Kiali releases 1.31 to 1.33 — enhanced logs viewer, revised health indicators, multi-cluster enhancements
Hello, community! In this new post I’m covering the feature updates in the latest three Kiali versions. I can’t believe it’s been three releases since my last post, which was about 2 months ago. Time flies! This means a slightly larger post. So, let’s go directly to the content.
The live feature update presentations happened as scheduled. Here are the recordings:
- Kiali v1.31 update — about 21 minutes long
- Kiali v1.32 update — about 16 minutes long
- Kiali v1.33 update — about 42 minutes long
In the last post, I commented that Lucas Ponce was going to do a Kiali presentation on the IstioCon event. In case you missed it, here is the recording of the presentation:
It lasts about two and a half hours. It is based on the Tutorial available in Kiali’s website. This is a good recording to watch if you want to see how several Kiali features work.
Alright, let’s start with the written feature updates.
Focus animation when going back from node to full graph
A short video works better to show the focus animation:
The focus animation is the growing and shrinking circle, with the aim to provide some sense of location. It isn’t new, it is present when you use the Show full graph option of the mini-graph card in the detail page of an Application, Workload or Service.
As you can see in the animation, while you are in the Graph page, if you double-click on a node, the graph will show a focused view that we like to refer as the node graph. Then, you can go back to the full graph using the back-arrow in the toolbar. The focus animation is now also rendering in this case to also provide some sense of location.
Navigation from mini-graph to node graph
The detail pages (either of an Application, Workload or a Service) is showing a Graph Overview card which the Kiali teams tend to refer it as the “mini-graph”. It was introduced in Kiali version 1.15.
It has a Kebab menu with a Show full graph option that lets you navigate to the main Graph page. This Kebab menu has a new Show node graph option:
This new option will also do a navigation to the main graph page. The key difference is that the new option will show the node graph of the object that you are inspecting, rather than the graph of the whole namespace. As an example, this is what you would see for the productpage-v1 workload of the bookinfo demo application:
This will let you take advantage of the Graph page features while keeping focus in your node of interest.
Navigation from graph side panel namespace validations indicator to Istio config list
In the graph page, if you don’t have any node selected, or you have a namespace box selected, the graph side panel will show some data of the namespaces in the graph. There is a small indicator which shows the status of Istio objects validations. It is now possible to click on this indicator and you will navigate to the Istio Config list page. If the indicator is showing a warning or error status, the list will have filters applied to only show items with problems:
Multi-cluster support enhancements
Discovery of other Kiali instances has been added. This is visible in the Mesh page that was introduced in version 1.29. There is a new Kiali column in the table of this page:
The Kiali column has the “namespace / service name” format. For example, in the previous image, there were discovered two clusters in the mesh and Kiali is installed in the istio-system namespace in both clusters.
The text in this column can be a hyperlink to let you jump to any of the discovered Kiali instances. For this to happen, it’s required that you set the external/public URL in the Kiali CR and also the external/public HTTP schema. If you have this setup, the graph page will also take advantage of this configuration and will let you jump to specific pages on the remote Kiali instances when using the context menu:
Also, links in the side panel have this same behavior:
Now that you are seeing some screenshots of the graph, notice that boxes denoting clusters have a new gray color. The screenshots are not showing it, but also boxes denoting namespaces were changed to a gray color. There was a UX review of these boxes (introduced in v1.29) and the conclusion was that colors were too distracting. So, colors were replaced with gray tones. I think this leads to a cleaner look, don’t you?
A kindly reminder that, at the moment, Kiali is focusing on supporting the “Multi-primary on different networks” multi-cluster setup.
Health terminology rename: “Not ready” status instead of “Idle”
The “Idle” terminology that was being used previously in Health status was confusing. In the Cambridge dictionary, one of the definitions of idle is “not working or being used”.
Telling that an application is Idle may lead into thinking that the application is not receiving any traffic nor doing any work. However, the Health indicators were using idle to denote that the workload is scaled down to zero replicas. It’s understandable that using the Idle word may lead to confusion.
The health indicators are now using Not Ready instead of Idle. The Not Ready terminology is closer to statuses used in Kubernetes.
“Not Ready” status in the Istio components status indicator
Similarly to the previous point, the Istio Component Status indicator will show Not Ready if an Istio component is scaled down to zero replicas. Previously, it was showing a Healthy status.
Envoy metrics dashboard enabled by default
Kiali has a feature named Custom Dashboards, which allow you to build customized screens with charts, in case your applications are exposing custom metrics and are being scraped by Prometheus.
