Using SuperGloo to install Istio and route traffic
Peter Jausovec
Posted on April 29, 2019
Originally posted at Learn Istio Blog
For a while, when installing Istio, questions like "How do I include Grafana?" or "How to enable mTLS?" would pop-up and the answers to those questions was a specific variable you had to set when installing the Istio Helm chart, or setting the value, then rendering the template and install it. There is a plethora of settings, levers, and buttons that can be pushed, pulled or configured. Luckily, Istio has a couple of built-in configuration profiles you can use to install it, so that makes it a bit better.
SuperGloo is an open source project from solo.io that promises to simplify the installation, management and operation of your service mesh(es).
Installing SuperGloo
You can download and install the SuperGloo CLI using the command below. This SuperGloo version used in this article is 0.3.15.
curl -sL https://run.solo.io/supergloo/install | sh
By default, the supergloo
binary lives under $HOME/.supergloo/bin
. You can either add it to your path as the post-installation instructions suggest, but I usually just create a symlink to the /usr/local/bin
folder like this:
ln -s $HOME/.supergloo/bin/supergloo /usr/local/bin/supergloo
The first thing you want to do after you've installed the CLI is to run the supergloo init
command. This command will create services accounts, cluster roles and bindings and three deployments, all in the supergloo-system
namespace.
Note: make sure you switch the context to the correct Kubernetes config/cluster, before running the command.
You can run the kubectl get pods -n supergloo-system
command to check if and when all the pods are up and running:
$ kubectl get po -n supergloo-system
NAME READY STATUS RESTARTS AGE
discovery-68df78f9c-rk2w4 1/1 Running 0 58s
mesh-discovery-bc9fbcb7f-z84r9 1/1 Running 0 58s
supergloo-59445698c5-p2fvm 1/1 Running 0 58s
Installing Istio with SuperGloo
You have two options to install Istio using SuperGloo - one is to use the CLI and specify the configuration settings, and the second one is to use a custom resource called Install to define the configuration.
Here are different flags (as of version 0.3.15
) you can set to install Istio:
--auto-inject enable auto-injection? (default true)
--egress enable egress gateway?
--grafana add grafana to the install?
--ingress enable ingress gateway?
--installation-namespace string which namespace to install Istio into? (default "istio-system")
--jaeger add jaeger to the install?
--mtls enable mtls? (default true)
--prometheus add prometheus to the install?
--version string version of istio to install? available: [1.0.3 1.0.5 1.0.6] (default "1.0.6")
We'll start with this setup - latest Istio supported in SuperGloo (1.0.6
) with auto injection turned on, mTLS enabled and ingress enabled. Later on, we will try to add/enable additional features.
Run the following command to install the Istio using SuperGloo defaults:
$ supergloo install istio --name istio --ingress
+---------+------------+---------+---------------------------+
| INSTALL | TYPE | STATUS | DETAILS |
+---------+------------+---------+---------------------------+
| istio | Istio Mesh | Pending | enabled: true |
| | | | version: 1.0.6 |
| | | | namespace: istio-system |
| | | | mtls enabled: true |
| | | | auto inject enabled: true |
| | | | grafana enabled: false |
| | | | prometheus enabled: false |
| | | | jaeger enabled: false |
| | | | ingress enabled: true |
| | | | egress enabled: false |
+---------+------------+---------+---------------------------+
There is also an interactive mode, where SuperGloo CLI takes you through all options and asks you which one you want. You can run it by adding the
-i
flag like this:supergloo install istio -i
To check the installation progress, you can run kubectl get po -n istio-system
and once the status on pods is either Running or Completed, the mesh is successfully installed.
