PowerfulSeal configuration schema

Type: object No Additional Properties

The following configuration options document all features available for writing policy files with PowerfulSeal.

Type: object No Additional Properties

General configuration of this policy.

Type: object No Additional Properties

Configure how exit is configured

Type: enum (of string) Default: "report"

Affects what PowerfulSeal does when errors occur. The default report logs an error message, updates metrics and carries on. fail-fast fails and exits immediately on first exit (useful when running as a job).

Must be one of:

  • "report"
  • "fail-fast"

Type: object No Additional Properties

Configure how the scenarios are run

Type: number Default: 300

The Seal waits a randomized amount of time before executing the scenarios. This sets the MAX number of seconds that it will wait.

Value must be greater or equal to 0

Type: number Default: 30

The Seal waits a randomized amount of time before executing the scenarios. This sets the MIN number of seconds that it will wait.

Value must be greater or equal to 0

Type: number

If set, it will exit after the given number of scenario runs. By default, it continues forever.

Value must be greater or equal to 1

Type: enum (of string) Default: "round-robin"

Affects how the scenarios are executed. The default round-robin iterates over the every scenario in the order they were defined. random picks a random scenario from the available pool every time.

Must be one of:

  • "round-robin"
  • "random"

Type: array of object

An array of scenarios, each describing a complete chaos experiment.

Each item of this array must be:

Type: object No Additional Properties

A scenario contains all the steps necessary to prepare, implement and validate a chaos engineering experiment.

Type: string

A longer description, helping to understand what the scenario is doing when reading the yaml file. Optional.

Type: string

A brief, descriptive name of the scenario. Will be used to identify the scenario in logs.

Must be at least 3 characters long

Must be at most 80 characters long

Type: array

The sequence of events to prepare, validate, execute and analyse the chaos engineering experiment.

Each item of this array must be:

Type: object No Additional Properties

Issue an HTTP request and validate the response.

Type: object No Additional Properties

Type: string

Body of the HTTP request.

Type: number Default: 200

Expected status code.

Value must be greater or equal to 1 and lesser or equal to 599

Type: number Default: 1

Number of requests to make.

Value must be greater or equal to 1

Type: number Default: 100

Delay in ms between retries.

Value must be greater or equal to 1

Type: string

Endpoint to add to the url. For example /healthz. Works for both url and service.

Type: array of object

Give any additional headers to the request.

Each item of this array must be:

Type: object No Additional Properties

Type: string

Type: string

Type: boolean Default: false

If you'd like to skip the SSL validation. For example for self-signed certs.

Type: enum (of string) Default: "get"

HTTP method to use.

Must be one of:

  • "get"
  • "post"
  • "patch"
  • "head"
  • "delete"

Type: string

Proxy to use with the requests. If not set no proxy will be used. NOTE, that the probe ignores (and overrides) HTTP{S}_PROXY envvars.

Type: number Default: 3

Number of retries before failing the probe. Ignored, if there are no errors on the probe.

Value must be greater or equal to 1

Type: object No Additional Properties

A target of a static URL.

Type: string

The fully qualified url to issue the request to. For example: http://example.com.

Type: object No Additional Properties

Target the given Kubernetes service in a given namespace. It will use directly the IP of the given service, so make sure it resolves.

Type: object No Additional Properties

Type: string

Name of the kubernetes service.

Type: string

Namespace of the kubernetes service.

Type: number Default: 80

Port number to hit. Independent of what the service defines.

Value must be greater or equal to 1 and lesser or equal to 65535

Type: enum (of string) Default: "http"

Protocol to use for the probe.

Must be one of:

  • "http"
  • "https"

Type: number Default: 1000

Request timeout in ms.

Value must be greater or equal to 1

Type: object No Additional Properties

Allows to execute a kubectl apply or kubectl delete command as part of the scenario.

Type: object No Additional Properties

Type: enum (of string)

Must be one of:

  • "apply"
  • "delete"

Type: boolean Default: true

When set to true, all the kubectl apply commands will be kubectl deleteed at the end of the scenario.

Type: string Default: "kubectl"

The path to the binary of kubectl.

Type: string

Free-form, kubectl-compatible payload, which will be passed to kubectl as is.

Type: string Default: ""

Proxy to use with the kubectl command. If not set no proxy will be used. NOTE, that the probe ignores (and overrides) HTTP{S}_PROXY envvars.

