From 7cc15303f549b90e362e06aba625ecad73984065 Mon Sep 17 00:00:00 2001 From: Nick Nellis Date: Tue, 2 Mar 2021 08:22:17 -0600 Subject: [PATCH 01/17] migrated chart from upstream --- .gitlab-ci.yml | 4 + CHANGELOG.md | 8 + CODEOWNERS | 1 + CONTRIBUTING.md | 22 + README.md | 13 + chart/Chart.yaml | 20 + chart/Kptfile | 11 + chart/crds/crds.yaml | 38 + chart/templates/NOTES.txt | 30 + chart/templates/_helpers.tpl | 56 ++ chart/templates/bigbang/virtualservice.yaml | 16 + chart/templates/clusterrole.yaml | 286 +++++++ chart/templates/clusterrolebinding.yaml | 16 + chart/templates/deployment.yaml | 89 ++ chart/templates/kiali-cr.yaml | 19 + chart/templates/serviceaccount.yaml | 15 + chart/values.yaml | 877 ++++++++++++++++++++ tests/test-values.yml | 5 + 18 files changed, 1526 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 CHANGELOG.md create mode 100644 CODEOWNERS create mode 100644 CONTRIBUTING.md create mode 100644 chart/Chart.yaml create mode 100644 chart/Kptfile create mode 100644 chart/crds/crds.yaml create mode 100644 chart/templates/NOTES.txt create mode 100644 chart/templates/_helpers.tpl create mode 100644 chart/templates/bigbang/virtualservice.yaml create mode 100644 chart/templates/clusterrole.yaml create mode 100644 chart/templates/clusterrolebinding.yaml create mode 100644 chart/templates/deployment.yaml create mode 100644 chart/templates/kiali-cr.yaml create mode 100644 chart/templates/serviceaccount.yaml create mode 100644 chart/values.yaml create mode 100644 tests/test-values.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..6e9f482 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,4 @@ +include: + - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates' + ref: master + file: '/templates/package-tests.yml' diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..5b7767a --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,8 @@ +# Changelog + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + + +### Changed +- Copied default CR file into values.yaml from here https://github.com/kiali/kiali-operator/blob/v1.28/deploy/kiali/kiali_cr.yaml + diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..6e7ca18 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @nick_tetrate diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..dd0eeba --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,22 @@ +# Contributing + +Thanks for contributing to this repository! + +This repository follows the following conventions: + +* [Semantic Versioning](https://semver.org/) +* [Keep a Changelog](https://keepachangelog.com/) +* [Conventional Commits](https://www.conventionalcommits.org/) + +Development requires the Kubernetes CLI tool as well as a local Kubernetes cluster. [k3d](https://k3d.io) is recommended as a lightweight local option for standing up Kubernetes clusters. + +To contribute a change: + +1. Create a branch on the cloned repository +2. Make the changes in code. +3. Write tests using [cypress](https://www.cypress.io) and [Conftest](https://conftest.dev) +4. Make commits using the [Conventional Commits](https://www.conventionalcommits.org/) format. This helps with automation for changelog. Update `CHANGELOG.md` in the same commit using the [Keep a Changelog](https://keepachangelog.com). Depending on tooling maturity, this step may be automated. +5. Open a merge request using one of the provided templates. If this merge request is solving a preexisting issue, add the issue reference into the description of the MR. +6. During this time, ensure that all new commits are rebased into your branch so that it remains up to date with the `main` branch. +7. Wait for a maintainer of the repository (see CODEOWNERS) to approve. +8. If you have permissions to merge, you are responsible for merging. Otherwise, a CODEOWNER will merge the commit. diff --git a/README.md b/README.md index e69de29..791ad59 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,13 @@ +# Kiali + +Istio UI, chart. + +Originaly sourced from [upstream](), and minimally modified. + +## Upstream Changes + + + +## Iron Bank + +You can `pull` the registry1 image(s) [here](https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fistio-1.7%2Foperator-1.7) and view the container approval [here](https://ironbank.dso.mil/ironbank/repomap/opensource/istio-1.7). \ No newline at end of file diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 0000000..9f6bb6e --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: kiali-operator +description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. +version: 1.28.0-bb.0 +appVersion: 1.28.0 +home: https://github.com/kiali/kiali-operator +maintainers: +- name: Kiali + email: kiali-users@googlegroups.com + url: https://kiali.io +keywords: +- istio +- kiali +- operator +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png diff --git a/chart/Kptfile b/chart/Kptfile new file mode 100644 index 0000000..def29ed --- /dev/null +++ b/chart/Kptfile @@ -0,0 +1,11 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +metadata: + name: kiali-operator +upstream: + type: git + git: + commit: 850b7287d1bd38efb59674b6c06fe57b7f5796cf + repo: git@github.com:kiali/helm-charts + directory: /kiali-operator + ref: v1.28.0 diff --git a/chart/crds/crds.yaml b/chart/crds/crds.yaml new file mode 100644 index 0000000..4a73bd3 --- /dev/null +++ b/chart/crds/crds.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kialis.kiali.io +spec: + group: kiali.io + names: + kind: Kiali + listKind: KialiList + plural: kialis + singular: kiali + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt new file mode 100644 index 0000000..4f22052 --- /dev/null +++ b/chart/templates/NOTES.txt @@ -0,0 +1,30 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Operator [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +{{- if .Values.cr.create }} + {{- if or (and (not .Values.watchNamespace) (not .Values.cr.namespace)) (and (.Values.watchNamespace) (eq .Values.watchNamespace .Release.Namespace)) (and (.Values.cr.namespace) (eq .Values.cr.namespace .Release.Namespace)) }} +You have elected to install a Kiali CR in the same namespace as the operator [{{ .Release.Namespace }}]. You should be able to access Kiali soon. + +================================ +PLEASE READ THIS WARNING NOTICE: +Because the Kiali CR lives in the same namespace as the operator, DO NOT uninstall the operator or delete the operator namespace without first removing the Kiali CR. If you do not follow this advice then the Kiali Operator deletion will hang indefinitely until you remove the finalizer from the Kiali CR, and then you may find your Kubernetes environment still has Kiali Server remnants left behind. +================================ + {{- else if .Values.watchNamespace }} +You have elected to install a Kiali CR in the operator watch namespace [{{ .Values.watchNamespace }}]. You should be able to access Kiali soon. + {{- else if .Values.cr.namespace }} +You have elected to install a Kiali CR in the namespace [{{ .Values.cr.namespace }}]. You should be able to access Kiali soon. + {{- else }} +You have elected to install a Kiali CR. You should be able to access Kiali soon. + {{- end }} +{{- else }} + {{- if (not .Values.watchNamespace) }} +You have elected not to install a Kiali CR. You must first install a Kiali CR before you can access Kiali. The operator is watching all namespaces, so you can create the Kiali CR anywhere. + {{- else }} +You have elected not to install a Kiali CR. You must first install a Kiali CR in the operator watch namespace [{{ .Values.watchNamespace }}] before you can access Kiali. + {{- end }} +{{- end }} + +If you ever want to uninstall the Kiali Operator, remember to delete the Kiali CR first before uninstalling the operator to give the operator a chance to uninstall and remove all the Kiali Server resources. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl new file mode 100644 index 0000000..fb0da69 --- /dev/null +++ b/chart/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-operator.labels" -}} +helm.sh/chart: {{ include "kiali-operator.chart" . }} +app: {{ include "kiali-operator.name" . }} +{{ include "kiali-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali-operator" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + diff --git a/chart/templates/bigbang/virtualservice.yaml b/chart/templates/bigbang/virtualservice.yaml new file mode 100644 index 0000000..4f39f8e --- /dev/null +++ b/chart/templates/bigbang/virtualservice.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: kiali + namespace: {{ .Release.Namespace }} +spec: + hosts: + - "{{ .Values.cr.spec.server.address }}" + gateways: + - main.{{ .Release.Namespace }}.svc.cluster.local + http: + - route: + - destination: + port: + number: {{ .Values.cr.spec.server.port | default "20001" }} + host: kiali.{{ .Release.Namespace }}.svc.cluster.local diff --git a/chart/templates/clusterrole.yaml b/chart/templates/clusterrole.yaml new file mode 100644 index 0000000..45441a6 --- /dev/null +++ b/chart/templates/clusterrole.yaml @@ -0,0 +1,286 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-operator.fullname" . }} + labels: + {{- include "kiali-operator.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - events + - persistentvolumeclaims + - pods + - serviceaccounts + - services + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: [""] + resources: + - namespaces + verbs: + - get + - list + - patch +- apiGroups: [""] + resources: + - secrets + verbs: + - create + - list + - watch +- apiGroups: [""] + resourceNames: + - kiali-signing-key + resources: + - secrets + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["apps"] + resources: + - deployments + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["monitoring.coreos.com"] + resources: + - servicemonitors + verbs: + - create + - get +- apiGroups: ["apps"] + resourceNames: + - kiali-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: ["kiali.io"] + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["rbac.authorization.k8s.io"] + resources: + {{- if or (and (.Values.cr.create) (has "**" .Values.cr.spec.deployment.accessible_namespaces)) (.Values.clusterRoleCreator) }} + - clusterrolebindings + - clusterroles + {{- end }} + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["apiextensions.k8s.io"] + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: ["networking.k8s.io"] + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["oauth.openshift.io"] + resources: + - oauthclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["config.openshift.io"] + resources: + - clusteroperators + verbs: + - list + - watch +- apiGroups: ["config.openshift.io"] + resourceNames: + - kube-apiserver + resources: + - clusteroperators + verbs: + - get +- apiGroups: ["console.openshift.io"] + resources: + - consolelinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +# The permissions below are for Kiali itself; operator needs these so it can escalate when creating Kiali's roles +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - patch + {{- end }} +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - patch + {{- end }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - patch + {{- end }} +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - create + - delete + - patch + {{- end }} +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - patch + {{- end }} +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - create + - delete + - patch + {{- end }} +... diff --git a/chart/templates/clusterrolebinding.yaml b/chart/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..6f24e9e --- /dev/null +++ b/chart/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-operator.fullname" . }} + labels: + {{- include "kiali-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-operator.fullname" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "kiali-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io +... diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml new file mode 100644 index 0000000..d8ac57b --- /dev/null +++ b/chart/templates/deployment.yaml @@ -0,0 +1,89 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "kiali-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + name: {{ include "kiali-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + # required for the operator SDK metric service selector + name: {{ include "kiali-operator.fullname" . }} + {{- include "kiali-operator.labels" . | nindent 8 }} + annotations: + prometheus.io/scrape: {{ .Values.metrics.enabled | quote }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-operator.fullname" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + containers: + - name: operator + image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }} + args: + - "--zap-level=info" + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + env: + - name: WATCH_NAMESPACE + value: {{ .Values.watchNamespace | default "\"\"" }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_NAME + value: {{ include "kiali-operator.fullname" . }} + - name: ANSIBLE_DEBUG_LOGS + value: {{ .Values.debug.enabled | quote }} + - name: ANSIBLE_VERBOSITY_KIALI_KIALI_IO + value: {{ .Values.debug.verbosity | quote }} + - name: ANSIBLE_CONFIG + {{- if .Values.debug.enableProfiler }} + value: "/opt/ansible/ansible-profiler.cfg" + {{- else }} + value: "/etc/ansible/ansible.cfg" + {{- end }} + {{- if .Values.env }} + {{- toYaml .Values.env | nindent 8 }} + {{- end }} + ports: + - name: http-metrics + containerPort: 8383 + - name: cr-metrics + containerPort: 8686 + {{- if .Values.resources }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- end }} + volumes: + - name: runner + emptyDir: {} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} +... diff --git a/chart/templates/kiali-cr.yaml b/chart/templates/kiali-cr.yaml new file mode 100644 index 0000000..2c79786 --- /dev/null +++ b/chart/templates/kiali-cr.yaml @@ -0,0 +1,19 @@ +{{ if .Values.cr.create }} +--- +apiVersion: kiali.io/v1alpha1 +kind: Kiali +metadata: + {{- if .Values.watchNamespace }} + namespace: {{ .Values.watchNamespace }} + {{- else if .Values.cr.namespace }} + namespace: {{ .Values.cr.namespace }} + {{- end }} + name: {{ .Values.cr.name }} + labels: + {{- include "kiali-operator.labels" . | nindent 4 }} +annotations: + ansible.operator-sdk/verbosity: {{ .Values.debug.verbosity | quote }} +spec: + {{- toYaml .Values.cr.spec | nindent 2 }} +... +{{ end }} diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml new file mode 100644 index 0000000..53638b3 --- /dev/null +++ b/chart/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-operator.labels" . | nindent 4 }} +{{- if .Values.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} +- name: {{ . }} +{{- end }} +{{- end }} +... diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 0000000..2a7839d --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,877 @@ +nameOverride: "" +fullnameOverride: "" + +image: + repo: registry1.dso.mil/ironbank/opensource/kiali-operator + tag: 1.28.1 + pullPolicy: IfNotPresent + pullSecrets: [] + +# Deployment options for the operator pod. +nodeSelector: {} +podAnnotations: {} +env: [] +tolerations: [] +resources: {} +affinity: {} +replicaCount: 1 +priorityClassName: "" + +# metrics.enabled: set to true if you want Prometheus to collect metrics from the operator +metrics: + enabled: true + +# debug.enabled: when true the full ansible logs are dumped after each reconciliation run +# debug.verbosity: defines the amount of details the operator will log (higher numbers are more noisy) +# debug.enableProfiler: when true (regardless of debug.enabled), timings for the most expensive tasks will be logged after each reconciliation loop +debug: + enabled: true + verbosity: "1" + enableProfiler: false + +# Defines where the operator will look for Kial CR resources. "" means "all namespaces". +watchNamespace: "" + +# Set to true if you want the operator to be able to create cluster roles. This is necessary +# if you want to support Kiali CRs with spec.deployment.accessible_namespaces of '**'. +# Note that this will be overriden to "true" if cr.create is true and cr.spec.deployment.accessible_namespaces is ['**']. +clusterRoleCreator: true + +# Set to true if you want to allow the operator to only be able to install Kiali in view-only-mode. +# The purpose for this setting is to allow you to restrict the permissions given to the operator itself. +onlyViewOnlyMode: false + +# For what a Kiali CR spec can look like, see: +# https://github.com/kiali/kiali-operator/blob/master/deploy/kiali/kiali_cr.yaml +cr: + create: true + name: kiali + # If you elect to create a Kiali CR (--set cr.create=true) + # and the operator is watching all namespaces (--set watchNamespace="") + # then this is the namespace where the CR will be created (the default will be the operator namespace). + namespace: "" + + spec: + server: + address: kiali.bigbang.dev + deployment: + accessible_namespaces: + - '**' + # Taken from https://github.com/kiali/kiali-operator/blob/v1.28/deploy/kiali/kiali_cr.yaml + ################################################################### + # kiali_cr.yaml + # + # This is a fully documented Kiali custom resource yaml file. + # It can be used to tell the Kiali Operator to install Kiali. + # + # This is actually an empty Kiali CR, however, it provides + # documentation on all available settings. + # In each documented section, you will see a "---" marker; + # below that marker you will see the names of the settings along + # with their default values. If the setting is not defined by + # default, its name will be prefixed with "#". + ################################################################### + + ########## + # --- + # additional_display_details: + # - title: "API Documentation" + # annotation: "kiali.io/api-spec" + # icon_annotation: "kiali.io/api-type" + # + # A list of additional details that Kiali will look for in annotations and display, for every workload and service, in their respective details pages. + # It can typically be used to inject some CI metadata or documentation links into Kiali views. + # Each item in the list is an object with "annotation", "title" and "icon_annotation" fields to indicate which annotation Kiali needs to look for, and how it should be displayed. + # "icon_annotation" is optional and would display an icon next to the text. + # At the moment, the value of the icon annotation can only be one of "rest", "grpc" or "graphql"; otherwise, it is ignored. + # By default, these settings recognize API Documentation links via annotation "kiali.io/api-spec" and icon-annotation "kiali.io/api-type". + # For example, it would make Kiali recognize these annotations in a service or a workload definition (Deployment, StatefulSet, etc.) to display the appropriate link and text: + # annotations: + # kiali.io/api-spec: http://link/to/my/doc + # kiali.io/api-type: rest + # Should you change this setting for your own custom annotations, keep in mind that it would override the current default. + # So you would have to copy the "API Documentation" setting as shown above if you want to preserve these links. + + ########## + # Tag used to identify a particular instance/installation of the Kiali server. + # --- + # installation_tag: "" + + ########## + # The namespaces where individual Istio components are installed. + # If left empty, it is assumed all Istio components are installed in the + # defined istio_namespace. If a component is not listed here, it is + # assumed that component is installed in