tkestack
diff --git a/‎README.md‎
Lines changed: 15 additions & 12 deletions b/‎README.md‎
Lines changed: 15 additions & 12 deletions
diff --git a/‎README_zh.md‎
Lines changed: 15 additions & 12 deletions b/‎README_zh.md‎
Lines changed: 15 additions & 12 deletions
diff --git a/‎playbook/README.md‎
Lines changed: 1 addition & 1 deletion b/‎playbook/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎playbook/README_zh.md‎
Lines changed: 1 addition & 1 deletion b/‎playbook/README_zh.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎playbook/all-in-one-template.yaml‎
Lines changed: 3 additions & 3 deletions b/‎playbook/all-in-one-template.yaml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎playbook/install-argo.yaml‎
Lines changed: 13 additions & 13 deletions b/‎playbook/install-argo.yaml‎
Lines changed: 13 additions & 13 deletions
@@ -22,31 +22,34 @@ This project provides Kubernetes chaos testing capabilities covering scenarios l
 
 **dest cluster**
 
-2. Create `default/tke-chaos-precheck-resource ConfigMap` in `dest cluster` as a marker for testing eligibility, and create `tke-chaos-test-ns namespace`:
+2. Create `tke-chaos-test/tke-chaos-precheck-resource ConfigMap` in `dest cluster` as a marker for testing eligibility:
 ```bash
-kubectl create -n default configmap tke-chaos-precheck-resource --from-literal=empty="" && kubectl create ns tke-chaos-test-ns
+kubectl create ns tke-chaos-test && kubectl create -n tke-chaos-test configmap tke-chaos-precheck-resource --from-literal=empty=""
 ```
 
 **src cluster**
 
 3. Obtain `dest cluster`'s internal kubeconfig from Tencent Cloud TKE Console, save to `dest-cluster-kubeconfig` file, then create secret in `src cluster`:
 ```bash
-kubectl create secret generic dest-cluster-kubeconfig --from-file=config=./dest-cluster-kubeconfig
+kubectl create ns tke-chaos-test && kubectl create -n tke-chaos-test secret generic dest-cluster-kubeconfig --from-file=config=./dest-cluster-kubeconfig
 ```
 
-4. Deploy Argo Workflow and Workflow templates in `src cluster` (skip if Argo is already deployed, [**Argo Documentation**](https://argo-workflows.readthedocs.io/en/latest/)):
+4. Clone this project and then deploy Argo Workflow in `src cluster` (skip if Argo is already deployed, [**Argo Documentation**](https://argo-workflows.readthedocs.io/en/latest/)):
 ```bash
+# Clone this project
+git clone https://github.com/tkestack/tke-chaos-playbook.git && cd tke-chaos-playbook
+
 # Deploy Argo Workflow
-kubectl create namespace tke-chaos-argo && kubectl create -f playbook/install-argo.yaml
+kubectl create -f playbook/install-argo.yaml
 
 # Verify Argo Workflow Pod status
-kubectl get po -n tke-chaos-argo
+kubectl get po -n tke-chaos-test
 ```
 
-5. Enable public access for `tke-chaos-argo/tke-chaos-argo-workflows-server Service` in Tencent Cloud TKE Console. Access Argo Server UI at `LoadBalancer IP:2746` using credentials obtained via:
+5. Enable public access for `tke-chaos-test/tke-chaos-argo-workflows-server Service` in Tencent Cloud TKE Console. Access Argo Server UI at `LoadBalancer IP:2746` using credentials obtained via:
 ```bash
 # Get Argo Server UI access token
-kubectl exec -it -n tke-chaos-argo deployment/tke-chaos-argo-workflows-server -- argo auth token
+kubectl exec -it -n tke-chaos-test deployment/tke-chaos-argo-workflows-server -- argo auth token
 ```
 
 ![Argo Server UI](./playbook/docs/argo-server-ui.png)
@@ -67,7 +70,7 @@ kubectl create -f playbook/rabc.yaml && kubectl create -f playbook/all-in-one-te
 **Core Workflow Explanation**
 
