diff --git a/faults/kubernetes/experiments.yaml b/faults/kubernetes/experiments.yaml index 8476299..d7e1163 100644 --- a/faults/kubernetes/experiments.yaml +++ b/faults/kubernetes/experiments.yaml @@ -3830,3 +3830,156 @@ spec: app.kubernetes.io/version: ci --- + +apiVersion: litmuschaos.io/v1alpha1 +description: + message: | + Injects network rate limit on pods belonging to an app deployment +kind: ChaosExperiment +metadata: + name: pod-network-rate-limit + labels: + name: pod-network-rate-limit + app.kubernetes.io/part-of: litmus + app.kubernetes.io/component: chaosexperiment + app.kubernetes.io/version: ci +spec: + definition: + scope: Namespaced + permissions: + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: + [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "deletecollection", + ] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "get", "list", "patch", "update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list"] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get", "list", "watch"] + # for creating and managing to execute commands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get", "list", "create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments", "statefulsets", "replicasets", "daemonsets"] + verbs: ["list", "get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list", "get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get", "list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list", "get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create", "list", "get", "delete", "deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines", "chaosexperiments", "chaosresults"] + verbs: ["create", "list", "get", "patch", "update", "delete"] + image: "litmuschaos.docker.scarf.sh/litmuschaos/go-runner:latest" + imagePullPolicy: Always + args: + - -c + - ./experiments -name pod-network-rate-limit + command: + - /bin/bash + env: + - name: TARGET_CONTAINER + value: "" + + # provide lib image + - name: LIB_IMAGE + value: "litmuschaos.docker.scarf.sh/litmuschaos/go-runner:latest" + + - name: NETWORK_INTERFACE + value: "eth0" + + - name: NETWORK_BANDWIDTH + value: "1mbit" + + - name: BURST + value: "32kb" + + - name: LIMIT + value: "2mb" + + - name: MIN_BURST + value: "" + + - name: PEAK_RATE + value: "" + + - name: TOTAL_CHAOS_DURATION + value: "60" # in seconds + + # time period to wait before and after injection of chaos in sec + - name: RAMP_TIME + value: "" + + ## percentage of total pods to target + - name: PODS_AFFECTED_PERC + value: "" + + - name: TARGET_PODS + value: "" + + # To select pods on specific node(s) + - name: NODE_LABEL + value: "" + + # provide the name of container runtime + # it supports docker, containerd, crio + - name: CONTAINER_RUNTIME + value: "containerd" + + # provide the destination ips + # chaos injection will be triggered for these destination ips + - name: DESTINATION_IPS + value: "" + + # provide the destination hosts + # chaos injection will be triggered for these destination hosts + - name: DESTINATION_HOSTS + value: "" + + # provide the socket file path + - name: SOCKET_PATH + value: "/run/containerd/containerd.sock" + + ## it defines the sequence of chaos execution for multiple target pods + ## supported values: serial, parallel + - name: SEQUENCE + value: "parallel" + + labels: + name: pod-network-rate-limit + app.kubernetes.io/part-of: litmus + app.kubernetes.io/component: experiment-job + app.kubernetes.io/runtime-api-usage: "true" + app.kubernetes.io/version: ci + +--- \ No newline at end of file diff --git a/faults/kubernetes/icons/pod-network-rate-limit.png b/faults/kubernetes/icons/pod-network-rate-limit.png new file mode 100644 index 0000000..5d13f6b Binary files /dev/null and b/faults/kubernetes/icons/pod-network-rate-limit.png differ diff --git a/faults/kubernetes/kubernetes.chartserviceversion.yaml b/faults/kubernetes/kubernetes.chartserviceversion.yaml index 2c17f0e..92a37ef 100644 --- a/faults/kubernetes/kubernetes.chartserviceversion.yaml +++ b/faults/kubernetes/kubernetes.chartserviceversion.yaml @@ -103,6 +103,9 @@ spec: - name: pod-http-reset-peer description: It injects pod-http-reset-peer chaos in a Kubernetes pod. displayName: "Pod HTTP Reset Peer" + - name: pod-network-rate-limit + description: It injects pod-network-rate-limit chaos in a Kubernetes pod. + displayName: "Pod Network Rate Limit" keywords: - Kubernetes maintainers: diff --git a/faults/kubernetes/kubernetes.package.yaml b/faults/kubernetes/kubernetes.package.yaml index 3db6bac..0a2ec44 100644 --- a/faults/kubernetes/kubernetes.package.yaml +++ b/faults/kubernetes/kubernetes.package.yaml @@ -97,3 +97,6 @@ faults: - name: node-network-loss CSV: node-network-loss.chartserviceversion.yaml desc: "node-network-loss" + - name: pod-network-rate-limit + CSV: pod-network-rate-limit.chartserviceversion.yaml + desc: "pod-network-rate-limit" diff --git a/faults/kubernetes/pod-network-rate-limit/engine.yaml b/faults/kubernetes/pod-network-rate-limit/engine.yaml new file mode 100644 index 0000000..9d72a3e --- /dev/null +++ b/faults/kubernetes/pod-network-rate-limit/engine.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: litmuschaos.io/v1alpha1 +kind: ChaosEngine +metadata: + name: nginx-network-chaos + namespace: default +spec: + # It can be active/stop + engineState: "active" + terminationGracePeriodSeconds: 30 + appinfo: + appns: "" + # FYI, To see app label, apply kubectl get pods --show-labels + applabel: "" + appkind: "" + chaosServiceAccount: pod-network-rate-limit-sa + experiments: + - name: pod-network-rate-limit + spec: + components: + env: + - name: TARGET_CONTAINER + value: "" + + - name: NETWORK_INTERFACE + value: "eth0" + + - name: NETWORK_BANDWIDTH + value: "1mbit" + + - name: BURST + value: "32kb" + + - name: LIMIT + value: "2mb" + + - name: MIN_BURST + value: "" + + - name: PEAK_RATE + value: "" + + - name: TOTAL_CHAOS_DURATION + value: "60" # in seconds + + # time period to wait before and after injection of chaos in sec + - name: RAMP_TIME + value: "" + + ## percentage of total pods to target + - name: PODS_AFFECTED_PERC + value: "" + + - name: TARGET_PODS + value: "" + + # To select pods on specific node(s) + - name: NODE_LABEL + value: "" + + # provide the name of container runtime + # it supports docker, containerd, crio + - name: CONTAINER_RUNTIME + value: "containerd" + + # provide the destination ips + # chaos injection will be triggered for these destination ips + - name: DESTINATION_IPS + value: "" + + # provide the destination hosts + # chaos injection will be triggered for these destination hosts + - name: DESTINATION_HOSTS + value: "" + + # provide the socket file path + - name: SOCKET_PATH + value: "/run/containerd/containerd.sock" + + ## it defines the sequence of chaos execution for multiple target pods + ## supported values: serial, parallel + - name: SEQUENCE + value: "parallel" diff --git a/faults/kubernetes/pod-network-rate-limit/fault.yaml b/faults/kubernetes/pod-network-rate-limit/fault.yaml new file mode 100644 index 0000000..ed7543d --- /dev/null +++ b/faults/kubernetes/pod-network-rate-limit/fault.yaml @@ -0,0 +1,151 @@ +--- +apiVersion: litmuschaos.io/v1alpha1 +description: + message: | + Injects network rate limit on pods belonging to an app deployment +kind: ChaosExperiment +metadata: + name: pod-network-rate-limit + labels: + name: pod-network-rate-limit + app.kubernetes.io/part-of: litmus + app.kubernetes.io/component: chaosexperiment + app.kubernetes.io/version: ci +spec: + definition: + scope: Namespaced + permissions: + # Create and monitor the experiment & helper pods + - apiGroups: [""] + resources: ["pods"] + verbs: + [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "deletecollection", + ] + # Performs CRUD operations on the events inside chaosengine and chaosresult + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "get", "list", "patch", "update"] + # Fetch configmaps details and mount it to the experiment pod (if specified) + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list"] + # Track and get the runner, experiment, and helper pods log + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get", "list", "watch"] + # for creating and managing to execute commands inside target container + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["get", "list", "create"] + # deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets}) + - apiGroups: ["apps"] + resources: ["deployments", "statefulsets", "replicasets", "daemonsets"] + verbs: ["list", "get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: ["apps.openshift.io"] + resources: ["deploymentconfigs"] + verbs: ["list", "get"] + # deriving the parent/owner details of the pod(if parent is deploymentConfig) + - apiGroups: [""] + resources: ["replicationcontrollers"] + verbs: ["get", "list"] + # deriving the parent/owner details of the pod(if parent is argo-rollouts) + - apiGroups: ["argoproj.io"] + resources: ["rollouts"] + verbs: ["list", "get"] + # for configuring and monitor the experiment job by the chaos-runner pod + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create", "list", "get", "delete", "deletecollection"] + # for creation, status polling and deletion of litmus chaos resources used within a chaos workflow + - apiGroups: ["litmuschaos.io"] + resources: ["chaosengines", "chaosexperiments", "chaosresults"] + verbs: ["create", "list", "get", "patch", "update", "delete"] + image: "litmuschaos.docker.scarf.sh/litmuschaos/go-runner:latest" + imagePullPolicy: Always + args: + - -c + - ./experiments -name pod-network-rate-limit + command: + - /bin/bash + env: + - name: TARGET_CONTAINER + value: "" + + # provide lib image + - name: LIB_IMAGE + value: "litmuschaos.docker.scarf.sh/litmuschaos/go-runner:latest" + + - name: NETWORK_INTERFACE + value: "eth0" + + - name: NETWORK_BANDWIDTH + value: "1mbit" + + - name: BURST + value: "32kb" + + - name: LIMIT + value: "2mb" + + - name: MIN_BURST + value: "" + + - name: PEAK_RATE + value: "" + + - name: TOTAL_CHAOS_DURATION + value: "60" # in seconds + + # time period to wait before and after injection of chaos in sec + - name: RAMP_TIME + value: "" + + ## percentage of total pods to target + - name: PODS_AFFECTED_PERC + value: "" + + - name: TARGET_PODS + value: "" + + # To select pods on specific node(s) + - name: NODE_LABEL + value: "" + + # provide the name of container runtime + # it supports docker, containerd, crio + - name: CONTAINER_RUNTIME + value: "containerd" + + # provide the destination ips + # chaos injection will be triggered for these destination ips + - name: DESTINATION_IPS + value: "" + + # provide the destination hosts + # chaos injection will be triggered for these destination hosts + - name: DESTINATION_HOSTS + value: "" + + # provide the socket file path + - name: SOCKET_PATH + value: "/run/containerd/containerd.sock" + + ## it defines the sequence of chaos execution for multiple target pods + ## supported values: serial, parallel + - name: SEQUENCE + value: "parallel" + + labels: + name: pod-network-rate-limit + app.kubernetes.io/part-of: litmus + app.kubernetes.io/component: experiment-job + app.kubernetes.io/runtime-api-usage: "true" + app.kubernetes.io/version: ci diff --git a/faults/kubernetes/pod-network-rate-limit/pod-network-rate-limit.chartserviceversion.yaml b/faults/kubernetes/pod-network-rate-limit/pod-network-rate-limit.chartserviceversion.yaml new file mode 100644 index 0000000..2c8b5f8 --- /dev/null +++ b/faults/kubernetes/pod-network-rate-limit/pod-network-rate-limit.chartserviceversion.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: litmuschaos.io/v1alpha1 +kind: ChartServiceVersion +metadata: + name: pod-network-rate-limit + version: 0.1.0 + annotations: + categories: Kubernetes + vendor: LitmusChaos +spec: + displayName: Pod Network Rate Limit + categoryDescription: | + Pod-network-rate-limit fault add the network rate limit to kubernetes pods + keywords: + - Kubernetes + platforms: + - GKE + - Minikube + - Packet(Kubeadm) + - EKS + maintainers: + - name: Neelanjan Manna + email: neelanjan.manna@harness.io + minKubeVersion: 1.12.0 + labels: + app.kubernetes.io/component: chartserviceversion + app.kubernetes.io/version: ci + links: + - name: Permissions + url: https://developer.harness.io/docs/chaos-engineering/use-harness-ce/chaos-faults/kubernetes/pod/pod-network-rate-limit/#permissions-required + icon: + - base64data: "" + mediatype: ""