes the volume should
+ have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be
+ used to specify either: * An existing
+ VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller
+ can support the specified data source,
+ it will create a new volume based on
+ the contents of the specified data source.
+ When the AnyVolumeDataSource feature
+ gate is enabled, dataSource contents
+ will be copied to dataSourceRef, and
+ dataSourceRef contents will be copied
+ to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace is
+ specified, then dataSourceRef will not
+ be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified, the
+ specified Kind must be in the core
+ API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ description: 'dataSourceRef specifies
+ the object from which to populate the
+ volume with data, if a non-empty volume
+ is desired. This may be any object from
+ a non-empty API group (non core object)
+ or a PersistentVolumeClaim object. When
+ this field is specified, volume binding
+ will only succeed if the type of the
+ specified object matches some installed
+ volume populator or dynamic provisioner.
+ This field will replace the functionality
+ of the dataSource field and as such
+ if both fields are non-empty, they must
+ have the same value. For backwards compatibility,
+ when namespace isn''t specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef)
+ will be set to the same value automatically
+ if one of them is empty and the other
+ is non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t
+ set to the same value and must be empty.
+ There are three important differences
+ between dataSource and dataSourceRef:
+ * While dataSource only allows two specific
+ types of objects, dataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores
+ disallowed values (dropping them), dataSourceRef preserves
+ all values, and generates an error if
+ a disallowed value is specified. *
+ While dataSource only allows local objects,
+ dataSourceRef allows objects in any
+ namespaces. (Beta) Using this field
+ requires the AnyVolumeDataSource feature
+ gate to be enabled. (Alpha) Using the
+ namespace field of dataSourceRef requires
+ the CrossNamespaceVolumeDataSource feature
+ gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified, the
+ specified Kind must be in the core
+ API group. For any other third-party
+ types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace
+ of resource being referenced Note
+ that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent
+ namespace to allow that namespace's
+ owner to accept the reference. See
+ the ReferenceGrant documentation
+ for details. (Alpha) This field
+ requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the
+ minimum resources the volume should
+ have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed
+ to specify resource requirements that
+ are lower than previous value but must
+ still be higher than capacity recorded
+ in the status field of the claim. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names
+ of resources, defined in spec.resourceClaims,
+ that are used by this container.
+ \n This is an alpha field and requires
+ enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match
+ the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field
+ is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the
+ maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the
+ minimum amount of compute resources
+ required. If Requests is omitted
+ for a container, it defaults to
+ Limits if that is explicitly specified,
+ otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query
+ over volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a
+ set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values
+ array must be non-empty. If
+ the operator is Exists or
+ DoesNotExist, the values array
+ must be empty. This array
+ is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ storageClassName:
+ description: 'storageClassName is the
+ name of the StorageClass required by
+ the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type
+ of volume is required by the claim.
+ Value of Filesystem is implied when
+ not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding
+ reference to the PersistentVolume backing
+ this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and
+ then exposed to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to
+ mount. Must be a filesystem type supported by
+ the host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. TODO: how do we prevent errors
+ in the filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world
+ wide identifiers (wwids) Either wwids or combination
+ of targetWWNs and lun must be set, but not both
+ simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume
+ resource that is provisioned/attached using an exec
+ based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver
+ to use for this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported by
+ the host operating system. Ex. "ext4", "xfs",
+ "ntfs". The default filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field
+ holds extra command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to
+ false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef
+ is reference to the secret object containing
+ sensitive information to pass to the plugin
+ scripts. This may be empty if no secret object
+ is specified. If the secret object contains
+ more than one secret, all secrets are passed
+ to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the
+ Flocker control service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset for
+ Flocker should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host
+ operating system. Examples: "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property
+ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD
+ resource in GCE. Used to identify the disk in
+ GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository
+ at a particular revision. DEPRECATED: GitRepo is
+ deprecated. To provision a container with a git
+ repo, mount an EmptyDir into an InitContainer that
+ clones the repo using git, then mount the EmptyDir
+ into the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory
+ name. Must not contain or start with '..'. If
+ '.' is supplied, the volume directory will be
+ the git repository. Otherwise, if specified,
+ the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the
+ specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount
+ on the host that shares a pod''s lifetime. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions.
+ Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file
+ or directory on the host machine that is directly
+ exposed to the container. This is generally used
+ for system agents or other privileged things that
+ are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use
+ host directory mounts and who can/can not mount
+ host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host.
+ If the path is a symlink, it will follow the
+ link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults
+ to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource
+ that is attached to a kubelet''s host machine and
+ then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether
+ support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of
+ the volume that you want to mount. Tip: Ensure
+ that the filesystem type is supported by the
+ host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI
+ Initiator Name. If initiatorName is specified
+ with iscsiInterface simultaneously, new iSCSI
+ interface : will
+ be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name
+ that uses an iSCSI transport. Defaults to 'default'
+ (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for
+ iSCSI target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port if
+ the port is other than default (typically TCP
+ ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL
+ and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host
+ that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS
+ server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS
+ export to be mounted with read-only permissions.
+ Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address
+ of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same
+ namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this
+ volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly
+ setting in VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets
+ host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported by
+ the host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx
+ volume attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem
+ type to mount Must be a filesystem type supported
+ by the host operating system. Ex. "ext4", "xfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires
+ decimal values for mode bits. Directories within
+ the path are not affected by this setting. This
+ might be in conflict with other options that
+ affect the file mode, like fsGroup, and the
+ result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ configMap:
+ description: configMap information about
+ the configMap data to project
+ properties:
+ items:
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced ConfigMap will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will
+ be projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not
+ present in the ConfigMap, the volume
+ setup will error unless it is marked
+ optional. Paths must be relative and
+ may not contain the '..' path or start
+ with '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: key is the key to
+ project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777
+ or a decimal value between 0
+ and 511. YAML accepts both octal
+ and decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume
+ defaultMode will be used. This
+ might be in conflict with other
+ options that affect the file
+ mode, like fsGroup, and the
+ result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
+ path. May not contain the path
+ element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be
+ defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to create
+ the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is
+ written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode bits
+ used to set permissions on this
+ file, must be an octal value
+ between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML
+ accepts both octal and decimal
+ values, JSON requires decimal
+ values for mode bits. If not
+ specified, the volume defaultMode
+ will be used. This might be
+ in conflict with other options
+ that affect the file mode, like
+ fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path.
+ Must be utf-8 encoded. The first
+ item of the relative path must
+ not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the
+ output format of the exposed
+ resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the
+ secret data to project
+ properties:
+ items:
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced Secret will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will
+ be projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not
+ present in the Secret, the volume
+ setup will error unless it is marked
+ optional. Paths must be relative and
+ may not contain the '..' path or start
+ with '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: key is the key to
+ project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777
+ or a decimal value between 0
+ and 511. YAML accepts both octal
+ and decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume
+ defaultMode will be used. This
+ might be in conflict with other
+ options that affect the file
+ mode, like fsGroup, and the
+ result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
+ path. May not contain the path
+ element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional field specify
+ whether the Secret or its key must
+ be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to
+ project
+ properties:
+ audience:
+ description: audience is the intended
+ audience of the token. A recipient
+ of a token must identify itself with
+ an identifier specified in the audience
+ of the token, and otherwise should
+ reject the token. The audience defaults
+ to the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the
+ requested duration of validity of
+ the service account token. As the
+ token approaches expiration, the kubelet
+ volume plugin will proactively rotate
+ the service account token. The kubelet
+ will start trying to rotate the token
+ if the token is older than 80 percent
+ of its time to live or if the token
+ is older than 24 hours.Defaults to
+ 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative
+ to the mount point of the file to
+ project the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on
+ the host that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default
+ is no group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte
+ volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple
+ Quobyte Registry services specified as a string
+ as host:port pair (multiple entries are separated
+ with commas) which acts as the central registry
+ for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned
+ Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults
+ to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device
+ mount on the host that shares a pod''s lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of
+ the volume that you want to mount. Tip: Ensure
+ that the filesystem type is supported by the
+ host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring
+ for RBDUser. Default is /etc/ceph/keyring. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported by
+ the host operating system. Ex. "ext4", "xfs",
+ "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured
+ storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret
+ for ScaleIO user and other sensitive information.
+ If this is not provided, Login operation will
+ fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage
+ system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that is
+ associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should
+ populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits
+ used to set permissions on created files by
+ default. Must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits.
+ Defaults to 0644. Directories within the path
+ are not affected by this setting. This might
+ be in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the
+ Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret
+ in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported by
+ the host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to
+ use for obtaining the StorageOS API credentials. If
+ not specified, default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: volumeName is the human-readable
+ name of the StorageOS volume. Volume names
+ are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope
+ of the volume within StorageOS. If no namespace
+ is specified then the Pod's namespace will be
+ used. This allows the Kubernetes name scoping
+ to be mirrored within StorageOS for tighter
+ integration. Set VolumeName to any name to override
+ the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will
+ be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage
+ Policy Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ templateType:
+ type: string
+ timeChaos:
+ description: TimeChaosSpec defines the desired state of TimeChaos
+ properties:
+ clockIds:
+ description: ClockIds defines all affected clock id All
+ available options are ["CLOCK_REALTIME","CLOCK_MONOTONIC","CLOCK_PROCESS_CPUTIME_ID","CLOCK_THREAD_CPUTIME_ID",
+ "CLOCK_MONOTONIC_RAW","CLOCK_REALTIME_COARSE","CLOCK_MONOTONIC_COARSE","CLOCK_BOOTTIME","CLOCK_REALTIME_ALARM",
+ "CLOCK_BOOTTIME_ALARM"] Default value is ["CLOCK_REALTIME"]
+ items:
+ type: string
+ type: array
+ containerNames:
+ description: ContainerNames indicates list of the name of
+ affected container. If not set, the first container will
+ be injected
+ items:
+ type: string
+ type: array
+ duration:
+ description: Duration represents the duration of the chaos
+ action
+ type: string
+ mode:
+ description: 'Mode defines the mode to run chaos action.
+ Supported mode: one / all / fixed / fixed-percent / random-max-percent'
+ enum:
+ - one
+ - all
+ - fixed
+ - fixed-percent
+ - random-max-percent
+ type: string
+ remoteCluster:
+ description: RemoteCluster represents the remote cluster
+ where the chaos will be deployed
+ type: string
+ selector:
+ description: Selector is used to select pods that are used
+ to inject chaos action.
+ properties:
+ annotationSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on annotations.
+ type: object
+ expressionSelectors:
+ description: a slice of label selector expressions that
+ can be used to select objects. A list of selectors
+ based on set-based label expressions.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ fieldSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on fields.
+ type: object
+ labelSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select objects. A selector based on labels.
+ type: object
+ namespaces:
+ description: Namespaces is a set of namespace to which
+ objects belong.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: Map of string keys and values that can
+ be used to select nodes. Selector which must match
+ a node's labels, and objects must belong to these
+ selected nodes.
+ type: object
+ nodes:
+ description: Nodes is a set of node name and objects
+ must belong to these nodes.
+ items:
+ type: string
+ type: array
+ podPhaseSelectors:
+ description: 'PodPhaseSelectors is a set of condition
+ of a pod at the current time. supported value: Pending
+ / Running / Succeeded / Failed / Unknown'
+ items:
+ type: string
+ type: array
+ pods:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Pods is a map of string keys and a set
+ values that used to select pods. The key defines the
+ namespace which pods belong, and the each values is
+ a set of pod names.
+ type: object
+ type: object
+ timeOffset:
+ description: TimeOffset defines the delta time of injected
+ program. It's a possibly signed sequence of decimal numbers,
+ such as "300ms", "-1.5h" or "2h45m". Valid time units
+ are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+ type: string
+ value:
+ description: Value is required when the mode is set to `FixedMode`
+ / `FixedPercentMode` / `RandomMaxPercentMode`. If `FixedMode`,
+ provide an integer of pods to do chaos action. If `FixedPercentMode`,
+ provide a number from 0-100 to specify the percent of
+ pods the server can do chaos action. IF `RandomMaxPercentMode`, provide
+ a number from 0-100 to specify the max percent of pods
+ to do chaos action
+ type: string
+ required:
+ - mode
+ - selector
+ - timeOffset
+ type: object
+ required:
+ - name
+ - templateType
+ type: object
+ type: array
+ required:
+ - entry
+ - templates
+ type: object
+ status:
+ description: Most recently observed status of the workflow
+ properties:
+ conditions:
+ description: Represents the latest available observations of a workflow's
+ current state.
+ items:
+ properties:
+ reason:
+ type: string
+ startTime:
+ format: date-time
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ endTime:
+ format: date-time
+ type: string
+ entryNode:
+ type: string
+ startTime:
+ format: date-time
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/NOTES.txt b/chaos/train-ticket-simple/charts/chaos-mesh/templates/NOTES.txt
new file mode 100644
index 0000000..fd9b6e1
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/NOTES.txt
@@ -0,0 +1,2 @@
+1. Make sure chaos-mesh components are running
+ kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/_certs.tpl b/chaos/train-ticket-simple/charts/chaos-mesh/templates/_certs.tpl
new file mode 100644
index 0000000..5a15822
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/_certs.tpl
@@ -0,0 +1,144 @@
+
+{{/*
+webhook.apiversion is used to take care compatibility with admissionregistration.k8s.io api groups
+
+When using this template, it requires the top-level scope
+*/}}
+{{- define "webhook.apiVersion" -}}
+ {{- $webhookApiVersion := "v1beta1" -}}
+ {{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" -}}
+ {{- $webhookApiVersion = "v1" -}}
+ {{- end -}}
+ {{- printf "admissionregistration.k8s.io/%s" $webhookApiVersion -}}
+{{- end -}}
+
+{{/*
+chaosmesh.selfSignedCABundleCertPEM is the self-signed CA to:
+- sign the certification keyparing used by chaos-daemon mTLS
+- sign the certification keyparing used by webhook server (if the user does not provide one)
+*/}}
+{{- define "chaosmesh.selfSignedCABundleCertPEM" -}}
+ {{- $caKeypair := .selfSignedCAKeypair | default (genCA "chaos-mesh-ca" 1825) -}}
+ {{- $_ := set . "selfSignedCAKeypair" $caKeypair -}}
+ {{- $caKeypair.Cert -}}
+{{- end -}}
+
+{{/*
+Get the caBundle for clients of the webhooks.
+It would use .selfSignedCAKeypair as the place to store the generated CA keypair, it is actually kind of dirty work to prevent generating keypair with multiple times.
+
+When using this template, it requires the top-level scope.
+
+*/}}
+{{- define "webhook.caBundleCertPEM" -}}
+ {{- if .Values.webhook.caBundlePEM -}}
+ {{- trim .Values.webhook.caBundlePEM -}}
+ {{- else -}}
+ {{- /* Generate ca with CN "chaos-mesh-ca" and 5 years validity duration if not exists in the current scope.*/ -}}
+ {{- $caKeypair := .selfSignedCAKeypair | default (genCA "chaos-mesh-ca" 1825) -}}
+ {{- $_ := set . "selfSignedCAKeypair" $caKeypair -}}
+ {{- $caKeypair.Cert -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+webhook.certPEM is the cert of certification used by validating/mutating admission webhook server.
+Like generating CA, it would use .webhookTLSKeypair as the place to store the generated keypair, it is actually kind of dirty work to prevent generating keypair with multiple times.
+
+When using this template, it requires the top-level scope
+*/}}
+{{- define "webhook.certPEM" -}}
+ {{- if .Values.webhook.crtPEM -}}
+ {{- trim .Values.webhook.crtPEM -}}
+ {{- else -}}
+ {{- /* FIXME: Duplicated codes with named template "webhook.keyPEM" because of no way to nested named template.*/ -}}
+ {{- /* webhookName would be the FQDN of in-cluster service chaos-mesh.*/ -}}
+ {{- $webhookName := printf "%s.%s.svc" (include "chaos-mesh.svc" .) .Release.Namespace }}
+ {{- $webhookCA := required "self-signed CA keypair is requried" .selfSignedCAKeypair -}}
+ {{- /* Generate cert keypair for webhook with 5 year validity duration. */ -}}
+ {{- $webhookServerTLSKeypair := .webhookTLSKeypair | default (genSignedCert $webhookName nil (list $webhookName) 1825 $webhookCA) }}
+ {{- $_ := set . "webhookTLSKeypair" $webhookServerTLSKeypair -}}
+ {{- $webhookServerTLSKeypair.Cert -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+webhook.keyPEM is the key of certification used by validating/mutating admission webhook server.
+Like generating CA, it would use .webhookTLSKeypair as the place to store the generated keypair, it is actually kind of dirty work to prevent generating keypair with multiple times.
+
+When using this template, it requires the top-level scope
+*/}}
+{{- define "webhook.keyPEM" -}}
+ {{- if .Values.webhook.keyPEM -}}
+ {{ trim .Values.webhook.keyPEM }}
+ {{- else -}}
+ {{- /* FIXME: Duplicated codes with named template "webhook.keyPEM" because of no way to nested named template.*/ -}}
+ {{- /* webhookName would be the FQDN of in-cluster service chaos-mesh.*/ -}}
+ {{- $webhookName := printf "%s.%s.svc" (include "chaos-mesh.svc" .) .Release.Namespace -}}
+ {{- $webhookCA := required "self-signed CA keypair is requried" .selfSignedCAKeypair -}}
+ {{- /* Generate cert key pair for webhook with 5 year validity duration. */ -}}
+ {{- $webhookServerTLSKeypair := .webhookTLSKeypair | default (genSignedCert $webhookName nil (list $webhookName) 1825 $webhookCA) -}}
+ {{- $_ := set . "webhookTLSKeypair" $webhookServerTLSKeypair -}}
+ {{- $webhookServerTLSKeypair.Key -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+chaosDaemon.server.certPEM is the certification used by chaos daemon server for mTLS.
+Like generating CA, it would use .chaosDaemonServerTLSKeypair as the place to store the generated keypair,
+it is actually kind of dirty work to prevent generating keypair with multiple times.
+
+When using this template, it requires the top-level scope.
+*/}}
+{{- define "chaosDaemon.server.certPEM" -}}
+ {{- $ca := required "self-signed CA keypair is requried" .selfSignedCAKeypair -}}
+ {{- /* Generate cert keypair with CN "chaos-daemon.chaos-mesh.org" and 5 years validity duration if not exists in the current scope.*/ -}}
+ {{- $chaosDaemonServerTLSKeypair := .chaosDaemonServerTLSKeypair | default (genSignedCert "chaos-daemon.chaos-mesh.org" nil (list "localhost" "chaos-daemon.chaos-mesh.org") 1825 $ca) -}}
+ {{- $_ := set . "chaosDaemonServerTLSKeypair" $chaosDaemonServerTLSKeypair -}}
+ {{- $chaosDaemonServerTLSKeypair.Cert -}}
+{{- end -}}
+
+{{/*
+chaosDaemon.server.keyPEM is the key used by chaos daemon server for mTLS.
+Like generating CA, it would use .chaosDaemonServerTLSKeypair as the place to store the generated keypair,
+it is actually kind of dirty work to prevent generating keypair with multiple times.
+
+When using this template, it requires the top-level scope.
+*/}}
+{{- define "chaosDaemon.server.keyPEM" -}}
+ {{- $ca := required "self-signed CA keypair is requried" .selfSignedCAKeypair -}}
+ {{- /* Generate cert keypair with CN "chaos-daemon.chaos-mesh.org" and 5 years validity duration if not exists in the current scope.*/ -}}
+ {{- $chaosDaemonServerTLSKeypair := .chaosDaemonServerTLSKeypair | default (genSignedCert "chaos-daemon.chaos-mesh.org" nil (list "localhost" "chaos-daemon.chaos-mesh.org") 1825 $ca) -}}
+ {{- $_ := set . "chaosDaemonServerTLSKeypair" $chaosDaemonServerTLSKeypair -}}
+ {{- $chaosDaemonServerTLSKeypair.Key -}}
+{{- end -}}
+
+{{/*
+chaosDaemon.client.certPEM is the certification used by controller-manager (as the client of chaos-daemon server) for mTLS.
+Like generating CA, it would use .chaosDaemonClientTLSKeypair as the place to store the generated keypair,
+it is actually kind of dirty work to prevent generating keypair with multiple times.
+
+When using this template, it requires the top-level scope.
+*/}}
+{{- define "chaosDaemon.client.certPEM" -}}
+ {{- $ca := required "self-signed CA keypair is requried" .selfSignedCAKeypair -}}
+ {{- /* Generate cert keypair with CN "controller-manager.chaos-mesh.org" and 5 years validity duration if not exists in the current scope.*/ -}}
+ {{- $chaosDaemonClientTLSKeypair := .chaosDaemonClientTLSKeypair | default (genSignedCert "controller-manager.chaos-mesh.org" nil (list "localhost" "controller-manager.chaos-mesh.org") 1825 $ca) -}}
+ {{- $_ := set . "chaosDaemonClientTLSKeypair" $chaosDaemonClientTLSKeypair -}}
+ {{- $chaosDaemonClientTLSKeypair.Cert -}}
+{{- end -}}
+
+{{/*
+chaosDaemon.client.keyPEM is the key used by controller-manager (as the client of chaos-daemon server) for mTLS.
+Like generating CA, it would use .chaosDaemonClientTLSKeypair as the place to store the generated keypair,
+it is actually kind of dirty work to prevent generating keypair with multiple times.
+
+When using this template, it requires the top-level scope.
+*/}}
+{{- define "chaosDaemon.client.keyPEM" -}}
+ {{- $ca := required "self-signed CA keypair is requried" .selfSignedCAKeypair -}}
+ {{- /* Generate cert keypair with CN "controller-manager.chaos-mesh.org" and 5 years validity duration if not exists in the current scope.*/ -}}
+ {{- $chaosDaemonClientTLSKeypair := .chaosDaemonClientTLSKeypair | default (genSignedCert "controller-manager.chaos-mesh.org" nil (list "localhost" "controller-manager.chaos-mesh.org") 1825 $ca) -}}
+ {{- $_ := set . "chaosDaemonClientTLSKeypair" $chaosDaemonClientTLSKeypair -}}
+ {{- $chaosDaemonClientTLSKeypair.Key -}}
+{{- end -}}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/_helpers.tpl b/chaos/train-ticket-simple/charts/chaos-mesh/templates/_helpers.tpl
new file mode 100644
index 0000000..0c4e674
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/_helpers.tpl
@@ -0,0 +1,188 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Handle env variables.
+
+TODO: in the future, we would like to use the k8s-like format for defining environment variables.
+So the `envFollowKubernetesPattern` will become to `env`.
+And the original way of writing env will be removed.
+Ref: https://github.com/chaos-mesh/chaos-mesh/pull/2955.
+*/}}
+{{- define "chaos-mesh.helpers.listEnvVars" -}}
+{{- with .envFollowKubernetesPattern }}
+{{ toYaml . }}
+{{- end }}
+{{- range $key, $val := .env }}
+- name: {{ $key | upper }}
+ value: {{ $val | quote }}
+{{- end }}
+{{- end }}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chaos-mesh.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "chaos-mesh.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chaos-mesh.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/* Generate basic labels */}}
+{{- define "chaos-mesh.labels" -}}
+helm.sh/chart: {{ include "chaos-mesh.chart" . }}
+app.kubernetes.io/name: {{ template "chaos-mesh.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/part-of: {{ template "chaos-mesh.name" . }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Specify default selectors
+*/}}
+{{- define "chaos-mesh.selectors" -}}
+app.kubernetes.io/name: {{ template "chaos-mesh.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Define the svc's name
+*/}}
+{{- define "chaos-mesh.svc" -}}
+{{- printf "chaos-mesh-controller-manager" -}}
+{{- end -}}
+
+{{/*
+Define the chaos-daemon svc's name
+*/}}
+{{- define "chaos-daemon.svc" -}}
+{{- printf "chaos-daemon" -}}
+{{- end -}}
+
+{{/*
+Define the chaos-dashboard svc's name
+*/}}
+{{- define "chaos-dashboard.svc" -}}
+{{- printf "chaos-dashboard" -}}
+{{- end -}}
+
+{{/*
+Define the secret's name of certs
+*/}}
+{{- define "chaos-mesh.webhook.certs" -}}
+{{- printf "chaos-mesh-webhook-certs" -}}
+{{- end -}}
+
+{{- define "chaos-mesh.daemon.certs" -}}
+{{- printf "chaos-mesh-daemon-certs" -}}
+{{- end -}}
+
+{{- define "chaos-mesh.daemon-client.certs" -}}
+{{- printf "chaos-mesh-daemon-client-certs" -}}
+{{- end -}}
+
+{{- define "chaos-mesh.chaosd-client.certs" -}}
+{{- printf "chaos-mesh-chaosd-client-certs" -}}
+{{- end -}}
+
+{{/*
+Define the MutatingWebhookConfiguration's name
+*/}}
+{{- define "chaos-mesh.mutation" -}}
+{{- printf "chaos-mesh-mutation" -}}
+{{- end -}}
+
+{{/*
+Define the ValidationWebhookConfiguration's name
+*/}}
+{{- define "chaos-mesh.validation" -}}
+{{- printf "chaos-mesh-validation" -}}
+{{- end -}}
+
+{{/*
+Define the webhook's name
+*/}}
+{{- define "chaos-mesh.webhook" -}}
+{{- printf "admission-webhook.chaos-mesh.org" -}}
+{{- end -}}
+
+{{/*Define the image for chaos-controller-manager*/}}
+{{- define "chaos-controller-manager.image" -}}
+{{ .Values.controllerManager.image.registry | default .Values.images.registry }}/{{ .Values.controllerManager.image.repository }}:{{ .Values.controllerManager.image.tag | default .Values.images.tag }}
+{{- end -}}
+
+{{/*Define the image for chaos-daemon*/}}
+{{- define "chaos-daemon.image" -}}
+{{ .Values.chaosDaemon.image.registry | default .Values.images.registry }}/{{ .Values.chaosDaemon.image.repository }}:{{ .Values.chaosDaemon.image.tag | default .Values.images.tag }}
+{{- end -}}
+
+{{/*Define the image for chaos-dashboard*/}}
+{{- define "chaos-dashboard.image" -}}
+{{ .Values.dashboard.image.registry | default .Values.images.registry }}/{{ .Values.dashboard.image.repository }}:{{ .Values.dashboard.image.tag | default .Values.images.tag }}
+{{- end -}}
+
+{{/*Define the image for chaos-kernel*/}}
+{{- define "chaos-kernel.image" -}}
+{{ .Values.bpfki.image.registry | default .Values.images.registry }}/{{ .Values.bpfki.image.repository }}:{{ .Values.bpfki.image.tag | default .Values.images.tag }}
+{{- end -}}
+
+{{/*Define the image for chaos-dlv*/}}
+{{- define "chaos-dlv.image" -}}
+{{ .Values.chaosDlv.image.registry | default .Values.images.registry }}/{{ .Values.chaosDlv.image.repository }}:{{ .Values.chaosDlv.image.tag | default .Values.images.tag }}
+{{- end -}}
+
+{{/*Return the appropriate apiVersion for ingress*/}}
+{{- define "chaos-dashboard.ingress.apiVersion" -}}
+{{- if .Values.dashboard.ingress.apiVersionOverrides -}}
+{{- print .Values.dashboard.ingress.apiVersionOverrides -}}
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "extensions/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*Define the socket path for chaos-daemon*/}}
+{{- define "chaos-daemon.socket-path" -}}
+{{- if .Values.chaosDaemon.socketPath -}}
+ {{- .Values.chaosDaemon.socketPath | dir -}}
+{{- else if .Values.chaosDaemon.socketDir -}}
+ {{- .Values.chaosDaemon.socketDir -}}
+{{- else -}}
+ {{- if eq .Values.chaosDaemon.runtime "docker" -}}
+ /var/run
+ {{- else if eq .Values.chaosDaemon.runtime "containerd" -}}
+ /run/containerd
+ {{- else if eq .Values.chaosDaemon.runtime "crio" -}}
+ /var/run/crio
+ {{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/cert-manager-certs.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/cert-manager-certs.yaml
new file mode 100644
index 0000000..e224881
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/cert-manager-certs.yaml
@@ -0,0 +1,166 @@
+# Copyright 2022 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- $certManagerEnabled := .Values.webhook.certManager.enabled }}
+
+{{- if $certManagerEnabled }}
+---
+{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
+apiVersion: cert-manager.io/v1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" }}
+apiVersion: cert-manager.io/v1beta1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
+apiVersion: cert-manager.io/v1alpha3
+{{- else }}
+apiVersion: cert-manager.io/v1alpha2
+{{- end }}
+kind: Issuer
+metadata:
+ name: chaos-mesh-selfsigned
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-mesh-selfsigned
+spec:
+ selfSigned: {}
+---
+{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
+apiVersion: cert-manager.io/v1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" }}
+apiVersion: cert-manager.io/v1beta1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
+apiVersion: cert-manager.io/v1alpha3
+{{- else }}
+apiVersion: cert-manager.io/v1alpha2
+{{- end }}
+kind: Certificate
+metadata:
+ name: chaos-mesh-ca
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-mesh-ca
+spec:
+ duration: 43800h0m0s #5year
+ secretName: chaos-mesh-ca
+ commonName: "chaos-mesh-ca"
+ isCA: true
+ issuerRef:
+ name: chaos-mesh-selfsigned
+ privateKey:
+ rotationPolicy: Never
+---
+{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
+apiVersion: cert-manager.io/v1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" }}
+apiVersion: cert-manager.io/v1beta1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
+apiVersion: cert-manager.io/v1alpha3
+{{- else }}
+apiVersion: cert-manager.io/v1alpha2
+{{- end }}
+kind: Issuer
+metadata:
+ name: chaos-mesh-ca
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-mesh-ca
+spec:
+ ca:
+ secretName: chaos-mesh-ca
+---
+{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
+apiVersion: cert-manager.io/v1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" }}
+apiVersion: cert-manager.io/v1beta1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
+apiVersion: cert-manager.io/v1alpha3
+{{- else }}
+apiVersion: cert-manager.io/v1alpha2
+{{- end }}
+kind: Certificate
+metadata:
+ name: chaos-mesh-cert
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-mesh-cert
+spec:
+ duration: 43800h #5year
+ dnsNames:
+ - {{ template "chaos-mesh.svc" . }}
+ - {{ template "chaos-mesh.svc" . }}.{{ .Release.Namespace }}
+ - {{ template "chaos-mesh.svc" . }}.{{ .Release.Namespace }}.svc
+ isCA: false
+ secretName: {{ template "chaos-mesh.webhook.certs" . }}
+ issuerRef:
+ name: chaos-mesh-ca
+ privateKey:
+ rotationPolicy: Never
+---
+{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
+apiVersion: cert-manager.io/v1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" }}
+apiVersion: cert-manager.io/v1beta1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
+apiVersion: cert-manager.io/v1alpha3
+{{- else }}
+apiVersion: cert-manager.io/v1alpha2
+{{- end }}
+kind: Certificate
+metadata:
+ name: chaos-daemon-client-cert
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-daemon-client-cert
+spec:
+ duration: 43800h0m0s #5year
+ dnsNames:
+ - controller-manager.chaos-mesh.org
+ isCA: false
+ secretName: {{ template "chaos-mesh.daemon-client.certs" . }}
+ issuerRef:
+ name: chaos-mesh-ca
+ privateKey:
+ rotationPolicy: Never
+---
+{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
+apiVersion: cert-manager.io/v1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" }}
+apiVersion: cert-manager.io/v1beta1
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
+apiVersion: cert-manager.io/v1alpha3
+{{- else }}
+apiVersion: cert-manager.io/v1alpha2
+{{- end }}
+kind: Certificate
+metadata:
+ name: chaos-daemon-cert
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-daemontcert
+spec:
+ duration: 43800h0m0s #5year
+ dnsNames:
+ - chaos-daemon.chaos-mesh.org
+ isCA: false
+ secretName: {{ template "chaos-mesh.daemon.certs" . }}
+ issuerRef:
+ name: chaos-mesh-ca
+ privateKey:
+ rotationPolicy: Never
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-daemonset.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-daemonset.yaml
new file mode 100644
index 0000000..ed04263
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-daemonset.yaml
@@ -0,0 +1,214 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: chaos-daemon
+ labels:
+ app.kubernetes.io/component: chaos-daemon
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+spec:
+ {{- if .Values.chaosDaemon.updateStrategy }}
+ updateStrategy:
+{{ toYaml .Values.chaosDaemon.updateStrategy | indent 4 }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "chaos-mesh.selectors" . | nindent 6 }}
+ app.kubernetes.io/component: chaos-daemon
+ template:
+ metadata:
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 8 }}
+ app.kubernetes.io/component: chaos-daemon
+ annotations:
+ {{- /* it requires to reload the latest re-generated certs for mtls after helm upgrade*/}}
+ {{- if .Values.chaosDaemon.mtls.enabled }}
+ rollme: {{ randAlphaNum 5 | quote }}
+ {{- end }}
+ {{- with .Values.chaosDaemon.podAnnotations }}
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.chaosDaemon.hostNetwork }}
+ hostNetwork: true
+ {{- end }}
+ {{- if .Values.chaosDaemon.serviceAccount }}
+ serviceAccountName: {{ .Values.chaosDaemon.serviceAccount }}
+ {{- end }}
+ hostPID: true
+ {{- if .Values.chaosDaemon.priorityClassName }}
+ priorityClassName: {{ .Values.chaosDaemon.priorityClassName }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: chaos-daemon
+ image: {{template "chaos-daemon.image" . }}
+ imagePullPolicy: {{ .Values.chaosDaemon.imagePullPolicy | default "IfNotPresent" }}
+ {{- if .Values.chaosDaemon.resources }}
+ resources:
+{{ toYaml .Values.chaosDaemon.resources | indent 12 }}
+ {{- end }}
+ command:
+ - /usr/local/bin/chaos-daemon
+ - --runtime
+ - {{ .Values.chaosDaemon.runtime }}
+ - --http-port
+ - !!str {{ .Values.chaosDaemon.httpPort }}
+ - --grpc-port
+ - !!str {{ .Values.chaosDaemon.grpcPort }}
+ {{- if .Values.enableProfiling }}
+ - --pprof
+ {{- end }}
+ {{- if .Values.chaosDaemon.mtls.enabled }}
+ - --ca
+ - /etc/chaos-daemon/cert/ca.crt
+ - --cert
+ - /etc/chaos-daemon/cert/tls.crt
+ - --key
+ - /etc/chaos-daemon/cert/tls.key
+ {{- end }}
+ - --runtime-socket-path
+ {{- if .Values.chaosDaemon.socketPath }}
+ - /host-run/{{ .Values.chaosDaemon.socketPath | base }}
+ {{- else }}
+ {{- if eq .Values.chaosDaemon.runtime "docker" }}
+ - /host-run/docker.sock
+ {{- else if eq .Values.chaosDaemon.runtime "containerd" }}
+ - /host-run/containerd.sock
+ {{- else if eq .Values.chaosDaemon.runtime "crio" }}
+ - /host-run/crio.sock
+ {{- end }}
+ {{- end }}
+ env:
+ {{- if .Values.chaosDaemon.env }}
+ {{- include "chaos-mesh.helpers.listEnvVars" .Values.chaosDaemon | trim | nindent 12 }}
+ {{- end }}
+ {{- if not .Values.chaosDaemon.env.TZ }}
+ - name: TZ
+ value: {{ .Values.timezone | default "UTC" }}
+ {{- end }}
+ securityContext:
+ {{- if .Values.chaosDaemon.privileged }}
+ privileged: true
+ capabilities:
+ add:
+ - SYS_PTRACE
+ {{- else }}
+ capabilities:
+{{ toYaml .Values.chaosDaemon.capabilities | indent 14 }}
+ {{- end }}
+ volumeMounts:
+ - name: socket-path
+ mountPath: /host-run
+ - name: sys-path
+ mountPath: /host-sys
+ - name: lib-modules
+ mountPath: /lib/modules
+ {{- if .Values.chaosDaemon.mtls.enabled}}
+ - name: chaos-daemon-cert
+ mountPath: /etc/chaos-daemon/cert
+ readOnly: true
+ {{- end }}
+ ports:
+ - name: grpc
+ containerPort: {{ .Values.chaosDaemon.grpcPort }}
+ - name: http
+ containerPort: {{ .Values.chaosDaemon.httpPort }}
+{{- if .Values.bpfki.create }}
+ - name: bpfki
+ image: {{template "chaos-kernel.image" . }}
+ imagePullPolicy: {{ .Values.bpfki.imagePullPolicy | default "IfNotPresent" }}
+ {{- if .Values.bpfki.resources }}
+ resources:
+{{ toYaml .Values.bpfki.resources | indent 12 }}
+ {{- end }}
+ command:
+ - /usr/local/bin/bpfki
+ - -port
+ - !!str {{ .Values.bpfki.grpcPort }}
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: localtime-path
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: modules-path
+ mountPath: /lib/modules
+ readOnly: true
+ - name: src-path
+ mountPath: /usr/src
+ readOnly: true
+ ports:
+ - name: grpc
+ containerPort: {{ .Values.bpfki.grpcPort }}
+{{- end }}
+ {{- if .Values.chaosDlv.enable }}
+ - name: chaos-mesh-dlv
+ image: {{template "chaos-dlv.image" . }}
+ imagePullPolicy: {{ .Values.chaosDlv.imagePullPolicy | default "IfNotPresent" }}
+ env:
+ - name: CMD_NAME
+ value: chaos-daemon
+ securityContext:
+ capabilities:
+ add:
+ - SYS_PTRACE
+ ports:
+ - name: dlv
+ containerPort: 8000
+ {{- end }}
+ volumes:
+ - name: socket-path
+ hostPath:
+ path: {{template "chaos-daemon.socket-path" . }}
+ - name: sys-path
+ hostPath:
+ path: /sys
+ - name: lib-modules
+ hostPath:
+ path: /lib/modules
+ {{- if .Values.chaosDaemon.mtls.enabled}}
+ - name: chaos-daemon-cert
+ secret:
+ secretName: {{ template "chaos-mesh.daemon.certs" . }}
+ {{- end }}
+{{- if .Values.bpfki.create }}
+ - name: localtime-path
+ hostPath:
+ path: /etc/localtime
+ - name: modules-path
+ hostPath:
+ path: /lib/modules
+ - name: src-path
+ hostPath:
+ path: /usr/src
+{{- end }}
+ {{- with .Values.chaosDaemon.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.chaosDaemon.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.chaosDaemon.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-rbac.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-rbac.yaml
new file mode 100644
index 0000000..023d1de
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-rbac.yaml
@@ -0,0 +1,131 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.chaosDaemon.serviceAccount }}
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ .Values.chaosDaemon.serviceAccount }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-daemon
+{{- end}}
+{{- if .Values.chaosDaemon.podSecurityPolicy }}
+---
+# roles
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-daemon-target-namespace
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-daemon
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.chaosDaemon.serviceAccount }}
+ # apiGroup: rbac.authorization.k8s.io
+ namespace: {{ .Release.Namespace | quote }}
+roleRef:
+ kind: ClusterRole
+ name: {{ .Release.Name }}-chaos-daemon-psp
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .Release.Name }}-chaos-daemon-psp
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-daemon
+rules:
+- apiGroups:
+ - policy
+ - extensions
+ resourceNames:
+ - {{ .Release.Name }}-chaos-daemon
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+---
+{{- $chaos_daemon_needs_privileged := or (eq .Values.chaosDaemon.privileged true) (eq .Values.bpfki.create true) -}}
+# Restricted DEFAULT policy
+# ( Default policy for all new services )
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ .Release.Name }}-chaos-daemon
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-daemon
+spec:
+ {{- if $chaos_daemon_needs_privileged }}
+ allowedCapabilities:
+ - SYS_PTRACE
+ {{- else }}
+ allowedCapabilities:
+ - SYS_PTRACE
+ - NET_ADMIN
+ - MKNOD
+ - SYS_CHROOT
+ - SYS_ADMIN
+ - KILL
+ # CAP_IPC_LOCK is used to lock memory
+ - IPC_LOCK
+ {{- end }}
+ allowedHostPaths:
+ - pathPrefix: {{template "chaos-daemon.socket-path" . }}
+ readOnly: false
+ - pathPrefix: /sys
+ readOnly: false
+ - pathPrefix: /lib/modules
+ readOnly: false
+ {{- if .Values.bpfki.create }}
+ - pathPrefix: /etc/localtime
+ readOnly: false
+ - pathPrefix: /usr/src
+ readOnly: false
+ {{- end }}
+ allowPrivilegeEscalation: true
+ {{- if .Values.chaosDaemon.hostNetwork }}
+ hostNetwork: true
+ {{- end }}
+ {{- if .Values.bpfki.create }}
+ hostPorts:
+ - max: {{ .Values.bpfki.grpcPort }}
+ min: {{ .Values.bpfki.grpcPort }}
+ {{- end }}
+ hostIPC: true
+ hostPID: true
+ privileged: {{ $chaos_daemon_needs_privileged }}
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ fsGroup:
+ rule: RunAsAny
+ volumes:
+ - configMap
+ - downwardAPI
+ - emptyDir
+ - projected
+ - secret
+ - hostPath
+{{- end }}
+
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-service.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-service.yaml
new file mode 100644
index 0000000..82cf040
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-daemon-service.yaml
@@ -0,0 +1,45 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ template "chaos-daemon.svc" . }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "{{ .Values.chaosDaemon.httpPort }}"
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-daemon
+spec:
+ clusterIP: None
+ ports:
+ - name: grpc
+ port: {{ .Values.chaosDaemon.grpcPort }}
+ targetPort: grpc
+ protocol: TCP
+ - name: http
+ port: {{ .Values.chaosDaemon.httpPort }}
+ targetPort: http
+ protocol: TCP
+ {{- if .Values.chaosDlv.enable }}
+ - port: 8000
+ targetPort: dlv
+ protocol: TCP
+ name: dlv
+ {{- end }}
+ selector:
+ {{- include "chaos-mesh.selectors" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-daemon
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-deployment.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-deployment.yaml
new file mode 100644
index 0000000..230f365
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-deployment.yaml
@@ -0,0 +1,195 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if .Values.dashboard.create }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: chaos-dashboard
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dashboard
+spec:
+ replicas: {{ .Values.dashboard.replicaCount }}
+ strategy:
+ {{- if .Values.dashboard.persistentVolume.enabled }}
+ type: Recreate
+ {{- else }}
+ type: RollingUpdate
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "chaos-mesh.selectors" . | nindent 6 }}
+ app.kubernetes.io/component: chaos-dashboard
+ template:
+ metadata:
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 8 }}
+ app.kubernetes.io/component: chaos-dashboard
+ annotations:
+ {{- with .Values.dashboard.podAnnotations }}
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ spec:
+ securityContext:
+{{ toYaml .Values.dashboard.securityContext | indent 12 }}
+ {{- if .Values.dashboard.hostNetwork }}
+ hostNetwork: true
+ {{- end }}
+ {{- if .Values.dashboard.serviceAccount }}
+ serviceAccountName: {{ .Values.dashboard.serviceAccount }}
+ {{- end }}
+ {{- if .Values.dashboard.priorityClassName }}
+ priorityClassName: {{ .Values.dashboard.priorityClassName }}
+ {{- end }}
+ {{- if .Values.chaosDlv.enable }}
+ shareProcessNamespace: true
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: chaos-dashboard
+ image: {{template "chaos-dashboard.image" . }}
+ imagePullPolicy: {{ .Values.dashboard.imagePullPolicy | default "IfNotPresent" }}
+ resources:
+{{ toYaml .Values.dashboard.resources | indent 12 }}
+ command:
+ - /usr/local/bin/chaos-dashboard
+ env:
+ {{- if .Values.dashboard.env }}
