Requirements

This topic describes the permissions required to execute chaos experiments on the Cloud Foundry platform.

Private cloud

TAS (Tanzu Application Service) platform (for Cloud Foundry)

Chaos agent deployment model	Chaos agent on each Diego cell (systemd-based service within Diego cell)	Chaos agent as a Cloud Foundry app with chaos sidecars (agent runs as CF application, and includes chaos sidecar in application containers)	Centralized chaos agent on Tanzu Ops manager (jumpbox) (systemd-based service within the jumpbox)
Connectivity requirements from agent	Outbound over port 443 to Harness from CF Diego cell. Outbound to application health endpoints (ones which will be used for resilience validation) from the VM.	Outbound over port 443 to Harness from CF chaos agent app. Outbound to application health endpoints (ones which will be used for resilience validation). Inbound over port 8081 from target apps (running chaos sidecar process).	Outbound over port 443 to Harness from CF app container. Outbound to application health endpoints (ones which will be used for resilience validation) from the VM.
Connectivity requirements from VM/cluster/app	Application and chaos agent co-exist on the same VM.	Application and chaos agent co-exist as apps on the same PCF cluster. However, you need to set up network policy for outbound from target apps running chaos sidecar process to the CF chaos agent app.	Inbound over port 22 (via cf-ssh) into Diego cell from Tanzu Ops Manager/Jumpbox VM
Access requirements for agent install	Install agent as a root user.	Install agent pcf app and bundle chaos sidecar into target apps as a CF space developer. Both the app and the sidecar process can run with non-root user. Go to sidecar-based chaos approach for more information.	Install agent as a root user.
Access requirements for basic chaos experiments	Run experiments with non-root user.	Run experiments with non-root user.	Run experiments with non-root user.
Access requirements for advanced chaos experiments	Run experiments with root user.	Run experiments with non-root user.	Run experiments with root user.
Chaos deployment and architecture details	Go to HCE CF chaos approach and deployment architecture> for more information. Go to FAQ to understand how this model compares with the other deployment models and why the agent runs with root user.	Go to CF chaos approach and deployment architecture.	Go to CF chaos approach and deployment architecture.
Supported chaos faults	Basic CF faults with non-root agent in diego cell Basic and advanced CF faults with root agent in diego cell.	Supported CF faults via app-based chaos agent leveraging chaos sidecars app containers.	Basic CF faults with non-root agent in diego cell. Basic and advanced CF faults with root agent in diego cell.