Kiali helps you define, validate, and observe your Istio service mesh. Kiali provides answers to the questions: What are the microservices in my service mesh, and how are they connected?
Kiali works with Istio in OpenShift or Kubernetes. It visualizes the service mesh topology and provides visibility into features like request routing, circuit breakers, request rates, latency and more. Kial offers insights about the mesh components at different levels, from abstract Applications to Services and Workloads.
Kiali also includes Jaeger Tracing to provide distributed tracing out of the box.
- Observability Features
- Configuration and Validation Features
- Useful resources
Observability is being able to see your service mesh in operation. It combines topology, telemetry, traces, logs, events and definitions. It help you ensure your mesh is healthy or to quickly identify problem areas. It helps correlate different information sources into a holistic view of the system.
The graph provides a powerful way to visualize the topology of your service mesh. It shows you which services communicate with each other and the traffic rates and latencies between them. It lets you visually identify problem areas ane quickly pinpoint issues. Kiali provides four different graph types giving you a high-level view of service interactions, a low level view of pods, or a logical view of applications.
The graph also lets you see which services are configured with such things as virtual services and circuit breakers. It also identifies security issues by identifying traffic not configured as expected. And you can observe the traffic flow between components by watching the animation or viewing the metrics.
You can configure the graph to show the namespaces and data that is important to you, and display it in the way that best meets your needs.
Colors in the graph represent the health of your service mesh. A nodes colored as red or orange may need attention. The color of an edge between components represents the health of the requests between those components. The node shape indicates the type of component, services, workloads, apps, etc.
The health of nodes and edges is refreshed automatically based on the user’s preference. The graph can also be paused to examine a particular state.
Sometimes you want to want to focus on just one component, whether it be a service, a workload, or an application. Kiali offers detail graphs for any component you choose
Double click on a graph node and Kiali will drill in and give you a detailed view centered on that component. It shows you only the incoming requests being served, and the outgoing requests being made. All from the point-of-view of that component’s telemetry.
You can jump back to the main graph and continue where you left off.
Want to get a quick summary of anything in the graph? Select any node with a single-click and the side panel will update to provide a brief summary for that component. This includes:
Charts showing traffic and response times
Links to fully-detailed pages
Response Code breakdowns.
Or, click on the graph background and the side panel provides an overall summary for the entire graph.
Graph: Traffic Animation
Kiali offers several display options for the graph, including traffic animation.
For HTTP traffic, circles represent successful requests while red diamonds represent errors. The more dense the circles and diamonds the higher the request rate. The faster the animation the faster the response times.
TCP traffic is represented by offset circles where the speed of the circles indicates the traffic speed.
Graph: Graph Types
Kiali offers four different graph renderings of the mesh telemetry. Each graph type provides a different view of the traffic.
The workload graph provides the a detailed view of communication between workloads/pods.
The app graph aggregates the workloads with the same app labeling, providing a more logical view.
The versioned app graph aggregates by app, but breaks out the different versions providing traffic breakdowns that are version-specific.
The service graph provides a high-level view, aggregating all traffic for defined services.
Kiali provides filtered list views of all your service mesh definitions. Each view provides health, details, yamls and links to help you visualize your mesh. There are list and detail views for:
Istio Configurations (Virtual Services, Gateways, etc)
Each detail view provides predefined metrics dashboards. The metrics dashboards provided are tailored to the relevant application, workload or service level.
Application and workload detail views show request and response metrics (volume, duration, size, tcp traffic). The traffic can also be viewed for either inbound or outbound traffic.
The service detail view shows request and response metrics per inbound traffic.
The service detail view shows the user the workloads running the service. It also shows the Istio traffic routing configuration (VirtualServices and DestinationRules) associated with the service.
Kiali provides access to YAML definitions and allows modification and delete for authorized users. It provides wizards to assist in common configurations and performs additional validation on VirtualServices to detect misconfigured routes.
Kiali performs several validations on workload configuration:
Are Istio sidecars deployed?
Are proper app and version labels assigned?
Workload detail provides a view of the services for which the workload is handling requests, and the pods backing the workload.
Workload detail also allows access to the pod logs, and provides detailed traffic breakdown.
Detail: Runtimes Monitoring/Dashboards
Kiali comes with default dashboards for several runtimes, including Go, Node.js, Spring Boot, Thorntail, and Vert.x.
These dashboards are simple Kubernetes resources, so you can use your favorite tool to create, modify or delete them. As they are defined as plain yaml or json files, it’s a perfect fit for keeping under source control like GIT, track changes, share, etc.
Check out the documentation page to learn more about it.
Clicking on the Distributed Tracing menu item will open a new tab with the Jaeger UI for tracing services.
Configuration and Validation Features
Kiali is more than observability, it also helps you to configure, update and validate your Istio service mesh.
The Istio configuration view provides advanced filtering and navigation for Istio configuration objects such as Virtual Services and Gateways. Kiali provides inline config edition and powerful semantic validation for Istio resources.
Kiali performs a set of validations to the most common Istio Objects (Destination Rules, Service Entries, Virtual Services, and so on). Those validations are done in addition to/on top of the existing ones performed by Istio’s Galley component. Most validations are done inside a single namespace only, any exceptions (such as gateways) are properly documented.
Galley validation are mostly syntactic validations based on the object syntax analysis of Istio Objects while Kiali validations are mostly semantic validations between different Istio Objects. Kiali validations are based on the runtime status of your service mesh, Galley validations are static ones and doesn’t take into account what is configured in the mesh.
Check the complete list of validations for further information.
Kiali provides different actions to create, update and delete Istio configuration driven by Wizards. These are located in the Actions menu on the Service Details page.
These actions are enabled by default.
Kiali can also be installed in view only mode to restrict any write operation on Istio configuration.
Check Kiali Operator CR to get more details about how to configure this option.
Weighted Routing Wizard
This wizard allows to select the percentage of traffic that will be routed to a specific Workload.
Kiali will create a pair of Istio resources (VirtualService and DestinationRule) with a single routing rule using the selected weights for the destination workloads.
Matching Routing Wizard
The Matching Routing Wizard allows to create multiple routing rules.
Every rule is composed by a Matching and a Routes section.
The Matching section can add multiple filters using HEADERS, URI, SCHEME, METHOD or AUTHORITY Http parameters.
The Matching section can be empty, on this case, any http request received is matched against this rule.
The Routes section can select one or multiple Workloads.
Istio applies routing rules in order, meaning that first rule that matches an HTTP request, it is responsible to perform the routing. The Matching Routing Wizard allows to change order of rules.
In the same way that the previous Wizard, Kiali will create a pair of Istio resources mapping the routing rules defined into the generated VirtualService.
Suspend Traffic Wizard
This wizard helps user to stop partially or totally traffic for a service. It allows to define which workloads will receive traffic.
When traffic is suspended for all workloads, Istio will return an error code to any Service request.
When there is traffic for some workload, the wizard will map a weighted rule; when there is not traffic, an abort rule will be coded in the pair of Istio resources VirtualService and DestinationRule generated.
All previous wizards have an "advanced options" section where user can define specific configuration for TLS and LoadBalancing.
When mTLS is enabled by default in the global cluster or namespace this option is already preselected.
More Wizard examples
The following article Kiali: Observability in Action for Istio Service Mesh describes more examples of how to use the Kiali Wizards to configure Istio configuration.