Resilience Probes are pluggable checks that can be defined within the ChaosEngine for any Chaos Experiment. The fault pods execute these checks based on the mode they are defined in & factor their success as necessary conditions in determining the verdict of the fault (along with the standard in-built checks).
cmdProbe: To execute any user-desired health-check function implemented as a shell command
k8sProbe: To perform CRUD operations against native & custom Kubernetes resources
promProbe: To execute promql queries and match prometheus metrics for specific criteria
These probes can be used in isolation or in several combinations to achieve the desired checks. While the httpProbe and k8sProbe are fully declarative in the way they are conceived, the cmdProbe expects the user to provide a shell command to implement checks that are highly specific to the application use case. promProbe expects the user to provide a promql query along with Prometheus service endpoints to check for specific criteria.
The probes can be set up to run in different modes:
SoT: Executed at the Start of Test as a pre-chaos check
EoT: Executed at the End of Test as a post-chaos check
Edge: Executed both, before and after the chaos
Continuous: The probe is executed continuously, with a specified polling interval during the chaos injection.
OnChaos: The probe is executed continuously, with a specified polling interval strictly for chaos duration of chaos
Some common attributes shared between the Probes:
probeTimeout: Represents the time limit for the probe to execute the check specified and return the expected data.
retry: The number of times a check is re-run upon failure in the first attempt before declaring the probe status as failed.
interval: The period between subsequent retries.
probePollingInterval: The time interval for which continuous probe should be sleep after each iteration.
initialDelay: Represents the initial waiting time interval for the probes.
stopOnFailure: It can be set to true/false to stop or continue the fault execution after probe fails.
note
If probe needs any additional RBAC permissions other than the fault's serviceAccount (<fault-name>-sa) permissions, then the additional permissions should be provided inside the corresponding Role/ClusterRole bind with the serviceAccount (<fault-name>-sa).
The httpProbe allows developers to specify a URL which the fault uses to gauge health/service availability (or other custom conditions) as part of the entry/exit criteria. The received status code is mapped against an expected status. It supports HTTP Get and Post methods.
In HTTP Get method, it sends an HTTP GET request to the provided URL and matches the response code based on the given criteria (==, !=, oneOf).
In HTTP Post method, it sends an HTTP POST request to the provided URL. The http body can be provided in the body field. In the case of a complex POST request in which the body spans multiple lines, the bodyPath attribute can be used to provide the path to a file consisting of the same. This file can be made available to the fault pod via a ConfigMap resource, with the ConfigMap name being defined in the ChaosEngine OR the ChaosExperiment CR.
It can be defined at .spec.experiments[].spec.probe inside ChaosEngine.
The httpProbe is better used in the Continuous mode of operation as a parallel liveness indicator of a target or downstream application. It uses the probePollingInterval property to specify the polling interval for the access checks.
insecureSkipVerify can be set to true to skip the certificate checks.
The cmdProbe allows developers to run shell commands and match the resulting output as part of the entry/exit criteria. The intent behind this probe was to allow users to implement a non-standard & imperative way for expressing their hypothesis. For example, the cmdProbe enables you to check for specific data within a database, parse the value out of a JSON blob being dumped into a certain path or check for the existence of a particular string in the service logs.
In order to enable this behaviour, the probe supports an inline mode in which the command is run from within the fault image as well as a source mode, where the command execution is carried out from within a new pod whose image can be specified. While inline is preferred for simple shell commands, source mode can be used when application-specific binaries are required. The cmdProbe can be defined at .spec.experiments[].spec.probe the path inside the ChaosEngine.
probe: -name:'check-database-integrity' type:'cmdProbe' cmdProbe/inputs: command:'<command>' comparator: type:'string'# supports: string, int, float criteria:'contains'#supports >=,<=,>,<,==,!= for int and contains,equal,notEqual,matches,notMatches for string values value:'<value-for-criteria-match>' source:# omit this tag to "inline" the probe image:'<repo>/<tag>' hostNetwork:false mode:'Edge' runProperties: probeTimeout: 5s interval: 5s retry:1 initialDelay: 5s
source.hostNetwork can be set to true to allow access to the node network namespace for the pod executing the probe
For insights into efficient chaos probe practices and our roadmap for the future, check out the best practices.
