When targeting hosts (bare metal or virtualized systems) directly, in many cloud providers there is metadata that allows for location based Gremlin experiments (v2.11.6 and newer) without additional configuration thanks to Gremlin's automatic tagging feature. The specific items that are automatically tagged depends on the information that the particular cloud provider exposes.
For container based attacks, this information is not available by default. Outside of exact matching, in order to target container resources based on location these resources need to be tagged with Kubernetes labels that contain desired targeting criteria.
You can view the labels on a given pod via:
$ kubectl get po $PODNAME --show-labels
This will indicate which selectors can be used for that specific container.
Some Gremlin experiments also have a field for Host Tags:
Please note that this field corresponds with Experiment arguments and does NOT dictate which pods the experiments occur on. For example, specifying 'us-east-1a' as a Host Tag in an AWS environment for a blackhole attack will TO hosts in that availability zone, but does not restrict attacks to pods that reside in that availability zone.
Host tags in Network based attacks will impact all the IPs on matched hosts, including those used by containers (Kubernetes pods) even when those containers themselves do not have the specified tag.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article