Skip to content
If you are interested in trying out Gloo Gateway with the Kubernetes Gateway API, check out Solo Enterprise for kgateway. This version adds enterprise functionality on top of the kgateway open source project.

Set up the UI

Page as Markdown
Install the Gloo UI to get an at-a-glance view of the configuration, health, and compliance status of your Gloo Gateway setup and the workloads in your cluster.
To learn more about the features of the Gloo UI, see About the Gloo UI.
  • In single cluster setups, you can install the Gloo UI in the same cluster alongside your Gloo Gateway installation.
  • In multicluster setups, you can enable the Gloo UI relay architecture components that help you relay metrics, logs, and insights from each cluster to the Gloo UI component. This observability setup lets you use the Gloo UI as a single pane of glass for all your clusters. To learn more about the relay architecture, its components, and how they communicate with each other, see Relay architecture in the Solo Enterprise for Istio documentation.
Before you begin

  1. Follow the Get started guide to install Gloo Gateway, set up a gateway resource, and deploy the httpbin sample app.
  2. Get the external address of the gateway and save it in an environment variable.
    export INGRESS_GW_ADDRESS=$(kubectl get svc -n gloo-system gloo-proxy-http -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}")
echo $INGRESS_GW_ADDRESS  
    kubectl port-forward deployment/gloo-proxy-http -n gloo-system 8080:8080
Set up the Gloo UI

Single cluster

Use these instructions to install the Gloo UI in the same cluster as Gloo Gateway. The Gloo UI analyzes your Gloo Gateway setup and provides metrics and insights to you.
  1. Set the name of your cluster and your Gloo Gateway license key as an environment variable.
    export CLUSTER_NAME=<cluster-name>
export GLOO_GATEWAY_LICENSE_KEY=<license-key>
  2. Add the Helm repo for the Gloo UI.
    helm repo add gloo-platform https://storage.googleapis.com/gloo-platform/helm-charts
helm repo update  
  3. Install the custom resources for the Gloo UI.
    helm upgrade -i gloo-platform-crds gloo-platform/gloo-platform-crds \
 --namespace=gloo-system \
 --version=2.7.7 \
 --set installEnterpriseCrds=false
  4. Install the Gloo UI and configure it for Gloo Gateway. If you also installed an ambient mesh by using the Solo distribution of Istio, see the Gloo Gateway and ambient mesh tab.
    helm upgrade -i gloo-platform gloo-platform/gloo-platform \
--namespace gloo-system \
--version=2.7.7 \
-f - <<EOF
common:
  adminNamespace: "gloo-system"
  cluster: $CLUSTER_NAMEfeatureGates:&#10;insightsConfiguration: true
glooInsightsEngine:
  enabled: true
glooAnalyzer:
  enabled: true
glooUi:
  enabled: true
licensing:
  glooGatewayLicenseKey: $GLOO_GATEWAY_LICENSE_KEY
prometheus:
  enabled: true
telemetryCollector:
  enabled: true
  mode: deployment
  replicaCount: 1
EOF
    If you also installed an ambient mesh by using the Solo distribution of Istio:
    1. If you have not already, save your Solo distribution of Istio license key in an environment variable. Note that you might have previously saved this key in another variable, such as ${SOLO_LICENSE_KEY} or ${GLOO_MESH_LICENSE_KEY}.
      export SOLO_ISTIO_LICENSE_KEY=<key>
    2. Install the Gloo UI.
      helm upgrade -i gloo-platform gloo-platform/gloo-platform \
--namespace gloo-system \
--version=2.7.7 \
-f - <<EOF
common:
  adminNamespace: "gloo-system"
  cluster: $CLUSTER_NAME<pre><code>  featureGates:
    insightsConfiguration: true

