Skip to content
home
2.11.x
Management plane
You are viewing the documentation for Solo Enterprise for Istio, formerly known as Gloo Mesh (OSS APIs).

Explore the UI

Page as Markdown
Connect to the Gloo UI and explore the basic layout. Review your Solo Enterprise for Istio components, Istio workloads, insights, your security posture, and more.
About

The Gloo UI is automatically installed in the Gloo management cluster. Let’s explore some of the key features that you have access to when using the Gloo UI:
  • Solo Enterprise for Istio overview: With the Gloo UI, you can view information about your Solo Enterprise for Istio environment, such as the number of clusters that are registered with the Gloo management server and the Istio version that is deployed to them. You can also review the health of Solo Enterprise for Istio components, such as the Gloo management server and agents by using the Gloo UI log viewer to view and search logs.
    • Insights: Solo Enterprise for Istio comes with an insights engine that automatically analyzes your Istio setups for health issues. These issues are displayed in the UI along with recommendations to harden your Istio setups. The insights give you a checklist to address issues that might otherwise be hard to detect across your environment. For more information, see Insights.
    • Security and compliance: The Dashboard and Security Insights pages of the Gloo UI can help you review the overall security posture of your Istio setup, including insights and recommendations regarding your certificates, encrypted traffic, FIPS compliance, and more.
    • Resource overview: With the Gloo UI, you can view all Istio and Kubernetes resources in one place for all the clusters that you registered with the management server.
    • Request traces: You can embed the UI of a custom Jaeger tracing instance in the Gloo UI so that you can monitor request traces. For more information, see Add Istio request traces.
    • Drill into apps and services: Review what services can communicate with other services, the policies that are applied before traffic is sent to a service, and how traffic between services is secured.
    • Visualize and monitor metrics: With the built-in Prometheus integration, the Gloo UI has access to workload-specific metrics, such as the number of requests that were received for a workload. This data is visualized in the Gloo UI graph. For more information about the Prometheus integration, see Prometheus.
    For a detailed overview of what information you can find in the Gloo UI, see Explore the Gloo UI.
    Launch the Gloo UI

    The Gloo UI is served from the gloo-mesh-ui service on port 8090. When you have access to the management cluster, you can launch the Gloo UI from your local machine. You can connect by using the meshctl or kubectl CLIs.
    1. Open the Gloo UI. The Gloo UI is served from the gloo-mesh-ui service on port 8090. You can connect by using the meshctl or kubectl CLIs.
    • meshctl: For more information, see the CLI documentation.
      meshctl dashboard
    • kubectl:
      1. Port-forward the gloo-mesh-ui service on 8090.
        kubectl port-forward -n gloo-mesh svc/gloo-mesh-ui 8090:8090
      2. Open your browser and connect to http://localhost:8090.
    2. Optional: If authentication is enabled, sign in.
3. Review the dashboard.
    Dashboard

    The Gloo UI dashboard provides an at-a-glance overview of the health of your Solo Enterprise for Istio components, your Istio installation, and different tiles to quickly determine the security posture, compliance, inventories, and health of your Solo Enterprise for Istio environment.
    Figure: Gloo UI dashboard
    Figure: Gloo UI dashboard
    Insights

    Solo Enterprise for Istio comes with an insights engine that automatically analyzes your Istio setups for health issues. These issues are displayed in the UI along with recommendations to harden your Istio setups. The insights give you a checklist to address issues that might otherwise be hard to detect across your environment. For an overview of available insights, see Insights.
    Figure: Gloo insights
    Figure: Gloo insights
    Clusters

    On the Clusters page, review details of the cluster where Solo Enterprise for Istio is installed, such as insights, the health of the Solo Enterprise for Istio control and data planes, relay certificate information (in multicluster setups only), and applied routes, gateways, destinations, and policies.
    Single cluster: In a single-cluster setup, you can review the details of the cluster where you deployed Solo Enterprise for Istio.
    Figure: Single-cluster details page
    Figure: Single-cluster details page
    Multicluster: In a multicluster setup, you can review the details of each cluster that you registered with the Gloo management plane.
    1. To filter clusters by the cluster’s installation health, click the Healthy and Unhealthy buttons. You can also use the Sort by Name dropdown or the search bar to filter clusters by name.
      Figure: Clusters page
      Figure: Clusters page
    2. Click More Details to see a more detailed dashboard for the cluster. This dashboard can help you find errors in your Gloo and Istio setups. Note that if you run multiple versions of Istio within the same cluster, you can click each version in the Version tab to see its details.
      Figure: Cluster details page
      Figure: Cluster details page
    Global services

    If you have a multicluster ambient or sidecar mesh setup, and made the services available across clusters, the Global Services page lists the global service hostnames that are available for those services. For example, the following image shows the productpage.bookinfo.mesh.internal global hostname for the productpage service, which has services instances in two clusters of the multicluster setup.
    Figure: Global Services page
    Figure: Global Services page
    Gateways

    On the Gateways page, you can view the YAML configuration of gateway-related resources, such as GatewayClass, Gateway, and GatewayParameters when using the Kubernetes Gateway API, and any Istio Gateways that you set up.
    To filter the list of resources, you can choose between the following options:
    • Use the Search bar to find a resource by name, namespace, or other properties
    • Use the Filter menu to filter by:
      • Status: Filter between healthy and unhealthy resources.
      • Type: Display the resource types that you are interested in.
      • Label: Filter resources by label key and value.
    Figure: Gateways page
    Figure: Gateways page
    Routes

    On the Routes page, you can view the HTTPRoute and TCPRoute resources (Kubernetes Gateway API) that you created in your cluster. You can also view any VirtualServices and Sidecar resources that you created in your cluster.
    To filter the list of resources, you can choose between the following options:
    • Use the Search bar to find a resource by name, namespace, or other properties
    • Use the Filter menu to filter by:
      • Status: Filter between healthy and unhealthy resources.
      • Type: Display the resource types that you are interested in.
      • Label: Filter resources by label key and value.
    Figure: Routes page
    Figure: Routes page
    From the Details page of a route:
    • To debug the route, click View YAML to view the route’s YAML configuration.
    • Find the hostnames that the route matches on in the Hostnames card.
    • Find the gateway that serves this route in the Gateways card.
    • View the matchers that the route defines, its backing destinations, and any filters that you applied to the route in the Rule card.
    Figure: Route details page
    Figure: Route details page
    Destinations

    On the Destination page, review a list of discovered destinations, such as Kubernetes services, Istio ServiceEntries, or WorkloadEntries.
    To filter the list of resources, you can choose between the following options:
    • Use the Search bar to find a resource by name, namespace, or other properties
    • Use the Filter menu to filter by:
      • Status: Filter between healthy and unhealthy resources.
      • Type: Display the resource types that you are interested in.
      • Label: Filter resources by label key and value.
    Figure: Destinations page
    Figure: Destinations page
    From the Details page of a destination:
    • To debug the service, click View YAML to view the destination’s YAML configuration.
    • See an analysis of the service’s error rate and latency in the Service Signals card.
    • View the Graph tab to visualize the network traffic that reaches your destination. For more information about how to use the graph, see Graph.
      • If you enable tracing in the Gloo telemetry pipeline, and bring your own Jaeger instance, you can see request traces for a service in the Jaeger UI that you can find in the Tracing tab. For more information about how to enable and use the tracing interface, see Tracing.
      Policies

      On the Policies page, you can view any policies that you applied in your environment, such as AuthorizationPolicy, EnvoyFilters, or DestinationRules. To view the policy configuration, you can click YAML.
      To filter the list of resources, you can choose between the following options:
      • Use the Search bar to find a resource by name, namespace, or other properties
      • Use the Filter menu to filter by:
        • Status: Filter between healthy and unhealthy resources.
        • Type: Display the resource types that you are interested in.
        • Label: Filter resources by label key and value.
      Figure: Policies page
      Figure: Policies page
      Certificates

      View a list of all Istio and relay certificates in your environment. This list provides the Filter by expiration… dropdown to filter certificates by validity status, and the Filter by type… dropdown to filter certificates by type, such as Istio root or intermediate.
      Figure: Certificates page
      Figure: Certificates page
      To view the details of a certificate, such as the issue details, total validity period, and fingerprints, click the certificate name. On the certificate details page, you can review general information, such as the common name and organization the certificate is issued to, and check the validity period and fingerprints of the certificate.
      Figure: Certificates details card
      Figure: Certificates details card
      Figure: Certificates details card
      Figure: Certificates details card
      Resources

      Find an overview of resources that are deployed in your cluster and use the filter options in the Gloo UI to find the resource that you need.
      Solo

      View the Solo Enterprise for Istio custom resources that you created in your environment. Use the Filter by options to filter the list by resource type. To view the YAML configuration for a resource, click YAML.
      Figure: Solo resources page
      Figure: Solo resources page
      Figure: Solo resources page
      Figure: Solo resources page
      Istio

      View the Istio resources in your Solo Enterprise for Istio environment, such as virtual services, gateways, or Istio operators. Use the Filter options to filter the list by namespace and Istio resource type. To view the YAML configuration for a resource, click YAML.
      To filter the list of resources, you can choose between the following options:
      • Use the Search bar to find a resource by name, namespace, or other properties
      • Use the Filter menu to filter by:
        • Status: Filter between healthy and unhealthy resources.
        • Type: Display the resource types that you are interested in.
        • Label: Filter resources by label key and value.
      Figure: Istio resources page
      Figure: Istio resources page
      Figure: Istio resources page
      Figure: Istio resources page
      Gateway API

      View all Kubernetes Gateway API resources in your environment. For more information, see the Kubernetes Gateway API guide in the Istio documentation.
      To filter the list of resources, you can choose between the following options:
      • Use the Search bar to find a resource by name, namespace, or other properties
      • Use the Filter menu to filter by:
        • Status: Filter between healthy and unhealthy resources.
        • Type: Display the resource types that you are interested in.
        • Label: Filter resources by label key and value.
      Figure: Gateway API resources page
      Figure: Gateway API resources page
      Kubernetes

