Merge pull request #9 from SQxiaoxiaomeng/apiserver-shutdown

add tke managerd cluster master component shutdown scenario.

Author: tangcong

playbook/README.md

@@ -112,11 +112,48 @@ TODO
 ## TKE Self-maintenance of Master cluster's kube-scheduler Disruption
 TODO
 
-## Managed Cluster's kube-apiserver Disruption
-TODO
+## Managed Cluster Master Component Disruption
 
-## Managed Cluster's kube-controller-manager Disruption
-TODO
+**playbooks**:
+1. kube-apiserver disruption: `workflow/managed-cluster-apiserver-shutdown-scenario.yaml`
+2. kube-controller-manager disruption: `workflow/managed-cluster-controller-manager-shutdown-scenario.yaml` 
+3. kube-scheduler disruption: `workflow/managed-cluster-scheduler-shutdown-scenario.yaml`
 
-## Managed Cluster's kube-scheduler Disruption
-TODO
+This scenario tests the disruption of managed cluster master components via Tencent Cloud API with the following workflow:
+
+1. **Pre-check**: Verify the existence of `tke-chaos-test/tke-chaos-precheck-resource ConfigMap` in the target cluster to ensure the cluster is ready for testing
+2. **Component Shutdown**: Log in to Argo Web UI, click the `RESUME` button under the `SUMMARY` tab of the `suspend-1` node to call Tencent Cloud API for stopping the master component
+3. **Status Verification**: After a 20-second delay, check the master status to confirm successful shutdown
+4. **Business Verification**: During apiserver shutdown, verify business impact
+5. **Component Recovery**: Click the `RESUME` button under the `SUMMARY` tab of the `suspend-2` node to call Tencent Cloud API for restoring the master component
+6. **Final Verification**: After another 20-second delay, recheck the component status to confirm successful restoration, marking the end of the test
+
+**Atomic Operations Library**
+
+The `workflow/managed-cluster-master-component/` directory contains atomic operations for command-line environments. Each YAML file corresponds to a minimal operation (e.g. shutdown/recovery) without UI dependency.
+
+For Kubernetes environments without Argo Web UI access, execute component tests directly via CLI. Example for apiserver:
+
+1. apiserver shutdown:
+```bash
+kubectl create -f workflow/managed-cluster-master-component/shutdown-apiserver.yaml
+```
+
+2. apiserver recovery:
+```bash
+kubectl create -f workflow/managed-cluster-master-component/restore-apiserver.yaml
+```
+
+**Parameters**
+
+| Parameter | Type | Default | Description |
+|-----------|------|---------|-------------|
+| `region` | `string` | <REGION> | Tencent Cloud region, e.g. `ap-guangzhou` [Region List](https://www.tencentcloud.com/document/product/213/6091?lang=en&pg=) |
+| `secret-id` | `string` | <SECRET_ID> | Tencent Cloud API secret ID, obtain from [API Key Management](https://console.cloud.tencent.com/cam/capi) |
+| `secret-key` | `string` | <SECRET_KEY> | Tencent Cloud API secret key |
+| `cluster-id` | `string` | <CLUSTER_ID> | Target cluster ID |
+| `kubeconfig-secret-name` | `string` | `dest-cluster-kubeconfig` | Secret name containing target cluster kubeconfig |
+
+**Notes**
+1. Will affect master component availability during test
+2. Recommended to execute in non-production environments or maintenance windows

playbook/README_zh.md

@@ -112,11 +112,51 @@ TODO
 ## TKE Master自维护集群kube-scheduler停服
 TODO
 
-## 托管集群kube-apiserver组件停服
-TODO
+## 托管集群master组件停服
 
-## 托管集群kube-controller-manager停服
-TODO
+**playbook**
+1. kube-apiserver停服&恢复：`workflow/managed-cluster-apiserver-shutdown-scenario.yaml`
+2. kube-controller-manager停服&恢复：`workflow/managed-cluster-controller-manager-shutdown-scenario.yaml`
+3. kube-scheduler停服&恢复：`workflow/managed-cluster-scheduler-shutdown-scenario.yaml`
 
