Kiali for ASM is a tool that is used to observe Alibaba Cloud Service Mesh (ASM) instances. This tool provides a GUI that allows you to view related services and configurations. Kiali for ASM is a built-in tool for ASM instances whose Istio version is 1.7.5.25 or later. This topic shows you how to enable Kiali for ASM to observe an ASM instance in the ASM console.

Prerequisites

Enable Kiali for ASM

Enable Kiali for ASM when you create an ASM instance

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, click Create ASM Instance.
  4. In the Create ASM Instance panel, select Enable Prometheus and then Enable Kiali. Set other parameters as required. For more information, see Create an ASM instance. Then, click OK.
    Note
    • After you select Enable Prometheus and create an ASM instance, only the metrics of the ASM instance are collected. No Application Real-Time Monitoring Service (ARMS) instances or self-managed Prometheus instances are automatically created.
    • After you clear Enable Prometheus and Enable Kiali, Kiali for ASM is disabled. In this case, if you enable Kiali for ASM again, a new Kiali for ASM is used.

Enable Kiali for ASM when you modify the settings of an ASM instance

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, click Settings in the upper-right corner.
  5. In the Settings Update panel, select Enable Prometheus and then Enable Kiali. Then, click OK.
    Note After you clear Enable Prometheus and Enable Kiali, Kiali for ASM is disabled. In this case, if you enable Kiali for ASM again, a new Kiali for ASM is used.

Access Kiali for ASM

Use an ingress gateway service to access Kiali for ASM

  1. Deploy an ingress gateway service. For more information, see Deploy an ingress gateway service or Define a custom ingress gateway service.
  2. To allow the ingress gateway service to access Kiali for ASM, add the following port configurations to the ingress gateway service. For more information, see Modify an ingress gateway service.
    - name: http-kiali
      port: 20001
      protocol: TCP
      targetPort: 20001
    Kiali
  3. Create an Istio gateway by using the following configurations. For more information, see Manage Istio gateways.
    apiVersion: networking.istio.io/v1alpha3
    kind: Gateway
    metadata:
      name: kiali-gateway
      namespace: istio-system
    spec:
      selector:
        istio: ingressgateway
      servers:
        - hosts:
            - '*'
          port:
            name: http
            number: 20001
            protocol: HTTP
  4. Create a virtual service by using the following configurations. For more information, see Manage virtual services.
    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: kiali-vs
      namespace: istio-system
    spec:
      gateways:
        - kiali-gateway
      hosts:
        - '*'
      http:
        - route:
            - destination:
                host: kiali
                port:
                  number: 20001
    On the details page of the ASM instance, find Enable Kiali in the Basic Information section and click Access from Ingress Gateway next to Enabled. The logon page of Kiali appears.

Use a service to access Kiali for ASM

  1. Connect to a Kubernetes cluster by using kubectl. For more information see Step 2: Select a type of cluster credentials.
  2. Deploy a service.
    1. Create the service.yaml file.
      apiVersion: v1
      kind: Service
      metadata:
        name: kiali-svc
        namespace: istio-system
        labels:
          app: kiali-svc
      spec:
        ports:
          - name: http
            port: 20001
            targetPort: 20001
            protocol: TCP
        selector:
          istio: kiali
        type: LoadBalancer
    2. Run the following command to deploy the service:
      kubectl apply -f service.yaml

Log on to Kiali

Obtain the required token in the ACK console and use the token to log on to Kiali.

  1. Log on to the Container Service console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane of the details page, choose Configurations > Secrets.
  5. On the Secrets page, select istio-system from the Namespace drop-down list. Click kiali-service-account-token-**** in the Name column. On the page that appears, click the token icon in the Value column to obtain the token.
  6. On the logon page of the Kiali console, enter the obtained token and click log in.

Obtain the required token by using commands and use the token to log on to Kiali.

  1. Run the following commands to obtain the token:
    alias k="kubectl --kubeconfig $USER_CONFIG"
    k get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='kiali')].data.token}" -n istio-system | base64 --decode
  2. On the logon page of the Kiali console, enter the obtained token and click log in.