Customers running OpenShift may have installed OpenShift 4 Machine Config for Gremlin Chaos Engineering Platform (gremlin-ocp4-mc)
This machine operator was necessary for older versions of OpenShift (4.1 - 4.6)
The Gremlin machine operator is no longer required and should be removed from all nodes within the cluster.
$ oc get mc/96-worker-gremlin-semodule > /tmp/96-worker-gremlin-semodule_backup.yaml. ---> it will create backup of mc in /tmp directory $ oc delete mc/96-worker-gremlin-semodule
For OpenShift, whenever hostPID=true, custom SELinux policies are ignored in favor of using the spc_t process label. In short, when hostPID=true, Gremlin does not need any custom SELinux policies.
Earlier versions of Gremlin allowed for some functionality to work when hostPID=false, and we even would install with this set to false by default in favor of using the least amount of privileges possible. Over time, the need for always setting hostPID=true became obvious for us to accomplish all of the container targeting features reliably (especially with the removal of runc).
Today, we consider hostPID=true a requirement for container attacks on any platform and as a result no longer have a need for custom SELinux profiles on OpenShift.
RedHat has a KB article about this as well. Gremlin customers should just remove this machine operator before upgrading their RHOCP clusters
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article