istio_namespace. For example: + # istio_component_namespaces: + # prometheus: prom-ns + # means Prometheus is installed in the namespace "prom-ns" but all other + # Istio components are installed in the namespace defined in istio_namespace. + # --- + # istio_component_namespaces: {} + + ########## + # The namespace where Istio is installed. If left empty, it is assumed to be the + # same namespace as where Kiali is installed (i.e. deployment.namespace). + # Note that if you install some Istio components in other namespaces, specify + # that component's namespace in istio_component_namespaces. + # --- + # istio_namespace: "" + + ########## + # The version of the Ansible playbook to execute in order to install that version of Kiali. + # If not specified, a default version of Kiali will be installed which will be the most recent release of Kiali. + # The currently allowed values for this setting are: "default", "v1.0", "v1.12", "v1.24" + # Refer to this file to see where these values are defined in the master branch: + # https://github.com/kiali/kiali-operator/tree/master/playbooks/default-supported-images.yml + # + # This version setting affects the defaults of the deployment.image_name and + # deployment.image_version settings. See the comments for those settings + # below for additional details. But in short, this version setting will + # dictate which version of the Kiali image will be deployed by default. + # Note that if you explicitly set deployment.image_name and/or + # deployment.image_version you are responsible for ensuring those settings + # are compatible with this setting (i.e. the Kiali image must be compatible + # with the rest of the configuration and resources the operator will install). + # + # See the Kiali documentation to determine which of these versions support + # the version of Istio you are installing Kiali with. + # + # --- + # version: "default" + + ########## + # --- + # api: + # + # Allows for controlling what namespaces/projects are returned by Kiali. + # + # 'exclude' is optional and takes a list of namespaces to be excluded from the list + # of namespaces provided by the API and UI. Regex is supported. This does not affect + # explicit namespace access. + # + # 'label_selector' is optional and takes a string value of a Kubernetes label selector + # (e.g. "myLabel=myValue") which is used when fetching the list of available namespaces. + # This does not affect explicit namespace access. + # Note that if you do not set this but deployment.accessible_namespaces does not have the + # special "all namespaces" value of "**" then this label_selector will be set + # to a default value of "kiali.io/member-of=" where + # is the namespace where Kiali is to be installed. + # If deployment.accessible_namespaces does not have the special value of "**" + # then the Kiali operator will add a new label to all accessible namespaces - that new + # label will be this label_selector. + # + # --- + # namespaces: + # exclude: + # - "istio-operator" + # - "kube.*" + # - "openshift.*" + # - "ibm.*" + # - "kiali-operator" + # #label_selector: + + ########## + # --- + # auth: + # + # Determines what authentication strategy to use when users log into Kiali. + # Options are "anonymous", "token", "openshift", "openid", "header". + # Choose "anonymous" to allow full access to Kiali without requiring any credentials. + # Choose "token" to allow access to Kiali using service account tokens, which controls + # access based on RBAC roles assigned to the service account. + # Choose "openshift" to use the OpenShift OAuth login which controls access based on + # the individual's RBAC roles in OpenShift. Not valid for non-OpenShift environments. + # Choose "header" when Kiali is running behind a reverse proxy that will inject an + # Authorization header and potentially impersonation headers. + # Choose "openid" to enable OpenID connect based authentication. Your cluster is required to + # be configured to accept the tokens issued by your IdP. There are additional required + # configurations for this strategy. See below for the additional OpenID configuration section. + # When empty, its value will default to "openshift" on OpenShift and "token" on Kubernetes. + # --- + # strategy: "" + # + # To learn how to configure the OpenId authentication strategy, read the documentation + # at the website on https://kiali.io/documentation/latest/configuration/authentication/openid/ + # + # --- + # openid: + # api_proxy: "" + # api_proxy_ca_data: "" + # authentication_timeout: 300 + # authorization_endpoint: "" + # client_id: "" + # disable_rbac: false + # http_proxy: "" + # https_proxy: "" + # insecure_skip_verify_tls: false + # issuer_uri: "" + # scopes: ["openid", "profile", "email"] + # username_claim: "sub" + # + # The Route resource name and OAuthClient resource name will have this value as its prefix. + # This value normally should never change. The installer will ensure this value is set correctly. + # --- + # openshift: + # client_id_prefix: kiali + + ########## + # --- + # deployment: + # + # A list of namespaces Kiali is to be given access to. + # These namespaces have service mesh components that are to be observed by Kiali. + # You can provide names using regex expressions matched against all namespaces the operator can see. + # The default makes all namespaces accessible except for some internal namespaces that typically should be ignored. + # NOTE! If this has an entry with the special value of "**" (two asterisks), that will denote you want + # Kiali to be given access to all namespaces via a single cluster role (if using this special value of "**", + # you are required to have already granted the operator permissions to create cluster roles and cluster role bindings). + # --- + # accessible_namespaces: ["^((?!(istio-operator|kube.*|openshift.*|ibm.*|kiali-operator)).)*$"] + # + # Additional custom yaml to add to the service definition. This is used mainly to customize the service type. + # For example, if the deployment.service_type is set to "LoadBalancer" and you want to set the loadBalancerIP, + # you can do so here with: additional_service_yaml: { "loadBalancerIP": "78.11.24.19" }. + # Another example would be if the deployment.service_type is set to "ExternalName" you will need to configure + # the name via: additional_service_yaml: { "externalName": "my.kiali.example.com" }. + # A final example would be if external IPs need to be set: additional_service_yaml: { "externalIPs": ["80.11.12.10"] } + # --- + # #additional_service_yaml: + # + # Affinity definitions that are to be used to define the nodes where the Kiali pod should be contrained. + # See the Kubernetes documentation on Assigning Pods to Nodes for the proper syntax for these three + # different affinity types. + # --- + # affinity: + # node: {} + # pod: {} + # pod_anti: {} + # + # Names of the out-of-box custom monitoring dashboards that are to be installed. + # The custom monitoring dashboards are defined in yaml files located within the operator. + # Consult the operator templates for the custom monitoring dashboard yaml files available. + # For example, see this for the current list of yaml files available: + # https://github.com/kiali/kiali-operator/tree/master/roles/default/kiali-deploy/templates/dashboards + # These settings will determine the additional metric graphs that you will see within the Kiali UI. + # You can specify an includes and excludes list, the excludes list takes precedence. + # Each list can have fileglob wildcard characters '*' and '?' for file matching. + # --- + # custom_dashboards: + # excludes: [''] + # includes: ['*'] + # + # Determines what (if any) HorizontalPodAutoscaler should be created to autoscale the Kiali pod. + # A typical way to configure HPA for Kiali is: + # + # hpa: + # spec: + # maxReplicas: 2 + # minReplicas: 1 + # targetCPUUtilizationPercentage: 80 + # + # If "spec" is left empty, no HPA resource will be created. Otherwise, the "spec" yaml specified + # here will be placed in the created HPA resource's spec section. + # NOTE: do not specify the "scaleTargetRef" section in "spec"; the Kiali Operator will populate that for you. + # You can optionally specify a specific HPA api_version in case there is some HPA feature + # you want to use that is only supported in that specific version. + # --- + # hpa: + # api_version: "autoscaling/v2beta2" + # spec: {} + # + # Determines which Kiali image to download and install. + # If you set this to a specific name (i.e. you do not leave it as the default empty string), + # you must make sure that image is supported by the operator. + # If empty, the operator will use a known supported image name based on which "version" was defined. + # Note that, as a security measure, a cluster admin may have configured the Kiali operator to + # ignore this setting. A cluster admin may do this to ensure the Kiali operator only installs + # a single, specific Kiali version, thus this setting may have no effect depending on how the + # operator itself was configured. + # --- + # image_name: "" + # + # The Kubernetes pull policy for the Kiali deployment. + # This is overridden to be "Always" if image_version is set to "latest". + # --- + # image_pull_policy: "IfNotPresent" + # + # The names of the secrets to be used when container images are to be pulled. + # --- + # image_pull_secrets: [] + # + # Determines which version of Kiali to install. + # Choose "lastrelease" to use the last Kiali release. + # Choose "latest" to use the latest image (which may or may not be a released version of Kiali). + # Choose "operator_version" to use the image whose version is the same as the operator version. + # Otherwise, you can set this to any valid Kiali version (such as "v1.0"). + # Note that if this is set to "latest" then the image_pull_policy will be "Always". + # If you set this to a specific version (i.e. you do not leave it as the default empty string), + # you must make sure that image is supported by the operator. + # If empty, the operator will use a known supported image version based on which "version" was defined. + # Note that, as a security measure, a cluster admin may have configured the Kiali operator to + # ignore this setting. A cluster admin may do this to ensure the Kiali operator only installs + # a single, specific Kiali version, thus this setting may have no effect depending on how the + # operator itself was configured. + # --- + # image_version: "" + # + # Determines if the Kiali endpoint should be exposed externally. + # If true, an Ingress will be created if on Kubernetes or a Route if on OpenShift. + # --- + # ingress_enabled: true + # + # Determines the logger configuration. + # log_format supports text and json. + # log_level supports trace, debug, info, warn, error, fatal. + # time_field_format supports a golang time format (https://golang.org/pkg/time/) + # sampler_rate defines a basic log sampler setting as an integer. With this setting every sampler_rate-th + # message will be logged. By default, every message is logged. + # --- + # logger: + # log_level: info + # log_format: text + # sampler_rate: "1" + # time_field_format: "2006-01-02T15:04:05Z07:00" + # + # The namespace into which Kiali is to be installed. If this is empty or not defined, + # the default will be the namespace where the Kiali CR is located. + # --- + # namespace: "" + # + # A set of node labels that dictate onto which node the Kiali pod will be deployed. + # --- + # node_selector: {} + # + # Because an ingress into a cluster can vary wildly in its desired configuration, + # this setting provides a way to override complete portions of the ingress resource + # configuration (Ingress on Kubernetes and Route on OpenShift). It is up to the user + # to ensure this override YAML configuration is valid and supports the cluster environment + # since the operator will blindly copy this custom configuration into the resource it + # creates. + # This setting is not used if deployment.ingress_enabled is set to 'false'. + # Note that only 'metadata.annotations' and 'spec' is valid and only they will + # be used to override those same sections in the created resource. You can define + # either one or both. + # Example: + # override_ingress_yaml: + # metadata: + # annotations: + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # spec: + # rules: + # - http: + # paths: + # - path: /kiali + # backend: + # serviceName: kiali + # servicePort: 20001 + # --- + # #override_ingress_yaml: + # + # Custom annotations to be created on the Kiali pod. + # --- + # pod_annotations: {} + # + # Custom labels to be created on the Kiali pod. + # --- + # pod_labels: {} + # + # The priorityClassName used to assign the priority of the Kiali pod. + # --- + # priority_class_name: "" + # + # The replica count for the Kiail deployment. + # --- + # replicas: 1 + # + # Defines compute resources that are to be given to the Kiali pod's container. + # The value is a dict as defined by Kubernetes. See the Kubernetes documentation + # https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container + # --- + # resources: {} + # + # The name of a secret used by the Kiali. Reserved for future use - not currently used. + # --- + # secret_name: "kiali" + # + # Custom annotations to be created on the Kiali Service resource. + # --- + # service_annotations: {} + # + # The Kiali service type. Kubernetes determines what values are valid. + # Common values are "NodePort", "ClusterIP", and "LoadBalancer". + # --- + # #service_type: + # + # A list of tolerations which declare which node taints Kiali can tolerate. + # See the Kubernetes documentation on Taints and Tolerations for more details. + # --- + # tolerations: [] + # + # DEPRECATED - use the logger.log_level setting. + # Determines which priority levels of log messages Kiali will output. + # Typical values are "3" for INFO and higher priority, "4" for DEBUG and higher priority. + # --- + # verbose_mode: "3" + # + # Kiali resources will be assigned a "version" label when they are deployed. + # This determines what value those "version" labels will have. + # When empty, its default will be determined as follows: + # If image_version is "latest", version_label will be fixed to "master". + # If image_version is "lastrelease", version_label will be fixed to + # the last Kiali release version string. + # If the image_version is anything else, version_label will be that value, too. + # --- + # version_label: "" + # + # When true, Kiali will be in "view only" mode, allowing the user to view and retrieve + # management and monitoring data for the service mesh, but not allow the user to + # modify the service mesh. + # --- + # view_only_mode: false + + ########## + # --- + # extensions: + # + # Kiali enabled integration with Iter8 project. + # If this extension is enabled, Kiali will communicate with Iter8 controller allowing to manage Experiments and review results. + # Additional documentation https://iter8.tools/ + # --- + # iter_8: + # + # Flag to indicate if iter8 extension is enabled in Kiali + # --- + # enabled: false + + ########## + # --- + # external_services: + # + # Note about sensitive values in the external_services "auth" sections: + # Some external services configured below support an "auth" sub-section in order to tell Kiali how it should + # authenticate with the external services. Credentials used to authenticate Kiali to those external services can + # be defined in the "auth.password" and "auth.token" values within the "auth" sub-section. + # Because these are sensitive values, you may not want to declare the actual credentials here in the Kiali CR. In + # this case, you may store the actual password or token string in a Kubernetes secret. If you do, you need to + # set the "auth.password" or "auth.token" to a value in the format "secret::" where + # "" is the name of the secret object that Kiali can access, and is the name of the key + # within the named secret that contains the actual password or token string. For example, if Grafana requires a + # password, you can store that password in a secret named "myGrafanaCredentials" in a key named "myGrafanaPw". + # In this case, you would set "external_services.grafana.auth.password" to "secret:myGrafanaCredentials:myGrafanaPw". + # + # **Custom-dashboards settings: + # discovery_auto_threshold: Threshold of the number of pods, for a given Application or Workload, above which dashboards discovery will be skipped + # This setting only takes effect when discovery_enabled is set to 'auto'. + # discovery_enabled: Enable, disable or set 'auto' mode to the dashboards discovery process. If set to true, Kiali + # will always try to discover dashboards based on metrics. Note that it can generate performance penalties while + # discovering dashboards for workloads having many pods (thus many metrics). + # When set to 'auto', Kiali will skip dashboards discovery for workloads with more than a configured threshold of pods + # (see 'discovery_auto_threshold'). When discovery is disabled or auto/skipped, it is still possible to tie workloads + # with dashboards through annotations on pods (refer to the doc https://kiali.io/documentation/latest/runtimes-monitoring/#pods-annotations) + # Allowed values: true, false, auto. + # enabled: Enable or disable custom dashboards, including the dashboards discovery process. Default: true. + # is_core_component: Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning. + # namespace_label: Prometheus label name used for identifying namespaces in metrics for custom dashboards. + # Default is "kubernetes_namespace". It is quite common to use just "namespace" as well, depending on your Prometheus configuration. + # prometheus: Please check the section below about Prometheus-specific settings: they are identical. The Prometheus + # configuration defined here is dedicated to fetching custom dashboards, hence allowing to use a different instance + # of Prometheus. If omitted, the same Prometheus as for Istio metrics will be reused for custom dashboards. + # --- + # custom_dashboards: + # discovery_auto_threshold: 10 + # discovery_enabled: auto + # enabled: true + # is_core_component: false + # namespace_label: "kubernetes_namespace" + # prometheus: + # auth: + # ca_file: "" + # insecure_skip_verify: false + # password: "" + # token: "" + # type: "none" + # use_kiali_token: false + # username: "" + # url: "" + # + # **Grafana-specific settings: + # auth: authentication settings to connect to Grafana: + # ca_file: The certificate authority file to use when accessing Grafana using https. An empty string means no extra + # certificate authority file is used. Default is an empty string. + # insecure_skip_verify: Set true to skip verifying certificate validity when Kiali contacts Grafana over https. + # password: Password to be used when making requests to Grafana, for basic authentication. User only requires viewer permissions. May refer to a secret - see note above. + # token: Token / API key to access Grafana, for token-based authentication. It only requires viewer permissions. May refer to a secret - see note above. + # type: The type of authentication to use when contacting the server from the Kiali backend. Use "bearer" to send the + # token to the Grafana server. Use "basic" to connect with username and password credentials. Use "none" to not use any authentication. + # Default is "none" + # use_kiali_token: When true and if auth.type is "bearer", the same OAuth token used for authentication in Kiali will be