Fault-wise permissions

This table lists the permissions required to execute Kubernetes fault (node-level and pod-level).

tip

• NA refers to Not Applicable.
• NA* indicates that the permissions are not required for pod-level experiments by default, but if you want to target the pods on specific node, then the permissions will be required.
• Starred pod-level experiments indicate that they don't require helper pods for execution.

Read the permission as: "You can create pod delete fault in Namespaced and cluster mode, and on the pod entity, it requires permissions to [create, delete, get, list, patch, deletecollection, update] the pod.

Permissions required for pod-level faults

Pod-level faults	Mode (Scopes of chaos agent)	Permissions required
Pod delete *	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Container kill	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA networkpolicies = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Disk fill	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod API block	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod API latency	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod API modify body	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod API modify header	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod API status code	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod autoscaler *	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list, patch, update] replicasets, daemonsets = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod CPU hog exec *	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod CPU hog	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod DNS error	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod DNS spoof	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod HTTP latency	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod HTTP modify body	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod HTTP modify header	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod HTTP reset peer	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod HTTP status code	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod IO attribute override	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod IO error	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod IO latency	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod IO stress	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod memory hog exec *	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod memory hog	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod network corruption	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod network duplication	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod network latency	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod network loss	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod network partition *	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = [create, delete, get, list] jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Pod network rate limit	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Time chaos	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*

Permissions required for node-level faults

Node-level faults	Mode (Scopes of chaos agent)	Permissions required
Kubelet service kill	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = NA replicasets, daemonsets = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = [get, list]
Node CPU hog	Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = NA replicasets, daemonsets = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = [get, list]
Node drain	Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = NA replicasets, daemonsets = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = [get, list, create] nodes = [get, list, patch, update]
Node IO stress	Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = NA replicasets, daemonsets = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = [get, list]
Node memory hog	Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = NA replicasets, daemonsets = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = [get, list]
Node network latency	Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = NA replicasets, daemonsets = NA networkpolicies = NA jobs = create, delete, get, list, deletecollection chaosEngines, chaosExperiments, chaosResults = create, delete, get, list, patch, update secrets = NA pod eviction = NA nodes = [get, list]
Node network loss	Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = NA replicasets, daemonsets = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = [get, list]
Node restart	Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = NA replicasets, daemonsets = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = [get, list] pod eviction = NA nodes = [get, list]
Node taint	Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = [get, list, create] deployments, statefulsets = NA replicasets, daemonsets = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = [get, list, create] nodes = [get, list, patch, update]
Kubelet density	Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = [get, list] pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = NA replicasets, daemonsets = NA networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = [get, list] pod eviction = NA nodes = [get, list]

Permissions required for Spring boot faults

Spring boot	Mode (Scopes of chaos agent)	Permissions required
Spring boot app kill	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Spring boot CPU stress	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Spring boot memory stress	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Spring boot latency	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Spring boot exception	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*
Spring boot fault	Namespaced, Cluster	pod = [create, delete, get, list, patch, deletecollection, update] events = [create, get, list, patch, update] configMaps = NA pods/log = [get, list, watch] pods/exec = NA deployments, statefulsets = [get, list] replicasets, daemonsets = [get, list] networkpolicies = NA jobs = [create, delete, get, list, deletecollection] chaosEngines, chaosExperiments, chaosResults = [create, delete, get, list, patch, update] secrets = NA pod eviction = NA nodes = NA*