Authentication Strategies

Choosing and configuring the appropriate authentication strategy.

Kiali supports five authentication mechanisms:

  • The default authentication strategy for OpenShift clusters is openshift.
  • The default authentication strategy for all other Kubernetes clusters is token.

All mechanisms other than anonymous support Role-based access control.

Read the dedicated page of each authentication strategy to learn more.

Anonymous strategy

Access Kiali with no authentication.

Header strategy

Run Kiali behind a reverse proxy responsible for injecting the user’s token, or a token with impersonation.

OpenID Connect strategy

Access Kiali requiring authentication through a third-party OpenID Connect provider.

OpenShift strategy

Access Kiali requiring OpenShift authentication.

Token strategy

Access Kiali requiring a Kubernetes ServiceAccount token.

Session options

Session timeout and signing key configuration