+ {{- include "chaos-mesh.helpers.listEnvVars" .Values.dashboard | trim | nindent 12 }}
+ {{- end }}
+ {{- if not .Values.dashboard.env.TZ }}
+ - name: TZ
+ value: {{ .Values.timezone | default "UTC" }}
+ {{- end }}
+ - name: CLUSTER_SCOPED
+ value: "{{ .Values.clusterScoped }}"
+ - name: TARGET_NAMESPACE
+ value: {{ .Values.controllerManager.targetNamespace | quote }}
+ - name: ENABLE_FILTER_NAMESPACE
+ value: "{{ .Values.controllerManager.enableFilterNamespace }}"
+ - name: SECURITY_MODE
+ value: "{{ .Values.dashboard.securityMode }}"
+ - name: GCP_SECURITY_MODE
+ value: "{{ .Values.dashboard.gcpSecurityMode }}"
+ - name: GCP_CLIENT_ID
+ value: "{{ .Values.dashboard.gcpClientId }}"
+ - name: GCP_CLIENT_SECRET
+ value: "{{ .Values.dashboard.gcpClientSecret }}"
+ - name: DNS_SERVER_CREATE
+ value: "{{ .Values.dnsServer.create }}"
+ - name: ROOT_URL
+ value: "{{ .Values.dashboard.rootUrl }}"
+ - name: ENABLE_PROFILING
+ value: "{{ .Values.enableProfiling }}"
+ volumeMounts:
+ - name: storage-volume
+ mountPath: {{ .Values.dashboard.persistentVolume.mountPath }}
+ subPath: "{{ .Values.dashboard.persistentVolume.subPath }}"
+ ports:
+ - name: http
+ containerPort: {{ .Values.dashboard.env.LISTEN_PORT }}
+ - name: metric
+ containerPort: {{ .Values.dashboard.env.METRIC_PORT }}
+ {{- if .Values.chaosDlv.enable }}
+ - name: chaos-mesh-dlv
+ image: {{template "chaos-dlv.image" . }}
+ imagePullPolicy: {{ .Values.chaosDlv.imagePullPolicy | default "IfNotPresent" }}
+ env:
+ - name: CMD_NAME
+ value: chaos-dashboard
+ securityContext:
+ capabilities:
+ add:
+ - SYS_PTRACE
+ ports:
+ - name: dlv
+ containerPort: 8000
+ {{- end }}
+ {{- with .Values.dashboard.extraContainers }}
+ {{- tpl (toYaml .) $ | nindent 8 }}
+ {{- end }}
+ {{- with .Values.dashboard.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.dashboard.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.dashboard.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: storage-volume
+ {{- if .Values.dashboard.persistentVolume.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ if .Values.dashboard.persistentVolume.existingClaim }}{{ .Values.dashboard.persistentVolume.existingClaim }}{{- else }}{{ template "chaos-mesh.name" . }}-chaos-dashboard{{- end }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ template "chaos-dashboard.svc" . }}
+ labels:
+ app.kubernetes.io/name: {{ template "chaos-mesh.name" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: chaos-dashboard
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "{{ .Values.dashboard.env.METRIC_PORT }}"
+{{- with .Values.dashboard.service.annotations }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ app.kubernetes.io/name: {{ template "chaos-mesh.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: chaos-dashboard
+ type: {{ .Values.dashboard.service.type }}
+{{- if and .Values.dashboard.service.clusterIP (eq .Values.dashboard.service.type "ClusterIP") }}
+ clusterIP: {{ .Values.dashboard.service.clusterIP }}
+{{- end }}
+ ports:
+ - protocol: TCP
+ port: {{ .Values.dashboard.env.LISTEN_PORT }}
+ targetPort: {{ .Values.dashboard.env.LISTEN_PORT }}
+ name: http
+{{- if and .Values.dashboard.service.nodePort (eq .Values.dashboard.service.type "NodePort") }}
+ nodePort: {{ .Values.dashboard.service.nodePort }}
+{{- end }}
+ {{- if .Values.chaosDlv.enable }}
+ - port: 8000
+ targetPort: dlv
+ protocol: TCP
+ name: dlv
+ {{- end }}
+ - protocol: TCP
+ port: {{ .Values.dashboard.env.METRIC_PORT }}
+ targetPort: {{ .Values.dashboard.env.METRIC_PORT }}
+ name: metric
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-pvc.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-pvc.yaml
new file mode 100644
index 0000000..ff7e6fe
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-pvc.yaml
@@ -0,0 +1,41 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.dashboard.create }}
+{{- if .Values.dashboard.persistentVolume.enabled }}
+{{- if not .Values.dashboard.persistentVolume.existingClaim }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ template "chaos-mesh.name" . }}-chaos-dashboard
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dashboard
+spec:
+{{- if .Values.dashboard.persistentVolume.storageClassName }}
+{{- if (eq "-" .Values.dashboard.persistentVolume.storageClassName) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.dashboard.persistentVolume.storageClassName }}"
+{{- end }}
+{{- end }}
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: "{{ .Values.dashboard.persistentVolume.size }}"
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-rbac.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-rbac.yaml
new file mode 100644
index 0000000..fba653d
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/chaos-dashboard-rbac.yaml
@@ -0,0 +1,126 @@
+# Copyright 2022 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.rbac.create }}
+# ServiceAccount for component chaos-dashboard
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ .Values.dashboard.serviceAccount }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dashboard
+
+---
+# ClusterRole for chaos-dashboard at cluster scope
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-dashboard-cluster-level
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dashboard
+rules:
+ # chaos-dashboard could list namespace for selector hints
+ - apiGroups: [ "" ]
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ # chaos-dashboard use subjectaccessreviews to authorize the requests
+ - apiGroups: [ "authorization.k8s.io" ]
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+
+---
+# ClusterRoleBinding for chaos-dashboard at cluster scope
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-dashboard-cluster-level
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dashboard
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Release.Name }}-chaos-dashboard-cluster-level
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.dashboard.serviceAccount }}
+ namespace: {{ .Release.Namespace | quote }}
+
+---
+# ClusterRole for chaos-dashboard in target namespace
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-dashboard-target-namespace
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dashboard
+rules:
+ # chaos dashboard could list pods for selector hints
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ # chaos dashboard could record evnets from chaos experiments
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - get
+ - list
+ - watch
+ # chaos dashboard could record and manipulate all the Chaos Mesh resources in target namespace
+ - apiGroups: [ "chaos-mesh.org" ]
+ resources:
+ - "*"
+ verbs: [ "*" ]
+
+---
+# binding ClusterRole to ServiceAccount for componnet chaos dashboard
+{{- if .Values.clusterScoped }}
+kind: ClusterRoleBinding
+{{- else }}
+kind: RoleBinding
+{{- end }}
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-dashboard-target-namespace
+ # TODO: notice that the targetNamespace is still defined as .Values.controllerManager.targetNamespace, .Values.targetNamespace would be better.
+ namespace: {{ .Values.controllerManager.targetNamespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dashboard
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Release.Name }}-chaos-dashboard-target-namespace
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.dashboard.serviceAccount }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-deployment.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-deployment.yaml
new file mode 100644
index 0000000..1fabc62
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-deployment.yaml
@@ -0,0 +1,233 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: chaos-controller-manager
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller-manager
+spec:
+ {{- if not .Values.controllerManager.leaderElection.enabled }}
+ replicas: 1
+ {{- else }}
+ replicas: {{ .Values.controllerManager.replicaCount }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "chaos-mesh.selectors" . | nindent 6 }}
+ app.kubernetes.io/component: controller-manager
+ template:
+ metadata:
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 8 }}
+ app.kubernetes.io/component: controller-manager
+ annotations:
+ {{- /* it requires to reload the latest re-generated certs for mtls after helm upgrade*/}}
+ rollme: {{ randAlphaNum 5 | quote }}
+ {{- with .Values.controllerManager.podAnnotations }}
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ spec:
+ securityContext:
+{{ toYaml .Values.controllerManager.securityContext | indent 12 }}
+ {{- if .Values.controllerManager.hostNetwork }}
+ hostNetwork: true
+ {{- end }}
+ {{- if .Values.controllerManager.serviceAccount }}
+ serviceAccountName: {{ .Values.controllerManager.serviceAccount }}
+ {{- end }}
+ {{- if .Values.controllerManager.priorityClassName }}
+ priorityClassName: {{ .Values.controllerManager.priorityClassName }}
+ {{- end }}
+ {{- if .Values.chaosDlv.enable }}
+ shareProcessNamespace: true
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: chaos-mesh
+ image: {{template "chaos-controller-manager.image" . }}
+ imagePullPolicy: {{ .Values.controllerManager.imagePullPolicy | default "IfNotPresent" }}
+ resources:
+{{ toYaml .Values.controllerManager.resources | indent 12 }}
+ command:
+ - /usr/local/bin/chaos-controller-manager
+ env:
+ {{- if .Values.controllerManager.env }}
+ {{- include "chaos-mesh.helpers.listEnvVars" .Values.controllerManager | trim | nindent 10 }}
+ {{- end }}
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: TEMPLATE_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: ALLOW_HOST_NETWORK_TESTING
+ value: "{{ .Values.controllerManager.allowHostNetworkTesting }}"
+ - name: TARGET_NAMESPACE
+ value: {{ .Values.controllerManager.targetNamespace | quote }}
+ - name: CLUSTER_SCOPED
+ value: "{{ .Values.clusterScoped }}"
+ - name: TZ
+ value: {{ .Values.timezone | default "UTC" }}
+ - name: CHAOS_DAEMON_SERVICE_PORT
+ value: !!str {{ .Values.chaosDaemon.grpcPort }}
+ - name: BPFKI_PORT
+ value: !!str {{ .Values.bpfki.grpcPort }}
+ - name: ENABLED_CONTROLLERS
+ value: {{ .Values.controllerManager.enabledControllers | join "," | quote }}
+ - name: ENABLED_WEBHOOKS
+ value: {{ .Values.controllerManager.enabledWebhooks | join "," | quote }}
+ - name: TEMPLATE_LABELS
+ value: "app.kubernetes.io/component:template"
+ - name: CONFIGMAP_LABELS
+ value: "app.kubernetes.io/component:webhook"
+ - name: ENABLE_FILTER_NAMESPACE
+ value: "{{ .Values.controllerManager.enableFilterNamespace }}"
+ {{- if .Values.enableProfiling }}
+ - name: PPROF_ADDR
+ value: ":10081"
+ {{- end }}
+ {{- if .Values.enableCtrlServer }}
+ - name: CTRL_ADDR
+ value: ":10082"
+ {{- end }}
+ - name: CHAOS_DNS_SERVICE_NAME
+ value: {{ .Values.dnsServer.name }}
+ - name: CHAOS_DNS_SERVICE_PORT
+ value: !!str {{ .Values.dnsServer.grpcPort }}
+ - name: SECURITY_MODE
+ value: {{ .Values.dashboard.securityMode | quote }}
+ - name: CHAOSD_SECURITY_MODE
+ value: {{ .Values.controllerManager.chaosdSecurityMode | quote }}
+ {{- if .Values.chaosDaemon.mtls.enabled }}
+ - name: CHAOS_DAEMON_CLIENT_CERT
+ value: /etc/chaos-daemon/cert/tls.crt
+ - name: CHAOS_DAEMON_CLIENT_KEY
+ value: /etc/chaos-daemon/cert/tls.key
+ - name: CHAOS_MESH_CA_CERT
+ value: /etc/chaos-daemon/cert/ca.crt
+ - name: QPS
+ value: "30"
+ - name: BURST
+ value: "50"
+ {{- end }}
+ {{- if .Values.controllerManager.chaosdSecurityMode }}
+ - name: CHAOSD_CA_CERT
+ value: /etc/chaosd/cert/ca.crt
+ - name: CHAOSD_CLIENT_CERT
+ value: /etc/chaosd/cert/tls.crt
+ - name: CHAOSD_CLIENT_KEY
+ value: /etc/chaosd/cert/tls.key
+ {{- end }}
+ {{- if .Values.controllerManager.podChaos.podFailure.pauseImage }}
+ - name: POD_FAILURE_PAUSE_IMAGE
+ value: {{ .Values.controllerManager.podChaos.podFailure.pauseImage }}
+ {{- end }}
+ {{- if .Values.controllerManager.localHelmChart.enabled }}
+ - name: LOCAL_HELM_CHART_PATH
+ value: /data/helm
+ {{- end }}
+ - name: ENABLE_LEADER_ELECTION
+ value: {{ .Values.controllerManager.leaderElection.enabled | quote }}
+ - name: LEADER_ELECT_LEASE_DURATION
+ value: {{ .Values.controllerManager.leaderElection.leaseDuration | quote }}
+ - name: LEADER_ELECT_RENEW_DEADLINE
+ value: {{ .Values.controllerManager.leaderElection.renewDeadline | quote }}
+ - name: LEADER_ELECT_RETRY_PERIOD
+ value: {{ .Values.controllerManager.leaderElection.retryPeriod | quote }}
+ volumeMounts:
+ - name: webhook-certs
+ mountPath: /etc/webhook/certs
+ readOnly: true
+ {{- if .Values.chaosDaemon.mtls.enabled }}
+ - name: chaos-daemon-client-cert
+ mountPath: /etc/chaos-daemon/cert
+ readOnly: true
+ {{- end }}
+ {{- if .Values.controllerManager.chaosdSecurityMode }}
+ - name: chaosd-client-cert
+ mountPath: /etc/chaosd/cert
+ readOnly: true
+ {{- end }}
+ {{- if .Values.controllerManager.localHelmChart.enabled }}
+ - name: chaos-local-helm-chart
+ mountPath: /data/helm
+ readOnly: true
+ {{- end }}
+ ports:
+ - name: webhook
+ containerPort: {{ .Values.controllerManager.env.WEBHOOK_PORT }}
+ - name: http
+ containerPort: {{ .Values.controllerManager.env.METRICS_PORT }}
+ {{- if .Values.enableProfiling }}
+ - name: pprof
+ containerPort: 10081
+ {{- end }}
+ {{- if .Values.enableCtrlServer }}
+ - name: ctrl
+ containerPort: 10082
+ {{- end }}
+ {{- if .Values.chaosDlv.enable }}
+ - name: chaos-mesh-dlv
+ image: {{template "chaos-dlv.image" . }}
+ imagePullPolicy: {{ .Values.chaosDlv.imagePullPolicy | default "IfNotPresent" }}
+ env:
+ - name: CMD_NAME
+ value: chaos-controller-manager
+ securityContext:
+ capabilities:
+ add:
+ - SYS_PTRACE
+ ports:
+ - name: dlv
+ containerPort: 8000
+ {{- end }}
+ volumes:
+ - name: webhook-certs
+ secret:
+ secretName: {{ template "chaos-mesh.webhook.certs" . }}
+ {{- if .Values.chaosDaemon.mtls.enabled }}
+ - name: chaos-daemon-client-cert
+ secret:
+ secretName: {{ template "chaos-mesh.daemon-client.certs" . }}
+ {{- end }}
+ {{- if .Values.controllerManager.chaosdSecurityMode }}
+ - name: chaosd-client-cert
+ secret:
+ secretName: {{ template "chaos-mesh.chaosd-client.certs" . }}
+ {{- end }}
+ {{- if .Values.controllerManager.localHelmChart.enabled }}
+ - name: chaos-local-helm-chart
+{{ toYaml .Values.controllerManager.localHelmChart.volume | indent 10 }}
+ {{- end }}
+ {{- with .Values.controllerManager.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.controllerManager.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.controllerManager.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-rbac.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-rbac.yaml
new file mode 100644
index 0000000..deb40bd
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-rbac.yaml
@@ -0,0 +1,174 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.rbac.create }}
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ .Values.controllerManager.serviceAccount }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller-manager
+
+---
+# roles
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-controller-manager-target-namespace
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller-manager
+rules:
+ - apiGroups: [ "" ]
+ resources: [ "pods", "configmaps", "secrets"]
+ verbs: [ "get", "list", "watch", "delete", "update", "patch" ]
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - "create"
+ - apiGroups:
+ - ""
+ resources:
+ - "pods/log"
+ verbs:
+ - "get"
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - patch
+ - create
+ - watch
+ - list
+ - get
+ - apiGroups: [ "chaos-mesh.org" ]
+ resources:
+ - "*"
+ verbs: [ "*" ]
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-controller-manager-cluster-level
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller-manager
+rules:
+ - apiGroups: [ "" ]
+ resources:
+ - nodes
+ - persistentvolumes
+ - persistentvolumeclaims
+ {{- if .Values.clusterScoped }}
+ - namespaces
+ - services
+ {{- end }}
+ verbs: [ "get", "list", "watch" ]
+ - apiGroups: [ "authorization.k8s.io" ]
+ resources:
+ - subjectaccessreviews
+ verbs: [ "create" ]
+
+
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-controller-manager-control-plane
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller-manager
+rules:
+ - apiGroups: [ "" ]
+ resources: [ "services", "endpoints", "secrets" ]
+ verbs: [ "get", "list", "watch" ]
+ - apiGroups: [ "authorization.k8s.io" ]
+ resources:
+ - subjectaccessreviews
+ verbs: [ "create" ]
+ - apiGroups: [ "" ]
+ resources: [ "pods/exec" ]
+ verbs: [ "create" ]
+ - apiGroups: [ "coordination.k8s.io" ]
+ resources: [ "leases" ]
+ verbs: [ "*" ]
+ - apiGroups: [ "" ]
+ resources: [ "configmaps" ]
+ verbs: [ "*" ]
+---
+# bindings cluster level
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-controller-manager-cluster-level
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller-manager
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Release.Name }}-chaos-controller-manager-cluster-level
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.controllerManager.serviceAccount }}
+ namespace: {{ .Release.Namespace | quote }}
+
+---
+# binding for control plane namespace
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-controller-manager-control-plane
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller-manager
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ .Release.Name }}-chaos-controller-manager-control-plane
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.controllerManager.serviceAccount }}
+ namespace: {{ .Release.Namespace | quote }}
+
+---
+ {{- if .Values.clusterScoped }}
+kind: ClusterRoleBinding
+ {{- else }}
+kind: RoleBinding
+ {{- end }}
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-controller-manager-target-namespace
+ namespace: {{ .Values.controllerManager.targetNamespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller-manager
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Release.Name }}-chaos-controller-manager-target-namespace
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.controllerManager.serviceAccount }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-service.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-service.yaml
new file mode 100644
index 0000000..bf824d7
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/controller-manager-service.yaml
@@ -0,0 +1,57 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ template "chaos-mesh.svc" . }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "{{ .Values.controllerManager.env.METRICS_PORT }}"
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller-manager
+spec:
+ type: {{ .Values.controllerManager.service.type }}
+ ports:
+ - port: 443
+ targetPort: webhook
+ protocol: TCP
+ name: webhook
+ {{- if .Values.enableProfiling }}
+ - port: 10081
+ targetPort: pprof
+ protocol: TCP
+ name: pprof
+ {{- end }}
+ {{- if .Values.enableCtrlServer }}
+ - port: 10082
+ targetPort: ctrl
+ protocol: TCP
+ name: ctrl
+ {{- end }}
+ {{- if .Values.chaosDlv.enable }}
+ - port: 8000
+ targetPort: dlv
+ protocol: TCP
+ name: dlv
+ {{- end }}
+ - port: {{ .Values.controllerManager.env.METRICS_PORT }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ {{- include "chaos-mesh.selectors" . | nindent 4 }}
+ app.kubernetes.io/component: controller-manager
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-configmap.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-configmap.yaml
new file mode 100644
index 0000000..dcc9605
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-configmap.yaml
@@ -0,0 +1,47 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.dnsServer.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: dns-server-config
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dns-server
+data:
+ Corefile: |
+ .:5353 {
+ errors
+ health {
+ lameduck 5s
+ }
+ ready
+ k8s_dns_chaos cluster.local in-addr.arpa ip6.arpa {
+ pods insecure
+ fallthrough in-addr.arpa ip6.arpa
+ ttl 30
+ grpcport {{ .Values.dnsServer.grpcPort }}
+ }
+ prometheus :9153
+ forward . /etc/resolv.conf {
+ max_concurrent 1000
+ }
+ cache 30
+ loop
+ reload
+ loadbalance
+ }
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-deployment.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-deployment.yaml
new file mode 100644
index 0000000..b0d8014
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-deployment.yaml
@@ -0,0 +1,122 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.dnsServer.create }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: chaos-dns-server
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dns-server
+spec:
+ replicas: {{ .Values.dnsServer.replicas | default 1 }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ {{- include "chaos-mesh.selectors" . | nindent 6 }}
+ app.kubernetes.io/component: chaos-dns-server
+ template:
+ metadata:
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 8 }}
+ app.kubernetes.io/component: chaos-dns-server
+ {{- with .Values.dnsServer.podAnnotations }}
+ annotations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ .Values.dnsServer.serviceAccount }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: k8s-app
+ operator: In
+ values: ["chaos-dns"]
+ topologyKey: kubernetes.io/hostname
