update doc

scripts/chaos-node.lua

@@ -58,7 +58,21 @@ end
 
 k8s_url = string.gsub(k8s_url, "/+$", "")
 
-local token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"] or tostring(os.getenv("TOKEN") or "")
+local header_token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"]
+local token = ""
+if header_token and header_token ~= "" then
+  token = header_token
+else
+  token = tostring(os.getenv("TOKEN") or "")
+end
+if token == "" then
+  local f = io.open("/var/run/secrets/kubernetes.io/serviceaccount/token", "r")
+  if f then
+    token = f:read("*a") or ""
+    token = token:gsub("%s+$", "")
+    f:close()
+  end
+end
 if token == "" then
   ngx.status = 500
   ngx.say("Missing Kubernetes API token configuration.")

scripts/ingress.lua

@@ -37,6 +37,15 @@ else
   k8s_url = endpoint or ""
 end
 
+local req_headers = ngx.req.get_headers()
+local target = arg["target"] or req_headers["x-k8s-target"] or req_headers["X-K8S-Target"]
+if target and target ~= "" then
+  if not string.match(target, "^https?://") then
+    target = "https://" .. target
+  end
+  k8s_url = string.gsub(target, "/+$", "")
+end
+
 if k8s_url == "" then
   ngx.status = 500
   ngx.say("Missing Kubernetes endpoint configuration. Set KUBERNETES_SERVICE_HOST or ENDPOINT.")
@@ -49,16 +58,24 @@ end
 
 k8s_url = string.gsub(k8s_url, "/+$", "")
 
-local req_headers = ngx.req.get_headers()
-local target = arg["target"] or req_headers["x-k8s-target"] or req_headers["X-K8S-Target"]
-if target and target ~= "" then
-  if not string.match(target, "^https?://") then
-    target = "https://" .. target
-  end
-  k8s_url = string.gsub(target, "/+$", "")
+local header_token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"]
+local token = ""
+
+if header_token and header_token ~= "" then
+  token = header_token
+else
+  token = tostring(os.getenv("TOKEN") or "")
+end
+
+if token == "" then
+  local f = io.open("/var/run/secrets/kubernetes.io/serviceaccount/token", "r")
+  if f then
+    token = f:read("*a") or ""
+    token = token:gsub("%s+$", "")
+    f:close()
+  end
 end
 
-local token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"] or tostring(os.getenv("TOKEN") or "")
 if token == "" then
   ngx.status = 500
   ngx.say("Missing Kubernetes API token configuration.")

scripts/node.lua

@@ -23,7 +23,21 @@ local disable_tls = disable_tls_env == "true" or disable_tls_env == "1" or disab
 local arg = ngx.req.get_uri_args()
 local req_headers = ngx.req.get_headers()
 local target = arg['target'] or req_headers["x-k8s-target"] or req_headers["X-K8S-Target"]
-local token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"] or tostring(os.getenv("TOKEN") or "")
+local header_token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"]
+local token = ""
+if header_token and header_token ~= "" then
+  token = header_token
+else
+  token = tostring(os.getenv("TOKEN") or "")
+end
+if token == "" then
+  local f = io.open("/var/run/secrets/kubernetes.io/serviceaccount/token", "r")
+  if f then
+    token = f:read("*a") or ""
+    token = token:gsub("%s+$", "")
+    f:close()
+  end
+end
 local ca_cert_b64 = req_headers["x-k8s-ca-cert-b64"] or req_headers["X-K8S-CA-CERT-B64"]
 local ca_cert = nil
 if ca_cert_b64 and ca_cert_b64 ~= "" then

scripts/pod.lua

@@ -4,29 +4,19 @@ local json = require 'lunajson'
 local redis = require "resty.redis"
 local incr = 0
 
-ngx.log(ngx.INFO, "[pod.lua] === Request started ===")
-
 local k8s_url = ""
 local kube_host = os.getenv("KUBERNETES_SERVICE_HOST")
 local kube_port = os.getenv("KUBERNETES_SERVICE_PORT_HTTPS")
 local endpoint = os.getenv("ENDPOINT")
 
