Kiali

Overview

Kyma uses Kiali to enable validation, observe the Istio Service Mesh, and provide details on microservices included in the Service Mesh and connections between them. Kiali offers a set of dashboards and graphs that allow you to have the full Service Mesh at a glance and quickly identify problems and configuration issues. For more details about particular features, see the official Kiali documentation.

NOTE: Kiali is disabled by default in Kyma Lite (local installation). Read about custom component installation for instructions on how to enable it.

Architecture

The following diagram presents the overall Kiali architecture and the way the components interact with each other.

Kiali architecture

  1. Use the Kyma Console or direct URL to access Kiali.
  2. To ensure authentication, the Keycloak Gatekeeper checks if you have a valid token.
  3. If not, the Keycloak Gatekeeper redirects you to dex to log in.
  4. After a successful log in, you can access the Kiali service which serves the website. The service exposes an endpoint and acts as an entry point for the Kiali deployment.
  5. Kiali deployment is the central part of the solution. For it to provide the necessary functionality, the Kiali Operator reads the Kiali CR and configures the API server so it can deploy Kiali.
  6. Kiali collects the information on the cluster health from the following sources:
  • API server which provides data on the cluster state.
  • Service Mesh by analyzing metrics Prometheus scrapes from the Istio Pod.

Details

Access Kiali

You can easily access Kiali from the Kyma Console. To do so, click the Service Mesh tab in the menu on the left. Once you are authenticated, the main Kiali dashboard will show a summary of the Service Mesh status and the left side menu will offer you features such as graphs or configuration validation: Kiali menu item

Use the graphs to review the topology of the Service Mesh: Kiali menu item

Configuration

Kiali Chart

To configure the Kiali chart, override the default values of its values.yaml file. This document describes parameters that you can configure.

TIP: To learn more about how to use overrides in Kyma, see the following documents:

Configurable parameters

This table lists the configurable parameters, their descriptions, and default values:

ParameterDescriptionDefault value
server.webRootDefines the context root path for Kiali console, API endpoints, and readiness probes./
deployment.viewOnlyModeWhen set to true, Kiali is available in view-only mode, allowing you to view and retrieve management data for the Service Mesh. You cannot modify the Service Mesh.true
deployment.accessibleNamespacesSpecifies the Namespaces Kiali can access to monitor the Service Mesh components deployed there. You can provide the names using regex expressions. The default value is **(two asterisks) meaning Kiali can access any Namespace.**
deployment.resources.requests.cpuMinimum number of CPUs requested by the Kiali operator to use.10m
deployment.resources.requests.memoryMinimum amount of memory requested by the Kiali operator to use.20Mi
deployment.resources.limits.cpuMaximum number of CPUs available for the Kiali operator to use.100m
deployment.resources.limits.memoryMaximum amount of memory available for the Kiali operator to use.100Mi
deployment.kubernetes_config.qpsDefines the allowed queries per second to adjust the API server's throttling rate.50

For details on Kiali configuration and customization, see the Kiali CRD and the values file.