github.com/operator-framework/operator-lifecycle-manager@v0.30.0/test/e2e/data/kiali-image-bundle/manifests/kiali.v1.4.2.clusterserviceversion.yaml (about) 1 apiVersion: operators.coreos.com/v1alpha1 2 kind: ClusterServiceVersion 3 metadata: 4 name: kiali-operator.v1.4.2 5 namespace: placeholder 6 annotations: 7 categories: Monitoring,Logging & Tracing 8 certified: "false" 9 containerImage: quay.io/kiali/kiali-operator:v1.4.2 10 capabilities: Basic Install 11 support: Kiali 12 description: "Kiali project provides answers to the questions: What microservices are part of my Istio service mesh and how are they connected?" 13 repository: https://github.com/kiali/kiali 14 createdAt: 2019-09-12T00:00:00Z 15 alm-examples: |- 16 [ 17 { 18 "apiVersion": "kiali.io/v1alpha1", 19 "kind": "Kiali", 20 "metadata": { 21 "name": "kiali" 22 }, 23 "spec": { 24 "installation_tag": "My Kiali", 25 "istio_namespace": "istio-system", 26 "deployment": { 27 "namespace": "istio-system", 28 "verbose_mode": "4", 29 "view_only_mode": false 30 }, 31 "external_services": { 32 "grafana": { 33 "url": "" 34 }, 35 "prometheus": { 36 "url": "" 37 }, 38 "tracing": { 39 "url": "" 40 } 41 }, 42 "server": { 43 "web_root": "/mykiali" 44 } 45 } 46 }, 47 { 48 "apiVersion": "monitoring.kiali.io/v1alpha1", 49 "kind": "MonitoringDashboard", 50 "metadata": { 51 "name": "myappdashboard" 52 }, 53 "spec": { 54 "title": "My App Dashboard", 55 "items": [ 56 { 57 "chart": { 58 "name": "My App Processing Duration", 59 "unit": "seconds", 60 "spans": 6, 61 "metricName": "my_app_duration_seconds", 62 "dataType": "histogram", 63 "aggregations": [ 64 { 65 "label": "id", 66 "displayName": "ID" 67 } 68 ] 69 } 70 } 71 ] 72 } 73 } 74 ] 75 spec: 76 version: 1.4.2 77 maturity: stable 78 replaces: kiali-operator.v1.3.1 79 displayName: Kiali Operator 80 description: |- 81 A Microservice Architecture breaks up the monolith into many smaller pieces that are composed together. Patterns to secure the communication between services like fault tolerance (via timeout, retry, circuit breaking, etc.) have come up as well as distributed tracing to be able to see where calls are going. 82 83 A service mesh can now provide these services on a platform level and frees the application writers from those tasks. Routing decisions are done at the mesh level. 84 85 Kiali works with Istio, in OpenShift or Kubernetes, to visualize the service mesh topology, to provide visibility into features like circuit breakers, request rates and more. It offers insights about the mesh components at different levels, from abstract Applications to Services and Workloads. 86 87 See [https://www.kiali.io](https://www.kiali.io) to read more. 88 89 ### Prerequisites 90 91 Today Kiali works with Istio. So before you install Kiali, you must have already installed Istio. Note that Istio can come pre-bundled with Kiali (specifically if you installed the Istio demo helm profile or if you installed Istio with the helm option '--set kiali.enabled=true'). If you already have the pre-bundled Kiali in your Istio environment and you want to install Kiali via the Kiali Operator, uninstall the pre-bundled Kiali first. You can do this via this command: 92 93 kubectl delete --ignore-not-found=true all,secrets,sa,templates,configmaps,deployments,clusterroles,clusterrolebindings,ingresses,customresourcedefinitions --selector="app=kiali" -n istio-system 94 95 When you install Kiali in a non-OpenShift Kubernetes environment, the authentication strategy will default to `login`. When using the authentication strategy of `login`, you are required to create a Kubernetes Secret with a `username` and `passphrase` that you want users to provide in order to successfully log into Kiali. Here is an example command you can execute to create such a secret (with a username of `admin` and a passphrase of `admin`): 96 97 kubectl create secret generic kiali -n istio-system --from-literal "username=admin" --from-literal "passphrase=admin" 98 99 ### Kiali Custom Resource Configuration Settings 100 101 For quick descriptions of all the settings you can configure in the Kiali Custom Resource (CR), see the file [kiali_cr.yaml](https://github.com/kiali/kiali/blob/v1.4.2/operator/deploy/kiali/kiali_cr.yaml) 102 103 ### Accessing the UI 104 105 By default, the Kiali operator exposes the Kiali UI as a Route on OpenShift or Ingress on Kubernetes. 