Edgar Hernandez
Apr 8 · 5 min read

Sprint #20 reached its end — the new Kiali 0.17.0 is now available. We continue expanding Kiali. Small features, details and refinements were the focus of the work this sprint, in order to add value to the existent feature set.

Like in the previous sprint, a warning: if you upgrade Kiali from previous versions, you should re-deploy because new permissions were added to the Kiali ClusterRole.

For people who like to watch, this is the Sprint #20 video available at Kiali’s YouTube channel:

For people who like to read, read on 😉

Istio’s Policy & Telemetry configuration model is now visible

Istio’s policy and telemetry has a configuration model based on adapters and templates. All involved items of this model are now visible in Kiali’s Istio Config section.

New Wizard: Suspend traffic

In the Service details details page, there is a new wizard that allows to suspend traffic targeting a service. The wizard will let you suspend all traffic or to suspend traffic only to some of the workloads.

When suspending all traffic, a fault injection rule will be created. Else, a weighted traffic rules will be created.

Matching Wizard now allows to select multiple workloads for each rule

Matching wizard was introduced on Kiali 0.16 (previous sprint) but it only allowed to select one workload for each rule. The wizard has been improved and now you can select multiple workloads.

If, for example, you would like to do load balancing given the user, you could create the following:

In this example, one rule is missing to not block the reviews service to all other users who aren’t maria nor jdoe. I let you try the wizard to add this missing rule 😉

Repeated notifications unified

Kiali logs errors, warnings and other messages in the notification pane. Previously, every single notification created a new item in the pane. Now, repeated notifications will be unified and a counter will let you know how many times the notification has happened.

Graph TLS indication improved when mutual TLS is enabled mesh-wide

The “Security” option of the graph shows lock icons on edges where traffic is happening over secure connections. Previously, when mTLS is enabled mesh-wide, turning on this option was leading to a graph with lock icons on all (or most) edges. Now, you will see open-lock icons on edges where traffic is happening over insecure connections.

If mTLS is not enabled mesh-wide, the graph will display closed-lock icons as normally.

Summary of response codes in graph edges

In the graph, when you select an edge, there is a new Response Codes tab available in the side panel. For HTTP connections, this will show a summary of the HTTP response codes that have happened on that connection.

It will also show flags, if any. Placing the cursor over the flags will show a tooltip with its meanings.

Read the dedicated Response Flags post written by Jay Shaughnessy to know more about this feature.

New validations for mutual TLS and RBAC

Istio has a feature to setup authorization for HTTP services (RBAC). Validations to some of the RBAC Istio entities have been added to check that:

  • ServiceRoleBinding entities point to existent ServiceRole entities
  • ServiceRole entities are created under the right namespace
  • Services specified in ServiceRole entities exist in the mesh

Regarding mTLS, this sprint validations were added for the case when mTLS policy is configured namespace-wide (Kiali already has validations when mTLS in enabled mesh-wide). The invalid configurations that validations try to find are:

  • Namespace Policy requires mTLS, but there is no DestinationRule enabling mTLS
  • Namespace Policy requires mTLS, but DestinationRule disables it
  • MeshPolicy requires mTLS, but namespace DestinationRule disables it

If any of these cases are found, a warning or error will be shown in Istio Config section of Kiali.

New Traffic tab for Services

The traffic tab was introduced in previous sprints for Workloads and Applications. For consistency over Kiali pages, the Traffic tab was added to the Service details pages, replacing the Source Workloads tab.

Filter and sort using mTLS status in Overview page

This doesn’t need more explanation. The title says it all 😃

New expanded view in the Overview page

In the previous image (of the previous point) you can see that the cards are different. What you can see in that image is the new “expanded” view of the cards. You can switch between the expanded and the compact view using the Compact and Expand toggle buttons at the right of the toolbar. For reference, this is the compact view that was already available previously:

…and much more

Remember that Kiali is on GitHub and you can see the list of all Kiali back-end and Kiali front-end changes for Sprint #20. You will find all kind of things we work on: from features to bugs, and also typos.

If you haven’t used Kiali, give it a try and tell us if you like it! Check out the Getting started guide available in our website.

Also, check out the recent Observe your Service Mesh with Kali post published in AWS Open Source blog. This reading can help you to install and try Kiali if you are using Amazon EKS.

Finally, an invitation to follow us on Twitter. Stay in touch!


Service Mesh Observability

Thanks to Alissa Bonas and Thomas Heute

Edgar Hernandez

Written by



Service Mesh Observability

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade