github.com/operator-framework/operator-lifecycle-manager@v0.30.0/test/e2e/data/kiali-manifests/0.18.1/kiali.v0.18.1.clusterserviceversion.yaml (about) 1 apiVersion: operators.coreos.com/v1alpha1 2 kind: ClusterServiceVersion 3 metadata: 4 name: kiali-operator.v0.18.1 5 namespace: placeholder 6 annotations: 7 categories: Monitoring,Logging & Tracing 8 certified: "false" 9 containerImage: quay.io/kiali/kiali-operator:v0.18.1 10 capabilities: Basic Install 11 support: Kiali 12 description: "Kiali project provides answers to the questions: What microservices are part of my Istio service mesh and how are they connected?" 13 repository: https://github.com/kiali/kiali 14 createdAt: 2019-04-10T23:00:00Z 15 alm-examples: |- 16 [ 17 { 18 "apiVersion": "kiali.io/v1alpha1", 19 "kind": "Kiali", 20 "metadata": { 21 "name": "kiali" 22 }, 23 "spec": { 24 "installation_tag": "My Kiali", 25 "deployment": { 26 "view_only_mode": true 27 }, 28 "external_services": { 29 "grafana": { 30 "url": "http://my-grafana-location" 31 }, 32 "jaeger": { 33 "url": "http://my-jaeger-location" 34 }, 35 "prometheus": { 36 "url": "http://my-prometheus-location" 37 } 38 }, 39 "server": { 40 "web_root": "/mykiali" 41 } 42 } 43 } 44 ] 45 spec: 46 version: 0.18.1 47 maturity: alpha 48 displayName: Kiali Operator 49 description: |- 50 A Microservice Architecture breaks up the monolith into many smaller pieces that are composed together. Patterns to secure the communication between services like fault tolerance (via timeout, retry, circuit breaking, etc.) have come up as well as distributed tracing to be able to see where calls are going. 51 52 A service mesh can now provide these services on a platform level and frees the application writers from those tasks. Routing decisions are done at the mesh level. 53 54 Kiali works with Istio, in OpenShift or Kubernetes, to visualize the service mesh topology, to provide visibility into features like circuit breakers, request rates and more. It offers insights about the mesh components at different levels, from abstract Applications to Services and Workloads. 55 56 See https://www.kiali.io to read more. 57 58 ### Prerequisites 59 60 Today Kiali works with Istio. So before you install Kiali, you must have already installed Istio. Note that Istio can come pre-bundled with Kiali (specifically if you installed the Istio demo helm profile or if you installed Istio with the helm option '--set kiali.enabled=true'). If you already have the pre-bundled Kiali in your Istio environment and you want to install Kiali via the Kiali Operator, uninstall the pre-bundled Kiali first. You can do this via this command: 61 62 kubectl delete --ignore-not-found=true all,secrets,sa,templates,configmaps,deployments,clusterroles,clusterrolebindings,ingresses,customresourcedefinitions --selector="app=kiali" -n istio-system 63 64 When you install Kiali in a non-OpenShift Kubernetes environment, the authentication strategy will default to `login`. When using the authentication strategy of `login`, you are required to create a Kubernetes Secret with a `username` and `passphrase` that you want users to provide in order to successfully log into Kiali. Here is an example command you can execute to create such a secret (with a username of `admin` and a passphrase of `admin`): 65 66 kubectl create secret generic kiali -n istio-system --from-literal "username=admin" --from-literal "passphrase=admin" 67 68 ### Kiali Custom Resource Configuration Settings 69 70 For quick descriptions of all the settings you can configure in the Kiali Custom Resource (CR), see the file [kiali_cr.yaml](https://github.com/kiali/kiali/blob/master/operator/deploy/kiali/kiali_cr.yaml) 71 72 ### Accessing the UI 73 74 By default, the Kiali operator exposes the Kiali UI as a Route on OpenShift or Ingress on Kubernetes. 