Chaos agent installation access requirements
This topic lists the Kubernetes chaos agent installation access requirement for discovery and all types of faults.
Resource | Modes (Scope of chaos agent) | Permissions required | Use |
---|---|---|---|
pod | Namespaced, Cluster | [create, delete, get, list, patch, update, deletecollection] | Manage transient pods created to perform chaos. |
events | Namespaced, Cluster | [create, get, list, patch, update] | Generate and manage chaos events. |
secrets | Namespaced, Cluster | [get, update, patch, create] | To read authentication information (cluster ID and access-keys), configuration tunables. |
ConfigMaps | Namespaced, Cluster | [get, list, create, patch, update, watch, delete] | Configuration tunables and leader-election. |
pods/log | Namespaced, Cluster | [get, list, watch] | Track execution logs. |
jobs | Namespaced, Cluster | [create, delete, get, list, deletecollection] | Chaos experiments are launched as Kubernetes jobs. |
pods/exec, pods/eviction | Namespaced, Cluster | [get, list, create] |
|
services | Namespaced, Cluster | [get, list] |
|
deployments, statefulsets | Namespaced, Cluster | [get, list, patch, update, delete] | For asset discovery and pod-autoscaler fault. |
replicasets, replicationcontrollers, daemonsets, deploymentconfigs, rollouts | Namespaced, Cluster | [get, list] | For asset discovery of available resources on the cluster so that you can target them with chaos experiments. |
networkpolicies | Namespaced, Cluster | [create, delete, list, get] | Cause chaos through network partitions. |
nodes | Cluster-scoped only | [patch, get, list, update, watch] | Filter or isolate chaos targets to specific nodes. Subject nodes to chaos (only in cluster-scope). |
namespaces | Cluster-scoped only | [get, list, watch] | For asset discovery to list the namespaces(only in cluster-scope). |
chaosengines, chaosexperiments, chaosresults, chaosschedules, chaosengines/finalizers | Namespaced, Cluster | [create, delete, get, list, patch, update] | Lifecycle management of chaos custom resources in CE. |
customresourcedefinitions | Cluster-scoped only | [create, delete, get, list, patch, update] | Lifecycle management of chaos custom resources in CE. |
leases | Namespaced, Cluster | [get, create, list, update, delete] | Enable high availability of chaos custom controllers via leader elections. |
workflows, workflows/finalizers, workflowtemplates, workflowtemplates/finalizers cronworkflows, cronworkflows/finalizers, | Namespaced, Cluster | [create, delete, get, list, patch, update, watch] | Lifecycle management of chaos custom resources in workflow controller. |
clusterworkflowtemplates, clusterworkflowtemplates/finalizers | Cluster-scoped only | [create, delete, get, list, patch, update, watch] | Lifecycle management of chaos custom resources in workflow controller. |
workflowtasksets, workflowartifactgctasks, workflowtaskresults | Namespaced, Cluster | [get, list, watch, deletecollection] | Lifecycle management of chaos custom resources in workflow controller. |