Kiali 2.0 for Istio

6 min read Original article ↗

Kiali 2.0 for Istio

Jay Shaughnessy

It’s been seven+ years and Istio Service Mesh is still on the rise. And for nearly as long the Kiali project has been developed alongside, to supply a world class console for Istio. Istio continues to evolve and so we’ve decided that now is the right time, with Istio Ambient emerging, to make a major version change. So, let me introduce a few key changes for Kiali 2.0.

Configuration

Important changes in the Kiali CR.

Discovery Selectors

If you have configured Kiali then you are likely aware of our fairly complex way of defining “Accessible Namespaces”. The set of namespaces that Kiali knows about and can present to the user, is currently the result of all of these settings:

  • deployment.accessible_namespaces
  • api.namespaces.exclude
  • api.namespaces.include
  • api.namespaces.label_selector_exclude
  • api.namespaces.label_selector_include

Getting it right, including things like regex expressions, could be daunting. In Kiali 2.0 they have all been retired in favor of the same mechanism used by Istio to limit namespace scope: Discovery Selectors. And by the way, if you don’t use these in Istio then you may want to, it can narrow what the control plane has to do. In short, these are Kubernetes Label Selectors that define the set of namespaces, based on labels, that Kiali will care about.

NOTE: If you have customized Kiali’s accessible namespaces in 1.x, then this is a breaking change and you will need to update configuration when updating to Kiali 2.x.

For more details, see Namespace Management on kiali.io.

External Service URLs

Another configuration pain point has been how to define the URLs for Kiali’s Grafana and Tracing external services. In Kiali 2.0 we’ve deprecated:

  • external_service.grafana.in_cluster_url
  • external_service.grafana.url
  • external_service.tracing.in_cluster_url
  • external_service.tracing.url

And renamed them to:

  • external_service.grafana.internal_url
  • external_service.grafana.external_url
  • external_service.tracing.internal_url
  • external_service.tracing.external_url

The Traffic Graph

Undoubtedly one of Kiali’s key features, the traffic graph has gotten a face lift.

PatternFly Topology (PFT)

Kiali has always been written using PatternFly UI components. But when Kiali originated, PatternFly did not have a Topology component. And so we successfully implemented the graph using Cytoscape. Cytoscape has been great, but it has not been seamless to have a large non-PatternFly component embedded inside Kiali. We’ve been waiting for PFT to mature, and we believe it’s now ready to take over as our default graph implementation. It’s got a more modern look and feel, and has really nice support for dark mode:

Press enter or click to view image in full size

We really hope you like it, but for those with separation issues the Cytoscape graph will still be available via configuration option, although deprecated.

Istio Ambient

With the upcoming release of Istio v1.24, Istio Ambient will likely start seeing more robust use. Ambient presents some challenges to the traffic graph visualization. There are two major reporters of traffic telemetry: ztunnel and waypoints. TCP/L4 telemetry is reported by ztunnel, and unlike sidecar telemetry, which reported protocol-specific telemetry, ztunnel reports for all traffic. Waypoints (which are proxies) report HTTP/L7 telemetry. Furthermore, for an HTTP request from A->B, the waypoint (WP) will report the A->B traffic, but ztunnel will also report A->WP and WP->B. The end result is that it’s easier than ever to have a very busy graph, even for a fairly simple mesh, and especially if you want to peek into the Ambient infrastructure. In Kiali 2.0 the Traffic Dropdown lets you control what you see related to Ambient

For example, by selecting only Waypoint Ambient telemetry, you can get a Bookinfo graph that looks pretty similar to your classic sidecar graph:

Press enter or click to view image in full size

But as shown in the dropdown image above, you could also select only ztunnel Ambient telemetry. This, combined with the new Show Waypoints feature in the Display menu, gives you a good look at the ztunnel-waypoint interaction:

Press enter or click to view image in full size

Note that non-Ambient proxy telemetry, like the gateway above, still shows up and gives us the HTTP edges from the gateway to productpage-v1 app.

One more feature you may notice above is that some of edges involving the waypoint are now bi-directional. This is to simplify waypoint graphing, because there is often to/from ztunnel traffic between the waypoint and another node:

Press enter or click to view image in full size

Note the side-panel allows you to easily swap the edge direction, when selected.

For more details see Istio Ambient Mesh on kiali.io.

The Mesh Graph

Although not brand new in Kiali 2.0, the Mesh page has been recently introduced, and has been upgraded quickly, with a lot of hardening and multi-cluster support additions for v2.0.

Savvy Kiali users may have already noticed the use of PatternFly Topology for this new mesh visualization. For those that have yet to see it, this page aims to complement the Traffic Graph. Where the Traffic Graph shows the requests flowing through the mesh, this topology shows your mesh infrastructure: Istiod control planes, data planes, Kiali instances, and other Add-On components. You can view configuration, versions, health, relationships, various metrics, etc. There is multi-cluster support and also views into revisions and canary-upgrades:

Press enter or click to view image in full size

Press enter or click to view image in full size

Press enter or click to view image in full size

We’ll be rolling out more features into the mesh page, if you have ideas about what you’d like it to do, please drop us a note.

And More…

Those are the heavy hitters in Kiali 2.0. But of course there’s plenty more:

  • Performance and scale improvements
  • Multi-cluster deployment model enhancements
  • Gateway API 1.2 support
  • Improved Tempo support
  • Kiali Extension support
  • Partial Chinese localization
  • And a bunch of important fixes

Istio on Red Hat OpenShift…

Kiali is an open source project and our goal is to improve the experience of all Istio users. But considering that all of the full time Kiali maintainers work for Red Hat, we also hope you’ll consider Istio on Red Hat OpenShift. OpenShift includes OpenShift Service Mesh (OSSM), a fully supported Istio distribution, and OSSM 3.0 will be out soon. It also includes supported versions of Kiali and OSSMC, the Kiali-powered OpenShift plugin, which is also better than ever with Kiali 2.0:

Press enter or click to view image in full size

OSSM Console Plugin

Thanks for using Istio with Kiali. If you have questions or ideas please find us on the Istio Slack #kiali channel, or open a discussion at Kiali Github. And if you have the desire, we would love to have you as a contributor, or even as a maintainer!