used for the API calls to Grafana, + # and auth.token config is ignored then. + # username: Username to be used when making requests to Grafana, for basic authentication. User only requires viewer permissions. + # is_core_component: Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning. + # dashboards: A list of Grafana dashboards that Kiali can link to. Each item contains: + # name: The name of the dashboard in Grafana + # variables: + # app: The name of a variable that holds the app name, if used in that dashboard (else it must be omitted) + # namespace: The name of a variable that holds the namespace, if used in that dashboard (else it must be omitted) + # service: The name of a variable that holds the service name, if used in that dashboard (else it must be omitted) + # workload: The name of a variable that holds the workload name, if used in that dashboard (else it must be omitted) + # enabled: When true, Grafana support will be enabled in Kiali. + # in_cluster_url: Set URL for in-cluster access. Example: "http://grafana.istio-system:3000". This URL can contain query parameters if needed, such as "?orgId=1". + # url: The URL that Kiali uses when integrating with Grafana. This URL must be accessible to clients external to + # the cluster in order for the integration to work properly. If empty, an attempt to auto-discover it is made. + # This URL can contain query parameters if needed, such as "?orgId=1". + # --- + # grafana: + # auth: + # ca_file: "" + # insecure_skip_verify: false + # password: "" + # token: "" + # type: "none" + # use_kiali_token: false + # username: "" + # is_core_component: false + # dashboards: + # - name: "Istio Service Dashboard" + # variables: + # namespace: "var-namespace" + # service: "var-service" + # - name: "Istio Workload Dashboard" + # variables: + # namespace: "var-namespace" + # workload: "var-workload" + # enabled: true + # in_cluster_url: "http://grafana.istio-system:3000" + # url: "" + # + # **Istio-specific settings: + # component_status: + # enabled: Enable/Disable of istio component status into masthead indicator. It defaults to true. + # components: A list of components that Kiali will check its statuses. + # app_label: Istio component pod app label. + # is_core: Whether the component is core for your deployment. + # namespace: The namespace where the component is installed in. It defaults to the 'istio_namespace' setting. + # config_map_name: The name of the istio control plane config map. It defaults to `istio`. + # envoy_admin_local_port: The port which kiali will open to fetch envoy config data information. + # istio_identity_domain: The annotation used by Istio to identify domains. + # istio_injection_annotation: The annotation used by Istio to automatically inject a specific workload + # istio_sidecar_annotation: The pod annotation used by Istio to identify the sidecar. + # url_service_version: The Istio service used to determine the Istio version. If empty, assumes the URL for the well-known Istio version endpoint. + # --- + # istio: + # component_status: + # enabled: true + # components: + # - app_label: istiod + # is_core: true + # - app_label: istio-ingressgateway + # is_core: true + # - app_label: istio-egressgateway + # is_core: false + # config_map_name: "istio" + # envoy_admin_local_port: 15000 + # istio_identity_domain: "svc.cluster.local" + # istio_injection_annotation: "sidecar.istio.io/inject" + # istio_sidecar_annotation: "sidecar.istio.io/status" + # url_service_version: "" + # + # + # **Prometheus-specific settings: + # auth: authentication settings to connect to Prometheus: + # ca_file: The certificate authority file to use when accessing Prometheus using https. An empty string means no extra + # certificate authority file is used. Default is an empty string. + # insecure_skip_verify: Set true to skip verifying certificate validity when Kiali contacts Prometheus over https. + # password: Password to be used when making requests to Prometheus, for basic authentication. May refer to a secret - see note above. + # token: Token / API key to access Prometheus, for token-based authentication. May refer to a secret - see note above. + # type: The type of authentication to use when contacting the server from the Kiali backend. Use "bearer" to send the + # token to the Prometheus server. Use "basic" to connect with username and password credentials. Use "none" to not use any authentication. + # Default is "none" + # use_kiali_token: When true and if auth.type is "bearer", Kiali Service Account token will be used for the API calls to Prometheus, + # and auth.token config is ignored then. + # username: Username to be used when making requests to Prometheus, for basic authentication. + # cache_duration: Prometheus caching duration expressed in seconds + # cache_enabled: Enable/disable Prometheus caching used for Health services + # cache_expiration: Prometheus caching expiration expressed in seconds + # url: The URL used to query the Prometheus Server. This URL must be accessible from the Kiali pod. + # If empty, assumes it is in the istio namespace at the URL "http://prometheus.:9090" + # --- + # prometheus: + # auth: + # ca_file: "" + # insecure_skip_verify: false + # password: "" + # token: "" + # type: "none" + # use_kiali_token: false + # username: "" + # cache_duration: 10 + # cache_enabled: true + # cache_expiration: 300 + # url: "" + # + # **Tracing-specific settings: + # - Right now we only support Jaeger + # auth: authentication settings to connect to Jaeger: + # ca_file: The certificate authority file to use when accessing Jaeger using https. An empty string means no extra + # certificate authority file is used. Default is an empty string. + # insecure_skip_verify: Set true to skip verifying certificate validity when Kiali contacts Jaeger over https. + # password: Password to be used when making requests to Jaeger, for basic authentication. User only requires viewer permissions. May refer to a secret - see note above. + # token: Token / API key to access Jaeger, for token-based authentication. It only requires viewer permissions. May refer to a secret - see note above. + # type: The type of authentication to use when contacting the server from the Kiali backend. Use "bearer" to send the + # token to Jaeger Query. Use "basic" to connect with username and password credentials. Use "none" to not use any authentication. + # Default is "none" + # use_kiali_token: When true and if auth.type is "bearer", the same OAuth token used for authentication in Kiali will be used for the API calls to Jaeger Query, + # and auth.token config is ignored then. + # username: Username to be used when making requests to Jaeger, for basic authentication. User only requires viewer permissions. + # is_core_component: Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning. + # enabled: When true, connections to Jaeger are enabled. "in_cluster_url" and/or "url" need to be provided. + # in_cluster_url: Set URL for in-cluster access, which enables further integration between Kiali and Jaeger. + # When not provided, Kiali will only show external links using the "url" config. + # Example: "http://tracing.istio-system". + # namespace_selector: Kiali use this boolean to look traces with namespace selector : service.namespace. Default: true + # url: External URL that will be used to generate links to Jaeger. It must be accessible to clients external to + # the cluster (e.g: browser) in order to generate valid links. + # If tracing service is deployed in a QUERY_BASE_PATH set this in the url like https:/// . EX: https://tracing-service:8080/jaeger + # use_grpc: Set "true" to enable GRPC connection between Kiali and Jaeger, in order to speed up the queries. In some setups you might not be able to use + # GRPC (e.g. if Jaeger is behind some reverse proxy that doesn't support it). + # If not specified, it will be false if deployed within a Maistra/OSSM+OpenShift environment, true otherwise. + # whitelist_istio_system: Set whitelist services in istio-system to check their traces + # --- + # tracing: + # auth: + # ca_file: "" + # insecure_skip_verify: false + # password: "" + # token: "" + # type: "none" + # use_kiali_token: false + # username: "" + # is_core_component: false + # enabled: true + # in_cluster_url: "" + # namespace_selector: true + # url: "" + # #use_grpc: + # whitelist_istio_system: ["jaeger-query", "istio-ingressgateway"] + + ########## + # --- + # health_config: + # + # rate: A list of health configurations that Kiali uses to determine what is (and is not) healthy nodes. Each item contains: + # namespace: The name of the namespace that this configuration applies to. This is a regular expression. + # kind: The type of resource that this configuration applies to. This is a regular expression. + # name: The name of a resource that this configuration applies to. This is a regular expression. + # tolerance: A list of tolerances for this configuration. Each item contains: + # protocol: The protocol that applies for this tolerance (e.g. grpc or http). This is a regular expression. + # direction: The direction that applies for this tolerance (e.g. inbound or outbound). This is a regular expression. + # code: The status code that applies for this tolerance. This is a regular expression. + # degraded: Health will be considered degraded when the telemetry reaches this value (specified as a %). + # failure: A failure status will be shown when the telemetry reaches this value (specified as a %). + # --- + # rate: [] + + ########## + # --- + # identity: + # + # Certificate file used to identify the file server. If set, you must go over https to access Kiali. + # The operator will set these if it deploys Kiali behind https. + # When left undefined, the operator will assign a cluster-specific cert file to provide https by default. + # When set to an empty string, https will be disabled. + # --- + # #cert_file: + # + # Private key file used to identify the server. If set, you must go over https to access Kiali. + # When left undefined, the operator will assign a cluster-specific private key file to provide https by default. + # When set to an empty string, https will be disabled. + # --- + # #private_key_file: + + ########## + # --- + # istio_labels: + # + # This section defines what labels Istio is using to indicate apps and versions. + # Typical values are: ("app" and "version") or ("app.kubernetes.io/name" and "app.kubernetes.io/version"). + # Kiali needs to know what labels Istio is using to be in sync with what Istio considers applications. + # It adds the label used to instruct Istio to automatically inject sidecar proxies when applications are deployed. + # --- + # app_label_name: "app" + # injection_label_name: "istio-injection" + # version_label_name: "version" + + ########## + # Kiali features that can be enabled/disabled via configuration + # --- + # kiali_feature_flags: + # + # Flag to indicate Kiali to enable/disable an Action to label a namespace for automatic Istio Sidecar injection. + # --- + # istio_injection_action: true + # + # Default settings for the UI. These defaults apply to all users. + # --- + # ui_defaults: + # + # Duration of metrics to fetch on each refresh. Omit for default. + # Valid values: 1m, 5m, 10m, 30m, 1h, 3h, 6h, 12h, 1d, 7d, 30d + # --- + # metrics_per_refresh: "1m" + # + # Default selections for the namespace selection dropdown. Non-existent or + # inaccessible namespaces will be ignored. Omit, or set to an empty array for no + # default namespaces. + # --- + # namespaces: [] + # + # The automatic refresh interval for pages offering automatic refresh. + # + # Valid values: pause, 10s, 15s, 30s, 1m, 5m, 15m + # --- + # refresh_interval: "15s" + + ########## + # --- + # kubernetes_config: + # + # The Burst value of the Kubernetes client. + # --- + # burst: 200 + # + # The ratio interval (expressed in seconds) used for the cache to perform a full refresh. + # Only used when cache_enabled is true. + # --- + # cache_duration: 300 + # + # Flag to use a Kubernetes cache for watching changes and updating pods and controllers data asynchronously. + # --- + # cache_enabled: true + # + # Kiali can cache VirtualService,DestinationRule,Gateway and ServiceEntry Istio resources if they are present + # on this list of Istio types. Other Istio types are not yet supported. + # --- + # cache_istio_types: + # - "DestinationRule" + # - "Gateway" + # - "ServiceEntry" + # - "VirtualService" + # - "Sidecar" + # - "PeerAuthentication" + # - "RequestAuthentication" + # - "AuthorizationPolicy" + # + # List of namespaces or regex defining namespaces to include in a cache. + # --- + # cache_namespaces: + # - ".*" + # + # Cache duration expressed in seconds + # Kiali cache list of namespaces per user, this is typically short lived cache compared with the duration of the + # namespace cache defined by previous CacheDuration parameter + # --- + # cache_token_namespace_duration: 10 + # + # List of controllers that won't be used for Workload calculation. + # Kiali queries Deployment,ReplicaSet,ReplicationController,DeploymentConfig,StatefulSet,Job and CronJob controllers. + # Deployment and ReplicaSet will be always queried, but ReplicationController,DeploymentConfig,StatefulSet,Job and CronJobs + # can be skipped from Kiali workloads query if they are present in this list. + # --- + # excluded_workloads: + # - "CronJob" + # - "DeploymentConfig" + # - "Job" + # - "ReplicationController" + # + # The QPS value of the Kubernetes client. + # --- + # qps: 175 + + ########## + # --- + # login_token: + # + # The token expiration in seconds. + # --- + # expiration_seconds: 86400 + # + # The signing key used to generate tokens for user authentication. + # Because this is potentially sensitive, you have the option to store this + # value in a secret. If you store this signing key value in a secret, you + # must indicate what key in what secret by setting this value to a string + # in the form of "secret::" + # If left as an empty string, a secret with a random signing key will be + # generated for you. + # --- + # signing_key: "" + + ########## + # --- + # server: + # + # Where the Kiali server is bound. The console and API server are accessible on this host. + # --- + # address: "" + # + # When true, allows additional audit logging on write operations. + # --- + # audit_log: true + # + # When true, allows the web console to send requests to other domains other than where the console came from. + # Typically used for development environments only. + # --- + # cors_allow_all: false + # + # When true, Kiali serves http requests with gzip enabled (if the browser supports it) when the requests are + # over 1400 bytes. + # --- + # gzip_enabled: true + # + # When true, the metrics endpoint will be available for Prometheus to scrape. + # --- + # metrics_enabled: true + # + # The port that the server will bind to in order to receive metric requests. + # This is the port Prometheus will need to scrape when collecting metrics from Kiali. + # --- + # metrics_port: 9090 + # + # The port that the server will bind to in order to receive console and API requests. + # --- + # port: 20001 + # + # Defines the public domain where Kiali is being served. This is the "domain" part + # of the URL (usually it's a fully-qualified domain name). + # For example, "kiali.example.org". + # When empty, Kiali will try to guess this value from HTTP headers. + # --- + # web_fqdn: "" + # + # Define the history mode of kiali UI. This can only take + # two possible values: either "browser" or "hash". + # When empty, it will always be considered as browser + # --- + # web_history_mode: "" + # + # Defines the ingress port where the connections come from. This is usually + # necessary when the application responds through a proxy/ingress, and it does + # not forward the correct headers so Kiali can guess the port. + # + # When empty, Kiali will try to guess this value from HTTP headers. + # --- + # web_port: "" + # + # Defines the context root path for the Kiali console and API endpoints and readiness probes. + # When providing a context root path that is not "/", do not add a trailing slash. + # For example, use "/kiali" not "/kiali/". + # When empty, will default to "/" on OpenShift and "/kiali" on Kubernetes. + # --- + # web_root: "" + # + # Defines the public HTTP schema used to serve Kiali. This can only take + # two possible values: either "http" or "https". + # When empty, Kiali will try to guess this value from HTTP headers. + # --- + # web_schema: "" + diff --git a/tests/test-values.yml b/tests/test-values.yml new file mode 100644 index 0000000..5f69208 --- /dev/null +++ b/tests/test-values.yml @@ -0,0 +1,5 @@ +istio: + enabled: false +createNamespace: false +imagePullSecrets: +- name: private-registry-mil \ No newline at end of file -- GitLab From ce7e606fe10aa5a1c1330f7a1f7f109d6e432c85 Mon Sep 17 00:00:00 2001 From: Nick Nellis Date: Tue, 2 Mar 2021 14:20:19 -0600 Subject: [PATCH 02/17] working --- chart/templates/bigbang/virtualservice.yaml | 4 +-- chart/values.yaml | 34 ++++++++++++++++++--- 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/chart/templates/bigbang/virtualservice.yaml b/chart/templates/bigbang/virtualservice.yaml index 4f39f8e..3064ecc 100644 --- a/chart/templates/bigbang/virtualservice.yaml +++ b/chart/templates/bigbang/virtualservice.yaml @@ -5,12 +5,12 @@ metadata: namespace: {{ .Release.Namespace }} spec: hosts: - - "{{ .Values.cr.spec.server.address }}" + - "{{ .Values.host }}" gateways: - main.{{ .Release.Namespace }}.svc.cluster.local http: - route: - destination: port: - number: {{ .Values.cr.spec.server.port | default "20001" }} + number: {{ .Values.port | default "20001" }} host: kiali.{{ .Release.Namespace }}.svc.cluster.local diff --git a/chart/values.yaml b/chart/values.yaml index 2a7839d..83a91cb 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,9 +1,13 @@ nameOverride: "" fullnameOverride: "" +host: kiali.bigbang.dev +port: 20001 + image: - repo: registry1.dso.mil/ironbank/opensource/kiali-operator - tag: 1.28.1 + # repo: registry1.dso.mil/ironbank/opensource/kiali-operator + repo: quay.io/kiali/kiali-operator + tag: v1.28.1 pullPolicy: IfNotPresent pullSecrets: [] @@ -52,11 +56,33 @@ cr: namespace: "" spec: - server: - address: kiali.bigbang.dev deployment: + image_name: registry1.dso.mil/ironbank/opensource/kiali + image_version: 1.28.1 accessible_namespaces: - '**' + logger: + log_level: info + auth: + strategy: "anonymous" + external_services: + custom_dashboards: + prometheus: + url: http://monitoring-monitoring-kube-prometheus.monitoring.svc.cluster.local:9090 + + prometheus: + url: http://monitoring-monitoring-kube-prometheus.monitoring.svc.cluster.local:9090 + + grafana: + enabled: true + in_cluster_url: "http://monitoring-monitoring-grafana.monitoring.svc.cluster.local" + url: grafana.bigbang.dev + + tracing: + enabled: true + url: "https://tracing.bigbang.dev" + in_cluster_url: "tracing.istio-system.svc.cluster.local" + # Taken from https://github.com/kiali/kiali-operator/blob/v1.28/deploy/kiali/kiali_cr.yaml ################################################################### # kiali_cr.yaml -- GitLab From 89125d0a70bec5694c10acd6abe2af22fc44e961 Mon Sep 17 00:00:00 2001 From: Nick Nellis Date: Mon, 8 Mar 2021 08:09:59 -0600 Subject: [PATCH 03/17] disable ingress --- chart/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/chart/values.yaml b/chart/values.yaml index 83a91cb..878aab3 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -59,6 +59,7 @@ cr: deployment: image_name: registry1.dso.mil/ironbank/opensource/kiali image_version: 1.28.1 + ingress_enabled: false accessible_namespaces: - '**' logger: -- GitLab From a100fcfc64c8cdf52c7ebf90c74a70e1bff00f21 Mon Sep 17 00:00:00 2001 From: Nick Nellis Date: Mon, 8 Mar 2021 08:14:05 -0600 Subject: [PATCH 04/17] fixed jaeger --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index 878aab3..1786607 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -82,7 +82,7 @@ cr: tracing: enabled: true url: "https://tracing.bigbang.dev" - in_cluster_url: "tracing.istio-system.svc.cluster.local" + in_cluster_url: "http://tracing.istio-system.svc.cluster.local" # Taken from https://github.com/kiali/kiali-operator/blob/v1.28/deploy/kiali/kiali_cr.yaml ################################################################### -- GitLab From 1aa428a286b50375fc3f15ee939af9a6a24e9a54 Mon Sep 17 00:00:00 2001 From: Nick Nellis Date: Mon, 8 Mar 2021 08:18:01 -0600 Subject: [PATCH 05/17] fixed image --- chart/values.