Add role in 1.65 and remove 1.36 (#627)

manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml

@@ -239,13 +239,13 @@ spec:
                 - name: ANSIBLE_CONFIG
                   value: "/etc/ansible/ansible.cfg"
                 - name: RELATED_IMAGE_kiali_default
-                  value: "${KIALI_1_57}"
+                  value: "${KIALI_1_65}"
+                - name: RELATED_IMAGE_kiali_v1_65
+                  value: "${KIALI_1_65}"  
                 - name: RELATED_IMAGE_kiali_v1_57
                   value: "${KIALI_1_57}"
                 - name: RELATED_IMAGE_kiali_v1_48
                   value: "${KIALI_1_48}"
-                - name: RELATED_IMAGE_kiali_v1_36
-                  value: "${KIALI_1_36}"
                 ports:
                 - name: http-metrics
                   containerPort: 8080

playbooks/default-supported-images.yml

@@ -1,4 +1,4 @@
 default: {"image_name": "quay.io/kiali/kiali", "image_version": "operator_version"}
-v1.36: {"image_name": "quay.io/kiali/kiali", "image_version": "v1.36"}
 v1.48: {"image_name": "quay.io/kiali/kiali", "image_version": "v1.48"}
 v1.57: {"image_name": "quay.io/kiali/kiali", "image_version": "v1.57"}
+v1.65: {"image_name": "quay.io/kiali/kiali", "image_version": "v1.65"}

roles/v1.36/kiali-deploy/defaults/main.yml → roles/v1.65/kiali-deploy/defaults/main.yml

@@ -1,4 +1,4 @@
-# Defaults for all user-facing Kiali settings. These are documented in kiali_cr.yaml.
+# Defaults for all user-facing Kiali settings.
 #
 # Note that these are under the main dictionary group "kiali_defaults".
 # The actual vars used by the role are found in the vars/ directory.
@@ -20,16 +20,19 @@ kiali_defaults:
   api:
     namespaces:
       exclude:
-      - "istio-operator"
-      - "kube-.*"
-      - "openshift.*"
-      - "ibm.*"
-      - "kiali-operator"
-      #label_selector:
+      - "^istio-operator"
+      - "^kube-.*"
+      - "^openshift.*"
+      - "^ibm.*"
+      - "^kiali-operator"
+      include: []
+      label_selector_exclude: ""
+      #label_selector_include:
 
   auth:
     openid:
       additional_request_params: {}
+      allowed_domains: []
       api_proxy: ""
       api_proxy_ca_data: ""
       api_token: "id_token"
@@ -44,7 +47,10 @@ kiali_defaults:
       scopes: ["openid", "profile", "email"]
       username_claim: "sub"
     openshift:
+      auth_timeout: 10
       client_id_prefix: "kiali"
+      #token_inactivity_timeout:
+      #token_max_age:
     strategy: ""
 
   custom_dashboards: []
@@ -56,16 +62,22 @@ kiali_defaults:
       node: {}
       pod: {}
       pod_anti: {}
+    configmap_annotations: {}
+    custom_secrets: []
+    host_aliases: []
     hpa:
-      api_version: "autoscaling/v2beta2"
+      api_version: ""
       spec: {}
+    image_digest: ""
     image_name: ""
     image_pull_policy: "IfNotPresent"
     image_pull_secrets: []
     image_version: ""
     ingress:
       additional_labels: {}
-    ingress_enabled: true
+      class_name: "nginx"
+      #enabled:
+      #override_yaml:
     instance_name: "kiali"
     logger:
       log_format: "text"
@@ -74,23 +86,19 @@ kiali_defaults:
       time_field_format: "2006-01-02T15:04:05Z07:00"
     namespace: ""
     node_selector: {}
-    #override_ingress_yaml:
     pod_annotations: {}
     pod_labels: {}
     priority_class_name: ""
     replicas: 1
     #resources:
     secret_name: "kiali"
+    security_context: {}
     service_annotations: {}
     #service_type: "NodePort"
     tolerations: []
     version_label: ""
     view_only_mode: false
 
-  extensions:
-    iter_8:
-      enabled: false
-
   external_services:
     custom_dashboards:
       discovery_auto_threshold: 10
@@ -107,7 +115,17 @@ kiali_defaults:
           type: "none"
           use_kiali_token: false
           username: ""
+        cache_duration: 7
+        cache_enabled: true
+        cache_expiration: 300
+        custom_headers: {}
         health_check_url: ""
+        is_core: true
+        query_scope: {}
+        thanos_proxy:
+          enabled: false
+          retention_period: "7d"
+          scrape_interval: "30s"
         url: ""
     grafana:
       auth:
@@ -133,7 +151,7 @@ kiali_defaults:
       - name: "Istio Wasm Extension Dashboard"
       enabled: true
       health_check_url: ""
-      in_cluster_url: ""
+      #in_cluster_url
       is_core: false
       url: ""
     istio:
@@ -154,11 +172,18 @@ kiali_defaults:
         enabled: true
       config_map_name: "istio"
       envoy_admin_local_port: 15000
+      gateway_api_class_name: ""
+      istio_api_enabled: true
+      #istio_canary_revision:
+        #current: prod
+        #upgrade: canary
       istio_identity_domain: "svc.cluster.local"
       istio_injection_annotation: "sidecar.istio.io/inject"
       istio_sidecar_annotation: "sidecar.istio.io/status"
       istio_sidecar_injector_config_map_name: "istio-sidecar-injector"
       istiod_deployment_name: "istiod"
+      istiod_pod_monitoring_port: 15014
+      root_namespace: ""
       url_service_version: ""
     prometheus:
       auth:
@@ -172,8 +197,14 @@ kiali_defaults:
       cache_duration: 7
       cache_enabled: true
       cache_expiration: 300
+      custom_headers: {}
       health_check_url: ""
       is_core: true
+      query_scope: {}
+      thanos_proxy:
+        enabled: false
+        retention_period: "7d"
+        scrape_interval: "30s"
       url: ""
     tracing:
       auth:
@@ -185,12 +216,13 @@ kiali_defaults:
         use_kiali_token: false
         username: ""
       enabled: true
-      health_check_url: ""
       in_cluster_url: ""
       is_core: false
       namespace_selector: true
+      query_scope: {}
+      query_timeout: 5
       url: ""
-      #use_grpc:
+      use_grpc: true
       whitelist_istio_system: ["jaeger-query", "istio-ingressgateway"]
 
