Simplified Service Mesh Operation and Orchestration

Service Mesh Management a Breeze with SuperGloo & Service Mesh Hub

The service mesh space is a rapidly emerging technical and commercial opportunity, for the moment there are plenty of options to choose from and many more to come in the future. This may sound exciting to application developers but developers who turn to mesh technologies must choose a provider and write directly to those APIs. With this developers become locked into a service mesh implementation. Without generic interfaces, developers lose portability, flexibility, and limit the ability to benefit from innovation across the broad ecosystem.

The SuperGloo project provides an abstraction layer to unify and automate the management lifecycle of any mesh from installation to operations, whether the end user chooses a single or multi cluster meshes from one or more provider for their environment. This opens gate for a multi-mesh architecture where different groups within the same organization or the same user on a same cluster may favor different service mesh offerings, which best fit their specific needs and use-case. SuperGloo has APIs for installing and discovering the capabilities of a service mesh with the `Install` and `Mesh` configuration objects, respectively.

SuperGloo evolved to be a polyglot. Any Service Mesh can benefit from this architecture by integrating with ingress controllers for combined management of north/south and east/west traffic, and allows users to pair any service mesh with any ingress with SuperGloo handling installation and configuration. Recently Solo.io announced an other project called “Service Mesh Hub” which simplifies SuperGloo using a web-portal and enabled a marketplace like platform which facilitates vendors to provide their offerings as extensions.

Service mesh hub stemmed from the release of SuperGloo, which unifies service mesh lifecycle management. The hub builds off of SuperGloo to provide a centralized place for collaboration and management of service mesh technology.

SuperGloo API Spec and Extending to Kubernetes — CRD’s

SuperGloo is built with code generated by Solo-Kit which provides a skeleton for writing event-based systems. Each entity (like route, mesh etc.)to manage multiple service mesh architectures is a go-proto which converts data structures to and from the wire format of protocol buffers.

Users can use ‘Syncers’ to extend the functionality of SuperGloo. The Sync function which works in conjunction with ‘Translator’ is responsible for performing some action in response to a change in either user configuration, or some piece of discovered information. All api-extensions are fed into Kubernetes environment using Kubernetes-CRD’s as shown below.

Install Infra to install multiple Service Mesh using SuperGloo

Managing multiple Service mesh providers with SuperGloo API

SuperGloo Components

SuperGloo CLI

SuperGloo provides a comprehensive set of CLI’s to install SuperGloo itself, install Service Mesh’s, register existing mesh’s and operate them.

SuperGloo CLI

SuperGloo installation on Kubernetes is single command based using ‘supergloo init’ or through Helm:

SuperGloo Installation

Controllers

SuperGloo control plane comprise three components which are deployed as Kubernetes deployments.

SuperGloo Control Plane

1. SuperGloo Controller

Watches events, maintains event loops from user configuration or discovered configuration and manage configuration sync.

2. Mesh Discovery

Watches for existing meshes and meshes installed with SuperGloo. Mesh discovery provides ability to discover service meshes which are running in the cluster to which mesh discovery is deployed.

3. Discovery

Discovery Service is native Gloo’s function discovery mechanism which automates discovery of functions for easy routing.

Installing and Managing Istio with SuperGloo

Once SuperGloo is initialized as shown above, an Install CRD with configuration parameters will be available to trigger SuperGloo to install a mesh.

Istio can be installed using SuperGloo CLI (or) a through YAML configuration snippet applied using Kubectl (native Kubernetes way of creating objects)

Installing Istio using SuperGloo CLI

supergloo install istio --name istio --installation-namespace istio-system --mtls=true --auto-inject=true

Istio Installation Options — SuperGloo CLI

Installing Istio using YAML — SuperGloo CRD’s

Istio Installation — YAML

Any of the above methods install all Istio components seamlessly.

Istio Installed — SuperGloo

SuperGloo controller discovers, syncs and translates all native Istio objects as shown below:

SuperGloo Mesh Discovery

SuperGloo Controller Syncing Istio Components

Configuring Istio using SuperGloo:

SuperGloo enables users to configure and manage Istio installed above any Istio functionality like traffic-shifting, providing certificate authority, fault injection etc. can be easily configured using SuperGloo CLI in interactive and non-interactive modes.

Configuring Traffic Shifting Istio-SuperGloo

Taking an example Bookinfo application, and configuring typical traffic-shifting configuration with SuperGloo. Users can configure traffic-shifting rules using SuperGloo CLI without providing Istio configurations. SuperGloo seamlessly translates all the rules required to Istio thus providing a unified control entity to manage users service mesh (Istio in this scenario).

In this example (Bookinfo), review comprise three versions: v1,v2,v3. As there is no routing-rule specified the Book Reviews alternates between being black, red, and not showing at all.

Example Bookinfo Application

Versioned Review — v1,v2,v3

Configuring traffic-shifiting rule in interactive-mode to divert all the traffic to Reviews-V3:

$ supergloo apply routingrule trafficshifting --interactive

1. Naming the routing_rule and selecting the namespace:

Interactive Mode — Namespace and Name

2. Configuring Source and Destination Selectors:

Configuring Selectors

3. Selecting Upstreams:

Discovery creates upstreams from Kubernetes Services in the following way:

• for each kubernetes service
• for each port on the service
• for each unique subset of labels found on pods backing that service create an upstream named <service-namespace>-<service-name>-<label-values>-<service-port>

Selecting Upstreams to be associated

4. Selecting Target Mesh:

SuperGloo supports and discovers multiple meshes in the environment. For example Istio and Linkerd can co-exist on the same Kubernetes cluster and configuration can be seamlessly segregated across meshes.

Specifying Target Mesh

5. Selecting Upstreams to divert traffic to:

In this example choosing “reviews-v3”

Traffic Divert Destination

This creates a Routing-Rule to divert 100% traffic to reviews-v3. The weightage parameter specified here is ‘1’ as shown below:

Routing Rule created with SuperGloo

Rule enforcement diverting all the traffic to reviews-v3

The above configuration creates a routing-rule and translates/syncs the same to Istio in istio-system namespace as a virtual-service:

SuperGloo RoutingRule Object

Istio VirtualService Object

The configuration above also can be done in a non-interactive mode and also through YAML configuration file applied with Kubectl.

supergloo apply routingrule trafficshifting \
    --name reviews-v3 \
    --dest-upstreams supergloo-system.default-reviews-9080 \
    --target-mesh supergloo-system.istio-istio-system \
    --destination supergloo-system.default-reviews-v2-9080:1 \
    --destination supergloo-system.default-reviews-v3-9080:1

As seen above users can use SuperGloo to configure various Istio specific constructs seamlessly without providing any Istio specific information. All the upstreams in the cluster are auto-discovered using SuperGloo discovery.

Managing Multiple Service Mesh (Isito, Linkerd) using SuperGloo:

SuperGloo supports installation and running multiple ingress with multiple mesh in the same cluster. For example, a Cluster with Istio and Linkerd, SuperGloo discovers both the meshes and users can choose target-mesh while applying any configurations.

Installing Linkerd with SuperGloo on the same cluster with Istio:

Installing Linkerd — SuperGloo

Installing Linkerd — YAML

SuperGloo mesh discovery, discovering both Istio and Linkerd:

Multi-Mesh Discovery — SuperGloo

Choosing target-mesh, applying configuration to a specific mesh with SuperGloo in an environment with multiple meshes.

Target Mesh Selection — SuperGloo

Service Mesh Hub

The hub builds off of SuperGloo to provide a centralized place for collaboration and management of service mesh technology. Service Mesh Hub is the Dashboard which lets users to manage and operate everything about meshes in one portal. Apart from Service Mesh, the Service Mesh Hub also provides an Extension Catalog, that lists tools that can be used to add more functionality to your mesh.

Extensions space is a centralized place for companies to add the different service mesh tools they are using, understand the interactions happening within the mesh and add extensions to each one from a kind of extension app store.

Installation of Service Mesh Hub also installs all the SuperGloo components discussed in the section above. Apart from the SuperGloo components, two extra components: a smm-ui — Service Mesh Hub web portal and smm-apiserver — Interacts with SuperGloo are deployed.

Service Mesh Hub Components

Web-UI of Service Mesh Hub comprise three tabs: 1. Meshes — Various supported Service mesh providers that can be installed using SMH, 2. Extensions — Various extensions available for users to install with the installed service mesh and 3. Demo — Providers to enable demo’s which can be used by users to understand the working pattern and architecture (hands-on).

Extensions

Service Mesh Hub enable developers to write and distribute new service mesh extensions, solving problems related to enforcing dependency requirements and customizing installation manifests based on what meshes have been deployed to the cluster.

Installing Service Mesh and Extensions using Service Mesh Hub

Installing Service Mesh through Service Mesh Hub Portal:

Mesh Installation from Service Mesh Hub — Web Portal

Mesh Status from Service Mesh Hub — Web Portal

Service Mesh Hub enables to install multiple meshes in a same cluster. As seen below Linkerd can also be installed on the same cluster:

Linkerd and Istio installed with Service Mesh Hub

Installing Extensions compatible with installed Service Mesh:

Extensions Catalogue

Sample Meshery Extension Installation

Istio Extensions Installed using Service Mesh Hub

All mesh and extension components will be seamlessly installed with click from the Service Mesh Hub on the Kubernetes cluster under the namespace specified.

Istio, Linkerd and other Istio-Extensions on Kubernetes Cluster installed using Service Mesh Hub

A common standard is critical for a blooming technology like Service Mesh to preserve the best possible end user experience. This was the vision behind SuperGloo — to create an abstraction layer for consistency across different meshes. Microsoft’s Service Mesh Hub aims at similar framework.

On the other hand Service Mesh Hub provides a unified Dashboard to install, discover or operate any mesh and an Extensions Catalog to build, share and install tools that extend the functionality of the mesh environment. It builds on top of and extends the foundational capabilities of SuperGloo to provide a great end user experience and ecosystem collaboration. As service mesh becomes more mainstream, we can expect that plenty of enterprises will be looking for a platform to unify operations and management.