Gloo Mesh Enterprise is required for this feature.

Gloo Mesh Enterprise uses a Kubernetes cluster to host the management plane (Gloo Mesh) while each service mesh can run on its own independent cluster. If you don't have access to multiple clusters, see the Getting Started Guide to get started with Kubernetes in Docker, or refer to our Using Kind setup guide to provision two clusters.

Gloo Mesh Enterprise is the paid version of Gloo Mesh including the Gloo Mesh UI and multi-cluster role-based access control. To complete the installation you will need a license key. You can get a trial license by requesting a demo from the website.

This document describes how to install Gloo Mesh Enterprise.

A conceptual overview of the Gloo Mesh Enterprise architecture can be found here. Make sure you have followed the prerequisites guide. We also recommend following our guide on configuring Role-based API control.

Assumptions for setup

We will assume in this and following guides that we have access to two clusters and the following two contexts available in our kubeconfig file.

Your actual context names will likely be different.

To verify you're running the following commands in the correct context, run:

MGMT_CONTEXT=kind-mgmt-cluster # Change value as needed
REMOTE_CONTEXT=kind-remote-cluster # Change value as needed

kubectl config use-context $MGMT_CONTEXT

Install Gloo Mesh Enterprise

Below we will show examples of installing Gloo Mesh Enterprise with both meshctl and Helm.

Installing with meshctl

meshctl is a CLI tool that helps bootstrap Gloo Mesh Enterprise, register clusters, describe configured resources, and more. Get the latest meshctl from the releases page on solo-io/gloo-mesh.

You can also quickly install like this:

curl -sL https://run.solo.io/meshctl/install | sh

Installing Gloo Mesh Enterprise with meshctl is a simple process. You will use the command meshctl install enterprise and supply the license key, as well as any chart values you want to update, and arguments pointing to the cluster where Gloo Mesh Enterprise will be installed. For our example, we are going to install Gloo Mesh Enterprise on the cluster mgmt-cluster. First, let's set a variable for the license key.

GLOO_MESH_LICENSE_KEY=<your_key_here> # You'll need to supply your own key

We are not going to change any of the default values in the underlying chart, so the only argument needed is the license key.

meshctl install enterprise --license $GLOO_MESH_LICENSE_KEY

You should see the following output from the command:

Installing Helm chart
Finished installing chart 'gloo-mesh-enterprise' as release gloo-mesh:gloo-mesh

The installer has created the namespace gloo-mesh and installed Gloo Mesh Enterprise into the namespace using a Helm chart with default values.

meshctl will create a self-signed certificate authority for mTLS if you do not supply your own certificates.

To undo the installation, you can simply run the uninstall command:

meshctl uninstall


You may prefer to use the Helm chart directly rather than using the meshctl CLI tool. This section will take you through the steps necessary to deploy a Gloo Mesh Enterprise installation from the Helm chart.

  1. Add the Helm repo
helm repo add gloo-mesh-enterprise https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-enterprise
  1. (optional) View available versions
helm search repo gloo-mesh-enterprise
  1. (optional) View Helm values
helm show values gloo-mesh-enterprise/gloo-mesh-enterprise

Note that the gloo-mesh-enterprise Helm chart bundles multiple components, including enterprise-networking, rbac-webhook, and gloo-mesh-ui. Each is versioned in step with the parent gloo-mesh-enterprise chart, and each has its own Helm values for advanced customization.

  1. Install
If you are running Gloo Mesh Enterprise's management plane on a cluster you intend to register (i.e. also run a service mesh), set the enterprise-networking.cluster value to the cluster name you intend to set for the management cluster at registration time.
kubectl create ns gloo-mesh

helm install gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise --namespace gloo-mesh \
  --set licenseKey=${GLOO_MESH_LICENSE_KEY}
The Helm value selfSigned is set to true by default. This means the Helm chart will create certificates for you if you do not supply them through values.

Verify install

Once you've installed Gloo Mesh, verify what components were installed:

kubectl get pods -n gloo-mesh
NAME                                     READY   STATUS    RESTARTS   AGE
dashboard-6d6b944cdb-jcpvl               3/3     Running   0          4m2s
enterprise-networking-84fc9fd6f5-rrbnq   1/1     Running   0          4m2s
rbac-webhook-84865cb7dd-sbwp7            1/1     Running   0          4m2s

Running the check command from meshctl will also verify everything was installed correctly:

meshctl check
Gloo Mesh
✅ Gloo Mesh pods are running

Management Configuration
✅ Gloo Mesh networking configuration resources are in a valid state

Next Steps

Now that we have Gloo Mesh Enterprise installed, let's register a cluster.