chaostoolkit-kubernetes


Namechaostoolkit-kubernetes JSON
Version 0.38.2 PyPI version JSON
download
home_pageNone
SummaryChaos Toolkit Extension for Kubernetes
upload_time2024-04-18 13:48:58
maintainerNone
docs_urlNone
authorNone
requires_python>=3.8
licenseApache-2.0
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # Chaos Toolkit Extensions for Kubernetes

[![Build](https://github.com/chaostoolkit/chaostoolkit-kubernetes/actions/workflows/build.yaml/badge.svg)](https://github.com/chaostoolkit/chaostoolkit-kubernetes/actions/workflows/build.yaml)
[![Python versions](https://img.shields.io/pypi/pyversions/chaostoolkit-kubernetes.svg)](https://www.python.org/)
[![Downloads](https://pepy.tech/badge/chaostoolkit-kubernetes)](https://pepy.tech/project/chaostoolkit-kubernetes)

This project contains activities, such as probes and actions, you can call from
your experiment through the Chaos Toolkit to perform Chaos Engineering against
the Kubernetes API: killing a pod, removing a statefulset or node...

## Install

To be used from your experiment, this package must be installed in the Python
environment where [chaostoolkit][] already lives.

[chaostoolkit]: https://github.com/chaostoolkit/chaostoolkit

```
$ pip install chaostoolkit-kubernetes
```

## Usage

To use the probes and actions from this package, add the following to your
experiment file:

```json
{
    "title": "Do we remain available in face of pod going down?",
    "description": "We expect Kubernetes to handle the situation gracefully when a pod goes down",
    "tags": ["kubernetes"],
    "steady-state-hypothesis": {
        "title": "Verifying service remains healthy",
        "probes": [
            {
                "name": "all-our-microservices-should-be-healthy",
                "type": "probe",
                "tolerance": true,
                "provider": {
                    "type": "python",
                    "module": "chaosk8s.probes",
                    "func": "microservice_available_and_healthy",
                    "arguments": {
                        "name": "myapp"
                    }
                }
            }
        ]
    },
    "method": [
        {
            "type": "action",
            "name": "terminate-db-pod",
            "provider": {
                "type": "python",
                "module": "chaosk8s.pod.actions",
                "func": "terminate_pods",
                "arguments": {
                    "label_selector": "app=my-app",
                    "name_pattern": "my-app-[0-9]$",
                    "rand": true
                }
            },
            "pauses": {
                "after": 5
            }
        }
    ]
}
```

That's it! Notice how the action gives you the way to kill one pod randomly.

Please explore the [documentation][doc] to see existing probes and actions.

[doc]: https://chaostoolkit.org/drivers/kubernetes/#exported-activities

### Low level fault injections

Note, for the network, cpu and memory stressors we rely on the fantastic
[Chaos Mesh project](https://chaos-mesh.org/) that provides a great interface
to inject these faults.

You will need to install Chaos Mesh first in your cluster to use them.

## Configuration

### Use ~/.kube/config

If you have a valid entry in your `~/.kube/config` file for the cluster you
want to target, then there is nothing to be done.

You may specify `KUBECONFIG` to specify a different location.

```
$ export KUBECONFIG=/tmp/my-config
```

#### Specify the Kubernetes context

Quite often, your Kubernetes configuration contains several entries, and you
need to define the one to use as a default context when it isn't
explicitly provided.

You may of course change your default using
`kubectl config use-context KUBERNETES_CONTEXT` but you can also be explicit
in your experiment as follows:

```json
{
    "title": "Do we remain available in face of pod going down?",
    "description": "We expect Kubernetes to handle the situation gracefully when a pod goes down",
    "tags": ["kubernetes"],
    "secrets": {
        "k8s": {
            "KUBERNETES_CONTEXT": "..."
        }
    },
    "steady-state-hypothesis": {
        "title": "Verifying service remains healthy",
        "probes": [
            {
                "name": "all-our-microservices-should-be-healthy",
                "type": "probe",
                "tolerance": true,
                "secrets": ["k8s"],
                "provider": {
                    "type": "python",
                    "module": "chaosk8s.probes",
                    "func": "microservice_available_and_healthy",
                    "arguments": {
                        "name": "myapp"
                    }
                }
            }
        ]
    },
    "method": [
        {
            "type": "action",
            "name": "terminate-db-pod",
            "secrets": ["k8s"],
            "provider": {
                "type": "python",
                "module": "chaosk8s.pod.actions",
                "func": "terminate_pods",
                "arguments": {
                    "label_selector": "app=my-app",
                    "name_pattern": "my-app-[0-9]$",
                    "rand": true
                }
            },
            "pauses": {
                "after": 5
            }
        }
    ]
}
```

You need to specify the `KUBERNETES_CONTEXT` secret key to the name of the
context you want the experiment to use. Make sure to also inform the
actions and probes about the secret entries they should be
passed `"secrets": ["k8s"]`.