Type: object No Additional Properties

Match, filter and action on pods in your kubernetes cluster. Matchers create the initial set. That set is de-duplicated and passed on to the filters. Filters can exclude items. Whatever is passed through the filters will then be actioned with every action in the action array. See below for the details of the configuration available.

Type: object No Additional Properties

Type: array of object

An array of actions to be applied to each pod from the set.

Each item of this array must be:

Type: object No Additional Properties

Kill a pod.

Type: object No Additional Properties

Type: boolean

Type: number

Value must be greater or equal to 0 and lesser or equal to 1

Type: object No Additional Properties

Wait some seconds.

Type: object No Additional Properties

Type: number

Value must be greater or equal to 0

Type: object No Additional Properties

Check that all pods are in the desired state, fail otherwise.

Type: object No Additional Properties

Type: string

Status, as returned by kubernetes (Running, Terminating, etc).

Type: object No Additional Properties

Count the pods and fail if they don't match the desired number.

Type: object No Additional Properties

Type: number
Type: object No Additional Properties

Stops the host on which the pods are running.

Type: object No Additional Properties

Type: boolean Default: true

When set to true, the node will be restarted at the end of the scenario.

Type: array of object

An array of filters to only select certain pods from the initial set.

Each item of this array must be:

Type: object No Additional Properties

Select pods by property values.

Type: object No Additional Properties

Type: enum (of string)

Must be one of:

  • "name"
  • "state"

Type: boolean Default: false

Set to true to negate the match (logical NOT)

Type: string
Type: object No Additional Properties

Only pass the filter during specific time of the day and week.

Type: object No Additional Properties

Type: object No Additional Properties

Describes a time of the day, in the local timezone.

Type: number

Value must be greater or equal to 0 and lesser or equal to 23

Type: number

Value must be greater or equal to 0 and lesser or equal to 59

Type: number

Value must be greater or equal to 0 and lesser or equal to 59

Type: array of enum (of string)

Each item of this array must be:

Type: enum (of string)

Must be one of:

  • "monday"
  • "tuesday"
  • "wednesday"
  • "thursday"
  • "friday"
  • "saturday"
  • "sunday"

Type: object No Additional Properties

Take a random sample. Either a specific size (up to N), or a ratio (0.5 == 50%) of the initial size.

Type: object No Additional Properties

Type: number

Value must be greater or equal to 0 and lesser or equal to 1

Type: number

Value must be greater or equal to 1

Type: object No Additional Properties

Only pass the filter with a desired probability.

Type: number

Value must be greater or equal to 0 and lesser or equal to 1

Type: array

An array of match criteria to select a set of pods. Will be deduplicated.

Each item of this array must be:

Type: object No Additional Properties

Pick all pods for a deployment in a namespace.

Type: string
Type: object No Additional Properties

Pick all pods matching the particular set of labels in a namespace.

Type: object No Additional Properties

Type: string

Type: string

An object of retry criteria to rerun set actions

Type: object No Additional Properties

Retry the given action a set amount of times with a sleep in between

Type: object No Additional Properties

Type: number

Value must be greater or equal to 0

Type: number

Value must be greater or equal to 0

Type: object No Additional Properties

Retry the given action for a set amount of time with a sleep in between

Type: object No Additional Properties

Type: number

Value must be greater or equal to 0

Type: number

Value must be greater or equal to 0

Type: object No Additional Properties

Match, filter and action on nodes in your kubernetes cluster. It can integrate with your cloud provider and take nodes up and down to simulate VMs going down. If you're running in SSH mode, it can also execute various commands on hosts. And much more! See below for mode details.

Type: object No Additional Properties

Type: array of object

An array of actions, which will be executed on each node.

Each item of this array must be:

Type: object No Additional Properties

Start a node.

Type: object or null No Additional Properties
Type: object No Additional Properties

Stop a node.

Type: object No Additional Properties

Type: boolean Default: true

When set to true, the node will be restarted at the end of the scenario.

Type: boolean
Type: object No Additional Properties

Executes arbitrary command on a particular node. Use with caution.

Type: object No Additional Properties

Type: string

Type: array of object

An array of filters, which will be applied in the defined order.

Each item of this array must be:

Type: object No Additional Properties

Select nodes by property values.

Type: object No Additional Properties

Type: enum (of string)

Must be one of:

  • "name"
  • "ip"
  • "group"
  • "az"
  • "state"

Type: boolean Default: false

Set to true to negate the match (logical NOT)

Type: string

Only pass the filter during specific time of the day and week.

