Merge branch 'master' into disable-gql-server-by-default

ADOPTERS.md

@@ -14,7 +14,7 @@ If you are an adopter and are willing to share your Chaos Mesh story, feel free
 | [DataStax](https://www.datastax.com/)                  |DataStax utilized Chaos Mesh to create a tool for running local or large scale remote based distributed correctness, verification and performance tests: [Fallout](https://github.com/datastax/fallout), which they use to test AstraDB, a multi-cloud DBaaS built on Apache Cassandra.            | [Leveraging Chaos Mesh in AstraDB Testing](https://youtu.be/Kw7gMurHJnQ)       |
 | [DigitalChina](http://www.digitalchina.com/en/)                  |To better serve their strategy to transform to cloud infrastructure, DigitalChina uses Chaos Mesh to test the application's ability to maintain business functions and to discover errors and vulnerabilities that may occur under extreme conditions.            |[Develop a Daily Reporting System for Chaos Mesh](https://mp.weixin.qq.com/s/dm6GayOE-4A6Bdz-ucS6Dw)       |
 | [KingNet](https://www.kingnet.com/)                  |KingNet uses Chaos Mesh for testing the availability of multiple data centers and microservice links. Chaos Mesh also helps them with mocking service unavailability or abnormal network conditions.            |To be added.       |
-| [GreptimeDB](https://www.greptime.com/)                  |GreptimeDB uses Chaos Mesh to enhance the correctness and availability of their distributed cluster. Chaos engineering finds lots of corner cases from the database implement to their dependencies.        |To be added.       |
+| [GreptimeDB](https://www.greptime.com/)                  |GreptimeDB uses Chaos Mesh to enhance the correctness and availability of their distributed cluster. Chaos engineering finds lots of corner cases from the database implement to their dependencies.        | [Chaos Engineering - Who's to Blame for the Bug Mess?](https://greptime.com/blogs/2023-11-06-chaos-engineering)       |
 | [NetEase Fuxi Lab](https://fuxi.163.com/fuxi-introduction)                  |Uses Chaos Mesh to improve the stability of their internal hybrid cloud. In addition, their users with cloud platforms also access Chaos Mesh to test the stability of user services.            |[How a Top Game Company Uses Chaos Engineering to Improve Testing](https://chaos-mesh.org/blog/how-a-top-game-company-uses-chaos-engineering-to-improve-testing)       |
 | [Percona](https://www.percona.com/)                  |Percona uses Chaos Mesh to test their Percona Kubernetes Operators, which is used to deploy their own Database-as-Service.            |[Chaos Mesh to Create Chaos in Kubernetes](https://www.percona.com/blog/2020/11/05/chaosmesh-to-create-chaos-in-kubernetes/)       |
 | [PingCAP](https://en.pingcap.com/)                  |Built [TiPocket](https://github.com/pingcap/tipocket) ontop of Chaos Mesh, an automated testing framework to build a full Chaos Engineering testing loop for TiDB, a distributed database.            |[Building an Automated Testing Framework Based on Chaos Mesh and Argo](https://chaos-mesh.org/blog/building_automated_testing_framework/)       |

CHANGELOG.md

@@ -16,6 +16,7 @@ For more information and how-to, see [RFC: Keep A Changelog](https://github.com/
 - Support for deploying chaos-dashboard with sidecar containers in helm chart [#4164](https://github.com/chaos-mesh/chaos-mesh/pull/4164)
 - Add `values.schema.json` [#4205](https://github.com/chaos-mesh/chaos-mesh/pull/4205)
 - Add [`GreptimeDB`](https://greptime.com) to ADOPTERS.md [#4245](https://github.com/chaos-mesh/chaos-mesh/pull/4245)
+- Support configurable chaos-dns-server pod affinities[#4260](https://github.com/chaos-mesh/chaos-mesh/pull/4260)
 
 ### Changed
 
@@ -49,6 +50,7 @@ For more information and how-to, see [RFC: Keep A Changelog](https://github.com/
 - Fix remote cluster cannot upgrade helm release [#4075](https://github.com/chaos-mesh/chaos-mesh/pull/4075)
 - Fix goroutine leak [#4229](https://github.com/chaos-mesh/chaos-mesh/pull/4229)
 - Remove the duplicate `make test` [#4234](https://github.com/chaos-mesh/chaos-mesh/pull/4234)
+- Fix daemon-server `SetDNSServer` endpoint to validate provided server address [#4246](https://github.com/chaos-mesh/chaos-mesh/pull/4246)
 
