Chaos testing tool for Docker, containerd, and Podman

Quick Start · User Guide · Network Chaos · Deployment · Contributing

---

Pumba is a chaos testing and network emulation tool for Docker, containerd, and Podman containers. Inspired by Netflix Chaos Monkey, Pumba brings chaos engineering to the container level — kill, stop, pause, and remove containers, inject network delays and packet loss, or stress-test container resources.

How It Works

graph LR
    A[Pumba CLI] -->|Docker API / containerd API / Podman compat API| B[Container Runtime]
    B -->|List & Filter| C[Target Containers]

    A -->|kill / stop / pause / rm| C

    A -->|netem / iptables| D[Helper Container / Direct Exec]
    D -->|Shares network namespace| C
    D -->|Runs tc / iptables| E[Network Chaos]

Loading

Supported runtimes

Runtime	Socket (default)	netem / iptables / stress	Notes
Docker	/var/run/docker.sock	Works as root or with socket access	Default runtime.
containerd	/run/containerd/containerd.sock	Requires root (overlayfs mounts for sidecar)	Namespaces: k8s.io (Kubernetes), moby (Docker-managed), default (pure containerd).
Podman	/run/podman/podman.sock (rootful)	Requires rootful Podman (fails fast else)	Uses Podman's Docker-compat API; on macOS pumba runs inside podman machine (see below).

Features

Category	Commands	Description
Container Chaos	kill, stop, pause, rm, restart	Disrupt container lifecycle
Execute	exec	Run commands inside containers
Network Delay	netem delay	Add latency to egress traffic
Packet Loss	netem loss, iptables loss	Drop packets (egress and ingress)
Network Effects	netem duplicate, corrupt, rate	Duplicate, corrupt, or rate-limit packets
Stress Testing	stress	CPU, memory, I/O stress via stress-ng (child cgroup or same-cgroup injection)
Targeting	names, regex (re2:), labels, --random	Flexible container selection
Scheduling	--interval	Recurring chaos at fixed intervals

Quick Start

Install

Download the latest release for your platform, or use Docker:

# Binary
curl -sL https://github.com/alexei-led/pumba/releases/latest/download/pumba_linux_amd64 -o pumba
chmod +x pumba

# Docker (recommended)
docker pull ghcr.io/alexei-led/pumba:latest

First Chaos

# Kill a random container matching "test" every 30 seconds
pumba --interval=30s --random kill "re2:^test"

# Add 3 seconds network delay to mydb for 5 minutes
pumba netem --duration 5m delay --time 3000 mydb

# Drop 10% of incoming packets to myapp for 2 minutes
pumba iptables --duration 2m loss --probability 0.1 myapp

# Stress CPU of mycontainer for 60 seconds
pumba stress --duration 60s --stressors="--cpu 4 --timeout 60s" mycontainer

Containerd Runtime

# Kill a container by ID via containerd
pumba --runtime containerd --containerd-namespace k8s.io kill <container-id>

# Add network delay via containerd (requires tc in the container image)
pumba --runtime containerd --containerd-namespace moby \
  netem --duration 5m delay --time 3000 <container-id>

Podman Runtime

Pumba talks to Podman via its Docker-compat socket. --podman-socket is optional — if empty, pumba probes $CONTAINER_HOST, $PODMAN_SOCK, podman machine inspect, /run/podman/podman.sock, and $XDG_RUNTIME_DIR/podman/podman.sock in order.

# Kill a container by name via Podman (rootful socket auto-detected)
sudo pumba --runtime podman kill mycontainer

# Add network delay via Podman (requires rootful socket)
sudo pumba --runtime podman netem --duration 5m delay --time 3000 mycontainer

# Stress CPU via Podman (default child-cgroup mode)
sudo pumba --runtime podman stress --duration 60s --stressors="--cpu 4 --timeout 60s" mycontainer

# Explicit socket override
pumba --runtime podman --podman-socket unix:///run/podman/podman.sock kill mycontainer

netem, iptables, and stress require rootful Podman — rootless fails fast with a clear message pointing at podman machine set --rootful (macOS) or the rootful systemd unit (Linux).

macOS development with Podman

Podman on macOS runs inside a Linux VM. Pumba must run on the same kernel as the target containers (host-side /proc/<pid>/cgroup read), so run the pumba binary inside the podman machine VM:

# one-time setup
brew install podman
podman machine init --rootful --cpus 4 --memory 4096 --now
podman machine ssh sudo dnf install -y bats      # optional, for bats tests

# copy a linux/arm64 or linux/amd64 pumba binary into the VM
podman machine ssh sudo cp /path/to/pumba /usr/local/bin/

# run inside the VM
podman machine ssh sudo pumba --runtime podman --log-level debug ps
podman machine ssh sudo pumba --runtime podman netem --duration 10s delay --time 200 <container-id>

Flag	Default	Description
--runtime	docker	Container runtime (docker, containerd, or podman)
--containerd-socket	/run/containerd/containerd.sock	containerd socket path
--containerd-namespace	k8s.io	containerd namespace (k8s.io for Kubernetes, moby for Docker)
--podman-socket	(auto-detected)	Podman socket URI (e.g. unix:///run/podman/podman.sock); empty triggers auto-detection

Tip: For network chaos on containers without tc/iptables, use --tc-image to spawn a sidecar:

pumba --runtime containerd netem --tc-image ghcr.io/alexei-led/pumba-alpine-nettools:latest \
  --duration 5m delay --time 3000 <container-id>

Run with Docker

docker run -it --rm \
  -v /var/run/docker.sock:/var/run/docker.sock \
  ghcr.io/alexei-led/pumba --interval=10s --random kill "re2:^test"

Docker Images

Registry	Image	Status
GitHub Container Registry	ghcr.io/alexei-led/pumba	✅ Primary
Docker Hub	alexeiled/pumba	⚠️ Deprecated

Images are built natively for linux/amd64 and linux/arm64 (no QEMU).

Documentation

Document	Description
User Guide	Container chaos commands, targeting, scheduling, configuration
Network Chaos	netem, iptables, advanced scenarios, architecture diagrams
Stress Testing	CPU/memory/IO stress testing with stress-ng
Deployment	Docker, Kubernetes DaemonSets, OpenShift
Contributing	Build from source, run tests, project structure

Demo

Community & Support

• Issues: GitHub Issues
• Blog: Pumba - Chaos Testing for Docker

License

Apache License 2.0