Network chaos ng scripts and variables for pod network ingress and egress shaping

build.sh

@@ -1,6 +1,7 @@
 SCENARIOS=( application-outages container-scenarios network-chaos node-cpu-hog node-io-hog \
 node-memory-hog node-scenarios node-scenarios-bm pod-network-chaos pod-scenarios power-outages pvc-scenario \
-service-disruption-scenarios service-hijacking syn-flood time-scenarios zone-outages node-network-filter pod-network-filter kubevirt-outage)
+service-disruption-scenarios service-hijacking syn-flood time-scenarios zone-outages node-network-filter pod-network-filter kubevirt-outage \
+pod-ingress-shaping pod-egress-shaping )
 for i in "${SCENARIOS[@]}"; do
     export KRKNCTL_INPUT=$(cat $i/krknctl-input.json|tr -d "\n")
     envsubst < $i/Dockerfile.template > $i/Dockerfile

node-network-filter/env.sh

@@ -1,16 +1,22 @@
+export SCENARIO_TYPE=${SCENARIO_TYPE:=network_chaos_ng_scenarios}
+export SCENARIO_FILE=${SCENARIO_FILE:=scenarios/kube/network-filter.yml}
+
+export IMAGE=${IMAGE:="quay.io/krkn-chaos/krkn-network-chaos:latest"}
 export TEST_DURATION=${TOTAL_CHAOS_DURATION:="60"}
 export LABEL_SELECTOR=${NODE_SELECTOR:=""}
+export EXECUTION=${EXECUTION:="parallel"}
 export NAMESPACE=${NAMESPACE:="default"}
 export INSTANCE_COUNT=${INSTANCE_COUNT:="1"}
-export EXECUTION=${EXECUTION:="parallel"}
+export NODE_NAME=${NODE_NAME:=""}
+
+export SERVICE_ACCOUNT=${SERVICE_ACCOUNT:=""}
+export TAINTS=${TAINTS:=""}
 export INGRESS=${INGRESS:="false"}
 export EGRESS=${EGRESS:="false"}
 export INTERFACES=${INTERFACES:=""}
-export PORTS=${PORTS:=""}
-export SCENARIO_TYPE=${SCENARIO_TYPE:=network_chaos_ng_scenarios}
-export SCENARIO_FILE=${SCENARIO_FILE:=scenarios/kube/network-filter.yml}
-export IMAGE=${IMAGE:="quay.io/krkn-chaos/krkn-network-chaos:latest"}
 export PROTOCOLS=${PROTOCOLS:="tcp"}
-export NODE_NAME=${NODE_NAME:=""}
-export TAINTS=${TAINTS:=""}
-export SERVICE_ACCOUNT=${SERVICE_ACCOUNT:=""}
+export PORTS=${PORTS:=""}
+export FORCE=${FORCE:="false"}
+
+
+

