Skip to content

Instantly share code, notes, and snippets.

@lucasponce
Created November 13, 2020 08:53
Show Gist options
  • Save lucasponce/43340753c4b44bb5c2560b6709064f09 to your computer and use it in GitHub Desktop.
Save lucasponce/43340753c4b44bb5c2560b6709064f09 to your computer and use it in GitHub Desktop.
Istio 1.7.4 Install - Expose Kiali through unsecure gateway
#!/usr/bin/env bash
VERSION=1.7.4
if [[ ! -d "${HOME}/Software/istio-${VERSION}" ]]
then
cd Software
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=${VERSION} TARGET_ARCH=x86_64 sh -
fi
export ISTIO_HOME=$HOME/Software/istio-${VERSION}
export PATH=$PATH:$ISTIO_HOME/bin
cd $ISTIO_HOME
# 1.7
istioctl install --set profile=demo
kubectl apply -f samples/addons/prometheus.yaml -n istio-system
kubectl apply -f samples/addons/grafana.yaml -n istio-system
kubectl apply -f samples/addons/jaeger.yaml -n istio-system
kubectl apply -f samples/addons/kiali.yaml -n istio-system
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kiali-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http-kiali
protocol: HTTP
hosts:
- "kiali.ingress-ip"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kiali-vs
namespace: istio-system
spec:
hosts:
- "kiali.ingress-ip"
gateways:
- kiali-gateway
http:
- route:
- destination:
host: kiali
port:
number: 20001
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: kiali
namespace: istio-system
spec:
host: kiali
trafficPolicy:
tls:
mode: DISABLE
minikube ip
192.168.39.90
lponce@neorecopolis:~$ ping kiali.ingress-ip
PING kiali.ingress-ip (192.168.39.90) 56(84) bytes of data.
64 bytes from kiali.ingress-ip (192.168.39.90): icmp_seq=1 ttl=64 time=0.449 ms
64 bytes from kiali.ingress-ip (192.168.39.90): icmp_seq=2 ttl=64 time=0.389 ms
lponce@neorecopolis:~/Software/istio-1.7.4$ bin/istioctl kube-inject -f samples/addons/kiali.yaml | kubectl apply -f -
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
http://kiali.ingress-ip:32073/kiali/console/overview?duration=60&refresh=15000
@jmazzitelli
Copy link

I see this in the instructions:

export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')

I wonder if that line #1 of 05-access-using-ingress-port.txt should be getting the service named kiali-gateway instead? This:

export INGRESS_PORT=$(kubectl -n istio-system get service kiali-gateway ....and the rest...

???

@lucasponce
Copy link
Author

This comes from https://istio.io/latest/docs/setup/getting-started/#determining-the-ingress-ip-and-ports where istio-ingressgateway has some predefined ports open.

Also this highly depends on the env, there is a "other platforms" tab that comments it with more detail.

@lucasponce
Copy link
Author

But in short, if you only have a single ingress, ports are defined in that service, another option may be to create a different ingress just for Kiali and connect it to Istio as well using selector.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment