VMware DNS chaos

VMware DNS chaos causes DNS errors in the VMware VMs which results in the DNS server being unavailable or malfunctioning for a specific duration. It checks the performance of the application (or process) running on the VMware VMs.

VMware DNS Chaos

Use cases

VMware DNS chaos causes DNS errors on the target VMs which results in unavailability (or distorted) network connectivity from the VM to the target hosts.
It provides a hypothesis wherein certain services of an application could be unreachable from the VM.
It determines how DNS errors impact the infrastructure and standalone tasks in the application.
It simulates unavailability of DNS server, that is, loss of access to any external domain from a given microservice.
It simulates malfunctioning of DNS server, that is, loss of access to specific domains from a given microservice, loss of access to cloud provider dependencies, and loss of access to specific third party services.

Prerequisites

Kubernetes > 1.16 is required to execute this fault.
Execution plane should be connected to vCenter and host vCenter on port 443.
VMware tool should be installed on the target VM with remote execution enabled.
The VM should be in a healthy state before and after injecting chaos.
Appropriate vCenter permissions should be provided to access the hosts and the VMs.
Kubernetes secret has to be created that has the Vcenter credentials in the CHAOS_NAMESPACE. VM credentials can be passed as secrets or as a ChaosEngine environment variable. Below is a sample secret file:

apiVersion: v1
kind: Secret
metadata:
  name: vcenter-secret
  namespace: litmus
type: Opaque
stringData:
    VCENTERSERVER: XXXXXXXXXXX
    VCENTERUSER: XXXXXXXXXXXXX
    VCENTERPASS: XXXXXXXXXXXXX

Mandatory tunables

Tunable	Description	Notes
VM_NAME	Name of the target VM(s).	Multiple comma-separated names can be provided. For example, `vm-1,vm-2`.
VM_USER_NAME	Username of the target VM(s).	Multiple usernames can be provided as comma-separated values (when there are multiple VMs subject to chaos). It also helps run the govc command.
VM_PASSWORD	Password for the target VM(s).	It helps run the govc command.
PORT	DNS Port	Defaults to 54. For more information, go to DNS chaos with port.

Optional tunables

Tunable	Description	Notes
TOTAL_CHAOS_DURATION	Duration that you specify, through which chaos is injected into the target resource (in seconds).	Defaults to 30s. For more information, go to duration of the chaos.
CHAOS_INTERVAL	Time interval between two successive instance terminations (in seconds).	Defaults to 30s. For more information, go to chaos interval.
SEQUENCE	Sequence of chaos execution for multiple instances.	Defaults to parallel. Supports serial sequence as well. For more information, go to sequence of chaos execution.
RAMP_TIME	Period to wait before and after injecting chaos (in seconds).	For example, 30s. For more information, go to ramp time.
TARGET_HOSTNAMES	List of the target host names. If it is not provided, all host names (or domains) are targeted.	For example, '["litmuschaos","chaosnative.com"]'. For more information, go to target host names.
MATCH_SCHEME	Determines whether the DNS query should exactly match the targets or can be a substring.	Defaults to exact. For more information, go to DNS chaos with match scheme.
UPSTREAM_SERVER	Custom upstream server to which the intercepted DNS requests will be forwarded.	Defaults to the server mentioned in `resolv.conf` file. For more information, go to DNS chaos with upstream server.
DEFAULT_HEALTH_CHECK	Determines if you wish to run the default health check which is present inside the fault.	Default: 'true'. For more information, go to default health check.

Secret tunables

Tunable	Description	Notes
GOVC_URL	vCenter server URL used to perform API calls using the govc command.	It is derived from a secret.
GOVC_USERNAME	Username of the vCenter server used for authentication purposes.	It can be set up using a secret.
GOVC_PASSWORD	Password of the vCenter server used for authentication purposes.	It can be set up using a secret.
GOVC_INSECURE	Runs the govc command in insecure mode. It is set to `true`.	It can be set up using a secret.

Run DNS chaos with port

It specifies the DNS port where DNS chaos is injected. Tune it by using the PORT environment variable.

Use the following example to tune it:

# induces DNS chaos on the VMware VM
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
  name: VMware-engine
spec:
  engineState: "active"
  chaosServiceAccount: litmus-admin
  experiments:
  - name: VMware-DNS-chaos
    spec:
      components:
        env:
        - name: PORT
          value: '54'
        - name: VM_NAME
          value: 'vm-1,vm-2'
        - name: VM_USER_NAME
          value: 'ubuntu,debian'
        - name: VM_PASSWORD
          value: '123,123'

Run DNS chaos with target host names

It specifies the list of the target host names into which DNS chaos is injected. Tune it by using the TARGET_HOSTNAMES environment variable.

Use the following example to tune it:

# induces DNS chaos on the VMware VMs
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
  name: engine-nginx
spec:
  engineState: "active"
  chaosServiceAccount: litmus-admin
  experiments:
  - name: VMware-DNS-chaos
    spec:
      components:
        env:
        # list of target host names
        - name: TARGET_HOSTNAMES
          value: '["litmuschaos","chaosnative.com"]'
        - name: VM_NAME
          value: 'vm-1,vm-2'
        - name: VM_USER_NAME
          value: 'ubuntu,debian'
        - name: VM_PASSWORD
          value: '123,123'

Run DNS chaos with match scheme

It specifies whether the DNS query should exactly match the targets or can be a substring. Tune it by using the MATCH_SCHEME environment variable.

Use the following example to tune it:

# induces DNS chaos on the VMware VMs
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
  name: engine-nginx
spec:
  engineState: "active"
  chaosServiceAccount: litmus-admin
  experiments:
  - name: VMware-DNS-chaos
    spec:
      components:
        env:
        # match scheme type
        - name: MATCH_SCHEME
          value: 'exact'
        - name: VM_NAME
          value: 'vm-1,vm-2'
        - name: VM_USER_NAME
          value: 'ubuntu,debian'
        - name: VM_PASSWORD
          value: '123,123'

Run DNS chaos with upstream server

It specifies the custom upstream server to which the intercepted DNS requests are forwarded. It defaults to the server mentioned in the resolv.conf file. Tune it by using the UPSTREAM_SERVER environment variable.

Use the following example to tune it:

# induces DNS chaos on the VMware VMs
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
  name: engine-nginx
spec:
  engineState: "active"
  chaosServiceAccount: litmus-admin
  experiments:
  - name: VMware-DNS-chaos
    spec:
      components:
        env:
        # name of the upstream server
        - name: UPSTREAM_SERVER
          value: '8.8.8.8'
        - name: VM_NAME
          value: 'vm-1,vm-2'
        - name: VM_USER_NAME
          value: 'ubuntu,debian'
        - name: VM_PASSWORD
          value: '123,123'

Use cases​

Prerequisites​

Mandatory tunables​

Optional tunables​

Secret tunables​

Run DNS chaos with port​

Run DNS chaos with target host names​

Run DNS chaos with match scheme​

Run DNS chaos with upstream server​

Use cases

Prerequisites

Mandatory tunables

Optional tunables

Secret tunables

Run DNS chaos with port

Run DNS chaos with target host names

Run DNS chaos with match scheme

Run DNS chaos with upstream server