Install keptn


Setup Kubernetes Cluster

Select one of the following options:

Google Kubernetes Engine (GKE)

  1. Install local tools

  2. Create GKE cluster

    • Master version >= 1.11.x (tested version: 1.12.8-gke.10)
    • One n1-standard-4 node
    • Image type ubuntu or cos (if you plan to use Dynatrace monitoring, select ubuntu for a more convenient setup)
    • Sample script to create such cluster (adapt the values according to your needs)
    // set environment variables
    gcloud beta container --project $PROJECT clusters create $CLUSTER_NAME --zone $ZONE --no-enable-basic-auth --cluster-version $GKE_VERSION --machine-type "n1-standard-4" --image-type "UBUNTU" --disk-type "pd-standard" --disk-size "100" --metadata disable-legacy-endpoints=true --scopes "","","","","","" --num-nodes "1" --enable-cloud-logging --enable-cloud-monitoring --no-enable-ip-alias --network "projects/$PROJECT/global/networks/default" --subnetwork "projects/$PROJECT/regions/$REGION/subnetworks/default" --addons HorizontalPodAutoscaling,HttpLoadBalancing --no-enable-autoupgrade

OpenShift 3.11

  1. Install local tools

  2. On the OpenShift master node, execute the following steps:

    • Set up the required permissions for your user:
      oc adm policy --as system:admin add-cluster-role-to-user cluster-admin <OPENSHIFT_USER_NAME>
    • Set up the required permissions for the installer pod:
      oc adm policy  add-cluster-role-to-user cluster-admin system:serviceaccount:default:default
      oc adm policy  add-cluster-role-to-user cluster-admin system:serviceaccount:kube-system:default
    • Enable admission WebHooks on your OpenShift master node:
      sudo -i
      cp -n /etc/origin/master/master-config.yaml /etc/origin/master/master-config.yaml.backup
      oc ex config patch /etc/origin/master/master-config.yaml --type=merge -p '{
        "admissionConfig": {
          "pluginConfig": {
            "ValidatingAdmissionWebhook": {
              "configuration": {
                "apiVersion": "",
                "kind": "WebhookAdmission",
                "kubeConfigFile": "/dev/null"
            "MutatingAdmissionWebhook": {
              "configuration": {
                "apiVersion": "",
                "kind": "WebhookAdmission",
                "kubeConfigFile": "/dev/null"
      }' >/etc/origin/master/master-config.yaml.patched
      if [ $? == 0 ]; then
        mv -f /etc/origin/master/master-config.yaml.patched /etc/origin/master/master-config.yaml
        /usr/local/bin/master-restart api && /usr/local/bin/master-restart controllers

Azure Kubernetes Service (AKS)

  1. Install local tools

  2. Create AKS cluster

    • Master version >= 1.12.x (tested version: 1.12.8)
    • One B4ms node

Install keptn CLI

Every release of keptn provides binaries for the keptn CLI. These binaries are available for Linux, macOS, and Windows.

  • Download the version for your operating system from
  • Unpack the download
  • Find the keptn binary in the unpacked directory.

    • Linux / macOS

      add executable permissions (chmod +x keptn), and move it to the desired destination (e.g. mv keptn /usr/local/bin/keptn)

    • Windows

      move/copy the executable to the desired folder and, optionally, add the executable to your PATH environment variable for a more convenient experience.

  • Now, you should be able to run the keptn CLI:

    • Linux / macOS
    keptn --help
    • Windows
    .\keptn.exe --help

    Please note that for the rest of the documentation we will stick to the Mac OS / Linux version of the commands.

Install keptn

  • Execute the CLI command keptn install and provide the requested information. This command will install keptn in the version of the latest release. Since v0.3 of keptn, the install command accepts a parameter to select the platform you would like to install keptn on. Currently supported platforms are Google Kubernetes Engine (GKE), OpenShift and Azure Kubernetes Services (AKS). Depending on your platform, enter the following command to start the installation:

    • For GKE:

      keptn install --platform=gke
    • For OpenShift:

      keptn install --platform=openshift

      Configure a custom domain

      In case you have a custom domain or can not use (e.g., because you are running in AWS which will create ELBs for you), there is a script provided to configure keptn to use your custom domain. Checkout the script:

      git clone --branch 0.4.0 
      cd installer/scripts/common

      Run the script:


      This will provide you a KEPTN_ENDPOINT and KEPTN_API_TOKEN at the end of the script which you can use to authenticate the keptn CLI.