   health_config:
@@ -203,10 +235,24 @@ kiali_defaults:
   istio_labels:
     app_label_name: "app"
     injection_label_name: "istio-injection"
+    injection_label_rev: "istio.io/rev"
     version_label_name: "version"
 
   kiali_feature_flags:
+    certificates_information_indicators:
+      enabled: true
+      secrets:
+      - cacerts
+      - istio-ca-secret
+    clustering:
+      autodetect_secrets:
+        enabled: true
+        label: "kiali.io/multiCluster=true"
+      clusters: []
+    disabled_features: []
+    istio_annotation_action: true
     istio_injection_action: true
+    istio_upgrade_action: false
     ui_defaults:
       graph:
         find_options:
@@ -216,19 +262,37 @@ kiali_defaults:
           expression:  "! healthy"
         - description: "Find: unknown nodes"
           expression:  "name = unknown"
+        - description: "Find: nodes with the 2 top rankings"
+          expression:  "rank <= 2"
         hide_options:
         - description: "Hide: healthy nodes"
           expression: "healthy"
         - description: "Hide: unknown nodes"
           expression:  "name = unknown"
+        - description: "Hide: nodes ranked lower than the 2 top rankings"
+          expression:  "rank > 2"
+        settings:
+          font_label: 13
+          min_font_badge: 7
+          min_font_label: 10
+        traffic:
+          grpc: "requests"
+          http: "requests"
+          tcp: "sent"
+      metrics_inbound:
+        aggregations: []
+      metrics_outbound:
+        aggregations: []
       metrics_per_refresh: "1m"
       namespaces: []
-      refresh_interval: "15s"
+      refresh_interval: "60s"
+    validations:
+      ignore: ["KIA1201"]
+      skip_wildcard_gateway_hosts: false
 
   kubernetes_config:
     burst: 200
     cache_duration: 300
-    cache_enabled: true
     cache_istio_types:
     - "AuthorizationPolicy"
     - "DestinationRule"
@@ -261,8 +325,13 @@ kiali_defaults:
     audit_log: true
     cors_allow_all: false
     gzip_enabled: true
-    metrics_enabled: true
-    metrics_port: 9090
+    observability:
+      metrics:
+        enabled: true
+        port: 9090
+      tracing:
+        collector_url: http://jaeger-collector.istio-system:14268/api/traces
+        enabled: false
     port: 20001
     web_fqdn: ""
     web_history_mode: ""

roles/v1.36/kiali-deploy/tasks/kubernetes/k8s-main.yml → roles/v1.65/kiali-deploy/tasks/kubernetes/k8s-main.yml

@@ -12,7 +12,7 @@
   loop:
   - serviceaccount
   - configmap
-  - "{{ 'role-viewer' if kiali_vars.deployment.view_only_mode|bool == True else 'role' }}"
+  - "{{ 'role-viewer' if ((kiali_vars.deployment.view_only_mode|bool == True) or (kiali_vars.auth.strategy != 'anonymous')) else 'role' }}"
   - role-controlplane
   - rolebinding
   - rolebinding-controlplane
@@ -47,7 +47,7 @@
     loop_var: process_resource_item
   when:
   - is_k8s == True
-  - kiali_vars.deployment.ingress_enabled|bool == True
+  - kiali_vars.deployment.ingress.enabled|bool == True
 
 - name: Delete Ingress on Kubernetes if disabled
   k8s:
@@ -58,7 +58,7 @@
     name: "{{ kiali_vars.deployment.instance_name }}"
   when:
   - is_k8s == True
-  - kiali_vars.deployment.ingress_enabled|bool == False
+  - kiali_vars.deployment.ingress.enabled|bool == False
 
 - include_tasks: update-status-progress.yml
   vars:
@@ -71,7 +71,7 @@
   vars:
     role_namespaces: "{{ kiali_vars.deployment.accessible_namespaces }}"
   k8s:
-    definition: "{{ lookup('template', 'templates/kubernetes/' + ('role-viewer' if kiali_vars.deployment.view_only_mode|bool == True else 'role') + '.yaml') }}"
+    definition: "{{ lookup('template', 'templates/kubernetes/' + ('role-viewer' if ((kiali_vars.deployment.view_only_mode|bool == True) or (kiali_vars.auth.strategy != 'anonymous')) else 'role') + '.yaml') }}"
   when:
   - is_k8s == True
   - '"**" not in kiali_vars.deployment.accessible_namespaces'