Gloo Gateway is a cloud-native Layer 7 proxy that is based on Envoy and the Kubernetes Gateway API.

Before you begin

  1. Install the following command-line tools.

    • kubectl, the Kubernetes command line tool. Download the kubectl version that is within one minor version of the Kubernetes clusters you plan to use.
    • helm, the Kubernetes package manager.
    • glooctl, the Gloo Gateway command line tool.
      • Linux and macOS:
          curl -sL https://run.solo.io/gloo/install | sh
export PATH=$HOME/.gloo/bin:$PATH
      • Windows: Notes that this script requires OpenSSL.
          (New-Object System.Net.WebClient).DownloadString("https://run.solo.io/gloo/windows/install") | iex
$env:Path += ";$env:userprofile/.gloo/bin/"

  2. Create or use an existing Kubernetes cluster.

Install Gloo Gateway

Install the open source or enterprise edition of Gloo Gateway.

Open source

  1. Install the custom resources of the Kubernetes Gateway API.

      kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/standard-install.yaml

    Example output:

      customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/grpcroutes.gateway.networking.k8s.io created

  2. Install Gloo Gateway.

    This command creates the gloo-system namespace and installs the Gloo Gateway control plane into it.

      glooctl install gateway \
--version 1.20.3 \
--values - << EOF
gatewayProxies:
  gatewayProxy:
    disabled: true
gloo:
  disableLeaderElection: true
kubeGateway:
  enabled: true
EOF

    1. Add the Helm repository for Gloo Gateway Open Source.

        helm repo add gloo https://storage.googleapis.com/solo-public-helm
helm repo update

    2. Install Gloo Gateway. This command creates the gloo-system namespace and installs the Gloo Gateway control plane into it.

        helm install -n gloo-system gloo gloo/gloo \
--create-namespace \
--version 1.20.3 \
-f - <<EOF
gatewayProxies:
  gatewayProxy:
    disabled: true
gloo:
  disableLeaderElection: true
kubeGateway:
  enabled: true
EOF

      Example output:

        NAME: gloo-gateway
LAST DEPLOYED: Thu Apr 18 11:50:39 2024
NAMESPACE: gloo-system
STATUS: deployed
REVISION: 2
TEST SUITE: None

  3. Verify that the Gloo Gateway control plane is up and running.

      kubectl get pods -n gloo-system | grep gloo

    Example output:

      NAME                                  READY   STATUS    RESTARTS   AGE
gloo-78658959cd-cz6jt                 1/1     Running   0          12s

  4. Verify that the gloo-gateway GatewayClass is created. You can optionally take a look at how the gateway class is configured by adding the -o yaml option to your command.

      kubectl get gatewayclass gloo-gateway

    Example output:

      NAME           CONTROLLER             ACCEPTED   AGE
gloo-gateway   solo.io/gloo-gateway   True       56s

Enterprise edition

  1. Set your Gloo Gateway license key as an environment variable. If you do not have one, contact an account representative.

      export GLOO_GATEWAY_LICENSE_KEY=<license-key>

  2. Install the custom resources of the Kubernetes Gateway API.

      kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/standard-install.yaml

    Example output:

      customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io created

  3. Install Gloo Gateway.

    This command creates the gloo-system namespace and installs the Gloo Gateway control plane into it.

      glooctl install gateway enterprise \
--license-key $GLOO_GATEWAY_LICENSE_KEY \
--version 1.20.3 \
--values - << EOF
gloo:
  gatewayProxies:
    gatewayProxy:
      disabled: true
  gloo:
    disableLeaderElection: true
  kubeGateway:
    enabled: true
gloo-fed:
  enabled: false
  glooFedApiserver:
    enable: false
grafana:
  defaultInstallationEnabled: false
observability:
  enabled: false
prometheus:
  enabled: false
EOF

    1. Add the Helm repository for Gloo Gateway Enterprise Edition.

        helm repo add glooe https://storage.googleapis.com/gloo-ee-helm
helm repo update

    2. Install Gloo Gateway Enterprise Edition. This command creates the gloo-system namespace and installs the Gloo Gateway control plane into it.

        helm install -n gloo-system gloo glooe/gloo-ee \
--create-namespace \
--version 1.20.3 \
--set-string license_key=$GLOO_GATEWAY_LICENSE_KEY \
-f - <<EOF
gloo:
  gatewayProxies:
    gatewayProxy:
      disabled: true
  kubeGateway:
    enabled: true
  gloo:
    disableLeaderElection: true
gloo-fed:
  enabled: false
  glooFedApiserver:
    enable: false
grafana:
  defaultInstallationEnabled: false
observability:
  enabled: false
prometheus:
  enabled: false
EOF

      Example output:

        NAME: gloo-gateway
LAST DEPLOYED: Thu Apr 18 11:50:39 2024
NAMESPACE: gloo-system
STATUS: deployed
REVISION: 2
TEST SUITE: None

  4. Verify that the Gloo Gateway control plane is up and running.

      kubectl get pods -n gloo-system

    Example output:

