Install keptn


Setup Kubernetes Cluster

Select one of the following options:

Google Kubernetes Engine (GKE)

  1. Install local tools

  2. Create GKE cluster

    • Master version >= 1.11.x (tested version: 1.11.7-gke.12 and 1.12.7-gke.10)
    • One n1-standard-16 node
      Expand for details
      GKE cluster size
    • Image type ubuntu or cos (if you plan to use Dynatrace monitoring, select ubuntu for a more convenient setup)
    • Sample script to create such cluster (adapt the values according to your needs)
    // set environment variables
    gcloud beta container --project $PROJECT clusters create $CLUSTER_NAME --zone $ZONE --no-enable-basic-auth --cluster-version $GKE_VERSION --machine-type "n1-standard-16" --image-type "UBUNTU" --disk-type "pd-standard" --disk-size "100" --metadata disable-legacy-endpoints=true --scopes "","","","","","" --num-nodes "1" --enable-cloud-logging --enable-cloud-monitoring --no-enable-ip-alias --network "projects/$PROJECT/global/networks/default" --subnetwork "projects/$PROJECT/regions/$REGION/subnetworks/default" --addons HorizontalPodAutoscaling,HttpLoadBalancing --no-enable-autoupgrade

OpenShift 3.11

  1. Install local tools

  2. On the OpenShift master node, execute the following steps:

    • Set up the required permissions for your user:
      oc adm policy --as system:admin add-cluster-role-to-user cluster-admin <OPENSHIFT_USER_NAME>
    • Set up the required permissions for the installer pod:
      oc adm policy  add-cluster-role-to-user cluster-admin system:serviceaccount:default:default
      oc adm policy  add-cluster-role-to-user cluster-admin system:serviceaccount:kube-system:default
    • Enable admission WebHooks on your OpenShift master node:
      sudo -i
      cp -n /etc/origin/master/master-config.yaml /etc/origin/master/master-config.yaml.backup
      oc ex config patch /etc/origin/master/master-config.yaml --type=merge -p '{
        "admissionConfig": {
          "pluginConfig": {
            "ValidatingAdmissionWebhook": {
              "configuration": {
                "apiVersion": "",
                "kind": "WebhookAdmission",
                "kubeConfigFile": "/dev/null"
            "MutatingAdmissionWebhook": {
              "configuration": {
                "apiVersion": "",
                "kind": "WebhookAdmission",
                "kubeConfigFile": "/dev/null"
      }' >/etc/origin/master/master-config.yaml.patched
      if [ $? == 0 ]; then
        mv -f /etc/origin/master/master-config.yaml.patched /etc/origin/master/master-config.yaml
        /usr/local/bin/master-restart api && /usr/local/bin/master-restart controllers
  3. Determine the Cluster CIDR Range and Services CIDR Range that are required during the installation. On OpenShift, those values correlate to the following fields in the file /etc/origin/master/master-config.yaml on the OpenShift master node:

    - cidr: ""
      hostSubnetLength: 9
    - ""
    ingressIPNetworkCIDR: ""
    networkPluginName: redhat/openshift-ovs-subnet
    serviceNetworkCIDR: ""

In this example, the Cluster CIDR Range has the value and the Services CIDR Range is set to Please note those values, as you will be asked for them as during the installation of keptn via the CLI.

Azure Kubernetes Service (AKS)

  1. Install local tools

  2. Create AKS cluster

    • Master version >= 1.12.x (tested version: 1.12.8)
    • One D16s_v3 node
      Expand for details
      AKS cluster size

Install keptn CLI

Every release of keptn provides binaries for the keptn CLI. These binaries are available for Linux, macOS, and Windows.

  • Download the version for your operating system from
  • Unpack the download
  • Find the keptn binary in the unpacked directory.

    • Linux / macOS

      add executable permissions (chmod +x keptn), and move it to the desired destination (e.g. mv keptn /usr/local/bin/keptn)

    • Windows

      move/copy the executable to the desired folder and, optionally, add the executable to your PATH environment variable for a more convenient experience.

  • Now, you should be able to run the keptn CLI:

    • Linux / macOS
    keptn --help
    • Windows
    .\keptn.exe --help

    Please note that for the rest of the documentation we will stick to the Mac OS / Linux version of the commands.

Install keptn

  • Execute the CLI command keptn install and provide the requested information. This command will install keptn in the version of the latest release. Since v0.3 of keptn, the install command accepts a parameter to select the platform you would like to install keptn on. Currently supported platforms are Google Kubernetes Engine (GKE), OpenShift and Azure Kubernetes Services (AKS). Depending on your platform, enter the following command to start the installation:

    • For GKE:
    keptn install --platform=gke
    • For OpenShift:
    keptn install --platform=openshift
    • For AKS:
    keptn install --platform=aks

    In your cluster, this command installs the complete infrastructure necessary to run keptn.

