# Exercise 2: Expose Istio Ingress gateway The following procedures are platform specific and work with a **"standard classic"** Kubernetes Cluster provided by the IBM Cloud Kubernetes Service (IKS) on the IBM Cloud. > If you are using a VPC based or a free ("Lite") Kubernetes Cluster on the IBM Cloud or another Cloud provider or something like Minikube, the following sections will **not** work! When you install Istio on a Kubernetes Cluster on IBM Cloud, the Istio Ingress is created with a Kubernetes service of type LoadBalancer -- this is called a Network Load Balancer or NLB on IBM Cloud. A "floating" IP address is assigned to it through which it can be reached on the public Internet. ![](/files/-MIO2AYiu_sr2JDW7IGe) In this section we will assign a subdomain DNS entry for this IP address so that the Istio Ingress can be accessed using a URL. ## Automated setup ### Step 1: Ensure you exported the `$MYCLUSTER` variable ```bash echo $MYCLUSTER ``` If this isn\`t the case run, following commands: * Copy your cluster name from the output ```bash ibmcloud ks cluster ls ``` * Export the `$MYCLUSTER` variable ```bash export MYCLUSTER=your_pre_provisioned_clustername ``` ### Step 2: Execute following script ```bash cd $ROOT_FOLDER bash IKS/istio-setup-ingress-gateway.sh ``` Example output: ```bash ... OK NLB hostname was created as harald-uebele-k8s-fra05-***-0001.us-south.containers.appdomain.cloud ------------------------------------------------------------------------ Ingress-URL: harald-uebele-k8s-fra05-***-0001.us-south.containers.appdomain.cloud Cluster Name: harald-uebele-k8s-fra05 ... ``` ### Step 3: Create a `$INGRESSURL` variable for later usage Insert your `YOUR_INGRESSURL` value. ```bash export INGRESSURL=YOUR_INGRESSURL echo $INGRESSURL ``` ## FYI: Manual setup The following steps show the manual steps of the automated setup. This is just for your information, you don't need to run them! ### Step 1: Get public IP When we install Istio on our pre-provisioned Kubernetes Clusters on IBM Cloud, the Istio Ingress is created with a Kubernetes service of type LoadBalancer and is assigned a "floating" IP address through which it can be reached on the public Internet. You can determine this address with the following command: ```bash cd $ROOT_FOLDER/IKS kubectl get svc -n istio-system | grep istio-ingressgateway ``` Output for example: ```bash istio-ingressgateway LoadBalancer 172.21.213.52 149.***.131.*** 15020:31754/TCP,... ``` ### Step 2: Save public IP address Our Ingress gateway is in fact of type LoadBalancer, the second IP address of the example `149.***.131.***` is the external (public) IP address. We need this public IP address in the next command. ```bash export INGRESSGATEWAYIP=149.***.131.*** ``` ### Step 3: Create a DNS subdomain To create a DNS subdomain -- `a URL` -- for the Ingress gateway use the following command: ```bash echo $MYCLUSTER ibmcloud ks nlb-dns create classic --cluster $MYCLUSTER --ip $INGRESSGATEWAYIP ``` ![](/files/-MUmynYzKqmUiUIpjNAZ) The new subdomain will have the form `[cluster name]-[globally unique hash]-[sequence].[region].containers.appdomain.cloud`. The output should look like this: ```bash OK NLB hostname was created as harald-uebele-k8s-fra05-********************-0001.eu-de.containers.appdomain.cloud ``` ### Step 4: Save DNS subdomain as $INGRESSURL This will be the URL we will use later to access Keycloak and our sample application. Copy the URL and paste it into an environment variable: ```bash export INGRESSURL=harald-uebele-k8s-fra05-********************-0001.eu-de.containers.appdomain.cloud ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ibm-developer.gitbook.io/get-started-with-security-for-your-java-microservi/setup-the-ibm-cloud-application-environment/setup_istio_ingress.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.