Here is an example security chaos experiment in Python for Amazon Web Services (AWS) Elastic Kubernetes Service (EKS). This experiment simulates a scenario where an EKS worker node becomes unavailable, causing pods running on the node to be terminated.
To run this experiment, you will need to have an AWS account and the AWS SDK for Python (Boto3) installed. You will also need to have an EKS cluster and worker nodes set up in your account.
import boto3
# Set up the AWS client for EKS
eks_client = boto3.client("eks")
# Get the name of the EKS cluster and the ID of the worker node
cluster_name = "test-cluster"
node_id = "i-12345678"
# Drain the worker node
eks_client.update_nodegroup_config(
clusterName=cluster_name,
nodegroupName="test-nodegroup",
scalingConfig={
"desiredSize": 0,
"minSize": 0,
"maxSize": 0,
},
)
# Verify that the pods running on the worker node have been terminated
kubernetes_client = boto3.client("kubernetes-eks", region_name="us-east-1")
pods = kubernetes_client.list_namespaced_pod(
namespace="default",
field_selector=f"spec.nodeName={node_id}",
)
if pods["items"]:
print("Pods are still running on the worker node")
else:
print("Pods have been terminated on the worker node")
This experiment can be modified to test other types of security incidents, such as deleting an EKS cluster or deleting an IAM policy that grants permissions to the cluster.