Getting Started

Installing Gremlin on Kubernetes with Helm

The Gremlin Helm Chart is the recommended way to install the Gremlin Agent on Kubernetes. If you want to install Gremlin using just kubectl and pure YAML, see Install Gremlin on Kubernetes manually.

Warning

These instructions are for Helm v3 and later. Helm v2 is no longer supported.

The steps for deploying to Kubernetes with Helm are:

Gather your credentials
Deploy the Helm chart
Additional configuration
Verify your installation

Gather your credentials

All Gremlin integration installations require you to use one of Gremlin's authentication methods. With Helm, you can use either signature (i.e. certificate)-based authentication or secret authentication. Secret-based authentication is easier to implement, but we recommend using certificate-based authentication. We'll show both methods in this guide.

First, retrieve your Team ID from your team settings page. Next, if you're using secret-based authentication, create a new secret, copy the secret to a text file (or keep the pop-up open), then continue to the next step.

If you're using certificate-based authentication, generate a new certificate pair, or download an existing certificate pair if one exists. Unzip the folder containing your certificates, then continue to the next step.

Deploy the Helm chart

Now that we have our credentials, let's add the Gremlin Helm repo and create a new namespace for our deployment:

shell

1helm repo add gremlin https://helm.gremlin.com/
2kubectl create namespace gremlin

Now we'll deploy the Chart. With this command, your team ID and secrets/certificates are passed directly to the Helm Chart. If you'd prefer to manage these secrets outside of Helm, see our Helm Chart documentation.

Important

Make sure to set the values of gremlin.secret.teamID, gremlin.secret.clusterID, gremlin.secret.certificate, and gremlin.secret.key to your actual Gremlin team ID, cluster ID, path to the certificate file, and path to the key file respectively.

For secret-based authentication:

shell

1helm install gremlin gremlin/gremlin \
2    --namespace gremlin \
3    --set      gremlin.secret.type=secret \
4    --set      gremlin.secret.managed=true \
5    --set      gremlin.hostPID=true \
6    --set      gremlin.secret.teamID=YourGremlinTeamID \
7    --set      gremlin.secret.clusterID=YourGremlinClusterID \
8    --set      gremlin.secret.teamSecret=YourGremlinTeamSecret

For certificate-based authentication:

shell

1helm install gremlin gremlin/gremlin \
2    --namespace gremlin \
3    --set      gremlin.secret.type=certificate \
4    --set      gremlin.secret.managed=true \
5    --set      gremlin.hostPID=true \
6    --set      gremlin.secret.teamID=YourGremlinTeamID \
7    --set      gremlin.secret.clusterID=YourGremlinClusterID \
8    --set-file gremlin.secret.certificate=/path/to/gremlin.cert \
9    --set-file gremlin.secret.key=/path/to/gremlin.key

Additional configuration

The Helm Chart includes several additional options for customizing to your environment. These options include:

Specifying a container driver (Gremlin will try to auto-detect the current driver, but you can also tell Gremlin to use a specific driver).
Enabling Gremlin on the Kubernetes Master so you can run tests on the Kubernetes Control Plane.
Enabling AppArmor support for clusters that use AppArmor.
Installing Gremlin's custom PodSecurityPolicy or seccomp policy for restrictive clusters.
Configuring Gremlin to use a proxy.
Allowing multiple Gremlin teams to target specific namespaces.

These are optional and are only necessary if Gremlin doesn't run using the default options. To learn more, see the Additional Configuration for Helm docs.

Verify your installation

On the cluster, you can run the following command to check that the Gremlin Agent was installed properly:

bash

1kubectl get pods -n gremlin

This should list one Gremlin Agent for each node in your cluster, plus one Pod named chao. For example, this is the output for a three-node cluster:

shell

1kubectl get pods -n gremlin
2
3NAME                    READY   STATUS    RESTARTS   AGE
4chao-78bbc7cbf6-9hn7q   1/1     Running   0          5d20h
5gremlin-9r4t7           1/1     Running   0          5d20h
6gremlin-bwmtz           1/1     Running   1          126d
7gremlin-bx6dn           1/1     Running   0          5d20h

The following example shows 2 pending pods, which means the installation is incomplete. Contact your cluster administrator to debug why Gremlin is unable to run on those nodes.

shell

1kubectl get pods -n gremlin
2
3NAME                    READY   STATUS    RESTARTS   AGE
4chao-78bbc7cbf6-9hn7q   1/1     Running   0          5d20h
5gremlin-c25ld           0/1     Pending   0          112d
6gremlin-n5gt7           0/1     Pending   0          112d
7gremlin-zn4kq           1/1     Running   0          126d

Note

Gremlin can only target cluster resources on nodes that have a Gremlin Agent running on them. If you run a test that targets a resource on a node without a Gremlin Agent, the test will report an error. If Chao is not running, you won't be able to target cluster resources at all.

If you need additional troubleshooting help, see Gremlin Agent in the Gremlin Knowledge Base.