106 On OpenShift, the default root context path is '/' and on Kubernetes it is '/kiali' though you can change this by configuring the 'web_root' setting in the Kiali CR. 107 icon: 108 - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIyLjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgoJIHZpZXdCb3g9IjAgMCAxMjgwIDEyODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDEyODAgMTI4MDsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMwMTMxNDQ7fQoJLnN0MXtmaWxsOiMwMDkzREQ7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04MTAuOSwxODAuOWMtMjUzLjYsMC00NTkuMSwyMDUuNS00NTkuMSw0NTkuMXMyMDUuNSw0NTkuMSw0NTkuMSw0NTkuMVMxMjcwLDg5My42LDEyNzAsNjQwCgkJUzEwNjQuNSwxODAuOSw4MTAuOSwxODAuOXogTTgxMC45LDEwMjkuMmMtMjE1LDAtMzg5LjItMTc0LjMtMzg5LjItMzg5LjJjMC0yMTUsMTc0LjMtMzg5LjIsMzg5LjItMzg5LjJTMTIwMC4xLDQyNSwxMjAwLjEsNjQwCgkJUzEwMjUuOSwxMDI5LjIsODEwLjksMTAyOS4yeiIvPgoJPHBhdGggY2xhc3M9InN0MSIgZD0iTTY1My4zLDI4NGMtMTM2LjQsNjAuNS0yMzEuNiwxOTcuMS0yMzEuNiwzNTZjMCwxNTguOCw5NS4yLDI5NS41LDIzMS42LDM1NmM5OC40LTg3LjEsMTYwLjQtMjE0LjMsMTYwLjQtMzU2CgkJQzgxMy43LDQ5OC4zLDc1MS42LDM3MS4xLDY1My4zLDI4NHoiLz4KCTxwYXRoIGNsYXNzPSJzdDEiIGQ9Ik0zNTEuOCw2NDBjMC0xMDkuOCwzOC42LTIxMC41LDEwMi44LTI4OS41Yy0zOS42LTE4LjItODMuNi0yOC4zLTEzMC0yOC4zQzE1MC45LDMyMi4yLDEwLDQ2NC41LDEwLDY0MAoJCXMxNDAuOSwzMTcuOCwzMTQuNiwzMTcuOGM0Ni4zLDAsOTAuNC0xMC4xLDEzMC0yOC4zQzM5MC4zLDg1MC41LDM1MS44LDc0OS44LDM1MS44LDY0MHoiLz4KPC9nPgo8L3N2Zz4K 109 mediatype: image/svg+xml 110 keywords: ['service-mesh', 'observability', 'monitoring', 'maistra', 'istio'] 111 maintainers: 112 - name: Kiali Developers Google Group 113 email: kiali-dev@googlegroups.com 114 provider: 115 name: Kiali 116 labels: 117 name: kiali-operator 118 selector: 119 matchLabels: 120 name: kiali-operator 121 links: 122 - name: Getting Started Guide 123 url: https://www.kiali.io/documentation/getting-started/ 124 - name: Features 125 url: https://www.kiali.io/documentation/features 126 - name: Documentation Home 127 url: https://www.kiali.io/documentation 128 - name: Blogs and Articles 129 url: https://medium.com/kialiproject 130 - name: Server Source Code 131 url: https://github.com/kiali/kiali 132 - name: UI Source Code 133 url: https://github.com/kiali/kiali-ui 134 installModes: 135 - type: OwnNamespace 136 supported: true 137 - type: SingleNamespace 138 supported: true 139 - type: MultiNamespace 140 supported: false 141 - type: AllNamespaces 142 supported: true 143 customresourcedefinitions: 144 owned: 145 - name: kialis.kiali.io 146 group: kiali.io 147 description: A configuration file for a Kiali installation. 148 displayName: Kiali 149 kind: Kiali 150 version: v1alpha1 151 resources: 152 - kind: Deployment 153 version: apps/v1 154 - kind: Pod 155 version: v1 156 - kind: Service 157 version: v1 158 - kind: ConfigMap 159 version: v1 160 - kind: OAuthClient 161 version: oauth.openshift.io/v1 162 - kind: Route 163 version: route.openshift.io/v1 164 - kind: Ingress 165 version: extensions/v1beta1 166 specDescriptors: 167 - displayName: Authentication Strategy 168 description: "Determines how a user is to log into Kiali. Choose 'login' to use a username and passphrase as defined in a Secret. Choose 'anonymous' to allow full access to Kiali without requiring credentials (use this at your own risk). Choose 'openshift' if on OpenShift to use the OpenShift OAuth login which controls access based on the individual's OpenShift RBAC roles. Default: openshift (when deployed in OpenShift); login (when deployed in Kubernetes)" 169 path: auth.strategy 170 x-descriptors: 171 - 'urn:alm:descriptor:com.tectonic.ui:label' 172 - displayName: Kiali Namespace 173 description: "The namespace where Kiali and its associated resources will be created. Default: istio-system" 174 path: deployment.namespace 175 x-descriptors: 176 - 'urn:alm:descriptor:com.tectonic.ui:label' 177 - displayName: Secret Name 178 description: "If Kiali is configured with auth.strategy 'login', an admin must create a Secret with credentials ('username' and 'passphrase') which will be used to authenticate users logging into Kiali. This setting defines the name of that secret. Default: kiali" 179 path: deployment.secret_name 180 x-descriptors: 181 - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret' 182 - displayName: Verbose Mode 183 description: "Determines the priority levels of log messages Kiali will output. Typical values are '3' for INFO and higher priority messages, '4' for DEBUG and higher priority messages (this makes the logs more noisy). Default: 3" 184 path: deployment.verbose_mode 185 x-descriptors: 186 - 'urn:alm:descriptor:com.tectonic.ui:label' 187 - displayName: View Only Mode 188 description: "When true, Kiali will be in 'view only' mode, allowing the user to view and retrieve management and monitoring data for the service mesh, but not allow the user to modify the service mesh. Default: false" 189 path: deployment.view_only_mode 190 x-descriptors: 191 - 'urn:alm:descriptor:com.tectonic.ui:booleanSwitch' 192 - displayName: Web Root 193 description: "Defines the root context path for the Kiali console, API endpoints and readiness/liveness probes. Default: / (when deployed on OpenShift; /kiali (when deployed on Kubernetes)" 194 path: server.web_root 195 x-descriptors: 196 - 'urn:alm:descriptor:com.tectonic.ui:label' 197 - name: monitoringdashboards.monitoring.kiali.io 198 group: monitoring.kiali.io 199 description: A configuration file for defining an individual metric dashboard. 200 displayName: Monitoring Dashboard 201 kind: MonitoringDashboard 202 version: v1alpha1 203 resources: [] 204 specDescriptors: 205 - displayName: Title 206 description: "The title of the dashboard." 207 path: title 208 x-descriptors: 209 - 'urn:alm:descriptor:com.tectonic.ui:label' 210 apiservicedefinitions: {} 211 install: 212 strategy: deployment 213 spec: 214 deployments: 215 - name: kiali-operator 216 spec: 217 replicas: 1 218 selector: 219 matchLabels: 220 app: kiali-operator 221 template: 222 metadata: 223 name: kiali-operator 224 labels: 225 app: kiali-operator 226 version: v1.4.2 227 spec: 228 serviceAccountName: kiali-operator 229 containers: 230 - name: ansible 231 command: 232 - /usr/local/bin/ao-logs 233 - /tmp/ansible-operator/runner 234 - stdout 235 image: quay.io/kiali/kiali-operator:v1.4.2 236 imagePullPolicy: "IfNotPresent" 237 volumeMounts: 238 - mountPath: /tmp/ansible-operator/runner 239 name: runner 240 readOnly: true 241 - name: operator 242 image: quay.io/kiali/kiali-operator:v1.4.2 243 imagePullPolicy: "IfNotPresent" 244 volumeMounts: 245 - mountPath: /tmp/ansible-operator/runner 246 name: runner 247 env: 248 - name: WATCH_NAMESPACE 249 valueFrom: 250 fieldRef: 251 fieldPath: metadata.annotations['olm.targetNamespaces'] 252 - name: POD_NAME 253 valueFrom: 254 fieldRef: 255 fieldPath: metadata.name 256 - name: OPERATOR_NAME 257 value: "kiali-operator" 258 volumes: 259 - name: runner 260 emptyDir: {} 261 clusterPermissions: 262 - rules: 263 - apiGroups: [""] 264 resources: 265 - configmaps 266 - endpoints 267 - events 268 - persistentvolumeclaims 269 - pods 270 - serviceaccounts 271 - services 272 verbs: 273 - create 274 - delete 275 - get 276 - list 277 - patch 278 - update 279 - watch 280 - apiGroups: [""] 281 resources: 282 - namespaces 283 verbs: 284 - get 285 - list 286 - patch 287 - apiGroups: ["apps"] 288 resources: 289 - deployments 290 - replicasets 291 verbs: 292 - create 293 - delete 294 - get 295 - list 296 - patch 297 - update 298 - watch 299 - apiGroups: ["monitoring.coreos.com"] 300 resources: 301 - servicemonitors 302 verbs: 303 - create 304 - get 305 - apiGroups: ["apps"] 306 resourceNames: 307 - kiali-operator 308 resources: 309 - deployments/finalizers 310 verbs: 311 - update 312 - apiGroups: ["kiali.io"] 313 