search

lucky-sideburn / kubeinvaders

Gamified Chaos Engineering Tool for Kubernetes
Apache License 2.0
1.03k stars 127 forks source link

OpenShift Template Issue #36

Closed pittar closed 3 years ago

pittar commented 3 years ago

Hi,

The recent version of the OpenShift template seems to have "ROUTE_URL" env variable defined twice, once with the "ROUTE_URL" template variable and once with "ENDPOINT" variable.

https://github.com/lucky-sideburn/KubeInvaders/blob/master/openshift/KubeInvaders.yaml#L86

Is one of these a typo?

lucky-sideburn commented 3 years ago

Hi Pittar! Yes it is because in ENDPOINT is equal to ROUTE_HOST. I prefer the Helm Chart deployment but I have to configure the Routes.. Is it working?

pittar commented 3 years ago

Hey!

It used to work (a few months ago), but I haven't had any luck in the last 2 months or so.

Also, the template wants to re-create the ServiceAccount that is manually created as part of the OpenShift instructions. For example, this is the output I get when I process the template:

$ oc process -f openshift/KubeInvaders.yaml -p ROUTE_HOST=$ROUTE_HOST -p TARGET_NAMESPACE=$TARGET_NAMESPACE -p KUBEINVADERS_SECRET=$KUBEINVADERS_SECRET | oc create -f -
W0419 11:42:58.925325   57929 shim_kubectl.go:55] Using non-groupfied API resources is deprecated and will be removed in a future release, update apiVersion to "template.openshift.io/v1" for your resource
route.route.openshift.io/kubeinvaders created
service/kubeinvaders created
deploymentconfig.apps.openshift.io/kubeinvaders created
Error from server (AlreadyExists): serviceaccounts "kubeinvaders" already exists

Kubeinvaders installs, but when I go to the URL I see the game board with no characters. If I inspect the page, it's a steady stream of errors in the Chrome console:

GET https://kube/pods?action=list&namespace=undefined net::ERR_NAME_NOT_RESOLVED

pittar commented 3 years ago

Quick update, changing the image tag from latest to legacy got things back on track for the most part.

I now see pods (aliens) show up. If I scale up my deployment more aliens appear. If I shoot an alien, a pod doesn't get killed, though, and the Chrome console spits out a 500 error: VM452:1 DELETE https://kubeinvaders.example.com/kube/api/v1/namespaces/invadertest/pods/petclinic-68f7495999-schs5 500 (Internal Server Error)

If I give the kubeinvaders service account cluster-admin it works.

lucky-sideburn commented 3 years ago

Hi Pittar!

I have fixed also the deployment of the new version of KubeInvaders in Openshift

TARGET_NAMESPACE=foobar,awesome-namespace
ROUTE_HOST=kubeinvaders.org
IP_WHITELIST="93.44.96.4"

oc create sa kubeinvaders -n kubeinvaders-new
oc adm policy add-cluster-role-to-user kubeinvaders-role -z kubeinvaders -n kubeinvaders-new

KUBEINVADERS_SECRET=$(oc get secret -n kubeinvaders-new --field-selector=type==kubernetes.io/service-account-token | grep 'kubeinvaders-token' | awk '{ print $1}' | head -n 1)

oc process -n kubeinvaders-new -f openshift/KubeInvaders.yaml -p NAMESPACE=kubeinvaders-new -p ROUTE_HOST=$ROUTE_HOST -p TARGET_NAMESPACE=$TARGET_NAMESPACE -p KUBEINVADERS_SECRET=$KUBEINVADERS_SECRET | oc create -f -
pittar commented 3 years ago

Hey @lucky-sideburn

Thanks for the quick responses. I'm still having the same issue with "latest" not working. The default "kubeinvaders" role doesn't seem to allow me to actually delete pods.

I'm going to take a crack at a little more debugging. I'll post back what I find.

pittar commented 3 years ago

@lucky-sideburn , if I wanted to build my own "legacy" image, is there a specific tag or branch I can build off of? Would it be a simple "docker build -t ...." process?

lucky-sideburn commented 3 years ago

Hi @pittar I am sorry I forgot to say to you to pull from master because yesterday I changed the default image into the Openshift template.

Unfortunately it is not possible to build "legacy" version. Because I would like to add this project into the cncf landscape I decided to rewrite the game in pure javascript and Openresty. The legacy code is based on Defold that is a game framework not entirely open.

pittar commented 3 years ago

Hi @lucky-sideburn , Did you push your change to master? It looks like the last commit was back in February (22 days ago).

I'm pretty sure lines 84-87 of the template are wrong. Instead of:

          - name: ROUTE_HOST
            value: "${ROUTE_HOST}" 
          - name: ROUTE_HOST
            value: "${ENDPOINT}"

It should be:

          - name: ROUTE_HOST
            value: "${ROUTE_HOST}" 
          - name: ENDPOINT
            value: "${ROUTE_HOST}"

I'll fork the repo and debug a little if I have some free time over the next few days.

lucky-sideburn commented 3 years ago

@pittar sorry I forgot to push :) I have done right now

pittar commented 3 years ago

All good. I'll close this issue.

I'm making a few improvements (you'll see a few PRs). Feel free to accept or reject :)

I still seem to require "cluster-admin" to actually delete pods, not sure why this kubeinvaders-role doesn't seem to be good enough.