Kiali supports five authentication mechanisms:
- anonymous: gives free access to Kiali.
- header: requires Kiali to run behind a reverse proxy that is responsible for injecting the user’s token or a token with impersonation.
- openid: requires authentication through a third-party service to access Kiali.
- openshift: requires authentication through the OpenShift authentication to access Kiali.
- token: requires user to provide a Kubernetes ServiceAccount token to access Kiali.
The default authentication mechanism for OpenShift clusters is
all other Kubernetes clusters, the default mechanism is
Read the dedicated page of each authentication mechanism (by clicking on the
bullets) to learn more. All mechanisms other than
anonymous support Role-based access control.