75 On OpenShift, the default root context path is '/' and on Kubernetes it is '/kiali' though you can change this by configuring the 'web_root' setting in the Kiali CR. 76 icon: 77 - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIyLjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgoJIHZpZXdCb3g9IjAgMCAxMjgwIDEyODAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDEyODAgMTI4MDsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMwMTMxNDQ7fQoJLnN0MXtmaWxsOiMwMDkzREQ7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04MTAuOSwxODAuOWMtMjUzLjYsMC00NTkuMSwyMDUuNS00NTkuMSw0NTkuMXMyMDUuNSw0NTkuMSw0NTkuMSw0NTkuMVMxMjcwLDg5My42LDEyNzAsNjQwCgkJUzEwNjQuNSwxODAuOSw4MTAuOSwxODAuOXogTTgxMC45LDEwMjkuMmMtMjE1LDAtMzg5LjItMTc0LjMtMzg5LjItMzg5LjJjMC0yMTUsMTc0LjMtMzg5LjIsMzg5LjItMzg5LjJTMTIwMC4xLDQyNSwxMjAwLjEsNjQwCgkJUzEwMjUuOSwxMDI5LjIsODEwLjksMTAyOS4yeiIvPgoJPHBhdGggY2xhc3M9InN0MSIgZD0iTTY1My4zLDI4NGMtMTM2LjQsNjAuNS0yMzEuNiwxOTcuMS0yMzEuNiwzNTZjMCwxNTguOCw5NS4yLDI5NS41LDIzMS42LDM1NmM5OC40LTg3LjEsMTYwLjQtMjE0LjMsMTYwLjQtMzU2CgkJQzgxMy43LDQ5OC4zLDc1MS42LDM3MS4xLDY1My4zLDI4NHoiLz4KCTxwYXRoIGNsYXNzPSJzdDEiIGQ9Ik0zNTEuOCw2NDBjMC0xMDkuOCwzOC42LTIxMC41LDEwMi44LTI4OS41Yy0zOS42LTE4LjItODMuNi0yOC4zLTEzMC0yOC4zQzE1MC45LDMyMi4yLDEwLDQ2NC41LDEwLDY0MAoJCXMxNDAuOSwzMTcuOCwzMTQuNiwzMTcuOGM0Ni4zLDAsOTAuNC0xMC4xLDEzMC0yOC4zQzM5MC4zLDg1MC41LDM1MS44LDc0OS44LDM1MS44LDY0MHoiLz4KPC9nPgo8L3N2Zz4K 78 mediatype: image/svg+xml 79 keywords: ['service-mesh', 'observability', 'monitoring', 'maistra', 'istio'] 80 maintainers: 81 - name: Kiali Developers Google Group 82 email: kiali-dev@googlegroups.com 83 provider: 84 name: Kiali 85 labels: 86 name: kiali-operator 87 selector: 88 matchLabels: 89 name: kiali-operator 90 links: 91 - name: Getting Started Guide 92 url: https://www.kiali.io/gettingstarted 93 - name: Features 94 url: https://www.kiali.io/features 95 - name: Documentation Home 96 url: https://www.kiali.io/documentation 97 - name: Blogs and Articles 98 url: https://medium.com/kialiproject 99 - name: Server Source Code 100 url: https://github.com/kiali/kiali 101 - name: UI Source Code 102 url: https://github.com/kiali/kiali-ui 103 installModes: 104 - type: OwnNamespace 105 supported: true 106 - type: SingleNamespace 107 supported: true 108 - type: MultiNamespace 109 supported: false 110 - type: AllNamespaces 111 supported: false 112 customresourcedefinitions: 113 owned: 114 - name: kialis.kiali.io 115 group: kiali.io 116 description: A configuration file for a Kiali installation. 117 displayName: Kiali 118 kind: Kiali 119 version: v1alpha1 120 resources: 121 - kind: Deployment 122 version: apps/v1 123 - kind: Pod 124 version: v1 125 - kind: Service 126 version: v1 127 - kind: ConfigMap 128 version: v1 129 - kind: OAuthClient 130 version: oauth.openshift.io/v1 131 - kind: Route 132 version: route.openshift.io/v1 133 - kind: Ingress 134 version: extensions/v1beta1 135 specDescriptors: 136 - displayName: Authentication Strategy 137 description: "Determines how a user is to log into Kiali. Choose 'login' to use a username and passphrase as defined in a Secret. Choose 'anonymous' to allow full access to Kiali without requiring credentials (use this at your own risk). Choose 'openshift' if on OpenShift to use the OpenShift OAuth login which controls access based on the individual's OpenShift RBAC roles. Default: openshift (when deployed in OpenShift); login (when deployed