Gremlin Docs Logo
Go to app
Quick Start Guides
AWS Quick Start Guide
Reliability Management (RM) Quick Start Guide
Getting Started
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Enabling DNS collection
Platform
Managing the Gremlin Agent
Updating Gremlin
Managing Users and Teams
Configuring Role Based Access Control (RBAC)
User Authentication via SAML and Okta
Integrations
Health Checks
Notifications
Restricting Testing Times
Command Line Interface
Reports
Reliability Management
Services and Dependencies
Detected Risks
Test Suites
Reliability Tests
Reliability Score
Fault Injection
Targets
Experiments
Scenarios
GameDays
Failure Flags
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Deploying Failure Flags on the Istio service mesh via Envoy
Installing the Failure Flags SDK
Running Failure Flags experiments
API Reference
Classes, methods, & attributes
API Keys
Examples
Security
Container security
Release Notes
General
Linux
Integration Agent for Linux
Windows
Chao
Helm
Failure Flags: Lambda Extension
Failure Flags: Sidecar
Resources
Gremlin User Community SlackBlogTutorialsGlossary
Start your 30 day free trial.
START FOR FREE
Docs Home
Getting Started
Install Gremlin on OpenShift 4

Install Gremlin on OpenShift 4

No items found.

Pre-requisites

Download authentication keys

Gremlin requires authentication during installation. You will need to download your Gremlin certificate key-pair in order to connect to your Gremlin team. With the key pair extracted to your local system, export the following variables into a local shell, supplying the appropriate values.

SHELL

export GREMLIN_TEAM_ID=11111111-1111-1111-111111111111
export GREMLIN_CLUSTER_ID=my-cluster
export PATH_TO_CERTIFICATE=/path/to/unzipped/cert.pem
export PATH_TO_PRIVATE_KEY=/path/to/unzipped/key.pem

SELinux considerations

Gremlin's container targeting features require the Gremlin Agent to run with hostPID=true. OpenShift's container runtime CRI-O automatically runs hostPID containers with the spc_t SELinux process label. No custom SELinux profile installation is required.

Previous versions of Gremlin would allow hostPID=false and as a result required a custom SELinux module to grant the Gremlin agent access to system calls and file access. If you have installed a custom SELinux policy using Gremlin's 96-worker-gremlin-semodule MachineConfig, you should remove this MachineConfig and ensure the Gremlin Daemonset is installed with hostPID=true .

Helm installation

To install with Helm, log into the OpenShift cluster and run the following:

SHELL

oc new-project gremlin
helm repo add gremlin https://helm.gremlin.com/
helm install gremlin gremlin/gremlin \
    --namespace gremlin \
    --set      gremlin.hostPID=true \
    --set      gremlin.hostNetwork=true \
    --set      gremlin.container.driver=crio-linux \
    --set      gremlin.podSecurity.securityContextConstraints.create=true \
    --set      gremlin.secret.managed=true \
    --set      gremlin.secret.teamID=$GREMLIN_TEAM_ID \
    --set      gremlin.secret.clusterID=$GREMLIN_CLUSTER_ID \
    --set-file gremlin.secret.certificate=$PATH_TO_CERTIFICATE \
    --set-file gremlin.secret.key=$PATH_TO_PRIVATE_KEY

Run attacks

You can now run experiments on your cluster, including Kubernetes experiments.

Troubleshooting

For common issues and solutions, see Troubleshooting Gremlin on OpenShift.

Previous
Previous
Compatibility
Next
Next
On this page
Back to top