node-network-filter/krknctl-input.json

@@ -1,130 +1,138 @@
 [
-  {
-    "name": "chaos-duration",
-    "short_description": "Chaos Duration",
-    "description": "Set chaos duration (in sec) as desired",
-    "variable": "TOTAL_CHAOS_DURATION",
-    "type": "number",
-    "default": "60",
-    "required": "false"
-  },
-  {
-    "name": "node-selector",
-    "short_description": "Node Selector",
-    "description": "Node selector where the scenario containers will be scheduled in the format \"<selector>=<value>\". NOTE:  Will be instantiated a container per each node selected with the same scenario options. If left empty a random node will be selected",
-    "variable": "NODE_SELECTOR",
-    "type": "string",
-    "validator": "^$|^.+\\=.*$",
-    "default": "",
-    "required": "false"
-  },
-  {
-    "name": "node-name",
-    "short_description": "Node Name",
-    "description": "The Node name to target (if label selector not specified)",
-    "variable": "NODE_NAME",
-    "type": "string",
-    "default": "",
-    "required": "false"
-  },
-  {
-    "name": "namespace",
-    "short_description": "Namespace",
-    "description": "Namespace where the scenario container will be deployed",
-    "variable": "NAMESPACE",
-    "type": "string",
-    "default": "default",
-    "required": "false"
-  },
-  {
-    "name": "instance-count",
-    "short_description": "Number of instances to target",
-    "description": "Number of instances to target if more the one is selected by the NODE_SELECTOR",
-    "variable": "INSTANCE_COUNT",
-    "type": "number",
-    "default": "1",
-    "required": "false"
-  },
-  {
-    "name": "execution",
-    "short_description": "Execution mode",
-    "description": "When multiple nodes are selected the execution on all of them can be performed in serial or in parallel",
-    "variable": "EXECUTION",
-    "type": "enum",
-    "allowed_values": "parallel,serial",
-    "separator": ",",
-    "required": "false"
-  },
-  {
-    "name": "ingress",
-    "short_description": "Filter incoming traffic",
-    "description": "Incoming network traffic will be filtered",
-    "variable": "INGRESS",
-    "type": "boolean",
-    "required": "true"
-  },
-  {
-    "name": "egress",
-    "short_description": "Filter outgoing traffic",
-    "description": "Outgoing network traffic will be filtered",
-    "variable": "EGRESS",
-    "type": "boolean",
-    "required": "true"
-  },
-  {
-    "name": "interfaces",
-    "short_description": "Network interfaces to filter outgoing traffic (if more than one separated by comma)",
-    "description": "Network interfaces to filter outgoing traffic (if more than one separated by comma eg. eth0,eth1,eth2)",
-    "variable": "INTERFACES",
-    "type": "string",
-    "default": "",
-    "validator": "^$|^[a-zA-Z0-9]+(,[a-zA-Z0-9]+)*$",
-    "required": "false"
-  },
-  {
-    "name": "ports",
-    "short_description": "Network ports to filter traffic (if more than one separated by comma)",
-    "description": "Network ports to filter traffic (if more than one separated by comma eg. 8080,8081,8082)",
-    "variable": "PORTS",
-    "type": "string",
-    "validator": "^\\d+(,\\d+)*$",
-    "required": "true"
-  },
-  {
-    "name": "image",
-    "short_description": "The network chaos injection workload container image",
-    "description": "The network chaos injection workload container image",
-    "variable": "IMAGE",
-    "type": "string",
-    "default": "quay.io/krkn-chaos/krkn-network-chaos:latest",
-    "required": "false"
-  },
-  {
-    "name": "protocols",
-    "short_description": "The network protocols that will be filtered",
-    "description": "The network protocols that will be filtered (tcp, udp or both of them comma separated)",
-    "variable": "PROTOCOLS",
-    "type": "string",
-    "default": "tcp",
-    "validator": "^$|^tcp$|^udp$|^tcp,udp$|^udp,tcp$",
-    "required": "false"
-  },
-  {
-    "name": "taints",
-    "short_description": "The list of tolerations that can be assigned to the network filter workload",
-    "description": "The list of tolerations that can be assigned to the network filter workload (comma separated)",
-    "variable": "TAINTS",
-    "type": "string",
-    "default": "",
-    "required": "false"
-  },
-  {
-    "name": "service-account",
-    "short_description": "The service account associated with the Node Network Filter workload",
-    "description": "The service account associated with the Node Network Filter workload",
-    "variable": "SERVICE_ACCOUNT",
-    "type": "string",
-    "default": "",
-    "required": "false"
-  }
+   {
+      "name":"image",
+      "short_description":"The network chaos injection workload container image",
+      "description":"The network chaos injection workload container image",
