As a user running multiple Kialis, one for each tenant, on a single cluster, I want to scope down the set of metrics each Kiali is granted access for to a subset of namespaces.

The current instructions for setting up Kiali with UWM require granting the Kiali Service Account the "cluster-monitoring-view" ClusterRole. This gives Kiali cluster-wide access to all metrics for that monitoring stack. If a single monitoring stack is shared across tenants, Kiali would have access to metrics for other tenants. You can use query_scope to narrow the set of metrics down that Kiali queries but the Service Account still has permission to view metrics outside this scope.

Investigate:

• Is it possible to integrate with UWM without granting the "cluster-monitoring-view" ClusterRole?

• If not, what's the recommended setup for UWM with multiple tenants? Separate stack per tenant?

Document findings:

• Update 2.6 and 3.x documentation for integrating with UWM.