OpenShift chaos infrastructure
You can install chaos infrastructure in your target environment as a Kubernetes service, Linux daemon, and so on. This section walks you through steps to install chaos infrastructure on an Openshift cluster.
1. Create or identify the target namespace and install the service accounts
Create or identify the target chaos namespace in which you will deploy the chaos infrastructure.
You will use the hce
namespace in this case.
kubectl create ns hce
You can create the service account in the cluster mode or the namespace mode.
To install in the cluster mode, create the service accounts using the cluster-mode-sa.yaml file. You can download the file and apply it.
To install in the namespace mode, create the service accounts using the namespace-mode-sa.yaml file. You can download the file and apply it.
If you have a different namespace, replace the namespace with <your-namespace>
in the manifest.
kubectl create cluster-mode-sa.yaml -n hce
Output
$> kubectl apply -f cluster-mdoe-sa.yaml -n hce
serviceaccount/litmus-admin created
serviceaccount/hce created
serviceaccount/argo-chaos created
serviceaccount/argo created
serviceaccount/litmus-cluster-scope created
2. Create Litmus Security Context Constraint (SCC) and authenticate it with the service account
To create the litmus SCC,
-
Copy the contents of the litmus SCC manifest to
litmus-scc.yaml
file. -
Apply this manifest to your chaos infrastructure.
kubectl apply -f litmus-scc.yaml
Output
$> kubectl apply -f litmus-scc.yaml
securitycontextconstraints.security.openshift.io/litmus-scc created
-
Authenticate all
hce
service accounts withlitmus-scc
:oc adm policy add-scc-to-user litmus-scc -z <SERVICE-ACCOUNT-NAME> --as system:admin -n <CHAOS-NAMESPACE>
- Replace
<CHAOS-NAMESPACE>
with the namespace where litmus is installed. (Here litmus) - Replace
<SERVICE-ACCOUNT-NAME>
with the name of hce service accounts.
In this case, the exact command is:
oc adm policy add-scc-to-user litmus-scc -z litmus-admin,argo-chaos,argo,litmus-cluster-scope,default,hce --as system:admin -n hce
Output
clusterrole.rbac.authorization.k8s.io/system:openshift:scc:litmus-scc added: ["litmus-admin" "argo-chaos" "argo" "litmus-cluster-scope" "default" "hce"]
To learn more about SCC, go to SCC documentation.
3. Get the manifest to install chaos infrastructure
After connecting to a chaos infrastructure, select the installation mode (cluster scope or namespace scope).
Provide the namespace and the service account name. To use a service account other than hce
, create a new service account and authenticate it with litmus-scc by following steps 1 and 2.
4. Verify the installation
Verify if all the pods are in Running
state (optional).
$> kubectl get pods -n hce
NAME READY STATUS RESTARTS AGE
chaos-exporter-6c4b6d6c48-cht2d 1/1 Running 0 23s
chaos-operator-ce-57f5f7ccdb-m7g7f 1/1 Running 0 24s
subscriber-57798b696b-69vtr 1/1 Running 0 14s
workflow-controller-67b87685fb-h6k5b 1/1 Running 0 29s
Ensure that the state of the chaos infrastructure is CONNECTED
.
5. Run chaos experiments
To run Kubernetes experiments, you need to tune the parameters associated with the fault. You can update or add the below mentioned environment variables while tuning the faults.
- name: CONTAINER_RUNTIME
value: crio
- name: SOCKET_PATH
value: /run/crio/crio.sock
- name: SET_HELPER_DATA
value: false