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 1786607..49a6b74 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -57,8 +57,10 @@ cr: spec: deployment: - image_name: registry1.dso.mil/ironbank/opensource/kiali - image_version: 1.28.1 + image_name: registry1.dso.mil/ironbank/opensource/kiali/kiali + image_version: v1.28.0 + image_pull_secrets: + - private-registry ingress_enabled: false accessible_namespaces: - '**' -- GitLab From 34d36678231f9942084a561096bd9db4e8cf9149 Mon Sep 17 00:00:00 2001 From: Nick Nellis Date: Mon, 8 Mar 2021 08:18:26 -0600 Subject: [PATCH 06/17] updated to latest --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index 49a6b74..0a22c86 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -58,7 +58,7 @@ cr: spec: deployment: image_name: registry1.dso.mil/ironbank/opensource/kiali/kiali - image_version: v1.28.0 + image_version: v1.28.1 image_pull_secrets: - private-registry ingress_enabled: false -- GitLab From d54786fb5292fadfb1667f88e94f0f3d302c5131 Mon Sep 17 00:00:00 2001 From: Nick Nellis Date: Mon, 8 Mar 2021 08:24:27 -0600 Subject: [PATCH 07/17] fixed tracing --- chart/values.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 0a22c86..f8c0533 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -9,7 +9,8 @@ image: repo: quay.io/kiali/kiali-operator tag: v1.28.1 pullPolicy: IfNotPresent - pullSecrets: [] + pullSecrets: + - private-registry # Deployment options for the operator pod. nodeSelector: {} @@ -84,7 +85,7 @@ cr: tracing: enabled: true url: "https://tracing.bigbang.dev" - in_cluster_url: "http://tracing.istio-system.svc.cluster.local" + in_cluster_url: "http://tracing.istio-system.svc.cluster.local/jaeger" # Taken from https://github.com/kiali/kiali-operator/blob/v1.28/deploy/kiali/kiali_cr.yaml ################################################################### -- GitLab From b10d169cf47650115e961cba1478d0c125c1be58 Mon Sep 17 00:00:00 2001 From: Nick Nellis Date: Mon, 8 Mar 2021 08:27:18 -0600 Subject: [PATCH 08/17] added grafana external url --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index f8c0533..8948247 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -80,7 +80,7 @@ cr: grafana: enabled: true in_cluster_url: "http://monitoring-monitoring-grafana.monitoring.svc.cluster.local" - url: grafana.bigbang.dev + url: "https://grafana.bigbang.dev" tracing: enabled: true -- GitLab From 8c98f88c456d50767cf06cd80e17ffd9d4ff7fb1 Mon Sep 17 00:00:00 2001 From: Nick Nellis Date: Mon, 8 Mar 2021 09:11:39 -0600 Subject: [PATCH 09/17] cleaned up config --- chart/values.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 8948247..5998ba9 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -57,6 +57,11 @@ cr: namespace: "" spec: + istio_component_namespaces: + grafana: monitoring + prometheus: monitoring + tracing: monitoring + deployment: image_name: registry1.dso.mil/ironbank/opensource/kiali/kiali image_version: v1.28.1 @@ -70,17 +75,21 @@ cr: auth: strategy: "anonymous" external_services: + # https://kiali.io/documentation/latest/runtimes-monitoring/ custom_dashboards: - prometheus: - url: http://monitoring-monitoring-kube-prometheus.monitoring.svc.cluster.local:9090 + enabled: false prometheus: url: http://monitoring-monitoring-kube-prometheus.monitoring.svc.cluster.local:9090 grafana: enabled: true - in_cluster_url: "http://monitoring-monitoring-grafana.monitoring.svc.cluster.local" + in_cluster_url: "http://monitoring-monitoring-grafana.monitoring.svc.cluster.local:80" url: "https://grafana.bigbang.dev" + auth: + username: "admin" + password: "prom-operator" + type: basic tracing: enabled: true -- GitLab From 44a06c833999ea4c201887c3abccee4a23f159ee Mon Sep 17 00:00:00 2001 From: Thomas Runyon Date: Tue, 13 Apr 2021 12:14:24 -0400 Subject: [PATCH 10/17] cleanup vertual services --- chart/Chart.yaml | 4 ++-- chart/templates/bigbang/virtualservice.yaml | 19 ++++++++++++++++--- chart/values.yaml | 19 +++++++++++++------ 3 files changed, 31 insertions(+), 11 deletions(-) diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 9f6bb6e..66f21bf 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: kiali-operator description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. -version: 1.28.0-bb.0 -appVersion: 1.28.0 +version: 1.32.0-bb.0 +appVersion: 1.32.0 home: https://github.com/kiali/kiali-operator maintainers: - name: Kiali diff --git a/chart/templates/bigbang/virtualservice.yaml b/chart/templates/bigbang/virtualservice.yaml index 3064ecc..8d29b29 100644 --- a/chart/templates/bigbang/virtualservice.yaml +++ b/chart/templates/bigbang/virtualservice.yaml @@ -1,16 +1,29 @@ +{{- if .Values.istio.enabled }} apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: kiali namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "kiali-operator.name" . }} + helm.sh/chart: {{ include "kiali-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: kiali + app.kubernetes.io/component: kiali spec: - hosts: - - "{{ .Values.host }}" gateways: - - main.{{ .Release.Namespace }}.svc.cluster.local + {{- range .Values.istio.kiali.gateways }} + - {{ . }} + {{- end }} + hosts: + {{- range .Values.istio.kiali.hosts }} + - {{ tpl . $}} + {{- end }} http: - route: - destination: port: number: {{ .Values.port | default "20001" }} host: kiali.{{ .Release.Namespace }}.svc.cluster.local +{{- end }} \ No newline at end of file diff --git a/chart/values.yaml b/chart/values.yaml index 5998ba9..6b04e37 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,13 +1,20 @@ nameOverride: "" fullnameOverride: "" -host: kiali.bigbang.dev +istio: + enabled: false + kiali: + gateways: + - "istio-system/main" + hosts: + - kiali.bigbang.dev + port: 20001 image: - # repo: registry1.dso.mil/ironbank/opensource/kiali-operator - repo: quay.io/kiali/kiali-operator - tag: v1.28.1 + repo: registry1.dso.mil/ironbank/opensource/kiali/kiali-operator + # repo: quay.io/kiali/kiali-operator + tag: v1.32.0 pullPolicy: IfNotPresent pullSecrets: - private-registry @@ -64,7 +71,7 @@ cr: deployment: image_name: registry1.dso.mil/ironbank/opensource/kiali/kiali - image_version: v1.28.1 + image_version: v1.32.0 image_pull_secrets: - private-registry ingress_enabled: false @@ -94,7 +101,7 @@ cr: tracing: enabled: true url: "https://tracing.bigbang.dev" - in_cluster_url: "http://tracing.istio-system.svc.cluster.local/jaeger" + in_cluster_url: "http://jaeger-query.jaeger.svc.cluster.local:16686" # Taken from https://github.com/kiali/kiali-operator/blob/v1.28/deploy/kiali/kiali_cr.yaml ################################################################### -- GitLab From 51c7b9b8361a13003f5e61dfb93e9afc60debc42 Mon Sep 17 00:00:00 2001 From: Thomas Runyon Date: Tue, 13 Apr 2021 12:20:31 -0400 Subject: [PATCH 11/17] update "kiali-operator" (git@github.com:kiali/helm-charts) from "v1.28.0" (850b7287d1bd38efb59674b6c06fe57b7f5796cf) to "v1.32.0" (16be408eff5c6cf0814ca6a16167e8564d6b6e50) --- chart/Kptfile | 4 ++-- chart/crds/crds.yaml | 16 ++++++++++++---- chart/templates/clusterrole.yaml | 17 +++++++++++++++++ chart/templates/deployment.yaml | 9 +++------ chart/templates/kiali-cr.yaml | 2 +- 5 files changed, 35 insertions(+), 13 deletions(-) diff --git a/chart/Kptfile b/chart/Kptfile index def29ed..83f1f64 100644 --- a/chart/Kptfile +++ b/chart/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: 850b7287d1bd38efb59674b6c06fe57b7f5796cf + commit: 16be408eff5c6cf0814ca6a16167e8564d6b6e50 repo: git@github.com:kiali/helm-charts directory: /kiali-operator - ref: v1.28.0 + ref: v1.32.0 diff --git a/chart/crds/crds.yaml b/chart/crds/crds.yaml index 4a73bd3..68c9829 100644 --- a/chart/crds/crds.yaml +++ b/chart/crds/crds.yaml @@ -1,5 +1,5 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: monitoringdashboards.monitoring.kiali.io @@ -15,9 +15,13 @@ spec: - name: v1alpha1 served: true storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true ... --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kialis.kiali.io @@ -29,10 +33,14 @@ spec: plural: kialis singular: kiali scope: Namespaced - subresources: - status: {} versions: - name: v1alpha1 served: true storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true ... diff --git a/chart/templates/clusterrole.yaml b/chart/templates/clusterrole.yaml index 45441a6..3ca8808 100644 --- a/chart/templates/clusterrole.yaml +++ b/chart/templates/clusterrole.yaml @@ -62,6 +62,17 @@ rules: - patch - update - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: ["monitoring.coreos.com"] resources: - servicemonitors @@ -204,6 +215,7 @@ rules: - post - apiGroups: ["extensions", "apps"] resources: + - daemonsets - deployments - replicasets - statefulsets @@ -283,4 +295,9 @@ rules: - delete - patch {{- end }} +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create ... diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index d8ac57b..090e0c5 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -42,7 +42,8 @@ spec: image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }} args: - - "--zap-level=info" + - "--zap-log-level=info" + - "--leader-election-id={{ include "kiali-operator.fullname" . }}" volumeMounts: - mountPath: /tmp/ansible-operator/runner name: runner @@ -57,8 +58,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: {{ include "kiali-operator.fullname" . }} - name: ANSIBLE_DEBUG_LOGS value: {{ .Values.debug.enabled | quote }} - name: ANSIBLE_VERBOSITY_KIALI_KIALI_IO @@ -74,9 +73,7 @@ spec: {{- end }} ports: - name: http-metrics - containerPort: 8383 - - name: cr-metrics - containerPort: 8686 + containerPort: 8080 {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 10 }} diff --git a/chart/templates/kiali-cr.yaml b/chart/templates/kiali-cr.yaml index 2c79786..ad02bd4 100644 --- a/chart/templates/kiali-cr.yaml +++ b/chart/templates/kiali-cr.yaml @@ -12,7 +12,7 @@ metadata: labels: {{- include "kiali-operator.labels" . | nindent 4 }} annotations: - ansible.operator-sdk/verbosity: {{ .Values.debug.verbosity | quote }} + ansible.sdk.operatorframework.io/verbosity: {{ .Values.debug.verbosity | quote }} spec: {{- toYaml .Values.cr.spec | nindent 2 }} ... -- GitLab From c10fe1eec4379cc9d51b31db7de47eafe810492b Mon Sep 17 00:00:00 2001 From: Thomas Runyon Date: Tue, 13 Apr 2021 13:55:10 -0400 Subject: [PATCH 12/17] add cypress testing --- chart/cypress/cypress.json | 5 ++ chart/cypress/kiali-health.spec.js | 5 ++ chart/templates/tests/test-ui-configmap.yaml | 9 ++++ chart/templates/tests/test-ui.yaml | 50 ++++++++++++++++++++ chart/values.yaml | 26 ++++++++-- 5 files changed, 90 insertions(+), 5 deletions(-) create mode 100644 chart/cypress/cypress.json create mode 100644 chart/cypress/kiali-health.spec.js create mode 100644 chart/templates/tests/test-ui-configmap.yaml create mode 100644 chart/templates/tests/test-ui.yaml diff --git a/chart/cypress/cypress.json b/chart/cypress/cypress.json new file mode 100644 index 0000000..e36f984 --- /dev/null +++ b/chart/cypress/cypress.json @@ -0,0 +1,5 @@ +{ + "pluginsFile": false, + "supportFile": false, + "fixturesFolder": false +} diff --git a/chart/cypress/kiali-health.spec.js b/chart/cypress/kiali-health.spec.js new file mode 100644 index 0000000..1696136 --- /dev/null +++ b/chart/cypress/kiali-health.spec.js @@ -0,0 +1,5 @@ +describe('Basic Kiali', function() { + it('Check Kiali UI is accessible', function() { + cy.visit(Cypress.env('url')) + }) +}) diff --git a/chart/templates/tests/test-ui-configmap.yaml b/chart/templates/tests/test-ui-configmap.yaml new file mode 100644 index 0000000..53d4636 --- /dev/null +++ b/chart/templates/tests/test-ui-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cypress-tests + annotations: + "helm.sh/hook": test +data: +{{ (.Files.Glob "cypress/*").AsConfig | indent 2 }} + diff --git a/chart/templates/tests/test-ui.yaml b/chart/templates/tests/test-ui.yaml new file mode 100644 index 0000000..4edb70d --- /dev/null +++ b/chart/templates/tests/test-ui.yaml @@ -0,0 +1,50 @@ +kind: Pod +apiVersion: v1 +metadata: + name: "{{ .Release.Name }}-ui-test" + annotations: + "helm.sh/hook": test + labels: + "helm.sh/hook": test +spec: + initContainers: + - name: copier + image: cypress/included:5.0.0 + command: + - "/bin/bash" + - "-c" + - | + ls -la /src/ + cp /src/cypress.json /dest/ + mkdir -p /dest/cypress/integration/ + cp /src/*.js /dest/cypress/integration/ + ls -la /dest/ + ls -la /dest/cypress/integration/ + volumeMounts: + - name: cypress-tests + mountPath: /src + - name: workdir + mountPath: /dest + containers: + - name: {{ .Release.Name }}-ui-test + image: cypress/included:5.0.0 + imagePullPolicy: {{ .Values.image.imagePullPolicy | quote }} + workingDir: /e2e + env: + - name: cypress_url + value: "http://{{ .Values.cr.name }}:{{ .Values.port | default "20001" }}" + args: + - "--" + - "--reporter-options=list" + - "--reporter=spec" + volumeMounts: + - name: workdir + mountPath: /e2e/ + restartPolicy: Never + volumes: + - name: cypress-tests + configMap: + name: cypress-tests + - name: workdir + emptyDir: {} + diff --git a/chart/values.yaml b/chart/values.yaml index 6b04e37..be438f7 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -67,8 +67,10 @@ cr: istio_component_namespaces: grafana: monitoring prometheus: monitoring - tracing: monitoring - + tracing: jaeger + istio_namespace: istio-system + custom_dashboards: + includes: ['*'] deployment: image_name: registry1.dso.mil/ironbank/opensource/kiali/kiali image_version: v1.32.0 @@ -84,7 +86,7 @@ cr: external_services: # https://kiali.io/documentation/latest/runtimes-monitoring/ custom_dashboards: - enabled: false + enabled: true prometheus: url: http://monitoring-monitoring-kube-prometheus.monitoring.svc.cluster.local:9090 @@ -97,13 +99,27 @@ cr: username: "admin" password: "prom-operator" type: basic + dashboards: + - name: "Istio Service Dashboard" + variables: + namespace: "var-namespace" + service: "var-service" + - name: "Istio Workload Dashboard" + variables: + namespace: "var-namespace" + workload: "var-workload" + - name: "Istio Mesh Dashboard" + - name: "Istio Control Plane Dashboard" + - name: "Istio Performance Dashboard" + - name: "Istio Wasm Extension Dashboard" tracing: enabled: true url: "https://tracing.bigbang.dev" in_cluster_url: "http://jaeger-query.jaeger.svc.cluster.local:16686" - - # Taken from https://github.com/kiali/kiali-operator/blob/v1.28/deploy/kiali/kiali_cr.yaml + use_grpc: false + whitelist_istio_system: ["istio"] + # Taken from https://github.com/kiali/kiali-operator/blob/v1.30/deploy/kiali/kiali_cr.yaml ################################################################### # kiali_cr.yaml # -- GitLab From 5b28c5a9051de5f53459ced5382bc40d327c1cda Mon Sep 17 00:00:00 2001 From: Thomas Runyon Date: Tue, 13 Apr 2021 14:11:51 -0400 Subject: [PATCH 13/17] no dockerhub imageS --- chart/templates/tests/test-ui.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/templates/tests/test-ui.yaml b/chart/templates/tests/test-ui.yaml index 4edb70d..0e3ad31 100644 --- a/chart/templates/tests/test-ui.yaml +++ b/chart/templates/tests/test-ui.yaml @@ -9,7 +9,7 @@ metadata: spec: initContainers: - name: copier - image: cypress/included:5.0.0 + image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/cypress/included:5.0.0 command: - "/bin/bash" - "-c" @@ -27,7 +27,7 @@ spec: mountPath: /dest containers: - name: {{ .Release.Name }}-ui-test - image: cypress/included:5.0.0 + image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/cypress/included:5.0.0 imagePullPolicy: {{ .Values.image.imagePullPolicy | quote }} workingDir: /e2e env: -- GitLab From 6d40c9d389201f880f7b20809b11a611fc352b46 Mon Sep 17 00:00:00 2001 From: Thomas Runyon Date: Tue, 13 Apr 2021 14:48:03 -0400 Subject: [PATCH 14/17] docs for affinities and tolerations --- docs/Affinity.