in Kubernetes)" 138 path: auth.strategy 139 x-descriptors: 140 - 'urn:alm:descriptor:com.tectonic.ui:label' 141 - displayName: Secret Name 142 description: "If Kiali is configured with auth.strategy 'login', an admin must create a Secret with credentials ('username' and 'passphrase') which will be used to authenticate users logging into Kiali. This setting defines the name of that secret. Default: kiali" 143 path: deployment.secret_name 144 x-descriptors: 145 - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret' 146 - displayName: Verbose Mode 147 description: "Determines the priority levels of log messages Kiali will output. Typical values are '3' for INFO and higher priority messages, '4' for DEBUG and higher priority messages (this makes the logs more noisy). Default: 3" 148 path: deployment.verbose_mode 149 x-descriptors: 150 - 'urn:alm:descriptor:com.tectonic.ui:label' 151 - displayName: View Only Mode 152 description: "When true, Kiali will be in 'view only' mode, allowing the user to view and retrieve management and monitoring data for the service mesh, but not allow the user to modify the service mesh. Default: false" 153 path: deployment.view_only_mode 154 x-descriptors: 155 - 'urn:alm:descriptor:com.tectonic.ui:booleanSwitch' 156 - displayName: Web Root 157 description: "Defines the root context path for the Kiali console, API endpoints and readiness/liveness probes. Default: / (when deployed on OpenShift; /kiali (when deployed on Kubernetes)" 158 path: server.web_root 159 x-descriptors: 160 - 'urn:alm:descriptor:com.tectonic.ui:label' 161 apiservicedefinitions: {} 162 install: 163 strategy: deployment 164 spec: 165 deployments: 166 - name: kiali-operator 167 spec: 168 replicas: 1 169 selector: 170 matchLabels: 171 app: kiali-operator 172 version: v0.18.1 173 template: 174 metadata: 175 name: kiali-operator 176 labels: 177 app: kiali-operator 178 version: v0.18.1 179 spec: 180 serviceAccountName: kiali-operator 181 containers: 182 - name: ansible 183 command: 184 - /usr/local/bin/ao-logs 185 - /tmp/ansible-operator/runner 186 - stdout 187 image: quay.io/kiali/kiali-operator:v0.18.1 188 imagePullPolicy: "IfNotPresent" 189 volumeMounts: 190 - mountPath: /tmp/ansible-operator/runner 191 name: runner 192 readOnly: true 193 - name: operator 194 image: quay.io/kiali/kiali-operator:v0.18.1 195 imagePullPolicy: "IfNotPresent" 196 volumeMounts: 197 - mountPath: /tmp/ansible-operator/runner 198 name: runner 199 env: 200 - name: WATCH_NAMESPACE 201 valueFrom: 202 fieldRef: 203 fieldPath: metadata.annotations['olm.targetNamespaces'] 204 - name: POD_NAME 205 valueFrom: 206 fieldRef: 207 fieldPath: metadata.name 208 - name: OPERATOR_NAME 209 value: "kiali-operator" 210 volumes: 211 - name: runner 212 emptyDir: {} 213 clusterPermissions: 214 - rules: 215 - apiGroups: [""] 216 resources: 217 - configmaps 218 - endpoints 219 - events 220 - persistentvolumeclaims 221 - pods 222 - serviceaccounts 223 - services 224 verbs: 225 - create 226 - delete 227 - get 228 - list 229 - patch 230 - update 231 - watch 232 - apiGroups: ["apps"] 233 resources: 234 - deployments 235 - replicasets 236 verbs: 237 - create 238 - delete 239 - get 240 - list 241 - patch 242 - update 243 - watch 244 - apiGroups: ["monitoring.coreos.com"] 245 resources: 246 - servicemonitors 247 verbs: 248 - create 249 - get 250 - apiGroups: ["apps"] 251 resourceNames: 252 - kiali-operator 253 resources: 254 - deployments/finalizers 255 verbs: 256 - update 257 - apiGroups: ["kiali.io"] 258 resources: 259 - '*' 260 verbs: 261 - create 262 - delete 263 - get 264 - list 265 - patch 266 - update 