Merge remote-tracking branch 'upstream/master' into easier-twophase

Signed-off-by: Yang Keao <keao.yang@yahoo.com>

Makefile

@@ -38,7 +38,7 @@ PACKAGE_LIST := go list ./... | grep -vE "chaos-mesh/test|pkg/ptrace|zz_generate
 PACKAGE_DIRECTORIES := $(PACKAGE_LIST) | sed 's|github.com/chaos-mesh/chaos-mesh/||'
 
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true"
+CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))

README.md

@@ -79,6 +79,7 @@ Blogs on Chaos Mesh design & implementation, features, chaos engineering, commun
 - [Building an Automated Testing Framework Based on Chaos Mesh® and Argo](https://chaos-mesh.org/blog/building_automated_testing_framework)
 - [Chaos Mesh 1.0: Chaos Engineering on Kubernetes Made Easier](https://chaos-mesh.org/blog/chaos-mesh-1.0-chaos-engineering-on-kubernetes-made-easier)
 
+
 ## Contribute
 
 See the [contributing guide](./CONTRIBUTING.md) and [development guide](https://chaos-mesh.org/docs/development_guides/development_overview).
@@ -111,6 +112,7 @@ On the fourth Thursday of every month (unless otherwise specified), the Chaos Me
 - Ronak Banka: [Getting Started with Chaos Mesh and Kubernetes](https://itnext.io/getting-started-with-chaos-mesh-and-kubernetes-bfd98d25d481)
 - kondoumh: [​Kubernetes ネイティブなカオスエンジニアリングツール Chaos Mesh を使ってみる](https://blog.kondoumh.com/entry/2020/10/23/123431)
 - Vadim Tkachenko: [ChaosMesh to Create Chaos in Kubernetes](https://www.percona.com/blog/2020/11/05/chaosmesh-to-create-chaos-in-kubernetes/)
+- Hui Zhang: [How a Top Game Company Uses Chaos Engineering to Improve Testing](https://chaos-mesh.org/blog/how-a-top-game-company-uses-chaos-engineering-to-improve-testing)
 
 ## Media coverage
 - CodeZine: [オープンソースのカオステストツール「Chaos Mesh 1.0」、一般提供を開始](https://codezine.jp/article/detail/12996)

api/v1alpha1/jvmchaos_webhook.go

@@ -16,20 +16,13 @@ package v1alpha1
 import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
-	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 )
 
 // log is for logging in this package.
 var jvmchaoslog = logf.Log.WithName("jvmchaos-resource")
 
-func (in *JVMChaos) SetupWebhookWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewWebhookManagedBy(mgr).
-		For(in).
-		Complete()
-}
-
 // +kubebuilder:webhook:path=/mutate-chaos-mesh-org-v1alpha1-jvmchaos,mutating=true,failurePolicy=fail,groups=chaos-mesh.org,resources=jvmchaos,verbs=create;update,versions=v1alpha1,name=mjvmchaos.kb.io
 
 var _ webhook.Defaulter = &JVMChaos{}

api/webhook/inject.go

@@ -18,6 +18,7 @@ import (
 	"net/http"
 
 	"github.com/chaos-mesh/chaos-mesh/controllers/metrics"
+	controllerCfg "github.com/chaos-mesh/chaos-mesh/pkg/config"
 	"github.com/chaos-mesh/chaos-mesh/pkg/webhook/config"
 	"github.com/chaos-mesh/chaos-mesh/pkg/webhook/inject"
 
@@ -32,13 +33,16 @@ var log = ctrl.Log.WithName("inject-webhook")
 
 // +kubebuilder:webhook:path=/inject-v1-pod,mutating=false,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,name=vpod.kb.io
 
+// PodInjector is pod template config injector
 type PodInjector struct {
-	client  client.Client
-	decoder *admission.Decoder
-	Config  *config.Config
-	Metrics *metrics.ChaosCollector
+	client        client.Client
+	decoder       *admission.Decoder
+	Config        *config.Config
+	ControllerCfg *controllerCfg.ChaosControllerConfig
+	Metrics       *metrics.ChaosCollector
 }
 
