What is a service mesh?
Service meshes are all the rage in the Kubernetes world these days, but a lot of people seem to be a bit confused as to what they do and why (when) they need one. The best way to think of a service mesh is to imagine well…..a mesh! The service mesh is a configurable, low‑latency infrastructure layer designed to handle communication between the processes among different services using application programming interfaces (APIs). It ensures that communication among containerized and often ephemeral application infrastructure services is fast, reliable, and secure. The mesh also provides critical capabilities that include:
- Service discovery
- Load Balancing
- Encryption
- Observability
- Authentication
The service mesh is usually implemented by providing a proxy instance, called a sidecar, for each service instance. Sidecars handle inter-service communications, monitoring, and security‑related concerns – anything can be abstracted away from the individual sources. This way, developers can handle development, support, and maintenance for the application code in the services; operations teams can maintain the service mesh and run the app.
Currently, the most well-known service mesh is Istio with the backing of Lyft, Google, and IBM. However, there are many options and the tool I’m going to show you today is going to help you get started with your first service mesh on various platforms.
Let’s go ahead and check out SuperGloo!
What is SuperGloo?
With all of the varied offerings in the service mesh landscape, it makes it difficult to take on the complexities of experimenting with even a single service mesh solution, let alone multiple ones. The goal of SuperGloo is to take charge of these complexities and make it easy for users to deploy multiple service meshes into their environment.
SuperGloo abstracts away key functionalities associated with the service mesh such as:
- encryption
- telemetry
- and, tracing
Using tools like SuperGloo, you can pair any service mesh with any ingress, and leave it to the abstraction to take care of the installation and configuration necessary to let them work together.
Let’s try it out!
Getting started with SuperGloo
Prerequisites
- A running Kubernetes cluster
- Helm (optional)
Installing command line tool (CLI)
The supergloo
command line makes it much easier to install and operate SuperGloo, though it is not required.
To install using the Homebrew package manager, run the following.
brew install solo-io/tap/supergloo
To install on any platform run the following.
curl -sL https://run.solo.io/supergloo/install | sh
You can download the CLI directly via the github page. You need to add SuperGloo to your path after downloading.
export PATH=$HOME/.supergloo/bin:$PATH
Verify the CLI is installed and running correctly with:
supergloo --version
Install the SuperGloo Controller to your Kubernetes cluster using supergloo init
Once your Kubernetes cluster is up and running, run the following command to deploy the SuperGloo Controller and Discovery pods to the supergloo-system
namespace:
supergloo init installing supergloo version 0.3.14 using chart uri https://storage.googleapis.com/supergloo-helm/charts/supergloo-0.3.14. tgz configmap/sidecar-injection-resources created serviceaccount/supergloo created serviceaccount/discovery created serviceaccount/mesh-discovery created clusterrole.rbac.authorization.k8s.io/discovery created clusterrole.rbac.authorization.k8s.io/mesh-discovery created clusterrolebinding.rbac.authorization.k8s.io/supergloo-role-binding created clusterrolebinding.rbac.authorization.k8s.io/discovery-role-binding created clusterrolebinding.rbac.authorization.k8s.io/mesh-discovery-role-binding created deployment.extensions/supergloo created deployment.extensions/discovery created deployment.extensions/mesh-discovery created install successful!
You can see the kubernetes YAML supergloo
is installing to your cluster without installing by running supergloo init --dry-run
.
NOTE: You can install SuperGloo to an existing namespace by providing the--namespace
option. If the option is not provided, the namespace defaults to supergloo-system
.
supergloo init --namespace my-namespace
Check that the SuperGloo and Discovery pods have been created:
kubectl --namespace supergloo-system get all
NAME READY STATUS RESTARTS AGE pod/discovery-68df78f9c-rk2w4 1/1 Running 0 2m49s pod/mesh-discovery-bc9fbcb7f-z84r9 1/1 Running 0 2m49s pod/supergloo-59445698c5-p2fvm 1/1 Running 0 2m49s NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/discovery 1 1 1 1 2m49s deployment.apps/mesh-discovery 1 1 1 1 2m49s deployment.apps/supergloo 1 1 1 1 2m49s NAME DESIRED CURRENT READY AGE replicaset.apps/discovery-68df78f9c 1 1 1 2m49s replicaset.apps/mesh-discovery-bc9fbcb7f 1 1 1 2m49s replicaset.apps/supergloo-59445698c5 1 1 1 2m49s
Install SuperGloo using Helm
Add the SuperGloo Helm charts to your local Helm installation.
helm repo add supergloo http://storage.googleapis.com/supergloo-helm
You can examine the available versions of SuperGloo by running the following command
helm search supergloo/supergloo --versions
NAME CHART VERSION APP VERSION DESCRIPTION supergloo/supergloo 0.3.16 The official Helm Chart for SuperGloo supergloo/supergloo 0.3.15 The official Helm Chart for SuperGloo supergloo/supergloo 0.3.14 The official Helm Chart for SuperGloo supergloo/supergloo 0.3.13 The official Helm Chart for SuperGloo supergloo/supergloo 0.3.12 The official Helm Chart for SuperGloo supergloo/supergloo 0.3.11 The official Helm Chart for SuperGloo ...
Installing Linkerd with SuperGloo
First, ensure that SuperGloo has been initialized in your Kubernetes cluster via supergloo init
or the Supergloo Helm Chart. See the installation instructions for detailed instructions on installing SuperGloo.
Once SuperGloo has been installed, we’ll create an Install CRD with configuration parameters which will then trigger SuperGloo to begin the mesh installation.