+ {{- with .Values.dnsServer.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.dnsServer.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ priorityClassName: {{ .Values.dnsServer.priorityClassName}}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: chaos-dns-server
+ image: {{ .Values.dnsServer.image }}
+ imagePullPolicy: {{ .Values.dnsServer.imagePullPolicy | default "IfNotPresent" }}
+ resources:
+{{ toYaml .Values.dnsServer.resources | indent 10 }}
+ args: [ "-conf", "/etc/chaos-dns/Corefile" ]
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/chaos-dns
+ readOnly: true
+ ports:
+ - containerPort: 5353
+ name: dns
+ protocol: UDP
+ - containerPort: 5353
+ name: dns-tcp
+ protocol: TCP
+ - containerPort: 9153
+ name: metrics
+ protocol: TCP
+ - containerPort: {{ .Values.dnsServer.grpcPort }}
+ name: grpc
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ readinessProbe:
+ httpGet:
+ path: /ready
+ port: 8181
+ scheme: HTTP
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ add:
+ - NET_BIND_SERVICE
+ drop:
+ - all
+ readOnlyRootFilesystem: true
+ dnsPolicy: Default
+ volumes:
+ - name: config-volume
+ configMap:
+ name: dns-server-config
+ items:
+ - key: Corefile
+ path: Corefile
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-rbac.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-rbac.yaml
new file mode 100644
index 0000000..8db6bd9
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-rbac.yaml
@@ -0,0 +1,135 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.dnsServer.create }}
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ .Values.dnsServer.serviceAccount }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: dns-server
+
+---
+# roles
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-dns-server-target-namespace
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: dns-server
+rules:
+ - apiGroups: [ "" ]
+ resources: [ "pods" ]
+ verbs: [ "get", "list", "watch" ]
+ - apiGroups: [ "" ]
+ resources: [ "configmaps" ]
+ verbs: [ "*" ]
+ - apiGroups: [ "chaos-mesh.org" ]
+ resources:
+ - "*"
+ verbs: [ "*" ]
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-dns-server-cluster-level
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: dns-server
+rules:
+ - apiGroups: [ "" ]
+ resources:
+ - namespaces
+ - services
+ - endpoints
+ - pods
+ verbs: [ "get", "list", "watch" ]
+
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-dns-server-control-plane
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: dns-server
+rules:
+ - apiGroups: [ "" ]
+ resources: [ "configmaps" ]
+ verbs: [ "get", "list" ]
+
+---
+# bindings cluster level
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-dns-server-cluster-level
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: dns-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Release.Name }}-chaos-dns-server-cluster-level
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.dnsServer.serviceAccount }}
+ namespace: {{ .Release.Namespace | quote }}
+
+---
+# binding for control plane namespace
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-dns-server-control-plane
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: dns-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ .Release.Name }}-chaos-dns-server-control-plane
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.dnsServer.serviceAccount }}
+ namespace: {{ .Release.Namespace | quote }}
+
+---
+{{- if .Values.clusterScoped }}
+kind: ClusterRoleBinding
+{{- else }}
+kind: RoleBinding
+{{- end }}
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-dns-server-target-namespace
+ namespace: {{ .Values.dnsServer.targetNamespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: dns-server
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Release.Name }}-chaos-dns-server-target-namespace
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.dnsServer.serviceAccount }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-service.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-service.yaml
new file mode 100644
index 0000000..2981a87
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/dns-service.yaml
@@ -0,0 +1,46 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.dnsServer.create }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.dnsServer.name }}
+ namespace: {{ .Release.Namespace | quote }}
+ annotations:
+ prometheus.io/port: "9153"
+ prometheus.io/scrape: "true"
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: dns-server
+spec:
+ selector:
+ {{- include "chaos-mesh.selectors" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dns-server
+ ports:
+ - name: dns
+ port: 53
+ targetPort: 5353
+ protocol: UDP
+ - name: dns-tcp
+ port: 53
+ targetPort: 5353
+ protocol: TCP
+ - name: metrics
+ port: 9153
+ protocol: TCP
+ - name: grpc
+ port: {{ .Values.dnsServer.grpcPort }}
+ protocol: TCP
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/ingress.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/ingress.yaml
new file mode 100644
index 0000000..cb6530a
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/ingress.yaml
@@ -0,0 +1,98 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.dashboard.ingress.enabled }}
+{{- $paths := default (list "/") .Values.dashboard.ingress.paths }}
+apiVersion: {{ include "chaos-dashboard.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ template "chaos-dashboard.svc" . }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-dashboard
+{{- if .Values.dashboard.ingress.labels }}
+{{ toYaml .Values.dashboard.ingress.labels | indent 4 }}
+{{- end }}
+ annotations:
+ {{- if .Values.dashboard.ingress.certManager }}
+ kubernetes.io/tls-acme: "true"
+ {{- end }}
+ {{- with .Values.dashboard.ingress.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if eq (include "chaos-dashboard.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+ {{- with .Values.dashboard.ingress.ingressClassName }}
+ ingressClassName: {{ . }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- if .Values.dashboard.ingress.hosts }}
+ {{- range .Values.dashboard.ingress.hosts }}
+ - host: {{ .name | quote }}
+ http:
+ paths:
+ {{- range $paths }}
+ - path: {{ . }}
+ {{- if eq (include "chaos-dashboard.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+ pathType: Prefix
+ {{- end }}
+ backend:
+ {{- if eq (include "chaos-dashboard.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+ service:
+ name: {{ template "chaos-dashboard.svc" . }}
+ port:
+ name: http
+ {{- else }}
+ serviceName: {{ template "chaos-dashboard.svc" . }}
+ servicePort: http
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- else }}
+ - http:
+ paths:
+ {{- range $paths }}
+ - path: {{ . }}
+ {{- if eq (include "chaos-dashboard.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+ pathType: Prefix
+ {{- end }}
+ backend:
+ {{- if eq (include "chaos-dashboard.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+ service:
+ name: {{ template "chaos-dashboard.svc" . }}
+ port:
+ name: http
+ {{- else }}
+ serviceName: {{ template "chaos-dashboard.svc" . }}
+ servicePort: http
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ tls:
+ {{- range .Values.dashboard.ingress.hosts }}
+ {{- if .tls }}
+ - hosts:
+ {{- if .tlsHosts }}
+ {{- range $host := .tlsHosts }}
+ - {{ $host }}
+ {{- end }}
+ {{- else }}
+ - {{ .name }}
+ {{- end }}
+ secretName: {{ .tlsSecret }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/mutating-admission-webhooks.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/mutating-admission-webhooks.yaml
new file mode 100644
index 0000000..49f1605
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/mutating-admission-webhooks.yaml
@@ -0,0 +1,80 @@
+# Copyright 2022 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- $webhookApiVersion := include "webhook.apiVersion" . -}}
+{{- $caCert := include "webhook.caBundleCertPEM" . -}}
+{{- $crtPEM := include "webhook.certPEM" . -}}
+{{- $keyPEM := include "webhook.keyPEM" . -}}
+
+{{- $timeoutSeconds := .Values.webhook.timeoutSeconds }}
+{{- $supportTimeoutSeconds := false }}
+{{- if ge .Capabilities.KubeVersion.Minor "14" }}
+{{- $supportTimeoutSeconds = true }}
+{{- end }}
+{{- $certManagerEnabled := .Values.webhook.certManager.enabled }}
+
+apiVersion: {{ $webhookApiVersion }}
+kind: MutatingWebhookConfiguration
+metadata:
+ name: {{ template "chaos-mesh.mutation" . }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- if $certManagerEnabled }}
+ annotations:
+ cert-manager.io/inject-ca-from: {{ printf "%s/%s" .Release.Namespace "chaos-mesh-cert" | quote }}
+ {{- end }}
+webhooks:
+ {{- range $crd := .Values.webhook.CRDS }}
+ - clientConfig:
+ {{- if $certManagerEnabled }}
+ caBundle: Cg==
+ {{- else }}
+ caBundle: {{ ternary (b64enc $caCert) (b64enc (trim $crtPEM)) (empty $crtPEM) }}
+ {{- end }}
+ service:
+ name: {{ template "chaos-mesh.svc" $ }}
+ namespace: {{ $.Release.Namespace | quote }}
+ path: /mutate-chaos-mesh-org-v1alpha1-{{ $crd }}
+ failurePolicy: {{ $.Values.webhook.FailurePolicy }}
+ name: m{{ $crd }}.kb.io
+ {{- if $supportTimeoutSeconds }}
+ timeoutSeconds: {{ $timeoutSeconds }}
+ {{- if eq $webhookApiVersion "admissionregistration.k8s.io/v1" }}
+ sideEffects: None
+ admissionReviewVersions: ["v1", "v1beta1"]
+ {{- end }}
+ {{- end }}
+ rules:
+ - apiGroups:
+ - chaos-mesh.org
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ {{- if eq $crd "schedule" }}
+ - schedules
+ {{- else if eq $crd "workflow" }}
+ - workflows
+ {{- else if eq $crd "physicalmachine" }}
+ - physicalmachines
+ {{- else if eq $crd "statuscheck" }}
+ - statuschecks
+ {{- else }}
+ - {{ $crd }}
+ {{- end }}
+ {{- end }}
+---
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-configmap.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-configmap.yaml
new file mode 100644
index 0000000..c232826
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-configmap.yaml
@@ -0,0 +1,77 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.prometheus.create }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: prometheus-config
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: prometheus
+data:
+ prometheus.yml: |-
+ global:
+ scrape_interval: 15s
+ scrape_timeout: 15s
+ evaluation_interval: 15s
+
+ scrape_configs:
+ - job_name: 'prometheus'
+ static_configs:
+ - targets: ['localhost:9090']
+
+ - job_name: 'chaos-controller'
+ kubernetes_sd_configs:
+ - role: pod
+ namespaces:
+ names: ['{{ .Release.Namespace }}']
+ relabel_configs:
+ - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_component]
+ regex: controller-manager
+ replacement: $1
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_container_port_name]
+ regex: http
+ replacement: $1
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_name]
+ separator: ;
+ regex: (.*)
+ target_label: pod
+ replacement: $1
+ action: replace
+
+ - job_name: 'chaos-daemon'
+ kubernetes_sd_configs:
+ - role: pod
+ namespaces:
+ names: ['{{ .Release.Namespace }}']
+ relabel_configs:
+ - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_component]
+ regex: chaos-daemon
+ replacement: $1
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_container_port_name]
+ regex: http
+ replacement: $1
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_name]
+ separator: ;
+ regex: (.*)
+ target_label: pod
+ replacement: $1
+ action: replace
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-deployment.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-deployment.yaml
new file mode 100644
index 0000000..c04d9d2
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-deployment.yaml
@@ -0,0 +1,124 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.prometheus.create }}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: chaos-prometheus
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: prometheus
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ {{- include "chaos-mesh.selectors" . | nindent 6 }}
+ app.kubernetes.io/component: prometheus
+ template:
+ metadata:
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 8 }}
+ app.kubernetes.io/component: prometheus
+ {{- with .Values.prometheus.podAnnotations }}
+ annotations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.prometheus.serviceAccount }}
+ serviceAccount: {{ .Values.prometheus.serviceAccount }}
+ {{- end }}
+ priorityClassName: {{ .Values.prometheus.priorityClassName}}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ initContainers:
+ - name: data-permission-fix
+ image: busybox
+ command: ["/bin/chmod","-R","777", "/data"]
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ containers:
+ - name: prometheus
+ image: {{ .Values.prometheus.image }}
+ imagePullPolicy: {{ .Values.prometheus.imagePullPolicy | default "IfNotPresent" }}
+ {{- if .Values.chaosDaemon.resources }}
+ resources:
+ {{ toYaml .Values.chaosDaemon.resources | indent 12 }}
+ {{- end }}
+ args:
+ - --storage.tsdb.path=/data
+ - --storage.tsdb.retention.time=6h
+ - --config.file=/etc/prometheus/prometheus.yml
+ livenessProbe:
+ httpGet:
+ path: /-/healthy
+ port: 9090
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ ports:
+ - containerPort: 9090
+ name: http
+ securityContext:
+ runAsUser: 1000
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ - mountPath: /etc/prometheus
+ name: prometheus-config
+ readOnly: true
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: prometheus-pvc
+ - configMap:
+ name: prometheus-config
+ name: prometheus-config
+ {{- with .Values.controllerManager.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.controllerManager.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.controllerManager.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: prometheus-pvc
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: prometheus
+spec:
+ {{- if .Values.prometheus.volume.storageClassName }}
+ storageClassName: {{ .Values.prometheus.volume.storageClassName }}
+ {{- end }}
+ volumeMode: Filesystem
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: {{ .Values.prometheus.volume.storage }}
+
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-rbac.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-rbac.yaml
new file mode 100644
index 0000000..e3b2db2
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-rbac.yaml
@@ -0,0 +1,57 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.prometheus.create }}
+
+ {{- if .Values.rbac.create }}
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ .Values.prometheus.serviceAccount }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: prometheus
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-prometheus
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: prometheus
+rules:
+ - apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["get", "list", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}-chaos-prometheus
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: prometheus
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.prometheus.serviceAccount }}
+ namespace: {{ .Release.Namespace | quote }}
+roleRef:
+ kind: ClusterRole
+ name: {{ .Release.Name }}-chaos-prometheus
+ apiGroup: rbac.authorization.k8s.io
+
+ {{- end }}
+
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-service.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-service.yaml
new file mode 100644
index 0000000..3c10f6b
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/prometheus-service.yaml
@@ -0,0 +1,35 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.prometheus.create }}
+
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: {{ .Release.Namespace | quote }}
+ name: chaos-prometheus
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: prometheus
+spec:
+ type: {{ .Values.prometheus.service.type }}
+ ports:
+ - port: 9090
+ targetPort: 9090
+ name: http
+ selector:
+ {{- include "chaos-mesh.selectors" . | nindent 4 }}
+ app.kubernetes.io/component: prometheus
+
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/secrets-configuration.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/secrets-configuration.yaml
new file mode 100644
index 0000000..0ab05a6
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/secrets-configuration.yaml
@@ -0,0 +1,84 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- $certManagerEnabled := .Values.webhook.certManager.enabled }}
+
+{{- if not $certManagerEnabled }}
+kind: Secret
+apiVersion: v1
+metadata:
+ name: {{ template "chaos-mesh.webhook.certs" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: webhook-secret
+type: Opaque
+data:
+ ca.crt: {{ b64enc (include "webhook.caBundleCertPEM" .) }}
+ tls.crt: {{ b64enc (include "webhook.certPEM" .) }}
+ tls.key: {{ b64enc (include "webhook.keyPEM" .) }}
+
+{{- if .Values.chaosDaemon.mtls.enabled }}
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: {{ template "chaos-mesh.daemon.certs" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-daemon-cert
+type: Opaque
+data:
+ ca.crt: {{ b64enc (include "chaosmesh.selfSignedCABundleCertPEM" .) }}
+ tls.crt: {{ b64enc (include "chaosDaemon.server.certPEM" .) }}
+ tls.key: {{ b64enc (include "chaosDaemon.server.keyPEM" .) }}
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: {{ template "chaos-mesh.daemon-client.certs" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaos-daemon-client-cert
+type: Opaque
+data:
+ ca.crt: {{ b64enc (include "chaosmesh.selfSignedCABundleCertPEM" .) }}
+ tls.crt: {{ b64enc (include "chaosDaemon.client.certPEM" .) }}
+ tls.key: {{ b64enc (include "chaosDaemon.client.keyPEM" .) }}
+{{- end }}
+
+{{- end }}
+
+{{- if .Values.controllerManager.chaosdSecurityMode }}
+---
+{{- $chaosdCA := genCA "chaosd-ca" 1825 }}
+{{- $chaosdClientCert := genSignedCert "controller-manager.chaos-mesh.org" nil (list "localhost" "controller-manager.chaos-mesh.org") 1825 $chaosdCA }}
+kind: Secret
+apiVersion: v1
+metadata:
+ name: {{ template "chaos-mesh.chaosd-client.certs" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: chaosd-client-cert
+type: Opaque
+data:
+ ca.crt: {{ b64enc $chaosdCA.Cert }}
+ ca.key: {{ b64enc $chaosdCA.Key }}
+ tls.crt: {{ b64enc $chaosdClientCert.Cert }}
+ tls.key: {{ b64enc $chaosdClientCert.Key }}
+{{- end }}
+---
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/templates/validating-admission-webhooks.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/templates/validating-admission-webhooks.yaml
new file mode 100644
index 0000000..d2e0fb2
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/templates/validating-admission-webhooks.yaml
@@ -0,0 +1,124 @@
+# Copyright 2022 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- $webhookApiVersion := include "webhook.apiVersion" . -}}
+{{- $caCert := include "webhook.caBundleCertPEM" . -}}
+{{- $crtPEM := include "webhook.certPEM" . -}}
+{{- $keyPEM := include "webhook.keyPEM" . -}}
+
+{{- $timeoutSeconds := .Values.webhook.timeoutSeconds }}
+{{- $supportTimeoutSeconds := false }}
+{{- if ge .Capabilities.KubeVersion.Minor "14" }}
+{{- $supportTimeoutSeconds = true }}
+{{- end }}
+{{- $certManagerEnabled := .Values.webhook.certManager.enabled }}
+
+apiVersion: {{ $webhookApiVersion }}
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: {{ template "chaos-mesh.validation" . }}
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- if $certManagerEnabled }}
+ annotations:
+ cert-manager.io/inject-ca-from: {{ printf "%s/%s" .Release.Namespace "chaos-mesh-cert" | quote }}
+ {{- end }}
+webhooks:
+ {{- range $crd := .Values.webhook.CRDS }}
+ {{- /* TODO: podiochaos and podhttpchaos are not in CRDS list, we could remove it later. */ -}}
+ {{- if not (or (eq $crd "podiochaos") (eq $crd "podhttpchaos")) }}
+ - clientConfig:
+ {{- if $certManagerEnabled }}
+ caBundle: Cg==
+ {{- else }}
+ caBundle: {{ ternary (b64enc $caCert) (b64enc (trim $crtPEM)) (empty $crtPEM) }}
+ {{- end }}
+ service:
+ name: {{ template "chaos-mesh.svc" $ }}
+ namespace: {{ $.Release.Namespace | quote }}
+ path: /validate-chaos-mesh-org-v1alpha1-{{ $crd }}
+ failurePolicy: {{ $.Values.webhook.FailurePolicy }}
+ name: v{{ $crd }}.kb.io
+ {{- if $supportTimeoutSeconds }}
+ timeoutSeconds: {{ $timeoutSeconds }}
+ {{- if eq $webhookApiVersion "admissionregistration.k8s.io/v1" }}
+ sideEffects: None
+ admissionReviewVersions: ["v1", "v1beta1"]
+ {{- end }}
+ {{- end }}
+ rules:
+ - apiGroups:
+ - chaos-mesh.org
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ {{- if eq $crd "schedule" }}
+ - schedules
+ {{- else if eq $crd "workflow" }}
+ - workflows
+ {{- else if eq $crd "physicalmachine" }}
+ - physicalmachines
+ {{- else if eq $crd "statuscheck" }}
+ - statuschecks
+ {{- else }}
+ - {{ $crd }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+---
+
+apiVersion: {{ $webhookApiVersion }}
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: {{ template "chaos-mesh.validation" . }}-auth
+ labels:
+ {{- include "chaos-mesh.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- if $certManagerEnabled }}
+ annotations:
+ cert-manager.io/inject-ca-from: {{ printf "%s/%s" .Release.Namespace "chaos-mesh-cert" | quote }}
+ {{- end }}
+webhooks:
+ - clientConfig:
+ {{- if $certManagerEnabled }}
+ caBundle: Cg==
+ {{- else }}
+ caBundle: {{ ternary (b64enc $caCert) (b64enc (trim $crtPEM)) (empty $crtPEM) }}
