Access the dashboard#

Introduction#

The Aspen Mesh dashboard is accessible from the aspen-mesh-controlplane service in the istio-system namespace in your cluster, on port 19001. The URL to the dashboard is:

http://aspen-mesh-controlplane.istio-system.svc.cluster.local:19001

Off-cluster access#

To access the dashboard as a user off the cluster, you have these options:

  • Port forward: For initial testing or lab environments, it may be suitable to just port forward and access it from your desktop client.

    $ kubectl port-forward --namespace istio-system \
        $(kubectl get pod -n istio-system -l app=aspen-mesh-controlplane -o jsonpath='{.items[0].metadata.name}') \
        19001
    
    $ open http://localhost:19001/
    
  • Platform-specific: Your cloud or Kubernetes platform may already have a platform-specific technique for exposing services. For instance, you may expose services by defining ingress resources. Consult your platform-specific documentation for this. If your platform will expose this on an untrusted network, please ensure your platform provides an authentication proxy.

    Expose the aspen-mesh-controlplane service in the istio-system namespace on port 19001. For example, an ingress specification may look like:

    $ kubectl apply -f - <<EOF
    apiVersion: networking.k8s.io/v1beta1
    kind: Ingress
    metadata:
      name: aspen-mesh-ingress
      namespace: istio-system
      annotations:
        # Platform-specific annotations
        # We recommend enabling TLS.
    spec:
      rules:
      - host: aspenmesh.admin.yourenvironment.com
        http:
          paths:
          - backend:
              serviceName: aspen-mesh-controlplane
              servicePort: 19001
    EOF
    
  • Service type: LoadBalancer: Your cloud or Kubernetes platform may create an external load balancer for you if you declare a service with type: LoadBalancer. If your platform will expose this load balancer on an untrusted network, please ensure your platform provides an authentication proxy.

    Create a service with type: LoadBalancer, like this:

    $ kubectl apply -f - <<EOF
    apiVersion: v1
    kind: Service
    metadata:
      name: aspen-mesh-controlplane-external
      namespace: istio-system
      annotations:
        # Platform-specific annotations
        # We recommend enabling TLS
      labels:
        app: aspen-mesh-controlplane
    spec:
      ports:
      - name: http
        port: 19001
        protocol: TCP
        targetPort: http
      - name: grpc
        port: 19000
        protocol: TCP
        targetPort: grpc
      selector:
        app: aspen-mesh-controlplane
      type: LoadBalancer
    EOF