Kiali releases 1.66 to 1.70: Features update

Hello Community. Since my last post the Kiali project has released five more versions. Four of five live presentations are recorded and posted on Kiali channel:

Kiali v1.66 updates — about 12 mins long

Kiali v1.67 updates — about 22 mins long

Kiali v1.68 updates — about 5 mins long

Kiali v1.70 updates — about 8mins long

And here we have listed the highlighted improvements in Kiali for recent releases:

Multi-cluster

Multi-cluster functionality support in Kiali has been increased to include areas such as Applications, Workloads, Services and Istio Config List and Details pages.

Primary-remote mode is supported when the Control Plane is installed in one of the clusters. And this environment installation can be done using hack scripts in the Kiali repository.

Primary-remote support

In all the list pages, a new ‘Cluster’ column appears when Multi-cluster environment is setup. The lists can be sorted by ‘Cluster’ column.

Workloads list

Applications list

Detail pages are showing a ‘cluster’ label.

Workload details

Also the Overview page is modified to show the cluster badge for all namespaces. The namespace card shows health calculations of remote clusters.

Overview page

The cluster name is propagated in metrics and graph for remote nodes.

Added contextual menus for remote clusters in graphs.

Graph page

Graph node labeling

Istio config lists are showing valdations for configs from remote clusters, as well as from the local cluster.

Config validations for remote cluster objects

Istio config objects from remote clusters are editable and can also be modified in wizards.

Remote cluster Istio config objects are editable

More information about Multi-cluster can be found in this Blog entry and these Demo videos.

Kiali and Istio Ambient

In an Ambient profile of Istio installation, the ‘ztunnel’ and ‘waypoint proxy’ components are replacing Sidecar. In the Kiali side this support is also added and will be released all together with Istio v1.18.

In the Overview page, the namespaces now have “Ambient” labeling:

‘Ambient’ labeling on Namespace cards

Workload details page also comes with labeling.

‘ztunnel’ labeling on Workload

And in the list of workloads, for Deployments not using a Sidecar and in a namespace without a Waypoint proxy, it now shows “Out of mesh” labeling.

For Deployments in namespaces that are using a Waypoint proxy, the appropriate labeling is shown.

‘Waypoint Proxy’ and ‘Out of mesh’ labels.

List Page Data Toggles

A new optional feature is described in the Kiali to configure the loading of several information in list pages. So, for the performance improvement reasons, the Health, Validations and Details columns loading can be skipped. This feature by default is disabled and can be enabled in Kiali CR’s “kiali_feature_flags” section.

Configurable toggles in lists

Cluster Wide Access

A new setting was added in Kiali CR: “deployment.cluster_wide_access”. When setting this to “true”, the operator will create a ClusterRole and give cluster permissions to the server. This allows the server to have more efficient caching. When setting this to “false”, the operator will create a role for each namespace specified in “deployment.accessible_namespaces”; thus the Kiali server will only have access to those namespaces.

Note that the “deployment.accessible_namespaces” has a new default — it is now what was previously called “[**]” — that is, all namespaces in the cluster. You cannot set this new “cluster_wide_access” setting to “false” if you leave “deployment.accessible_namespaces” unset because this new default of accessible_namespaces indicates all namespaces in the cluster should be accessible.

Discovery Selectors

The Kiali Server will now utilize Istio’s discovery selectors to help it decide which namespaces should be made available to the user. The discovery selectors are found in the Istio ConfigMap’s “discoverySelectors” field.

If Istio does not define any discovery selectors, the Kiali Server will make all namepaces in the cluster available to the user.

Note that if “deployment.accessible_namespaces” is set, the Kiali server will only make those namespaces available to the user.

You can use “deployment.accessible_namespaces” and Istio discovery selectors together. If both are specified, a namespace must match the discovery selectors and be in the list of accessible namespaces in order for that namespace to be available to the user.

Wrap up

These are the main features I wanted to highlight in this post. Feel free to share your thoughts about what type of information you want to see in future posts. And, as always, we appreciate any ideas and feedback about Kiali features.

Remember that Kiali is OpenSource and you can contribute to build a better project! It would be nice if you also contribute with written content in Kiali’s Medium publication!