How to set up your own Kubernetes cluster + Istio + Kiali

viet nguyen
Oct 31, 2018 · 3 min read
Photo by Roshni Sidapara on Unsplash

I’d like to share with you Part 1 of a multi-part blog series on using Kiali to visualize and monitor your Istio service mesh. Kiali is now a part of Istio 1.1 (November 2018 release).

This article assumes you are already familiar with Kubernetes. If you are new to Istio and not sure what problems it’s trying to solve, be sure to read this introduction.

Table of contents

  • Part 1: Set up a Kubernetes cluster and Istio using minikube (this article)
  • Part 2: Circuit breaker 101 (TBD)

Step 0: Prepare your local environment

In this step we prepare the environment to run minikube. So what is minikube? The project’s Readme describes it as “a tool that makes it easy to run Kubernetes cluster locally.

In this blog post I’m providing instructions for Fedora 28 since that is my primary development environment. However, Minikube also is supported on other Linux flavors as well as MacOS and Windows.

Fedora 28 Instructions

  1. kvm2: virtualization library that minikube uses to host the Kubernetes cluster.
  2. minikube: command line tool that hides all the complexity associated with installing and managing a Kubernetes cluster on your local environment.
  3. kubectl: command line tool for interacting with Kubernetes cluster.
  4. Helm: command line tool that automates the installing of Istio (and among other things) to Kubernetes. Important: while Helm has two components, the client and the server (Tiller), you only need to install the client to your local environment.

Step 2: Start Minikube

# Start minikube
minikube start --memory=8192 --cpus=4 --kubernetes-version=v1.10.0 --vm-driver=kvm2

# Enable `ingress` add on
minikube addons enable ingress

Congratulations! At this point you have a fully functional Kubernetes cluster. If you are new to Kubernetes follow this tutorial to deploy a simple app in order to verify the cluster is working properly.

Step 3: Set up Kiali secret

Secret” is a way to store sensitive information such as password or encryption key for Kubernetes applications.

Create istio-system namespace:

# Note: Normally Helm will create istio-system namespace for you 
# but it doesn't create Kiali secret. Without
# the secret Kiali install will fail
kubectl create namespace istio-system

Create login credential for Kiali (admin/admin):

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
name: kiali
namespace: istio-system
app: kiali
type: Opaque
username: YWRtaW4=
passphrase: YWRtaW4=

Step 4: Install Istio using Helm

At this point you should clone the main Istio repo to your local drive.

git clone
cd istio && git checkout release-1.1

As of 1.1 Release there are two options for installing Istio. In this example I’m going with option #2 (Install with Helm and Tiller via Helm install).

kubectl apply -f install/kubernetes/helm/helm-service-account.yaml

helm init --service-account tiller

helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set kiali.enabled=true --set gateways.istio-ingressgateway.type=NodePort

The last command above should take a couple seconds to complete. You can then inspect the istio-system namespace and verify all pods are in Running status.

# List all pods 
kubectl get pods -n istio-system
istio-citadel-5fc8f9f548-q4pms 1/1 Running 0
kiali-66cc585699-wp99q 1/1 Running 0
prometheus-7fcd5846db-d25lk 1/1 Running 0

Step 5: Open Kiali in the Browser

In order to access Kubernetes services inside minikube run the following commands to determine Kiali URL:

export GATEWAY_URL=$(minikube ip)export KIALI_URL="http://$(echo $GATEWAY_URL | sed -e s/:.*//):$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?("http-kiali")].nodePort}')"echo $KIALI_URLOutput:

Open $KIALI_URL in the browser and login in with admin/admin.

Troubleshooting Tips

Minikube Logs

You can inspect minikube logs with minikube log command.

Clean up

If you have problem starting up minikube, clean up your VM configs and start over.

minikube stop
minikube delete
rm -rf ~/.kube
rm -rf ~/.minikube

Moving your laptop between home and work?

When switching between networks such as taking your laptop from home to work, you may encounter minikube network errors due to changes in your laptop IP. See “Clean up” section above.

What’s next?

In the next post I will walk you through creating a simple Istio service mesh with Circuit Breaker feature to limit requests to a web application.


Service Mesh Observability

viet nguyen

Written by

software developer, rock climber



Service Mesh Observability

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade