Explore the UI
After connecting to the Gloo UI, explore the basic layout. You can review the health and configuration of Gloo Mesh custom resources, including registered clusters, workspaces, networking, policies, and more.
The UI offers a view-only experience. Users cannot modify resources.
Gloo UI pages
Review the following sections to learn about the Gloo UI layout.
Overview
The Overview page presents an at-a-glance look at the health of workspaces and clusters that make up your Gloo Mesh setup.
Graph
The Gloo UI includes a Graph page to visualize the network traffic in your apps across meshes and clusters.
Gateways
On the Gateways page, you can review the virtual gateways, attached route tables, and related workloads of your networking setup.
Policies
The Policies page lets you filter the traffic rules in your mesh setup by type or search rules by name.
Overview
The Overview page presents an at-a-glance look at the health of workspaces and clusters that make up your Gloo Mesh setup.
In the Workspaces and Clusters panes, you can review a count of the healthy resources, sort by, or search by name for your resources. You can review top-level details about each resource in the resource cards.
Workspaces:
- From the default collapsed view, you can see the number of clusters, namespaces, and gateways in a card for each workspace.
- Click the expand icon (∧) to expand the card. You see more information about the imported and exported resources, destinations, and policies.
- Click MORE DETAILS ∨ to jump to the workspace details page for that workspace.
Clusters:
- From the default collapsed view, you can see the region, Istio version, and Kubernetes version in a card for each cluster.
- Click the expand icon (∧) to expand the card. You see more information about the Kubernetes resource configuration and compute hardware of the cluster.
- Click MORE DETAILS ∨ to jump to the cluster details page for that cluster.
For more information about workspaces and registered clusters, see the Setup docs.
Graph
The Gloo UI includes a Graph page to visualize the network traffic in your apps across meshes and clusters. The graph is based off Prometheus metrics that the agents on each workload cluster send the management cluster.
Review the following sections to learn more about the Graph layout.
Header, filter, and footer toolbars for navigation
In the Search bar, filter the services that you want to see in the graph. You can choose to find or hide those services.
From the Traffic dropdown, select the range of time that you want the graph to show, such as traffic from the last 15 minutes.
From the Refresh dropdown, select how often you want the graph to refresh the data, such as every 5 seconds. You can also refresh on demand by clicking REFRESH.
After the header toolbar, you can filter what the graph shows by workspace, namespace, and cluster. Filters work like the logical operator AND, so results must meet all the criteria. For example, if you filter by bookinfo workspace, bookinfo namespace, and cluster1, then the graph shows services that meet all these criteria.
Toggle Errors Only to see services that experienced traffic errors during the traffic time range you selected from the header toolbar.
Within the graph views, you can navigate by clicking and dragging whitespace within the main canvas, or by using the navigation arrow buttons, as shown in the following figure.
After the header toolbar, filter, and main canvas, you can choose more viewing options in the footer toolbar.
| # | Icon name | Description |
|---|---|---|
| 1 | Fullscreen | Click to expand your browser to fullscreen. Click again or enter ESC to return to the normal screen size. |
| 2 | Zoom in and out | Zoom in or out on the main view's canvas. Depending on your mouse settings, you can also scroll to zoom in and out. |
| 3 | Fit to canvas | Click to center and fit the content of the current view to the canvas size. This action might be helpful if you rearranged the nodes and zoomed in. |
| 4 | Networking graph views | Click one of the networking graph views to change how the nodes are displayed in the main canvas. For more information, see Networking views. |
| 5 | View legend | Open the graph legend. For more information, see Legend. |
| 6 | Layout settings | Open the graph layout settings. For more information, see Layout settings. |
Legend
From the footer toolbar, click Show Legend.
Node Types describes the icons that are used for the application “nodes” of the graph. For example, a node might be a Kubernetes service, Istio gateway, or external service. (Note that nodes represent your apps, not Kubernetes compute nodes.)