+// Handle is pod injector handler
 func (v *PodInjector) Handle(ctx context.Context, req admission.Request) admission.Response {
 	pod := &v1.Pod{}
 
@@ -50,15 +54,17 @@ func (v *PodInjector) Handle(ctx context.Context, req admission.Request) admissi
 	log.Info("Get request from pod:", "pod", pod)
 
 	return admission.Response{
-		AdmissionResponse: *inject.Inject(&req.AdmissionRequest, v.client, v.Config, v.Metrics),
+		AdmissionResponse: *inject.Inject(&req.AdmissionRequest, v.client, v.Config, v.ControllerCfg, v.Metrics),
 	}
 }
 
+// InjectClient is pod injector client
 func (v *PodInjector) InjectClient(c client.Client) error {
 	v.client = c
 	return nil
 }
 
+// InjectDecoder is pod injector decoder
 func (v *PodInjector) InjectDecoder(d *admission.Decoder) error {
 	v.decoder = d
 	return nil

cmd/controller-manager/main.go

@@ -22,7 +22,7 @@ import (
 
 	chaosmeshv1alpha1 "github.com/chaos-mesh/chaos-mesh/api/v1alpha1"
 	apiWebhook "github.com/chaos-mesh/chaos-mesh/api/webhook"
-	"github.com/chaos-mesh/chaos-mesh/controllers/common"
+	ccfg "github.com/chaos-mesh/chaos-mesh/controllers/config"
 	"github.com/chaos-mesh/chaos-mesh/controllers/metrics"
 	"github.com/chaos-mesh/chaos-mesh/controllers/podiochaos"
 	"github.com/chaos-mesh/chaos-mesh/controllers/podnetworkchaos"
@@ -89,23 +89,23 @@ func main() {
 	}
 
 	// set RPCTimeout config
-	utils.RPCTimeout = common.ControllerCfg.RPCTimeout
+	utils.RPCTimeout = ccfg.ControllerCfg.RPCTimeout
 
 	ctrl.SetLogger(zap.Logger(true))
 
 	options := ctrl.Options{
 		Scheme:             scheme,
-		MetricsBindAddress: common.ControllerCfg.MetricsAddr,
-		LeaderElection:     common.ControllerCfg.EnableLeaderElection,
+		MetricsBindAddress: ccfg.ControllerCfg.MetricsAddr,
+		LeaderElection:     ccfg.ControllerCfg.EnableLeaderElection,
 		Port:               9443,
 	}
 
-	if common.ControllerCfg.ClusterScoped {
+	if ccfg.ControllerCfg.ClusterScoped {
 		setupLog.Info("Chaos controller manager is running in cluster scoped mode.")
 		// will not specific a certain namespace
 	} else {
-		setupLog.Info("Chaos controller manager is running in namespace scoped mode.", "targetNamespace", common.ControllerCfg.TargetNamespace)
-		options.Namespace = common.ControllerCfg.TargetNamespace
+		setupLog.Info("Chaos controller manager is running in namespace scoped mode.", "targetNamespace", ccfg.ControllerCfg.TargetNamespace)
+		options.Namespace = ccfg.ControllerCfg.TargetNamespace
 	}
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), options)
@@ -114,7 +114,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	err = router.SetupWithManager(mgr)
+	err = router.SetupWithManagerAndConfigs(mgr, ccfg.ControllerCfg)
 	if err != nil {
 		setupLog.Error(err, "fail to setup with manager")
 		os.Exit(1)
@@ -134,9 +134,10 @@ func main() {
 	// We only setup webhook for podnetworkchaos, and the logic of applying chaos are in the validation
 	// webhook, because we need to get the running result synchronously in network chaos reconciler
 	chaosmeshv1alpha1.RegisterRawPodNetworkHandler(&podnetworkchaos.Handler{
-		Client: mgr.GetClient(),
-		Reader: mgr.GetAPIReader(),
-		Log:    ctrl.Log.WithName("handler").WithName("PodNetworkChaos"),
+		Client:                  mgr.GetClient(),
+		Reader:                  mgr.GetAPIReader(),
+		Log:                     ctrl.Log.WithName("handler").WithName("PodNetworkChaos"),
+		AllowHostNetworkTesting: ccfg.ControllerCfg.AllowHostNetworkTesting,
 	})
 	if err = (&chaosmeshv1alpha1.PodNetworkChaos{}).SetupWebhookWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create webhook", "webhook", "PodNetworkChaos")
@@ -148,25 +149,25 @@ func main() {
 
 	setupLog.Info("Setting up webhook server")
 	hookServer := mgr.GetWebhookServer()
-	hookServer.CertDir = common.ControllerCfg.CertsDir
+	hookServer.CertDir = ccfg.ControllerCfg.CertsDir
 	conf := config.NewConfigWatcherConf()
 
 	stopCh := ctrl.SetupSignalHandler()
 
-	if common.ControllerCfg.PprofAddr != "0" {
+	if ccfg.ControllerCfg.PprofAddr != "0" {
 		go func() {
-			if err := http.ListenAndServe(common.ControllerCfg.PprofAddr, nil); err != nil {
+			if err := http.ListenAndServe(ccfg.ControllerCfg.PprofAddr, nil); err != nil {
 				setupLog.Error(err, "unable to start pprof server")
 				os.Exit(1)
 			}
 		}()
 	}
 
-	if err = common.ControllerCfg.WatcherConfig.Verify(); err != nil {
+	if err = ccfg.ControllerCfg.WatcherConfig.Verify(); err != nil {
 		setupLog.Error(err, "invalid environment configuration")
 		os.Exit(1)
 	}
-	configWatcher, err := watcher.New(*common.ControllerCfg.WatcherConfig, metricsCollector)
+	configWatcher, err := watcher.New(*ccfg.ControllerCfg.WatcherConfig, metricsCollector)
 	if err != nil {
 		setupLog.Error(err, "unable to create config watcher")
 		os.Exit(1)
@@ -175,8 +176,9 @@ func main() {
 	watchConfig(configWatcher, conf, stopCh)
 	hookServer.Register("/inject-v1-pod", &webhook.Admission{
 		Handler: &apiWebhook.PodInjector{
-			Config:  conf,
-			Metrics: metricsCollector,
+			Config:        conf,
+			ControllerCfg: ccfg.ControllerCfg,
+			Metrics:       metricsCollector,
 		}},
 	)
 

config/crd/bases/chaos-mesh.org_dnschaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: DNSChaosList
     plural: dnschaos
     singular: dnschaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

config/crd/bases/chaos-mesh.org_httpchaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: HTTPChaosList
     plural: httpchaos
     singular: httpchaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

config/crd/bases/chaos-mesh.org_iochaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: IoChaosList
     plural: iochaos
     singular: iochaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

config/crd/bases/chaos-mesh.org_jvmchaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: JVMChaosList
     plural: jvmchaos
     singular: jvmchaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

config/crd/bases/chaos-mesh.org_kernelchaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: KernelChaosList
     plural: kernelchaos
     singular: kernelchaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

config/crd/bases/chaos-mesh.org_networkchaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: NetworkChaosList
     plural: networkchaos
     singular: networkchaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

config/crd/bases/chaos-mesh.org_podchaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: PodChaosList
     plural: podchaos
     singular: podchaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

config/crd/bases/chaos-mesh.org_podiochaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: PodIoChaosList
     plural: podiochaos
     singular: podiochaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

config/crd/bases/chaos-mesh.org_podnetworkchaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: PodNetworkChaosList
     plural: podnetworkchaos
     singular: podnetworkchaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