    • For AKS:

      keptn install --platform=aks

    In your cluster, this command installs the complete infrastructure necessary to run keptn.

    This includes:
    • Istio
    • An Elasticsearch/Kibana Stack for the keptn’s log
    • A NATS Cluster
    • The keptn core services:
      • authenticator
      • bridge
      • control
      • eventbroker
      • eventbroker-ext
    • The services are required to deploy artifacts and to demonstrate the self-healing use cases:
      • github-services
      • helm-service
      • jmeter-service
      • gatekeeper-service
      • pitometer-service
      • serviceNow-service
      • openshift-route-service (OpenShift only)

Verifying the installation

  • To verify your keptn installation, retrieve the pods running in the keptn namespace.
  kubectl get pods -n keptn
  NAME                                                              READY     STATUS    RESTARTS   AGE
  authenticator-75ffd6bbdc-8tks2                                    1/1       Running   0          2m
  bridge-d5bc7c9b6-72h6n                                            1/1       Running   0          2m
  control-599858b499-b8rmf                                          1/1       Running   0          2m
  event-broker-ext-796fbb94f6-2dcs7                                 1/1       Running   0          2m
  eventbroker-go-77d4fc7fdd-rmzxk                                   1/1       Running   0          2m
  gatekeeper-service-787c6f7d84-j8s4f                               1/1       Running   0          1m
  gatekeeper-service-evaluation-done-distributor-5b5f77c6ff-fhbbq   1/1       Running   0          32s
  github-service-78d59d549d-qdfzg                                   1/1       Running   0          1m
  github-service-configure-distributor-5955b674d6-7d44w             1/1       Running   0          33s
  github-service-create-project-distributor-79fcbb7855-t9blj        1/1       Running   0          34s
  github-service-new-artifact-distributor-5cf8d5c6f5-5szdt          1/1       Running   0          33s
  github-service-onboard-service-distributor-56db7595cb-z2qkx       1/1       Running   0          34s
  helm-service-85c9cbc96f-7t86h                                     1/1       Running   0          1m
  helm-service-configuration-changed-distributor-545b8849b-wl2pq    1/1       Running   0          33s
  jmeter-service-65b474cd75-pxn2m                                   1/1       Running   0          1m
  jmeter-service-deployment-distributor-687b778dfd-twqrp            1/1       Running   0          33s
  keptn-nats-cluster-1                                              1/1       Running   0          2m
  nats-operator-67d8dd94d5-wjlsj                                    1/1       Running   0          3m
  openshift-route-service-57b45c4dfc-4x5lm                          1/1       Running   0          1d (OpenShift only)
  openshift-route-service-create-project-distributor-7d4454cs44xp   1/1       Running   0          1d (OpenShift only)
  pitometer-service-56d75f9fcc-hcbbw                                1/1       Running   0          1m
  pitometer-service-tests-finished-distributor-785bdc79d4-xbnpb     1/1       Running   0          33s
  servicenow-service-86d6dfb7f7-dqcx6                               1/1       Running   0          1m
  servicenow-service-problem-distributor-6d4fc577d9-wmfn4           1/1       Running   0          32s
  • To verify the Istio installation, retrieve all pods within the istio-system namespace and check whether they are in a running state:
  kubectl get pods -n istio-system
  NAME                                    READY     STATUS    RESTARTS   AGE
  istio-ingressgateway-6f46678699-c742n   1/1       Running   0          5m
  istio-pilot-85b956b4bb-rbhnn            1/1       Running   0          5m

If that is not the case, there may have been a problem during the installation. In that case, we kindly ask you to clean your cluster and restart the installation described in the Troubleshooting section below.


  • Please follow these instructions to uninstall keptn from your cluster:

    • Clone the keptn installer repository of the latest release:
    git  clone --branch 0.4.0
    cd  ./installer/scripts/common
    • Execute and all keptn resource will be deleted
  • To verify the cleanup, retrieve the list of namespaces in your cluster and ensure that the keptn namespace is not included in the output of the following command:

  kubectl get namespaces
  • Note: In some cases, it might occure that the keptn namespace remains stuck in the Terminating state. If that happens, you can enforce the deletion of the namespace as follows:
  kubectl proxy &
  kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >temp.json
  curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json$NAMESPACE/finalize
  rm temp.json
  • Note: In future releases of the keptn CLI, a command keptn uninstall will be added, which replaces the shell script


Please note that in case of any errors, the install process might leave some files in an inconsistent state. Therefore keptn install cannot be executed a second time without an uninstall.