 - **Testing Configuration**: Before execution, you may need to configure parameters like `webhook-url` for notifications. Default values are provided so testings can run without modification. See [Scenario Parameters](playbook/README.md) for details.
-- **Precheck**: Before execution, `dest cluster` health is validated by checking Node and Pod health ratios. Testings are blocked if below thresholds (adjustable via `precheck-pods-health-ratio` and `precheck-nodes-health-ratio`). Also verifies existence of `default/tke-chaos-precheck-resource ConfigMap`.
+- **Precheck**: Before execution, `dest cluster` health is validated by checking Node and Pod health ratios. Testings are blocked if below thresholds (adjustable via `precheck-pods-health-ratio` and `precheck-nodes-health-ratio`). Also verifies existence of `tke-chaos-test/tke-chaos-precheck-resource ConfigMap`.
 - **Execute Testing**: During kube-apiserver overload testing, the system floods `dest cluster`'s kube-apiserver with List Pod requests to simulate high load. Monitor kube-apiserver metrics via Tencent Cloud TKE Console and observe your business Pod health during testing.
 - **Result Processing**: View testing results in Argo Server UI (recommended) or via `kubectl describe workflow {workflow-name}`.
 
@@ -103,16 +106,16 @@ kubectl delete workflow {workflow-name}
 
 2. How to track testing progress after starting?
 
-  Monitor testing progress via Argo Server UI or `kubectl get workflow`. By default, testings run in the default namespace. You can also watch fault simulation Pods via `kubectl get po -w` - Error-state Pods typically indicate testing failures that can be investigated via Pod logs.
+  Monitor testing progress via Argo Server UI or `kubectl get -n tke-chaos-test workflow`. By default, testings run in the `tke-chaos-test` namespace. You can also watch fault simulation Pods via `kubectl get -n tke-chaos-test po -w` - Error-state Pods typically indicate testing failures that can be investigated via Pod logs.
 
 3. What are common failure reasons?
 
-  Typical issues include: insufficient RBAC permissions for fault simulation Pods, missing `default/tke-chaos-precheck-resource ConfigMap` in target cluster, missing `tke-chaos-test-ns namespace`, or Argo workflow controller anomalies. Check fault simulation Pod or Argo Workflow Controller logs for details.
+  Typical issues include: insufficient RBAC permissions for fault simulation Pods, missing `tke-chaos-test/tke-chaos-precheck-resource ConfigMap` in target cluster, missing `tke-chaos-test namespace`, or Argo workflow controller anomalies. Check fault simulation Pod or Argo Workflow Controller logs for details.
 
 4. How to troubleshoot Argo Workflow Controller issues?
 
   When workflows show no status after creation via `kubectl get workflow`, the Argo workflow-controller is likely malfunctioning. Check controller logs via:
 ```bash
-kubectl logs -n tke-chaos-argo deployment/tke-chaos-argo-workflows-workflow-controller --tail 50 -f
+kubectl logs -n tke-chaos-test deployment/tke-chaos-argo-workflows-workflow-controller --tail 50 -f
 ```
   Many cases involve insufficient RBAC permissions - modify the corresponding ClusterRole to add required permissions.
@@ -22,31 +22,34 @@
 
 **目标集群**
 
-2. 在`目标集群`中创建`default/tke-chaos-precheck-resource ConfigMap`，该资源用于标识`目标集群`可执行演练测试，同时在`目标集群`中创建`tke-chaos-test-ns namespace`
+2. 在`目标集群`中创建`tke-chaos-test/tke-chaos-precheck-resource ConfigMap`，该资源用于标识`目标集群`可执行演练测试。
 ```bash
-kubectl create -n default configmap tke-chaos-precheck-resource --from-literal=empty="" && kubectl create ns tke-chaos-test-ns
+kubectl create ns tke-chaos-test && kubectl create -n tke-chaos-test configmap tke-chaos-precheck-resource --from-literal=empty=""
 ```
 
 **源集群**
 
 3. 从腾讯云`TKE控制台`获取`目标集群`的内网接入`kubeconfig`凭证写入到`dest-cluster-kubeconfig`文件，并在`源集群`中执行如下命令创建`目标集群`的`kubeconfig`的`secret`
 ```bash
-kubectl create secret generic dest-cluster-kubeconfig --from-file=config=./dest-cluster-kubeconfig
+kubectl create ns tke-chaos-test && kubectl create -n tke-chaos-test secret generic dest-cluster-kubeconfig --from-file=config=./dest-cluster-kubeconfig
 ```
 
