Gremlin Docs Logo
Go to app
Quick Start Guides
AWS Quick Start Guide
Reliability Management (RM) Quick Start Guide
Getting Started
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Enabling DNS collection
Enabling AWS PrivateLink
Platform
Managing the Gremlin Agent
Updating Gremlin
Managing Users and Teams
Configuring Role Based Access Control (RBAC)
User Authentication via SAML and OAuth
Managing Kubernetes namespaces
Integrations
Health Checks
Dynatrace Integration
Restricting Testing Times
Command Line Interface
Reliability Intelligence
Reports
Private Network Integration (PNI) Agent
Managing running, scheduled, and past experiments
Gremlin Private Edition
Reliability Management
Services
Dependencies
Detected Risks
Test Suites
Reliability Tests
Reliability Score
Disaster Recovery Tests
Fault Injection
Targets
Experiments
Scenarios
GameDays
Failure Flags
Failure Flags
Configuring Failure Flags
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Deploying Failure Flags on the Istio service mesh via Envoy
Deploying Failure Flags on Pivotal Cloud Foundry (PCF)
Installing the Failure Flags SDK
Using Failure Flags by proxy
Running Failure Flags experiments
Troubleshooting Failure Flags
API Reference
Getting started with the Gremlin API
API reference: Classes, methods, & attributes
API examples
Security
Security
Container security
Release Notes
GeneralLinuxIntegration Agent for LinuxWindowsChaoHelmFailure Flags: Sidecar
Resources
Gremlin User Community SlackBlogTutorialsGlossaryHelp and support
Start your 30 day free trial.
START FOR FREE
Docs Home
Failure Flags
Configuring Failure Flags

Configuring Failure Flags

Supported platforms:

N/A

This page explains how to configure the Failure Flags sidecar. Gathering your configuration details now will make it easier to deploy Failure Flags in the next step. Failure Flags supports two configuration methods:

  1. Using environment variables (recommended), and
  2. Using a configuration file.

This page covers configuration options that are common to all platforms.

Common configuration options

The following table lists each option with its corresponding environment variable and configuration file property.

Environment variable Config file property Description
FAILURE_FLAGS_ENABLED Set to true, yes, or 1to enable the Failure Flags SDK in your application. If you’re using Failure Flags by proxy, set this to false.
GREMLIN_SIDECAR_ENABLED Set to true, yes, or 1to enable the Failure Flags sidecar. If this is unset or set to any other value, the sidecar will operate in NOOP mode.
GREMLIN_TEAM_ID team_id Your Gremlin Team ID. This and other credential details are available in the Gremlin web app.
GREMLIN_TEAM_CERTIFICATE team_certificate Set to the contents of your Gremlin Team certificate. This and other credential details are available in the Gremlin web app.

You can preserve newlines using the \nescape character, or by omitting them entirely.

GREMLIN_TEAM_PRIVATE_KEY team_private_key Set to the contents or file path of your Gremlin Team private key. This and other credential details are available in the Gremlin web app.

You can preserve newlines using the \nescape character, or by omitting them entirely.

SERVICE_NAME service_name Set to the name of the service as you want it to appear in Gremlin. Service names can only contain alphanumeric characters, hyphens, and underscores, and must be less than 64 characters long.

This variable is required for Kubernetes, but can be detected automatically on other platforms.

Setting targeting labels

You can set custom labels (i.e., tags) to uniquely identify deployments of your software for targeting. Custom labels can be set by either using environment variables or in your configuration file.

Using environment variables, labels are variables containing the prefix GREMLIN_LABEL_. The text following this prefix will be set as the label's key, and the value will be set to the variable’s value. For example, the following variable will result in the label ENVIRONMENT: Production:

Shell

# Environment variable
GREMLIN_LABEL_ENVIRONMENT: Production

Using configuration files, add a list of key-value pairs to the labels property:

YAML

# Config file
labels:
  environment: Production

Using a configuration file

Gremlin supports YAML files for file-based configuration. When using a configuration file, the following environment variables are required:

Warning
This file can be used to store sensitive material (i.e., Gremlin credentials) and should be stored appropriately.

Environment variable Description
FAILURE_FLAGS_ENABLED Set to true, yes, or 1to enable the Failure Flags SDK in your application.
GREMLIN_SIDECAR_ENABLED Set to true, yes, or 1to enable Failure-Flags-Sidecar. If unset or set to any other value Failure-Flags-Sidecar will operate in NOOP mode.
GREMLIN_CONFIG_FILE Set to the fully qualified path of the file containing your Failure Flags configuration.

