Cannot deploy agent without project-id

litmuschaos / litmus

Litmus helps SREs and developers practice chaos engineering in a Cloud-native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q

https://litmuschaos.io

Apache License 2.0

4.46k stars 698 forks source link

Cannot deploy agent without project-id #3625

Open Vr00mm opened 3 years ago

Vr00mm commented 3 years ago

Hello,

I want to deploy an agent, shared with multiple projects, with the litmusctl cli.

From the litmusctl --help, we can create agent without project-id:

        #create an agent
        litmusctl create agent --agent-name="new-agent" --non-interactive

        #create an agent within a project
        litmusctl create agent --agent-name="new-agent" --project-id="d861b650-1549-4574-b2ba-ab754058dd04" --non-interactive

When iam trying to create an agent without project-id, i get this error:

Error: --project-id flag is empty

Is this a bug ? Or we cannot share agent between litmus projects ?

Best Regards, Rémi

imrajdas commented 3 years ago

You can share agents between the projects after the user invitation from the chaos center

To check the projects- litmusctl get projects

gdsoumya commented 3 years ago

@Vr00mm by share agents do you mean to share a single instance of a litmus agent with multiple projects? If that's what you mean then it is not possible. You need to create separate litmus agent instances each unique to a single project. Multiple litmus agent instances can be running on the same cluster if installed in ns scope.

Vr00mm commented 3 years ago

Thanks for replies @gdsoumya, @rajdas98

Yes, this is exactly what I want to do.

I have a cluster. I want only ONE agent on my cluster And manage permissions with projects.

Cluster: Dev Project: Project1 Hub: Hub1 User: Mr Martin

Cluster: Dev Project: Project2 Hub: Hub2 User: Mr Dupont

Mr Martin can run chaos on his project "Project1" on the cluter Dev without accessing Project2 experiments / workflows Mr Dupont can run chaos on his project "Project2" on the cluter Dev without accessing Project1 experiments / workflows

Any way to workaround ?

Vr00mm commented 3 years ago

Each cluster have a lot of applications, and I cannot deploy 1 agent per application... How I can deal with permissions then ?

johnqa commented 2 years ago

I am in the same situation.

This multi-user/multi-project/multi-agent approach is not ok.

At least to have a feature to share agents across projects would be useful. I see no benefit in having a different agent on the same cluster for different projects.

Just to mention, I have to test 30+ services across 3 clusters each, that means that is I want a project for each service I have to install 90 agents (not to mention that each cluster will have 30 agents with all the resources implied). The other option of having fewer projects means that workflows will be mixed, and since there is no folder structure I will have potentially hundred of workflows used by tens of people.

imrajdas commented 2 years ago

Hi @johnqa , The agents can be shared between different projects based on the invitation. You can go to the settings of the chaos center, and invite other users to the projects.

johnqa commented 2 years ago

Are you sure? From what I saw, if I have user A and user B each with it's own project pA (which has some agents) and pB (with no agent), if user A invites B to pA, than user B indeed has access to agent from pA but only if it uses pA. If it wishes to work in pB there are no agents there.