Chaos experiment
Granular definition of chaos intent specified via image, library, necessary permissions, low-level chaos parameters (default values).
This section describes the fields in the chaos experiment and the possible values that can be set against the same.
Component specifications
| Field | .spec.definition.image |
|---|---|
| Description | Flag to specify the image to run the ChaosExperiment |
| Type | Mandatory |
| Range | user-defined (type: string) |
| Default | n/a (refer Notes) |
| Notes | The .spec.definition.image allows the developers to specify their experiment images. Typically set to the Litmus go-runner or the ansible-runner. This feature of the experiment enables BYOC (BringYourOwnChaos), where developers can implement their own variants of a standard chaos experiment |
| Field | .spec.definition.imagePullPolicy |
|---|---|
| Description | Flag that helps the developers to specify imagePullPolicy for the ChaosExperiment |
| Type | Mandatory |
| Range | IfNotPresent, Always (type: string) |
| Default | Always |
| Notes | The .spec.definition.imagePullPolicy allows developers to specify the pull policy for ChaosExperiment image. Set to Always during debug/test |
Image
It allows the developers to specify their experiment images. Typically set to the Litmus go-runner or the ansible-runner. This feature of the experiment enables BYOC (BringYourOwnChaos), where developers can implement their own variants of a standard chaos experiment. It can be tuned via image field.
Use the following example to tune this:
apiVersion: litmuschaos.io/v1alpha1
description:
message: |
Deletes a pod belonging to a deployment/statefulset/daemonset
kind: ChaosExperiment
metadata:
name: pod-delete
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: chaosexperiment
app.kubernetes.io/version: latest
spec:
definition:
scope: Namespaced
permissions:
- apiGroups:
- ""
- "apps"
- "apps.openshift.io"
- "argoproj.io"
- "batch"
- "litmuschaos.io"
resources:
- "deployments"
- "jobs"
- "pods"
- "pods/log"
- "replicationcontrollers"
- "deployments"
- "statefulsets"
- "daemonsets"
- "replicasets"
- "deploymentconfigs"
- "rollouts"
- "pods/exec"
- "events"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
verbs:
- "create"
- "list"
- "get"
- "patch"
- "update"
- "delete"
- "deletecollection"
# image of the chaosexperiment
image: "litmuschaos/go-runner:latest"
imagePullPolicy: Always
args:
- -c
- ./experiments -name pod-delete
command:
- /bin/bash
env:
- name: TOTAL_CHAOS_DURATION
value: '15'
- name: RAMP_TIME
value: ''
- name: FORCE
value: 'true'
- name: CHAOS_INTERVAL
value: '5'
- name: PODS_AFFECTED_PERC
value: ''
- name: LIB
value: 'litmus'
- name: TARGET_PODS
value: ''
- name: SEQUENCE
value: 'parallel'
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: experiment-job
app.kubernetes.io/version: latest
ImagePullPolicy
It allows developers to specify the pull policy for ChaosExperiment image. Set to Always during debug/test. It can be tuned via imagePullPolicy field.
Use the following example to tune this:
apiVersion: litmuschaos.io/v1alpha1
description:
message: |
Deletes a pod belonging to a deployment/statefulset/daemonset
kind: ChaosExperiment
metadata:
name: pod-delete
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: chaosexperiment
app.kubernetes.io/version: latest
spec:
definition:
scope: Namespaced
permissions:
- apiGroups:
- ""
- "apps"
- "apps.openshift.io"
- "argoproj.io"
- "batch"
- "litmuschaos.io"
resources:
- "deployments"
- "jobs"
- "pods"
- "pods/log"
- "replicationcontrollers"
- "deployments"
- "statefulsets"
- "daemonsets"
- "replicasets"
- "deploymentconfigs"
- "rollouts"
- "pods/exec"
- "events"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
verbs:
- "create"
- "list"
- "get"
- "patch"
- "update"
- "delete"
