Get started
Install Gloo Gateway in a Kubernetes cluster.
Gloo Gateway is a cloud-native Layer 7 proxy that is based on Envoy and the Kubernetes Gateway API.
Before you begin
Install the following command-line tools.
kubectl, the Kubernetes command line tool. Download thekubectlversion that is within one minor version of the Kubernetes clusters you plan to use.helm, the Kubernetes package manager.glooctl, the Gloo Gateway command line tool.- Linux and macOS:
curl -sL https://run.solo.io/gloo/install | sh export PATH=$HOME/.gloo/bin:$PATH - Windows: Notes that this script requires OpenSSL.
(New-Object System.Net.WebClient).DownloadString("https://run.solo.io/gloo/windows/install") | iex $env:Path += ";$env:userprofile/.gloo/bin/"
- Linux and macOS:
Create or use an existing Kubernetes cluster.
Install Gloo Gateway
Install the open source or enterprise edition of Gloo Gateway.
Open source
Install the custom resources of the Kubernetes Gateway API.
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yamlExample output:
customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/grpcroutes.gateway.networking.k8s.io createdIf you want to use TCPRoutes to set up a TCP listener on your Gateway, you must install the TCPRoute CRD, which is part of the Kubernetes Gateway API experimental channel. Use the following command to install the CRDs.kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/experimental-install.yamlInstall Gloo Gateway.
Verify that the Gloo Gateway control plane is up and running.
kubectl get pods -n gloo-system | grep glooExample output:
NAME READY STATUS RESTARTS AGE gloo-78658959cd-cz6jt 1/1 Running 0 12sVerify that the
gloo-gatewayGatewayClass is created. You can optionally take a look at how the gateway class is configured by adding the-o yamloption to your command.kubectl get gatewayclass gloo-gateway
Enterprise edition
Set your Gloo Gateway license key as an environment variable. If you do not have one, contact an account representative.
export GLOO_GATEWAY_LICENSE_KEY=<license-key>Install the custom resources of the Kubernetes Gateway API.
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yamlExample output:
customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/grpcroutes.gateway.networking.k8s.io createdIf you want to use TCPRoutes to set up a TCP listener on your Gateway, you must install the TCPRoute CRD, which is part of the Kubernetes Gateway API experimental channel. Use the following command to install the CRDs.kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/experimental-install.yamlInstall Gloo Gateway.
Verify that the Gloo Gateway control plane is up and running.
kubectl get pods -n gloo-system | grep glooExample output:
NAME READY STATUS RESTARTS AGE gloo-78658959cd-cz6jt 1/1 Running 0 12sVerify that the
gloo-gatewayGatewayClass is created. You can optionally take a look at how the gateway class is configured by adding the-o yamloption to your command.kubectl get gatewayclass gloo-gateway
Set up an API gateway
Create a gateway resource and configure an HTTP listener. The following gateway can serve HTTP resources from all namespaces.
kubectl apply -n gloo-system -f- <<EOF kind: Gateway apiVersion: gateway.networking.k8s.io/v1 metadata: name: http spec: gatewayClassName: gloo-gateway listeners: - protocol: HTTP port: 8080 name: http allowedRoutes: namespaces: from: All EOFVerify that the gateway is created successfully. You can also review the external address that is assigned to the gateway. Note that depending on your environment it might take a few minutes for the load balancer service to be assigned an external address.
kubectl get gateway http -n gloo-systemExample output:
NAME CLASS ADDRESS PROGRAMMED AGE http gloo-gateway a3a6c06e2f4154185bf3f8af46abf22e-139567718.us-east-2.elb.amazonaws.com True 93s
Deploy a sample app
Create the httpbin namespace.
kubectl create ns httpbinDeploy the httpbin app.
kubectl -n httpbin apply -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/httpbin.yamlVerify that the httpbin app is running.
kubectl -n httpbin get podsExample output:
NAME READY STATUS RESTARTS AGE httpbin-d57c95548-nz98t 3/3 Running 0 18s
Expose the app on the gateway
Create an HTTPRoute resource to expose the httpbin app on the gateway. The following example exposes the app on the
wwww.example.comdomain.kubectl apply -f- <<EOF apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: httpbin namespace: httpbin labels: example: httpbin-route spec: parentRefs: - name: http namespace: gloo-system hostnames: - "www.example.com" rules: - backendRefs: - name: httpbin port: 8000 EOFSetting Description spec.parentRefsThe name and namespace of the gateway resource that serves the route. In this example, you use the HTTP gateway that you created earlier. spec.hostnamesA list of hostnames that the route is exposed on. spec.rules.backendRefsThe Kubernetes service that serves the incoming request. In this example, requests to www.example.comare forwarded to the httpbin app on port 9000. Note that you must create the HTTP route in the same namespace as the service that serves that route. To create the HTTP route resource in a different namespace, you must create a ReferenceGrant resource to allow the HTTP route to forward requests to a service in a different namespace. For more information, see the Kubernetes API Gateway documentation.Verify that the HTTPRoute is applied successfully.
kubectl get -n httpbin httproute/httpbin -o yamlSend a request to the httpbin app.
Next steps
Now that you have Gloo Gateway set up and running, check out the following guides to expand your API gateway capabilities.
- Learn more about Gloo Gateway, its features and benefits.
- Add routing capabilities to your httpbin route by using the Traffic management guides.
- Explore ways to make your routes more resilient by using the Resiliency guides.
- Secure your routes with external authentication and rate limiting policies by using the Security guides.
Keep in mind that you can only have one installation of Gloo Gateway with the Kubernetes Gateway API at a time. Installing the product twice causes required Kubernetes resources that are cluster-scoped, such as GatewayClass, to fail. You can still create multiple Gateway resources to configure HTTP and HTTPS listeners on Gloo Gateway.
Cleanup
If you no longer need this quick-start Gloo Gateway environment, you can uninstall your setup by following the steps in the Uninstall guide.