This the multi-page printable view of this section. Click here to print.
Architecture and Terms
- 1: Architecture
- 2: Terminology
- 2.1: Concepts
- 2.2: Networking
1 - Architecture
Kiali is composed of two components: a back-end application running in the container application platform, and a user-facing front-end application. Kiali depends on external services and components provided by the container application platform and Istio.
The following diagram illustrates the components involved in Kiali and its interactions:
The back-end is the application that runs in the container application platform. It’s written in Go. The code can be found at kiali/kiali GitHub repository.
This is the component that communicates with Istio parts, retrieves and processes data, and exposes this data to the front-end.
The back-end doesn’t need storage. The back-end configuration is managed via the Kiali CR when Kiali is installed via the Kiali operator, or via a configmap when installed via Helm.
The front-end is a single page web application, built using Patternfly, React, Typescript and Redux. The code can be found at kiali/kiali-ui GitHub repository.
In a standard deployment, the back-end serves the front-end. Then, the front-end queries the Kiali back-end in order to get data and present it to the user.
There are limited options for personalization, the front-end is mainly stateless. Some data may be persisted, such as session credentials, but this data is stored in the browser and won’t be available in other browsers nor other devices.
Istio Service Mesh
Kiali is a management console for Istio, and as such, Istio is a requirement. It provides and controls the service mesh. Kiali and Istio are installed separately.
Kiali needs to retrieve Istio data and configurations, which are exposed through Prometheus and the cluster API. This is the reason the diagram shows a dashed line: to denote an indirect dependency.
Prometheus is an Istio dependency. When Istio telemetry is enabled, metrics data is stored in Prometheus. Kiali uses the data stored in Prometheus to figure out the mesh topology, show metrics, calculate health, show possible problems, etc.
Kiali communicates directly with Prometheus and assumes the metrics used by Istio Telemetery. It’s a hard dependency for Kiali, and many Kiali features will not work without it.
Currently, Kiali relies on Istio’s default metrics set. Make sure that these default metrics are always in place. Some metric customization is possible as long as the Kiali requirements are still met. For the current list of required metrics see this FAQ entry.
Kiali uses the API of the container application platform (cluster API) in order to fetch and resolve service mesh configurations.
Container application platforms where Kiali is known to work are OKD and Kubernetes. Kiali shoud also work on the derivatives of these platforms. If you want to learn the cluster API, check the OKD REST API reference and the Kubernetes API reference.
Kiali queries the cluster API to retrieve, for example, definitions for namespaces, services, deployments, pods, and other entities. Kiali also makes queries to resolve relationships between the different cluster entities.
The cluster API is also queried to retrieve Istio configurations like virtual services, destination rules, route rules, gateways, and quotas.
Jaeger is optional. When available, Kiali will be able to direct the user to Jaeger’s tracing data. If you need this feature, make sure Kiali is properly configured for Jaeger integration.
Tracing data will be available only if Istio’s distributed tracing is enabled.
Grafana is optional. When available, the metrics pages of Kiali will show a link to direct the user to the same metric in Grafana. If you need this feature, make sure Kiali is properly configured for Grafana integration.
Kiali has basic metric capabilities. It can show the default Istio metrics for workloads, apps and services. It allows to apply some groupings to the provided metrics and fetch metrics for different time ranges. However, Kiali doesn’t allow to customize the views nor customize the Prometheus queries. If you need these capabilities, you’ll want to install Grafana. Follow the Istio documentation to install Grafana if you need it.
2 - Terminology
2.1 - Concepts
Is a logical grouping of Workloads defined by the application labels that users apply to an object. In Istio it is defined by the Label App. See Istio Label Requirements.
It’s the name of the Application deployed in your environment. This name is provided by the Label App on the Workload.
A proxy that Istio starts for each pod in the service mesh. For more information see the Istio Envoy Documentation.
A health check performed by Envoy proxies, for inbound and outbound traffic: see membership_healthy and membership_total from Envoy documentation.
Istio object/configuration Type
This is the type specified in the Istio Config. This could be any of the following types: Gateway, Virtual Service, DestinationRule, ServiceEntry, Rule, Quota or QuotaSpecBinding.
For more information see the Istio Sidecar definition in Istio Sidecar Documentation.
It’s a user-created tag to identify a set of objects.
An empty label selector (that is, one with zero requirements) selects every object in the collection.
A null label selector (which is only possible for optional selector fields) selects no objects.
For example, Istio uses the Label App & Label Version on a Workload to specify the version and the application.
This is the ‘app’ label on an object. For more information, see Istio Label Requirements.
This is the ‘version’ label on an object. For more information, see Istio Label Requirements.
Namespaces are intended for use in environments with many users spread across multiple teams, or projects.
Namespaces are a way to divide cluster resources between multiple users.
A limited or fixed number or amount of resources.
Ensures that a specified number of pod replicas are running at any one time.
A Service is an abstraction which defines a logical set of Pods and a policy by which to access them. A Service is determined by a Label.
For more information see the Service Entry definition in Istio Service Entry Documentation.
For more information see the Virtual Service definition in Istio VirtualService Documentation.
For more information see the Istio Workload definition.
2.2 - Networking
For more information see the Destination definition in the Istio Glossary.
For more information see the Istio Destination Rule Documentation.
A communication endpoint is a type of communication network node. It is an interface exposed by a communicating party or by a communication channel.
It’s the percentage of errors in the traffic to a specific object for a Rate Interval.
For more information see the Gateway definition in the Istio Gateway Documentation.
Metrics on requests received by a given Workload, Service or Application.
Metrics on requests emitted by a given Workload or Application.
For more information see the Istio Port Documentation.
It’s an amount of time. By Default in Kiali last 10 minutes.
It’s an object that manages external access to the services in a cluster, typically HTTP.
For more information see the Source definition in the Istio Glossary.
For more information see the Istio Subset Documentation.