Portal

Proto: portal.proto

Package: portal.gloo.solo.io

Types:

CustomStyling

Custom Styling options for a portal

Field Type Label Description
primaryColor string
secondaryColor string
backgroundColor string
navigationLinksColorOverride string
buttonColorOverride string
defaultTextColor string
cssStylesheet common.portal.gloo.solo.io.DataSource Custom CSS stylesheet that will be applied to the portal. Custom stylesheets take precedence over the other styling attributes in this object.

PageSpec

Field Type Label Description
name string The name of the page.
description string Description of the page.
path string The path for this page relative to the portal base URL.
navigationLinkName string The name of the link displayed on the portal navigation bar.
displayOnHomepage bool Set to true if you want to display a tile that links to the static page on the portal home page. Only one of the static pages for a portal can set this flag to true.
content common.portal.gloo.solo.io.DataSource Content for the page, markdown in the case of Static pages, url inline_string in the case of Dynamic

PortalSpec

A Portal tells the Gloo Portal operator to fetch and serve static assets which are used by the Gloo Portal UI. Each portal can publish one or more APIProducts.

Field Type Label Description
displayName string Display name of the portal.
description string Description for the portal.
domains []string repeated The domains on which this Portal will be served. The Host header received by the Portal Web App will be matched to one of these domains in order to determine which Portal will be served.
If you are using Gloo Edge and the Gateway through which you are exposing the Portal is listening on a port other than 80/443, you should include the port as part of the domain string, e.g. “portal.solo.io:8443”.
To prevent undefined behavior, creating a Portal whose domain conflicts with an existing Portal or Environment will result in the Portal resource being placed into an ‘Invalid’ state.
primaryLogo common.portal.gloo.solo.io.DataSource Logo to display on the portal. SVG format not supported.
favicon common.portal.gloo.solo.io.DataSource Browser favicon for the portal. SVG format not supported.
banner common.portal.gloo.solo.io.DataSource The banner image for the portal. SVG format not supported.
customStyling portal.gloo.solo.io.CustomStyling Custom Styling overrides.
staticPages []portal.gloo.solo.io.PageSpec repeated Static markdown content pages for the Portal.
dynamicPages []portal.gloo.solo.io.PageSpec repeated Dynamic pages that should be included in the Portal.
enableIngress google.protobuf.BoolValue Generate an ingress route from this Portal's domains to the web application serving this portal. Defaults to true.
oidcAuth portal.gloo.solo.io.PortalSpec.OidcAuth Set this field to allow users to authenticate with the Portal using an OIDC Identity Provider.
oauth2Auth portal.gloo.solo.io.PortalSpec.Oauth2Auth Set this field to allow users to authenticate with the Portal using an OAuth2 Auth Provider.
tls gloo.solo.io.SslConfig This field is required to correctly configure TLS on the VirtualService that is generated by Gloo Portal when enable_ingress is true and you are running in Gloo Edge mode. The field is ignored when running in Istio mode, as TLS is configured by the user on Gatewayor VirtualGateway resources respectively.
publishedEnvironments []portal.gloo.solo.io.PortalSpec.EnvironmentSelector repeated Determines which Environments and APIProducts will be published in the Portal.
The set of Environments and APIProducts a specific user sees upon login will be filtered by the permissions associated either with that User, or with the Groups that the user is a member of.
If the Environments/APIProducts published in the Portal do not intersect with the ones accessible by the User, the user will see no APIProducts.
allApisPublicViewable bool Controls the behavior of the Portal for users who are not logged in. By default, the Portal requires login to see API Products. If true, all APIs are visible to all users (even those who aren't logged in).
portalUrlPrefix string The prefix URL must match the URL used by users to reach the portal. This should be in the format (http
gatewayConfig portal.gloo.solo.io.PortalSpec.GatewayConfig Customization options for generated gateway resources.
pageExtensions []portal.gloo.solo.io.PortalSpec.PageExtensionsEntry repeated Optional elements that can be added to the <head> of pages in a portal. Often these will be <script> tags.
routeOptions gloo.solo.io.RouteOptions This field can be used to set arbitrary route options on the route of the generated VirtualService when running in Gloo Edge mode. A fully documented list of the available options can be found in the Gloo Edge documentation here.

PortalSpec.EnvironmentSelector

Field Type Label Description
name string The name of the Environment to publish.
namespace string The namespace of the Environment to publish.
apiProducts []common.portal.gloo.solo.io.ObjectRef repeated Use this field to only publish a subset of the APIProducts included in the Environment. If empty, all APIProducts included in the Environment will be published in the Portal.

PortalSpec.GatewayConfig

Field Type Label Description
labels []portal.gloo.solo.io.PortalSpec.GatewayConfig.LabelsEntry repeated Custom labels that will be added to the gateway resources that Gloo Portal generates for this Portal (VirtualServices for Gloo Edge). Any labels that use a reserved key name (e.g. portals.portal.gloo.solo.io/<portalNamespace>.<portalName>) will be ignored.

PortalSpec.GatewayConfig.LabelsEntry

Field Type Label Description
key string
value string

PortalSpec.Oauth2Auth

Configuration parameters for authenticating to a Portal using the OAuth2 authorization code flow. Acts as an alternative to Gloo Portal's built-in User management.

Field Type Label Description
authUrl string URL for the OAuth2 provider's auth endpoint
tokenUrl string URL for the OAuth2 provider's token endpoint
clientId string The Client ID used to register with the OAuth2 provider.
clientSecret common.portal.gloo.solo.io.SecretRef Reference to a Kubernetes secret containing the OAuth2 Client Secret to be used to register with the OAuth2 authentication server. The default key used to look up the secret will be "client_secret" if not specified in the secret ref.
groupClaimKey string The name of the header/claim in the OAuth2 AuthToken expected to contain the names of the Groups which are authorized to access this portal. Portal will check the auth_token for the group claim and reject the login attempt if not found The group field is expected to contain one or more group names as either a space-delimited string or an array of strings
usernameClaimKey string The name of the header/claim in the OAuth2 AuthToken expected to contain the user's username If only an email claim is found, the email will be used as the username If neither username nor email is found, authentication will fail
emailClaimKey string The name of the header/claim in the OAuth2 AuthToken expected to contain the user's email If only an email claim is found, the email will be used as the username If neither username nor email is found, authentication will fail
defaultGroups []common.portal.gloo.solo.io.ObjectRef repeated The set of Group resources that that all OIDC authenticated users should be considered members of, in addition to the ones specified by the group membership information contained in the ID token. This feature can be used to guarantee a standard set of permissions in cases when the OIDC server cannot include group membership information in the ID tokens it returns to authenticated users.
scopes []string repeated Any scopes to be included in the request.
caCerts common.portal.gloo.solo.io.SecretRef The secret ref holding the root CA certificates to trust

PortalSpec.OidcAuth

Configuration parameters for authenticating to a Portal using OIDC. Acts as an alternative to Gloo Portal's built-in User management.

Field Type Label Description
issuer string The issuer is the URL identifier for the service. For example: “https://accounts.google.com"
clientId string The Client ID used to register with the OIDC provider.
clientSecret common.portal.gloo.solo.io.SecretRef Reference to a Kubernetes secret containing the OIDC Client Secret to be used to register with the OIDC authentication server. The default key used to look up the secret will be "client_secret" if not specified in the secret ref.
groupClaimKey string The Key of the OIDC claim containing the names of the Groups which are authorized to access this portal. Portal will check the id_token for the group claim and, if none is found, check the provider's userinfo for the group claim. The userinfo is retrieved from the userinfo endpoint specified in the provider's OIDC config as described here: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig The group claim is expected to contain one or more group names as either a space-delimited string or an array of strings
defaultGroups []common.portal.gloo.solo.io.ObjectRef repeated The set of Group resources that that all OIDC authenticated users should be considered members of, in addition to the ones specified by the group membership information contained in the ID token. This feature can be used to guarantee a standard set of permissions in cases when the OIDC server cannot include group membership information in the ID tokens it returns to authenticated users.
additionalScopes []string repeated Any additional scopes to be included in the request. By default, “openid”, “profile”, and “email” are included. As the name indicates, any scopes provided in this field will be included in addition to the defaults, rather than overwriting them. If one of the defaults is provided, it will only be included once.
caCerts common.portal.gloo.solo.io.SecretRef The secret ref holding the root CA certificates to trust

PortalSpec.PageExtension

Field Type Label Description
customHtml common.portal.gloo.solo.io.DataSource The text contents of an element to be added to the <head> of all portal pages. Generally, this will be something like a <script> tag. The contents should be valid HTML.

PortalSpec.PageExtensionsEntry

Field Type Label Description
key string
value portal.gloo.solo.io.PortalSpec.PageExtension

PortalStatus

The current status of the Portal. The Portal will be processed as soon as it is created in the cluster.

Field Type Label Description
observedGeneration int64 The observed generation of the Portal. When this matches the Portal's metadata.generation, it indicates the status is up-to-date.
state common.portal.gloo.solo.io.State The current state of the portal.
reason string A human-readable string explaining the error, if any.
publishUrl string The published URL at which the portal can be accessed
publishedEnvironments []portal.gloo.solo.io.PortalStatus.EnvironmentInfo repeated The Environments and APIProducts that are currently considered to be part of this Portal.

PortalStatus.EnvironmentInfo

Field Type Label Description
name string The name of the Environment.
namespace string The namespace of the Environment.
apiProducts []common.portal.gloo.solo.io.ObjectRef repeated Environment APIProducts that are published.