With the proliferation of custom resources & operators, especially in the case of stateful applications, the steady-state is manifested as status parameters/flags within Kubernetes resources. k8sProbe addresses verification of the desired resource state by allowing users to define the Kubernetes GVR (group-version-resource) with appropriate filters (field selectors/label selectors). The fault makes use of the Kubernetes Dynamic Client to achieve this.The k8sProbe can be defined at .spec.experiments[].spec.probe the path inside ChaosEngine.
It supports following CRUD operations which can be defined at probe.k8sProbe/inputs.operation.
create: It creates kubernetes resource based on the data provided inside probe.data field.
delete: It deletes matching kubernetes resource via GVR and filters (field selectors/label selectors).
present: It checks for the presence of kubernetes resource based on GVR and filters (field selectors/labelselectors).
absent: It checks for the absence of kubernetes resource based on GVR and filters (field selectors/labelselectors).
probe: -name:'check-app-cluster-cr-status' type:'k8sProbe' k8sProbe/inputs: group:'<appGroup>' version:'<appVersion>' resource:'<appResource>' namespace:'default' fieldSelector:'metadata.name=<appResourceName>,status.phase=Running' labelSelector:'<app-labels>' operation:'present'# it can be present, absent, create, delete mode:'EOT' runProperties: probeTimeout: 5s interval: 5s retry:1
The promProbe allows users to run Prometheus queries and match the resulting output against specific conditions. The intent behind this probe is to allow users to define metrics-based SLOs in a declarative way and determine the fault verdict based on its success. The probe runs the query on a Prometheus server defined by the endpoint, and checks whether the output satisfies the specified criteria.
The promql query can be provided in the query field. In the case of complex queries that span multiple lines, the queryPath attribute can be used to provide the link to a file consisting of the query. This file can be made available in the fault pod via a ConfigMap resource, with the ConfigMap being passed in the ChaosEngine OR the ChaosExperiment CR.
The litmus chaos faults run the probes defined in the ChaosEngine and update their stage-wise success in the ChaosResult custom resource, with details including the overall probeSuccessPercentage (a ratio of successful checks v/s total probes) and failure step, where applicable. The success of a probe is dependent on whether the expected status/results are met and also on whether it is successful in all the fault phases defined by the probeβs execution mode. For example, probes that are executed in βEdgeβ mode, need the checks to be successful both during the pre-chaos & post-chaos phases to be declared as successful.
The pass criteria for a fault is the logical conjunction of all probes defined in the ChaosEngine and an inbuilt entry/exit criteria. Failure of either indicates a failed hypothesis and is deemed fault failure.
Provided below is a ChaosResult snippet containing the probe status for a mixed-probe ChaosEngine.
Name: app-pod-delete Namespace: test Labels: name=app-pod-delete Annotations: <none> API Version: litmuschaos.io/v1alpha1 Kind: ChaosResult Metadata: Creation Timestamp:2020-08-29T08:28:26Z Generation:36 Resource Version:50239 Self Link: /apis/litmuschaos.io/v1alpha1/namespaces/test/ChaosResults/app-pod-delete UID: b9e3638a-b7a4-4b93-bfea-bd143d91a5e8 Spec: Engine: probe Experiment: pod-delete Status: Experimentstatus: Fail Step: N/A Phase: Completed Probe Success Percentage:100 Verdict: Pass Probe Status: Name: check-frontend-access-url Status: Continuous: Passed π Type: HTTPProbe Name: check-app-cluster-cr-status Status: Post Chaos: Passed π #EoT Type: K8sProbe Name: check-database-integrity Status: Post Chaos: Passed π #Edge Pre Chaos: Passed π Type: CmdProbe Events: Type Reason Age From Message ------------------------- Normal Summary 7s pod-delete-0s2jt6-s4rdx pod-delete experiment has been Passed
Probe chaining enables reuse of probe a result represented by the template function {{ .<probeName>.probeArtifact.Register}}) in subsequent "downstream" probes defined in the ChaosEngine. Note that the order of execution of probes in the fault depends purely on the order in which they are defined in the ChaosEngine.
