diff --git a/README.md b/README.md index be29ea1..3aa053e 100644 --- a/README.md +++ b/README.md @@ -89,29 +89,3 @@ In order to restrict the access to the Kubeinvaders endpoint add this annotation ```yaml nginx.ingress.kubernetes.io/whitelist-source-range: /32 ``` - -### Install KubeInvaders on OpenShift - -To Install KubeInvaders on your OpenShift Cluster clone this repo and launch the following commands: - -```bash -oc create clusterrole kubeinvaders-role --verb=watch,get,delete,list --resource=pods,pods/log,jobs - -## You can define multiple namespaces ex: TARGET_NAMESPACE=foobar,foobar2 -TARGET_NAMESPACE=foobar,awesome-namespace - -# Choose route host for your kubeinvaders instance. -ROUTE_HOST=kubeinvaders.org - -# Please add your source ip IP_WHITELIST. This will add haproxy.router.openshift.io/ip_whitelist in KubeInvaders route -# https://docs.openshift.com/container-platform/3.9/architecture/networking/routes.html#whitelist -IP_WHITELIST="93.44.96.4" - -oc new-project kubeinvaders --display-name='KubeInvaders' -oc create sa kubeinvaders -n kubeinvaders -oc adm policy add-cluster-role-to-user kubeinvaders-role -z kubeinvaders -n kubeinvaders - -KUBEINVADERS_SECRET=$(oc get secret -n kubeinvaders --field-selector=type==kubernetes.io/service-account-token | grep 'kubeinvaders-token' | awk '{ print $1}' | head -n 1) - -oc process -f openshift/KubeInvaders.yaml -p ROUTE_HOST=$ROUTE_HOST -p TARGET_NAMESPACE=$TARGET_NAMESPACE -p KUBEINVADERS_SECRET=$KUBEINVADERS_SECRET | oc create -f - -``` \ No newline at end of file diff --git a/openshift/KubeInvaders.yaml b/openshift/KubeInvaders.yaml deleted file mode 100644 index accbe0e..0000000 --- a/openshift/KubeInvaders.yaml +++ /dev/null @@ -1,94 +0,0 @@ ---- -kind: Template -apiVersion: v1 -metadata: - name: kubeinvaders - annotations: - "openshift.io/display-name": Kubeinvaders - description: Chaos Engineering Tool for Kubernetes and Openshift like SpaceInvaders but alien ships are pods - iconClass: fa fa-cogs - tags: "spaceinvaders" -parameters: -- description: IP addresses that can contact Kubernetes - name: IP_WHITELIST -- description: URL of KubeInvaders - name: ROUTE_HOST - value: kubeinvaders.local -- name: ENDPOINT - value: kubeinvaders.local -- description: The location of the kubeinvaders image - name: IMAGE_KUBEINVADERS - value: docker.io/luckysideburn/kubeinvaders:v1.2 -- description: The namespace to instantiate Kubeinvaders under. - name: NAMESPACE - value: kubeinvaders -- description: A namespaces to stress with KubeInvaders. - name: TARGET_NAMESPACE -objects: -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: kubeinvaders - namespace: "${NAMESPACE}" - annotations: - haproxy.router.openshift.io/ip_whitelist: ${IP_WHITELIST} - spec: - host: "${ROUTE_HOST}" - to: - name: kubeinvaders - tls: - termination: Edge -- apiVersion: v1 - kind: Service - metadata: - name: kubeinvaders - namespace: "${NAMESPACE}" - labels: - name: kubeinvaders - spec: - ports: - - name: kubeinvaders - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - name: kubeinvaders -- apiVersion: v1 - kind: DeploymentConfig - metadata: - name: kubeinvaders - namespace: "${NAMESPACE}" - spec: - replicas: 1 - selector: - name: kubeinvaders - strategy: - type: Recreate - template: - metadata: - labels: - name: kubeinvaders - spec: - serviceAccountName: kubeinvaders - containers: - - env: - - name: ROUTE_HOST - value: "${ROUTE_HOST}" - - name: ENDPOINT - value: "${ROUTE_HOST}" - - name: NAMESPACE - value: "${TARGET_NAMESPACE}" - - name: UPDATETIME - value: "0.5" - - name: ALIENPROXIMITY - value: "15" - - name: HITSLIMIT - value: "0" - name: kubeinvaders - image: ${IMAGE_KUBEINVADERS} - imagePullPolicy: Always - ports: - - containerPort: 8080 - protocol: TCP - triggers: - - type: ConfigChange