🚀 Kiali: Basic Auth support #6108
Description
Workspace
kiali
🔖 Feature description
I would like to request support for Basic Authentication (username/password) when configuring the Kiali plugin connection in app-config.yaml.
Currently, the Kiali plugin documentation and implementation appear to only support two authentication strategies:
anonymoustoken(Service Account token)
I propose adding a basic method that allows defining a username and password (or a base64 encoded string) that the Backstage backend will use to authenticate requests against the Kiali endpoint.
🎤 Context
Many organizations secure their observability dashboards (Kiali, Jaeger, Prometheus) at the Ingress or Gateway level rather than relying on the tool's internal authentication.
For example, a common pattern in Kubernetes is:
- Ingress/Gateway: NGINX Ingress
auth-type: basicor an Istio EnvoyFilter handling Basic Auth. - Kiali Pod: Running in
anonymousmode (trusting the Gateway) or standard mode.
In this scenario, before the request even reaches Kiali, the ingress controller rejects it with a 401 Unauthorized if the Authorization: Basic <credentials> header is missing.
Since the current Kiali plugin only supports token (Bearer) or anonymous (No header), it is impossible to integrate Backstage with a Kiali instance protected by an Ingress-level Basic Auth policy.
✌️ Possible Implementation
No response
👀 Have you spent some time to check if this feature request has been raised before?
- I checked and didn't find similar issue
🏢 Have you read the Code of Conduct?
- I have read the Code of Conduct
Are you willing to submit PR?
No, I don't have time to work on this right now