Skip to main content

Install Glasnostic for Kubernetes

This document explains how to get up and running with Glasnostic on an existing Kubernetes cluster. The process consists of two simple steps:

  1. Install Glasnostic for Kubernetes.
  2. Restart pods to pick up the new sidecars.

Prerequisites

Kubernetes cluster and tools

You need a running Kubernetes cluster, using any Kubernetes version 1.16 or higher. Glasnostic officially supports Kubernetes deployments on AWS EKS, Azure AKS and Rancher.

To successfully deploy and explore Glasnostic, your clusters worker node(s) should have at least 4 vCPU, 16GB of memory and 50GB of storage. See the Systems requirements for additional information for recommended sizing.

note

Ensure other service mesh components (e.g. Istio) are not configured to inject into the same namespaces as Glasnostic to avoid conflicts. If you are already utilizing Istio see Glasnostic for Istio, which works seamlessly with any existing Istio installation.

Make sure you have a working bash and kubectl. Also, make sure you have openssl installed as the installer needs it to create certificates for communicating with the Kubernetes cluster. Please make sure your system time is set correctly to avoid issues with OpenSSL generating the required certificates.

Finally, ensure that you can access your cluster from the machine where you are executing the installer from.

info

The commands in this guide expect to find the proper kubeconfig for your cluster in the standard ~/.kube/config location. If you require a different kubeconfig file, make sure to set the KUBECONFIG environment variable accordingly.

Glasnostic environment

To install Glasnostic for Kubernetes, you need to have a Glasnostic account and an environment configured for your Kubernetes cluster.

  1. Create a free Glasnostic account here Signup.
  2. To create an Environment, see Creating an Environment.

Once set up, your environment should look like this:

Environment Settings

The ID field shows your network ID. You need the network ID to configure the Glasnostic data plane to be able to send data to the correct environment. Copy the network ID, you will provide it to the install script in the next step.

Install Glasnostic for Kubernetes

To install Glasnostic, run:

curl -s https://get.glasnostic.com/install-k8s-release | bash -s <NETWORK_ID>

where <NETWORK_ID> is the network ID that was created when you created your network. This may take a minute or two.

When the installation has completed, you should see this message:

Script output
Glasnostic for Kubernetes has been installed successfully.

Congratulations! Glasnostic for Kubernetes is now installed on your cluster and ready to run.

tip

You can also install via Helm. See Helm guide for more information.

Restart running pods

The data plane is using the sidecar pattern to monitor and control interactions between pods. By default, Glasnostic does not inject sidecars into any pods unless the namespace has been labled. To include a namespace, label it with glasnostic=enable. To lable a default namespace use the following command:

kubectl label namespace default glasnostic=enable

This will label the default namespace

The sidecar is then injected automatically for all newly created pods, but existing pods have to be restarted to receive their sidecar. The simplest way to restart pods is to just delete them and let Kubernetes handle the restart. For example, to delete all pods in the default namespace, run:

kubectl delete po -n default --all

Replace default with the namespace where you'd like to cycle all pods for a restart.

It is not recommended to inject the sidecar into these two type of pods:

  • Pods in the kube-system namespace
  • Pods that are part of the HostNetwork, because k8s doesn't do Network Namespace isolation for them. Because sidecar injection uses iptables rules to redirect traffic to the sidecar within the isolated network namespace of the pod, sidecars can only be injected into pods that communicate via the pod network. This excludes pods that have hostNetwork enabled.

Verify that sidecars were injected

To verify that the Glasnostic sidecar was injected into all relevant pods, run kubectl get po -A and check that the READY column lists an additional container. For instance, if a pod would normally list as 1/1, it should list as 2/2 if the sidecar was injected successfully:

kubectl get po -A
Output with sidecar injected
NAMESPACE       NAME                              READY
default adservice-5597994964-mvml4 2/2

View the console

Now that Glasnostic is running on your Kubernetes cluster, log into the Glasnostic Console and select the environment you designated in Glasnostic environment from the environment dropdown. Assuming your Kubernetes cluster is up, reachable and has applications actively serving requests, you will see a service map showing which pods are running as well as the interactions between them.

Glasnostic UI The service map on the left shows Interactions between pods of a sample application deployed in two namespaces. The cyan-colored nodes are load generator pods. The right side shows short-term behaviors of various subsets of the architecture.

Next steps

Uninstalling Glasnostic

If you need to remove Glasnostic from your cluster simply run the following two commands to uninstall Glasnostic's data-plane. Make sure you restart your application containers to also remove the sidecar after you uninstalled the data-plane.

kubectl delete ns glasnostic-system
kubectl delete Mutatingwebhookconfigurations/glasnostic-sidecar-injector