Prerequisites
This topic describes the prerequisites to fulfill before executing chaos experiments on HCE SaaS and the steps to execute a chaos experiment.
Before you begin, review the following:
Permissions Required
-
Obtain the permissions required and prepare your target system (VM or K8s):
- Prepare yourself with the right permissions (
Chaos Resources Role Permissions
inAccess Control
). Your target system or application can reside on a VM or a K8s cluster, prepare accordingly. - Prepare yourself with the respective permissions on the cloud account or the Kubernetes cluster or the VM (Kube RBAC, IAM Roles): Depending on the platform where you wish to execute your chaos experiments, you will need specific permissions.
- Prepare yourself with the right permissions (
-
Enable the necessary Feature Flags (as a general step) and corresponding sanity checks (such as places to click, and entities to see enabled): Some features may be behind a Feature Flag. You can contact Harness Support to enable the flag feature for your account.
-
Prepare network connectivity, firewall rules (if any), and identify proxy requirements,.
-
Identify application (or infrastructure) steady-state parameters (even if this requires manual effort)- using APMs or logs or other methods: You can use resilience probes to monitor your application and validate the data.
-
Identify image registry requirements and steps to set up the registry with secrets: Chaos experiments use Docker images that need to be stored in a repository. In HCE, these images are hosted in image registry.
-
Identify specific needs, especially for Kubernetes. You might need to specify the following while creating a chaos experiment:
- Namespace quotas: Ensure that you configure the namespace in the right manner to limit the exposure of all services of your application.
- Workload-specific labels or annotations
- Workload resource limits
- Proxy environments for outbound container
- Specific nodes or groups where workloads should reside
-
Identify permissions for advanced use cases, which may vary, such as SCC, IRSA, etc.: For advanced use cases, you may require the administrator to control the pods in your cluster, that requires security policies, such as PSP, Kyverno to enforce runtime security, and so on.
-
ChaosHub requirements and connectivity to Git sources: To add custom chaos experiments based on your requirements, you can add a custom ChaosHub.