litmus-docs/probes.md at master

33 KiB

Raw Permalink Blame History

id	title	sidebar_label
probes	Resilience Probes	Resilience Probes

Resilience Probes are pluggable checks that can be defined within the ChaosEngine for any Chaos Experiment. The fault pods execute these checks based on the mode they are defined in & factor their success as necessary conditions in determining the verdict of the fault (along with the standard in-built checks).

Prerequisites

To understand the concepts of Probes better make sure you are aware of the ChaosEngine Custom Resources and promql queries (for Prometheus Probes)

Probes

Litmus currently supports four types of Probes:

httpProbe: To query health/downstream URIs
cmdProbe: To execute any user-desired health-check function implemented as a shell command
k8sProbe: To perform CRUD operations against native & custom Kubernetes resources
promProbe: To execute promql queries and match prometheus metrics for specific criteria

These probes can be used in isolation or in several combinations to achieve the desired checks. While the httpProbe and k8sProbe are fully declarative in the way they are conceived, the cmdProbe expects the user to provide a shell command to implement checks that are highly specific to the application use case. promProbe expects the user to provide a promql query along with Prometheus service endpoints to check for specific criteria.

The probes can be set up to run in different modes:

SoT: Executed at the Start of Test as a pre-chaos check
EoT: Executed at the End of Test as a post-chaos check
Edge: Executed both, before and after the chaos
Continuous: The probe is executed continuously, with a specified polling interval during the chaos injection.
OnChaos: The probe is executed continuously, with a specified polling interval strictly for chaos duration of chaos

Some common attributes shared between the Probes:

probeTimeout: Represents the time limit for the probe to execute the check specified and return the expected data.
retry: The number of times a check is re-run upon failure in the first attempt before declaring the probe status as failed.
interval: The period between subsequent retries.
probePollingInterval: The time interval for which continuous probe should be sleep after each iteration.
initialDelay: Represents the initial waiting time interval for the probes.
stopOnFailure: It can be set to true/false to stop or continue the fault execution after probe fails.

:::note If probe needs any additional RBAC permissions other than the fault's serviceAccount (<fault-name>-sa) permissions, then the additional permissions should be provided inside the corresponding Role/ClusterRole bind with the serviceAccount (<fault-name>-sa). :::

Detailed View of the Probes

httpProbe

The httpProbe allows developers to specify a URL which the fault uses to gauge health/service availability (or other custom conditions) as part of the entry/exit criteria. The received status code is mapped against an expected status. It supports HTTP Get and Post methods.

In HTTP Get method, it sends an HTTP GET request to the provided URL and matches the response code based on the given criteria (==, !=, oneOf).

In HTTP Post method, it sends an HTTP POST request to the provided URL. The http body can be provided in the body field. In the case of a complex POST request in which the body spans multiple lines, the bodyPath attribute can be used to provide the path to a file consisting of the same. This file can be made available to the fault pod via a ConfigMap resource, with the ConfigMap name being defined in the ChaosEngine OR the ChaosExperiment CR. It can be defined at .spec.experiments[].spec.probe inside ChaosEngine.

body and bodyPath are mutually exclusive

probe:
  - name: 'check-frontend-access-url'
    type: 'httpProbe'
    httpProbe/inputs:
      url: '<url>'
      insecureSkipVerify: false
      responseTimeout: <value> # in milli seconds
      method:
        get:
          criteria: == # supports == & != and oneof operations
          responseCode: '<response code>'
    mode: 'Continuous'
    runProperties:
      probeTimeout: 5s
      interval: 5s
      retry: 1
      probePollingInterval: 2s

The httpProbe is better used in the Continuous mode of operation as a parallel liveness indicator of a target or downstream application. It uses the probePollingInterval property to specify the polling interval for the access checks.

insecureSkipVerify can be set to true to skip the certificate checks.

cmdProbe

The cmdProbe allows developers to run shell commands and match the resulting output as part of the entry/exit criteria. The intent behind this probe was to allow users to implement a non-standard & imperative way for expressing their hypothesis. For example, the cmdProbe enables you to check for specific data within a database, parse the value out of a JSON blob being dumped into a certain path or check for the existence of a particular string in the service logs.

In order to enable this behaviour, the probe supports an inline mode in which the command is run from within the fault image as well as a source mode, where the command execution is carried out from within a new pod whose image can be specified. While inline is preferred for simple shell commands, source mode can be used when application-specific binaries are required. The cmdProbe can be defined at .spec.experiments[].spec.probe the path inside the ChaosEngine.

probe:
  - name: 'check-database-integrity'
    type: 'cmdProbe'
    cmdProbe/inputs:
      command: '<command>'
      comparator:
        type: 'string' # supports: string, int, float
        criteria: 'contains' #supports >=,<=,>,<,==,!= for int and contains,equal,notEqual,matches,notMatches for string values
        value: '<value-for-criteria-match>'
      source: # omit this tag to "inline" the probe
        image: '<repo>/<tag>'
        hostNetwork: false
    mode: 'Edge'
    runProperties:
      probeTimeout: 5s
      interval: 5s
      retry: 1
      initialDelay: 5s

source.hostNetwork can be set to true to allow access to the node network namespace for the pod executing the probe

For insights into efficient chaos probe practices and our roadmap for the future, check out the best practices.

k8sProbe

With the proliferation of custom resources & operators, especially in the case of stateful applications, the steady-state is manifested as status parameters/flags within Kubernetes resources. k8sProbe addresses verification of the desired resource state by allowing users to define the Kubernetes GVR (group-version-resource) with appropriate filters (field selectors/label selectors). The fault makes use of the Kubernetes Dynamic Client to achieve this.The k8sProbe can be defined at .spec.experiments[].spec.probe the path inside ChaosEngine.

It supports following CRUD operations which can be defined at probe.k8sProbe/inputs.operation.

create: It creates kubernetes resource based on the data provided inside probe.data field.
delete: It deletes matching kubernetes resource via GVR and filters (field selectors/label selectors).
present: It checks for the presence of kubernetes resource based on GVR and filters (field selectors/labelselectors).
absent: It checks for the absence of kubernetes resource based on GVR and filters (field selectors/labelselectors).

probe:
  - name: 'check-app-cluster-cr-status'
    type: 'k8sProbe'
    k8sProbe/inputs:
      group: '<appGroup>'
      version: '<appVersion>'
      resource: '<appResource>'
      namespace: 'default'
      fieldSelector: 'metadata.name=<appResourceName>,status.phase=Running'
      labelSelector: '<app-labels>'
      operation: 'present' # it can be present, absent, create, delete
    mode: 'EOT'
    runProperties:
      probeTimeout: 5s
      interval: 5s
      retry: 1

promProbe

The promProbe allows users to run Prometheus queries and match the resulting output against specific conditions. The intent behind this probe is to allow users to define metrics-based SLOs in a declarative way and determine the fault verdict based on its success. The probe runs the query on a Prometheus server defined by the endpoint, and checks whether the output satisfies the specified criteria.

The promql query can be provided in the query field. In the case of complex queries that span multiple lines, the queryPath attribute can be used to provide the link to a file consisting of the query. This file can be made available in the fault pod via a ConfigMap resource, with the ConfigMap being passed in the ChaosEngine OR the ChaosExperiment CR.

NOTE: query and queryPath are mutually exclusive.

probe:
  - name: 'check-probe-success'
    type: 'promProbe'
    promProbe/inputs:
      endpoint: '<prometheus-endpoint>'
      query: '<promql-query>'
      comparator:
        criteria: '==' #supports >=,<=,>,<,==,!= comparision
        value: '<value-for-criteria-match>'
    mode: 'Edge'
    runProperties:
      probeTimeout: 5s
      interval: 5s
      retry: 1

Probe Status & Deriving Inferences

The litmus chaos faults run the probes defined in the ChaosEngine and update their stage-wise success in the ChaosResult custom resource, with details including the overall probeSuccessPercentage (a ratio of successful checks v/s total probes) and failure step, where applicable. The success of a probe is dependent on whether the expected status/results are met and also on whether it is successful in all the fault phases defined by the probe’s execution mode. For example, probes that are executed in “Edge” mode, need the checks to be successful both during the pre-chaos & post-chaos phases to be declared as successful.