+ {{- end }}
+ service:
+ name: {{ template "chaos-mesh.svc" $ }}
+ namespace: {{ $.Release.Namespace | quote }}
+ path: /validate-auth
+ failurePolicy: {{ .Values.webhook.FailurePolicy }}
+ name: vauth.kb.io
+ {{- if $supportTimeoutSeconds }}
+ timeoutSeconds: {{ $timeoutSeconds }}
+ {{- if eq $webhookApiVersion "admissionregistration.k8s.io/v1" }}
+ sideEffects: None
+ admissionReviewVersions: ["v1", "v1beta1"]
+ {{- end }}
+ {{- end }}
+ rules:
+ - apiGroups:
+ - chaos-mesh.org
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources: [ "*" ]
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/values.schema.json b/chaos/train-ticket-simple/charts/chaos-mesh/values.schema.json
new file mode 100644
index 0000000..223f2fe
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/values.schema.json
@@ -0,0 +1,765 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "properties": {
+ "bpfki": {
+ "properties": {
+ "create": {
+ "type": "boolean"
+ },
+ "grpcPort": {
+ "type": "integer"
+ },
+ "image": {
+ "properties": {
+ "registry": {
+ "type": "string"
+ },
+ "repository": {
+ "type": "string"
+ },
+ "tag": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "imagePullPolicy": {
+ "type": "string"
+ },
+ "resources": {
+ "properties": {},
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "chaosDaemon": {
+ "properties": {
+ "affinity": {
+ "properties": {},
+ "type": "object"
+ },
+ "capabilities": {
+ "properties": {
+ "add": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "env": {
+ "properties": {},
+ "type": "object"
+ },
+ "grpcPort": {
+ "type": "integer"
+ },
+ "hostNetwork": {
+ "type": "boolean"
+ },
+ "httpPort": {
+ "type": "integer"
+ },
+ "image": {
+ "properties": {
+ "registry": {
+ "type": "string"
+ },
+ "repository": {
+ "type": "string"
+ },
+ "tag": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "imagePullPolicy": {
+ "type": "string"
+ },
+ "mtls": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "nodeSelector": {
+ "properties": {},
+ "type": "object"
+ },
+ "podAnnotations": {
+ "properties": {},
+ "type": "object"
+ },
+ "podSecurityPolicy": {
+ "type": "boolean"
+ },
+ "priorityClassName": {
+ "type": "string"
+ },
+ "privileged": {
+ "type": "boolean"
+ },
+ "resources": {
+ "properties": {},
+ "type": "object"
+ },
+ "runtime": {
+ "type": "string"
+ },
+ "serviceAccount": {
+ "type": "string"
+ },
+ "socketPath": {
+ "type": "string"
+ },
+ "tolerations": {
+ "type": "array"
+ },
+ "updateStrategy": {
+ "properties": {},
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "chaosDlv": {
+ "properties": {
+ "enable": {
+ "type": "boolean"
+ },
+ "image": {
+ "properties": {
+ "registry": {
+ "type": "string"
+ },
+ "repository": {
+ "type": "string"
+ },
+ "tag": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "imagePullPolicy": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "clusterScoped": {
+ "type": "boolean"
+ },
+ "controllerManager": {
+ "properties": {
+ "affinity": {
+ "properties": {},
+ "type": "object"
+ },
+ "allowHostNetworkTesting": {
+ "type": "boolean"
+ },
+ "chaosdSecurityMode": {
+ "type": "boolean"
+ },
+ "enableFilterNamespace": {
+ "type": "boolean"
+ },
+ "enabledControllers": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "enabledWebhooks": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "env": {
+ "properties": {
+ "METRICS_PORT": {
+ "type": "integer"
+ },
+ "WEBHOOK_PORT": {
+ "type": "integer"
+ }
+ },
+ "type": "object"
+ },
+ "hostNetwork": {
+ "type": "boolean"
+ },
+ "image": {
+ "properties": {
+ "registry": {
+ "type": "string"
+ },
+ "repository": {
+ "type": "string"
+ },
+ "tag": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "imagePullPolicy": {
+ "type": "string"
+ },
+ "leaderElection": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "leaseDuration": {
+ "type": "string"
+ },
+ "renewDeadline": {
+ "type": "string"
+ },
+ "retryPeriod": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "localHelmChart": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "volume": {
+ "properties": {
+ "hostPath": {
+ "properties": {
+ "path": {
+ "type": "string"
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "nodeSelector": {
+ "properties": {},
+ "type": "object"
+ },
+ "podAnnotations": {
+ "properties": {},
+ "type": "object"
+ },
+ "podChaos": {
+ "properties": {
+ "podFailure": {
+ "properties": {
+ "pauseImage": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "priorityClassName": {
+ "type": "string"
+ },
+ "replicaCount": {
+ "type": "integer"
+ },
+ "resources": {
+ "properties": {
+ "limits": {
+ "properties": {},
+ "type": "object"
+ },
+ "requests": {
+ "properties": {
+ "cpu": {
+ "type": "string"
+ },
+ "memory": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "securityContext": {
+ "properties": {},
+ "type": "object"
+ },
+ "service": {
+ "properties": {
+ "type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "serviceAccount": {
+ "type": "string"
+ },
+ "targetNamespace": {
+ "type": "string"
+ },
+ "tolerations": {
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "customLabels": {
+ "properties": {},
+ "type": "object"
+ },
+ "dashboard": {
+ "properties": {
+ "affinity": {
+ "properties": {},
+ "type": "object"
+ },
+ "create": {
+ "type": "boolean"
+ },
+ "env": {
+ "properties": {
+ "CLEAN_SYNC_PERIOD": {
+ "type": "string"
+ },
+ "DATABASE_DATASOURCE": {
+ "type": "string"
+ },
+ "DATABASE_DRIVER": {
+ "type": "string"
+ },
+ "LISTEN_HOST": {
+ "type": "string"
+ },
+ "LISTEN_PORT": {
+ "type": "integer"
+ },
+ "METRIC_HOST": {
+ "type": "string"
+ },
+ "METRIC_PORT": {
+ "type": "integer"
+ },
+ "TTL_EVENT": {
+ "type": "string"
+ },
+ "TTL_EXPERIMENT": {
+ "type": "string"
+ },
+ "TTL_SCHEDULE": {
+ "type": "string"
+ },
+ "TTL_WORKFLOW": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "extraContainers": {
+ "type": "array"
+ },
+ "gcpClientId": {
+ "type": "string"
+ },
+ "gcpClientSecret": {
+ "type": "string"
+ },
+ "gcpSecurityMode": {
+ "type": "boolean"
+ },
+ "hostNetwork": {
+ "type": "boolean"
+ },
+ "image": {
+ "properties": {
+ "registry": {
+ "type": "string"
+ },
+ "repository": {
+ "type": "string"
+ },
+ "tag": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "imagePullPolicy": {
+ "type": "string"
+ },
+ "ingress": {
+ "properties": {
+ "apiVersionOverrides": {
+ "type": "string"
+ },
+ "certManager": {
+ "type": "boolean"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "hosts": {
+ "items": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "tls": {
+ "type": "boolean"
+ },
+ "tlsSecret": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "ingressClassName": {
+ "type": "string"
+ },
+ "paths": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "nodeSelector": {
+ "properties": {},
+ "type": "object"
+ },
+ "persistentVolume": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "existingClaim": {
+ "type": "string"
+ },
+ "mountPath": {
+ "type": "string"
+ },
+ "size": {
+ "type": "string"
+ },
+ "storageClassName": {
+ "type": "string"
+ },
+ "subPath": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "podAnnotations": {
+ "properties": {},
+ "type": "object"
+ },
+ "priorityClassName": {
+ "type": "string"
+ },
+ "replicaCount": {
+ "type": "integer"
+ },
+ "resources": {
+ "properties": {
+ "limits": {
+ "properties": {},
+ "type": "object"
+ },
+ "requests": {
+ "properties": {
+ "cpu": {
+ "type": "string"
+ },
+ "memory": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "rootUrl": {
+ "type": "string"
+ },
+ "securityContext": {
+ "properties": {},
+ "type": "object"
+ },
+ "securityMode": {
+ "type": "boolean"
+ },
+ "service": {
+ "properties": {
+ "annotations": {
+ "properties": {},
+ "type": "object"
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "serviceAccount": {
+ "type": "string"
+ },
+ "tolerations": {
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "dnsServer": {
+ "properties": {
+ "create": {
+ "type": "boolean"
+ },
+ "env": {
+ "properties": {
+ "LISTEN_HOST": {
+ "type": "string"
+ },
+ "LISTEN_PORT": {
+ "type": "integer"
+ }
+ },
+ "type": "object"
+ },
+ "grpcPort": {
+ "type": "integer"
+ },
+ "image": {
+ "type": "string"
+ },
+ "imagePullPolicy": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "nodeSelector": {
+ "properties": {},
+ "type": "object"
+ },
+ "podAnnotations": {
+ "properties": {},
+ "type": "object"
+ },
+ "priorityClassName": {
+ "type": "string"
+ },
+ "replicas": {
+ "type": "integer"
+ },
+ "resources": {
+ "properties": {
+ "limits": {
+ "properties": {},
+ "type": "object"
+ },
+ "requests": {
+ "properties": {
+ "cpu": {
+ "type": "string"
+ },
+ "memory": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "serviceAccount": {
+ "type": "string"
+ },
+ "tolerations": {
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "enableCtrlServer": {
+ "type": "boolean"
+ },
+ "enableProfiling": {
+ "type": "boolean"
+ },
+ "fullnameOverride": {
+ "type": "string"
+ },
+ "imagePullSecrets": {
+ "type": "array"
+ },
+ "images": {
+ "properties": {
+ "registry": {
+ "type": "string"
+ },
+ "tag": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "nameOverride": {
+ "type": "string"
+ },
+ "prometheus": {
+ "properties": {
+ "affinity": {
+ "properties": {},
+ "type": "object"
+ },
+ "create": {
+ "type": "boolean"
+ },
+ "image": {
+ "type": "string"
+ },
+ "imagePullPolicy": {
+ "type": "string"
+ },
+ "nodeSelector": {
+ "properties": {},
+ "type": "object"
+ },
+ "podAnnotations": {
+ "properties": {},
+ "type": "object"
+ },
+ "priorityClassName": {
+ "type": "string"
+ },
+ "resources": {
+ "properties": {
+ "limits": {
+ "properties": {
+ "cpu": {
+ "type": "string"
+ },
+ "memory": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "requests": {
+ "properties": {
+ "cpu": {
+ "type": "string"
+ },
+ "memory": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "service": {
+ "properties": {
+ "type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "serviceAccount": {
+ "type": "string"
+ },
+ "tolerations": {
+ "type": "array"
+ },
+ "volume": {
+ "properties": {
+ "storage": {
+ "type": "string"
+ },
+ "storageClassName": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "rbac": {
+ "properties": {
+ "create": {
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "timezone": {
+ "type": "string"
+ },
+ "webhook": {
+ "properties": {
+ "CRDS": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "FailurePolicy": {
+ "type": "string"
+ },
+ "caBundlePEM": {
+ "type": "string"
+ },
+ "certManager": {
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "crtPEM": {
+ "type": "string"
+ },
+ "keyPEM": {
+ "type": "string"
+ },
+ "timeoutSeconds": {
+ "type": "integer"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+}
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-mesh/values.yaml b/chaos/train-ticket-simple/charts/chaos-mesh/values.yaml
new file mode 100644
index 0000000..7a2cf6f
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/chaos-mesh/values.yaml
@@ -0,0 +1,564 @@
+# Copyright 2021 Chaos Mesh Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Default values for chaos-mesh.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+#
+nameOverride: ""
+fullnameOverride: ""
+
+# Custom labels to add
+customLabels: {}
+
+# clusterScoped is whether chaos-mesh should manage kubernetes cluster wide chaos
+# Also see rbac.create and controllerManager.serviceAccount
+clusterScoped: true
+
+# Creating rbac API Objects. Also see clusterScoped and controllerManager.serviceAccount
+rbac:
+ create: true
+
+# timezone is the timezone where controller-manager, chaos-daemon and dashboard uses.
+# For example: "UTC" or "Asia/Shanghai"
+# This value will be set on controller-manager and dashboard container's
+# environment variable TZ.
+# You may need to set the timezone to be consistent with your Grafana configuration,
+# otherwise the query Grafana used to retrieve event maybe in wrong timezone.
+timezone: "UTC"
+
+# enableProfiling is a flag to enable pprof in controller-manager and chaos-daemon.
+enableProfiling: true
+
+# enableCtrlServer is a flag to enable ctrlserver which provides service to chaosctl in controller-manager.
+enableCtrlServer: true
+
+images:
+ # images.registry is the global container registry for the images, you could replace it with your self-hosted container registry.
+ registry: "registry.cn-hangzhou.aliyuncs.com"
+ # images.tag is the global image tag (for example, semiVer with prefix v, or latest).
+ tag: "v2.6.3"
+
+## Optional array of imagePullSecrets containing private registry credentials
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# - name: secretName
+
+controllerManager:
+ # securityContext if needed
+ securityContext: {}
+ # running chaos-controller-manager on host network
+ hostNetwork: false
+ # Allow testing on `hostNetwork` pods. This is Dangerous. Please run only as temporary solution.
+ allowHostNetworkTesting: false
+ # The serviceAccount for chaos-controller-manager
+ serviceAccount: chaos-controller-manager
+ # Custom priorityClassName for using pod priorities
+ priorityClassName: ""
+ # Replicas for chaos-controller-manager
+ replicaCount: 1
+ # image would be constructed by /:
+ image:
+ # override global registry, empty value means using the global images.registry
+ registry: ""
+ # repository part for image of chaos-controller-manager
+ repository: train_ticket/chaos-mesh
+ # override global tag, empty value means using the global images.tag
+ tag: ""
+ # Image pull policy
+ imagePullPolicy: IfNotPresent
+
+ # The keys within the "env" map are mounted as environment variables on the pod.
+ env:
+ # WEBHOOK_PORT is configured the port for chaos-controller-manager provides webhooks.
+ # In GKE private clusters, by default kubernetes apiservers are allowed to
+ # talk to the cluster nodes only on 443 and 10250. so configuring
+ # WEBHOOK_PORT: 10250, will work out of the box without needing to add firewall
+ # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000
+ WEBHOOK_PORT: 10250
+ # METRICS_PORT is configured the port for chaos-controller-manager exposing prometheus metrics
+ METRICS_PORT: 10080
+ # If enabled, only pods in the namespace annotated with `"chaos-mesh.org/inject": "enabled"` could be injected
+ enableFilterNamespace: false
+ # targetNamespace only works with clusterScoped is false(namespace scoped mode).
+ # It means namespace which will be injected chaos
+ targetNamespace: chaos-mesh
+
+ service:
+ # Kubernetes Service type for service chaos-controller-manager
+ type: ClusterIP
+
+ resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits: {}
+ # cpu: 500m
+ # memory: 1024Mi
+ requests:
+ cpu: 25m
+ memory: 256Mi
+ # Node labels for chaos-controller-manager pod assignment
+ nodeSelector: {}
+ # Toleration labels for chaos-controller-manager pod assignment
+ tolerations: []
+ # Map of chaos-controller-manager node/pod affinities
+ affinity: {}
+ # Pod annotations of chaos-controller-manager
+ podAnnotations: {}
+ # A list of controllers to enable. "*" enables all controllers by default.
+ enabledControllers:
+ - "*"
+ # A list of webhooks to enable. "*" enables all webhooks by default.
+ enabledWebhooks:
+ - "*"
+ podChaos:
+ podFailure:
+ # Custom Pause Container Image for Pod Failure Chaos
+ pauseImage: gcr.io/google-containers/pause:latest
+ leaderElection:
+ # Enable leader election for controller manager.
+ enabled: false
+ # The duration that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack.
+ leaseDuration: 15s
+ # The duration that the acting control-plane will retry refreshing leadership before giving up.
+ renewDeadline: 10s
+ # The duration the LeaderElector clients should wait between tries of actions.
+ retryPeriod: 2s
+ # chaosdSecurityMode is enabled for mTLS connection between chaos-controller-manager and chaosd
+ chaosdSecurityMode: true
+ # multi cluster install offline helm chart path
+ localHelmChart:
+ enabled: false
+ volume:
+ hostPath:
+ path: /data/helm
+ type: DirectoryOrCreate
+
+chaosDaemon:
+ # image would be constructed by /:
+ image:
+ # override global registry, empty value means using the global images.registry
+ registry: ""
+ # repository part for image of chaos-daemon
+ repository: train_ticket/chaos-daemon
+ # empty tag means using the global images.tag
+ tag: ""
+ # Image pull policy
+ imagePullPolicy: IfNotPresent
+ # The port which grpc server listens on.
+ grpcPort: 31767
+ # The port which http server listens on.
+ httpPort: 31766
+ # extra chaosDaemon envs
+ env: {}
+ # running chaosDaemon on host network
+ hostNetwork: false
+ # configurations about mtls.
+ # currently we do not support use specified ca and cert for mtls, it would generate the ca and certs when chaos mesh deploy by helm.
+ mtls:
+ # enable mtls on the grpc connection between chaos-controller-manager and chaos-daemon
+ enabled: true
+
+ # Run chaos-daemon container in privileged mode. Processes in privileged containers
+ # are essentially equivalent to root on the host.
+ # If it is set to false, the following capabilities will be set. You can grant certain privileges
+ # to a process without granting all the privileges of the root user.
+ capabilities:
+ add:
+ - SYS_PTRACE
+ - NET_ADMIN
+ - NET_RAW
+ - MKNOD
+ - SYS_CHROOT
+ - SYS_ADMIN
+ - KILL
+ # CAP_IPC_LOCK is used to lock memory
+ - IPC_LOCK
+ privileged: true
+ # Custom priorityClassName for using pod priorities
+ priorityClassName: ""
+ # Pod annotations of chaos-daemon
+ podAnnotations: {}
+ # ServiceAccount name for chaos-daemon
+ serviceAccount: chaos-daemon
+ # Specify PodSecurityPolicy(psp) on chaos-daemon pods
+ podSecurityPolicy: false
+ # runtime specifies which container runtime to use. Currently
+ # we only supports docker, containerd and CRI-O.
+ runtime: docker
+ # socketPath specifies the path of container runtime socket on the host.
+ socketPath: /var/run/docker.sock
+
+ # If you are using Kind or using containerd as CRI, you can use the
+ # config below to use containerd as the runtime in chaos-daemon.
+ # runtime: containerd
+ # socketPath: /run/containerd/containerd.sock
+
+ # If you are using CRI-O as CRI, you can use the
+ # config below to use CRI-O as the runtime in chaos-daemon.
+ # runtime: crio
+ # socketPath: /var/run/crio/crio.sock
+
+ # You can customize socket dir via socketDir
+ # If you set socketPath and socketDir at the same time, only socketPath will work.
+
+ # CPU/Memory resource requests/limits for chaosDaemon container
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 500m
+ # memory: 1024Mi
+ # requests:
+ # cpu: 250m
+ # memory: 512Mi
+ # Node labels for chaos-daemon pod assignment
+ nodeSelector: {}
+ # Toleration labels for chaos-daemon pod assignment
+ tolerations: []
+ # Map of chaos-controller-manager node/pod affinities
+ affinity: {}
+
+ # Specify DaemonSetUpdateStrategy for chaos-daemon
+ updateStrategy: {}
+ # Example update strategy:
+ # type: RollingUpdate
+ # rollingUpdate:
+ # maxUnavailable: 33%
+
+dashboard:
+ # Enable chaos-dashboard
+ create: true
+ # rootUrl specify the base url for openid/oauth2 (like GCP Auth Integration) callback URL.
+ rootUrl: http://localhost:2333
+ # securityContext if needed
+ securityContext: {}
+ # running chaos-dashboard on host network
+ hostNetwork: false
+ # replicas of chaos-dashboard
+ replicaCount: 1
+ # Custom priorityClassName for using pod priorities
+ priorityClassName: ""
+ # The serviceAccount for chaos-dashboard
+ serviceAccount: chaos-dashboard
+ image:
+ # override global registry, empty value means using the global images.registry
+ registry: ""
+ # repository part for image of chaos-dashboard
+ repository: train_ticket/chaos-dashboard
+ # override global tag, empty value means using the global images.tag
+ tag: ""
+ # Image pull policy
+ imagePullPolicy: IfNotPresent
+ # securityMode requires user to provide credentials on Chaos Dashboard, instead of using chaos-dashboard service account
+ securityMode: true
+ # Enable GCP Authentication Integration, see: https://chaos-mesh.org/docs/gcp-authentication/ for more details
+ gcpSecurityMode: false
+ gcpClientId: ""
+ gcpClientSecret: ""
+ # Node labels for chaos-dashboard pod assignment
+ nodeSelector: {}
+ # Toleration labels for chaos-dashboard pod assignment
+ tolerations: []
+ # Map of chaos-dashboard node/pod affinities
+ affinity: {}
+ # Deployment chaos-dashboard annotations
+ podAnnotations: {}
+ # list of extra sidecar containers
+ extraContainers: []
+ service:
+ # Service annotations for the dashboard
+ annotations: {}
+ # Service type of the service created for exposing the dashboard
+ type: NodePort
+ # Set the `clusterIP` of the dashboard service if the type is `ClusterIP`
+ # clusterIP:
+ # Set the `nodePort` of the dashboard service if the type is `NodePort`
+ # nodePort:
+
+ # CPU/Memory resource requests/limits for chaos-dashboard pod
+ resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits: {}
+ # cpu: 500m
+ # memory: 1024Mi
+ requests:
+ cpu: 25m
+ memory: 256Mi
+
+ persistentVolume:
+ # If you are using SQLite as your DB for Chaos Dashboard, it is recommended to enable persistence.