      glooInsightsEngine:
 enabled: true
  glooAnalyzer:
 enabled: true
  glooUi:
 enabled: true
  licensing:
 glooGatewayLicenseKey: $GLOO_GATEWAY_LICENSE_KEY
 glooMeshCoreLicenseKey: $SOLO_ISTIO_LICENSE_KEY
  prometheus:
 enabled: true
  telemetryCollector:
 enabled: true
 mode: deployment
 replicaCount: 1
  EOF
  ```

  5. Verify that the Gloo UI components are successfully installed.
    kubectl get pods -n gloo-system
    Example output:
    NAME                                        READY   STATUS    RESTARTS   AGE
extauth-f7695bf7f-f6dkt                     1/1     Running   0          10m
gloo-587b79d556-tpvfj                       1/1     Running   0          10m
gloo-mesh-ui-66db8d9584-kgjld               3/3     Running   0          72m
gloo-telemetry-collector-68b8cf6f49-zhx87   1/1     Running   0          57m
prometheus-server-7484d8bfd-tx5s4           2/2     Running   0          72m
rate-limit-557dcb857f-9zq2t                 1/1     Running   0          10m
redis-5d6c6bcd4-cnmbm                       1/1     Running   0          10m
  6. Send a few requests to the httpbin app.
    for i in {1..10}; do curl -i http://$INGRESS_GW_ADDRESS:8080/headers \
-H "host: www.example.com"; done
    for i in {1..10}; do curl -i localhost:8080/headers \
-H "host: www.example.com"; done
  7. Open the Gloo UI.
    1. Port-forward the Gloo UI pod.
      kubectl port-forward deployment/gloo-mesh-ui -n gloo-system 8090
    2. Open the Gloo UI dashboard.
      open http://localhost:8090/dashboard
```<div style="text-align: center;" class="toggle-dark"><figure><img src="/gateway/img/gateway/ui-dashboard.png" width="" alt=""/> <figcaption style="font-style:italic">Figure: Gloo UI dashboard</figcaption></figure></div>&#10;<div style="text-align: center;" class="toggle-light"><figure><img src="/gateway/img/gateway/ui-dashboard.png" width="" alt=""/> <figcaption style="font-style:italic">Figure: Gloo UI dashboard</figcaption></figure></div>
  8. Go to Observability > Graph to see the Gloo UI Graph. Select your cluster from the Cluster drop-down list, and the httpbin and gloo-system namespaces from the Namespace drop-down list. Verify that you see requests from the gateway proxy to the httpbin app. Note that it might take a few seconds for the graph to show the requests that you sent.
    Figure: Gloo UI Graph
    Figure: Gloo UI Graph
Multicluster

If you have a multicluster setup, such as when you use Gloo Gateway as an ingress gateway to a multicluster mesh, you can set up the Gloo UI to capture metrics, logs, and insights for all of your clusters.
To capture telemetry data across multiple clusters, the Gloo UI uses a relay architecture concept that consists of a management server that is typically installed in the same cluster as your Gloo Gateway installation, and multiple agents that are installed in every cluster that you want to collect telemetry data from.
The following guide assumes a two-cluster setup. Cluster1 serves as the cluster that you install the relay management components into for the Gloo UI, and cluster2 serves as a cluster that you want to collect telemetry data from. If you have more clusters that you want to collect telemetry data from, simply repeat the same steps in all of your clusters.
  1. Set the name and kubeconfig of your clusters, and your Gloo Gateway license key as environment variables. In this example, REMOTE_CLUSTER1 serves as the management cluster where you install the relay management components into. This cluster is typically the same cluster where you installed Gloo Gateway. However, it can also be any other cluster. REMOTE_CLUSTER2 is a cluster from which you want to collect telemetry data. Any collected telemetry data from this cluster is automatically sent to the management cluster.
    export REMOTE_CLUSTER1=<cluster1-name>
export REMOTE_CLUSTER2=<cluster2-name>
export REMOTE_CONTEXT1=<cluster1-context>
export REMOTE_CONTEXT2=<cluster2-context>
export GLOO_GATEWAY_LICENSE_KEY=<license-key>
  2. Add the Helm repo for the Gloo UI.
    helm repo add gloo-platform https://storage.googleapis.com/gloo-platform/helm-charts
  3. Install the custom resources for the Gloo UI in each of your clusters.
    helm upgrade -i gloo-platform-crds gloo-platform/gloo-platform-crds \
 --kube-context $REMOTE_CONTEXT1 \
 --namespace=gloo-system \
 --version=2.7.7 \
 --set installEnterpriseCrds=false

