MCPcopy
hub / github.com/alexei-led/pumba

github.com/alexei-led/pumba @1.1.7 sqlite

repository ↗ · DeepWiki ↗ · release 1.1.7 ↗
2,371 symbols 8,381 edges 159 files 1,042 documented · 44%
README

Pumba

Chaos testing tool for Docker, containerd, and Podman

GitHub Release Release Build and Test Go Report Card Codecov License

Quick Start · User Guide · Network Chaos · Deployment · Contributing


Pumba is a chaos testing and network emulation tool for Docker, containerd, and Podman containers. Inspired by Netflix Chaos Monkey, Pumba brings chaos engineering to the container level — kill, stop, pause, and remove containers, inject network delays and packet loss, or stress-test container resources.

How It Works

graph LR
    A[Pumba CLI] -->|Docker API / containerd API / Podman compat API| B[Container Runtime]
    B -->|List & Filter| C[Target Containers]

    A -->|kill / stop / pause / rm| C

    A -->|netem / iptables| D[Helper Container / Direct Exec]
    D -->|Shares network namespace| C
    D -->|Runs tc / iptables| E[Network Chaos]

Supported runtimes

Runtime Socket (default) netem / iptables / stress Notes
Docker /var/run/docker.sock Works as root or with socket access Default runtime.
containerd /run/containerd/containerd.sock Requires root (overlayfs mounts for sidecar) Namespaces: k8s.io (Kubernetes), moby (Docker-managed), default (pure containerd).
Podman /run/podman/podman.sock (rootful) Requires rootful Podman (fails fast else) Uses Podman's Docker-compat API; on macOS pumba runs inside podman machine (see below).

Supported platforms

Pumba targets Linux containers — every chaos action depends on Linux primitives (netns, cgroups v2, iptables, tc qdiscs, container runtime sockets). Released binaries:

OS amd64 arm64 Notes
Linux Primary target. Run pumba on the same kernel as the targeted containers.
macOS Developer ergonomics only. Use it to drive a remote Docker/Podman/containerd VM (e.g. Colima, podman machine).
Windows Not supported and not planned. See below.

Windows is intentionally not built. The chaos primitives — Linux netns/cgroup writes, tc/iptables sidecar injection, POSIX signal forwarding (SIGCONT/SIGSTOP/SIGUSR1/SIGUSR2 used by the containerd runtime) — have no Windows equivalent. There is no plausible Windows use case even with Docker Desktop's WSL2 backend, so no Windows binary is published. PRs adding Windows support will not be accepted; please run pumba on Linux (native, container, or VM).

Features

Category Commands Description
Container Chaos kill, stop, pause, rm, restart Disrupt container lifecycle
Execute exec Run commands inside containers
Network Delay netem delay Add latency to egress traffic
Packet Loss netem loss, iptables loss Drop packets (egress and ingress)
Network Effects netem duplicate, corrupt, rate Duplicate, corrupt, or rate-limit packets
Stress Testing stress CPU, memory, I/O stress via stress-ng (child cgroup or same-cgroup injection)
Targeting names, regex (re2:), labels, --random Flexible container selection
Scheduling --interval Recurring chaos at fixed intervals

Quick Start

Install

Download the latest release for your platform, or use Docker:

# Binary
curl -sL https://github.com/alexei-led/pumba/releases/latest/download/pumba_linux_amd64 -o pumba
chmod +x pumba

# Docker (recommended)
docker pull ghcr.io/alexei-led/pumba:latest

First Chaos

# Kill a random container matching "test" every 30 seconds
pumba --interval=30s --random kill "re2:^test"

# Add 3 seconds network delay to mydb for 5 minutes
pumba netem --duration 5m delay --time 3000 mydb

# Drop 10% of incoming packets to myapp for 2 minutes
pumba iptables --duration 2m loss --probability 0.1 myapp

# Stress CPU of mycontainer for 60 seconds
pumba stress --duration 60s --stressors="--cpu 4 --timeout 60s" mycontainer

Containerd Runtime

# Kill a container by ID via containerd
pumba --runtime containerd --containerd-namespace k8s.io kill <container-id>

# Add network delay via containerd (requires tc in the container image)
pumba --runtime containerd --containerd-namespace moby \
  netem --duration 5m delay --time 3000 <container-id>

Podman Runtime

Pumba talks to Podman via its Docker-compat socket. --podman-socket is optional — if empty, pumba probes $CONTAINER_HOST, $PODMAN_SOCK, podman machine inspect, /run/podman/podman.sock, and $XDG_RUNTIME_DIR/podman/podman.sock in order.

# Kill a container by name via Podman (rootful socket auto-detected)
sudo pumba --runtime podman kill mycontainer

# Add network delay via Podman (requires rootful socket)
sudo pumba --runtime podman netem --duration 5m delay --time 3000 mycontainer

# Stress CPU via Podman (default child-cgroup mode)
sudo pumba --runtime podman stress --duration 60s --stressors="--cpu 4 --timeout 60s" mycontainer

# Explicit socket override
pumba --runtime podman --podman-socket unix:///run/podman/podman.sock kill mycontainer

netem, iptables, and stress require rootful Podman — rootless fails fast with a clear message pointing at podman machine set --rootful (macOS) or the rootful systemd unit (Linux).

macOS development with Podman

Podman on macOS runs inside a Linux VM. Pumba must run on the same kernel as the target containers (host-side /proc/<pid>/cgroup read), so run the pumba binary inside the podman machine VM:

# one-time setup
brew install podman
podman machine init --rootful --cpus 4 --memory 4096 --now
podman machine ssh sudo dnf install -y bats      # optional, for bats tests

# copy a linux/arm64 or linux/amd64 pumba binary into the VM
podman machine ssh sudo cp /path/to/pumba /usr/local/bin/

# run inside the VM
podman machine ssh sudo pumba --runtime podman --log-level debug ps
podman machine ssh sudo pumba --runtime podman netem --duration 10s delay --time 200 <container-id>
Flag Default Description
--runtime docker Container runtime (docker, containerd, or podman)
--containerd-socket /run/containerd/containerd.sock containerd socket path
--containerd-namespace k8s.io containerd namespace (k8s.io for Kubernetes, moby for Docker)
--podman-socket (auto-detected) Podman socket URI (e.g. unix:///run/podman/podman.sock); empty triggers auto-detection

Tip: For network chaos on containers without tc/iptables, use --tc-image to spawn a sidecar:

bash pumba --runtime containerd netem --tc-image ghcr.io/alexei-led/pumba-alpine-nettools:latest \ --duration 5m delay --time 3000 <container-id>

Run with Docker

docker run -it --rm \
  -v /var/run/docker.sock:/var/run/docker.sock \
  ghcr.io/alexei-led/pumba --interval=10s --random kill "re2:^test"

Docker Images

Registry Image Status
GitHub Container Registry ghcr.io/alexei-led/pumba ✅ Primary
Docker Hub alexeiled/pumba ⚠️ Deprecated

Images are built natively for linux/amd64 and linux/arm64 (no QEMU).

Documentation

Document Description
User Guide Container chaos commands, targeting, scheduling, configuration
Network Chaos netem, iptables, advanced scenarios, architecture diagrams
Stress Testing CPU/memory/IO stress testing with stress-ng
Deployment Docker, Kubernetes DaemonSets, OpenShift
Contributing Build from source, run tests, project structure

Demo

asciicast

Community & Support

License

Apache License 2.0

Extension points exported contracts — how you extend this code

Lister (Interface)
--- Focused Interfaces --- Lister lists containers matching a filter. [6 implementers]
pkg/container/client.go
Command (Interface)
Command chaos command [229 implementers]
pkg/chaos/command.go
Lifecycle (Interface)
Lifecycle manages container lifecycle (stop, kill, start, restart, remove, pause). [6 implementers]
pkg/container/client.go
Flags (Interface)
Flags is the minimum surface every per-command parser needs from the underlying CLI library. It deliberately omits flag [1 …
pkg/chaos/cliflags/flags.go
Executor (Interface)
Executor executes commands in containers. [6 implementers]
pkg/container/client.go
ContainerAction (FuncType)
ContainerAction applies a chaos action to a single target container. In serial runs, the first error stops iteration. In
pkg/chaos/runner.go
Netem (Interface)
Netem manages network emulation on containers. Requests are passed by pointer because NetemRequest is large (~160 bytes) [7 …
pkg/container/client.go
Runtime (FuncType)
Runtime returns the container client to use for chaos execution. Builders receive a Runtime factory rather than a client
pkg/chaos/command.go

Core symbols most depended-on inside this repo

Return
called by 482
pkg/runtime/containerd/mock_apiClient.go
EXPECT
called by 346
pkg/runtime/containerd/mock_apiClient.go
Run
called by 330
pkg/chaos/command.go
Return
called by 241
mocks/APIClient.go
Return
called by 179
pkg/container/mock_Client.go
EXPECT
called by 124
pkg/container/mock_Client.go
NewMockClient
called by 88
pkg/container/mock_Client.go
ContainerExecCreate
called by 75
mocks/APIClient.go

Shape

Method 1,299
Function 719
Struct 328
Interface 20
FuncType 5

Languages

Go100%

Modules by API surface

mocks/APIClient.go736 symbols
mocks/ContainerAPIClient.go196 symbols
pkg/runtime/containerd/client_test.go131 symbols
mocks/ImageAPIClient.go106 symbols
pkg/container/mock_Client.go100 symbols
pkg/container/mock_Lifecycle.go52 symbols
pkg/runtime/containerd/mock_apiClient.go40 symbols
tests/integration/helpers_test.go33 symbols
pkg/chaos/netem/cmd/commands_test.go32 symbols
pkg/chaos/lifecycle/cmd/commands_test.go32 symbols
pkg/runtime/podman/stress_test.go30 symbols
pkg/runtime/podman/socket_test.go29 symbols

Dependencies from manifests, versioned

cyphar.com/go-pathrsv0.2.4 · 1×
github.com/Microsoft/go-winiov0.6.2 · 1×
github.com/Microsoft/hcsshimv0.14.1 · 1×
github.com/cespare/xxhash/v2v2.3.0 · 1×
github.com/containerd/cgroups/v3v3.1.3 · 1×
github.com/containerd/continuityv0.4.5 · 1×
github.com/containerd/errdefsv1.0.0 · 1×
github.com/containerd/errdefs/pkgv0.3.0 · 1×
github.com/containerd/fifov1.1.0 · 1×
github.com/containerd/logv0.1.0 · 1×

For agents

$ claude mcp add pumba \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact