{"id":25050628,"url":"https://github.com/steadybit/extension-host","last_synced_at":"2026-06-12T13:00:58.620Z","repository":{"id":153716895,"uuid":"629408675","full_name":"steadybit/extension-host","owner":"steadybit","description":"A Steadybit extension for host based actions (discovery / attacks)","archived":false,"fork":false,"pushed_at":"2026-06-09T11:12:01.000Z","size":4404,"stargazers_count":1,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-06-09T13:10:17.812Z","etag":null,"topics":["attack","chaos-engineering","fault","helm","host","kubernetes","network","process","stress","timetravel"],"latest_commit_sha":null,"homepage":"https://hub.steadybit.com/extension/com.steadybit.extension_host","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/steadybit.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-04-18T08:54:12.000Z","updated_at":"2026-06-09T11:12:46.000Z","dependencies_parsed_at":"2026-03-09T14:01:25.778Z","dependency_job_id":null,"html_url":"https://github.com/steadybit/extension-host","commit_stats":null,"previous_names":[],"tags_count":190,"template":false,"template_full_name":"steadybit/extension-scaffold","purl":"pkg:github/steadybit/extension-host","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-host","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-host/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-host/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-host/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/steadybit","download_url":"https://codeload.github.com/steadybit/extension-host/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-host/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34245218,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-12T02:00:06.859Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack","chaos-engineering","fault","helm","host","kubernetes","network","process","stress","timetravel"],"created_at":"2025-02-06T09:17:01.312Z","updated_at":"2026-06-12T13:00:58.523Z","avatar_url":"https://github.com/steadybit.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cimg src=\"./logo.svg\" height=\"130\" align=\"right\" alt=\"Host logo\"\u003e\n\n# Steadybit extension-host\n\nThis [Steadybit](https://www.steadybit.com/) extension provides a host discovery and various actions for host targets.\n\nLearn about the capabilities of this extension in our [Reliability Hub](https://hub.steadybit.com/extension/com.steadybit.extension_host).\n\n## Configuration\n\n| Environment Variable                                     | Helm value                         | Meaning                                                                                                                                                                                                                       | Required | Default |\n|----------------------------------------------------------|------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|\n| `STEADYBIT_LABEL_\u003ckey\u003e=\u003cvalue\u003e`                          |                                    | Environment variables starting with `STEADYBIT_LABEL_` will be added to discovered targets' attributes. \u003cbr\u003e**Example:** `STEADYBIT_LABEL_TEAM=Fullfillment` adds to each discovered target the attribute `team=Fullfillment` | no       |         |\n| `STEADYBIT_DISCOVERY_ENV_LIST`                           |                                    | List of environment variables to be evaluated and added to discovered targets' attributes. \u003cbr\u003e **Example:** `STEADYBIT_DISCOVERY_ENV_LIST=STAGE` adds to each target the attribute `stage=\u003cvalue of $STAGE\u003e`                 | no       |         |\n| `STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_HOST` | discovery.attributes.excludes.host | List of Target Attributes which will be excluded during discovery. Checked by key equality and supporting trailing \"*\"                                                                                                        | false    |         |\n\nThe extension supports all environment variables provided by [steadybit/extension-kit](https://github.com/steadybit/extension-kit#environment-variables).\n\nWhen installed as linux package this configuration is in`/etc/steadybit/extension-host`.\n\n## Needed capabilities\n\nThe capabilities needed by this extension are: (which are provided by the helm chart)\n\n- `SYS_ADMIN`\n- `SYS_CHROOT`\n- `SYS_BOOT`\n- `SYS_TIME`\n- `SYS_PTRACE`\n- `KILL`\n- `NET_RAW`\n- `NET_ADMIN`\n- `NET_BIND_SERVICE`\n- `BPF`\n- `DAC_OVERRIDE`\n- `SETUID`\n- `SETGID`\n- `AUDIT_WRITE`\n- `SETPCAP`\n- `MKNOD`\n\nOptional:\n\n- `SYS_RESOURCE`\n\n## Installation\n\n### Kubernetes\n\nDetailed information about agent and extension installation in kubernetes can also be found in\nour [documentation](https://docs.steadybit.com/install-and-configure/install-agent/install-on-kubernetes).