error

kubectl get crd wasmplugins.extensions.istio.io
kubectl get clusterrole istiod-istio-system
kubectl get clusterrolebinding istiod-istio-system

helm uninstall <release-name> -n istio-system

helm install istio-base istio/base -n istio-system --set defaultRevision=default --values istio_base.yaml --replace


poc_user [ ~ ]$ helm install istio istio/istio -n istio-system --set profile=demo
Error: INSTALLATION FAILED: chart "istio" matching  not found in istio index. (try 'helm repo update'): no chart name found
poc_user [ ~ ]$ 


If you're unable to access Kiali on a browser after setting it up as a `LoadBalancer` or another service type, let's troubleshoot the issue step by step.

### 1. **Check the Service**:
Ensure the Kiali service is up and has an external IP:

```bash
kubectl get svc kiali -n istio-system
```

Check the `TYPE` and `EXTERNAL-IP` columns. If it's a `LoadBalancer`, make sure there's an IP address assigned under the `EXTERNAL-IP` column.

### 2. **Service Logs and Events**:
Check the logs and events related to the Kiali service:

```bash
kubectl describe svc kiali -n istio-system
```

This can give clues if there's an issue with the service or with obtaining an external IP.

### 3. **Access Inside the Cluster**:
Test access to Kiali from within the cluster:

```bash
kubectl run -i --tty --rm debug --image=alpine -- sh
```

This will launch an Alpine Linux pod. Once inside:

```bash
apk add --no-cache curl
curl kiali.istio-system.svc.cluster.local:20001
```

You should get a response from Kiali. If you do, it means Kiali is accessible internally.

### 4. **Check Network and Firewall Rules**:
Depending on where your Kubernetes cluster is running, there might be network and firewall rules preventing external access:

- **Cloud Providers**: Ensure that there are no firewall rules blocking the necessary ports.
- **Local Kubernetes**: If you're using Minikube, Kind, etc., accessing services might be different.
  
### 5. **Kiali Logs**:
Check the logs of the Kiali pod to see if there's any startup error or issue:

```bash
kubectl logs -l app=kiali -n istio-system
```

### 6. **Port Forwarding (Alternative)**:
If all else fails and you just want to access Kiali from your local machine, you can use port forwarding:

```bash
kubectl port-forward svc/kiali -n istio-system 20001:20001
```

Then, go to `http://localhost:20001` on your browser.

### 7. **Browser Issues**:
- Ensure you're not encountering browser-specific issues. Try accessing Kiali in an incognito/private window or a different browser.
- Check if there's any proxy or VPN that might be interfering with the connection.

### 8. **Reinstall/Reset**:
If you've tried the above and still can't access Kiali, consider uninstalling and reinstalling it.

Remember: Whenever you're exposing a service, especially if it's for production use, always make sure it's secure. Directly exposing Kiali with a LoadBalancer without any protection isn't recommended for non-testing scenarios. Consider setting up Ingress with authentication and HTTPS for production uses.



poc_user [ ~ ]$ kubectl run -i --tty --rm debug --image=alpine -- sh
If you don't see a command prompt, try pressing enter.
/ # apk add --no-cache curl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/x86_64/APKINDEX.tar.gz
(1/7) Installing ca-certificates (20230506-r0)
(2/7) Installing brotli-libs (1.0.9-r14)
(3/7) Installing libunistring (1.1-r1)
(4/7) Installing libidn2 (2.3.4-r1)
(5/7) Installing nghttp2-libs (1.55.1-r0)
(6/7) Installing libcurl (8.2.1-r0)
(7/7) Installing curl (8.2.1-r0)
Executing busybox-1.36.1-r2.trigger
Executing ca-certificates-20230506-r0.trigger
OK: 12 MiB in 22 packages
/ # curl kiali.istio-system.svc.cluster.local:20001
curl: (7) Failed to connect to kiali.istio-system.svc.cluster.local port 20001 after 5 ms: Couldn't connect to server
/ # curl -v http://20.24.125.8:20001
* processing: http://20.24.125.8:20001
*   Trying 20.24.125.8:20001...
* connect to 20.24.125.8 port 20001 failed: Connection refused
* Failed to connect to 20.24.125.8 port 20001 after 0 ms: Couldn't connect to server
* Closing connection
curl: (7) Failed to connect to 20.24.125.8 port 20001 after 0 ms: Couldn't connect to server
/ # 


poc_user [ ~ ]$ kubectl get po -n istio-system -l app=kiali
NAME                     READY   STATUS             RESTARTS       AGE
kiali-5c4b64b7d9-8pbr7   0/1     CrashLoopBackOff   12 (37s ago)   37m
poc_user [ ~ ]$ kubectl logs -l app=kiali -n istio-system
{"level":"info","time":"2023-08-21T08:56:16Z","message":"Adding a RegistryRefreshHandler"}
2023-08-21T08:56:16Z INF Kiali: Version: v1.72.0, Commit: 7208cd1767e8347b00bff10391130d7bcc824548, Go: 1.20.5
2023-08-21T08:56:16Z INF Using authentication strategy [login]
2023-08-21T08:56:16Z FTL Invalid authentication strategy [login]
poc_user [ ~ ]$ 



kubectl get configmap kiali -n istio-system -o jsonpath='{.data.config\.yaml}' | less
kubectl edit configmap kiali -n istio-system



/ # curl -v http://20.239.30.137:20001
* processing: http://20.239.30.137:20001
*   Trying 20.239.30.137:20001...
* Connected to 20.239.30.137 (20.239.30.137) port 20001
> GET / HTTP/1.1
> Host: 20.239.30.137:20001
> User-Agent: curl/8.2.1
> Accept: */*
> 
< HTTP/1.1 302 Found
< content-type: text/html; charset=utf-8
< location: /kiali/
< vary: Accept-Encoding
< date: Mon, 21 Aug 2023 09:21:10 GMT
< content-length: 30
< x-envoy-upstream-service-time: 0
< server: istio-envoy
< x-envoy-decorator-operation: kiali.istio-system.svc.cluster.local:20001/*
< 
<a href="/kiali/">Found</a>.

* Connection #0 to host 20.239.30.137 left intact
/ # curl kiali.istio-system.svc.cluster.local:20001
<a href="/kiali/">Found</a>.

/ # 


poc_user [ ~ ]$ http://20.239.30.137:20001/kiali/
bash: http://20.239.30.137:20001/kiali/: No such file or directory
poc_user [ ~ ]$ curl -v http://20.239.30.137:20001/kiali/
*   Trying 20.239.30.137:20001...


poc_user [ ~ ]$ kubectl logs -l app=kiali -n istio-system
E0821 09:10:39.007896       1 reflector.go:148] pkg/mod/k8s.io/client-go@v0.27.2/tools/cache/reflector.go:231: Failed to watch *v1.StatefulSet: failed to list *v1.StatefulSet: Get "https://10.0.0.1:443/apis/apps/v1/statefulsets?limit=500&resourceVersion=0": dial tcp 10.0.0.1:443: connect: connection refused
W0821 09:10:39.007992       1 reflector.go:533] pkg/mod/k8s.io/client-go@v0.27.2/tools/cache/reflector.go:231: failed to list *v1.DaemonSet: Get "https://10.0.0.1:443/apis/apps/v1/daemonsets?limit=500&resourceVersion=0": dial tcp 10.0.0.1:443: connect: connection refused
E0821 09:10:39.008031       1 reflector.go:148] pkg/mod/k8s.io/client-go@v0.27.2/tools/cache/reflector.go:231: Failed to watch *v1.DaemonSet: failed to list *v1.DaemonSet: Get "https://10.0.0.1:443/apis/apps/v1/daemonsets?limit=500&resourceVersion=0": dial tcp 10.0.0.1:443: connect: connection refused
W0821 09:10:39.008080       1 reflector.go:533] pkg/mod/k8s.io/client-go@v0.27.2/tools/cache/reflector.go:231: failed to list *v1.Service: Get "https://10.0.0.1:443/api/v1/services?limit=500&resourceVersion=0": dial tcp 10.0.0.1:443: connect: connection refused
E0821 09:10:39.008110       1 reflector.go:148] pkg/mod/k8s.io/client-go@v0.27.2/tools/cache/reflector.go:231: Failed to watch *v1.Service: failed to list *v1.Service: Get "https://10.0.0.1:443/api/v1/services?limit=500&resourceVersion=0": dial tcp 10.0.0.1:443: connect: connection refused
2023-08-21T09:10:40Z INF [Kiali Cache] Started
2023-08-21T09:10:40Z INF [Kiali Cache] Kube cache is active for cluster: [Kubernetes]
2023-08-21T09:10:40Z INF Server endpoint will start at [:20001/kiali]
2023-08-21T09:10:40Z INF Server endpoint will serve static content from [/opt/kiali/console]
2023-08-21T09:10:40Z INF Starting Metrics Server on [:9090]