The pass criteria for a fault is the logical conjunction of all probes defined in the ChaosEngine and an inbuilt entry/exit criteria. Failure of either indicates a failed hypothesis and is deemed fault failure.

Provided below is a ChaosResult snippet containing the probe status for a mixed-probe ChaosEngine.

Name:         app-pod-delete
Namespace:    test
Labels:       name=app-pod-delete
Annotations:  <none>
API Version:  litmuschaos.io/v1alpha1
Kind:         ChaosResult
Metadata:
  Creation Timestamp:  2020-08-29T08:28:26Z
  Generation:          36
  Resource Version:    50239
  Self Link:           /apis/litmuschaos.io/v1alpha1/namespaces/test/ChaosResults/app-pod-delete
  UID:                 b9e3638a-b7a4-4b93-bfea-bd143d91a5e8
Spec:
  Engine:      probe
  Experiment:  pod-delete
Status:
  Experimentstatus:
    Fail Step:                 N/A
    Phase:                     Completed
    Probe Success Percentage:  100
    Verdict:                   Pass

  Probe Status:
    Name:  check-frontend-access-url
    Status:
      Continuous:  Passed 👍
    Type:          HTTPProbe

    Name:          check-app-cluster-cr-status
    Status:
      Post Chaos:  Passed 👍 #EoT
    Type:          K8sProbe

    Name:          check-database-integrity
    Status:
      Post Chaos:  Passed 👍 #Edge
      Pre Chaos:   Passed 👍
    Type:          CmdProbe
Events:
  Type    Reason   Age   From                     Message
  ----    ------   ----  ----                     -------
  Normal  Summary  7s    pod-delete-0s2jt6-s4rdx  pod-delete experiment has been Passed

Probe Chaining

Probe chaining enables reuse of probe a result represented by the template function {{ .<probeName>.probeArtifact.Register}}) in subsequent "downstream" probes defined in the ChaosEngine. Note that the order of execution of probes in the fault depends purely on the order in which they are defined in the ChaosEngine.

Probe chaining is currently supported only for cmdProbes.

probe:
  - name: 'probe1'
    type: 'cmdProbe'
    cmdProbe/inputs:
      command: '<command>'
      comparator:
        type: 'string'
        criteria: 'equals'
        value: '<value-for-criteria-match>'
      source: 'inline'
    mode: 'SOT'
    runProperties:
      probeTimeout: 5s
      interval: 5s
      retry: 1
  - name: 'probe2'
    type: 'cmdProbe'
    cmdProbe/inputs:
      ## probe1's result being used as one of the args in probe2
      command: '<commmand> {{ .probe1.ProbeArtifacts.Register }} <arg2>'
      comparator:
        type: 'string'
        criteria: 'equals'
        value: '<value-for-criteria-match>'
      source: 'inline'
    mode: 'SOT'
    runProperties:
      probeTimeout: 5s
      interval: 5s
      retry: 1

Probe Schema

This section describes the different fields of the litmus probes and the possible values that can be set against the same. The probes can be defined at .spec.experiments[].spec.probe path inside chaosengine.