Same definition as scenarios_items_steps_items_oneOf_i2_podAction_filters_items_oneOf_i1

Take a random sample. Either a specific size (up to N), or a ratio (0.5 == 50%) of the initial size.

Same definition as scenarios_items_steps_items_oneOf_i2_podAction_filters_items_oneOf_i2

Type: array

An array of match criteria to select a set of nodes. Will be deduplicated.

Each item of this array must be:

An object of retry criteria to rerun set actions

Retry the given action a set amount of times with a sleep in between

Same definition as scenarios_items_steps_items_oneOf_i2_podAction_retries_oneOf_i0

Retry the given action for a set amount of time with a sleep in between

Same definition as scenarios_items_steps_items_oneOf_i2_podAction_retries_oneOf_i1
Type: object No Additional Properties

Allows to wait a number of seconds.

Type: object No Additional Properties

Type: number

Value must be greater or equal to 0

Type: object No Additional Properties

Clone an existing deployment and modify the clone to inject failure.

Type: object No Additional Properties

Type: array of object

Labels to add/change for the clone. On top of all these, another one "chaos=true" will be added. If none are specified, they will be copied from the source.

Each item of this array must be:

Type: object No Additional Properties

Target the given Kubernetes service in a given namespace.

Type: object No Additional Properties

Type: string

Name of the kubernetes service.

Type: string

Namespace of the kubernetes service.

Type: object No Additional Properties

Specify Kubernetes labels

Type: object No Additional Properties

Type: string

The label key

Type: string

The label value

Type: array of object

Mutations to apply to the clone. For example, you can add extra latency to the clone or modify its envvas.

Each item of this array must be:

Type: object No Additional Properties

Adds an init container that executes the desired tc command. Optionally, you can specify the image holding tc.

Type: object No Additional Properties

Type: array of string

The arguments to execute as an array. For example - "qdisc add dev eth0 root netem delay 200ms" to add 200ms delay on egress. https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

Each item of this array must be:

Type: string

Type: array of string

The command to execute as an array. Entrypoint in docker. https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

Each item of this array must be:

Type: string

Type: string Default: "gaiadocker/iproute2:latest"

The image to use.

Type: number Default: 0

The numeric UID of user to run as in the image. Root (UID 0) is not the safest option.

Value must be greater or equal to 0

Type: object No Additional Properties

Adds a sidecar container, and proxies all incoming ports of the cloned containers through itself. You can also specify any extra proxies.

Type: object No Additional Properties

Type: string Default: "gaiadocker/iproute2:latest"

The image to use to run iptables commands. iptables command needs to be in the path.

Type: string Default: "docker.io/shopify/toxiproxy:2.1.4"

The image to use to deploy toxiproxy. It needs to start toxiproxy server by default and provide toxiproxy-cli in the path.

Type: array of object

Extra proxies to be opened up by ToxiProxy.

Each item of this array must be:

Type: object No Additional Properties

Type: string

The interface and port to listen on. For example 0.0.0.1:2222 to listen on port 2222 on all interfaces.

Type: string

Arbitrary name. Needs to be unique.

Type: string

The server to proxy to, along with the port. For example github.com:80

Type: array of object

Toxics to apply. These directly in the format specified by toxiproxy. Learn more at https://github.com/shopify/toxiproxy

Each item of this array must be:

Type: object No Additional Properties

Type: string

The name of the target proxy. If you'd like to target any of the automatically created proxies, just specify the port number. If you're like to target any of the manually created proxies, just use their name directly.

Type: array of object

Specify the attributes of the toxic to apply. See the available ones at https://github.com/Shopify/toxiproxy#toxics

Each item of this array must be:

Type: object No Additional Properties

Type: string

The name of the toxic's attribute.

Type: number

The value of the toxic's attribute.

Type: string

Specify the type of toxic to apply. See the available ones at https://github.com/Shopify/toxiproxy#toxics

Type: string Default: "/go/bin/toxiproxy-cli"

The path to the toxiproxy cli in the toxiproxy image.

Type: number Default: 0

The numeric UID of user to run as in the image. Root (UID 0) is not the safest option.

Value must be greater or equal to 0

Type: object No Additional Properties

Target the given Kubernetes service in a given namespace.

Type: object No Additional Properties

Type: string

The environment variable name

Type: string

The environment variable value

Type: number Default: 1

Value must be greater or equal to 1

The object to clone. It must exist on the cluster. Its specs will be used for the clone.

Type: object No Additional Properties

Pick all pods for a deployment in a namespace.

Type: object No Additional Properties

Type: string

Type: string