resources: 314 - '*' 315 verbs: 316 - create 317 - delete 318 - get 319 - list 320 - patch 321 - update 322 - watch 323 - apiGroups: ["rbac.authorization.k8s.io"] 324 resources: 325 - clusterrolebindings 326 - clusterroles 327 - rolebindings 328 - roles 329 verbs: 330 - create 331 - delete 332 - get 333 - list 334 - patch 335 - update 336 - watch 337 - apiGroups: ["apiextensions.k8s.io"] 338 resources: 339 - customresourcedefinitions 340 verbs: 341 - get 342 - list 343 - watch 344 - apiGroups: ["extensions"] 345 resources: 346 - ingresses 347 verbs: 348 - create 349 - delete 350 - get 351 - list 352 - patch 353 - update 354 - watch 355 - apiGroups: ["route.openshift.io"] 356 resources: 357 - routes 358 verbs: 359 - create 360 - delete 361 - get 362 - list 363 - patch 364 - update 365 - watch 366 - apiGroups: ["oauth.openshift.io"] 367 resources: 368 - oauthclients 369 verbs: 370 - create 371 - delete 372 - get 373 - list 374 - patch 375 - update 376 - watch 377 - apiGroups: ["monitoring.kiali.io"] 378 resources: 379 - monitoringdashboards 380 verbs: 381 - create 382 - delete 383 - get 384 - list 385 - patch 386 - update 387 - watch 388 # The permissions below are for Kiali itself; operator needs these so it can escalate when creating Kiali's roles 389 - apiGroups: [""] 390 resources: 391 - configmaps 392 - endpoints 393 - namespaces 394 - nodes 395 - pods 396 - pods/log 397 - replicationcontrollers 398 - services 399 verbs: 400 - get 401 - list 402 - watch 403 - apiGroups: ["extensions", "apps"] 404 resources: 405 - deployments 406 - replicasets 407 - statefulsets 408 verbs: 409 - get 410 - list 411 - watch 412 - apiGroups: ["autoscaling"] 413 resources: 414 - horizontalpodautoscalers 415 verbs: 416 - get 417 - list 418 - watch 419 - apiGroups: ["batch"] 420 resources: 421 - cronjobs 422 - jobs 423 verbs: 424 - get 425 - list 426 - watch 427 - apiGroups: ["config.istio.io"] 428 resources: 429 - adapters 430 - apikeys 431 - bypasses 432 - authorizations 433 - checknothings 434 - circonuses 435 - cloudwatches 436 - deniers 437 - dogstatsds 438 - edges 439 - fluentds 440 - handlers 441 - instances 442 - kubernetesenvs 443 - kuberneteses 444 - listcheckers 445 - listentries 446 - logentries 447 - memquotas 448 - metrics 449 - noops 450 - opas 451 - prometheuses 452 - quotas 453 - quotaspecbindings 454 - quotaspecs 455 - rbacs 456 - redisquotas 457 - reportnothings 458 - rules 459 - signalfxs 460 - solarwindses 461 - stackdrivers 462 - statsds 463 - stdios 464 - templates 465 - tracespans 466 - zipkins 467 verbs: 468 - create 469 - delete 470 - get 471 - list 472 - patch 473 - watch 474 - apiGroups: ["networking.istio.io"] 475 resources: 476 - destinationrules 477 - gateways 478 - serviceentries 479 - sidecars 480 - virtualservices 481 verbs: 482 - create 483 - delete 484 - get 485 - list 486 - patch 487 - watch 488 - apiGroups: ["authentication.istio.io"] 489 resources: 490 - meshpolicies 491 - policies 492 verbs: 493 - create 494 - delete 495 - get 496 - list 497 - patch 498 - watch 499 - apiGroups: ["rbac.istio.io"] 500 resources: 501 - clusterrbacconfigs 502 - rbacconfigs 503 - servicerolebindings 504 - serviceroles 505 verbs: 506 - create 507 - delete 508 - get 509 - list 510 - patch 511 - watch 512 - apiGroups: ["authentication.maistra.io"] 513 resources: 514 - servicemeshpolicies 515 verbs: 516 - create 517 - delete 518 - get 519 - list 520 - patch 521 - watch 522 - apiGroups: ["rbac.maistra.io"] 523 resources: 524 - servicemeshrbacconfigs 525 verbs: 526 - create 527 - delete 528 - get 529 - list 530 - patch 531 - watch 532 - apiGroups: ["apps.openshift.io"] 533 resources: 534 - deploymentconfigs 535 verbs: 536 - get 537 - list 538 - watch 539 - apiGroups: ["project.openshift.io"] 540 resources: 541 - projects 542 verbs: 543 - get 544 - apiGroups: ["route.openshift.io"] 545 resources: 546 - routes 547 verbs: 548 - get 549 - apiGroups: ["monitoring.kiali.io"] 550 resources: 551 - monitoringdashboards 552 verbs: 553 - get 554 - list 555 serviceAccountName: kiali-operator