forked from DataDog/chaos-controller
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvalues.yaml
153 lines (150 loc) · 7.05 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# Unless explicitly stated otherwise all files in this repository are licensed
# under the Apache License Version 2.0.
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2025 Datadog, Inc.
chaosNamespace: chaos-engineering # namespace where any resources get created.
skipNamespace: false # omit namespace declaration
global:
oci:
registry: k8s.io
chaos:
defaultImage:
repo: to-override
tag: latest
digest: ""
pullSecrets: false # name of the secret object to use when pulling images
controller:
configMapOverrides: false # deploy a second configmap, which overrides values from the first
version: ""
image:
repo: chaos-controller
enabled: true # should the controller and associated webhooks be deployed or not
leaderElection: true
deleteOnly: false # enable delete-only mode
enableSafeguards: true # enable safeguards on targets selection (do not target the node running the controller)
enableObserver: true # enable observer on targets, notifying of target warning status and events
metricsSink: noop
profilerSink: noop
tracerSink: noop
notifiers:
common:
clusterName: lima
noop:
enabled: true
slack:
enabled: false
tokenFilepath: ""
mirrorSlackChannelId: ""
datadog:
enabled: false
http:
disruption:
enabled: false
url: "http://localhost:8082/disruptions"
disruptioncron:
enabled: false
url: "http://localhost:8082/disruptioncrons"
headersFilepath: ""
headers: []
authURL: ""
authHeaders: []
authTokenPath: ""
cloudProviders: # cloud providers specific disruptions configuration
disableAll: false # disable all cloud providers disruption, it overrides per cloud provider configuration (you can't disable all + enable one)
pullInterval: 24h # pull interval used by the controller to update ip ranges files
aws: # aws cloud provider config
enabled: true # enable the provider
ipRangesURL: "https://ip-ranges.amazonaws.com/ip-ranges.json" # URL to the IP ranges file (format must be the expected one, defaults is the public file provided by the cloud provider)
gcp: # gcp cloud provider config
enabled: true # enable the provider
ipRangesURL: "https://www.gstatic.com/ipranges/goog.json" # URL to the IP ranges file (format must be the expected one, defaults is the public file provided by the cloud provider)
datadog: # datadog cloud provider config
enabled: true # enable the provider
ipRangesURL: "https://ip-ranges.datadoghq.com/" # URL to the IP ranges file (format must be the expected one, defaults is the public file provided by the cloud provider)
defaultDuration: 5m # default spec.duration for a disruption with none specified
maxDuration: 2h # maximum spec.duration for a disruption
defaultCronDelayedStartTolerance: 15m
minimumCronFrequency: 15m # a disruption cron with a spec.schedule that runs more often than this will be rejected.
finalizerDeletionDelay: 20s
expiredDisruptionGCDelay: 10m # time after a disruption expires before deleting it
userInfoHook: true
webhook: # admission webhook configuration
generateCert: false # if you want Helm to generate certificates (e.g. in case the cert-manager is not installed in the cluster) set this to true
certDir: "" # certificate directory (must contain tls.crt and tls.key files)
host: "" # host to use to serve requests
port: 9443 # port to use to serve requests
safeMode:
environment: ""
permittedUserGroups: # (optional) specify a list of strings which represent user info groups. if set, a user must belong to at least one in order to create a Disruption
- system:authenticated
enable: false
namespaceThreshold: 80
clusterThreshold: 66
allowNodeFailure: true # if set to false, will prevent the creation of any disruption that applies a nodeFailure, but only if safeMode.enable is true
allowNodeLevel: true # if set to false, will prevent the creation of any disruption at the node level, but only if safeMode.enable is true
logLevel: DEBUG # sets the log level for the chaos controller
resources: # resources assigned to the controller pod. may need to be increased when deploying to larger scale clusters
cpu: 100m
memory: 300Mi
ephemeralStorage: 1Gi
disruptionCronEnabled: true
disruptionRolloutEnabled: false
disruptionDeletionTimeout: 15m # The duration after which a disruption will be marked as "stuck on removal" if its removal process exceeds this duration.
aggregateToClusterRole: false # If this is true two aggregated cluster roles are created for viewing and editing (https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles)
# disabledDisruptions: # List of disruption kinds to disable at admission
# - dns-disruption
# - node-failure
injector:
image:
repo: chaos-injector
annotations: {} # extra annotations passed to the chaos injector pods
labels: {} # extra labels passed to the chaos injector pods
tolerations: [] # extra tolerations passed to the chaos injector pods
# (here's the expected format, key/effect are required, all other fields are optional)
# tolerations:
# - key: "key1"
# operator: "Equal"
# value: "value1"
# effect: "NoExecute"
# tolerationSeconds: 3600
# - key: "key1"
# operator: "Equal"
# value: "value1"
# effect: "NoExecute"
serviceAccount: chaos-injector # service account to use for the chaos injector pods
logLevel: DEBUG # sets the log level for the chaos injector pods
dnsDisruption: # dns disruption configuration
dnsServer: "" # IP address of the upstream dns server
kubeDns:
all
# whether to use kube-dns for DNS resolution (default: "all"). Options:
# : "off": use the DNS server defined in the controller configuration for all resolutions
# : "internal": use kube-dns for internal hostnames resolution (`.local.` or `.internal.` suffixes), use the DNS server defined in the controller configuration for all other resolutions
# : "all": use kube-dns for all resolutions
networkDisruption: # network disruption general configuration
hostResolveInterval: 1m # how often to re-resolve the hostnames we are disrupting traffic to
allowedHosts: [] # list of always allowed hosts (even if explicitly blocked by a network disruption)
# (here's the expected format, all fields are optional)
# allowedHosts:
# - host: 10.0.0.0/8
# port: 80
# protocol: tcp
# flow: egress
# - host: 10.0.0.0/8
# port: 81
# protocol: tcp
# flow: ingress
handler:
image:
repo: chaos-handler
enabled: true # enable the chaos handler (required to use the onInit disruption feature)
timeout: 10m # time the handler init container will wait before exiting if no signal is received
maxTimeout: 2h # maximum amount of time to allow users to configure for their handler timeout
resources:
cpu: 10m
memory: 5Mi
proxy:
image:
registry: gcr.io
repo: kubebuilder/kube-rbac-proxy
tag: v0.4.1