-
Notifications
You must be signed in to change notification settings - Fork 0
/
istiokiali
139 lines (93 loc) · 5.09 KB
/
istiokiali
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
Certainly! Here's a combined guide for setting up Istio along with Kiali on a Kubernetes cluster using Helm:
### 1. **Pre-requisites**:
- A Kubernetes cluster up and running.
- `kubectl` installed and configured to manage the cluster.
- Helm v3.x installed.
### 2. **Create Namespace for Istio**:
```bash
kubectl create namespace istio-system
```
### 3. **Add the Istio and Kiali Helm Chart Repositories**:
```bash
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo add kiali https://kiali.org/helm-charts
helm repo update
```
### 4. **Install Istio's Custom Resource Definitions (CRDs)**:
```bash
helm install istio-base istio/base --namespace istio-system
```
### 5. **Install Istio Components**:
We're using the `demo` profile to simplify this guide. For production deployments, you should consider a different profile and carefully select components to install.
```bash
helm install istio istio/istio -n istio-system --set profile=demo
```
### 6. **Install Kiali**:
First, we'll create a secret for Kiali's credentials:
```bash
kubectl create secret generic kiali -n istio-system --from-literal=username=<YOUR_USERNAME> --from-literal=passphrase=<YOUR_PASSWORD>
```
Replace `<YOUR_USERNAME>` and `<YOUR_PASSWORD>` with your desired credentials.
Then, install Kiali using Helm:
```bash
helm install --namespace istio-system --set auth.strategy="login" --set auth.usernameKey="kiali" --set auth.passphraseKey="kiali-passphrase" kiali kiali/kiali-server
```
### 7. **Enable Automatic Sidecar Injection**:
For Istio to manage traffic, it requires an Envoy sidecar to be deployed alongside application pods. To enable automatic sidecar injection for a namespace (replace `<YOUR_NAMESPACE>`):
```bash
kubectl label namespace <YOUR_NAMESPACE> istio-injection=enabled
```
### 8. **Access the Kiali Dashboard**:
To access Kiali:
1. Forward the Kiali service port:
```bash
kubectl -n istio-system port-forward svc/kiali 20001:20001
```
2. Access Kiali by navigating to [http://localhost:20001](http://localhost:20001) in your browser. Use the credentials you set earlier (`<YOUR_USERNAME>` and `<YOUR_PASSWORD>`) to log in.
This guide sets up Istio and Kiali in a basic configuration suitable for testing and exploration. For more secure and scalable setups, consult the documentation and best practices of both Istio and Kiali.
===================================
To access Kiali on an external browser, you'd typically expose its service via an Ingress, LoadBalancer, or NodePort. Among these, the simplest approach for testing is to use a `LoadBalancer`, assuming your Kubernetes cluster is running on a platform that supports this (e.g., cloud providers like AWS, GCP, Azure).
Here are the steps to modify the service type of Kiali to `LoadBalancer`:
### 1. Modify Kiali Service to LoadBalancer:
```bash
kubectl patch svc kiali -n istio-system --patch '{"spec": {"type": "LoadBalancer"}}'
```
### 2. Obtain the External IP:
After a few moments (this could vary depending on your cloud provider), the LoadBalancer should assign an external IP address to the Kiali service. You can obtain this IP with:
```bash
kubectl get svc kiali -n istio-system
```
Watch for the `EXTERNAL-IP` column. Once it has been populated, note down this IP.
### 3. Access Kiali Dashboard:
Open your browser and navigate to:
```
http://<EXTERNAL-IP>:20001
```
Replace `<EXTERNAL-IP>` with the IP address you obtained in step 2.
You should now be able to access the Kiali dashboard from an external browser using the provided IP address and port.
Note: Exposing services like Kiali to the internet using LoadBalancers without any additional security measures is not recommended for production scenarios due to potential security risks. For production use, you'd typically set up an Ingress with HTTPS and perhaps additional authentication mechanisms.
If you installed Kiali using Helm, you can uninstall it using the `helm uninstall` command.
Here's how to uninstall Kiali:
### 1. **Uninstall Kiali using Helm**:
Assuming you installed Kiali with a release name of `kiali`, you can uninstall it with:
```bash
helm uninstall kiali -n istio-system
```
Replace `kiali` with the release name you used during installation if it's different.
### 2. **Delete Any Remaining Resources**:
Sometimes, certain resources might remain even after uninstalling via Helm. You can delete them manually:
```bash
kubectl delete services,deployments,pods,configmaps,secrets,ingress,serviceaccounts,roles,rolebindings -l app=kiali -n istio-system
```
### 3. **Optionally, Clean Up Persistent Volume Claims**:
If there were any persistent volumes used by Kiali (which is unlikely for a typical Kiali setup, but always good to check), you can delete them:
```bash
kubectl delete pvc -l app=kiali -n istio-system
```
### 4. **Verify Resources Were Deleted**:
You can ensure that all Kiali-related resources were deleted:
```bash
kubectl get all -l app=kiali -n istio-system
```
If there's no output, then all resources related to Kiali have been deleted.
Remember to be cautious while deleting resources, especially in production environments, to avoid unintended data or service loss.