-## 托管集群kube-scheduler停服
-TODO
+该场景通过腾讯云API对托管集群的`master`组件进行停服演练，主要流程包括：
+
+1. **前置检查**：验证目标集群中存在`tke-chaos-test/tke-chaos-precheck-resource ConfigMap`，确保集群可用于演练
+2. **组件停机**：登录argo Web UI，点击`suspend-1`节点`SUMMARY`标签下的`RESUME`按钮，调用腾讯云API停止`master`组件
+3. **状态验证**：延迟20秒后检查`master`状态，确保组件停机成功
+4. **业务验证**：`apiserver`停服期间，您可以去验证您的业务是否受到`apiserver`停服的影响
+5. **组件恢复**：点击`suspend-2`节点`SUMMARY`标签下的`RESUME`按钮，调用腾讯云API恢复`master`组件
+6. **最终验证**：延迟20秒后，再次检查组件状态确保恢复成功，演练结束
+
+**原子操作库**
+
+`workflow/managed-cluster-master-component/`目录下是`​Master`组件停服演练的原子操作库，专为命令行环境设计，提供独立、可逆的管控单元。每个`YAML`文件对应一个最小化操作动作​（如停服/恢复），无需依赖 UI 或复杂编排。
+
+若您的 Kubernetes 环境无法访问 Argo Web UI，可通过命令行直接调用原子化工作流执行组件演练。以`apiserver`停服演练为例，具体操作如下：
+
+1. apiserver组件停服
+```bash
+kubectl create -f workflow/managed-cluster-master-component/shutdown-apiserver.yaml
+```
+
+2. apiserver组件恢复
+```bash
+kubectl create -f workflow/managed-cluster-master-component/restore-apiserver.yaml
+```
+
+**参数说明**
+
+您需要修改演练`YAML`文件中`region`、`secret-id`、`secret-key`、`cluster-id`参数，参数说明如下：
+
+| 参数名称 | 类型 | 默认值 | 说明 |
+|---------|------|--------|------|
+| `region` | `string` | <REGION> | 腾讯云地域，如`ap-guangzhou` [地域查询](https://www.tencentcloud.com/zh/document/product/213/6091) |
+| `secret-id` | `string` | <SECRET_ID> | 腾讯云API密钥ID, 密钥可前往官网控制台 [API密钥管理](https://console.cloud.tencent.com/cam/capi) 进行获取 |
+| `secret-key` | `string` | <SECRET_KEY> | 腾讯云API密钥 |
+| `cluster-id` | `string` | <CLUSTER_ID> | 演练集群ID |
+| `kubeconfig-secret-name` | `string` | `dest-cluster-kubeconfig` | 目标集群kubeconfig secret名称 |
+
+**注意事项**
+
+2. 演练过程中会影响集群`master`组件服务可用性
+3. 建议在非生产环境或维护窗口期执行