    This includes:
    • Istio
    • Knative
    • An Elasticsearch/Kibana Stack for the keptn’s log
    • The keptn core services:
      • authenticator
      • bridge
      • control
      • eventbroker
      • eventbroker-ext
    • The services are required to deploy artifacts and to demonstrate the self-healing use cases:
      • github-services
      • helm-service
      • jmeter-service
      • gatekeeper-service
      • pitometer-service
      • serviceNow-service
      • openshift-route-service (OpenShift only)
    • The channels to which events are published:
      • configuration-changed
      • deployment-finished
      • evaluation-done
      • keptn-channel
      • new-artifact
      • problem
      • tests-finished

Verifying the installation

  • To verify your keptn installation, retrieve the pods running in the keptn namespace.
  kubectl get pods -n keptn
  NAME                                                 READY     STATUS    RESTARTS   AGE
  authenticator-fvq2c-deployment-565597c98c-fqj46      3/3       Running   0          30m
  control-kwhms-deployment-6d7b8b8d94-v7xsj            3/3       Running   0          30m
  event-broker-ext-2v84b-deployment-856cf65b99-96zpd   3/3       Running   0          30m
  event-broker-z8tc6-deployment-7997b998b4-jhvq4       3/3       Running   0          30m
  gatekeeper-service-svvqm-deployment-8f559dc8c-k42s4  3/3       Running   0          30m
  github-service-xcn9w-deployment-545866fc6f-hl4gc     3/3       Running   0          30m
  helm-service-2hdsb-deployment-665fdb697d-hwtmv       3/3       Running   0          30m
  jmeter-service-n5xrq-deployment-75644db9c4-c9fhn     3/3       Running   0          30m
  • Next, check that all routes for the keptn core services, as well as for the bridge, gatekeeper-service, github-service, helm-service, pitometer-service, jmeter-service, and the servicenow-service have been created:
  kubectl get routes -n keptn
  NAME                 AGE
  authenticator        31m
  bridge               31m
  control              31m
  eventbroker          31m
  eventbroker-ext      31m
  gatekeeper-service   31m
  helm-service         31m
  github-service       31m
  pitometer-service    31m
  jmeter-service       31m
  servicenow-service   31m
  • Finally, check that all keptn channels have been created:
  kubectl get channels -n keptn
  NAME                    AGE
  configuration-changed   31m
  deployment-finished     31m
  evaluation-done         31m
  keptn-channel           31m
  new-artifact            31m
  problem                 31m
  tests-finished          31m
  • To verify the Istio installation, retrieve all pods within the istio-system namespace and check whether they are in a running state:
  kubectl get pods -n istio-system
  NAME                                      READY     STATUS      RESTARTS   AGE
  cluster-local-gateway-775b6cbf4c-bxxx8    1/1       Running     0          20m
  istio-citadel-796c94878b-fhzf8            1/1       Running     0          20m
  istio-cleanup-secrets-nbdff               0/1       Completed   0          20m
  istio-egressgateway-864444d6ff-g7c6m      1/1       Running     0          20m
  istio-galley-6c68c5dbcf-fzdzb             1/1       Running     0          20m
  istio-ingressgateway-694576c7bb-w52j7     1/1       Running     0          20m
  istio-pilot-79f5f46dd5-c62bv              2/2       Running     0          20m
  istio-pilot-79f5f46dd5-wjwmf              2/2       Running     0          22m
  istio-pilot-79f5f46dd5-zgbwm              2/2       Running     0          22m
  istio-policy-5bd5578b94-nggnx             2/2       Running     0          20m
  istio-sidecar-injector-6d8f88c98f-mqrpj   1/1       Running     0          20m
  istio-telemetry-5598f86cd8-7s4t7          2/2       Running     0          20m
  istio-telemetry-5598f86cd8-bzfb5          2/2       Running     0          20m
  istio-telemetry-5598f86cd8-hxkhm          2/2       Running     0          20m
  istio-telemetry-5598f86cd8-pgstj          2/2       Running     0          20m
  istio-telemetry-5598f86cd8-wkh7g          2/2       Running     0          20m
  zipkin-6b4d5d66-jwqzk                     1/1       Running     0          20m
  • To verify the Knative installation, check the pods in the knative-serving namespace:
  kubectl get pods -n knative-serving
  NAME                          READY     STATUS      RESTARTS   AGE
  activator-6f7d494f55-fthpr    2/2       Running     0          17m
  autoscaler-5cb4d56d69-qz7dh   2/2       Running     0          17m
  controller-6d65444c78-8wqb8   1/1       Running     0          17m
  webhook-55f88654fb-tq8ps      1/1       Running     0          17m

If that is not the case, there may have been a problem during the installation. In that case, we kindly ask you to clean your cluster and restart the installation described in the Troubleshooting section below.


  • Please follow these instructions to uninstall keptn from your cluster:

    • For GKE and AKS:
    • Clone the keptn installer repository of the latest release:
      git  clone --branch 0.3.0
      cd  ./installer/scripts/common
    • Execute and all keptn resource will be deleted
    • For OpenShift:
    • Clone the keptn installer repository of the latest release:
      git  clone --branch 0.3.0
      cd  ./installer/scripts/openshift
    • Execute and all keptn resource will be deleted
  • To verify the cleanup, retrieve the list of namespaces in your cluster and ensure that the keptn namespace is not included in the output of the following command:

  kubectl get namespaces
  • Note: In some cases, it might occure that the keptn namespace remains stuck in the Terminating state. If that happens, you can enforce the deletion of the namespace as follows:
  kubectl proxy &
  kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >temp.json
  curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json$NAMESPACE/finalize
  rm temp.json
  • Note: In future releases of the keptn CLI, a command keptn uninstall will be added, which replaces the shell script


Please note that in case of any errors, the install process might leave some files in an inconsistent state. Therefore keptn install cannot be executed a second time without an uninstall.