Launch the UI

The Gloo UI is served from the gloo-mesh-ui service on port 8090. When you have access to the management cluster, you can launch the Gloo UI from your local machine. You can connect by using the meshctl or kubectl CLIs.

  1. Open the Gloo UI. The Gloo UI is served from the gloo-mesh-ui service on port 8090. You can connect by using the meshctl or kubectl CLIs.

  2. Optional: If authentication is enabled, sign in.
  3. Review the dashboard.

Overview

The Overview page presents an at-a-glance look at the health of workspaces and clusters that make up your Gloo setup.

In the Workspaces and Clusters panes, you can review a count of the healthy resources, sort by, or search by name for your resources. You can review top-level details about each resource in the resource cards. For more information about workspaces and registered clusters, see the Setup docs.

Figure: Overview page in the Gloo UI

Graph

The Gloo UI includes a Graph page to visualize the network traffic that reaches your service mesh. The graph is based on Prometheus metrics that are collected with the Gloo telemetry pipeline.

Review the following sections to learn more about the Graph layout.

Layout settings

From the footer toolbar, click Layout Settings. Toggle on or off the following settings.

Figure: Graph UI layout settings

Header, filter, and footer toolbars for navigation

Legend

From the footer toolbar, click Show Legend.

Node Types describes the icons that are used for the application “nodes” of the graph. For example, a node might be a Kubernetes service, Istio gateway, external service, or an attached virtual machine (VM). (Note that nodes represent your apps, not Kubernetes compute nodes.)

Node States and Edges show whether a service’s traffic behaves normally or not, as indicated by a color or icon.

Color or iconStateDescription
BlueNormalThe node sends and responds to traffic as expected.
RedDangerThe node has some sort of failure. For example, a policy might be applied to a route that blocks traffic to a service.
YellowWarnThe node has some sort of degraded traffic. For example, a policy might be applied to a route that rate limits traffic to a service. Most of the requests are successful, but some are not.
GrayIdleThe node does not yet accept or send traffic. For example, the deployment might be pending.
Dashed, black lineL7The traffic between nodes is sent over Layer 7 (application). For this traffic, you can apply L7 HTTP/HTTPS Gloo Mesh and Gloo Mesh Gateway policies.
Solid, navy lineL4The traffic between nodes is sent over Layer 4 (transport). You cannot apply Gloo Mesh Enterprise or Gloo Mesh Gateway policies to Layer 4 traffic as these products operate on Layer 7.
Colorful trianglesFailure, Healthy, Degraded, or IdleThe connection is in a state of failure, healthy, degraded, or idle, depending on the color. Try describing the resources in your cluster to troubleshoot further.
Blue lock iconmTLS appliedService isolation is enabled for the traffic, with communication secured via mTLS. You can change service isolation settings via an access policy for a specific destination, or for the entire workspace via the workspace settings.
Istio iconEnforced by IstioThe traffic connection is enforced by Istio, which indicates that you use Gloo Mesh, or Gloo Mesh Gateway for gateway-only connections.
Figure: Graph UI legend

Networking views

Gateways

Gloo Mesh Gateway license only: Virtual gateways consistently configure traffic into and across your environment. Click a gateway to view its details. The details are organized into the following areas. For more information, see Configure gateway listeners in the Gloo Mesh Gateway docs.

  • Metadata, including the workspace, cluster, namespace, and YAML configuration file.
  • Listeners for HTTP and HTTPS traffic, organized into attached route tables that configure what paths the gateway listens on. Expand a route table to view more details, such as the if-then routing matchers and actions.
  • Gateway Workloads to review the health of gateway deployments.

Policies

Use Gloo policies to control the traffic for your workloads. From the Policies page, you can review information in the following ways:

  • Review metadata for the names, workspaces, clusters, and namespaces that policies are in.
  • Filter by the type of policy, such as Access or Ext Auth.
  • Search by name of the policy.

Click a policy to review more details, such as the YAML configuration file and the routes, destinations, or workloads that the policy is applied to. Additional information varies by type of policy.

For more information, see the traffic management, security, and resiliency policy guides.

Figure: Policies UI

APIs

Gloo Mesh Gateway license only: From the APIs page, you can review route tables that are backed by the following types of APIs:

  • REST APIs that you bundle together into API product to use with Gloo Portal.
  • GraphQL APIs that you use with Gloo GraphQL.

To review the details of the APIs in your route table, click the route table. Then, you can review the OpenAPI schema and paths, as well as other information such as the portals and gateways that the APIs are exposed on or the backing destinations.

Portals

Gloo Mesh Gateway license only: In Gloo Mesh Gateway, you can expose your APIs in user-facing developer portals. This way, your end users can browse through your API products, see the usage plans you offer per product, review the OpenAPI docs, and even generate API keys to securely access your APIs. For more information, see the Portal in the Gloo Mesh Gateway docs.

To view more details, click a portal.

  • Published APIs are the API products that are exposed in your developer portal. These API products are route table that you can also review in the APIs tab, to see more information such as the OpenAPI spec and paths. For more information, see Bundle your APIs into API products.
  • Usage Plans are the rate limiting and external auth policies that are associated with the portal. You create different plans depending on your product and pricing strategies for your APIs. For example, you might have bronze, silver, and gold usage plans, or a “freemium” plan. For more information, see Prepare usage plans.

Debug

From the Debug page, you can view and download the full configuration of various Gloo or Istio resources that your Gloo custom resources are translated into. These translated resources control the service mesh and network traffic within your environment.

When you experience issues, check these translated resources to start debugging. For more information, see Troubleshooting.

Figure: Debug UI