Pod HTTP Modify Header
Introduction¶
- It injects http modify header on the service whose port is provided as
TARGET_SERVICE_PORTby starting proxy server and then redirecting the traffic through the proxy server. - It can cause modification of headers of requests and responses of the service. This can be used to test service resilience towards incorrect or incomplete headers.
Scenario: Modify Header of the HTTP request
Uses¶
View the uses of the experiment
coming soon
Prerequisites¶
Verify the prerequisites
- Ensure that Kubernetes Version > 1.17
- Ensure that the Litmus Chaos Operator is running by executing
kubectl get podsin operator namespace (typically,litmus).If not, install from here - Ensure that the
pod-http-modify-headerexperiment resource is available in the cluster by executingkubectl get chaosexperimentsin the desired namespace. If not, install from here
Default Validations¶
View the default validations
The application pods should be in running state before and after chaos injection.
Minimal RBAC configuration example (optional)¶
NOTE
If you are using this experiment as part of a litmus workflow scheduled constructed & executed from chaos-center, then you may be making use of the litmus-admin RBAC, which is pre installed in the cluster as part of the agent setup.
View the Minimal RBAC permissions
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pod-http-modify-header-sa
namespace: default
labels:
name: pod-http-modify-header-sa
app.kubernetes.io/part-of: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-http-modify-header-sa
namespace: default
labels:
name: pod-http-modify-header-sa
app.kubernetes.io/part-of: litmus
rules:
# Create and monitor the experiment & helper pods
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update", "deletecollection"]
# Performs CRUD operations on the events inside chaosengine and chaosresult
- apiGroups: [""]
resources: ["events"]
verbs: ["create","get","list","patch","update"]
# Fetch configmaps details and mount it to the experiment pod (if specified)
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get","list",]
# Track and get the runner, experiment, and helper pods log
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
# for creating and managing to execute comands inside target container
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["get","list","create"]
# deriving the parent/owner details of the pod(if parent is anyof {deployment, statefulset, daemonsets})
- apiGroups: ["apps"]
resources: ["deployments","statefulsets","replicasets", "daemonsets"]
verbs: ["list","get"]
# deriving the parent/owner details of the pod(if parent is deploymentConfig)
- apiGroups: ["apps.openshift.io"]
resources: ["deploymentconfigs"]
verbs: ["list","get"]
# deriving the parent/owner details of the pod(if parent is deploymentConfig)
- apiGroups: [""]
resources: ["replicationcontrollers"]
verbs: ["get","list"]
# deriving the parent/owner details of the pod(if parent is argo-rollouts)
- apiGroups: ["argoproj.io"]
resources: ["rollouts"]
verbs: ["list","get"]
# for configuring and monitor the experiment job by the chaos-runner pod
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create","list","get","delete","deletecollection"]
# for creation, status polling and deletion of litmus chaos resources used within a chaos workflow
- apiGroups: ["litmuschaos.io"]
resources: ["chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pod-http-modify-header-sa
namespace: default
labels:
name: pod-http-modify-header-sa
app.kubernetes.io/part-of: litmus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-http-modify-header-sa
subjects:
- kind: ServiceAccount
name: pod-http-modify-header-sa
namespace: default
Experiment tunables¶
check the experiment tunables
Mandatory Fields
| Variables | Description | Notes |
|---|---|---|
| TARGET_SERVICE_PORT | Port of the service to target | Defaults to port 80 |
| HEADERS_MAP | Map of headers to modify/add | Eg: {"X-Litmus-Test-Header": "X-Litmus-Test-Value"}. To remove a header, just set the value to ""; Eg: {"X-Litmus-Test-Header": ""} |
| HEADER_MODE | Whether to modify response headers or request headers. Accepted values: request, response | Defaults to response |
Optional Fields
| Variables | Description | Notes |
|---|---|---|
| PROXY_PORT | Port where the proxy will be listening for requests | Defaults to 20000 |
| NETWORK_INTERFACE | Network interface to be used for the proxy | Defaults to eth0 |
| TOXICITY | Percentage of HTTP requests to be affected | Defaults to 100 |
| CONTAINER_RUNTIME | container runtime interface for the cluster | Defaults to containerd, supported values: docker, containerd and crio for litmus and only docker for pumba LIB |
| SOCKET_PATH | Path of the containerd/crio/docker socket file | Defaults to /run/containerd/containerd.sock |
| TOTAL_CHAOS_DURATION | The duration of chaos injection (seconds) | Default (60s) |
| TARGET_PODS | Comma separated list of application pod name subjected to pod http modify header chaos | If not provided, it will select target pods randomly based on provided appLabels |
| PODS_AFFECTED_PERC | The Percentage of total pods to target | Defaults to 0 (corresponds to 1 replica), provide numeric value only |
| LIB_IMAGE | Image used to run the netem command | Defaults to litmuschaos/go-runner:latest |
| RAMP_TIME | Period to wait before and after injection of chaos in sec | |
| SEQUENCE | It defines sequence of chaos execution for multiple target pods | Default value: parallel. Supported: serial, parallel |
Experiment Examples¶
Common and Pod specific tunables¶
Refer the common attributes and Pod specific tunable to tune the common tunables for all experiments and pod specific tunables.
Target Service Port¶
It defines the port of the targeted service that is being targeted. It can be tuned via TARGET_SERVICE_PORT ENV.
