network-partition

Blocks all traffic to/from specified CIDRs using iptables DROP rules. Simulates a network split or firewall misconfiguration.

Target kind: Pod
Implementation: Daemon (ExecNetworkChaos with action: partition)
Rollback: Yes — removes iptables DROP rules

Parameters

Name	Type	Required	Default	Description
`target_cidr`	string	Yes	—	CIDR range to block (e.g. `"10.0.1.0/24"`)
`direction`	string	Yes	—	`ingress`, `egress`, or `both`

Example

apiVersion: chaos.chaosplane.io/v1alpha1
kind: ChaosExperiment
metadata:
  name: network-partition-example
  namespace: default
spec:
  target:
    kind: Pod
    namespace: default
    labelSelector:
      matchLabels:
        app: api-server
  action:
    type: network-partition
    parameters:
      target_cidr: "10.0.1.0/24"
      direction: "both"
  duration: 30s
  rollback:
    enabled: true

Rollback behavior

Removes the iptables DROP rules from the pod's network namespace. Connections that were dropped during the partition will need to reconnect.

Implementation notes

Uses iptables -A INPUT/OUTPUT -d/-s CIDR -j DROP in the pod's network namespace. Both target_cidr and direction are required. direction must be ingress, egress, or both. Use this to simulate split-brain scenarios, database unreachability, or cross-zone network failures.

Parameters​

Example​

Rollback behavior​

Implementation notes​

Parameters

Example

Rollback behavior

Implementation notes