Version: 2.1.4

Configure namespace for Chaos experiments

This chapter walks you through how to configure Chaos experiments to only take effect in the specified namespace, and protect other unspecified namespaces against fault injection.

Control the scope where the Chaos experiment takes effect

Chaos Mesh offers two ways to control the scope of the Chaos experiment to take effect:

  • To configure Chaos experiments to only take effect in the specified namespace, you need to enable the FilterNamespace feature (which is off by default). This feature takes effect on a global scope. After this feature is enabled, you can add annotations to the namespace in which Chaos experiments are allowed to take effect. Other namespaces without annotations are protected against fault injection.
  • To specify the scope for a single Chaos experiment to take effect, refer to Define the scope of a Chaos experiment.

Enable FilterNamespace

If you have not installed Chaos Mesh yet, you can enable this feature during installation by adding --set controllerManager.enableFilterNamespace=true to the command when installing using Helm. The following is a command example in the Docker container:

note

When you use Helm for installation, commands and parameters differ for different containers. Refer to Install Chaos Mesh using Helm for more information.

If you have installed Chaos Mesh using Helm, you can enable this feature by upgrading the configuration with the helm upgrade command. For example:

For helm upgrade, you can set multiple parameters by adding multiple --set in the command. Later settings override previous settings. For example, if you add --set controllerManager.enableFilterNamespace=false -set controllerManager.enableFilterNamespace=true in the command, it still enables this feature.

You can also specify a YAML file using the -f parameter to describe the configuration. Refer to Helm upgrade for more information.

Add annotations to namespaces for Chaos experiments

When FilterNamespace is enabled, Chaos Mesh only injects faults to namespaces containing the annotation chaos-mesh.org/input=enabled. Therefore, before starting Chaos experiments, you need to add this annotation to the namespace in which Chaos experiments can take effect, while other namespaces are protected agains fault injection.

You can add the annotation for a namespace using the following kubectl command:

  1. kubectl annotate ns $NAMESPACE chaos-mesh.org/inject=enabled

In the above command, $NAMESPACE refers to the name of the namespace, for example, default. If the annotation is successfully added, the output is as follows:

  1. namespace/$NAMESPACE annotated

If you want to delete this annotation, you can use the following command:

  1. kubectl annotate ns $NAMESPACE chaos-mesh.org/inject-

If the annotation is successfully deleted, the output is as follows:

  1. namespace/$NAMESPACE annotated

Check all namespaces where Chaos experiments take effect

You can list all the namespaces that allows Chaos experiments using the following command:

  1. kubectl get ns -o jsonpath='{.items[?(@.metadata.annotations.chaos-mesh\.org/inject=="enabled")].metadata.name}'

This command outputs all the namespaces with the chaos-mesh.org/input=enabled annotation. For example:

  1. default