config/crd/bases/chaos-mesh.org_stresschaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: StressChaosList
     plural: stresschaos
     singular: stresschaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

config/crd/bases/chaos-mesh.org_timechaos.yaml

@@ -14,6 +14,7 @@ spec:
     listKind: TimeChaosList
     plural: timechaos
     singular: timechaos
+  preserveUnknownFields: false
   scope: Namespaced
   validation:
     openAPIV3Schema:

controllers/common/types.go

@@ -15,22 +15,16 @@ package common
 
 import (
 	"context"
-	"fmt"
-	"os"
-	"regexp"
-	"strings"
 	"time"
 
 	"github.com/chaos-mesh/chaos-mesh/api/v1alpha1"
-	"github.com/chaos-mesh/chaos-mesh/pkg/config"
 	ctx "github.com/chaos-mesh/chaos-mesh/pkg/router/context"
 	endpoint "github.com/chaos-mesh/chaos-mesh/pkg/router/endpoint"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/util/retry"
 
 	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 )
 
 const (
@@ -44,74 +38,6 @@ const emptyString = ""
 
 var log = ctrl.Log.WithName("controller")
 
-//ControllerCfg is a global variable to keep the configuration for Chaos Controller
-var ControllerCfg *config.ChaosControllerConfig
-
-func init() {
-	conf, err := config.EnvironChaosController()
-	if err != nil {
-		ctrl.SetLogger(zap.Logger(true))
-		log.Error(err, "Chaos Controller: invalid environment configuration")
-		os.Exit(1)
-	}
-
-	err = validate(&conf)
-	if err != nil {
-		ctrl.SetLogger(zap.Logger(true))
-		log.Error(err, "Chaos Controller: invalid configuration")
-		os.Exit(1)
-	}
-
-	ControllerCfg = &conf
-}
-
-func validate(config *config.ChaosControllerConfig) error {
-
-	if config.WatcherConfig == nil {
-		return fmt.Errorf("required WatcherConfig is missing")
-	}
-
-	if config.ClusterScoped != config.WatcherConfig.ClusterScoped {
-		return fmt.Errorf("K8sConfigMapWatcher config ClusterScoped is not same with controller-manager ClusterScoped. k8s configmap watcher: %t, controller manager: %t", config.WatcherConfig.ClusterScoped, config.ClusterScoped)
-	}
-
-	if !config.ClusterScoped {
-		if strings.TrimSpace(config.TargetNamespace) == "" {
-			return fmt.Errorf("no target namespace specified with namespace scoped mode")
-		}
-		if !isAllowedNamespaces(config.TargetNamespace, config.AllowedNamespaces, config.IgnoredNamespaces) {
-			return fmt.Errorf("target namespace %s is not allowed with filter, please check config AllowedNamespaces and IgnoredNamespaces", config.TargetNamespace)
-		}
-
-		if config.TargetNamespace != config.WatcherConfig.TargetNamespace {
-			return fmt.Errorf("K8sConfigMapWatcher config TargertNamespace is not same with controller-manager TargetNamespace. k8s configmap watcher: %s, controller manager: %s", config.WatcherConfig.TargetNamespace, config.TargetNamespace)
-		}
-	}
-
-	return nil
-}
-
-// FIXME: duplicated with utils.IsAllowedNamespaces, it should considered with some dependency problems.
-func isAllowedNamespaces(namespace, allowedNamespace, ignoredNamespace string) bool {
-	if allowedNamespace != "" {
-		matched, err := regexp.MatchString(allowedNamespace, namespace)
-		if err != nil {
-			return false
-		}
-		return matched
-	}
-
-	if ignoredNamespace != "" {
-		matched, err := regexp.MatchString(ignoredNamespace, namespace)
-		if err != nil {
-			return false
-		}
-		return !matched
-	}
-
-	return true
-}
-
 // Reconciler for common chaos
 type Reconciler struct {
 	endpoint.Endpoint