-ngx.log(ngx.INFO, "[pod.lua] ENV KUBERNETES_SERVICE_HOST=" .. tostring(kube_host))
-ngx.log(ngx.INFO, "[pod.lua] ENV KUBERNETES_SERVICE_PORT_HTTPS=" .. tostring(kube_port))
-ngx.log(ngx.INFO, "[pod.lua] ENV ENDPOINT=" .. tostring(endpoint))
-ngx.log(ngx.INFO, "[pod.lua] ENV TOKEN present=" .. tostring(os.getenv("TOKEN") ~= nil and os.getenv("TOKEN") ~= ""))
-ngx.log(ngx.INFO, "[pod.lua] ENV DISABLE_TLS=" .. tostring(os.getenv("DISABLE_TLS")))
-
 if kube_host and kube_host ~= "" then
   local port_suffix = ""
   if kube_port and kube_port ~= "" then
     port_suffix = ":" .. kube_port
   end
   k8s_url = "https://" .. kube_host .. port_suffix
-  ngx.log(ngx.INFO, "[pod.lua] k8s_url from KUBERNETES_SERVICE_HOST=" .. k8s_url)
 else
   k8s_url = endpoint or ""
-  ngx.log(ngx.INFO, "[pod.lua] k8s_url from ENDPOINT=" .. k8s_url)
 end
 local token = tostring(os.getenv("TOKEN") or "")
 if token == "" then
@@ -35,10 +25,8 @@ if token == "" then
     token = f:read("*a") or ""
     token = token:gsub("%s+$", "")
     f:close()
-    ngx.log(ngx.INFO, "[pod.lua] Token loaded from SA file, length=" .. tostring(#token))
   end
 end
-ngx.log(ngx.INFO, "[pod.lua] Initial token length=" .. tostring(#token))
 
 local disable_tls_env = string.lower(tostring(os.getenv("DISABLE_TLS") or "false"))
 local disable_tls = disable_tls_env == "true" or disable_tls_env == "1" or disable_tls_env == "yes"
@@ -49,24 +37,12 @@ local header_token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"]
 local ca_cert_b64 = req_headers["x-k8s-ca-cert-b64"] or req_headers["X-K8S-CA-CERT-B64"]
 local ca_cert = nil
 
-ngx.log(ngx.INFO, "[pod.lua] Query arg target=" .. tostring(arg['target']))
-ngx.log(ngx.INFO, "[pod.lua] Header x-k8s-target=" .. tostring(req_headers["x-k8s-target"]))
-ngx.log(ngx.INFO, "[pod.lua] Resolved target=" .. tostring(target))
-ngx.log(ngx.INFO, "[pod.lua] Header x-k8s-token present=" .. tostring(header_token ~= nil and header_token ~= ""))
-ngx.log(ngx.INFO, "[pod.lua] Header x-k8s-ca-cert-b64 present=" .. tostring(ca_cert_b64 ~= nil and ca_cert_b64 ~= ""))
-ngx.log(ngx.INFO, "[pod.lua] Query arg namespace=" .. tostring(arg['namespace']))
-ngx.log(ngx.INFO, "[pod.lua] Query arg action=" .. tostring(arg['action']))
-
 if ca_cert_b64 and ca_cert_b64 ~= "" then
   ca_cert = ngx.decode_base64(ca_cert_b64)
-  ngx.log(ngx.INFO, "[pod.lua] CA cert decoded, length=" .. tostring(#ca_cert))
 end
 
 if header_token and header_token ~= "" then
   token = header_token
-  ngx.log(ngx.INFO, "[pod.lua] Token overridden from header, new length=" .. tostring(#token))
-else
-  ngx.log(ngx.INFO, "[pod.lua] No token override from header, keeping env token (length=" .. tostring(#token) .. ")")
 end
 
 local namespace = arg['namespace']
@@ -82,13 +58,8 @@ if target and target ~= "" then
     target = "https://" .. target
   end
   k8s_url = string.gsub(target, "/+$", "")
-  ngx.log(ngx.INFO, "[pod.lua] k8s_url overridden from target=" .. k8s_url)
 end
 
-ngx.log(ngx.INFO, "[pod.lua] Final k8s_url=" .. k8s_url)
-ngx.log(ngx.INFO, "[pod.lua] Final token length=" .. tostring(#token))
-ngx.log(ngx.INFO, "[pod.lua] disable_tls=" .. tostring(disable_tls))
-
 if k8s_url == "" then
   ngx.log(ngx.ERR, "[pod.lua] FAIL: k8s_url is empty")
   ngx.status = 500
@@ -126,21 +97,17 @@ if action == "delete" then
   local okredis, errredis = red:connect("unix:/tmp/redis.sock")
 
   if okredis then
-    ngx.log(ngx.INFO, "Connection to Redis is ok")
   else
-    ngx.log(ngx.INFO, "Connection to Redis is not ok")
-    ngx.log(ngx.INFO, errredis)
+    ngx.log(ngx.ERR, "[pod.lua] Redis connection failed: " .. tostring(errredis))
   end
 
   local res, err = red:get("deleted_pods_total")
 
   if res == ngx.null then
     ngx.say(err)
-    ngx.log(ngx.INFO, "deleted_pods_total is not present on Redis. Creating it..")
     red:set("deleted_pods_total", 1)
   else
       incr = res + 1
-      ngx.log(ngx.INFO, "deleted_pods_total is present on Redis. Incrementing it..")
       red:set("deleted_pods_total", incr)      
   end
 
