Catching up on Kiali’s Sprint updates

Edgar Hernandez
Jan 19 · 11 min read

The new 2020 year has started, and on Jan 13th Sprint #33 finished and the first Kiali release of the year was rolled out: version 1.12!

It’s been a while with no Kiali end-of-sprint posts. The last one of 2019 was on September 4th for the Sprint #27. Why did these posts stop? In short: the team was busy. The longer explanation is that Kiali project is not only about coding and developing features. The team also gives talks at conferences, universities and local communities; we have talks with users to collect feedback; we explore other offerings to see how service mesh is used and how we can improve observability; we also take vacations 😃; etc. My apologies for this pause, but we hope that time we invested in other areas is to build a better Kiali.

During these past five months there have been 6 sprints and 8 minor releases (Sprints #28 and #30 had two minor releases). About the recorded demos, only three are available:

There was no demo for Sprint #28; those features were shown in the demo of Sprint #29. Unfortunately, the demo of Sprint #29 was not recorded due to technical issues. Also, there was no demo for Sprint #33 and these features will be shown in the upcoming the demo of Sprint #34 (hopefully, this time no technical issues will prevent to record).

OK, after my slightly longer introduction, let’s start with the features. The list is also somewhat longer because it includes features from Sprint #28 to #33.

Basic multi-cluster support

Starting in Kiali 1.5 (Sprint #28), basic support for Istio’s multi-cluster was incorporated.

Istio supports three major multi-cluster scenarios: replicated control plane, single-network shared control plane, and multi-network shared control plane. Also, there is one experimental simplified installation.

For now, Kiali supports only the replicated control plane scenario. Under this setup, Istio needs to be installed on each cluster you want to be part of the service mesh. Like Istio, you need to install Kiali on each cluster you want to observe (no difference than the single-cluster case).

Auto enable graph options when using find/hide

The find and hide features let you highlight or hide nodes and edges of the graph, given a criteria. This let you focus better on elements of the graph that may be interesting.

Sometimes you may want to use a search criteria using attributes that are not enabled in the graph, thus not visible. For convenience, when this happens, the relevant options of the toolbar will be auto-enabled, if available.

This was released in Kiali 1.5 (Sprint #28.)

Custom Grafana Monitoring Dashboards

If you have Grafana available in your Istio installation and Kiali’s Grafana configuration is in place, you may have seen that in the metrics tabs of the detail pages of applications, workloads and services there is a small link to view the available metrics in the Grafana dashboards provided by Istio.

If you have set up your own Grafana dashboard that better suits you needs, you may configure Kiali to show a link to your custom dashboard.

Unfortunately, there are no docs yet. But in the GitHub issue #1268 requesting the feature there is a comment that you can check to have an idea on how to configure your custom dashboard.

This was released in Kiali 1.5 (Sprint #28.)

TCP badging for mTLS

This is kind-of a bug fix. Istio is capable of securing TCP connections with the mTLS feature. However, Kiali wasn’t correctly showing which connections were secured for the TCP case. Kiali was fixed and the badges on the edge are being displayed:

This was released in Kiali 1.6 (Sprint #28.)

Requested hosts information in side panel

When your services make requests to external hosts, depending on your configurations, Istio may block the requests, may route the requests because of a ServiceEntry, or may route it through the Istio’s PassthroughCluster.

Istio stores in telemetry the hostnames of the requested external services. Kiali can now show this information in the graph’s side panel in the Hosts tab:

This was released in Kiali 1.6 (Sprint #28.)

New look of the graph

Through this post, the previous screenshots and videos of Kiali are using the old look of the graph. This was on purpose, so that when you reach these lines I can say “Hey, check out the new look of the Kiali graph:”

The shapes of the nodes have increased sizes and some shapes are now rounded; node labels are box-enclosed and have a shadow, and labels of group boxes are gray; badging is nicer (this is the icons indicating VirtualServices, missing sidecars and others); and there are other improvements. See the animated image and compare with the old look. I hope you find it better 😉

The first iteration of the new look was released in Kiali 1.6 (Sprint #28) and was refined subsequently.

Service Entries in traffic tab

Service entries were missing in the traffic tab of the detail pages of workloads and apps. This was leading to incomplete data when compared against the graph. So, these entities were added to the traffic tab:

Please note, that ServiceEntries items are not present in the detail pages for Services because it’s not applicable. Even in the graph, Services shouldn’t have outgoing connections to ServiceEntries; only workloads and apps should.

This was released in Kiali 1.6 (Sprint #28.)

Kiali operator supporting phase 4 capabilities

Operators are classified in one of five maturity levels. Each maturity level defines a set of capabilities that operators should support:

Up to version 1.6, the Kiali operator was at Phase I maturity. Starting at Kiali 1.7 (Sprint #29), seamless upgrades support was added to the Kiali operator reaching Phase II maturity.

Since Kiali has been exposing metrics since verion 0.16.0 and does not use any kind of storage, Kiali was already in compliance with Phase IV. So, in Kiali 1.9.1 (Sprint #30) the Kiali operator was moved directly to Phase IV in OperatorHub.

Envoy dashboard

Istio’s Envoy sidecars expose some internal statistics and Kiali is now offering the possibility to see them:

The Envoy dashboard is available in the Application and Workload details pages. It’s disabled by default. You need to enable this dashboard per pod by adding a envoy annotation.

The website has a section with a short documentation of this feature.

This was released in Kiali 1.8 (Sprint #30.)

