This tutorial demonstrates how to deploy and access Charmed Kiali to monitor an Istio service mesh from scratch.
At time of writing, stable releases of the Istio and Kiali charms were not yet available. This tutorial uses edge releases, but you should use the risk appropriate to your use case
Contents
Prerequisites
Juju
This tutorial assumes you have a Juju bootstrapped on a Kubernetes cluster. If not, refer to Juju’s documentation for instructions.
Istio
For Kiali to be useful, it must be deployed alongside an instance of Istio that provides its metrics to a metrics store. This tutorial assumes you have Charmed Istio deployed in the istio-system model.
If you do not have your own Istio instance...
…you can generate one for this tutorial by doing the following. Deploy Istio and offer it for cross model relations:
juju add-model istio-system
# Deploy Istio
juju deploy istio-k8s --trust --channel edge
juju offer istio-k8s:istio-metadata
Connect Istio to a metrics store (Kiali works by observing the metrics generated by Istio). Note that this metrics store does not need to be specifically for Istio - it could also be the general metrics store used for the full Canonical Observability Stack.
juju deploy prometheus--k8s --trust
juju relate istio-k8s prometheus-k8s
And offer the metrics store for cross-model relations:
The prometheus-api integration was added as of Prometheus revision 237. At time of writing, it was only available in the edge channel, but will be promoted in due course.
juju offer prometheus-k8s:prometheus-api
Ingress
While not a hard requirement for deploying Kiali, it is convenient to use an ingress to expose Kiali outside the cluster. This guide assumes an ingress that supports the ingress interface is deployed in istio-system and offered for cross-model relations.
If you do not have an ingress...
… you can generate one for this tutorial by deploying the istio-ingress charm:
juju deploy istio-ingress-k8s --trust --channel edge
juju offer istio-ingress-k8s:ingress
Something to Monitor
For Kiali to be useful, we need traffic to monitor inside the Istio service mesh. If you have something already, great! Just observe that when we get to using Kiali
If you do not have something to observe...
…you can use Istio’s Bookinfo sample application for this tutorial.
The kubectl command line tool is described here.
Deploy the Bookinfo application:
juju add-model bookinfo
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/refs/heads/master/samples/bookinfo/platform/kube/bookinfo.yaml
And a separate sleep application (just a simple Pod that has curl and doesn’t do anything else):
kubectl -n bookinfo apply -f https://raw.githubusercontent.com/istio/istio/refs/heads/master/samples/sleep/sleep.yaml
serviceaccount/sleep
Then generate some traffic by curling from sleep to the bookinfo application’s /productpage:
while true; do
kubectl -n bookinfo exec "$(kubectl -n bookinfo get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"; sleep 1
done
Deploy Kiali
Deploy Kiali and connect it to Istio and its metrics store:
juju add-model kiali
juju deploy kiali-k8s --trust --channel edge
juju consume istio-system.istio-k8s
juju relate kiali-k8s:istio-metadata istio-k8s
juju consume istio-system.prometheus-k8s
juju relate kiali-k8s:prometheus prometheus-k8s
Expose it via the Ingress:
juju consume istio-system.istio-ingress-k8s
juju relate kiali-k8s istio-ingress-k8s
Once everything settles, Kiali should now be available at INGRESS_IP/kiali-kiali-k8s (INGRESS_IP/NAMESPACE-APPNAME), where the INGRESS_IP can be obtained from the status message of istio-ingress-k8s (eg: from juju status istio-ingress-k8s).
Use Kiali
Open the above url to Kiali in your browser. You should see the dashboard.
And we can observe the traffic on our service mesh from the Traffic Graph tab:
Congratulations, now you have a working Kiali to observe your service mesh!