- "deletecollection"
image: "litmuschaos/go-runner:latest"
# imagePullPolicy of the chaosexperiment
imagePullPolicy: Always
args:
- -c
- ./experiments -name pod-delete
command:
- /bin/bash
env:
- name: TOTAL_CHAOS_DURATION
value: '15'
- name: RAMP_TIME
value: ''
- name: FORCE
value: 'true'
- name: CHAOS_INTERVAL
value: '5'
- name: PODS_AFFECTED_PERC
value: ''
- name: LIB
value: 'litmus'
- name: TARGET_PODS
value: ''
- name: SEQUENCE
value: 'parallel'
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: experiment-job
app.kubernetes.io/version: latest
Configuration Specification
| Field | .spec.definition.securityContext.podSecurityContext |
|---|---|
| Description | Flag to specify security context for ChaosPod |
| Type | Optional |
| Range | user-defined (type:corev1.PodSecurityContext) |
| Default | n/a |
| Notes | The .spec.definition.securityContext.podSecurityContext allows the developers to specify the security context for the ChaosPod which applies to all containers inside the Pod. |
| Field | .spec.definition.securityContext.containerSecurityContext.privileged |
|---|---|
| Description | Flag to specify the security context for the ChaosExperiment pod |
| Type | Optional |
| Range | true, false (type:bool) |
| Default | n/a |
| Notes | The .spec.definition.securityContext.containerSecurityContext.privileged specify the securityContext params to the experiment container. |
| Field | .spec.definition.hostFileVolumes |
|---|---|
| Description | Flag to specify the host file volumes to the ChaosPod |
| Type | Optional |
| Range | user-defined (type:map[string]string) |
| Default | n/a |
| Notes | The .spec.definition.hostFileVolumes allows the developer to specify the host file volumes to the ChaosPod. |
| Field | .spec.definition.hostPID |
|---|---|
| Description | Flag to specify the host PID for the ChaosPod |
| Type | Optional |
| Range | true, false (type:bool) |
| Default | n/a |
| Notes | The .spec.definition.hostPID allows the developer to specify the host PID for the ChaosPod. |
PodSecurityContext
It allows the developers to specify the security context for the ChaosPod which applies to all containers inside the Pod. It can be tuned via podSecurityContext field.
Use the following example to tune this:
apiVersion: litmuschaos.io/v1alpha1
description:
message: |
Deletes a pod belonging to a deployment/statefulset/daemonset
kind: ChaosExperiment
metadata:
name: pod-delete
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: chaosexperiment
app.kubernetes.io/version: latest
spec:
definition:
scope: Namespaced
permissions:
- apiGroups:
- ""
- "apps"
- "apps.openshift.io"
- "argoproj.io"
- "batch"
- "litmuschaos.io"
resources:
- "deployments"
- "jobs"
- "pods"
- "pods/log"
- "replicationcontrollers"
- "deployments"
- "statefulsets"
- "daemonsets"
- "replicasets"
- "deploymentconfigs"
- "rollouts"
- "pods/exec"
- "events"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
verbs:
- "create"
- "list"
- "get"
- "patch"
- "update"
- "delete"
- "deletecollection"
image: "litmuschaos/go-runner:latest"
imagePullPolicy: Always
args:
- -c
- ./experiments -name pod-delete
command:
- /bin/bash
env:
- name: TOTAL_CHAOS_DURATION
value: '15'
- name: RAMP_TIME
value: ''
- name: FORCE
value: 'true'
- name: CHAOS_INTERVAL
value: '5'
- name: PODS_AFFECTED_PERC
value: ''
- name: LIB
value: 'litmus'
- name: TARGET_PODS
value: ''
- name: SEQUENCE
value: 'parallel'
# it contains pod security context
securityContext:
podSecurityContext:
allowPrivilegeEscalation: true
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: experiment-job
app.kubernetes.io/version: latest
Container Security Context
It allows the developers to specify the security context for the container inside ChaosPod. It can be tuned via containerSecurityContext field.
