Injects network degradation (latency, packet loss, bandwidth restriction) into a target node’s network interfaces using Linux tc (traffic control) rules. Unlike node-network-filter which blocks specific ports via iptables, this module shapes traffic at the interface level. Includes safety checks for existing tc rules on the node.
How to Run Node Network Chaos Scenarios
Choose your preferred method to run node network chaos scenarios:
Configuration
- id: node_network_chaos
image: "quay.io/krkn-chaos/krkn-network-chaos:latest"
wait_duration: 1
test_duration: 60
label_selector: ""
service_account: ""
instance_count: 1
execution: parallel
namespace: default
# scenario specific settings
target: "<node_name>"
interfaces: []
ingress: true
egress: true
latency: "" # empty string to skip; or e.g. 100ms (units: us, ms, s)
loss: 10 # percentage (no % symbol)
bandwidth: 1gbit # supported units: bit, kbit, mbit, gbit, tbit
force: false
taints: []
For the common module settings please refer to the documentation.
latency: network latency to inject. Format: integer followed byus(microseconds),ms(milliseconds), ors(seconds). Example:100ms. Set to empty string to skip.loss: packet loss percentage as a plain integer (no%symbol). Example:10means 10% packet loss. Set to empty string to skip.bandwidth: bandwidth limit. Format: integer followed bybit,kbit,mbit,gbit, ortbit. Example:100mbit. Set to empty string to skip.interfaces: list of network interface names to target. Leave empty to auto-detect the node’s default interface.ingress: apply rules to incoming traffic (default:true)egress: apply rules to outgoing traffic (default:true)target: the node name to target (used whenlabel_selectoris not set)force: by default (false), if the target node already hastcrules configured, the scenario aborts with a warning to avoid damaging cluster networking. Set totrueto override existing rules. A 10-second warning delay is inserted before proceeding. Use with caution.
Usage
To enable node network chaos scenarios edit the kraken config file, go to the section kraken -> chaos_scenarios of the yaml structure
and add a new element to the list named network_chaos_ng_scenarios then add the desired scenario
pointing to the scenario yaml file.
kraken:
...
chaos_scenarios:
- network_chaos_ng_scenarios:
- scenarios/kube/node-network-chaos.yml
Note
You can specify multiple scenario files of the same type by adding additional paths to the list:
kraken:
chaos_scenarios:
- network_chaos_ng_scenarios:
- scenarios/kube/node-network-chaos-1.yml
- scenarios/kube/node-network-chaos-2.yml
You can also combine multiple different scenario types in the same config.yaml file. Scenario types can be specified in any order, and you can include the same scenario type multiple times:
kraken:
chaos_scenarios:
- network_chaos_ng_scenarios:
- scenarios/kube/node-network-chaos.yml
- pod_disruption_scenarios:
- scenarios/pod-kill.yaml
- node_scenarios:
- scenarios/node-reboot.yaml
Warning
Whenforce is set to false (default), the scenario will check if the target node already has complex tc queueing disciplines configured. If existing rules are detected, the scenario aborts to prevent damaging cluster networking. Only set force: true if you understand the implications of overriding existing traffic control rules.Run
python run_kraken.py --config config/config.yaml
Not yet supported
node_network_chaos is not currently available as a krkn-hub container image. Use the Krkn tab to run this scenario directly.Not yet supported
node_network_chaos is not currently available via krknctl. Use the Krkn tab to run this scenario directly.Example scenario file: node-network-chaos.yml