github/krkn
1
0
Fork 0
mirror of https://github.com/krkn-chaos/krkn.git synced 2026-02-16 19:09:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:v3.1.0
Branches Tags
github:main github:snyk-fix-8b2a3e624c5b6c96adf86464c306e013 github:feature/collect-error-logs github:snyk-fix-61283c4679c7847af4a38257f129a77b github:snyk-fix-1c85b1fa504d1dff7ad991be55318fd4 github:snyk-fix-38663102b453a951f74a460225896b0e github:paigerube14-patch-1 github:dependabot/pip/werkzeug-3.1.5 github:snyk-fix-5b2d0e2d95649abc9299338cd209a06e github:dependabot/pip/utils/chaos_ai/docker/werkzeug-3.1.5 github:snyk-fix-e72d9a02c072cb1181e4f191ffbeb371 github:dependabot/pip/utils/chaos_ai/docker/werkzeug-3.1.4 github:snyk-fix-aa670878b437e81a239af1a812c30c33 github:snyk-fix-3d4b5a39a0fa9a01f9c30e53446bf5ae github:snyk-fix-5ef3cb370ecde610fba736896d5e060e github:snyk-fix-9a74c11cc69a450855a8348d3f9c1ed9 github:dependabot/pip/werkzeug-3.1.4 github:cncf_incubation github:snyk-fix-f95998b940241283ac7e1e09c91c74a6 github:snyk-fix-c7260fb792ffc513167a72aeeee2d26e github:snyk-fix-4a05488c440b4de8a3ea814c0155b241 github:snyk-fix-6792f414eecf8ee0711ac13f8e873d27 github:snyk-fix-f97de4f4666ce45318c24c82f5d7e045 github:snyk-fix-24b15a1ada28226bdfbba467de15dc87 github:snyk-fix-83070ee0443d6439bb11a65895309c1f github:snyk-fix-8a5526b00e76ae8edcfeb38dd2d49cd7 github:snyk-fix-6d44f4cfd32447649c034f50c2ef1014 github:v1.3.4 github:remove-powerfulseal github:gh-pages
github:v5.0.0 github:v4.0.16 github:v4.0.15 github:v4.0.14 github:v4.0.13 github:v4.0.12 github:v4.0.11 github:v4.0.10 github:v4.0.9 github:v4.0.8 github:v4.0.7 github:v4.0.6 github:v4.0.5 github:v4.0.4 github:v4.0.3 github:v4.0.2 github:v4.0.1 github:v4.0.0 github:v3.1.2 github:v3.1.1 github:v3.1.0 github:v3.0.7 github:v3.0.6 github:v3.0.5 github:v3.0.4 github:v3.0.3 github:v3.0.2 github:v3.0.1 github:v3.0.0 github:v2.0.12 github:v2.0.11 github:v2.0.10 github:v2.0.9 github:v2.0.8 github:v2.0.7 github:v2.0.6 github:v2.0.5 github:v2.0.4 github:v2.0.3 github:v2.0.2 github:v2.0.1 github:v2.0.0 github:v1.6.9 github:v1.6.8 github:v1.6.7 github:v1.6.6 github:v1.6.5 github:v1.6.4 github:v1.6.3 github:v1.6.2 github:v1.6.1 github:v1.6.0 github:v1.5.14 github:v1.5.13 github:v1.5.12 github:v1.5.11 github:v1.5.10 github:v1.5.9 github:v1.5.8 github:v1.5.7 github:v1.5.6 github:v1.5.5 github:v1.5.4 github:v1.5.3 github:v1.5.2 github:v1.5.1 github:v1.5.0 github:v1.4.7 github:v1.4.6 github:v1.4.5 github:v1.4.4 github:v1.4.3 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.3.6 github:v1.3.5 github:v.1.3.4 github:v1.3.3 github:v1.3.2 github:v1.3.1 github:v1.3.0 github:v1.2.0 github:v1.1.1 github:v1.1.0 github:v1.0.1 github:v1.0.0
..
compare: github:v3.1.2
Branches Tags
github:main github:snyk-fix-8b2a3e624c5b6c96adf86464c306e013 github:feature/collect-error-logs github:snyk-fix-61283c4679c7847af4a38257f129a77b github:snyk-fix-1c85b1fa504d1dff7ad991be55318fd4 github:snyk-fix-38663102b453a951f74a460225896b0e github:paigerube14-patch-1 github:dependabot/pip/werkzeug-3.1.5 github:snyk-fix-5b2d0e2d95649abc9299338cd209a06e github:dependabot/pip/utils/chaos_ai/docker/werkzeug-3.1.5 github:snyk-fix-e72d9a02c072cb1181e4f191ffbeb371 github:dependabot/pip/utils/chaos_ai/docker/werkzeug-3.1.4 github:snyk-fix-aa670878b437e81a239af1a812c30c33 github:snyk-fix-3d4b5a39a0fa9a01f9c30e53446bf5ae github:snyk-fix-5ef3cb370ecde610fba736896d5e060e github:snyk-fix-9a74c11cc69a450855a8348d3f9c1ed9 github:dependabot/pip/werkzeug-3.1.4 github:cncf_incubation github:snyk-fix-f95998b940241283ac7e1e09c91c74a6 github:snyk-fix-c7260fb792ffc513167a72aeeee2d26e github:snyk-fix-4a05488c440b4de8a3ea814c0155b241 github:snyk-fix-6792f414eecf8ee0711ac13f8e873d27 github:snyk-fix-f97de4f4666ce45318c24c82f5d7e045 github:snyk-fix-24b15a1ada28226bdfbba467de15dc87 github:snyk-fix-83070ee0443d6439bb11a65895309c1f github:snyk-fix-8a5526b00e76ae8edcfeb38dd2d49cd7 github:snyk-fix-6d44f4cfd32447649c034f50c2ef1014 github:v1.3.4 github:remove-powerfulseal github:gh-pages
github:v5.0.0 github:v4.0.16 github:v4.0.15 github:v4.0.14 github:v4.0.13 github:v4.0.12 github:v4.0.11 github:v4.0.10 github:v4.0.9 github:v4.0.8 github:v4.0.7 github:v4.0.6 github:v4.0.5 github:v4.0.4 github:v4.0.3 github:v4.0.2 github:v4.0.1 github:v4.0.0 github:v3.1.2 github:v3.1.1 github:v3.1.0 github:v3.0.7 github:v3.0.6 github:v3.0.5 github:v3.0.4 github:v3.0.3 github:v3.0.2 github:v3.0.1 github:v3.0.0 github:v2.0.12 github:v2.0.11 github:v2.0.10 github:v2.0.9 github:v2.0.8 github:v2.0.7 github:v2.0.6 github:v2.0.5 github:v2.0.4 github:v2.0.3 github:v2.0.2 github:v2.0.1 github:v2.0.0 github:v1.6.9 github:v1.6.8 github:v1.6.7 github:v1.6.6 github:v1.6.5 github:v1.6.4 github:v1.6.3 github:v1.6.2 github:v1.6.1 github:v1.6.0 github:v1.5.14 github:v1.5.13 github:v1.5.12 github:v1.5.11 github:v1.5.10 github:v1.5.9 github:v1.5.8 github:v1.5.7 github:v1.5.6 github:v1.5.5 github:v1.5.4 github:v1.5.3 github:v1.5.2 github:v1.5.1 github:v1.5.0 github:v1.4.7 github:v1.4.6 github:v1.4.5 github:v1.4.4 github:v1.4.3 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.3.6 github:v1.3.5 github:v.1.3.4 github:v1.3.3 github:v1.3.2 github:v1.3.1 github:v1.3.0 github:v1.2.0 github:v1.1.1 github:v1.1.0 github:v1.0.1 github:v1.0.0

23 Commits
v3.1.0 ... v3.1.2

Author SHA1 Message Date
Tullio Sebastiani
f04f1f1101 added workload image as scenario parameter (#854)
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 8m58s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
* added workload image as scenario parameter

Signed-off-by: Tullio Sebastiani <tsebasti@redhat.com>

* renamed workload_image to image

Signed-off-by: Tullio Sebastiani <tsebasti@redhat.com>

---------

Signed-off-by: Tullio Sebastiani <tsebasti@redhat.com>
 2025-06-25 17:08:59 +02:00
Naga Ravi Chaitanya Elluri
bddbd42f8c Expose kube_check parameter for baremetal node scenarios
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 10m7s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Naga Ravi Chaitanya Elluri <nelluri@redhat.com>
 2025-06-16 11:43:32 -04:00
dependabot[bot]
630dbd805b Bump requests from 2.32.2 to 2.32.4
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 9m38s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Bumps [requests](https://github.com/psf/requests) from 2.32.2 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.2...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 12:54:11 -04:00
Paige Patton
10d26ba50e adding kube check into gcp zone' 
Signed-off-by: Paige Patton <prubenda@redhat.com>
 2025-06-11 12:53:47 -04:00
Naga Ravi Chaitanya Elluri
d47286ae21 Expose parallel option in the baremetal node scenarios
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 9m14s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Naga Ravi Chaitanya Elluri <nelluri@redhat.com>
 2025-06-09 09:48:04 -04:00
Paige Patton
890e3012dd updating krkn-lib req
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 9m50s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Paige Patton <prubenda@redhat.com>
 2025-06-06 10:55:52 -04:00
Yogananth Subramanian
d0dafa872d Fix: network scenario timing issue 
Introduce a delay in network scenarios prior to imposing restrictions.
This ensures that chaos test case jobs are scheduled before any restrictions are put in place.

Signed-off-by: Yogananth Subramanian <ysubrama@redhat.com>
 2025-06-06 10:55:18 -04:00
Paige Patton
149eb8fcd3 adding kube_check as option into node scenarios 
Signed-off-by: Paige Patton <prubenda@redhat.com>
 2025-06-06 10:54:58 -04:00
Paige Patton
4c462a8971 updating health checks 
Signed-off-by: Paige Patton <prubenda@redhat.com>
 2025-06-06 10:54:39 -04:00
Priyansh Saxena
5bdbf622c3 These changes will:
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 9m18s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
1. Make the CI workflow fail when tests fail

2. Set a proper Git email for automated commits

3. Fix the Prometheus installation by setting the required `maximumStartupDurationSeconds` parameter

Signed-off-by: Priyansh Saxena <130545865+Transcendental-Programmer@users.noreply.github.com>

fix: run command twice

Signed-off-by: Priyansh Saxena <130545865+Transcendental-Programmer@users.noreply.github.com>

fix: update helm install command to properly include maximumStartupDurationSeconds=300 ensuring all arguments pass correctly

Signed-off-by: Priyansh Saxena <130545865+Transcendental-Programmer@users.noreply.github.com>
 2025-06-03 11:28:12 -04:00
ShAsHi
0dcb901da1 Update README.md
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 8m56s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
 2025-05-28 07:43:14 -04:00
Paige Patton
6e94df9cfc removing all docs
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 8m55s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Paige Patton <prubenda@redhat.com>
 2025-05-26 13:30:03 -04:00
Paige Patton
87c2b3c8fd adding recovery times to metrics
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 8m26s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Paige Patton <prubenda@redhat.com>
 2025-05-22 13:49:30 -04:00
Abhinav Sharma
7e4b2aff65 Add RBAC configuration for priviledged and non priviledged users. 
Signed-off-by: Abhinav Sharma <abhinavs1920bpl@gmail.com>
 2025-05-22 13:48:30 -04:00
10sharmashivam
27f0845182 fix: run all node scenarios instead of exiting after the first
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 8m45s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: 10sharmashivam <10sharmashivam@gmail.com>
 2025-05-16 18:44:53 -04:00
Tullio Sebastiani
4c9cd5bced added release notes automatic workflow on tag push (#813)
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 8m24s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Tullio Sebastiani <tsebasti@redhat.com>
typo

Signed-off-by: Tullio Sebastiani <tsebasti@redhat.com>

typo

Signed-off-by: Tullio Sebastiani <tsebasti@redhat.com>
 2025-05-15 10:14:43 +02:00
Abhinav Sharma
075dbd10c7 Docs: Fix broken contribution link in README
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 4m0s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Abhinav Sharma <abhinavs1920bpl@gmail.com>
 2025-05-13 09:32:37 -04:00
Tullio Sebastiani
e080ad2ee2 removes a bad character that makes the test fail (#807)
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 8m33s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Tullio Sebastiani <tsebasti@redhat.com>
 2025-05-13 11:39:12 +02:00
Emmanuel Ferdman
693520f306 Migrate to modern Python logger API (#806)
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 8m35s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
 2025-05-12 22:21:18 -04:00
Naga Ravi Chaitanya Elluri
bf909a7c18 Add OpenSSF best practices badge 
This helps with showcasing that krkn project is following the best practices

Signed-off-by: Naga Ravi Chaitanya Elluri <nelluri@redhat.com>
 2025-05-12 22:02:37 -04:00
Paige Patton
abbcfe09ec azure block node using network security group and setting it to subnet
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 4m6s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Paige Patton <prubenda@redhat.com>
 2025-05-08 10:38:05 -04:00
Paige Patton
32fb6eec07 enum of true/false variables
Some checks failed
Functional & Unit Tests / Functional & Unit Tests (push) Failing after 8m20s
Functional & Unit Tests / Generate Coverage Badge (push) Has been skipped
Signed-off-by: Paige Patton <prubenda@redhat.com>
 2025-05-07 16:25:18 -04:00
Roshni Pattath
608b7c847f Red Hat added to Adopters 2025-05-07 14:07:32 -04:00
72 changed files with 502 additions and 1889 deletions
Expand all files Collapse all files

7
.github/release-template.md vendored Normal file
View File

@@ -0,0 +1,7 @@
## Release {VERSION}
### Download Artifacts
- 📦 Krkn sources (noarch): [krkn-{VERSION}-src.tar.gz](https://krkn-chaos.gateway.scarf.sh/krkn-src-{VERSION}.tar.gz)
### Changes
{CHANGES}

0
.github/release.yml vendored Normal file
View File

47
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,47 @@
name: Create Release
on:
push:
tags:
- 'v*'
jobs:
release:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: calculate previous tag
run: |
git fetch --tags origin
PREVIOUS_TAG=$(git tag --sort=-creatordate | sed -n '2 p')
echo $PREVIOUS_TAG
echo "PREVIOUS_TAG=$PREVIOUS_TAG" >> "$GITHUB_ENV"
- name: generate release notes from template
id: release-notes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
NOTES=$(gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/krkn-chaos/krkn/releases/generate-notes \
-f "tag_name=${{ github.ref_name }}" -f "target_commitish=main" -f "previous_tag_name=${{ env.PREVIOUS_TAG }}" | jq -r .body)
echo "NOTES<<EOF" >> $GITHUB_ENV
echo "$NOTES" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: replace placeholders in template
run: |
echo "${{ env.NOTES }}"
TEMPLATE=$(cat .github/release-template.md)
VERSION=${{ github.ref_name }}
NOTES="${{ env.NOTES }}"
OUTPUT=${TEMPLATE//\{VERSION\}/$VERSION}
OUTPUT=${OUTPUT//\{CHANGES\}/$NOTES}
echo "$OUTPUT" > release-notes.md
- name: create release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release create ${{ github.ref_name }} --title "${{ github.ref_name }}" -F release-notes.md

9
.github/workflows/tests.yml vendored
View File

@@ -35,7 +35,8 @@ jobs:
--set alertmanager.service.nodePort=32000 \
--set alertmanager.service.type=NodePort \
--set prometheus-node-exporter.service.nodePort=32001 \
--set prometheus-node-exporter.service.type=NodePort
--set prometheus-node-exporter.service.type=NodePort \
--set prometheus.prometheusSpec.maximumStartupDurationSeconds=300
SELECTOR=`kubectl -n prometheus-k8s get service kind-prometheus-kube-prome-prometheus -o wide --no-headers=true | awk '{ print $7 }'`
POD_NAME=`kubectl -n prometheus-k8s get pods --selector="$SELECTOR" --no-headers=true | awk '{ print $1 }'`
@@ -152,7 +153,8 @@ jobs:
path: coverage.json
if-no-files-found: error
- name: Check CI results
run: grep Fail CI/results.markdown && false || true
run: "! grep Fail CI/results.markdown"
badge:
permissions:
contents: write
@@ -192,7 +194,8 @@ jobs:
cd krkn-lib-docs
git add .
git config user.name "krkn-chaos"
git config user.email "<>"
git config user.email "krkn-actions@users.noreply.github.com"
git commit -m "[KRKN] Coverage Badge ${GITHUB_REF##*/}" || echo "no changes to commit"
git push

1
ADOPTERS.md
View File

@@ -5,3 +5,4 @@ This is a list of organizations that have publicly acknowledged usage of Krkn an
| Organization | Since | Website | Use-Case |
|:-|:-|:-|:-|
| MarketAxess | 2024 | https://www.marketaxess.com/ | Kraken enables us to achieve our goal of increasing the reliability of our cloud products on Kubernetes. The tool allows us to automatically run various chaos scenarios, identify resilience and performance bottlenecks, and seamlessly restore the system to its original state once scenarios finish. These chaos scenarios include pod disruptions, node (EC2) outages, simulating availability zone (AZ) outages, and filling up storage spaces like EBS and EFS. The community is highly responsive to requests and works on expanding the tool's capabilities. MarketAxess actively contributes to the project, adding features such as the ability to leverage existing network ACLs and proposing several feature improvements to enhance test coverage. |
| Red Hat Openshift | 2020 | https://www.redhat.com/ | Kraken is a highly reliable chaos testing tool used to ensure the quality and resiliency of Red Hat Openshift. The engineering team runs all the test scenarios under Kraken on different cloud platforms on both self-managed and cloud services environments prior to the release of a new version of the product. The team also contributes to the Kraken project consistently which helps the test scenarios to keep up with the new features introduced to the product. Inclusion of this test coverage has contributed to gaining the trust of new and existing customers of the product. |

4
CI/tests/test_telemetry.sh
View File

@@ -19,7 +19,9 @@ function functional_test_telemetry {
yq -i '.telemetry.run_tag=env(RUN_TAG)' CI/config/common_test_config.yaml
export scenario_type="hog_scenarios"
export scenario_file="scenarios/kube/cpuhog.yml"
export scenario_file="scenarios/kube/cpu-hog.yml"
export post_config=""
envsubst < CI/config/common_test_config.yaml > CI/config/telemetry.yaml
retval=$(python3 -m coverage run -a run_kraken.py -c CI/config/telemetry.yaml)

3
README.md
View File

@@ -2,6 +2,7 @@
![Workflow-Status](https://github.com/krkn-chaos/krkn/actions/workflows/docker-image.yml/badge.svg)
![coverage](https://krkn-chaos.github.io/krkn-lib-docs/coverage_badge_krkn.svg)
![action](https://github.com/krkn-chaos/krkn/actions/workflows/tests.yml/badge.svg)
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10548/badge)](https://www.bestpractices.dev/projects/10548)
![Krkn logo](media/logo.png)
@@ -38,7 +39,7 @@ Enhancements being planned can be found in the [roadmap](ROADMAP.md).
### Contributions
We are always looking for more enhancements, fixes to make it better, any contributions are most welcome. Feel free to report or work on the issues filed on github.
[More information on how to Contribute](https://krkn-chaos.dev/docs/contribution-guidelines/contribute/)
[More information on how to Contribute](https://krkn-chaos.dev/docs/contribution-guidelines/)
### Community

