Using SuperGloo to install Istio and route traffic

peterj

Peter Jausovec

Posted on April 29, 2019

Using SuperGloo to install Istio and route traffic

Originally posted at Learn Istio Blog

For a while, when installing Istio, questions like "How do I include Grafana?" or "How to enable mTLS?" would pop-up and the answers to those questions was a specific variable you had to set when installing the Istio Helm chart, or setting the value, then rendering the template and install it. There is a plethora of settings, levers, and buttons that can be pushed, pulled or configured. Luckily, Istio has a couple of built-in configuration profiles you can use to install it, so that makes it a bit better.

SuperGloo is an open source project from solo.io that promises to simplify the installation, management and operation of your service mesh(es).

Installing SuperGloo

You can download and install the SuperGloo CLI using the command below. This SuperGloo version used in this article is 0.3.15.

curl -sL https://run.solo.io/supergloo/install | sh
Enter fullscreen mode Exit fullscreen mode

By default, the supergloo binary lives under $HOME/.supergloo/bin. You can either add it to your path as the post-installation instructions suggest, but I usually just create a symlink to the /usr/local/bin folder like this:

ln -s $HOME/.supergloo/bin/supergloo /usr/local/bin/supergloo
Enter fullscreen mode Exit fullscreen mode

The first thing you want to do after you've installed the CLI is to run the supergloo init command. This command will create services accounts, cluster roles and bindings and three deployments, all in the supergloo-system namespace.

Note: make sure you switch the context to the correct Kubernetes config/cluster, before running the command.

You can run the kubectl get pods -n supergloo-system command to check if and when all the pods are up and running:

$ kubectl get po -n supergloo-system
NAME                             READY   STATUS    RESTARTS   AGE
discovery-68df78f9c-rk2w4        1/1     Running   0          58s
mesh-discovery-bc9fbcb7f-z84r9   1/1     Running   0          58s
supergloo-59445698c5-p2fvm       1/1     Running   0          58s
Enter fullscreen mode Exit fullscreen mode

Installing Istio with SuperGloo

You have two options to install Istio using SuperGloo - one is to use the CLI and specify the configuration settings, and the second one is to use a custom resource called Install to define the configuration.

Here are different flags (as of version 0.3.15) you can set to install Istio:

--auto-inject                     enable auto-injection? (default true)
--egress                          enable egress gateway?
--grafana                         add grafana to the install?
--ingress                         enable ingress gateway?
--installation-namespace string   which namespace to install Istio into? (default "istio-system")
--jaeger                          add jaeger to the install?
--mtls                            enable mtls? (default true)
--prometheus                      add prometheus to the install?
--version string                  version of istio to install? available: [1.0.3 1.0.5 1.0.6] (default "1.0.6")
Enter fullscreen mode Exit fullscreen mode

We'll start with this setup - latest Istio supported in SuperGloo (1.0.6) with auto injection turned on, mTLS enabled and ingress enabled. Later on, we will try to add/enable additional features.

Run the following command to install the Istio using SuperGloo defaults:

$ supergloo install istio --name istio --ingress
+---------+------------+---------+---------------------------+
| INSTALL |    TYPE    | STATUS  |          DETAILS          |
+---------+------------+---------+---------------------------+
| istio   | Istio Mesh | Pending | enabled: true             |
|         |            |         | version: 1.0.6            |
|         |            |         | namespace: istio-system   |
|         |            |         | mtls enabled: true        |
|         |            |         | auto inject enabled: true |
|         |            |         | grafana enabled: false    |
|         |            |         | prometheus enabled: false |
|         |            |         | jaeger enabled: false     |
|         |            |         | ingress enabled: true     |
|         |            |         | egress enabled: false     |
+---------+------------+---------+---------------------------+
Enter fullscreen mode Exit fullscreen mode

There is also an interactive mode, where SuperGloo CLI takes you through all options and asks you which one you want. You can run it by adding the -i flag like this: supergloo install istio -i

To check the installation progress, you can run kubectl get po -n istio-system and once the status on pods is either Running or Completed, the mesh is successfully installed.

Finally, let's label the default namespace with istio-injection=enabled, so we don't need to manually inject the sidecar proxies:

kubectl label namespace default istio-injection=enabled
Enter fullscreen mode Exit fullscreen mode

You can run the command below to check which namespaces have automatic injection enabled:

$ kubectl get namespace -L istio-injection
NAME               STATUS   AGE    ISTIO-INJECTION
default            Active   121m   enabled
istio-system       Active   69m
kube-public        Active   121m
kube-system        Active   121m
supergloo-system   Active   100m
Enter fullscreen mode Exit fullscreen mode

Traffic Routing with SuperGloo

With automatic injection enabled, you can deploy the Hello Web first (this simple web site just makes calls to the underlying greeter service and returns the greeting):

cat << EOF | kubectl apply -f -
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
    name: helloweb
    labels:
        app: helloweb
        version: v1
spec:
    replicas: 3
    template:
        metadata:
            labels:
                app: helloweb
                version: v1
        spec:
            containers:
                - image: learnistio/hello-web:1.0.0
                  imagePullPolicy: Always
                  name: web
                  ports:
                      - containerPort: 3000
                  env:
                      - name: GREETER_SERVICE_URL
                        value: 'http://greeter-service.default.svc.cluster.local:3000'
--------
kind: Service
apiVersion: v1
metadata:
    name: helloweb
    labels:
        app: helloweb
spec:
    selector:
        app: helloweb
    ports:
        - port: 3000
          name: http
EOF
Enter fullscreen mode Exit fullscreen mode

