Gremlin Docs Logo
Go to app
Quick Start Guides
AWS Quick Start Guide
Reliability Management (RM) Quick Start Guide
Getting Started
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Enabling DNS collection
Enabling AWS PrivateLink
Platform
Private Network Integration Agent
Managing the Gremlin Agent
Updating Gremlin
Managing Users and Teams
Configuring Role Based Access Control (RBAC)
User Authentication via SAML and Okta
Managing Kubernetes namespaces
Integrations
Health Checks
Restricting Testing Times
Command Line Interface
Reports
Managing running, scheduled, and past experiments
Gremlin Private Edition
Reliability Management
Services and Dependencies
Detected Risks
Test Suites
Reliability Tests
Reliability Score
Fault Injection
Targets
Experiments
Scenarios
GameDays
Failure Flags
Failure Flags
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Deploying Failure Flags on the Istio service mesh via Envoy
Deploying Failure Flags on Pivotal Cloud Foundry (PCF)
Installing the Failure Flags SDK
Running Failure Flags experiments
API Reference
Getting started with the Gremlin API
Classes, methods, & attributes
API examples
Security
Security
Container security
Release Notes
GeneralLinuxIntegration Agent for LinuxWindowsChaoHelmFailure Flags: SidecarFailure Flags: Lambda Extension
Resources
Gremlin User Community SlackBlogTutorialsGlossary
Start your 30 day free trial.
START FOR FREE
Docs Home
Getting Started
Installing Gremlin on GKE Autopilot

Installing Gremlin on GKE Autopilot

Supported platforms:

Kubernetes
,

Gremlin supports GKE Autopilot using the standard Kubernetes agent. The Gremlin Helm Chart is the recommended way to install the agent, but you can also install it manually.

In addition to the agent, you’ll also need to install our allowlist in your cluster. This grants the Gremlin agent permission to access the required Linux capabilities.

Note
Enabling the AllowlistSynchronizer on GKE Autopilot disables the ability to use kubectl exec in impacted pods. This restriction is part of GKE’s security controls for partner applications and is designed to prevent direct access to the runtime environment.

To install Gremlin to a GKE Autopilot cluster:

  1. Copy the YAML below to a file and save it.
  2. Deploy the manifest to your cluster, e.g. using kubectl apply -f gremlin-allowlist.yaml. Wait until the synchronizer reports a Ready status.
    1. You can monitor its progress using the command kubectl wait --for=condition=Ready allowlistsynchronizer/gremlin.
  3. Install, authenticate, and configure the Gremlin agent using either the Helm instructions (recommended) or the manual Kubernetes installation instructions.
YAML

apiVersion: auto.gke.io/v1
kind: AllowlistSynchronizer
metadata:
  name: gremlin
spec:
  allowlistPaths:
    - Gremlin/agent/v1.0.0/*

Troubleshooting

If you’re having trouble deploying the allowlist, please check the Google Cloud documentation first. If you continue to experience problems, contact us.

Privileges Required

Privilege Description
CLIENTS_READAllows reading all client information within the team
CLIENTS_WRITEAllows editing all client information within the team
TEAM_SECURITY_READAllows reading of team related credential information
Previous
Previous
Next
Next
On this page
Back to top