ECS agent stop
ECS agent stop disrupts the state of infrastructure resources.
- The fault induces an agent stop chaos on AWS ECS using Amazon SSM Run command, this is carried out by using SSM Docs which is in-built in the fault for the give chaos scenario.
- It causes agent container stop on ECS with a given
CLUSTER_NAMEenvrionment variable using an SSM docs for a specific duration.
View fault usage
Kubernetes >= 1.17
Ensure that the ECS container metadata is enabled this feature is disabled by default. To enable it please follow the aws docs to Enabling container metadata. If you have your task running prior this activity you may need to restart it to get the metadata directory as mentioned in the docs.
Ensure that both you and ECS cluster instances have a Role with required AWS access to do SSM and ECS operations. Refer the below mentioned sample policy for the fault (please note that the sample policy can be minimised further). To know more checkout Systems Manager Docs. Also, please refer the below mentioned policy required for the experiment.
Ensure to create a Kubernetes secret having the AWS access configuration(key) in the
CHAOS_NAMESPACE. A sample secret file looks like:
# Add the cloud AWS credentials respectively
aws_access_key_id = XXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXX
It is recommended to use the same secret name, i.e.
cloud-secret. Otherwise, you will need to update the
AWS_SHARED_CREDENTIALS_FILEenvironment variable in the fault template and you may be unable to use the default health check probes.
Refer to AWS Named Profile For Chaos to know how to use a different profile for AWS faults.
Here is an example AWS policy to execute the fault.
View policy for the fault
Refer to the superset permission/policy to execute all AWS faults.
The ECS container instance should be in healthy state.
|CLUSTER_NAME||Name of the target ECS cluster|| Single name supported For example, |
|REGION||The AWS region name of the target ECS cluster|| For example, |
|TOTAL_CHAOS_DURATION||The total time duration for chaos insertion (sec)||Defaults to 30s|
|CHAOS_INTERVAL||The interval (in sec) between successive instance termination.||Defaults to 30s|
|AWS_SHARED_CREDENTIALS_FILE||Provide the path for aws secret credentials|| Defaults to |
|SEQUENCE||It defines sequence of chaos execution for multiple instance||Default value: parallel. Supported: serial, parallel|
|RAMP_TIME||Period to wait before and after injection of chaos in sec||For example, 30|
Common and AWS-specific tunables
Refer the common attributes and AWS-specific tunables to tune the common tunables for all faults and aws specific tunables.
It derives the target agent from
CLUSTER_NAME and stop them for a certain chaos duration.
Use the following example to tune this:
# stops the agent of an ECS cluster
- name: ecs-agent-stop
# provide the name of ECS cluster
- name: CLUSTER_NAME
- name: REGION
- name: TOTAL_CHAOS_DURATION