search

litmuschaos / litmus

Litmus helps SREs and developers practice chaos engineering in a Cloud-native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q
https://litmuschaos.io
Apache License 2.0
4.44k stars 698 forks source link

Add possibility to prohibit applying chaos tests on certain namespaces #3674

Open brnck opened 2 years ago

brnck commented 2 years ago

Right now LitmusChaos can run in all namespaces. That poses a security risk as well as an accidental run of chaos tests in the namespaces where it should not be run. I as an administrator want to ensure that only certain namespaces are allowed to be used for chaos tests.

It would be really great if Litmus would support Filter namespaces mode that could be managed by the ENV variable. If namespaces filtering is enabled, only specifically annotated namespaces could be used for LitmusChaos as well as only those namespaces should be selected in the UI when creating the chaos test.

Additionally, every submission of chaos test should be checked and validated if namespace can be used to run chaos test

If env variable for filtering namespaces is set to false, Litmus chaos should work as it works right now

neelanjan00 commented 2 years ago

Hi Augustas, thanks for creating this issue. Currently, Litmus does support namespace scoped installation only to allow the namespace in which Litmus is installed to be targeted. We can surely take this as a feature enhancement for cluster-wide installation.