Contents x
    Gloo Edge
    • 29 Jun 2023
    • 4 Minutes to read
    • PDF
    Contents

    Gloo Edge

    • Updated on 29 Jun 2023
    • 4 Minutes to read
    • PDF
    Article Summary

    Gloo Edge is a cloud native API gateway and Ingress Controller built on Envoy proxy to route traffic and secure applications at the edge. Traceable provides a Platform agent that captures the request and sends it to Traceable Platform for observing the requests. Traceable's Platform agent for Gloo Edge only supports Gloo's enterprise edition. Gloo's free edition does not allow a few configuration that are essential for Traceable agent. All the data capture for Gloo Edge is performed using WASM filter. For more information on WASM filter, see WASM.

    Following is a high-level deployment diagram for Traceable Platform agent with Gloo Edge.


    When the user sends a request to Gloo Edge, the following steps are followed to capture the data:

    1. User sends the request to Gloo Edge.
    2. The request passes through the WASM filter.
    3. The request then passes to the user application.
    4. The user application sends the response which goes through the WASM filter.
    5. WASM filter captures the data and sends it to Traceable's module extension (TME) which further sends data to Traceable Platform agent and then to the Platform.
    6. The Gloo Edge sends the response to the user.
    Note
    Traceable's Platform agent does not support blocking with Gloo Edge.

    Before you begin

    Before you start installing and configuring Traceable's Platform agent, make sure that Gloo Edge enterprise edition is installed and configured. Make sure that glooctl CLI is installed. For example, 

    glooctl cli

    If you are using OSX, you can use: 

    brew install glooctl

    You can also refer to Gloo Edge documentation if you are on any other platform. Make sure that you have reasonable knowledge of Gloo Edge before proceeding with the installation.

    Install Traceable Platform agent

    Complete the following steps to install Traceable Platform agent:

    1. Enter the following command to install Traceable Platform agent using Helm chart:
      ActionScript
      helm install --namespace traceableai traceable-agent traceableai/traceable-agent --create-namespace --values values.yaml
    Note
    The minimum Traceable Platform agent that supports Gloo Edge is 1.21.0.

    Make sure that the following values are configured in your Gloo Edge setup:

    gloo:
  gateway:
    enabled: true
  ingress:
    enabled: true

    Configure Traceable agent and WASM filter

    Configuring Traceable agent with Gloo Edge consists of the following three steps:

    1. Inject Traceable module extension (TME) and WASM init container on the gateway proxy deployment.
    2. Create an upstream for TME.
    3. Configure the gateway proxy to invoke the WASM filter.

    Step 1 - Inject Traceable module extension and WASM init container

    Enter the following commands to inject Traceable module extension and WASM init container:

    1. Enter the following command to make the gloo-system namespace injectable:
      kubectl label ns gloo-system traceableai-inject-tme=enabled
    2. Add annotations to the gateway proxy:
      ActionScript
      kubectl patch deployment.apps/gateway-proxy -p '{"spec": {"template": {"metadata": {"annotations": {"tme.traceable.ai/inject": "true", "wasm.traceable.ai/inject": "true"}}}}}' -n gloo-system

# The two annotations we need to add are: 
# tme.traceable.ai/inject: true
# wasm.traceable.ai/inject: true
    3. Restart the gateway proxy deployment. Enter the following command:
      ActionScript
      kubectl rollout restart -n gloo-system deployment gateway-proxy
      After the restart, you would see two pods as shown below:
      ActionScript
      kubectl get pods -n gloo-system | grep "gateway-proxy"
gateway-proxy-84b84566b4-q7rm7    2/2     Running   0              54s

    Verify WASM init container injection

    You can verify whether WASM init container was successfully injected by checking for init container injection and whether the /traceable-wasm-filter/ mount is added to the gateway proxy pod.

    kubectl describe pod -n gloo-system gateway-proxy-84b84566b4-q7rm7

Name:         gateway-proxy-84b84566b4-q7rm7
Namespace:    gloo-system
Annotations:  kubectl.kubernetes.io/restartedAt: 2022-07-12T16:52:21-04:00
              prometheus.io/path: /metrics
              prometheus.io/port: 8081
              prometheus.io/scrape: true
              tme.traceable.ai/inject: true  ✅
              traffic.kuma.io/exclude-outbound-ports: 4317,8181,5441
              traffic.sidecar.istio.io/excludeOutboundPorts: 4317,8181,5441
              wasm.traceable.ai/inject: true  ✅
Init Containers:
  traceable-wasm-init: ✅
    ...
    Mounts:
      /traceable-wasm-filters/ from traceable-wasm-filter (rw)  ✅
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kc5lb (ro)
Containers:
  gateway-proxy:
    ...
    Mounts:
      /etc/envoy from envoy-config (rw)
      /traceable-wasm-filters/ from traceable-wasm-filter (rw)  ✅
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kc5lb (ro)

    Step 2 - Create upstream for TME

    To create an upstream for TME, create a YAML file named tme-upstream.yaml as shown below. The upstream is used to export data to the local TME that is running on the gateway proxy.

    apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
  name: traceableai-module-extension-http
  namespace: gloo-system
spec:
  static:
    hosts:
      - addr: 127.0.0.1
        port: 5442

    Apply the upstream YAML file

    To apply the upstream YAML file, enter the following command:

    kubectl apply -f tme-upstream.yaml

    Step 3 - Configure gateway proxy to invoke WASM filter

    Complete the following steps to configure gateway proxy deployment to invoke WASM filter:

    1. Fetch the gateway configuration. Enter the following command:
      ActionScript
      kubectl get -n gloo-system gateways.gateway.solo.io gateway-proxy -o yaml > gloo-gateway.yaml
    2. Navigate to the spec section and add WASM filter configuration to the httpGateway section:
      spec:
  bindAddress: '::' 
  bindPort: 8080
  httpGateway: # Add from this key down
    options:
      wasm:
        filters:
        - config:
            '@type': type.googleapis.com/google.protobuf.StringValue
            value: |
              {
                "targetClusterName": "traceableai-module-extension-http_gloo-system"
              }
          filePath: /traceable-wasm-filters/traceable.wasm
          name: traceable
          rootId: traceable_filter
      Make sure to configure the targetClusterName field. This should be set to UPSTREAM_NAME_UPSTREAM_NAMESPACE_NAME. Based on the tme-upstream.yaml file, this would be traceableai-module-extension-http_gloo_system.

    Send the requests to your application and verify them in Traceable Platform. 

    Optional - Configure XML content capture and body capture size

    You can optionally configure WASM filter to capture XML content and body capture size. Configure values for allowedContentTypes and bodyCaptureSize in WASM filter configuration as shown below:

    spec:
  bindAddress: '::'
  bindPort: 8080
  httpGateway:
    options:
      wasm:
        filters:
        - config:
            '@type': type.googleapis.com/google.protobuf.StringValue
            value: |
              {
                "allowedContentTypes": ["json", "x-www-form-urlencoded", "xml"],
                "bodyCaptureSize": 131072,
                "targetClusterName": "traceableai-module-extension-http_gloo-system"
              }
          filePath: /traceable-wasm-filters/traceable.wasm
          name: traceable
          rootId: traceable_filter
    Was this article helpful?
    What's Next
    ©2023 Traceable Inc
    terms of services
    privacy policy
    oss disclosures