Explore the UI

Connect to the Solo UI and explore the basic layout. Review your Istio workloads, traffic flows, resources, and more.

About

The Solo UI deploys alongside your Istio environment in single or multicluster environments, and can discover existing Istio installations across clusters and infrastructure providers. The UI works with both ambient and sidecar service meshes, whether you use community Istio images or Solo distributions of Istio.

Key features that you have access to when using the Solo UI include:

Visual service graph: Review what services can communicate with other services, the policies that are applied before traffic is sent to a service, and how traffic between services is secured.
Live metrics: With the built-in Clickhouse integration, the Solo UI has access to workload-specific metrics, such as the number of requests that were received for a workload. This data is visualized in the Solo UI graph. For more information about the Clickhouse integration, see Clickhouse.
Global services: In multicluster setups, you can review all services that are exposed globally across the multicluster mesh, including their hostnames, namespaces, localities, and host clusters.
Resource overview: With the Solo UI, you can view all Istio and Kubernetes resources in one place for all the clusters that you registered with the management server.

The UI offers a view-only experience. Users cannot modify resources.

Launch the UI

The Solo UI is served from the solo-enterprise-ui service. In a multicluster setup, this service exists in the cluster where the UI management components are deployed.

Get the IP address or hostname for the solo-enterprise-ui service.

export UI_ADDRESS=http://$(kubectl get svc -n solo-enterprise solo-enterprise-ui --context ${context1} -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}")
echo ${UI_ADDRESS}

Open the UI on the IP address or hostname in your browser.
```
open ${UI_ADDRESS}
```

Graph

The Graph page visualizes active connections between workloads in your service mesh. Use the layer view toggle to switch between Traffic, Security, and Events perspectives on the same topology.

The graph shows no data until you select at least one cluster and one namespace from the filter dropdowns. Open the Clusters and Namespaces dropdowns and select what you want to review.

View modes

The graph has two view modes: Global view and Focus view.

Global view is the default. It shows the whole mesh at a consistent aggregation level with no pinned node. Use the level selector below the filter bar to switch between Cluster, Namespace, and Service views.

Focus view is entered when you pin a node or expand a cluster or namespace. In Focus view, a breadcrumb trail shows your position in the hierarchy, and adjacency controls appear below the breadcrumb. The canvas background changes color to indicate that you are in Focus view. To exit, unpin the node or click Global view.

To pin a node, hover over it and click the pin icon, or double-click a service node. You can have a pinned node and a separately selected node at the same time. Pinning a node focuses the graph on it, and then you can click other nodes to view their connection details without changing the graph contents.

Layer views

Use the Events, Traffic, and Security toggles in the filter bar to switch perspectives on the graph.

Traffic: Shows active L7 traffic flows, with edges colored to indicate the health of requests between workloads.
Security: Shows the security posture of connections. Edges with a lock icon are secured by mTLS. Click a node to view the mTLS principals and connection details for each connection.
Events: Opens the Events drawer, which lists Kubernetes events for workloads in the current view. Enable Filter Graph in the drawer to highlight only nodes that have events.

Filters

Use the controls in the filter bar to scope the graph view.

Search (or press ⌘F): Search for a workload by name. Results are grouped into Services and Namespaces, each showing the namespace and cluster context. Select a result to jump to that node in the graph.
Clusters / Namespaces: Select which clusters and namespaces to include in the graph.
Labels: Filter workloads by Kubernetes labels.

In Focus view, adjacency controls appear below the breadcrumb: Off shows only the pinned node, Immediate shows directly connected nodes, and Transitive shows all nodes reachable along the connection path.

Graph settings

Click the gear icon at the bottom of the canvas to open Graph Settings.

General:

Animations: Enable or disable graph animations.
Show Platform Traffic: When enabled, includes platform workloads such as istiod and ztunnel in the graph.
Show Infrastructure: When enabled, renders real network flows with waypoints shown as two-hop paths and east-west gateways shown as explicit cross-cluster intermediate nodes. When disabled (default), traffic is shown as logical client-to-backend edges with infrastructure hops collapsed.

Performance:

Max nodes: Limits the number of nodes displayed. Default is 250. If the graph exceeds this limit, a message appears prompting you to apply more filters.

Time window

Use the preset buttons (5m, 15m, 30m, 1h) or the time range picker at the top of the page to control how far back the graph looks for traffic data.

Canvas controls

The toolbar on the left side of the canvas provides view controls.

+ / −: Zoom in and out.
Fit: Centers and fits the graph to the canvas.
Lock: Locks the graph so nodes cannot be moved.
Full screen: Expands the canvas to fill the screen. Press Escape to exit.
Reset layout: Resets the graph to the default node arrangement.

Connection details

Click any node to open the details panel on the right side of the screen. The panel shows outbound and inbound connections for the selected node, which you can filter by name and sort by different fields. To pin the node from the panel, click the pin icon in the panel header.

Select a connection from the list to view Connection Details, including whether mTLS is active and the SPIFFE principals for both sides. For cluster-level nodes, the panel shows the cluster’s region and zone rather than connection security details, since security information is not available for aggregated views.

Global services

If you have a multicluster mesh setup, and made the in-mesh services available across clusters, the Global Services page lists the services that are exposed globally across the multicluster mesh. Use the Search, Visibility, and Clusters filters to find specific services.

Each row shows the following information for a global service.

Column	Description
Global Service	The name of the globally exposed service.
Namespace	The namespace the service belongs to.
Hosts	The mesh-internal hostname used to reach the service across clusters.
Visibility	The scope of the service exposure, such as `Global`.
Locality	The region where the service instances run.
Host Clusters	The clusters that host backend instances of the service.

Resources

Find an overview of resources that are deployed in your mesh environment and use the filter options in the Solo UI to find the resource that you need. To view the YAML configuration for a resource, click the resource’s name.

By default, the displayed resources are filtered to Istio CRs, such as ServiceEntries and AuthorizationPolicies, and Kubernetes Gateway API CRs, such as HTTPRoutes and GatewayClasses. In the Filters > GVK Type menu, you can optionally also select standard Kubernetes CRs, such as Deployments and StatefulSets, and kgateway CRs, such as GatewayParameters and TrafficPolicies.

Install Expand observability