Kiali is your observability dashboard for service meshes like Istio, giving you a live, interactive map of your microservice communication.
Here’s a quick look at a simple Istio setup with Kiali running:
apiVersion: apps/v1
kind: Deployment
metadata:
name: productpage
labels:
app: productpage
spec:
replicas: 1
selector:
matchLabels:
app: productpage
template:
metadata:
labels:
app: productpage
spec:
containers:
- name: productpage
image: istio/examples-bookinfo-productpage:1.16.0
ports:
- containerPort: 9080
---
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: productpage
spec:
hosts:
- productpage
http:
- route:
- destination:
host: productpage
port:
number: 9080
When you install Istio, it typically includes Kiali. If not, you can add it using the Istio operator or manifest:
istioctl install --set profile=default --set components.kiali.enabled=true
Once Kiali is running, you’ll access it via its service, usually http://kiali.istio-system.svc.cluster.local within the cluster, or you can port-forward it for external access:
kubectl -n istio-system port-forward svc/kiali 20001:20001
Now, open your browser to http://localhost:20001. You’ll see Kiali’s login screen. The default credentials are admin / admin.
The first thing you’ll notice is the "Graph" view. This is Kiali’s primary visualization. It shows your services as nodes and the traffic between them as edges. You can toggle between "Workload Graph" (showing individual pods) and "App Graph" (showing services).
Let’s say you have a few microservices: frontend, reviews, and ratings. In Kiali, you’d see them as distinct circles. If frontend calls reviews, an arrow will connect them. The thickness of the arrow usually represents the volume of traffic. Color can indicate the success rate of requests (green for healthy, red for errors).
You can filter this graph by namespace, application, or even specific versions of your services. For instance, if you’ve deployed a new version of reviews alongside the old one, Kiali can show you traffic splitting between reviews:v1 and reviews:v2.
Beyond the graph, Kiali offers detailed metrics for each service. Navigate to the "Services" list, click on a service like frontend, and you’ll see tabs for "Overview," "Metrics," and "Configuration." The "Metrics" tab provides graphs for request rate, latency (P50, P95, P99), and error rates (4xx, 5xx). These are powered by Prometheus, which Istio integrates with.
The "Configuration" tab is crucial. It shows you the Istio resources applied to that service: VirtualServices, DestinationRules, ServiceEntries, etc. This is invaluable for debugging network policies or routing rules. You can see exactly how Istio is configured to manage traffic for frontend.
Here’s a key insight: Kiali doesn’t generate metrics; it visualizes them. It queries Prometheus for request rates, latencies, and error counts, and it queries Istio’s control plane (specifically, the istiod component) for configuration and topology information. The Envoy proxies running alongside your application pods are the ones actually collecting these detailed metrics and forwarding them.
When you look at the "Graph" view, Kiali is asking istiod for the service topology and then querying Prometheus for traffic metrics between those services. The "dead" nodes or edges you might see often indicate a service that’s registered but not actively sending or receiving traffic, or a misconfiguration where Envoy sidecars aren’t reporting correctly.
The most surprising thing about Kiali is how it can expose subtle configuration drift. You might have a VirtualService that looks correct in YAML, but Kiali’s "Configuration" tab will show you the effective configuration applied to the service, highlighting any overrides or unexpected default behaviors. It’s like seeing the shadow of your configuration as it’s interpreted by Istio.
Understanding the "Health" indicators in Kiali is vital. A service might appear healthy in your Kubernetes dashboard, but Kiali can show you a 50% error rate on requests to that service, indicating a problem with its upstream dependencies or internal logic that the Envoy proxies are successfully reporting.
The next step in mastering service mesh observability is correlating these network-level insights with application-level logs.