-4. 在`源集群`中部署`Argo Workflow`和演练模版（如`Argo`已部署，则不需要重复部署`Argo`，[**Argo Documentation**](https://argo-workflows.readthedocs.io/en/latest/)）
+4. 克隆本项目，并在`源集群`中部署`Argo Workflow`（如`Argo`已部署，则不需要重复部署`Argo`，[**Argo Documentation**](https://argo-workflows.readthedocs.io/en/latest/)）
 ```bash
+# 克隆项目
+git clone https://github.com/tkestack/tke-chaos-playbook.git && cd tke-chaos-playbook
+
 # 部署Argo Workflow
-kubectl create namespace tke-chaos-argo && kubectl create -f playbook/install-argo.yaml
+kubectl create -f playbook/install-argo.yaml
 
 # 验证Argo Workflow Pod正常运行
-kubectl get po -n tke-chaos-argo
+kubectl get po -n tke-chaos-test
 ```
 
-5. 腾讯云`TKE控制台`开启`tke-chaos-argo/tke-chaos-argo-workflows-server Service`公网访问，浏览器访问`LoadBalancer IP:2746`，执行如下命令获取的`Argo Server UI`接入凭证登录`Argo UI`，`Argo UI`可查看演练流程的详细信息。
+5. 腾讯云`TKE控制台`开启`tke-chaos-test/tke-chaos-argo-workflows-server Service`公网访问，浏览器访问`LoadBalancer IP:2746`，执行如下命令获取的`Argo Server UI`接入凭证登录`Argo UI`，`Argo UI`可查看演练流程的详细信息。
 ```bash
 # 获取Argo Server UI接入凭证
-kubectl exec -it -n tke-chaos-argo deployment/tke-chaos-argo-workflows-server -- argo auth token
+kubectl exec -it -n tke-chaos-test deployment/tke-chaos-argo-workflows-server -- argo auth token
 ```
 
 ![Argo Server UI](./playbook/docs/argo-server-ui.png)
@@ -68,7 +71,7 @@ kubectl create -f playbook/rabc.yaml && kubectl create -f playbook/all-in-one-te
 **核心流程说明**
 
 - **演练配置**：在开始执行演练前，您可能需要配置一些演练参数，如配置`webhook-url`参数配置企微群通知，参数均提供了默认值，您可以在不修改任何参数的情况下执行演练。各演练场景参数说明见[演练场景参数配置说明](playbook/README.md)
-- **演练前校验**：开始执行演练之前，会对`目标集群`做健康检查校验，检查演练集群中的`Node`和`Pod`的健康比例，低于阈值将不允许演练，您可以通过修改，`precheck-pods-health-ratio`和`precheck-nodes-health-ratio`参数调整阈值。同时会校验`目标集群`中是否存在`default/tke-chaos-precheck-resource ConfigMap`，如不存在将不允许演练。
+- **演练前校验**：开始执行演练之前，会对`目标集群`做健康检查校验，检查演练集群中的`Node`和`Pod`的健康比例，低于阈值将不允许演练，您可以通过修改，`precheck-pods-health-ratio`和`precheck-nodes-health-ratio`参数调整阈值。同时会校验`目标集群`中是否存在`tke-chaos-test/tke-chaos-precheck-resource ConfigMap`，如不存在将不允许演练。
 - **执行演练**：`kube-apiserver`高负载演练执行过程中，会对`目标集群`的`kube-apiserver`发起大量的洪泛`List Pod`请求，以模拟`kube-apiserver`高负载场景，您可以访问`腾讯云TKE控制台`的`目标集群`核心组件监控，查看`kube-apiserver`的负载情况。同时，您应该关注演练过程中您的业务Pod的健康状态，以验证`kube-apiserver`高负载是否会影响您的业务。
 - **演练结果**：您可以访问`Argo Server UI`查看演练结果（推荐），您也可以执行`kubectl describe workflow {workflow-name}`查看演练结果。
 
@@ -105,12 +108,12 @@ kubectl delete worflow {workflow-name}
 
 2. 演练开始执行后，如何知道演练执行到哪个步骤了?
 
-  您可以访问`Argo server UI`查看演练流程，您还可以执行`kubectl get workflow`查看工作流的执行状态。演练默认在default命名空间下执行，您还可以通过执行`kubectl get po -w`命令查看执行演练的`Pod`的执行情况，当出现`Error`状态的`Pod`时，大概率演练失败，您可以查看对应`Pod`日志进行排查。
+  您可以访问`Argo server UI`查看演练流程，您还可以执行`kubectl get -n tke-chaos-test workflow`查看工作流的执行状态。演练在`tke-chaos-test`命名空间下执行，您还可以通过执行`kubectl get -n tke-chaos-test po -w`命令查看执行演练的`Pod`的执行情况，当出现`Error`状态的`Pod`时，大概率演练失败，您可以查看对应`Pod`日志进行排查。
 
 3. 演练失败具体有哪些原因?
 