\n\n#### Recommended (via agent helm chart)\n\nAll extensions provide a helm chart that is also integrated in the\n[helm-chart](https://github.com/steadybit/helm-charts/tree/main/charts/steadybit-agent) of the agent.\n\nThe extension is installed by default when you install the agent.\n\nYou can provide additional values to configure this extension.\n\nAdditional configuration options can be found in\nthe [helm-chart](https://github.com/steadybit/extension-host/blob/main/charts/steadybit-extension-host/values.yaml) of the\nextension.\n\n#### Alternative (via own helm chart)\n\nIf you need more control, you can install the extension via its\ndedicated [helm-chart](https://github.com/steadybit/extension-host/blob/main/charts/steadybit-extension-host).\n\n```bash\nhelm repo add steadybit-extension-host https://steadybit.github.io/extension-host\nhelm repo update\nhelm upgrade steadybit-extension-host \\\n    --install \\\n    --wait \\\n    --timeout 5m0s \\\n    --create-namespace \\\n    --namespace steadybit-agent \\\n    steadybit-extension-host/steadybit-extension-host\n```\n\n### Linux Package\n\nPlease use\nour [agent-linux.sh script](https://docs.steadybit.com/install-and-configure/install-agent/install-on-linux-hosts)\nto install the extension on your Linux machine. The script will download the latest version of the extension and install\nit using the package manager.\n\nAfter installing, configure the extension by editing `/etc/steadybit/extension-host` and then restart the service.\n\n## Extension registration\n\nMake sure that the extension is registered with the agent. In most cases this is done automatically. Please refer to\nthe [documentation](https://docs.steadybit.com/install-and-configure/install-agent/extension-registration) for more\ninformation about extension registration and how to verify.\n\n## Security\n\nWe try to limit the access needed for the extension to the absolute minimum. So the extension itself can run as a\nnon-root user on a read-only root file-system and will, by default, if deployed using the provided helm chart.\n\nIn order to execute certain actions the extension needs extended capabilities, see details below.\n\n### Resource Attacks\n\nThe resource attacks are starting processes in the target containers cgroup/namespaces using [runc (APL2.0)](https://github.com/opencontainers/runc) for this the following capabilities are needed: `CAP_SYS_CHROOT`, `CAP_SYS_ADMIN`, `CAP_SYS_PTRACE`, `CAP_NET_BIND_SERVICE`, `CAP_DAC_OVERRIDE`, `CAP_SETUID`, `CAP_SETGID`, `CAP_AUDIT_WRITE`, `CAP_KILL`.\nThese processes are executed with the root user, but are short-lived and terminated after the attack is finished.\n\nThe resource attacks optionally need `CAP_SYS_RESOURCE`. We'd recommend it to be used, otherwise the resource attacks are more likely to be oom-killed by the kernel and fail to carry out the attack.\n\nUnder the hood [stress-ng (GPL2.0)](https://github.com/ColinIanKing/stress-ng) is used to perform the stress attacks.\nFor the fill disk `dd` or `fallocate`  and [nsmount (MIT)](https://github.com/steadybit/nsmount) is used.\nFor the fill memory [memfill (MIT)](https://github.com/steadybit/memfill) is used.\n\nAll needed binaries are included in the extension container image.\n\n### Network Attacks\n\nThe network attacks are starting processes in the target containers network namespaces using [runc (APL2.0)](https://github.com/opencontainers/runc) for this the following capabilities are needed: `CAP_NET_ADMIN`, `CAP_NET_RAW`, `CAP_BPF`, `CAP_SYS_CHROOT`, `CAP_SYS_ADMIN`, `CAP_SYS_PTRACE`, `CAP_NET_BIND_SERVICE`, `CAP_DAC_OVERRIDE`, `CAP_SETUID`, `CAP_SETGID`, `CAP_AUDIT_WRITE`, `CAP_KILL`.\nThese processes are executed with the root user, but are short-lived and terminated after the attack is finished.\n\nUnder the hood start `ip` or `tc` is used to reconfigure the network stack and `dig` is used in case the hostnames need to be resolved.\n\nAll needed binaries are included in the extension container image.\n\n## Removing some of the capabilities in Kubernetes/Containers\n\nIn case you want to reduce the default capabilities of this extension, remove them from the helm values and use a custom image which doesn't set the capability on the executable.\nA customer image can be built using the following Dockerfile:\n\n```dockerfile\nFROM ghcr.io/steadybit/extension-host:latest\n\nUSER root\nRUN setcap 'cap_setuid,cap_sys_chroot,cap_setgid,cap_net_raw,cap_net_admin,cap_sys_admin,cap_dac_override,cap_sys_ptrace+eip' /extension\nUSER 10000\n\nENTRYPOINT [\"/extension\"]\n```\n\n## Version and Revision\n\nThe version and revision of the extension:\n- are printed during the startup of the extension\n- are added as a Docker label to the image\n- are available via the `version.txt`/`revision.txt` files in the root of the image\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsteadybit%2Fextension-host","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsteadybit%2Fextension-host","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsteadybit%2Fextension-host/lists"}