Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS SPOOF Error helper pods are failing #565

Open
pawanphalak opened this issue Aug 11, 2022 · 0 comments
Open

DNS SPOOF Error helper pods are failing #565

pawanphalak opened this issue Aug 11, 2022 · 0 comments

Comments

@pawanphalak
Copy link

We are running pod dns spoof litmus experiment with a chronschedule as follows

apiVersion: litmuschaos.io/v1alpha1
kind: ChaosSchedule
metadata:
  name: schedule-pod-dns-spoof
spec:
  schedule:
    repeat:
      properties:
        minChaosInterval:
          # schedule the chaos at every 1 minutes
          minute:
            everyNthMinute: 1
  engineTemplateSpec:
    engineState: 'active'
    annotationCheck: 'false'
    components:
      runner:
        # resource requirements for the runner pod
        resources:
          requests:
            cpu: "50m"
            memory: "64Mi"
          limits:
            cpu: "100m"
            memory: "128Mi"
    appinfo:
      appns: "default"
      applabel: "app=productpage"
      appkind: "deployment"
    chaosServiceAccount: pod-dns-spoof-sa
    jobCleanUpPolicy: 'delete'
    experiments:
      - name: pod-dns-spoof
        spec:
          components:
            env:
              # map of host names
              - name: SPOOF_MAP
                value: '{"reviews":"spoofabc.com"}'
              - name: TOTAL_CHAOS_DURATION
                value: '60'
              - name: TARGET_CONTAINER
                value: 'productpage'
              - name: 'PODS_AFFECTED_PERC'
                value: '100'

The helper pods are going in the error state, we noticed following logs for the helper pods:

2022-08-11 19:15:59.481 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="Helper Name: dns-chaos"
2022-08-11 19:15:59.482 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="[PreReq]: Getting the ENV variables"
2022-08-11 19:15:59.584 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="Container ID: 1c53401df500"
2022-08-11 19:15:59.681 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="[Info]: Container ID=1c53401df500 has process PID=12290"
2022-08-11 19:15:59.681 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="/bin/bash -c sudo TARGET_PID=12290 CHAOS_TYPE=spoof SPOOF_MAP='{\"reviews\":\"spoofabc.com\"}' TARGET_HOSTNAMES='' CHAOS_DURATION=60 MATCH_SCHEME=exact nsutil -p -n -t 12290 -- dns_interceptor"
2022-08-11 19:15:59.747 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="DNS Interceptor Port" port=53
2022-08-11 19:15:59.747 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="Upstream DNS Server" server="10.80.0.10:53"
2022-08-11 19:15:59.747 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="Chaos Error Targets" targets="[]"
2022-08-11 19:15:59.747 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="Chaos Spoof Map" spoof_map="map[reviews:spoofabc.com]"
2022-08-11 19:15:59.747 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="Chaos type" chaos-type=spoof
2022-08-11 19:15:59.747 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="Target match scheme" match-scheme=exact
2022-08-11 19:15:59.812 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=info msg="Error String: The connection to the server 10.80.0.1:443 was refused - did you specify the right host or port?\n"
2022-08-11 19:15:59.813 IST
pod-dns-spoof
time="2022-08-11T13:45:59Z" level=fatal msg="helper pod failed, err: unable to annotate the schedule-pod-dns-spoof-1660225507-pod-dns-spoof chaosresult, err: exit status 1"
2022-08-11 19:16:01.317 IST
pod-dns-spoof-cpg9ce
time="2022-08-11T13:46:01Z" level=info msg="pod-dns-spoof-helper-vidwtf helper pod is in Running state"
2022-08-11 19:16:03.327 IST
pod-dns-spoof-cpg9ce
time="2022-08-11T13:46:03Z" level=info msg="[Status]: The running status of Pods are as follows" Pod=pod-dns-spoof-helper-vidwtf Status=Running
2022-08-11 19:16:05.397 IST
istio-proxy
2022-08-11T13:46:05.396337Z warning envoy config StreamSecrets gRPC config stream closed: 13,
2022-08-11 19:16:05.397 IST
istio-proxy
2022-08-11T13:46:05.396398Z warning envoy config StreamSecrets gRPC config stream closed: 13,
2022-08-11 19:16:05.397 IST
istio-proxy
2022-08-11T13:46:05.396441Z warning envoy config StreamAggregatedResources gRPC config stream closed: 13,

After the first chaos schedule is started , we see that the chaos is injected however it is not targetting the specific hostname mentioned in the SPOOF_MAP and instead targets all hostnames for the target application pod(app=productpage) and target applicaiton pod is not able to call any other hostname. We had following questions:

  1. How can we target a specific hostname ?
  2. What is causing the helper pods to fail?
  3. Even after stopping the chaos, the application pods are not recovering and are unable to reach any hostname. We need to manually restart the application for recovery , how can we ensure the application pods are automatically recovered after the chaos stops?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pawanphalak