The Kiali operator provides some predefined dashboards. One of them is the Envoy dashboard:
These are metrics exposed by Envoy, which is used in Istio sidecars. Because the Envoy metrics are typically available, it made sense to have this specific Envoy dashboard enabled by default.
Kiali-operator reconciliation status in the Kiali CR
The Kiali operator does several things to install Kiali. Sometimes, it takes a few minutes until reconciliation is finished and it was hard to know the status of the reconciliation without looking at the logs of the Kiali operator pod.
To improve experience, the Kiali operator is now writing its progress to the
Status part of the Kiali CR that is being reconciled:
$ kubectl describe kiali -n kiali-operator
Accessible Namespaces: **
Last Transition Time: 2021-04-14T22:23:14Z
Message: Running reconciliation
Message: 10. Creating core resources
Message you can see the step number followed by a description of current status. At the time of writing there are about 17 steps until you see
17. Finished . It could be more or less steps, depending of your environment and specified options in the Kiali CR.
Support for ServiceEntry creation in Istio Config
Support for creating ServiceEntries was added to Kiali. You can find this option under the Actions drop-down of the Istio Config page:
A new form will appear asking for the properties of the Service Entry.
Consistently show closed-lock icons for mTLS connections in the graph
This is a usability review. The graph can show lock icons, depending on the mTLS status of the connections:
Previously, the lock icon shown was tied to the Istio’s global mTLS configuration. If mTLS was globally OFF, graph was showing closed-lock icons to denote the secured connections. If mTLS was globally ON, graph was showing open-lock icons to denote the insecure connections.
Community users reported this as a confusing behavior. This motivated the change to always show closed-lock icons on secure connections and no icon on insecure connections, regardless of the global mTLS configuration.
As a note, in the Find and Hide text boxes on graph toolbar you can use the “mtls” and “!mtls” expressions to highlight or hide edges based on the mTLS status of connections. The behavior of these expressions is unchanged and serve a similar purpose.
Enhanced Logs tab
In the Workload detail page, the Logs tab will let you see the pod logs of the workload. Previously, the Logs tab was a two-pane view. Now, this view is unified in a single pane that shows logs from all selected containers in a pod and will be interleaved, if possible:
You can see that there is some color coding to let you differentiate containers. If the workload is part of the service mesh, the pods will usually have the sidecar container in addition to any other container defined in the workload. The logs of the sidecar container will have a gold color. In the screenshot, notice there is a small ℹ️ icon at the beginning of the sidecar container logs. Since the structure of Envoy proxy logs is known, you can click on this ℹ️ icon and Kiali will show a dialog with a breakdown:
Links from Overview page to Grafana
If you are using Grafana, Istio offers a set of pre-configured dashboards that show some important metrics about the mesh. You can now access these Grafana dashboards in the Overview page, by opening the Kebab menu of the Istio namespace:
The links to Grafana dashboards will be available once you correctly setup the URL of your Grafana instance in the Kiali CR.
Azure RBAC support in the OpenID authentication strategy
Some time ago, Kiali’s OpenID authentication strategy was included to cover the increasing users need to provide authentication through their existent systems that support OpenID. Kiali is also offering RBAC support for cases where it’s possible to configure the Kubernetes cluster and integrate it with the OpenID provider.
However, Azure AKS and Azure AD is a special case, because it is possible to integrate these two services and use Kubernetes RBAC over Azure AD identities, yet it wasn’t possible for Kiali to take advantage of this integration to use RBAC within Kiali.
Fortunately, Kulbhusanazad (a user from the community) helped us into figuring out what is needed to use this integration between Azure services and starting Kiali v1.33 it is possible to use Kiali in an “AKS-managed AAD” cluster and take advantage of RBAC.
Some special configuration is required, which are mentioned in the documentation at Kiali’s website.
Contextual help for Missing sidecar message
In any of the Applications, Workloads or Services list pages you may get a Missing sidecar message under the Details column. A tool-tip was added for better insight:
This is a small enhancement for better in-app help, which is usually quite handy.
Partial support for Istio’s Canary installs
When there is the need to upgrade Istio to a new version, it is possible to do a Canary upgrade. During the upgrade, the new Istio version is installed with a revision, which adds suffixes to the names of installed Istio objects (Deployment, ConfigMaps, etc.).
Although Kiali still doesn’t fully support the transient state when there are two Istio Control planes installed, some changes were made for Kiali to work decently. Once you uninstall the old Istio control plane, issues should go away.