Expose Istio

In this section you will expose Istio and the services running behind it using the NGINX Ingress Controller.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:/# cd ~/ops/deployments
  2. Compute the FQDN for your Azure Load Balancer and note it down as you are going to use it in later steps:

    root@rok-tools:~/ops/deployments# echo ${AZURELB_DNS_NAME_LABEL?}.${AZURE_DEFAULTS_LOCATION?}.cloudapp.azure.com arrikto-cluster.eastus.cloudapp.azure.com
  3. Edit rok/expose-ekf/overlays/deploy/kustomization.yaml and enable the ingress and certificate resources:

    resources: - ../../base - ../../base/ingress.yaml - ../../base/certificate.yaml
  4. Edit rok/expose-ekf/overlays/deploy/kustomization.yaml and enable the ingress-host, ingress-tls, certificate, and xff patches by uncommenting the corresponding snippet:

    patches: - path: patches/ingress-host.yaml target: kind: Ingress name: istio-ingress - path: patches/ingress-tls.yaml - path: patches/certificate.yaml - path: patches/xff.yaml target: kind: EnvoyFilter name: xff-trust-hops
  5. Edit rok/expose-ekf/overlays/deploy/patches/ingress-host.yaml and set value to the FQDN for your Azure Load Balancer:

    - op: replace path: /spec/rules/0/host value: arrikto-cluster.eastus.cloudapp.azure.com # <-- Update this line with your FQDN
  6. Edit rok/expose-ekf/overlays/deploy/patches/ingress-tls.yaml and set hosts to the FQDN for your Azure Load Balancer:

    spec: tls: - hosts: - arrikto-cluster.eastus.cloudapp.azure.com # <-- Update this line with your FQDN
  7. Edit rok/expose-ekf/overlays/deploy/patches/certificate.yaml and set both commonName and dnsNames to the FQDN for your Azure Load Balancer:

    spec: commonName: arrikto-cluster.eastus.cloudapp.azure.com # <-- Update this line with your FQDN dnsNames: - arrikto-cluster.eastus.cloudapp.azure.com # <-- Update this line with your FQDN
  8. Edit rok/expose-ekf/overlays/deploy/patches/xff.yaml and replace <TRUSTED_FRONT_PROXIES> with 1:

    - op: replace path: /spec/configPatches/0/patch/value/typed_config/xff_num_trusted_hops value: 1
  9. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Expose Istio via an NGINX Ingress"
  10. Apply the kustomization:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/expose-ekf/overlays/deploy

Verify

  1. Verify that you have successfully created the Ingress object for Istio. The HOSTS field should match your Azure Load Balancer FQDN:

    root@rok-tools:~/ops/deployments# kubectl -n istio-system get ingress NAME HOSTS ADDRESS PORTS AGE istio-ingress arrikto-cluster.eastus.cloudapp.azure.com 10.42.42.42 80 1m
  2. Open your browser, and go to the Rok UI at

    https://<FQDN>/rok/

    Replace <FQDN> with your FQDN. For example:

    https://arrikto-cluster.eastus.cloudapp.azure.com/rok/

Summary

You have successfully configured Istio and exposed Rok to the outside world. With this, you have successfully completed the whole installation process.

What’s Next

The next step is to expose your ML models to the outside world.