github/kubeinvaders
1
0
Fork 0
mirror of https://github.com/lucky-sideburn/kubeinvaders.git synced 2026-04-06 10:26:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7459fbffc5afc47ad215f4cf0d47860a2d3d8963
kubeinvaders/scripts/chaos-node.lua
Eugenio Marzo 7459fbffc5 some fixes...
2026-03-14 13:26:55 +01:00

252 lines
7.3 KiB
Lua
Raw Blame History

loadfile("/usr/local/openresty/nginx/conf/kubeinvaders/metrics.lua")
local https = require "ssl.https"
local ltn12 = require "ltn12"
local json = require "lunajson"
local redis = require "resty.redis"
local arg = ngx.req.get_uri_args()
local incr = 0
local config = require "config_kubeinv"
local chaos_container = ""
local red = redis:new()
local okredis, errredis = red:connect("unix:/tmp/redis.sock")
local function read_all(file)
local f = assert(io.open(file, "rb"))
local content = f:read("*all")
f:close()
return content
end
local http = require("socket.http")
math.randomseed(os.clock()*100000000000)
local rand = math.random(999, 9999)
local arg = ngx.req.get_uri_args()
local req_headers = ngx.req.get_headers()
local k8s_url = ""
local kube_host = os.getenv("KUBERNETES_SERVICE_HOST")
local kube_port = os.getenv("KUBERNETES_SERVICE_PORT_HTTPS")
local endpoint = os.getenv("ENDPOINT")
if kube_host and kube_host ~= "" then
local port_suffix = ""
if kube_port and kube_port ~= "" then
port_suffix = ":" .. kube_port
end
k8s_url = "https://" .. kube_host .. port_suffix
else
k8s_url = endpoint or ""
end
local target = arg['target'] or req_headers["x-k8s-target"] or req_headers["X-K8S-Target"]
if target and target ~= "" then
if not string.match(target, "^https?://") then
target = "https://" .. target
end
k8s_url = string.gsub(target, "/+$", "")
end
if k8s_url == "" then
ngx.status = 500
ngx.say("Missing Kubernetes endpoint configuration. Set KUBERNETES_SERVICE_HOST or ENDPOINT.")
ngx.exit(ngx.OK)
end
if not string.match(k8s_url, "^https?://") then
k8s_url = "https://" .. k8s_url
end
k8s_url = string.gsub(k8s_url, "/+$", "")
local token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"] or tostring(os.getenv("TOKEN") or "")
if token == "" then
ngx.status = 500
ngx.say("Missing Kubernetes API token configuration.")
ngx.exit(ngx.OK)
end
local ca_cert_b64 = req_headers["x-k8s-ca-cert-b64"] or req_headers["X-K8S-CA-CERT-B64"]
local ca_cert = nil
if ca_cert_b64 and ca_cert_b64 ~= "" then
ca_cert = ngx.decode_base64(ca_cert_b64)
end
local disable_tls_env = string.lower(tostring(os.getenv("DISABLE_TLS") or "false"))
local disable_tls = disable_tls_env == "true" or disable_tls_env == "1" or disable_tls_env == "yes"
local namespace = arg['namespace']
local node_name = arg['nodename']
local url = k8s_url .. "/apis/batch/v1/namespaces/" .. namespace .. "/jobs"
local resp = {}
if ngx.var.request_method == "GET" then
if okredis then
ngx.log(ngx.INFO, "Connection to Redis is ok")
else
ngx.log(ngx.INFO, "Connection to Redis is not ok")
ngx.log(ngx.INFO, errredis)
end
-- Count the total of chaos jobs launched against nodes
local chaos_node_res, err = red:get("chaos_node_jobs_total")
if chaos_node_res == ngx.null then
ngx.say(err)
red:set("chaos_node_jobs_total", 0)
else
local incr = chaos_node_res + 1
local res, err = red:set("chaos_node_jobs_total",incr)
end
-- Count the total of chaos jobs launched against nodes per node
local node_name = arg['nodename']
local chaos_node_res, err = red:get("chaos_node_jobs_total_on_" .. node_name)
if chaos_node_res == ngx.null then
ngx.say(err)
red:set("chaos_node_jobs_total_on_" .. node_name, 1)
else
local incr = chaos_node_res + 1
local res, err = red:set("chaos_node_jobs_total_on_" .. node_name,incr)
end
end
ngx.header['Access-Control-Allow-Origin'] = '*'
ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
ngx.header['Access-Control-Allow-Headers'] = 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'
ngx.header['Access-Control-Expose-Headers'] = 'Content-Length,Content-Range';
headers = {
["Accept"] = "application/json",
["Content-Type"] = "application/json",
["Authorization"] = "Bearer " .. token,
}
local res, err = red:get("chaos_container")
if res ~= ngx.null then
ngx.log(ngx.INFO, "Found chaos_container defined in Redis!")