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 docs/Affinity.md diff --git a/docs/Affinity.md b/docs/Affinity.md new file mode 100644 index 0000000..8f8e2f1 --- /dev/null +++ b/docs/Affinity.md @@ -0,0 +1,33 @@ +# Affinity + +# Kiali Operator + +To configure the Kiali operator with an affinity or toleration, use the top level configuration: + + +```yaml +affinity: {} +tolerations: [] +``` + + +## Kiali + +To configure the kiali deployment with affinity or toleration, use the following, which is copied from the Kiali example CR + +```yaml +# Affinity definitions that are to be used to define the nodes where the Kiali pod should be contrained. +# See the Kubernetes documentation on Assigning Pods to Nodes for the proper syntax for these three +# different affinity types. +# --- +cr: + spec: + affinity: + node: {} + pod: {} + pod_anti: {} + # A list of tolerations which declare which node taints Kiali can tolerate. + # See the Kubernetes documentation on Taints and Tolerations for more details. + # --- + tolerations: [] +``` \ No newline at end of file -- GitLab From 98313657501d589c515949fe39c91f459ef8eca2 Mon Sep 17 00:00:00 2001 From: Thomas Runyon Date: Thu, 15 Apr 2021 05:52:12 -0400 Subject: [PATCH 15/17] fix IPS for kiali in tests --- chart/values.yaml | 1652 +++++++++++++++++++++-------------------- tests/test-values.yml | 3 + 2 files changed, 837 insertions(+), 818 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index be438f7..2f17d68 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -119,821 +119,837 @@ cr: in_cluster_url: "http://jaeger-query.jaeger.svc.cluster.local:16686" use_grpc: false whitelist_istio_system: ["istio"] - # Taken from https://github.com/kiali/kiali-operator/blob/v1.30/deploy/kiali/kiali_cr.yaml - ################################################################### - # kiali_cr.yaml - # - # This is a fully documented Kiali custom resource yaml file. - # It can be used to tell the Kiali Operator to install Kiali. - # - # This is actually an empty Kiali CR, however, it provides - # documentation on all available settings. - # In each documented section, you will see a "---" marker; - # below that marker you will see the names of the settings along - # with their default values. If the setting is not defined by - # default, its name will be prefixed with "#". - ################################################################### - - ########## - # --- - # additional_display_details: - # - title: "API Documentation" - # annotation: "kiali.io/api-spec" - # icon_annotation: "kiali.io/api-type" - # - # A list of additional details that Kiali will look for in annotations and display, for every workload and service, in their respective details pages. - # It can typically be used to inject some CI metadata or documentation links into Kiali views. - # Each item in the list is an object with "annotation", "title" and "icon_annotation" fields to indicate which annotation Kiali needs to look for, and how it should be displayed. - # "icon_annotation" is optional and would display an icon next to the text. - # At the moment, the value of the icon annotation can only be one of "rest", "grpc" or "graphql"; otherwise, it is ignored. - # By default, these settings recognize API Documentation links via annotation "kiali.io/api-spec" and icon-annotation "kiali.io/api-type". - # For example, it would make Kiali recognize these annotations in a service or a workload definition (Deployment, StatefulSet, etc.) to display the appropriate link and text: - # annotations: - # kiali.io/api-spec: http://link/to/my/doc - # kiali.io/api-type: rest - # Should you change this setting for your own custom annotations, keep in mind that it would override the current default. - # So you would have to copy the "API Documentation" setting as shown above if you want to preserve these links. - - ########## - # Tag used to identify a particular instance/installation of the Kiali server. - # --- - # installation_tag: "" - - ########## - # The namespaces where individual Istio components are installed. - # If left empty, it is assumed all Istio components are installed in the - # defined istio_namespace. If a component is not listed here, it is - # assumed that component is installed in istio_namespace. For example: - # istio_component_namespaces: - # prometheus: prom-ns - # means Prometheus is installed in the namespace "prom-ns" but all other - # Istio components are installed in the namespace defined in istio_namespace. - # --- - # istio_component_namespaces: {} - - ########## - # The namespace where Istio is installed. If left empty, it is assumed to be the - # same namespace as where Kiali is installed (i.e. deployment.namespace). - # Note that if you install some Istio components in other namespaces, specify - # that component's namespace in istio_component_namespaces. - # --- - # istio_namespace: "" - - ########## - # The version of the Ansible playbook to execute in order to install that version of Kiali. - # If not specified, a default version of Kiali will be installed which will be the most recent release of Kiali. - # The currently allowed values for this setting are: "default", "v1.0", "v1.12", "v1.24" - # Refer to this file to see where these values are defined in the master branch: - # https://github.com/kiali/kiali-operator/tree/master/playbooks/default-supported-images.yml - # - # This version setting affects the defaults of the deployment.image_name and - # deployment.image_version settings. See the comments for those settings - # below for additional details. But in short, this version setting will - # dictate which version of the Kiali image will be deployed by default. - # Note that if you explicitly set deployment.image_name and/or - # deployment.image_version you are responsible for ensuring those settings - # are compatible with this setting (i.e. the Kiali image must be compatible - # with the rest of the configuration and resources the operator will install). - # - # See the Kiali documentation to determine which of these versions support - # the version of Istio you are installing Kiali with. - # - # --- - # version: "default" - - ########## - # --- - # api: - # - # Allows for controlling what namespaces/projects are returned by Kiali. - # - # 'exclude' is optional and takes a list of namespaces to be excluded from the list - # of namespaces provided by the API and UI. Regex is supported. This does not affect - # explicit namespace access. - # - # 'label_selector' is optional and takes a string value of a Kubernetes label selector - # (e.g. "myLabel=myValue") which is used when fetching the list of available namespaces. - # This does not affect explicit namespace access. - # Note that if you do not set this but deployment.accessible_namespaces does not have the - # special "all namespaces" value of "**" then this label_selector will be set - # to a default value of "kiali.io/member-of=" where - # is the namespace where Kiali is to be installed. - # If deployment.accessible_namespaces does not have the special value of "**" - # then the Kiali operator will add a new label to all accessible namespaces - that new - # label will be this label_selector. - # - # --- - # namespaces: - # exclude: - # - "istio-operator" - # - "kube.*" - # - "openshift.*" - # - "ibm.*" - # - "kiali-operator" - # #label_selector: - - ########## - # --- - # auth: - # - # Determines what authentication strategy to use when users log into Kiali. - # Options are "anonymous", "token", "openshift", "openid", "header". - # Choose "anonymous" to allow full access to Kiali without requiring any credentials. - # Choose "token" to allow access to Kiali using service account tokens, which controls - # access based on RBAC roles assigned to the service account. - # Choose "openshift" to use the OpenShift OAuth login which controls access based on - # the individual's RBAC roles in OpenShift. Not valid for non-OpenShift environments. - # Choose "header" when Kiali is running behind a reverse proxy that will inject an - # Authorization header and potentially impersonation headers. - # Choose "openid" to enable OpenID connect based authentication. Your cluster is required to - # be configured to accept the tokens issued by your IdP. There are additional required - # configurations for this strategy. See below for the additional OpenID configuration section. - # When empty, its value will default to "openshift" on OpenShift and "token" on Kubernetes. - # --- - # strategy: "" - # - # To learn how to configure the OpenId authentication strategy, read the documentation - # at the website on https://kiali.io/documentation/latest/configuration/authentication/openid/ - # - # --- - # openid: - # api_proxy: "" - # api_proxy_ca_data: "" - # authentication_timeout: 300 - # authorization_endpoint: "" - # client_id: "" - # disable_rbac: false - # http_proxy: "" - # https_proxy: "" - # insecure_skip_verify_tls: false - # issuer_uri: "" - # scopes: ["openid", "profile", "email"] - # username_claim: "sub" - # - # The Route resource name and OAuthClient resource name will have this value as its prefix. - # This value normally should never change. The installer will ensure this value is set correctly. - # --- - # openshift: - # client_id_prefix: kiali - - ########## - # --- - # deployment: - # - # A list of namespaces Kiali is to be given access to. - # These namespaces have service mesh components that are to be observed by Kiali. - # You can provide names using regex expressions matched against all namespaces the operator can see. - # The default makes all namespaces accessible except for some internal namespaces that typically should be ignored. - # NOTE! If this has an entry with the special value of "**" (two asterisks), that will denote you want - # Kiali to be given access to all namespaces via a single cluster role (if using this special value of "**", - # you are required to have already granted the operator permissions to create cluster roles and cluster role bindings). - # --- - # accessible_namespaces: ["^((?!(istio-operator|kube.*|openshift.*|ibm.*|kiali-operator)).)*$"] - # - # Additional custom yaml to add to the service definition. This is used mainly to customize the service type. - # For example, if the deployment.service_type is set to "LoadBalancer" and you want to set the loadBalancerIP, - # you can do so here with: additional_service_yaml: { "loadBalancerIP": "78.11.24.19" }. - # Another example would be if the deployment.service_type is set to "ExternalName" you will need to configure - # the name via: additional_service_yaml: { "externalName": "my.kiali.example.com" }. - # A final example would be if external IPs need to be set: additional_service_yaml: { "externalIPs": ["80.11.12.10"] } - # --- - # #additional_service_yaml: - # - # Affinity definitions that are to be used to define the nodes where the Kiali pod should be contrained. - # See the Kubernetes documentation on Assigning Pods to Nodes for the proper syntax for these three - # different affinity types. - # --- - # affinity: - # node: {} - # pod: {} - # pod_anti: {} - # - # Names of the out-of-box custom monitoring dashboards that are to be installed. - # The custom monitoring dashboards are defined in yaml files located within the operator. - # Consult the operator templates for the custom monitoring dashboard yaml files available. - # For example, see this for the current list of yaml files available: - # https://github.com/kiali/kiali-operator/tree/master/roles/default/kiali-deploy/templates/dashboards - # These settings will determine the additional metric graphs that you will see within the Kiali UI. - # You can specify an includes and excludes list, the excludes list takes precedence. - # Each list can have fileglob wildcard characters '*' and '?' for file matching. - # --- - # custom_dashboards: - # excludes: [''] - # includes: ['*'] - # - # Determines what (if any) HorizontalPodAutoscaler should be created to autoscale the Kiali pod. - # A typical way to configure HPA for Kiali is: - # - # hpa: - # spec: - # maxReplicas: 2 - # minReplicas: 1 - # targetCPUUtilizationPercentage: 80 - # - # If "spec" is left empty, no HPA resource will be created. Otherwise, the "spec" yaml specified - # here will be placed in the created HPA resource's spec section. - # NOTE: do not specify the "scaleTargetRef" section in "spec"; the Kiali Operator will populate that for you. - # You can optionally specify a specific HPA api_version in case there is some HPA feature - # you want to use that is only supported in that specific version. - # --- - # hpa: - # api_version: "autoscaling/v2beta2" - # spec: {} - # - # Determines which Kiali image to download and install. - # If you set this to a specific name (i.e. you do not leave it as the default empty string), - # you must make sure that image is supported by the operator. - # If empty, the operator will use a known supported image name based on which "version" was defined. - # Note that, as a security measure, a cluster admin may have configured the Kiali operator to - # ignore this setting. A cluster admin may do this to ensure the Kiali operator only installs - # a single, specific Kiali version, thus this setting may have no effect depending on how the - # operator itself was configured. - # --- - # image_name: "" - # - # The Kubernetes pull policy for the Kiali deployment. - # This is overridden to be "Always" if image_version is set to "latest". - # --- - # image_pull_policy: "IfNotPresent" - # - # The names of the secrets to be used when container images are to be pulled. - # --- - # image_pull_secrets: [] - # - # Determines which version of Kiali to install. - # Choose "lastrelease" to use the last Kiali release. - # Choose "latest" to use the latest image (which may or may not be a released version of Kiali). - # Choose "operator_version" to use the image whose version is the same as the operator version. - # Otherwise, you can set this to any valid Kiali version (such as "v1.0"). - # Note that if this is set to "latest" then the image_pull_policy will be "Always". - # If you set this to a specific version (i.e. you do not leave it as the default empty string), - # you must make sure that image is supported by the operator. - # If empty, the operator will use a known supported image version based on which "version" was defined. - # Note that, as a security measure, a cluster admin may have configured the Kiali operator to - # ignore this setting. A cluster admin may do this to ensure the Kiali operator only installs - # a single, specific Kiali version, thus this setting may have no effect depending on how the - # operator itself was configured. - # --- - # image_version: "" - # - # Determines if the Kiali endpoint should be exposed externally. - # If true, an Ingress will be created if on Kubernetes or a Route if on OpenShift. - # --- - # ingress_enabled: true - # - # Determines the logger configuration. - # log_format supports text and json. - # log_level supports trace, debug, info, warn, error, fatal. - # time_field_format supports a golang time format (https://golang.org/pkg/time/) - # sampler_rate defines a basic log sampler setting as an integer. With this setting every sampler_rate-th - # message will be logged. By default, every message is logged. - # --- - # logger: - # log_level: info - # log_format: text - # sampler_rate: "1" - # time_field_format: "2006-01-02T15:04:05Z07:00" - # - # The namespace into which Kiali is to be installed. If this is empty or not defined, - # the default will be the namespace where the Kiali CR is located. - # --- - # namespace: "" - # - # A set of node labels that dictate onto which node the Kiali pod will be deployed. - # --- - # node_selector: {} - # - # Because an ingress into a cluster can vary wildly in its desired configuration, - # this setting provides a way to override complete portions of the ingress resource - # configuration (Ingress on Kubernetes and Route on OpenShift). It is up to the user - # to ensure this override YAML configuration is valid and supports the cluster environment - # since the operator will blindly copy this custom configuration into the resource it - # creates. - # This setting is not used if deployment.ingress_enabled is set to 'false'. - # Note that only 'metadata.annotations' and 'spec' is valid and only they will - # be used to override those same sections in the created resource. You can define - # either one or both. - # Example: - # override_ingress_yaml: - # metadata: - # annotations: - # nginx.ingress.kubernetes.io/secure-backends: "true" - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # spec: - # rules: - # - http: - # paths: - # - path: /kiali - # backend: - # serviceName: kiali - # servicePort: 20001 - # --- - # #override_ingress_yaml: - # - # Custom annotations to be created on the Kiali pod. - # --- - # pod_annotations: {} - # - # Custom labels to be created on the Kiali pod. - # --- - # pod_labels: {} - # - # The priorityClassName used to assign the priority of the Kiali pod. - # --- - # priority_class_name: "" - # - # The replica count for the Kiail deployment. - # --- - # replicas: 1 - # - # Defines compute resources that are to be given to the Kiali pod's container. - # The value is a dict as defined by Kubernetes. See the Kubernetes documentation - # https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container - # --- - # resources: {} - # - # The name of a secret used by the Kiali. Reserved for future use - not currently used. - # --- - # secret_name: "kiali" - # - # Custom annotations to be created on the Kiali Service resource. - # --- - # service_annotations: {} - # - # The Kiali service type. Kubernetes determines what values are valid. - # Common values are "NodePort", "ClusterIP", and "LoadBalancer". - # --- - # #service_type: - # - # A list of tolerations which declare which node taints Kiali can tolerate. - # See the Kubernetes documentation on Taints and Tolerations for more details. - # --- - # tolerations: [] - # - # DEPRECATED - use the logger.log_level setting. - # Determines which priority levels of log messages Kiali will output. - # Typical values are "3" for INFO and higher priority, "4" for DEBUG and higher priority. - # --- - # verbose_mode: "3" - # - # Kiali resources will be assigned a "version" label when they are deployed. - # This determines what value those "version" labels will have. - # When empty, its default will be determined as follows: - # If image_version is "latest", version_label will be fixed to "master". - # If image_version is "lastrelease", version_label will be fixed to - # the last Kiali release version string. - # If the image_version is anything else, version_label will be that value, too. - # --- - # version_label: "" - # - # When true, Kiali will be in "view only" mode, allowing the user to view and retrieve - # management and monitoring data for the service mesh, but not allow the user to - # modify the service mesh. - # --- - # view_only_mode: false - - ########## - # --- - # extensions: - # - # Kiali enabled integration with Iter8 project. - # If this extension is enabled, Kiali will communicate with Iter8 controller allowing to manage Experiments and review results. - # Additional documentation https://iter8.tools/ - # --- - # iter_8: - # - # Flag to indicate if iter8 extension is enabled in Kiali - # --- - # enabled: false - - ########## - # --- - # external_services: - # - # Note about sensitive values in the external_services "auth" sections: - # Some external services configured below support an "auth" sub-section in order to tell Kiali how it should - # authenticate with the external services. Credentials used to authenticate Kiali to those external services can - # be defined in the "auth.password" and "auth.token" values within the "auth" sub-section. - # Because these are sensitive values, you may not want to declare the actual credentials here in the Kiali CR. In - # this case, you may store the actual password or token string in a Kubernetes secret. If you do, you need to - # set the "auth.password" or "auth.token" to a value in the format "secret::" where - # "" is the name of the secret object that Kiali can access, and is the name of the key - # within the named secret that contains the actual password or token string. For example, if Grafana requires a - # password, you can store that password in a secret named "myGrafanaCredentials" in a key named "myGrafanaPw". - # In this case, you would set "external_services.grafana.auth.password" to "secret:myGrafanaCredentials:myGrafanaPw". - # - # **Custom-dashboards settings: - # discovery_auto_threshold: Threshold of the number of pods, for a given Application or Workload, above which dashboards discovery will be skipped - # This setting only takes effect when discovery_enabled is set to 'auto'. - # discovery_enabled: Enable, disable or set 'auto' mode to the dashboards discovery process. If set to true, Kiali - # will always try to discover dashboards based on metrics. Note that it can generate performance penalties while - # discovering dashboards for workloads having many pods (thus many metrics). - # When set to 'auto', Kiali will skip dashboards discovery for workloads with more than a configured threshold of pods - # (see 'discovery_auto_threshold'). When discovery is disabled or auto/skipped, it is still possible to tie workloads - # with dashboards through annotations on pods (refer to the doc https://kiali.io/documentation/latest/runtimes-monitoring/#pods-annotations) - # Allowed values: true, false, auto. - # enabled: Enable or disable custom dashboards, including the dashboards discovery process. Default: true. - # is_core_component: Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning. - # namespace_label: Prometheus label name used for identifying namespaces in metrics for custom dashboards. - # Default is "kubernetes_namespace". It is quite common to use just "namespace" as well, depending on your Prometheus configuration. - # prometheus: Please check the section below about Prometheus-specific settings: they are identical. The Prometheus - # configuration defined here is dedicated to fetching custom dashboards, hence allowing to use a different instance - # of Prometheus. If omitted, the same Prometheus as for Istio metrics will be reused for custom