2
containers/README.md
View File

@@ -6,7 +6,7 @@ Container image gets automatically built by quay.io at [Kraken image](https://qu
### Run containerized version
Refer [instructions](https://github.com/redhat-chaos/krkn/blob/main/docs/installation.md#run-containerized-version) for information on how to run the containerized version of kraken.
Refer [instructions](https://krkn-chaos.dev/docs/installation/) for information on how to run the containerized version of kraken.
### Run Custom Kraken Image

12
containers/krknctl-input.json
View File

@@ -408,8 +408,10 @@
"short_description": "Health check exit on failure",
"description": "Exit on failure when health check URL is not able to connect",
"variable": "HEALTH_CHECK_EXIT_ON_FAILURE",
"type": "string",
"default": "",
"type": "enum",
"allowed_values": "True,False",
"separator": ",",
"default": "False",
"required": "false"
},
{
@@ -417,8 +419,10 @@
"short_description": "SSL Verification of health check url",
"description": "SSL Verification to authenticate into health check URL",
"variable": "HEALTH_CHECK_VERIFY",
"type": "string",
"default": "false",
"type": "enum",
"allowed_values": "True,False",
"separator": ",",
"default": "False",
"required": "false"
},
{

48
docs/SLOs_validation.md
View File

@@ -1,48 +0,0 @@
## SLOs validation
Pass/fail based on metrics captured from the cluster is important in addition to checking the health status and recovery. Kraken supports:
### Checking for critical alerts post chaos
If enabled, the check runs at the end of each scenario ( post chaos ) and Kraken exits in case critical alerts are firing to allow user to debug. You can enable it in the config:
```
performance_monitoring:
check_critical_alerts: False # When enabled will check prometheus for critical alerts firing post chaos
```
### Validation and alerting based on the queries defined by the user during chaos
Takes PromQL queries as input and modifies the return code of the run to determine pass/fail. It's especially useful in case of automated runs in CI where user won't be able to monitor the system. This feature can be enabled in the [config](https://github.com/redhat-chaos/krkn/blob/main/config/config.yaml) by setting the following:
```
performance_monitoring:
prometheus_url: # The prometheus url/route is automatically obtained in case of OpenShift, please set it when the distribution is Kubernetes.
prometheus_bearer_token: # The bearer token is automatically obtained in case of OpenShift, please set it when the distribution is Kubernetes. This is needed to authenticate with prometheus.
enable_alerts: True # Runs the queries specified in the alert profile and displays the info or exits 1 when severity=error.
alert_profile: config/alerts.yaml # Path to alert profile with the prometheus queries.
```
#### Alert profile
A couple of [alert profiles](https://github.com/redhat-chaos/krkn/tree/main/config) [alerts](https://github.com/redhat-chaos/krkn/blob/main/config/alerts.yaml) are shipped by default and can be tweaked to add more queries to alert on. User can provide a URL or path to the file in the [config](https://github.com/redhat-chaos/krkn/blob/main/config/config.yaml). The following are a few alerts examples:
```
- expr: avg_over_time(histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket[2m]))[5m:]) > 0.01
description: 5 minutes avg. etcd fsync latency on {{$labels.pod}} higher than 10ms {{$value}}
severity: error
- expr: avg_over_time(histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket[5m]))[5m:]) > 0.1
description: 5 minutes avg. etcd network peer round trip on {{$labels.pod}} higher than 100ms {{$value}}
severity: info
- expr: increase(etcd_server_leader_changes_seen_total[2m]) > 0
description: etcd leader changes observed
severity: critical
```
Krkn supports setting the severity for the alerts with each one having different effects:
```
info: Prints an info message with the alarm description to stdout. By default all expressions have this severity.
warning: Prints a warning message with the alarm description to stdout.
error: Prints a error message with the alarm description to stdout and sets Krkn rc = 1
critical: Prints a fatal message with the alarm description to stdout and exits execution inmediatly with rc != 0
```

1
docs/_config.yml
View File

@@ -1 +0,0 @@
theme: jekyll-theme-cayman

17
docs/application_outages.md
View File

@@ -1,17 +0,0 @@
### Application outages
Scenario to block the traffic ( Ingress/Egress ) of an application matching the labels for the specified duration of time to understand the behavior of the service/other services which depend on it during downtime. This helps with planning the requirements accordingly, be it improving the timeouts or tweaking the alerts etc.
##### Sample scenario config
```
application_outage: # Scenario to create an outage of an application by blocking traffic
duration: 600 # Duration in seconds after which the routes will be accessible
namespace: <namespace-with-application> # Namespace to target - all application routes will go inaccessible if pod selector is empty
pod_selector: {app: foo} # Pods to target
block: [Ingress, Egress] # It can be Ingress or Egress or Ingress, Egress
```
##### Debugging steps in case of failures
Kraken creates a network policy blocking the ingress/egress traffic to create an outage, in case of failures before reverting back the network policy, you can delete it manually by executing the following commands to stop the outage:
```
$ oc delete networkpolicy/kraken-deny -n <targeted-namespace>
```

102
docs/cloud_setup.md
View File

@@ -1,102 +0,0 @@
Supported Cloud Providers:
- [AWS](#aws)
- [GCP](#gcp)
- [Openstack](#openstack)
- [Azure](#azure)
- [Alibaba](#alibaba)
- [VMware](#vmware)
- [IBMCloud](#ibmcloud)
## AWS
**NOTE**: For clusters with AWS make sure [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) is installed and properly [configured](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html) using an AWS account
## GCP
In order to set up Application Default Credentials (ADC) for use by Cloud Client Libraries, you can provide either service account credentials or the credentials associated with your user acccount:
- Using service account credentials:
A google service account is required to give proper authentication to GCP for node actions. See [here](https://cloud.google.com/docs/authentication/getting-started) for how to create a service account.
**NOTE**: A user with 'resourcemanager.projects.setIamPolicy' permission is required to grant project-level permissions to the service account.
After creating the service account you will need to enable the account using the following: ```export GOOGLE_APPLICATION_CREDENTIALS="<serviceaccount.json>"```
- Using the credentials associated with your user acccount:
1. Make sure that the [GCP CLI](https://cloud.google.com/sdk/docs/install#linux) is installed and [initialized](https://cloud.google.com/sdk/docs/initializing) by running:
```gcloud init```
2. Create local authentication credentials for your user account:
```gcloud auth application-default login```
## Openstack
**NOTE**: For clusters with Openstack Cloud, ensure to create and source the [OPENSTACK RC file](https://docs.openstack.org/newton/user-guide/common/cli-set-environment-variables-using-openstack-rc.html) to set the OPENSTACK environment variables from the server where Kraken runs.
## Azure
**NOTE**: You will need to create a service principal and give it the correct access, see [here](https://docs.openshift.com/container-platform/4.5/installing/installing_azure/installing-azure-account.html) for creating the service principal and setting the proper permissions.
To properly run the service principal requires “Azure Active Directory Graph/Application.ReadWrite.OwnedBy” api permission granted and “User Access Administrator”.
Before running you will need to set the following:
1. ```export AZURE_SUBSCRIPTION_ID=<subscription_id>```
2. ```export AZURE_TENANT_ID=<tenant_id>```
3. ```export AZURE_CLIENT_SECRET=<client secret>```
4. ```export AZURE_CLIENT_ID=<client id>```
## Alibaba
See the [Installation guide](https://www.alibabacloud.com/help/en/alibaba-cloud-cli/latest/installation-guide) to install alicloud cli.
1. ```export ALIBABA_ID=<access_key_id>```
2. ```export ALIBABA_SECRET=<access key secret>```
3. ```export ALIBABA_REGION_ID=<region id>```
Refer to [region and zone page](https://www.alibabacloud.com/help/en/elastic-compute-service/latest/regions-and-zones#concept-2459516) to get the region id for the region you are running on.
Set cloud_type to either alibaba or alicloud in your node scenario yaml file.
## VMware
Set the following environment variables
1. ```export VSPHERE_IP=<vSphere_client_IP_address>```
2. ```export VSPHERE_USERNAME=<vSphere_client_username>```
3. ```export VSPHERE_PASSWORD=<vSphere_client_password>```
These are the credentials that you would normally use to access the vSphere client.
## IBMCloud
If no API key is set up with proper VPC resource permissions, use the following to create it:
* Access group
* Service id with the following access
* With policy **VPC Infrastructure Services**
* Resources = All
* Roles:
* Editor
* Administrator
* Operator
* Viewer
* API Key
Set the following environment variables
1. ```export IBMC_URL=https://<region>.iaas.cloud.ibm.com/v1```
2. ```export IBMC_APIKEY=<ibmcloud_api_key>```

19
docs/cluster_shut_down_scenarios.md
View File

@@ -1,19 +0,0 @@
#### Kubernetes cluster shut down scenario
Scenario to shut down all the nodes including the masters and restart them after specified duration. Cluster shut down scenario can be injected by placing the shut_down config file under cluster_shut_down_scenario option in the kraken config. Refer to [cluster_shut_down_scenario](https://github.com/krkn-chaos/krkn/blob/main/scenarios/cluster_shut_down_scenario.yml) config file.
Refer to [cloud setup](cloud_setup.md) to configure your cli properly for the cloud provider of the cluster you want to shut down.
Current accepted cloud types:
* [Azure](cloud_setup.md#azure)
* [GCP](cloud_setup.md#gcp)
* [AWS](cloud_setup.md#aws)
* [Openstack](cloud_setup.md#openstack)
* [IBMCloud](cloud_setup.md#ibmcloud)
```
cluster_shut_down_scenario: # Scenario to stop all the nodes for specified duration and restart the nodes.
runs: 1 # Number of times to execute the cluster_shut_down scenario.
shut_down_duration: 120 # Duration in seconds to shut down the cluster.
cloud_type: aws # Cloud type on which Kubernetes/OpenShift runs.
```

61
docs/config.md
View File

@@ -1,61 +0,0 @@
### Config
Set the scenarios to inject and the tunings like duration to wait between each scenario in the config file located at [config/config.yaml](https://github.com/redhat-chaos/krkn/blob/main/config/config.yaml).
**NOTE**: [config](https://github.com/redhat-chaos/krkn/blob/main/config/config_performance.yaml) can be used if leveraging the [automated way](https://github.com/redhat-chaos/krkn#setting-up-infrastructure-dependencies) to install the infrastructure pieces.
Config components:
* [Kraken](#kraken)
* [Cerberus](#cerberus)
* [Performance Monitoring](#performance-monitoring)
* [Tunings](#tunings)
# Kraken
This section defines scenarios and specific data to the chaos run
## Exit on failure
**exit_on_failure**: Exit when a post action check or cerberus run fails
## Publish kraken status
**publish_kraken_status**: Can be accessed at http://0.0.0.0:8081 (or what signal_address and port you set in signal address section)
**signal_state**: State you want kraken to start at; will wait for the RUN signal to start running a chaos iteration. When set to PAUSE before running the scenarios, refer to [signal.md](signal.md) for more details
## Signal Address
**signal_address**: Address to listen/post the signal state to
**port**: port to listen/post the signal state to
## Chaos Scenarios
**chaos_scenarios**: List of different types of chaos scenarios you want to run with paths to their specific yaml file configurations
If a scenario has a post action check script, it will be run before and after each scenario to validate the component under test starts and ends at the same state
Currently the scenarios are run one after another (in sequence) and will exit if one of the scenarios fail, without moving onto the next one
Chaos scenario types:
- container_scenarios
- plugin_scenarios
- node_scenarios
- time_scenarios
- cluster_shut_down_scenarios
- namespace_scenarios
- zone_outages
- application_outages
- pvc_scenarios
- network_chaos
# Cerberus
Parameters to set for enabling of cerberus checks at the end of each executed scenario. The given url will pinged after the scenario and post action check have been completed for each scenario and iteration.
**cerberus_enabled**: Enable it when cerberus is previously installed
**cerberus_url**: When cerberus_enabled is set to True, provide the url where cerberus publishes go/no-go signal
**check_applicaton_routes**: When enabled will look for application unavailability using the routes specified in the cerberus config and fails the run
# Performance Monitoring
There are 2 main sections defined in this part of the config [metrics](metrics.md) and [alerts](alerts.md); read more about each of these configurations in their respective docs
# Tunings
**wait_duration**: Duration to wait between each chaos scenario
**iterations**: Number of times to execute the scenarios
**daemon_mode**: True or False; If true, iterations are set to infinity which means that the kraken will cause chaos forever and number of iterations is ignored

40
docs/container_scenarios.md
View File

@@ -1,40 +0,0 @@
### Container Scenarios
Kraken uses the `oc exec` command to `kill` specific containers in a pod.
This can be based on the pods namespace or labels. If you know the exact object you want to kill, you can also specify the specific container name or pod name in the scenario yaml file.
These scenarios are in a simple yaml format that you can manipulate to run your specific tests or use the pre-existing scenarios to see how it works.
#### Example Config
The following are the components of Kubernetes for which a basic chaos scenario config exists today.
```
scenarios:
- name: "<name of scenario>"
namespace: "<specific namespace>" # can specify "*" if you want to find in all namespaces
label_selector: "<label of pod(s)>"
container_name: "<specific container name>" # This is optional, can take out and will kill all containers in all pods found under namespace and label
pod_names: # This is optional, can take out and will select all pods with given namespace and label
- <pod_name>
count: <number of containers to disrupt, default=1>
action: <kill signal to run. For example 1 ( hang up ) or 9. Default is set to 1>
expected_recovery_time: <number of seconds to wait for container to be running again> (defaults to 120seconds)
```
#### Post Action
In all scenarios we do a post chaos check to wait and verify the specific component.
Here there are two options:
1. Pass a custom script in the main config scenario list that will run before the chaos and verify the output matches post chaos scenario.
See [scenarios/post_action_etcd_container.py](https://github.com/krkn-chaos/krkn/blob/main/scenarios/post_action_etcd_container.py) for an example.
```
- container_scenarios: # List of chaos pod scenarios to load.
- - scenarios/container_etcd.yml
- scenarios/post_action_etcd_container.py
```
2. Allow kraken to wait and check the killed containers until they become ready again. Kraken keeps a list of the specific
containers that were killed as well as the namespaces and pods to verify all containers that were affected recover properly.
```
expected_recovery_time: <seconds to wait for container to recover>
```

95
docs/contribute.md
View File

@@ -1,95 +0,0 @@
# How to contribute
Contributions are always appreciated.
How to:
* [Submit Pull Request](#pull-request)
* [Fix Formatting](#fix-formatting)
* [Squash Commits](#squash-commits)
* [Rebase Upstream](#rebase-with-upstream)
## Pull request
In order to submit a change or a PR, please fork the project and follow these instructions:
```bash
$ git clone http://github.com/<me>/krkn
$ cd krkn
$ git checkout -b <branch_name>
$ <make change>
$ git add <changes>
$ git commit -a
$ <insert good message>
$ git push
```
## Fix Formatting
Kraken uses [pre-commit](https://pre-commit.com) framework to maintain the code linting and python code styling.
The CI would run the pre-commit check on each pull request.
We encourage our contributors to follow the same pattern while contributing to the code.
The pre-commit configuration file is present in the repository `.pre-commit-config.yaml`.
It contains the different code styling and linting guides which we use for the application.
The following command can be used to run the pre-commit:
`pre-commit run --all-files`
If pre-commit is not installed in your system, it can be installed with `pip install pre-commit`.
## Squash Commits
If there are multiple commits, please rebase/squash multiple commits
before creating the PR by following:
```bash
$ git checkout <my-working-branch>
$ git rebase -i HEAD~<num_of_commits_to_merge>
-OR-
$ git rebase -i <commit_id_of_first_change_commit>
```
In the interactive rebase screen, set the first commit to `pick`, and all others to `squash`, or whatever else you may need to do.
Push your rebased commits (you may need to force), then issue your PR.
```
$ git push origin <my-working-branch> --force
```
## Rebase with Upstream
If changes go into the main repository while you're working on your code it is best to rebase your code with the
upstream, so you stay up to date with all changes and fix any conflicting code changes.
If not already configured, set the upstream url for kraken.
```
git remote add upstream https://github.com/krkn-chaos/krkn.git
```
Rebase to upstream master branch.
```
git fetch upstream
git rebase upstream/master
git push origin <branch_name> --force
```
If any errors occur, it will list off any files that have merge issues.
Edit the files with the code you want to keep. See below for detailed help from Git.
1. Vi <file(s)>
2. Resolving-a-merge-conflict-using-the-command-line
3. git add <all files you edit>
4. git rebase --continue
5. Might need to repeat steps 2 through 4 until rebase complete
6. git status <this will also tell you if you have other files to edit>
7. git push origin <branch_name> --force [push the changes to github remote]
Merge Conflicts Example
```
1. git rebase upstream/kraken
2. vi run_kraken.py [edit at the indicated places, get rid of arrowed lines and dashes, and apply correct changes]
3. git add run_kraken.py
4. git rebase --continue
5. repeat 2-4 until done
6. git status <this will also tell you if you have other files to edit>
7. git push origin <branch_name> --force [push the changes to github remote]
```

51
docs/getting_started.md
View File

@@ -1,51 +0,0 @@
## Getting Started Running Chaos Scenarios
#### Adding New Scenarios
Adding a new scenario is as simple as adding a new config file under [scenarios directory](https://github.com/redhat-chaos/krkn/tree/main/scenarios) and defining it in the main kraken [config](https://github.com/redhat-chaos/krkn/blob/main/config/config.yaml#L8).
You can either copy an existing yaml file and make it your own, or fill in one of the templates below to suit your needs.
### Templates
#### Pod Scenario Yaml Template
For example, for adding a pod level scenario for a new application, refer to the sample scenario below to know what fields are necessary and what to add in each location:
```
# yaml-language-server: $schema=../plugin.schema.json
- id: kill-pods
config:
namespace_pattern: ^<namespace>$
label_selector: <pod label>
kill: <number of pods to kill>
krkn_pod_recovery_time: <expected time for the pod to become ready>
```
#### Node Scenario Yaml Template
```
node_scenarios:
- actions: # Node chaos scenarios to be injected.
- <chaos scenario>
- <chaos scenario>
node_name: <node name> # Can be left blank.
label_selector: <node label>
instance_kill_count: <number of nodes on which to perform action>
timeout: <duration to wait for completion>
cloud_type: <cloud provider>
```
#### Time Chaos Scenario Template
```
time_scenarios:
- action: 'skew_time' or 'skew_date'
object_type: 'pod' or 'node'
label_selector: <label of pod or node>
```
### Common Scenario Edits
If you just want to make small changes to pre-existing scenarios, feel free to edit the scenario file itself.
#### Example of Quick Pod Scenario Edit:
If you want to kill 2 pods instead of 1 in any of the pre-existing scenarios, you can either edit the number located at filters -> randomSample -> size or the runs under the config -> runStrategy section.
#### Example of Quick Nodes Scenario Edit:
If your cluster is build on GCP instead of AWS, just change the cloud type in the node_scenarios_example.yml file.

