环境部署
部署对象
chaosblade
部署环境
kubernetes集群
部署版本
release 下载最新版本 0.9.0的helm3专用安装包:chaosblade-operator-0.9.0-v3.tgz
安装步骤
-
先卸载之前安装版本
kubectl delete crd chaosblades.chaosblade.io helm uninstall chaosblade-operator -n chaosblade -
创建chaosblade命名空间
kubectl create namespace chaosblade -
使用helm3安装chaosblade-operation
helm install chaosblade-operator chaosblade-operator-0.9.0-v3.tgz --namespace chaosblade -
部署完成
[sit]$kubectl get pods -n chaosblade NAME READY STATUS RESTARTS AGE chaosblade-operator-57db76d795-9bqc9 1/1 Running 0 27h chaosblade-tool-2pbgs 1/1 Running 0 27h chaosblade-tool-c29hf 1/1 Running 0 27h chaosblade-tool-f2qc4 1/1 Running 0 27h chaosblade-tool-g85rj 1/1 Running 0 27h chaosblade-tool-hk9lj 1/1 Running 0 27h chaosblade-tool-lk68x 1/1 Running 0 27h chaosblade-tool-mlr5x 1/1 Running 0 27h chaosblade-tool-thwn5 1/1 Running 0 27h
开启kubectl proxy
利用配置kubectl客户端的机器启动代理服务器,便可以使用HTTP代理访问Kubernetes API进行声明式故障注入
-
启动代理服务器
kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' --port=8085 #测试时开启外部机器访问权限 -
访问地址,可以得到api列表
curl http://:8085/ 此处不展示各类api的使用,详情可翻阅:https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/
声明式故障注入
chaosblade支持命令行故障注入,同时也在kubernetes中增加了CRD资源chaosblade.io,api版本为:v1alpha1
curl http://:8085/apis/chaosblade.io/v1alpha1
{
"kind": "APIResourceList",
"apiVersion": "v1",
"groupVersion": "chaosblade.io/v1alpha1",
"resources": [
{
"name": "chaosblades",
"singularName": "chaosblade",
"namespaced": false,
"kind": "ChaosBlade",
"verbs": [
"delete",
"deletecollection",
"get",
"list",
"patch",
"create",
"update",
"watch"
],
"shortNames": [
"blade"
],
"storageVersionHash": "bH+wHgmYk00="
},
{
"name": "chaosblades/status",
"singularName": "",
"namespaced": false,
"kind": "ChaosBlade",
"verbs": [
"get",
"patch",
"update"
]
}
]
}
可以看到chaosblade的扩展资源支持查询、创建、删除和监控。下面进行一个故障注入测试,部署一个springboot服务为测试对象,进行返回值故障注入。
编辑故障描述
编辑一个yaml文件格式的故障描述:
apiVersion: chaosblade.io/v1alpha1
kind: ChaosBlade
metadata:
name: container-jvm-return
spec:
experiments:
- scope: container
target: jvm
action: return #故障动作
desc: "return hello"
matchers:
- name: names #pod名称
value:
- "es-courier-biz-sit6-5d67cff45b-dzdh9"
- name: namespace
value:
- "sit6"
- name: container-index
value:
- "0"
- name: value #注入返回值
value:
- "chaosblade"
- name: classname #注入类名路径
value:
- "com.demo.controller.IndexController"
- name: methodname #注入方法名
value:
- "test"
- name: process #故障注入进程名称
value:
- "es-courier"
- name: chaosblade-deployed-path #需要将chaosblade的工具包deploy到具体容器中,默认径为/opt,但默认路径在测试环境中没有权限,需要指定
value:
- "/app/chaos"
http故障注入
16106223934005.png
注入查询
curl http://:8085/apis/chaosblade.io/v1alpha1/chaosblades/container-jvm-return
返回的json结果中可以看到这一段
"status": {
"expStatuses": [
{
"action": "return",
"resStatuses": [
{
"id": "a681c523ef924754",
"identifier": "sit6/10.204.209.202/es-courier-biz-sit6-5d67cff45b-dzdh9/es-courier-biz-sit6/6a2ce918a000",
"kind": "container",
"state": "Success",
"success": true
}
],
"scope": "container",
"state": "Success",
"success": true,
"target": "jvm"
}
故障结果
可以看到应用接口返回值变成了我们设定的故障值
16106227291396.png
故障销毁
16106228975959.png
故障清理完成之后有看到应用接口返回值恢复了原来的结果
16106230177803.png
结论
当我们可以使用http方式对k8s集群进行列表查询、故障注入时,我们就可以对任意应用进行精确的故障注入、故障清理和监控,以后自建混沌后台就容易多了。
controller.png