Litmus helps SREs and developers practice chaos engineering in a Cloud-native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q
I am trying to run experiments listed in litmus in my devops cluster, I am able to successfully install it, but when I trigger the experiment for example pod-memory hog using all the rbacs and crds required I am facing some issue with the security policies which is not letting litmus create a helper pod which triggers the experiment? Since psps are deprecated in kubernets 1.21+ hence kindly if you could suggest how to proceed forward?
This is the log of the error when I see the chaosresults:
Fail Step: [chaos]: Failed inside the chaoslib, err: unable to create the helper pod, err: pods "pod-memory-hog-helper-moyujf" is forbidden: PodSecurityPolicy: unable to admit pod: [spec.securityContext.hostPID: Invalid value: true: Host PID is not allowed to be used spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.containers[0].securityContext.capabilities.add: Invalid value: "SYS_ADMIN": capability may not be added]
I am trying to run experiments listed in litmus in my devops cluster, I am able to successfully install it, but when I trigger the experiment for example pod-memory hog using all the rbacs and crds required I am facing some issue with the security policies which is not letting litmus create a helper pod which triggers the experiment? Since psps are deprecated in kubernets 1.21+ hence kindly if you could suggest how to proceed forward? This is the log of the error when I see the chaosresults: Fail Step: [chaos]: Failed inside the chaoslib, err: unable to create the helper pod, err: pods "pod-memory-hog-helper-moyujf" is forbidden: PodSecurityPolicy: unable to admit pod: [spec.securityContext.hostPID: Invalid value: true: Host PID is not allowed to be used spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.containers[0].securityContext.capabilities.add: Invalid value: "SYS_ADMIN": capability may not be added]