Okay, let's clarify the situation a bit:

1. You can access Kiali metrics at `http://20.239.30.137:9090/kiali/`.
2. You cannot access the Kiali dashboard at `http://20.239.30.137:20001/kiali/`.

Given the above, it sounds like the metrics service for Kiali is working, but the main dashboard isn't accessible.

Here are a few steps you can take to potentially resolve the issue:

1. **Check Kiali Service Configuration**:
    First, verify that the Kiali service is correctly configured to expose port `20001`.
   
   ```bash
   kubectl get svc kiali -n istio-system -o jsonpath='{.spec.ports[?(@.port==20001)]}'
   ```

   You should see an output for the port configuration for `20001`.

2. **Kiali Configurations**:
   Ensure that Kiali's configurations are set up correctly. Especially, see if there's any override for its base URL or any other configuration that might be affecting its accessibility.

   ```bash
   kubectl get configmaps kiali -n istio-system -o json | jq '.data'
   ```

   You can check the returned configurations to see if everything seems right.

3. **Istio Ingress Configuration**:
   If you're using Istio's ingress gateway to access Kiali, make sure the configurations are correct. Check the VirtualService and Gateway for Kiali:

   ```bash
   kubectl get virtualservices,gateway -n istio-system
   ```

   Ensure they're set up to route traffic correctly for Kiali.

4. **Direct Port-Forwarding**:
   As a way to narrow down the issue, you can use `kubectl port-forward` to directly forward the Kiali service to your local machine and see if you can access it:

   ```bash
   kubectl port-forward svc/kiali -n istio-system 20001:20001
   ```

   Now, try accessing `http://localhost:20001/kiali/` from your browser. If you can access Kiali this way, the issue may be with the way traffic is being routed in your cluster.

5. **Browser and Network Issues**:
   Sometimes, the problem can be related to browser configurations, caches, or even network issues:

   - Try accessing the Kiali dashboard in an incognito/private mode to bypass cache.
   - Try a different browser.
   - Check if any browser extensions might be blocking the page.
   - Check network configurations/firewalls in your environment.

6. **Logs & Events**:
   While you've already checked logs, it's a good idea to look for any events related to the Kiali service or its related pods:

   ```bash
   kubectl describe svc/kiali -n istio-system
   kubectl describe pods -l app=kiali -n istio-system
   ```

7. **Reinstall/Upgrade Kiali**:
   If everything else fails, consider uninstalling and reinstalling Kiali. Sometimes a fresh installation can fix underlying issues. Also, consider upgrading Kiali if an upgrade is available; the newer version may have fixes for your problem.

8. **Check Istio's Sidecar Configuration**:
   If Kiali has an Istio sidecar, ensure it's correctly set up. Incorrect Istio configurations can affect pod-to-pod communication.

Lastly, Kiali has an active community, and issues like these can be discussed in their forums or GitHub issues. If you believe this might be a bug or if you need specific help related to Kiali, consider reaching out directly to the Kiali community.