+      "variable":"IMAGE",
+      "type":"string",
+      "default":"quay.io/krkn-chaos/krkn-network-chaos:latest",
+      "required":"false"
+   },
+   {
+      "name":"chaos-duration",
+      "short_description":"Chaos Duration",
+      "description":"Set chaos duration (in sec) as desired",
+      "variable":"TOTAL_CHAOS_DURATION",
+      "type":"number",
+      "default":"60",
+      "required":"false"
+   },
+   {
+      "name":"node-selector",
+      "short_description":"Node Selector",
+      "description":"Node selector where the scenario containers will be scheduled in the format \"<selector>=<value>\". NOTE:  Will be instantiated a container per each node selected with the same scenario options. If left empty a random node will be selected",
+      "variable":"NODE_SELECTOR",
+      "type":"string",
+      "validator":"^$|^.+\\=.*$",
+      "default":"",
+      "required":"false"
+   },
+   {
+      "name":"execution",
+      "short_description":"Execution mode",
+      "description":"When multiple nodes are selected the execution on all of them can be performed in serial or in parallel",
+      "variable":"EXECUTION",
+      "type":"enum",
+      "allowed_values":"parallel,serial",
+      "separator":",",
+      "required":"false"
+   },
+   {
+      "name":"namespace",
+      "short_description":"Namespace",
+      "description":"Namespace where the scenario container will be deployed",
+      "variable":"NAMESPACE",
+      "type":"string",
+      "default":"default",
+      "required":"false"
+   },
+   {
+      "name":"instance-count",
+      "short_description":"Number of instances to target",
+      "description":"Number of instances to target if more the one is selected by the NODE_SELECTOR",
+      "variable":"INSTANCE_COUNT",
+      "type":"number",
+      "default":"1",
+      "required":"false"
+   },
+   {
+      "name":"node-name",
+      "short_description":"Node Name",
+      "description":"The Node name to target (if label selector not specified)",
+      "variable":"NODE_NAME",
+      "type":"string",
+      "default":"",
+      "required":"false"
+   },
+   {
+      "name":"service-account",
+      "short_description":"The service account associated with the Node Network Filter workload",
+      "description":"The service account associated with the Node Network Filter workload",
+      "variable":"SERVICE_ACCOUNT",
+      "type":"string",
+      "default":"",
+      "required":"false"
+   },
+   {
+      "name":"taints",
+      "short_description":"The list of tolerations that can be assigned to the network filter workload",
+      "description":"The list of tolerations that can be assigned to the network filter workload (comma separated)",
+      "variable":"TAINTS",
+      "type":"string",
+      "default":"",
+      "required":"false"
+   },
+   {
+      "name":"ingress",
+      "short_description":"Filter incoming traffic",
+      "description":"Incoming network traffic will be filtered",
+      "variable":"INGRESS",
+      "type":"boolean",
+      "required":"true"
+   },
+   {
+      "name":"egress",
+      "short_description":"Filter outgoing traffic",
+      "description":"Outgoing network traffic will be filtered",
+      "variable":"EGRESS",
+      "type":"boolean",
+      "required":"true"
+   },
+   {
+      "name":"interfaces",
+      "short_description":"Network interfaces to filter outgoing traffic (if more than one separated by comma)",
+      "description":"Network interfaces to filter outgoing traffic (if more than one separated by comma eg. eth0,eth1,eth2)",
+      "variable":"INTERFACES",
+      "type":"string",
+      "default":"",
+      "validator":"^$|^[a-zA-Z0-9]+(,[a-zA-Z0-9]+)*$",
+      "required":"false"
+   },
+   {
+      "name":"protocols",
+      "short_description":"The network protocols that will be filtered",
+      "description":"The network protocols that will be filtered (tcp, udp or both of them comma separated)",
+      "variable":"PROTOCOLS",
+      "type":"string",
+      "default":"tcp",
+      "validator":"^$|^tcp$|^udp$|^tcp,udp$|^udp,tcp$",
+      "required":"false"
+   },
+   {
+      "name":"ports",
+      "short_description":"Network ports to filter traffic (if more than one separated by comma)",
+      "description":"Network ports to filter traffic (if more than one separated by comma eg. 8080,8081,8082)",
+      "variable":"PORTS",
+      "type":"string",
+      "validator":"^\\d+(,\\d+)*$",
+      "required":"true"
+   },
+   {
+      "name":"force",
+      "short_description":"Forces node network filter",
+      "description":"Forces krkn to apply a filter on all the node ports. **WARNING** this will make the node unreachable, do it at your own risk.",
+      "variable":"FORCE",
+      "type":"boolean",
+      "required":"true"
+   }
 ]

