---
apiVersion: litmuschaos.io/v1alpha1
description:
  message: |
    Pod DNS Spoof can spoof particular DNS requests in target pod container to desired target hostnames
kind: ChaosExperiment
metadata:
  name: pod-dns-spoof
  labels:
    name: pod-dns-spoof
    app.kubernetes.io/part-of: litmus
    app.kubernetes.io/component: chaosexperiment
    app.kubernetes.io/version: ci
spec:
  definition:
    scope: Namespaced
    permissions:
      # Create and monitor the experiment & helper pods
      - apiGroups: [""]
        resources: ["pods"]
        verbs:
          [
            "create",
            "delete",
            "get",
            "list",
            "patch",
            "update",
            "deletecollection",
          ]
      # Performs CRUD operations on the events inside chaosengine and chaosresult
      - apiGroups: [""]
        resources: ["events"]
        verbs: ["create", "get", "list", "patch", "update"]
      # Fetch configmaps details and mount it to the experiment pod (if specified)
      - apiGroups: [""]
        resources: ["configmaps"]
        verbs: ["get", "list"]
      # Track and get the runner, experiment, and helper pods log
      - apiGroups: [""]
        resources: ["pods/log"]
        verbs: ["get", "list", "watch"]
      # for creating and managing to execute commands inside target container
      - apiGroups: [""]
        resources: ["pods/exec"]
        verbs: ["get", "list", "create"]
      # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets})
      - apiGroups: ["apps"]
        resources: ["deployments", "statefulsets", "replicasets", "daemonsets"]
        verbs: ["list", "get"]
      # deriving the parent/owner details of the pod(if parent is deploymentConfig)
      - apiGroups: ["apps.openshift.io"]
        resources: ["deploymentconfigs"]
        verbs: ["list", "get"]
      # deriving the parent/owner details of the pod(if parent is deploymentConfig)
      - apiGroups: [""]
        resources: ["replicationcontrollers"]
        verbs: ["get", "list"]
      # deriving the parent/owner details of the pod(if parent is argo-rollouts)
      - apiGroups: ["argoproj.io"]
        resources: ["rollouts"]
        verbs: ["list", "get"]
      # for configuring and monitor the experiment job by the chaos-runner pod
      - apiGroups: ["batch"]
        resources: ["jobs"]
        verbs: ["create", "list", "get", "delete", "deletecollection"]
      # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
      - apiGroups: ["litmuschaos.io"]
        resources: ["chaosengines", "chaosexperiments", "chaosresults"]
        verbs: ["create", "list", "get", "patch", "update", "delete"]
    image: "litmuschaos.docker.scarf.sh/litmuschaos/go-runner:latest"
    args:
      - -c
      - ./experiments -name pod-dns-spoof
    command:
      - /bin/bash
    env:
      - name: TARGET_CONTAINER
        value: ""

      # provide lib image
      - name: LIB_IMAGE
        value: "litmuschaos.docker.scarf.sh/litmuschaos/go-runner:latest"

      - name: DEFAULT_HEALTH_CHECK
        value: "false"

      - name: TOTAL_CHAOS_DURATION
        value: "60" # in seconds

      # Time period to wait before and after injection of chaos in sec
      - name: RAMP_TIME
        value: ""

      ## percentage of total pods to target
      - name: PODS_AFFECTED_PERC
        value: ""

      - name: TARGET_PODS
        value: ""

      # provide the name of container runtime, it supports docker, containerd, crio
      - name: CONTAINER_RUNTIME
        value: "containerd"

      # provide the socket file path
      - name: SOCKET_PATH
        value: "/run/containerd/containerd.sock"

      ## it defines the sequence of chaos execution for multiple target pods
      ## supported values: serial, parallel
      - name: SEQUENCE
        value: "parallel"

      # map of the target hostnames eg. '{"abc.com":"spoofabc.com"}' . If empty no queries will be spoofed
      - name: SPOOF_MAP
        value: ""

    labels:
      experiment: pod-dns-spoof
      app.kubernetes.io/part-of: litmus
      app.kubernetes.io/component: experiment-job
      app.kubernetes.io/runtime-api-usage: "true"
      app.kubernetes.io/version: ci