helm upgrade -i gloo-platform-crds gloo-platform/gloo-platform-crds \
 --kube-context $REMOTE_CONTEXT2 \
 --namespace=gloo-system \
 --version=2.7.7 \
 --set installEnterpriseCrds=false
  4. In the cluster where you plan to install the Gloo UI components for managing the telemetry data relay, create one KubernetesCluster resource for each cluster that you want to collect telemetry data from. In this example command, you create a KubernetesCluster resource that references cluster2 in the management cluster, cluster1.
    kubectl apply --context $REMOTE_CONTEXT1 -f- <<EOF
apiVersion: admin.gloo.solo.io/v2
kind: KubernetesCluster
metadata:
   name: ${REMOTE_CLUSTER2}
   namespace: gloo-system
spec:
   clusterDomain: cluster.local
EOF
  5. Install the Gloo UI components, including the management server, in one of your clusters. This cluster serves as the management cluster for the telemetry data relay. You typically use the same cluster that Gloo Gateway is installed in, but you can also install it in a different cluster. If you also installed an ambient mesh by using the Solo distribution of Istio, see the Gloo Gateway and ambient mesh tab.
    helm upgrade -i gloo-platform gloo-platform/gloo-platform \
--namespace gloo-system \
--kube-context $REMOTE_CONTEXT1 \
--version=2.7.7 \
-f - <<EOF
common:
  adminNamespace: "gloo-system"
  cluster: $REMOTE_CLUSTER1
featureGates:
  insightsConfiguration: true
glooInsightsEngine:
  enabled: true
  runAsSidecar: false
glooAnalyzer:
  enabled: true
glooUi:
  enabled: true
licensing:
  glooGatewayLicenseKey: $GLOO_GATEWAY_LICENSE_KEY
prometheus:
  enabled: true
redis:
  deployment:
    enabled: true
telemetryCollector:
  enabled: true
  mode: deployment
  replicaCount: 1
telemetryGateway:
  enabled: true
glooMgmtServer:  
  enabled: true
EOF
    If you also installed an ambient mesh by using the Solo distribution of Istio:
    1. If you have not already, save your Solo distribution of Istio license key in an environment variable. Note that you might have previously saved this key in another variable, such as ${SOLO_LICENSE_KEY} or ${GLOO_MESH_LICENSE_KEY}.
      export SOLO_ISTIO_LICENSE_KEY=<key>
    2. Install the Gloo UI.
      helm upgrade -i gloo-platform gloo-platform/gloo-platform \
--namespace gloo-system \
--kube-context $REMOTE_CONTEXT1 \
--version=2.7.7 \
-f - <<EOF
common:
  adminNamespace: "gloo-system"
  cluster: $REMOTE_CLUSTER1
featureGates:
  insightsConfiguration: true
glooInsightsEngine:
  enabled: true
  runAsSidecar: false
glooAnalyzer:
  enabled: true
glooUi:
  enabled: true
licensing:
  glooGatewayLicenseKey: $GLOO_GATEWAY_LICENSE_KEY
  glooMeshCoreLicenseKey: $SOLO_ISTIO_LICENSE_KEY
prometheus:
  enabled: true
redis:
  deployment:
    enabled: true
telemetryCollector:
  enabled: true
  mode: deployment
  replicaCount: 1
telemetryGateway:
  enabled: true
glooMgmtServer:  
  enabled: true
EOF
  6. Verify that the Gloo UI components are successfully installed.
    kubectl get pods -n gloo-system --context $REMOTE_CONTEXT1
    Example output:
    NAME                                        READY   STATUS    RESTARTS   AGE
gloo-mesh-mgmt-server-65b8f4b6cc-fcv27      1/1     Running   0          2m31s
gloo-mesh-redis-5485f9f785-jq7n5            1/1     Running   0          10m
gloo-mesh-ui-b8b46f698-2wdzt                3/3     Running   0          58s
gloo-proxy-http-86554f88d4-ql7bn            1/1     Running   0          2d
gloo-telemetry-collector-68b8cf6f49-hd7hj   1/1     Running   0          10m
gloo-telemetry-gateway-85456cb66c-mghb7     1/1     Running   0          10m
prometheus-server-7484d8bfd-bqzcc           2/2     Running   0          10m
  7. Save the external address and port that your cloud provider assigned to the gloo-mesh-mgmt-server service. The gloo-mesh-agent agent in each cluster accesses this address via a secure connection.
    export MGMT_SERVER_NETWORKING_DOMAIN=$(kubectl get svc -n gloo-system gloo-mesh-mgmt-server --context $REMOTE_CONTEXT1 -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}")
