Authentication Strategies
Choosing and configuring the appropriate authentication strategy.
The pages in this Configuration section describe most available options for managing and customizing your Kiali installation.
Unless noted, it is assumed that you are using the Kiali operator and that you are managing the Kiali installation through a Kiali CR. The provided YAML snippets for configuring Kiali should be placed in your Kiali CR. For example, the provided configuration snippet for setting up the Anonymous authentication strategy is the following:
spec:
auth:
strategy: anonymous
You will need to take this YAML snippet and apply it to your Kiali CR. As an example, an almost minimal Kiali CR using the previous configuration snippet would be the following:
apiVersion: kiali.io/v1alpha1
kind: Kiali
metadata:
namespace: kiali-namespace
name: kiali
spec:
istio_namespace: istio-system
deployment:
namespace: kiali-namespace
auth:
strategy: anonymous
Then, you can save the finished YAML file and apply it with kubectl apply -f
.
It is recommended that you read The Kiali CR and the Example Install pages of the Installation Guide for more information about using the Kiali CR.
Also, for reference, see Kiali CR Reference which documents all available options.
Choosing and configuring the appropriate authentication strategy.
Default selections, find and hide presets and custom metric aggregations.
Configuring additional, non-default dashboards.
Kiali’s default configuration matches settings present in Istio’s installation configuration profiles. If you are customizing your Istio installation some Kiali settings may need to be adjusted. Also, some Istio management features can be enabled or disabled selectively.
Reference page for the Kiali CR. The Kiali Operator will watch for resources of this type and install Kiali according to those resources' configurations.
Configuring the namespaces accessible and visible to Kiali.
Kiali behavior with no access to Istiod (the /debug
endpoints are not available)
Kiali data sources and add-ons.
Configuring RBAC based on the authentication strategy.
Customizing Health for Request Traffic.
Ensuring Kiali can visualize a VM WorkloadEntry.