I'm testing this now. I'm curious why these are removed... there must have been a reason :) But with them removed, all the kiali options are useless and you never get kiali installed if you use these hack scripts to start a MC demo.

After running hack/istio/multicluster/install-primary-remote.sh I now see kiali:

$ kubectl --context east get pods -n istio-system -l app=kiali
NAME                     READY   STATUS    RESTARTS   AGE
kiali-7b556f99cf-gjhsv   1/1     Running   0          3m37s

But I cannot port forward and access it - the login process attempts to redirect to the openid endpoint http://localhost/kiali/api/auth/openid_redirect that doesn't exist.

Looking at the logs of the script while it was installing, I see some errors as it tries to update some kiali things:

(Helm: Chart=[kiali-server], Release=[kiali-server], Version=[1.83.0])
service/kiali patched
service/kiali condition met
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0curl: (6) Could not resolve host: realms
curl: (6) Could not resolve host: admin
curl: (6) Could not resolve host: admin
clusterrolebinding.rbac.authorization.k8s.io/kiali-testing-user created
clusterrole.rbac.authorization.k8s.io/kiali created
clusterrolebinding.rbac.authorization.k8s.io/kiali-testing-user created
Switched to context "west".

I think the errors occur in here: https://github.com/kiali/kiali/blob/v1.83.0/hack/istio/multicluster/deploy-kiali.sh#L139-L152

Same thing with the other script - only this time it exits immediately when the error occurs:

INFO: A remote cluster secret named [kiali-remote-cluster-secret-west] has been created in the Kiali cluster namespace [istio-system]. It can be used by Kiali to access the remote cluster.
Release "kiali-server" does not exist. Installing it now.
NAME: kiali-server
LAST DEPLOYED: Thu Apr 25 14:03:24 2024
NAMESPACE: istio-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Welcome to Kiali! For more details on Kiali, see: https://kiali.io

The Kiali Server [v1.83.0] has been installed in namespace [istio-system]. It will be ready soon.

(Helm: Chart=[kiali-server], Release=[kiali-server], Version=[1.83.0])
service/kiali patched
service/kiali condition met
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:10 --:--:--     0curl: (6) Could not resolve host: realms
curl: (6) Could not resolve host: admin

All CI checks are passing, so the changes to this PR do not affect the CI setup / scripts. That's a good thing. I will try to figure out how to clear up those errors and get this to work so people can run the MC hack scripts and get a MC demo running locally with Kiali.

KEYCLOAK_ADDRESS is an empty string when the deploy-kiali.sh is being called... I believe that's the problem. We need that set correctly and hopefully that fixes the problem

@nrfox What should KEYCLOAK_ADDRESS be when on minikube?

Based on what I see, our deploy-kiali.sh is not even being used anymore anywhere. I put the code back to invoke it again, but it can't run because KEYCLOAK_ADDRESS is an empty string.

I think if I find out what KEYCLOAK_ADDRESS is supposed to be, we can set it and it should be back to working.

I'm curious how people are actually using these MC hack scripts to use a MC environment without having Kiali even deployed?

I'm testing this now. I'm curious why these are removed... there must have been a reason

I think if you add back the deploy-kiali.sh call then you will end up trying to deploy Kiali twice when running kind since that script is called here:

And later kiali is deployed here:

I'm curious how people are actually using these MC hack scripts to use a MC environment without having Kiali even deployed?

Personally I just use kind because that is what CI uses and it is the easiest to setup and consumes the least amount of resources. Which might mean that minikube isn't well supported if other folks are not running it.

@nrfox What should KEYCLOAK_ADDRESS be when on minikube?

This is where keycloak address comes from in the kind setup:

@jmazzitelli I think if you run these separately it might still work on minikube:

hack/istio/multicluster/install-multi-primary.sh -mm true -kudi true
hack/istio/multicluster/deploy-kiali.sh --single-kiali true --cluster1-context east --cluster2-context west --kiali-auth-strategy openid --keycloak-address keycloak-192-168-39-130.nip.io

./hack/istio/multicluster/install-multi-primary.sh results in:

hack/istio/multicluster/install-primary-remote.sh results in: