This topic describes the permissions required to execute Linux chaos experiments.
| Chaos agent deployment model | Native Chaos Agent on Each VM (system service within Target Linux Machine) | Centralized Chaos agent on Kubernetes (leverage VMware Tools to inject chaos processes inside guest VM ) |
|---|
| Connectivity requirements from agent | - Outbound over port 443 to Harness from VM.
- Outbound to application health endpoints (ones which will be used for resilience validation) from VM
| - Outbound over port 443 to Harness from Kubernetes cluster
- Outbound over 443 to vCenter from Kubernetes cluster
- Outbound to application health endpoints (ones which will be used for resilience validation) from kubernetes cluster.
|
|---|
| Connectivity requirements from VM/cluster/app | - Application and chaos agent co-exist on the same VM.
| - Inbound over port 443 on ESX Host (from Kubernetes chaos agent)
|
|---|
| Access requirements for agent install | - Install agent as root user.
| - Install agent as a cluster-admin or as a user mapped to cluster role with these permissions.
|
|---|
| Access requirements for basic chaos experiments | - Run experiments with non-root user.
| - vCenter user should be mapped to a predefined chaos role.
- VMware tools should be setup on the VM.
- Remote command injection can be performed with non-root user.
|
|---|
| Access requirements for advanced chaos experiments | - Run experiments with non-root user.
| - vCenter user should be mapped to a predefined chaos role.
- VMware tools should be setup on the VM.
- Remote command injection can be performed with non-root user.
|
|---|
| Supported chaos faults | | |
|---|