Permissions
This topic lists the RBAC permissions required to execute DDCR-based Kubernetes faults.
| Resource | Modes (Scope of chaos agent) | Permissions required | Uses |
|---|---|---|---|
| pods | Namespaced, Cluster | [create, delete, get, list, patch, update, watch, deletecollection] |
|
| secrets, configmaps, services | Namespaced, Cluster | [create, delete, get, list, patch, update, watch, deletecollection] | Creating and monitoring helper pods. |
| deployments, replicasets, daemonsets, statefulsets | Namespaced, Cluster | [get, list] | Checking app parent resources as eligible chaos candidate. |
| replicationcontrollers | Namespaced, Cluster | [get, list] | Checking app parent resources as eligible chaos candidate. |
| services | Namespaced, Cluster | [get, list] | Checking app parent resources as eligible chaos candidate. |
| deploymentconfigs | Namespaced, Cluster | [get, list] | Checking app parent resources as eligible chaos candidate in OpenShift environments. |
| rollouts | Namespaced, Cluster | [get, list] | Checking app parent resources as eligible chaos candidate. |
| jobs | Namespaced, Cluster | [create, delete, get, list, patch, update, watch, deletecollection] | Creating and monitoring helper pods. |
| pods/logs | Namespaced, Cluster | [get, list, watch] | Tracking and getting logs of helper pods. |
| deployments | Namespaced, Cluster | [create, delete, get, list, patch, update, deletecollection] | To manage the self pod lifecycle. |