|
1 | | -# k8s_dns_chaos[WIP] |
| 1 | +# k8s_dns_chaos |
2 | 2 |
|
3 | 3 | ## Name |
4 | 4 |
|
5 | | -*k8s_dns_chaos* - enables inject DNS chaos in a Kubernetes cluster. |
| 5 | +*k8s_dns_chaos* - enables inject DNS chaos in a Kubernetes cluster for Chaos Engineering. |
6 | 6 |
|
7 | 7 | ## Description |
8 | 8 |
|
9 | 9 | This plugin implements the [Kubernetes DNS-Based Service Discovery |
10 | 10 | Specification](https://github.com/kubernetes/dns/blob/master/docs/specification.md). |
11 | 11 |
|
12 | | -CoreDNS running the k8s_dns_chaos plugin can be used to do chaos test on DNS. |
| 12 | +CoreDNS running with the k8s_dns_chaos plugin can be used to do chaos tests on DNS. |
13 | 13 |
|
14 | 14 | This plugin can only be used once per Server Block. |
| 15 | + |
| 16 | +## Syntax |
| 17 | + |
| 18 | +~~~ |
| 19 | +k8s_dns_chaos [ZONES...] |
| 20 | +~~~ |
| 21 | + |
| 22 | +The *k8s_dns_chaos* supports all options in plugin *[kubernetes](https://coredns.io/plugins/kubernetes/)*, besides, it also supports other configuration items for chaos. |
| 23 | + |
| 24 | +``` |
| 25 | +kubernetes [ZONES...] { |
| 26 | + endpoint URL |
| 27 | + tls CERT KEY CACERT |
| 28 | + kubeconfig KUBECONFIG CONTEXT |
| 29 | + namespaces NAMESPACE... |
| 30 | + labels EXPRESSION |
| 31 | + pods POD-MODE |
| 32 | + endpoint_pod_names |
| 33 | + ttl TTL |
| 34 | + noendpoints |
| 35 | + transfer to ADDRESS... |
| 36 | + fallthrough [ZONES...] |
| 37 | + ignore empty_service |
| 38 | +
|
| 39 | + chaos ACTION SCOPE [PODS...] |
| 40 | + grpcport PORT |
| 41 | +} |
| 42 | +``` |
| 43 | + |
| 44 | +Only `[ZONES...]`, `chaos` and `grpcport` is different with plugin with *[kubernetes](https://coredns.io/plugins/kubernetes/)*: |
| 45 | + |
| 46 | +* `[ZONES...]` defines which zones of the host will be treated as internal hosts in the Kubernetes cluster. |
| 47 | + |
| 48 | +* `chaos` **ACTION** **SCOPE** **[PODS...]** set the behavior and scope of chaos. |
| 49 | + |
| 50 | + Valid value for **Action**: |
| 51 | + |
| 52 | + * `random`: return random IP for DNS request. |
| 53 | + * `error`: return error for DNS request. |
| 54 | + |
| 55 | + Valid value for **SCOPE**: |
| 56 | + |
| 57 | + * `inner`: chaos only works on the inner host of the Kubernetes cluster. |
| 58 | + * `outer`: chaos only works on the outer host of the Kubernetes cluster. |
| 59 | + * `all`: chaos works on all the hosts. |
| 60 | + |
| 61 | + **[PODS...]** defines which Pods will take effect, the format is `Namespace`.`PodName`. |
| 62 | + |
| 63 | +* `grpcport` **PORT** sets the port of GRPC service, which is used for the hot update of the chaos rules. The default value is `9288`. The interface of the GRPC service is defined in [dns.proto](pb/dns.proto). |
| 64 | + |
| 65 | +## Examples |
| 66 | + |
| 67 | +All DNS requests in Pod `busybox.busybox-0` will get error: |
| 68 | + |
| 69 | +```yaml |
| 70 | + k8s_dns_chaos cluster.local in-addr.arpa ip6.arpa { |
| 71 | + pods insecure |
| 72 | + fallthrough in-addr.arpa ip6.arpa |
| 73 | + ttl 30 |
| 74 | + chaos error all busybox.busybox-0 |
| 75 | + } |
| 76 | +``` |
| 77 | + |
| 78 | +The shell command below will execute failed: |
| 79 | + |
| 80 | +```shell |
| 81 | + kubectl exec busybox-0 -it -n busybox -- ping -c 1 google.com |
| 82 | + ping: bad address 'google.com' |
| 83 | +``` |
0 commit comments