8.1 KiB
| id | title | sidebar_label | original_id |
|---|---|---|---|
| admin-mode | Administrator Mode | Administrator Mode | admin-mode |
What is Adminstator Mode?
Admin mode is one of the ways the chaos orchestration is set up in Litmus, wherein all chaos resources (i.e., install time resources like the operator, chaosexperiment CRs, chaosServiceAccount/rbac and runtime resources like chaosengine, chaos-runner, experiment jobs & chaosresults) are set up in a single admin namespace (typically, litmus). In other words, centralized administration of chaos. This feature is aimed at making the SRE/Cluster Admins' life easier by doing away with setting up chaos pre-requisites on a per namespace basis (which may be more relevant in an autonomous/self-service cluster sharing model in dev environments). This mode typically needs a "wider" & "stronger" ClusterRole, albeit one that is still just a superset of the individual experiment permissions. In this mode, the applications in their respective namespaces are subjected to chaos while the chaos job runs elsewhere, i.e., admin namespace.
How to use Adminstator Mode?
In order to use Admin Mode, you just have to create a ServiceAccount in the admin or so-called chaos namespace (litmus itself can be used), which is tied to a ClusterRole that has the permissions to perform operations on Kubernetes resources involved in the selected experiments across namespaces. Provide this ServiceAccount in ChaosEngine's .spec.chaosServiceAccount.
Supported Experiments in Namespaced Mode
| Experiment | Scope of the experiment |
|---|---|
| Pod Delete | Pod Level |
| Container Kill | Pod Level |
| Pod Network Loss | Pod Level |
| Pod Network Latency | Pod Level |
| Pod Network Duplication | Pod Level |
| Pod Network Corruption | Pod Level |
| Pod CPU Hog | Pod Level |
| Pod Memory Hog | Pod Level |
| Disk Fill | Pod Level |
| Pod Autoscaler | Pod Level |
| Node CPU Hog | Infra Level |
| Node Memory Hog | Infra Level |
| Node IO Stress | Infra Level |
| Node Drain | Infra Level |
| Node Taint | Infra Level |
| Node Restart | Infra Level |
| Kubelet Service Kill | Infra Level |
| Docker Service Kill | Infra Level |
| EC2 instance Terminate | Infra Level |
| EBS Loss | Infra Level |
Role Based Access Control (RBAC) Permission in Namespaced Mode
In Admin mode the RBAC for different litmus components are as follows,
- Argo
- Litmus Cluster Scope
- Litmus Admin(for running experiments)
- Subscriber
- Litmus Event Tracker
Install Litmus Portal in Admin Mode
To install Litmus portal on admin mode refer to our installation steps!
Deploy sample Application Hello World under Chaos (Optional)
We can now deploy a sample hello world application under chaos (AUT) in any namespace.
kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/platforms/okteto/hello-world-AUT.yml -n <namespace>
Output:
deployment.apps/hello-world created
service/hello-world created
Create project from portal and check service accounts
After logging in to the portal by following the installation steps, the next page will ask you to create a project. You can give a name of your project and click on Continue. In the next step you will be asked to change the password. You can keep the same password for the sake of simplicity, i.e litmus.
With this, you’re done with the initial setup and you’ll arrive at the Welcome page. Here, you can check the Targets option from the side bar if it changes to Active state from Pending state or not.
Now, you can again go back to the cluster and check the pods in the target namespace (here litmus).
$ kubectl get pods -n litmus
NAME READY STATUS RESTARTS AGE
argo-server-8497bdfd84-kk2vw 1/1 Running 0 3m28s
chaos-exporter-5fbd968db-z4n4f 1/1 Running 0 3m36s
chaos-operator-ce-c749c49cd-w8t4k 1/1 Running 0 3m36s
event-tracker-647db5959d-gshql 1/1 Running 0 3m29s
hello-world-867646c44b-f985x 1/1 Running 0 75m
hello-world-867646c44b-kqkbz 1/1 Running 0 75m
litmusportal-frontend-97c8bf86b-mx89w 1/1 Running 2 75m
litmusportal-server-5cfbfc88cc-m6c5j 2/2 Running 2 75m
mongo-0 1/1 Running 0 75m
subscriber-676fd59f59-xcvc2 1/1 Running 0 3m30s
workflow-controller-7dbc97dc75-7c6b9 1/1 Running 0 3m27s
You’ll find that some new deployment is shown which includes litmus infra components like ChaosOperator and monitoring component ChaosExporter to generate chaos metrics. Also, some new service accounts have been created to run chaos.
$ kubectl get sa -n litmus
NAME SECRETS AGE
argo 1 6m19s
argo-chaos 1 6m24s
argo-server 1 6m18s
default 1 78m
litmus 1 6m29s
litmus-admin 1 6m25s
litmus-event-tracker-sa 1 6m22s
litmus-namespace-scope 1 6m27s
litmus-server-account 1 78m
With this, we are done setting up litmus in admin mode!