Use the following example to tune this:
apiVersion: litmuschaos.io/v1alpha1
description:
message: |
Deletes a pod belonging to a deployment/statefulset/daemonset
kind: ChaosExperiment
metadata:
name: pod-delete
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: chaosexperiment
app.kubernetes.io/version: latest
spec:
definition:
scope: Namespaced
permissions:
- apiGroups:
- ""
- "apps"
- "apps.openshift.io"
- "argoproj.io"
- "batch"
- "litmuschaos.io"
resources:
- "deployments"
- "jobs"
- "pods"
- "pods/log"
- "replicationcontrollers"
- "deployments"
- "statefulsets"
- "daemonsets"
- "replicasets"
- "deploymentconfigs"
- "rollouts"
- "pods/exec"
- "events"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
verbs:
- "create"
- "list"
- "get"
- "patch"
- "update"
- "delete"
- "deletecollection"
image: "litmuschaos/go-runner:latest"
imagePullPolicy: Always
args:
- -c
- ./experiments -name pod-delete
command:
- /bin/bash
env:
- name: TOTAL_CHAOS_DURATION
value: '15'
- name: RAMP_TIME
value: ''
- name: FORCE
value: 'true'
- name: CHAOS_INTERVAL
value: '5'
- name: PODS_AFFECTED_PERC
value: ''
- name: LIB
value: 'litmus'
- name: TARGET_PODS
value: ''
- name: SEQUENCE
value: 'parallel'
# it contains container security context
securityContext:
containerSecurityContext:
privileged: true
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: experiment-job
app.kubernetes.io/version: latest
Host File Volumes
It allows the developer to specify the host file volumes to the ChaosPod. It can be tuned via hostFileVolumes field.
Use the following example to tune this:
apiVersion: litmuschaos.io/v1alpha1
description:
message: |
Deletes a pod belonging to a deployment/statefulset/daemonset
kind: ChaosExperiment
metadata:
name: pod-delete
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: chaosexperiment
app.kubernetes.io/version: latest
spec:
definition:
scope: Namespaced
permissions:
- apiGroups:
- ""
- "apps"
- "apps.openshift.io"
- "argoproj.io"
- "batch"
- "litmuschaos.io"
resources:
- "deployments"
- "jobs"
- "pods"
- "pods/log"
- "replicationcontrollers"
- "deployments"
- "statefulsets"
- "daemonsets"
- "replicasets"
- "deploymentconfigs"
- "rollouts"
- "pods/exec"
- "events"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
verbs:
- "create"
- "list"
- "get"
- "patch"
- "update"
- "delete"
- "deletecollection"
image: "litmuschaos/go-runner:latest"
imagePullPolicy: Always
args:
- -c
- ./experiments -name pod-delete
command:
- /bin/bash
env:
- name: TOTAL_CHAOS_DURATION
value: '15'
- name: RAMP_TIME
value: ''
- name: FORCE
value: 'true'
- name: CHAOS_INTERVAL
value: '5'
- name: PODS_AFFECTED_PERC
value: ''
- name: LIB
value: 'litmus'
- name: TARGET_PODS
value: ''
- name: SEQUENCE
value: 'parallel'
# it contains host file volumes
hostFileVolumes:
- name: socket file
mountPath: "/run/containerd/containerd.sock"
nodePath: "/run/containerd/containerd.sock"
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: experiment-job
app.kubernetes.io/version: latest
Host PID
It allows the developer to specify the host PID for the ChaosPod. It can be tuned via hostPID field.
Use the following example to tune this:
apiVersion: litmuschaos.io/v1alpha1
description:
message: |
Deletes a pod belonging to a deployment/statefulset/daemonset
kind: ChaosExperiment
metadata:
name: pod-delete
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: chaosexperiment
app.kubernetes.io/version: latest
spec:
definition:
scope: Namespaced
permissions:
- apiGroups:
- ""
- "apps"
- "apps.openshift.io"
- "argoproj.io"
- "batch"
- "litmuschaos.io"
resources:
- "deployments"
- "jobs"
- "pods"
- "pods/log"
- "replicationcontrollers"
- "deployments"
- "statefulsets"
- "daemonsets"
- "replicasets"
- "deploymentconfigs"
- "rollouts"
- "pods/exec"
- "events"
- "chaosengines"
- "chaosexperiments"
- "chaosresults"
verbs:
- "create"
- "list"
- "get"
- "patch"
- "update"
- "delete"
- "deletecollection"
image: "litmuschaos/go-runner:latest"
imagePullPolicy: Always
args:
- -c
- ./experiments -name pod-delete
command:
- /bin/bash
env:
- name: TOTAL_CHAOS_DURATION
value: '15'
- name: RAMP_TIME
value: ''
- name: FORCE
value: 'true'
- name: CHAOS_INTERVAL
value: '5'
- name: PODS_AFFECTED_PERC
value: ''
- name: LIB
value: 'litmus'
- name: TARGET_PODS
value: ''
- name: SEQUENCE
value: 'parallel'
# it allows hostPID
hostPID: true
labels:
name: pod-delete
app.kubernetes.io/part-of: litmus
app.kubernetes.io/component: experiment-job
app.kubernetes.io/version: latest