59
docs/health_checks.md
View File

@@ -1,59 +0,0 @@
### Health Checks
Health checks provide real-time visibility into the impact of chaos scenarios on application availability and performance. Health check configuration supports application endpoints accessible via http / https along with authentication mechanism such as bearer token and authentication credentials.
Health checks are configured in the ```config.yaml```
The system periodically checks the provided URLs based on the defined interval and records the results in Telemetry. The telemetry data includes:
- Success response ```200``` when the application is running normally.
- Failure response other than 200 if the application experiences downtime or errors.
This helps users quickly identify application health issues and take necessary actions.
#### Sample health check config
```
health_checks:
interval: <time_in_seconds> # Defines the frequency of health checks, default value is 2 seconds
config: # List of application endpoints to check
- url: "https://example.com/health"
bearer_token: "hfjauljl..." # Bearer token for authentication if any
auth:
exit_on_failure: True # If value is True exits when health check failed for application, values can be True/False
- url: "https://another-service.com/status"
bearer_token:
auth: ("admin","secretpassword") # Provide authentication credentials (username , password) in tuple format if any, ex:("admin","secretpassword")
exit_on_failure: False
- url: http://general-service.com
bearer_token:
auth:
exit_on_failure:
```
#### Sample health check telemetry
```
"health_checks": [
{
"url": "https://example.com/health",
"status": False,
"status_code": "503",
"start_timestamp": "2025-02-25 11:51:33",
"end_timestamp": "2025-02-25 11:51:40",
"duration": "0:00:07"
},
{
"url": "https://another-service.com/status",
"status": True,
"status_code": 200,
"start_timestamp": "2025-02-25 22:18:19",
"end_timestamp": "22025-02-25 22:22:46",
"duration": "0:04:27"
},
{
"url": "http://general-service.com",
"status": True,
"status_code": 200,
"start_timestamp": "2025-02-25 22:18:19",
"end_timestamp": "22025-02-25 22:22:46",
"duration": "0:04:27"
}
],
```

51
docs/hog_scenarios.md
View File

@@ -1,51 +0,0 @@
### Hog Scenarios
Hog Scenarios are designed to push the limits of memory, CPU, or I/O on one or more nodes in your cluster.
They also serve to evaluate whether your cluster can withstand rogue pods that excessively consume resources
without any limits.
These scenarios involve deploying one or more workloads in the cluster. Based on the specific configuration,
these workloads will use a predetermined amount of resources for a specified duration.
#### Common options
| Option | Type | Description |
|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|`duration`| number | the duration of the stress test in seconds |
|`workers`| number (Optional) | the number of threads instantiated by stress-ng, if left empty the number of workers will match the number of available cores in the node. |
|`hog-type`| string (Enum) | can be cpu, memory or io. |
|`image`| string | the container image of the stress workload |
|`namespace`| string | the namespace where the stress workload will be deployed |
|`node-selector`| string (Optional) | defines the node selector for choosing target nodes. If not specified, one schedulable node in the cluster will be chosen at random. If multiple nodes match the selector, all of them will be subjected to stress. If number-of-nodes is specified, that many nodes will be randomly selected from those identified by the selector. |
|`number-of-nodes`| number (Optional) | restricts the number of selected nodes by the selector|
|`taints`| list (Optional) default [] | list of taints for which tolerations need to created. Example: ["node-role.kubernetes.io/master:NoSchedule"]|
#### `cpu-hog` options
| Option | Type |Description|
|---|--------|---|
|`cpu-load-percentage`| number | the amount of cpu that will be consumed by the hog|
|`cpu-method`| string | reflects the cpu load strategy adopted by stress-ng, please refer to the stress-ng documentation for all the available options|
#### `io-hog` options
| Option | Type | Description |
|-----------------------|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `io-block-size` |string| the block size written by the stressor |
| `io-write-bytes` |string| the total amount of data that will be written by the stressor. The size can be specified as % of free space on the file system or in units of Bytes, KBytes, MBytes and GBytes using the suffix b, k, m or g |
| `io-target-pod-folder` |string| the folder where the volume will be mounted in the pod |
| `io-target-pod-volume`| dictionary | the pod volume definition that will be stressed by the scenario. |
> [!CAUTION]
> Modifying the structure of `io-target-pod-volume` might alter how the hog operates, potentially rendering it ineffective.
#### `memory-hog` options
| Option | Type |Description|
|-----------------------|--------|---|
|`memory-vm-bytes`| string | the amount of memory that the scenario will try to hog.The size can be specified as % of free space on the file system or in units of Bytes, KBytes, MBytes and GBytes using the suffix b, k, m or g |

311
docs/index.md
View File

@@ -1,311 +0,0 @@
## Chaos Testing Guide
### Table of Contents
* [Introduction](#introduction)
* [Test Stratagies and Methodology](#test-strategies-and-methodology)
* [Best Practices](#best-practices)
* [Tooling](#tooling)
* [Workflow](#workflow)
* [Cluster recovery checks, metrics evaluation and pass/fail criteria](#cluster-recovery-checks-metrics-evaluation-and-passfail-criteria)
* [Scenarios](#scenarios)
* [Test Environment Recommendations - how and where to run chaos tests](#test-environment-recommendations---how-and-where-to-run-chaos-tests)
* [Chaos testing in Practice](#chaos-testing-in-practice)
* [OpenShift organization](#openshift-organization)
* [startx-lab](#startx-lab)
### Introduction
There are a couple of false assumptions that users might have when operating and running their applications in distributed systems:
The network is reliable.
There is zero latency.
Bandwidth is infinite.
The network is secure.
Topology never changes.
The network is homogeneous.
Consistent resource usage with no spikes.
All shared resources are available from all places.
Various assumptions led to a number of outages in production environments in the past. The services suffered from poor performance or were inaccessible to the customers, leading to missing Service Level Agreement uptime promises, revenue loss, and a degradation in the perceived reliability of said services.
How can we best avoid this from happening? This is where Chaos testing can add value.
### Test Strategies and Methodology
Failures in production are costly. To help mitigate risk to service health, consider the following strategies and approaches to service testing:
- Be proactive vs reactive. We have different types of test suites in place - unit, integration and end-to-end - that help expose bugs in code in a controlled environment. Through implementation of a chaos engineering strategy, we can discover potential causes of service degradation. We need to understand the systems' behavior under unpredictable conditions in order to find the areas to harden, and use performance data points to size the clusters to handle failures in order to keep downtime to a minimum.
- Test the resiliency of a system under turbulent conditions by running tests that are designed to disrupt while monitoring the systems adaptability and performance:
- Establish and define your steady state and metrics - understand the behavior and performance under stable conditions and define the metrics that will be used to evaluate the systems behavior. Then decide on acceptable outcomes before injecting chaos.
- Analyze the statuses and metrics of all components during the chaos test runs.
- Improve the areas that are not resilient and performant by comparing the key metrics and Service Level Objectives (SLOs) to the stable conditions before the chaos.
For example: evaluating the API server latency or application uptime to see if the key performance indicators and service level indicators are still within acceptable limits.
### Best Practices
Now that we understand the test methodology, let us take a look at the best practices for an Kubernetes cluster. On that platform there are user applications and cluster workloads that need to be designed for stability and to provide the best user experience possible:
- Alerts with appropriate severity should get fired.
- Alerts are key to identify when a component starts degrading, and can help focus the investigation effort on affected system components.
- Alerts should have proper severity, description, notification policy, escalation policy, and SOP in order to reduce MTTR for responding SRE or Ops resources.
- Detailed information on the alerts consistency can be found [here](https://github.com/openshift/enhancements/blob/master/enhancements/monitoring/alerting-consistency.md).
- Minimal performance impact - Network, CPU, Memory, Disk, Throughput etc.
- The system, as well as the applications, should be designed to have minimal performance impact during disruptions to ensure stability and also to avoid hogging resources that other applications can use.
We want to look at this in terms of CPU, Memory, Disk, Throughput, Network etc.
- We want to look at this in terms of CPU, Memory, Disk, Throughput, Network etc.
- Appropriate CPU/Memory limits set to avoid performance throttling and OOM kills.
- There might be rogue applications hogging resources ( CPU/Memory ) on the nodes which might lead to applications underperforming or worse getting OOM killed. It is important to ensure that applications and system components have reserved resources for the kube-scheduler to take into consideration in order to keep them performing at the expected levels.
- Services dependent on the system under test need to handle the failure gracefully to avoid performance degradation and downtime - appropriate timeouts.
- In a distributed system, services deployed coordinate with each other and might have external dependencies. Each of the services deployed as a deployment, pod, or container, need to handle the downtime of other dependent services gracefully instead of crashing due to not having appropriate timeouts, fallback logic etc.
- Proper node sizing to avoid cascading failures and ensure cluster stability especially when the cluster is large and dense
- The platform needs to be sized taking into account the resource usage spikes that might occur during chaotic events. For example, if one of the main nodes goes down, the other two main nodes need to have enough resources to handle the load. The resource usage depends on the load or number of objects that are running being managed by the Control Plane ( Api Server, Etcd, Controller and Scheduler ). As such, its critical to test such conditions, understand the behavior, and leverage the data to size the platform appropriately. This can help keep the applications stable during unplanned events without the control plane undergoing cascading failures which can potentially bring down the entire cluster.
- Proper node sizing to avoid application failures and maintain stability.
- An application pod might use more resources during reinitialization after a crash, so it is important to take that into account for sizing the nodes in the cluster to accommodate it. For example, monitoring solutions like Prometheus need high amounts of memory to replay the write ahead log ( WAL ) when it restarts. As such, its critical to test such conditions, understand the behavior, and leverage the data to size the platform appropriately. This can help keep the application stable during unplanned events without undergoing degradation in performance or even worse hog the resources on the node which can impact other applications and system pods.
- Minimal initialization time and fast recovery logic.
- The controller watching the component should recognize a failure as soon as possible. The component needs to have minimal initialization time to avoid extended downtime or overloading the replicas if it is a highly available configuration. The cause of failure can be because of issues with the infrastructure on top of which it is running, application failures, or because of service failures that it depends on.
- High Availability deployment strategy.
- There should be multiple replicas ( both Kubernetes and application control planes ) running preferably in different availability zones to survive outages while still serving the user/system requests. Avoid single points of failure.
- Backed by persistent storage
- It is important to have the system/application backed by persistent storage. This is especially important in cases where the application is a database or a stateful application given that a node, pod, or container failure will wipe off the data.
- There should be fallback routes to the backend in case of using CDN, for example, Akamai in case of console.redhat.com - a managed service deployed on top of Kubernetes dedicated:
- Content delivery networks (CDNs) are commonly used to host resources such as images, JavaScript files, and CSS. The average web page is nearly 2 MB in size, and offloading heavy resources to third-parties is extremely effective for reducing backend server traffic and latency. However, this makes each CDN an additional point of failure for every site that relies on it. If the CDN fails, its customers could also fail.
- To test how the application reacts to failures, drop all network traffic between the system and CDN. The application should still serve the content to the user irrespective of the failure.
- Appropriate caching and Content Delivery Network should be enabled to be performant and usable when there is a latency on the client side.
- Not every user or machine has access to unlimited bandwidth, there might be a delay on the user side ( client ) to access the APIs due to limited bandwidth, throttling or latency depending on the geographic location. It is important to inject latency between the client and API calls to understand the behavior and optimize things including caching wherever possible, using CDNs or opting for different protocols like HTTP/2 or HTTP/3 vs HTTP.
- Ensure Disruption Budgets are enabled for your critical applications
- Protect your application during disruptions by setting a [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to avoid downtime. For instance, etcd, zookeeper or similar applications need at least 2 replicas to maintain quorum. This can be ensured by setting PDB maxUnavailable to 1.
### Tooling
Now that we looked at the best practices, In this section, we will go through how [Kraken](https://github.com/redhat-chaos/krkn) - a chaos testing framework can help test the resilience of Kubernetes and make sure the applications and services are following the best practices.
#### Workflow
Let us start by understanding the workflow of kraken: the user will start by running kraken by pointing to a specific Kubernetes cluster using kubeconfig to be able to talk to the platform on top of which the Kubernetes cluster is hosted. This can be done by either the oc/kubectl API or the cloud API. Based on the configuration of kraken, it will inject specific chaos scenarios as shown below, talk to [Cerberus](https://github.com/redhat-chaos/cerberus) to get the go/no-go signal representing the overall health of the cluster ( optional - can be turned off ), scrapes metrics from in-cluster prometheus given a metrics profile with the promql queries and stores them long term in Elasticsearch configured ( optional - can be turned off ), evaluates the promql expressions specified in the alerts profile ( optional - can be turned off ) and aggregated everything to set the pass/fail i.e. exits 0 or 1. More about the metrics collection, cerberus and metrics evaluation can be found in the next section.
![Kraken workflow](../media/kraken-workflow.png)
#### Cluster recovery checks, metrics evaluation and pass/fail criteria
- Most of the scenarios have built in checks to verify if the targeted component recovered from the failure after the specified duration of time but there might be cases where other components might have an impact because of a certain failure and its extremely important to make sure that the system/application is healthy as a whole post chaos. This is exactly where [Cerberus](https://github.com/redhat-chaos/cerberus) comes to the rescue.
If the monitoring tool, cerberus is enabled it will consume the signal and continue running chaos or not based on that signal.
- Apart from checking the recovery and cluster health status, its equally important to evaluate the performance metrics like latency, resource usage spikes, throughput, etcd health like disk fsync, leader elections etc. To help with this, Kraken has a way to evaluate promql expressions from the incluster prometheus and set the exit status to 0 or 1 based on the severity set for each of the query. Details on how to use this feature can be found [here](https://github.com/redhat-chaos/krkn#alerts).
- The overall pass or fail of kraken is based on the recovery of the specific component (within a certain amount of time), the cerberus health signal which tracks the health of the entire cluster and metrics evaluation from incluster prometheus.
### Scenarios
Let us take a look at how to run the chaos scenarios on your Kubernetes clusters using Kraken-hub - a lightweight wrapper around Kraken to ease the runs by providing the ability to run them by just running container images using podman with parameters set as environment variables. This eliminates the need to carry around and edit configuration files and makes it easy for any CI framework integration. Here are the scenarios supported:
- Pod Scenarios ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/pod-scenarios.md))
- Disrupts Kubernetes/Kubernetes and applications deployed as pods:
- Helps understand the availability of the application, the initialization timing and recovery status.
- [Demo](https://asciinema.org/a/452351?speed=3&theme=solarized-dark)
- Container Scenarios ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/container-scenarios.md))
- Disrupts Kubernetes/Kubernetes and applications deployed as containers running as part of a pod(s) using a specified kill signal to mimic failures:
- Helps understand the impact and recovery timing when the program/process running in the containers are disrupted - hangs, paused, killed etc., using various kill signals, i.e. SIGHUP, SIGTERM, SIGKILL etc.
- [Demo](https://asciinema.org/a/BXqs9JSGDSEKcydTIJ5LpPZBM?speed=3&theme=solarized-dark)
- Node Scenarios ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/node-scenarios.md))
- Disrupts nodes as part of the cluster infrastructure by talking to the cloud API. AWS, Azure, GCP, OpenStack and Baremetal are the supported platforms as of now. Possible disruptions include:
- Terminate nodes
- Fork bomb inside the node
- Stop the node
- Crash the kubelet running on the node
- etc.
- [Demo](https://asciinema.org/a/ANZY7HhPdWTNaWt4xMFanF6Q5)
- Zone Outages ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/zone-outages.md))
- Creates outage of availability zone(s) in a targeted region in the public cloud where the Kubernetes cluster is running by tweaking the network acl of the zone to simulate the failure, and that in turn will stop both ingress and egress traffic from all nodes in a particular zone for the specified duration and reverts it back to the previous state.
- Helps understand the impact on both Kubernetes/Kubernetes control plane as well as applications and services running on the worker nodes in that zone.
- Currently, only set up for AWS cloud platform: 1 VPC and multiples subnets within the VPC can be specified.
- [Demo](https://asciinema.org/a/452672?speed=3&theme=solarized-dark)
- Application Outages ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/application-outages.md))
- Scenario to block the traffic ( Ingress/Egress ) of an application matching the labels for the specified duration of time to understand the behavior of the service/other services which depend on it during the downtime.
- Helps understand how the dependent services react to the unavailability.
- [Demo](https://asciinema.org/a/452403?speed=3&theme=solarized-dark)
- Power Outages ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/power-outages.md))
- This scenario imitates a power outage by shutting down of the entire cluster for a specified duration of time, then restarts all the nodes after the specified time and checks the health of the cluster.
- There are various use cases in the customer environments. For example, when some of the clusters are shutdown in cases where the applications are not needed to run in a particular time/season in order to save costs.
- The nodes are stopped in parallel to mimic a power outage i.e., pulling off the plug
- [Demo](https://asciinema.org/a/r0zLbh70XK7gnc4s5v0ZzSXGo)
- Resource Hog
- Hogs CPU, Memory and IO on the targeted nodes
- Helps understand if the application/system components have reserved resources to not get disrupted because of rogue applications, or get performance throttled.
- CPU Hog ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/node-cpu-hog.md), [Demo](https://asciinema.org/a/452762))
- Memory Hog ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/node-memory-hog.md), [Demo](https://asciinema.org/a/452742?speed=3&theme=solarized-dark))
- Time Skewing ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/time-scenarios.md))
- Manipulate the system time and/or date of specific pods/nodes.
- Verify scheduling of objects so they continue to work.
- Verify time gets reset properly.
- Namespace Failures ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/namespace-scenarios.md))
- Delete namespaces for the specified duration.
- Helps understand the impact on other components and tests/improves recovery time of the components in the targeted namespace.
- Persistent Volume Fill ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/pvc-scenarios.md))
- Fills up the persistent volumes, up to a given percentage, used by the pod for the specified duration.
- Helps understand how an application deals when it is no longer able to write data to the disk. For example, kafkas behavior when it is not able to commit data to the disk.
- Network Chaos ([Documentation](https://github.com/redhat-chaos/krkn-hub/blob/main/docs/network-chaos.md))
- Scenarios supported includes:
- Network latency
- Packet loss
- Interface flapping
- DNS errors
- Packet corruption
- Bandwidth limitation
### Test Environment Recommendations - how and where to run chaos tests
Let us take a look at few recommendations on how and where to run the chaos tests:
- Run the chaos tests continuously in your test pipelines:
- Software, systems, and infrastructure does change and the condition/health of each can change pretty rapidly. A good place to run tests is in your CI/CD pipeline running on a regular cadence.
- Run the chaos tests manually to learn from the system:
- When running a Chaos scenario or Fault tests, it is more important to understand how the system responds and reacts, rather than mark the execution as pass or fail.
- It is important to define the scope of the test before the execution to avoid some issues from masking others.
- Run the chaos tests in production environments or mimic the load in staging environments:
- As scary as a thought about testing in production is, production is the environment that users are in and traffic spikes/load are real. To fully test the robustness/resilience of a production system, running Chaos Engineering experiments in a production environment will provide needed insights. A couple of things to keep in mind:
- Minimize blast radius and have a backup plan in place to make sure the users and customers do not undergo downtime.
- Mimic the load in a staging environment in case Service Level Agreements are too tight to cover any downtime.
- Enable Observability:
- Chaos Engineering Without Observability ... Is Just Chaos.
- Make sure to have logging and monitoring installed on the cluster to help with understanding the behaviour as to why it is happening. In case of running the tests in the CI where it is not humanly possible to monitor the cluster all the time, it is recommended to leverage Cerberus to capture the state during the runs and metrics collection in Kraken to store metrics long term even after the cluster is gone.
- Kraken ships with dashboards that will help understand API, Etcd and Kubernetes cluster level stats and performance metrics.
- Pay attention to Prometheus alerts. Check if they are firing as expected.
- Run multiple chaos tests at once to mimic the production outages:
- For example, hogging both IO and Network at the same time instead of running them separately to observe the impact.
- You might have existing test cases, be it related to Performance, Scalability or QE. Run the chaos in the background during the test runs to observe the impact. Signaling feature in Kraken can help with coordinating the chaos runs i.e., start, stop, pause the scenarios based on the state of the other test jobs.
#### Chaos testing in Practice
##### OpenShift organization
Within the OpenShift organization we use kraken to perform chaos testing throughout a release before the code is available to customers.
1. We execute kraken during our regression test suite.
i. We cover each of the chaos scenarios across different clouds.
a. Our testing is predominantly done on AWS, Azure and GCP.
2. We run the chaos scenarios during a long running reliability test.
i. During this test we perform different types of tasks by different users on the cluster.
ii. We have added the execution of kraken to perform at certain times throughout the long running test and monitor the health of the cluster.
iii. This test can be seen here: https://github.com/openshift/svt/tree/master/reliability-v2
3. We are starting to add in test cases that perform chaos testing during an upgrade (not many iterations of this have been completed).
##### startx-lab
**NOTE**: Requests for enhancements and any issues need to be filed at the mentioned links given that they are not natively supported in Kraken.
The following content covers the implementation details around how Startx is leveraging Kraken:
* Using kraken as part of a tekton pipeline
You can find on [artifacthub.io](https://artifacthub.io/packages/search?kind=7&ts_query_web=kraken) the
[kraken-scenario](https://artifacthub.io/packages/tekton-task/startx-tekton-catalog/kraken-scenario) `tekton-task`
which can be used to start a kraken chaos scenarios as part of a chaos pipeline.
To use this task, you must have :
- Openshift pipeline enabled (or tekton CRD loaded for Kubernetes clusters)
- 1 Secret named `kraken-aws-creds` for scenarios using aws
- 1 ConfigMap named `kraken-kubeconfig` with credentials to the targeted cluster
- 1 ConfigMap named `kraken-config-example` with kraken configuration file (config.yaml)
- 1 ConfigMap named `kraken-common-example` with all kraken related files
- The `pipeline` SA with be autorized to run with priviveged SCC
You can create theses resources using the following sequence :
```bash
oc project default
oc adm policy add-scc-to-user privileged -z pipeline
oc apply -f https://github.com/startxfr/tekton-catalog/raw/stable/task/kraken-scenario/0.1/samples/common.yaml
```
Then you must change content of `kraken-aws-creds` secret, `kraken-kubeconfig` and `kraken-config-example` configMap
to reflect your cluster configuration. Refer to the [kraken configuration](https://github.com/redhat-chaos/krkn/blob/main/config/config.yaml)
and [configuration examples](https://github.com/startxfr/tekton-catalog/blob/stable/task/kraken-scenario/0.1/samples/)
for details on how to configure theses resources.
* Start as a single taskrun
```bash
oc apply -f https://github.com/startxfr/tekton-catalog/raw/stable/task/kraken-scenario/0.1/samples/taskrun.yaml
```
* Start as a pipelinerun
```yaml
oc apply -f https://github.com/startxfr/tekton-catalog/raw/stable/task/kraken-scenario/0.1/samples/pipelinerun.yaml
```
* Deploying kraken using a helm-chart
You can find on [artifacthub.io](https://artifacthub.io/packages/search?kind=0&ts_query_web=kraken) the
[chaos-kraken](https://artifacthub.io/packages/helm/startx/chaos-kraken) `helm-chart`
which can be used to deploy a kraken chaos scenarios.
Default configuration create the following resources :
- 1 project named **chaos-kraken**
- 1 scc with privileged context for kraken deployment
- 1 configmap with kraken 21 generic scenarios, various scripts and configuration
- 1 configmap with kubeconfig of the targeted cluster
- 1 job named kraken-test-xxx
- 1 service to the kraken pods
- 1 route to the kraken service
```bash
# Install the startx helm repository
helm repo add startx https://startxfr.github.io/helm-repository/packages/
# Install the kraken project
helm install --set project.enabled=true chaos-kraken-project startx/chaos-kraken
# Deploy the kraken instance
helm install \
--set kraken.enabled=true \
--set kraken.aws.credentials.region="eu-west-3" \
--set kraken.aws.credentials.key_id="AKIAXXXXXXXXXXXXXXXX" \
--set kraken.aws.credentials.secret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
--set kraken.kubeconfig.token.server="https://api.mycluster:6443" \
--set kraken.kubeconfig.token.token="sha256~XXXXXXXXXX_PUT_YOUR_TOKEN_HERE_XXXXXXXXXXXX" \
-n chaos-kraken \
chaos-kraken-instance startx/chaos-kraken
```

45
docs/installation.md
View File

@@ -1,45 +0,0 @@
## Installation
The following ways are supported to run Kraken:
- Standalone python program through Git.
- Containerized version using either Podman or Docker as the runtime via [Krkn-hub](https://github.com/krkn-chaos/krkn-hub)
- Kubernetes or OpenShift deployment ( unsupported )
**NOTE**: It is recommended to run Kraken external to the cluster ( Standalone or Containerized ) hitting the Kubernetes/OpenShift API as running it internal to the cluster might be disruptive to itself and also might not report back the results if the chaos leads to cluster's API server instability.
**NOTE**: To run Kraken on Power (ppc64le) architecture, build and run a containerized version by following the
instructions given [here](https://github.com/krkn-chaos/krkn/blob/main/containers/build_own_image-README.md).
**NOTE**: Helper functions for interactions in Krkn are part of [krkn-lib](https://github.com/redhat-chaos/krkn-lib).
Please feel free to reuse and expand them as you see fit when adding a new scenario or expanding
the capabilities of the current supported scenarios.
### Git
#### Clone the repository
Pick the latest stable release to install [here](https://github.com/krkn-chaos/krkn/releases).
```
$ git clone https://github.com/krkn-chaos/krkn.git --branch <release version>
$ cd krkn
```
#### Install the dependencies
```
$ python3.9 -m venv chaos
$ source chaos/bin/activate
$ pip3.9 install -r requirements.txt
```
**NOTE**: Make sure python3-devel and latest pip versions are installed on the system. The dependencies install has been tested with pip >= 21.1.3 versions.
#### Run
```
$ python3.9 run_kraken.py --config <config_file_location>
```
### Run containerized version
[Krkn-hub](https://github.com/krkn-chaos/krkn-hub) is a wrapper that allows running Krkn chaos scenarios via podman or docker runtime with scenario parameters/configuration defined as environment variables.
Refer [instructions](https://github.com/krkn-chaos/krkn-hub#supported-chaos-scenarios) to get started.

36
docs/managedcluster_scenarios.md
View File

@@ -1,36 +0,0 @@
### ManagedCluster Scenarios
[ManagedCluster](https://open-cluster-management.io/concepts/managedcluster/) scenarios provide a way to integrate kraken with [Open Cluster Management (OCM)](https://open-cluster-management.io/) and [Red Hat Advanced Cluster Management for Kubernetes (ACM)](https://www.redhat.com/en/technologies/management/advanced-cluster-management).
ManagedCluster scenarios leverage [ManifestWorks](https://open-cluster-management.io/concepts/manifestwork/) to inject faults into the ManagedClusters.
The following ManagedCluster chaos scenarios are supported:
1. **managedcluster_start_scenario**: Scenario to start the ManagedCluster instance.
2. **managedcluster_stop_scenario**: Scenario to stop the ManagedCluster instance.
3. **managedcluster_stop_start_scenario**: Scenario to stop and then start the ManagedCluster instance.
4. **start_klusterlet_scenario**: Scenario to start the klusterlet of the ManagedCluster instance.
5. **stop_klusterlet_scenario**: Scenario to stop the klusterlet of the ManagedCluster instance.
6. **stop_start_klusterlet_scenario**: Scenario to stop and start the klusterlet of the ManagedCluster instance.
ManagedCluster scenarios can be injected by placing the ManagedCluster scenarios config files under `managedcluster_scenarios` option in the Kraken config. Refer to [managedcluster_scenarios_example](https://github.com/redhat-chaos/krkn/blob/main/scenarios/kube/managedcluster_scenarios_example.yml) config file.
```
managedcluster_scenarios:
- actions: # ManagedCluster chaos scenarios to be injected
- managedcluster_stop_start_scenario
managedcluster_name: cluster1 # ManagedCluster on which scenario has to be injected; can set multiple names separated by comma
# label_selector: # When managedcluster_name is not specified, a ManagedCluster with matching label_selector is selected for ManagedCluster chaos scenario injection
instance_count: 1 # Number of managedcluster to perform action/select that match the label selector
runs: 1 # Number of times to inject each scenario under actions (will perform on same ManagedCluster each time)
timeout: 420 # Duration to wait for completion of ManagedCluster scenario injection
# For OCM to detect a ManagedCluster as unavailable, have to wait 5*leaseDurationSeconds
# (default leaseDurationSeconds = 60 sec)
- actions:
- stop_start_klusterlet_scenario
managedcluster_name: cluster1
# label_selector:
instance_count: 1
runs: 1
timeout: 60
```

49
docs/network_chaos.md
View File

@@ -1,49 +0,0 @@
### Network chaos
Scenario to introduce network latency, packet loss, and bandwidth restriction in the Node's host network interface. The purpose of this scenario is to observe faults caused by random variations in the network.
##### Sample scenario config for egress traffic shaping
```
network_chaos: # Scenario to create an outage by simulating random variations in the network.
duration: 300 # In seconds - duration network chaos will be applied.
node_name: # Comma separated node names on which scenario has to be injected.
label_selector: node-role.kubernetes.io/master # When node_name is not specified, a node with matching label_selector is selected for running the scenario.
instance_count: 1 # Number of nodes in which to execute network chaos.
interfaces: # List of interface on which to apply the network restriction.
- "ens5" # Interface name would be the Kernel host network interface name.
execution: serial|parallel # Execute each of the egress options as a single scenario(parallel) or as separate scenario(serial).
egress:
latency: 500ms
loss: 50% # percentage
bandwidth: 10mbit
```
##### Sample scenario config for ingress traffic shaping (using a plugin)
```
- id: network_chaos
config:
node_interface_name: # Dictionary with key as node name(s) and value as a list of its interfaces to test
ip-10-0-128-153.us-west-2.compute.internal:
- ens5
- genev_sys_6081
label_selector: node-role.kubernetes.io/master # When node_interface_name is not specified, nodes with matching label_selector is selected for node chaos scenario injection
instance_count: 1 # Number of nodes to perform action/select that match the label selector
kubeconfig_path: ~/.kube/config # Path to kubernetes config file. If not specified, it defaults to ~/.kube/config
execution_type: parallel # Execute each of the ingress options as a single scenario(parallel) or as separate scenario(serial).
network_params:
latency: 500ms
loss: '50%'
bandwidth: 10mbit
wait_duration: 120
test_duration: 60
```
Note: For ingress traffic shaping, ensure that your node doesn't have any [IFB](https://wiki.linuxfoundation.org/networking/ifb) interfaces already present. The scenario relies on creating IFBs to do the shaping, and they are deleted at the end of the scenario.
##### Steps
- Pick the nodes to introduce the network anomaly either from node_name or label_selector.
- Verify interface list in one of the nodes or use the interface with a default route, as test interface, if no interface is specified by the user.
- Set traffic shaping config on node's interface using tc and netem.
- Wait for the duration time.
- Remove traffic shaping config on node's interface.
- Remove the job that spawned the pod.

116
docs/node_scenarios.md
View File

@@ -1,116 +0,0 @@
### Node Scenarios
The following node chaos scenarios are supported:
1. **node_start_scenario**: Scenario to start the node instance.
2. **node_stop_scenario**: Scenario to stop the node instance.
3. **node_stop_start_scenario**: Scenario to stop the node instance for specified duration and then start the node instance. Not supported on VMware.
4. **node_termination_scenario**: Scenario to terminate the node instance.
5. **node_reboot_scenario**: Scenario to reboot the node instance.
6. **stop_kubelet_scenario**: Scenario to stop the kubelet of the node instance.
7. **stop_start_kubelet_scenario**: Scenario to stop and start the kubelet of the node instance.
8. **restart_kubelet_scenario**: Scenario to restart the kubelet of the node instance.
9. **node_crash_scenario**: Scenario to crash the node instance.
10. **stop_start_helper_node_scenario**: Scenario to stop and start the helper node and check service status.
11. **node_disk_detach_attach_scenario**: Scenario to detach node disk for specified duration.
**NOTE**: If the node does not recover from the node_crash_scenario injection, reboot the node to get it back to Ready state.
**NOTE**: node_start_scenario, node_stop_scenario, node_stop_start_scenario, node_termination_scenario
, node_reboot_scenario and stop_start_kubelet_scenario are supported on AWS, Azure, OpenStack, BareMetal, GCP
, VMware and Alibaba.
**NOTE**: node_disk_detach_attach_scenario is supported only on AWS and cannot detach root disk.
#### AWS
Cloud setup instructions can be found [here](cloud_setup.md#aws). Sample scenario config can be found [here](https://github.com/krkn-chaos/krkn/blob/main/scenarios/openshift/aws_node_scenarios.yml).
#### Baremetal
Sample scenario config can be found [here](https://github.com/krkn-chaos/krkn/blob/main/scenarios/openshift/baremetal_node_scenarios.yml).
**NOTE**: Baremetal requires setting the IPMI user and password to power on, off, and reboot nodes, using the config options `bm_user` and `bm_password`. It can either be set in the root of the entry in the scenarios config, or it can be set per machine.
If no per-machine addresses are specified, kraken attempts to use the BMC value in the BareMetalHost object. To list them, you can do 'oc get bmh -o wide --all-namespaces'. If the BMC values are blank, you must specify them per-machine using the config option 'bmc_addr' as specified below.
For per-machine settings, add a "bmc_info" section to the entry in the scenarios config. Inside there, add a configuration section using the node name. In that, add per-machine settings. Valid settings are 'bmc_user', 'bmc_password', and 'bmc_addr'.
See the example node scenario or the example below.
**NOTE**: Baremetal requires oc (openshift client) be installed on the machine running Kraken.
**NOTE**: Baremetal machines are fragile. Some node actions can occasionally corrupt the filesystem if it does not shut down properly, and sometimes the kubelet does not start properly.
#### Docker
The Docker provider can be used to run node scenarios against kind clusters.
[kind](https://kind.sigs.k8s.io/) is a tool for running local Kubernetes clusters using Docker container "nodes".
kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI.
#### GCP
Cloud setup instructions can be found [here](cloud_setup.md#gcp). Sample scenario config can be found [here](https://github.com/krkn-chaos/krkn/blob/main/scenarios/openshift/gcp_node_scenarios.yml).
NOTE: The parallel option is not available for GCP, the api doesn't perform processes at the same time
#### Openstack
How to set up Openstack cli to run node scenarios is defined [here](cloud_setup.md#openstack).
The supported node level chaos scenarios on an OPENSTACK cloud are `node_stop_start_scenario`, `stop_start_kubelet_scenario` and `node_reboot_scenario`.
**NOTE**: For `stop_start_helper_node_scenario`, visit [here](https://github.com/redhat-cop/ocp4-helpernode) to learn more about the helper node and its usage.
To execute the scenario, ensure the value for `ssh_private_key` in the node scenarios config file is set with the correct private key file path for ssh connection to the helper node. Ensure passwordless ssh is configured on the host running Kraken and the helper node to avoid connection errors.
#### Azure
Cloud setup instructions can be found [here](cloud_setup.md#azure). Sample scenario config can be found [here](https://github.com/krkn-chaos/krkn/blob/main/scenarios/openshift/azure_node_scenarios.yml).
#### Alibaba
How to set up Alibaba cli to run node scenarios is defined [here](cloud_setup.md#alibaba).
**NOTE**: There is no "terminating" idea in Alibaba, so any scenario with terminating will "release" the node
. Releasing a node is 2 steps, stopping the node and then releasing it.
#### VMware
How to set up VMware vSphere to run node scenarios is defined [here](cloud_setup.md#vmware)
See [example config file](../scenarios/openshift/vmware_node_scenarios.yml)
#### IBMCloud
How to set up IBMCloud to run node scenarios is defined [here](cloud_setup.md#ibmcloud)
This cloud type uses a different configuration style, see actions below and [example config file](../scenarios/openshift/ibmcloud_node_scenarios.yml)
- ibmcloud-node-terminate
- ibmcloud-node-reboot
- ibmcloud-node-stop
- ibmcloud-node-start
#### General
**NOTE**: The `node_crash_scenario` and `stop_kubelet_scenario` scenario is supported independent of the cloud platform.
Use 'generic' or do not add the 'cloud_type' key to your scenario if your cluster is not set up using one of the current supported cloud types.

12
docs/performance_dashboards.md
View File

@@ -1,12 +0,0 @@
## Performance dashboards
Kraken supports installing a mutable grafana on the cluster with the dashboards loaded to help with monitoring the cluster for things like resource usage to find the outliers, API stats, Etcd health, Critical alerts etc. It can be deployed by enabling the following in the config:
```
performance_monitoring:
deploy_dashboards: True
```
The route and credentials to access the dashboards will be printed on the stdout before Kraken starts creating chaos. The dashboards can be edited/modified to include your queries of interest.
**NOTE**: The dashboards leverage Prometheus for scraping the metrics off of the cluster and currently only supports OpenShift since Prometheus is setup on the cluster by default and leverages routes object to expose the grafana dashboards externally.

46
docs/pod_network_scenarios.md
View File

@@ -1,46 +0,0 @@
## Pod network Scenarios
### Pod outage
Scenario to block the traffic ( Ingress/Egress ) of a pod matching the labels for the specified duration of time to understand the behavior of the service/other services which depend on it during downtime. This helps with planning the requirements accordingly, be it improving the timeouts or tweaking the alerts etc.
With the current network policies, it is not possible to explicitly block ports which are enabled by allowed network policy rule. This chaos scenario addresses this issue by using OVS flow rules to block ports related to the pod. It supports OpenShiftSDN and OVNKubernetes based networks.
##### Sample scenario config (using a plugin)
```
- id: pod_network_outage
config:
namespace: openshift-console # Required - Namespace of the pod to which filter need to be applied
direction: # Optioinal - List of directions to apply filters
- ingress # Blocks ingress traffic, Default both egress and ingress
ingress_ports: # Optional - List of ports to block traffic on
- 8443 # Blocks 8443, Default [], i.e. all ports.
label_selector: 'component=ui' # Blocks access to openshift console
```
### Pod Network shaping
Scenario to introduce network latency, packet loss, and bandwidth restriction in the Pod's network interface. The purpose of this scenario is to observe faults caused by random variations in the network.
##### Sample scenario config for egress traffic shaping (using plugin)
```
- id: pod_egress_shaping
config:
namespace: openshift-console # Required - Namespace of the pod to which filter need to be applied.
label_selector: 'component=ui' # Applies traffic shaping to access openshift console.
network_params:
latency: 500ms # Add 500ms latency to egress traffic from the pod.
```
##### Sample scenario config for ingress traffic shaping (using plugin)
```
- id: pod_ingress_shaping
config:
namespace: openshift-console # Required - Namespace of the pod to which filter need to be applied.
label_selector: 'component=ui' # Applies traffic shaping to access openshift console.
network_params:
latency: 500ms # Add 500ms latency to egress traffic from the pod.
```
##### Steps
- Pick the pods to introduce the network anomaly either from label_selector or pod_name.
- Identify the pod interface name on the node.
- Set traffic shaping config on pod's interface using tc and netem.
- Wait for the duration time.
- Remove traffic shaping config on pod's interface.
- Remove the job that spawned the pod.