dashboards. - # --- - # custom_dashboards: - # discovery_auto_threshold: 10 - # discovery_enabled: auto - # enabled: true - # is_core_component: false - # namespace_label: "kubernetes_namespace" - # prometheus: - # auth: - # ca_file: "" - # insecure_skip_verify: false - # password: "" - # token: "" - # type: "none" - # use_kiali_token: false - # username: "" - # url: "" - # - # **Grafana-specific settings: - # auth: authentication settings to connect to Grafana: - # ca_file: The certificate authority file to use when accessing Grafana using https. An empty string means no extra - # certificate authority file is used. Default is an empty string. - # insecure_skip_verify: Set true to skip verifying certificate validity when Kiali contacts Grafana over https. - # password: Password to be used when making requests to Grafana, for basic authentication. User only requires viewer permissions. May refer to a secret - see note above. - # token: Token / API key to access Grafana, for token-based authentication. It only requires viewer permissions. May refer to a secret - see note above. - # type: The type of authentication to use when contacting the server from the Kiali backend. Use "bearer" to send the - # token to the Grafana server. Use "basic" to connect with username and password credentials. Use "none" to not use any authentication. - # Default is "none" - # use_kiali_token: When true and if auth.type is "bearer", the same OAuth token used for authentication in Kiali will be used for the API calls to Grafana, - # and auth.token config is ignored then. - # username: Username to be used when making requests to Grafana, for basic authentication. User only requires viewer permissions. - # is_core_component: Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning. - # dashboards: A list of Grafana dashboards that Kiali can link to. Each item contains: - # name: The name of the dashboard in Grafana - # variables: - # app: The name of a variable that holds the app name, if used in that dashboard (else it must be omitted) - # namespace: The name of a variable that holds the namespace, if used in that dashboard (else it must be omitted) - # service: The name of a variable that holds the service name, if used in that dashboard (else it must be omitted) - # workload: The name of a variable that holds the workload name, if used in that dashboard (else it must be omitted) - # enabled: When true, Grafana support will be enabled in Kiali. - # in_cluster_url: Set URL for in-cluster access. Example: "http://grafana.istio-system:3000". This URL can contain query parameters if needed, such as "?orgId=1". - # url: The URL that Kiali uses when integrating with Grafana. This URL must be accessible to clients external to - # the cluster in order for the integration to work properly. If empty, an attempt to auto-discover it is made. - # This URL can contain query parameters if needed, such as "?orgId=1". - # --- - # grafana: - # auth: - # ca_file: "" - # insecure_skip_verify: false - # password: "" - # token: "" - # type: "none" - # use_kiali_token: false - # username: "" - # is_core_component: false - # dashboards: - # - name: "Istio Service Dashboard" - # variables: - # namespace: "var-namespace" - # service: "var-service" - # - name: "Istio Workload Dashboard" - # variables: - # namespace: "var-namespace" - # workload: "var-workload" - # enabled: true - # in_cluster_url: "http://grafana.istio-system:3000" - # url: "" - # - # **Istio-specific settings: - # component_status: - # enabled: Enable/Disable of istio component status into masthead indicator. It defaults to true. - # components: A list of components that Kiali will check its statuses. - # app_label: Istio component pod app label. - # is_core: Whether the component is core for your deployment. - # namespace: The namespace where the component is installed in. It defaults to the 'istio_namespace' setting. - # config_map_name: The name of the istio control plane config map. It defaults to `istio`. - # envoy_admin_local_port: The port which kiali will open to fetch envoy config data information. - # istio_identity_domain: The annotation used by Istio to identify domains. - # istio_injection_annotation: The annotation used by Istio to automatically inject a specific workload - # istio_sidecar_annotation: The pod annotation used by Istio to identify the sidecar. - # url_service_version: The Istio service used to determine the Istio version. If empty, assumes the URL for the well-known Istio version endpoint. - # --- - # istio: - # component_status: - # enabled: true - # components: - # - app_label: istiod - # is_core: true - # - app_label: istio-ingressgateway - # is_core: true - # - app_label: istio-egressgateway - # is_core: false - # config_map_name: "istio" - # envoy_admin_local_port: 15000 - # istio_identity_domain: "svc.cluster.local" - # istio_injection_annotation: "sidecar.istio.io/inject" - # istio_sidecar_annotation: "sidecar.istio.io/status" - # url_service_version: "" - # - # - # **Prometheus-specific settings: - # auth: authentication settings to connect to Prometheus: - # ca_file: The certificate authority file to use when accessing Prometheus using https. An empty string means no extra - # certificate authority file is used. Default is an empty string. - # insecure_skip_verify: Set true to skip verifying certificate validity when Kiali contacts Prometheus over https. - # password: Password to be used when making requests to Prometheus, for basic authentication. May refer to a secret - see note above. - # token: Token / API key to access Prometheus, for token-based authentication. May refer to a secret - see note above. - # type: The type of authentication to use when contacting the server from the Kiali backend. Use "bearer" to send the - # token to the Prometheus server. Use "basic" to connect with username and password credentials. Use "none" to not use any authentication. - # Default is "none" - # use_kiali_token: When true and if auth.type is "bearer", Kiali Service Account token will be used for the API calls to Prometheus, - # and auth.token config is ignored then. - # username: Username to be used when making requests to Prometheus, for basic authentication. - # cache_duration: Prometheus caching duration expressed in seconds - # cache_enabled: Enable/disable Prometheus caching used for Health services - # cache_expiration: Prometheus caching expiration expressed in seconds - # url: The URL used to query the Prometheus Server. This URL must be accessible from the Kiali pod. - # If empty, assumes it is in the istio namespace at the URL "http://prometheus.:9090" - # --- - # prometheus: - # auth: - # ca_file: "" - # insecure_skip_verify: false - # password: "" - # token: "" - # type: "none" - # use_kiali_token: false - # username: "" - # cache_duration: 10 - # cache_enabled: true - # cache_expiration: 300 - # url: "" - # - # **Tracing-specific settings: - # - Right now we only support Jaeger - # auth: authentication settings to connect to Jaeger: - # ca_file: The certificate authority file to use when accessing Jaeger using https. An empty string means no extra - # certificate authority file is used. Default is an empty string. - # insecure_skip_verify: Set true to skip verifying certificate validity when Kiali contacts Jaeger over https. - # password: Password to be used when making requests to Jaeger, for basic authentication. User only requires viewer permissions. May refer to a secret - see note above. - # token: Token / API key to access Jaeger, for token-based authentication. It only requires viewer permissions. May refer to a secret - see note above. - # type: The type of authentication to use when contacting the server from the Kiali backend. Use "bearer" to send the - # token to Jaeger Query. Use "basic" to connect with username and password credentials. Use "none" to not use any authentication. - # Default is "none" - # use_kiali_token: When true and if auth.type is "bearer", the same OAuth token used for authentication in Kiali will be used for the API calls to Jaeger Query, - # and auth.token config is ignored then. - # username: Username to be used when making requests to Jaeger, for basic authentication. User only requires viewer permissions. - # is_core_component: Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning. - # enabled: When true, connections to Jaeger are enabled. "in_cluster_url" and/or "url" need to be provided. - # in_cluster_url: Set URL for in-cluster access, which enables further integration between Kiali and Jaeger. - # When not provided, Kiali will only show external links using the "url" config. - # Example: "http://tracing.istio-system". - # namespace_selector: Kiali use this boolean to look traces with namespace selector : service.namespace. Default: true - # url: External URL that will be used to generate links to Jaeger. It must be accessible to clients external to - # the cluster (e.g: browser) in order to generate valid links. - # If tracing service is deployed in a QUERY_BASE_PATH set this in the url like https:/// . EX: https://tracing-service:8080/jaeger - # use_grpc: Set "true" to enable GRPC connection between Kiali and Jaeger, in order to speed up the queries. In some setups you might not be able to use - # GRPC (e.g. if Jaeger is behind some reverse proxy that doesn't support it). - # If not specified, it will be false if deployed within a Maistra/OSSM+OpenShift environment, true otherwise. - # whitelist_istio_system: Set whitelist services in istio-system to check their traces - # --- - # tracing: - # auth: - # ca_file: "" - # insecure_skip_verify: false - # password: "" - # token: "" - # type: "none" - # use_kiali_token: false - # username: "" - # is_core_component: false - # enabled: true - # in_cluster_url: "" - # namespace_selector: true - # url: "" - # #use_grpc: - # whitelist_istio_system: ["jaeger-query", "istio-ingressgateway"] - - ########## - # --- - # health_config: - # - # rate: A list of health configurations that Kiali uses to determine what is (and is not) healthy nodes. Each item contains: - # namespace: The name of the namespace that this configuration applies to. This is a regular expression. - # kind: The type of resource that this configuration applies to. This is a regular expression. - # name: The name of a resource that this configuration applies to. This is a regular expression. - # tolerance: A list of tolerances for this configuration. Each item contains: - # protocol: The protocol that applies for this tolerance (e.g. grpc or http). This is a regular expression. - # direction: The direction that applies for this tolerance (e.g. inbound or outbound). This is a regular expression. - # code: The status code that applies for this tolerance. This is a regular expression. - # degraded: Health will be considered degraded when the telemetry reaches this value (specified as a %). - # failure: A failure status will be shown when the telemetry reaches this value (specified as a %). - # --- - # rate: [] - - ########## - # --- - # identity: - # - # Certificate file used to identify the file server. If set, you must go over https to access Kiali. - # The operator will set these if it deploys Kiali behind https. - # When left undefined, the operator will assign a cluster-specific cert file to provide https by default. - # When set to an empty string, https will be disabled. - # --- - # #cert_file: - # - # Private key file used to identify the server. If set, you must go over https to access Kiali. - # When left undefined, the operator will assign a cluster-specific private key file to provide https by default. - # When set to an empty string, https will be disabled. - # --- - # #private_key_file: - - ########## - # --- - # istio_labels: - # - # This section defines what labels Istio is using to indicate apps and versions. - # Typical values are: ("app" and "version") or ("app.kubernetes.io/name" and "app.kubernetes.io/version"). - # Kiali needs to know what labels Istio is using to be in sync with what Istio considers applications. - # It adds the label used to instruct Istio to automatically inject sidecar proxies when applications are deployed. - # --- - # app_label_name: "app" - # injection_label_name: "istio-injection" - # version_label_name: "version" - - ########## - # Kiali features that can be enabled/disabled via configuration - # --- - # kiali_feature_flags: - # - # Flag to indicate Kiali to enable/disable an Action to label a namespace for automatic Istio Sidecar injection. - # --- - # istio_injection_action: true - # - # Default settings for the UI. These defaults apply to all users. - # --- - # ui_defaults: - # - # Duration of metrics to fetch on each refresh. Omit for default. - # Valid values: 1m, 5m, 10m, 30m, 1h, 3h, 6h, 12h, 1d, 7d, 30d - # --- - # metrics_per_refresh: "1m" - # - # Default selections for the namespace selection dropdown. Non-existent or - # inaccessible namespaces will be ignored. Omit, or set to an empty array for no - # default namespaces. - # --- - # namespaces: [] - # - # The automatic refresh interval for pages offering automatic refresh. - # - # Valid values: pause, 10s, 15s, 30s, 1m, 5m, 15m - # --- - # refresh_interval: "15s" - - ########## - # --- - # kubernetes_config: - # - # The Burst value of the Kubernetes client. - # --- - # burst: 200 - # - # The ratio interval (expressed in seconds) used for the cache to perform a full refresh. - # Only used when cache_enabled is true. - # --- - # cache_duration: 300 - # - # Flag to use a Kubernetes cache for watching changes and updating pods and controllers data asynchronously. - # --- - # cache_enabled: true - # - # Kiali can cache VirtualService,DestinationRule,Gateway and ServiceEntry Istio resources if they are present - # on this list of Istio types. Other Istio types are not yet supported. - # --- - # cache_istio_types: - # - "DestinationRule" - # - "Gateway" - # - "ServiceEntry" - # - "VirtualService" - # - "Sidecar" - # - "PeerAuthentication" - # - "RequestAuthentication" - # - "AuthorizationPolicy" - # - # List of namespaces or regex defining namespaces to include in a cache. - # --- - # cache_namespaces: - # - ".*" - # - # Cache duration expressed in seconds - # Kiali cache list of namespaces per user, this is typically short lived cache compared with the duration of the - # namespace cache defined by previous CacheDuration parameter - # --- - # cache_token_namespace_duration: 10 - # - # List of controllers that won't be used for Workload calculation. - # Kiali queries Deployment,ReplicaSet,ReplicationController,DeploymentConfig,StatefulSet,Job and CronJob controllers. - # Deployment and ReplicaSet will be always queried, but ReplicationController,DeploymentConfig,StatefulSet,Job and CronJobs - # can be skipped from Kiali workloads query if they are present in this list. - # --- - # excluded_workloads: - # - "CronJob" - # - "DeploymentConfig" - # - "Job" - # - "ReplicationController" - # - # The QPS value of the Kubernetes client. - # --- - # qps: 175 - - ########## - # --- - # login_token: - # - # The token expiration in seconds. - # --- - # expiration_seconds: 86400 - # - # The signing key used to generate tokens for user authentication. - # Because this is potentially sensitive, you have the option to store this - # value in a secret. If you store this signing key value in a secret, you - # must indicate what key in what secret by setting this value to a string - # in the form of "secret::" - # If left as an empty string, a secret with a random signing key will be - # generated for you. - # --- - # signing_key: "" - - ########## - # --- - # server: - # - # Where the Kiali server is bound. The console and API server are accessible on this host. - # --- - # address: "" - # - # When true, allows additional audit logging on write operations. - # --- - # audit_log: true - # - # When true, allows the web console to send requests to other domains other than where the console came from. - # Typically used for development environments only. - # --- - # cors_allow_all: false - # - # When true, Kiali serves http requests with gzip enabled (if the browser supports it) when the requests are - # over 1400 bytes. - # --- - # gzip_enabled: true - # - # When true, the metrics endpoint will be available for Prometheus to scrape. - # --- - # metrics_enabled: true - # - # The port that the server will bind to in order to receive metric requests. - # This is the port Prometheus will need to scrape when collecting metrics from Kiali. - # --- - # metrics_port: 9090 - # - # The port that the server will bind to in order to receive console and API requests. - # --- - # port: 20001 - # - # Defines the public domain where Kiali is being served. This is the "domain" part - # of the URL (usually it's a fully-qualified domain name). - # For example, "kiali.example.org". - # When empty, Kiali will try to guess this value from HTTP headers. - # --- - # web_fqdn: "" - # - # Define the history mode of kiali UI. This can only take - # two possible values: either "browser" or "hash". - # When empty, it will always be considered as browser - # --- - # web_history_mode: "" - # - # Defines the ingress port where the connections come from. This is usually - # necessary when the application responds through a proxy/ingress, and it does - # not forward the correct headers so Kiali can guess the port. - # - # When empty, Kiali will try to guess this value from HTTP headers. - # --- - # web_port: "" - # - # Defines the context root path for the Kiali console and API endpoints and readiness probes. - # When providing a context root path that is not "/", do not add a trailing slash. - # For example, use "/kiali" not "/kiali/". - # When empty, will default to "/" on OpenShift and "/kiali" on Kubernetes. - # --- - # web_root: "" - # - # Defines the public HTTP schema used to serve Kiali. This can only take - # two possible values: either "http" or "https". - # When empty, Kiali will try to guess this value from HTTP headers. - # --- - # web_schema: "" - +# Taken from https://github.com/kiali/kiali-operator/blob/v1.33/deploy/kiali/kiali_cr.yaml +################################################################### +# kiali_cr.yaml +# +# This is a fully documented Kiali custom resource yaml file. +# It can be used to tell the Kiali Operator to install Kiali. +# +# This is actually an empty Kiali CR, however, it provides +# documentation on all available settings. +# In each documented section, you will see a "---" marker; +# below that marker you will see the names of the settings along +# with their default values. If the setting is not defined by +# default, its name will be prefixed with "#". +################################################################### + +########## +# --- +# additional_display_details: +# - title: "API Documentation" +# annotation: "kiali.io/api-spec" +# icon_annotation: "kiali.io/api-type" +# +# A list of additional details that Kiali will look for in annotations and display, for every workload and service, in their respective details pages. +# It can typically be used to inject some CI metadata or documentation links into Kiali views. +# Each item in the list is an object with "annotation", "title" and "icon_annotation" fields to indicate which annotation Kiali needs to look for, and how it should be displayed. +# "icon_annotation" is optional and would display an icon next to the text. +# At the moment, the value of the icon annotation can only be one of "rest", "grpc" or "graphql"; otherwise, it is ignored. +# By