Gloo Edge
  • 29 Jun 2023
  • 4 Minutes to read
  • PDF

Gloo Edge

  • PDF

Article summary

Gloo Edge is a cloud native API gateway and Ingress Controller built on Envoy proxy to route traffic and secure applications at the edge. Traceable provides a Platform agent that captures the request and sends it to Traceable Platform for observing the requests. Traceable's Platform agent for Gloo Edge only supports Gloo's enterprise edition. Gloo's free edition does not allow a few configuration that are essential for Traceable agent. All the data capture for Gloo Edge is performed using WASM filter. For more information on WASM filter, see WASM.

Following is a high-level deployment diagram for Traceable Platform agent with Gloo Edge.


When the user sends a request to Gloo Edge, the following steps are followed to capture the data:

  1. User sends the request to Gloo Edge.
  2. The request passes through the WASM filter.
  3. The request then passes to the user application.
  4. The user application sends the response which goes through the WASM filter.
  5. WASM filter captures the data and sends it to Traceable's module extension (TME) which further sends data to Traceable Platform agent and then to the Platform.
  6. The Gloo Edge sends the response to the user.
Note
Traceable's Platform agent does not support blocking with Gloo Edge.

Before you begin

Before you start installing and configuring Traceable's Platform agent, make sure that Gloo Edge enterprise edition is installed and configured. Make sure that glooctl CLI is installed. For example, 

glooctl cli

If you are using OSX, you can use: 

brew install glooctl

You can also refer to Gloo Edge documentation if you are on any other platform. Make sure that you have reasonable knowledge of Gloo Edge before proceeding with the installation.


Install Traceable Platform agent

Complete the following steps to install Traceable Platform agent:

  1. Enter the following command to install Traceable Platform agent using Helm chart:
    ActionScript
    helm install --namespace traceableai traceable-agent traceableai/traceable-agent --create-namespace --values values.yaml
Note
The minimum Traceable Platform agent that supports Gloo Edge is 1.21.0.

Make sure that the following values are configured in your Gloo Edge setup:

gloo:
  gateway:
    enabled: true
  ingress:
    enabled: true


Configure Traceable agent and WASM filter

Configuring Traceable agent with Gloo Edge consists of the following three steps:

  1. Inject Traceable module extension (TME) and WASM init container on the gateway proxy deployment.
  2. Create an upstream for TME.
  3. Configure the gateway proxy to invoke the WASM filter.

Step 1 - Inject Traceable module extension and WASM init container

Enter the following commands to inject Traceable module extension and WASM init container:

  1. Enter the following command to make the gloo-system namespace injectable:
    kubectl label ns gloo-system traceableai-inject-tme=enabled
  2. Add annotations to the gateway proxy:
    ActionScript
    kubectl patch deployment.apps/gateway-proxy -p '{"spec": {"template": {"metadata": {"annotations": {"tme.traceable.ai/inject": "true", "wasm.traceable.ai/inject": "true"}}}}}' -n gloo-system
    
    # The two annotations we need to add are: 
    # tme.traceable.ai/inject: true
    # wasm.traceable.ai/inject: true
    
  3. Restart the gateway proxy deployment. Enter the following command:
    ActionScript
    kubectl rollout restart -n gloo-system deployment gateway-proxy
    After the restart, you would see two pods as shown below:
    ActionScript
    kubectl get pods -n gloo-system | grep "gateway-proxy"
    gateway-proxy-84b84566b4-q7rm7    2/2     Running   0              54s
    

Verify WASM init container injection

You can verify whether WASM init container was successfully injected by checking for init container injection and whether the /traceable-wasm-filter/ mount is added to the gateway proxy pod.

kubectl describe pod -n gloo-system gateway-proxy-84b84566b4-q7rm7

Name:         gateway-proxy-84b84566b4-q7rm7
Namespace:    gloo-system
Annotations:  kubectl.kubernetes.io/restartedAt: 2022-07-12T16:52:21-04:00
              prometheus.io/path: /metrics
              prometheus.io/port: 8081
              prometheus.io/scrape: true
              tme.traceable.ai/inject: true  ✅
              traffic.kuma.io/exclude-outbound-ports: 4317,8181,5441
              traffic.sidecar.istio.io/excludeOutboundPorts: 4317,8181,5441
              wasm.traceable.ai/inject: true  ✅
Init Containers:
  traceable-wasm-init: ✅
    ...
    Mounts:
      /traceable-wasm-filters/ from traceable-wasm-filter (rw)  ✅
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kc5lb (ro)
Containers:
  gateway-proxy:
    ...
    Mounts:
      /etc/envoy from envoy-config (rw)
      /traceable-wasm-filters/ from traceable-wasm-filter (rw)  ✅
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kc5lb (ro)

Step 2 - Create upstream for TME

To create an upstream for TME, create a YAML file named tme-upstream.yaml as shown below. The upstream is used to export data to the local TME that is running on the gateway proxy.

apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
  name: traceableai-module-extension-http
  namespace: gloo-system
spec:
  static:
    hosts:
      - addr: 127.0.0.1
        port: 5442

Apply the upstream YAML file

To apply the upstream YAML file, enter the following command:

kubectl apply -f tme-upstream.yaml

Step 3 - Configure gateway proxy to invoke WASM filter

Complete the following steps to configure gateway proxy deployment to invoke WASM filter:

  1. Fetch the gateway configuration. Enter the following command:
    ActionScript
    kubectl get -n gloo-system gateways.gateway.solo.io gateway-proxy -o yaml > gloo-gateway.yaml
  2. Navigate to the spec section and add WASM filter configuration to the httpGateway section:
    spec:
      bindAddress: '::' 
      bindPort: 8080
      httpGateway: # Add from this key down
        options:
          wasm:
            filters:
            - config:
                '@type': type.googleapis.com/google.protobuf.StringValue
                value: |
                  {
                    "targetClusterName": "traceableai-module-extension-http_gloo-system"
                  }
              filePath: /traceable-wasm-filters/traceable.wasm
              name: traceable
              rootId: traceable_filter
    Make sure to configure the targetClusterName field. This should be set to UPSTREAM_NAME_UPSTREAM_NAMESPACE_NAME. Based on the tme-upstream.yaml file, this would be traceableai-module-extension-http_gloo_system.

Send the requests to your application and verify them in Traceable Platform. 

Optional - Configure XML content capture and body capture size

You can optionally configure WASM filter to capture XML content and body capture size. Configure values for allowedContentTypes and bodyCaptureSize in WASM filter configuration as shown below:

spec:
  bindAddress: '::'
  bindPort: 8080
  httpGateway:
    options:
      wasm:
        filters:
        - config:
            '@type': type.googleapis.com/google.protobuf.StringValue
            value: |
              {
                "allowedContentTypes": ["json", "x-www-form-urlencoded", "xml"],
                "bodyCaptureSize": 131072,
                "targetClusterName": "traceableai-module-extension-http_gloo-system"
              }
          filePath: /traceable-wasm-filters/traceable.wasm
          name: traceable
          rootId: traceable_filter

Was this article helpful?

ESC

Eddy, a generative AI, facilitating knowledge discovery through conversational intelligence