- 29 Jun 2023
- 4 Minutes to read
- Print
- PDF
Gloo Edge
- Updated on 29 Jun 2023
- 4 Minutes to read
- Print
- PDF
Gloo Edge is a cloud native API gateway and Ingress Controller built on Envoy proxy to route traffic and secure applications at the edge. Traceable provides a Platform agent that captures the request and sends it to Traceable Platform for observing the requests. Traceable's Platform agent for Gloo Edge only supports Gloo's enterprise edition. Gloo's free edition does not allow a few configuration that are essential for Traceable agent. All the data capture for Gloo Edge is performed using WASM filter. For more information on WASM filter, see WASM.
Following is a high-level deployment diagram for Traceable Platform agent with Gloo Edge.
When the user sends a request to Gloo Edge, the following steps are followed to capture the data:
- User sends the request to Gloo Edge.
- The request passes through the WASM filter.
- The request then passes to the user application.
- The user application sends the response which goes through the WASM filter.
- WASM filter captures the data and sends it to Traceable's module extension (TME) which further sends data to Traceable Platform agent and then to the Platform.
- The Gloo Edge sends the response to the user.
Before you begin
Before you start installing and configuring Traceable's Platform agent, make sure that Gloo Edge enterprise edition is installed and configured. Make sure that glooctl
CLI is installed. For example,
glooctl cli
If you are using OSX, you can use:
brew install glooctl
You can also refer to Gloo Edge documentation if you are on any other platform. Make sure that you have reasonable knowledge of Gloo Edge before proceeding with the installation.
Install Traceable Platform agent
Complete the following steps to install Traceable Platform agent:
- Enter the following command to install Traceable Platform agent using Helm chart:ActionScript
helm install --namespace traceableai traceable-agent traceableai/traceable-agent --create-namespace --values values.yaml
Make sure that the following values are configured in your Gloo Edge setup:
gloo:
gateway:
enabled: true
ingress:
enabled: true
Configure Traceable agent and WASM filter
Configuring Traceable agent with Gloo Edge consists of the following three steps:
- Inject Traceable module extension (TME) and WASM
init
container on the gateway proxy deployment. - Create an upstream for TME.
- Configure the gateway proxy to invoke the WASM filter.
Step 1 - Inject Traceable module extension and WASM init container
Enter the following commands to inject Traceable module extension and WASM init container:
- Enter the following command to make the gloo-system namespace injectable:
kubectl label ns gloo-system traceableai-inject-tme=enabled
- Add annotations to the gateway proxy:ActionScript
kubectl patch deployment.apps/gateway-proxy -p '{"spec": {"template": {"metadata": {"annotations": {"tme.traceable.ai/inject": "true", "wasm.traceable.ai/inject": "true"}}}}}' -n gloo-system # The two annotations we need to add are: # tme.traceable.ai/inject: true # wasm.traceable.ai/inject: true
- Restart the gateway proxy deployment. Enter the following command:ActionScript
After the restart, you would see two pods as shown below:kubectl rollout restart -n gloo-system deployment gateway-proxy
ActionScriptkubectl get pods -n gloo-system | grep "gateway-proxy" gateway-proxy-84b84566b4-q7rm7 2/2 Running 0 54s
Verify WASM init container injection
You can verify whether WASM init
container was successfully injected by checking for init
container injection and whether the /traceable-wasm-filter/
mount is added to the gateway proxy pod.
kubectl describe pod -n gloo-system gateway-proxy-84b84566b4-q7rm7
Name: gateway-proxy-84b84566b4-q7rm7
Namespace: gloo-system
Annotations: kubectl.kubernetes.io/restartedAt: 2022-07-12T16:52:21-04:00
prometheus.io/path: /metrics
prometheus.io/port: 8081
prometheus.io/scrape: true
tme.traceable.ai/inject: true ✅
traffic.kuma.io/exclude-outbound-ports: 4317,8181,5441
traffic.sidecar.istio.io/excludeOutboundPorts: 4317,8181,5441
wasm.traceable.ai/inject: true ✅
Init Containers:
traceable-wasm-init: ✅
...
Mounts:
/traceable-wasm-filters/ from traceable-wasm-filter (rw) ✅
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kc5lb (ro)
Containers:
gateway-proxy:
...
Mounts:
/etc/envoy from envoy-config (rw)
/traceable-wasm-filters/ from traceable-wasm-filter (rw) ✅
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kc5lb (ro)
Step 2 - Create upstream for TME
To create an upstream for TME, create a YAML file named tme-upstream.yaml
as shown below. The upstream is used to export data to the local TME that is running on the gateway proxy.
apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
name: traceableai-module-extension-http
namespace: gloo-system
spec:
static:
hosts:
- addr: 127.0.0.1
port: 5442
Apply the upstream YAML file
To apply the upstream YAML file, enter the following command:
kubectl apply -f tme-upstream.yaml
Step 3 - Configure gateway proxy to invoke WASM filter
Complete the following steps to configure gateway proxy deployment to invoke WASM filter:
- Fetch the gateway configuration. Enter the following command:ActionScript
kubectl get -n gloo-system gateways.gateway.solo.io gateway-proxy -o yaml > gloo-gateway.yaml
- Navigate to the
spec
section and add WASM filter configuration to thehttpGateway
section:
Make sure to configure thespec: bindAddress: '::' bindPort: 8080 httpGateway: # Add from this key down options: wasm: filters: - config: '@type': type.googleapis.com/google.protobuf.StringValue value: | { "targetClusterName": "traceableai-module-extension-http_gloo-system" } filePath: /traceable-wasm-filters/traceable.wasm name: traceable rootId: traceable_filter
targetClusterName
field. This should be set toUPSTREAM_NAME_UPSTREAM_NAMESPACE_NAME
. Based on thetme-upstream.yaml
file, this would betraceableai-module-extension-http_gloo_system
.
Send the requests to your application and verify them in Traceable Platform.
Optional - Configure XML content capture and body capture size
You can optionally configure WASM filter to capture XML content and body capture size. Configure values for allowedContentTypes and bodyCaptureSize in WASM filter configuration as shown below:
spec:
bindAddress: '::'
bindPort: 8080
httpGateway:
options:
wasm:
filters:
- config:
'@type': type.googleapis.com/google.protobuf.StringValue
value: |
{
"allowedContentTypes": ["json", "x-www-form-urlencoded", "xml"],
"bodyCaptureSize": 131072,
"targetClusterName": "traceableai-module-extension-http_gloo-system"
}
filePath: /traceable-wasm-filters/traceable.wasm
name: traceable
rootId: traceable_filter