default, these settings recognize API Documentation links via annotation "kiali.io/api-spec" and icon-annotation "kiali.io/api-type". +# For example, it would make Kiali recognize these annotations in a service or a workload definition (Deployment, StatefulSet, etc.) to display the appropriate link and text: +# annotations: +# kiali.io/api-spec: http://link/to/my/doc +# kiali.io/api-type: rest +# Should you change this setting for your own custom annotations, keep in mind that it would override the current default. +# So you would have to copy the "API Documentation" setting as shown above if you want to preserve these links. + +########## +# Tag used to identify a particular instance/installation of the Kiali server. +# --- +# installation_tag: "" + +########## +# The namespaces where individual Istio components are installed. +# If left empty, it is assumed all Istio components are installed in the +# defined istio_namespace. If a component is not listed here, it is +# assumed that component is installed in istio_namespace. For example: +# istio_component_namespaces: +# prometheus: prom-ns +# means Prometheus is installed in the namespace "prom-ns" but all other +# Istio components are installed in the namespace defined in istio_namespace. +# NOTE: You can find Istio Components Status settings under `external_services`. +# --- +# istio_component_namespaces: {} + +########## +# The namespace where Istio is installed. If left empty, it is assumed to be the +# same namespace as where Kiali is installed (i.e. deployment.namespace). +# Note that if you install some Istio components in other namespaces, specify +# that component's namespace in istio_component_namespaces. +# --- +# istio_namespace: "" + +########## +# The version of the Ansible playbook to execute in order to install that version of Kiali. +# If not specified, a default version of Kiali will be installed which will be the most recent release of Kiali. +# The currently allowed values for this setting are: "default", "v1.0", "v1.12", "v1.24" +# Refer to this file to see where these values are defined in the master branch: +# https://github.com/kiali/kiali-operator/tree/master/playbooks/default-supported-images.yml +# +# This version setting affects the defaults of the deployment.image_name and +# deployment.image_version settings. See the comments for those settings +# below for additional details. But in short, this version setting will +# dictate which version of the Kiali image will be deployed by default. +# Note that if you explicitly set deployment.image_name and/or +# deployment.image_version you are responsible for ensuring those settings +# are compatible with this setting (i.e. the Kiali image must be compatible +# with the rest of the configuration and resources the operator will install). +# +# See the Kiali documentation to determine which of these versions support +# the version of Istio you are installing Kiali with. +# +# --- +# version: "default" + +########## +# --- +# api: +# +# Allows for controlling what namespaces/projects are returned by Kiali. +# +# 'exclude' is optional and takes a list of namespaces to be excluded from the list +# of namespaces provided by the API and UI. Regex is supported. This does not affect +# explicit namespace access. +# +# 'label_selector' is optional and takes a string value of a Kubernetes label selector +# (e.g. "myLabel=myValue") which is used when fetching the list of available namespaces. +# This does not affect explicit namespace access. +# Note that if you do not set this but deployment.accessible_namespaces does not have the +# special "all namespaces" value of "**" then this label_selector will be set +# to a default value of "kiali.io/member-of=" where +# is the namespace where Kiali is to be installed. +# If deployment.accessible_namespaces does not have the special value of "**" +# then the Kiali operator will add a new label to all accessible namespaces - that new +# label will be this label_selector. +# +# --- +# namespaces: +# exclude: +# - "istio-operator" +# - "kube.*" +# - "openshift.*" +# - "ibm.*" +# - "kiali-operator" +# #label_selector: + +########## +# --- +# auth: +# +# Determines what authentication strategy to use when users log into Kiali. +# Options are "anonymous", "token", "openshift", "openid", "header". +# Choose "anonymous" to allow full access to Kiali without requiring any credentials. +# Choose "token" to allow access to Kiali using service account tokens, which controls +# access based on RBAC roles assigned to the service account. +# Choose "openshift" to use the OpenShift OAuth login which controls access based on +# the individual's RBAC roles in OpenShift. Not valid for non-OpenShift environments. +# Choose "header" when Kiali is running behind a reverse proxy that will inject an +# Authorization header and potentially impersonation headers. +# Choose "openid" to enable OpenID connect based authentication. Your cluster is required to +# be configured to accept the tokens issued by your IdP. There are additional required +# configurations for this strategy. See below for the additional OpenID configuration section. +# When empty, its value will default to "openshift" on OpenShift and "token" on Kubernetes. +# --- +# strategy: "" +# +# To learn how to configure the OpenId authentication strategy, read the documentation +# at the website on https://kiali.io/documentation/latest/configuration/authentication/openid/ +# +# --- +# openid: +# api_proxy: "" +# api_proxy_ca_data: "" +# authentication_timeout: 300 +# authorization_endpoint: "" +# client_id: "" +# disable_rbac: false +# http_proxy: "" +# https_proxy: "" +# insecure_skip_verify_tls: false +# issuer_uri: "" +# scopes: ["openid", "profile", "email"] +# username_claim: "sub" +# +# The Route resource name and OAuthClient resource name will have this value as its prefix. +# This value normally should never change. The installer will ensure this value is set correctly. +# --- +# openshift: +# client_id_prefix: kiali + +########## +# --- +# deployment: +# +# A list of namespaces Kiali is to be given access to. +# These namespaces have service mesh components that are to be observed by Kiali. +# You can provide names using regex expressions matched against all namespaces the operator can see. +# The default makes all namespaces accessible except for some internal namespaces that typically should be ignored. +# NOTE! If this has an entry with the special value of "**" (two asterisks), that will denote you want +# Kiali to be given access to all namespaces via a single cluster role (if using this special value of "**", +# you are required to have already granted the operator permissions to create cluster roles and cluster role bindings). +# --- +# accessible_namespaces: ["^((?!(istio-operator|kube.*|openshift.*|ibm.*|kiali-operator)).)*$"] +# +# Additional custom yaml to add to the service definition. This is used mainly to customize the service type. +# For example, if the deployment.service_type is set to "LoadBalancer" and you want to set the loadBalancerIP, +# you can do so here with: additional_service_yaml: { "loadBalancerIP": "78.11.24.19" }. +# Another example would be if the deployment.service_type is set to "ExternalName" you will need to configure +# the name via: additional_service_yaml: { "externalName": "my.kiali.example.com" }. +# A final example would be if external IPs need to be set: additional_service_yaml: { "externalIPs": ["80.11.12.10"] } +# --- +# #additional_service_yaml: +# +# Affinity definitions that are to be used to define the nodes where the Kiali pod should be contrained. +# See the Kubernetes documentation on Assigning Pods to Nodes for the proper syntax for these three +# different affinity types. +# --- +# affinity: +# node: {} +# pod: {} +# pod_anti: {} +# +# Names of the out-of-box custom monitoring dashboards that are to be installed. +# The custom monitoring dashboards are defined in yaml files located within the operator. +# Consult the operator templates for the custom monitoring dashboard yaml files available. +# For example, see this for the current list of yaml files available: +# https://github.com/kiali/kiali-operator/tree/master/roles/default/kiali-deploy/templates/dashboards +# These settings will determine the additional metric graphs that you will see within the Kiali UI. +# You can specify an includes and excludes list, the excludes list takes precedence. +# Each list can have fileglob wildcard characters '*' and '?' for file matching. +# --- +# custom_dashboards: +# excludes: [''] +# includes: ['*'] +# +# Determines what (if any) HorizontalPodAutoscaler should be created to autoscale the Kiali pod. +# A typical way to configure HPA for Kiali is: +# +# hpa: +# spec: +# maxReplicas: 2 +# minReplicas: 1 +# targetCPUUtilizationPercentage: 80 +# +# If "spec" is left empty, no HPA resource will be created. Otherwise, the "spec" yaml specified +# here will be placed in the created HPA resource's spec section. +# NOTE: do not specify the "scaleTargetRef" section in "spec"; the Kiali Operator will populate that for you. +# You can optionally specify a specific HPA api_version in case there is some HPA feature +# you want to use that is only supported in that specific version. +# --- +# hpa: +# api_version: "autoscaling/v2beta2" +# spec: {} +# +# Determines which Kiali image to download and install. +# If you set this to a specific name (i.e. you do not leave it as the default empty string), +# you must make sure that image is supported by the operator. +# If empty, the operator will use a known supported image name based on which "version" was defined. +# Note that, as a security measure, a cluster admin may have configured the Kiali operator to +# ignore this setting. A cluster admin may do this to ensure the Kiali operator only installs +# a single, specific Kiali version, thus this setting may have no effect depending on how the +# operator itself was configured. +# --- +# image_name: "" +# +# The Kubernetes pull policy for the Kiali deployment. +# This is overridden to be "Always" if image_version is set to "latest". +# --- +# image_pull_policy: "IfNotPresent" +# +# The names of the secrets to be used when container images are to be pulled. +# --- +# image_pull_secrets: [] +# +# Determines which version of Kiali to install. +# Choose "lastrelease" to use the last Kiali release. +# Choose "latest" to use the latest image (which may or may not be a released version of Kiali). +# Choose "operator_version" to use the image whose version is the same as the operator version. +# Otherwise, you can set this to any valid Kiali version (such as "v1.0"). +# Note that if this is set to "latest" then the image_pull_policy will be "Always". +# If you set this to a specific version (i.e. you do not leave it as the default empty string), +# you must make sure that image is supported by the operator. +# If empty, the operator will use a known supported image version based on which "version" was defined. +# Note that, as a security measure, a cluster admin may have configured the Kiali operator to +# ignore this setting. A cluster admin may do this to ensure the Kiali operator only installs +# a single, specific Kiali version, thus this setting may have no effect depending on how the +# operator itself was configured. +# --- +# image_version: "" +# +# Determines if the Kiali endpoint should be exposed externally. +# If true, an Ingress will be created if on Kubernetes or a Route if on OpenShift. +# --- +# ingress_enabled: true +# +# Determines the logger configuration. +# log_format supports text and json. +# log_level supports trace, debug, info, warn, error, fatal. +# time_field_format supports a golang time format (https://golang.org/pkg/time/) +# sampler_rate defines a basic log sampler setting as an integer. With this setting every sampler_rate-th +# message will be logged. By default, every message is logged. +# --- +# logger: +# log_level: info +# log_format: text +# sampler_rate: "1" +# time_field_format: "2006-01-02T15:04:05Z07:00" +# +# The namespace into which Kiali is to be installed. If this is empty or not defined, +# the default will be the namespace where the Kiali CR is located. +# --- +# namespace: "" +# +# A set of node labels that dictate onto which node the Kiali pod will be deployed. +# --- +# node_selector: {} +# +# Because an ingress into a cluster can vary wildly in its desired configuration, +# this setting provides a way to override complete portions of the ingress resource +# configuration (Ingress on Kubernetes and Route on OpenShift). It is up to the user +# to ensure this override YAML configuration is valid and supports the cluster environment +# since the operator will blindly copy this custom configuration into the resource it +# creates. +# This setting is not used if deployment.ingress_enabled is set to 'false'. +# Note that only 'metadata.annotations' and 'spec' is valid and only they will +# be used to override those same sections in the created resource. You can define +# either one or both. +# Example: +# override_ingress_yaml: +# metadata: +# annotations: +# nginx.ingress.kubernetes.io/secure-backends: "true" +# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" +# spec: +# rules: +# - http: +# paths: +# - path: /kiali +# backend: +# serviceName: kiali +# servicePort: 20001 +# --- +# #override_ingress_yaml: +# +# Custom annotations to be created on the Kiali pod. +# --- +# pod_annotations: {} +# +# Custom labels to be created on the Kiali pod. +# --- +# pod_labels: {} +# +# The priorityClassName used to assign the priority of the Kiali pod. +# --- +# priority_class_name: "" +# +# The replica count for the Kiail deployment. +# --- +# replicas: 1 +# +# Defines compute resources that are to be given to the Kiali pod's container. +# The value is a dict as defined by Kubernetes. See the Kubernetes documentation +# https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container +# --- +# resources: {} +# +# The name of a secret used by the Kiali. Reserved for future use - not currently used. +# --- +# secret_name: "kiali" +# +# Custom annotations to be created on the Kiali Service resource. +# --- +# service_annotations: {} +# +# The Kiali service type. Kubernetes determines what values are valid. +# Common values are "NodePort", "ClusterIP", and "LoadBalancer". +# --- +# #service_type: +# +# A list of tolerations which declare which node taints Kiali can tolerate. +# See the Kubernetes documentation on Taints and Tolerations for more details. +# --- +# tolerations: [] +# +# DEPRECATED - use the logger.log_level setting. +# Determines which priority levels of log messages Kiali will output. +# Typical values are "3" for INFO and higher priority, "4" for DEBUG and higher priority. +# --- +# verbose_mode: "3" +# +# Kiali resources will be assigned a "version" label when they are deployed. +# This determines what value those "version" labels will have. +# When empty, its default will be determined as follows: +# If image_version is "latest", version_label will be fixed to "master". +# If image_version is "lastrelease", version_label will be fixed to +# the last Kiali release version string. +# If the image_version is anything else, version_label will be that value, too. +# --- +# version_label: "" +# +# When true, Kiali will be in "view only" mode, allowing the user to view and retrieve +# management and monitoring data for the service mesh, but not allow the user to +# modify the service mesh. +# --- +# view_only_mode: false + +########## +# --- +# extensions: +# +# Kiali enabled integration with Iter8 project. +# If this extension is enabled, Kiali will communicate with Iter8 controller allowing to manage Experiments and review results. +# Additional documentation https://iter8.tools/ +# --- +# iter_8: +# +# Flag to indicate if iter8 extension is enabled in Kiali +# --- +# enabled: false + +########## +# --- +# external_services: +# +# Note about sensitive values in the external_services "auth" sections: +# Some external services configured below support an "auth" sub-section in order to tell Kiali how it should +# authenticate with the external services. Credentials used to authenticate Kiali to those external services can +# be defined in the "auth.password" and "auth.token" values within the "auth" sub-section. +# Because these are sensitive values, you may not want to declare the actual credentials here in the Kiali CR. In +# this case, you may store the actual password or token string in a Kubernetes secret. If you do, you need to +# set the "auth.password" or "auth.token" to a value in the format "secret::" where +# "" is the name of the secret object that Kiali can access, and is the name of the key +# within the named secret that contains the actual password or token string. For example, if Grafana requires a +# password, you can store that password in a secret named "myGrafanaCredentials" in a key named "myGrafanaPw". +# In this case, you would set "external_services.grafana.auth.password" to "secret:myGrafanaCredentials:myGrafanaPw". +# +# **Custom-dashboards settings: +# discovery_auto_threshold: Threshold of the number of pods, for a given Application or Workload, above which dashboards discovery will be skipped +# This setting only takes effect when discovery_enabled is set to 'auto'. +# discovery_enabled: Enable, disable or set 'auto' mode to the dashboards discovery process. If set to true, Kiali +# will always try to discover dashboards based on metrics. Note that it can generate performance penalties while +# discovering dashboards for workloads having many pods (thus many metrics). +# When set to 'auto', Kiali will skip dashboards discovery for workloads with more than a configured threshold of pods +# (see 'discovery_auto_threshold'). When discovery is disabled or auto/skipped, it is still possible to tie workloads +# with dashboards through annotations on pods (refer to the doc https://kiali.io/documentation/latest/runtimes-monitoring/#pods-annotations) +# Allowed values: true, false, auto. +# enabled: Enable or disable custom dashboards, including the dashboards discovery process. Default: true. +# is_core_component: Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning. +# namespace_label: Prometheus label name used for identifying namespaces in metrics for custom dashboards. +# Default is "kubernetes_namespace". It is quite common to use just "namespace" as well, depending on your Prometheus configuration. +# prometheus: Please check the section below about Prometheus-specific settings: they are identical. The Prometheus +# configuration defined here is dedicated to fetching custom dashboards, hence allowing to use a different instance +# of Prometheus. If omitted, the same Prometheus as for Istio metrics will be reused for custom dashboards. +# --- +# custom_dashboards: +# discovery_auto_threshold: 10 +# discovery_enabled: auto +# enabled: true +# is_core_component: false +# namespace_label: "kubernetes_namespace" +# prometheus: +# auth: +# ca_file: "" +# insecure_skip_verify: false +# password: "" +# token: "" +# type: "none" +# use_kiali_token: false +# username: "" +# url: "" +# +# **Grafana-specific settings: +# auth: authentication settings to connect to Grafana: +# ca_file: The certificate authority file to use when accessing Grafana using https. An empty string means no extra +# certificate authority file is used. Default is an empty string. +# insecure_skip_verify: Set true to skip verifying certificate