I am using Azure Kubernetes. I installed Istio 1.6.1. It installed the Istio-ingressgateway with LoadBalancer. I don't want to use Istio ingressgateway because I want to kong ingress.
I tried to run below command to change istio-ingress services from LoadBalancer to ClusterIP but getting errors.
$ kubectl patch svc istio-ingressgateway -p '{"spec": {"ports": "type": "ClusterIP"}}' -n istio-system
Error from server (BadRequest): invalid character ':' after object key:value pair
Not sure if I can make the changes and delete and re-create istio-ingress service?
The better option would be to reinstall istio without ingress controller. Do not install default profile in istio as it will install ingress controller along with other component. Check the various settings as mentioned in the installation page of istio and disable ingress controller.
Also check the documentation of using istio and kong together on k8s page and see what needs to be done on kong installation in order for enble communication between kong and other services.
Related
I am using istioctl to install istio in an EKS cluster. However, for the moment I will be using an nginx ingress for externally facing services. How can I just deploy the istio service internally, or at least avoid the automatically created ELB?
You can do it by editing istio-ingressgateway.
Change service type from
LoadBalancer -> Exposes the Service externally using a cloud provider’s load balancer
to
ClusterIP -> Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster.
Let's edit ingressgateway
kubectl edit svc istio-ingressgateway -n istio-system
Then please change the type from LoadBalancer to ClusterIP and # or delete every nodePort since You won't use them anymore and it have to be # or deleted so You could actually edit the file, without it, it fails to edit and nothing is happening.
EDIT
I can do this at install with istioctl using a values.yaml file?
Yes, it's possible.
This is a value You need to change:
values.gateways.istio-ingressgateway.type
example
Creating manifest to apply istio demo profile with ClusterIP
istioctl manifest generate --set profile=demo --set values.gateways.istio-ingressgateway.type="ClusterIP" > $HOME/generated-manifest.yaml
I installed k8s on Ubuntu 18.04. This instance is on a no-frills host that has no concept of load balancers.
I installed the nginx ingress via: helm install stable/nginx-ingress --name my-nginx
As you can see below, there is a service line that shows a LoadBalancer type service pending.
$ kubectl get svc
ingress-nginx-nginx-ingress-controller LoadBalancer 10.110.139.78 <pending> 80:31310/TCP,443:31820/TCP
ingress-nginx-nginx-ingress-default-backend ClusterIP 10.105.146.132 <none> 80/TCP
Is there a way to setup the nginx-ingress w/o a LoadBalancer service, preferably with Helm? If not, a workaround without Helm would be fine too.
https://github.com/helm/charts/tree/master/stable/nginx-ingress
According to official docs of chart you can configure service type through controller.service.type property and setting it to NodePort instead of LoadBalancer
I'm installing Prometheus on GKE with Helm using the standard chart as in
helm install -n prom stable/prometheus --namespace hal
but I need to be able to pull up the Prometheus UI in the browser. I know that I can do it with port forwarding, as in
kubectl port-forward -n hal svc/prom-prometheus-server 8000:80
but I'm being told "No, just expose it." Of course, there's already a service so just doing
kubectl expose deploy -n hal prom-prometheus-server
isn't going to work. I assume there's some value I can set in values.yaml that will give me an external IP, but I can't figure out what it is.
Or am I misunderstanding when they tell me "Just expose it"?
It is generally a very bad idea to expose Prometheus itself as it has no authentication mechanism, but you can absolutely set up a LoadBalancer service or Ingress aimed at the HTTP port if you want.
More commonly (and supported by the chart) you'll use Grafana for the public view and only connect to Prom itself via port-forward when needed for debugging.
Agree that it's a bad idea to expose prom publicly, but if its a demo it's ok.
Run:
kubectl expose deploy -n hal prom-prometheus-server --type=LoadBalancer
Kubernetes will create a GCP Load Balancer with an external IP.
Hope it helps!
I created a local kubernetes cluster with a master and 2 workers using VM(ubuntu 16.04)
I am also using calico for networking and I am exploring istio for the moment.
my problem is the ingress load balancer doesn't get an external IP. to my understanding I should use a node port to access the ingress load balancer but I can find how to do so.
should I have done it when installing, can I add it now and how?
kubernetes version : v1.11.1
calico version : v3.1
istio version : 0.8.0
If don't have a service attached to your deployment, you can use kubectl expose:
kubectl expose deployment istio --type=NodePort --name=istio-service
If you already deployed a service, you can edit the service spec and add type: "NodePort" the quickest way to do this is using kubectl patch:
kubectl patch svc istio-service -p '{"spec":{"type":"NodePort"}}'
More info about NodePort services can be found here
I am looking at traefik for an ingress controller for my minikube cluster. I have tried to follow the instructions provide in Traefik but my service External-IP is stuck in state indefinitely. Can anyone recommend a command that might explain why my service is failing to get an external-ip. kubectl describe svc traefik fails to provide any information. I have the latest minikube installed on MacOS with NO addons installed.
I also have the latest version of Helm installed. And executed the command
helm install --name ingress --namespace kube-system --set dashboard.enabled=true stable/traefik
I have successfully install nginx as an ingress controller.