Overview

Use the Gloo UI to get an at-a-glance view at the configuration, health, and compliance status of your Gloo Mesh Enterprise components and Istio workloads.

Gloo UI dashboard

About the Gloo UI

The Gloo UI is automatically installed in the Gloo management cluster. Let's explore some of the key features that you have access to when using the Gloo UI:

For a detailed overview of what information you can find in the Gloo UI, see Explore the Gloo UI.

Default access to the Gloo UI

By default, the Gloo UI is deployed in the gloo-mesh namespace of your management cluster. The deployment is exposed with a ClusterIP service so that no one can access it from outside the cluster. You can review the gloo-mesh-ui resources with the following command.

kubectl get all -A -l app=gloo-mesh-ui

No authentication or authorization is applied by default. Anyone that can access the management cluster can open the Gloo UI and review all of the Gloo custom resources and configurations in your setup.

To control access:

  1. Give only administrators access to the management cluster.
  2. Control user access to the Gloo UI service in the management cluster with Kubernetes RBAC.
  3. Optionally set up external authentication for the Gloo UI.

HTTPS configuration for the Gloo UI

By default, the Gloo UI is exposed within the cluster only and configured to accept incoming HTTP traffic. To make the Gloo UI accessible to external users, you can expose the Gloo UI by using a public load balancer. Note that while traffic to the load balancer is encrypted, the traffic between the load balancer and the Gloo UI is not encrypted by default. To protect the Gloo UI and its data, it is a common practice to configure the Gloo UI for HTTPS traffic so that all data is secured and encrypted at all times.

Externally exposing the Gloo UI via a load balancer and configuring the Gloo UI to accept only HTTPS traffic provides the following key advantages:

For more information, see Configure the UI for HTTPS.

External authentication for the Gloo UI

To further protect the Gloo UI from unauthorized users, set up authentication and authorization (AuthN/AuthZ) for the Gloo UI by using OpenID Connect (OIDC) and Kubernetes role-based access control (RBAC). The Gloo UI supports OpenID Connect (OIDC) authentication from common providers such as Google, Okta, and Auth0. For more information, see Set up external auth.

Monitored metrics in the Gloo UI

The Gloo UI monitors and visualizes the following metrics from the built-in Prometheus server for the workloads in your cluster. You can see and work with these metrics by using the Gloo UI Graph.

To learn more about the built-in Prometheus server and the metrics that are available to you, see the Prometheus overview.