Expose the Istio Ingress gateway via DNS¶
The following procedures are platform specific and work with a "standard classic" Kubernetes Cluster provided by the IBM Cloud Kubernetes Service (IKS) on the IBM Cloud.
If you are using a VPC based or a free ("Lite") Kubernetes Cluster on the IBM Cloud or another Cloud provider or something like Minikube, the following sections will not work!
When you install Istio on a Kubernetes Cluster on IBM Cloud, the Istio Ingress is created with a Kubernetes service of type LoadBalancer -- this is called a Network Load Balancer or NLB on IBM Cloud. A "floating" IP address is assigned to it through which it can be reached on the public Internet.
In this section we will assign a subdomain DNS entry for this IP address so that the Istio Ingress can be accessed using a URL.
Automated setup¶
Step 1: Ensure you exported the $MYCLUSTER variable¶
echo $MYCLUSTER
If this isn`t the case run, following commands:
- Copy your cluster name from the output
ibmcloud ks cluster ls
- Export the
$MYCLUSTERvariable
export MYCLUSTER=your_pre_provisioned_clustername
Step 2: Execute following script¶
cd $ROOT_FOLDER
bash IKS/istio-setup-ingress-gateway.sh
Example output:
...
OK
NLB hostname was created as harald-uebele-k8s-fra05-***-0001.us-south.containers.appdomain.cloud
------------------------------------------------------------------------
Ingress-URL: harald-uebele-k8s-fra05-***-0001.us-south.containers.appdomain.cloud
Cluster Name: harald-uebele-k8s-fra05
...
Step 3: Create a $INGRESSURL variable for later usage¶
Insert your YOUR_INGRESSURL value.
export INGRESSURL=YOUR_INGRESSURL
echo $INGRESSURL
FYI: Manual setup¶
The following steps show the manual steps of the automated setup. This is just for your information, you don't need to run them!
Step 1: Get public IP¶
When we install Istio on our pre-provisioned Kubernetes Clusters on IBM Cloud, the Istio Ingress is created with a Kubernetes service of type LoadBalancer and is assigned a "floating" IP address through which it can be reached on the public Internet. You can determine this address with the following command:
cd $ROOT_FOLDER/IKS
kubectl get svc -n istio-system | grep istio-ingressgateway
Output for example:
istio-ingressgateway LoadBalancer 172.21.213.52 149.***.131.*** 15020:31754/TCP,...
Step 2: Save public IP address¶
Our Ingress gateway is in fact of type LoadBalancer, the second IP address of the example 149.***.131.*** is the external (public) IP address. We need this public IP address in the next command.
export INGRESSGATEWAYIP=149.***.131.***
Step 3: Create a DNS subdomain¶
To create a DNS subdomain -- a URL -- for the Ingress gateway use the following command:
echo $MYCLUSTER
ibmcloud ks nlb-dns create classic --cluster $MYCLUSTER --ip $INGRESSGATEWAYIP
The new subdomain will have the form [cluster name]-[globally unique hash]-[sequence].[region].containers.appdomain.cloud. The output should look like this:
OK
NLB hostname was created as harald-uebele-k8s-fra05-********************-0001.eu-de.containers.appdomain.cloud
Step 4: Save DNS subdomain as $INGRESSURL¶
This will be the URL we will use later to access Keycloak and our sample application. Copy the URL and paste it into an environment variable:
export INGRESSURL=harald-uebele-k8s-fra05-********************-0001.eu-de.containers.appdomain.cloud