My team is using istio (version 1.2.8) on our k8s (v 1.15.6) landscape, and we want to provide Prometheus with external IP, when applying the vs
We were able to access Prometheus in the browser but without and css/js
files. we got 404 error for the .js
(see logs below) files (see envoy logs below) as the /static
files are not served.
This is the UI we got (no css and js files are served)
instead of the following Prometheus default UI (when using loadbalancer or port forwarding...)
This is the minimal steps to see the issue:
Install Prometheus via helm as-is(latest- we didn't change any default config of Prometheus from the chart )
Take the name of the service
(with kubectl get svc
on the ns
which the service deployed) put it on the destination->host
section in the VS (update the gw
host etc) and apply the VS
file
vs.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: prom-virtualservice
namespace: mon
spec:
gateways:
- de-system-gateway.ws-system.svc.cluster.local
hosts:
- lzs.dev10.int.str.cloud.rpn
http:
- match:
- uri:
prefix: /prometheus
rewrite:
uri: /graph
route:
- destination:
host: prom-prometheus-server
port:
number: 80
BTW,
If I just change the type of Prometheus to use LoadBalancer
it work, I was able to get external-ip
and see istio UI as expected.
another info, if I remove the following
rewrite:
uri: /graph
I got 404 error
in the browser without any data from prom
in the browser without js/css files , the network in the browser is like following:
I even try the following which doesn't work either
- uri:
prefix: /prometheus
rewrite:
uri: /static
or
- uri:
prefix: /prometheus/static
our gateway
spec looks like following
...
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- lzs.dev10.int.str.cloud.rpn
port:
name: https-manager
number: 443
protocol: HTTPS
tls:
mode: SIMPLE
privateKey: /etc/istio/de-tls/tls.key
serverCertificate: /etc/istio/de-tls/tls.crt
using port forwarding (local) or loadbalancer
for Prometheus it works. How can we make it work with istio ?
update
I've tried also to add the static and got the same results:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: prom-virtualservice
namespace: mon
spec:
gateways:
- de-system-gateway.ws-system.svc.cluster.local
hosts:
- lzs.dev10.int.str.cloud.rpn
http:
- match:
- uri:
prefix: /prometheus
- uri:
prefix: /static
- uri:
regex: '^.*\.(ico|png|jpg)#x27;
rewrite:
uri: /graph
route:
- destination:
host: prom-prometheus-server
port:
number: 80
update 2
after using the yaml which provided as answer, now I see the ui with the css etc however it's not functional , I got error: Error loading available metrics!
in the browser debug mode network tab I can see that the following is not working
This is the logs for envoy for the error
[2019-12-17T09:04:18.670Z] "GET /api/v1/query?query=time()&_=1576573457737 HTTP/2" 404 NR "-" "-" 0 0 0 - "100.96.0.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "57592874-27f5-4b57-9dea-1bcf13365f60" "lzs.dev10.int.str.cloud.rpn" "-" - - 100.96.2.13:443 100.96.0.1:24664 lzs.dev10.int.str.cloud.rpn
[2019-12-17T09:04:18.670Z] "GET /api/v1/label/__name__/values?_=1576573457738 HTTP/2" 404 NR "-" "-" 0 0 0 - "100.96.0.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "edad441d-58fe-4214-aae0-a0aec9012030" "lzs.dev10.int.str.cloud.rpn" "-" - - 100.96.2.13:443 100.96.0.1:24664 lzs.dev10.int.str.cloud.rpn
(we are not talking about Prometheus which comes with istio, we need to install diff Prometheus on diff namespace...)