Use the following example to tune this:
## provide the port of the targeted service
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: engine-nginx
spec:
engineState: "active"
annotationCheck: "false"
appinfo:
appns: "default"
applabel: "app=nginx"
appkind: "deployment"
chaosServiceAccount: pod-http-chaos-sa
experiments:
- name: pod-http-chaos
spec:
components:
env:
# provide the port of the targeted service
- name: TARGET_SERVICE_PORT
value: "80"
# map of headers to modify/add
- name: HEADERS_MAP
value: '{"X-Litmus-Test-Header": "X-Litmus-Test-Value"}'
Proxy Port¶
It defines the port on which the proxy server will listen for requests. It can be tuned via PROXY_PORT
Use the following example to tune this:
## provide the port for proxy server
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: engine-nginx
spec:
engineState: "active"
annotationCheck: "false"
appinfo:
appns: "default"
applabel: "app=nginx"
appkind: "deployment"
chaosServiceAccount: pod-http-chaos-sa
experiments:
- name: pod-http-chaos
spec:
components:
env:
# provide the port for proxy server
- name: PROXY_PORT
value: '8080'
# provide the port of the targeted service
- name: TARGET_SERVICE_PORT
value: "80"
# map of headers to modify/add
- name: HEADERS_MAP
value: '{"X-Litmus-Test-Header": "X-Litmus-Test-Value"}'
Headers Map¶
It is the map of headers that are to be modified or added to the Http request/response. It can be tuned via HEADERS_MAP ENV.
Use the following example to tune this:
## provide the headers as a map
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: engine-nginx
spec:
engineState: "active"
annotationCheck: "false"
appinfo:
appns: "default"
applabel: "app=nginx"
appkind: "deployment"
chaosServiceAccount: pod-http-chaos-sa
experiments:
- name: pod-http-chaos
spec:
components:
env:
# map of headers to modify/add; Eg: {"X-Litmus-Test-Header": "X-Litmus-Test-Value"}
# to remove a header, just set the value to ""; Eg: {"X-Litmus-Test-Header": ""}
- name: HEADERS_MAP
value: '{"X-Litmus-Test-Header": "X-Litmus-Test-Value"}'
# provide the port of the targeted service
- name: TARGET_SERVICE_PORT
value: "80"
Header Mode¶
It defined whether the request or the response header has to be modified. It can be tuned via HEADER_MODE ENV.
Use the following example to tune this:
## provide the mode of the header modification; request/response
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: engine-nginx
spec:
engineState: "active"
annotationCheck: "false"
appinfo:
appns: "default"
applabel: "app=nginx"
appkind: "deployment"
chaosServiceAccount: pod-http-chaos-sa
experiments:
- name: pod-http-chaos
spec:
components:
env:
# whether to modify response headers or request headers. Accepted values: request, response
- name: HEADER_MODE
value: 'response'
# provide the port of the targeted service
- name: TARGET_SERVICE_PORT
value: "80"
# map of headers to modify/add
- name: HEADERS_MAP
value: '{"X-Litmus-Test-Header": "X-Litmus-Test-Value"}'
Toxicity¶
It defines the toxicity value to be added to the http request. It can be tuned via TOXICITY ENV.
Toxicity value defines the percentage of the total number of http requests to be affected.
Use the following example to tune this:
## provide the toxicity
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: engine-nginx
spec:
engineState: "active"
annotationCheck: "false"
appinfo:
appns: "default"
applabel: "app=nginx"
appkind: "deployment"
chaosServiceAccount: pod-http-modify-header-sa
experiments:
- name: pod-http-modify-header
spec:
components:
env:
# toxicity is the probability of the request to be affected
# provide the percentage value in the range of 0-100
# 0 means no request will be affected and 100 means all request will be affected
- name: TOXICITY
value: "100"
# provide the port of the targeted service
- name: TARGET_SERVICE_PORT
value: "80"
Network Interface¶
It defines the network interface to be used for the proxy. It can be tuned via NETWORK_INTERFACE ENV.
Use the following example to tune this:
## provide the port for proxy server
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: engine-nginx
spec:
engineState: "active"
annotationCheck: "false"
appinfo:
appns: "default"
applabel: "app=nginx"
appkind: "deployment"
chaosServiceAccount: pod-http-chaos-sa
experiments:
- name: pod-http-chaos
spec:
components:
env:
# provide the network interface for proxy
- name: NETWORK_INTERFACE
value: "eth0"
# provide the port of the targeted service
- name: TARGET_SERVICE_PORT
value: '80'
# map of headers to modify/add
- name: HEADERS_MAP
value: '{"X-Litmus-Test-Header": "X-Litmus-Test-Value"}'
Container Runtime Socket Path¶
It defines the CONTAINER_RUNTIME and SOCKET_PATH ENV to set the container runtime and socket file path.
CONTAINER_RUNTIME: It supportsdocker,containerd, andcrioruntimes. The default value isdocker.SOCKET_PATH: It contains path of docker socket file by default(/run/containerd/containerd.sock). For other runtimes provide the appropriate path.
Use the following example to tune this:
## provide the container runtime and socket file path
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: engine-nginx
spec:
engineState: "active"
annotationCheck: "false"
appinfo:
appns: "default"
applabel: "app=nginx"
appkind: "deployment"
chaosServiceAccount: pod-http-chaos-sa
experiments:
- name: pod-http-chaos
spec:
components:
env:
# runtime for the container
# supports docker, containerd, crio
- name: CONTAINER_RUNTIME
value: 'containerd'
# path of the socket file
- name: SOCKET_PATH
value: '/run/containerd/containerd.sock'
# provide the port of the targeted service
- name: TARGET_SERVICE_PORT
value: "80"
# map of headers to modify/add
- name: HEADERS_MAP
value: '{"X-Litmus-Test-Header": "X-Litmus-Test-Value"}'