OpenShift Chaos Infrastructure
This topic describes OpenShift Chaos Infrastructure and its installation.
Harness CE supports the installation of OpenShift infrastructure to execute chaos experiments. Follow the steps below to install the OpenShift infrastructure.
Step 1: Create / identify target namespace and install the service accounts
Create or identify the target chaos namespace in which you will deploy the chaos infrastructure.
You will use the hce namespace in this case.
kubectl create ns hce
You can create the service account in the cluster mode or the namespace mode.
To install in the cluster mode, create the service accounts using the cluster-mode-sa.yaml file. You can download the file and apply it.
To install in the namespace mode, create the service accounts using the namespace-mode-sa.yaml file. You can download the file and apply it.
If you have a different namespace, replace the namespace with <your-namespace> in the manifest.
kubectl create cluster-mode-sa.yaml -n  hce
Output
$> kubectl apply -f cluster-mdoe-sa.yaml -n hce
serviceaccount/litmus-admin created
serviceaccount/hce created
serviceaccount/argo-chaos created
serviceaccount/argo created
serviceaccount/litmus-cluster-scope created
Step 2: Create Litmus Security Context Constraint (SCC) and authenticate it with the service account
To create the litmus SCC,
- 
Copy the contents of the litmus SCC manifest to litmus-scc.yamlfile.
- 
Apply this manifest to your chaos infrastructure. kubectl apply -f litmus-scc.yaml
Output
$> kubectl apply -f litmus-scc.yaml
securitycontextconstraints.security.openshift.io/litmus-scc created
- 
Authenticate all hceservice accounts withlitmus-scc:oc adm policy add-scc-to-user litmus-scc -z <SERVICE-ACCOUNT-NAME> --as system:admin -n <CHAOS-NAMESPACE>
- Replace <CHAOS-NAMESPACE>with the namespace where litmus is installed. (Here litmus)
- Replace <SERVICE-ACCOUNT-NAME>with the name of hce service accounts.
In this case, the exact command is:
oc adm policy add-scc-to-user litmus-scc -z litmus-admin,argo-chaos,argo,litmus-cluster-scope,default,hce --as system:admin -n hce
Output
clusterrole.rbac.authorization.k8s.io/system:openshift:scc:litmus-scc added: ["litmus-admin" "argo-chaos" "argo" "litmus-cluster-scope" "default" "hce"]
To learn more about SCC, go to SCC documentation.
Step 3: Get manifest to install chaos infrastructure
After connecting to a chaos infrastructure, select the installation mode (cluster scope or namespace scope).

Provide the namespace and the service account name. To use a service account other than hce, create a new service account and authenticate it with litmus-scc by following steps 1 and 2.
Step 4: Verify the installation
Verify if all the pods are in Running state (optional).
$> kubectl get pods -n hce
NAME                                   READY   STATUS    RESTARTS   AGE
chaos-exporter-6c4b6d6c48-cht2d        1/1     Running   0          23s
chaos-operator-ce-57f5f7ccdb-m7g7f     1/1     Running   0          24s
subscriber-57798b696b-69vtr            1/1     Running   0          14s
workflow-controller-67b87685fb-h6k5b   1/1     Running   0          29s
Ensure that the state of the chaos infrastructure is CONNECTED.

Step 5: Run chaos experiments
To run Kubernetes experiments, you need to tune the parameters associated with the fault. You can update or add the below mentioned environment variables while tuning the faults.
- name: CONTAINER_RUNTIME
  value: crio
- name: SOCKET_PATH
  value: /run/crio/crio.sock
- name: SET_HELPER_DATA
  value: false