Set up Gloo Portal
Set up the portal server and some initial apps to get started.
To use Gloo Portal, you install or upgrade Gloo Mesh Gateway to deploy the portal server. Then, create a gateway listener for the API traffic that you want to expose to end users through the portal. Finally, you deploy some sample apps to get started.
Before you begin
Create or use an existing Kubernetes or OpenShift cluster, and save the cluster name in an environment variable. Note: The cluster name must be alphanumeric with no special characters except a hyphen (-), lowercase, and begin with a letter (not a number).
export CLUSTER_NAME=<cluster_name>Set your Gloo Mesh Gateway license key as an environment variable. If you do not have one, contact an account representative. If you prefer to specify license keys in a secret instead, see Licensing. To check your license’s validity, you can run
meshctl license check --key $(echo ${GLOO_MESH_GATEWAY_LICENSE_KEY} | base64 -w0).export GLOO_MESH_GATEWAY_LICENSE_KEY=<license_key>Install the following command-line (CLI) tools.
kubectl, the Kubernetes command line tool. Download thekubectlversion that is within one minor version of the Kubernetes clusters you plan to use.meshctl, the Solo command line tool.curl -sL https://run.solo.io/meshctl/install | GLOO_MESH_VERSION=v2.5.7 sh - export PATH=$HOME/.gloo-mesh/bin:$PATH
Create a YAML file with the following values to configure the TLS connection between the Gloo management server and agent. The following example uses
My tokenas your relay identity token value, but you can use any string value. The relay token is used by the Gloo agent when establishing the first connection to the Gloo management server. Only when the relay identity token that the agent presents matches the relay token that the Gloo management server uses, initial trust is established and the Gloo agent and management server proceed with establishing a simple TLS connection. In a simple TLS setup, only the management server presents a certificate to authenticate its identity. The identity of the agent is not verified.
cat > values.yaml <<EOF
glooMgmtServer:
extraEnvs:
RELAY_DISABLE_CLIENT_CERTIFICATE_AUTHENTICATION:
value: "true"
RELAY_TOKEN:
value: "My token"
glooAgent:
extraEnvs:
RELAY_DISABLE_SERVER_CERTIFICATE_VALIDATION:
value: "true"
RELAY_TOKEN:
value: "My token"
EOF
Set up Gloo Portal
Install Gloo Mesh Gateway with basic meshctl profiles that set up the portal server. These profiles are meant for quick demonstration and testing scenarios.
gloo-gateway-singleprofile: Installs the management plane components that consists of the Gloo management server, Gloo UI, and their shared backing Redis database; the data plane that consists of the Gloo agent; observability components including the OpenTelemetry (OTel) collector and Prometheus; and the Istio ingress gateway proxy.portalprofile: Installs the portal server, rate limiter, and external auth service, as well as a shared Redis instance for the portal server and external auth service.Want to use Helm as part of a more advanced installation? See Install Portal with analytics.
Install Gloo Mesh Gateway with the required add-ons, including the external auth service, rate limiter, and portal server.
Verify that Portal and the related components are installed.
meshctl checkIn the example output, make sure that the portal server, external auth service, and rate limiter and all of the Gloo components are healthy.
🟢 Gloo Platform License Status INFO gloo-gateway enterprise license expires on 05 Nov 23 14:18 EST 🟢 CRD Version check 🟢 Gloo deployment status Namespace | Name | Ready | Status gloo-mesh | gloo-mesh-agent | 1/1 | Healthy gloo-mesh | gloo-mesh-mgmt-server | 1/1 | Healthy gloo-mesh | gloo-mesh-redis | 1/1 | Healthy gloo-mesh | gloo-mesh-ui | 1/1 | Healthy gloo-mesh | prometheus-server | 1/1 | Healthy gloo-mesh-addons | ext-auth-service | 1/1 | Healthy gloo-mesh-addons | gloo-mesh-portal-server | 1/1 | Healthy gloo-mesh-addons | rate-limiter | 1/1 | Healthy gloo-mesh-addons | redis | 1/1 | Healthy gloo-mesh | gloo-telemetry-collector-agent | 3/3 | Healthy 🟢 Mgmt server connectivity to workload agents Cluster | Registered | Connected Pod cluster1 | true | gloo-mesh/gloo-mesh-mgmt-server-65bd557b95-v8qq6Verify that the Istio ingress gateway proxy service is created and assigned an external IP address. It might take a few minutes for the load balancer to deploy.
kubectl get svc -n gloo-mesh-gatewaysExample output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-ingressgateway LoadBalancer 10.XX.XXX.XXX 35.XXX.XXX.XXX 15021:30826/TCP,80:31257/TCP,443:30673/TCP,15443:30789/TCP 48s
Deploy sample apps
Now that you have Gloo Portal installed, deploy some sample apps. Later, you expose these apps in a frontend developer portal.
You create two apps, Petstore and Tracks.
- Petstore is a collection of API microservices that together represent a Petstore. Different microservices perform different functions, providing information about pets, stores, and users.
- Tracks is a single API that provides information about a catalog of learning resources, or “tracks.”
The apps both consist of a deployment of a REST API and a matching service. Their services include several annotations that Gloo can use to automatically discover the service and create an ApiDoc for you. You learn more about ApiDocs later.
Create a namespace for the apps.
Deploy the apps. The following sample files include the Kubernetes deployment and service for the app. The services include custom annotations that allow Gloo to automatically discover the services and create ApiDocs for them.
Check that your apps are running
kubectl get all -l demo=portal -A
Next steps
Next, bundle your apps into API products that you can expose in a frontend developer portal.