Created
November 13, 2020 08:53
-
-
Save lucasponce/43340753c4b44bb5c2560b6709064f09 to your computer and use it in GitHub Desktop.
Istio 1.7.4 Install - Expose Kiali through unsecure gateway
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
VERSION=1.7.4 | |
if [[ ! -d "${HOME}/Software/istio-${VERSION}" ]] | |
then | |
cd Software | |
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=${VERSION} TARGET_ARCH=x86_64 sh - | |
fi | |
export ISTIO_HOME=$HOME/Software/istio-${VERSION} | |
export PATH=$PATH:$ISTIO_HOME/bin | |
cd $ISTIO_HOME | |
# 1.7 | |
istioctl install --set profile=demo | |
kubectl apply -f samples/addons/prometheus.yaml -n istio-system | |
kubectl apply -f samples/addons/grafana.yaml -n istio-system | |
kubectl apply -f samples/addons/jaeger.yaml -n istio-system | |
kubectl apply -f samples/addons/kiali.yaml -n istio-system |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: networking.istio.io/v1alpha3 | |
kind: Gateway | |
metadata: | |
name: kiali-gateway | |
namespace: istio-system | |
spec: | |
selector: | |
istio: ingressgateway | |
servers: | |
- port: | |
number: 80 | |
name: http-kiali | |
protocol: HTTP | |
hosts: | |
- "kiali.ingress-ip" | |
--- | |
apiVersion: networking.istio.io/v1alpha3 | |
kind: VirtualService | |
metadata: | |
name: kiali-vs | |
namespace: istio-system | |
spec: | |
hosts: | |
- "kiali.ingress-ip" | |
gateways: | |
- kiali-gateway | |
http: | |
- route: | |
- destination: | |
host: kiali | |
port: | |
number: 20001 | |
--- | |
apiVersion: networking.istio.io/v1alpha3 | |
kind: DestinationRule | |
metadata: | |
name: kiali | |
namespace: istio-system | |
spec: | |
host: kiali | |
trafficPolicy: | |
tls: | |
mode: DISABLE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
minikube ip | |
192.168.39.90 | |
lponce@neorecopolis:~$ ping kiali.ingress-ip | |
PING kiali.ingress-ip (192.168.39.90) 56(84) bytes of data. | |
64 bytes from kiali.ingress-ip (192.168.39.90): icmp_seq=1 ttl=64 time=0.449 ms | |
64 bytes from kiali.ingress-ip (192.168.39.90): icmp_seq=2 ttl=64 time=0.389 ms |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lponce@neorecopolis:~/Software/istio-1.7.4$ bin/istioctl kube-inject -f samples/addons/kiali.yaml | kubectl apply -f - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') | |
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT | |
http://kiali.ingress-ip:32073/kiali/console/overview?duration=60&refresh=15000 |
This comes from https://istio.io/latest/docs/setup/getting-started/#determining-the-ingress-ip-and-ports where istio-ingressgateway has some predefined ports open.
Also this highly depends on the env, there is a "other platforms" tab that comments it with more detail.
But in short, if you only have a single ingress, ports are defined in that service, another option may be to create a different ingress just for Kiali and connect it to Istio as well using selector.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I see this in the instructions:
I wonder if that line #1 of
05-access-using-ingress-port.txt
should be getting the service namedkiali-gateway
instead? This:???