37
docs/pod_scenarios.md
View File

@@ -1,37 +0,0 @@
### Pod Scenarios
Krkn recently replaced PowerfulSeal with its own internal pod scenarios using a plugin system. You can run pod scenarios by adding the following config to Krkn:
```yaml
kraken:
chaos_scenarios:
- plugin_scenarios:
- path/to/scenario.yaml
```
You can then create the scenario file with the following contents:
```yaml
# yaml-language-server: $schema=../plugin.schema.json
- id: kill-pods
config:
namespace_pattern: ^kube-system$
label_selector: k8s-app=kube-scheduler
krkn_pod_recovery_time: 120
```
Please adjust the schema reference to point to the [schema file](../scenarios/plugin.schema.json). This file will give you code completion and documentation for the available options in your IDE.
#### Pod Chaos Scenarios
The following are the components of Kubernetes/OpenShift for which a basic chaos scenario config exists today.
| Component | Description | Working |
| ------------------------ |-------------| -------- |
| [Basic pod scenario](../scenarios/kube/pod.yml) | Kill a pod. | :heavy_check_mark: |
| [Etcd](../scenarios/openshift/etcd.yml) | Kills a single/multiple etcd replicas. | :heavy_check_mark: |
| [Kube ApiServer](../scenarios/openshift/openshift-kube-apiserver.yml)| Kills a single/multiple kube-apiserver replicas. | :heavy_check_mark: |
| [ApiServer](../scenarios/openshift/openshift-apiserver.yml) | Kills a single/multiple apiserver replicas. | :heavy_check_mark: |
| [Prometheus](../scenarios/openshift/prometheus.yml) | Kills a single/multiple prometheus replicas. | :heavy_check_mark: |
| [OpenShift System Pods](../scenarios/openshift/regex_openshift_pod_kill.yml) | Kills random pods running in the OpenShift system namespaces. | :heavy_check_mark: |

26
docs/pvc_scenario.md
View File

@@ -1,26 +0,0 @@
### PVC scenario
Scenario to fill up a given PersistenVolumeClaim by creating a temp file on the PVC from a pod associated with it. The purpose of this scenario is to fill up a volume to understand faults caused by the application using this volume.
##### Sample scenario config
```
pvc_scenario:
pvc_name: <pvc_name> # Name of the target PVC.
pod_name: <pod_name> # Name of the pod where the PVC is mounted. It will be ignored if the pvc_name is defined.
namespace: <namespace_name> # Namespace where the PVC is.
fill_percentage: 50 # Target percentage to fill up the cluster. Value must be higher than current percentage. Valid values are between 0 and 99.
duration: 60 # Duration in seconds for the fault.
```
##### Steps
- Get the pod name where the PVC is mounted.
- Get the volume name mounted in the container pod.
- Get the container name where the PVC is mounted.
- Get the mount path where the PVC is mounted in the pod.
- Get the PVC capacity and current used capacity.
- Calculate file size to fill the PVC to the target fill_percentage.
- Connect to the pod.
- Create a temp file `kraken.tmp` with random data on the mount path:
- `dd bs=1024 count=$file_size </dev/urandom > /mount_path/kraken.tmp`
- Wait for the duration time.
- Remove the temp file created:
- `rm kraken.tmp`

136
docs/scenario_plugin_api.md
View File

@@ -1,136 +0,0 @@
# Scenario Plugin API:
This API enables seamless integration of Scenario Plugins for Krkn. Plugins are automatically
detected and loaded by the plugin loader, provided they extend the `AbstractPluginScenario`
abstract class, implement the required methods, and adhere to the specified [naming conventions](#naming-conventions).
## Plugin folder:
The plugin loader automatically loads plugins found in the `krkn/scenario_plugins` directory,
relative to the Krkn root folder. Each plugin must reside in its own directory and can consist
of one or more Python files. The entry point for each plugin is a Python class that extends the
[AbstractPluginScenario](../krkn/scenario_plugins/abstract_scenario_plugin.py) abstract class and implements its required methods.
## `AbstractPluginScenario` abstract class:
This [abstract class](../krkn/scenario_plugins/abstract_scenario_plugin.py) defines the contract between the plugin and krkn.
It consists of two methods:
- `run(...)`
- `get_scenario_type()`
Most IDEs can automatically suggest and implement the abstract methods defined in `AbstractPluginScenario`:
![pycharm](scenario_plugin_pycharm.gif)
_(IntelliJ PyCharm)_
### `run(...)`
```python
def run(
self,
run_uuid: str,
scenario: str,
krkn_config: dict[str, any],
lib_telemetry: KrknTelemetryOpenshift,
scenario_telemetry: ScenarioTelemetry,
) -> int:
```
This method represents the entry point of the plugin and the first method
that will be executed.
#### Parameters:
- `run_uuid`:
- the uuid of the chaos run generated by krkn for every single run.
- `scenario`:
- the config file of the scenario that is currently executed
- `krkn_config`:
- the full dictionary representation of the `config.yaml`
- `lib_telemetry`
- it is a composite object of all the [krkn-lib](https://krkn-chaos.github.io/krkn-lib-docs/modules.html) objects and methods needed by a krkn plugin to run.
- `scenario_telemetry`
- the `ScenarioTelemetry` object of the scenario that is currently executed
### Return value:
Returns 0 if the scenario succeeds and 1 if it fails.
> [!WARNING]
> All the exception must be handled __inside__ the run method and not propagated.
### `get_scenario_types()`:
```python def get_scenario_types(self) -> list[str]:```
Indicates the scenario types specified in the `config.yaml`. For the plugin to be properly
loaded, recognized and executed, it must be implemented and must return one or more
strings matching `scenario_type` strings set in the config.
> [!WARNING]
> Multiple strings can map to a *single* `ScenarioPlugin` but the same string cannot map
> to different plugins, an exception will be thrown for scenario_type redefinition.
> [!Note]
> The `scenario_type` strings must be unique across all plugins; otherwise, an exception will be thrown.
## Naming conventions:
A key requirement for developing a plugin that will be properly loaded
by the plugin loader is following the established naming conventions.
These conventions are enforced to maintain a uniform and readable codebase,
making it easier to onboard new developers from the community.
### plugin folder:
- the plugin folder must be placed in the `krkn/scenario_plugin` folder starting from the krkn root folder
- the plugin folder __cannot__ contain the words
- `plugin`
- `scenario`
### plugin file name and class name:
- the plugin file containing the main plugin class must be named in _snake case_ and must have the suffix `_scenario_plugin`:
- `example_scenario_plugin.py`
- the main plugin class must named in _capital camel case_ and must have the suffix `ScenarioPlugin` :
- `ExampleScenarioPlugin`
- the file name must match the class name in the respective syntax:
- `example_scenario_plugin.py` -> `ExampleScenarioPlugin`
### scenario type:
- the scenario type __must__ be unique between all the scenarios.
### logging:
If your new scenario does not adhere to the naming conventions, an error log will be generated in the Krkn standard output,
providing details about the issue:
```commandline
2024-10-03 18:06:31,136 [INFO] 📣 `ScenarioPluginFactory`: types from config.yaml mapped to respective classes for execution:
2024-10-03 18:06:31,136 [INFO] ✅ type: application_outages_scenarios ➡️ `ApplicationOutageScenarioPlugin`
2024-10-03 18:06:31,136 [INFO] ✅ types: [hog_scenarios, arcaflow_scenario] ➡️ `ArcaflowScenarioPlugin`
2024-10-03 18:06:31,136 [INFO] ✅ type: container_scenarios ➡️ `ContainerScenarioPlugin`
2024-10-03 18:06:31,136 [INFO] ✅ type: managedcluster_scenarios ➡️ `ManagedClusterScenarioPlugin`
2024-10-03 18:06:31,137 [INFO] ✅ types: [pod_disruption_scenarios, pod_network_scenario, vmware_node_scenarios, ibmcloud_node_scenarios] ➡️ `NativeScenarioPlugin`
2024-10-03 18:06:31,137 [INFO] ✅ type: network_chaos_scenarios ➡️ `NetworkChaosScenarioPlugin`
2024-10-03 18:06:31,137 [INFO] ✅ type: node_scenarios ➡️ `NodeActionsScenarioPlugin`
2024-10-03 18:06:31,137 [INFO] ✅ type: pvc_scenarios ➡️ `PvcScenarioPlugin`
2024-10-03 18:06:31,137 [INFO] ✅ type: service_disruption_scenarios ➡️ `ServiceDisruptionScenarioPlugin`
2024-10-03 18:06:31,137 [INFO] ✅ type: service_hijacking_scenarios ➡️ `ServiceHijackingScenarioPlugin`
2024-10-03 18:06:31,137 [INFO] ✅ type: cluster_shut_down_scenarios ➡️ `ShutDownScenarioPlugin`
2024-10-03 18:06:31,137 [INFO] ✅ type: syn_flood_scenarios ➡️ `SynFloodScenarioPlugin`
2024-10-03 18:06:31,137 [INFO] ✅ type: time_scenarios ➡️ `TimeActionsScenarioPlugin`
2024-10-03 18:06:31,137 [INFO] ✅ type: zone_outages_scenarios ➡️ `ZoneOutageScenarioPlugin`
2024-09-18 14:48:41,735 [INFO] Failed to load Scenario Plugins:
2024-09-18 14:48:41,735 [ERROR] ⛔ Class: ExamplePluginScenario Module: krkn.scenario_plugins.example.example_scenario_plugin
2024-09-18 14:48:41,735 [ERROR] ⚠️ scenario plugin class name must start with a capital letter, end with `ScenarioPlugin`, and cannot be just `ScenarioPlugin`.
```
>[!NOTE]
>If you're trying to understand how the scenario types in the config.yaml are mapped to
> their corresponding plugins, this log will guide you!
> Each scenario plugin class mentioned can be found in the `krkn/scenario_plugin` folder
> simply convert the camel case notation and remove the ScenarioPlugin suffix from the class name
> e.g `ShutDownScenarioPlugin` class can be found in the `krkn/scenario_plugin/shut_down` folder.
## ExampleScenarioPlugin
The [ExampleScenarioPlugin](../krkn/tests/test_classes/example_scenario_plugin.py) class included in the tests folder can be used as a scaffolding for new plugins and it is considered
part of the documentation.
For any questions or further guidance, feel free to reach out to us on the
[Kubernetes workspace](https://kubernetes.slack.com/) in the `#krkn` channel.
Were happy to assist. Now, __release the Krkn!__

BIN
docs/scenario_plugin_pycharm.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 340 KiB

66
docs/service_disruption_scenarios.md
View File

@@ -1,66 +0,0 @@
### Service Disruption Scenarios (Previously Delete Namespace Scenario)
Using this type of scenario configuration one is able to delete crucial objects in a specific namespace, or a namespace matching a certain regex string. The goal of this scenario is to ensure Pod Disruption Budgets with appropriate configurations are set to have minimum number of replicas are running at a given time and avoid downtime.
**NOTE**: Protect your application during disruptions by setting a [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to avoid downtime. For instance, etcd, zookeeper or similar applications need at least 2 replicas to maintain quorum. This can be ensured by setting PDB maxUnavailable to 1.
Configuration Options:
**namespace:** Specific namespace or regex style namespace of what you want to delete. Gets all namespaces if not specified; set to "" if you want to use the label_selector field.
Set to '^.*$' and label_selector to "" to randomly select any namespace in your cluster.
**label_selector:** Label on the namespace you want to delete. Set to "" if you are using the namespace variable.
**delete_count:** Number of namespaces to kill in each run. Based on matching namespace and label specified, default is 1.
**runs:** Number of runs/iterations to kill namespaces, default is 1.
**sleep:** Number of seconds to wait between each iteration/count of killing namespaces. Defaults to 10 seconds if not set
Refer to [namespace_scenarios_example](https://github.com/krkn-chaos/krkn/blob/main/scenarios/regex_namespace.yaml) config file.
```
scenarios:
- namespace: "^.*$"
runs: 1
- namespace: "^.*ingress.*$"
runs: 1
sleep: 15
```
### Steps
This scenario will select a namespace (or multiple) dependent on the configuration and will kill all of the below object types in that namespace and will wait for them to be Running in the post action
1. Services
2. Daemonsets
3. Statefulsets
4. Replicasets
5. Deployments
#### Post Action
We do a post chaos check to wait and verify the specific objects in each namespace are Ready
Here there are two options:
1. Pass a custom script in the main config scenario list that will run before the chaos and verify the output matches post chaos scenario.
See [scenarios/post_action_namespace.py](https://github.com/cloud-bulldozer/kraken/tree/master/scenarios/post_action_namespace.py) for an example
```
- namespace_scenarios:
- - scenarios/regex_namespace.yaml
- scenarios/post_action_namespace.py
```
1. Allow kraken to wait and check all killed objects in the namespaces become 'Running' again. Kraken keeps a list of the specific
objects in namespaces that were killed to verify all that were affected recover properly.
```
wait_time: <seconds to wait for namespace to recover>
```

80
docs/service_hijacking_scenarios.md
View File

@@ -1,80 +0,0 @@
### Service Hijacking Scenarios
Service Hijacking Scenarios aim to simulate fake HTTP responses from a workload targeted by a
`Service` already deployed in the cluster.
This scenario is executed by deploying a custom-made web service and modifying the target `Service`
selector to direct traffic to this web service for a specified duration.
The web service's source code is available [here](https://github.com/krkn-chaos/krkn-service-hijacking).
It employs a time-based test plan from the scenario configuration file, which specifies the behavior of resources during the chaos scenario as follows:
```yaml
service_target_port: http-web-svc # The port of the service to be hijacked (can be named or numeric, based on the workload and service configuration).
service_name: nginx-service # The name of the service that will be hijacked.
service_namespace: default # The namespace where the target service is located.
image: quay.io/krkn-chaos/krkn-service-hijacking:v0.1.3 # Image of the krkn web service to be deployed to receive traffic.
chaos_duration: 30 # Total duration of the chaos scenario in seconds.
plan:
- resource: "/list/index.php" # Specifies the resource or path to respond to in the scenario. For paths, both the path and query parameters are captured but ignored. For resources, only query parameters are captured.
steps: # A time-based plan consisting of steps can be defined for each resource.
GET: # One or more HTTP methods can be specified for each step. Note: Non-standard methods are supported for fully custom web services (e.g., using NONEXISTENT instead of POST).
- duration: 15 # Duration in seconds for this step before moving to the next one, if defined. Otherwise, this step will continue until the chaos scenario ends.
status: 500 # HTTP status code to be returned in this step.
mime_type: "application/json" # MIME type of the response for this step.
payload: | # The response payload for this step.
{
"status":"internal server error"
}
- duration: 15
status: 201
mime_type: "application/json"
payload: |
{
"status":"resource created"
}
POST:
- duration: 15
status: 401
mime_type: "application/json"
payload: |
{
"status": "unauthorized"
}
- duration: 15
status: 404
mime_type: "text/plain"
payload: "not found"
```
The scenario will focus on the `service_name` within the `service_namespace`,
substituting the selector with a randomly generated one, which is added as a label in the mock service manifest.
This allows multiple scenarios to be executed in the same namespace, each targeting different services without
causing conflicts.
The newly deployed mock web service will expose a `service_target_port`,
which can be either a named or numeric port based on the service configuration.
This ensures that the Service correctly routes HTTP traffic to the mock web service during the chaos run.
Each step will last for `duration` seconds from the deployment of the mock web service in the cluster.
For each HTTP resource, defined as a top-level YAML property of the plan
(it could be a specific resource, e.g., /list/index.php, or a path-based resource typical in MVC frameworks),
one or more HTTP request methods can be specified. Both standard and custom request methods are supported.
During this time frame, the web service will respond with:
- `status`: The [HTTP status code](https://datatracker.ietf.org/doc/html/rfc7231#section-6) (can be standard or custom).
- `mime_type`: The [MIME type](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types) (can be standard or custom).
- `payload`: The response body to be returned to the client.
At the end of the step `duration`, the web service will proceed to the next step (if available) until
the global `chaos_duration` concludes. At this point, the original service will be restored,
and the custom web service and its resources will be undeployed.
__NOTE__: Some clients (e.g., cURL, jQuery) may optimize queries using lightweight methods (like HEAD or OPTIONS)
to probe API behavior. If these methods are not defined in the test plan, the web service may respond with
a `405` or `404` status code. If you encounter unexpected behavior, consider this use case.

71
docs/signal.md
View File

@@ -1,71 +0,0 @@
### Signaling to Kraken
This functionality allows a user to be able to pause or stop the kraken run at any time no matter the number of iterations or daemon_mode set in the config.
If publish_kraken_status is set to True in the config, kraken will start up a connection to a url at a certain port to decide if it should continue running.
By default, it will get posted to http://0.0.0.0:8081/
An example use case for this feature would be coordinating kraken runs based on the status of the service installation or load on the cluster.
#### States
There are 3 states in the kraken status:
```PAUSE```: When the Kraken signal is 'PAUSE', this will pause the kraken test and wait for the wait_duration until the signal returns to RUN.
```STOP```: When the Kraken signal is 'STOP', end the kraken run and print out report.
```RUN```: When the Kraken signal is 'RUN', continue kraken run based on iterations.
#### Configuration
In the config you need to set these parameters to tell kraken which port to post the kraken run status to.
As well if you want to publish and stop running based on the kraken status or not.
The signal is set to `RUN` by default, meaning it will continue to run the scenarios. It can set to `PAUSE` for Kraken to act as listener and wait until set to `RUN` before injecting chaos.
```
port: 8081
publish_kraken_status: True
signal_state: RUN
```
#### Setting Signal
You can reset the kraken status during kraken execution with a `set_stop_signal.py` script with the following contents:
```
import http.client as cli
conn = cli.HTTPConnection("0.0.0.0", "<port>")
conn.request("POST", "/STOP", {})
# conn.request('POST', '/PAUSE', {})
# conn.request('POST', '/RUN', {})
response = conn.getresponse()
print(response.read().decode())
```
Make sure to set the correct port number in your set_stop_signal script.
##### Url Examples
To stop run:
```
curl -X POST http:/0.0.0.0:8081/STOP
```
To pause run:
```
curl -X POST http:/0.0.0.0:8081/PAUSE
```
To start running again:
```
curl -X POST http:/0.0.0.0:8081/RUN
```

33
docs/syn_flood_scenarios.md
View File

@@ -1,33 +0,0 @@
### SYN Flood Scenarios
This scenario generates a substantial amount of TCP traffic directed at one or more Kubernetes services within
the cluster to test the server's resiliency under extreme traffic conditions.
It can also target hosts outside the cluster by specifying a reachable IP address or hostname.
This scenario leverages the distributed nature of Kubernetes clusters to instantiate multiple instances
of the same pod against a single host, significantly increasing the effectiveness of the attack.
The configuration also allows for the specification of multiple node selectors, enabling Kubernetes to schedule
the attacker pods on a user-defined subset of nodes to make the test more realistic.
```yaml
packet-size: 120 # hping3 packet size
window-size: 64 # hping 3 TCP window size
duration: 10 # chaos scenario duration
namespace: default # namespace where the target service(s) are deployed
target-service: target-svc # target service name (if set target-service-label must be empty)
target-port: 80 # target service TCP port
target-service-label : "" # target service label, can be used to target multiple target at the same time
# if they have the same label set (if set target-service must be empty)
number-of-pods: 2 # number of attacker pod instantiated per each target
image: quay.io/krkn-chaos/krkn-syn-flood # syn flood attacker container image
attacker-nodes: # this will set the node affinity to schedule the attacker node. Per each node label selector
# can be specified multiple values in this way the kube scheduler will schedule the attacker pods
# in the best way possible based on the provided labels. Multiple labels can be specified
kubernetes.io/hostname:
- host_1
- host_2
kubernetes.io/os:
- linux
```
The attacker container source code is available [here](https://github.com/krkn-chaos/krkn-syn-flood).

