added kubeconfig permissions tip

Signed-off-by: Tullio Sebastiani <[email protected]>
krkn-chaos · Jun 12, 2024 · c4d7543 · c4d7543
1 parent 8fc6910
commit c4d7543
Show file tree

Hide file tree

Showing 17 changed files with 39 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -46,7 +46,10 @@ You can take advantage of the [get_docker_params.sh](get_docker_params.sh) scrip
 This will take all environment variables and put them in the form "-e <var>=<value>" to make a long string that can get passed to the command
 
 For example: 
-`docker run $(./get_docker_params.sh) --net=host -v <path-to-kube-config>:/root/.kube/config:Z -d quay.io/redhat-chaos/krkn-hub:power-outages`
+`docker run $(./get_docker_params.sh) --net=host -v <path-to-kube-config>:/home/krkn/.kube/config:Z -d quay.io/redhat-chaos/krkn-hub:power-outages`
+
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 
 ### Adding New Scenarios/Testing Changes
 

diff --git a/docs/application-outages.md b/docs/application-outages.md
@@ -20,6 +20,9 @@ $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
 
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
+
 #### Supported parameters
 
 The following environment variables can be set on the host running the container to tweak the scenario/faults being injected:

diff --git a/docs/chaos-recommender.md b/docs/chaos-recommender.md
@@ -5,7 +5,8 @@ This tool profiles an application and gathers telemetry data such as CPU, Memory
 ```
 $ podman run --name=<container_name> --net=host --env-host=true -v <path-to-kube-config>:/home/krkn/.kube/config:Z  -e NAMESPACE=<NAMESPACE> -e PROMETHEUS_ENDPOINT=<PROMETHEUS_ENDPOINT> -e PROMETHEUS_TOKEN=<PROMETHEUS_TOKEN>  quay.io/krkn-chaos/krkn-hub:chaos-recommender
 ```
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Supported parameters
 
 See list of variables that apply to all scenarios [here](all_scenarios_env.md) that can be used/set in addition to these scenario specific variables

diff --git a/docs/container-scenarios.md b/docs/container-scenarios.md
@@ -19,6 +19,8 @@ $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
 
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Supported parameters
 
 The following environment variables can be set on the host running the container to tweak the scenario/faults being injected:

diff --git a/docs/network-chaos.md b/docs/network-chaos.md
@@ -16,7 +16,8 @@ $ docker run -e <VARIABLE>=<value> --net=host -v <path-to-kube-config>:/home/krk
 $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 
 #### Supported parameters
 

diff --git a/docs/node-cpu-hog.md b/docs/node-cpu-hog.md
@@ -19,7 +19,8 @@ $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
 
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Supported parameters
 
 The following environment variables can be set on the host running the container to tweak the scenario/faults being injected:

diff --git a/docs/node-io-hog.md b/docs/node-io-hog.md
@@ -18,7 +18,8 @@ $ docker run -e <VARIABLE>=<value> --net=host -v <path-to-kube-config>:/root/.ku
 $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 
 #### Supported parameters
 

diff --git a/docs/node-memory-hog.md b/docs/node-memory-hog.md
@@ -18,7 +18,8 @@ $ docker run -e <VARIABLE>=<value> --net=host -v <path-to-kube-config>:/home/krk
 $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Supported parameters
 
 The following environment variables can be set on the host running the container to tweak the scenario/faults being injected:

diff --git a/docs/node-scenarios.md b/docs/node-scenarios.md
@@ -18,7 +18,8 @@ $ docker run -e <VARIABLE>=<value> --net=host -v <path-to-kube-config>:/home/krk
 $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Supported parameters
 
 The following environment variables can be set on the host running the container to tweak the scenario/faults being injected:

diff --git a/docs/pod-network-chaos.md b/docs/pod-network-chaos.md
@@ -19,7 +19,8 @@ $ docker run -e <VARIABLE>=<value> --name=<container_name> --net=host -v <path-t
 $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Supported parameters
 
 The following environment variables can be set on the host running the container to tweak the scenario/faults being injected:

diff --git a/docs/pod-scenarios.md b/docs/pod-scenarios.md
@@ -19,7 +19,8 @@ $ docker run -e <VARIABLE>=<value> --name=<container_name> --net=host -v <path-t
 $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Supported parameters
 
 The following environment variables can be set on the host running the container to tweak the scenario/faults being injected:

diff --git a/docs/power-outages.md b/docs/power-outages.md
@@ -23,7 +23,8 @@ $ docker run -e <VARIABLE>=<value> --name=<container_name> --net=host -v <path-t
 $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Demo
 
 Demo can be found [here](https://asciinema.org/a/r0zLbh70XK7gnc4s5v0ZzSXGo)

diff --git a/docs/pvc-scenarios.md b/docs/pvc-scenarios.md
@@ -18,6 +18,9 @@ $ docker run -e <VARIABLE>=<value> --name=<container_name> --net=host -v <path-t
 $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
+
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Supported parameters
 
 The following environment variables can be set on the host running the container to tweak the scenario/faults being injected:

diff --git a/docs/service-disruption-scenarios.md b/docs/service-disruption-scenarios.md
@@ -18,7 +18,8 @@ $ docker run -e <VARIABLE>=<value> --net=host -v <path-to-kube-config>:/home/krk
 $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Demo
 See [here](https://asciinema.org/a/kKPSI0D7upV9HQWH5jnroTaKb) for a demo of this scenario
 

diff --git a/docs/service-hijacking.md b/docs/service-hijacking.md
@@ -37,7 +37,8 @@ $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
 
-
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Supported parameters
 
 The following environment variables can be set on the host running the container to tweak the scenario/faults being injected:

diff --git a/docs/time-scenarios.md b/docs/time-scenarios.md
@@ -19,6 +19,9 @@ $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
 
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
+
 #### Demo
 [Here](https://asciinema.org/a/zMBAdzHE40oPXkFVIz0exEoOX) is a demo of kraken-hub in action
 

diff --git a/docs/zone-outages.md b/docs/zone-outages.md
@@ -20,6 +20,8 @@ $ docker logs -f <container_name or container_id> # Streams Kraken logs
 $ docker inspect <container-name or container-id> --format "{{.State.ExitCode}}" # Outputs exit code which can considered as pass/fail for the scenario
 ```
 
+**TIP**: Because the container runs with a non-root user, ensure the kube config is globally readable before mounting it in the container. You can achieve this with the following commands:
+```kubectl config view --flatten > ~/kubeconfig && chmod 444 ~/kubeconfig && docker run $(./get_docker_params.sh) --name=<container_name> --net=host -v ~kubeconfig:/home/krkn/.kube/config:Z -d quay.io/krkn-chaos/krkn-hub:<scenario>```
 #### Supported parameters
 
 The following environment variables can be set on the host running the container to tweak the scenario/faults being injected: