Configuring Function Discovery

Gloo Gateway’s Function Discovery Service (FDS) attempts to poll endpoints for:

The default endpoints evaluated for swagger or OpenAPISpec docs are:

"/openapi.json"
"/swagger.json"
"/swagger/docs/v1"
"/swagger/docs/v2"
"/v1/swagger"
"/v2/swagger"

If you have an OpenAPI definition on a different endpoint, you can customize the location by configuring it in the serviceSpec.rest.swaggerInfo.url field. For example, for a given Upstream, you can add the following including an explicit location for the OpenAPI document:

apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
  labels:
    discovered_by: kubernetesplugin
    service: petstore
  name: default-petstore-8080
  namespace: gloo-system
spec:
  discoveryMetadata: {}
  kube:
    selector:
      app: petstore
    serviceName: petstore
    serviceNamespace: default
    servicePort: 8080
    serviceSpec:
      rest:
        swaggerInfo:
          url: http://petstore.default:8080/foo/bar/swagger.json

Note, Function Discovery needs to be enabled for this to work. See the next sections.

Function Discovery Service (FDS)

Using FDS means that the Gloo Gateway discovery component will make HTTP requests to all Upstreams known to Gloo Gateway trying to discover functions. This behavior causes increased network traffic and may be undesirable if it causes unexpected behavior or logs to appear in the services Gloo Gateway is attempting to poll. For this reason, we may want to restrict the manner in which FDS polls services.

Gloo Gateway allows whitelisting/blacklisting services, either by namespace or on the individual service level.

We can use these configuration settings to restrict FDS to discover only the namespaces or individual services we choose.


Configuring the fdsMode Setting

FDS can run in one of 3 modes:

Setting the fdsMode can be done either via the Helm Chart, or by directly modifying the default gloo.solo.io/v1.Settings custom resource in Gloo Gateway’s installation namespace (gloo-system).

(Enterprise Only) Automated schema generation for GraphQL is enabled by default. This can be disabled by modifying the gloo.solo.io/v1.Settings custom resource as seen below

Setting fdsMode via the Helm chart

Add the following to your Helm overrides file:

settings:
  create: true

discovery:
  # set to either WHITELIST, BLACKLIST, or DISABLED
  # WHITELIST is the default value
  fdsMode: BLACKLIST

Or add the following CLI flags to helm install|template commands:

helm install|template ... --set settings.create=true --set discovery.fdsMode=BLACKLIST

Setting fdsMode by editing the gloo.solo.io/v1.Settings custom resource:

kubectl edit -n gloo-system settings.gloo.solo.io
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: gloo.solo.io/v1
kind: Settings
metadata:
  labels:
    app: gloo
    gloo: settings
  name: default
  namespace: gloo-system
spec:
  bindAddr: 0.0.0.0:9977
  discoveryNamespace: gloo-system
  kubernetesArtifactSource: {}
  kubernetesConfigSource: {}
  kubernetesSecretSource: {}
  refreshRate: 60s
  # add the following lines
  discovery:
    # set to either WHITELIST, BLACKLIST, or DISABLED
    # WHITELIST is the default value
    fdsMode: WHITELIST
    fdsOptions:
      # set to false to disable automated GraphQL schema generation as part of FDS.
      # true is the default value (enabled)
      graphqlEnabled: true

Blacklisting Namespaces & Upstreams

When running in BLACKLIST mode, blacklist upstreams by adding the following label:

discovery.solo.io/function_discovery=disabled.

E.g. with

kubectl label namespace default discovery.solo.io/function_discovery=disabled
kubectl label upstream -n myapp myupstream discovery.solo.io/function_discovery=disabled

# if the Upstream was discovered and is managed by UDS (Upstream Discovery Service)
# then you can add the label to the service and it will propagate to the Upstream
kubectl label service -n myapp myservice discovery.solo.io/function_discovery=disabled

This label can be applied to namespaces and upstreams.

To enable FDS for specific upstreams in a blacklisted namespace:

discovery.solo.io/function_discovery=enabled


Whitelisting Namespaces & Upstreams

When running in WHITELIST mode, whitelist Upstreams by adding the following label:

discovery.solo.io/function_discovery=enabled.

E.g. with

kubectl label namespace default discovery.solo.io/function_discovery=enabled
kubectl label upstream -n myapp myupstream discovery.solo.io/function_discovery=enabled

# if the Upstream was discovered and is managed by UDS (Upstream Discovery Service)
# then you can add the label to the service and it will propagate to the Upstream
kubectl label service -n myapp myservice discovery.solo.io/function_discovery=enabled

This label can be applied to namespaces and upstreams.

To disable FDS for specific services/upstreams in a whitelisted namespace:

discovery.solo.io/function_discovery=disabled