node-network-filter/network-filter.yml

@@ -8,10 +8,13 @@
   execution: parallel
   ingress: false
   egress: true
-  target: ''
+  target: node
   interfaces: []
   ports: []
   taints: []
   protocols:
     - tcp
   image: quay.io/krkn-chaos/krkn-network-chaos:latest
+  force: false
+
+

node-network-filter/run.sh

@@ -23,7 +23,7 @@ yq -i ".[0].egress=$EGRESS" $SCENARIO_FOLDER/network-filter.yml
 yq -i ".[0].image=\"$IMAGE\"" $SCENARIO_FOLDER/network-filter.yml
 yq -i ".[0].target=\"$NODE_NAME\"" $SCENARIO_FOLDER/network-filter.yml
 yq -i ".[0].service_account=\"$SERVICE_ACCOUNT\"" $SCENARIO_FOLDER/network-filter.yml
-
+yq -i ".[0].force=\"$FORCE\"" $SCENARIO_FOLDER/network-filter.yml
 IFS=',' read -ra array <<< "$INTERFACES"
 
 for ((i=0; i<${#array[@]}; i++)); do

pod-egress-shaping/Dockerfile.template

@@ -0,0 +1,24 @@
+# Dockerfile for kraken
+
+FROM quay.io/krkn-chaos/krkn:latest
+
+ENV KUBECONFIG /home/krkn/.kube/config
+
+# Copy configurations
+COPY metrics_config.yaml.template /home/krkn/kraken/config/kube_burner.yaml.template
+COPY config.yaml.template /home/krkn/kraken/config/config.yaml.template
+
+COPY pod-egress-shaping/env.sh /home/krkn/env.sh
+COPY env.sh /home/krkn/main_env.sh
+COPY pod-egress-shaping/run.sh /home/krkn/run.sh
+COPY pod-egress-shaping/pod-network-shaping.yml /home/krkn/kraken/scenarios/kube/pod-network-shaping.yml
+COPY common_run.sh /home/krkn/common_run.sh
+
+LABEL krknctl.kubeconfig_path="/home/krkn/.kube/config"
+LABEL krknctl.title="Pod Ingress Shaping"
+LABEL krknctl.description="This scenario will shape pod's ingress latency, packet loss and network bandwidth"
+
+LABEL krknctl.input_fields='$KRKNCTL_INPUT'
+
+ENTRYPOINT /home/krkn/run.sh
+

pod-egress-shaping/README.md

@@ -0,0 +1,3 @@
+# Network Chaos docs
+
+See [doc](../docs/pod-egress-shaping.md) for how to run and all the variables listed

pod-egress-shaping/env.sh

@@ -0,0 +1,17 @@
+export SCENARIO_TYPE=${SCENARIO_TYPE:=network_chaos_ng_scenarios}
+export SCENARIO_FILE=${SCENARIO_FILE:=scenarios/kube/pod-network-shaping.yml}
+
+export IMAGE=${IMAGE:="quay.io/krkn-chaos/krkn:tools"}
+export TEST_DURATION=${TOTAL_CHAOS_DURATION:="60"}
+export POD_SELECTOR=${POD_SELECTOR:=""}
+export EXECUTION=${EXECUTION:="parallel"}
+export NAMESPACE=${NAMESPACE:="default"}
+export INSTANCE_COUNT=${INSTANCE_COUNT:="1"}
+export POD_NAME=${POD_NAME:=""}
+export SERVICE_ACCOUNT=${SERVICE_ACCOUNT:=""}
+export TAINTS=${TAINTS:=""}
+
+export LATENCY=${LATENCY:=""}
+export LOSS=${LOSS:=""}
+export BANDWIDTH=${BANDWIDTH:=""}
+export NETWORK_SHAPING_EXECUTION=${NETWORK_SHAPING_EXECUTION:="parallel"}