{"id":20538616,"url":"https://github.com/simonkrenger/k8s-isolation","last_synced_at":"2025-04-14T07:50:38.469Z","repository":{"id":45597373,"uuid":"159822030","full_name":"simonkrenger/k8s-isolation","owner":"simonkrenger","description":"Evil containers to test the isolation between containers on Kubernetes. May break stuff.","archived":false,"fork":false,"pushed_at":"2021-12-06T10:36:49.000Z","size":13,"stargazers_count":15,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-27T21:23:26.553Z","etag":null,"topics":["containers","kubernetes","testing"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simonkrenger.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-30T12:42:32.000Z","updated_at":"2025-02-07T14:24:58.000Z","dependencies_parsed_at":"2022-08-27T07:01:04.789Z","dependency_job_id":null,"html_url":"https://github.com/simonkrenger/k8s-isolation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simonkrenger%2Fk8s-isolation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simonkrenger%2Fk8s-isolation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simonkrenger%2Fk8s-isolation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simonkrenger%2Fk8s-isolation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simonkrenger","download_url":"https://codeload.github.com/simonkrenger/k8s-isolation/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248844047,"owners_count":21170486,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["containers","kubernetes","testing"],"created_at":"2024-11-16T00:47:15.425Z","updated_at":"2025-04-14T07:50:38.444Z","avatar_url":"https://github.com/simonkrenger.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Containers to test Kubernetes isolation\n\nThis repository contains code to create containers that test the isolation of Kubernetes or other container orchestrators. Typically, the containers in this repository excessively consume resources, which may affect other containers or processes running on the same host.\n\nThese containers can be used to demonstrate shared resource issues and mitigations.\n\n## Description\n\nThe following containers are available in this repository:\n\n### cpuload\n\nThe `cpuload` container consumes all the CPU that it sees. It checks for the available cores and spawns a process for each core consuming CPU cycles.\n\n### memoryeater\n\nThe `memoryeater` container consumes all memory resources. This will lead to the container typically being OOM killed by the orchestrator.\n\n### forkbomb\n\nThe `forkbomb` container runs a script that forks infinitely. This creates new processes, potentially affecting other workload by using up system resources (e.g. PIDs).\n\n### filedescriptors\n\nThe `filedescriptors` container opens as many file descriptors as possible. The file `/etc/hosts` is used to create the file descriptors. Typically, file descriptors are shared system-wide and not namespaced.\n\n### consume-inodes\n\nThe `consume-inodes` container creates many small files in its working directory, trying to consume all available inodes. When the underlying filesystem is shared between multiple containers, this can lead to the `kubelet` having \"DiskPressure\"\n\n### entropy\n\nThe `entropy` container consumes randomness by repeatedly querying `/dev/random`. This will deplete the entropy pool for the kernel. Typically, entropy is system-wide and is not namespaced.\n\n### logspam\n\nThe `logspam` container writes a lot of data to `stdout`. Depending on your configuration, this can overwhelm your logging stack or logging infrastructure.\n\n## Usage\n\nThe containers in this repository are available on [quay.io](https://www.quay.io).\n\nTo run these containers locally:\n\n```\npodman run quay.io/simonkrenger/forkbomb\npodman run quay.io/simonkrenger/cpuload\npodman run quay.io/simonkrenger/memoryeater\npodman run quay.io/simonkrenger/filedescriptors\npodman run quay.io/simonkrenger/consume-inodes\npodman run quay.io/simonkrenger/entropy\npodman run quay.io/simonkrenger/logspam\n```\n\nTo run these containers on Kubernetes as a pod (example):\n\n```\napiVersion: v1\nkind: Pod\nmetadata:\n  name: simonkrenger-cpuload\nspec:\n  containers:\n  - name: cpuload\n    image: quay.io/simonkrenger/cpuload:latest\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimonkrenger%2Fk8s-isolation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimonkrenger%2Fk8s-isolation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimonkrenger%2Fk8s-isolation/lists"}