How to Deploy Kiali on Kubernetes

Kiali is a service mesh observability tool designed to complement Istio. It provides insights into the traffic flow, topology, and health of your service mesh. This guide walks you through deploying Kiali on a Kubernetes cluster.

Prerequisites

1. Kubernetes Cluster: A running Kubernetes cluster with kubectl configured.
2. Istio Installed: Ensure Istio is installed and running in your cluster.
3. Namespace: Use the istio-system namespace for Kiali (default for Istio) or customize as needed.
4. Ingress Controller: Ensure an Ingress controller (e.g., NGINX) is installed if external access is required.

Step 1: Configure Kiali Resources

Kiali requires configuration for access credentials and server settings. Create a Secret for Kiali credentials and a ConfigMap for its settings.

Create a Secret for Credentials

apiVersion: v1
kind: Secret
metadata:
  name: kiali
  namespace: istio-system
type: Opaque
stringData:
  username: admin  # Replace with a secure username
  passphrase: admin # Replace with a secure password

Apply the Secret:

kubectl apply -f kiali-secret.yaml

Create a ConfigMap for Kiali Settings

apiVersion: v1
kind: ConfigMap
metadata:
  name: kiali
  namespace: istio-system
data:
  kiali.yaml: |
    server:
      port: 20001
      web_root: /kiali
    deployment:
      accessible_namespaces: ['**']

Apply the ConfigMap:

kubectl apply -f kiali-configmap.yaml

Step 2: Deploy Kiali

Create a Deployment and Service for Kiali.

Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: kiali
  namespace: istio-system
  labels:
    app: kiali
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kiali
  template:
    metadata:
      labels:
        app: kiali
    spec:
      containers:
      - name: kiali
        image: kiali/kiali:v1.66 # Replace with the latest version
        ports:
        - containerPort: 20001
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: KIALI_USERNAME
          valueFrom:
            secretKeyRef:
              name: kiali
              key: username
        - name: KIALI_PASSPHRASE
          valueFrom:
            secretKeyRef:
              name: kiali
              key: passphrase

Apply the Deployment:

kubectl apply -f kiali-deployment.yaml

Service

Expose Kiali using a ClusterIP service.

apiVersion: v1
kind: Service
metadata:
  name: kiali
  namespace: istio-system
spec:
  selector:
    app: kiali
  ports:
    - port: 20001
      targetPort: 20001
      protocol: TCP

Apply the Service:

kubectl apply -f kiali-service.yaml

Step 3: Configure Ingress (Optional)

If you need external access to Kiali, configure an Ingress resource.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kiali-ingress
  namespace: istio-system
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: kiali.example.com # Replace with your domain
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kiali
            port:
              number: 20001

Apply the Ingress:

kubectl apply -f kiali-ingress.yaml

Step 4: Access Kiali

1. If using Ingress, access Kiali at http://kiali.example.com (or your configured domain).

If using a ClusterIP service, use kubectl port-forward to access Kiali locally:

kubectl port-forward svc/kiali -n istio-system 20001:20001

Then, visit http://localhost:20001/kiali in your browser.

Log in using the credentials defined in the Secret (e.g., admin/admin).

以上資訊使用 ChatGPT 整理