Gremlin Docs Logo
Go to app
Quick Start Guides
AWS Quick Start Guide
Reliability Management (RM) Quick Start Guide
Getting Started
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Enabling DNS collection
Enabling AWS PrivateLink
Platform
Managing the Gremlin Agent
Updating Gremlin
Managing Users and Teams
Configuring Role Based Access Control (RBAC)
User Authentication via SAML and Okta
Managing Kubernetes namespaces
Integrations
Health Checks
Restricting Testing Times
Command Line Interface
Reports
Managing running, scheduled, and past experiments
Gremlin Private Edition
Reliability Management
Services and Dependencies
Detected Risks
Test Suites
Reliability Tests
Reliability Score
Fault Injection
Targets
Experiments
Scenarios
GameDays
Failure Flags
Failure Flags
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Deploying Failure Flags on the Istio service mesh via Envoy
Deploying Failure Flags on Pivotal Cloud Foundry (PCF)
Installing the Failure Flags SDK
Running Failure Flags experiments
API Reference
Getting started with the Gremlin API
Classes, methods, & attributes
API examples
Security
Security
Container security
Release Notes
Release Notes - General
Release Notes - Linux
Release Notes - Integration Agent for Linux
Release Notes - Windows
Release Notes - Chao
Release Notes - Helm
Failure Flags: Lambda Extension
Failure Flags: Sidecar
Resources
Gremlin User Community SlackBlogTutorialsGlossary
Start your 30 day free trial.
START FOR FREE
Docs Home
Release Notes
Release Notes - Helm

Release Notes - Helm

Supported platforms:

N/A

Updates to the Gremlin Helm chart.

0.23.0
June 12, 2025
  • New Permissions for discovery.k8s.io/EndpointSlice: list, watch are now added to the Gremlin DaemonSet's ClusterRole when the chart value gremlin.features.discoverDestinationService.enabled=true is set. This enables automatic discovery of IP addresses for Istio/Envoy sidecar users via Linux Agent release 2.59.0
0.22.2
June 12, 2025
  • Fix Fixed two Secret objects that did not declare their namespace, leading to install issues when following installation documentation.
0.22.1
May 5, 2025
  • Fix Fix upgrade issue from `0.21.0` to `0.22.0` due to a ClusterRole rename.
0.22.0
April 30, 2025
  • New Added a flag gremlin.features.discoverDestinationService.enabled to enable discovery of a destination service to resolve hostnames in a cluster configured with linkerd. This flag will allow gremlin to read the services within a cluster.
0.21.0
April 17, 2025
  • New The pod dns policy for the gremlind Daemonset can now be configured with gremlin.dnsPolicy. This chart now installs this Daemonset with a dns policy of ClusterFirstWithHostNet.
0.20.2
February 11, 2025
  • FixFixed a regression released in 0.19.1 that failed to declare the emptyDir volume type for the Gremlin DaemonSet's SecurityContextConstraints, preventing DaemonSet pods from launching.
0.20.1
February 7, 2025
  • FixFixed a regression released in 0.20.0 that improperly handled gremlin.container.driver=any
0.20.0
February 5, 2025
  • NewRemoved Runc container drivers from options. Will default to Linux drivers now.
0.19.1
January 27, 2025
  • InfoAdded extra documentation for Bottlerocket.
0.19.0
September 18, 2024
  • NewAdded configuration for accessing Argo Rollouts.
0.18.1
September 16, 2024
  • NewAdded configuration for Chao namespaces to monitor.
0.18.0
August 12, 2024
  • NewRemoved process collection setting, as this feature has been removed from the newer agent versions.
0.17.1
May 28, 2024
  • Fixgremlin.podSecurity.privileged is now properly used to set securityContext.privileged in the Gremlin Daemonset.
0.17.0
May 15, 2024
  • NewThe Gremlin Daemonset now launches in the host's network and PID namespaces by default, allowing container attacks of all types and host-level network and state attack types to function as expected.
  • NewRemoval of /proc/sysrq host mount which previously facilitated host-level shutdown attacks. This is no longer needed with the Gremlin Daemonset running in the host's PID namespace.
0.16.0
March 25, 2024
  • FixWhen installing Gremlin's SecurityContextConstraint on OpenShift, ensure the openshift.io/required-scc is properly set.
0.15.0
March 20, 2024
  • NewAdd a cluster role binding to grant permissions to read labels on Kubernetes nodes
0.14.0
  • Fix Removed invalid fields from the SecurityContextConstraint installed when deploying to OpenShift
  • Fix Removed references to the gremlin.process SELinux label, which cannot be used on OpenShift. See the OpenShift installation guide for more information.
  • Fix Set the Gremlin daemonset's allowPrivilegeEscalation field based on the value set in values.yaml
0.13.0
March 1, 2024
  • New introduced new options for gremlin.container.driver value: linux, docker-linux, containerd-linux, crio-linux. These values are used to initialize a new container driver that does not need runc to deploy container attacks. These drivers provision attacks faster and with fewer system resources. See Declare Container Driver for more information. The new default value is linux.
0.12.5
February 21, 2024
  • InfoEnabled DNS collection by default and disabled process collection by default.
0.12.4
February 14, 2024
  • FixCorrectly reference cert paths when gremlin.secret.managed=false.
0.12.3
February 14, 2024
  • FixFixed a bug where Helm thought string fields were objects.
0.12.2
February 7, 2024
  • NewThe Gremlin agent daemonset deployment now supports enabling DNS dependency collection by setting gremlin.collect.dns. See gremlin/helm#90.
0.12.1
January 24, 2024
  • NewThe Gremlin agent daemonset and the Chao agent deployment now support priorityClassName by setting either gremlin.priorityClassName, chao.priorityClassName, or both. See gremlin/helm#89.
0.12.0
November 14, 2023
  • New: AWS SSM Parameter Store or AWS Secrets Manager ARN values can now be supplied for secret inputs such as gremlin.secret.teamSecret. See How to use config values stored in AWS
  • New: Introduced gremlin.serviceAccount.annotations and chao.serviceAccount.annotations for supplying custom annotations to the service accounts managed by this chart. This is useful for passing annotations such as eks.amazonaws.com/role-arn.
  • New: Introduced gremlin.extraEnv and chao.extraEnv for supplying custom environment variables to the Gremlin and Chao agents.
  • Info: Removed deprecated configuration values:
    • gremlin.client.secretName: please use gremlin.secret.name
    • gremlin.client.certCreateSecret: please use gremlin.secret.managed
    • gremlin.installK8sClient: please use: chao.create
0.11.0
October 11, 2023
  • New: Helm chart now explicitly declares DAC_READ_SEARCH, which is required to discover dependencies and run Certificate Expiry attacks. Most container runtimes already provide a superset of this capability (DAC_OVERRIDE) by default.
0.10.0
August 28, 2023
  • New: Make gremlin.container.driver=any the new default, when set gremlin.container.driver=any will attempt to mount all possible container driver paths, delegating to gremlin to pick the runtime. This option has served as the easiest way to get Gremlin up and running on containerized systems because you don't need to know or muck with container driver details.
0.9.1
August 22, 2023
  • New: You can now add labels to the deployed Gremlin Pods using the chao.podLabels and gremlin.podLabels parameters. See the Chart documentation for details.
0.9.0
March 16, 2023
  • New: You can now specify SELinux options to apply to the Gremlin DaemonSet container securityContext using the gremlin.podSecurity.seLinuxOptions parameter. See the Chart documentation for details.
Previous
Previous
Next
Next
On this page
Back to top