44
docs/test_your_changes.md
View File

@@ -1,44 +0,0 @@
# How to Test Your Changes/Additions
## Current list of Scenario Types
Scenario Types:
* pod-scenarios
* node-scenarios
* zone-outages
* time-scenarios
* cluster-shutdown
* container-scenarios
* node-cpu-hog
* node-io-hog
* node-memory-hog
* application-outages
## Adding a New Scenario
1. Create folder under [kraken/kraken](../kraken) with name pertinent to your scenario name.
2. Create a python file that will have a generic run function to be the base of your scenario.
a. See [shut_down.py](../kraken/shut_down/common_shut_down_func.py) for example.
3. Add in a scenario yaml file to run your specific scenario under [scenarios](../scenarios).
a. Try to add as many parameters as possible and be sure to give them default values in your run function.
4. Add all functionality and helper functions in file you made above (Step 2).
5. Add in caller to new scenario type in [run_kraken.py](../run_kraken.py) (around line 154).
a. This will also require you to add the new scenario python script to your imports.
6. Add scenario type and scenario yaml to the scenario list in [config](../config/config.yaml) and [config_performance](../config/config_performance.yaml).
7. Update this doc and main README with new scenario type.
8. Add CI test for new scenario.
a. Refer to test [Readme](../CI/README.md#adding-a-test-case) for more details.
## Follow Contribute guide
Once all you are happy with your changes, follow the [contribution](#docs/contribute.md) guide on how to create your own branch and squash your commits.

33
docs/time_scenarios.md
View File

@@ -1,33 +0,0 @@
### Time/Date Skew Scenarios
Using this type of scenario configuration, one is able to change the time and/or date of the system for pods or nodes.
Configuration Options:
**action:** skew_time or skew_date.
**object_type:** pod or node.
**namespace:** namespace of the pods you want to skew. Needs to be set if setting a specific pod name.
**label_selector:** Label on the nodes or pods you want to skew.
**container_name:** Container name in pod you want to reset time on. If left blank it will randomly select one.
**object_name:** List of the names of pods or nodes you want to skew.
Refer to [time_scenarios_example](https://github.com/krkn-chaos/krkn/blob/main/scenarios/time_scenarios_example.yml) config file.
```
time_scenarios:
- action: skew_time
object_type: pod
object_name:
- apiserver-868595fcbb-6qnsc
- apiserver-868595fcbb-mb9j5
namespace: openshift-apiserver
container_name: openshift-apiserver
- action: skew_date
object_type: node
label_selector: node-role.kubernetes.io/worker
```

28
docs/zone_outage.md
View File

@@ -1,28 +0,0 @@
### Zone outage scenario
Scenario to create outage in a targeted zone in the public cloud to understand the impact on both Kubernetes/OpenShift control plane as well as applications running on the worker nodes in that zone. It tweaks the network acl of the zone to simulate the failure and that in turn will stop both ingress and egress traffic from all the nodes in a particular zone for the specified duration and reverts it back to the previous state. Zone outage can be injected by placing the zone_outage config file under zone_outages option in the [kraken config](https://github.com/redhat-chaos/krkn/blob/main/config/config.yaml). Refer to [zone_outage_scenario](https://github.com/redhat-chaos/krkn/blob/main/scenarios/zone_outage.yaml) config file for the parameters that need to be defined.
Refer to [cloud setup](cloud_setup.md) to configure your cli properly for the cloud provider of the cluster you want to shut down.
##### Current accepted cloud types:
* [AWS](cloud_setup.md#aws)
##### Sample scenario config
```
zone_outage: # Scenario to create an outage of a zone by tweaking network ACL.
cloud_type: aws # Cloud type on which Kubernetes/OpenShift runs. aws is the only platform supported currently for this scenario.
duration: 600 # Duration in seconds after which the zone will be back online.
vpc_id: # Cluster virtual private network to target.
subnet_id: [subnet1, subnet2] # List of subnet-id's to deny both ingress and egress traffic.
default_acl_id: acl-xxxxxxxx # (Optional) ID of an existing network ACL to use instead of creating a new one. If provided, this ACL will not be deleted after the scenario.
```
**NOTE**: vpc_id and subnet_id can be obtained from the cloud web console by selecting one of the instances in the targeted zone ( us-west-2a for example ).
**NOTE**: Multiple zones will experience downtime in case of targeting multiple subnets which might have an impact on the cluster health especially if the zones have control plane components deployed.
**NOTE**: default_acl_id can be obtained from the AWS VPC Console by selecting "Network ACLs" from the left sidebar ( the ID will be in the format 'acl-xxxxxxxx' ). Make sure the selected ACL has the desired ingress/egress rules for your outage scenario ( i.e., deny all ).
##### Debugging steps in case of failures
In case of failures during the steps which revert back the network acl to allow traffic and bring back the cluster nodes in the zone, the nodes in the particular zone will be in `NotReady` condition. Here is how to fix it:
- OpenShift by default deploys the nodes in different zones for fault tolerance, for example us-west-2a, us-west-2b, us-west-2c. The cluster is associated with a virtual private network and each zone has its own subnet with a network acl which defines the ingress and egress traffic rules at the zone level unlike security groups which are at an instance level.
- From the cloud web console, select one of the instances in the zone which is down and go to the subnet_id specified in the config.
- Look at the network acl associated with the subnet and you will see both ingress and egress traffic being denied which is expected as Kraken deliberately injects it.
- Kraken just switches the network acl while still keeping the original or default network acl around, switching to the default network acl from the drop-down menu will get back the nodes in the targeted zone into Ready state.

32
krkn/prometheus/client.py
View File

@@ -8,6 +8,7 @@ from typing import Optional, List, Dict, Any
import logging
import urllib3
import sys
import json
import yaml
from krkn_lib.elastic.krkn_elastic import KrknElastic
@@ -156,7 +157,8 @@ def metrics(
start_time,
end_time,
metrics_profile,
elastic_metrics_index
elastic_metrics_index,
telemetry_json
) -> list[dict[str, list[(int, float)] | str]]:
if metrics_profile is None or os.path.exists(metrics_profile) is False:
@@ -222,7 +224,33 @@ def metrics(
metrics_list.append(metric.copy())
except ValueError:
pass
telemetry_json = json.loads(telemetry_json)
for scenario in telemetry_json['scenarios']:
for k,v in scenario["affected_pods"].items():
metric_name = "affected_pods_recovery"
metric = {"metricName": metric_name, "type": k}
if type(v) is list:
for pod in v:
for k,v in pod.items():
metric[k] = v
metric['timestamp'] = str(datetime.datetime.now())
print('adding pod' + str(metric))
metrics_list.append(metric.copy())
for affected_node in scenario["affected_nodes"]:
metric_name = "affected_nodes_recovery"
metric = {"metricName": metric_name}
for k,v in affected_node.items():
metric[k] = v
metric['timestamp'] = str(datetime.datetime.now())
metrics_list.append(metric.copy())
if telemetry_json['health_checks']:
for health_check in telemetry_json["health_checks"]:
metric_name = "health_check_recovery"
metric = {"metricName": metric_name}
for k,v in health_check.items():
metric[k] = v
metric['timestamp'] = str(datetime.datetime.now())
metrics_list.append(metric.copy())
if elastic:
result = elastic.upload_metrics_to_elasticsearch(
run_uuid=run_uuid, index=elastic_metrics_index, raw_data=metrics_list

8
krkn/scenario_plugins/native/network/ingress_shaping.py
View File

@@ -256,7 +256,7 @@ def verify_interface(
% (interface, node, node_interface_list)
)
finally:
logging.info("Deleteing pod to query interface on node")
logging.info("Deleting pod to query interface on node")
kube_helper.delete_pod(cli, "fedtools", "default")
return input_interface_list
@@ -546,7 +546,7 @@ def wait_for_job(
count += 1
job_list.remove(job_name)
except Exception:
logging.warn("Exception in getting job status")
logging.warning("Exception in getting job status")
if time.time() > wait_time:
raise Exception(
"Jobs did not complete within "
@@ -585,7 +585,7 @@ def delete_jobs(cli: CoreV1Api, batch_cli: BatchV1Api, job_list: typing.List[str
pod_log = pod_log_response.data.decode("utf-8")
logging.error(pod_log)
except Exception as e:
logging.warn("Exception in getting job status: %s" % str(e))
logging.warning("Exception in getting job status: %s" % str(e))
api_response = kube_helper.delete_job(
batch_cli, name=job_name, namespace="default"
)
@@ -661,7 +661,7 @@ def get_ingress_cmd(
)
tc_set += ";"
exec_cmd = "{0} {1} sleep {2};{3} sleep 20;{4}".format(
exec_cmd = "sleep 30;{0} {1} sleep {2};{3} sleep 20;{4}".format(
tc_set, tc_ls, duration, tc_unset, tc_ls
)

8
krkn/scenario_plugins/native/network/kubernetes_functions.py
View File

@@ -29,13 +29,13 @@ def create_job(batch_cli, body, namespace="default"):
api_response = batch_cli.create_namespaced_job(body=body, namespace=namespace)
return api_response
except ApiException as api:
logging.warn(
logging.warning(
"Exception when calling \
BatchV1Api->create_job: %s"
% api
)
if api.status == 409:
logging.warn("Job already present")
logging.warning("Job already present")
except Exception as e:
logging.error(
"Exception when calling \
@@ -218,12 +218,12 @@ def delete_job(batch_cli, name, namespace="default"):
logging.debug("Job deleted. status='%s'" % str(api_response.status))
return api_response
except ApiException as api:
logging.warn(
logging.warning(
"Exception when calling \
BatchV1Api->create_namespaced_job: %s"
% api
)
logging.warn("Job already deleted\n")
logging.warning("Job already deleted\n")
except Exception as e:
logging.error(
"Exception when calling \

8
krkn/scenario_plugins/native/pod_network_outage/kubernetes_functions.py
View File

@@ -27,13 +27,13 @@ def create_job(batch_cli, body, namespace="default"):
body=body, namespace=namespace)
return api_response
except ApiException as api:
logging.warn(
logging.warning(
"Exception when calling \
BatchV1Api->create_job: %s"
% api
)
if api.status == 409:
logging.warn("Job already present")
logging.warning("Job already present")
except Exception as e:
logging.error(
"Exception when calling \
@@ -196,12 +196,12 @@ def delete_job(batch_cli, name, namespace="default"):
logging.debug("Job deleted. status='%s'" % str(api_response.status))
return api_response
except ApiException as api:
logging.warn(
logging.warning(
"Exception when calling \
BatchV1Api->create_namespaced_job: %s"
% api
)
logging.warn("Job already deleted\n")
logging.warning("Job already deleted\n")
except Exception as e:
logging.error(
"Exception when calling \

36
krkn/scenario_plugins/native/pod_network_outage/pod_network_outage_plugin.py
View File

@@ -102,7 +102,7 @@ def delete_jobs(kubecli: KrknKubernetes, job_list: typing.List[str]):
pod_log = pod_log_response.data.decode("utf-8")
logging.error(pod_log)
except Exception as e:
logging.warn("Exception in getting job status: %s" % str(e))
logging.warning("Exception in getting job status: %s" % str(e))
api_response = kubecli.delete_job(name=job_name, namespace="default")
@@ -137,7 +137,7 @@ def wait_for_job(
count += 1
job_list.remove(job_name)
except Exception:
logging.warn("Exception in getting job status")
logging.warning("Exception in getting job status")
if time.time() > wait_time:
raise Exception(
"Jobs did not complete within "
@@ -229,6 +229,8 @@ def apply_outage_policy(
"""
job_list = []
yml_list = []
cookie_list = []
cookie = random.randint(100, 10000)
net_direction = {"egress": "nw_src", "ingress": "nw_dst"}
br = "br0"
@@ -237,7 +239,7 @@ def apply_outage_policy(
br = "br-int"
table = 8
for node, ips in node_dict.items():
while len(check_cookie(node, pod_template, br, cookie, kubecli)) > 2:
while len(check_cookie(node, pod_template, br, cookie, kubecli)) > 2 or cookie in cookie_list:
cookie = random.randint(100, 10000)
exec_cmd = ""
for ip in ips:
@@ -247,7 +249,8 @@ def apply_outage_policy(
exec_cmd = f"{exec_cmd}ovs-ofctl -O OpenFlow13 add-flow {br} cookie={cookie},table={table},priority=65535,udp,{net_direction[direction]}={ip},tp_dst={target_port},actions=drop;"
if not ports:
exec_cmd = f"{exec_cmd}ovs-ofctl -O OpenFlow13 add-flow {br} cookie={cookie},table={table},priority=65535,ip,{net_direction[direction]}={ip},actions=drop;"
exec_cmd = f"{exec_cmd}sleep {duration};ovs-ofctl -O OpenFlow13 del-flows {br} cookie={cookie}/-1"
exec_cmd = f"sleep 30;{exec_cmd}sleep {duration};ovs-ofctl -O OpenFlow13 del-flows {br} cookie={cookie}/-1"
cookie_list.append(cookie)
logging.info("Executing %s on node %s" % (exec_cmd, node))
job_body = yaml.safe_load(
@@ -257,6 +260,8 @@ def apply_outage_policy(
cmd=exec_cmd,
)
)
yml_list.append(job_body)
for job_body in yml_list:
api_response = kubecli.create_job(job_body)
if api_response is None:
raise Exception("Error creating job")
@@ -320,6 +325,7 @@ def apply_ingress_policy(
"""
job_list = []
yml_list = []
create_virtual_interfaces(kubecli, len(ips), node, pod_template)
@@ -332,12 +338,16 @@ def apply_ingress_policy(
job_body = yaml.safe_load(
job_template.render(jobname=mod + str(pod_ip), nodename=node, cmd=exec_cmd)
)
job_list.append(job_body["metadata"]["name"])
yml_list.append(job_body)
if pod_ip == node:
break
for job_body in yml_list:
api_response = kubecli.create_job(job_body)
if api_response is None:
raise Exception("Error creating job")
if pod_ip == node:
break
job_list.append(job_body["metadata"]["name"])
return job_list
@@ -396,6 +406,7 @@ def apply_net_policy(
"""
job_list = []
yml_list = []
for pod_ip in set(ips):
pod_inf = get_pod_interface(node, pod_ip, pod_template, bridge_name, kubecli)
@@ -406,13 +417,18 @@ def apply_net_policy(
job_body = yaml.safe_load(
job_template.render(jobname=mod + str(pod_ip), nodename=node, cmd=exec_cmd)
)
job_list.append(job_body["metadata"]["name"])
yml_list.append(job_body)
for job_body in yml_list:
api_response = kubecli.create_job(job_body)
if api_response is None:
raise Exception("Error creating job")
job_list.append(job_body["metadata"]["name"])
return job_list
def get_ingress_cmd(
execution: str,
test_interface: str,
@@ -463,7 +479,7 @@ def get_ingress_cmd(
tc_set += ";"
else:
tc_set += " {0} {1} ;".format(param_map[mod], vallst[mod])
exec_cmd = "{0} {1} sleep {2};{3}".format(tc_set, tc_ls, duration, tc_unset)
exec_cmd = "sleep 30;{0} {1} sleep {2};{3}".format(tc_set, tc_ls, duration, tc_unset)
return exec_cmd
@@ -508,7 +524,7 @@ def get_egress_cmd(
tc_set += ";"
else:
tc_set += " {0} {1} ;".format(param_map[mod], vallst[mod])
exec_cmd = "{0} {1} sleep {2};{3}".format(tc_set, tc_ls, duration, tc_unset)
exec_cmd = "sleep 30;{0} {1} sleep {2};{3}".format(tc_set, tc_ls, duration, tc_unset)
return exec_cmd

2
krkn/scenario_plugins/network_chaos/network_chaos_scenario_plugin.py
View File

@@ -243,7 +243,7 @@ class NetworkChaosScenarioPlugin(AbstractScenarioPlugin):
tc_set += ";"
else:
tc_set += " {0} {1} ;".format(param_map[mod], vallst[mod])
exec_cmd = "{0} {1} sleep {2};{3} sleep 20;{4}".format(
exec_cmd = "sleep 30;{0} {1} sleep {2};{3} sleep 20;{4}".format(
tc_set, tc_ls, duration, tc_unset, tc_ls
)
return exec_cmd

11
krkn/scenario_plugins/network_chaos_ng/models.py
View File

@@ -6,6 +6,7 @@ class NetworkChaosScenarioType(Enum):
Node = 1
Pod = 2
@dataclass
class BaseNetworkChaosConfig:
supported_execution = ["serial", "parallel"]
@@ -20,13 +21,18 @@ class BaseNetworkChaosConfig:
def validate(self) -> list[str]:
errors = []
if self.execution is None:
errors.append(f"execution cannot be None, supported values are: {','.join(self.supported_execution)}")
errors.append(
f"execution cannot be None, supported values are: {','.join(self.supported_execution)}"
)
if self.execution not in self.supported_execution:
errors.append(f"{self.execution} is not in supported execution mod: {','.join(self.supported_execution)}")
errors.append(
f"{self.execution} is not in supported execution mod: {','.join(self.supported_execution)}"
)
if self.label_selector is None:
errors.append("label_selector cannot be None")
return errors
@dataclass
class NetworkFilterConfig(BaseNetworkChaosConfig):
ingress: bool
@@ -34,6 +40,7 @@ class NetworkFilterConfig(BaseNetworkChaosConfig):
interfaces: list[str]
target: str
ports: list[int]
image: str
def validate(self) -> list[str]:
errors = super().validate()

1
krkn/scenario_plugins/network_chaos_ng/modules/node_network_filter.py
View File

@@ -41,6 +41,7 @@ class NodeNetworkFilterModule(AbstractNetworkChaosModule):
namespace=self.config.namespace,
host_network=True,
target=target,
workload_image=self.config.image,
)
)
self.log_info(

2
krkn/scenario_plugins/network_chaos_ng/modules/templates/network-chaos.j2
View File

