Expose grafana publicly using istio
There is a working example for istio with version 1.7.0
istioctl versionclient version: 1.7.0control plane version: 1.7.0data plane version: 1.7.0 (1 proxies)
1.I have used helm fetch to get prometheus operator.
helm fetch stable/prometheus-operator --untar
2.I changed these in values.yaml.
Grafana Service.
service: portName: http-service port: 3000 targetPort: 3000
Grafana host.
hosts: - grafana.domain.com
3.I have created po namespace and installed prometheus operator
kubectl create namespace pohelm install prometheus-operator ./prometheus-operator -n po
4.I have checked the grafana service name with
kubectl get svc -n poprometheus-operator-grafana ClusterIP
5.I have used below yamls for istio, used grafana service name which is prometheus-operator-grafana
as my virtual service and destination rule host.
apiVersion: networking.istio.io/v1alpha3kind: Gatewaymetadata: name: grafana-gateway namespace: pospec: selector: istio: ingressgateway servers: - port: number: 80 name: http-grafana protocol: HTTP hosts: - "grafana.domain.com"---apiVersion: networking.istio.io/v1alpha3kind: VirtualServicemetadata: name: grafana-vs namespace: pospec: hosts: - "grafana.domain.com" gateways: - grafana-gateway http: - route: - destination: host: prometheus-operator-grafana.po.svc.cluster.local port: number: 3000---apiVersion: networking.istio.io/v1alpha3kind: DestinationRulemetadata: name: grafana namespace: pospec: host: prometheus-operator-grafana.po.svc.cluster.local trafficPolicy: tls: mode: DISABLE
5.Test with curl, it's 302 instead of 200 as we have to login.
curl -v -H "host: grafana.domain.com" xx.xx.xxx.xxx/GET / HTTP/1.1> Host: grafana.domain.com> User-Agent: curl/7.64.0> Accept: */*>< HTTP/1.1 302 Found
Let me know if it worked or if you have any other questions. Maybe there is a problem with the 1.4.3 version you use.