      View all Kubernetes resources in your cluster, such as services, service accounts, secrets, or cluster roles. Use the Filter options to filter the list by namespace and Kubernetes resource type. To view the YAML configuration for a resource, click YAML.
      To filter the list of resources, you can choose between the following options:
      • Use the Search bar to find a resource by name, namespace, or other properties
      • Use the Filter menu to filter by:
        • Status: Filter between healthy and unhealthy resources.
        • Type: Display the resource types that you are interested in.
        • Label: Filter resources by label key and value.
      Figure: Kubernetes resources page
      Figure: Kubernetes resources page
      Figure: Kubernetes resources page
      Figure: Kubernetes resources page
      Graph

      The Gloo UI includes a Graph page to visualize the network traffic that reaches your service mesh. The graph is based off Prometheus metrics that the built-in telemetry pipeline collects and exposes.
      Filters

      In the Search bar, filter the services that you want to see in the graph. You can choose to include or hide those services.
      From the Cluster and Namespace dropdown, select the cluster and namespace for which you want to visualize traffic.
      Figure: Graph UI filter toolbar
      Figure: Graph UI filter toolbar
      • Use the + and - buttons to zoom in and out of the graph.
      • Use the arrow button to center and fit the graph to the canvas size. This action might be helpful if you rearranged the nodes and zoomed in.
      • Use the lock button to lock the current viewpoint. You cannot move any of the boxes or arrows if the lock is enabled.
      • Use the expanded arrows button to open a full-screen view of the graph. You can press escape to exit the full-screen view.
      • Use the grid button to reset the layout.
      Figure: Graph UI toolbar
      Figure: Graph UI toolbar
      Layout settings

      Click the settings icon to view the layout settings for the graph.
      Graph UI layout settings
      Graph UI layout settings
      Legend

      Click on the eye icon to view the Graph legend.
      Figure: Graph UI legend
      Figure: Graph UI legend
      Figure: Graph UI legend
      Figure: Graph UI legend
      Kubernetes Services and External Services describe the icons that are used for the application “nodes” of the graph. For example, a node might be a Kubernetes service, such as a gateway proxy, mesh workload, or waypoint proxy, or an external service, such as a virtual machine (VM), external workload, or Lambda function.
      Node States, L7 Edges, and L4 Edges show whether a service’s traffic behaves normally or not, as indicated by a color or icon.
      Node States:
      Node colorStateDescription
      BlueHealthyThe node is operative, and sends and responds to traffic as expected.
      OrangeWarningThe node has some sort of degraded status or operation.
      GrayIdleThe node does not yet accept or send traffic. For example, the deployment might be pending.
      RedErrorThe node has some sort of failure.

      L7 Edges:
      Dashed line color or iconStateDescription
      GreenHealthyTraffic is flowing between the nodes as expected, in the direction indicated.
      YellowWarningTraffic is degraded in some way. For example, a policy might be applied to a route that rate limits traffic to a service. Most of the requests are successful, but some are not.
      GrayIdleThe traffic connection is established, but requests are not yet sent or received along the connection.
      RedErrorTraffic is failing. For example, a policy might be applied to a route that blocks traffic to a service.
      Black lock iconmTLS appliedService isolation is enabled for the traffic, with communication secured via mTLS.

      L4 Edges:
      Solid line color or iconStateDescription
      BlueActiveTraffic is flowing between the nodes as expected, in the direction indicated.
      GrayIdleThe traffic connection is established, but requests are not yet sent or received along the connection.
      Black lock iconmTLS appliedService isolation is enabled for the traffic, with communication secured via mTLS.
      Tracing

      Solo Enterprise for Istio integrates with Jaeger as the tracing platform. Jaeger is an open source tool that helps you follow the path of a request as it is forwarded between microservices. The chain of events and interactions are then captured by the telemetry pipeline, which you can visualize by embedding your own Jaeger instance UI in the Tracing page of the Gloo UI. You can use this data to troubleshoot issues in your microservices and identify bottlenecks.
      To configure the Gloo UI to embed the UI of your Jaeger instance, you must enable tracing in the telemetry pipeline and instrument your apps to collect traces. For more information, see Add Istio request traces.
      Figure: Tracing UI
      Figure: Tracing UI
      Logs

      You can use the Gloo UI log viewer to see the logs of Solo Enterprise for Istio and Istio components, such as the management server, the telemetry collector agent, or the Gloo UI. These logs can help you monitor the health of your Solo Enterprise for Istio components and troubleshoot issues.
      To view logs, use the log viewer filter options to select the cluster, component, pod name, and, if applicable, the container that you want to check the logs for. You can also use the search capability to find logs that match a specific search term, or download the logs so that you can share them with your team.
      Figure: Log viewer
      Figure: Log viewer
      SetupReview insights