Let's also deploy 2 versions of the greeter service:

cat << EOF | kubectl apply -f -
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
    name: greeter-service-v1
    labels:
        app: greeter-service
        version: v1
spec:
    replicas: 3
    template:
        metadata:
            labels:
                app: greeter-service
                version: v1
        spec:
            containers:
                - image: learnistio/greeter-service:1.0.0
                  imagePullPolicy: Always
                  name: svc
                  ports:
                      - containerPort: 3000
--------
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
    name: greeter-service-v2
    labels:
        app: greeter-service
        version: v2
spec:
    replicas: 3
    template:
        metadata:
            labels:
                app: greeter-service
                version: v2
        spec:
            containers:
                - image: learnistio/greeter-service:2.0.0
                  imagePullPolicy: Always
                  name: svc
                  ports:
                      - containerPort: 3000
EOF
Enter fullscreen mode Exit fullscreen mode

And the Kubernetes service:

cat << EOF | kubectl apply -f -
kind: Service
apiVersion: v1
metadata:
    name: greeter-service
    labels:
        app: greeter-service
spec:
    selector:
        app: greeter-service
    ports:
        - port: 3000
          name: http
EOF
Enter fullscreen mode Exit fullscreen mode

Finally, let's also deploy a Gateway and a virtual service for the Hello Web, so we can access the service from the outside:

cat <<EOF | kubectl create -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
    name: gateway
spec:
    selector:
        istio: ingressgateway
    servers:
        - port:
              number: 80
              name: http
              protocol: HTTP
          hosts:
              - '*'
--------
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
    name: helloweb
spec:
    hosts:
        - '*'
    gateways:
        - gateway
    http:
        - route:
              - destination:
                    host: helloweb.default.svc.cluster.local
                    port:
                        number: 3000
EOF
Enter fullscreen mode Exit fullscreen mode

At this point, you can access the gateway and you will see responses coming from either v1 or v2 pods, since we haven't created any routing rules.

We could deploy an Istio virtual service for the greeter service and a destination rule to do that, but instead we will use SuperGloo to do that. SuperGloo introduces a custom resource called RoutingRule. The nice thing about this resource is that regardless which underlying mesh you're using (be it Istio or Linkerd), SuperGloo translates the rules accordingly.

To apply a routing rule, run the following SuperGloo command in interactive mode - using this mode CLI asks you bunch of questions and creates the rule based on your answers:

$ supergloo apply routingrule trafficshifting -i
? name for the Routing Rule:  greeter-service-v2
? namespace for the Routing Rule:  default
? create a source selector for this rule?  [y/N]:  N
? create a destination selector for this rule?  [y/N]:  y
? what kind of selector would you like to create?  Upstream Selector
choose upstreams for this selector
? add an upstream (choose <done> to finish):  supergloo-system.default-greeter-service-3000
? add an upstream (choose <done> to finish):  <done>
? add a request matcher for this rule? [y/N]:  N
? select a target mesh to which to apply this rule supergloo-system.istio
select the upstreams to which you wish to direct traffic
? add an upstream (choose <done> to finish):  supergloo-system.default-greeter-service-v2-3000
? add an upstream (choose <done> to finish):  <done>
? choose a weight for {default-greeter-service-v2-3000 supergloo-system} 100
Enter fullscreen mode Exit fullscreen mode

Alternatively, you can apply the exact same rule without the interactive mode:

supergloo apply routingrule trafficshifting \
    --name greeter-service-v2 \
    --dest-upstreams supergloo-system.default-greeter-service-3000 \
    --target-mesh supergloo-system.istio \
    --destination supergloo-system.default-greeter-service-v2-3000:100
Enter fullscreen mode Exit fullscreen mode

If you try to access the gateway URL now, you will only get the responses from the greeter service v2.

Enable Grafana and Jaeger with SuperGloo

If you remember from the beginning of this article, we picked a barebones installation of the Istio mesh. This is a great way to get started with it - install the smallest set of features, try them out, then expand when you need to (if you need to that is).

Let's see how can we update the existing Istio installation, managed by SuperGloo, to enable Prometheus, Grafana and Jaeger.

To update the Istio installation, you an use the --update flag and provide new set of options. Note that you need to provide all options you want to change, otherwise SuperGloo will revert to default values. For example: if you enabled ingress originally and you don't enable it when updating the installation, the ingress will get disabled.

Here's the command you can use to add Grafana, Prometheus and Jaeger to the existing Istio installation:

$ supergloo install istio --update \
                          --name istio \
                          --ingress \
                          --jaeger --prometheus --grafana
Enter fullscreen mode Exit fullscreen mode

Above command updates the existing Istio installation - you can monitor the changes by looking at the pods in the istio-system namespace.

Conclusion

SuperGloo makes it easier to deal with Istio installation. Updating existing installation is as simple as running a CLI command. There's more to SuperGloo though - we've only looked at the installation and simple traffic routing - SuperGloo also supports installing Gloo API gateway, Linkerd mesh and managing those. In one of the upcoming articles, we will take a deeper look into other SuperGloo features.

💖 💪 🙅 🚩
peterj
Peter Jausovec

Posted on April 29, 2019

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related