Skip to main content

Glasnostic Quick Start

This quickstart will help you install and run Glasnostic in a couple minutes. Using a Kubernetes environment, we’ll show you how to use Glasnostic through the example of an e-commerce application called Online Boutique that we based on Google’s cloud native microservices application.

For a general introduction to Glasnostic — what it is, when to use it, and why it is important — read our introduction.

Key takeaways

In this quickstart you will learn how to:

  1. Measure service interactions across your application
  2. Visualize these interactions in Glasnostic
  3. Control them in real-time
  4. Identify and block unexpected interactions
  5. Automatically microsegment the environment to prevent future unintended interactions.

Let's get started right away and install Glasnostic for Kubernetes.


Kubernetes cluster and tools

You need a running Kubernetes cluster, using any Kubernetes version 1.16 or higher. Glasnostic officially supports Kubernetes deployments on AWS EKS, Azure AKS and Rancher.

To successfully deploy and explore Glasnostic, your clusters worker node(s) should have at least 4 vCPU, 16GB of memory and 50GB of storage. See the Systems requirements for additional information for recommended sizing.


Ensure other service mesh components (e.g. Istio) are not configured to inject into the same namespaces as Glasnostic to avoid conflicts. If you are already utilizing Istio see Glasnostic for Istio, which works seamlessly with any existing Istio installation.

Make sure you have a working bash and kubectl. Also, make sure you have openssl installed as the installer needs it to create certificates for communicating with the Kubernetes cluster. Please make sure your system time is set correctly to avoid issues with OpenSSL generating the required certificates.

Finally, ensure that you can access your cluster from the machine where you are executing the installer from.


The commands in this guide expect to find the proper kubeconfig for your cluster in the standard ~/.kube/config location. If you require a different kubeconfig file, make sure to set the KUBECONFIG environment variable accordingly.

Glasnostic environment

To install Glasnostic for Kubernetes, you need to have a Glasnostic account and an environment configured for your Kubernetes cluster.

  1. Create a free Glasnostic account here Signup.
  2. To create an Environment, see Creating an Environment.

Once set up, your environment should look like this:

Environment Settings

The ID field shows your network ID. You need the network ID to configure the Glasnostic data plane to be able to send data to the correct environment. Copy the network ID, you will provide it to the install script in the next step.

Install Glasnostic for Kubernetes

To install Glasnostic, run:

curl -s | bash -s <NETWORK_ID>

where <NETWORK_ID> is the network ID that was created when you created your network. This may take a minute or two.

When the installation has completed, you should see this message:

Script output
Glasnostic for Kubernetes has been installed successfully.

Congratulations! Glasnostic for Kubernetes is now installed on your cluster and ready to run.


You can also install via Helm. See Helm guide for more information.

Restart running pods

The data plane is using the sidecar pattern to monitor and control interactions between pods. By default, Glasnostic does not inject sidecars into any pods unless the namespace has been labled. To include a namespace, label it with glasnostic=enable. To lable a default namespace use the following command:

kubectl label namespace default glasnostic=enable

This will label the default namespace

The sidecar is then injected automatically for all newly created pods, but existing pods have to be restarted to receive their sidecar. The simplest way to restart pods is to just delete them and let Kubernetes handle the restart. For example, to delete all pods in the default namespace, run:

kubectl delete po -n default --all

Replace default with the namespace where you'd like to cycle all pods for a restart.

It is not recommended to inject the sidecar into these two type of pods:

  • Pods in the kube-system namespace
  • Pods that are part of the HostNetwork, because k8s doesn't do Network Namespace isolation for them. Because sidecar injection uses iptables rules to redirect traffic to the sidecar within the isolated network namespace of the pod, sidecars can only be injected into pods that communicate via the pod network. This excludes pods that have hostNetwork enabled.

Verify that sidecars were injected

To verify that the Glasnostic sidecar was injected into all relevant pods, run kubectl get po -A and check that the READY column lists an additional container. For instance, if a pod would normally list as 1/1, it should list as 2/2 if the sidecar was injected successfully:

kubectl get po -A
Output with sidecar injected
NAMESPACE       NAME                              READY
default adservice-5597994964-mvml4 2/2

Congratulations! Glasnostic for Kubernetes is now installed and ready to run.

Next steps

  • Deploy a sample application to your cluster to experience Glasnostic in action.
  • Run Glasnostic with your own appliation.