Caching at back-end is now available

In previous versions of Kiali, there were some attempts to enable caching of Kubernetes resources in order to improve performance, but differences between the supported platforms (OpenShift and Kubernetes) made this a difficult task. Starting at Kiali 1.8 (Sprint #30) caching is available, but is disabled by default. If you want to try the caching for some performance improvement, you need to set cache_enabled: true in the operator CRD. Read the relevant options in the sample CR of the operator to check the available configuration.

Caching works only for a set of CRDs which we think are the most used through the Kiali codebase, or the ones that cause long queries.

Migration to PatternFly 4 is finished

In Kiali version 1.10 (Sprint #31) the PatternFly 3 library was pulled off the Kiali codebase. This marked the end of the PatternFly 4 migration. There may be some remnants from PatternFly3, like some old styles or unneeded classes, but this will be cleaned on a best effort basis; i.e. when people find that old and unneeded code.

Mutual TLS in wizards

A new Mutual option in the TLS dropdown was added to all wizards present in the service details page.

This option is unrelated to Istio’s mutual TLS. If you are protecting your services with your own certificates (thus, you are not using Istio’s certificate authority), this option lets you easily configure the traffic policy rules to enable mutual TLS.

This was released in Kiali 1.10 (Sprint #31.)

Referenced objects in Istio Config YAML view

In Kiali’s main navigation bar you will find the Istio Config entry which shows a list of Istio’s CRDs instances. Kiali performs some validations on the Istio objects to check for potential configuration problems. If Kiali shows a validation issue for an Istio CRD, you can go the YAML tab of its details page. At the right of the YAML editor, when possible, the Validation references card will list Istio CRD instances that are related to the validation issue:

This was added with the aim to provide a quick navigation to the referenced entities and make easier to find any Istio misconfiguration that may be causing validation warnings or errors.

This was released in Kiali 1.10 (Sprint #31.)

Istio configuration validations in graph and overview pages

Kiali has been offering health indicators for some time in several pages, which aim to give insight about ongoing issues in the service mesh. However, validations of Istio configuration were available only in the Istio Config pages.

Since a misconfiguration of Istio may also result in unexpected behaviors in the mesh, an indicator showing the validation results of Istio configurations was added to the Overview page:

The same indicator is also available in the Graph’s namespace side panel (shown when no node is selected in the graph):

This was released in Kiali 1.10 (Sprint #31.)

Headers presence rule in Matching Routing wizard

Istio does not provide a header presence operator on VirtualServices to route traffic, but this can be achieved using a regular expression. It was thought that the header presence rule would be handy, so this option was added in the Matching Routing wizard which will translate the “presence” to a regex rule.

This was released in Kiali 1.11 (sprint #32.)

New Token strategy to log into Kiali

Long time ago, there were efforts to bring multi-user and multi-tenancy capabilities to Kiali. Since the beginning, the idea was to use the RBAC of the cluster. The focus was first on OpenShift and, although the resulting implementation has been good, it was not fully compatible with plain Kubernetes.

After some small experiments, we learned that the most incompatible part was the authentication mechanism. So, a new token strategy for logging in was implemented. This is similar to the login view of the Kubernetes dashboard: you are expected to provide a Service Account token to log into Kiali and this will enable RBAC features of the cluster to restrict what actions can be done in Kiali.

There is a small limitation that you can read of in our website.

This was released in Kiali 1.11 (sprint #32.)

Graph bottom toolbar with better active item styles

The bottom toolbar of the graph has a button group to choose a graph layout. This is how it looked:

In the image, the active button of the group is the first of the left. The highlighting was so subtle that it could be hard to identify which one is the active button. To improve this, the icon of the active button is now blue:

This was released in Kiali 1.11 (sprint #32).

Added support for AuthorizationPolicies CRD

Istio 1.4 added an AuthorizationPolicies CRD. Thus, Kiali followed up and this CRD is available in the Istio Config page:

Also, given that the number of items of the filtering drop-down has grown, its items are now sorted alphabetically for better usability.

This was released in Kiali 1.12 (Sprint #33.)

Jaeger spans in metrics

This is a very nice feature! If Kiali is properly configured for Jaeger integration, taking advantage of it, the metrics tabs can now retrieve Jaeger spans and show them together with metrics:

The Jaeger spans are not visible by default. You can display them by clicking the relevant item in the chart’s legend. To better show how Kiali is displaying the Jaeger spans, this is a screenshot with the spans disabled:

Hopefully, this feature will enable some correlation between traces and metrics to ease diagnosis of issues in the service mesh.

This was released in Kiali 1.12 (Sprint #33.)

Container version in the about box

Most of the time, all parts of Kiali (front-end, back-end, containers and operator) are released together and versions of all parts match. However, from time to time some releases have required patches in one of the parts.

When patches are released, the version of one or more of the parts may not match. The about dialog of Kiali has available the front-end (UI) and back-end (Server) versions listed. We found that we also needed to show the container version for the cases where only a rebuild of the container images is needed. Thus, this was added:

This was released in Kiali 1.12 (Sprint #33.)


And that’s it! Now, I’m ready to re-start with the usual per-sprint post to comment about the new features.

How many of these features did you identify by yourself? I hope you were aware of all these features. If not, this is a good opportunity to ask for feedback: please leave a comment either in this post or in our mailing list and tell us how to better communicate the new features. It would be great if you could find all features just by using the UI, and suggestions are very welcome to achieve this.

Please note that, as usual, this post is showing the most relevant features.

I finish with the usual reminder to try Kiali if you haven’t used it. To learn how, check out the Getting started guide available in our website. Follow us on Twitter!


Service Mesh Observability

Thanks to Julie Stickler, Lucas Ponce, Xavier Canal, Alissa Bonas, and Jay Shaughnessy

Edgar Hernandez

Written by



Service Mesh Observability

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade