I installed istio on kubernetes without helm.
I can see pods and services are created in istio-system namespace.
All service like grafana, Prometheus are created and their ports are not exposed.
As load-balancer-service is created so that one load balancer is also created in AWS, I wanted to access grafana, prometheus etc dashboard from an external network through newly created load balancer endpoint but that dashboard is not accessible from load balancer endpoint.
I tried port forwarding recommended by istio docs:
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') 3000:3000 &
These is working with only http://localhost:3000 but not accessible with http://publicip:3000
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE grafana ClusterIP 172.20.192.71 <none> 3000/TCP 1m istio-citadel ClusterIP 172.20.111.103 <none> 8060/TCP,15014/TCP 1m istio-egressgateway ClusterIP 172.20.123.112 <none> 80/TCP,443/TCP,15443/TCP 1m istio-galley ClusterIP 172.20.45.229 <none> 443/TCP,15014/TCP,9901/TCP 1m istio-ingressgateway LoadBalancer 172.20.94.157 xxxx-yyyy.us-west-2.elb.amazonaws.com 15020:31336/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32146/TCP,15030:30126/TCP,15031:31506/TCP,15032:30501/TCP,15443:31053/TCP 1m istio-pilot ClusterIP 172.20.27.87 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 1m istio-policy ClusterIP 172.20.222.108 <none> 9091/TCP,15004/TCP,15014/TCP 1m istio-sidecar-injector ClusterIP 172.20.240.198 <none> 443/TCP 1m istio-telemetry ClusterIP 172.20.157.227 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 1m jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 1m jaeger-collector ClusterIP 172.20.92.248 <none> 14267/TCP,14268/TCP 1m jaeger-query ClusterIP 172.20.168.197 <none> 16686/TCP 1m kiali ClusterIP 172.20.236.20 <none> 20001/TCP 1m prometheus ClusterIP 172.20.21.205 <none> 9090/TCP 1m tracing ClusterIP 172.20.231.66 <none> 80/TCP 1m zipkin ClusterIP 172.20.200.32 <none> 9411/TCP 1m
As shown in above I’m trying to access grafana dashboard using load balncer as well as port forwarding but I haven’t get grafana dashboard
Advertisement
Answer
You can create Istio Gateway and VirtualService in order to forward your requests to grafana service running by default on port 3000
Firstly, let’s check grafana and istio-ingressgateway service
kubectl get svc grafana istio-ingressgateway -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE grafana ClusterIP 100.71.67.105 <none> 3000/TCP 18h istio-ingressgateway LoadBalancer 100.64.42.106 <Public IP address> 15020:31766/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32576/TCP,15030:30728/TCP,15031:31037/TCP,15032:31613/TCP,15443:32501/TCP 18h
So, we have grafana running service listening on port 3000, and default istio-ingressgateway LoadBalancer service running with assigned public ip address.
Then we create gateway to use this default LoadBalancer.
$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grafana-gateway
namespace: istio-system # Use same namespace with backend service
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: HTTP
protocol: HTTP
hosts:
- "*"
EOF
Then configure route to grafana service for traffic entering via the this gateway:
$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana
namespace: istio-system # Use same namespace with backend service
spec:
hosts:
- "*"
gateways:
- grafana-gateway # define gateway name
http:
- match:
- uri:
prefix: "/"
route:
- destination:
port:
number: 3000 # Backend service port
host: grafana # Backend service name
EOF
Then hit the http://<public_ip_istio_ingressgateway>, you should see the grafana dashboard
I hope it will be helpful for you.