validity when Kiali contacts Grafana over https. +# password: Password to be used when making requests to Grafana, for basic authentication. User only requires viewer permissions. May refer to a secret - see note above. +# token: Token / API key to access Grafana, for token-based authentication. It only requires viewer permissions. May refer to a secret - see note above. +# type: The type of authentication to use when contacting the server from the Kiali backend. Use "bearer" to send the +# token to the Grafana server. Use "basic" to connect with username and password credentials. Use "none" to not use any authentication. +# Default is "none" +# use_kiali_token: When true and if auth.type is "bearer", the same OAuth token used for authentication in Kiali will be used for the API calls to Grafana, +# and auth.token config is ignored then. +# username: Username to be used when making requests to Grafana, for basic authentication. User only requires viewer permissions. +# is_core_component: Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning. +# dashboards: A list of Grafana dashboards that Kiali can link to. Each item contains: +# name: The name of the dashboard in Grafana +# variables: +# app: The name of a variable that holds the app name, if used in that dashboard (else it must be omitted) +# namespace: The name of a variable that holds the namespace, if used in that dashboard (else it must be omitted) +# service: The name of a variable that holds the service name, if used in that dashboard (else it must be omitted) +# workload: The name of a variable that holds the workload name, if used in that dashboard (else it must be omitted) +# enabled: When true, Grafana support will be enabled in Kiali. +# in_cluster_url: Set URL for in-cluster access. Example: "http://grafana.istio-system:3000". This URL can contain query parameters if needed, such as "?orgId=1". +# url: The URL that Kiali uses when integrating with Grafana. This URL must be accessible to clients external to +# the cluster in order for the integration to work properly. If empty, an attempt to auto-discover it is made. +# This URL can contain query parameters if needed, such as "?orgId=1". +# --- +# grafana: +# auth: +# ca_file: "" +# insecure_skip_verify: false +# password: "" +# token: "" +# type: "none" +# use_kiali_token: false +# username: "" +# is_core_component: false +# dashboards: +# - name: "Istio Service Dashboard" +# variables: +# namespace: "var-namespace" +# service: "var-service" +# - name: "Istio Workload Dashboard" +# variables: +# namespace: "var-namespace" +# workload: "var-workload" +# - name: "Istio Mesh Dashboard" +# - name: "Istio Control Plane Dashboard" +# - name: "Istio Performance Dashboard" +# - name: "Istio Wasm Extension Dashboard" +# enabled: true +# in_cluster_url: "http://grafana.istio-system:3000" +# url: "" +# +# **Istio-specific settings: +# component_status: +# enabled: Enable/Disable of istio component status into masthead indicator. It defaults to true. +# components: A list of components that Kiali will check its statuses. +# app_label: Istio component pod app label. +# is_core: Whether the component is core for your deployment. +# namespace: The namespace where the component is installed in. It defaults to the 'istio_namespace' setting. +# Note that the Istio documentation suggests you install the ingress and egress to different namespaces, +# so you most likely will want to explicitly set this namespace value for the ingress and egress components. +# For example, something like: +# - app_label: istio-ingressgateway +# is_core: false +# namespace: +# config_map_name: The name of the istio control plane config map. It defaults to `istio`. +# envoy_admin_local_port: The port which kiali will open to fetch envoy config data information. +# istio_identity_domain: The annotation used by Istio to identify domains. +# istio_injection_annotation: The annotation used by Istio to automatically inject a specific workload +# istio_sidecar_annotation: The pod annotation used by Istio to identify the sidecar. +# istiod_deployment_name: The name of the istiod deployment. +# url_service_version: The Istio service used to determine the Istio version. If empty, assumes the URL for the well-known Istio version endpoint. +# --- +# istio: +# component_status: +# enabled: true +# components: +# - app_label: istiod +# is_core: true +# - app_label: istio-ingressgateway +# is_core: true +# - app_label: istio-egressgateway +# is_core: false +# config_map_name: "istio" +# envoy_admin_local_port: 15000 +# istio_identity_domain: "svc.cluster.local" +# istio_injection_annotation: "sidecar.istio.io/inject" +# istio_sidecar_annotation: "sidecar.istio.io/status" +# istiod_deployment_name: "istiod" +# url_service_version: "" +# +# +# **Prometheus-specific settings: +# auth: authentication settings to connect to Prometheus: +# ca_file: The certificate authority file to use when accessing Prometheus using https. An empty string means no extra +# certificate authority file is used. Default is an empty string. +# insecure_skip_verify: Set true to skip verifying certificate validity when Kiali contacts Prometheus over https. +# password: Password to be used when making requests to Prometheus, for basic authentication. May refer to a secret - see note above. +# token: Token / API key to access Prometheus, for token-based authentication. May refer to a secret - see note above. +# type: The type of authentication to use when contacting the server from the Kiali backend. Use "bearer" to send the +# token to the Prometheus server. Use "basic" to connect with username and password credentials. Use "none" to not use any authentication. +# Default is "none" +# use_kiali_token: When true and if auth.type is "bearer", Kiali Service Account token will be used for the API calls to Prometheus, +# and auth.token config is ignored then. +# username: Username to be used when making requests to Prometheus, for basic authentication. +# cache_duration: Prometheus caching duration expressed in seconds +# cache_enabled: Enable/disable Prometheus caching used for Health services +# cache_expiration: Prometheus caching expiration expressed in seconds +# url: The URL used to query the Prometheus Server. This URL must be accessible from the Kiali pod. +# If empty, assumes it is in the istio namespace at the URL "http://prometheus.:9090" +# --- +# prometheus: +# auth: +# ca_file: "" +# insecure_skip_verify: false +# password: "" +# token: "" +# type: "none" +# use_kiali_token: false +# username: "" +# cache_duration: 10 +# cache_enabled: true +# cache_expiration: 300 +# url: "" +# +# **Tracing-specific settings: +# - Right now we only support Jaeger +# auth: authentication settings to connect to Jaeger: +# ca_file: The certificate authority file to use when accessing Jaeger using https. An empty string means no extra +# certificate authority file is used. Default is an empty string. +# insecure_skip_verify: Set true to skip verifying certificate validity when Kiali contacts Jaeger over https. +# password: Password to be used when making requests to Jaeger, for basic authentication. User only requires viewer permissions. May refer to a secret - see note above. +# token: Token / API key to access Jaeger, for token-based authentication. It only requires viewer permissions. May refer to a secret - see note above. +# type: The type of authentication to use when contacting the server from the Kiali backend. Use "bearer" to send the +# token to Jaeger Query. Use "basic" to connect with username and password credentials. Use "none" to not use any authentication. +# Default is "none" +# use_kiali_token: When true and if auth.type is "bearer", the same OAuth token used for authentication in Kiali will be used for the API calls to Jaeger Query, +# and auth.token config is ignored then. +# username: Username to be used when making requests to Jaeger, for basic authentication. User only requires viewer permissions. +# is_core_component: Used in the Components health feature. When true, the unhealthy scenarios will be raised as errors. Otherwise, they will be raised as a warning. +# enabled: When true, connections to Jaeger are enabled. "in_cluster_url" and/or "url" need to be provided. +# in_cluster_url: Set URL for in-cluster access, which enables further integration between Kiali and Jaeger. +# When not provided, Kiali will only show external links using the "url" config. +# Example: "http://tracing.istio-system". +# namespace_selector: Kiali use this boolean to look traces with namespace selector : service.namespace. Default: true +# url: External URL that will be used to generate links to Jaeger. It must be accessible to clients external to +# the cluster (e.g: browser) in order to generate valid links. +# If tracing service is deployed in a QUERY_BASE_PATH set this in the url like https:/// . EX: https://tracing-service:8080/jaeger +# use_grpc: Set "true" to enable GRPC connection between Kiali and Jaeger, in order to speed up the queries. In some setups you might not be able to use +# GRPC (e.g. if Jaeger is behind some reverse proxy that doesn't support it). +# If not specified, it will be false if deployed within a Maistra/OSSM+OpenShift environment, true otherwise. +# whitelist_istio_system: Set whitelist services in istio-system to check their traces +# --- +# tracing: +# auth: +# ca_file: "" +# insecure_skip_verify: false +# password: "" +# token: "" +# type: "none" +# use_kiali_token: false +# username: "" +# is_core_component: false +# enabled: true +# in_cluster_url: "" +# namespace_selector: true +# url: "" +# #use_grpc: +# whitelist_istio_system: ["jaeger-query", "istio-ingressgateway"] + +########## +# --- +# health_config: +# +# rate: A list of health configurations that Kiali uses to determine what is (and is not) healthy nodes. Each item contains: +# namespace: The name of the namespace that this configuration applies to. This is a regular expression. +# kind: The type of resource that this configuration applies to. This is a regular expression. +# name: The name of a resource that this configuration applies to. This is a regular expression. +# tolerance: A list of tolerances for this configuration. Each item contains: +# protocol: The protocol that applies for this tolerance (e.g. grpc or http). This is a regular expression. +# direction: The direction that applies for this tolerance (e.g. inbound or outbound). This is a regular expression. +# code: The status code that applies for this tolerance. This is a regular expression. +# degraded: Health will be considered degraded when the telemetry reaches this value (specified as a %). +# failure: A failure status will be shown when the telemetry reaches this value (specified as a %). +# --- +# rate: [] + +########## +# --- +# identity: +# +# Certificate file used to identify the file server. If set, you must go over https to access Kiali. +# The operator will set these if it deploys Kiali behind https. +# When left undefined, the operator will assign a cluster-specific cert file to provide https by default. +# When set to an empty string, https will be disabled. +# --- +# #cert_file: +# +# Private key file used to identify the server. If set, you must go over https to access Kiali. +# When left undefined, the operator will assign a cluster-specific private key file to provide https by default. +# When set to an empty string, https will be disabled. +# --- +# #private_key_file: + +########## +# --- +# istio_labels: +# +# This section defines what labels Istio is using to indicate apps and versions. +# Typical values are: ("app" and "version") or ("app.kubernetes.io/name" and "app.kubernetes.io/version"). +# Kiali needs to know what labels Istio is using to be in sync with what Istio considers applications. +# It adds the label used to instruct Istio to automatically inject sidecar proxies when applications are deployed. +# --- +# app_label_name: "app" +# injection_label_name: "istio-injection" +# version_label_name: "version" + +########## +# Kiali features that can be enabled/disabled via configuration +# --- +# kiali_feature_flags: +# +# Flag to indicate Kiali to enable/disable an Action to label a namespace for automatic Istio Sidecar injection. +# --- +# istio_injection_action: true +# +# Default settings for the UI. These defaults apply to all users. +# --- +# ui_defaults: +# +# Duration of metrics to fetch on each refresh. Omit for default. +# Valid values: 1m, 5m, 10m, 30m, 1h, 3h, 6h, 12h, 1d, 7d, 30d +# --- +# metrics_per_refresh: "1m" +# +# Default selections for the namespace selection dropdown. Non-existent or +# inaccessible namespaces will be ignored. Omit, or set to an empty array for no +# default namespaces. +# --- +# namespaces: [] +# +# The automatic refresh interval for pages offering automatic refresh. +# +# Valid values: pause, 10s, 15s, 30s, 1m, 5m, 15m +# --- +# refresh_interval: "15s" + +########## +# --- +# kubernetes_config: +# +# The Burst value of the Kubernetes client. +# --- +# burst: 200 +# +# The ratio interval (expressed in seconds) used for the cache to perform a full refresh. +# Only used when cache_enabled is true. +# --- +# cache_duration: 300 +# +# Flag to use a Kubernetes cache for watching changes and updating pods and controllers data asynchronously. +# --- +# cache_enabled: true +# +# Kiali can cache VirtualService,DestinationRule,Gateway and ServiceEntry Istio resources if they are present +# on this list of Istio types. Other Istio types are not yet supported. +# --- +# cache_istio_types: +# - "DestinationRule" +# - "Gateway" +# - "ServiceEntry" +# - "VirtualService" +# - "Sidecar" +# - "PeerAuthentication" +# - "RequestAuthentication" +# - "AuthorizationPolicy" +# +# List of namespaces or regex defining namespaces to include in a cache. +# --- +# cache_namespaces: +# - ".*" +# +# Cache duration expressed in seconds +# Kiali cache list of namespaces per user, this is typically short lived cache compared with the duration of the +# namespace cache defined by previous CacheDuration parameter +# --- +# cache_token_namespace_duration: 10 +# +# List of controllers that won't be used for Workload calculation. +# Kiali queries Deployment,ReplicaSet,ReplicationController,DeploymentConfig,StatefulSet,Job and CronJob controllers. +# Deployment and ReplicaSet will be always queried, but ReplicationController,DeploymentConfig,StatefulSet,Job and CronJobs +# can be skipped from Kiali workloads query if they are present in this list. +# --- +# excluded_workloads: +# - "CronJob" +# - "DeploymentConfig" +# - "Job" +# - "ReplicationController" +# +# The QPS value of the Kubernetes client. +# --- +# qps: 175 + +########## +# --- +# login_token: +# +# The token expiration in seconds. +# --- +# expiration_seconds: 86400 +# +# The signing key used to generate tokens for user authentication. +# Because this is potentially sensitive, you have the option to store this +# value in a secret. If you store this signing key value in a secret, you +# must indicate what key in what secret by setting this value to a string +# in the form of "secret::" +# If left as an empty string, a secret with a random signing key will be +# generated for you. +# --- +# signing_key: "" + +########## +# --- +# server: +# +# Where the Kiali server is bound. The console and API server are accessible on this host. +# --- +# address: "" +# +# When true, allows additional audit logging on write operations. +# --- +# audit_log: true +# +# When true, allows the web console to send requests to other domains other than where the console came from. +# Typically used for development environments only. +# --- +# cors_allow_all: false +# +# When true, Kiali serves http requests with gzip enabled (if the browser supports it) when the requests are +# over 1400 bytes. +# --- +# gzip_enabled: true +# +# When true, the metrics endpoint will be available for Prometheus to scrape. +# --- +# metrics_enabled: true +# +# The port that the server will bind to in order to receive metric requests. +# This is the port Prometheus will need to scrape when collecting metrics from Kiali. +# --- +# metrics_port: 9090 +# +# The port that the server will bind to in order to receive console and API requests. +# --- +# port: 20001 +# +# Defines the public domain where Kiali is being served. This is the "domain" part +# of the URL (usually it's a fully-qualified domain name). +# For example, "kiali.example.org". +# When empty, Kiali will try to guess this value from HTTP headers. +# On non-OpenShift clusters, you must populate this value if you want to enable +# cross-linking between Kiali instances in a multi-cluster setup. +# --- +# web_fqdn: "" +# +# Define the history mode of kiali UI. This can only take +# two possible values: either "browser" or "hash". +# When empty, it will always be considered as browser +# --- +# web_history_mode: "" +# +# Defines the ingress port where the connections come from. This is usually +# necessary when the application responds through a proxy/ingress, and it does +# not forward the correct headers so Kiali can guess the port. +# +# When empty, Kiali will try to guess this value from HTTP headers. +# --- +# web_port: "" +# +# Defines the context root path for the Kiali console and API endpoints and readiness probes. +# When providing a context root path that is not "/", do not add a trailing slash. +# For example, use "/kiali" not "/kiali/". +# When empty, will default to "/" on OpenShift and "/kiali" on Kubernetes. +# --- +# web_root: "" +# +# Defines the public HTTP schema used to serve Kiali. This can only take +# two possible values: either "http" or "https". +# When empty, Kiali will try to guess this value from HTTP headers. +# On non-OpenShift clusters, you must populate this value if you want to enable +# cross-linking between Kiali instances in a multi-cluster setup. +# --- +# web_schema: "" \ No newline at end of file diff --git a/tests/test-values.yml b/tests/test-values.yml index 5f69208..b33b2f5 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -1,5 +1,8 @@ istio: enabled: false createNamespace: false +image: + pullSecrets: + - private-registry-mil imagePullSecrets: - name: private-registry-mil \ No newline at end of file -- GitLab From d547c612258644c5ac99cda672854879bdd5d3cb Mon Sep 17 00:00:00 2001 From: Thomas Runyon Date: Thu, 15 Apr 2021 06:12:38 -0400 Subject: [PATCH 16/17] fix IPS for kiali in tests --- tests/test-values.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/test-values.yml b/tests/test-values.yml index b33b2f5..ec6c11c 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -1,8 +1,9 @@ istio: enabled: false -createNamespace: false image: pullSecrets: - private-registry-mil -imagePullSecrets: -- name: private-registry-mil \ No newline at end of file +spec: + deployment: + image_pull_secrets: + - private-registry-mil \ No newline at end of file -- GitLab From e2d39f361d6d91f1811bad612931dc5740758b4f Mon Sep 17 00:00:00 2001 From: Thomas Runyon Date: Thu, 15 Apr 2021 07:14:10 -0400 Subject: [PATCH 17/17] proper yaml --- tests/test-values.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/test-values.yml b/tests/test-values.yml index ec6c11c..b5c95b1 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -3,7 +3,8 @@ istio: image: pullSecrets: - private-registry-mil -spec: - deployment: - image_pull_secrets: - - private-registry-mil \ No newline at end of file +cr: + spec: + deployment: + image_pull_secrets: + - private-registry-mil \ No newline at end of file -- GitLab