---------------------------
===========================

{
  "config.yaml": "auth:\n  openid: {}\n  openshift:\n    client_id_prefix: kiali\n  strategy: token\ndeployment:\n  accessible_namespaces:\n  - '**'\n  additional_service_yaml: {}\n  affinity:\n    node: {}\n    pod: {}\n    pod_anti: {}\n  configmap_annotations: {}\n  custom_secrets: []\n  host_aliases: []\n  hpa:\n    api_version: autoscaling/v2\n    spec: {}\n  image_digest: \"\"\n  image_name: quay.io/kiali/kiali\n  image_pull_policy: Always\n  image_pull_secrets: []\n  image_version: v1.72.0\n  ingress:\n    additional_labels: {}\n    class_name: nginx\n    override_yaml:\n      metadata: {}\n  instance_name: kiali\n  logger:\n    log_format: text\n    log_level: info\n    sampler_rate: \"1\"\n    time_field_format: 2006-01-02T15:04:05Z07:00\n  namespace: istio-system\n  node_selector: {}\n  pod_annotations: {}\n  pod_labels: {}\n  priority_class_name: \"\"\n  replicas: 1\n  resources:\n    limits:\n      memory: 1Gi\n    requests:\n      cpu: 10m\n      memory: 64Mi\n  secret_name: kiali\n  security_context: {}\n  service_annotations: {}\n  service_type: \"\"\n  tolerations: []\n  version_label: v1.72.0\n  view_only_mode: false\nexternal_services:\n  custom_dashboards:\n    enabled: true\n  istio:\n    root_namespace: istio-system\nidentity:\n  cert_file: \"\"\n  private_key_file: \"\"\nistio_namespace: istio-system\nkiali_feature_flags:\n  certificates_information_indicators:\n    enabled: true\n    secrets:\n    - cacerts\n    - istio-ca-secret\n  clustering:\n    autodetect_secrets:\n      enabled: true\n      label: kiali.io/multiCluster=true\n    clusters: []\n  disabled_features: []\n  validations:\n    ignore:\n    - KIA1301\nlogin_token:\n  signing_key: wJy0FQesL4vSkVAB\nserver:\n  metrics_enabled: true\n  metrics_port: 9090\n  port: 20001\n  web_root: /kiali\n"
}

poc_user [ ~ ]$ kubectl get virtualservices,gateway -n istio-system
No resources found in istio-system namespace.
poc_user [ ~ ]$ 



-=============

Certainly. To expose Kiali using Istio's Gateway and VirtualService, follow these steps:

### 1. Adjust the Service Type

First, let's adjust the Kiali Service to be a `LoadBalancer`:

```bash
kubectl patch svc kiali -n istio-system -p '{"spec": {"type": "LoadBalancer"}}'
```

This will expose the Kiali Service externally, potentially giving you an external IP, depending on your Kubernetes provider.

### 2. Create a Gateway and VirtualService for Kiali

If you want to use Istio's Gateway and VirtualService to route external traffic to Kiali, follow these steps:

Create a file named `kiali-gateway.yaml` with the following content:

```yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: kiali-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http-kiali
      protocol: HTTP
    hosts:
    - "*"

---

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: kiali-virtualservice
  namespace: istio-system
spec:
  hosts:
  - "*"
  gateways:
  - kiali-gateway
  http:
  - match:
    - uri:
        prefix: /kiali
    route:
    - destination:
        host: kiali.istio-system.svc.cluster.local
        port:
          number: 20001
```

Apply the Gateway and VirtualService:

```bash
kubectl apply -f kiali-gateway.yaml
```

Now, you should be able to access Kiali via the Istio Ingress Gateway. To get the IP for the Ingress Gateway:

```bash
kubectl get svc istio-ingressgateway -n istio-system
```

Look for the `EXTERNAL-IP` of the `istio-ingressgateway` service. Access Kiali using that IP:

```
http://[EXTERNAL-IP]/kiali/
```

Replace `[EXTERNAL-IP]` with the actual IP you retrieved.