@@ -157,13 +124,11 @@ end
 
 if action == "list" then
   url = k8s_url.. "/api/v1/namespaces/" .. namespace  .. "/pods"
-  ngx.log(ngx.INFO, "[pod.lua] Action=list, URL=" .. url)
 
 elseif action == "delete" then
   local pod_name = arg['pod_name']
   url = k8s_url.. "/api/v1/namespaces/" .. namespace  .. "/pods/" .. pod_name
   method = "DELETE"
-  ngx.log(ngx.INFO, "[pod.lua] Action=delete, pod=" .. tostring(pod_name) .. ", URL=" .. url)
 
 else
   ngx.log(ngx.ERR, "[pod.lua] FAIL: invalid action=" .. tostring(action))
@@ -194,55 +159,55 @@ if not disable_tls and ca_cert and ca_cert ~= "" then
     ca_file:write(ca_cert)
     ca_file:close()
     request_opts.cafile = ca_file_path
-    ngx.log(ngx.INFO, "[pod.lua] Custom CA cert written to " .. ca_file_path)
   else
     ngx.log(ngx.ERR, "[pod.lua] Failed to write CA cert to " .. ca_file_path)
   end
 end
 
-ngx.log(ngx.INFO, "[pod.lua] Sending " .. method .. " request to " .. url .. " verify=" .. tostring(request_opts.verify) .. " cafile=" .. tostring(request_opts.cafile))
 local ok, statusCode, headers, statusText = https.request(request_opts)
-ngx.log(ngx.INFO, "[pod.lua] Response: ok=" .. tostring(ok) .. " statusCode=" .. tostring(statusCode) .. " statusText=" .. tostring(statusText))
-ngx.log(ngx.INFO, "[pod.lua] Response body length=" .. tostring(#table.concat(resp)))
 
 if action == "list" then
   local i = 1
   local j = 0
   pods["items"] = {}
   local resp_body = table.concat(resp)
-  ngx.log(ngx.INFO, "[pod.lua] Decoding JSON response for list action, body preview=" .. string.sub(resp_body, 1, 200))
   local decode_ok, decode_err = pcall(function() decoded = json.decode(resp_body) end)
   if not decode_ok then
     ngx.log(ngx.ERR, "[pod.lua] JSON decode failed: " .. tostring(decode_err))
     ngx.say("{\"items\": []}")
     return
   end
-  ngx.log(ngx.INFO, "[pod.lua] Decoded kind=" .. tostring(decoded["kind"]) .. " items count=" .. tostring(decoded["items"] and #decoded["items"] or "nil"))
   if decoded["kind"] == "PodList" then
     for k2,v2 in ipairs(decoded["items"]) do
-      if v2["status"]["phase"] == "Running" and v2["metadata"]["labels"]["chaos-controller"] ~= "kubeinvaders" then
-        -- ngx.log(ngx.INFO, "found pod " .. v2["metadata"]["name"])
-        local status = "pending"
-        for _, c in ipairs(v2["status"]["conditions"]) do
-          if c["type"] == "ContainersReady" and c["status"] == "True" then
-            status = "ready"
-            break
+      local metadata = v2["metadata"] or {}
+      local labels = metadata["labels"] or {}
+      local pod_name = metadata["name"] or ""
+      local pod_status = v2["status"] or {}
+      local phase = pod_status["phase"] or ""
+
+      if phase == "Running" and labels["chaos-controller"] ~= "kubeinvaders" then
+        local status = "ready"
+        local conditions = pod_status["conditions"]
+        if type(conditions) == "table" then
+          for _, c in ipairs(conditions) do
+            if (c["type"] == "ContainersReady" or c["type"] == "Ready") and c["status"] == "False" then
+              status = "pending"
+              break
+            end
           end
         end
-        pods["items"][i] = { name = v2["metadata"]["name"], status = status }
+        pods["items"][i] = { name = pod_name, status = status }
         i = i + 1
         pods_not_found = false;
-      elseif v2["status"]["phase"] == "ContainerCreating" and v2["metadata"]["labels"]["chaos-controller"] ~= "kubeinvaders" then
-        -- ngx.log(ngx.INFO, "found pod " .. v2["metadata"]["name"])
-        pods["items"][i] = { name = v2["metadata"]["name"], status = "pending" }
+      elseif phase == "ContainerCreating" and labels["chaos-controller"] ~= "kubeinvaders" then
+        pods["items"][i] = { name = pod_name, status = "pending" }
         i = i + 1
         pods_not_found = false;
-      elseif v2["status"]["phase"] == "Terminating" and v2["metadata"]["labels"]["chaos-controller"] ~= "kubeinvaders" then
-        -- ngx.log(ngx.INFO, "found pod " .. v2["metadata"]["name"])
-        pods["items"][i] = { name = v2["metadata"]["name"], status = "killed" }
+      elseif phase == "Terminating" and labels["chaos-controller"] ~= "kubeinvaders" then
+        pods["items"][i] = { name = pod_name, status = "killed" }
         i = i + 1
         pods_not_found = false;
-      elseif v2["status"]["phase"] ~= "Running" and v2["status"]["phase"] ~= "Completed" and v2["status"]["phase"] ~= "Succeeded" then
+      elseif phase ~= "Running" and phase ~= "Completed" and phase ~= "Succeeded" then
         j = j + 1
       end
     end
@@ -285,18 +250,13 @@ if action == "list" then
   end
 
   if pods_not_found then
-    ngx.log(ngx.INFO, "[pod.lua] No pods found in namespace " .. namespace)
     ngx.say("{\"items\": []}")
   else
     local encoded = json.encode(pods)
-    ngx.log(ngx.INFO, "[pod.lua] Returning " .. tostring(i - 1) .. " pods for namespace " .. namespace)
     ngx.say(encoded)
   end
 
 elseif action == "delete" then
   local delete_resp = table.concat(resp)
-  ngx.log(ngx.INFO, "[pod.lua] Delete response: " .. string.sub(delete_resp, 1, 300))
   ngx.say(delete_resp)
 end
-
-ngx.log(ngx.INFO, "[pod.lua] === Request finished ===")

scripts/programming_mode.lua

@@ -8,9 +8,24 @@ local k8s_url = ""
 local kube_host = os.getenv("KUBERNETES_SERVICE_HOST")
 local kube_port = os.getenv("KUBERNETES_SERVICE_PORT_HTTPS")
 local endpoint = os.getenv("ENDPOINT")
+local arg = ngx.req.get_uri_args()
 local req_headers = ngx.req.get_headers()
 local target = arg["target"] or req_headers["x-k8s-target"] or req_headers["X-K8S-Target"]
-local token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"] or tostring(os.getenv("TOKEN") or "")
+local header_token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"]
+local token = ""
+if header_token and header_token ~= "" then
+  token = header_token
+else
+  token = tostring(os.getenv("TOKEN") or "")
+end
+if token == "" then
+  local f = io.open("/var/run/secrets/kubernetes.io/serviceaccount/token", "r")
+  if f then
+    token = f:read("*a") or ""
+    token = token:gsub("%s+$", "")
+    f:close()
+  end
+end
 local ca_cert_b64 = req_headers["x-k8s-ca-cert-b64"] or req_headers["X-K8S-CA-CERT-B64"]
 
 if kube_host and kube_host ~= "" then
@@ -62,7 +77,6 @@ ngx.header['Access-Control-Allow-Headers'] = 'DNT,User-Agent,X-Requested-With,If
 ngx.header['Access-Control-Expose-Headers'] = 'Content-Length,Content-Range';
 ngx.req.read_body()
 
-local arg = ngx.req.get_uri_args()
 local body_data = ngx.req.get_body_data() 
 
 ngx.log(ngx.INFO, "[PROGRAMMING_MODE] Payload sent by client: " .. body_data)

scripts/vm.lua

@@ -41,7 +41,21 @@ end
 
 k8s_url = string.gsub(k8s_url, "/+$", "")
 
-local token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"] or tostring(os.getenv("TOKEN") or "")
+local header_token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"]
+local token = ""
+if header_token and header_token ~= "" then
+  token = header_token
+else
+  token = tostring(os.getenv("TOKEN") or "")
+end
+if token == "" then
+  local f = io.open("/var/run/secrets/kubernetes.io/serviceaccount/token", "r")
+  if f then
+    token = f:read("*a") or ""
+    token = token:gsub("%s+$", "")
+    f:close()
+  end
+end
 if token == "" then
   ngx.status = 500
   ngx.say("Missing Kubernetes API token configuration.")

scripts/vm_reboot.lua

@@ -41,7 +41,21 @@ end
 
 k8s_url = string.gsub(k8s_url, "/+$", "")
 
-local token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"] or tostring(os.getenv("TOKEN") or "")
+local header_token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"]
+local token = ""
+if header_token and header_token ~= "" then
+  token = header_token
+else
+  token = tostring(os.getenv("TOKEN") or "")
+end
+if token == "" then
+  local f = io.open("/var/run/secrets/kubernetes.io/serviceaccount/token", "r")
+  if f then
+    token = f:read("*a") or ""
+    token = token:gsub("%s+$", "")
+    f:close()
+  end
+end
 if token == "" then
   ngx.status = 500
   ngx.say("Missing Kubernetes API token configuration.")