View the health and performance of your Gloo Mesh Core components and Istio workloads, and view recommendations to harden your setup by using the Dashboard and Insights pages.


The Gloo UI dashboard provides an at-a-glance overview of the health of your Gloo Mesh Core components, your Istio installation, and different tiles to quickly determine the security posture, compliance, and health of your Gloo Mesh Core environment.

Gloo UI dashboard


Gloo Mesh Core comes with an insights engine that automatically analyzes your Istio and Cilium setups for health issues. Then, Gloo shares these issues along with recommendations to harden your Istio and Cilium setups. The insights give you a checklist to address issues that might otherwise be hard to detect across your environment.

Gloo Mesh Core insights

For an overview of available insights, see Insights.


The Inventory section provides an at-a-glance look at the health of registered clusters and discovered services that make up your Gloo environment.


On the Clusters page, review basic details of each cluster that you registered with the Gloo Mesh Core control plane.

  1. To filter clusters by the cluster’s Istio installation health, click the Healthy and Unhealthy buttons. You can also use the Sort by Name dropdown or the search bar to filter clusters by name.

    Figure: Clusters page
  2. Expand each cluster card to review further information about the number of namespaces, services, gateways, and nodes in the cluster. Additionally, you can click More Details to see a more detailed dahboard for the cluster. This dashboard can help you find errors in your Gloo setup, such as a missing CRD in the following example figure.

    Figure: Cluster details page


On the Services page, review a list of the discovered services across all clusters in your Gloo setup. You can quickly find services that are unhealthy by clicking the Healthy and Unhealthy buttons. You can also filter services by name using the search bar, filter by in-mesh and out-of-mesh services, and modify the timeframe that services are available in by using the dropdown menu.

To debug specific services, click View YAML to view the service’s YAML configuration.

Figure: Services page


Security insights

The Dashboard and Security Insights pages of the Gloo UI can help you review the overall security posture of your Istio setup, including insights and recommendations regarding your certificates, encrypted traffic, FIPS compliance, and more.

For more information, see Review your security posture.


Find an overview of resources that are deployed in your cluster and use the filter options in the Gloo UI to find the resource that you need.


View the Istio resources in your Gloo Mesh Core environment, such as virtual services, gateways, or Istio operators. Use the Filter options to filter the list by namespace and Istio resource type. To view the YAML configuration for a resource, click View YAML.

Figure: Resources page


View all Kubernetes resources in your cluster, such as services, service accounts, secrets, or cluster roles. Use the Filter options to filter the list by namespace and Kubernetes resource type. To view the YAML configuration for a resource, click View YAML.

Figure: Resources page


The Gloo UI consumes telemetry data from Prometheus and Jaeger and visualizes this data in the Observability section.


The Gloo UI includes a Graph page to visualize the network traffic that reaches your service mesh. The graph is based off Prometheus metrics that the agents on each workload cluster send the management cluster.

Review the following sections to learn more about the Graph layout.

Layout settings

From the footer toolbar, click Layout Settings. Toggle on or off the following settings.

Header, filter, and footer toolbars for navigation


From the footer toolbar, click Show Legend.

Node Types describes the icons that are used for the application “nodes” of the graph. For example, a node might be a Kubernetes service, Istio gateway, external service, or an attached virtual machine (VM). (Note that nodes represent your apps, not Kubernetes compute nodes.)

Node States and Edges show whether a service’s traffic behaves normally or not, as indicated by a color or icon.

Color or iconStateDescription
BlueNormalThe node sends and responds to traffic as expected.
RedDangerThe node has some sort of failure. For example, a policy might be applied to a route that blocks traffic to a service.
YellowWarnThe node has some sort of degraded traffic. For example, a policy might be applied to a route that rate limits traffic to a service. Most of the requests are successful, but some are not.
GrayIdleThe node does not yet accept or send traffic. For example, the deployment might be pending.
Dashed, black lineL7The traffic between nodes is sent over Layer 7 (application). For this traffic, you can apply L7 HTTP/HTTPS policies that are supported in Gloo Mesh Enterprise and Gloo Mesh Gateway only.
Solid, navy lineL4The traffic between nodes is sent over Layer 4 (transport). To apply L4 policies, use the Solo Cilium CNI.
Colorful trianglesFailure, Healthy, Degraded, or IdleThe connection is in a state of failure, healthy, degraded, or idle, depending on the color. Try describing the resources in your cluster to troubleshoot further.
Blue lock iconmTLS appliedService isolation is enabled for the traffic, with communication secured via mTLS. You can change service isolation settings via an access policy for a specific destination, or for the entire workspace via the workspace settings.
Cilium iconEnforced by CiliumThe traffic connection is enforced by the Solo Cilium CNI.
Istio iconEnforced by IstioThe traffic connection is enforced by Istio.

Networking views


Gloo Mesh Core integrates with Jaeger as the tracing platform. Jaeger is an open source tool that helps you follow the path of a request as it is forwarded between microservices. The chain of events and interactions are then captured by the Gloo telemetry pipeline and visualized in the Jaeger UI that is embedded on the Tracing page of the Gloo UI. You can use this data to troubleshoot issues in your microservices and identify bottlenecks.

To access the Jaeger UI through the Gloo UI, you must enable tracing in the Gloo telemetry pipeline and instrument your apps to collect traces. If you have an existing Jaeger instance that you want to use to visualize traces, you can configure the Gloo UI to embed the UI of your Jaeger instance. For more information, see Add Istio request traces.

Tracing UI