Run Gloo Gateway Locally with Hashicorp Consul & Vault


While Kubernetes provides APIs for config storage (CRDs), credential storage (Secrets), and service discovery (Services), users may wish to run Gloo without using Kubernetes.

Gloo provides alternate mechanisms for configuration, credential storage, and service discovery that do not require Kubernetes, including the use of local .yaml files, Consul Key-Value storage and Vault Key-Value storage.

This tutorial provides a basic installation flow for running Gloo with Docker Compose, connecting it to Consul for configuration storage and Vault for credential storage.

Note: the deployment steps in this tutorial should be modified for production environments. This tutorial is meant as an example of how to configure Gloo to connect to Consul and Vault for configuration/secrets. In a production environment, additional steps should be taken to ensure Gloo has the proper ACL tokens to communicate with production Consul and Vault clusters.


  1. Clone the solo-docs repository and cd to this example: git clone && cd solo-docs/gloo/docs/installation/gateway/docker-compose-consul
  2. Run ./
  3. You can optionally set GLOO_VERSION environment variable to the Gloo version you want (defaults to “0.18.3”).
  4. Run docker-compose up

Consul’s KV interface will be exposed on localhost:8500, while the Gloo Gateway Proxy will be listening for HTTP on localhost:8080 and HTTPS on localhost:8443, respectively. You can view resources stored in the Consul UI at http://localhost:8500/ui.

Example using Petstore

Get the IP of the Petstore service:

PETSTORE_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' docker-compose-consul_petstore_1)
cat > petstore-service.json <<EOF
  "ID": "petstore1",
  "Name": "petstore",
  "Address": "${PETSTORE_IP}",
  "Port": 8080

Register the Petstore service with consul:

curl -v \
    -XPUT \
    --data @petstore-service.json \

Generate a VirtualService definition with a route to the Petstore:

glooctl add route \
    --path-exact /sample-route-1 \
    --dest-name petstore \
    --prefix-rewrite /api/pets --yaml > virtual-service.yaml

We can see the output YAML here:

  name: default
  namespace: gloo-system
status: {}
  - '*'
  - matcher:
      exact: /sample-route-1
          name: petstore
          namespace: gloo-system
        prefixRewrite: /api/pets

All glooctl add and glooctl create commands can be run with a --yaml flag which will output Gloo YAML to stdout. These outputs can be stored as Consul Values and .yaml files for configuring Gloo. See the API reference for details on writing Gloo configuration YAML.

Store the Virtual Service in Consul’s Key-Value store:

curl -v \
    -XPUT \
    --data-binary "@virtual-service.yaml" \

Note: Consul Keys for Gloo resources follow the following format: gloo/<resource group>/<group version>/<resource kind>/<resource namespace>/<resource name>. See the Consul Key-Value configuration guide for more information.

You should now be able to hit the route we exposed with curl:

curl http://localhost:8080/sample-route-1

While the tutorials in User Guides have been written with Kubernetes in mind, most concepts will map directly to Consul-based installations of Gloo. Please correspond with us on our Slack channel while we work to expand our documentation on running Gloo without Kubernetes.