loading...
Cover image for GitHub Chaos Actions in Your CI/CD workflow [Part-1]

GitHub Chaos Actions in Your CI/CD workflow [Part-1]

uditgaurav profile image Udit Gaurav Updated on ・6 min read

In this blog, I will be talking about setting GitHub Chaos Actions in your CI workflow. Before jumping in, let's do a quick recap on Litmus. Litmus is a framework for practicing chaos engineering in cloud-native environments. Litmus provides a chaos operator, a large set of chaos experiments on its hub, detailed documentation, and a friendly community. Litmus is very easy to use you can also set up a very quick demo environment to install and run Litmus experiments.

What is Github Chaos Action?

Github actions automate the chaos execution on an application in the same place where the code is stored. You can write individual tasks along with chaos actions and combine them to create a custom GitHub workflow. GitHub Workflows are custom automated processes that you can set up in your repository to build, test, package, or deploy any code project on GitHub. Including the Github chaos actions in your workflow YAML, you can test the performance/resiliency of your application in a much simpler and better way. To know more visit Github chaos actions repository.

What do we need Github Chaos Action?

GitHub Action makes the execution of chaos on an application in a much simpler and easier way. This action could be triggered on the basis of parameter listed in the GitHub workflow YAML. This action can be performed over an application that can be deployed in the cluster or already present in the cluster. Github chaos action helps to fix the weaknesses leads to increased resilience of the system which helps to gain confidence to developers and SRE. It takes a cloud-native approach to create, manage, and monitor the chaos.

Pre-requisites

  • Kubernetes 1.11 or later.
  • A workflow in your Github Repository
  • Application pod in a healthy state
  • Pre-requisites of the Chaos Experiment you are executing. You can find this under the experiment section in litmus docs

A Sample Github Chaos Action Workflow
The workflow file is stored under .github/workflows directory of your repository and it uses YAML syntax and must have either a .yml or .yaml file extension. We just need to follow the below-mentioned steps to create a sample GitHub workflow for performing chaos engineering on a Kubernetes application using Github chaos action.

1. Setup name and event to trigger the GitHub workflow

name: Push
on:
 push:
 branches: [ master ]
 pull_request:
 branches: [ master ]

This will trigger the GitHub workflow on a push or pull request basis on the master branch. Similarly, it can also be on a scheduled basis.

on:
 schedule:
 - cron: ‘*/15 * * * *’

2. Setup jobs in the workflow

jobs:
 build:
 runs-on: ubuntu-latest

A GitHub workflow run is made up of one or more jobs. Each job runs in an environment specified by runs-on. So in the above case, each job will run on the ubuntu-latest environment. By default jobs run in parallel to run them sequentially, we need to add

needs: <Job-Name>.
jobs:
 build:
 runs-on: ubuntu-latest
needs: job1
 steps: 
 — uses: actions/checkout@v2

3. Setup different tasks in a job
A job contains a sequence of tasks called Steps. Steps can be used to run commands, tasks, or actions itself. Not all steps run actions, but all actions run as a step.

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master

Using job steps we can run the chaos action over an application and for doing so we need to use our Github-chaos-actions in a below-mentioned way:
A sample pod deletes experiment workflow:

.github/workflows/main.yml
name: main
on:
 push:
 branches: [ master ]
jobs:
 build:
 runs-on: ubuntu-latest
steps:
 — uses: actions/checkout@master

 — name: Running Litmus pod delete chaos experiment
 uses: mayadata-io/github-chaos-actions@master
 env:
 ##Pass kubeconfig data from secret in base 64 encoded form 
 KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_DATA }}
 ##If litmus is not installed
 INSTALL_LITMUS: true
 ##Give application info under chaos
 APP_NS: default
 APP_LABEL: run=nginx
 APP_KIND: deployment
 EXPERIMENT_NAME: pod-delete
 ##Custom image can also been used
 EXPERIMENT_IMAGE: litmuschaos/ansible-runner
 EXPERIMENT_IMAGE_TAG: latest
 IMAGE_PULL_POLICY: Always     
 TOTAL_CHAOS_DURATION: 30
 CHAOS_INTERVAL: 10
 FORCE: false
 ##Select true if you want to uninstall litmus after chaos
 LITMUS_CLEANUP: true

This is a complete single job that is running a chaos action over an application for every push on branch master and the kubeconfig of the cluster and application details are provided in the form of secrets and environment variables respectively. Other Variables are chaos action variables that change on the basis of the chaos experiment we are running.

How to connect the cluster with chaos actions?

  1. To connect a healthy cluster with the chaos action we need to pass the kubeconfig of the cluster in the base 64 encoded form as done in the above example. For doing this we need to follow these steps: Convert the kubeconfig of your cluster in base 64 encoded form using this command:
cat $HOME/.kube/config | base64
  • Add a secret KUBE_CONFIG_DATA with the value containing the output of the above command.
  • Pass this secret as ENV in Github chaos actions to connect your cluster with the action.
- name: Running Litmus pod delete chaos experiment
 uses: mayadata-io/github-chaos-actions@master
 env:
 KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_DATA }}
  1. Creating a Cluster in the workflow itself is also one of the ways of performing chaos actions. We can even create a cluster in one of the steps of the job and then use Github-chaos-actions in further steps. In this case we don’t need to pass the kubeconfig externally through action’s ENV instead you can setup kubeconfig as an environment variable in base 64 encoded form using:
- name: "Setup kubeconfig ENV for Github Chaos Action"
  run: echo ::set-env name=KUBE_CONFIG_DATA::$(base64 -w 0 ~/.kube/config)

The KUBE_CONFIG_DATA will be accessable to the Chaos Action which is running on a different container. Please visit [Part-2] of the GitHub actions series, we have discussed it in more detailed way.

Monitor the GitHub workflow jobs:

Once the workflow triggers we need to monitor the workflow. For monitoring the different jobs in the workflow:

  • Click on the Actions option present in the repository containing workflow. Alt Text
  • It will show all the workflow runs. Select the one which triggered recently Alt Text
  • Check the job logs of the workflow. Alt Text

Details of chaos action run

  • To get the details of what happened when the chaos action was running check the logs on the Github-chaos-actions from the job logs.
  • The Github-chaos-action contains the logs of the process involved in running the chaos actions.
  • It also contains the logs of the experiment pod which will give a verbose idea of what was happening at the time of chaos injection.
  • At the end of the logs, there will be a check of the verdict whether the chaos result verdict is Pass or Fail (It will be a pass for the successful execution of the experiment).
  • To know more about the terms like Chaos Experiment, Chaos Engine and Chaos Result visit litmus docs.

To know more about GitHub Chaos Actions and different ways to setup Chaos Actions in your GitHub workflow read Part-2 now.

Conclusion:

We can automate the chaos execution on a review application to check its resiliency in the same place where the codes are stored using Github Action.It provides an easier way to perform different chaos experiments which helps in gaining confidence.

Are you an SRE or a Kubernetes enthusiast? Does Chaos Engineering excite you?
Join Our Community On Slack For Detailed Discussion, Feedback & Regular Updates On Chaos Engineering For Kubernetes: https://kubernetes.slack.com/messages/CNXNB0ZTN
(#litmus channel on the Kubernetes workspace)
Check out the Litmus Chaos GitHub repo and do share your feedback: https://github.com/litmuschaos/litmus
Submit a pull request if you identify any necessary changes.

GitHub logo litmuschaos / litmus

Litmus helps Kubernetes SREs and developers practice chaos engineering in a Kubernetes native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q

LitmusChaos

Litmus

Cloud-Native Chaos Engineering

Slack Channel Build Status Docker Pulls GitHub stars GitHub issues Twitter Follow CII Best Practices Quality Gate Status BCH compliance FOSSA Status YouTube Channel



Overview

Litmus is a toolset to do cloud-native chaos engineering. Litmus provides tools to orchestrate chaos on Kubernetes to help SREs find weaknesses in their deployments. SREs use Litmus to run chaos experiments initially in the staging environment and eventually in production to find bugs, vulnerabilities. Fixing the weaknesses leads to increased resilience of the system.

Litmus takes a cloud-native approach to create, manage and monitor chaos. Chaos is orchestrated using the following Kubernetes Custom Resource Definitions (CRDs):

  • ChaosEngine: A resource to link a Kubernetes application or Kubernetes node to a ChaosExperiment. ChaosEngine is watched by Litmus' Chaos-Operator which then invokes Chaos-Experiments
  • ChaosExperiment: A resource to group the configuration parameters of a chaos experiment. ChaosExperiment CRs are created by the operator when experiments are invoked by ChaosEngine.
  • ChaosResult: A resource to hold the results of a chaos-experiment. The Chaos-exporter reads the…

Posted on by:

uditgaurav profile

Udit Gaurav

@uditgaurav

Open Source Lover | Contributor of @litmuschaos and Engineer @mayadata A Certified Kubernetes Administrator(CKA)

Discussion

markdown guide