Windows EC2 Process Kill

Windows EC2 Process Kill fault kills the target processes running on a Windows EC2 instance. This fault disrupts application-critical processes running on the instance by killing their underlying processes or threads.

Use cases

Simulate loss of processes on Windows EC2 instances to check the app resiliency
Evaluate the impact of process loss on application performance.

Prerequisites

Kubernetes >= 1.17
The EC2 instance must be in a healthy state.
SSM agent must be installed and running on the target EC2 instance.
SSM IAM role must be attached to the target EC2 instance(s).

Kubernetes secret must have the AWS Access Key ID and Secret Access Key credentials in the CHAOS_NAMESPACE. Below is a sample secret file:

apiVersion: v1
kind: Secret
metadata:
  name: cloud-secret
type: Opaque
stringData:
  cloud_config.yml: |-
    # Add the cloud AWS credentials respectively
    [default]
    aws_access_key_id = XXXXXXXXXXXXXXXXXXX
    aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

tip

HCE recommends that you use the same secret name, that is, cloud-secret. Otherwise, you will need to update the AWS_SHARED_CREDENTIALS_FILE environment variable in the fault template with the new secret name and you won't be able to use the default health check probes.

Below is an example AWS policy to execute the fault.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssm:GetDocument",
                "ssm:DescribeDocument",
                "ssm:GetParameter",
                "ssm:GetParameters",
                "ssm:SendCommand",
                "ssm:CancelCommand",
                "ssm:CreateDocument",
                "ssm:DeleteDocument",
                "ssm:GetCommandInvocation",
                "ssm:UpdateInstanceInformation",
                "ssm:DescribeInstanceInformation"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2messages:AcknowledgeMessage",
                "ec2messages:DeleteMessage",
                "ec2messages:FailMessage",
                "ec2messages:GetEndpoint",
                "ec2messages:GetMessages",
                "ec2messages:SendReply"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstanceStatus",
                "ec2:DescribeInstances"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

note

Go to the common tunables to tune the common tunables for all the faults.
Go to AWS named profile for chaos to use a different profile for AWS faults and the superset permission/policy to execute all AWS faults.

Mandatory tunables

Tunable	Description	Notes
EC2_INSTANCE_ID / EC2_INSTANCE_TAG	ID or tag of the target EC2 instance(s).	For example, `i-044d3cb4b03b8af1f` or a tag key-value. For more information, go to EC2 instance ID.
REGION	The AWS region ID where the EC2 instance has been created.	For example, `us-east-1`. For more information, go to region.
PROCESS_IDS / PROCESS_NAMES	Process IDs or names of the target processes (comma-separated).	For example, `183,253,857` or `notepad.exe,explorer.exe`. For more information, go to process IDs or process names.

Optional tunables

Tunable	Description	Notes
TOTAL_CHAOS_DURATION	Duration for which chaos is injected (in seconds).	Default: 60 s. For more information, go to duration of the chaos.
INSTANCE_AFFECTED_PERC	Percentage of instances to target (if using tags).	Optional. For more information, go to instance affected perc.
FORCE	Force kill the process.	Default: disable. For example: `enable`. For more information, go to force .
INSTALL_DEPENDENCIES	Install dependencies on the target instance.	Default: true. For more information, go to install dependencies.
AWS_SHARED_CREDENTIALS_FILE	Path to the AWS secret credentials.	Default: `/tmp/cloud_config.yml`. For more information, go to AWS shared credentials file.
SEQUENCE	Sequence of chaos execution for multiple instances.	Default: parallel. Supports serial and parallel. For more information, go to sequence of chaos execution.
RAMP_TIME	Period to wait before and after injecting chaos (in seconds).	Optional. For more information, go to ramp time.

Process IDs

The PROCESS_IDS environment variable specifies the processes that you want to kill by their IDs on a Windows EC2 instance.

---
# Kills processes by IDs on a Windows EC2 instance
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
  name: windows-ec2-process-kill
spec:
  engineState: "active"
  chaosServiceAccount: litmus-admin
  experiments:
    - name: windows-ec2-process-kill
      spec:
        components:
          env:
            - name: PROCESS_IDS
              value: '1234,5678'

Process Names

The PROCESS_NAMES environment variable specifies the processes that you want to kill by their Names on a Windows EC2 instance.

---
# Kills processes by names on a Windows EC2 instance
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
  name: windows-ec2-process-kill
spec:
  engineState: "active"
  chaosServiceAccount: litmus-admin
  experiments:
    - name: windows-ec2-process-kill
      spec:
        components:
          env:
            - name: PROCESS_NAMES
              value: 'notepad,explorer'

Force

The FORCE environment variable specifies the force kill of the processes under chaos.

---
# Kills processes by names with FORCE enabled on a Windows EC2 instance
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
  name: windows-ec2-process-kill
spec:
  engineState: "active"
  chaosServiceAccount: litmus-admin
  experiments:
    - name: windows-ec2-process-kill
      spec:
        components:
          env:
            - name: PROCESS_NAMES
              value: 'notepad'
            - name: FORCE
              value: 'enable'

Use cases​

Prerequisites​

Mandatory tunables​

Optional tunables​

Process IDs​

Process Names​

Force​