Kyma uses Kiali to enable validation, observe the Istio Service Mesh, and provide details on microservices included in the Service Mesh and connections between them. Kiali offers a set of dashboards and graphs that allow you to have the full Service Mesh at a glance and quickly identify problems and configuration issues. For more details about particular features, see the official Kiali documentation.

NOTE: Kiali is disabled by default in Kyma Lite (local installation). Read about custom component installation for instructions on how to enable it.


The following diagram presents the overall Kiali architecture and the way the components interact with each other.

Kiali architecture

  1. Use the Kyma Console or direct URL to access Kiali.
  2. To ensure authentication, the Keycloak Gatekeeper checks if you have a valid token.
  3. If not, the Keycloak Gatekeeper redirects you to dex to log in.
  4. After a successful log in, you can access the Kiali service which serves the website. The service exposes an endpoint and acts as an entry point for the Kiali deployment.
  5. Kiali collects the information on the cluster health from the following sources:
  • API server which provides data on the cluster state.
  • Service Mesh by analyzing metrics Prometheus scrapes from the Istio Pod.


Access Kiali

You can easily access Kiali from the Kyma Console. To do so, click the Service Mesh tab in the menu on the left. Once you are authenticated, the main Kiali dashboard will show a summary of the Service Mesh status and the left side menu will offer you features such as graphs or configuration validation: Kiali menu item

Use the graphs to review the topology of the Service Mesh: Kiali menu item


Kiali Chart

To configure the Kiali chart, override the default values of its values.yaml file. This document describes parameters that you can configure.

TIP: To learn more about how to use overrides in Kyma, see the following documents:

Configurable parameters

This table lists the configurable parameters, their descriptions, and default values:

ParameterDescriptionDefault value
kiali.spec.server.web_rootDefines the context root path for Kiali console, API endpoints, and readiness probes./
kiali.spec.deployment.view_only_modeWhen set to true, Kiali is available in view-only mode, allowing you to view and retrieve management data for the Service Mesh. You cannot modify the Service Mesh.true
kiali.spec.deployment.accessible_namespacesSpecifies the Namespaces Kiali can access to monitor the Service Mesh components deployed there. You can provide the names using regex expressions. The default value is **(two asterisks) meaning Kiali can access any Namespace.**
kiali.spec.deployment.resources.requests.cpuMinimum number of CPUs requested by the Kiali Deployment to use.10m
kiali.spec.deployment.resources.requests.memoryMinimum amount of memory requested by the Kiali Deployment to use.20Mi
kiali.spec.deployment.resources.limits.cpuMaximum number of CPUs available for the Kiali Deployment to use.100m
kiali.spec.deployment.resources.limits.memoryMaximum amount of memory available for the Kiali Deployment to use.100Mi
kiali.spec.kubernetes_config.qpsDefines the allowed queries per second to adjust the API server's throttling rate.50

For more details on Kiali configuration and customization, see the values.yaml file.