Access kiali, product page and etc form outside (non-local)

hello there, I setup my istio servic mesh in cloud (digitalocean), how can I access to product page, kiali and etc from my local pc?

Hi @misha.ioseliani.7

Firstly, I know nothing about Digital Ocean, so I cannot tell you exactly how to do it, only theoretically.

You will need the external IP of your local PC. Get this by browsing to http://checkip.amazonaws.com

Next you need to publicly expose the endpoint you want to connect to. You would normally do this with an externally facing cloud load balancer, which connects to your cluster on the back end.

Finally you need to set the security on the load balancer’s public facing side to only allow access to your IP.

You then browse to the address of the load balancer.

https://www.digitalocean.com/ is a cloud website like amazon aws or google cloud, you can setup your Kubernetes cluster, web site or other application on it and have access to it online.
I want to ask kodekloud to add a section to istio training that show us how we can setup istio service mash and expose application with it in cloud and access to it ( dashboards) with local computer.

I know what it is. I just don’t know how to use it because I never have. If you had done this in AWS, I could tell you exactly what extra resources to deploy.

It is somewhat beyond the scope of a course to cover setting up external access. because how you do it in practice is different for every cloud provider. How you do it in theory is as I have described.

The theory which applies to all cloud platforms, keeping security in mind is

  • Application workloads (inc servers, clusters, databases etc) must be deployed on private networks. This means networks with no public IP addresses and access to the internet via NAT gateways.
  • Access from the outside world is provided by a cloud loadbalancer. Digital Ocean will have these.
  • Load balancer listens on public IP , therefore is reachable from your local PC
  • Load balancer forwards request to application workload
  • Load balancer should be secured to allow only connections from known IPs (like your PC), unless it is serving a public site (which a Kiali dashboard certainly is not)
  • Load balancer must serve over HTTPS, even if restricted to only your IP, therefore you need a domain name and a certificate to associate with it, otherwise your cluster could be hacked.

All the above will be able to be done in Digital Ocean. I just don’t know how to do it in Digital Ocean, because I have not used it.

This might help

You need to connect the load balancer to the Service that fronts the Kiali deployment