From 5ab2a2439bafbe9a062671aa77950d86db5762c5 Mon Sep 17 00:00:00 2001 From: Spellchaser Date: Wed, 18 Jul 2018 14:37:36 -0400 Subject: [PATCH] Add whitelist to examples (#82) * Add whitelist to examples * No-op whitelist default * Revert "Add whitelist to examples" Hide feature until stable This reverts commit 6f507ec5bad32ed6a21930f7017d4fa194d09a50. * whitelist --> unstable no-op hide by default until whitelist is opt-out * elim whitelist and %s/k8\w/k8s/g --- README.md | 14 +++++--------- config/config.go | 2 +- config/config_test.go | 6 +++--- examples/configmap.yaml | 1 - 4 files changed, 9 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index a2d4acb5..07de60f9 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # kube-monkey [![Build Status](https://travis-ci.org/asobti/kube-monkey.svg?branch=master)](https://travis-ci.org/asobti/kube-monkey) -kube-monkey is an implementation of [Netflix's Chaos Monkey](https://github.com/Netflix/chaosmonkey) for [Kubernetes](http://kubernetes.io/) clusters. It randomly deletes Kubernetes pods in the cluster encouraging and validating the development of failure-resilient services. +kube-monkey is an implementation of [Netflix's Chaos Monkey](https://github.com/Netflix/chaosmonkey) for [Kubernetes](http://kubernetes.io/) clusters. It randomly deletes Kubernetes (k8s) pods in the cluster encouraging and validating the development of failure-resilient services. --- @@ -9,21 +9,17 @@ Pod death sometime during the same day. The time-range during the day when the r kube-monkey can be configured with a list of namespaces * to blacklist (any deployments within a blacklisted namespace will not be touched) -* to whitelist (only deployments within a whitelisted namespace that are not blacklisted will be scheduled) -The blacklist overrides the whitelist. The config will be populated with default -behavior (blacklist `kube-system` and whitelist `default`). -To disable either the blacklist or whitelist provide `[""]` to the respective -config.param. Disabling the whitelist causes kube-monkey to target _all_ namespaces. +To disable the blacklist provide `[""]` in the `blacklisted_namespaces` config.param. ## Opting-In to Chaos -kube-monkey works on an opt-in model and will only schedule terminations for k8s apps that have explicitly agreed to have their pods terminated by kube-monkey. +kube-monkey works on an opt-in model and will only schedule terminations for Kubernetes (k8s) apps that have explicitly agreed to have their pods terminated by kube-monkey. -Opt-in is done by setting the following labels on a Kubernetes k8s app: +Opt-in is done by setting the following labels on a k8s app: **`kube-monkey/enabled`**: Set to **`"enabled"`** to opt-in to kube-monkey -**`kube-monkey/mtbf`**: Mean time between failure (in days). For example, if set to **`"3"`**, the k8 app can expect to have a Pod +**`kube-monkey/mtbf`**: Mean time between failure (in days). For example, if set to **`"3"`**, the k8s app can expect to have a Pod killed approximately every third weekday. **`kube-monkey/identifier`**: A unique identifier for the k8s apps. This is used to identify the pods that belong to a k8s app as Pods inherit labels from their k8s app. So, if kube-monkey detects that app `foo` has enrolled to be a victim, kube-monkey will look for all pods that have the label `kube-monkey/identifier: foo` to determine which pods are candidates for killing. Recommendation is to set this value to be the same as the app's name. diff --git a/config/config.go b/config/config.go index d521696d..4bbb74e1 100644 --- a/config/config.go +++ b/config/config.go @@ -41,7 +41,7 @@ func SetDefaults() { viper.SetDefault(param.EndHour, 16) viper.SetDefault(param.GracePeriodSec, 5) viper.SetDefault(param.BlacklistedNamespaces, []string{metav1.NamespaceSystem}) - viper.SetDefault(param.WhitelistedNamespaces, []string{metav1.NamespaceDefault}) + viper.SetDefault(param.WhitelistedNamespaces, []string{metav1.NamespaceAll}) viper.SetDefault(param.DebugEnabled, false) viper.SetDefault(param.DebugScheduleDelay, 30) diff --git a/config/config_test.go b/config/config_test.go index 33e02e71..adc2c865 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -30,7 +30,7 @@ func (s *ConfigTestSuite) TestSetDefaults() { s.Equal(16, viper.GetInt(param.EndHour)) s.Equal(int64(5), viper.GetInt64(param.GracePeriodSec)) s.Equal([]string{metav1.NamespaceSystem}, viper.GetStringSlice(param.BlacklistedNamespaces)) - s.Equal([]string{metav1.NamespaceDefault}, viper.GetStringSlice(param.WhitelistedNamespaces)) + s.Equal([]string{metav1.NamespaceAll}, viper.GetStringSlice(param.WhitelistedNamespaces)) s.False(viper.GetBool(param.DebugEnabled)) s.Equal(viper.GetInt(param.DebugScheduleDelay), 30) s.False(viper.GetBool(param.DebugForceShouldKill)) @@ -106,9 +106,9 @@ func (s *ConfigTestSuite) TestBlacklistEnabled() { } func (s *ConfigTestSuite) TestWhitelistEnabled() { - s.True(WhitelistEnabled()) - viper.Set(param.WhitelistedNamespaces, []string{metav1.NamespaceAll}) s.False(WhitelistEnabled()) + viper.Set(param.WhitelistedNamespaces, []string{metav1.NamespaceDefault}) + s.True(WhitelistEnabled()) } func (s *ConfigTestSuite) TestClusterrAPIServerHost() { diff --git a/examples/configmap.yaml b/examples/configmap.yaml index c2b753f2..9f67bd2d 100644 --- a/examples/configmap.yaml +++ b/examples/configmap.yaml @@ -11,4 +11,3 @@ start_hour = 10 end_hour = 16 blacklisted_namespaces = ["kube-system"] - whitelisted_namespaces = [""]