I installed istio on kubernetes without helm.
I can see pods and services are created in istio-system namespace.
All service like grafana, Prometheus are created and their ports are not exposed.
As load-balancer-service is created so that one load balancer is also created in AWS, I wanted to access grafana, prometheus etc dashboard from an external network through newly created load balancer endpoint but that dashboard is not accessible from load balancer endpoint.
I tried port forwarding recommended by istio docs:
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') 3000:3000 &
These is working with only http://localhost:3000 but not accessible with http://publicip:3000
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE grafana ClusterIP 172.20.192.71 <none> 3000/TCP 1m istio-citadel ClusterIP 172.20.111.103 <none> 8060/TCP,15014/TCP 1m istio-egressgateway ClusterIP 172.20.123.112 <none> 80/TCP,443/TCP,15443/TCP 1m istio-galley ClusterIP 172.20.45.229 <none> 443/TCP,15014/TCP,9901/TCP 1m istio-ingressgateway LoadBalancer 172.20.94.157 xxxx-yyyy.us-west-2.elb.amazonaws.com 15020:31336/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32146/TCP,15030:30126/TCP,15031:31506/TCP,15032:30501/TCP,15443:31053/TCP 1m istio-pilot ClusterIP 172.20.27.87 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP 1m istio-policy ClusterIP 172.20.222.108 <none> 9091/TCP,15004/TCP,15014/TCP 1m istio-sidecar-injector ClusterIP 172.20.240.198 <none> 443/TCP 1m istio-telemetry ClusterIP 172.20.157.227 <none> 9091/TCP,15004/TCP,15014/TCP,42422/TCP 1m jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 1m jaeger-collector ClusterIP 172.20.92.248 <none> 14267/TCP,14268/TCP 1m jaeger-query ClusterIP 172.20.168.197 <none> 16686/TCP 1m kiali ClusterIP 172.20.236.20 <none> 20001/TCP 1m prometheus ClusterIP 172.20.21.205 <none> 9090/TCP 1m tracing ClusterIP 172.20.231.66 <none> 80/TCP 1m zipkin ClusterIP 172.20.200.32 <none> 9411/TCP 1m
As shown in above I’m trying to access grafana dashboard using load balncer as well as port forwarding but I haven’t get grafana dashboard
Advertisement
Answer
You can create Istio Gateway and VirtualService in order to forward your requests to grafana
service running by default on port 3000
Firstly, let’s check grafana
and istio-ingressgateway
service
kubectl get svc grafana istio-ingressgateway -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE grafana ClusterIP 100.71.67.105 <none> 3000/TCP 18h istio-ingressgateway LoadBalancer 100.64.42.106 <Public IP address> 15020:31766/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32576/TCP,15030:30728/TCP,15031:31037/TCP,15032:31613/TCP,15443:32501/TCP 18h
So, we have grafana
running service listening on port 3000, and default istio-ingressgateway
LoadBalancer service running with assigned public ip address.
Then we create gateway
to use this default LoadBalancer.
$ kubectl apply -f - <<EOF apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: grafana-gateway namespace: istio-system # Use same namespace with backend service spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: - port: number: 80 name: HTTP protocol: HTTP hosts: - "*" EOF
Then configure route to grafana service
for traffic entering via the this gateway:
$ kubectl apply -f - <<EOF apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: grafana namespace: istio-system # Use same namespace with backend service spec: hosts: - "*" gateways: - grafana-gateway # define gateway name http: - match: - uri: prefix: "/" route: - destination: port: number: 3000 # Backend service port host: grafana # Backend service name EOF
Then hit the http://<public_ip_istio_ingressgateway>
, you should see the grafana dashboard
I hope it will be helpful for you.