Example configuration file

YAML

## Gremlin Team Id - you can find this value at https://app.gremlin.com/settings/teams
team_id: ffffffff-ffff-ffff-ffff-ffffffffffff

## Failure Flags Service Labels - Add labels to identify unique deployments.
labels:
    datacenter: corp-na1
    project: columbia

## Debug, set to true for enhanced debug logging to STDOUT
## Uncomment to enable debugging
#debug: true

## Gremlin Team Certificate - Paste certificate content here.
team_certificate: |
    -----BEGIN CERTIFICATE-----
    ExampleXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXX
    -----END CERTIFICATE-----

## Gremlin Team Certificate - Paste certificate content here.
team_private_key: |
    -----BEGIN EC PRIVATE KEY-----
    ExampleXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==
    -----END EC PRIVATE KEY-----

## HTTPS Proxy, set this when routing outbound Gremlin HTTPS traffic through a proxy
#https_proxy: https://corp.proxy.internal:3128

## Custom CA Certificate, set this when using a https proxy with a self-signed certificate
## Paste certificate content here.
#ssl_cert: |
#    -----BEGIN CERTIFICATE-----
#    ExampleXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#    XXXXXXXX
#    -----END CERTIFICATE-----

Importing configuration values from files or ARNs

For some configuration options, you can retrieve their values from files deployed with the sidecar container, or from AWS services by using Amazon Resource Names (ARNs). These options are denoted by the suffixes _FILE or _ARN. You can use these options in place of their base option in the above table. Gremlin supports secretsmanager secrets and ssm parameter ARNs.

Note
Paths to files must be fully qualified paths from the filesystem root and cannot include relative paths.

Environment variable Config file property Description
GREMLIN_CONFIG_FILE If your config file is included in your container, this is the fully qualified path of the file containing your Failure Flags configuration.
GREMLIN_CONFIG_ARN If your config file is hosted e.g. in AWS Secrets Manager, this is the Amazon Resource Name (ARN)of the resource containing your configuration file. If you must assume a different role at runtime to access that resource, you can specify that IAM role using GREMLIN_CONFIG_ARN_ROLE.
GREMLIN_TEAM_CERTIFICATE_FILE team_certificate_file If your team certificate file is included in your container, this is its fully qualified path.
GREMLIN_TEAM_CERTIFICATE_ARN team_certificate_arn If your team certificate is hosted e.g. in AWS Secrets Manager, this is the Amazon Resource Name (ARN)of the resource containing your certificate. If you must assume a different role at runtime to access that resource, you can specify that IAM role using GREMLIN_CONFIG_ARN_ROLE.
GREMLIN_TEAM_PRIVATE_KEY_FILE team_private_key_file If your private key file is included in your container, this is its fully qualified path.
GREMLIN_TEAM_PRIVATE_KEY_ARN team_private_key_arn If your private key is hosted e.g. in AWS Secrets Manager, this is the Amazon Resource Name (ARN)of the resource containing your key. If you must assume a different role at runtime to access that resource, you can specify that IAM role using GREMLIN_CONFIG_ARN_ROLE.

For example, this configuration uses a file in the sidecar for the team certificate and an AWS ARN for the team private key:

SHELL

GREMLIN_TEAM_CERTIFICATE_FILE=/opt/secrets/gremlin/team-certificate.pem
GREMLIN_TEAM_PRIVATE_KEY_ARN=arn:aws:secretsmanager:<region>:<aws_account_id>:secret:<secret-name>

Advanced configuration options

Environment variable Config file property Description
HTTPS_PROXY https_proxy If your application is behind a corporate proxy, set this to the URI of the proxy.
GREMLIN_CUSTOM_ROOT_CERTIFICATE ssl_cert If your company uses a proxy with a self-signed TLS certificate, set this to the contents of the root Certificate Authority (CA) certificate.

This option has corresponding _FILEand _ARNoptions (in the config file, these are ssl_cert_fileand ssl_cert_arnrespectively).

GREMLIN_CUSTOM_ROOT_CERTIFICATE_BUNDLE_FILE ssl_trust_cert_bundle_file If your company uses a private Public Key Infrastructure (PKI), set this to the path of the file containing the full certificate chain. This option has a corresponding _ARNoption (ssl_trust_cert_bundle_file_arn in the config file)
GREMLIN_API_ENDPOINT_URL api_endpoint_url The Gremlin API endpoint to use. This is only needed when using Gremlin Private Edition.
Failure Flags
Previous
Previous
Deploying Failure Flags on AWS Lambda
Next
Next
On this page
Back to top