Please note:
- Using the wildcard host (`*`) in the above resources means any domain pointed to the ingress IP will be directed to Kiali. Adjust if necessary.
- Ensure that you have the `istio-ingressgateway` running in the `istio-system` namespace. If not, you may need to review your Istio installation.




poc_user [ ~ ]$ kubectl get virtualservices,gateway -n istio-system
No resources found in istio-system namespace.
poc_user [ ~ ]$ vi kiali_gateway.yaml
```bash
```yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: kiali-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http-kiali
      protocol: HTTP
    hosts:
    - "*"

---

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: kiali-virtualservice
  namespace: istio-system
spec:
  hosts:
  - "*"
  gateways:
  - kiali-gateway
  http:
  - match:
    - uri:
        prefix: /kiali
    route:
    - destination:
        host: kiali.istio-system.svc.cluster.local
        port:
          number: 20001
```
```

poc_user [ ~ ]$ kubectl apply -f kiali-gateway.yaml
error: the path "kiali-gateway.yaml" does not exist
poc_user [ ~ ]$ ls
clouddrive  kiali_gateway.yaml
poc_user [ ~ ]$ kubectl apply -f kiali_gateway.yaml
gateway.networking.istio.io/kiali-gateway created
virtualservice.networking.istio.io/kiali-virtualservice created
poc_user [ ~ ]$ kubectl get svc istio-ingressgateway -n istio-system
Error from server (NotFound): services "istio-ingressgateway" not found
poc_user [ ~ ]$ kubectl get svc -n istio-system
NAME     TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)                                 AGE
istiod   ClusterIP      10.0.63.198   <none>          15010/TCP,15012/TCP,443/TCP,15014/TCP   114m
kiali    LoadBalancer   10.0.113.12   20.239.30.137   20001:31439/TCP,9090:30292/TCP          60m
poc_user [ ~ ]$ kubectl get svc istio-ingressgateway -n istio-system
Error from server (NotFound): services "istio-ingressgateway" not found
poc_user [ ~ ]$




To reinstall Istio with the Ingress Gateway, follow these steps:

1. **Backup any custom configurations**: Before you proceed, make sure you've backed up any custom configurations you may have applied to your current Istio setup. This includes any custom `Gateway`, `VirtualService`, `DestinationRule`, etc.

2. **Uninstall the Current Istio Installation**:

   If you installed Istio using `istioctl`:

   ```bash
   istioctl manifest generate | kubectl delete -f -
   ```

   This will uninstall Istio components.

   If you installed using Helm (for older Istio versions):

   ```bash
   helm delete --purge istio-init
   helm delete --purge istio
   ```

   Ensure all Istio components are removed:

   ```bash
   kubectl get pods -n istio-system
   ```

3. **Install Istio with the Ingress Gateway**:

   First, download the latest Istio release:

   ```bash
   curl -L https://istio.io/downloadIstio | sh -
   ```

   Navigate to the Istio package directory:

   ```bash
   cd istio-<version>
   ```

   Add `istioctl` to your PATH:

   ```bash
   export PATH=$PWD/bin:$PATH
   ```

   Install Istio with the `demo` profile, which includes the Ingress Gateway:

   ```bash
   istioctl install --set profile=demo
   ```

   Validate that the `istio-ingressgateway` service is running:

   ```bash
   kubectl get svc istio-ingressgateway -n istio-system
   ```

4. **Re-apply your custom configurations**: If you had custom configurations backed up from step 1, re-apply them now.

5. **Apply the Kiali Gateway and VirtualService**: 

   Use the `kiali_gateway.yaml` file you've created before:

   ```bash
   kubectl apply -f kiali_gateway.yaml
   ```

6. **Verify Access**: Try accessing the Kiali dashboard via the Ingress Gateway.

By following these steps, you should have Istio reinstalled with the Ingress Gateway, and Kiali should be accessible via the Istio Ingress Gateway.


=================================================



https://github.com/kiali/kiali-operator/blob/master/deploy/deploy-kiali-operator.sh