Probe chaining is currently supported only for cmdProbes.
probe: -name:'probe1' type:'cmdProbe' cmdProbe/inputs: command:'<command>' comparator: type:'string' criteria:'equals' value:'<value-for-criteria-match>' source:'inline' mode:'SOT' runProperties: probeTimeout: 5s interval: 5s retry:1 -name:'probe2' type:'cmdProbe' cmdProbe/inputs: ## probe1's result being used as one of the args in probe2 command:'<commmand> {{ .probe1.ProbeArtifacts.Register }} <arg2>' comparator: type:'string' criteria:'equals' value:'<value-for-criteria-match>' source:'inline' mode:'SOT' runProperties: probeTimeout: 5s interval: 5s retry:1
This section describes the different fields of the litmus probes and the possible values that can be set against the same. The probes can be defined at .spec.experiments[].spec.probe path inside chaosengine.
Flag to hold the group of the kubernetes resource for the k8sProbe
Type
Mandatory
Range
n/a type: string
Notes
The .k8sProbe/inputs.group contains group of the kubernetes resource on which k8sProbe performs the specified operation
Field
.k8sProbe/inputs.version
Description
Flag to hold the apiVersion of the kubernetes resource for the k8sProbe
Type
Mandatory
Range
n/a type: string
Notes
The .k8sProbe/inputs.version contains apiVersion of the kubernetes resource on which k8sProbe performs the specified operation
Field
.k8sProbe/inputs.resource
Description
Flag to hold the kubernetes resource name for the k8sProbe
Type
Mandatory
Range
n/a type: string
Notes
The .k8sProbe/inputs.resource contains the kubernetes resource name on which k8sProbe performs the specified operation
Field
.k8sProbe/inputs.namespace
Description
Flag to hold the namespace of the kubernetes resource for the k8sProbe
Type
Mandatory
Range
n/a type: string
Notes
The .k8sProbe/inputs.namespace contains namespace of the kubernetes resource on which k8sProbe performs the specified operation
Field
.k8sProbe/inputs.fieldSelector
Description
Flag to hold the fieldSelectors of the kubernetes resource for the k8sProbe
Type
Optional
Range
n/a type: string
Notes
The .k8sProbe/inputs.fieldSelector contains fieldSelector to derived the kubernetes resource on which k8sProbe performs the specified operation
Field
.k8sProbe/inputs.labelSelector
Description
Flag to hold the labelSelectors of the kubernetes resource for the k8sProbe
Type
Optional
Range
n/a type: string
Notes
The .k8sProbe/inputs.labelSelector contains labelSelector to derived the kubernetes resource on which k8sProbe performs the specified operation
Field
.k8sProbe/inputs.operation
Description
Flag to hold the operation type for the k8sProbe
Type
Mandatory
Range
create, delete, present, absent
Notes
The .k8sProbe/inputs.operation contains operation which should be applied on the kubernetes resource as part of k8sProbe. It supports four type of operation. It can be one of create, delete, present, absent.
The .cmdProbe/inputs.command contains the shell command, which should be run as part of cmdProbe
Field
.cmdProbe/inputs.source.image
Description
Flag to hold the image for the cmdProbe
Type
Optional
Range
any source docker image
Notes
The .cmdProbe/inputs.source.image provides the source image which can be used to launch a external pod where the command execution is carried out.
Field
.cmdProbe/inputs.source.hostNetwork
Description
Flag to allow or deny the .cmdProbe/inputs.source.image access to the node network namespace
Type
Optional
Range
true, false
Notes
The .cmdProbe/inputs.source.hostNetwork provides a possibility to allow the pod executing the cmdProbe access to the network of the node he is running on. For more details refer to the offical Kubernetes documentation.
The .httpProbe/inputs.url contains the URL which the fault uses to gauge health/service availability (or other custom conditions) as part of the entry/exit criteria.
Field
.httpProbe/inputs.insecureSkipVerify
Description
Flag to hold the flag to skip certificate checks for the httpProbe
Type
Optional
Range
true, false
Notes
The .httpProbe/inputs.insecureSkipVerify contains flag to skip certificate checks.
Field
.httpProbe/inputs.responseTimeout
Description
Flag to hold the flag to response timeout for the httpProbe
Type
Optional
Range
n/a type: integer
Notes
The .httpProbe/inputs.responseTimeout contains flag to provide the response timeout for the http Get/Post request.