267 - watch 268 - apiGroups: ["rbac.authorization.k8s.io"] 269 resources: 270 - clusterrolebindings 271 - clusterroles 272 verbs: 273 - create 274 - delete 275 - get 276 - list 277 - patch 278 - update 279 - watch 280 - apiGroups: ["apiextensions.k8s.io"] 281 resources: 282 - customresourcedefinitions 283 verbs: 284 - create 285 - delete 286 - get 287 - list 288 - patch 289 - update 290 - watch 291 - apiGroups: ["extensions"] 292 resources: 293 - ingresses 294 verbs: 295 - create 296 - delete 297 - get 298 - list 299 - patch 300 - update 301 - watch 302 - apiGroups: ["route.openshift.io"] 303 resources: 304 - routes 305 verbs: 306 - create 307 - delete 308 - get 309 - list 310 - patch 311 - update 312 - watch 313 - apiGroups: ["oauth.openshift.io"] 314 resources: 315 - oauthclients 316 verbs: 317 - create 318 - delete 319 - get 320 - list 321 - patch 322 - update 323 - watch 324 - apiGroups: ["monitoring.kiali.io"] 325 resources: 326 - monitoringdashboards 327 verbs: 328 - create 329 - delete 330 - get 331 - list 332 - patch 333 - update 334 - watch 335 # The permissions below are for Kiali itself; operator needs these so it can escalate when creating Kiali's roles 336 - apiGroups: [""] 337 resources: 338 - configmaps 339 - endpoints 340 - namespaces 341 - nodes 342 - pods 343 - pods/log 344 - replicationcontrollers 345 - services 346 verbs: 347 - get 348 - list 349 - watch 350 - apiGroups: ["extensions", "apps"] 351 resources: 352 - deployments 353 - replicasets 354 - statefulsets 355 verbs: 356 - get 357 - list 358 - watch 359 - apiGroups: ["autoscaling"] 360 resources: 361 - horizontalpodautoscalers 362 verbs: 363 - get 364 - list 365 - watch 366 - apiGroups: ["batch"] 367 resources: 368 - cronjobs 369 - jobs 370 verbs: 371 - get 372 - list 373 - watch 374 - apiGroups: ["config.istio.io"] 375 resources: 376 - adapters 377 - apikeys 378 - bypasses 379 - authorizations 380 - checknothings 381 - circonuses 382 - cloudwatches 383 - deniers 384 - dogstatsds 385 - edges 386 - fluentds 387 - handlers 388 - instances 389 - kubernetesenvs 390 - kuberneteses 391 - listcheckers 392 - listentries 393 - logentries 394 - memquotas 395 - metrics 396 - noops 397 - opas 398 - prometheuses 399 - quotas 400 - quotaspecbindings 401 - quotaspecs 402 - rbacs 403 - redisquotas 404 - reportnothings 405 - rules 406 - signalfxs 407 - solarwindses 408 - stackdrivers 409 - statsds 410 - stdios 411 - templates 412 - tracespans 413 - zipkins 414 verbs: 415 - create 416 - delete 417 - get 418 - list 419 - patch 420 - watch 421 - apiGroups: ["networking.istio.io"] 422 resources: 423 - destinationrules 424 - gateways 425 - serviceentries 426 - virtualservices 427 verbs: 428 - create 429 - delete 430 - get 431 - list 432 - patch 433 - watch 434 - apiGroups: ["authentication.istio.io"] 435 resources: 436 - meshpolicies 437 - policies 438 verbs: 439 - create 440 - delete 441 - get 442 - list 443 - patch 444 - watch 445 - apiGroups: ["rbac.istio.io"] 446 resources: 447 - clusterrbacconfigs 448 - rbacconfigs 449 - servicerolebindings 450 - serviceroles 451 verbs: 452 - create 453 - delete 454 - get 455 - list 456 - patch 457 - watch 458 - apiGroups: ["apps.openshift.io"] 459 resources: 460 - deploymentconfigs 461 verbs: 462 - get 463 - list 464 - watch 465 - apiGroups: ["project.openshift.io"] 466 resources: 467 - projects 468 verbs: 469 - get 470 - apiGroups: ["route.openshift.io"] 471 resources: 472 - routes 473 verbs: 474 - get 475 - apiGroups: ["monitoring.kiali.io"] 476 resources: 477 - monitoringdashboards 478 verbs: 479 - get 480 - list 481 serviceAccountName: kiali-operator