      NAME                                READY   STATUS      RESTARTS   AGE
extauth-64458459c8-9q9kq            1/1     Running     0          26s
gateway-certgen-qpv5q               0/1     Completed   0          31s
gloo-68846f8459-nbzxp               1/1     Running     0          26s
gloo-resource-rollout-check-xskxt   0/1     Completed   0          25s
gloo-resource-rollout-n9kvf         0/1     Completed   0          26s
rate-limit-5d8f859465-qhgsg         1/1     Running     0          26s
redis-9f4f98445-5fh69               1/1     Running     0          26s

  5. Verify that the gloo-gateway GatewayClass is created. You can optionally take a look at how the gateway class is configured by adding the -o yaml option to your command.

      kubectl get gatewayclass gloo-gateway

    Example output:

      NAME           CONTROLLER             ACCEPTED   AGE
gloo-gateway   solo.io/gloo-gateway   True       56s

Set up an API gateway

  1. Create a gateway resource and configure an HTTP listener. The following gateway can serve HTTP resources from all namespaces.

      kubectl apply -n gloo-system -f- <<EOF
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: http
spec:
  gatewayClassName: gloo-gateway
  listeners:
  - protocol: HTTP
    port: 8080
    name: http
    allowedRoutes:
      namespaces:
        from: All
EOF

  2. Verify that the gateway is created successfully. You can also review the external address that is assigned to the gateway. Note that depending on your environment it might take a few minutes for the load balancer service to be assigned an external address.

      kubectl get gateway http -n gloo-system

    Example output:

      NAME   CLASS          ADDRESS                                                                  PROGRAMMED   AGE
http   gloo-gateway   a3a6c06e2f4154185bf3f8af46abf22e-139567718.us-east-2.elb.amazonaws.com   True         93s

Deploy a sample app

  1. Create the httpbin namespace.

      kubectl create ns httpbin

  2. Deploy the httpbin app.

      kubectl -n httpbin apply -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/httpbin.yaml

  3. Verify that the httpbin app is running.

      kubectl -n httpbin get pods

    Example output:

      NAME                      READY   STATUS    RESTARTS   AGE
httpbin-d57c95548-nz98t   3/3     Running   0          18s

Expose the app on the gateway

  1. Create an HTTPRoute resource to expose the httpbin app on the gateway. The following example exposes the app on the wwww.example.com domain.

      kubectl apply -f- <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: httpbin
  namespace: httpbin
  labels:
    example: httpbin-route
spec:
  parentRefs:
    - name: http
      namespace: gloo-system
  hostnames:
    - "www.example.com"
  rules:
    - backendRefs:
        - name: httpbin
          port: 8000
EOF
    SettingDescription
    spec.parentRefsThe name and namespace of the gateway resource that serves the route. In this example, you use the HTTP gateway that you created earlier.
    spec.hostnamesA list of hostnames that the route is exposed on.
    spec.rules.backendRefsThe Kubernetes service that serves the incoming request. In this example, requests to www.example.com are forwarded to the httpbin app on port 9000. Note that you must create the HTTP route in the same namespace as the service that serves that route. To create the HTTP route resource in a different namespace, you must create a ReferenceGrant resource to allow the HTTP route to forward requests to a service in a different namespace. For more information, see the Kubernetes API Gateway documentation.

  2. Verify that the HTTPRoute is applied successfully.

      kubectl get -n httpbin httproute/httpbin -o yaml

  3. Send a request to the httpbin app.

    1. Get the external address of the gateway and save it in an environment variable.

        export INGRESS_GW_ADDRESS=$(kubectl get svc -n gloo-system gloo-proxy-http -o=jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}")
echo $INGRESS_GW_ADDRESS

    2. Send a request to the httpbin app and verify that you get back a 200 HTTP response code. Note that it might take a few minutes for the load balancer service to become fully ready and accept traffic.

        curl -i http://$INGRESS_GW_ADDRESS:8080/headers -H "host: www.example.com:8080"

      Example output:

        HTTP/1.1 200 OK
server: envoy
date: Wed, 17 Jan 2024 17:32:21 GMT
content-type: application/json
content-length: 211
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2

    1. Port-forward the gloo-proxy-http pod on port 8080.

        kubectl port-forward deployment/gloo-proxy-http -n gloo-system 8080:8080

    2. Send a request to the httpbin app and verify that you get back a 200 HTTP response code.

        curl -i localhost:8080/headers -H "host: www.example.com"

      Example output:

        HTTP/1.1 200 OK
server: envoy
date: Wed, 17 Jan 2024 17:32:21 GMT
content-type: application/json
content-length: 211
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2

Next steps

Now that you have Gloo Gateway set up and running, check out the following guides to expand your API gateway capabilities.

  • Learn more about Gloo Gateway, its features and benefits.
  • Add routing capabilities to your httpbin route by using the Traffic management guides.
  • Explore ways to make your routes more resilient by using the Resiliency guides.
  • Secure your routes with external authentication and rate limiting policies by using the Security guides.
  • Install the Gloo UI to get an at-a-glance view of the configuration, health, and compliance status of your Gloo Gateway setup and the workloads in your cluster. To learn more about the features of the Gloo UI, see About the Gloo UI.

Cleanup

If you no longer need this quick-start Gloo Gateway environment, you can uninstall your setup by following the steps in the Uninstall guide.