+ # If enable, the chart will create a PersistenceVolumeClaim to store its state in. If you are
+ # using a DB other than SQLite, set this to false to avoid allocating unused storage.
+ # If set to false, Chaos Mesh will use an emptyDir instead, which is ephemeral.
+ enabled: false
+
+ # If you'd like to bring your own PVC for persisting chaos event, pass the name of the
+ # created + ready PVC here. If set, this Chart will not create the default PVC.
+ # Requires server.persistentVolume.enabled: true
+ #
+ existingClaim: ""
+
+ # Chaos Dashboard data Persistent Volume size.
+ size: 8Gi
+
+ # Chaos Dashboard data Persistent Volume Storage Class.
+ # If defined, storageClassName:
+ storageClassName: standard
+
+ # Chaos Dashboard data Persistent Volume mount root path
+ #
+ mountPath: /data
+
+ # Subdirectory of Chaos Dashboard data Persistent Volume to mount
+ # Useful if the volume's root directory is not empty
+ #
+ subPath: ""
+
+ # The keys within the "env" map are mounted as environment variables on the pod.
+ env:
+ # The address which chaos-dashboard would listen on.
+ LISTEN_HOST: 0.0.0.0
+ # The port which chaos-dashboard would listen on.
+ LISTEN_PORT: 2333
+ # The address which metrics endpoints would listen on.
+ METRIC_HOST: 0.0.0.0
+ # The ports which metrics endpoints would listen on.
+ METRIC_PORT: 2334
+
+ # If you'd like to use a DB other than SQLite (the default), set a driver + DSN here.
+ DATABASE_DRIVER: sqlite3
+ # The db dsn used for Chaos Dashboard
+ DATABASE_DATASOURCE: /data/core.sqlite
+
+ # Set the sync period to clean up archived data
+ CLEAN_SYNC_PERIOD: 12h
+ # Set TTL of archived event data
+ TTL_EVENT: 168h
+ # Set TTL of archived experiment data
+ TTL_EXPERIMENT: 336h
+ # Set TTL of archived schedule data
+ TTL_SCHEDULE: 336h
+ # Set TTL of archived workflow data
+ TTL_WORKFLOW: 336h
+ ingress:
+ ## Set to true to enable ingress record generation
+ enabled: false
+
+ ## Set this to true in order to add the corresponding annotations for cert-manager
+ certManager: false
+
+ ## Ingress annotations done as key:value pairs
+ ## For a full list of possible ingress annotations, please see
+ ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
+ ##
+ ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
+ ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
+ # annotations:
+ # kubernetes.io/ingress.class: nginx
+
+ ## The list of hostnames to be covered with this ingress record.
+ ## Most likely this will be just one host, but in the event more hosts are needed, this is an array
+ hosts:
+ - name: dashboard.local
+
+ ## Set this to true in order to enable TLS on the ingress record
+ tls: false
+
+ ## Optionally specify the TLS hosts for the ingress record
+ ## Useful when the Ingress controller supports www-redirection
+ ## If not specified, the above host name will be used
+ # tlsHosts:
+ # - www.dashboard.local
+ # - dashboard.local
+
+ ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
+ tlsSecret: dashboard.local-tls
+
+ # Paths that map requests to chaos dashboard
+ paths: ["/"]
+
+ # Override apiVersion of ingress rendered by this helm chart
+ apiVersionOverrides: ""
+
+ # Defines which ingress controller will implement the resource
+ ingressClassName: ""
+
+dnsServer:
+ # Enable DNS Server which required by DNSChaos
+ create: true
+ # Name of serviceaccount for chaos-dns-server.
+ serviceAccount: chaos-dns-server
+ # Image of DNS Server
+ image: registry.cn-hangzhou.aliyuncs.com/train_ticket/chaos-coredns:v0.2.6
+ # Image pull policy
+ imagePullPolicy: IfNotPresent
+ # Customized priorityClassName for chaos-dns-server
+ priorityClassName: ""
+ # Node labels for chaos-dns-server pod assignment
+ nodeSelector: {}
+ # Toleration labels for chaos-dns-server pod assignment
+ tolerations: []
+ # Pod annotations of chaos-dns-server
+ podAnnotations: {}
+ # the service name of chaos-dns-server
+ name: chaos-mesh-dns-server
+ # grpc port for chaos-dns-server
+ grpcPort: 9288
+ # Number of replicas
+ replicas: 1
+ # CPU/Memory resource requests/limits for chaos-dns-server pod
+ resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits: {}
+ # cpu: 500m
+ # memory: 1024Mi
+ requests:
+ cpu: 100m
+ memory: 70Mi
+ env:
+ # The address of chaos-dns-server listen on
+ LISTEN_HOST: "0.0.0.0"
+ # The port of chaos-dns-server listen on
+ LISTEN_PORT: 53
+
+prometheus:
+ # Enable prometheus
+ create: false
+ # The serviceAccount for prometheus
+ serviceAccount: prometheus
+ # Docker image for prometheus
+ image: prom/prometheus:v2.18.1
+ # Image pull policy
+ imagePullPolicy: IfNotPresent
+ # Custom priorityClassName for using pod priorities
+ priorityClassName: ""
+ # Node labels for prometheus pod assignment
+ nodeSelector: {}
+ # Toleration labels for prometheus pod assignment
+ tolerations: []
+ # Map of prometheus node/pod affinities
+ affinity: {}
+ # Deployment prometheus annotations
+ podAnnotations: {}
+ # CPU/Memory resource requests/limits for prometheus pod
+ resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits:
+ cpu: 500m
+ memory: 1024Mi
+ requests:
+ cpu: 250m
+ memory: 512Mi
+ # Kubernetes Service type
+ service:
+ type: ClusterIP
+
+ volume:
+ # storage size of PVC
+ storage: 2Gi
+ # storage class of PVC
+ storageClassName: standard
+
+webhook:
+ certManager:
+ # Setup the webhook using cert-manager
+ enabled: false
+ # if certManager is disabled and PEMs are empty, Helm will auto-generate these fields.
+ caBundlePEM: ""
+
+ crtPEM: ""
+
+ keyPEM: ""
+
+ # It is recommended that admission webhooks should evaluate as quickly as possible (typically in milliseconds),
+ # since they add to API request latency. It is encouraged to use a small timeout for webhooks.
+ # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+ timeoutSeconds: 5
+ # FailurePolicy defines how unrecognized errors and timeout errors from the admission webhook are handled.
+ # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+ FailurePolicy: Fail
+
+ CRDS:
+ - podchaos
+ - iochaos
+ - timechaos
+ - networkchaos
+ - kernelchaos
+ - stresschaos
+ - awschaos
+ - azurechaos
+ - gcpchaos
+ - dnschaos
+ - jvmchaos
+ - schedule
+ - workflow
+ - httpchaos
+ - blockchaos
+ - physicalmachinechaos
+ - physicalmachine
+ - statuscheck
+ - remotecluster
+
+bpfki:
+ # Enable chaos-kernel
+ create: false
+ # image would be constructed by /:
+ image:
+ # empty registry means using the global images.registry
+ registry: ""
+ repository: train_ticket/chaos-kernel
+ # empty tag means using the global images.tag
+ tag: ""
+ # Image pull policy
+ imagePullPolicy: IfNotPresent
+ # The port which grpc server listens on
+ grpcPort: 50051
+ # CPU/Memory resource requests/limits for chaos-kernel container
+ resources:
+ {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 500m
+ # memory: 1024Mi
+ # requests:
+ # cpu: 250m
+ # memory: 512Mi
+
+chaosDlv:
+ enable: false
+ # image would be constructed by /:
+ image:
+ # empty registry means using the global images.registry
+ registry: ""
+ repository: train_ticket/chaos-dlv
+ # empty tag means using the global images.tag
+ tag: ""
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/charts/elasticsearch/Chart.yaml b/chaos/train-ticket-simple/charts/elasticsearch/Chart.yaml
new file mode 100644
index 0000000..8c4e973
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/elasticsearch/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+name: elasticsearch
+version: 1.0.0
+appVersion: "v7.17.13"
+description: elasticsearch v7.17.13
diff --git a/chaos/train-ticket-simple/charts/elasticsearch/templates/_helpers.tpl b/chaos/train-ticket-simple/charts/elasticsearch/templates/_helpers.tpl
new file mode 100644
index 0000000..01c5da6
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/elasticsearch/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{- define "elasticsearch.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end }}
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/elasticsearch/templates/service.yaml b/chaos/train-ticket-simple/charts/elasticsearch/templates/service.yaml
new file mode 100644
index 0000000..05c12e9
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/elasticsearch/templates/service.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ template "name" . }}"
+ labels:
+ app: "{{ template "name" . }}"
+ release: "{{ .Release.Name }}"
+ chart: {{ template "elasticsearch.chart" . }}
+spec:
+ ports:
+ - name: db
+ protocol: TCP
+ port: 9200
+ targetPort: 9200
+ - name: transport
+ protocol: TCP
+ port: 9300
+ targetPort: 9300
+ selector:
+ app: "{{ template "name" . }}"
+ release: "{{ .Release.Name }}"
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/charts/elasticsearch/templates/statefulset.yaml b/chaos/train-ticket-simple/charts/elasticsearch/templates/statefulset.yaml
new file mode 100644
index 0000000..f0764c4
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/elasticsearch/templates/statefulset.yaml
@@ -0,0 +1,73 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: "{{ template "name" . }}"
+ labels:
+ app: "{{ template "name" . }}"
+ release: "{{ .Release.Name }}"
+ chart: {{ template "elasticsearch.chart" . }}
+spec:
+ serviceName: "{{ template "name" . }}"
+ replicas: 1
+ selector:
+ matchLabels:
+ app: "{{ template "name" . }}"
+ release: "{{ .Release.Name }}"
+ template:
+ metadata:
+ labels:
+ app: "{{ template "name" . }}"
+ release: "{{ .Release.Name }}"
+ chart: {{ template "elasticsearch.chart" . }}
+ spec:
+ containers:
+ - name: elasticsearch
+ image: "{{ .Values.image.repository }}/elasticsearch:7.17.13"
+ ports:
+ - name: db
+ containerPort: 9200
+ protocol: TCP
+ - name: transport
+ containerPort: 9300
+ protocol: TCP
+ env:
+ - name: discovery.type
+ value: single-node
+ resources:
+ limits:
+ cpu: '2'
+ memory: 4Gi
+ requests:
+ cpu: 500m
+ memory: 2Gi
+ volumeMounts:
+ - name: data
+ mountPath: /usr/share/elasticsearch/data
+ imagePullPolicy: IfNotPresent
+ volumes:
+{{- if .Values.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: data
+ labels:
+ app: "{{ template "name" . }}"
+ spec:
+ accessModes:
+ {{- range .Values.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ {{- if .Values.persistence.storageClass }}
+ {{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+ {{- else }}
+ storageClassName: {{ .Values.persistence.storageClass | quote }}
+ {{- end }}
+ {{- end }}
+{{- else }}
+ - name: "data"
+ emptyDir: {}
+{{- end }}
+
diff --git a/chaos/train-ticket-simple/charts/elasticsearch/values.yaml b/chaos/train-ticket-simple/charts/elasticsearch/values.yaml
new file mode 100644
index 0000000..bf58e85
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/elasticsearch/values.yaml
@@ -0,0 +1,13 @@
+image:
+ repository: registry.cn-hangzhou.aliyuncs.com/train_ticket
+persistence:
+ enabled: true
+ storageClass: openebs-hostpath
+ ## Persistent Volume Access Mode
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 30Gi
+
diff --git a/chaos/train-ticket-simple/charts/mysql/Chart.yaml b/chaos/train-ticket-simple/charts/mysql/Chart.yaml
new file mode 100644
index 0000000..99ceefe
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/Chart.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+name: mysql
+version: 4.5.2
+appVersion: 5.7.26
+description: Chart to create a Highly available MySQL cluster
+keywords:
+- mysql
+- database
+- sql
+- cluster
+- high availablity
+home: https://mysql.com
+icon: https://bitnami.com/assets/stacks/mysql/img/mysql-stack-220x234.png
+sources:
+- https://github.com/bitnami/bitnami-docker-mysql
+maintainers:
+- name: Bitnami
+ email: containers@bitnami.com
diff --git a/chaos/train-ticket-simple/charts/mysql/README.md b/chaos/train-ticket-simple/charts/mysql/README.md
new file mode 100644
index 0000000..3e7550e
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/README.md
@@ -0,0 +1,171 @@
+# MySQL
+
+[MySQL](https://mysql.com) is a fast, reliable, scalable, and easy to use open-source relational database system. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software.
+
+## TL;DR
+
+```bash
+$ helm install bitnami/mysql
+```
+
+## Introduction
+
+This chart bootstraps a [MySQL](https://github.com/bitnami/bitnami-docker-mysql) replication cluster deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications.
+
+## Prerequisites
+
+- Kubernetes 1.10+
+- PV provisioner support in the underlying infrastructure
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```bash
+$ helm install --name my-release bitnami/mysql
+```
+
+The command deploys MySQL on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following tables lists the configurable parameters of the MySQL chart and their default values.
+
+| Parameter | Description | Default |
+|-------------------------------------------|----------------------------------------------------------------------------|-------------------------------------------------------------------|
+| `global.imageRegistry` | Global Docker image registry | `nil` |
+| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
+| `image.registry` | MySQL image registry | `docker.io` |
+| `image.repository` | MySQL Image name | `bitnami/mysql` |
+| `image.tag` | MySQL Image tag | `{VERSION}` |
+| `image.pullPolicy` | MySQL image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` |
+| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
+| `service.type` | Kubernetes service type | `ClusterIP` |
+| `service.port` | MySQL service port | `3306` |
+| `root.password` | Password for the `root` user | _random 10 character alphanumeric string_ |
+| `db.user` | Username of new user to create (should be different from replication.user) | `nil` |
+| `db.password` | Password for the new user | _random 10 character alphanumeric string if `db.user` is defined_ |
+| `db.name` | Name for new database to create | `my_database` |
+| `securityContext.enabled` | Enable security context | `true` |
+| `securityContext.fsGroup` | Group ID for the container | `1001` |
+| `securityContext.runAsUser` | User ID for the container | `1001` |
+| `replication.enabled` | MySQL replication enabled | `true` |
+| `replication.user` | MySQL replication user (should be different from db.user) | `replicator` |
+| `replication.password` | MySQL replication user password | _random 10 character alphanumeric string_ |
+| `master.antiAffinity` | Master pod anti-affinity policy | `soft` |
+| `master.updateStrategy.type` | Master statefulset update strategy policy | `RollingUpdate` |
+| `master.persistence.enabled` | Enable persistence using a `PersistentVolumeClaim` | `true` |
+| `master.persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` |
+| `master.persistence.mountPath` | Configure `PersistentVolumeClaim` mount path | `/bitnami/mysql` |
+| `master.persistence.annotations` | Persistent Volume Claim annotations | `{}` |
+| `master.persistence.storageClass` | Persistent Volume Storage Class | `` |
+| `master.persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]` |
+| `master.persistence.size` | Persistent Volume Size | `8Gi` |
+| `master.config` | Config file for the MySQL Master server | `_default values in the values.yaml file_` |
+| `master.resources` | CPU/Memory resource requests/limits for master node | `{}` |
+| `master.livenessProbe.enabled` | Turn on and off liveness probe (master) | `true` |
+| `master.livenessProbe.initialDelaySeconds`| Delay before liveness probe is initiated (master) | `120` |
+| `master.livenessProbe.periodSeconds` | How often to perform the probe (master) | `10` |
+| `master.livenessProbe.timeoutSeconds` | When the probe times out (master) | `1` |
+| `master.livenessProbe.successThreshold` | Minimum consecutive successes for the probe (master) | `1` |
+| `master.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe (master) | `3` |
+| `master.readinessProbe.enabled` | Turn on and off readiness probe (master) | `true` |
+| `master.readinessProbe.initialDelaySeconds`| Delay before readiness probe is initiated (master) | `30` |
+| `master.readinessProbe.periodSeconds` | How often to perform the probe (master) | `10` |
+| `master.readinessProbe.timeoutSeconds` | When the probe times out (master) | `1` |
+| `master.readinessProbe.successThreshold` | Minimum consecutive successes for the probe (master) | `1` |
+| `master.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe (master) | `3` |
+| `slave.replicas` | Desired number of slave replicas | `1` |
+| `slave.antiAffinity` | Slave pod anti-affinity policy | `soft` |
+| `slave.updateStrategy.type` | Slave statefulset update strategy policy | `RollingUpdate` |
+| `slave.persistence.enabled` | Enable persistence using a `PersistentVolumeClaim` | `true` |
+| `slave.persistence.mountPath` | Configure `PersistentVolumeClaim` mount path | `/bitnami/mysql` |
+| `slave.persistence.annotations` | Persistent Volume Claim annotations | `{}` |
+| `slave.persistence.storageClass` | Persistent Volume Storage Class | `` |
+| `slave.persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]` |
+| `slave.persistence.size` | Persistent Volume Size | `8Gi` |
+| `slave.config` | Config file for the MySQL Slave replicas | `_default values in the values.yaml file_` |
+| `slave.resources` | CPU/Memory resource requests/limits for slave node | `{}` |
+| `slave.livenessProbe.enabled` | Turn on and off liveness probe (slave) | `true` |
+| `slave.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (slave) | `120` |
+| `slave.livenessProbe.periodSeconds` | How often to perform the probe (slave) | `10` |
+| `slave.livenessProbe.timeoutSeconds` | When the probe times out (slave) | `1` |
+| `slave.livenessProbe.successThreshold` | Minimum consecutive successes for the probe (slave) | `1` |
+| `slave.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe (slave) | `3` |
+| `slave.readinessProbe.enabled` | Turn on and off readiness probe (slave) | `true` |
+| `slave.readinessProbe.initialDelaySeconds`| Delay before readiness probe is initiated (slave) | `30` |
+| `slave.readinessProbe.periodSeconds` | How often to perform the probe (slave) | `10` |
+| `slave.readinessProbe.timeoutSeconds` | When the probe times out (slave) | `1` |
+| `slave.readinessProbe.successThreshold` | Minimum consecutive successes for the probe (slave) | `1` |
+| `slave.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe (slave) | `3` |
+| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
+| `metrics.image` | Exporter image name | `prom/mysqld-exporter` |
+| `metrics.imageTag` | Exporter image tag | `v0.10.0` |
+| `metrics.imagePullPolicy` | Exporter image pull policy | `IfNotPresent` |
+| `metrics.resources` | Exporter resource requests/limit | `nil` |
+
+The above parameters map to the env variables defined in [bitnami/mysql](http://github.com/bitnami/bitnami-docker-mysql). For more information please refer to the [bitnami/mysql](http://github.com/bitnami/bitnami-docker-mysql) image documentation.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```bash
+$ helm install --name my-release \
+ --set root.password=secretpassword,user.database=app_database \
+ bitnami/mysql
+```
+
+The above command sets the MySQL `root` account password to `secretpassword`. Additionally it creates a database named `app_database`.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```bash
+$ helm install --name my-release -f values.yaml bitnami/mysql
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## Initialize a fresh instance
+
+The [Bitnami MySQL](https://github.com/bitnami/bitnami-docker-mysql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap.
+
+The allowed extensions are `.sh`, `.sql` and `.sql.gz`.
+
+## Persistence
+
+The [Bitnami MySQL](https://github.com/bitnami/bitnami-docker-mysql) image stores the MySQL data and configurations at the `/bitnami/mysql` path of the container.
+
+The chart mounts a [Persistent Volume](kubernetes.io/docs/user-guide/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can be defined.
+
+## Upgrading
+
+It's necessary to set the `root.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart:
+
+```bash
+$ helm upgrade my-release bitnami/mysql --set root.password=[ROOT_PASSWORD]
+```
+
+| Note: you need to substitue the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes.
+
+### To 3.0.0
+
+Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
+Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is mysql:
+
+```console
+$ kubectl delete statefulset mysql-master --cascade=false
+$ kubectl delete statefulset mysql-slave --cascade=false
+```
diff --git a/chaos/train-ticket-simple/charts/mysql/files/docker-entrypoint-initdb.d/README.md b/chaos/train-ticket-simple/charts/mysql/files/docker-entrypoint-initdb.d/README.md
new file mode 100644
index 0000000..c7257d7
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/files/docker-entrypoint-initdb.d/README.md
@@ -0,0 +1,3 @@
+You can copy here your custom .sh, .sql or .sql.gz file so they are executed during the first boot of the image.
+
+More info in the [bitnami-docker-mysql](https://github.com/bitnami/bitnami-docker-mysql#initializing-a-new-instance) repository.
