blade create k8s container-network

介绍

kubernetes 下 容器内网络实验场景,同基础资源网络场景,由于同一个 Pod 内的容器共享 Pod 网络,所以效果同对 Pod 网络实验

命令

支持的网络场景命令如下:
    blade create k8s container-network delay container 网络延迟场景,同 [blade create network delay](blade create network delay.md)
    blade create k8s container-network loss container 网络丢包场景,同 [blade create network loss](blade create network loss.md)
    blade create k8s container-network dns container 域名访问异常场景,同 [blade create network dns](blade create network dns.md)

参数

除了上述基础场景各自所需的参数外,在 kubernetes 环境下,还支持的参数如下:
1
--container-ids string 容器ID,支持配置多个
2
--container-names string 容器名称,支持配置多个
3
--docker-endpoint string Docker server 地址,默认为本地的 /var/run/docker.sock
4
--namespace string Pod 所属的命名空间,只能填写一个值,必填项
5
--evict-count string 限制实验生效的数量
6
--evict-percent string 限制实验生效数量的百分比,不包含 %
7
--labels string Pod 资源标签,多个标签之前是或的关系
8
--names string Pod 资源名
9
--kubeconfig string kubeconfig 文件全路径(仅限使用 blade 命令调用时使用)
10
--waiting-time string 实验结果等待时间,默认为 20s,参数值要包含单位,例如 10s,1m
Copied!

案例

指定 default 命名空间下 Pod 名为 frontend-d89756ff7-pbnnc,容器id为 2ff814b246f86,做访问 www.baidu.com 域名异常实验举例。
yaml 配置方式
1
apiVersion: chaosblade.io/v1alpha1
2
kind: ChaosBlade
3
metadata:
4
name: tamper-container-dns-by-id
5
spec:
6
experiments:
7
- scope: container
8
target: network
9
action: dns
10
desc: "tamper container dns by id"
11
matchers:
12
- name: container-ids
13
value:
14
- "4b25f66580c4"
15
- name: domain
16
value: ["www.baidu.com"]
17
- name: ip
18
value: ["10.0.0.1"]
19
# pod names
20
- name: names
21
value: ["frontend-d89756ff7-trsxf"]
22
# or use pod labels
Copied!
例如配置好文件后,保存为 tamper_container_dns_by_id.yaml,使用以下命令执行实验场景:
1
kubectl apply -f tamper_container_dns_by_id.yaml
Copied!
可通过以下命令查看每个实验的执行状态:
1
kubectl get blade tamper_container_dns_by_id.yaml -o json
Copied!
1
{
2
"apiVersion": "chaosblade.io/v1alpha1",
3
"kind": "ChaosBlade",
4
"metadata": {
5
"finalizers": [
6
"finalizer.chaosblade.io"
7
],
8
"generation": 1,
9
"name": "tamper-container-dns-by-id",
10
"resourceVersion": "9435600",
11
"selfLink": "/apis/chaosblade.io/v1alpha1/chaosblades/tamper-container-dns-by-id",
12
"uid": "137372c2-ff7c-11e9-8883-00163e0ad0b3"
13
},
14
"status": {
15
"expStatuses": [
16
{
17
"action": "dns",
18
"resStatuses": [
19
{
20
"id": "1141530f66869a82",
21
"kind": "container",
22
"name": "php-redis",
23
"nodeName": "cn-hangzhou.192.168.0.203",
24
"state": "Success",
25
"success": true,
26
"uid": "4b25f66580c4dbf465a1b167c4c6967e987773442e5d47f0bee5db0a5e27a12d"
27
}
28
],
29
"scope": "container",
30
"state": "Success",
31
"success": true,
32
"target": "network"
33
}
34
],
35
"phase": "Running"
36
}
37
}
Copied!
可以登录容器访问 www.baidu.com 域名进行验证
使用以下命令停止实验:
1
kubectl delete -f tamper_container_dns_by_id.yaml
Copied!
blade 命令执行方式
1
blade create k8s container-network dns --domain www.baidu.com --ip 10.0.0.1 --names frontend-d89756ff7-trsxf --namespace default --container-ids 4b25f66580c4 --kubeconfig config
Copied!
如果执行失败,会返回详细的错误信息;如果执行成功,会返回实验的 UID:
1
{"code":200,"success":true,"result":"6e46a5df94e0b065"}
Copied!
可通过以下命令查询实验状态:
1
blade query k8s create 6e46a5df94e0b065 --kubeconfig config
2
3
{"code":200,"success":true,"result":{"uid":"6e46a5df94e0b065","success":true,"error":"","statuses":[{"id":"90304950e52d679e","uid":"4b25f66580c4dbf465a1b167c4c6967e987773442e5d47f0bee5db0a5e27a12d","name":"php-redis","state":"Success","kind":"container","success":true,"nodeName":"cn-hangzhou.192.168.0.203"}]}}
Copied!
销毁实验:
1
blade destroy 6e46a5df94e0b065
Copied!

常见问题

Q: {"code":504,"success":false,"error":"unexpected status, the real value is Error","result":{"uid":"623841684347c05f","success":false,"error":"unexpected status, the real value is Error","statuses":[{"uid":"4b25f66580c4dbf465a1b167c4c6967e987773442e5d47f0bee5db0a5e27a12d","name":"php-redis","state":"Error","kind":"container","error":"10.0.0.1 www.baidu.com #chaosblade has been exist exit status 1","success":false,"nodeName":"cn-hangzhou.192.168.0.203"}]}} A: 所以实验已经存在
其他问题参考 [blade create k8s](blade create k8s.md) 常见问题
Last modified 4d ago