Dashboard
Getting Started

Install Gremlin on OpenShift 4

Pre-requisites

Download authentication keys

Gremlin requires authentication during installation. You will need to download your Gremlin certificate key-pair in order to connect to your Gremlin team. With the key pair extracted to your local system, export the following variables into a local shell, supplying the appropriate values.

SHELL

export GREMLIN_TEAM_ID=11111111-1111-1111-111111111111
export GREMLIN_CLUSTER_ID=my-cluster
export PATH_TO_CERTIFICATE=/path/to/unzipped/cert.pem
export PATH_TO_PRIVATE_KEY=/path/to/unzipped/key.pem

Install Gremlin SELinux policy

As Openshift uses SELinux, Gremlin requires a custom SELinux policy to grant the minimal permissions needed. You can install either Using SSH, or Using Gremlin Machine Config Operator as documented below. Learn more about Gremlin's integration with SELinux on the policy's Github page. There are two methods to install the Gremlin SELinux Policy: Using SSH or Using Gremlin Machine Config Operator.

Using SSH

On every OpenShift node, run the following command to install the SELinux module

SHELL

curl -fsSL https://github.com/gremlin/selinux-policies/releases/download/v0.0.3/selinux-policies-v0.0.3.tar.gz -o selinux-policies-v0.0.3.tar.gz
tar xzf selinux-policies-v0.0.3.tar.gz
sudo semodule -i selinux-policies-v0.0.3/gremlin-openshift4.cil

Using Gremlin Machine Config Operator

Gremlin provides an open-source Machine Config Operator (MCO) for installing the Gremlin SELinux policy to Worker nodes using the Openshift 4 Command-Line Interface (CLI). The MCO files and instructions are available from the Gremlin Field Solutions GitHub repository.

Proxy requirements

If any of your OpenShift pods require an HTTP proxy for connecting to the internet, and you plan to target these pods within Gremlin, we recommend that you configure Gremlin to run behind the same proxy.

Helm Installation

If you don't want to install with Helm, skip this section and use the Manual Installation instructions instead.

To install with Helm, log into the OpenShift cluster and run the following:

SHELL

oc new-project gremlin
helm repo add gremlin https://helm.gremlin.com/
helm install gremlin gremlin/gremlin \
    --namespace gremlin \
    --set      gremlin.hostPID=true \
    --set      gremlin.container.driver=crio-runc \
    --set      gremlin.podSecurity.securityContextConstraints.create=true \
    --set      gremlin.podSecurity.seccomp.enabled=true \
    --set      gremlin.secret.managed=true \
    --set      gremlin.secret.teamID=$GREMLIN_TEAM_ID \
    --set      gremlin.secret.clusterID=$GREMLIN_CLUSTER_ID \
    --set-file gremlin.secret.certificate=$PATH_TO_CERTIFICATE \
    --set-file gremlin.secret.key=$PATH_TO_PRIVATE_KEY

Manual Installation

SHELL

oc new-project gremlin
mkdir gremlin-openshift4
wget -P gremlin-openshift4/ https://k8s.gremlin.com/resources/gremlin-openshift4/v1/chao-deployment.yaml
wget -P gremlin-openshift4/ https://k8s.gremlin.com/resources/gremlin-openshift4/v1/chao-service-account.yaml
wget -P gremlin-openshift4/ https://k8s.gremlin.com/resources/gremlin-openshift4/v1/daemonset.yaml
wget -P gremlin-openshift4/ https://k8s.gremlin.com/resources/gremlin-openshift4/v1/gremlin-scc.yaml
wget -P gremlin-openshift4/ https://k8s.gremlin.com/resources/gremlin-openshift4/v1/gremlin-seccomp-configmap.yaml
wget -P gremlin-openshift4/ https://k8s.gremlin.com/resources/gremlin-openshift4/v1/gremlin-service-account.yaml
oc create secret generic gremlin-team-cert \
    --from-literal=GREMLIN_TEAM_ID=$GREMLIN_TEAM_ID \
    --from-literal=GREMLIN_CLUSTER_ID=$GREMLIN_CLUSTER_ID \
    --from-file=gremlin.cert=$PATH_TO_CERTIFICATE \
    --from-file=gremlin.key=$PATH_TO_PRIVATE_KEY
oc create -f gremlin-openshift4/

Run Attacks

You can now run experiments on your cluster, including Kubernetes experiments.

Troubleshooting

For common issues and solutions, see Troubleshooting Gremlin on OpenShift.


No items found.
Previous
This is some text inside of a div block.
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Managing the Gremlin Agent
User Management
Integrations
Health Checks
Notifications
Command Line Interface
Updating Gremlin
Quick Start Guide
Services and Dependencies
Detected Risks
Reliability Tests
Reliability Score
Targets
Experiments
Scenarios
GameDays
Overview
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Classes, methods, & attributes
API Keys
Examples
Container security
General
Linux
Windows
Chao
Helm
Glossary
Alfi
Additional Configuration for Helm
Amazon CloudWatch Health Check
AppDynamics Health Check
Application Level Fault Injection (ALFI)
Blackhole Experiment
CPU Experiment
Certificate Expiry
Custom Health Check
Custom Load Generator
DNS Experiment
Datadog Health Check
Disk Experiment
Dynatrace Health Check
Grafana Cloud Health Check
Grafana Cloud K6
IO Experiment
Install Gremlin on Kubernetes manually
Install Gremlin on OpenShift 4
Installing Gremlin on AWS - Configuring your VPC
Installing Gremlin on Kubernetes with Helm
Installing Gremlin on Windows
Installing Gremlin on a virtual machine
Installing the Failure Flags SDK
Jira
Latency Experiment
Memory Experiment
Network Tags
New Relic Health Check
Overview
Overview
Overview
Overview
Overview
Packet Loss Attack
PagerDuty Health Check
Preview: Gremlin in Kubernetes Restricted Networks
Private Network Integration Agent
Process Collection
Process Killer Experiment
Prometheus Health Check
Role Based Access Control
Running Failure Flags experiments
Scheduling Scenarios
Shared Scenarios
Shutdown Experiment
Slack
Teams
Time Travel Experiment
Troubleshooting Gremlin on OpenShift
User Authentication via SAML and Okta
Users
Webhooks
Integration Agent for Linux
Test Suites
Restricting Testing Times
Reports
Enabling DNS collection