Gloo Mesh Gateway
The following document will take you through the process of installing, verifying the installation, and uninstalling Gloo Portal on top of Gloo Mesh Gateway.
When integrating with Gloo Mesh Gateway, some Gloo Portal features are currently unsupported. Please see the Current limitations section below for more details.
Prerequisites
For this guide, we’ll need the following:
helm
(versionv3.0.0
or higher)kubectl
- A compatible Kubernetes cluster setup (1.16 or higher), to which you can connect via
kubectl
- The Gloo Mesh Enterprise management plane components (version 1.1.0 or higher) installed to the cluster
- A Gloo Mesh VirtualGateway resource that will expose your APIs
Note on Virtual Gateways
The Gloo Portal will create Gloo Mesh VirtualHosts
in the same namespaces as the resources that generated them
(Environments
and Portals
). Make sure you have configured a
VirtualGateway resource
in such a way that the generated VirtualHosts
will be applied to it.
Going forward, we will assume the presence of a VirtualGateway
that matches all VirtualHosts
in all namespaces.
Here is a simple example of how such a resource might look like:
apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1
kind: VirtualGateway
metadata:
name: test-gateway
namespace: gloo-mesh
spec:
# Determines the ingress gateways on which to expose your APIs.
# Omitted for brevity.
ingressGatewaySelectors: []
connectionHandlers:
- http:
routeConfig:
- virtualHostSelector:
namespaces:
- "*"
Current limitations
As mentioned at the top of this page, currently there are some limitations when running Gloo Portal with Gloo Mesh Gateway. The first one is that the APIs that you want to expose must be deployed in the same cluster in which the Gloo Mesh Enterprise management plane is installed. This is mainly due to the current inability to replicate some authentication related resources from the management cluster to the data plane cluster; we are currently working on adding these features to Gloo Mesh Enterprise to fully support the multi-cluster use case.
Another set of limitations is related to Gloo Portal APIs that are not supported when integrating with Gloo Mesh Gateway. This is due to the fact that some features that are required to implement those APIs (e.g. request path rewrites via regex) are currently not implemented in Gloo Mesh Gateway. Following is a list of the currently unsupported Gloo Portal APIs:
- The
basePath
field onEnvironment
resources is currently not supported. - The
gatewayConfig.httpsRedirect
field onEnvironment
resources is not supported.
Installation
To install Gloo Portal you’ll use a Helm chart. You will also need a license key to submit as part of the chart deployment. You can use either a Gloo Portal license or reuse any valid Gloo Mesh Enterprise license. If you do not have a license key, you can request one by clicking on “Get a Demo” on our website.
First we will add the repository with the Helm chart and update the repo contents.
# Add the Helm repository for Gloo Portal
helm repo add gloo-portal https://storage.googleapis.com/dev-portal-helm
helm repo update
Next, let’s create a Helm values override file:
cat << EOF > values.yaml
glooMesh:
enabled: true
clusterName: ""
licenseKey:
secretRef:
name: gloo-mesh-enterprise-license
namespace: gloo-mesh
key: key
EOF
Here’s a brief explanation of the above values:
glooMesh.enabled
enables the integration with Gloo Mesh Enterprise.glooMesh.clusterName
specifies the name of the cluster in which Gloo Portal will be installed. This information is required by Gloo Portal to automatically set up routing to portal applications. If left empty, Gloo Portal will try to discover the name of the cluster on its own.- As mentioned earlier, Gloo Portal requires a valid license key. We are assuming that you have already installed
Gloo Mesh Enterprise to your cluster, so we use
licenseKey.secretRef
to reference the existing license key secret. If you wish to create a new license secret, you can just pass in the license key string via thelicenseKey.value
value. See the Gloo Mesh docs for more info on how to request a Gloo Mesh Enterprise trial license.
Now we can create the target namespace for the deployment and install Gloo Portal referencing the above values file:
# Create the namespace and install the Helm chart
kubectl create namespace gloo-portal
helm install gloo-portal gloo-portal/gloo-portal -n gloo-portal --values values.yaml
Helm will create an installation named gloo-portal
.
NAME: gloo-portal
LAST DEPLOYED: XXXXXXXXXXX
NAMESPACE: gloo-portal
STATUS: deployed
REVISION: 1
TEST SUITE: None
Verify your Installation
To verify that your installation was successful, check that the Gloo Portal deployments and services have been created.
If you choose to install into a namespace other than gloo-portal
, you will need to query your chosen namespace instead.
kubectl get all -n gloo-portal
NAME READY STATUS RESTARTS AGE
pod/gloo-portal-admin-server-557b64597d-q7vxl 3/3 Running 0 45s
pod/gloo-portal-controller-7d56b8876d-ns7l6 1/1 Running 0 45s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/gloo-portal ClusterIP 10.20.2.10 8080/TCP 45s
service/gloo-portal-admin-server ClusterIP 10.20.10.185 8080/TCP 45s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/gloo-portal-admin-server 1/1 1 1 45s
deployment.apps/gloo-portal-controller 1/1 1 1 45s
NAME DESIRED CURRENT READY AGE
replicaset.apps/gloo-portal-admin-server-557b64597d 1 1 1 45s
replicaset.apps/gloo-portal-controller-7d56b8876d 1 1 1 45s
Please refer to the Architecture page for more details about what function each deployment serves.
Uninstall
To uninstall the Gloo Portal simply run the following command:
helm uninstall gloo-portal -n gloo-portal
Next Steps
After installing the product, you may want to walk through the Concepts and Getting Started guides.