Field
.httpProbe/inputs.method.get.criteria
Description
Flag to hold the criteria for the http get request
Type
Mandatory
Range
==, !=, oneOf
Notes
The .httpProbe/inputs.method.get.criteria contains criteria to match the http get request's response code with the expected responseCode, which need to be fulfill as part of httpProbe run
Field
.httpProbe/inputs.method.get.responseCode
Description
Flag to hold the expected response code for the get request
Type
Mandatory
Range
HTTP_RESPONSE_CODE
Notes
The .httpProbe/inputs.method.get.responseCode contains the expected response code for the http get request as part of httpProbe run
Field
.httpProbe/inputs.method.post.contentType
Description
Flag to hold the content type of the post request
Type
Mandatory
Range
n/a type: string
Notes
The .httpProbe/inputs.method.post.contentType contains the content type of the http body data, which need to be passed for the http post request
Field
.httpProbe/inputs.method.post.body
Description
Flag to hold the body of the http post request
Type
Mandatory
Range
n/a type: string
Notes
The .httpProbe/inputs.method.post.body contains the http body, which is required for the http post request. It is used for the simple http body. If the http body is complex then use .httpProbe/inputs.method.post.bodyPath field.
Field
.httpProbe/inputs.method.post.bodyPath
Description
Flag to hold the path of the http body, required for the http post request
Type
Optional
Range
n/a type: string
Notes
The .httpProbe/inputs.method.post.bodyPath This field is used in case of complex POST request in which the body spans multiple lines, the bodyPath attribute can be used to provide the path to a file consisting of the same. This file can be made available to the fault pod via a ConfigMap resource, with the ConfigMap name being defined in the ChaosEngine OR the ChaosExperiment CR.
Field
.httpProbe/inputs.method.post.criteria
Description
Flag to hold the criteria for the http post request
Type
Mandatory
Range
==, !=, oneOf
Notes
The .httpProbe/inputs.method.post.criteria contains criteria to match the http post request's response code with the expected responseCode, which need to be fulfill as part of httpProbe run
Field
.httpProbe/inputs.method.post.responseCode
Description
Flag to hold the expected response code for the post request
Type
Mandatory
Range
HTTP_RESPONSE_CODE
Notes
The .httpProbe/inputs.method.post.responseCode contains the expected response code for the http post request as part of httpProbe run
Flag to hold the prometheus endpoints for the promProbe
Type
Mandatory
Range
n/a type: string
Notes
The .promProbe/inputs.endpoint contains the prometheus endpoints
Field
.promProbe/inputs.query
Description
Flag to hold the promql query for the promProbe
Type
Mandatory
Range
n/a type: string
Notes
The .promProbe/inputs.query contains the promql query to extract out the desired prometheus metrics via running it on the given prometheus endpoint
Field
.promProbe/inputs.queryPath
Description
Flag to hold the path of the promql query for the promProbe
Type
Optional
Range
n/a type: string
Notes
The .promProbe/inputs.queryPath This field is used in case of complex queries that spans multiple lines, the queryPath attribute can be used to provide the path to a file consisting of the same. This file can be made available to the fault pod via a ConfigMap resource, with the ConfigMap name being defined in the ChaosEngine OR the ChaosExperiment CR.
Probes are pluggable checks that can be defined within the ChaosEngine for any Chaos Experiment. There are four kinds of probes httpProbe (allows developers to specify a URL which the fault uses to gauge health/service availability as part of the entry/exit criteria), cmdProbe (allows developers to run shell commands and match the resulting output as part of the entry/exit criteria), k8sProbe (addresses verification of the desired resource state by allowing users to define the Kubernetes GVR with appropriate filters) and promProbe (allows users to run Prometheus queries and match the resulting output against specific conditions).
The different modes these probes can be used in are SoT, EoT, Edge, Continuous and OnChaos. The litmus chaos faults run the probes defined in the ChaosEngine and update their stage-wise success in the ChaosResult custom resource with probeSuccessPercentage. A probeSuccessPercentage is the ratio of successful checks v/s total probes.
Probes can be Chained, Probe chaining enables reuse of probe, the order of execution of probes in the fault depends purely on the order in which they are defined in the ChaosEngine.
note
With the latest release of LitmusChaos 3.0.0:
The term Chaos Experiment has been changed to Chaos Fault.
The term Chaos Scenario/Workflow has been changed to Chaos Experiment.