Node States and Edges show whether a service's traffic behaves normally or not, as indicated by color.
| Color | State | Description |
|---|---|---|
| Blue | Normal | The node sends and responds to traffic as expected. |
| Red | Danger | The node has some sort of failure. For example, a policy might be applied to a route that blocks traffic to a service. |
| Yellow | Warn | The node has some sort of degraded traffic. For example, a policy might be applied to a route that rate limits traffic to a service. Most of the requests are successful, but some are not. |
| Gray | Idle | The node does not yet accept or send traffic. For example, the deployment might be pending. |
| Blue lock icon | mTLS applied | Service isolation is enabled for the traffic, with communication secured via mTLS. You can change service isolation settings via an access policy for a specific destination, or for the entire workspace via the workspace settings. |
| Red unlock icon | mTLS not applied | Service isolation is not enabled for the traffic. You can add service isolation via an access policy for a specific destination, or for the entire workspace via the workspace settings. |
Layout settings
From the footer toolbar, click Layout Settings. Toggle on or off the following settings.
- Animations: Change the paths between nodes from a directional animation to a solid line.
- Group By: In view 1, toggle the architectural layout between
CLUSTERandWORKSPACE.CLUSTER: Review the clusters and Kubernetes namespaces that your app nodes are organized in. For example, you might want to focus on reviewing multicluster traffic failover by toggling this view.WORKSPACE: Review the Gloo Mesh workspaces that your app nodes are organized in. For example, you might want to focus reviewing traffic across each of your team's workspaces.
- mTLS: Toggle the lock or unlock icons along paths between nodes. For example, if all your workspaces enable service isolation, then all traffic is secured via mTLS. Thus, you might not want to see the lock icons.
- Idle nodes: Toggle idle app nodes, even though they do not receive traffic.
Networking views
Show an architectural view of your app nodes in the main canvas area of the graph. This view organizes the app nodes by the Gloo Mesh workspace, Kubernetes namespace, and cluster that you filter for.
To rearrange nodes, click and drag. In this view, your changes are cached so that the canvas setup stays similar when you return to the page. For information on the edge paths, node states, locks, and more, see the Legend tab.
Show a simple view of the app nodes in your environment. Nodes are grouped together in close proximity. This view does not show workspace, namespace, or cluster boundaries. However, those boundaries are still used to show or hide out nodes based on your filters.
To rearrange nodes, click and drag. Note that in this view, your changes are NOT cached. For information on the edge paths, node states, locks, and more, see the Legend tab.
Show a simple view of the app nodes in your environment. Nodes are organized into a vertical chain layout. This view does not show workspace, namespace, or cluster boundaries. However, those boundaries are still used to show or hide out nodes based on your filters.
To rearrange nodes, click and drag. Note that in this view, your changes are NOT cached. For information on the edge paths, node states, locks, and more, see the Legend tab.
Gateways
Virtual gateways are used to consistently configure traffic into and across your service meshes. Gloo Mesh gateways serve east-west traffic within the mesh. Gateways can also serve north-south traffic if you also have a Gloo Gateway license. Click a gateway to view its details. The details are organized into the following areas.
- Metadata, including the workspace, cluster, namespace, and YAML configuration file.
- Listeners for HTTP and HTTPS traffic, organized into attached route tables that configure what paths the gateway listens on.
- Gateway Workloads to review the health of gateway deployments.
For more information, see the Gateway docs.
Policies
Use Gloo Mesh policies to control the traffic within your service mesh environment. From the Policies page, you can review information in the following ways:
- Review metadata for the names, workspaces, clusters, and namespaces that policies are in.
- Filter by the type of policy, such as Access, Retry Timeout, or CSRF.
- Search by name of the policy.
Click a policy to review more details, such as the YAML configuration file and the routes, destinations, or workloads that the policy is applied to.
Additional information varies by type of policy. For example, a retry timeout policy includes the following information at a glance:
- The number of retry attempts.
- The duration of the request timeout.
- The number of retry timeouts to attempt per request.
For more information, see Policies.
Next Steps
If your Gloo UI looks a bit sparse, try creating some Gloo Mesh resources such as policies or deploy your Istio-enabled apps.