 ### Security
 

Makefile

@@ -50,7 +50,7 @@ endif
 
 endif
 
-BASIC_IMAGE_ENV= IMAGE_DEV_ENV_TAG=$(IMAGE_DEV_ENV_TAG) \
+BASIC_IMAGE_ENV=IMAGE_DEV_ENV_TAG=$(IMAGE_DEV_ENV_TAG) \
 	IMAGE_BUILD_ENV_TAG=$(IMAGE_BUILD_ENV_TAG) \
 	IMAGE_TAG=$(IMAGE_TAG) TARGET_PLATFORM=$(TARGET_PLATFORM) \
 	GO_BUILD_CACHE=$(GO_BUILD_CACHE)
@@ -214,12 +214,24 @@ PAUSE_IMAGE ?= gcr.io/google-containers/pause:latest
 e2e: e2e-build ## Run e2e tests in current kubernetes cluster
 	./e2e-test/image/e2e/bin/ginkgo ${GINKGO_FLAGS} ./e2e-test/image/e2e/bin/e2e.test -- --e2e-image ghcr.io/chaos-mesh/e2e-helper:${IMAGE_TAG} --pause-image ${PAUSE_IMAGE}
 
+define failpoint-ctl
+	find $(ROOT)/* -type d | grep -vE "(\.git|bin|\.cache|ui)" | xargs failpoint-ctl $1
+endef
+
+failpoint-enable: SHELL:=$(RUN_IN_DEV_SHELL)
+failpoint-enable: images/dev-env/.dockerbuilt ## Enable failpoint stub for testing
+	$(call failpoint-ctl,enable)
+
+failpoint-disable: SHELL:=$(RUN_IN_DEV_SHELL)
+failpoint-disable: images/dev-env/.dockerbuilt ## Disable failpoint stub for testing
+	$(call failpoint-ctl,disable)
+
 test: SHELL:=$(RUN_IN_DEV_SHELL)
 test: generate manifests test-utils images/dev-env/.dockerbuilt ## Run unit tests
-	make failpoint-enable
+	$(call failpoint-ctl,enable)
 	CGO_ENABLED=1 $(GOTEST) -p 1 $$($(PACKAGE_LIST)) -coverprofile cover.out.tmp -covermode=atomic
 	cat cover.out.tmp | grep -v "_generated.deepcopy.go" > cover.out
-	make failpoint-disable
+	$(call failpoint-ctl,disable)
 
 ##@ Advanced building targets
 
@@ -303,14 +315,6 @@ bin/chaos-builder: SHELL:=$(RUN_IN_DEV_SHELL)
 bin/chaos-builder: images/dev-env/.dockerbuilt
 	$(CGOENV) go build -ldflags '$(LDFLAGS)' -buildvcs=false -o bin/chaos-builder ./cmd/chaos-builder/...
 
-failpoint-enable: SHELL:=$(RUN_IN_DEV_SHELL)
-failpoint-enable: images/dev-env/.dockerbuilt ## Enable failpoint stub for testing
-	find $(ROOT)/* -type d | grep -vE "(\.git|bin|\.cache|ui)" | xargs failpoint-ctl enable
-
-failpoint-disable: SHELL:=$(RUN_IN_DEV_SHELL)
-failpoint-disable: images/dev-env/.dockerbuilt ## Disable failpoint stub for testing
-	find $(ROOT)/* -type d | grep -vE "(\.git|bin|\.cache|ui)" | xargs failpoint-ctl disable
-
 .PHONY: all image clean test manifests manifests/crd.yaml \
 	boilerplate tidy groupimports fmt vet lint install.sh schedule-migration \
 	config proto \

controllers/test/types.go

@@ -23,7 +23,6 @@ import (
 	"google.golang.org/grpc"
 
 	"github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/client"
-	"github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/pb"
 	chaosdaemon "github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/pb"
 	"github.com/chaos-mesh/chaos-mesh/pkg/mock"
 )
@@ -106,10 +105,10 @@ func (c *MockChaosDaemonClient) UninstallJVMRules(ctx context.Context, in *chaos
 	return nil, mockError("UninstallJVMRules")
 }
 
-func (c *MockChaosDaemonClient) ApplyBlockChaos(ctx context.Context, req *pb.ApplyBlockChaosRequest, opts ...grpc.CallOption) (*pb.ApplyBlockChaosResponse, error) {
+func (c *MockChaosDaemonClient) ApplyBlockChaos(ctx context.Context, req *chaosdaemon.ApplyBlockChaosRequest, opts ...grpc.CallOption) (*chaosdaemon.ApplyBlockChaosResponse, error) {
 	return nil, mockError("ApplyBlockChaosRequest")
 }
 