export MGMT_SERVER_NETWORKING_PORT=$(kubectl get svc -n gloo-system gloo-mesh-mgmt-server --context $REMOTE_CONTEXT1 -o jsonpath='{.spec.ports[?(@.name=="grpc")].port}')
export MGMT_SERVER_NETWORKING_ADDRESS=${MGMT_SERVER_NETWORKING_DOMAIN}:${MGMT_SERVER_NETWORKING_PORT}
echo $MGMT_SERVER_NETWORKING_ADDRESS
  8. Save the external address and port that your cloud provider assigned to the Gloo OpenTelemetry (OTel) gateway service. The OTel collector agents in each cluster send metrics to this address.
    export TELEMETRY_GATEWAY_IP=$(kubectl get svc -n gloo-system gloo-telemetry-gateway --context $REMOTE_CONTEXT1 -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}")
export TELEMETRY_GATEWAY_PORT=$(kubectl get svc -n gloo-system gloo-telemetry-gateway --context $REMOTE_CONTEXT1 -o jsonpath='{.spec.ports[?(@.name=="otlp")].port}')
export TELEMETRY_GATEWAY_ADDRESS=${TELEMETRY_GATEWAY_IP}:${TELEMETRY_GATEWAY_PORT}
echo $TELEMETRY_GATEWAY_ADDRESS
  9. Get the value of the root CA certificate from the management server and create a secret in every other cluster in your setup.
    kubectl get secret relay-root-tls-secret -n gloo-system --context $REMOTE_CONTEXT1 -o jsonpath='{.data.ca\.crt}' | base64 -d > ca.crt
kubectl create secret generic relay-root-tls-secret -n gloo-system --context $REMOTE_CONTEXT2 --from-file ca.crt=ca.crt
rm ca.crt
  10. Get the identity token from the management server and create a secret in every other cluster in your setup.
    kubectl get secret relay-identity-token-secret -n gloo-system --context $REMOTE_CONTEXT1 -o jsonpath='{.data.token}' | base64 -d > token
kubectl create secret generic relay-identity-token-secret -n gloo-system --context $REMOTE_CONTEXT2 --from-file token=token
rm token
  11. Enable the Gloo UI agent and telemetry pipeline in each cluster that you want to collect telemetry data from.
    helm upgrade -i gloo-platform gloo-platform/gloo-platform \
--namespace gloo-system \
--kube-context $REMOTE_CONTEXT2 \
--version=2.7.7 \
--set telemetryCollector.config.exporters.otlp.endpoint=$TELEMETRY_GATEWAY_ADDRESS \
--set glooAgent.relay.serverAddress=$MGMT_SERVER_NETWORKING_ADDRESS \
-f - <<EOF
common: 
  cluster: $REMOTE_CLUSTER2
  adminNamespace: "gloo-system"
glooAgent:
  enabled: true
glooAnalyzer:
  enabled: true
telemetryCollector:
  enabled: true
  mode: deployment
  replicaCount: 1
EOF
  12. Verify that the relay and telemetry components that the Gloo UI requires are successfully installed.
    kubectl get pods -n gloo-system --context $REMOTE_CONTEXT2
    Example output:
    gloo-mesh-agent-6c88546cc6-wjhwl            2/2     Running   0          91m
gloo-telemetry-collector-68b8cf6f49-27gpq   1/1     Running   0          86m
  13. Send a few requests to the httpbin app.
    for i in {1..10}; do curl -i http://$INGRESS_GW_ADDRESS:8080/headers \
-H "host: www.example.com"; done
    for i in {1..10}; do curl -i localhost:8080/headers \
-H "host: www.example.com"; done
  14. Open the Gloo UI.
    1. Port-forward the gloo-mesh-ui service on 8090.
      kubectl port-forward -n gloo-system svc/gloo-mesh-ui 8090:8090 --context $REMOTE_CONTEXT1
    2. Open your browser and connect to http://localhost:8090.
      open http://localhost:8090/
```<div style="text-align: center;" class="toggle-dark"><figure><img src="/gateway/img/gateway/ui-dashboard.png" width="" alt=""/> <figcaption style="font-style:italic">Figure: Gloo UI dashboard</figcaption></figure></div>&#10;<div style="text-align: center;" class="toggle-light"><figure><img src="/gateway/img/gateway/ui-dashboard.png" width="" alt=""/> <figcaption style="font-style:italic">Figure: Gloo UI dashboard</figcaption></figure></div>
  15. Go to Observability > Graph to see the Gloo UI Graph. Select your clusters from the Cluster drop-down list, and the httpbin and gloo-system namespaces from the Namespace drop-down list. Verify that you see requests from the gateway proxy to the httpbin app in cluster1. Note that it might take a few seconds for the graph to show the requests that you sent.
Figure: Gloo UI Graph
Figure: Gloo UI Graph
Next

Continue with exploring the features of the Gloo UI.
Explore the UI