This can be done in one of two ways:
Option 1: Using the supergloo CLI:
supergloo install linkerd --name linkerd
See supergloo install linkerd --help
for the full list of installation options for Linkerd.
Option 2: Using kubectl apply on a yaml file:
cat <<EOF | kubectl apply --filename - apiVersion: supergloo.solo.io/v1 kind: Install metadata: name: linkerd spec: installationNamespace: linkerd mesh: linkerdMesh: enableAutoInject: true enableMtls: true linkerdVersion: stable-2.3.0 EOF
Once you’ve created the Install CRD, you can track the progress of the Linkerd installation:
kubectl --namespace linkerd get pod --watch
NAME READY STATUS RESTARTS AGE linkerd-ca-585f97b595-l96mj 1/1 Running 0 46s linkerd-controller-6954987c97-mjj8l 3/3 Running 0 45s linkerd-grafana-7c6bbd8d-6vnqp 1/1 Running 0 46s linkerd-prometheus-644f9f4754-5m2l8 1/1 Running 0 46s linkerd-proxy-injector-8449944ffc-clh6j 1/1 Running 0 8s linkerd-web-546b557f56-xsjqf 1/1 Running 0 5s
To tear everything down from this demo:
kubectl --namespace default delete --filename https://raw.githubusercontent.com/istio/istio/1.0.6/samples/bookinfo/platform/kube/bookinfo.yaml kubectl delete namespace not-injected
Uninstalling Linkerd
If the disabled
field is set to true
on the install CRD. Doing so, again we have two options:
Option 1: Using the supergloo CLI:
supergloo uninstall --name linkerd
Option 2: Using kubectl edit and set spec.disabled: true:
kubectl edit install linkerd
# Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: supergloo.solo.io/v1 kind: Install metadata: name: linkerd namespace: supergloo-system spec: ## add the following line disabled: true ## installationNamespace: linkerd mesh: installedMesh: name: linkerd namespace: supergloo-system linkerdMesh: enableAutoInject: true enableMtls: true linkerdVersion: stable-2.3.0
Installing Istio with SuperGloo
First, ensure that SuperGloo has been initialized in your Kubernetes cluster via supergloo init
or the Supergloo Helm Chart. See the installation instructions for detailed instructions on installing SuperGloo.
Once SuperGloo has been installed, we’ll create an Install CRD with configuration parameters which will then trigger SuperGloo to begin the mesh installation.
This can be done in one of two ways:
Option 1: Using the supergloo
CLI:
supergloo install istio --name istio --installation-namespace istio-system --mtls=true --auto-inject=true
See supergloo install istio --help
for the full list of installation options for istio.
Option 2: Using kubectl apply
on a yaml file:
cat <<EOF | kubectl apply --filename - apiVersion: supergloo.solo.io/v1 kind: Install metadata: name: my-istio namespace: supergloo-system spec: installationNamespace: istio-system mesh: istio: enableAutoInject: true enableMtls: true installGrafana: true installJaeger: true installPrometheus: true version: 1.0.6 EOF
Once you’ve created the Install CRD, you can track the progress of the istio installation:
kubectl --namespace istio-system get pod --watch
NAME READY STATUS RESTARTS AGE grafana-7f6cd4bf56-xst2n 1/1 Running 0 27s istio-citadel-796c94878b-59gw6 1/1 Running 0 26s istio-cleanup-secrets-xd6f8 0/1 Completed 0 27s istio-galley-6c68c5dbcf-z6j5k 1/1 Running 0 27s istio-pilot-c5dddb4b9-nb6fd 2/2 Running 0 26s istio-policy-977d74ff4-669vk 2/2 Running 0 27s istio-sidecar-injector-6d8f88c98f-5f58t 1/1 Running 0 26s istio-telemetry-5f79796bf6-fl4sn 2/2 Running 0 27s istio-tracing-7596597bd7-lc92t 1/1 Running 0 26s prometheus-76db5fddd5-55r6d 1/1 Running 0 26s
Deploying the bookinfo example
A good place to go from here is the try out deploying the Istio Bookinfo example app. To deploy the bookinfo sample, first enable automatic sidecar injection on the default namespace (or any namespace of your choosing):
Istio Injection Label
kubectl label namespace default istio-injection=enabled
Linkerd Injection Annotation
kubectl annotate namespace default linkerd.io/inject=enabled
Next, create the bookinfo deployments and services:
kubectl --namespace default apply --filename \ https://raw.githubusercontent.com/solo-io/supergloo/master/test/e2e/files/bookinfo.yaml
We should be up and running in a few minutes:
kubectl --namespace default get pod --watch
NAME READY STATUS RESTARTS AGE details-v1-6764bbc7f7-k4rhk 2/2 Running 0 27s productpage-v1-54b8b9f55-sxxnw 2/2 Running 0 27s ratings-v1-7bc85949-kh4f9 2/2 Running 0 27s reviews-v1-fdbf674bb-z467l 2/2 Running 0 27s reviews-v2-5bdc5877d6-gvgns 2/2 Running 0 27s reviews-v3-dd846cc78-55wr5 2/2 Running 0 27s
We should see 2/2
containers are READY
, since one of those containers is the sidecar injected by either Istio or Linkerd.
And we’re done
There you have it! Deploying service meshes with SuperGloo is a simple task with the abstraction they provide. I hope that this brief intro provides you with a new tool to add to your toolbox, and hopefully, it might even make a tough deployment easier for you. Until next time, thanks for reading.