3

I have installed Istio as described here.

I used istioctl manifest apply --set profile=demo for this purpose. And then installed bookinfo application.

And set kiali to use NordPort using kubectl -n istio-system edit svc kiali.

kubectl -n istio-system get svc kiali shows its NordPort and Ports 20001:32173/TCP

When I try to access kiali dashboard using 192.168.123.456:32173/kiali, with default username and password admin I get following warining.

Your session has expired or was terminated in another window

Why is it happening? I haven't change any default settings.

Kiali pod is running.

As jt97 requested curl -v externalIP:port/kiali

*   Trying 192.168.123.456...
* TCP_NODELAY set
* Connected to 192.168.123.456 (192.168.123.456) port 15029 (#0)
> GET /kiali/ HTTP/1.1
> Host: 192.168.123.456:15029
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< accept-ranges: bytes
< content-length: 2330
< content-type: text/html; charset=utf-8
< last-modified: Mon, 04 May 2020 14:46:17 GMT
< vary: Accept-Encoding
< date: Mon, 04 May 2020 14:59:40 GMT
< x-envoy-upstream-service-time: 0
< server: istio-envoy
<
<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"/><meta name="theme-color" content="#000000"/><base href="/kiali/"/><script type="text/javascript" src="./env.js"></script><link rel="manifest" href="./manifest.json"/><link rel="shortcut icon" href="./kiali_icon_lightbkg_16px.png"/><title>Kiali Console</title><link href="./static/css/2.51abb30a.chunk.css" rel="stylesheet"><link href="./static/css/main.aebbfcdd.chunk.css" rel="stylesheet"></head><body class="pf-m-redhat-font"><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script>!function(a){function e(e){for(var r,t,n=e[0],o=e[1],i=e[2],u=0,l=[];u<n.length;u++)t=n[u],Object.prototype.hasOwnProperty.call(p,t)&&p[t]&&l.push(p[t][0]),p[t]=0;for(r in o)Object.prototype.hasOwnProperty.call(o,r)&&(a[r]=o[r]);for(s&&s(e);l.length;)l.shift()();return c.push.apply(c,i||[]),f()}function f(){for(var e,r=0;r<c.length;r++){for(var t=c[r],n=!0,o=1;o<t.length;o++){var i=t[o];0!==p[i]&&(n=!1)}n&&(c.splice(r--,1),e=u(u.s=t[0]))}return e}var t={},p={1:0},c=[];function u(e){if(t[e])return t[e].exports;var r=t[e]={i:e,l:!1,exports:{}};return a[e].call(r.exports,r,r.exports,u),r.l=!0,r.exports}u.m=a,u.c=t,u.d=function(e,r,t){u.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},u.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},u.t=function(r,e){if(1&e&&(r=u(r)),8&e)return r;if(4&e&&"object"==typeof r&&r&&r.__esModule)return r;var t=Object.create(null);if(u.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:r}),2&e&&"string"!=typeof r)for(var n in r)u.d(t,n,function(e){return r[e]}.bind(null,n));return t},u.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return u.d(r,"a",r),r},u.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},u.p="./";var r=this["webpackJsonp@* Connection #0 to host 192.168.123.456 left intact
kiali/kiali-ui"]=this["webpackJsonp@kiali/kiali-ui"]||[],n=r.push.bind(r);r.push=e,r=r.slice();for(var o=0;o<r.length;o++)e(r[o]);var s=n;f()}([])</script><script src="./static/js/2.f84a82a8.chunk.js"></script><script src="./static/js/main.339a2916.chunk.js"></script></body></html>

Kiali log : /var/log/containers/kiali-869c6894c5-4jp2v_istio-system_kiali-1xxx.log

