--- # Source: kiali-server/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: kiali namespace: istio-system labels: helm.sh/chart: kiali-server-1.45.0 app: kiali app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali version: "v1.45.0" app.kubernetes.io/version: "v1.45.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: "kiali" ... --- # Source: kiali-server/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: kiali namespace: istio-system labels: helm.sh/chart: kiali-server-1.45.0 app: kiali app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali version: "v1.45.0" app.kubernetes.io/version: "v1.45.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: "kiali" data: config.yaml: | auth: openid: {} openshift: client_id_prefix: kiali strategy: anonymous deployment: accessible_namespaces: - '**' additional_service_yaml: {} affinity: node: {} pod: {} pod_anti: {} custom_secrets: [] host_aliases: [] hpa: api_version: autoscaling/v2beta2 spec: {} image_digest: "" image_name: quay.io/kiali/kiali image_pull_policy: Always image_pull_secrets: [] image_version: v1.45 ingress: additional_labels: {} class_name: nginx override_yaml: metadata: {} ingress_enabled: false instance_name: kiali logger: log_format: text log_level: info sampler_rate: "1" time_field_format: 2006-01-02T15:04:05Z07:00 namespace: istio-system node_selector: {} pod_annotations: {} pod_labels: sidecar.istio.io/inject: "false" priority_class_name: "" replicas: 1 resources: limits: memory: 1Gi requests: cpu: 10m memory: 64Mi secret_name: kiali service_annotations: {} service_type: "" tolerations: [] version_label: v1.45.0 view_only_mode: false external_services: custom_dashboards: enabled: true istio: root_namespace: istio-system identity: cert_file: "" private_key_file: "" istio_namespace: istio-system kiali_feature_flags: certificates_information_indicators: enabled: true secrets: - cacerts - istio-ca-secret clustering: enabled: true login_token: signing_key: CHANGEME server: metrics_enabled: true metrics_port: 9090 port: 20001 web_root: /kiali ... --- # Source: kiali-server/templates/role-viewer.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kiali-viewer labels: helm.sh/chart: kiali-server-1.45.0 app: kiali app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali version: "v1.45.0" app.kubernetes.io/version: "v1.45.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: "kiali" rules: - apiGroups: [""] resources: - configmaps - endpoints - pods/log verbs: - get - list - watch - apiGroups: [""] resources: - namespaces - pods - replicationcontrollers - services verbs: - get - list - watch - apiGroups: [""] resources: - pods/portforward verbs: - create - post - apiGroups: ["extensions", "apps"] resources: - daemonsets - deployments - replicasets - statefulsets verbs: - get - list - watch - apiGroups: ["batch"] resources: - cronjobs - jobs verbs: - get - list - watch - apiGroups: - networking.istio.io - security.istio.io resources: ["*"] verbs: - get - list - watch - apiGroups: ["apps.openshift.io"] resources: - deploymentconfigs verbs: - get - list - watch - apiGroups: ["project.openshift.io"] resources: - projects verbs: - get - apiGroups: ["route.openshift.io"] resources: - routes verbs: - get - apiGroups: ["iter8.tools"] resources: - experiments verbs: - get - list - watch - apiGroups: ["authentication.k8s.io"] resources: - tokenreviews verbs: - create ... --- # Source: kiali-server/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kiali labels: helm.sh/chart: kiali-server-1.45.0 app: kiali app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali version: "v1.45.0" app.kubernetes.io/version: "v1.45.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: "kiali" rules: - apiGroups: [""] resources: - configmaps - endpoints - pods/log verbs: - get - list - watch - apiGroups: [""] resources: - namespaces - pods - replicationcontrollers - services verbs: - get - list - watch - patch - apiGroups: [""] resources: - pods/portforward verbs: - create - post - apiGroups: ["extensions", "apps"] resources: - daemonsets - deployments - replicasets - statefulsets verbs: - get - list - watch - patch - apiGroups: ["batch"] resources: - cronjobs - jobs verbs: - get - list - watch - patch - apiGroups: - networking.istio.io - security.istio.io resources: ["*"] verbs: - get - list - watch - create - delete - patch - apiGroups: ["apps.openshift.io"] resources: - deploymentconfigs verbs: - get - list - watch - patch - apiGroups: ["project.openshift.io"] resources: - projects verbs: - get - apiGroups: ["route.openshift.io"] resources: - routes verbs: - get - apiGroups: ["iter8.tools"] resources: - experiments verbs: - get - list - watch - create - delete - patch - apiGroups: ["authentication.k8s.io"] resources: - tokenreviews verbs: - create ... --- # Source: kiali-server/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kiali labels: helm.sh/chart: kiali-server-1.45.0 app: kiali app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali version: "v1.45.0" app.kubernetes.io/version: "v1.45.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: "kiali" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kiali subjects: - kind: ServiceAccount name: kiali namespace: istio-system ... --- # Source: kiali-server/templates/role-controlplane.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: kiali-controlplane namespace: istio-system labels: helm.sh/chart: kiali-server-1.45.0 app: kiali app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali version: "v1.45.0" app.kubernetes.io/version: "v1.45.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: "kiali" rules: - apiGroups: [""] resources: - secrets verbs: - list - apiGroups: [""] resourceNames: - cacerts - istio-ca-secret resources: - secrets verbs: - get - list - watch ... --- # Source: kiali-server/templates/rolebinding-controlplane.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kiali-controlplane namespace: istio-system labels: helm.sh/chart: kiali-server-1.45.0 app: kiali app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali version: "v1.45.0" app.kubernetes.io/version: "v1.45.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: "kiali" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kiali-controlplane subjects: - kind: ServiceAccount name: kiali namespace: istio-system ... --- # Source: kiali-server/templates/service.yaml apiVersion: v1 kind: Service metadata: name: kiali namespace: istio-system labels: helm.sh/chart: kiali-server-1.45.0 app: kiali app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali version: "v1.45.0" app.kubernetes.io/version: "v1.45.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: "kiali" annotations: spec: ports: - name: http protocol: TCP port: 20001 - name: http-metrics protocol: TCP port: 9090 selector: app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali ... --- # Source: kiali-server/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: kiali namespace: istio-system labels: helm.sh/chart: kiali-server-1.45.0 app: kiali app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali version: "v1.45.0" app.kubernetes.io/version: "v1.45.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: "kiali" spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: name: kiali labels: helm.sh/chart: kiali-server-1.45.0 app: kiali app.kubernetes.io/name: kiali app.kubernetes.io/instance: kiali version: "v1.45.0" app.kubernetes.io/version: "v1.45.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: "kiali" sidecar.istio.io/inject: "false" annotations: checksum/config: 0b7a16e51830df3ef2ff816eb3d43341a23c822b38fea95050b3707ba2ca119e prometheus.io/scrape: "true" prometheus.io/port: "9090" kiali.io/dashboards: go,kiali spec: serviceAccountName: kiali containers: - image: "quay.io/kiali/kiali:v1.45" imagePullPolicy: Always name: kiali command: - "/opt/kiali/kiali" - "-config" - "/kiali-configuration/config.yaml" securityContext: allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: true runAsNonRoot: true ports: - name: api-port containerPort: 20001 - name: http-metrics containerPort: 9090 readinessProbe: httpGet: path: /kiali/healthz port: api-port scheme: HTTP initialDelaySeconds: 5 periodSeconds: 30 livenessProbe: httpGet: path: /kiali/healthz port: api-port scheme: HTTP initialDelaySeconds: 5 periodSeconds: 30 env: - name: ACTIVE_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: LOG_LEVEL value: "info" - name: LOG_FORMAT value: "text" - name: LOG_TIME_FIELD_FORMAT value: "2006-01-02T15:04:05Z07:00" - name: LOG_SAMPLER_RATE value: "1" volumeMounts: - name: kiali-configuration mountPath: "/kiali-configuration" - name: kiali-cert mountPath: "/kiali-cert" - name: kiali-secret mountPath: "/kiali-secret" - name: kiali-cabundle mountPath: "/kiali-cabundle" resources: limits: memory: 1Gi requests: cpu: 10m memory: 64Mi volumes: - name: kiali-configuration configMap: name: kiali - name: kiali-cert secret: secretName: istio.kiali-service-account optional: true - name: kiali-secret secret: secretName: kiali optional: true - name: kiali-cabundle configMap: name: kiali-cabundle optional: true ...