@@ -12,6 +12,6 @@ spec:
containers:
- name: fedora
imagePullPolicy: Always
image: quay.io/krkn-chaos/krkn-network-chaos:latest
image: {{workload_image}}
securityContext:
privileged: true

9
krkn/scenario_plugins/node_actions/abstract_node_scenarios.py
View File

@@ -10,10 +10,12 @@ from krkn_lib.models.k8s import AffectedNode, AffectedNodeStatus
class abstract_node_scenarios:
kubecli: KrknKubernetes
affected_nodes_status: AffectedNodeStatus
node_action_kube_check: bool
def __init__(self, kubecli: KrknKubernetes, affected_nodes_status: AffectedNodeStatus):
def __init__(self, kubecli: KrknKubernetes, node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus):
self.kubecli = kubecli
self.affected_nodes_status = affected_nodes_status
self.node_action_kube_check = node_action_kube_check
# Node scenario to start the node
def node_start_scenario(self, instance_kill_count, node, timeout):
@@ -139,3 +141,8 @@ class abstract_node_scenarios:
# Node scenario to check service status on helper node
def node_service_status(self, node, service, ssh_private_key, timeout):
pass
# Node Scenario to block all inbound and outbound traffic to a specific node
# Currently only configured for azure
def node_block_scenario(self, instance_kill_count, node, timeout, duration):
pass

16
krkn/scenario_plugins/node_actions/alibaba_node_scenarios.py
View File

@@ -227,9 +227,10 @@ class Alibaba:
# krkn_lib
class alibaba_node_scenarios(abstract_node_scenarios):
def __init__(self, kubecli: KrknKubernetes, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, affected_nodes_status)
def __init__(self, kubecli: KrknKubernetes, node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, node_action_kube_check, affected_nodes_status)
self.alibaba = Alibaba()
self.node_action_kube_check = node_action_kube_check
# Node scenario to start the node
@@ -245,7 +246,8 @@ class alibaba_node_scenarios(abstract_node_scenarios):
)
self.alibaba.start_instances(vm_id)
self.alibaba.wait_until_running(vm_id, timeout, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info("Node with instance ID: %s is in running state" % node)
logging.info("node_start_scenario has been successfully injected!")
except Exception as e:
@@ -271,7 +273,8 @@ class alibaba_node_scenarios(abstract_node_scenarios):
self.alibaba.stop_instances(vm_id)
self.alibaba.wait_until_stopped(vm_id, timeout, affected_node)
logging.info("Node with instance ID: %s is in stopped state" % vm_id)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
except Exception as e:
logging.error(
"Failed to stop node instance. Encountered following exception: %s. "
@@ -322,8 +325,9 @@ class alibaba_node_scenarios(abstract_node_scenarios):
affected_node.node_id = instance_id
logging.info("Rebooting the node with instance ID: %s " % (instance_id))
self.alibaba.reboot_instances(instance_id)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info(
"Node with instance ID: %s has been rebooted" % (instance_id)
)

16
krkn/scenario_plugins/node_actions/aws_node_scenarios.py
View File

@@ -261,9 +261,10 @@ class AWS:
# krkn_lib
class aws_node_scenarios(abstract_node_scenarios):
def __init__(self, kubecli: KrknKubernetes, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, affected_nodes_status)
def __init__(self, kubecli: KrknKubernetes, node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, node_action_kube_check, affected_nodes_status)
self.aws = AWS()
self.node_action_kube_check = node_action_kube_check
# Node scenario to start the node
def node_start_scenario(self, instance_kill_count, node, timeout):
@@ -278,7 +279,8 @@ class aws_node_scenarios(abstract_node_scenarios):
)
self.aws.start_instances(instance_id)
self.aws.wait_until_running(instance_id, affected_node=affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info(
"Node with instance ID: %s is in running state" % (instance_id)
)
@@ -309,7 +311,8 @@ class aws_node_scenarios(abstract_node_scenarios):
logging.info(
"Node with instance ID: %s is in stopped state" % (instance_id)
)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node=affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node=affected_node)
except Exception as e:
logging.error(
"Failed to stop node instance. Encountered following exception: %s. "
@@ -366,8 +369,9 @@ class aws_node_scenarios(abstract_node_scenarios):
"Rebooting the node %s with instance ID: %s " % (node, instance_id)
)
self.aws.reboot_instances(instance_id)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info(
"Node with instance ID: %s has been rebooted" % (instance_id)
)

116
krkn/scenario_plugins/node_actions/az_node_scenarios.py
View File

@@ -6,6 +6,9 @@ from krkn.scenario_plugins.node_actions.abstract_node_scenarios import (
abstract_node_scenarios,
)
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.network.models import SecurityRule, Subnet
from azure.identity import DefaultAzureCredential
from krkn_lib.k8s import KrknKubernetes
from krkn_lib.models.k8s import AffectedNode, AffectedNodeStatus
@@ -15,26 +18,41 @@ class Azure:
logging.info("azure " + str(self))
# Acquire a credential object using CLI-based authentication.
credentials = DefaultAzureCredential()
logging.info("credential " + str(credentials))
# az_account = runcommand.invoke("az account list -o yaml")
# az_account_yaml = yaml.safe_load(az_account, Loader=yaml.FullLoader)
logger = logging.getLogger("azure")
logger.setLevel(logging.WARNING)
subscription_id = os.getenv("AZURE_SUBSCRIPTION_ID")
self.compute_client = ComputeManagementClient(credentials, subscription_id,logging=logger)
self.network_client = NetworkManagementClient(credentials, subscription_id,logging=logger)
# Get the instance ID of the node
def get_instance_id(self, node_name):
vm_list = self.compute_client.virtual_machines.list_all()
for vm in vm_list:
array = vm.id.split("/")
resource_group = array[4]
vm_name = array[-1]
if node_name == vm_name:
return vm_name, resource_group
if node_name == vm.name:
resource_group = array[4]
return vm.name, resource_group
logging.error("Couldn't find vm with name " + str(node_name))
# Get the instance ID of the node
def get_network_interface(self, node_name, resource_group):
vm = self.compute_client.virtual_machines.get(resource_group, node_name,expand='instanceView')
for nic in vm.network_profile.network_interfaces:
nic_name = nic.id.split("/")[-1]
nic = self.network_client.network_interfaces.get(resource_group, nic_name)
location = nic.location
subnet_list = nic.ip_configurations[0].subnet.id.split('/')
subnet = subnet_list[-1]
virtual_network = subnet_list[-3]
network_resource_group = subnet_list[-7]
private_ip = nic.ip_configurations[0].private_ip_address
return subnet, virtual_network, private_ip, network_resource_group, location
# Start the node instance
def start_instances(self, group_name, vm_name):
try:
@@ -155,12 +173,48 @@ class Azure:
return True
def create_security_group(self, resource_group, name, region, ip_address):
inbound_rule = SecurityRule(name="denyInbound", source_address_prefix="0.0.0.0/0", source_port_range="*", destination_address_prefix=ip_address, destination_port_range="*", priority=100, protocol="*",
access="Deny", direction="Inbound")
outbound_rule = SecurityRule(name="denyOutbound", source_port_range="*", source_address_prefix=ip_address,destination_address_prefix="0.0.0.0/0", destination_port_range="*", priority=100, protocol="*",
access="Deny", direction="Outbound")
# create network resource group with deny in and out rules
nsg = self.network_client.network_security_groups.begin_create_or_update(resource_group, name, parameters={"location": region, "security_rules": [inbound_rule,outbound_rule]})
return nsg.result().id
def delete_security_group(self, resource_group, name):
# find and delete network security group
nsg = self.network_client.network_security_groups.begin_delete(resource_group,name)
if nsg.result() is not None:
print(nsg.result().as_dict())
def update_subnet(self, network_group_id, resource_group, subnet_name, vnet_name):
subnet = self.network_client.subnets.get(
resource_group_name=resource_group,
virtual_network_name=vnet_name,
subnet_name=subnet_name)
old_network_group = subnet.network_security_group.id
subnet.network_security_group.id = network_group_id
# update subnet
self.network_client.subnets.begin_create_or_update(
resource_group_name=resource_group,
virtual_network_name=vnet_name,
subnet_name=subnet_name,
subnet_parameters=subnet)
return old_network_group
# krkn_lib
class azure_node_scenarios(abstract_node_scenarios):
def __init__(self, kubecli: KrknKubernetes, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, affected_nodes_status)
def __init__(self, kubecli: KrknKubernetes, node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, node_action_kube_check, affected_nodes_status)
logging.info("init in azure")
self.azure = Azure()
self.node_action_kube_check = node_action_kube_check
# Node scenario to start the node
@@ -177,7 +231,8 @@ class azure_node_scenarios(abstract_node_scenarios):
)
self.azure.start_instances(resource_group, vm_name)
self.azure.wait_until_running(resource_group, vm_name, timeout, affected_node=affected_node)
nodeaction.wait_for_ready_status(vm_name, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(vm_name, timeout, self.kubecli, affected_node)
logging.info("Node with instance ID: %s is in running state" % node)
logging.info("node_start_scenario has been successfully injected!")
except Exception as e:
@@ -205,7 +260,8 @@ class azure_node_scenarios(abstract_node_scenarios):
self.azure.stop_instances(resource_group, vm_name)
self.azure.wait_until_stopped(resource_group, vm_name, timeout, affected_node=affected_node)
logging.info("Node with instance ID: %s is in stopped state" % vm_name)
nodeaction.wait_for_unknown_status(vm_name, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(vm_name, timeout, self.kubecli, affected_node)
except Exception as e:
logging.error(
"Failed to stop node instance. Encountered following exception: %s. "
@@ -265,8 +321,8 @@ class azure_node_scenarios(abstract_node_scenarios):
)
self.azure.reboot_instances(resource_group, vm_name)
nodeaction.wait_for_ready_status(vm_name, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(vm_name, timeout, self.kubecli, affected_node)
logging.info("Node with instance ID: %s has been rebooted" % (vm_name))
logging.info("node_reboot_scenario has been successfully injected!")
@@ -279,3 +335,39 @@ class azure_node_scenarios(abstract_node_scenarios):
raise RuntimeError()
self.affected_nodes_status.affected_nodes.append(affected_node)
# Node scenario to block traffic to the node
def node_block_scenario(self, instance_kill_count, node, timeout, duration):
for _ in range(instance_kill_count):
affected_node = AffectedNode(node)
try:
logging.info("Starting node_block_scenario injection")
vm_name, resource_group = self.azure.get_instance_id(node)
subnet, virtual_network, private_ip, network_resource_group, location = self.azure.get_network_interface(vm_name, resource_group)
affected_node.node_id = vm_name
logging.info(
"block the node %s with instance ID: %s "
% (vm_name, network_resource_group)
)
network_group_id = self.azure.create_security_group(network_resource_group, "chaos", location, private_ip)
old_network_group= self.azure.update_subnet(network_group_id, network_resource_group, subnet, virtual_network)
logging.info("Node with instance ID: %s has been blocked" % (vm_name))
logging.info("Waiting for %s seconds before resetting the subnet" % (duration))
time.sleep(duration)
# replace old network security group
self.azure.update_subnet(old_network_group, network_resource_group, subnet, virtual_network)
self.azure.delete_security_group(network_resource_group, "chaos")
logging.info("node_block_scenario has been successfully injected!")
except Exception as e:
logging.error(
"Failed to block node instance. Encountered following exception:"
" %s. Test Failed" % (e)
)
logging.error("node_block_scenario injection failed!")
raise RuntimeError()
self.affected_nodes_status.affected_nodes.append(affected_node)

16
krkn/scenario_plugins/node_actions/bm_node_scenarios.py
View File

@@ -135,9 +135,10 @@ class BM:
# krkn_lib
class bm_node_scenarios(abstract_node_scenarios):
def __init__(self, bm_info, user, passwd, kubecli: KrknKubernetes,affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, affected_nodes_status)
def __init__(self, bm_info, user, passwd, kubecli: KrknKubernetes,node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, node_action_kube_check, affected_nodes_status)
self.bm = BM(bm_info, user, passwd)
self.node_action_kube_check = node_action_kube_check
# Node scenario to start the node
def node_start_scenario(self, instance_kill_count, node, timeout):
@@ -152,7 +153,8 @@ class bm_node_scenarios(abstract_node_scenarios):
)
self.bm.start_instances(bmc_addr, node)
self.bm.wait_until_running(bmc_addr, node, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info(
"Node with bmc address: %s is in running state" % (bmc_addr)
)
@@ -183,7 +185,8 @@ class bm_node_scenarios(abstract_node_scenarios):
logging.info(
"Node with bmc address: %s is in stopped state" % (bmc_addr)
)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
except Exception as e:
logging.error(
"Failed to stop node instance. Encountered following exception: %s. "
@@ -210,8 +213,9 @@ class bm_node_scenarios(abstract_node_scenarios):
"Rebooting the node %s with bmc address: %s " % (node, bmc_addr)
)
self.bm.reboot_instances(bmc_addr, node)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info("Node with bmc address: %s has been rebooted" % (bmc_addr))
logging.info("node_reboot_scenario has been successfuly injected!")
except Exception as e:

16
krkn/scenario_plugins/node_actions/docker_node_scenarios.py
View File

@@ -38,9 +38,10 @@ class Docker:
class docker_node_scenarios(abstract_node_scenarios):
def __init__(self, kubecli: KrknKubernetes, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, affected_nodes_status)
def __init__(self, kubecli: KrknKubernetes, node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, node_action_kube_check, affected_nodes_status)
self.docker = Docker()
self.node_action_kube_check = node_action_kube_check
# Node scenario to start the node
def node_start_scenario(self, instance_kill_count, node, timeout):
@@ -54,7 +55,8 @@ class docker_node_scenarios(abstract_node_scenarios):
"Starting the node %s with container ID: %s " % (node, container_id)
)
self.docker.start_instances(node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info(
"Node with container ID: %s is in running state" % (container_id)
)
@@ -83,7 +85,8 @@ class docker_node_scenarios(abstract_node_scenarios):
logging.info(
"Node with container ID: %s is in stopped state" % (container_id)
)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
except Exception as e:
logging.error(
"Failed to stop node instance. Encountered following exception: %s. "
@@ -128,8 +131,9 @@ class docker_node_scenarios(abstract_node_scenarios):
% (node, container_id)
)
self.docker.reboot_instances(node)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info(
"Node with container ID: %s has been rebooted" % (container_id)
)

17
krkn/scenario_plugins/node_actions/gcp_node_scenarios.py
View File

@@ -221,9 +221,10 @@ class GCP:
# krkn_lib
class gcp_node_scenarios(abstract_node_scenarios):
def __init__(self, kubecli: KrknKubernetes, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, affected_nodes_status)
def __init__(self, kubecli: KrknKubernetes, node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, node_action_kube_check, affected_nodes_status)
self.gcp = GCP()
self.node_action_kube_check = node_action_kube_check
# Node scenario to start the node
def node_start_scenario(self, instance_kill_count, node, timeout):
@@ -239,7 +240,8 @@ class gcp_node_scenarios(abstract_node_scenarios):
)
self.gcp.start_instances(instance_id)
self.gcp.wait_until_running(instance_id, timeout, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info(
"Node with instance ID: %s is in running state" % instance_id
)
@@ -271,7 +273,8 @@ class gcp_node_scenarios(abstract_node_scenarios):
logging.info(
"Node with instance ID: %s is in stopped state" % instance_id
)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
except Exception as e:
logging.error(
"Failed to stop node instance. Encountered following exception: %s. "
@@ -330,9 +333,11 @@ class gcp_node_scenarios(abstract_node_scenarios):
"Rebooting the node %s with instance ID: %s " % (node, instance_id)
)
self.gcp.reboot_instances(instance_id)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
self.gcp.wait_until_running(instance_id, timeout, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info(
"Node with instance ID: %s has been rebooted" % instance_id
)

5
krkn/scenario_plugins/node_actions/general_cloud_node_scenarios.py
View File

@@ -12,9 +12,10 @@ class GENERAL:
# krkn_lib
class general_node_scenarios(abstract_node_scenarios):
def __init__(self, kubecli: KrknKubernetes, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, affected_nodes_status)
def __init__(self, kubecli: KrknKubernetes, node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, node_action_kube_check, affected_nodes_status)
self.general = GENERAL()
self.node_action_kube_check = node_action_kube_check
# Node scenario to start the node
def node_start_scenario(self, instance_kill_count, node, timeout):

25
krkn/scenario_plugins/node_actions/ibmcloud_node_scenarios.py
View File

@@ -260,9 +260,10 @@ class IbmCloud:
@dataclass
class ibm_node_scenarios(abstract_node_scenarios):
def __init__(self, kubecli: KrknKubernetes, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, affected_nodes_status)
def __init__(self, kubecli: KrknKubernetes, node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, node_action_kube_check, affected_nodes_status)
self.ibmcloud = IbmCloud()
self.node_action_kube_check = node_action_kube_check
def node_start_scenario(self, instance_kill_count, node, timeout):
try:
@@ -276,9 +277,10 @@ class ibm_node_scenarios(abstract_node_scenarios):
vm_started = self.ibmcloud.start_instances(instance_id)
if vm_started:
self.ibmcloud.wait_until_running(instance_id, timeout, affected_node)
nodeaction.wait_for_ready_status(
node, timeout, self.kubecli, affected_node
)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(
node, timeout, self.kubecli, affected_node
)
logging.info(
"Node with instance ID: %s is in running state" % node
)
@@ -326,12 +328,13 @@ class ibm_node_scenarios(abstract_node_scenarios):
logging.info("Rebooting the node %s " % (node))
self.ibmcloud.reboot_instances(instance_id)
self.ibmcloud.wait_until_rebooted(instance_id, timeout)
nodeaction.wait_for_unknown_status(
node, timeout, affected_node
)
nodeaction.wait_for_ready_status(
node, timeout, affected_node
)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(
node, timeout, affected_node
)
nodeaction.wait_for_ready_status(
node, timeout, affected_node
)
logging.info(
"Node with instance ID: %s has rebooted successfully" % node
)