### Use a Pod's service account

When running from a pod (not your local machine or a CI for instance), the
 `./.kube/config` file does not exist. Instead, the credentials can be found
 at [/var/run/secrets/kubernetes.io/serviceaccount/token][podcreds].

 [podcreds]: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod

 To let the extension know about this, simply set `CHAOSTOOLKIT_IN_POD` from the
 environment variable of the pod specification:

```yaml
env:
- name: CHAOSTOOLKIT_IN_POD
  value: "true"
```

## Pass all credentials in the experiment

Finally, you may pass explicitly all required credentials information to the
experiment as follows:

### Using an API key

```json
{
    "secrets": {
        "kubernetes": {
            "KUBERNETES_HOST": "http://somehost",
            "KUBERNETES_API_KEY": {
                "type": "env",
                "key": "SOME_ENV_VAR"
            }
        }
    }
}
```

### Using a username/password

```json
{
    "secrets": {
        "kubernetes": {
            "KUBERNETES_HOST": "http://somehost",
            "KUBERNETES_USERNAME": {
                "type": "env",
                "key": "SOME_ENV_VAR"
            },
            "KUBERNETES_PASSWORD": {
                "type": "env",
                "key": "SOME_ENV_VAR"
            }
        }
    }
}
```

### Using a TLS key/certificate

```json
{
    "secrets": {
        "kubernetes": {
            "KUBERNETES_HOST": "http://somehost",
            "KUBERNETES_CERT_FILE": {
                "type": "env",
                "key": "SOME_ENV_VAR"
            },
            "KUBERNETES_KEY_FILE": {
                "type": "env",
                "key": "SOME_ENV_VAR"
            }
        }
    }
}
```

## Managed Kubernetes Clusters Authentication

On some managed Kubernetes clusters, you also need to authenticate against the
platform itself because the Kubernetes authentication is delegated to it.

### Google Cloud Platform

In addition to your Kubernetes credentials (via the `~/.kube/config` file), you
need to authenticate against the Google Cloud Platform itself. Usually this
is done [via][gcloud]:

[gcloud]: https://cloud.google.com/sdk/gcloud/reference/auth/login

```
$ gcloud auth login
```

But can also be achieved by defining the `GOOGLE_APPLICATION_CREDENTIALS`
environment variable.

## Contribute

If you wish to contribute more functions to this package, you are more than
welcome to do so. Please, fork this project, write unit tests to cover the proposed changes,
implement the changes, ensure they meet the formatting standards and then raise a
PR to the repository for review.

Please refer to the [formatting](#formatting-and-linting) section for more information
on the formatting standards.

The Chaos Toolkit projects require all contributors must sign a
[Developer Certificate of Origin][dco] on each commit they would like to merge
into the master branch of the repository. Please, make sure you can abide by
the rules of the DCO before submitting a PR.

[dco]: https://github.com/probot/dco#how-it-works

### Develop

If you wish to develop on this project, make sure to install the development
dependencies. But first, [install PDM][pdm] and then install
the dependencies.

[pdm]: https://pdm-project.org/latest/

```console
$ pdm install
```

Now, you can edit the files, and they will be automatically be seen by your
environment, even when running from the `chaos` command locally.

### Tests

To run the tests for the project execute the following:

```console
$ pdm run tests
```

### Formatting and Linting

We use [ruff][] to both lint and format this repositories code.

[ruff]: https://github.com/astral-sh/ruff

Before raising a Pull Request, we recommend you run formatting against your code with:

```console
$ pdm run format
```

This will automatically format any code that doesn't adhere to the formatting standards.

As some things are not picked up by the formatting, we also recommend you run:

```console
$ pdm run lint
```

To ensure that any unused import statements/strings that are too long, etc. are also picked up.