Basic Details

Field	`.name`
Description	Flag to hold the name of the probe
Type	Mandatory
Range	n/a `type: string`
Notes	The `.name` holds the name of the probe. It can be set based on the usecase

Field	`.type`
Description	Flag to hold the type of the probe
Type	Mandatory
Range	`httpProbe`, `k8sProbe`, `cmdProbe`, `promProbe`
Notes	The `.type` supports four type of probes. It can one of the `httpProbe`, `k8sProbe`, `cmdProbe`, `promProbe`

Field	`.mode`
Description	Flag to hold the mode of the probe
Type	Mandatory
Range	`SOT`, `EOT`, `Edge`, `Continuous`, `OnChaos`
Notes	The `.mode` supports five modes of probes. It can one of the `SOT`, `EOT`, `Edge`, `Continuous`, `OnChaos`

Field	`.data`
Description	Flag to hold the data for the `create` operation of the k8sProbe
Type	Optional
Range	n/a `type: string`
Notes	The `.data` contains the manifest/data for the resource, which need to be created. It supported for `create` operation of k8sProbe only

K8sProbeInputs

Field	`.k8sProbe/inputs.group`
Description	Flag to hold the group of the kubernetes resource for the k8sProbe
Type	Mandatory
Range	n/a `type: string`
Notes	The `.k8sProbe/inputs.group` contains group of the kubernetes resource on which k8sProbe performs the specified operation

Field	`.k8sProbe/inputs.version`
Description	Flag to hold the apiVersion of the kubernetes resource for the k8sProbe
Type	Mandatory
Range	n/a `type: string`
Notes	The `.k8sProbe/inputs.version` contains apiVersion of the kubernetes resource on which k8sProbe performs the specified operation

Field	`.k8sProbe/inputs.resource`
Description	Flag to hold the kubernetes resource name for the k8sProbe
Type	Mandatory
Range	n/a `type: string`
Notes	The `.k8sProbe/inputs.resource` contains the kubernetes resource name on which k8sProbe performs the specified operation

Field	`.k8sProbe/inputs.namespace`
Description	Flag to hold the namespace of the kubernetes resource for the k8sProbe
Type	Mandatory
Range	n/a `type: string`
Notes	The `.k8sProbe/inputs.namespace` contains namespace of the kubernetes resource on which k8sProbe performs the specified operation

Field	`.k8sProbe/inputs.fieldSelector`
Description	Flag to hold the fieldSelectors of the kubernetes resource for the k8sProbe
Type	Optional
Range	n/a `type: string`
Notes	The `.k8sProbe/inputs.fieldSelector` contains fieldSelector to derived the kubernetes resource on which k8sProbe performs the specified operation

Field	`.k8sProbe/inputs.labelSelector`
Description	Flag to hold the labelSelectors of the kubernetes resource for the k8sProbe
Type	Optional
Range	n/a `type: string`
Notes	The `.k8sProbe/inputs.labelSelector` contains labelSelector to derived the kubernetes resource on which k8sProbe performs the specified operation

Field	`.k8sProbe/inputs.operation`
Description	Flag to hold the operation type for the k8sProbe
Type	Mandatory
Range	`create`, `delete`, `present`, `absent`
Notes	The `.k8sProbe/inputs.operation` contains operation which should be applied on the kubernetes resource as part of k8sProbe. It supports four type of operation. It can be one of `create`, `delete`, `present`, `absent`.

CmdProbeInputs

Field	`.cmdProbe/inputs.command`
Description	Flag to hold the command for the cmdProbe
Type	Mandatory
Range	n/a `type: string`
Notes	The `.cmdProbe/inputs.command` contains the shell command, which should be run as part of cmdProbe

Field	`.cmdProbe/inputs.source.image`
Description	Flag to hold the image for the cmdProbe
Type	Optional
Range	`any source docker image`
Notes	The `.cmdProbe/inputs.source.image` provides the source image which can be used to launch a external pod where the command execution is carried out.

Field	`.cmdProbe/inputs.source.hostNetwork`
Description	Flag to allow or deny the `.cmdProbe/inputs.source.image` access to the node network namespace
Type	Optional
Range	`true`, `false`
Notes	The `.cmdProbe/inputs.source.hostNetwork` provides a possibility to allow the pod executing the cmdProbe access to the network of the node he is running on. For more details refer to the offical Kubernetes documentation.

HTTPProbeInput

Field	`.httpProbe/inputs.url`
Description	Flag to hold the URL for the httpProbe
Type	Mandatory
Range	n/a `type: string`
Notes	The `.httpProbe/inputs.url` contains the URL which the fault uses to gauge health/service availability (or other custom conditions) as part of the entry/exit criteria.

Field	`.httpProbe/inputs.insecureSkipVerify`
Description	Flag to hold the flag to skip certificate checks for the httpProbe
Type	Optional
Range	`true`, `false`
Notes	The `.httpProbe/inputs.insecureSkipVerify` contains flag to skip certificate checks.

Field	`.httpProbe/inputs.responseTimeout`
Description	Flag to hold the flag to response timeout for the httpProbe
Type	Optional
Range	n/a `type: integer`
Notes	The `.httpProbe/inputs.responseTimeout` contains flag to provide the response timeout for the http Get/Post request.

Field	`.httpProbe/inputs.method.get.criteria`
Description	Flag to hold the criteria for the http get request
Type	Mandatory
Range	`==`, `!=`, `oneOf`
Notes	The `.httpProbe/inputs.method.get.criteria` contains criteria to match the http get request's response code with the expected responseCode, which need to be fulfill as part of httpProbe run

Field	`.httpProbe/inputs.method.get.responseCode`
Description	Flag to hold the expected response code for the get request
Type	Mandatory
Range	HTTP_RESPONSE_CODE
Notes	The `.httpProbe/inputs.method.get.responseCode` contains the expected response code for the http get request as part of httpProbe run

Field	`.httpProbe/inputs.method.post.contentType`
Description	Flag to hold the content type of the post request
Type	Mandatory
Range	n/a `type: string`
Notes	The `.httpProbe/inputs.method.post.contentType` contains the content type of the http body data, which need to be passed for the http post request

Field	`.httpProbe/inputs.method.post.body`
Description	Flag to hold the body of the http post request
Type	Mandatory
Range	n/a `type: string`
Notes	The `.httpProbe/inputs.method.post.body` contains the http body, which is required for the http post request. It is used for the simple http body. If the http body is complex then use `.httpProbe/inputs.method.post.bodyPath` field.

Field	`.httpProbe/inputs.method.post.bodyPath`
Description	Flag to hold the path of the http body, required for the http post request
Type	Optional
Range	n/a `type: string`
Notes	The `.httpProbe/inputs.method.post.bodyPath` This field is used in case of complex POST request in which the body spans multiple lines, the bodyPath attribute can be used to provide the path to a file consisting of the same. This file can be made available to the fault pod via a ConfigMap resource, with the ConfigMap name being defined in the ChaosEngine OR the ChaosExperiment CR.

Field	`.httpProbe/inputs.method.post.criteria`
Description	Flag to hold the criteria for the http post request
Type	Mandatory
Range	`==`, `!=`, `oneOf`
Notes	The `.httpProbe/inputs.method.post.criteria` contains criteria to match the http post request's response code with the expected responseCode, which need to be fulfill as part of httpProbe run

Field	`.httpProbe/inputs.method.post.responseCode`
Description	Flag to hold the expected response code for the post request
Type	Mandatory
Range	HTTP_RESPONSE_CODE
Notes	The `.httpProbe/inputs.method.post.responseCode` contains the expected response code for the http post request as part of httpProbe run

PromProbeInputs

Field	`.promProbe/inputs.endpoint`
Description	Flag to hold the prometheus endpoints for the promProbe
Type	Mandatory
Range	n/a `type: string`
Notes	The `.promProbe/inputs.endpoint` contains the prometheus endpoints

Field	`.promProbe/inputs.query`
Description	Flag to hold the promql query for the promProbe
Type	Mandatory
Range	n/a `type: string`
Notes	The `.promProbe/inputs.query` contains the promql query to extract out the desired prometheus metrics via running it on the given prometheus endpoint

Field	`.promProbe/inputs.queryPath`
Description	Flag to hold the path of the promql query for the promProbe
Type	Optional
Range	n/a `type: string`
Notes	The `.promProbe/inputs.queryPath` This field is used in case of complex queries that spans multiple lines, the queryPath attribute can be used to provide the path to a file consisting of the same. This file can be made available to the fault pod via a ConfigMap resource, with the ConfigMap name being defined in the ChaosEngine OR the ChaosExperiment CR.