This is the logs from envoy
2019-12-15T13:57:16.977357Z info Envoy proxy is ready
[2019-12-15 14:29:51.226][14][warning][config] [bazel-out/k8-opt/bin/external/envoy/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:86] gRPC config stream closed: 13, [2019-12-15 15:00:50.980][14][warning][config] [bazel-out/k8-opt/bin/external/envoy/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:86] gRPC config stream closed: 13, [2019-12-15T15:11:02.572Z] "GET /prometheus HTTP/2" 200 - "-" "-" 0 5785 2 1 "100.96.3.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:70.0) Gecko/20100101 Firefox/70.0" "531e2f39-0c9f-44d3-b11b-e336126ea836" "lzs.dev10.int.str.cloud.rpn" "100.96.0.16:9090" outbound|80||prom-prometheus-server.mon.svc.cluster.local - 100.96.2.10:443 100.96.3.1:32972 lzs.dev10.int.str.cloud.rpn [2019-12-15T15:11:02.705Z] "GET /static/vendor/js/jquery-3.3.1.min.js?v=6f92ce56053866194ae5937012c1bec40f1dd1d9 HTTP/2" 404 NR "-" "-" 0 0 0 - "100.96.3.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:70.0) Gecko/20100101 Firefox/70.0" "40119d8d-2103-4453-b589-e1561d44d363" "lzs.dev10.int.str.cloud.rpn" "-" - - 100.96.2.10:443 100.96.3.1:32972 lzs.dev10.int.str.cloud.rpn [2019-12-15T15:11:02.705Z] "GET /static/vendor/js/popper.min.js?v=6f92ce56053866194ae5937012c1bec40f1dd1d9 HTTP/2" 404 NR "-" "-" 0 0 0 - "100.96.3.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:70.0) Gecko/20100101 Firefox/70.0" "dbdf2a2a-cfd3-422a-82f4-e6e466407671" "lzs.dev10.int.str.cloud.rpn" "-" - - 100.96.2.10:443 100.96.3.1:32972 lzs.dev10.int.str.cloud.rpn [2019-12-15T15:11:02.706Z] "GET /static/vendor/bootstrap-4.3.1/js/bootstrap.min.js?v=6f92ce56053866194ae5937012c1bec40f1dd1d9 HTTP/2" 404 NR "-" "-" 0 0 0 - "100.96.3.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:70.0) Gecko/20100101 Firefox/70.0" "efd95571-03e9-492d-98ff-b4910d1646d6" "lzs.dev10.int.str.cloud.rpn" "-" - - 100.96.2.10:443 100.96.3.1:32972 lzs.dev10.int.str.cloud.rpn [2019-12-15T15:11:02.706Z] "GET /static/vendor/bootstrap-4.3.1/css/bootstrap.min.css?v=6f92ce56053866194ae5937012c1bec40f1dd1d9 HTTP/2" 404 NR "-" "-" 0 0 0 - "100.96.3.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:70.0) Gecko/20100101 Firefox/70.0" "8ae04546-06cb-4ba0-8430-f04388811460" "lzs.dev10.int.str.cloud.rpn" "-" - - 100.96.2.10:443 100.96.3.1:32972 lzs.dev10.int.str.cloud.rpn [2019-12-15T15:11:02.706Z] "GET /static/css/prometheus.css?v=6f92ce56053866194ae5937012c1bec40f1dd1d9 HTTP/2" 404 NR "-" "-" 0 0 0 - "100.96.3.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:70.0) Gecko/20100101 Firefox/70.0" "70c88f5f-b582-4dd9-a2e2-47605c812344" "lzs.dev10.int.str.cloud.rpn" "-" - - 100.96.2.10:443 100.96.3.1:32972 lzs.dev10.int.str.cloud.rpn
For start I found some information about istio 1.2 that tells
Istio 1.2 has been tested with these Kubernetes releases: 1.12, 1.13, 1.14.
So if You use kubernetes 1.15 I would recommend to upgrade your istio to latest version.
About prometheus, I see You want to use prometheus helm chart, why won't You use built-in prometheus? As provided in istio documentation prometheus is enabled in versions default,demo and sds.
Based on istio remotely accessign telemetry addons You can use either secure(https) or insecure(http) option to expose prometheus.
Personally i did an insecure reproduction by following above tutorial and everything is working.
Kubernetes Version: 1.13.11-gke.14
Istio Version: 1.4.2
Steps to follow
1.Install
2.Expose prometheus
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: prometheus-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 15030
name: http-prom
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: prometheus-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- prometheus-gateway
http:
- match:
- port: 15030
route:
- destination:
host: prometheus
port:
number: 9090
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: prometheus
namespace: istio-system
spec:
host: prometheus
trafficPolicy:
tls:
mode: DISABLE
---
EOF
3.Result
EDIT
Could You try use this yaml?
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: prom-virtualservice
namespace: mon
spec:
gateways:
- de-system-gateway.ws-system.svc.cluster.local
hosts:
- lzs.dev10.int.str.cloud.rpn
http:
- match:
- uri:
prefix: /prometheus
rewrite:
uri: /graph
route:
- destination:
host: prom-prometheus-server
port:
number: 80
- match:
- uri:
prefix: /static
- uri:
regex: '^.*\.(ico|png|jpg)#x27;
route:
- destination:
host: prom-prometheus-server
port:
number: 80
EDIT2 Please add /api prefix to your second match like below
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: prom-virtualservice
namespace: mon
spec:
gateways:
- de-system-gateway.ws-system.svc.cluster.local
hosts:
- lzs.dev10.int.str.cloud.rpn
http:
- match:
- uri:
prefix: /prometheus
rewrite:
uri: /graph
route:
- destination:
host: prom-prometheus-server
port:
number: 80
- match:
- uri:
prefix: /static
- uri:
regex: '^.*\.(ico|png|jpg)#x27;
- uri:
prefix: /api
route:
- destination:
host: prom-prometheus-server
port:
number: 80
EDIT3
In your answer you separate it to two matches , why?
This link is the answer here I think, You rewrite /prometheus to /graph since it's main Prometheus url, and that's okay. But you can't rewrite /static, /api to /graph because you need those paths to grab files and metrics, if it won't match then error 404 appears.