-  常见的错误包括如：执行演练的Pod`RBAC`权限不足问题、被测集群中用于校验的`default/tke-chaos-precheck-resource ConfigMap`不存在、被测集群中资源创建的`tke-chaos-test-ns namespace`不存在、`Argo workflow控制器`异常等。您可以排查演练`Pod`或`Argo Workflow Controller`的日志进行排查。
+  常见的错误包括如：执行演练的Pod`RBAC`权限不足问题、被测集群中用于校验的`tke-chaos-test/tke-chaos-precheck-resource ConfigMap`不存在、被测集群中资源创建的`tke-chaos-test namespace`不存在、`Argo workflow控制器`异常等。您可以排查演练`Pod`或`Argo Workflow Controller`的日志进行排查。
 
 4. `Argo Workflow Controller`异常排查?
 
-  当演练工作流创建后，通过`kubectl get workflow`查看工作流，工作流无状态时，此时大概率是`Argo workflow-controller`不工作，可以通过`kubectl logs -n tke-chaos-argo deployment/tke-chaos-argo-workflows-workflow-controller --tail 50 -f`查看`Argo Workflow Controller`的报错信息，很多情况下是RBAC权限不足，您应该修改对应的ClusterRole添加对应的资源权限。
+  当演练工作流创建后，通过`kubectl get workflow`查看工作流，工作流无状态时，此时大概率是`Argo workflow-controller`不工作，可以通过`kubectl logs -n tke-chaos-test deployment/tke-chaos-argo-workflows-workflow-controller --tail 50 -f`查看`Argo Workflow Controller`的报错信息，很多情况下是RBAC权限不足，您应该修改对应的ClusterRole添加对应的资源权限。
@@ -7,7 +7,7 @@
 **playbook**: `workflow/apiserver-overload-scenario.yaml`
 
 This scenario simulates high load on `kube-apiserver` with the following workflow:
-- **Pre-check**: Performs health checks on the target cluster, verifying the health ratio of Nodes and Pods. If below threshold, the test will be aborted. You can adjust thresholds via `precheck-pods-health-ratio` and `precheck-nodes-health-ratio` parameters. Also checks for existence of `default/tke-chaos-precheck-resource ConfigMap`.
+- **Pre-check**: Performs health checks on the target cluster, verifying the health ratio of Nodes and Pods. If below threshold, the test will be aborted. You can adjust thresholds via `precheck-pods-health-ratio` and `precheck-nodes-health-ratio` parameters. Also checks for existence of `tke-chaos-test/tke-chaos-precheck-resource ConfigMap`.
 - **Resource Warm-up**: Creates resources (`pods/configmaps`) to simulate production environment scale.
 - **Fault Injection**: Floods apiserver with `list pod/configmaps` requests to simulate high load.
 - **Cleanup**: Cleans up resources created during the test.
 
@@ -7,7 +7,7 @@
 **playbook**：`workflow/apiserver-overload-scenario.yaml`
 
 该场景构造`kube-apiserver`高负载，主要流程包括：
-- **演练校验**：对被演练的`目标集群`做健康检查，检查演练集群中的`Node`和`Pod`的健康比例，低于阈值将不允许演练，您可以通过修改`precheck-pods-health-ratio`和`precheck-nodes-health-ratio`参数调整阈值。同时会校验`目标集群`中是否存在`default/tke-chaos-precheck-resource ConfigMap`，如不存在将不允许演练。
+- **演练校验**：对被演练的`目标集群`做健康检查，检查演练集群中的`Node`和`Pod`的健康比例，低于阈值将不允许演练，您可以通过修改`precheck-pods-health-ratio`和`precheck-nodes-health-ratio`参数调整阈值。同时会校验`目标集群`中是否存在`tke-chaos-test/tke-chaos-precheck-resource ConfigMap`，如不存在将不允许演练。
 - **资源预热**：在集群中创建资源(`pods/configmaps`)，模拟现网环境资源规模。
 - **故障注入**：对apiserver发起洪泛`list pod/configmaps`请求，模拟`kube-apiserver`高负载压力。
 - **资源清理**：演练测试完成后清理演练过程中创建的资源。
 