Runproperties

Field	`.runProperties.probeTimeout`
Description	Flag to hold the timeout for the probes
Type	Mandatory
Range	n/a `type: string`
Notes	The `.runProperties.probeTimeout` represents the time limit for the probe to execute the specified check and return the expected data

Field	`.runProperties.retry`
Description	Flag to hold the retry count for the probes
Type	Mandatory
Range	n/a `type: integer`
Notes	The `.runProperties.retry` contains the number of times a check is re-run upon failure in the first attempt before declaring the probe status as failed.

Field	`.runProperties.interval`
Description	Flag to hold the interval for the probes
Type	Mandatory
Range	n/a `type: string`
Notes	The `.runProperties.interval` contains the interval for which probes waits between subsequent retries

Field	`.runProperties.probePollingInterval`
Description	Flag to hold the polling interval for the probes(applicable for `Continuous` mode only)
Type	Optional
Range	n/a `type: string`
Notes	The `.runProperties.probePollingInterval` contains the time interval for which continuous probe should be sleep after each iteration

Field	`.runProperties.initialDelay`
Description	Flag to hold the initial delay interval for the probes
Type	Optional
Range	n/a `type: string`
Notes	The `.runProperties.initialDelaySeconds` represents the initial waiting time interval for the probes.

Field	`.runProperties.stopOnFailure`
Description	Flags to hold the stop or continue the fault on probe failure
Type	Optional
Range	false `type: boolean`
Notes	The `.runProperties.stopOnFailure` can be set to true/false to stop or continue the fault execution after probe fails

Comparator

Field	`type`
Description	Flag to hold type of the data used for comparision
Type	Mandatory
Range	`string`, `int`, `float`
Notes	The `type` contains type of data, which should be compare as part of comparision operation

Field	`criteria`
Description	Flag to hold criteria for the comparision
Type	Mandatory
Range	it supports {`>=, <=, ==, >, <, !=, oneOf, between`} for int & float type. And `equal, notEqual, contains, matches, notMatches, oneOf` for string type.
Notes	The `criteria` contains criteria of the comparision, which should be fulfill as part of comparision operation.

Field	`value`
Description	Flag to hold value for the comparision
Type	Mandatory
Range	n/a `type: string`
Notes	The `value` contains value of the comparision, which should follow the given criteria as part of comparision operation.

Summary

Probes are pluggable checks that can be defined within the ChaosEngine for any Chaos Experiment. There are four kinds of probes httpProbe (allows developers to specify a URL which the fault uses to gauge health/service availability as part of the entry/exit criteria), cmdProbe (allows developers to run shell commands and match the resulting output as part of the entry/exit criteria), k8sProbe (addresses verification of the desired resource state by allowing users to define the Kubernetes GVR with appropriate filters) and promProbe (allows users to run Prometheus queries and match the resulting output against specific conditions).

The different modes these probes can be used in are SoT, EoT, Edge, Continuous and OnChaos. The litmus chaos faults run the probes defined in the ChaosEngine and update their stage-wise success in the ChaosResult custom resource with probeSuccessPercentage. A probeSuccessPercentage is the ratio of successful checks v/s total probes.

Probes can be Chained, Probe chaining enables reuse of probe, the order of execution of probes in the fault depends purely on the order in which they are defined in the ChaosEngine.

:::note With the latest release of LitmusChaos 3.0.0:

The term Chaos Experiment has been changed to Chaos Fault.

The term Chaos Scenario/Workflow has been changed to Chaos Experiment.

:::

Learn more

Explore the Custom Resources

33 KiB Raw Permalink Blame History Unescape Escape