Configure namespace for Chaos experiments
This chapter walks you through how to configure Chaos experiments to only take effect in the specified namespace, and protect other unspecified namespaces against fault injection.
Control the scope where the Chaos experiment takes effect
Chaos Mesh offers two ways to control the scope of the Chaos experiment to take effect:
- To configure Chaos experiments to only take effect in the specified namespace, you need to enable the FilterNamespace feature (which is off by default). This feature takes effect on a global scope. After this feature is enabled, you can add annotations to the namespace in which Chaos experiments are allowed to take effect. Other namespaces without annotations are protected against fault injection.
- To specify the scope for a single Chaos experiment to take effect, refer to Define the scope of a Chaos experiment.
Enable FilterNamespace
If you have not installed Chaos Mesh yet, you can enable this feature during installation by adding --set controllerManager.enableFilterNamespace=true
to the command when installing using Helm. The following is a command example in the Docker container:
When you use Helm for installation, commands and parameters differ for different containers. Refer to Install Chaos Mesh using Helm for more information.
If you have installed Chaos Mesh using Helm, you can enable this feature by upgrading the configuration with the helm upgrade
command. For example:
For helm upgrade
, you can set multiple parameters by adding multiple --set
in the command. Later settings override previous settings. For example, if you add --set controllerManager.enableFilterNamespace=false -set controllerManager.enableFilterNamespace=true
in the command, it still enables this feature.
You can also specify a YAML file using the -f
parameter to describe the configuration. Refer to Helm upgrade for more information.
Add annotations to namespaces for Chaos experiments
When FilterNamespace is enabled, Chaos Mesh only injects faults to namespaces containing the annotation chaos-mesh.org/inject=enabled
. Therefore, before starting Chaos experiments, you need to add this annotation to the namespace in which Chaos experiments can take effect, while other namespaces are protected against fault injection.
You can add the annotation for a namespace
using the following kubectl
command:
kubectl annotate ns $NAMESPACE chaos-mesh.org/inject=enabled
In the above command, $NAMESPACE
refers to the name of the namespace, for example, default
. If the annotation is successfully added, the output is as follows:
namespace/$NAMESPACE annotated
If you want to delete this annotation, you can use the following command:
kubectl annotate ns $NAMESPACE chaos-mesh.org/inject-
If the annotation is successfully deleted, the output is as follows:
namespace/$NAMESPACE annotated
Check all namespaces where Chaos experiments take effect
You can list all the namespaces that allows Chaos experiments using the following command:
kubectl get ns -o jsonpath='{.items[?(@.metadata.annotations.chaos-mesh\.org/inject=="enabled")].metadata.name}'
This command outputs all the namespaces with the chaos-mesh.org/inject=enabled
annotation. For example:
default