Access the dashboard#
Introduction#
The Aspen Mesh dashboard is accessible from the aspen-mesh-controlplane
service in the istio-system
namespace in your cluster, on port 19001
. The URL to the dashboard is:
http://aspen-mesh-controlplane.istio-system.svc.cluster.local:19001
Off-cluster access#
To access the dashboard as a user off the cluster, you have these options:
Port forward: For initial testing or lab environments, it may be suitable to just port forward and access it from your desktop client.
$ kubectl port-forward --namespace istio-system \ $(kubectl get pod -n istio-system -l app=aspen-mesh-controlplane -o jsonpath='{.items[0].metadata.name}') \ 19001
$ open http://localhost:19001/
Platform-specific: Your cloud or Kubernetes platform may already have a platform-specific technique for exposing services. For instance, you may expose services by defining ingress resources. Consult your platform-specific documentation for this. If your platform will expose this on an untrusted network, please ensure your platform provides an authentication proxy.
Expose the
aspen-mesh-controlplane
service in theistio-system
namespace on port19001
. For example, an ingress specification may look like:$ kubectl apply -f - <<EOF apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: aspen-mesh-ingress namespace: istio-system annotations: # Platform-specific annotations # We recommend enabling TLS. spec: rules: - host: aspenmesh.admin.yourenvironment.com http: paths: - backend: serviceName: aspen-mesh-controlplane servicePort: 19001 EOF
Service type: LoadBalancer: Your cloud or Kubernetes platform may create an external load balancer for you if you declare a service with
type: LoadBalancer
. If your platform will expose this load balancer on an untrusted network, please ensure your platform provides an authentication proxy.Create a service with
type: LoadBalancer
, like this:$ kubectl apply -f - <<EOF apiVersion: v1 kind: Service metadata: name: aspen-mesh-controlplane-external namespace: istio-system annotations: # Platform-specific annotations # We recommend enabling TLS labels: app: aspen-mesh-controlplane spec: ports: - name: http port: 19001 protocol: TCP targetPort: http - name: grpc port: 19000 protocol: TCP targetPort: grpc selector: app: aspen-mesh-controlplane type: LoadBalancer EOF