ngx.log(ngx.INFO, res)
chaos_container = res
else
ngx.log(ngx.INFO, "Using default chaos container")
chaos_container = config["default_chaos_container"]
end
local body = [[
{
"apiVersion": "batch/v1",
"kind": "Job",
"metadata": {
"name": "kubeinvaders-chaos-]] .. rand .. [[",
"labels": {
"chaos-controller": "kubeinvaders"
}
},
"spec": {
"template": {
"metadata": {
"labels": {
"chaos-controller": "kubeinvaders"
}
},
"spec": {
"containers": [ ]] .. chaos_container .. [[ ],
"restartPolicy": "Never"
}
},
"backoffLimit": null
}
}
]]
local headers2 = {
["Accept"] = "application/json",
["Content-Type"] = "application/json",
["Authorization"] = "Bearer " .. token,
["Content-Length"] = string.len(body)
}
local function create_request_opts(request_url, request_headers, request_method, request_source)
local request_opts = {
url = request_url,
headers = request_headers,
method = request_method,
verify = disable_tls and "none" or "peer",
sink = ltn12.sink.table(resp)
}
if request_source then
request_opts.source = request_source
end
if not disable_tls and ca_cert and ca_cert ~= "" then
local ca_file_path = "/tmp/kubeinv-custom-ca.crt"
local ca_file = io.open(ca_file_path, "w")
if ca_file then
ca_file:write(ca_cert)
ca_file:close()
request_opts.cafile = ca_file_path
end
end
return request_opts
end
local url = k8s_url .. "/apis/batch/v1/namespaces/" .. namespace .. "/jobs"
ngx.log(ngx.INFO, "Creating chaos_node job kubeinvaders-chaos-" ..rand)
local ok, statusCode, headers, statusText = https.request(
create_request_opts(url, headers2, "POST", ltn12.source.string(body))
)
ngx.log(ngx.INFO, ok)
ngx.log(ngx.INFO, statusCode)
ngx.log(ngx.INFO, statusText)
local url = k8s_url.. "/apis/batch/v1/namespaces/" .. namespace .. "/jobs"
ngx.log(ngx.INFO, "Getting JobList" .. rand)
local ok, statusCode, headers, statusText = https.request(
create_request_opts(url, headers, "GET")
)
ngx.log(ngx.INFO, ok)
ngx.log(ngx.INFO, statusCode)
ngx.log(ngx.INFO, statusText)
for k,v in ipairs(resp) do
decoded = json.decode(v)
if decoded["kind"] == "JobList" then
for k2,v2 in ipairs(decoded["items"]) do
if v2["status"]["succeeded"] == 1 and v2["metadata"]["labels"]["chaos-controller"] == "kubeinvaders" then
delete_job = "kubectl delete job " .. v2["metadata"]["name"] .. " --token=" .. token .. " --server=" .. k8s_url .. " --insecure-skip-tls-verify=true -n " .. namespace
ngx.log(ngx.INFO, delete_pod)
end
end
end
end
local url = k8s_url.. "/api/v1/namespaces/" .. namespace .. "/pods"
ngx.log(ngx.INFO, "Getting PodList" .. rand)
local ok, statusCode, headers, statusText = https.request(
create_request_opts(url, headers, "GET")
)
ngx.log(ngx.INFO, ok)
ngx.log(ngx.INFO, statusCode)
ngx.log(ngx.INFO, statusText)
for k,v in ipairs(resp) do
decoded = json.decode(v)
if decoded["kind"] == "PodList" then
for k2,v2 in ipairs(decoded["items"]) do
if v2["status"]["phase"] == "Succeeded" and v2["metadata"]["labels"]["chaos-controller"] == "kubeinvaders" then
delete_pod = "kubectl delete pod " .. v2["metadata"]["name"] .. " --token=" .. token .. " --server=" .. k8s_url .. " --insecure-skip-tls-verify=true -n " .. namespace
ngx.log(ngx.INFO, delete_pod)
end
end
end
end
ngx.say("chaos node")
Reference in New Issue View Git Blame Copy Permalink