Expose Istio¶
In this section you will expose Istio and the services running behind it using the NGINX Ingress Controller.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing AKS cluster.
- A working cert-manager deployment.
- A working NGINX Ingress Controller deployment.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:/# cd ~/ops/deploymentsCompute the FQDN for your Azure Load Balancer and note it down as you are going to use it in later steps:
root@rok-tools:~/ops/deployments# echo ${AZURELB_DNS_NAME_LABEL?}.${AZURE_DEFAULTS_LOCATION?}.cloudapp.azure.com arrikto-cluster.eastus.cloudapp.azure.comEdit
rok/expose-ekf/overlays/deploy/kustomization.yaml
and enable theingress
andcertificate
resources:resources: - ../../base - ../../base/ingress.yaml - ../../base/certificate.yamlEdit
rok/expose-ekf/overlays/deploy/kustomization.yaml
and enable theingress-host
,ingress-tls
,certificate
, andxff
patches by uncommenting the corresponding snippet:patches: - path: patches/ingress-host.yaml target: kind: Ingress name: istio-ingress - path: patches/ingress-tls.yaml - path: patches/certificate.yaml - path: patches/xff.yaml target: kind: EnvoyFilter name: xff-trust-hopsEdit
rok/expose-ekf/overlays/deploy/patches/ingress-host.yaml
and setvalue
to the FQDN for your Azure Load Balancer:- op: replace path: /spec/rules/0/host value: arrikto-cluster.eastus.cloudapp.azure.com # <-- Update this line with your FQDNEdit
rok/expose-ekf/overlays/deploy/patches/ingress-tls.yaml
and sethosts
to the FQDN for your Azure Load Balancer:spec: tls: - hosts: - arrikto-cluster.eastus.cloudapp.azure.com # <-- Update this line with your FQDNEdit
rok/expose-ekf/overlays/deploy/patches/certificate.yaml
and set bothcommonName
anddnsNames
to the FQDN for your Azure Load Balancer:spec: commonName: arrikto-cluster.eastus.cloudapp.azure.com # <-- Update this line with your FQDN dnsNames: - arrikto-cluster.eastus.cloudapp.azure.com # <-- Update this line with your FQDNEdit
rok/expose-ekf/overlays/deploy/patches/xff.yaml
and replace<TRUSTED_FRONT_PROXIES>
with1
:- op: replace path: /spec/configPatches/0/patch/value/typed_config/xff_num_trusted_hops value: 1Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Expose Istio via an NGINX Ingress"Apply the kustomization:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/expose-ekf/overlays/deploy
Verify¶
Verify that you have successfully created the Ingress object for Istio. The HOSTS field should match your Azure Load Balancer FQDN:
root@rok-tools:~/ops/deployments# kubectl -n istio-system get ingress NAME HOSTS ADDRESS PORTS AGE istio-ingress arrikto-cluster.eastus.cloudapp.azure.com 10.42.42.42 80 1mOpen your browser, and go to the Rok UI at
https://<FQDN>/rok/Replace
<FQDN>
with your FQDN. For example:https://arrikto-cluster.eastus.cloudapp.azure.com/rok/