{"log":"I0505 04:49:19.151849       1 kiali.go:66] Kiali: Version: v1.15.2, Commit: 718aedca76e612e2f95498d022fab1e116613792\n","stream":"stderr","time":"2020-05-05T04:49:19.152333612Z"}
{"log":"I0505 04:49:19.153038       1 kiali.go:205] Using authentication strategy [login]\n","stream":"stderr","time":"2020-05-05T04:49:19.153122786Z"}
{"log":"I0505 04:49:19.158187       1 kiali.go:87] Kiali: Console version: 1.15.1\n","stream":"stderr","time":"2020-05-05T04:49:19.158268318Z"}
{"log":"I0505 04:49:19.158210       1 kiali.go:286] Updating base URL in index.html with [/kiali]\n","stream":"stderr","time":"2020-05-05T04:49:19.158284789Z"}
{"log":"I0505 04:49:19.158840       1 kiali.go:267] Generating env.js from config\n","stream":"stderr","time":"2020-05-05T04:49:19.158915814Z"}
{"log":"I0505 04:49:19.168786       1 server.go:57] Server endpoint will start at [:20001/kiali]\n","stream":"stderr","time":"2020-05-05T04:49:19.168870138Z"}
{"log":"I0505 04:49:19.168813       1 server.go:58] Server endpoint will serve static content from [/opt/kiali/console]\n","stream":"stderr","time":"2020-05-05T04:49:19.16888486Z"}
{"log":"I0505 04:49:19.179424       1 metrics_server.go:18] Starting Metrics Server on [:9090]\n","stream":"stderr","time":"2020-05-05T04:49:19.179497168Z"}
{"log":"I0505 04:49:19.179752       1 kiali.go:137] Secret is now available.\n","stream":"stderr","time":"2020-05-05T04:49:19.17998388Z"}

I found another error, which is not visible at once. When I enter username and password, it gives :

You are logged in, but there was a problem when fetching some required server configurations, try refreshing the page.

Community
  • 1
  • 1
Sachith Muhandiram
  • 2,819
  • 10
  • 45
  • 94

1 Answers1

1

As mentioned in istio docs here

If you want to acces kiali dashboard you should install your istio demo profile with --set values.kiali.enabled=true

istioctl manifest apply --set profile=demo --set values.kiali.enabled=true

Then apply virtual service, gateway and destination rule

cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: kiali-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 15029
      name: http-kiali
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: kiali-vs
  namespace: istio-system
spec:
  hosts:
  - "*"
  gateways:
  - kiali-gateway
  http:
  - match:
    - port: 15029
    route:
    - destination:
        host: kiali
        port:
          number: 20001
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: kiali
  namespace: istio-system
spec:
  host: kiali
  trafficPolicy:
    tls:
      mode: DISABLE
---
EOF

Get your external-ip with

kubectl get svc istio-ingressgateway -n istio-system

And visit kiali via your browser with http://<EXTERNAL-IP>:15029/and credentials admin:admin.

Additionally if you want to change the kiali credentials check this stackoverflow question.

Jakub
  • 8,189
  • 1
  • 17
  • 31
  • 1
    What about curl? What you get from `curl -v http://:15029/`? Bookinfo is working through web? Could you add logs from the kiali pod to your question? – Jakub May 04 '20 at 15:01
  • I have updated the question with `curl -v ` result. – Sachith Muhandiram May 04 '20 at 15:06
  • 1
    What about if Bookinfo is working through web? Could you add logs from the kiali pod to your question? From the output it seems kiali is working properly, the code is 200 so it works, so I think the problem might be with the loadbalancer. – Jakub May 05 '20 at 06:08
  • Yes, `bookinfo` works through web and `/productpage` shows expected round-robin behavior. I have added `kiali-log` file, but seems its now growing. – Sachith Muhandiram May 05 '20 at 06:24
  • 1
    From the logs and curl we can see that everything works properly. Your kiali service type is ClusterIP and port is 20001? It should work on 192.168.123.456:15029/kiali/ if you have follow yamls provided by me. – Jakub May 05 '20 at 07:21
  • Yes, its `ClusterIP:20001`, it gives me the login prompt, but I can not access to it. It gives an error, which is not visible at once, I have updated the question with it. – Sachith Muhandiram May 05 '20 at 07:28
  • My problem was with my PC time, it was different. – Sachith Muhandiram May 05 '20 at 12:03
  • Which version of Istio are you using? 1.5.2? Have you tried to use the command istioctl dashboard kiali? – Xavier Canal Masjuan May 12 '20 at 07:29