This step-by-step guide shows how to use Istio to easily expose your Kubernetes dashboard to users and administrators of your cluster. But first, an introduction to Istio and the advantages it offers for managing cluster communications.

What Is Istio?

Istio is a platform-agnostic service mesh for managing traffic, enforcing policies, and collecting telemetry data. This open platform uses a service mesh to decouple service and network functions. A service function determines how to implement business logic, while a network function determines the traffic routing to service functions. 

In traditional environments, most service calls occur on monolithic platforms and require no networking. In a microservices architecture, inter-service communication occurs over a network, and services must handle this traffic. A service mesh handles network traffic by abstracting functions, which can manage communications without being implemented for every application. Service meshes also reduce the network’s operational complexity by providing secure channels for communication between services, traffic management, load balancing, and out-of-the-box monitoring capabilities.

Reasons You Need Istio in Your Kubernetes Clusters

Istio provides the following crucial capabilities for managing clusters.

• Traffic Management

Istio provides traffic routing rules to help control API calls and inter-service traffic. It simplifies the configuration of service properties (i.e., timeouts, retries, and circuit breakers), letting you easily set up A/B testing, staged rollouts, or canary deployments. Istio’s reliability features help make applications resilient against network and service failures.  

Traffic management in Istio uses Envoy proxies deployed alongside each service, processing all ingoing and outgoing communications. 

• Security

Segmenting an application into multiple services enables increased agility, scalability, and service reusability. Microservices require special protections such as traffic encryption, mutual TLS, granular access policies, and monitoring tools.  

Istio provides comprehensive API security capabilities to protect services in any location. It can mitigate external and insider threats by securing your endpoints, data, and communications. Istio’s security features offer robust identity, policy, encryption, authentication, and authorization. It aims to secure applications by default with multiple defense layers and zero trust networking. 

• Monitoring

Istio provides observability by generating telemetry data for all inter-service communications. This data lets you track service behavior to troubleshoot and optimize your applications. It helps you understand how services interact with Istio components and other services.  

Istio telemetry includes metrics, distributed traces, and access logs. This data provides insights into service performance and keeps a record for auditing purposes. 

• Scalability

Istio lets you manage microservices while scaling, providing traffic control features, and isolating the proxy layer that handles service requests. It enhances infrastructure performance by forwarding data from proxies to the central dashboard. Istio can tolerate ambiguous outages in the network, enabling the infrastructure to self-heal.  

In Kubernetes, Istio can help you manage large microservices-based applications, providing advanced traffic routing to handle increases in requests. It helps optimize data flows to maintain high application performance. A service mesh allows DevOps teams to programmatically deploy applications and infrastructure, enabling network and security management as code. 

What Is the Kubernetes Dashboard?

The Kubernetes Dashboard is a web UI for Kubernetes that lets you deploy containerized applications to Kubernetes clusters, manage cluster resources, and troubleshoot applications. It can also provide an overview of the applications running on a particular cluster, allowing you to create or modify individual Kubernetes resources (i.e., deployments, daemon sets, jobs). For example, you can use the deployment wizard to scale deployments, initiate rolling updates, restart pods, or deploy a new application. The Kubernetes Dashboard also provides information about the health of Kubernetes resources in a given cluster, including data on errors.

Exposing the Kubernetes Dashboard with Istio Service Mesh

Users can install their Kubernetes dashboard application on a Kubernetes cluster. Services on a cluster can be deployed by employing the Istio Ingress Gateway offered by Istio Service Mesh. The following steps show how to expose the Kubernetes dashboard with Istio. 

Step 1: Build a New Gateway and VirtualService for the Dashboard 

In this code, we  create a new Gateway:   

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: k8sdashboard-gateway
  namespace: kubernetes-dashboard
spec:
  selector:
    # Using istio default ingress gateway
    istio: ingressgateway 
  servers:
 —port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: PASSTHROUGH
    hosts:
   —k8sdashboard.example.com

The PASSTHROUGH TLS mode, as specified in the above gateway manifest file, enables the gateway to forward the ingress traffic while not interrupting the TLS. 

Now we create a new VirtualService:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  hosts:
 —k8sdashboard.example.com
  gateways:
 —k8sdashboard-gateway
  http:
  tls:
 —match:
   —port: 443
      sniHosts:
     —k8sdashboard.example.com
    route:
   —destination:
        host:  kubernetes-dashboard.kubernetes-dashboard.svc.cluster.local
        port:
          number: 443