-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathcomplete.yaml
125 lines (124 loc) · 8.26 KB
/
complete.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# Unless explicitly stated otherwise all files in this repository are licensed
# under the Apache License Version 2.0.
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2025 Datadog, Inc.
apiVersion: chaos.datadoghq.com/v1beta1
kind: Disruption
metadata:
name: disruption-sample
namespace: chaos-demo # disruption resource must be in the same namespace as targeted pods
annotations:
chaos.datadoghq.com/environment: "lima"
spec:
dryRun: false # optional, enable dry-run mode (chaos pods will be created but won't inject anything)
reporting: # optional, add custom notification for this disruption
slackChannel: team-slack-channel # required, custom slack channel to send notifications to (can be a name or slack channel ID)
purpose:
| # required, purpose/contextual informations to explain reasons of the disruption launch, can contain markdown formatting
*full network drop*: _aims to validate retry capabilities of demo-curl_. Contact #team-test for more informations.
minNotificationType: Info # optional, minimal notification type to be notified, default is Success, available options are Info, Success, Warning, Error
level: pod # level the disruption should be injected at (can be either pod or node, defaults to pod)
selector: # label selector[s] to target pods
app: demo
team: developer
filter:
annotations:
aws-zone: us-east-1b # filter selected targets to only those with this annotation
advancedSelector: # advanced selectors can select targets on something else than an exact key/value match
- key: app
operator: Exists
# - key: app
# operator: DoesNotExist
# - key: app
# operator: In
# values:
# - curl
# - key: app
# operator: NotIn
# values:
# - nginx
containers: # optional, name of the containers to target within the targeted pod, by default all pods are targeted
- demo
- demo2
count: 1 # number of pods to target or a percentage (1% - 100%)
pulse: # optional, activate pulsing disruptions. Available for any disruptions except nodeFailure and containerFailure
activeDuration: 60s # this is the duration of the disruption in an active state, must be a valid time.Duration string, e.g. (300s, 15m25s, 4h) and must be greater than 500ms
dormantDuration: 30s # this is the duration of the disruption in a dormant state, must be a valid time.Duration string, e.g. (300s, 15m25s, 4h) and must be greater than 500ms
duration: 30m # the amount of time before the disruption terminates itself, must be a valid time.Duration string, e.g. (300s, 15m25s, 4h)
nodeFailure: # node kernel panic or shutdown
shutdown: true # optional, shutdown the host instead of triggering a stack dump (defaults to false)
containerFailure: # terminating a pod's containers gracefully or non-gracefully
forced: true # optional, terminate the pod's containers non-gracefully (SIGKILL) (defaults to false)
network: # network disruption settings, all those disruptions are applied to outgoing traffic only
hosts: # optional, list of destination hosts to filter on
- host: 10.0.0.0/8 # optional, IP, CIDR or hostname to filter on
port: 80 # optional, port to drop packets on
protocol: tcp # optional, protocol to drop packets on (can be tcp or udp, defaults to both)
flow: ingress # optional, flow direction (egress: outgoing traffic, ingress: incoming traffic, defaults to egress)
connState: new # optional, connection state (new: new connections, est: established connections, defaults to all states)
allowedHosts: # optional, list of excluded hosts which would not be disrupted
- host: 10.0.0.1 # optional, IP, CIDR or hostname to filter on
port: 80 # optional, port to filter on
protocol: tcp # optional, protocol to filter on (can be tcp or udp, defaults to both)
flow: ingress # optional, flow direction (egress: outgoing traffic, ingress: incoming traffic, defaults to egress)
connState: new # optional, connection state (new: new connections, est: established connections, defaults to all states)
services: # optional, list of destination Kubernetes services to filter on. These must be in the same kubernetes cluster
- name: foo # service name
namespace: bar # service namespace
- name: fooo # service name
namespace: barr # service namespace
ports: # optional, list of the service ports to drop packets on. Empty list means dropping to all ports of the service
- 8080
- 8081
aws:
- service: "S3" # service name as declared in the provider file (see doc for details)
protocol: tcp # optional, protocol to drop packets on (can be tcp or udp, defaults to both)
flow: ingress # optional, flow direction (egress: outgoing traffic, ingress: incoming traffic, defaults to egress)
connState: new # optional, connection state (new: new connections, est: established connections, defaults to all states)
gcp:
- service: "Google" # service name as declared in the provider file (see doc for details)
protocol: tcp # optional, protocol to drop packets on (can be tcp or udp, defaults to both)
flow: ingress # optional, flow direction (egress: outgoing traffic, ingress: incoming traffic, defaults to egress)
connState: new # optional, connection state (new: new connections, est: established connections, defaults to all states)
datadog:
- service: "synthetics" # service name as declared in the provider file (see doc for details)
protocol: tcp # optional, protocol to drop packets on (can be tcp or udp, defaults to both)
flow: ingress # optional, flow direction (egress: outgoing traffic, ingress: incoming traffic, defaults to egress)
connState: new # optional, connection state (new: new connections, est: established connections, defaults to all states)
http: # http filters
methods:
- GET # http method to filter on
paths:
- / # requested path to filter on
drop: 10 # "mandatory", at least one of `bandwidthLimit`, `delay`, `drop`, `corrupt`, or `duplicate` must be specified; probability to drop packets (between 0 and 100)
corrupt: 5 # probability to corrupt packets (between 0 and 100)
delay: 1000 # latency to apply to packets in ms
delayJitter: 5 # add X % (1-100) of delay as jitter to delay (+- X% ms to original delay), defaults to 10%
bandwidthLimit: 10000 # bandwidth limit in bytes
cpuPressure: {} # cpu load generator
diskPressure: # disk pressure
path: /mnt/data # mount point (in the pod) to apply throttle on
throttling:
readBytesPerSec: 1024 # optional, read throttling in bytes per sec
writeBytesPerSec: 2048 # optional, write throttling in bytes per sec
dns: # disrupt DNS resolutions by faking results
- hostname: foo.bar.svc.cluster.local # record hostname which should be faked
record:
type: A # return an A record
value: 10.0.0.154,10.0.0.13 # list of IPs to return (will be round-robined)
- hostname: datadoghq.com # record hostname which should be faked
record:
type: CNAME # return a CNAME record
value: google.com # hostname to return
grpc: # disrupt gRPC responses by faking results
port: 50051 # port that target grpc server is listening on
endpoints:
- endpoint: /chaosdogfood.ChaosDogfood/getCatalog # gRPC service endpoint to disrupt
error: NOT_FOUND # gRPC error code to return instead computed response
queryPercent: 10 # percentage to affect (1-100); multiple alterations allowed for single endpoint, but sum should not exceed 100%
- endpoint: /chaosdogfood.ChaosDogfood/order # gRPC service endpoint to disrupt
override: "{}" # response structure to return instead of computed response - currently only returns emptypb.Empty
queryPercent: 50 # percentage to affect (1-100); multiple alterations allowed for single endpoint, but sum should not exceed 100%
- endpoint: /chaosdogfood.ChaosDogfood/order # gRPC service endpoint to disrupt
error: PERMISSION_DENIED # gRPC error code to return instead computed response
# unspecified queryPercent: an endpoint with Y[1], Y[2],...Y[X] explicit queryPercent and Y[X+1],...Y[X+N] other alterations defaults to (100 - SUM(Y[1] +..+ Y[X])) / N %