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "chaostoolkit-kubernetes",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": null,
    "keywords": null,
    "author": null,
    "author_email": "Chaos Toolkit <contact@chaostoolkit.org>",
    "download_url": "https://files.pythonhosted.org/packages/d8/3b/2aa5503e13dd59746843c8a0faf846395f96c2a8816d77cb290882b5c4dd/chaostoolkit_kubernetes-0.38.2.tar.gz",
    "platform": null,
    "description": "# Chaos Toolkit Extensions for Kubernetes\n\n[![Build](https://github.com/chaostoolkit/chaostoolkit-kubernetes/actions/workflows/build.yaml/badge.svg)](https://github.com/chaostoolkit/chaostoolkit-kubernetes/actions/workflows/build.yaml)\n[![Python versions](https://img.shields.io/pypi/pyversions/chaostoolkit-kubernetes.svg)](https://www.python.org/)\n[![Downloads](https://pepy.tech/badge/chaostoolkit-kubernetes)](https://pepy.tech/project/chaostoolkit-kubernetes)\n\nThis project contains activities, such as probes and actions, you can call from\nyour experiment through the Chaos Toolkit to perform Chaos Engineering against\nthe Kubernetes API: killing a pod, removing a statefulset or node...\n\n## Install\n\nTo be used from your experiment, this package must be installed in the Python\nenvironment where [chaostoolkit][] already lives.\n\n[chaostoolkit]: https://github.com/chaostoolkit/chaostoolkit\n\n```\n$ pip install chaostoolkit-kubernetes\n```\n\n## Usage\n\nTo use the probes and actions from this package, add the following to your\nexperiment file:\n\n```json\n{\n    \"title\": \"Do we remain available in face of pod going down?\",\n    \"description\": \"We expect Kubernetes to handle the situation gracefully when a pod goes down\",\n    \"tags\": [\"kubernetes\"],\n    \"steady-state-hypothesis\": {\n        \"title\": \"Verifying service remains healthy\",\n        \"probes\": [\n            {\n                \"name\": \"all-our-microservices-should-be-healthy\",\n                \"type\": \"probe\",\n                \"tolerance\": true,\n                \"provider\": {\n                    \"type\": \"python\",\n                    \"module\": \"chaosk8s.probes\",\n                    \"func\": \"microservice_available_and_healthy\",\n                    \"arguments\": {\n                        \"name\": \"myapp\"\n                    }\n                }\n            }\n        ]\n    },\n    \"method\": [\n        {\n            \"type\": \"action\",\n            \"name\": \"terminate-db-pod\",\n            \"provider\": {\n                \"type\": \"python\",\n                \"module\": \"chaosk8s.pod.actions\",\n                \"func\": \"terminate_pods\",\n                \"arguments\": {\n                    \"label_selector\": \"app=my-app\",\n                    \"name_pattern\": \"my-app-[0-9]$\",\n                    \"rand\": true\n                }\n            },\n            \"pauses\": {\n                \"after\": 5\n            }\n        }\n    ]\n}\n```\n\nThat's it! Notice how the action gives you the way to kill one pod randomly.\n\nPlease explore the [documentation][doc] to see existing probes and actions.\n\n[doc]: https://chaostoolkit.org/drivers/kubernetes/#exported-activities\n\n### Low level fault injections\n\nNote, for the network, cpu and memory stressors we rely on the fantastic\n[Chaos Mesh project](https://chaos-mesh.org/) that provides a great interface\nto inject these faults.\n\nYou will need to install Chaos Mesh first in your cluster to use them.\n\n## Configuration\n\n### Use ~/.kube/config\n\nIf you have a valid entry in your `~/.kube/config` file for the cluster you\nwant to target, then there is nothing to be done.\n\nYou may specify `KUBECONFIG` to specify a different location.\n\n```\n$ export KUBECONFIG=/tmp/my-config\n```\n\n#### Specify the Kubernetes context\n\nQuite often, your Kubernetes configuration contains several entries, and you\nneed to define the one to use as a default context when it isn't\nexplicitly provided.\n\nYou may of course change your default using\n`kubectl config use-context KUBERNETES_CONTEXT` but you can also be explicit\nin your experiment as follows:\n\n```json\n{\n    \"title\": \"Do we remain available in face of pod going down?