Skip to main content

OpenShift chaos infrastructure

You can install chaos infrastructure in your target environment as a Kubernetes service, Linux daemon, and so on. This section walks you through steps to install chaos infrastructure on an Openshift cluster.

1. Create or identify the target namespace and install the service accounts

Create or identify the target chaos namespace in which you will deploy the chaos infrastructure. You will use the hce namespace in this case.

kubectl create ns hce

You can create the service account in the cluster mode or the namespace mode.

To install in the cluster mode, create the service accounts using the cluster-mode-sa.yaml file. You can download the file and apply it.

To install in the namespace mode, create the service accounts using the namespace-mode-sa.yaml file. You can download the file and apply it.

If you have a different namespace, replace the namespace with <your-namespace> in the manifest.

kubectl create cluster-mode-sa.yaml -n  hce

Output

$> kubectl apply -f cluster-mdoe-sa.yaml -n hce
serviceaccount/litmus-admin created
serviceaccount/hce created
serviceaccount/argo-chaos created
serviceaccount/argo created
serviceaccount/litmus-cluster-scope created

2. Create Litmus Security Context Constraint (SCC) and authenticate it with the service account

To create the litmus SCC,

  • Copy the contents of the litmus SCC manifest to litmus-scc.yaml file.
  • Apply this manifest to your chaos infrastructure.
kubectl apply -f litmus-scc.yaml

Output

$> kubectl apply -f litmus-scc.yaml
securitycontextconstraints.security.openshift.io/litmus-scc created
  • Authenticate all hce service accounts with litmus-scc:
oc adm policy add-scc-to-user litmus-scc -z <SERVICE-ACCOUNT-NAME> --as system:admin -n <CHAOS-NAMESPACE>
note
  • Replace <CHAOS-NAMESPACE> with the namespace where litmus is installed. (Here litmus)
  • Replace <SERVICE-ACCOUNT-NAME> with the name of hce service accounts.

In this case, the exact command is:

oc adm policy add-scc-to-user litmus-scc -z litmus-admin,argo-chaos,argo,litmus-cluster-scope,default,hce --as system:admin -n hce

Output

clusterrole.rbac.authorization.k8s.io/system:openshift:scc:litmus-scc added: ["litmus-admin" "argo-chaos" "argo" "litmus-cluster-scope" "default" "hce"]
tip

To learn more about SCC, go to SCC documentation.

3. Get the manifest to install chaos infrastructure

After connecting to a chaos infrastructure, select the installation mode (cluster scope or namespace scope).

configure-chaos-infra

note

Provide the namespace and the service account name. To use a service account other than hce, create a new service account and authenticate it with litmus-scc by following steps 1 and 2.

4. Verify the installation

Verify if all the pods are in Running state (optional).

$> kubectl get pods -n hce


NAME READY STATUS RESTARTS AGE
chaos-exporter-6c4b6d6c48-cht2d 1/1 Running 0 23s
chaos-operator-ce-57f5f7ccdb-m7g7f 1/1 Running 0 24s
subscriber-57798b696b-69vtr 1/1 Running 0 14s
workflow-controller-67b87685fb-h6k5b 1/1 Running 0 29s

Ensure that the state of the chaos infrastructure is CONNECTED.

verify-chaos-infra-state

5. Run chaos experiments

To run Kubernetes experiments, you need to tune the parameters associated with the fault. You can update or add the below mentioned environment variables while tuning the faults.

- name: CONTAINER_RUNTIME
value: crio
- name: SOCKET_PATH
value: /run/crio/crio.sock
- name: SET_HELPER_DATA
value: false