@@ -522,7 +522,7 @@ spec:
         default: "tke-chaos-precheck-resource"
         description: "指定被演练集群中要检查的configmap名称"
       - name: check-configmap-namespace
-        default: "default"
+        default: "tke-chaos-test"
         description: "指定被演练集群中要检查的configmap所在的namespace"
       - name: pods-health-ratio
         default: "0.9"
@@ -719,7 +719,7 @@ spec:
         default: "tke-chaos-precheck-resource"
         description: "前置检查检测的configmap名称"
       - name: check-configmap-namespace
-        default: "default"
+        default: "tke-chaos-test"
         description: "前置检查检测的configmap命名空间"
       - name: pods-health-ratio
         default: "0.9"
@@ -733,7 +733,7 @@ spec:
         default: "ccr.ccs.tencentyun.com/tkeimages/tke-chaos:v0.0.1"
         description: "资源创建工具镜像"
       - name: resource-create-namespace
-        default: "tke-chaos-test-ns"
+        default: "tke-chaos-test"
         description: "创建资源所在的命名空间"
       - name: resource-create-object-type
         default: "pods"
 
@@ -4,7 +4,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: tke-chaos-argo-workflows-workflow-controller
-  namespace: "tke-chaos-argo"
+  namespace: "tke-chaos-test"
   labels:
     helm.sh/chart: argo-workflows-0.45.14
     app.kubernetes.io/name: argo-workflows-workflow-controller
@@ -19,7 +19,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: tke-chaos-argo-workflows-server
-  namespace: "tke-chaos-argo"
+  namespace: "tke-chaos-test"
   labels:
     helm.sh/chart: argo-workflows-0.45.14
     app.kubernetes.io/name: argo-workflows-server
@@ -34,7 +34,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: tke-chaos-argo-workflows-workflow-controller-configmap
-  namespace: "tke-chaos-argo"
+  namespace: "tke-chaos-test"
   labels:
     helm.sh/chart: argo-workflows-0.45.14
     app.kubernetes.io/name: argo-workflows-cm
@@ -3188,7 +3188,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: tke-chaos-argo-workflows-workflow-controller
-    namespace: "tke-chaos-argo"
+    namespace: "tke-chaos-test"
 ---
 # Source: argo-workflows/templates/controller/workflow-controller-crb.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -3210,7 +3210,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: tke-chaos-argo-workflows-workflow-controller
-    namespace: "tke-chaos-argo"
+    namespace: "tke-chaos-test"
 ---
 # Source: argo-workflows/templates/server/server-crb.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -3232,7 +3232,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: tke-chaos-argo-workflows-server
-  namespace: "tke-chaos-argo"
+  namespace: "tke-chaos-test"
 ---
 # Source: argo-workflows/templates/server/server-crb.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -3254,7 +3254,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: tke-chaos-argo-workflows-server
-  namespace: "tke-chaos-argo"
+  namespace: "tke-chaos-test"
 ---
 # Source: argo-workflows/templates/controller/workflow-role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -3292,7 +3292,7 @@ metadata:
     app: workflow-controller
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: argo-workflows
-  namespace: tke-chaos-argo
+  namespace: tke-chaos-test
 rules:
   - apiGroups:
       - argoproj.io
@@ -3338,22 +3338,22 @@ metadata:
     app: workflow-controller
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/part-of: argo-workflows
-  namespace: tke-chaos-argo
+  namespace: tke-chaos-test
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: tke-chaos-argo-workflows-workflow
 subjects:
   - kind: ServiceAccount
     name: argo-workflow
-    namespace: tke-chaos-argo
+    namespace: tke-chaos-test
 ---
 # Source: argo-workflows/templates/server/server-service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: tke-chaos-argo-workflows-server
-  namespace: "tke-chaos-argo"
+  namespace: "tke-chaos-test"
   labels:
     helm.sh/chart: argo-workflows-0.45.14
     app.kubernetes.io/name: argo-workflows-server
@@ -3378,7 +3378,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: tke-chaos-argo-workflows-workflow-controller
-  namespace: "tke-chaos-argo"
+  namespace: "tke-chaos-test"
   labels:
     helm.sh/chart: argo-workflows-0.45.14
     app.kubernetes.io/name: argo-workflows-workflow-controller
@@ -3466,7 +3466,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: tke-chaos-argo-workflows-server
-  namespace: "tke-chaos-argo"
+  namespace: "tke-chaos-test"
   labels:
     helm.sh/chart: argo-workflows-0.45.14
     app.kubernetes.io/name: argo-workflows-server