\",\n    \"description\": \"We expect Kubernetes to handle the situation gracefully when a pod goes down\",\n    \"tags\": [\"kubernetes\"],\n    \"secrets\": {\n        \"k8s\": {\n            \"KUBERNETES_CONTEXT\": \"...\"\n        }\n    },\n    \"steady-state-hypothesis\": {\n        \"title\": \"Verifying service remains healthy\",\n        \"probes\": [\n            {\n                \"name\": \"all-our-microservices-should-be-healthy\",\n                \"type\": \"probe\",\n                \"tolerance\": true,\n                \"secrets\": [\"k8s\"],\n                \"provider\": {\n                    \"type\": \"python\",\n                    \"module\": \"chaosk8s.probes\",\n                    \"func\": \"microservice_available_and_healthy\",\n                    \"arguments\": {\n                        \"name\": \"myapp\"\n                    }\n                }\n            }\n        ]\n    },\n    \"method\": [\n        {\n            \"type\": \"action\",\n            \"name\": \"terminate-db-pod\",\n            \"secrets\": [\"k8s\"],\n            \"provider\": {\n                \"type\": \"python\",\n                \"module\": \"chaosk8s.pod.actions\",\n                \"func\": \"terminate_pods\",\n                \"arguments\": {\n                    \"label_selector\": \"app=my-app\",\n                    \"name_pattern\": \"my-app-[0-9]$\",\n                    \"rand\": true\n                }\n            },\n            \"pauses\": {\n                \"after\": 5\n            }\n        }\n    ]\n}\n```\n\nYou need to specify the `KUBERNETES_CONTEXT` secret key to the name of the\ncontext you want the experiment to use. Make sure to also inform the\nactions and probes about the secret entries they should be\npassed `\"secrets\": [\"k8s\"]`.\n\n### Use a Pod's service account\n\nWhen running from a pod (not your local machine or a CI for instance), the\n `./.kube/config` file does not exist. Instead, the credentials can be found\n at [/var/run/secrets/kubernetes.io/serviceaccount/token][podcreds].\n\n [podcreds]: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod\n\n To let the extension know about this, simply set `CHAOSTOOLKIT_IN_POD` from the\n environment variable of the pod specification:\n\n```yaml\nenv:\n- name: CHAOSTOOLKIT_IN_POD\n  value: \"true\"\n```\n\n## Pass all credentials in the experiment\n\nFinally, you may pass explicitly all required credentials information to the\nexperiment as follows:\n\n### Using an API key\n\n```json\n{\n    \"secrets\": {\n        \"kubernetes\": {\n            \"KUBERNETES_HOST\": \"http://somehost\",\n            \"KUBERNETES_API_KEY\": {\n                \"type\": \"env\",\n                \"key\": \"SOME_ENV_VAR\"\n            }\n        }\n    }\n}\n```\n\n### Using a username/password\n\n```json\n{\n    \"secrets\": {\n        \"kubernetes\": {\n            \"KUBERNETES_HOST\": \"http://somehost\",\n            \"KUBERNETES_USERNAME\": {\n                \"type\": \"env\",\n                \"key\": \"SOME_ENV_VAR\"\n            },\n            \"KUBERNETES_PASSWORD\": {\n                \"type\": \"env\",\n                \"key\": \"SOME_ENV_VAR\"\n            }\n        }\n    }\n}\n```\n\n### Using a TLS key/certificate\n\n```json\n{\n    \"secrets\": {\n        \"kubernetes\": {\n            \"KUBERNETES_HOST\": \"http://somehost\",\n            \"KUBERNETES_CERT_FILE\": {\n                \"type\": \"env\",\n                \"key\": \"SOME_ENV_VAR\"\n            },\n            \"KUBERNETES_KEY_FILE\": {\n                \"type\": \"env\",\n                \"key\": \"SOME_ENV_VAR\"\n            }\n        }\n    }\n}\n```\n\n## Managed Kubernetes Clusters Authentication\n\nOn some managed Kubernetes clusters, you also need to authenticate against the\nplatform itself because the Kubernetes authentication is delegated to it.\n\n### Google Cloud Platform\n\nIn addition to your Kubernetes credentials (via the `~/.kube/config` file), you\nneed to authenticate against the Google Cloud Platform itself. Usually this\nis done [via][gcloud]:\n\n[gcloud]: https://cloud.google.com/sdk/gcloud/reference/auth/login\n\n```\n$ gcloud auth login\n```\n\nBut can also be achieved by defining the `GOOGLE_APPLICATION_CREDENTIALS`\nenvironment variable.