Finally, let's label the default
namespace with istio-injection=enabled
, so we don't need to manually inject the sidecar proxies:
kubectl label namespace default istio-injection=enabled
You can run the command below to check which namespaces have automatic injection enabled:
$ kubectl get namespace -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
default Active 121m enabled
istio-system Active 69m
kube-public Active 121m
kube-system Active 121m
supergloo-system Active 100m
Traffic Routing with SuperGloo
With automatic injection enabled, you can deploy the Hello Web first (this simple web site just makes calls to the underlying greeter service and returns the greeting):
cat << EOF | kubectl apply -f -
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: helloweb
labels:
app: helloweb
version: v1
spec:
replicas: 3
template:
metadata:
labels:
app: helloweb
version: v1
spec:
containers:
- image: learnistio/hello-web:1.0.0
imagePullPolicy: Always
name: web
ports:
- containerPort: 3000
env:
- name: GREETER_SERVICE_URL
value: 'http://greeter-service.default.svc.cluster.local:3000'
--------
kind: Service
apiVersion: v1
metadata:
name: helloweb
labels:
app: helloweb
spec:
selector:
app: helloweb
ports:
- port: 3000
name: http
EOF
Let's also deploy 2 versions of the greeter service:
cat << EOF | kubectl apply -f -
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: greeter-service-v1
labels:
app: greeter-service
version: v1
spec:
replicas: 3
template:
metadata:
labels:
app: greeter-service
version: v1
spec:
containers:
- image: learnistio/greeter-service:1.0.0
imagePullPolicy: Always
name: svc
ports:
- containerPort: 3000
--------
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: greeter-service-v2
labels:
app: greeter-service
version: v2
spec:
replicas: 3
template:
metadata:
labels:
app: greeter-service
version: v2
spec:
containers:
- image: learnistio/greeter-service:2.0.0
imagePullPolicy: Always
name: svc
ports:
- containerPort: 3000
EOF
And the Kubernetes service:
cat << EOF | kubectl apply -f -
kind: Service
apiVersion: v1
metadata:
name: greeter-service
labels:
app: greeter-service
spec:
selector:
app: greeter-service
ports:
- port: 3000
name: http
EOF
Finally, let's also deploy a Gateway and a virtual service for the Hello Web, so we can access the service from the outside:
cat <<EOF | kubectl create -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- '*'
--------
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloweb
spec:
hosts:
- '*'
gateways:
- gateway
http:
- route:
- destination:
host: helloweb.default.svc.cluster.local
port:
number: 3000
EOF
At this point, you can access the gateway and you will see responses coming from either v1 or v2 pods, since we haven't created any routing rules.
We could deploy an Istio virtual service for the greeter service and a destination rule to do that, but instead we will use SuperGloo to do that. SuperGloo introduces a custom resource called RoutingRule. The nice thing about this resource is that regardless which underlying mesh you're using (be it Istio or Linkerd), SuperGloo translates the rules accordingly.
To apply a routing rule, run the following SuperGloo command in interactive mode - using this mode CLI asks you bunch of questions and creates the rule based on your answers:
$ supergloo apply routingrule trafficshifting -i
? name for the Routing Rule: greeter-service-v2
? namespace for the Routing Rule: default
? create a source selector for this rule? [y/N]: N
? create a destination selector for this rule? [y/N]: y
? what kind of selector would you like to create? Upstream Selector
choose upstreams for this selector
? add an upstream (choose <done> to finish): supergloo-system.default-greeter-service-3000
? add an upstream (choose <done> to finish): <done>
? add a request matcher for this rule? [y/N]: N
? select a target mesh to which to apply this rule supergloo-system.istio
select the upstreams to which you wish to direct traffic
? add an upstream (choose <done> to finish): supergloo-system.default-greeter-service-v2-3000
? add an upstream (choose <done> to finish): <done>
? choose a weight for {default-greeter-service-v2-3000 supergloo-system} 100
Alternatively, you can apply the exact same rule without the interactive mode:
supergloo apply routingrule trafficshifting \
--name greeter-service-v2 \
--dest-upstreams supergloo-system.default-greeter-service-3000 \
--target-mesh supergloo-system.istio \
--destination supergloo-system.default-greeter-service-v2-3000:100
If you try to access the gateway URL now, you will only get the responses from the greeter service v2.
Enable Grafana and Jaeger with SuperGloo
If you remember from the beginning of this article, we picked a barebones installation of the Istio mesh. This is a great way to get started with it - install the smallest set of features, try them out, then expand when you need to (if you need to that is).
Let's see how can we update the existing Istio installation, managed by SuperGloo, to enable Prometheus, Grafana and Jaeger.
To update the Istio installation, you an use the --update
flag and provide new set of options. Note that you need to provide all options you want to change, otherwise SuperGloo will revert to default values. For example: if you enabled ingress originally and you don't enable it when updating the installation, the ingress will get disabled.
Here's the command you can use to add Grafana, Prometheus and Jaeger to the existing Istio installation:
$ supergloo install istio --update \
--name istio \
--ingress \
--jaeger --prometheus --grafana
Above command updates the existing Istio installation - you can monitor the changes by looking at the pods in the istio-system
namespace.
Conclusion
SuperGloo makes it easier to deal with Istio installation. Updating existing installation is as simple as running a CLI command. There's more to SuperGloo though - we've only looked at the installation and simple traffic routing - SuperGloo also supports installing Gloo API gateway, Linkerd mesh and managing those. In one of the upcoming articles, we will take a deeper look into other SuperGloo features.
Posted on April 29, 2019
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.