32
krkn/scenario_plugins/node_actions/node_actions_scenario_plugin.py
View File

@@ -58,33 +58,34 @@ class NodeActionsScenarioPlugin(AbstractScenarioPlugin):
except (RuntimeError, Exception) as e:
logging.error("Node Actions exiting due to Exception %s" % e)
return 1
else:
return 0
return 0
def get_node_scenario_object(self, node_scenario, kubecli: KrknKubernetes):
affected_nodes_status = AffectedNodeStatus()
node_action_kube_check = get_yaml_item_value(node_scenario,"kube_check",True)
if (
"cloud_type" not in node_scenario.keys()
or node_scenario["cloud_type"] == "generic"
):
global node_general
node_general = True
return general_node_scenarios(kubecli, affected_nodes_status)
return general_node_scenarios(kubecli, node_action_kube_check, affected_nodes_status)
if node_scenario["cloud_type"].lower() == "aws":
return aws_node_scenarios(kubecli, affected_nodes_status)
return aws_node_scenarios(kubecli, node_action_kube_check, affected_nodes_status)
elif node_scenario["cloud_type"].lower() == "gcp":
return gcp_node_scenarios(kubecli, affected_nodes_status)
return gcp_node_scenarios(kubecli, node_action_kube_check, affected_nodes_status)
elif node_scenario["cloud_type"].lower() == "openstack":
from krkn.scenario_plugins.node_actions.openstack_node_scenarios import (
openstack_node_scenarios,
)
return openstack_node_scenarios(kubecli, affected_nodes_status)
return openstack_node_scenarios(kubecli, node_action_kube_check, affected_nodes_status)
elif (
node_scenario["cloud_type"].lower() == "azure"
or node_scenario["cloud_type"].lower() == "az"
):
return azure_node_scenarios(kubecli, affected_nodes_status)
return azure_node_scenarios(kubecli, node_action_kube_check, affected_nodes_status)
elif (
node_scenario["cloud_type"].lower() == "alibaba"
or node_scenario["cloud_type"].lower() == "alicloud"
@@ -93,7 +94,7 @@ class NodeActionsScenarioPlugin(AbstractScenarioPlugin):
alibaba_node_scenarios,
)
return alibaba_node_scenarios(kubecli, affected_nodes_status)
return alibaba_node_scenarios(kubecli, node_action_kube_check, affected_nodes_status)
elif node_scenario["cloud_type"].lower() == "bm":
from krkn.scenario_plugins.node_actions.bm_node_scenarios import (
bm_node_scenarios,
@@ -104,20 +105,22 @@ class NodeActionsScenarioPlugin(AbstractScenarioPlugin):
node_scenario.get("bmc_user", None),
node_scenario.get("bmc_password", None),
kubecli,
node_action_kube_check,
affected_nodes_status
)
elif node_scenario["cloud_type"].lower() == "docker":
return docker_node_scenarios(kubecli)
return docker_node_scenarios(kubecli,node_action_kube_check,
affected_nodes_status)
elif (
node_scenario["cloud_type"].lower() == "vsphere"
or node_scenario["cloud_type"].lower() == "vmware"
):
return vmware_node_scenarios(kubecli, affected_nodes_status)
return vmware_node_scenarios(kubecli, node_action_kube_check,affected_nodes_status)
elif (
node_scenario["cloud_type"].lower() == "ibm"
or node_scenario["cloud_type"].lower() == "ibmcloud"
):
return ibm_node_scenarios(kubecli, affected_nodes_status)
return ibm_node_scenarios(kubecli, node_action_kube_check, affected_nodes_status)
else:
logging.error(
"Cloud type "
@@ -178,8 +181,7 @@ class NodeActionsScenarioPlugin(AbstractScenarioPlugin):
def run_node(self, single_node, node_scenario_object, action, node_scenario):
# Get the scenario specifics for running action nodes
run_kill_count = get_yaml_item_value(node_scenario, "runs", 1)
if action in ("node_stop_start_scenario", "node_disk_detach_attach_scenario"):
duration = get_yaml_item_value(node_scenario, "duration", 120)
duration = get_yaml_item_value(node_scenario, "duration", 120)
timeout = get_yaml_item_value(node_scenario, "timeout", 120)
service = get_yaml_item_value(node_scenario, "service", "")
@@ -257,6 +259,10 @@ class NodeActionsScenarioPlugin(AbstractScenarioPlugin):
ssh_private_key,
timeout,
)
elif action == "node_block_scenario":
node_scenario_object.node_block_scenario(
run_kill_count, single_node, timeout, duration
)
else:
logging.info(
"There is no node action that matches %s, skipping scenario"

16
krkn/scenario_plugins/node_actions/openstack_node_scenarios.py
View File

@@ -116,9 +116,10 @@ class OPENSTACKCLOUD:
# krkn_lib
class openstack_node_scenarios(abstract_node_scenarios):
def __init__(self, kubecli: KrknKubernetes, affected_nodes_status: AffectedNodeStatus ):
super().__init__(kubecli, affected_nodes_status)
def __init__(self, kubecli: KrknKubernetes,node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus ):
super().__init__(kubecli, node_action_kube_check, affected_nodes_status)
self.openstackcloud = OPENSTACKCLOUD()
self.node_action_kube_check = node_action_kube_check
# Node scenario to start the node
def node_start_scenario(self, instance_kill_count, node, timeout):
@@ -131,7 +132,8 @@ class openstack_node_scenarios(abstract_node_scenarios):
openstack_node_name = self.openstackcloud.get_instance_id(openstack_node_ip)
self.openstackcloud.start_instances(openstack_node_name)
self.openstackcloud.wait_until_running(openstack_node_name, timeout, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info("Node with instance ID: %s is in running state" % (node))
logging.info("node_start_scenario has been successfully injected!")
except Exception as e:
@@ -156,7 +158,8 @@ class openstack_node_scenarios(abstract_node_scenarios):
self.openstackcloud.stop_instances(openstack_node_name)
self.openstackcloud.wait_until_stopped(openstack_node_name, timeout, affected_node)
logging.info("Node with instance name: %s is in stopped state" % (node))
nodeaction.wait_for_not_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_not_ready_status(node, timeout, self.kubecli, affected_node)
except Exception as e:
logging.error(
"Failed to stop node instance. Encountered following exception: %s. "
@@ -177,8 +180,9 @@ class openstack_node_scenarios(abstract_node_scenarios):
openstack_node_ip = self.kubecli.get_node_ip(node)
openstack_node_name = self.openstackcloud.get_instance_id(openstack_node_ip)
self.openstackcloud.reboot_instances(openstack_node_name)
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(node, timeout, self.kubecli, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info("Node with instance name: %s has been rebooted" % (node))
logging.info("node_reboot_scenario has been successfuly injected!")
except Exception as e:

23
krkn/scenario_plugins/node_actions/vmware_node_scenarios.py
View File

@@ -384,9 +384,10 @@ class vSphere:
@dataclass
class vmware_node_scenarios(abstract_node_scenarios):
def __init__(self, kubecli: KrknKubernetes, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, affected_nodes_status)
def __init__(self, kubecli: KrknKubernetes, node_action_kube_check: bool, affected_nodes_status: AffectedNodeStatus):
super().__init__(kubecli, node_action_kube_check, affected_nodes_status)
self.vsphere = vSphere()
self.node_action_kube_check = node_action_kube_check
def node_start_scenario(self, instance_kill_count, node, timeout):
try:
@@ -397,7 +398,8 @@ class vmware_node_scenarios(abstract_node_scenarios):
vm_started = self.vsphere.start_instances(node)
if vm_started:
self.vsphere.wait_until_running(node, timeout, affected_node)
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(node, timeout, self.kubecli, affected_node)
logging.info(f"Node with instance ID: {node} is in running state")
logging.info("node_start_scenario has been successfully injected!")
self.affected_nodes_status.affected_nodes.append(affected_node)
@@ -416,9 +418,10 @@ class vmware_node_scenarios(abstract_node_scenarios):
vm_stopped = self.vsphere.stop_instances(node)
if vm_stopped:
self.vsphere.wait_until_stopped(node, timeout, affected_node)
nodeaction.wait_for_ready_status(
node, timeout, self.kubecli, affected_node
)
if self.node_action_kube_check:
nodeaction.wait_for_ready_status(
node, timeout, self.kubecli, affected_node
)
logging.info(f"Node with instance ID: {node} is in stopped state")
logging.info("node_stop_scenario has been successfully injected!")
self.affected_nodes_status.affected_nodes.append(affected_node)
@@ -436,10 +439,10 @@ class vmware_node_scenarios(abstract_node_scenarios):
logging.info("Starting node_reboot_scenario injection")
logging.info(f"Rebooting the node {node} ")
self.vsphere.reboot_instances(node)
nodeaction.wait_for_unknown_status(
node, timeout, self.kubecli, affected_node
)
if self.node_action_kube_check:
nodeaction.wait_for_unknown_status(
node, timeout, self.kubecli, affected_node
)
logging.info(
f"Node with instance ID: {node} has rebooted " "successfully"

3
krkn/scenario_plugins/zone_outage/zone_outage_scenario_plugin.py
View File

@@ -32,6 +32,7 @@ class ZoneOutageScenarioPlugin(AbstractScenarioPlugin):
zone_outage_config_yaml = yaml.full_load(f)
scenario_config = zone_outage_config_yaml["zone_outage"]
cloud_type = scenario_config["cloud_type"]
kube_check = get_yaml_item_value(scenario_config, "kube_check", True)
start_time = int(time.time())
if cloud_type.lower() == "aws":
self.cloud_object = AWS()
@@ -40,7 +41,7 @@ class ZoneOutageScenarioPlugin(AbstractScenarioPlugin):
kubecli = lib_telemetry.get_lib_kubernetes()
if cloud_type.lower() == "gcp":
affected_nodes_status = AffectedNodeStatus()
self.cloud_object = gcp_node_scenarios(kubecli, affected_nodes_status)
self.cloud_object = gcp_node_scenarios(kubecli, kube_check, affected_nodes_status)
self.node_based_zone(scenario_config, kubecli)
affected_nodes_status = self.cloud_object.affected_nodes_status
scenario_telemetry.affected_nodes.extend(affected_nodes_status.affected_nodes)

84
krkn/utils/HealthChecker.py
View File

@@ -13,16 +13,15 @@ class HealthChecker:
def make_request(self, url, auth=None, headers=None, verify=True):
response_data = {}
response = requests.get(url, auth=auth, headers=headers, verify=verify)
response = requests.get(url, auth=auth, headers=headers, verify=verify, timeout=3)
response_data["url"] = url
response_data["status"] = response.status_code == 200
response_data["status_code"] = response.status_code
return response_data
def run_health_check(self, health_check_config, health_check_telemetry_queue: queue.Queue):
def run_health_check(self, health_check_config, health_check_telemetry_queue: queue.Queue):
if health_check_config and health_check_config["config"] and any(config.get("url") for config in health_check_config["config"]):
health_check_start_time_stamp = datetime.now()
health_check_telemetry = []
health_check_tracker = {}
interval = health_check_config["interval"] if health_check_config["interval"] else 2
@@ -37,49 +36,54 @@ class HealthChecker:
if config["bearer_token"]:
bearer_token = "Bearer " + config["bearer_token"]
headers = {"Authorization": bearer_token}
if config["auth"]: auth = tuple(config["auth"].split(','))
response = self.make_request(url, auth, headers, verify_url)
if response["status_code"] != 200:
if config["url"] not in health_check_tracker:
start_timestamp = datetime.now()
health_check_tracker[config["url"]] = {
"status_code": response["status_code"],
"start_timestamp": start_timestamp
}
try:
response = self.make_request(url, auth, headers, verify_url)
except Exception:
response = {}
response['status_code'] = 500
if config["url"] not in health_check_tracker:
start_timestamp = datetime.now()
health_check_tracker[config["url"]] = {
"status_code": response["status_code"],
"start_timestamp": start_timestamp
}
if response["status_code"] != 200:
if response_tracker[config["url"]] != False: response_tracker[config["url"]] = False
if config["exit_on_failure"] and config["exit_on_failure"] == True and self.ret_value==0: self.ret_value = 2
else:
if config["url"] in health_check_tracker:
end_timestamp = datetime.now()
start_timestamp = health_check_tracker[config["url"]]["start_timestamp"]
previous_status_code = str(health_check_tracker[config["url"]]["status_code"])
duration = (end_timestamp - start_timestamp).total_seconds()
downtime_record = {
"url": config["url"],
"status": False,
"status_code": previous_status_code,
"start_timestamp": start_timestamp.isoformat(),
"end_timestamp": end_timestamp.isoformat(),
"duration": duration
}
health_check_telemetry.append(HealthCheck(downtime_record))
del health_check_tracker[config["url"]]
if response["status_code"] != health_check_tracker[config["url"]]["status_code"]:
end_timestamp = datetime.now()
start_timestamp = health_check_tracker[config["url"]]["start_timestamp"]
previous_status_code = str(health_check_tracker[config["url"]]["status_code"])
duration = (end_timestamp - start_timestamp).total_seconds()
change_record = {
"url": config["url"],
"status": False,
"status_code": previous_status_code,
"start_timestamp": start_timestamp.isoformat(),
"end_timestamp": end_timestamp.isoformat(),
"duration": duration
}
health_check_telemetry.append(HealthCheck(change_record))
if response_tracker[config["url"]] != True: response_tracker[config["url"]] = True
del health_check_tracker[config["url"]]
time.sleep(interval)
health_check_end_time_stamp = datetime.now()
for url, status in response_tracker.items():
if status == True:
duration = (health_check_end_time_stamp - health_check_start_time_stamp).total_seconds()
success_response = {
"url": url,
"status": True,
"status_code": 200,
"start_timestamp": health_check_start_time_stamp.isoformat(),
"end_timestamp": health_check_end_time_stamp.isoformat(),
"duration": duration
}
health_check_telemetry.append(HealthCheck(success_response))
for url in health_check_tracker.keys():
duration = (health_check_end_time_stamp - health_check_tracker[url]["start_timestamp"]).total_seconds()
success_response = {
"url": url,
"status": True,
"status_code": response["status_code"],
"start_timestamp": health_check_tracker[url]["start_timestamp"].isoformat(),
"end_timestamp": health_check_end_time_stamp.isoformat(),
"duration": duration
}
health_check_telemetry.append(HealthCheck(success_response))
health_check_telemetry_queue.put(health_check_telemetry)
else:
logging.info("health checks config is not defined, skipping them")

15
rbac/non-privileged-role.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: krkn-non-privileged-role
namespace: target-namespace
rules:
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "watch", "create", "delete"]

13
rbac/non-privileged-rolebinding.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: krkn-non-privileged-rolebinding
namespace: target-namespace
subjects:
- kind: ServiceAccount
name: krkn-sa
namespace: target-namespace
roleRef:
kind: Role
name: krkn-non-privileged-role
apiGroup: rbac.authorization.k8s.io

17
rbac/privileged-clusterrole.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: krkn-privileged-clusterrole
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]

12
rbac/privileged-clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: krkn-privileged-clusterrolebinding
subjects:
- kind: ServiceAccount
name: krkn-sa
namespace: krkn-namespace
roleRef:
kind: ClusterRole
name: krkn-privileged-clusterrole
apiGroup: rbac.authorization.k8s.io

5
requirements.txt
View File

@@ -5,6 +5,7 @@ boto3==1.28.61
azure-identity==1.16.1
azure-keyvault==4.2.0
azure-mgmt-compute==30.5.0
azure-mgmt-network==27.0.0
itsdangerous==2.0.1
coverage==7.6.12
datetime==5.4
@@ -15,7 +16,7 @@ google-cloud-compute==1.22.0
ibm_cloud_sdk_core==3.18.0
ibm_vpc==0.20.0
jinja2==3.1.6
krkn-lib==5.0.1
krkn-lib==5.0.2
lxml==5.1.0
kubernetes==28.1.0
numpy==1.26.4
@@ -27,7 +28,7 @@ pyfiglet==1.0.2
pytest==8.0.0
python-ipmi==0.5.4
python-openstackclient==6.5.0
requests==2.32.2
requests==2.32.4
service_identity==24.1.0
PyYAML==6.0.1
setuptools==78.1.1

3
run_kraken.py
View File

@@ -499,7 +499,8 @@ def main(cfg) -> int:
start_time,
end_time,
metrics_profile,
elastic_metrics_index
elastic_metrics_index,
telemetry_json
)
if post_critical_alerts > 0:

3
scenarios/kube/network-filter.yml
View File

@@ -1,7 +1,8 @@
- id: node_network_filter
image: "quay.io/krkn-chaos/krkn-network-chaos:latest"
wait_duration: 300
test_duration: 100
label_selector: "kubernetes.io/hostname=ip-10-0-39-182.us-east-2.compute.internal"
label_selector: "kubernetes.io/hostname=minikube"
namespace: 'default'
instance_count: 1
execution: parallel

1
scenarios/openshift/aws_node_scenarios.yml
View File

@@ -9,6 +9,7 @@ node_scenarios:
duration: 20 # duration to stop the node before running the start action
cloud_type: aws # cloud type on which Kubernetes/OpenShift runs
parallel: true # Run action on label or node name in parallel or sequential, defaults to sequential
kube_check: true # Run the kubernetes api calls to see if the node gets to a certain state during the node scenario
- actions:
- node_reboot_scenario
node_name:

2
scenarios/openshift/azure_node_scenarios.yml
View File

@@ -6,6 +6,8 @@ node_scenarios:
instance_count: 1
timeout: 120
cloud_type: azure
parallel: true # Run action on label or node name in parallel or sequential, defaults to sequential
kube_check: true # Run the kubernetes api calls to see if the node gets to a certain state during the node scenario
- actions:
- node_stop_start_scenario
node_name:

18
scenarios/openshift/baremetal_node_scenarios.yml
View File

@@ -1,19 +1,21 @@
node_scenarios:
- actions: # Node chaos scenarios to be injected.
- node_stop_start_scenario
node_name: # Node on which scenario has to be injected.
- actions: # Node chaos scenarios to be injected
- node_stop_start_scenario # Action to run. Supported actions: node_stop, node_restart, node_stop_start etc. Please refer documentation
node_name: # Node(s) on which scenario has to be injected separated by a comma
label_selector: node-role.kubernetes.io/worker # When node_name is not specified, a node with matching label_selector is selected for node chaos scenario injection.
instance_count: 1 # Number of nodes to perform action/select that match the label selector.
instance_count: 1 # Number of nodes to perform action/select that match the label selector
runs: 1 # Number of times to inject each scenario under actions (will perform on same node each time).
timeout: 360 # Duration to wait for completion of node scenario injection.
duration: 120 # Duration to stop the node before running the start action
parallel: False # Run action on label or node name in parallel or sequential, set to true for parallel
cloud_type: bm # Cloud type on which Kubernetes/OpenShift runs.
bmc_user: defaultuser # For baremetal (bm) cloud type. The default IPMI username. Optional if specified for all machines.
bmc_password: defaultpass # For baremetal (bm) cloud type. The default IPMI password. Optional if specified for all machines.
kube_check: True # Run the kubernetes api calls to see if the node gets to a certain state during the node scenario
bmc_user: defaultuser # For baremetal (bm) cloud type. The default IPMI username. Optional if specified for all machines
bmc_password: defaultpass # For baremetal (bm) cloud type. The default IPMI password. Optional if specified for all machines
bmc_info: # This section is here to specify baremetal per-machine info, so it is optional if there is no per-machine info.
node-1: # The node name for the baremetal machine
bmc_addr: mgmt-machine1.example.com # Optional. For baremetal nodes with the IPMI BMC address missing from 'oc get bmh'.
bmc_addr: mgmt-machine1.example.com # Optional. For baremetal nodes with the IPMI BMC address missing from 'oc get bmh'
node-2:
bmc_addr: mgmt-machine2.example.com
bmc_user: user # The baremetal IPMI user. Overrides the default IPMI user specified above. Optional if the default is set.
bmc_user: user # The baremetal IPMI user. Overrides the default IPMI user specified above. Optional if the default is set
bmc_password: pass # The baremetal IPMI password. Overrides the default IPMI user specified above. Optional if the default is set

2
scenarios/openshift/gcp_node_scenarios.yml
View File

@@ -6,6 +6,8 @@ node_scenarios:
instance_count: 1
timeout: 120
cloud_type: gcp
parallel: true # Run action on label or node name in parallel or sequential, defaults to sequential
kube_check: true # Run the kubernetes api calls to see if the node gets to a certain state during the node scenario
- actions:
- node_stop_start_scenario
node_name: