Skip to main content

Permissions Required

The table below describes the permissions required to inject fault into VMware.

Chaos agent deployment model Centralized chaos agent on Kubernetes (leverage VMware tools to inject chaos processes inside the guest VM)
Connectivity requirements from agent
  • Outbound over port 443 to Harness from Kubernetes cluster
  • Outbound over 443 to vCenter from Kubernetes cluster
  • Outbound to application health endpoints (ones which will be used for resilience validation) from kubernetes cluster.
Connectivity requirements from VM/cluster/app
  • Inbound over port 443 on ESX Host (from Kubernetes chaos agent).
Access requirements for agent install
  • Install agent as a cluster-admin or as a user mapped to cluster role with these permissions.
Access requirements for basic chaos experiments
  • vCenter user should be mapped to a predefined chaos role
  • VMware tools should be setup on the VM
  • Remote command injection can be performed with non-administrator user
Access requirements for advanced chaos experiments
  • vCenter user should be mapped to a predefined chaos role
  • VMware tools should be setup on the VM
  • Remote command injection can be performed with administrator user
Supported chaos faults

vCenter Based Chaos User-Access Requirements

  • Datastore

    • Browse datastore

  • Global

    • Cancel task

  • Scheduled task

    • Create tasks
    • Modify task
    • Remove task
    • Run task

  • vApp

    • Power off
    • Power on

  • Virtual machine

    • Change Configuration
    • Acquire disk lease
    • Add existing disk
    • Add new disk
    • Add or remove device
    • Advanced configuration
    • Change CPU count
    • Change Memory
    • Change Settings
    • Change resource
    • Modify device settings
    • Remove disk
    • Rename
    • Reset guest information
    • Upgrade virtual machine compatibility

  • Guest operations

    • Guest operation alias modification
    • Guest operation alias query
    • Guest operation modifications
    • Guest operation program execution
    • Guest operation queries

  • Interaction

    • Answer question
    • Configure CD media
    • Configure floppy media
    • Connect devices
    • Console interaction
    • Guest operating system management by VIX API
    • Install VMware Tools
    • Power off
    • Power on
    • Reset
    • Suspend

  • Snapshot management

    • Create snapshot
    • Remove snapshot
    • Rename snapshot
    • Revert to snapshot