Errors when installing Kiali v1.66.1 on Istio version 1.17.4 using ArgoCD version v2.7.9

[genfemme]

We have a dev environment set up with ArgoCD version v2.7.9 that is using Helm version v3.11.2 to deploy applications. We have a github synchronization setup to automate this.
As the values.yaml file does not take the CR, I am applying this manually after the application is deployed in ArgoCD.

When I check the status of the Kiali server, I get the below error -
Command run to check the status - kubectl get kiali kiali -n istio-system -o jsonpath='{.status}' | jq

 `{
   "conditions": [
     {
       "lastTransitionTime": "2024-04-23T17:55:33Z",
       "message": "",
       "reason": "",
       "status": "False",
       "type": "Successful"
     },
     {
       "ansibleResult": {
         "changed": 7,
         "completion": "2024-04-23T17:59:29.903669",
         "failures": 1,
         "ok": 105,
         "skipped": 101
       },
       "lastTransitionTime": "2024-04-23T17:59:30Z",
       "message": "RoleBinding kiali: Failed to create object: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"roles.rbac.authorization.k8s.io \\\\\"kiali-viewer\\\\\" not found\",\"reason\":\"NotFound\",\"details\":{\"name\":\"kiali-viewer\",\"group\":\"rbac.authorization.k8s.io\",\"kind\":\"roles\"},\"code\":404}\\n'",
       "reason": "Failed",
       "status": "False",
       "type": "Failure"
     },
     {
       "lastTransitionTime": "2024-04-23T17:59:31Z",
       "message": "Running reconciliation",
       "reason": "Running",
       "status": "True",
       "type": "Running"
     }
   ],
   "deployment": {
     "instanceName": "kiali",
     "namespace": "istio-system"
   },
   "environment": {
     "isKubernetes": true,
     "kubernetesVersion": "1.25.16-eks-b9c9ed7",
     "operatorVersion": "v1.66.1"
   },
   "progress": {
     "duration": "0:00:16",
     "message": "5. Creating core resources"
   },
   "specVersion": "default"
 }
 

Confirmation of the presence of the kiali-viewer role -

` k get roles -A | grep kiali
istio-system              kiali-controlplane                                 2024-04-25T15:12:12Z
istio-system              kiali-viewer                                       2024-04-25T15:12:11Z
`

kiali-application.yaml file:

`{{- if .Values.kiali.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: {{ .Values.kiali.application_name }}
  namespace: argocd
spec:
  destination:
    namespace: {{ .Values.kiali.namespace }}
    server: {{ .Values.kiali.server }}
  project: {{ .Values.kiali.project_name }}
  source:
    repoURL: {{ .Values.kiali.chart.repository }}
    targetRevision: {{ .Values.kiali.chart.version }}
    chart: kiali-operator
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
      allowEmpty: false
    syncOptions:
      - Validate=false
      - CreateNamespace=true
      - PrunePropagationPolicy=foreground
      - PruneLast=true
    retry:
      limit: 5
      backoff:
        duration: 5s
        factor: 2
        maxDuration: 3m
    {{- end }}`

Values.yaml file

`kiali:
  enabled: true
  application_name: kiali
  namespace: kiali-operator
  server: https://kubernetes.default.svc
  project_name: default
  chart:
    repository: https://kiali.org/helm-charts
    version: 1.66.1
  cr:
    namespace: istio-system
    name: kiali
    create: true
    spec:
      auth:
        strategy: "token"
      deployment:
        accessible_namespaces: [".*"]
        view_only_mode: false
      server:
        web_root: "/kiali"
      external_services:
        prometheus:
          url: "http://kube-prometheus-stack-prometheus.monitoring.svc.cluster.local:9090"
        grafana:
          url: "http://kube-prometheus-stack-grafana.monitoring.svc.cluster.local:80"`

How can I make the values.yaml file to take the CR details so that I do not have to manually apply the CR?
Could this be the reason of getting the errors?

I am following the instructions from here - https://kiali.io/docs/installation/installation-guide/example-install/

Checklist:

• [✔ ] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
• [ ✔ ] I've included steps to reproduce the bug.
• [✔ ] I've pasted the output of argocd version.

Expected behavior

Successful kiali deployment using the values in the values.yaml file to avoid manual apply via the Kubectl commands. No errors of the role not being found as the role does get created.

Version

k describe deployments.apps -n argocd argocd-server | grep -i version
                        app.kubernetes.io/version=v2.7.9
                    app.kubernetes.io/version=v2.7.9
      ARGOCD_TLS_MIN_VERSION:                            <set to the key 'server.tls.minversion' of config map 'argocd-cmd-params-cm'>                      Optional: true
      ARGOCD_TLS_MAX_VERSION:                            <set to the key 'server.tls.maxversion' of config map 'argocd-cmd-params-cm'>                      Optional: true

[genfemme]

waiting for response

[lknite]

Was assisting someone with this today. No resolution, but one detail not mentioned here:

It works if you install using helm, but doesn't when installing using argocd targeting default project, why would that be?

[genfemme]

Could you rephrase the question please?