Overview
Use the Gloo UI to get an at-a-glance view at the configuration, health, and compliance status of your Gloo Gateway components and Istio workloads.
/img/screenshots/ui-dashboard.png
About the Gloo UI
The Gloo UI is automatically installed in the Gloo management cluster. Let's explore some of the key features that you have access to when using the Gloo UI:
- Gloo Gateway overview: With the Gloo UI, you can view information about your Gloo Gateway environment, such as the number of clusters that are registered with the Gloo management server and the Istio version that is deployed to them. You can also review the health of Gloo Gateway components, such as the Gloo management server and agents.
- Resource overview: With the Gloo UI, you can view all Istio, Cilium, and Kubernetes resources in one place for all the clusters that you registered with the management server.
- Request traces: When you enable the built-in Jaeger tracing platform, you can embed the Jaeger UI in to the Gloo UI so that you can monitor request traces. You also have the option to embed the UI of a custom Jaeger instance. For more information, see Add Istio request traces.
- Drill into apps and services: Review what services can communicate with other services, the policies that are applied before traffic is sent to a service, and how traffic between services is secured.
- Visualize network traffic: With the built-in Prometheus integration, the Gloo UI has access to workload-specific metrics, such as the number of requests that were received for a workload. This data is visualized in the Gloo UI graph. For more information about the Prometheus integration, see Prometheus.
For a detailed overview of what information you can find in the Gloo UI, see Explore the Gloo UI.
Default access to the Gloo UI
By default, the Gloo UI is deployed in the gloo-mesh namespace of your management cluster. The deployment is exposed with a ClusterIP service so that no one can access it from outside the cluster. You can review the gloo-mesh-ui resources with the following command.
kubectl get all -A -l app=gloo-mesh-ui
No authentication or authorization is applied by default. Anyone that can access the management cluster can open the Gloo UI and review all of the Gloo custom resources and configurations in your setup.
To control access:
- Give only administrators access to the management cluster.
- Control user access to the Gloo UI service in the management cluster with Kubernetes RBAC.
- Optionally set up external authentication for the Gloo UI.
External authentication for the Gloo UI
To further protect the Gloo UI from unauthorized users, set up authentication and authorization (AuthN/AuthZ) for the Gloo UI by using OpenID Connect (OIDC) and Kubernetes role-based access control (RBAC). The Gloo UI supports OpenID Connect (OIDC) authentication from common providers such as Google, Okta, and Auth0. For more information, see Set up external auth.
Monitored metrics in the Gloo UI
The Gloo UI monitors and visualizes the following metrics from the built-in Prometheus server for the workloads in your cluster. You can see and work with these metrics by using the Gloo UI Graph.
istio_requests_total: This metric is used to determine the number of total requests, successful and failed requests that that passed the ingress gateway or that were sent to your workloads in the service mesh.istio_request_duration_milliseconds_bucket: To determine the latency between microservices, the Gloo UI monitors the milliseconds it takes for a request to be routed from the gateway or client in the service mesh to its destination.hubble_flows_processed_total: For clusters that use the Cilium CNI, the number of network flows that were processed by the Cilium agent are monitored to visualize network traffic between workloads in your cluster.
To learn more about the built-in Prometheus server and the metrics that are available to you, see the Prometheus overview.