1 // Copyright 2021 Chaos Mesh Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 16 package config 17 18 import ( 19 "time" 20 21 "github.com/kelseyhightower/envconfig" 22 ) 23 24 // TLSConfig defines the configuration for chaos-daemon and chaosd tls client 25 type TLSConfig struct { 26 // ChaosMeshCACert is the path of chaos daemon ca cert 27 ChaosMeshCACert string `envconfig:"CHAOS_MESH_CA_CERT" default:""` 28 // ChaosDaemonClientCert is the path of chaos daemon certificate 29 ChaosDaemonClientCert string `envconfig:"CHAOS_DAEMON_CLIENT_CERT" default:""` 30 // ChaosDaemonClientKey is the path of chaos daemon certificate key 31 ChaosDaemonClientKey string `envconfig:"CHAOS_DAEMON_CLIENT_KEY" default:""` 32 33 // ChaosdCACert is the path of chaosd ca cert 34 ChaosdCACert string `envconfig:"CHAOSD_CA_CERT" default:""` 35 // ChaosdClientCert is the path of chaosd certificate 36 ChaosdClientCert string `envconfig:"CHAOSD_CLIENT_CERT" default:""` 37 // ChaosdClientKey is the path of chaosd certificate key 38 ChaosdClientKey string `envconfig:"CHAOSD_CLIENT_KEY" default:""` 39 } 40 41 // ChaosControllerConfig defines the configuration for Chaos Controller 42 type ChaosControllerConfig struct { 43 // ChaosDaemonPort is the port which grpc server listens on 44 ChaosDaemonPort int `envconfig:"CHAOS_DAEMON_SERVICE_PORT" default:"31767"` 45 46 TLSConfig 47 48 // The QPS config for kubernetes client 49 QPS float32 `envconfig:"QPS" default:"30"` 50 // The Burst config for kubernetes client 51 Burst int `envconfig:"BURST" default:"50"` 52 53 // BPFKIPort is the port which BFFKI grpc server listens on 54 BPFKIPort int `envconfig:"BPFKI_PORT" default:"50051"` 55 // WebhookHost and WebhookPort are combined into an address the webhook server bind to 56 WebhookHost string `envconfig:"WEBHOOK_HOST" default:"0.0.0.0"` 57 WebhookPort int `envconfig:"WEBHOOK_PORT" default:"9443"` 58 // MetricsHost and MetricsPort are combined into an address the metric endpoint binds to 59 MetricsHost string `envconfig:"METRICS_HOST" default:"0.0.0.0"` 60 MetricsPort int `envconfig:"METRICS_PORT" default:"10080"` 61 // PprofAddr is the address the pprof endpoint binds to. 62 PprofAddr string `envconfig:"PPROF_ADDR" default:"0"` 63 64 // CtrlAddr os the address the ctrlserver bind to 65 CtrlAddr string `envconfig:"CTRL_ADDR"` 66 67 // EnableLeaderElection enables leader election for controller manager 68 // Enabling this will ensure there is only one active controller manager 69 EnableLeaderElection bool `envconfig:"ENABLE_LEADER_ELECTION" default:"true"` 70 // LeaderElectLeaseDuration is the duration that non-leader candidates will 71 // wait to force acquire leadership. This is measured against time of 72 // last observed ack. (default 15s) 73 LeaderElectLeaseDuration time.Duration `envconfig:"LEADER_ELECT_LEASE_DURATION" default:"15s"` 74 // LeaderElectRenewDeadline is the duration that the acting control-plane 75 // will retry refreshing leadership before giving up. (default 10s) 76 LeaderElectRenewDeadline time.Duration `envconfig:"LEADER_ELECT_RENEW_DEADLINE" default:"10s"` 77 // LeaderElectRetryPeriod is the duration the LeaderElector clients should wait 78 // between tries of actions. (default 2s) 79 LeaderElectRetryPeriod time.Duration `envconfig:"LEADER_ELECT_RETRY_PERIOD" default:"2s"` 80 81 // EnableFilterNamespace will filter namespace with annotation. Only the pods/containers in namespace 82 // annotated with `chaos-mesh.org/inject=enabled` will be injected 83 EnableFilterNamespace bool `envconfig:"ENABLE_FILTER_NAMESPACE" default:"false"` 84 // CertsDir is the directory for storing certs key file and cert file 85 CertsDir string `envconfig:"CERTS_DIR" default:"/etc/webhook/certs"` 86 // RPCTimeout is timeout of RPC between controllers and chaos-operator 87 RPCTimeout time.Duration `envconfig:"RPC_TIMEOUT" default:"1m"` 88 // ClusterScoped means control Chaos Object in cluster level(all namespace), 89 ClusterScoped bool `envconfig:"CLUSTER_SCOPED" default:"true"` 90 // TargetNamespace is the target namespace to injecting chaos. 91 // It only works with ClusterScoped is false; 92 TargetNamespace string `envconfig:"TARGET_NAMESPACE" default:""` 93 94 // DNSServiceName is the name of DNS service, which is used for DNS chaos 95 DNSServiceName string `envconfig:"CHAOS_DNS_SERVICE_NAME" default:""` 96 DNSServicePort int `envconfig:"CHAOS_DNS_SERVICE_PORT" default:""` 97 98 // SecurityMode is used for enable authority validation in admission webhook 99 SecurityMode bool `envconfig:"SECURITY_MODE" default:"true" json:"security_mode"` 100 101 // ChaosdSecurityMode is used for enable mTLS connection between chaos-controller-manager and chaod 102 ChaosdSecurityMode bool `envconfig:"CHAOSD_SECURITY_MODE" default:"true" json:"chaosd_security_mode"` 103 104 // Namespace is the namespace which the controller manager run in 105 Namespace string `envconfig:"NAMESPACE" default:""` 106 107 // AllowHostNetworkTesting removes the restriction on chaos testing pods with `hostNetwork` set to true 108 AllowHostNetworkTesting bool `envconfig:"ALLOW_HOST_NETWORK_TESTING" default:"false"` 109 110 // PodFailurePauseImage is used to set a custom image for pod failure 111 PodFailurePauseImage string `envconfig:"POD_FAILURE_PAUSE_IMAGE" default:"gcr.io/google-containers/pause:latest"` 112 113 EnabledControllers []string `envconfig:"ENABLED_CONTROLLERS" default:"*"` 114 EnabledWebhooks []string `envconfig:"ENABLED_WEBHOOKS" default:"*"` 115 116 LocalHelmChartPath string `envconfig:"LOCAL_HELM_CHART_PATH" default:""` 117 } 118 119 // EnvironChaosController returns the settings from the environment. 120 func EnvironChaosController() (ChaosControllerConfig, error) { 121 cfg := ChaosControllerConfig{} 122 err := envconfig.Process("", &cfg) 123 return cfg, err 124 } 125