-func (c *MockChaosDaemonClient) RecoverBlockChaos(ctx context.Context, req *pb.RecoverBlockChaosRequest, opts ...grpc.CallOption) (*empty.Empty, error) {
+func (c *MockChaosDaemonClient) RecoverBlockChaos(ctx context.Context, req *chaosdaemon.RecoverBlockChaosRequest, opts ...grpc.CallOption) (*empty.Empty, error) {
 	return &empty.Empty{}, nil
 }

hack/env-image-tag.sh

@@ -14,7 +14,7 @@
 # limitations under the License.
 #
 
-# This script would report the tag of build-env and dev-env to use based on configuartion file env-images.yaml.
+# This script would report the tag of build-env and dev-env to use based on configuration file env-images.yaml.
 #
 # Usage:
 # On master branch:
@@ -29,9 +29,9 @@ set -euo pipefail
 DIR="$( cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd )"
 PROJECT_DIR="$(dirname "$DIR")"
 
-if [ "$#" -eq  "0" ]; then
-  echo "Usage: $0 <env-image-name>"
-  exit 1
+if [[ "$#" == "0" ]]; then
+  echo "Usage: $0 <env-image-name: dev-env|build-env>"
+  exit 0
 fi
 
 if [[ "$1" == "dev-env" || "$1" == "build-env"  ]]; then

helm/chaos-mesh/templates/dns-deployment.yaml

@@ -42,17 +42,10 @@ spec:
     {{- end }}
     spec:
       serviceAccountName: {{ .Values.dnsServer.serviceAccount }}
+      {{- with .Values.dnsServer.affinity }}
       affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 100
-            podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                  - key: k8s-app
-                    operator: In
-                    values: ["chaos-dns"]
-              topologyKey: kubernetes.io/hostname
+{{ toYaml . | indent 8 }}
+      {{- end }}
       {{- with .Values.dnsServer.tolerations }}
       tolerations:
 {{ toYaml . | indent 8 }}

helm/chaos-mesh/values.yaml

@@ -452,6 +452,18 @@ dnsServer:
     LISTEN_HOST: "0.0.0.0"
     # The port of chaos-dns-server listen on
     LISTEN_PORT: 53
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+        - podAffinityTerm:
+            labelSelector:
+              matchExpressions:
+                - key: app.kubernetes.io/component
+                  operator: In
+                  values:
+                    - chaos-dns-server
+            topologyKey: kubernetes.io/hostname
+          weight: 100
 
 prometheus:
   # Enable prometheus

install.sh

@@ -1963,14 +1963,15 @@ spec:
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 100
-            podAffinityTerm:
+          - podAffinityTerm:
               labelSelector:
                 matchExpressions:
-                  - key: k8s-app
-                    operator: In
-                    values: ["chaos-dns"]
+                - key: app.kubernetes.io/component
+                  operator: In
+                  values:
+                  - chaos-dns-server
               topologyKey: kubernetes.io/hostname
+            weight: 100
       priorityClassName: 
       containers:
       - name: chaos-dns-server

pkg/chaosdaemon/dns_server.go

@@ -18,6 +18,7 @@ package chaosdaemon
 import (
 	"context"
 	"fmt"
+	"net"
 
 	"github.com/golang/protobuf/ptypes/empty"
 	"github.com/pkg/errors"
@@ -32,6 +33,8 @@ const (
 	DNSServerConfFile = "/etc/resolv.conf"
 )
 
+var ErrInvalidDNSServer = errors.New("invalid DNS server address")
+
 func (s *DaemonServer) SetDNSServer(ctx context.Context,
 	req *pb.SetDNSServerRequest) (*empty.Empty, error) {
 	log := s.getLoggerFromContext(ctx)
@@ -46,8 +49,8 @@ func (s *DaemonServer) SetDNSServer(ctx context.Context,
 	if req.Enable {
 		// set dns server to the chaos dns server's address
 
-		if len(req.DnsServer) == 0 {
-			return &empty.Empty{}, errors.Errorf("invalid set dns server request %v", req)
+		if net.ParseIP(req.DnsServer) == nil {
+			return nil, ErrInvalidDNSServer
 		}
 
 		// backup the /etc/resolv.conf

pkg/chaosdaemon/dns_server_test.go

@@ -0,0 +1,137 @@
+// Copyright 2023 Chaos Mesh Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package chaosdaemon_test
+
+import (
+	"context"
+	"os/exec"
+	"testing"
+
+	"github.com/go-logr/logr"
+	. "github.com/onsi/gomega"
+
+	"github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon"
+	"github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/crclients"
+	"github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/crclients/test"
+	pb "github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/pb"
+	"github.com/chaos-mesh/chaos-mesh/pkg/mock"
+)
+
+func Test_SetDNSServer_Enable(t *testing.T) {
+	g := NewWithT(t)
+
+	type mockCmd struct {
+		cmd  string
+		args []string
+	}
+	var executedCommands []mockCmd
+
+	mock.With("MockProcessBuild", func(ctx context.Context, cmd string, args ...string) *exec.Cmd {
+		executedCommands = append(executedCommands, mockCmd{cmd, args})
+		return exec.Command("echo", "mock command")
+	})
+
+	mock.With("MockContainerdClient", &test.MockClient{})
+
+	crc, err := crclients.CreateContainerRuntimeInfoClient(&crclients.CrClientConfig{
+		Runtime: crclients.ContainerRuntimeContainerd,
+	})
+	g.Expect(err).NotTo(HaveOccurred())
+
+	server := chaosdaemon.NewDaemonServerWithCRClient(crc, nil, logr.Discard())
+
+	res, err := server.SetDNSServer(context.TODO(), &pb.SetDNSServerRequest{
+		ContainerId: "containerd://foo",
+		DnsServer:   "8.6.4.2",
+		Enable:      true,
+		EnterNS:     false,
+	})
+	g.Expect(err).NotTo(HaveOccurred())
+	g.Expect(res).NotTo(BeNil())
+
+	g.Expect(executedCommands).To(Equal([]mockCmd{
+		{cmd: "sh", args: []string{"-c", "ls /etc/resolv.conf.chaos.bak || cp /etc/resolv.conf /etc/resolv.conf.chaos.bak"}},
+		{cmd: "sh", args: []string{"-c", "cp /etc/resolv.conf /etc/resolv_conf_dnschaos_temp && sed -i 's/.*nameserver.*/nameserver 8.6.4.2/' /etc/resolv_conf_dnschaos_temp && cat /etc/resolv_conf_dnschaos_temp > /etc/resolv.conf && rm /etc/resolv_conf_dnschaos_temp"}},
+	}))
+}
+
+func Test_SetDNSServer_Enable_InvalidIP(t *testing.T) {
+	g := NewWithT(t)
+
+	cases := []string{"", "127.0.0.b", " 127.0.0.1", "127.0.0.1 ", ":g:1", "127.0.0.1;"}
+
+	mock.With("MockProcessBuild", func(ctx context.Context, cmd string, args ...string) *exec.Cmd {
+		g.Fail("no process should be executed")
+		return exec.Command("echo", "mock command")
+	})
+
+	mock.With("MockContainerdClient", &test.MockClient{})
+
+	crc, err := crclients.CreateContainerRuntimeInfoClient(&crclients.CrClientConfig{
+		Runtime: crclients.ContainerRuntimeContainerd,
+	})
+	g.Expect(err).NotTo(HaveOccurred())
+
+	server := chaosdaemon.NewDaemonServerWithCRClient(crc, nil, logr.Discard())
+
+	for _, tc := range cases {
+		res, err := server.SetDNSServer(context.TODO(), &pb.SetDNSServerRequest{
+			ContainerId: "containerd://foo",
+			DnsServer:   tc,
+			Enable:      true,
+			EnterNS:     false,
+		})
+		g.Expect(err).To(Equal(chaosdaemon.ErrInvalidDNSServer))
+		g.Expect(res).To(BeNil())
+	}
+}
+
+func Test_SetDNSServer_Disable(t *testing.T) {
+	g := NewWithT(t)
+
+	type mockCmd struct {
+		cmd  string
+		args []string
+	}
+	var executedCommands []mockCmd
+
+	mock.With("MockProcessBuild", func(ctx context.Context, cmd string, args ...string) *exec.Cmd {
+		executedCommands = append(executedCommands, mockCmd{cmd, args})
+		return exec.Command("echo", "mock command")
+	})
+
+	mock.With("MockContainerdClient", &test.MockClient{})
+
+	crc, err := crclients.CreateContainerRuntimeInfoClient(&crclients.CrClientConfig{
+		Runtime: crclients.ContainerRuntimeContainerd,
+	})
+	g.Expect(err).NotTo(HaveOccurred())
+
+	server := chaosdaemon.NewDaemonServerWithCRClient(crc, nil, logr.Discard())
+
+	res, err := server.SetDNSServer(context.TODO(), &pb.SetDNSServerRequest{
+		ContainerId: "containerd://foo",
+		DnsServer:   "",
+		Enable:      false,
+		EnterNS:     false,
+	})
+	g.Expect(err).NotTo(HaveOccurred())
+	g.Expect(res).NotTo(BeNil())
+
+	g.Expect(executedCommands).To(Equal([]mockCmd{
+		{cmd: "sh", args: []string{"-c", "ls /etc/resolv.conf.chaos.bak && cat /etc/resolv.conf.chaos.bak > /etc/resolv.conf || true"}},
+	}))
+}