Kiali Logo


Kiali supports five authentication mechanisms:

  • anonymous: gives free access to Kiali.

  • header: requires Kiali to run behind a reverse proxy that is responsible for injecting the user’s token or a token with impersonation.

  • openid: requires authentication through a third-party service to access Kiali.

  • openshift: requires authentication through the OpenShift authentication to access Kiali.

  • token: requires user to provide a Kubernetes ServiceAccount token to access Kiali.

The default authentication mechanism for OpenShift clusters is openshift. For all other Kubernetes clusters, the default mechanism is token.

Read the dedicated page of each authentication mechanism (by clicking on the bullets) to learn more. All mechanisms other than anonymous support Role-based access control.