As a platform administrator, you enable the Portal add-on as part of the Gloo Mesh Gateway installation. Many of the administrator’s tasks are one-time configuration decisions, and then maintaining the feature with periodic upgrades or monitoring activities.

Gloo components for Portal

When you install Gloo Mesh Gateway, you can choose to set up add-ons that extend the functionality of your environment. To use Portal, you must install several add-ons and other components as follows.

Where do I install these components?

Typically, you install these components in the Gloo management namespace, gloo-mesh.

Alternatively, you might have a separate namespace for Gloo add-ons, including the portal server, external auth service, and rate limiter. The default name for the add-on namespace is gloo-mesh-addons, but you can change the add-on namespace with the common.addonNamespace setting during your Gloo installation.

In multicluster setups, you install these components in each workload cluster.

What are the components?

  • External auth server: The external auth server forces your end-users to authenticate before accessing your developer portal, such as via an OpenID Connect (OIDC) provider. Further, you can apply granular API key extauth policies to each API that you want to expose. These policies are part of your portal’s usage plan.
  • Ingress gateway: To expose your APIs externally, the Portal server must be in the same workspace as your ingress gateway.
  • Rate limiter server: With the rate limiter, you can set up complex usage plans to restrict the number of times that users can access an API. This way, you can offer multiple tiers with more capabilities, as well as prevent your APIs from throttling.
  • Redis backing database: By default, the portal, external auth, and rate limiting servers share a Redis backing database. When a user logs into the developer portal and issues a request to generate an API key, the portal server writes the API key to the Redis instance. In the portal frontend app, this API key is shown to the user. In subsequent requests to your APIs, the user includes the API key as a header. The Gloo external auth server reads the API key from the same Redis database to ensure the keys match. Then, the user request is authenticated and allowed to proceed. To bring your own Redis database, see Backing databases.
  • Portal server: The portal server enables you to create multiple Portal custom resources for each developer portal that you want to expose. The server also serves the Developer Portal API that lets your end-users self-service, such as to generate API keys to access the APIs that are included in their usage plans.

Installation steps

For steps to upgrade your Gloo Mesh Gateway installation with the basic components for Portal, see the Setup tutorial.