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/mysql/templates/NOTES.txt b/chaos/train-ticket-simple/charts/mysql/templates/NOTES.txt
new file mode 100644
index 0000000..82849cf
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/templates/NOTES.txt
@@ -0,0 +1,42 @@
+
+Please be patient while the chart is being deployed
+
+Tip:
+
+ Watch the deployment status using the command: kubectl get pods -w --namespace {{ .Release.Namespace }}
+
+Services:
+
+ echo Master: {{ template "fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}
+{{- if .Values.replication.enabled }}
+ echo Slave: {{ template "mysql.slave.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}
+{{- end }}
+
+Administrator credentials:
+
+ echo Username: root
+ echo Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode)
+
+To connect to your database:
+
+ 1. Run a pod that you can use as a client:
+
+ kubectl run {{ template "fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mysql.image" . }} --namespace {{ .Release.Namespace }} --command -- bash
+
+ 2. To connect to master service (read/write):
+
+ mysql -h {{ template "fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local -uroot -p {{ .Values.db.name }}
+
+{{- if .Values.replication.enabled }}
+
+ 3. To connect to slave service (read-only):
+
+ mysql -h {{ template "mysql.slave.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local -uroot -p {{ .Values.db.name }}
+{{- end }}
+
+To upgrade this helm chart:
+
+ 1. Obtain the password as described on the 'Administrator credentials' section and set the 'root.password' parameter as shown below:
+
+ ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode)
+ helm upgrade {{ .Release.Name }} bitnami/mysql --set root.password=$ROOT_PASSWORD
diff --git a/chaos/train-ticket-simple/charts/mysql/templates/_helpers.tpl b/chaos/train-ticket-simple/charts/mysql/templates/_helpers.tpl
new file mode 100644
index 0000000..30be816
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/templates/_helpers.tpl
@@ -0,0 +1,109 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{- define "mysql.master.fullname" -}}
+{{- printf "%s-%s" .Release.Name "mysql-master" | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{- define "mysql.slave.fullname" -}}
+{{- printf "%s-%s" .Release.Name "mysql-slave" | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{- define "mysql.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{/*
+Return the proper MySQL image name
+*/}}
+{{- define "mysql.image" -}}
+{{- $registryName := .Values.image.registry -}}
+{{- $repositoryName := .Values.image.repository -}}
+{{- $tag := .Values.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper MySQL metrics exporter image name
+*/}}
+{{- define "mysql.metrics.image" -}}
+{{- $registryName := .Values.metrics.image.registry -}}
+{{- $repositoryName := .Values.metrics.image.repository -}}
+{{- $tag := .Values.metrics.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "mysql.imagePullSecrets" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+Also, we can not use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.metrics.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end -}}
+{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.metrics.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end -}}
+{{- end -}}
diff --git a/chaos/train-ticket-simple/charts/mysql/templates/initialization-configmap.yaml b/chaos/train-ticket-simple/charts/mysql/templates/initialization-configmap.yaml
new file mode 100644
index 0000000..3db8f22
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/templates/initialization-configmap.yaml
@@ -0,0 +1,19 @@
+{{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "mysql.master.fullname" . }}-init-scripts
+ labels:
+ app: {{ template "name" . }}
+ component: "master"
+ chart: {{ template "mysql.chart" . }}
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+binaryData:
+{{- $root := . }}
+{{- range $path, $bytes := .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }}
+ {{ base $path }}: {{ $root.Files.Get $path | b64enc | quote }}
+{{- end }}
+data:
+{{ (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}").AsConfig | indent 2 }}
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/mysql/templates/master-configmap.yaml b/chaos/train-ticket-simple/charts/mysql/templates/master-configmap.yaml
new file mode 100644
index 0000000..6a38e78
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/templates/master-configmap.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.master.config }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "mysql.master.fullname" . }}
+ labels:
+ app: {{ template "name" . }}
+ component: "master"
+ chart: {{ template "mysql.chart" . }}
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+data:
+ my.cnf: |-
+{{ .Values.master.config | indent 4 }}
+{{- end -}}
diff --git a/chaos/train-ticket-simple/charts/mysql/templates/master-statefulset.yaml b/chaos/train-ticket-simple/charts/mysql/templates/master-statefulset.yaml
new file mode 100644
index 0000000..0c109e9
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/templates/master-statefulset.yaml
@@ -0,0 +1,214 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "mysql.master.fullname" . }}
+ labels:
+ app: "{{ template "name" . }}"
+ chart: {{ template "mysql.chart" . }}
+ component: "master"
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "name" . }}
+ release: "{{ .Release.Name }}"
+ component: "master"
+ serviceName: "{{ template "mysql.master.fullname" . }}"
+ replicas: 1
+ updateStrategy:
+ type: {{ .Values.master.updateStrategy.type }}
+ {{- if (eq "Recreate" .Values.master.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- end }}
+ template:
+ metadata:
+ labels:
+ app: "{{ template "name" . }}"
+ chart: {{ template "mysql.chart" . }}
+ component: "master"
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+{{- if or .Values.master.annotations .Values.metrics.enabled }}
+ annotations:
+ {{- if .Values.master.annotations }}
+{{ toYaml .Values.master.annotations | indent 8 }}
+ {{- end }}
+ {{- if .Values.metrics.annotations }}
+{{ toYaml .Values.metrics.annotations | indent 8 }}
+ {{- end }}
+{{- end }}
+ spec:
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ {{- end }}
+ {{- if eq .Values.master.antiAffinity "hard" }}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: "kubernetes.io/hostname"
+ labelSelector:
+ matchLabels:
+ app: "{{ template "name" . }}"
+ release: "{{ .Release.Name }}"
+ {{- else if eq .Values.master.antiAffinity "soft" }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ app: "{{ template "name" . }}"
+ release: "{{ .Release.Name }}"
+ {{- end }}
+{{- include "mysql.imagePullSecrets" . | indent 6 }}
+ containers:
+ - name: "mysql"
+ image: {{ template "mysql.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ env:
+ - name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "fullname" . }}
+ key: mysql-root-password
+ {{- if .Values.db.user }}
+ - name: MYSQL_USER
+ value: "{{ .Values.db.user }}"
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "fullname" . }}
+ key: mysql-password
+ {{- end }}
+ - name: MYSQL_DATABASE
+ value: "{{ .Values.db.name }}"
+ {{- if .Values.replication.enabled }}
+ - name: MYSQL_REPLICATION_MODE
+ value: "master"
+ - name: MYSQL_REPLICATION_USER
+ value: "{{ .Values.replication.user }}"
+ - name: MYSQL_REPLICATION_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "fullname" . }}
+ key: mysql-replication-password
+ {{- end }}
+ ports:
+ - name: mysql
+ containerPort: 3306
+ {{- if .Values.master.livenessProbe.enabled }}
+ livenessProbe:
+ exec:
+ command: ["sh", "-c", "exec mysqladmin status -uroot -p$MYSQL_ROOT_PASSWORD"]
+ initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.master.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.master.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }}
+ {{- end }}
+ {{- if .Values.master.readinessProbe.enabled }}
+ readinessProbe:
+ exec:
+ command: ["sh", "-c", "exec mysqladmin status -uroot -p$MYSQL_ROOT_PASSWORD"]
+ initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.master.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.master.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.master.resources | indent 10 }}
+ volumeMounts:
+ {{- if .Values.master.persistence.existingClaim }}
+ - name: {{ .Values.master.persistence.existingClaim }}
+ {{- else }}
+ - name: data
+ {{- end }}
+ mountPath: {{ .Values.master.persistence.mountPath }}
+ {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|sql|sql.gz]") }}
+ - name: custom-init-scripts
+ mountPath: /docker-entrypoint-initdb.d
+ {{- end }}
+ {{- if .Values.master.config }}
+ - name: config
+ mountPath: /opt/bitnami/mysql/conf/my.cnf
+ subPath: my.cnf
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ template "mysql.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ env:
+ - name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "fullname" . }}
+ key: mysql-root-password
+ command: [ 'sh', '-c', 'DATA_SOURCE_NAME="root:$MYSQL_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter' ]
+ ports:
+ - name: metrics
+ containerPort: 9104
+ livenessProbe:
+ httpGet:
+ path: /metrics
+ port: metrics
+ initialDelaySeconds: 15
+ timeoutSeconds: 5
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: metrics
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ resources:
+{{ toYaml .Values.metrics.resources | indent 10 }}
+ {{- end }}
+ volumes:
+ {{- if and .Values.master.persistence.enabled .Values.master.persistence.existingClaim }}
+ - name: {{ .Values.master.persistence.existingClaim }}
+ persistentVolumeClaim:
+ claimName: {{ .Values.master.persistence.existingClaim }}
+ {{ end }}
+ {{- if .Values.master.config }}
+ - name: config
+ configMap:
+ name: {{ template "mysql.master.fullname" . }}
+ {{- end }}
+ {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|sql|sql.gz]") }}
+ - name: custom-init-scripts
+ configMap:
+ name: {{ template "mysql.master.fullname" . }}-init-scripts
+ {{- end }}
+{{- if and .Values.master.persistence.enabled ( not .Values.master.persistence.existingClaim ) }}
+ volumeClaimTemplates:
+ - metadata:
+ name: data
+ labels:
+ app: "{{ template "name" . }}"
+ component: "master"
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+ spec:
+ accessModes:
+ {{- range .Values.master.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.master.persistence.size | quote }}
+ {{- if .Values.master.persistence.storageClass }}
+ {{- if (eq "-" .Values.master.persistence.storageClass) }}
+ storageClassName: ""
+ {{- else }}
+ storageClassName: {{ .Values.master.persistence.storageClass | quote }}
+ {{- end }}
+ {{- end }}
+{{- else }}
+ - name: "data"
+ emptyDir: {}
+{{- end }}
diff --git a/chaos/train-ticket-simple/charts/mysql/templates/master-svc.yaml b/chaos/train-ticket-simple/charts/mysql/templates/master-svc.yaml
new file mode 100644
index 0000000..0aabbec
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/templates/master-svc.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "fullname" . }}
+ labels:
+ app: "{{ template "name" . }}"
+ component: "master"
+ chart: {{ template "mysql.chart" . }}
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: mysql
+ port: {{ .Values.service.port }}
+ targetPort: mysql
+{{- if .Values.metrics.enabled }}
+ - name: metrics
+ port: 9104
+ targetPort: metrics
+{{- end }}
+ selector:
+ app: "{{ template "name" . }}"
+ component: "master"
+ release: "{{ .Release.Name }}"
diff --git a/chaos/train-ticket-simple/charts/mysql/templates/secrets.yaml b/chaos/train-ticket-simple/charts/mysql/templates/secrets.yaml
new file mode 100644
index 0000000..483517d
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/templates/secrets.yaml
@@ -0,0 +1,38 @@
+{{- if (not .Values.root.existingSecret) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "fullname" . }}
+ labels:
+ app: {{ template "name" . }}
+ chart: {{ template "mysql.chart" . }}
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+type: Opaque
+data:
+ {{- if .Values.root.password }}
+ mysql-root-password: {{ .Values.root.password | b64enc | quote }}
+ {{- else if (not .Values.root.forcePassword) }}
+ mysql-root-password: {{ randAlphaNum 10 | b64enc | quote }}
+ {{ else }}
+ mysql-root-password: {{ required "A MySQL Root Password is required!" .Values.root.password }}
+ {{- end }}
+ {{- if .Values.db.user }}
+ {{- if .Values.db.password }}
+ mysql-password: {{ .Values.db.password | b64enc | quote }}
+ {{- else if (not .Values.db.forcePassword) }}
+ mysql-password: {{ randAlphaNum 10 | b64enc | quote }}
+ {{- else }}
+ mysql-password: {{ required "A MySQL Database Password is required!" .Values.db.password }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.replication.enabled }}
+ {{- if .Values.replication.password }}
+ mysql-replication-password: {{ .Values.replication.password | b64enc | quote }}
+ {{- else if (not .Values.replication.forcePassword) }}
+ mysql-replication-password: {{ randAlphaNum 10 | b64enc | quote }}
+ {{- else }}
+ mysql-replication-password: {{ required "A MySQL Replication Password is required!" .Values.replication.password }}
+ {{- end }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/mysql/values-production.yaml b/chaos/train-ticket-simple/charts/mysql/values-production.yaml
new file mode 100644
index 0000000..d22ec43
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/values-production.yaml
@@ -0,0 +1,276 @@
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+# global:
+# imageRegistry: myRegistryName
+# imagePullSecrets:
+# - myRegistryKeySecretName
+
+## Bitnami MySQL image
+## ref: https://hub.docker.com/r/bitnami/mysql/tags/
+##
+image:
+ registry: registry.cn-hangzhou.aliyuncs.com
+ repository: train_ticket/mysql
+ tag: 5.7.26
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+service:
+ ## Kubernetes service type
+ type: ClusterIP
+ port: 3306
+
+## Pod Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+
+root:
+ ## MySQL admin password
+ ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-the-root-password-on-first-run
+ ##
+ password:
+ ## Use existing secret (ignores root, db and replication passwords)
+ # existingSecret:
+ ##
+ ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly.
+ ## If it is not force, a random password will be generated.
+ forcePassword: false
+
+db:
+ ## MySQL username and password
+ ## ref: https://github.com/bitnami/bitnami-docker-mysql#creating-a-database-user-on-first-run
+ ## Note that this user should be different from the MySQL replication user (replication.user)
+ ##
+ user:
+ password:
+ ## Password is ignored if existingSecret is specified.
+ ## Database to create
+ ## ref: https://github.com/bitnami/bitnami-docker-mysql#creating-a-database-on-first-run
+ ##
+ name: my_database
+ ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly.
+ ## If it is not force, a random password will be generated.
+ forcePassword: false
+
+replication:
+ ## Enable replication. This enables the creation of replicas of MySQL. If false, only a
+ ## master deployment would be created
+ enabled: true
+ ##
+ ## MySQL replication user
+ ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster
+ ## Note that this user should be different from the MySQL user (db.user)
+ ##
+ user: replicator
+ ## MySQL replication user password
+ ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster
+ ##
+ password:
+ ## Password is ignored if existingSecret is specified.
+ ##
+ ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly.
+ ## If it is not force, a random password will be generated.
+ forcePassword: true
+
+master:
+ antiAffinity: soft
+ ## updateStrategy for MySQL Master StatefulSet
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ updateStrategy:
+ type: RollingUpdate
+ ## Enable persistence using Persistent Volume Claims
+ ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+ ##
+ persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ mountPath: /bitnami/mysql
+ ## Enable persistence using an existing PVC
+ ##
+ # existingClaim:
+
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName:
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations:
+ ## Persistent Volume Access Mode
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+ ##
+
+ ## Configure MySQL with a custom my.cnf file
+ ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
+ ##
+ config: |-
+ [mysqld]
+ default_authentication_plugin=mysql_native_password
+ skip-name-resolve
+ explicit_defaults_for_timestamp
+ basedir=/opt/bitnami/mysql
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ tmpdir=/opt/bitnami/mysql/tmp
+ max_allowed_packet=16M
+ bind-address=0.0.0.0
+ pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+ log-error=/opt/bitnami/mysql/logs/mysqld.log
+ character-set-server=UTF8
+ collation-server=utf8_general_ci
+ max_connections = 65535
+
+ [client]
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ default-character-set=UTF8
+
+ [manager]
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+
+ ## Configure master resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources: {}
+ livenessProbe:
+ enabled: false
+ ##
+ ## Initializing the database could take some time
+ initialDelaySeconds: 120
+ ##
+ ## Default Kubernetes values
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ enabled: false
+ initialDelaySeconds: 15
+ ##
+ ## Default Kubernetes values
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+
+slave:
+ replicas: 2
+ antiAffinity: soft
+ ## updateStrategy for MySQL Slave StatefulSet
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ updateStrategy:
+ type: RollingUpdate
+ persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ mountPath: /bitnami/mysql
+ # storageClass: "-"
+ annotations:
+ accessModes:
+ - ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+ ##
+
+ ## Configure MySQL slave with a custom my.cnf file
+ ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
+ ##
+ config: |-
+ [mysqld]
+ default_authentication_plugin=mysql_native_password
+ skip-name-resolve
+ explicit_defaults_for_timestamp
+ basedir=/opt/bitnami/mysql
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ tmpdir=/opt/bitnami/mysql/tmp
+ max_allowed_packet=16M
+ bind-address=0.0.0.0
+ pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+ log-error=/opt/bitnami/mysql/logs/mysqld.log
+ character-set-server=UTF8
+ collation-server=utf8_general_ci
+ max_connections = 65535
+
+ [client]
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ default-character-set=UTF8
+
+ [manager]
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+
+ ##
+ ## Configure slave resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources: {}
+ livenessProbe:
+ enabled: false
+ ##
+ ## Initializing the database could take some time
+ initialDelaySeconds: 120
+ ##
+ ## Default Kubernetes values
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ enabled: false
+ initialDelaySeconds: 15
+ ##
+ ## Default Kubernetes values
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+
+metrics:
+ enabled: true
+ image:
+ registry: docker.io
+ repository: prom/mysqld-exporter
+ tag: v0.10.0
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ resources: {}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9104"
diff --git a/chaos/train-ticket-simple/charts/mysql/values.yaml b/chaos/train-ticket-simple/charts/mysql/values.yaml
new file mode 100644
index 0000000..a6d54aa
--- /dev/null
+++ b/chaos/train-ticket-simple/charts/mysql/values.yaml
@@ -0,0 +1,278 @@
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+# global:
+# imageRegistry: myRegistryName
+# imagePullSecrets:
+# - myRegistryKeySecretName
+
+## Bitnami MySQL image
+## ref: https://hub.docker.com/r/bitnami/mysql/tags/
+##
+image:
+ registry: registry.cn-hangzhou.aliyuncs.com
+ repository: train_ticket/mysql
+ tag: 5.7.26
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: Always
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+service:
+ ## Kubernetes service type
+ # nodePort:
+ type: ClusterIP
+ port: 3306
+
+## Pod Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+
+root:
+ ## MySQL admin password
+ ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-the-root-password-on-first-run
+ ##
+ password:
+ ## Use existing secret (ignores root, db and replication passwords)
+ # existingSecret:
+ ##
+ ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly.
+ ## If it is not force, a random password will be generated.
+ forcePassword: false
+
+db:
+ ## MySQL username and password
+ ## ref: https://github.com/bitnami/bitnami-docker-mysql#creating-a-database-user-on-first-run
+ ## Note that this user should be different from the MySQL replication user (replication.user)
+ ##
+ user:
+ password:
+ ## Password is ignored if existingSecret is specified.
+ ## Database to create
+ ## ref: https://github.com/bitnami/bitnami-docker-mysql#creating-a-database-on-first-run
+ ##
+ name: my_database
+ ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly.
+ ## If it is not force, a random password will be generated.
+ forcePassword: false
+
+replication:
+ ## Enable replication. This enables the creation of replicas of MySQL. If false, only a
+ ## master deployment would be created
+ enabled: true
+ ##
+ ## MySQL replication user
+ ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster
+ ## Note that this user should be different from the MySQL user (db.user)
+ ##
+ user: replicator
+ ## MySQL replication user password
+ ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster
+ ##
+ password:
+ ## Password is ignored if existingSecret is specified.
+ ##
+ ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly.
+ ## If it is not force, a random password will be generated.