\n\n## Contribute\n\nIf you wish to contribute more functions to this package, you are more than\nwelcome to do so. Please, fork this project, write unit tests to cover the proposed changes,\nimplement the changes, ensure they meet the formatting standards and then raise a\nPR to the repository for review.\n\nPlease refer to the [formatting](#formatting-and-linting) section for more information\non the formatting standards.\n\nThe Chaos Toolkit projects require all contributors must sign a\n[Developer Certificate of Origin][dco] on each commit they would like to merge\ninto the master branch of the repository. Please, make sure you can abide by\nthe rules of the DCO before submitting a PR.\n\n[dco]: https://github.com/probot/dco#how-it-works\n\n### Develop\n\nIf you wish to develop on this project, make sure to install the development\ndependencies. But first, [install PDM][pdm] and then install\nthe dependencies.\n\n[pdm]: https://pdm-project.org/latest/\n\n```console\n$ pdm install\n```\n\nNow, you can edit the files, and they will be automatically be seen by your\nenvironment, even when running from the `chaos` command locally.\n\n### Tests\n\nTo run the tests for the project execute the following:\n\n```console\n$ pdm run tests\n```\n\n### Formatting and Linting\n\nWe use [ruff][] to both lint and format this repositories code.\n\n[ruff]: https://github.com/astral-sh/ruff\n\nBefore raising a Pull Request, we recommend you run formatting against your code with:\n\n```console\n$ pdm run format\n```\n\nThis will automatically format any code that doesn't adhere to the formatting standards.\n\nAs some things are not picked up by the formatting, we also recommend you run:\n\n```console\n$ pdm run lint\n```\n\nTo ensure that any unused import statements/strings that are too long, etc. are also picked up.\n",
    "bugtrack_url": null,
    "license": "Apache-2.0",
    "summary": "Chaos Toolkit Extension for Kubernetes",
    "version": "0.38.2",
    "project_urls": {
        "Changelog": "https://github.com/chaostoolkit/chaostoolkit-kubernetes/blob/master/CHANGELOG.md",
        "Documentation": "https://chaostoolkit.org",
        "Repository": "https://github.com/chaostoolkit/chaostoolkit-kubernetes"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "aca2974c72ef794a3b1ef87c9cbcff9f05fca735d0332d87698541ee8c8125ee",
                "md5": "7e82c394dc54a763c97b6317a76ec247",
                "sha256": "c91dfa4d8380481cd7b8d4a42e385cb746f1a2fa16bfa276d1443dc2fe8a4a61"
            },
            "downloads": -1,
            "filename": "chaostoolkit_kubernetes-0.38.2-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "7e82c394dc54a763c97b6317a76ec247",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.8",
            "size": 47475,
            "upload_time": "2024-04-18T13:48:56",
            "upload_time_iso_8601": "2024-04-18T13:48:56.285535Z",
            "url": "https://files.pythonhosted.org/packages/ac/a2/974c72ef794a3b1ef87c9cbcff9f05fca735d0332d87698541ee8c8125ee/chaostoolkit_kubernetes-0.38.2-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "d83b2aa5503e13dd59746843c8a0faf846395f96c2a8816d77cb290882b5c4dd",
                "md5": "03b40f78e73546b392c1daac64d7f498",
                "sha256": "74da52827bd70a98a9065303b42481c8f56ef7dca061784310fb195072b9e79d"
            },
            "downloads": -1,
            "filename": "chaostoolkit_kubernetes-0.38.2.tar.gz",
            "has_sig": false,
            "md5_digest": "03b40f78e73546b392c1daac64d7f498",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.8",
            "size": 45057,
            "upload_time": "2024-04-18T13:48:58",
            "upload_time_iso_8601": "2024-04-18T13:48:58.348470Z",
            "url": "https://files.pythonhosted.org/packages/d8/3b/2aa5503e13dd59746843c8a0faf846395f96c2a8816d77cb290882b5c4dd/chaostoolkit_kubernetes-0.38.2.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-04-18 13:48:58",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "chaostoolkit",
    "github_project": "chaostoolkit-kubernetes",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "chaostoolkit-kubernetes"
}
        
Elapsed time: 0.69181s