playbook/all-in-one-template.yaml

@@ -340,6 +340,55 @@ spec:
         - key: config
           path: config
 
+---
+# Description: Template for interacting with Tencent Cloud TKE API
+# API Documentation: https://cloud.tencent.com/document/api
+#
+# Parameters:
+#   args: JSON format parameters for TKE API call. Required fields:
+#     - secretId: Tencent Cloud API secret ID (Manage at: https://console.cloud.tencent.com/cam/capi)
+#     - secretKey: Tencent Cloud API secret key
+#     - region: Cloud region (e.g. ap-guangzhou)
+#     - clusterId: TKE cluster ID
+#     - component: Kubernetes component name (e.g. kube-apiserver, kube-controller-manager, kube-scheduler)
+#     - action: API action name (e.g. describe, shutdown, restore)
+#
+# Example args value:
+# {
+#   "secretId": "<SECRET_ID>",
+#   "secretKey": "<SECRET_KEY>",
+#   "region": "ap-qingyuan",
+#   "clusterId": "cls-12345678",
+#   "component": "kube-apiserver",
+#   "action": "describe"
+# }
+apiVersion: argoproj.io/v1alpha1
+kind: ClusterWorkflowTemplate
+metadata:
+  name: tke-master-manager-template
+spec:
+  entrypoint: caller
+  templates:
+  - name: caller
+    inputs:
+      parameters:
+      - name: image
+        default: "ccr.ccs.tencentyun.com/tkeimages/tke-chaos:v0.0.2"
+      - name: args
+    container:
+      image: "{{inputs.parameters.image}}"
+      command:
+      - /kubestress
+      - mastermanager
+      - --provider=tke
+      - --args={{inputs.parameters.args}}
+    outputs:
+      parameters:
+      - name: response
+        valueFrom:
+          default: "null"
+          path: /tmp/response.txt
+
 ---
 # 功能说明: 企微群通知模版
 # generate-apiserver-overload-test-notify-message: 生成Markdown消息

playbook/template/tke-master-manager-template.yaml

@@ -0,0 +1,48 @@
+---
+# Description: Template for interacting with Tencent Cloud TKE API
+# API Documentation: https://cloud.tencent.com/document/api
+#
+# Parameters:
+#   args: JSON format parameters for TKE API call. Required fields:
+#     - secretId: Tencent Cloud API secret ID (Manage at: https://console.cloud.tencent.com/cam/capi)
+#     - secretKey: Tencent Cloud API secret key
+#     - region: Cloud region (e.g. ap-guangzhou)
+#     - clusterId: TKE cluster ID
+#     - component: Kubernetes component name (e.g. kube-apiserver, kube-controller-manager, kube-scheduler)
+#     - action: API action name (e.g. describe, shutdown, restore)
+#
+# Example args value:
+# {
+#   "secretId": "<SECRET_ID>",
+#   "secretKey": "<SECRET_KEY>",
+#   "region": "ap-qingyuan",
+#   "clusterId": "cls-12345678",
+#   "component": "kube-apiserver",
+#   "action": "describe"
+# }
+apiVersion: argoproj.io/v1alpha1
+kind: ClusterWorkflowTemplate
+metadata:
+  name: tke-master-manager-template
+spec:
+  entrypoint: caller
+  templates:
+  - name: caller
+    inputs:
+      parameters:
+      - name: image
+        default: "ccr.ccs.tencentyun.com/tkeimages/tke-chaos:v0.0.2"
+      - name: args
+    container:
+      image: "{{inputs.parameters.image}}"
+      command:
+      - /kubestress
+      - mastermanager
+      - --provider=tke
+      - --args={{inputs.parameters.args}}
+    outputs:
+      parameters:
+      - name: response
+        valueFrom:
+          default: "null"
+          path: /tmp/response.txt

playbook/workflow/managed-cluster-apiserver-shutdown-scenario.yaml

@@ -0,0 +1,148 @@
+---
+# Description: TKE Managed Cluster kube-apiserver Shutdown Test Scenario
+# 
+# This workflow simulates and tests the kube-apiserver outage scenario with following steps:
+# 1. Performing pre-checks
+# 2. Shutting down the kube-apiserver component
+# 3. Verifying the shutdown status
+# 4. Restoring the kube-apiserver
+# 5. Verifying the restoration
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  labels:
+    apiserver-shutdown-scenario: "true"
+  name: apiserver-shutdown-scenario
+  namespace: tke-chaos-test
+spec:
+  entrypoint: main
+  serviceAccountName: tke-chaos
+  arguments:
+    parameters:
+    - name: region  # Tencent Cloud region (e.g. ap-qingyuan)
+      value: "<REGION>"
+    - name: cluster-id  # Cluster ID
+      value: "<CLUSTER_ID>"
+    - name: secret-id  # Tencent Cloud API secret ID
+      value: "<SECRET_ID>"
+    - name: secret-key  # Tencent Cloud API secret key
+      value: "<SECRET_KEY>"
+    - name: kubeconfig-secret-name  # Secret name containing target cluster's kubeconfig
+      value: "dest-cluster-kubeconfig"
+    - name: precheck-configmap-name  # ConfigMap name for pre-check validation
+      value: "tke-chaos-precheck-resource"
+    - name: precheck-configmap-namespace  # Namespace of pre-check ConfigMap
+      value: "tke-chaos-test"
+  templates:
+  - name: main
+    steps:
+    - - name: precheck
+        arguments:
+          parameters:
+          - name: kubeconfig-secret-name
+            value: "{{workflow.parameters.kubeconfig-secret-name}}"
+          - name: precheck-configmap-name
+            value: "{{workflow.parameters.precheck-configmap-name}}"
+          - name: precheck-configmap-namespace
+            value: "{{workflow.parameters.precheck-configmap-namespace}}"
+          - name: source
+            value: |
+              kubectl get -n {{workflow.parameters.precheck-configmap-namespace}} configmap {{workflow.parameters.precheck-configmap-name}}
+        templateRef:
+          name: kubectl-cmd
+          template: kubectl-script
+          clusterScope: true
+    - - name: suspend-1
+        template: suspend
+    - - name: shutdown-apiserver
+        arguments:
+          parameters:
+          - name: args
+            value: |
+              {
+                  "secretId": "{{workflow.parameters.secret-id}}",
+                  "secretKey": "{{workflow.parameters.secret-key}}",
+                  "region": "{{workflow.parameters.region}}",
+                  "clusterId": "{{workflow.parameters.cluster-id}}",
+                  "component": "kube-apiserver",
+                  "action": "shutdown"
+              }
+        templateRef:
+          name: tke-master-manager-template
+          template: caller
+          clusterScope: true
+    - - name: delay-1
+        template: delay
+        arguments:
+          parameters:
+          - name: duration
+            value: "20s"
+    - - name: get-apiserver-status-1
+        arguments:
+          parameters:
+          - name: args
+            value: |
+              {
+                  "secretId": "{{workflow.parameters.secret-id}}",
+                  "secretKey": "{{workflow.parameters.secret-key}}",
+                  "region": "{{workflow.parameters.region}}",
+                  "clusterId": "{{workflow.parameters.cluster-id}}",
+                  "component": "kube-apiserver",
+                  "action": "describe"
+              }
+        templateRef:
+          name: tke-master-manager-template
+          template: caller
+          clusterScope: true
+    - - name: suspend-2
+        template: suspend
+    - - name: restore-apiserver
+        arguments:
+          parameters:
+          - name: args
+            value: |
+              {
+                  "secretId": "{{workflow.parameters.secret-id}}",
+                  "secretKey": "{{workflow.parameters.secret-key}}",
+                  "region": "{{workflow.parameters.region}}",
+                  "clusterId": "{{workflow.parameters.cluster-id}}",
+                  "component": "kube-apiserver",
+                  "action": "restore"
+              }
+        templateRef:
+          name: tke-master-manager-template
+          template: caller
+          clusterScope: true
+    - - name: delay-2
+        template: delay
+        arguments:
+          parameters:
+          - name: duration
+            value: "20s"
+    - - name: get-apiserver-status-2
+        arguments:
+          parameters:
+          - name: args
+            value: |
+              {
+                  "secretId": "{{workflow.parameters.secret-id}}",
+                  "secretKey": "{{workflow.parameters.secret-key}}",
+                  "region": "{{workflow.parameters.region}}",
+                  "clusterId": "{{workflow.parameters.cluster-id}}",
+                  "component": "kube-apiserver",
+                  "action": "describe"
+              }
+        templateRef:
+          name: tke-master-manager-template
+          template: caller
+          clusterScope: true
+
+  - name: suspend
+    suspend: {}
+
+  - name: delay
+    inputs:
+      parameters:
+      - name: duration
+    suspend:
+      duration: "{{inputs.parameters.duration}}"