Skip to content

Latest commit

 

History

History
116 lines (78 loc) · 5.41 KB

README.md

File metadata and controls

116 lines (78 loc) · 5.41 KB
Raw

Install custom Kiali in Kyma

Overview

The following instructions outline how to install Kiali in Kyma.

Prerequisites

Installation

Preparation

  1. Export your Namespace as a variable. Replace the {namespace} placeholder in the following command and run it:

    export K8S_NAMESPACE="{namespace}"

  2. Export the Helm release name that you want to use. The release name must be unique for the chosen Namespace. Be aware that all resources in the cluster will be prefixed with that name. Run the following command:

    export HELM_KIALI_RELEASE="kiali"

  3. Update your Helm installation with the required Helm repository:

    helm repo add kiali https://kiali.org/helm-charts
helm repo update

Install the kiali-operator

NOTE: Kiali recommends to install Kiali always with the Kiali operator; that's why the following step uses the Kiali operator Helm chart.

Run the Helm upgrade command, which installs the chart if not present yet.

export PROM_SERVICE_NAME=$(kubectl -n ${K8S_NAMESPACE} get service -l app=kube-prometheus-stack-prometheus -ojsonpath='{.items[*].metadata.name}')
helm upgrade --install --create-namespace -n $K8S_NAMESPACE $HELM_KIALI_RELEASE kiali/kiali-operator -f https://raw.githubusercontent.com/kyma-project/examples/main/kiali/values.yaml --set cr.spec.external_services.prometheus.url=http://$PROM_SERVICE_NAME.$K8S_NAMESPACE:9090

You can either use the values.yaml provided in this kiali folder, which contains customized settings deviating from the default settings, or create your own values.yaml file.

Verify the installation

Check that the kiali-operator and kiali-server Pods have been created in the Namespace and are in the Running state:

kubectl -n $K8S_NAMESPACE rollout status deploy $HELM_KIALI_RELEASE-kiali-operator && kubectl -n $K8S_NAMESPACE rollout status deploy kiali-server

Access Kiali

To access Kiali, either use kubectl port forwarding, or expose it using the Kyma Ingress Gateway.

  • To access Kiali using port forwarding, run:

    kubectl -n $K8S_NAMESPACE port-forward svc/kiali-server 20001

    Open Kiali in your browser under http://localhost:20001 and log in with a Kubernetes service account token, for instance, from your kubeconfig file.

  • To expose Kiali using the Kyma API Gateway, create an APIRule:

    kubectl -n $K8S_NAMESPACE apply -f https://raw.githubusercontent.com/kyma-project/examples/main/kiali/apirule.yaml

    Get the public URL of your Kiali server:

    kubectl -n $K8S_NAMESPACE get vs -l apirule.gateway.kyma-project.io/v1beta1=kiali.$K8S_NAMESPACE -ojsonpath='{.items[*].spec.hosts[*]}'

Deploy a custom workload and invoke

To see the service communication visualized in Kiali, follow the instructions in orders-service.

Advanced Topics

Integrate Jaeger

If you use Jaeger for distributed tracing, Kiali can use your Jaeger instance to provide traces.

For integration instructions, read Kiali: Jaeger configuration.

Integrate Grafana

Kiali can provide links to Istio dashboards in Grafana.

For integration instructions, read Kiali: Grafana configuration.

Authentication

Kiali supports different authentication strategies. The default authentication strategy uses a Kubernetes Service Account Token. If you use a kubeconfig file with a static token, you can use this token to authenticate. Depending on your preferred way to access Kiali, different authentication strategies might be suitable. To learn more about Kiali authentication strategies, read Kiali: Authentication Strategies.

  • For Kiali access by port forwarding, you need no additional authentication, and you can activate the anonymous strategy: 
    helm upgrade --install --create-namespace -n $K8S_NAMESPACE $HELM_KIALI_RELEASE kiali/kiali-operator --set cr.spec.auth.strategy=anonymous -f https://raw.githubusercontent.com/kyma-project/examples/main/kiali/values.yaml
  • When exposing the Kiali server over the ingress gateway, we recommend to use an external identity provider compatible with OpenID Connect (OIDC). Find the required settings at Kiali: OpenID Connect strategy.

Cleanup

When you're done, you can remove the example and all its resources from the cluster.

  1. Remove the stack by calling Helm:

    helm delete -n $K8S_NAMESPACE $HELM_KIALI_RELEASE
kubectl -n $K8S_NAMESPACE delete -f https://raw.githubusercontent.com/kyma-project/examples/main/kiali/apirule.yaml

  2. If you created the $K8S_NAMESPACE Namespace specifically for this tutorial, remove the Namespace:

    kubectl delete namespace $K8S_NAMESPACE