README
¶
Steadybit extension-azure
A Steadybit discovery and attack implementation to inject faults into various Azure services.
Learn about the capabilities of this extension in our Reliability Hub.
Configuration
| Environment Variable | Helm value | Meaning | Required | Default |
|---|---|---|---|---|
AZURE_CLIENT_ID |
azure.clientID | Azure Client Id | true | |
AZURE_TENANT_ID |
azure.tenantID | Azure Tenant ID | true | |
AZURE_CLIENT_SECRET |
azure.clientSecret | Azure Client Secret | false | |
AZURE_SUBSCRIPTION_ID |
azure.subscriptionID | Azure Subscription ID | false | |
STEADYBIT_EXTENSION_AZURE_CERTIFICATE_PATH |
azure.certificatePath | Location of a certificate used to authenticate to azure | false | |
STEADYBIT_EXTENSION_AZURE_CERTIFICATE_PASSWORD |
azure.certificatePassword | Passphrase for the certificate used to authenticate to azure | false | |
STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_VM |
discovery.attributes.excludes.vm | List of Target Attributes which will be excluded during discovery. Checked by key equality and supporting trailing "*" | false | |
STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_SCALE_SET_INSTANCE |
discovery.attributes.excludes.scaleSetInstance | List of Target Attributes which will be excluded during discovery. Checked by key equality and supporting trailing "*" | false | |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_AKS_CLUSTER |
discovery.enable.aksCluster | Enable AKS cluster discovery | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_AKS_NODE_POOL |
discovery.enable.aksNodePool | Enable AKS managed node pool discovery (and the terminate-instances attack) | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_SCALE_SET |
discovery.enable.scaleSet | Enable Virtual Machine Scale Set discovery | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_MANAGED_DISK |
discovery.enable.managedDisk | Enable Managed Disk discovery | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_NAT_GATEWAY |
discovery.enable.natGateway | Enable NAT Gateway discovery | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_COSMOS_DB |
discovery.enable.cosmosDb | Enable Cosmos DB account discovery | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_EVENT_GRID |
discovery.enable.eventGrid | Enable Event Grid topic + subscription discovery | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_SERVICE_BUS |
discovery.enable.serviceBus | Enable Service Bus namespace discovery | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_SERVICE_BUS_QUEUE |
discovery.enable.serviceBusQueue | Enable Service Bus queue discovery + disable-queue attack | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_SERVICE_BUS_TOPIC |
discovery.enable.serviceBusTopic | Enable Service Bus topic discovery + disable-topic attack | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_STORAGE_QUEUE |
discovery.enable.storageQueue | Enable Storage account discovery (queue surface) | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_LOAD_BALANCER |
discovery.enable.loadBalancer | Enable Load Balancer discovery | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_APPLICATION_GATEWAY |
discovery.enable.applicationGateway | Enable Application Gateway discovery | false | false |
STEADYBIT_EXTENSION_DISCOVERY_ENABLE_API_MANAGEMENT |
discovery.enable.apiManagement | Enable API Management service discovery | false | false |
The extension supports all environment variables provided by steadybit/extension-kit.
When installed as linux package this configuration is in/etc/steadybit/extension-azure.
To obtain the needed azure keys, please refer to this documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#get-tenant-and-app-id-values-for-signing-in
Installation
Kubernetes
Detailed information about agent and extension installation in kubernetes can also be found in our documentation.
Recommended (via agent helm chart)
All extensions provide a helm chart that is also integrated in the helm-chart of the agent.
You must provide additional values to activate this extension.
--set extension-azure.enabled=true \
--set extension-azure.azure.clientID=YOUR_CLIENT_ID \
--set extension-azure.azure.clientSecret=YOUR_CLIENT_SECRET \
--set extension-azure.azure.tenantID=YOUR_TENANT_ID \
Additional configuration options can be found in the helm-chart of the extension.
Alternative (via own helm chart)
If you need more control, you can install the extension via its dedicated helm-chart.
helm repo add steadybit-extension-azure https://steadybit.github.io/extension-azure
helm repo update
helm upgrade steadybit-extension-azure \
--install \
--wait \
--timeout 5m0s \
--create-namespace \
--namespace steadybit-agent \
--set azure.clientID=YOUR_CLIENT_ID \
--set azure.clientSecret=YOUR_CLIENT_SECRET \
--set azure.tenantID=YOUR_TENANT_ID \
steadybit-extension-azure/steadybit-extension-azure
Linux Package
Please use our agent-linux.sh script to install the extension on your Linux machine. The script will download the latest version of the extension and install it using the package manager.
After installing, configure the extension by editing /etc/steadybit/extension-azure and then restart the service.
Extension registration
Make sure that the extension is registered with the agent. In most cases this is done automatically. Please refer to the documentation for more information about extension registration and how to verify.
Version and Revision
The version and revision of the extension:
- are printed during the startup of the extension
- are added as a Docker label to the image
- are available via the
version.txt/revision.txtfiles in the root of the image
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package extstoragequeue discovers Azure Storage accounts that have the queue service enabled.
|
Package extstoragequeue discovers Azure Storage accounts that have the queue service enabled. |