Reputation: 60
External access to Google Kubernetes Engine services using Istio-Ingress gateway
I need to access services inside Google Kubernetes Engine standard private cluster using Istio.
My set up is as follows:
- Grafana service running on port 80.
- Istio virtual service listening on port 80.
- Istio Gatway listening on port 80.
- Istio-Ingress gateway that provision a GCP external LoadBalancer.
When I go to the LoadBalancer public IP, I can't access it.
resource "helm_release" "istio_ingress" {
name = "istio-ingressgateway"
chart = "gateway"
repository = "https://istio-release.storage.googleapis.com/charts"
namespace = "istio-system"
version = "1.18.0"
}
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: tcp
protocol: HTTP
hosts:
- "*"
tls:
httpsRedirect: false
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: ${var.shared_domain_certificate_name}
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- istio-system/my-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: grafana
port:
number: 80
Upvotes: 0
Views: 93
Answers (2)
Reputation: 824
As per Jakub, from a previous post. one working solution for Grafana is to set prefix to / and host to grafana. As an example
spec:
hosts:
- "grafana.example.com"
gateways:
- grafana-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: grafana
port:
number: 80
Including as well the sample for VirtualService and Gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grafana-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http-grafana
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana-vs
spec:
hosts:
- "*"
gateways:
- grafana-gateway
http:
- match:
- uri:
prefix: /grafana/
rewrite:
uri: /
route:
- destination:
host: grafana
port:
number: 80
Upvotes: 0
Reputation:
I didn't understand everything. Are you trying to access an application outside of the cluster, or are you attempting to access Grafana?
To access the deployment, you need to create the Ingress resource in the cluster for Istio. Have you created it?
If you have, you can find it by running:
Kubectl get ing
Then, you will obtain the load balancer information. Use that load balancer to access the application.
Upvotes: 0
Related Questions
- Accessing HTTPS Istio Ingress Gateway from Pod
- Kubernetes + Istio Ingress Gateway port
- Unable to open Istio ingress-gateway for gRPC
- You're speaking plain HTTP to an SSL-enabled server port in Kubernetes
- TLS handshake through Istio ingress gateway fails (tlsMode=passthrough)
- Kubernetes with Istio Ingress Not Running on Standard HTTP Ports 443/80
- Istio + Kubernetes: Gateway more than one TLS Certificate