+ forcePassword: false
+
+master:
+ antiAffinity: soft
+ ## updateStrategy for MySQL Master StatefulSet
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ updateStrategy:
+ type: RollingUpdate
+ ## Enable persistence using Persistent Volume Claims
+ ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+ ##
+ persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ mountPath: /bitnami/mysql
+ ## Enable persistence using an existing PVC
+ ##
+ # existingClaim:
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName:
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations:
+ ## Persistent Volume Access Mode
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+ ##
+
+ ## Configure MySQL with a custom my.cnf file
+ ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
+ ##
+ config: |-
+ [mysqld]
+ default_authentication_plugin=mysql_native_password
+ skip-name-resolve
+ explicit_defaults_for_timestamp
+ basedir=/opt/bitnami/mysql
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ tmpdir=/opt/bitnami/mysql/tmp
+ max_allowed_packet=16M
+ bind-address=0.0.0.0
+ pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+ log-error=/opt/bitnami/mysql/logs/mysqld.log
+ character-set-server=UTF8
+ collation-server=utf8_general_ci
+ max_connections = 65535
+
+ [client]
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ default-character-set=UTF8
+
+ [manager]
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+
+ ## Configure master resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources: {}
+ livenessProbe:
+ enabled: false
+ ##
+ ## Initializing the database could take some time
+ initialDelaySeconds: 120
+ ##
+ ## Default Kubernetes values
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ enabled: false
+ ## Initializing the database could take some time
+ initialDelaySeconds: 30
+ ##
+ ## Default Kubernetes values
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+
+slave:
+ replicas: 1
+ antiAffinity: soft
+ ## updateStrategy for MySQL Slave StatefulSet
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ updateStrategy:
+ type: RollingUpdate
+ persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ mountPath: /bitnami/mysql
+ # storageClass: "-"
+ annotations:
+ accessModes:
+ - ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+ ##
+
+ ## Configure MySQL slave with a custom my.cnf file
+ ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
+ ##
+ config: |-
+ [mysqld]
+ default_authentication_plugin=mysql_native_password
+ skip-name-resolve
+ explicit_defaults_for_timestamp
+ basedir=/opt/bitnami/mysql
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ tmpdir=/opt/bitnami/mysql/tmp
+ max_allowed_packet=16M
+ bind-address=0.0.0.0
+ pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+ log-error=/opt/bitnami/mysql/logs/mysqld.log
+ character-set-server=UTF8
+ collation-server=utf8_general_ci
+ max_connections = 65535
+
+ [client]
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ default-character-set=UTF8
+
+ [manager]
+ port=3306
+ socket=/opt/bitnami/mysql/tmp/mysql.sock
+ pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+
+ ##
+ ## Configure slave resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources: {}
+ livenessProbe:
+ enabled: false
+ ##
+ ## Initializing the database could take some time
+ initialDelaySeconds: 120
+ ##
+ ## Default Kubernetes values
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ enabled: false
+ ## Initializing the database could take some time
+ initialDelaySeconds: 30
+ ##
+ ## Default Kubernetes values
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+
+metrics:
+ enabled: false
+ image:
+ registry: docker.io
+ repository: prom/mysqld-exporter
+ tag: v0.10.0
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ resources: {}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9104"
diff --git a/chaos/train-ticket-simple/templates/_helpers.tpl b/chaos/train-ticket-simple/templates/_helpers.tpl
new file mode 100644
index 0000000..3e2bc93
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/_helpers.tpl
@@ -0,0 +1,3 @@
+{{- define "train-ticket.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end }}
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/templates/ts-admin-basic-info-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-admin-basic-info-service-deploy.yaml
new file mode 100644
index 0000000..e25c2e6
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-admin-basic-info-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-admin-basic-info-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-admin-basic-info-service
+ template:
+ metadata:
+ labels:
+ app: ts-admin-basic-info-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-admin-basic-info-service
+ image: "{{ .Values.image.repository }}/ts-admin-basic-info-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 18767
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 18767
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-admin-basic-info-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-admin-basic-info-service-svc.yaml
new file mode 100644
index 0000000..c5e9ad1
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-admin-basic-info-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-admin-basic-info-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 18767
+ targetPort: 18767
+ selector:
+ app: ts-admin-basic-info-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-config-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-config-service-deploy.yaml
new file mode 100644
index 0000000..6ad2588
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-config-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-config-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-config-service
+ template:
+ metadata:
+ labels:
+ app: ts-config-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-config-service
+ image: "{{ .Values.image.repository }}/ts-config-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 15679
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 15679
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-config-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-config-service-svc.yaml
new file mode 100644
index 0000000..6755566
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-config-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-config-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 15679
+ targetPort: 15679
+ selector:
+ app: ts-config-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-gateway-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-gateway-service-deploy.yaml
new file mode 100644
index 0000000..5ae2895
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-gateway-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-gateway-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-gateway-service
+ template:
+ metadata:
+ labels:
+ app: ts-gateway-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-gateway-service
+ image: "{{ .Values.image.repository }}/ts-gateway-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 18888
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 18888
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-gateway-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-gateway-service-svc.yaml
new file mode 100644
index 0000000..02581b4
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-gateway-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-gateway-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 18888
+ targetPort: 18888
+ selector:
+ app: ts-gateway-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-inside-payment-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-inside-payment-service-deploy.yaml
new file mode 100644
index 0000000..5a98887
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-inside-payment-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-inside-payment-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-inside-payment-service
+ template:
+ metadata:
+ labels:
+ app: ts-inside-payment-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-inside-payment-service
+ image: "{{ .Values.image.repository }}/ts-inside-payment-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 18673
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 18673
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-inside-payment-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-inside-payment-service-svc.yaml
new file mode 100644
index 0000000..ac40d72
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-inside-payment-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-inside-payment-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 18673
+ targetPort: 18673
+ selector:
+ app: ts-inside-payment-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-order-other-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-order-other-service-deploy.yaml
new file mode 100644
index 0000000..110bce9
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-order-other-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-order-other-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-order-other-service
+ template:
+ metadata:
+ labels:
+ app: ts-order-other-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-order-other-service
+ image: "{{ .Values.image.repository }}/ts-order-other-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 12032
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 12032
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-order-other-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-order-other-service-svc.yaml
new file mode 100644
index 0000000..0e13c1e
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-order-other-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-order-other-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 12032
+ targetPort: 12032
+ selector:
+ app: ts-order-other-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-order-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-order-service-deploy.yaml
new file mode 100644
index 0000000..22afd8f
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-order-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-order-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-order-service
+ template:
+ metadata:
+ labels:
+ app: ts-order-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-order-service
+ image: "{{ .Values.image.repository }}/ts-order-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 12031
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 12031
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-order-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-order-service-svc.yaml
new file mode 100644
index 0000000..6b3a3d3
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-order-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-order-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 12031
+ targetPort: 12031
+ selector:
+ app: ts-order-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-price-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-price-service-deploy.yaml
new file mode 100644
index 0000000..bee0641
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-price-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-price-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-price-service
+ template:
+ metadata:
+ labels:
+ app: ts-price-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-price-service
+ image: "{{ .Values.image.repository }}/ts-price-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 16579
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 16579
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-price-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-price-service-svc.yaml
new file mode 100644
index 0000000..8cb52be
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-price-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-price-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 16579
+ targetPort: 16579
+ selector:
+ app: ts-price-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-route-plan-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-route-plan-service-deploy.yaml
new file mode 100644
index 0000000..a29a598
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-route-plan-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-route-plan-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-route-plan-service
+ template:
+ metadata:
+ labels:
+ app: ts-route-plan-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-route-plan-service
+ image: "{{ .Values.image.repository }}/ts-route-plan-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 14578
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 14578
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-route-plan-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-route-plan-service-svc.yaml
new file mode 100644
index 0000000..b0feecd
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-route-plan-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-route-plan-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 14578
+ targetPort: 14578
+ selector:
+ app: ts-route-plan-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-route-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-route-service-deploy.yaml
new file mode 100644
index 0000000..6d80923
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-route-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-route-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-route-service
+ template:
+ metadata:
+ labels:
+ app: ts-route-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-route-service
+ image: "{{ .Values.image.repository }}/ts-route-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 11178
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 11178
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-route-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-route-service-svc.yaml
new file mode 100644
index 0000000..a59d7e1
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-route-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-route-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 11178
+ targetPort: 11178
+ selector:
+ app: ts-route-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-seat-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-seat-service-deploy.yaml
new file mode 100644
index 0000000..ddcef80
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-seat-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-seat-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-seat-service
+ template:
+ metadata:
+ labels:
+ app: ts-seat-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-seat-service
+ image: "{{ .Values.image.repository }}/ts-seat-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 18898
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 18898
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-seat-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-seat-service-svc.yaml
new file mode 100644
index 0000000..c681dd9
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-seat-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-seat-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 18898
+ targetPort: 18898
+ selector:
+ app: ts-seat-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-station-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-station-service-deploy.yaml
new file mode 100644
index 0000000..8720fda
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-station-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-station-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-station-service
+ template:
+ metadata:
+ labels:
+ app: ts-station-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-station-service
+ image: "{{ .Values.image.repository }}/ts-station-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 12345
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 12345
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-station-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-station-service-svc.yaml
new file mode 100644
index 0000000..b992376
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-station-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-station-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 12345
+ targetPort: 12345
+ selector:
+ app: ts-station-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-train-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-train-service-deploy.yaml
new file mode 100644
index 0000000..ff39b3e
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-train-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-train-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-train-service
+ template:
+ metadata:
+ labels:
+ app: ts-train-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-train-service
+ image: "{{ .Values.image.repository }}/ts-train-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 14567
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 14567
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-train-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-train-service-svc.yaml
new file mode 100644
index 0000000..ee9333d
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-train-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-train-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 14567
+ targetPort: 14567
+ selector:
+ app: ts-train-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-travel-plan-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-travel-plan-service-deploy.yaml
new file mode 100644
index 0000000..f351db4
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-travel-plan-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-travel-plan-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-travel-plan-service
+ template:
+ metadata:
+ labels:
+ app: ts-travel-plan-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-travel-plan-service
+ image: "{{ .Values.image.repository }}/ts-travel-plan-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 14322
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 14322
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-travel-plan-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-travel-plan-service-svc.yaml
new file mode 100644
index 0000000..771d6f6
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-travel-plan-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-travel-plan-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 14322
+ targetPort: 14322
+ selector:
+ app: ts-travel-plan-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-travel-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-travel-service-deploy.yaml
new file mode 100644
index 0000000..f8a1b3b
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-travel-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-travel-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-travel-service
+ template:
+ metadata:
+ labels:
+ app: ts-travel-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-travel-service
+ image: "{{ .Values.image.repository }}/ts-travel-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 12346
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 12346
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-travel-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-travel-service-svc.yaml
new file mode 100644
index 0000000..d284e8a
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-travel-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-travel-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 12346
+ targetPort: 12346
+ selector:
+ app: ts-travel-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-travel2-service-deploy.yaml b/chaos/train-ticket-simple/templates/ts-travel2-service-deploy.yaml
new file mode 100644
index 0000000..8fc406e
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-travel2-service-deploy.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-travel2-service
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-travel2-service
+ template:
+ metadata:
+ labels:
+ app: ts-travel2-service
+ spec:
+ volumes:
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: ts-travel2-service
+ image: "{{ .Values.image.repository }}/ts-travel2-service:{{ .Values.image.imageTag }}"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 16346
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: tsdb-mysql
+ env:
+ - name: NODE_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ volumeMounts:
+ - name: logs
+ mountPath: /logs
+ readinessProbe:
+ tcpSocket:
+ port: 16346
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-travel2-service-svc.yaml b/chaos/train-ticket-simple/templates/ts-travel2-service-svc.yaml
new file mode 100644
index 0000000..1588638
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-travel2-service-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-travel2-service
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 16346
+ targetPort: 16346
+ selector:
+ app: ts-travel2-service
+ type: ClusterIP
diff --git a/chaos/train-ticket-simple/templates/ts-ui-dashboard-deploy.yaml b/chaos/train-ticket-simple/templates/ts-ui-dashboard-deploy.yaml
new file mode 100644
index 0000000..ee49d24
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-ui-dashboard-deploy.yaml
@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ts-ui-dashboard
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ts-ui-dashboard
+ template:
+ metadata:
+ labels:
+ app: ts-ui-dashboard
+ spec:
+ containers:
+ - name: ts-ui-dashboard
+ image: "{{ .Values.image.repository }}/ts-ui-dashboard:{{ .Values.image.imageTag }}"
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 500Mi
+ requests:
+ cpu: 50m
+ memory: 100Mi
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ imagePullPolicy: IfNotPresent
diff --git a/chaos/train-ticket-simple/templates/ts-ui-dashboard-svc.yaml b/chaos/train-ticket-simple/templates/ts-ui-dashboard-svc.yaml
new file mode 100644
index 0000000..c5eab07
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/ts-ui-dashboard-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ts-ui-dashboard
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 8080
+ targetPort: 8080
+ selector:
+ app: ts-ui-dashboard
+ type: ClusterIP
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/templates/tsdb-mysql-secret.yaml b/chaos/train-ticket-simple/templates/tsdb-mysql-secret.yaml
new file mode 100644
index 0000000..e52cee4
--- /dev/null
+++ b/chaos/train-ticket-simple/templates/tsdb-mysql-secret.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: tsdb-mysql
+data:
+ TSDB_MYSQL_DATABASE: dHM=
+ TSDB_MYSQL_HOST: dHJhaW4tdGlja2V0LW15c3Fs
+ TSDB_MYSQL_PASSWORD: VHNfMTIzNDU2
+ TSDB_MYSQL_PORT: MzMwNg==
+ TSDB_MYSQL_USER: dHM=
+type: Opaque
diff --git a/chaos/train-ticket-simple/values.yaml b/chaos/train-ticket-simple/values.yaml
new file mode 100644
index 0000000..24777b8
--- /dev/null
+++ b/chaos/train-ticket-simple/values.yaml
@@ -0,0 +1,58 @@
+image:
+ repository: registry.cn-hangzhou.aliyuncs.com/train_ticket
+ imageTag: v1.0.0
+ pullPolicy: IfNotPresent
+
+persistence:
+ enabled: &persistenceEnable false
+ installOpenEBS: false
+ storageClass: &persistenceStorageKind openebs-hostpath
+
+mysql:
+ db:
+ name: ts
+ user: ts
+ password: Ts_123456
+ name: tsdb-mysql
+ replication:
+ enabled: false
+ master:
+ persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: *persistenceEnable
+ mountPath: /bitnami/mysql
+ ## Enable persistence using an existing PVC
+ ##
+ # existingClaim:
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName:
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ storageClass: *persistenceStorageKind
+ ## Persistent Volume Claim annotations
+ ##
+ annotations:
+ ## Persistent Volume Access Mode
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+ ##
+
+elasticsearch:
+ persistence:
+ enabled: *persistenceEnable
+ storageClass: *persistenceStorageKind
+ ## Persistent Volume Access Mode
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 30Gi
--
Gitee
From ecfac5cd36a7414f3bce99ad5a7d2accccc667ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8A=A8=E6=84=9F=E5=92=B8=E9=B1=BC?=
<13768528+dynamic-salted-fish@user.noreply.gitee.com>
Date: Thu, 25 Jul 2024 19:40:50 +0800
Subject: [PATCH 2/4] =?UTF-8?q?=E6=9B=B4=E6=96=B0=EF=BC=9A=E9=83=A8?=
=?UTF-8?q?=E7=BD=B2=E6=96=87=E6=A1=A3=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
chaos/README.md | 16 +++++++++++-----
chaos/train-ticket-simple/Chart.yaml | 2 +-
.../templates/chaos-front-service.yaml | 5 +++--
.../charts/chaos-frontend/values.yaml | 4 +++-
chaos/train-ticket-simple/values.yaml | 3 +++
5 files changed, 21 insertions(+), 9 deletions(-)
diff --git a/chaos/README.md b/chaos/README.md
index 6da7912..a1c29ab 100644
--- a/chaos/README.md
+++ b/chaos/README.md
@@ -100,13 +100,14 @@
#### 为什么部署简易版本:
-1. 基础版本资源需求为8C16G*3,而简易版仅需8C16G,注入故障类型数量均与基础版本一样
+1. 基础版本资源需求为8C16G*3,而简易版仅需8C16G,注入故障类型数量均与基础版本一样;
-2. 支持一键部署,简易版本支持通过helm一键部署所有组件
+2. 支持一键部署,简易版本支持通过helm一键部署所有组件;
-3. 相较于基础版,简易版本可以自由选择APM及其探针组件
+3. 相较于基础版,简易版本可以自由选择APM及其探针组件;
+
+### 1. 部署简易版本故障注入平台
-### 部署简易版本故障注入平台
使用`Helm`进行快速部署
```
@@ -114,7 +115,12 @@ cd soma/chaos/
helm install train-ticket train-ticket-simple \
-n train-ticket --create-namespace
```
-运行 `kubectl get pods -n train-ticket` 检查部署状态
+
+运行 `kubectl get pods -n train-ticket` 检查部署状态。
+
+### 2. 如何访问
+
+默认访问url为:`:30008`,如果想要修改则可以在部署时增加配置`--set chaos-front.nodeport=""`即可。
## 已经支持的故障案例
diff --git a/chaos/train-ticket-simple/Chart.yaml b/chaos/train-ticket-simple/Chart.yaml
index 0404607..8805dc3 100644
--- a/chaos/train-ticket-simple/Chart.yaml
+++ b/chaos/train-ticket-simple/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-name: train-ticket
+name: train-ticket-simple
version: v1.0.0
appVersion: v1.0.0
description: Chart for train-ticket demo
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml
index 9317fab..9be1213 100644
--- a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml
@@ -5,11 +5,12 @@ metadata:
labels:
app: chaos-front
spec:
- type: ClusterIP
+ type: NodePort
selector:
app: chaos-front
ports:
- name: http
port: 80
protocol: TCP
- targetPort: 80
\ No newline at end of file
+ targetPort: 80
+ nodePort: {{ .Values.chaos-front.nodeport }}
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml
index 6cae6b1..02ab47a 100644
--- a/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml
@@ -1,3 +1,5 @@
namespace: train-ticket
image:
- repository: registry.cn-hangzhou.aliyuncs.com/train_ticket
\ No newline at end of file
+ repository: registry.cn-hangzhou.aliyuncs.com/train_ticket
+chaos-front:
+ nodeport: 30008
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/values.yaml b/chaos/train-ticket-simple/values.yaml
index 24777b8..6680c5d 100644
--- a/chaos/train-ticket-simple/values.yaml
+++ b/chaos/train-ticket-simple/values.yaml
@@ -56,3 +56,6 @@ elasticsearch:
## Persistent Volume size
##
size: 30Gi
+
+chaos-front:
+ nodeport: 30008
\ No newline at end of file
--
Gitee
From d1764f30e40f151cb773e65124b1831357801108 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8A=A8=E6=84=9F=E5=92=B8=E9=B1=BC?=
<13768528+dynamic-salted-fish@user.noreply.gitee.com>
Date: Thu, 25 Jul 2024 20:37:26 +0800
Subject: [PATCH 3/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=EF=BC=9A=E6=9B=B4?=
=?UTF-8?q?=E6=96=B0chaos=E9=85=8D=E7=BD=AE=E4=B8=8E=E9=85=8D=E7=BD=AE?=
=?UTF-8?q?=E6=96=87=E6=A1=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
chaos/README.md | 6 +++++-
.../chaos-frontend/templates/chaos-front-service.yaml | 2 +-
.../train-ticket-simple/charts/chaos-frontend/values.yaml | 2 +-
chaos/train-ticket-simple/values.yaml | 8 ++++++--
4 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/chaos/README.md b/chaos/README.md
index a1c29ab..e03503d 100644
--- a/chaos/README.md
+++ b/chaos/README.md
@@ -110,10 +110,14 @@
使用`Helm`进行快速部署
-```
+```bash
cd soma/chaos/
+# 默认使用 docker 容器运行时
helm install train-ticket train-ticket-simple \
-n train-ticket --create-namespace
+# 若使用 containerd 作为容器运行时,则增加下面两行配置
+# --set chaosDaemon.runtime=containerd
+# --set chaosDaemon.socketPath=/run/containerd/containerd.sock
```
运行 `kubectl get pods -n train-ticket` 检查部署状态。
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml
index 9be1213..8649ffa 100644
--- a/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/templates/chaos-front-service.yaml
@@ -13,4 +13,4 @@ spec:
port: 80
protocol: TCP
targetPort: 80
- nodePort: {{ .Values.chaos-front.nodeport }}
\ No newline at end of file
+ nodePort: {{ .Values.chaosfront.nodeport }}
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml b/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml
index 02ab47a..9303d1c 100644
--- a/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml
+++ b/chaos/train-ticket-simple/charts/chaos-frontend/values.yaml
@@ -1,5 +1,5 @@
namespace: train-ticket
image:
repository: registry.cn-hangzhou.aliyuncs.com/train_ticket
-chaos-front:
+chaosfront:
nodeport: 30008
\ No newline at end of file
diff --git a/chaos/train-ticket-simple/values.yaml b/chaos/train-ticket-simple/values.yaml
index 6680c5d..b632ec7 100644
--- a/chaos/train-ticket-simple/values.yaml
+++ b/chaos/train-ticket-simple/values.yaml
@@ -57,5 +57,9 @@ elasticsearch:
##
size: 30Gi
-chaos-front:
- nodeport: 30008
\ No newline at end of file
+chaosfront:
+ nodeport: 30008
+
+chaosDaemon:
+ runtime: docker
+ socketPath: /var/run/docker.sock
--
Gitee
From 992c1640c55a927f1ba0f95165165aee8b8b9790 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8A=A8=E6=84=9F=E5=92=B8=E9=B1=BC?=
<13768528+dynamic-salted-fish@user.noreply.gitee.com>
Date: Thu, 25 Jul 2024 21:11:16 +0800
Subject: [PATCH 4/4] =?UTF-8?q?=E6=9B=B4=E6=96=B0=EF=BC=9Atrain-ticket-sim?=
=?UTF-8?q?ple=20=E9=83=A8=E7=BD=B2=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
chaos/README.md | 4 ++--
chaos/train-ticket-simple/values.yaml | 7 ++++---
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/chaos/README.md b/chaos/README.md
index e03503d..d1fb5ec 100644
--- a/chaos/README.md
+++ b/chaos/README.md
@@ -116,8 +116,8 @@ cd soma/chaos/
helm install train-ticket train-ticket-simple \
-n train-ticket --create-namespace
# 若使用 containerd 作为容器运行时,则增加下面两行配置
-# --set chaosDaemon.runtime=containerd
-# --set chaosDaemon.socketPath=/run/containerd/containerd.sock
+# --set chaos-mesh.chaosDaemon.runtime=containerd
+# --set chaos-mesh.chaosDaemon.socketPath=/run/containerd/containerd.sock
```
运行 `kubectl get pods -n train-ticket` 检查部署状态。
diff --git a/chaos/train-ticket-simple/values.yaml b/chaos/train-ticket-simple/values.yaml
index b632ec7..b57ac5d 100644
--- a/chaos/train-ticket-simple/values.yaml
+++ b/chaos/train-ticket-simple/values.yaml
@@ -60,6 +60,7 @@ elasticsearch:
chaosfront:
nodeport: 30008
-chaosDaemon:
- runtime: docker
- socketPath: /var/run/docker.sock
+chaos-mesh:
+ chaosDaemon:
+ runtime: docker
+ socketPath: /var/run/docker.sock
--
Gitee